Summary of Contents for ZyXEL Communications 650 Series
Page 1
Prestige 650 Series ADSL Router User's Guide Version 3.40 February 2004...
Page 2
Trademarks ZyNOS (ZyXEL Network Operating System) is a registered trademark of ZyXEL Communications, Inc. Other trademarks mentioned in this publication are used for identification purposes only and may be properties of their respective owners.
2. Select your product from the drop-down list box on the ZyXEL home page to go to that product's page. 3. Select the certification you wish to view from this page FCC Statement (FCC) Interference Statement Prestige 650 Series User’s Guide...
Prestige 650 Series User’s Guide ZyXEL Limited Warranty ZyXEL warrants to the original end user (purchaser) that this product is free from any defects in materials or workmanship for a period of up to two years from the date of purchase. During the warranty period, and...
+45-3955-0700 www.zyxel.dk +45-3955-0707 ftp.zyxel.dk +49-2405-6909-0 www.zyxel.de +49-2405-6909-99 Prestige 650 Series User’s Guide REGULAR MAIL ZyXEL Communications Corp., 6 Innovation Road II, Science- Based Industrial Park, Hsinchu 300, Taiwan. ZyXEL Communications Inc., 1130 N. Miller St. Anaheim, CA 92806, U.S.A.
Preface ... xxvi Introduction to DSL...xxviii Getting Started ...I Chapter 1 Getting To Know Your Prestige ...1-1 Introducing the Prestige 650 Series ...1-1 Features of the Prestige...1-2 Applications for the Prestige...1-7 Chapter 2 Introducing the Web Configurator ...2-1 Web Configurator Overview...2-1 Accessing the Prestige Web Configurator ...2-1...
Page 7
Chapter 9 Time and Date Setup...9-1 Configuring Time Zone...9-1 Firewall and Content Filter... IV Chapter 10 Firewalls...10-1 10.1 Firewall Overview...10-1 10.2 Types of Firewalls...10-1 10.3 Introduction to ZyXEL’s Firewall...10-2 10.4 Denial of Service...10-3 Table of Contents Prestige 650 Series User’s Guide...
Page 8
10.5 Stateful Inspection ...10-7 10.6 Guidelines for Enhancing Security with Your Firewall...10-11 10.7 Packet Filtering Vs Firewall ...10-12 Chapter 11 Firewall Configuration ... 11-1 11.1 Remote Management and the Firewall ...11-1 11.2 Enabling the Firewall...11-1 11.3 Configuring E-mail Alerts ...11-2 11.4 Attack Alert...11-3 Chapter 12 Creating Custom Rules ...12-1 12.1 Rules Overview...12-1...
Prestige 650 Series User’s Guide List of Figures Figure 1-1 Prestige Internet Access Application...1-8 Figure 1-2 Prestige LAN-to-LAN Application ...1-8 Figure 2-1 Password Screen ...2-1 Figure 2-2 Web Configurator SITE MAP Screen ...2-2 Figure 2-3 Password ...2-3 Figure 2-4 Example Xmodem Upload...2-5 Figure 3-1 Wizard Screen 1 ...3-3...
Page 15
Prestige 650 Series User’s Guide Figure 10-5 Stateful Inspection ... 10-8 Figure 11-1 Enabling the Firewall...11-1 Figure 11-2 E-mail ...11-2 Figure 11-3 Alert ...11-6 Figure 12-1 LAN to WAN Traffic... 12-3 Figure 12-2 WAN to LAN Traffic... 12-4 Figure 12-3 Firewall Logs... 12-5 Figure 12-4 Firewall Rules Summary: First Screen...
Page 16
Prestige 650 Series User’s Guide Figure 19-2 View Logs ...19-4 Figure 19-3 E-mail Log Example ...19-6 Figure 20-1 Application-based Bandwidth Management Example ...20-2 Figure 20-2 Subnet-based Bandwidth Management Example...20-3 Figure 20-3 Application and Subnet-based Bandwidth Management Example...20-4 Figure 20-4 Bandwidth Allotment Example ...20-5 Figure 20-5 Maximize Bandwidth Usage Example ...20-6...
Page 17
Prestige 650 Series User’s Guide Figure 25-2 Menu 3.5.1 WLAN MAC Address Filtering ... 25-4 Figure 26-1 Physical Network ... 26-2 Figure 26-2 Partitioned Logical Networks... 26-2 Figure 26-3 Menu 3.2 TCP/IP and DHCP Setup... 26-3 Figure 26-4 Menu 3.2.1 IP Alias Setup ... 26-3 Figure 26-5 Menu 1 General Setup ...
Page 18
Prestige 650 Series User’s Guide Figure 30-11 NAT Example 1 ...30-12 Figure 30-12 Menu 4 Internet Access & NAT Example ...30-12 Figure 30-13 NAT Example 2...30-13 Figure 30-14 Menu 15.2.1 Specifying an Inside Server ...30-13 Figure 30-15 NAT Example 3...30-14 Figure 30-16 Example 3: Menu 11.3 ...30-15...
Page 19
Prestige 650 Series User’s Guide Figure 35-1 Menu 24 System Maintenance ... 35-1 Figure 35-2 Menu 24.1 System Maintenance : Status... 35-2 Figure 35-3 Menu 24.2 System Information and Console Port Speed... 35-3 Figure 35-4 Menu 24.2.1 System Maintenance : Information ... 35-4 Figure 35-5 Menu 24.2.2 System Maintenance : Change Console Port Speed ...
Page 20
Prestige 650 Series User’s Guide Figure 39-7 IP Routing Policy Example ...39-8 Figure 39-8 IP Routing Policy Example ...39-9 Figure 39-9 Applying IP Policies Example...39-9 Figure 40-1 Menu 26 Schedule Setup...40-1 Figure 40-2 Menu 26.1 Schedule Set Setup...40-2 Figure 40-3 Applying Schedule Set(s) to a Remote Node (PPPoE)...40-4 Figure 41-1 VPN SMT Menu Tree ...41-1...
Page 21
Prestige 650 Series User’s Guide List of Tables Table 1-1 Model Specific Features... 1-2 Table 2-1 Password ... 2-3 Table 3-1 Wizard Screen 1 ... 3-3 Table 3-2 Internet Connection with PPPoA ... 3-7 Table 3-3 Internet Connection with RFC 1483 ... 3-9 Table 3-4 Internet Connection with ENET ENCAP...
Page 22
Prestige 650 Series User’s Guide Table 14-2 Content Filter: Schedule ...14-4 Table 14-3 Content Filter: Trusted...14-4 Table 14-4 Content Filter Logs ...14-6 Table 15-1 VPN and NAT...15-6 Table 16-1 AH and ESP ...16-2 Table 16-2 VPN Summary...16-4 Table 16-3 Local ID Type and Content Fields ...16-6 Table 16-4 Peer ID Type and Content Fields ...16-6...
Page 23
Prestige 650 Series User’s Guide Table 21-9 Restore Configuration ... 21-16 Table 22-1 Main Menu Commands... 22-4 Table 22-2 Main Menu Summary for P650H/HW-31... 22-5 Table 23-1 Menu 1 General Setup... 23-2 Table 23-2 Menu 1.1 Configure Dynamic DNS... 23-3 Table 24-1 DHCP Ethernet Setup Menu Fields...
Page 24
Prestige 650 Series User’s Guide Table 37-1 Menu 24.9.1 Budget Management...37-3 Table 37-2 Menu 24.10 System Maintenance: Time and Date Setting ...37-5 Table 38-1 Menu 24.11 Remote Management Control...38-2 Table 39-1 Menu 25.1 IP Routing Policy Setup...39-3 Table 39-2 Menu 25.1.1 IP Routing Policy...39-4 Table 40-1 Menu 26.1 Schedule Set Setup ...40-2...
Page 25
Prestige 650 Series User’s Guide List of Charts Chart A-1 Troubleshooting Power LED...A-1 Chart A-2 Troubleshooting LAN LED...A-1 Chart A-3 Troubleshooting DSL LED...A-2 Chart A-4 Troubleshooting Console Port ...A-2 Chart A-5 Troubleshooting Telnet...A-2 Chart A-6 Troubleshooting Web Configurator ...A-3 Chart A-7 Troubleshooting Internet Browser Display ...A-4 Chart A-8 Troubleshooting Login Username and Password ...A-4...
Prestige 650 Series User’s Guide Congratulations on your purchase from the Prestige 650 ADSL Router series. Your Prestige is easy to install and configure. Use the web configurator, System Management Terminal (SMT) or command interpreter interface to configure your Prestige. Not all features can be configured through all interfaces.
Page 27
For brevity’s sake, we will use “e.g.,” as a shorthand for “for instance”, and “i.e.,” for “that is” or “in other words” throughout this manual. • The Prestige 650 series may be referred to as the Prestige in this user’s guide. This refers to both models (ADSL over POTS and ADSL over ISDN) unless specifically identified. •...
Prestige 650 Series User’s Guide Introduction to DSL DSL (Digital Subscriber Line) technology enhances the data capacity of the existing twisted-pair wire that runs between the local telephone company switching offices and most homes and offices. While the wire itself can handle higher frequencies, the telephone switching equipment is designed to cut off signals above 4,000 Hz to filter noise off the voice line, but now everybody is searching for ways to get more bandwidth to improve access to the Web - hence DSL technologies.
Getting Started Part I: Getting Started This part is structured as a step-by-step guide to help you access your Prestige. It covers key features and applications, accessing the web configurator, password setup and configuring the wizard screens for initial setup.
Getting To Know Your Prestige This chapter describes the key features and applications of your Prestige Introducing the Prestige 650 Series Your Prestige integrates a high-speed 10/100Mbps auto-negotiating LAN interface(s) and a high-speed ADSL port into a single package. The Prestige is ideal for high-speed Internet browsing and making LAN-to- LAN connections to remote networks.
Features of the Prestige The following sections describe the features of the Prestige series. Features vary by Prestige model. This table lists the key features of the Prestige series. Refer to the feature descriptions below for more details. Some features are not available in every model. Refer to the Model Specific Features table to see what features are specific to your Prestige model.
The Prestige is a stateful inspection firewall with DoS (Denial of Service) protection. By default, when the firewall is activated, all incoming traffic from the WAN to the LAN is blocked unless it is initiated from the Getting To Know Your Prestige Prestige 650 Series User’s Guide...
LAN. The Prestige firewall supports TCP/UDP inspection, DoS detection and prevention, real time alerts, reports and logs. IPSec VPN Capability Establish a Virtual Private Network (VPN) to connect with business partners and branch offices using data encryption and the Internet to provide secure communications without the expense of leased site-to-site lines. The Prestige VPN is based on the IPSec standard and is fully interoperable with other IPSec-based VPN products.
♦ TCP/IP (Transmission Control Protocol/Internet Protocol) network layer protocol. ♦ Transparently bridging for unsupported network layer protocols. ♦ RIP I/RIP II ♦ IGMP Proxy ♦ ICMP support ♦ MIB II support (RFC 1213) Getting To Know Your Prestige Prestige 650 Series User’s Guide...
Page 36
♦ PPPoE feature PPPoE idle time out PPPoE dial on demand Networking Compatibility Your Prestige is compatible with major ADSL DSLAM (Digital Subscriber Line Access Multiplexer) providers. Multiplexing The Prestige Series supports VC-based and LLC-based multiplexing. Encapsulation The Prestige series supports PPPoA (RFC 2364 - PPP over ATM Adaptation Layer 5), RFC 1483 encapsulation over ATM, MAC encapsulated routing (ENET Encapsulation) as well as PPP over Ethernet (RFC 2516).
ADSL. In addition, for Prestige 650H/HW, you can insert an optional wireless PCMICA card into the Prestige and allow wireless stations access to your network resources. A typical Internet access application is shown below. Getting To Know Your Prestige Prestige 650 Series User’s Guide...
Prestige 650 Series User’s Guide Figure 1-1 Prestige Internet Access Application 1.3.2 LAN to LAN Application You can use the Prestige to connect two geogr ly dispersed networks over the ADSL line. A typical aphical LAN-to-LAN application for your Prestige is shown as follows.
Type "192.168.1.1" as the URL. Step 5. An Enter Network Password window displays. Enter the user name (“admin” is the default), password (“1234” is the default) and click OK. Introducing the Web Configurator Figure 2-1 Password Screen Prestige 650 Series User’s Guide Chapter 2...
Step 6. You should now see the Site Map screen. The Prestige automatically times out after five minutes of inactivity. Simply log back into the Prestige if this happens to you. Navigating the Prestige Web Configurator The following summarizes how to navigate the web configurator from the Site Map screen. We use the Prestige 650H/HW-31 web screens in this guide as an example.
Type the new password again in this field. Apply Click Apply to save your changes back to the Prestige. Cancel Click Cancel to begin configuring this screen afresh. Introducing the Web Configurator Prestige 650 Series User’s Guide embedded help. Figure 2-3 Password Table 2-1 Password DESCRIPTION...
Resetting the Prestige If you forget your password or cannot access the Prestige, you will need to reload the factory-default configuration file or use the RESET button on the back of the Prestige. Uploading this configuration file replaces the current configuration file with the factory-default configuration file. This means that you will lose all configurations that you had previously and the speed of the console port will be reset to the default of 9600bps with 8 data bit, no parity, one stop bit and flow control set to none.
Step 6. After successful firmware upload, enter "atgo" to restart the router. Introducing the Web Configurator Figure 2-4 Example Xmodem Upload Prestige 650 Series User’s Guide Type the configuration file’s location, or click Browse to search for it. Choose the Xmodem protocol.
RFC1483 and sends it through an ATM PVC (Permanent Virtual Circuit) to the Internet Service Provider's (ISP) DSLAM (digital access multiplexer). Please refer to RFC 2364 for more information on PPPoA. Refer to RFC 1661 for more information on PPP. Wizard Setup Prestige 650 Series User’s Guide Chapter 3 Wizard Setup...
3.2.4 RFC 1483 RFC 1483 describes two methods for Multiprotocol Encapsulation over ATM Adaptation Layer 5 (AAL5). The first method allows multiplexing of multiple protocols over a single ATM virtual circuit (LLC-based multiplexing) and the second method assumes that each protocol is carried over a separate ATM virtual circuit (VC-based multiplexing).
VPI Enter the VPI assigned to you. This field may already be configured. VCI Enter the VCI assigned to you. This field may already be configured. Wizard Setup Figure 3-1 Wizard Screen 1 Table 3-1 Wizard Screen 1 DESCRIPTION Prestige 650 Series User’s Guide...
LABEL Next Click this button to go to the next wizard screen. The next wizard screen you see depends on what protocol you chose above. Click on the protocol link to see the next wizard screen for that protocol. IP Address and Subnet Mask Similar to the way houses on a street share a common street name, so too do computers on a LAN share one common network number.
Regardless of your particular situation, do not create an arbitrary IP address; always follow the guidelines above. For more information on address assignment, please refer to RFC 1597, Address Allocation for Private Internets and RFC 1466, Guidelines for Management of IP Address Space. Wizard Setup Prestige 650 Series User’s Guide...
Nailed-Up Connection (PPP) A nailed-up connection is a dial-up line where the connection is always up regardless of traffic demand. The Prestige does two things when you specify a nailed-up connection. The first is that idle timeout is disabled. The second is that the Prestige will try to bring up the connection when turned on and whenever the connection is down.
Enter the user name exactly as your ISP assigned. If assigned a name in the form user@domain as given. Password Enter the password associated with the user name above. Wizard Setup DESCRIPTION where domain identifies a service name, then enter both components exactly Prestige 650 Series User’s Guide...
Page 52
LABEL IP Address This option is available if you select Routing in the Mode field. A static IP address is a fixed IP that your ISP gives you. A dynamic IP address is not fixed; the ISP assigns you a different one each time you connect to the Internet. The Single User Account feature can be used with either a dynamic or static IP address.
Click Next to continue to the next wizard screen. Next 3.10.3 ENET ENCAP Select ENET ENCAP from the Encapsulation drop-down list box in the first wizard screen to display the screen as shown. Wizard Setup Prestige 650 Series User’s Guide DESCRIPTION...
Figure 3-4 Internet Connection with ENET ENCAP The following table describes the labels in this screen. Table 3-4 Internet Connection with ENET ENCAP LABEL IP Address A static IP address is a fixed IP that your ISP gives you. A dynamic IP address is not fixed;...
Select PPPoE from the Encapsulation drop-down list box in the first wizard screen to display the screen as shown. Figure 3-5 Internet Connection with PPPoE The following table describes the labels in this screen. Wizard Setup Prestige 650 Series User’s Guide DESCRIPTION 3-11...
LABEL Service Name Type the name of your PPPoE service here. User Name Configure User Name and Password fields for PPPoA and PPPoE encapsulation only. Enter the user name exactly as your ISP assigned. If assigned a name in the form user@domain as given.
Prestige 650 Series User’s Guide DHCP service off, you must have another DHCP server on your LAN, or else the computer must be manually configured. 3.11.1 IP Pool Setup The Prestige is pre-configured with a pool of 32 IP addresses starting from 192.168.1.33 to 192.168.1.64 for the client machines.
The following table describes the labels in this screen. LABEL LAN IP Address Enter the IP address of your Prestige in dotted decimal notation, for example, 192.168.1.1 (factory default). LAN Subnet Mask Enter a subnet mask in dotted decimal notation. DHCP DHCP Server From the DHCP Server drop-down list box, select On to allow your Prestige to assign IP addresses, an IP default gateway and DNS servers to computer systems...
Prestige to the ISP, click Start Diagnose. Otherwise click Return to Main Menu to go back to the Site Map screen. Wizard Setup Table 3-6 Wizard : LAN Configuration DESCRIPTION Figure 3-8 Wizard Screen 4 Prestige 650 Series User’s Guide 3-15...
Prestige 650 Series User’s Guide 3.14 Test Your Internet Connection Launch your web browser and navigate to www.zyxel.com. Internet access is just the beginning. Refer to the rest of this User’s Guide for more detailed information on the complete range of Prestige features. If you cannot access the Internet, open the web configurator again to confirm that the Internet settings you configured in the Wizard Setup are correct.
The DNS server addresses that you enter in the DHCP setup are passed to the client machines along with the assigned IP address and subnet mask. LAN Setup This chapter describes how to configure LAN settings. Figure 4-1 LAN and WAN IP Addresses Prestige 650 Series User’s Guide Chapter 4 LAN Setup...
There are two ways that an ISP disseminates the DNS server addresses. The first is for an ISP to tell a customer the DNS server addresses, usually in the form of an information sheet, when s/he signs up. If your ISP gives you the DNS server addresses, enter them in the DNS Server fields in DHCP Setup, otherwise, leave them blank.
Prestige 650 Series User’s Guide These parameters should work for the majority of installations. If your ISP gives you explicit DNS server address(es), read the embedded web configurator help regarding what fields need to be configured. 4.4.2 IP Address and Subnet Mask Refer to the IP Address and Subnet Mask section in the Wizard Setup chapter for this information.
Prestige 650 Series User’s Guide Configuring LAN Click LAN to open the following screen. Figure 4-2 LAN The following table describes the labels in this screen. Table 4-1 LAN LABEL DESCRIPTION DHCP LAN Setup...
Page 67
1 (IGMP-v1) and IGMP-v2. Select None to disable it. Apply Click this button to save these settings back to the Prestige. Cancel Click this button to reset the fields in this screen. LAN Setup Prestige 650 Series User’s Guide Table 4-1 LAN DESCRIPTION...
An ESS ID uniquely identifies each set. All access points or wireless gateways and their associated wireless stations in the same set must have the same ESSID. Wireless LAN Setup Prestige 650 Series User’s Guide Wireless LAN Setup applicable to the Prestige 650H and Prestige 650HW.
Prestige 650 Series User’s Guide 5.1.4 RTS/CTS A hidden node occurs when two stations are within range of the same access point, but are not within range of each other. The following figure illustrates a hidden node. Both stations (STA) are within range of the access point (AP) or wireless gateway, but out-of-range of each other, so they cannot “hear”...
Prestige 650 Series User’s Guide Enabling the RTS Threshold causes redundant network overhead that could negatively affect the throughput performance instead of providing a remedy. 5.1.5 Fragmentation Threshold A Fragmentation Threshold is the maximum data fragment size (between 256 and 2432 bytes) that can be sent in the wireless network before the Prestige will fragment the packet into smaller data frames.
Data Encryption with WEP WEP encryption scrambles the data transmitted between the wireless stations and the access points to keep network communications private. It encrypts unicast and multicast communications in a network. Both the wireless stations and the access points must use the same WEP key for data encryption and decryption. Your Prestige allows you to configure up to four 64-bit or 128-bit WEP keys but only one key can be enabled at any one time.
Page 73
The ESSID (Extended Service Set Identification) is a unique name to identify the Prestige in the wireless LAN. Wireless stations associating to the Prestige must have the same ESSID. Enter a descriptive name (up to 32 characters). Wireless LAN Setup Prestige 650 Series User’s Guide Figure 5-3 Wireless Table 5-1 Wireless DESCRIPTION...
LABEL Hide ESSID Select Yes to hide the ESSID in so a station cannot obtain the ESSID through passive scanning. Select No to make the ESSID visible so a station can obtain the ESSID through passive scanning. Channel ID The range of radio frequencies used by IEEE 802.11b wireless devices is called a channel. Select a channel from the drop-down list box.
Prestige 650 Series User’s Guide Configuring MAC Filter The MAC filter screen allows you to configure the Prestige to give exclusive access to up to 32 devices (Allow Association) or exclude up to 32 devices from accessing the Prestige (Deny Association). Every Ethernet device has a unique MAC (Media Access Control) address.
RADIUS server. Types of RADIUS Messages The following types of RADIUS messages are exchanged between the access point and the RADIUS server for user authentication: Wireless LAN Setup Table 5-2 MAC Address Filter DESCRIPTION Prestige 650 Series User’s Guide...
• Access-Request Sent by an access point requesting authentication. • Access-Reject Sent by a RADIUS server rejecting access. • Access-Accept Sent by a RADIUS server allowing access. • Access-Challenge Sent by a RADIUS server requesting more information in order to allow access. The access point sends a proper response from the user and then sends another Access-Request message.
To change your Prestige’s authentication settings, click Wireless LAN, 802.1x. The screen appears as shown. The following table describes the labels in this screen. Wireless LAN Setup Figure 5-5 EAP Authentication Figure 5-6 802.1x Prestige 650 Series User’s Guide 5-11...
LABEL Wireless Port To control wireless stations access to the wired network, select a control method from Control the drop-down list box. Choose from No Authentication Required, Authentication Required and No Access Allowed. No Authentication Required allows all wireless stations access to the wired network without entering user names and passwords.
RADIUS server. However, there is a limit on the number of users you may authenticate in this way. To change your Prestige’s local user database, click Wireless LAN, Local User Database. The screen appears as shown. Wireless LAN Setup Prestige 650 Series User’s Guide Table 5-3 802.1x DESCRIPTION 5-13...
Once you enable the EAP authentication, you need to specify the external sever for remote user authentication and accounting. To set up your Prestige’s RADIUS server settings, click WIRELESS LAN, RADIUS. The screen appears as shown. Wireless LAN Setup Table 5-4 Local User Database DESCRIPTION Prestige 650 Series User’s Guide 5-15...
The following table describes the labels in this screen. LABEL Authentication Server Active Select Yes from the drop-down list box to enable user authentication through an external authentication server. Server IP Address Enter the IP address of the external authentication server in dotted decimal notation.
Page 85
Click Back to go to the main wireless LAN setup screen. Apply Click Apply to save these settings back to the Prestige. Cancel Click Cancel to begin configuring this screen again. Wireless LAN Setup Prestige 650 Series User’s Guide Table 5-5 RADIUS DESCRIPTION 5-17...
Virtual Private Network (VPN) using TCP/IP-based networks. PPTP supports on-demand, multi-protocol and virtual private networking over public networks, such as the Internet. WAN Setup Prestige 650 Series User’s Guide WAN Setup This chapter describes how to configure WAN settings. Chapter 6...
Prestige 650 Series User’s Guide Traffic Shaping Traffic Shaping is an agreement between the carrier and the subscriber to regulate the average rate and fluctuations of data transmission over an ATM network. This agreement helps eliminate congestion, which is important for transmission of real time data such as audio and video connections.
Prestige 650 Series User’s Guide Configuring WAN Setup To change your Prestige’s WAN remote node settings, click WAN. The screen differs by the encapsulation. Figure 6-2 Internet Access Setup WAN Setup...
The following table describes the labels in this screen. LABEL Name Enter the name of your Internet Service Provider, e.g., MyISP. This information is for identification purposes only. Mode Select Routing (default) from the drop-down list box if your ISP allows multiple computers to share an Internet account.
Page 91
Demand. The default setting is 0, which means the Internet session will not timeout. WAN Setup Table 6-1 Internet Access Setup DESCRIPTION where domain identifies a service name, then enter both components as the remote node. Prestige 650 Series User’s Guide...
Page 92
LABEL Subnet Mask Enter a subnet mask in dotted decimal notation. (ENET ENCAP Refer to the Subnetting appendix in the to calculate a subnet mask If you are encapsulation only) implementing subnetting. ENET ENCAP You must specify a gateway IP address (supplied by your ISP) when you select ENET Gateway ENCAP in the Encapsulation field.
NAT, Dynamic DNS and Time Zone Part III: NAT, Dynamic DNS and Time Zone This part covers NAT (Network Address Translation), dynamic DNS (Domain Name Sever) and Time Zone setup.
(the inside global address) before forwarding the packet to the WAN side. When the response comes back, NAT translates the destination address (the inside global address) back to the inside This chapter discusses how to configure NAT on the Prestige. Table 7-1 NAT Definitions DESCRIPTION Prestige 650 Series User’s Guide Chapter 7...
Prestige 650 Series User’s Guide local address before forwarding it to the original inside host. Note that the IP address (either local or global) of an outside host is never changed. The global IP addresses for the inside hosts can be either static or dynamically assigned by the ISP. In addition, you can designate servers, for example, a web server and a telnet server, on your local network and make them accessible to the outside world.
3. Many to Many Overload: In Many-to-Many Overload mode, the Prestige maps the multiple local IP addresses to shared global IP addresses. 4. Many-to-Many No Overload: In Many-to-Many No Overload mode, the Prestige maps each local IP address to a unique global IP address. Prestige 650 Series User’s Guide...
5. Server: This type allows you to specify inside servers of different services behind the NAT to be accessible to the outside world. Port numbers do not change for One-to-One and Many-to-Many No Overload NAT The following table summarizes these types. TYPE One-to-One Many-to-One (SUA/PAT)
Prestige 650 Series User’s Guide 1. Choose SUA Only if you have just one public WAN IP address for your Prestige. 2. Choose Full Feature if you have multiple public WAN IP addresses for your Prestige. SUA Server A SUA server set is a list of inside (behind NAT on the LAN) servers, for example, web or FTP, that you can make visible to the outside world even though SUA makes your whole inside network appear as a single computer to the outside world.
Many residential broadband ISP accounts do not allow you to run any server processes (such as a Web or FTP server) from your location. Your ISP may periodically check for servers and may suspend your account if it discovers any active services at your location.
Prestige 650 Series User’s Guide Figure 7-3 Multiple Servers Behind NAT Example Selecting the NAT Mode Click NAT to open the following screen. Figure 7-4 NAT Mode The following table describes the labels in this screen.
LABEL None Select this radio button to disable NAT. Select this radio button if you have just one public WAN IP address for your Prestige. The SUA Only Prestige uses Address Mapping Set 1 in the NAT - Edit SUA/NAT Server Set screen. Edit Details Click this link to go to the NAT - Edit SUA/NAT Server Set screen.
To forward a series of ports, enter the start port number here and the end port number in the End Port No. field. Figure 7-5 Edit SUA/NAT Server Set Table 7-5 Edit SUA/NAT Server Set DESCRIPTION Prestige 650 Series User’s Guide...
LABEL End Port No. Enter a port number in this field. To forward only one port, enter the port number again in the Start Port No. field above and then enter it again in this field. To forward a series of ports, enter the last port number in a series that begins with the port number in the Start Port No.
Global End IP This is the ending Inside Global IP Address (IGA). This field is N/A for One-to-one, Many-to-One and Server mapping types. Figure 7-6 Address Mapping Rules Table 7-6 Address Mapping Rules DESCRIPTION Prestige 650 Series User’s Guide 7-11...
LABEL Type 1-1: One-to-one mode maps one local IP address to one global IP address. Note that port numbers do not change for the One-to-one NAT mapping type. M-1: Many-to-One mode maps multiple local IP addresses to one global IP address. This is equivalent to SUA (i.e., PAT, port address translation), ZyXEL's Single User Account feature that previous ZyXEL routers supported only.
Click Apply to save your changes back to the Prestige. Cancel Click Cancel to return to the previously saved settings. Click Delete to exit this screen without saving Delete Table 7-7 Address Mapping Rule Edit DESCRIPTION Prestige 650 Series User’s Guide 7-13...
If you have a private WAN IP address, then you cannot use Dynamic DNS. Configuring Dynamic DNS To change your Prestige’s DDNS, click Dynamic DNS. The screen appears as shown. Dynamic DNS Setup Prestige 650 Series User’s Guide Chapter 8 Dynamic DNS Setup...
The following table describes the labels in this screen. LABEL Active Select this check box to use dynamic DNS. Service Provider Select the name of your Dynamic DNS service provider. Host Name Type the domain name assigned to your Prestige by your Dynamic DNS provider. E-mail Address Type your e-mail address.
Prestige 650 Series User’s Guide Chapter 9 Time and Date Setup Use this screen to configure the Prestige’s time and date settings. This chapter is not available on all models. Configuring Time Zone To change your Prestige’s time and date, click Time Zone (or Time And Date). The screen appears as shown.
Page 112
The following table describes the labels in this screen. LABEL Time Server Use Time Server Select the time service protocol that your time server sends when you turn on the when Bootup (or Use Prestige. Not all time servers support all protocols, so you may have to check with Protocol when your ISP/network administrator or use trial and error to find a protocol that works.
Apply. Apply Click Apply to save your changes back to the Prestige. Cancel Click Cancel to return to the previously saved settings. Time and Date Setup Table 9-1 Time and Date DESCRIPTION Prestige 650 Series User’s Guide...
Firewall and Content Filter Part IV: Firewall and Content Filter This part introduces firewalls in general and the Prestige firewall. It also explains customized services and logs and gives example firewall rules and an overview of content filtering.
Prestige 650 series User’s Guide Chapter 10 Firewalls This chapter gives some background information on firewalls and introduces the Prestige firewall. This chapter applies to the Prestige 650H/HW and the Prestige 650H-E. 10.1 Firewall Overview Originally, the term firewall referred to a construction technique designed to prevent the spread of fire from one room to another.
Information hiding prevents the names of internal systems from being made known via DNS to outside systems, since the application gateway is the only host whose name must be made known to outside systems. Robust authentication and logging pre-authenticates application traffic before it reaches internal hosts and causes it to be logged more effectively than if it were logged with standard host logging.
Prestige 650 series User’s Guide Figure 10-1 Prestige Firewall Application 10.4 Denial of Service Denials of Service (DoS) attacks are aimed at devices and networks with a connection to the Internet. Their goal is not to steal information, but to disable a device or network so users no longer have access to network resources.
10.4.2 Types of DoS Attacks There are four types of DoS attacks: 1. Those that exploit bugs in a TCP/IP implementation. 2. Those that exploit weaknesses in the TCP/IP specification. 3. Brute-force attacks that flood a network with useless data. 4.
(which is set at relatively long intervals) terminates the three-way handshake. Once the queue is full, the system will ignore all incoming SYN requests, making the system unavailable for legitimate users. Firewalls Figure 10-2 Three-Way Handshake Figure 10-3 SYN Flood Prestige 650 series User’s Guide 10-5...
2-b In a LAND Attack, hackers flood SYN packets into the network with a spoofed source IP address of the targeted system. This makes it appear as if the host computer sent the packets to itself, making the system unavailable while the target system tries to respond to itself. 3.
Allows all sessions originating from the LAN (local network) to the WAN (Internet). Denies all sessions originating from the WAN to the LAN. The previous figure shows the Prestige’s default firewall rules in action as well as demonstrates how stateful inspection works.
Internet. Use extreme caution when creating or deleting firewall rules. Test changes after creating them to make sure they work correctly. Firewalls Prestige 650 series User’s Guide 10-9...
Prestige 650 series User’s Guide Below is a brief technical description of how these connections are tracked. Connections may either be defined by the upper protocols (for instance, TCP), or by the Prestige itself (as with the "virtual connections" created for UDP and ICMP).
10.6.1 Security In General You can never be too careful! Factors outside your firewall, filtering or NAT can cause security breaches. Below are some generalizations about what you can do to minimize them. Firewalls Prestige 650 series User’s Guide 10-11...
1. Encourage your company or organization to develop a comprehensive security plan. Good network administration takes into account what hackers can do and prepares against attacks. The best defense against hackers and crackers is information. Educate all employees about the importance of security and how to minimize risk.
4. The firewall performs better than filtering if you need to check many rules. 5. Use the firewall if you need routine e-mail reports about your system or need to be alerted when attacks occur. Firewalls Prestige 650 series User’s Guide 10-13...
Page 128
Prestige 650 series User’s Guide 6. The firewall can block specific URL traffic that might occur in the future. The URL can be saved in an Access Control List (ACL) database. 10-14 Firewalls...
Click Advanced Setup, Firewall, and then Config to display the following screen. Select the Firewall Enabled check box and click Apply to enable (or activate) the firewall. Firewall Configuration Firewall Configuration the Prestige 650H/HW and Prestige 650H-E. Figure 11-1 Enabling the Firewall Prestige 650 series User’s Guide Chapter 11 11-1...
11.3 Configuring E-mail Alerts To change your Prestige’s E-mail log settings, click Advanced Setup, Firewall, and then E-mail. The screen appears as shown. This screen is not available on all models. Use the E-Mail screen to configure to where the Prestige is to send logs; the schedule for when the Prestige is to send the logs and which logs and/or immediate alerts the Prestige is to send.
You can use the default threshold values, or you can change them to values more suitable to your security requirements. Firewall Configuration Table 11-1 E-mail DESCRIPTION Daily Weekly Hourly When Log is Full None. Prestige 650 series User’s Guide 11-3...
Prestige 650 series User’s Guide 11.4.1 Alerts Alerts are reports on events, such as attacks, that you may want to know about right away. You can choose to generate an alert when an attack is detected in the Alert screen (Figure 11-3 - select the Generate alert...
The Prestige also sends alerts whenever TCP Maximum Incomplete is exceeded. The global values specified for the threshold and timeout apply to all TCP connections. Click Advanced Setup, Firewall, and Alert to bring up the next screen. Firewall Configuration Prestige 650 series User’s Guide 11-5...
The following table describes the labels in this screen. LABEL Generate alert Select this check box to generate an alert whenever an attack is detected. when attack detected Denial of Services Thresholds One Minute Low This is the rate of new half-open sessions that causes the firewall to stop deleting half-open sessions.
Page 135
Click Back to return to the previous screen. Apply Click Apply to save your customized settings and exit this screen. Cancel Click Cancel to return to the previously saved settings. Firewall Configuration Prestige 650 series User’s Guide Table 11-2 Alert DESCRIPTION 11-7...
1. State the intent of the rule. For example, “This restricts all IRC access from the LAN to the Internet.” Or, “This allows a remote Lotus Notes server to synchronize over the Internet to an inside Notes server.” Creating Custom Rules Prestige 650 series User’s Guide Creating Custom Rules applies to the Prestige 650H/HW and the Prestige 650H-E.
2. Is the intent of the rule to forward or block traffic? 3. What is the direction connection: from the LAN to the Internet, or from the Internet to the LAN? 4. What IP services will be affected? 5. What computers on the LAN are to be affected (if any)? 6.
Prestige 650 series User’s Guide Source Address What is the connection’s source address; is it on the LAN or WAN? Is it a single IP, a range of IPs or a subnet? Destination Address What is the connection’s destination address; is it on the LAN or WAN? Is it a single IP, a range of IPs or a subnet? 12.3 Connection Direction...
Prestige 650 series User’s Guide 12.3.2 WAN to LAN Rules The default rule for WAN to LAN traffic blocks all incoming connections (WAN to LAN). If you wish to allow certain WAN users to have access to your LAN, you will need to create custom rules to allow it.
This field lists packet information such as: From and To IP Information addresses, protocol and port numbers. Creating Custom Rules Figure 12-3 Firewall Logs DESCRIPTION Prestige 650 series User’s Guide EXAMPLE dd:mm:yy e.g., Jan 01 0 hh:mm:ss e.g., 00:04:28 12-5...
Table 12-1 Firewall Logs LABEL Reason This field states the reason for the log; i.e., was the rule matched, not matched, or was there an attack. The set and rule coordinates (<X, Y> where X=1,2; Y=00~10) follow with a simple explanation. There are two policy sets; set 1 (X = 1) is for LAN to WAN rules and set 2 (X = 2) for WAN to LAN rules.
Prestige 650 series User’s Guide Click on Firewall, then Rule Summary to bring up the following screen. This screen is a summary of the existing rules. Note the order in which the rules are listed. The ordering of your rules is very important as rules are applied in turn.
Table 12-2 Firewall Rules Summary: First Screen LABEL The default action for Use the drop-down list box to select whether to Block (silently discard) or packets not matching Forward (allow the passage of) packets that do not match the following rules. following rules Default Permit Log Select this check box to log all matched rules in the default set.
The IPSEC ESP (Encapsulation Security Protocol) tunneling protocol uses this service. This is another popular Internet chat program. Microsoft Networks’ messenger service uses this protocol. Internet Group Multicast Protocol is used when sending packets to a specific group of hosts. Prestige 650 series User’s Guide DESCRIPTION 12-9...
Page 146
SERVICE NEWS(TCP:144) NFS(UDP:2049) NNTP(TCP:119) PING(ICMP:0) POP3(TCP:110) PPTP(TCP:1723) PPTP_TUNNEL(GRE:0) RCMD(TCP:512) REAL_AUDIO(TCP:7070) REXEC(TCP:514) RLOGIN(TCP:513) RTELNET(TCP:107) RTSP(TCP/UDP:554) SFTP(TCP:115) SMTP(TCP:25) SNMP(TCP/UDP:161) SNMP-TRAPS (TCP/UDP:162) SQL-NET(TCP:1521) 12-10 Table 12-3 Predefined Services DESCRIPTION A protocol for news groups. Network File System - NFS is a client/server distributed file service that provides transparent file-sharing for network environments.
Its primary function is to allow users to log into remote host systems. Trivial File Transfer Protocol is an Internet file transfer protocol similar to FTP, but uses the UDP (User Datagram Protocol) rather than TCP (Transmission Control Protocol). Another videoconferencing solution. Prestige 650 series User’s Guide 12-11...
Figure 12-5 Creating/Editing A Firewall Rule The following table describes the labels in this screen. LABEL Click SrcAdd to add a new address, SrcEdit to edit an existing one or SrcDelete to Source Address delete one. 12-12 Table 12-4 Creating/Editing A Firewall Rule DESCRIPTION Creating Custom Rules...
To add a new source or destination address, click SrcAdd or DestAdd from the previous screen. To edit an existing source or destination address, select it from the box and click SrcEdit or DestEdit from the previous screen. Either action displays the following screen. Creating Custom Rules Prestige 650 series User’s Guide DESCRIPTION 12-13...
Figure 12-6 Adding/Editing Source and Destination Addresses The following table describes the labels in this screen. Table 12-5 Adding/Editing Source and Destination Addresses LABEL Address Type Do you want your rule to apply to packets with a particular (single) IP address, a range of IP addresses (e.g., 192.168.1.10 to 192.169.1.50), a subnet or any IP address? Select an option from the drop-down list box that includes: Single Address, Range Address, Subnet Address and Any Address.
Prestige considers the connection closed. ICMP Timeout Type the number of seconds (default 60) for an ICMP session to wait for the ICMP response. Creating Custom Rules Prestige 650 series User’s Guide Figure 12-7 Timeout Table 12-6 Timeout DESCRIPTION 12-15...
Page 152
LABEL Back Click Back to return to the previous screen. Click Apply to save your customized settings and exit this screen. Apply Cancel Click Cancel to return to the previous configuration. 12-16 Table 12-6 Timeout DESCRIPTION Creating Custom Rules...
Prestige 650 series User’s Guide Chapter 13 Customized Services This chapter covers creating, viewing and editing custom services. This chapter applies to the Prestige 650H/HW and Prestige 650H-E. 13.1 Introduction to Customized Services Configure customized services and port numbers not predefined by the Prestige (see Figure 12-5). For a comprehensive list of port numbers and services, visit the IANA (Internet Assigned Number Authority) website.
LABEL Customized Services This is the number of your customized port. Click a rule’s number of a service to go to the Firewall Customized Services Config screen to configure or edit a customized service. Name This is the name of your customized service. This shows the IP protocol (TCP, UDP or Both) that defines your customized Protocol service.
Click Rule Summary under Internet to Local Network Set. Step 2. Click a rule number to open the edit rule screen. Step 3. Click Any in the Source Address box and then click ScrDelete. Customized Services DESCRIPTION Figure 13-3 Edit Rule Example Prestige 650 series User’s Guide 13-3...
Step 1. Click ScrAdd to open the Rule IP Config screen. Configure it as follows and click Apply. Step 5. Click Edit Available Service in the Edit rule screen and then click a rule number to bring up the Firewall Customized Services Config screen. Configure as follows. Figure 13-5 Customized Service for MyService Example Customized services show up with an “*”...
Click Apply when finished. Figure 13-6 Syslog Rule Configuration Example Customized Services Prestige 650 series User’s Guide This is the address range of the MyService computers. This is your MyService custom port.
Step 6. On completing the configuration procedure for these Internet firewall rules, the Rule Summary screen should look like the following. Don’t forget to click Apply when you have finished configuring your rule(s) to save your settings back to the Prestige. This rule allows a MyService connection from the WAN.
Prestige 650 series User’s Guide Chapter 14 Content Filtering This chapter covers how to configure content filtering. This chapter applies to the Prestige 650H/HW. 14.1 Content Filtering Overview Internet content filtering allows you to create and enforce Internet access policies tailored to your needs.
The following table describes the labels in this screen. LABEL Enable Keyword Blocking Select this check box to enable this feature. Block Websites that This box contains the list of all the keywords that you have configured the Prestige contain these keywords in to block.
To set the days and times for the Prestige to perform content filtering, click Content Filter and Schedule. The screen appears as shown. The following table describes the labels in this screen. Content Filtering Table 14-1 Content Filter: Keyword DESCRIPTION Figure 14-2 Content Filter: Schedule Prestige 650 series User’s Guide 14-3...
LABEL Days to Block: Select a check box to configure which days of the week (or everyday) you want the content filtering to be active. Time of Day to Use the 24 hour format to configure which time of the day (or select the All day check box) Block: you want the content filtering to be active.
14.5 Configuring Logs This screen records the results of your content filter policies. Click Content Filter and Logs. The screen appears as shown Content Filtering Table 14-3 Content Filter: Trusted DESCRIPTION Figure 14-4 Content Filter Logs Prestige 650 series User’s Guide 14-5...
The following table describes the labels in this screen. LABEL Page Choose a page of logs from the drop-down list box to display. This is the index number of the content filter log. Time This field displays the time of the log. Source IP This field displays the IP address of the computer accessing the web site.
Decryption is the opposite of encryption: it is a mathematical operation that transforms “ciphertext” to plaintext. Decryption also requires a key. Introduction to IPSec Prestige 650 Series User’s Guide Chapter 15 Introduction to IPSec...
Data Confidentiality The IPSec sender can encrypt packets before transmitting them across a network. Data Integrity The IPSec receiver can validate packets sent by the IPSec sender to ensure that the data has not been altered during transmission. Data Origin Authentication The IPSec receiver can verify the source of IPSec packets.
Prestige 650 Series User’s Guide Figure 15-2 VPN Application 15.2 IPSec Architecture The overall IPSec architecture is shown as follows. Introduction to IPSec 15-3...
AH protocol digitally signs the outbound packet, both data payload and headers, with a hash value appended to the packet. When using AH protocol, packet contents (the data payload) are not encrypted. Introduction to IPSec Prestige 650 Series User’s Guide 15-5...
A NAT device in between the IPSec endpoints will rewrite either the source or destination address with one of its own choosing. The VPN device at the receiving end will verify the integrity of the incoming packet by computing its own hash value, and complain that the hash value appended to the received packet doesn't match.
Prestige 650 Series User’s Guide Chapter 16 VPN Screens This chapter introduces the VPN screens. See the Logs chapter for information on viewing logs and the Reference Guide for IPSec log descriptions. This chapter applies to the Prestige 650H/HW. 16.1 VPN/IPSec Overview Use the screens documented in this chapter to configure rules for VPN connections and manage VPN connections.
DES (default) Data Encryption Standard (DES) is a widely used method of data encryption using a private (secret) key. DES applies a 56-bit key to each 64-bit block of data. 3DES Triple DES (3DES) is a variant of DES, which iterates three times with three separate keys (3 x 56 = 168 bits), effectively doubling the strength of DES.
Prestige 650 Series User’s Guide The Secure Gateway IP Address may be configured as 0.0.0.0 only when using IKE key management and not Manual key management. 16.5 VPN Summary Screen The following figure helps explain the main fields in the web configurator.
The following table describes the labels in this screen. LABEL This is the VPN policy index number. Click a number to edit VPN policies. Name This field displays the identification name for this VPN policy. Active This field displays whether the VPN policy is active or not. A "Y" signifies that this VPN policy is active.
Telecommuters can use separate passwords to simultaneously connect to the Prestige from IPSec routers with dynamic IP addresses (see section 16.17.2 for a telecommuter configuration example). VPN Screens Table 16-2 VPN Summary DESCRIPTION drops the tunnel after two minutes. Prestige 650 Series User’s Guide 16-5...
With main mode (see section 16.10.1), the ID type and content are encrypted to provide identity protection. In this case the Prestige can only distinguish between up to eight different incoming SAs that connect from remote IPSec routers that have dynamic WAN IP addresses. The Prestige can distinguish up to eight incoming SAs because you can select between two encryption algorithms (DES and 3DES), two authentication algorithms (MD5 and SHA1) and two key groups (DH1 and DH2) when you configure a VPN rule (see section 16.11).
16.9 Editing VPN Policies Click a number (No.) on the Summary screen to edit VPN policies. VPN Screens Prestige 650 Series User’s Guide PRESTIGE B Local ID type: IP Local ID content: 1.1.1.2 Peer ID type: E-mail Peer ID content: tom@yourcompany.com...
LAN’s full IP address range as the local IP address, then you cannot configure any other active rules with the Secure Gateway Address field set to 0.0.0.0. VPN Screens Prestige 650 Series User’s Guide Table 16-7 VPN IKE DESCRIPTION...
Page 182
LABEL Local Address Type Use the drop-down menu to choose Single, Range, or Subnet. Select Single for a single IP address. Select Range for a specific range of IP addresses. Select Subnet to specify IP addresses on a network by their subnet mask. IP Address Start When the Local Address Type field is configured to Single, enter a (static) IP address on the LAN behind your Prestige.
Page 183
Peer ID Type Select IP to identify the remote IPSec router by its IP address. Select DNS to identify the remote IPSec router by a domain name. Select E-mail to identify the remote IPSec router by an e-mail address. VPN Screens Prestige 650 Series User’s Guide Table 16-7 VPN IKE DESCRIPTION 16-11...
Page 184
Prestige 650 Series User’s Guide Table 16-7 VPN IKE LABEL DESCRIPTION Content When you select IP in the Peer ID Type field, type the IP address of the computer with which you will make the VPN connection or leave the field blank to have the Prestige automatically use the address in the Secure Gateway Address field.
Figure 16-4 Two Phases to Set Up the IPSec SA In phase 1 you must: Choose a negotiation mode. Authenticate the connection by entering a pre-shared key. Choose an encryption algorithm. Choose an authentication algorithm. VPN Screens Prestige 650 Series User’s Guide Table 16-7 VPN IKE DESCRIPTION 16-13...
Choose a Diffie-Hellman public-key cryptography key group (DH1 or DH2). Set the IKE SA lifetime. This field allows you to determine how long an IKE SA should stay up before it times out. An IKE SA times out when the IKE SA lifetime period expires. If an IKE SA times out when an IPSec SA is already established, the IPSec SA stays connected.
Prestige 650 Series User’s Guide 16.10.3 Perfect Forward Secrecy (PFS) Enabling PFS means that the key is transient. The key is thrown away and replaced by a brand new key using a new Diffie-Hellman exchange for each new IPSec SA setup. With PFS enabled, if one key is compromised, previous and subsequent keys are not compromised, because subsequent keys are not derived from previous keys.
Prestige 650 Series User’s Guide Figure 16-5 VPN IKE: Advanced The following table describes the labels in this screen. Table 16-8 VPN IKE: Advanced LABEL DESCRIPTION VPN - IKE Protocol Enter 1 for ICMP, 6 for TCP, 17 for UDP, etc. 0 is the default and signifies any protocol.
Page 189
Both ends of the VPN tunnel must use the same pre-shared key. You will receive a “PYLD_MALFORMED” (payload malformed) packet if the same pre-shared key is not used on both ends. VPN Screens Table 16-8 VPN IKE: Advanced DESCRIPTION Prestige 650 Series User’s Guide 16-17...
Page 190
LABEL Encryption Select DES or 3DES from the drop-down list box. Algorithm When DES is used for data communications, both sender and receiver must know the same secret key, which can be used to encrypt and decrypt the message or to generate and verify a message authentication code.
VPN gateway to the local VPN gateway. The local VPN gateway then uses the network, encryption and key values that the administrator associated with the SPI to establish the tunnel. VPN Screens Table 16-8 VPN IKE: Advanced DESCRIPTION Prestige 650 Series User’s Guide 16-19...
Prestige 650 Series User’s Guide Current ZyXEL implementation assumes identical outgoing and incoming SPIs. 16.13 Configuring Manual Key You only configure VPN Manual Key when you select Manual in the Key Management field on the VPN IKE screen. This is the VPN Manual Key screen as shown next.
Local Address Type Use the drop-down menu to choose Single, Range, or Subnet. Select Single for a single IP address. Select Range for a specific range of IP addresses. Select Subnet to specify IP addresses on a network by their subnet mask. VPN Screens Table 16-9 VPN Manual Key DESCRIPTION Prestige 650 Series User’s Guide 16-21...
Page 194
LABEL IP Address Start When the Local Address Type field is configured to Single, enter a (static) IP address on the LAN behind your Prestige. When the Local Address Type field is configured to Range, enter the beginning (static) IP address, in a range of computers on your LAN behind your Prestige.
Page 195
MD5 authentication or 20 characters for SHA-1 authentication. Any characters may be used, including spaces, but trailing spaces are truncated. Back Click Back to return to the previous screen. VPN Screens Table 16-9 VPN Manual Key DESCRIPTION Prestige 650 Series User’s Guide 16-23...
LABEL Apply Click Apply to save your changes back to the Prestige. Cancel Click Cancel to begin configuring this screen afresh. Delete Click Delete to remove the current rule. 16.14 Viewing SA Monitor Click VPN and Monitor to open the SA Monitor screen as shown. Use this screen to display and manage active VPN connections.
Both AH and ESP increase Prestige processing requirements and communications latency (delay). Select Disconnect next to a security association and then click Apply to stop that Disconnect security association. VPN Screens Figure 16-7 SA Monitor Table 16-10 SA Monitor DESCRIPTION Prestige 650 Series User’s Guide 16-25...
LABEL Back Click Back to return to the previous screen. Apply Click Apply to save your changes back to the Prestige. Click Refresh to display the current active VPN connection(s). Refresh 16.15 Configuring Global Setting To change your Prestige’s global settings, click VPN and then Global Setting. The screen appears as shown. The following table describes the labels in this screen.
This screen is useful for troubleshooting. A log index number, the date and time the log was created and a log message are displayed. VPN Screens Prestige 650 Series User’s Guide Figure 16-9 VPN Logs Table 16-12 VPN Logs DESCRIPTION...
Double exclamation marks (!!) denote an error or warning message. The following table shows sample log messages during IKE key exchange. Table 16-13 Sample IKE Key Exchange Logs LOG MESSAGE Cannot find outbound SA for rule <#d> Send Main Mode request to <IP> Send Aggressive Mode request to <IP>...
The Prestige cannot find a phase 2 SA that corresponds with the SPI of an inbound packet (from the peer); the packet is dropped. If the Prestige receives a packet with the wrong sequence number it will discard it. Prestige 650 Series User’s Guide DESCRIPTION 16-29...
Table 16-14 Sample IPSec Logs During Packet Transmission LOG MESSAGE !! Inbound packet authentication failed !! Inbound packet decryption failed Rule <#d> idle time out, disconnect The following table shows RFC-2408 ISAKMP payload types that the log displays. Please refer to the RFC for detailed information on each type.
Remote IP 0.0.0.0 (N/A) Address: VPN Screens HEADQUARTERS 0.0.0.0 (dynamic IP address assigned by the ISP) With this IP address Public static IP address Telecommuter A: 192.168.2.12 Telecommuter B: 192.168.3.2 Telecommuter C: 192.168.4.15 192.168.1.10 Prestige 650 Series User’s Guide TELECOMMUTERS 16-31...
16.17.2 Telecommuters Using Unique VPN Rules Example In this example the telecommuters (A, B and C in the figure) use IPSec routers with domain names that are mapped to their dynamic WAN IP addresses (use Dynamic DNS to do this). With aggressive negotiation mode (see section 16.10.1), the Prestige can use the ID types and contents to distinguish between VPN rules.
If a VPN tunnel uses Telnet, FTP, WWW SNMP, DNS or ICMP, then you should configure remote management (REMOTE MGNT) to allow access for that service. VPN Screens Prestige 650 Series User’s Guide TELECOMMUTERS Peer ID Type: E-mail Peer ID Content: bob@bigcompanyhq.com Telecommuter A (telecommutera.dydns.org)
Remote Management, UPnP and Logs Part VI: Remote Management, UPnP and Logs This part contains information on how to configure the Prestige for remote management, setting up Universal Plug and Play (UPnP) and the logs.
Telnet session; it will not begin if there already is a Telnet session. 7. There is a firewall rule that blocks it. Remote Management Configuration Prestige 650 Series User’s Guide Chapter 17 available on all models...
17.1.2 Remote Management and NAT When NAT is enabled: Use the Prestige’s WAN IP address when configuring from the WAN. Use the Prestige’s LAN IP address when configuring from the LAN. 17.1.3 System Timeout There is a system timeout of five minutes (three hundred seconds) for either the console port or telnet/web/FTP connections.
The default 0.0.0.0 allows any client to use this service to remotely manage the Prestige. Type Client IP an IP address to restrict access to a client with a matching IP address. Remote Management Configuration Figure 17-2 Remote Management Table 17-1 Remote Management DESCRIPTION Prestige 650 Series User’s Guide 17-3...
Page 210
LABEL Apply Click Apply to save your settings back to the Prestige. Cancel Click Cancel to begin configuring this screen afresh. 17-4 Table 17-1 Remote Management DESCRIPTION Remote Management Configuration...
The automated nature of NAT traversal applications in establishing their own services may present network security issues. Network information and configuration may also be obtained and modified by users in some network environments. UPnP This chapter introduces the UPnP feature in the web configurator. Prestige 650 Series User’s Guide Chapter 18 18-1...
Prestige 650 Series User’s Guide All UPnP-enabled devices may communicate freely with each other without additional configuration. Disable UPnP if this is not your intention. 18.2 UPnP and ZyXEL ZyXEL has achieved UPnP certification from the Universal Plug and Play Forum Creates UPnP™...
Follow the steps below to install the UPnP in Windows Me. Step 1. Click Start and Control Panel. Double-click Add/Remove Programs. Step 2. Click on the Windows Setup tab and select Communication in the Components selection box. Click Details. UPnP Prestige 650 Series User’s Guide 18-3...
Step 3. In the Communications window, select the Universal Plug and Play check box in the Components selection box. Step 4. Click OK to go back to the Add/Remove Programs Properties window and click Next. Step 5. Restart the computer when prompted. 18.3.2 Installing UPnP in Windows XP Follow the steps below to install the UPnP in Windows XP.
Make sure the computer is connected to a LAN port of the Prestige. Turn on your computer and the Prestige. 18.4.1 Auto-discover Your UPnP-enabled Network Device Step 1. Click start and Control Panel. Double-click Network Connections. An icon displays under Internet Gateway. Step 2. Right-click the icon and select Properties. UPnP Prestige 650 Series User’s Guide 18-5...
Page 216
Step 3. In the Internet Connection Properties window, click Settings to see the port mappings there were automatically created. When the UPnP-enabled device is disconnected from your computer, all port Step 5. Select Show icon in notification area when connected option and click OK. An icon displays in the system tray 18-6 mappings will be deleted automatically.
Prestige first. This comes helpful if you do not know the IP address of the Prestige. Follow the steps below to access the web configurator. Step 1. Click Start and then Control Panel. Step 2. Double-click Network Connections. Step 3. Select My Network Places under Other Places. UPnP Prestige 650 Series User’s Guide 18-7...
Page 218
Step 4. An icon with the description for each UPnP-enabled device displays under Local Network. Step 5. Right-click on the icon for your Prestige and select Invoke. The web configurator login screen displays. Step 6. Right-click on the icon for your Prestige and select Properties.
Prestige 650 Series User’s Guide Chapter 19 Logs Screens This chapter contains information about configuring general log settings and viewing the Prestige’s logs. This chapter is only applicable to P650H-E. Refer to the appendices for example log message explanations. 19.1 Logs Overview The web configurator allows you to choose which categories of events and/or alerts to have the Prestige log and then display the logs or have the Prestige send them to an administrator (as e-mail) or to a syslog server.
Enter the time of the day in 24-hour format (for example 23:00 equals 11:00 pm) to send the logs. Logs Screens Table 19-1 Log Settings DESCRIPTION Daily Weekly Hourly When Log is Full None. Prestige 650 Series User’s Guide 19-3...
Prestige 650 Series User’s Guide LABEL Select the categories of logs that you want to record. Logs include alerts. Send Immediate Alert Select the categories of alerts for which you want the Prestige to instantly e-mail alerts to the e-mail address specified in the Send Alerts To field.
Table 19-2 View Logs DESCRIPTION Table 19-3 SMTP Error Messages -1 means Prestige out of socket -2 means tcp SYN fail -3 means smtp server OK fail -4 means HELO fail -5 means MAIL FROM fail Prestige 650 Series User’s Guide 19-5...
19.4.1 Example E-mail Log An "End of Log" message displays for each mail in which a complete log has been sent. The following is an example of a log sent by e-mail. Subject: Firewall Alert From Prestige Date: Fri, 07 Apr 2000 10:05:42 From: user@zyxel.com user@zyxel.com...
The Prestige leaves the bandwidth budget allocated and unused for a class that does not have a filter itself or child-classes with filters. View your configured bandwidth classes and child-classes in the Class Setup tab (see section 20.9 for details). Bandwidth Management Prestige 650 Series User’s Guide Bandwidth Management only applies to the Prestige P650H/HW. Chapter 20...
Prestige 650 Series User’s Guide The total of the configured bandwidth budgets for child-classes cannot exceed the configured bandwidth budget speed of the parent class. 20.3 Proportional Bandwidth Allocation Bandwidth management allows you to define how much bandwidth each class gets; however, the actual bandwidth allotted to each class decreases or increases in proportion to actual available bandwidth.
Table 20-1 Application and Subnet-based Bandwidth Management Example TRAFFIC TYPE VoIP E-mail Video Bandwidth Management Prestige 650 Series User’s Guide FROM SUBNET A 64 kbps 64 kbps 64 kbps 64 kbps 64 kbps FROM SUBNET B...
Prestige 650 Series User’s Guide Figure 20-3 Application and Subnet-based Bandwidth Management Example 20.5 Scheduler The scheduler divides up an interface’s bandwidth among the bandwidth classes. The Prestige has two types of scheduler: fairness-based and priority-based. 20.5.1 Priority-based Scheduler With the priority-based scheduler, the Prestige forwards traffic from bandwidth classes according to the priorities that you assign to the bandwidth classes.
Prestige 650 Series User’s Guide and on their priority levels. When only one class requires more bandwidth, the Prestige gives extra bandwidth to that class. When multiple classes require more bandwidth, the Prestige gives the highest priority classes the available bandwidth first (as much as they require, if there is enough available bandwidth), and then to lower priority classes if there is still bandwidth available.
The following figure shows the bandwidth usage with the maximize bandwidth usage option enabled. The Prestige divides up the unbudgeted 2 Mbps among the classes that require more bandwidth. If the administration department only uses 1 Mbps of the budgeted 2 Mbps, the Prestige also divides the remaining 1 Mbps among the classes that require more bandwidth.
Prestige 650 Series User’s Guide 20.7 Bandwidth Borrowing Bandwidth borrowing allows a child-class to borrow unused bandwidth from its parent class, whereas maximize bandwidth usage allows bandwidth classes to borrow any unused or unbudgeted bandwidth on the whole interface. Enable bandwidth borrowing on a child-class to allow the child-class to use its parent class’s unused bandwidth.
Prestige 650 Series User’s Guide Figure 20-6 Bandwidth Borrowing Example The Bill class can borrow unused bandwidth from the Sales USA class because the Bill class has bandwidth borrowing enabled. The Bill class can also borrow unused bandwidth from the Sales class because the Sales USA class also has bandwidth borrowing enabled.
20.8 Configuring Summary Click BW Manager, Summary to open the Summary screen. Enable bandwidth management on an interface and set the maximum allowed bandwidth for that interface. Bandwidth Management Prestige 650 Series User’s Guide 20-9...
Figure 20-7 Bandwidth Manager: Summary The following table describes the labels in this screen. LABEL These read-only labels represent the physical interfaces. WLAN Active Select an interface’s check box to enable bandwidth management on that interface. Speed (kbps) Enter the amount of bandwidth for this interface that you want to allocate using bandwidth management.
(see section 20.6.1). The Administration and Sales USA bandwidth classes each have bigger bandwidth budgets than the total of the budgets of their child-classes. The child-classes can borrow the extra bandwidth as long as they have bandwidth borrowing enabled (see section 20.7). Bandwidth Management Prestige 650 Series User’s Guide DESCRIPTION 20-11...
Figure 20-8 Bandwidth Manager: Class Setup The following table describes the labels in this screen. Table 20-3 Bandwidth Manager: Class Setup LABEL Interface Select an interface from the drop-down list box for which you wish to set up classes. Back Click Back to go to the main BW Manager screen.
Prestige 650 Series User’s Guide 20.9.1 Bandwidth Manager Class Configuration Configure a bandwidth management class in the Class Configuration screen. You must use the Bandwidth Manager - Summary screen to enable bandwidth management on an interface before you can configure classes for that interface.
Table 20-4 Bandwidth Manager: Class Configuration LABEL Class Name Use the auto-generated name or enter a descriptive name of up to 20 alphanumeric characters, including spaces. BW Budget (kbps) Specify the maximum bandwidth allowed for the class in kbps. The recommendation is a setting between 20 kbps and 20000 kbps for an individual class.
20.9.2 Bandwidth Management Statistics Use the Bandwidth Management Statistics screen to view network performance information. Click the Statistics button in the Class Setup screen to open the Statistics screen. Figure 20-10 Bandwidth Management Statistics The following table describes the labels in this screen. Table 20-6 Bandwidth Management Statistics LABEL Class Name...
This field displays the amount of bandwidth allocated to the class. Current Usage (kbps) This field displays the amount of bandwidth that each class is using. Bandwidth Management DESCRIPTION Table 20-7 Bandwidth Manager Monitor DESCRIPTION Prestige 650 Series User’s Guide 20-17...
Page 244
LABEL Back Click Back to go to the main BW Manager screen. Click Refresh to update the page. Refresh 20-18 Table 20-7 Bandwidth Manager Monitor DESCRIPTION Bandwidth Management...
Prestige 650 Series User’s Guide Chapter 21 Maintenance This chapter displays system information such as ZyNOS firmware, port IP addresses and port traffic statistics. 21.1 Maintenance Overview Use the maintenance screens to view system information, upload new firmware, manage configuration and restart your Prestige.
DHCP Start IP This is the first of the contiguous addresses in the IP address pool. DHCP Pool Size This is the number of IP addresses in the IP address pool. Maintenance Table 21-1 System Status DESCRIPTION Prestige 650 Series User’s Guide 21-3...
LABEL Show Statistics Click Show Statistics to see router performance statistics such as number of packets sent and number of packets received for each port. 21.2.1 System Statistics Click Show Statistics in the System Status screen to open the following screen. Read-only information here includes port status and packet specific statistics.
This field displays the number of bytes transmitted in the last second. Rx B/s This field displays the number of bytes received in the last second. Up Time This field displays the elapsed time this port has been up. Maintenance Prestige 650 Series User’s Guide DESCRIPTION 21-5...
LABEL Collisions This is the number of collisions on this port. Poll Interval(s) Type the time interval for the browser to refresh system statistics. Set Interval Click this button to apply the new poll interval you entered in the Poll Interval field above.
This screen displays the MAC address(es) of the wireless clients that are currently logged in to the network. Click Wireless LAN and then Association List to open the screen shown next. The following table describes the labels in this screen. Maintenance Table 21-3 DHCP Table DESCRIPTION Figure 21-4 Association List Prestige 650 Series User’s Guide 21-7...
LABEL This is the index number of an associated wireless client. MAC Address This field displays the MAC (Media Access Control) address of an associated wireless station. Every Ethernet device has a unique MAC address. The MAC address is assigned at the factory and consists of six pairs of hexadecimal characters, for example, 00:A0:C5:00:00:02.
These read-only screens display information to help you identify problems with the Prestige. Click Diagnostic to display the following screen. 21.5.1 Diagnostic General Screen Click Diagnostic and then General to open the screen shown next. Maintenance Table 21-5 Channel Usage Table DESCRIPTION Figure 21-6 Diagnostic Prestige 650 Series User’s Guide 21-9...
The following table describes the labels in this screen. LABEL TCP/IP Type the IP address of a computer that you want to ping in order to test a connection. Address Ping Click this button to ping the IP address that you entered. Click this button to reboot the Prestige.
Prestige 650 Series User’s Guide Table 21-6 Diagnostic General LABEL DESCRIPTION Back Click this button to go back to the main Diagnostic screen. 21.5.2 Diagnostic DSL Line Screen Click Diagnostic and then DSL Line to open the screen shown next.
LABEL Reset ADSL Click this button to reinitialize the ADSL line. The large text box above then displays the Line progress and results of this operation, for example: "Start to reset ADSL Loading ADSL modem F/W... Reset ADSL Line Successfully!" ATM Status Click this button to view ATM status.
The Prestige automatically restarts in this time causing a temporary network disconnect. In some operating systems, you may see the following icon on your desktop. Maintenance Figure 21-9 Firmware Upgrade Table 21-8 Firmware Upgrade DESCRIPTION Prestige 650 Series User’s Guide 21-13...
Prestige 650 Series User’s Guide Figure 21-10 Network Temporarily Disconnected After two minutes, log in again and check your new firmware version in the System Status screen. If the upload was not successful, the following screen will appear. Click Back to go back to the Firmware screen.
Prestige 650 Series User’s Guide Figure 21-12 Backup Configuration 21.7.2 Restore Configuration Restore configuration replaces your Prestige 's current configuration (firewall settings, etc.) with a previously saved configuration. Restore files (usually) have a .ROM extension, e.g., "prestige.rom". The system reboots automatically after the file transfer is complete and uses the configured values in the file.
LABEL File Path Type in the location of the file you want to upload in this field or click Browse ... to find it. Click Browse... to find the file you want to upload. Remember that you must decompress Browse... compressed (.ZIP) files before you can upload them.
Prestige 650 Series User’s Guide If you uploaded the default configuration file you may need to change the IP address of your computer to be in the same subnet as that of the default Prestige IP address (192.168.1.1). See the appendix for details on how to set up your computer’s IP address.
Prestige 650 Series User’s Guide The following warning screen will appear. Figure 21-18 Reset Warning Message You can also press the RESET button on the side panel to reset the factory defaults of your Prestige. Refer to the Resetting the Prestige section for more information on the RESET button.
SMT General Configuration Part IX: SMT General Configuration This part covers System Management Terminal configuration for general setup, LAN setup, wireless LAN setup, Internet access, remote nodes, remote node TCP/IP, static routing and NAT. See the web configurator parts of this guide for background information on features configurable by web configurator and SMT.
For your first login, enter the default password “1234”. As you type the password, the screen displays an asterisk “*” for each character you type. Introducing the SMT Prestige 650 Series User’s Guide Chapter 22 Introducing the SMT overview of its menus.
Prestige 650 Series User’s Guide Please note that if there is no activity for longer than five minutes after you log in, your Prestige will automatically log you out. Enter Password : **** Figure 22-1 Login Screen 22.1.4 Prestige SMT Menu Overview We use the Prestige 650H/HW-31 SMT menus in this guide as an example.
Diagnostic Upload System Firmware Menu 24.6 Menu 24.5 System Maintenance -- System Maintenance -- Restore Configuration Backup Configuration Prestige 650 Series User’s Guide Menu 14 Menu 15 Dial-in User Setup NAT Setup Menu 14.1 Menu 15.1 Menu 15.1.x Edit Dial-in User...
Prestige 650 Series User’s Guide 22.2 Navigating the SMT Interface The SMT (System Management Terminal) is the interface that you use to configure your Prestige. Several operations that you should be familiar with before you attempt to modify the configuration are listed in the table below.
Filter and Firewall Setup SNMP Configuration System Security System Maintenance Introducing the SMT Copyright (c) 1994 - 2003 ZyXEL Communications Corp. Prestige 650H/HW-31 Main Menu Advanced Management Enter Menu Selection Number: Use this menu to set up your general information.
Prestige 650 Series User’s Guide Table 22-2 Main Menu Summary for P650H/HW-31 MENU TITLE IP Routing Policy Setup Schedule Setup VPN/IPSec Setup Exit 22.3 Changing the System Password Change the Prestige default password by following the steps shown next. Step 1.
Name) on each individual computer, the domain name can be assigned from the Prestige via DHCP. 23.2 Configuring Menu 1 Enter 1 in the Main Menu to open Menu 1 — General Setup (shown next). General Setup Prestige 650 Series User’s Guide Chapter 23 General Setup 23-1...
Prestige 650 Series User’s Guide System Name= ? Location= Contact Person's Name= Domain Name= Edit Dynamic DNS= No Route IP= Yes Bridge= No Fill in the required fields. Refer to the table shown next for more information about these fields.
When you have completed this menu, press [ENTER] at the prompt “Press ENTER to Confirm…” to save your configuration, or press [ESC] at any time to cancel. General Setup Menu 1.1 - Configure Dynamic DNS Press ENTER to confirm or ESC to cancel: DESCRIPTION Prestige 650 Series User’s Guide EXAMPLE WWW.DynDNS.ORG (default) me.dyndns.org mail@mailserver...
Figure 24-1 Menu 3 LAN Setup Menu 3.1 - LAN Port Filter Setup Input Filter Sets: protocol filters= device filters= Output Filter Sets: protocol filters= device filters= Press ENTER to Confirm or ESC to Cancel: Prestige 650 Series User’s Guide Chapter 24 LAN Setup 24-1...
Prestige 650 Series User’s Guide 24.2 Protocol Dependent Ethernet Setup Depending on the protocols for your applications, you need to configure the respective Ethernet Setup, as outlined below. For TCP/IP Ethernet setup refer to the Internet Access Application chapter. For bridging Ethernet setup refer to the Bridging Setup chapter.
RIP-2B or RIP-2M. LAN Setup DESCRIPTION DESCRIPTION SPACE BAR ] to select the RIP direction. Choices are SPACE BAR] to select the RIP version. Choices are RIP-1, Prestige 650 Series User’s Guide EXAMPLE Server (default) 192.168.1.33 EXAMPLE 192.168.1.1 255.255.255. Both...
Page 280
Prestige 650 Series User’s Guide Table 24-2 TCP/IP Ethernet Setup Menu Fields FIELD Multicast IGMP (Internet Group Multicast Protocol) is a network-layer protocol used to establish membership in a Multicast group. The Prestige supports both IGMP version 1 (IGMP-v1) and version 2 (IGMP-v2).
Menu 3 – LAN Setup. When menu 3 appears, press 5 and then press [ENTER] to display Menu 3.5 – Wireless LAN Setup as shown next. Wireless LAN Setup Prestige 650 Series User’s Guide Wireless LAN Setup applicable to the Prestige 650H and Prestige 650HW.
Prestige 650 Series User’s Guide Figure 25-1 Menu 3.5 - Wireless LAN Setup The following table describes the fields in this menu. Table 25-1 Wireless LAN Setup Field Description FIELD ESSID The ESSID (Extended Service Set IDentifier) identifies the service set the wireless station is to connect to.
The next layer of security is MAC address filter. To allow a wireless station to associate with the Prestige, enter the MAC address of the wireless LAN card on that wireless station in the MAC address table. Wireless LAN Setup Prestige 650 Series User’s Guide DESCRIPTION EXAMPLE...
Prestige 650 Series User’s Guide ------------------------------------------------------------------------------ 00:00:00:00:00:00 00:00:00:00:00:00 00:00:00:00:00:00 00:00:00:00:00:00 00:00:00:00:00:00 00:00:00:00:00:00 00:00:00:00:00:00 00:00:00:00:00:00 00:00:00:00:00:00 00:00:00:00:00:00 00:00:00:00:00:00 00:00:00:00:00:00 ------------------------------------------------------------------------------ Press Space Bar to Toggle. Figure 25-2 Menu 3.5.1 WLAN MAC Address Filtering The following table describes the fields in this menu.
Prestige 650 Series User’s Guide Chapter 26 Internet Access This chapter shows you how to configure the LAN and WAN of your Prestige for Internet access 26.1 Internet Access Overview Refer to the chapters on the web configurator’s wizard, LAN and WAN screens for more background information on fields in the SMT screens covered in this chapter.
Prestige 650 Series User’s Guide Figure 26-1 Physical Network Figure 26-2 Partitioned Logical Networks Use menu 3.2.1 to configure IP Alias on your Prestige. 26.4 IP Alias Setup Use menu 3.2 to configure the first network. Move the cursor to Edit IP Alias field and press [SPACEBAR] to choose Yes and press [ENTER] to configure the second and third network.
IP Address= N/A IP Subnet Mask= N/A RIP Direction= N/A Version= N/A Incoming protocol filters= N/A Outgoing protocol filters= N/A Enter here to CONFIRM or ESC to CANCEL: Figure 26-4 Menu 3.2.1 IP Alias Setup Prestige 650 Series User’s Guide 26-3...
Prestige 650 Series User’s Guide FIELD IP Alias Choose Yes to configure the LAN network for the Prestige. IP Address Enter the IP address of your Prestige in dotted decimal notation IP Subnet Your Prestige will automatically calculate the subnet mask based on Mask the IP address that you assign.
Network Address Translation= SUA Only Address Mapping Set= N/A Press ENTER to Confirm or ESC to Cancel: Table 26-2 Menu 4 Internet Access Setup DESCRIPTION SPACE BAR ] to select the method of encapsulation Prestige 650 Series User’s Guide EXAMPLE MyISP ENET ENCAP 26-5...
Page 290
Prestige 650 Series User’s Guide Table 26-2 Menu 4 Internet Access Setup FIELD Multiplexing Press [ by your ISP. Choices are VC-based or LLC-based. VPI # Enter the Virtual Path Identifier (VPI) assigned to you. VCI # Enter the Virtual Channel Identifier (VCI) assigned to you.
Page 291
Internet Access Table 26-2 Menu 4 Internet Access Setup DESCRIPTION SPACE BAR ] to select None, SUA Only or Full Prestige 650 Series User’s Guide EXAMPLE SUA Only 26-7...
When menu 11 appears, as shown in the following figure, type the number of the remote node that you want to configure. Remote Node Configuration Remote Node Configuration This chapter covers remote node configuration. Prestige 650 Series User’s Guide Chapter 27 27-1...
Prestige 650 Series User’s Guide 27.2.2 Encapsulation and Multiplexing Scenarios For Internet access you should use the encapsulation and multiplexing methods used by your ISP. Consult your ISP for information on encapsulation and multiplexing methods for LAN-to-LAN applications, for example between a branch office and corporate headquarters. There must be prior agreement on encapsulation and multiplexing methods because they cannot be automatically determined.
Nailed-Up Connection= N/A Session Options: Edit Filter Sets= No Idle Timeout(sec)= N/A Edit Traffic Redirect= No DESCRIPTION Prestige 650 Series User’s Guide Edit IP/Bridge Options in menu 11.3. Edit ATM Options in menu 11.6 Edit Filter Sets in menu 11.5.
Page 296
Prestige 650 Series User’s Guide Table 27-1 Menu 11.1 Remote Node Profile FIELD Rem Login Type the login name that this remote node will use to call your Prestige. The login name and the Rem Password will be used to authenticate this node.
The metric represents the "cost of transmission". A router determines the best route for transmission by choosing a path with the lowest "cost". RIP routing uses hop count as the measurement of cost, with a Remote Node Configuration Prestige 650 Series User’s Guide DESCRIPTION EXAMPLE...
Prestige 650 Series User’s Guide minimum of "1" for directly connected networks. The number must be between "1" and "15"; a number greater than "15" means the link is down. The smaller the number, the lower the "cost". The metric sets the priority for the Prestige’s routes to the Internet. If any two of the default routes have the same metric, the Prestige uses the following pre-defined priorities: 1.
Prestige 650 Series User’s Guide Table 27-2 Menu 11.3 Remote Node Network Layer Options FIELD Address When Full Feature is selected in the NAT field, configure address Mapping Set mapping sets in menu 15.1. Select one of the NAT server sets (2-10) in menu 15.2 (see the NAT chapter for details) and type that number here.
Prestige 650 Series User’s Guide Figure 27-4 Sample IP Addresses for a TCP/IP LAN-to-LAN Connection 27.5 Remote Node Filter Move the cursor to the Edit Filter Sets field in menu 11.1, then press [SPACE BAR] to select Yes. Press [ENTER] to display Menu 11.5 – Remote Node Filter.
Prestige 650 Series User’s Guide Enter here to CONFIRM or ESC to CANCEL: Figure 27-5 Menu 11.5 Remote Node Filter (RFC 1483 or ENET Encapsulation) Enter here to CONFIRM or ESC to CANCEL: Figure 27-6 Menu 11.5 Remote Node Filter (PPPoA or PPPoE Encapsulation) 27.5.1 Web Configurator Internet Security Filter Rules...
Prestige 650 Series User’s Guide Figure 27-7 Internet Security Once you apply the filter rules in the web configurator, filter sets 11 and 12 are automatically applied in the protocol filters field under Input Filter Sets in SMT menu 11.5.
Prestige 650 Series User’s Guide Filter Set # ------ ----------------- NetBIOS_WAN NetBIOS_LAN TELNET_WAN PPPoE FTP_WAN _______________ Figure 27-8 Menu 21- Filer Set Configuration (P650R and P650R-E) The following figures display the filter rules in filter sets 11 and 12. # A Type...
Prestige 650 Series User’s Guide Menu 11.6 - Remote Node ATM Layer Options VPI/VCI (LLC-Multiplexing or PPP-Encapsulation) VPI #= 8 VCI #= 35 ATM QoS Type= UBR Peak Cell Rate (PCR)= 0 Sustain Cell Rate (SCR)= 0 Maximum Burst Size (MBS)= 0 ENTER here to CONFIRM or ESC to CANCEL: Figure 27-12 Menu 11.6 for LLC-based Multiplexing or PPP Encapsulation...
Prestige 650 Series User’s Guide The following network topology allows you to avoid triangle route security issues when the backup gateway is connected to the LAN. Use IP alias to configure the LAN into two or three logical networks with the Prestige itself as the gateway for each LAN network.
Prestige 650 Series User’s Guide Rem Node Name= MyISP Active= Yes Encapsulation= ENET ENCAP Multiplexing= LLC-based Service Name= N/A Incoming: Rem Login= N/A Rem Password= N/A Outgoing: My Login= N/A My Password= N/A Authen= N/A Figure 27-15 Menu 11.1 – Remote Node Profile To configure traffic redirect properties, press [SPACE BAR] to select Yes in the Edit Traffic Redirect field and then press [ENTER].
[ESC] to cancel and go back to the previous screen. Remote Node Configuration Menu 11.7 - Traffic Redirect Setup Backup Gateway IP Address= 0.0.0.0 Metric= 15 DESCRIPTION Prestige 650 Series User’s Guide 27-17...
Prestige 650 Series User’s Guide Chapter 28 Static Route Setup This chapter shows how to setup IP static routes. 28.1 IP Static Route Overview Static routes tell the Prestige routing information that it cannot learn automatically through other means. This can arise in cases where RIP is disabled on the LAN or a remote network is beyond the one that is directly connected to a remote node.
Prestige 650 Series User’s Guide 28.2 Configuring an IP static route Step 1. To configure an IP static route, use Menu 12 – Static Route Setup (shown next). Step 2. From menu 12, select 1 to open Menu 12.1 — IP Static Route Setup (shown next).
Menu 12.1.1 - Edit IP Static Route Route #: 1 Route Name= ? Active= No Destination IP Address= ? IP Subnet Mask= ? Gateway IP Address= ? Metric= 2 Private= No Press ENTER to Confirm or ESC to Cancel: DESCRIPTION Prestige 650 Series User’s Guide 28-3...
Page 314
Prestige 650 Series User’s Guide Table 28-1 Menu12.1.1 Edit IP Static Route FIELD Private This parameter determines if the Prestige will include the route to this remote node in its RIP broadcasts. If set to Yes, this route is kept private and is not included in RIP broadcasts.
Prestige 650 Series User’s Guide Chapter 29 Bridging Setup This chapter shows you how to configure the bridging parameters of your Prestige. 29.1 Bridging Overview Bridging bases the forwarding decision on the MAC (Media Access Control), or hardware address, while routing does it on the network layer (IP) address.
4. ________ Enter selection number: Menu 12.3.1 - Edit Bridge Static Route Route #: 1 Route Name= Active= No Ether Address= ? IP Address= Gateway Node= 1 Press ENTER to Confirm or ESC to Cancel: Prestige 650 Series User’s Guide 29-3...
Prestige 650 Series User’s Guide The following table describes the Edit Bridge Static Route menu. Table 29-2 Menu 12.3.1 Edit Bridge Static Route FIELD Route # This is the route index number you typed in Menu 12.3 – Bridge Static Route Setup.
Prestige 650 Series User’s Guide Chapter 30 Network Address Translation (NAT) This chapter discusses how to configure NAT on the Prestige. 30.1 NAT Overview 30.1.1 SUA (Single User Account) Versus NAT SUA (Single User Account) is a ZyNOS implementation of a subset of NAT that supports two types of mapping, Many-to-One and Server.
11.3, the SMT will use Set 1. When you select SUA Only, the SMT will use the pre-configured Set 255 (read only). Menu 11.3 - Remote Node Network Layer Options Bridge Options: Ethernet Addr Timeout(min)= N/A Enter here to CONFIRM or ESC to CANCEL: DESCRIPTION Prestige 650 Series User’s Guide EXAMPLE Full Feature None SUA Only 30-3...
Prestige 650 Series User’s Guide The server set is a list of LAN servers mapped to external ports. To use this set, a server rule must be set up inside the NAT address mapping set. Please see the section on port forwarding in the chapter on NAT web configurator screens for further information on these menus.
Local End IP Global Start IP --------------- --------------- 255.255.255.255 0.0.0.0 0.0.0.0 Press ENTER to Confirm or ESC to Cancel: Menu 15.1.255 is read-only. DESCRIPTION Prestige 650 Series User’s Guide Global End IP Type --------------- ------ Server+ EXAMPLE 0.0.0.0 255.255.255.255 0.0.0.0...
Prestige 650 Series User’s Guide FIELD When you have completed this menu, press [ENTER] at the prompt “Press ENTER to confirm or ESC to cancel” to save your configuration or press [ESC] to cancel and go back to the previous screen.
Address Mapping Rule in which you can edit an individual rule and configure the Type, Local and Global Start/End IPs. An End IP address must be numerically greater than its corresponding IP Start Table 30-3 Menu 15.1.1 First Set DESRIPTION address. Prestige 650 Series User’s Guide EXAMPLE ACL Default Edit 30-7...
Prestige 650 Series User’s Guide Press Space Bar to Toggle. Figure 30-7 Menu 15.1.1.1 Editing/Configuring an Individual Rule in a Set The following table explains the fields in this menu. Table 30-4 Menu 15.1.1.1 Editing/Configuring an Individual Rule in a Set...
4. Server Set 4 5. Server Set 5 6. Server Set 6 7. Server Set 7 8. Server Set 8 9. Server Set 9 10. Server Set 10 Enter Set Number to Edit: Prestige 650 Series User’s Guide EXAMPLE 30-9...
Prestige 650 Series User’s Guide Rule --------------------------------------------------- Figure 30-9 Menu 15.2.1 NAT Server Setup Step 4. Enter a port number in an unused Start Port No field. To forward only one port, enter it again in the End Port No field. To specify a range of ports, enter the last port to be forwarded in the End Port No field.
Prestige 650 Series User’s Guide Figure 30-10 Multiple Servers Behind NAT Example 30.5 General NAT Examples The following are some examples of NAT configuration. 30.5.1 Example 1: Internet Access Only In the following Internet access example, you only need one rule where your ILAs (Inside Local addresses) all map to one dynamic IGA (Inside Global Address) assigned by your ISP.
Prestige 650 Series User’s Guide ISP's Name= MyISP Encapsulation= RFC 1483 Multiplexing= LLC-based VPI #= 8 VCI #= 35 ATM QoS Type= UBR My Login= N/A My Password= N/A ENET ENCAP Gateway= N/A IP Address Assignment= Static Network Address Translation= SUA Only Press ENTER to Confirm or ESC to Cancel: Figure 30-12 Menu 4 Internet Access &...
Figure 30-14 Menu 15.2.1 Specifying an Inside Server Figure 30-13 NAT Example 2 Start Port No. End Port No. Default Default Press ENTER to Confirm or ESC to Cancel: Prestige 650 Series User’s Guide IP Address 192.168.1.10 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0...
Prestige 650 Series User’s Guide 30.5.3 Example 3: Multiple Public IP Addresses With Inside Servers In this example, there are 3 IGAs from our ISP. There are many departments but two have their own FTP server. All departments share the same router. The example will reserve one IGA for each department with an FTP server and all departments use the other IGA.
Press ENTER to Confirm or ESC to Cancel: Figure 30-16 Example 3: Menu 11.3 Menu 15.1.1.1 Address Mapping Rule = N/A = N/A Press ENTER to Confirm or ESC to Cancel: Figure 30-17 Example 3: Menu 15.1.1.1 Prestige 650 Series User’s Guide 30-15...
Prestige 650 Series User’s Guide Set Name= Example3 Local Start IP --------------- 1. 192.168.1.10 192.168.1.11 3. 0.0.0.0 Figure 30-18 Example 3: Final Menu 15.1.1 Now configure the IGA3 to map to our web server and mail server on the LAN.
Prestige 650 Series User’s Guide 30.5.4 Example 4: NAT Unfriendly Application Programs Some applications do not support NAT Mapping using TCP or UDP port address translation. In this case it is better to use Many-to-Many No Overload mapping as port numbers do not change for Many-to- Many No Overload (and One-to-One) NAT mapping types.
Prestige 650 Series User’s Guide Type= Many-to-Many No Overload Local IP: Start= 192.168.1.10 = 192.168.1.12 Global IP: Start= 10.132.50.1 = 10.132.50.3 Server Mapping Set= N/A Figure 30-20 Example 4: Menu 15.1.1.1 Address Mapping Rule After you’ve configured your rule, you should be able to check the settings in menu 15.1.1 as shown next.
SMT Advanced Management Part X: SMT Advanced Management This part discusses filtering setup, SNMP, system security, system information and diagnosis, firmware and configuration file maintenance, system maintenance, remote management, IP policy routing and call scheduling. See the web configurator parts of this guide for background information on features configurable by web configurator and SMT.
Prestige 650 Series User’s Guide Chapter 31 Filter Configuration This chapter shows you how to create and apply filters. 31.1 About Filtering Your Prestige uses filters to decide whether or not to allow passage of a data packet and/or to make a call.
Prestige 650 Series User’s Guide Outgoing Data Packet Match Drop packet Figure 31-1 Outgoing Packet Filtering Process Two sets of factory filter rules have been configured in menu 21 to prevent NetBIOS traffic from triggering calls. A summary of their filter rules is shown in the figures that follow.
Filter Configuration Filter Set Fetch Next Filter Rule Next filter Rule Available? Check Next Rule Figure 31-2 Filter Rule Process Prestige 650 Series User’s Guide Start Packet intoFilter Fetch First Filter Set Fetch First Filter Rule Active? Execute Filter Rule...
Prestige 650 Series User’s Guide For incoming packets, your Prestige applies data filters only. Packets are processed depending on whether a match is found. The following sections describe how to configure filter sets. The Filter Structure of the Prestige A filter set consists of one or more filter rules. Usually, you would group related rules, for example, all the rules for NetBIOS, into a single set and give it a descriptive name.
Enter Filter Rule Number (1-6) to Configure: Menu 21.1.4 - Filter Rules Summary Filter Rules Enter Filter Rule Number (1-6) to Configure: Figure 31-6 IGMP Filter Rules Summary Prestige 650 Series User’s Guide M m n N D N N D N N D N...
Prestige 650 Series User’s Guide 31.3 Configuring a Filter Set for the Prestige 650R and the Prestige 650R-E To configure a filter set, follow the steps shown next. Step 1. Enter 21 in the main menu to display Menu 21 – Filter Set Configuration.
Enter Filter Rule Number (1-6) to Configure: Figure 31-9 PPPoE Filter Rules Summary Menu 21.5 - Filter Rules Summary Filter Rules Enter Filter Rule Number (1-6) to Configure: Prestige 650 Series User’s Guide M m n N D F M m n N F N...
Prestige 650 Series User’s Guide 31.3.1 Filter Rules Summary Menus The following tables briefly describe the abbreviations used in menu 21.1.x. Table 31-1 Abbreviations Used in the Filter Rules Summary Menu FIELD The filter rule number: 1 to 6. Active: “Y” means the rule is active. “N” means the rule is inactive.
To configure TCP/IP rules, select TCP/IP Filter Rule from the Filter Type field and press [ENTER] to open Menu 21.x.1 – TCP/IP Filter Rule, as shown next. Filter Configuration Table 31-2 Rule Abbreviations Used DESCRIPTION Offset Length Prestige 650 Series User’s Guide 31-9...
Prestige 650 Series User’s Guide Press Space Bar to Toggle. Figure 31-11 Menu 21.1.x.1 TCP/IP Filter Rule The following table describes how to configure your TCP/IP filter rule. Table 31-3 Menu 21.1.x.1 TCP/IP Filter Rule FIELD Filter # This is the filter set, filter rule coordinates, for instance, 2, 3 refers to the second filter set and the third filter rule of that set.
Page 349
If More is Yes, then Action Matched and Action Not Matched will be N/A. Filter Configuration Prestige 650 Series User’s Guide DESCRIPTION EXAMPLE IP address IP mask...
Page 350
Prestige 650 Series User’s Guide Table 31-3 Menu 21.1.x.1 TCP/IP Filter Rule FIELD Select the logging option from the following: None – No packets will be logged. Action Matched – Only packets that match the rule parameters will be logged.
Drop Packet Filter Configuration Not Matched Not Matched Not Matched Not Matched Check Next Rule Check Next Rule Forward Check Next Rule Figure 31-12 Executing an IP Filter Prestige 650 Series User’s Guide Action Not Matched Drop Forward Accept Packet 31-13...
Prestige 650 Series User’s Guide 31.4.2 Generic Filter Rule This section shows you how to configure a generic filter rule. The purpose of generic rules is to allow you to filter non-IP packets. For IP, it is generally easier to use the IP rules directly.
When you have completed this menu, press [ENTER] at the prompt “Press ENTER to confirm or ESC to cancel” to save your configuration or press [ESC] to cancel and go back to the previous screen. Filter Configuration Prestige 650 Series User’s Guide DESCRIPTION EXAMPLE...
Prestige 650 Series User’s Guide 31.5 Filter Types and NAT There are two classes of filter rules, Generic Filter Device rules and Protocol Filter (TCP/IP) rules. Generic Filter rules act on the raw data from/to LAN and WAN. Protocol Filter rules act on IP packets.
Enter the index number of the filter set you want to configure (in this case 6) Step 3. Type a descriptive name or comment in the Edit Comments field (for example, TELNET_WAN) and press [ENTER]. Filter Configuration Figure 31-15 Sample Telnet Filter Prestige 650 Series User’s Guide 31-17...
Prestige 650 Series User’s Guide Step 4. Press [ENTER] at the message 21.6 — Filter Rules Summary. Step 5. Type 1 to configure the first filter rule. Make the entries in this menu as shown next. When you press [ENTER] to confirm, the following screen appears. Note that there is only one filter rule in this set.
(n = F) if the action is not matched no matter whether there are more rules to be checked (there aren’t in this example). Prestige 650 Series User’s Guide M m n N D F 31-19...
Prestige 650 Series User’s Guide FILTER SETS Input Filter Sets: Output Filter Sets: Call Filter Sets: 31.7.1 Ethernet Traffic You seldom need to filter Ethernet traffic; however, the filter sets may be useful to block certain packets, reduce traffic and prevent security breaches. Go to menu 3.1 (shown next) and type the number(s) of the filter set(s) that you want to apply as appropriate.
Output Filter Sets: protocol filters= 1 device filters= Call Filter Sets: Protocol filters= Device filters= Prestige 650 Series User’s Guide Apply filter 3 to block Tel traffic from the WAN. Apply filter 1 to block NETBIOS traffic to the WAN.
Yes in the Active field to activate the firewall. The firewall must be active to protect against Denial of Service (DoS) attacks. Additional rules may be configured using the web configurator. Enabling the Firewall Prestige 650 Series User’s Guide Chapter 32 Enabling the Firewall Prestige 650H/HW.
Prestige 650 Series User’s Guide The firewall protects against Denial of Service (DOS) attacks when it is active. The default Policy sets 1. allow all sessions originating from the LAN to the WAN and 2. deny all sessions originating from the WAN to the LAN...
After viewing the firewall log, enter “y” to clear the log or “n” to retain it. With either option you will be returned to Menu 21 - Filter and Firewall Setup. Enabling the Firewall DESCRIPTION Prestige 650 Series User’s Guide EXAMPLE dd:mm:yy e.g., Jan 01 0 hh:mm:ss e.g., 00:04:28 not match <1,01>...
Prestige 650 Series User’s Guide Chapter 33 SNMP Configuration This chapter explains SNMP Configuration menu 22. 33.1 SNMP Overview Simple Network Management Protocol is a protocol used for exchanging management information between network devices. SNMP is a member of the TCP/IP protocol suite. Your Prestige supports SNMP agent functionality, which allows a manager station to manage and monitor the Prestige through the network.
Prestige 650 Series User’s Guide An agent is a management software module that resides in a managed device (the Prestige). An agent translates the local management information from the managed device into a form compatible with SNMP. The manager is the console through which network administrators perform network management functions.
Get Community= public Set Community= public Trusted Host= 0.0.0.0 Trap: Community= public Destination= 0.0.0.0 Press ENTER to Confirm or ESC to Cancel: Table 33-1 Menu 22 SNMP Configuration DESCRIPTION Prestige 650 Series User’s Guide EXAMPLE public public 0.0.0.0 public 0.0.0.0 33-3...
Prestige 650 Series User’s Guide 33.4 SNMP Traps The Prestige will send traps to the SNMP manager when any one of the following events occurs: TRAP # TRAP NAME coldStart (defined in RFC-1215) warmStart (defined in RFC-1215) linkDown (defined in RFC-1215)
2. RADIUS Server 4. IEEE802.1x Figure 34-1 Menu 23 System Security Menu 23 - System Security 1. Change Password 2. RADIUS Server 4. IEEE802.1x Figure 34-2 Menu 23 System Security Prestige 650 Series User’s Guide Chapter 34 System Security 34-1...
Prestige 650 Series User’s Guide Figure 34-3 Menu 23.2 System Security : RADIUS Server The following table describes the fields in this menu. Table 34-1 Menu 23.2 System Security : RADIUS Server FIELD Authentication Server Active Press [SPACE BAR] to select Yes and press [ENTER] to enable user authentication through an external authentication server.
Enter 4 to display Menu 23.4 – System Security – IEEE802.1x. System Security DESCRIPTION Menu 23 - System Security 1. Change Password 2. RADIUS Server 4. IEEE802.1x Figure 34-4 Menu 23 System Security Prestige 650 Series User’s Guide EXAMPLE 1813 34-3...
Prestige 650 Series User’s Guide Wireless Port Control= Authentication Required ReAuthentication Timer (in second)= 1800 Idle Timeout (in second)= 3600 Authentication Databases= Local User Database Only Figure 34-5 Menu 23.4 System Security : IEEE802.1x The following table describes the fields in this menu.
RADIUS server. Follow the steps below to set up user profiles on your Prestige. Step 1. From the main menu, enter 14 to display Menu 14 - Dial-in User Setup. System Security Prestige 650 Series User’s Guide DESCRIPTION 34-5...
Prestige 650 Series User’s Guide 1. ________ 2. ________ 3. ________ 4. ________ 5. ________ 6. ________ 7. ________ 8. ________ Step 3. Type a number and press [ENTER] to edit the user profile. The following table describes the fields in this menu.
System Information and Console Port Speed Log and Trace Diagnostic Backup Configuration Restore Configuration Upload Firmware Command Interpreter Mode Call Control 10. Time and Date Setting 11. Remote Management Enter Menu Selection Number: Prestige 650 Series User’s Guide Chapter 35 35-1...
Prestige 650 Series User’s Guide Node-Lnk Status 1-ENET My WAN IP (from ISP) : Ethernet: Status: 10M/Half Duplex Collisions: 0 CPU Load= 3.8% Figure 35-2 Menu 24.1 System Maintenance : Status The following table describes the fields present in Menu 24.1 — System Maintenance — Status which are read-only and meant for diagnostic purposes.
Enter 1 in menu 24.2 to display the screen shown next. System Information and Diagnosis DESCRIPTION Menu 24.2 - System Information and Console Port Speed 1. System Information 2. Console Port Speed Please enter selection: Prestige 650 Series User’s Guide 35-3...
This refers to the routing protocol used. ZyNOS F/W Version This refers to the ZyNOS (ZyXEL Network Operating System) system firmware version. ZyNOS is a registered trademark of ZyXEL Communications Corporation. ADSL Chipset Vendor This displays the vendor of the ADSL chipset and DSL version.
Enter 1 from Menu 24.3 — System Maintenance — Log and Trace to display the error log in the system. System Information and Diagnosis Console Port Speed: 9600 Press ENTER to Confirm or ESC to Cancel: Prestige. 1. View Error Log 2. UNIX Syslog Please enter selection: Prestige 650 Series User’s Guide 35-5...
Prestige 650 Series User’s Guide After the Prestige finishes displaying the error log, you will have the option to clear it. Samples of typical error and information messages are presented in the next figure. 1 Sat Jan 01 00:00:02 2000 PP09 -WARN...
If you typed 12 to Ping Host, now type the address of the computer you want to ping. System Information and Diagnosis Menu 24.4 - System Maintenance – Diagnostic System 21. Reboot System 22. Command Mode Enter Menu Selection Number: Host IP Address= N/A DESCRIPTION Prestige 650 Series User’s Guide 35-9...
Prestige 650 Series User’s Guide Chapter 36 Firmware and Configuration File Maintenance This chapter tells you how to backup and restore your configuration file as well as upload new firmware and configuration files. 36.1 Filename Conventions The configuration file (often called the romfile or rom-0) contains the factory default settings in the menus such as password, DHCP Setup, TCP/IP Setup, etc.
Prestige 650 Series User’s Guide FILE TYPE INTERNAL NAME Configuration Rom-0 File Firmware 36.2 Backup Configuration The Prestige displays different messages explaining different ways to backup, restore and upload files in menus 24.5, 24.6, 24. 7.1 and 24.7.2; depending on whether you use the console port or Telnet.
36.2.3 Example of FTP Commands from the Command Line Firmware and Configuration File Maintenance Menu 24.5 - Backup Configuration For details on backup using TFTP (note that you must remain Press ENTER to Exit: Figure 36-1 Telnet in Menu 24.5 Prestige 650 Series User’s Guide 36-3...
Prestige 650 Series User’s Guide 331 Enter PASS command Password: 230 Logged in ftp> bin 200 Type I OK ftp> get rom-0 zyxel.rom 200 Port command okay 150 Opening data connection for STOR ras 226 File received OK ftp: 16384 bytes sent in 1.10Seconds 297.89Kbytes/sec.
Prestige IP address, “get” transfers the file source on the Prestige (rom-0, name of the configuration file on the Prestige) to the file destination on the computer and renames it config.rom. Firmware and Configuration File Maintenance Prestige 650 Series User’s Guide 36-5...
Prestige 650 Series User’s Guide 36.2.8 GUI-based TFTP Clients The following table describes some of the fields that you may see in GUI-based TFTP clients. Table 36-3 General Commands for GUI-based TFTP Clients COMMAND Host Enter the IP address of the Prestige. 192.168.1.1 is the Prestige’s default IP address when shipped.
Firmware and Configuration File Maintenance ** Backup Configuration completed. OK. ### Hit any key to continue.### Prestige 650 Series User’s Guide Type a location for storing the configuration file or click Browse to look for one. Choose the Xmodem protocol.
Prestige 650 Series User’s Guide DO NOT INTERRUPT THE FILE TRANSFER PROCESS AS THIS MAY PERMANENTLY DAMAGE YOUR PRESTIGE. 36.3.1 Restore Using FTP For details about backup using (T)FTP please refer to earlier sections on FTP and TFTP file upload in this chapter.
Starting XMODEM download (CRC mode) ... CCCCCCCCC Figure 36-10 System Maintenance – Starting Xmodem Download Screen Step 3. Run the HyperTerminal program by clicking Transfer, then Send File as shown in the following screen. Firmware and Configuration File Maintenance Prestige 650 Series User’s Guide 36-9...
Prestige 650 Series User’s Guide Figure 36-11 Restore Configuration Example Step 4. After a successful restoration you will see the following screen. Press any key to restart the Prestige and return to the SMT menu. Figure 36-12 Successful Restoration Confirmation Screen 36.4 Uploading Firmware and Configuration Files...
36.4.3 FTP File Upload Command from the DOS Prompt Example Step 1. Launch the FTP client on your computer. Firmware and Configuration File Maintenance Prestige 650 Series User’s Guide Then type "root" and Press ENTER to Exit: Press ENTER to Exit:...
Prestige 650 Series User’s Guide Step 2. Enter “open”, followed by a space and the IP address of your Prestige. Step 3. Press [ENTER] when prompted for a username. Step 4. Enter your password as requested (the default is “1234”).
Uploading files via the console port under normal conditions is not recommended since FTP or TFTP is faster. Any serial communications program should work fine; however, you must use the Xmodem protocol to perform the download/upload. Firmware and Configuration File Maintenance Prestige 650 Series User’s Guide 36-13...
Prestige 650 Series User’s Guide 36.4.8 Uploading Firmware File Via Console Port (only for the Prestige 650H/HW) Step 1. Select 1 from Menu 24.7 – System Maintenance – Upload Firmware to display Menu 24.7.1 – System Maintenance – Upload System Firmware, then follow the instructions as shown in the following screen.
Step 3. Enter “atgo” to restart the Prestige. 36.4.11 Example Xmodem Configuration Upload Using HyperTerminal Click Transfer, then Send File to display the following screen. Firmware and Configuration File Maintenance Do You Wish To Proceed:(Y/N) Prestige 650 Series User’s Guide 36-15...
Prestige 650 Series User’s Guide After the configuration upload process has completed, restart the Prestige by entering “atgo”. 36-16 Figure 36-19 Example Xmodem Upload Firmware and Configuration File Maintenance Type the configuration file’s location, or click Browse to search for it.
Log and Trace Diagnostic Backup Configuration Restore Configuration Upload Firmware Command Interpreter Mode Call Control 10. Time and Date Setting 11. Remote Management Enter Menu Selection Number: Figure 37-1 Command Mode in Menu 24 Prestige 650 Series User’s Guide Chapter 37 37-1...
Prestige 650 Series User’s Guide Copyright (c) 1994 - 2003 ZyXEL Communications Corp. ras> ? Valid commands are: ipsec ras> 37.2 Call Control Support Call Control Support is only applicable when Encapsulation is set to PPPoE in menu 4 or menu 11.1.
11.1. The period is the time cycle in hours that the allocation budget is reset (see menu 11.1.) The elapsed time is the time used up within this period. Prestige 650 Series User’s Guide Elapsed Time/Total Period No Budget EXAMPLE...
Prestige 650 Series User’s Guide 37.3 Time and Date Setting The Prestige keeps track of the time and date. There is also a software mechanism to set the time manually or get the current time and date from an external server when you turn on your Prestige. Menu 24.10 allows you to update the time and date settings of your Prestige.
The Prestige resets the time in three instances: On leaving menu 24.10 after making changes. When the Prestige starts up, if there is a time server configured in menu 24.10. iii. 24-hour intervals after starting. System Maintenance Prestige 650 Series User’s Guide DESCRIPTION 37-5...
Enter 11, from menu 24, to display Menu 24.11 — Remote Management Control (shown next). Remote Management Prestige 650 Series User’s Guide Chapter 38 Remote Management available on all models.
Prestige 650 Series User’s Guide TELNET Server: Server Port = 23 Secured Client IP = 0.0.0.0 FTP Server: Server Port = 21 Secured Client IP = 0.0.0.0 Web Server: Server Port = 80 Secured Client IP = 0.0.0.0 Figure 38-1 Menu 24.11 Remote Management Control The following table describes the fields in this menu.
(and hence the outgoing interface). • setting the TOS and precedence fields in the IP header. IP Policy Routing This chapter covers setting and applying policies used for IP routing. Prestige 650 Series User’s Guide Chapter 39 IP Policy Routing 39-1...
Prestige 650 Series User’s Guide IPPR follows the existing packet filtering facility of RAS in style and in implementation. The policies are divided into sets, where related policies are grouped together. A user defines the policies before applying them to an interface or a remote node, in the same fashion as the filters. There are 12 policy sets with six policies in each set.
IP layer 4 protocol number (TCP=6, UDP=17…) Type of service of incoming packet Precedence of incoming packet Gateway IP address Outgoing Type of service Outgoing Precedence Normal Minimum Delay Maximum Throughput Maximum Reliability Minimum Cost Prestige 650 Series User’s Guide |GW=192.168.1.1,T=MT,PR=0 39-3...
Prestige 650 Series User’s Guide Type a number from 1 to 6 to display Menu 25.1.1 – IP Routing Policy (see the next figure). This menu allows you to configure a policy rule. Policy Set Name= test Active= Yes Criteria:...
You can choose up to four IP policy sets (from 12) by typing their numbers separated by commas, for example, 2, 4, 7, 9. IP Policy Routing Table 39-2 Menu 25.1.1 IP Routing Policy Prestige 650 Series User’s Guide DESCRIPTION 39-5...
Prestige 650 Series User’s Guide Menu 3.2 - TCP/IP and DHCP Ethernet Setup DHCP Setup: DHCP= None Client IP Pool Starting Address= N/A Size of Client IP Pool= N/A Primary DNS Server= N/A Secondary DNS Server= N/A Remote DHCP Server= N/A TCP/IP Setup: IP Address= 192.168.1.1...
Prestige 650 Series User’s Guide 39.6 IP Policy Routing Example If a network has both Internet and remote node connections, you can route Web packets to the Internet using one policy and route FTP packets to a remote network using another policy. See the next figure.
Prestige 650 Series User’s Guide Step 1. Create a routing policy set in menu 25. Step 2. Create a rule for this set in Menu 25.1.1 — IP Routing Policy as shown next. Policy Set Name= set1 Active= Yes Criteria:...
RIP Direction= Both Version= RIP-1 Multicast= None IP Policies= 1,2 Edit IP Alias= No Press ENTER to Confirm or ESC to Cancel: Prestige 650 Series User’s Guide Packet length= 10 Len Comp= N/A end= N/A end= N/A end= N/A end= 21...
______________ ______________ ______________ ______________ Enter Schedule Set Number to Configure= Edit Name= Press ENTER to Confirm or ESC to Cancel: Figure 40-1 Menu 26 Schedule Setup Prestige 650 Series User’s Guide Chapter 40 Call Scheduling Name ------------------ ______________ ______________ ______________...
Prestige 650 Series User’s Guide To delete a schedule set, enter the set number and press [SPACE BAR] and then [ENTER] (or delete) in the Edit Name field. To setup a schedule set, select the schedule set you want to setup from menu 26 (1-12) and press [ENTER] to see Menu 26.1 —...
Page 423
Main Menu and then enter the target remote node index. Using [SPACE BAR], select PPPoE or PPPoA in the Encapsulation field and then press [ENTER] to make the schedule sets field available as shown next. Call Scheduling Prestige 650 Series User’s Guide DESCRIPTION EXAMPLE Once...
Prestige 650 Series User’s Guide Rem Node Name= ChangeMe Active= Yes Encapsulation= PPPoE Multiplexing=VC-based Service Name= Incoming Rem Login= Rem Password= ******** Outgoing= My Login=? My Password= ******** Authen= CHAP/PAP Figure 40-3 Applying Schedule Set(s) to a Remote Node (PPPoE) You can apply up to four schedule sets, separated by commas, for one remote node.
SMT VPN/IPSec and Internal SPTGEN Part XI: SMT VPN/IPSec and Internal SPTGEN This part provides information about configuring VPN/IPSec for secure communications and Internal SPTGEN for configuration of multiple Prestiges. See the web configurator parts of this guide for background information on features configurable by web configurator and SMT.
This is an overview of the VPN menu tree. From the main menu, enter 27 to display the first VPN menu (shown next). VPN/IPSec Setup VPN/IPSec Setup This chapter introduces the VPN SMT menus. Figure 41-1 VPN SMT Menu Tree Prestige 650 Series User’s Guide Chapter 41 41-1...
41.2 IPSec Summary Screen Type 1 in menu 27 and then press [ENTER] to display Menu 27.1 IPSec Summary. This is a summary read-only menu of your IPSec rules (tunnels). Edit or create an IPSec rule by selecting an index number and then configuring the associated submenus.
Page 429
(delay). You need to finish configuring the VPN policy in menu 27.1.1.1 or 27.1.1.2 if ??? is displayed. VPN/IPSec Setup Table 41-1 Menu 27.1 IPSec Summary DESCRIPTION Prestige 650 Series User’s Guide EXAMPLE Taiwan 192.168.1.35 192.168.1.38 Tunnel ESP DES MD5...
Page 430
FIELD Key Mgt This field displays the SA’s type of key management, (IKE or Manual). Remote When the Addr Type field in Menu 27.1.1 IPSec Setup is configured to Addr Start Single, this is a static IP address on the network behind the remote IPSec router.
[ENTER] to edit the VPN using the menu shown next. You must also configure menu 27.1.1.1 or menu 27.1.1.2 to fully configure and use VPN/IPSec Setup Table 41-1 Menu 27.1 IPSec Summary DESCRIPTION a VPN. Prestige 650 Series User’s Guide EXAMPLE None 41-5...
Index= 1 Active= Yes Local ID type= IP My IP Addr= 0.0.0.0 Peer ID type= IP Secure Gateway Address= zw50test.zyxel.com.tw Protocol= 0 Local: IP Addr Start= 1.1.1.1 Remote: IP Addr Start= 4.4.4.4 Enable Replay Detection = No Key Management= IKE Edit Key Management Setup= No The following table describes the fields in this menu.
Page 433
The domain name also does not have to match the remote router’s IP address or what you configure in the Secure Gateway Address field below. VPN/IPSec Setup Table 41-2 Menu 27.1.1 IPSec Setup DESCRIPTION Prestige 650 Series User’s Guide EXAMPLE 0.0.0.0 41-7...
Page 434
FIELD Secure Type the IP address or the domain name (up to 31 characters) of the Gateway IPSec router with which you’re making the VPN connection. Address Set this field to 0.0.0.0 if the remote IPSec router has a dynamic WAN IP address (the Key Management field must be set to IKE, see later).
Page 435
Prestige 650 Series User’s Guide Table 41-2 Menu 27.1.1 IPSec Setup FIELD DESCRIPTION EXAMPLE End/Subnet When the Addr Type field is configured to Single, this field is N/A. 192.168.1.38 Mask When the Addr Type field is configured to Range, enter the end (static) IP address, in a range of computers on the LAN behind your Prestige.
Page 436
FIELD End/Subnet When the Addr Type field is configured to Single, this field is N/A. Mask When the Addr Type field is configured to Range, enter the end (static) IP address, in a range of computers on the network behind the remote IPSec router.
Menu 27.1.1.1 - IKE Setup = ESP = DES = SHA1 = Tunnel Press ENTER to Confirm or ESC to Cancel: Figure 41-5 Menu 27.1.1.1 IKE Setup Table 41-3 Menu 27.1.1.1 IKE Setup DESCRIPTION Prestige 650 Series User’s Guide EXAMPLE Main 41-11...
FIELD Encryption When DES is used for data communications, both sender and receiver must Algorithm know the same secret key, which can be used to encrypt and decrypt the message or to generate and verify a message authentication code. Prestige DES encryption algorithm uses a 56-bit key.
To edit this menu, move the cursor to the Edit Manual Setup field in Menu 27.1.1 – IPSec Setup press [SPACE BAR] to select Yes and then press [ENTER] to go to Menu 27.1.1.2 – Manual Setup. VPN/IPSec Setup Table 41-3 Menu 27.1.1.1 IKE Setup DESCRIPTION SECURITY PROTOCOL Prestige 650 Series User’s Guide EXAMPLE None 41-13...
Active Protocol= ESP Tunnel ESP Setup AH Setup The following table describes the fields in this menu. FIELD Active Protocol Press [SPACE BAR] to choose from ESP Tunnel, ESP Transport, AH Tunnel or AH Transport and then press [ENTER]. Choosing an ESP combination causes the AH Setup fields to be non-applicable (N/A) ESP Setup The ESP Setup fields are N/A if you chose an AH Active Protocol.
Page 441
When you have completed this menu, press [ENTER] at the prompt “Press ENTER to Confirm…” to save your configuration, or press [ESC] at any time to cancel. VPN/IPSec Setup Table 41-5 Menu 27.1.1.2 Manual Setup DESCRIPTION Prestige 650 Series User’s Guide EXAMPLE 123456789a bcde 41-15...
The following table describes the fields in this menu. SA Monitor Menu 27.2 - SA Monitor Name Encap. --------- Tunnel Select Command= Refresh Select Connection= N/A Figure 42-1 Menu 27.2 SA Monitor Prestige 650 Series User’s Guide Chapter 42 SA Monitor IPSec ALgorithm ---------------- ESP DES MD5 42-1...
FIELD This is the security association index number. Name This field displays the identification name for this VPN policy. This name is unique for each connection where the secure gateway IP address is a public static IP address. When the secure gateway IP address is 0.0.0.0 (as discussed in the last chapter), there may be different connections using this same VPN rule.
This menu is useful for troubleshooting. A log index number, the date and time the log was created and a log message is displayed. Double exclamation marks (!!) denote an error or warning message. SA Monitor Prestige 650 Series User’s Guide Log: Send Main Mode request to <192.168.100.101> Send:<SA>...
Prestige 650 Series User’s Guide Chapter 43 Internal SPTGEN 43.1 Internal SPTGEN Overview Internal SPTGEN (System Parameter Table Generator) is a configuration text file useful for efficient configuration of multiple Prestiges. Internal SPTGEN lets you configure, save and upload multiple menus at the same time using just one configuration text file –...
This is the name of the menu. / Menu 1 General Setup 10000000 = Configured 10000001 = System Name 10000002 = Location 10000003 = Contact Person’s Name 10000004 = Route IP 10000005 = Route IPX 10000006 = Bridge This is the Field Identification Number column.
4. Edit the "rom-t" file using a text editor (do not use a word processor). You must leave this FTP screen to edit. Figure 43-4 Internal SPTGEN FTP Download Example Internal SPTGEN Prestige 650 Series User’s Guide c:\ftp 192.168.1.1 220 PPP FTP version 1.0 ready at Sat Jan 1 03:22:12 2000 User (192.168.1.1:(none)):...
You can rename your “rom-t” file when you save it to your computer but it must be named “rom-t” when you upload it to your Prestige. 43.4 Internal SPTGEN FTP Upload Example 1. Launch your FTP application. 2. Enter "bin". The command “bin” sets the transfer mode to binary.
Make sure your computer’s Ethernet card is working properly. If these steps fail to correct the problem, contact your local distributor for assistance. Troubleshooting Chart A-1 Troubleshooting Power LED CORRECTIVE ACTION Chart A-2 Troubleshooting LAN LED CORRECTIVE ACTION Prestige 650 Series User’s Guide Appendix A Troubleshooting...
A.1.3 DSL LED The DSL LED on the front panel does not light up. STEPS Check the telephone wire and connections between the Prestige DSL port and the wall jack. Make sure that the telephone company has checked your phone line and set it up for DSL service. Reset your ADSL line to reinitialize your link to the DSLAM.
If you changed the Prestige’s LAN IP address, then enter the new one as the URL. Remove any filters in SMT menu 3.1 (LAN) or menu 11.5 (WAN) that block web service. See also Section A.9. Troubleshooting Chart A-5 Troubleshooting Telnet CORRECTIVE ACTION CORRECTIVE ACTION Prestige 650 Series User’s Guide...
The web configurator does not display properly. Chart A-7 Troubleshooting Internet Browser Display STEPS Make sure you are using Internet Explorer 5.0 and later versions. Delete the temporary web files and log in again. In Internet Explorer, click Tools, Internet Options and then click the Delete Files ... button. When a Delete Files window displays, select Delete all offline content and click OK.
A.8 Internet Access I cannot access the Internet. Chart A-12 Troubleshooting Internet Access STEPS Make sure the Prestige is turned on and connected to the network. Troubleshooting Prestige 650 Series User’s Guide CORRECTIVE ACTION CORRECTIVE ACTION CORRECTIVE ACTION CORRECTIVE ACTION...
Chart A-12 Troubleshooting Internet Access STEPS If the DSL LED is off, refer to Section A.1.3. Verify your WAN settings. Refer to the WAN Setup chapter (web configurator) or the Internet Access chapter (SMT). Make sure you entered the correct user name and password. For wireless stations, check that both the Prestige and wireless station(s) are using the same ESSID, channel and WEP keys (if WEP encryption is activated).
Check menu 4 or WAN screen to verify that the username and password are entered properly. In menu 11.1, verify your login name and password for the remote node. If these steps fail, you may need to verify your login and password with your ISP. Troubleshooting Prestige 650 Series User’s Guide CORRECTIVE ACTION...
Chart B-1 Classes of IP Addresses OCTET 2 Host ID Network number Network number –2 or 254 hosts. –2 or 65534 hosts. Prestige 650 Series User’s Guide Appendix B IP Subnetting OCTET 3 OCTET 4 Host ID Host ID Host ID...
Prestige 650 Series User’s Guide A class “A” address (24 host bits) can have 2 Since the first octet of a class “A” IP address must contain a “0”, the first octet of a class “A” address can have a value of 0 to 127.
The first three octets of the address make up the network number (class “C”). You want to have two separate networks. IP Subnetting SUBNET MASK “1” BITS NETWORK NUMBER 192.168.1. 11000000.10101000.00000001. 255.255.255. 11111111.11111111.11111111. Prestige 650 Series User’s Guide LAST OCTET BIT VALUE 0000 0000 1000 0000 1100 0000 1110 0000 1111 0000 1111 1000 1111 1100...
Divide the network 192.168.1.0 into two separate subnets by converting one of the host ID bits of the IP address to a network number bit. The “borrowed” host ID bit can be either “0” or “1” thus giving two subnets; 192.168.1.0 with mask 255.255.255.128 and 192.168.1.128 with mask 255.255.255.128. In the following charts, shaded/bolded last octet bit values indicate host ID bits “borrowed”...
Highest Host ID: 192.168.1.126 Chart B-9 Subnet 3 NETWORK NUMBER 192.168.1. 11000000.10101000.00000001. 11111111.11111111.11111111. Lowest Host ID: 192.168.1.129 Highest Host ID: 192.168.1.190 Prestige 650 Series User’s Guide LAST OCTET BIT VALUE 00000000 11000000 LAST OCTET BIT VALUE 01000000 11000000 LAST OCTET BIT VALUE...
IP Address IP Address (Binary) Subnet Mask (Binary) Subnet Address: 192.168.1.192 Broadcast Address: 192.168.1.255 Example Eight Subnets Similarly use a 27-bit mask to create 8 subnets (001, 010, 011, 100, 101, 110). The following table shows class C IP address last octet values for each subnet. SUBNET SUBNET ADDRESS The following table is a summary for class “C”...
Page 468
NO. “BORROWED” HOST BITS Chart B-13 Class B Subnet Planning SUBNET MASK NO. SUBNETS 255.255.255.240 (/28) 255.255.255.248 (/29) 255.255.255.252 (/30) 255.255.255.254 (/31) NO. HOSTS PER SUBNET 4096 8192 16384 32768 IP Subnetting...
Page 469
ISM (Industrial, Scientific and Medical) band. The third method is infrared technology, using very high frequencies, just below visible light in the electromagnetic spectrum to carry data. Wireless LAN and IEEE 802.11 Prestige 650 Series User’s Guide Appendix C...
Page 470
Prestige 650 Series User’s Guide Ad-hoc Wireless LAN Configuration The simplest WLAN configuration is an independent (Ad-hoc) WLAN that connects a set of computers with wireless nodes or stations (STA), which is called a Basic Service Set (BSS). In the most basic form, a wireless LAN connects a set of computers with wireless adapters.
Page 471
Prestige 650 Series User’s Guide Diagram C-2 ESS Provides Campus-Wide Coverage Wireless LAN and IEEE 802.11...
3. It allows the ISP to use the existing dial-up model to authenticate and (optionally) to provide differentiated services. Traditional Dial-up Scenario The following diagram depicts a typical hardware configuration where the PCs use traditional dial-up networking. Diagram D-1 Single-PC per Router Hardware Configuration PPPoE Prestige 650 Series User’s Guide Appendix D PPPoE...
Page 474
Prestige 650 Series User’s Guide How PPPoE Works The PPPoE driver makes the Ethernet appear as a serial link to the PC and the PC runs PPP over it, while the modem bridges the Ethernet frames to the Access Concentrator (AC). Between the AC and an ISP, the AC is acting as a L2TP (Layer 2 Tunneling Protocol) LAC (L2TP Access Concentrator) and tunnels the PPP frames to the ISP.
Your service provider should supply you with VPI/VCI numbers. Virtual Circuit Topology Virtual Circuit Topology Logical connections between ATM switches A bundle of virtual channels A series of virtual paths between circuit end points Diagram E-1 Virtual Circuit Topology Prestige 650 Series User’s Guide Appendix E...
Prestige 650 Series User’s Guide Appendix F Setting up Your Computer’s IP Address All computers must have a 10M or 100M Ethernet adapter card and TCP/IP installed. Windows 95/98/Me/NT/2000/XP, Macintosh OS 7 and later operating systems and all versions of UNIX/LINUX include the software components you need to install and use TCP/IP on your computer.
The Network window Configuration tab displays a list of installed components. You need a network adapter, the TCP/IP protocol and Client for Microsoft Networks. If you need the adapter: In the Network window, click Add. Select Adapter and then click Add. Select the manufacturer and model of your network adapter and then click OK.
Page 479
-If you do not know your DNS information, select Disable DNS. -If you know your DNS information, select Enable DNS and type the information in the fields below (you may not need to fill them all in). Setting up Your Computer’s IP Address Prestige 650 Series User’s Guide...
Click the Gateway tab. -If you do not know your gateway’s IP address, remove previously installed gateways. -If you have a gateway IP address, type it in the New gateway field and click Add. Click OK to save and close the TCP/IP Properties window. Click OK to close the Network window.
Page 481
Windows 2000/NT, click Start, Settings, Control Panel. For Windows XP, click Network Connections. For Windows 2000/NT, click Network and Dial-up Connections. Setting up Your Computer’s IP Address Prestige 650 Series User’s Guide Right-click Local Area Connection and then click Properties.
Page 482
Select Internet Protocol (TCP/IP) (under the General tab in Win XP) and click Properties. The Internet Protocol TCP/IP Properties window opens (the General tab in Windows XP). -If you have a dynamic IP address click Obtain an IP address automatically. -If you have a static IP address click Use the following IP Address and fill in the IP address, Subnet mask, and Default gateway fields.
Page 483
Prestige 650 Series User’s Guide -If you do not know your gateway's IP address, remove any previously installed gateways in the IP Settings tab and click OK. Do one or more of the following if you want to configure additional IP addresses: -In the IP Settings tab, in IP addresses, click Add.
Page 484
In the Internet Protocol TCP/IP Properties window (the General tab in Windows XP): -Click Obtain DNS server address automatically if you do not know your DNS server IP address(es). -If you know your DNS server IP address(es), click Use the following DNS server addresses, and type them in the Preferred DNS server and Alternate DNS server fields.
Page 485
Macintosh OS 8/9 Click the Apple menu, Control Panel and double-click TCP/IP to open the TCP/IP Control Panel. Select Ethernet built-in from the Connect via list. Setting up Your Computer’s IP Address Prestige 650 Series User’s Guide...
Page 486
For dynamically assigned settings, select Using DHCP Server from the Configure: list. For statically assigned settings, do the following: -From the Configure box, select Manually. -Type your IP address in the IP Address box. -Type your subnet mask in the Subnet mask box. -Type the IP address of your Prestige in the Router address box.
Page 487
-Type the IP address of your Prestige in the Router address box. Click Apply Now and close the window. Turn on your Prestige and restart your computer (if prompted). Check your TCP/IP properties in the Network window. Setting up Your Computer’s IP Address Prestige 650 Series User’s Guide Verifying Settings F-11...
ADSL transmissions do not interfere with your telephone voice transmissions. The use of a telephone microfilter is optional. Step 1. Connect a phone cable from the wall jack to the single jack end of the Y- Connector. Splitters and Microfilters Prestige 650 Series User’s Guide Splitters and Microfilters Appendix G...
Page 490
Step 2. Connect a cable from the double jack end of the Y-Connector to the “wall side” of the microfilter. Step 3. Connect another cable from the double jack end of the Y-Connector to the Prestige. Step 4. Connect the “phone side” of the microfilter to your telephone as shown in the following figure. Prestige With ISDN This section relates to people who use their Prestige with ADSL over ISDN (digital telephone service) only.
Someone has failed to log on to the router via telnet. Someone has logged on to the router via ftp. Someone has failed to log on to the router via ftp. Prestige 650 Series User’s Guide Appendix H Log Descriptions...
LOG MESSAGE UPnP pass through Firewall The attack logs may include the protocol (Protocol) of the packet (for example TCP or UDP) that triggered the log. LOG MESSAGE attack (Protocol) land Protocol) icmp echo ICMP (type:%d, code:%d) syn flood TCP ports scan TCP teardrop (Protocol) illegal command TCP...
The Prestige sent or received an ICMP source quench packet to tell a host to slow down data transmission. The Prestige sent or received an ICMP Time Exceed packet because a packet with zero Time To Live (TTL) was dropped. Prestige 650 Series User’s Guide...
LOG MESSAGE ICMP Destination Unreachable Packet without a NAT table entry blocked (Protocol) Out of order TCP handshake packet blocked (Protocol) Unsupported/out-of- order ICMP (Protocol) Router reply ICMP packet Remote access denied LOG MESSAGE Firewall sent TCP reset packets TYPE CODE Echo Reply Echo reply message...
Page 495
Redirect datagrams for the Type of Service and Host Echo Echo message Time Exceeded Time to live exceeded in transit Fragment reassembly time exceeded Parameter Problem Pointer indicates the error Timestamp Timestamp request message Timestamp Reply Log Descriptions Prestige 650 Series User’s Guide Chart H-6 ICMP Notes DESCRIPTION...
Page 496
TYPE CODE Timestamp reply message Information Request Information request message Information Reply Information reply message Chart H-6 ICMP Notes DESCRIPTION Log Descriptions...
Prestige 650 Series User’s Guide Power consumption Safety standards AC Power Adapter model Input power Output power Power consumption Safety standards AC Power Adapter model Input power Output power Power consumption Safety standards AC Power Adapter model Input power Output power...
Prestige 650 Series User’s Guide Input power Output power Power consumption Safety standards AC Power Adapter model Input power Output power Power consumption Safety standards Prestige 650R-31/-33 ADSL over ISDN Router AC Power Adapter model Input power Output power Power consumption...
ITS-GS, CE (EN 60950) EUROPEAN PLUG STANDARDS DV-121AACCP-5716 AC230Volts/50Hz/100mA AC12Volts/1.0A TUV-GS, CE (EN 60950) UNITED KINGDOM PLUG STANDARDS AA-121AD AC230Volts/50Hz/140mA AC12Volts/1.0A ITS-GS, CE (EN 60950) NORTH AMERICA PLUG STANDARDS DV-1215A AC120Volts/60Hz/30W AC 12Volts/ 1.25A 12 W Prestige 650 Series User’s Guide...
Prestige 650 Series User’s Guide Safety standards AC Power Adapter model Input power Output power Power consumption Safety standards AC Power Adapter model Input power Output power Power consumption Safety standards Prestige 650HW-11/-13 ADSL Router with 4-Port Ethernet Switch/Wireless LAN...
UL, CUL, CSA (UL 1310, CSA C22.2 No.223) NORTH AMERICA PLUG STANDARDS AA-121A25 AC120Volts/60Hz/19W AC 12Volts/ 1.25A 15 W UL, CUL (UL 1310, CSA C22.2 No.223) EUROPEAN PLUG STANDARDS AA-121A3BN AC230Volts/50Hz/140mA AC12Volts/1.3A 15 W ITS-GS, CE (EN 60950) UNITED KINGDOM PLUG STANDARDS Prestige 650 Series User’s Guide...
Prestige 650 Series User’s Guide AC Power Adapter model Input power Output power Power consumption Safety standards Prestige 650H-E1/3/7 ADSL Router with 4-port Switch AC Power Adapter model Input power Output power Power consumption Safety standards AC Power Adapter model...
Page 505
AA-121ABN AC230Volts/50Hz/140mA AC12Volts/1.0A 10 W ITS-GS, CE (EN 60950) UNITED KINGDOM PLUG STANDARDS AA-121AD AC230Volts/50Hz/140mA AC12Volts/1.0A 10 W ITS-GS, CE (EN 60950, BS 7002) AUSTRALIA PLUG STANDARDS AA-121AE AC240Volts/50Hz/140mA AC12Volts/1.0A 10 W (AS/NZS 60950: 2000) Prestige 650 Series User’s Guide...