Page 1 P-660R/H-D Series ADSL 2+ Gateway User’s Guide Version 3.40 11/2005 Edition 1...
Page 4: Federal Communications Commission (Fcc) Interference Statement
P-660R/H-D Series User’s Guide Federal Communications Commission (FCC) Interference This device complies with Part 15 of FCC rules. Operation is subject to the following two conditions: • This device may not cause harmful interference. • This device must accept any interference received, including interference that may cause undesired operations.
Page 5 P-660R/H-D Series User’s Guide Certifications 1 Go to www.zyxel.com 2 Select your product from the drop-down list box on the ZyXEL home page to go to that product's page. 3 Select the certification you wish to view from this page. Federal Communications Commission (FCC) Interference Statement...
Page 6: Safety Warnings
P-660R/H-D Series User’s Guide For your safety, be sure to read and follow all warning notices and instructions. • To reduce the risk of fire, use only No. 26 AWG (American Wire Gauge) or larger telecommunication line cord. • Do NOT open the device or unit. Opening or removing covers can expose you to dangerous high voltage points or other risks.
Page 7: Zyxel Limited Warranty
P-660R/H-D Series User’s Guide ZyXEL Limited Warranty ZyXEL warrants to the original end user (purchaser) that this product is free from any defects in materials or workmanship for a period of up to two years from the date of purchase. During the warranty period, and upon proof of purchase, should the product have indications of failure due to faulty workmanship and/or materials, ZyXEL will, at its discretion, repair or replace the defective products or components without charge for either parts or labor, and to whatever...
Page 8: Customer Support
+7-3272-590-689 1-800-255-4101 www.us.zyxel.com +1-714-632-0882 +1-714-632-0858 ftp.us.zyxel.com +47-22-80-61-80 www.zyxel.no +47-22-80-61-81 REGULAR MAIL ZyXEL Communications Corp. 6 Innovation Road II Science Park Hsinchu 300 Taiwan ZyXEL Communications Czech s.r.o. Modranská 621 143 01 Praha 4 - Modrany Ceská Republika ZyXEL Communications A/S...
Page 9 Poland ZyXEL Russia Ostrovityanova 37a Str. Moscow, 117279 Russia ZyXEL Communications Alejandro Villegas 33 1º, 28043 Madrid Spain ZyXEL Communications A/S Sjöporten 4, 41764 Göteborg Sweden ZyXEL Ukraine 13, Pimonenko Str. Kiev, 04050 Ukraine ZyXEL Communications UK Ltd.,11 The Courtyard,...
Page 10 P-660R/H-D Series User’s Guide Customer Support...
Page 11: Table Of Contents
Copyright ... 2 Federal Communications Commission (FCC) Interference Statement ... 3 Safety Warnings ... 5 ZyXEL Limited Warranty... 6 Customer Support... 7 Table of Contents ... 10 List of Figures ... 24 List of Tables ... 32 Preface ... 36 Chapter 1 Getting To Know Your Prestige...
Page 12 P-660R/H-D Series User’s Guide Chapter 4 Wizard Setup for Media Bandwidth Management ... 58 4.1 Introduction ...58 4.1.1 Predefined Media Bandwidth Management Services ...58 4.2 Media Bandwidth Management Setup ...59 Chapter 5 LAN Setup... 62 5.1 LAN Overview ...62 5.1.1 LANs, WANs and the Prestige ...62 5.1.2 DHCP Setup ...63 5.1.2.1 IP Pool Setup ...63 5.1.3 DNS Server Address ...63...
Page 13 6.4 Traffic Shaping ...73 6.5 Zero Configuration Internet Access ...74 6.6 The Main WAN Screen ...74 6.7 Configuring WAN Setup ...75 6.8 Traffic Redirect ...78 6.9 Configuring WAN Backup ...79 Chapter 7 Network Address Translation (NAT) Screens ... 82 7.1 NAT Overview ...82 7.1.1 NAT Definitions ...82 7.1.2 What NAT Does ...83 7.1.3 How NAT Works ...83...
Page 14 P-660R/H-D Series User’s Guide 10.3.1 Denial of Service Attacks ...100 10.4 Denial of Service ...100 10.4.1 Basics ...100 10.4.2 Types of DoS Attacks ...101 10.4.2.1 ICMP Vulnerability ...103 10.4.2.2 Illegal Commands (NetBIOS and SMTP) ...103 10.4.2.3 Traceroute ...104 10.5 Stateful Inspection ...104 10.5.1 Stateful Inspection Process ...105 10.5.2 Stateful Inspection and the Prestige ...106 10.5.3 TCP Security ...106...
Page 15 11.11 Anti-Probing ...128 11.12 DoS Thresholds ...129 11.12.1 Threshold Values ...130 11.12.2 Half-Open Sessions ...130 11.12.2.1 TCP Maximum Incomplete and Blocking Time ...130 11.12.3 Configuring Firewall Thresholds ...131 Chapter 12 Content Filtering ... 134 12.1 Content Filtering Overview ...134 12.2 The Main Content Filter Screen ...134 12.3 Configuring Keyword Blocking ...135 12.4 Configuring the Schedule ...136 12.5 Configuring Trusted Computers ...136...
Page 16 P-660R/H-D Series User’s Guide 15.4 SMTP Error Messages ...157 15.4.1 Example E-mail Log ...158 Chapter 16 Media Bandwidth Management Advanced Setup... 160 16.1 Media Bandwidth Management Overview ...160 16.2 Bandwidth Classes and Filters ...161 16.3 Proportional Bandwidth Allocation ...161 16.4 Application-based Bandwidth Management ...161 16.5 Subnet-based Bandwidth Management ...161 16.6 Application and Subnet-based Bandwidth Management ...162 16.7 Scheduler ...162...
Page 17 Chapter 18 Introducing the SMT ... 186 18.1 SMT Introduction ...186 18.1.1 Procedure for SMT Configuration via Telnet ...186 18.1.2 Entering Password ...186 18.1.3 Prestige SMT Menus Overview ...187 18.2 Navigating the SMT Interface ...188 18.2.1 System Management Terminal Interface Summary ...189 18.3 Changing the System Password ...190 Chapter 19 Menu 1 General Setup ...
Page 18 P-660R/H-D Series User’s Guide 23.2.2 Encapsulation and Multiplexing Scenarios ...211 23.2.2.1 Scenario 1: One VC, Multiple Protocols ...211 23.2.2.2 Scenario 2: One VC, One Protocol (IP) ...211 23.2.2.3 Scenario 3: Multiple VCs ...211 23.2.3 Outgoing Authentication Protocol ...213 23.3 Remote Node Network Layer Options ...213 23.3.1 My WAN Addr Sample IP Addresses ...215 23.4 Remote Node Filter ...216 23.4.1 Web Configurator Internet Security Filter Rules ...217...
Page 19 Chapter 27 Enabling the Firewall ... 246 27.1 Remote Management and the Firewall ...246 27.2 Access Methods ...246 27.3 Enabling the Firewall ...246 Chapter 28 Filter Configuration ... 248 28.1 About Filtering ...248 28.1.1 The Filter Structure of the Prestige ...249 28.2 Configuring a Filter Set for the Prestige ...250 28.3 Filter Rules Summary Menus ...251 28.4 Configuring a Filter Rule ...252...
Page 20 P-660R/H-D Series User’s Guide 31.2 Backup Configuration ...277 31.2.1 Backup Configuration ...277 31.2.2 Using the FTP Command from the Command Line ...278 31.2.3 Example of FTP Commands from the Command Line ...278 31.2.4 GUI-based FTP Clients ...279 31.2.5 TFTP and FTP over WAN Management Limitations ...279 31.2.6 Backup Configuration Using TFTP ...280 31.2.7 TFTP Command Example ...280 31.2.8 GUI-based TFTP Clients ...280...
Page 21 34.5 Applying an IP Policy ...302 34.5.1 Ethernet IP Policies ...302 34.6 IP Policy Routing Example ...303 Chapter 35 Call Scheduling ... 308 35.1 Introduction ...308 Chapter 36 Troubleshooting ... 312 36.1 Problems Starting Up the Prestige ...312 36.2 Problems with the LAN ...312 36.3 Problems with the WAN ...313 36.4 Problems Accessing the Prestige ...314 36.4.1 Pop-up Windows, JavaScripts and Java Permissions ...314...
Page 22 P-660R/H-D Series User’s Guide Appendix F IP Subnetting ... 350 IP Addressing... 350 IP Classes ... 350 Subnet Masks ... 351 Subnetting ... 351 Example: Two Subnets ... 352 Example: Four Subnets... 354 Example Eight Subnets ... 355 Subnetting With Class A and Class B Networks..356 Appendix G Boot Commands ...
Page 23 Command Examples... 395 Appendix M Log Descriptions... 396 Log Commands... 410 Log Command Example... 411 Index... 412 Table of Contents P-660R/H-D Series User’s Guide...
Page 24 P-660R/H-D Series User’s Guide Table of Contents...
Page 25: List Of Figures
P-660R/H-D Series User’s Guide List of Figures Figure 1 Protected Internet Access Applications ... 42 Figure 2 LAN-to-LAN Application Example ... 42 Figure 3 Front Panel ... 43 Figure 4 Password Screen ... 44 Figure 5 Change Password at Login ... 45 Figure 6 Web Configurator: Site Map Screen ...
Page 26 P-660R/H-D Series User’s Guide Figure 39 SYN Flood ... 102 Figure 40 Smurf Attack ... 103 Figure 41 Stateful Inspection ... 105 Figure 42 Firewall: Default Policy ... 116 Figure 43 Firewall: Rule Summary ... 117 Figure 44 Firewall: Edit Rule ... 119 Figure 45 Firewall: Customized Services ...
Page 27 P-660R/H-D Series User’s Guide Figure 82 DiffServ: Differentiated Service Field ... 170 Figure 83 Media Bandwidth Management: Class Configuration ... 171 Figure 84 Media Bandwidth Management Statistics ... 173 Figure 85 Media Bandwidth Management: Monitor ... 174 Figure 86 System Status ... 177 Figure 87 System Status: Show Statistics ...
Page 28 P-660R/H-D Series User’s Guide Figure 125 Menu 12 Static Route Setup ... 223 Figure 126 Menu 12.1 IP Static Route Setup ... 223 Figure 127 Menu12.1.1 Edit IP Static Route ... 223 Figure 128 Menu 11.1 Remote Node Profile ... 227 Figure 129 Menu 11.3 Remote Node Network Layer Options ...
Page 29 P-660R/H-D Series User’s Guide Figure 168 Filtering Remote Node Traffic ... 260 Figure 169 SNMP Management Model ... 262 Figure 170 Menu 22 SNMP Configuration ... 264 Figure 171 Menu 24 System Maintenance ... 266 Figure 172 Menu 24.1 System Maintenance : Status ... 267 Figure 173 Menu 24.2 System Information and Console Port Speed ...
Page 30 P-660R/H-D Series User’s Guide Figure 211 Internet Options ... 318 Figure 212 Security Settings - Java Scripting ... 319 Figure 213 Security Settings - Java ... 320 Figure 214 Java (Sun) ... 321 Figure 215 Internet Options Security ... 322 Figure 216 Security Setting ActiveX Controls ...
Page 31 P-660R/H-D Series User’s Guide Figure 254 Displaying Log Categories Example ... 410 Figure 255 Displaying Log Parameters Example ... 410 List of Figures...
Page 32 P-660R/H-D Series User’s Guide List of Figures...
Page 33: List Of Tables
P-660R/H-D Series User’s Guide List of Tables Table 1 ADSL Standards ... 38 Table 2 Model Specific Features ... 39 Table 3 Front Panel LEDs ... 43 Table 4 Web Configurator Screens Summary ... 46 Table 5 Password ... 48 Table 6 Internet Access Wizard Setup: ISP Parameters ...
Page 34 P-660R/H-D Series User’s Guide Table 39 Firewall: Threshold ... 132 Table 40 ... 134 Table 41 Content Filter: Keyword ... 135 Table 42 Content Filter: Schedule ... 136 Table 43 Content Filter: Trusted ... 137 Table 44 Remote Management ... 140 Table 45 Configuring UPnP ...
Page 35 P-660R/H-D Series User’s Guide Table 82 Menu12.1.1 Edit IP Static Route ... 224 Table 83 Remote Node Network Layer Options: Bridge Fields ... 227 Table 84 Menu 12.3.1 Edit Bridge Static Route ... 228 Table 85 Applying NAT in Menus 4 & 11.3 ... 232 Table 86 SUA Address Mapping Rules ...
Page 36 P-660R/H-D Series User’s Guide Table 125 Subnet 3 ... 354 Table 126 Subnet 4 ... 355 Table 127 Eight Subnets ... 355 Table 128 Class C Subnet Planning ... 355 Table 129 Class B Subnet Planning ... 356 Table 130 Firewall Commands ... 362 Table 131 Abbreviations Used in the Example Internal SPTGEN Screens Table ...
Page 37: Preface
Congratulations on your purchase of the P-660R/H-D series ADSL 2+ gateway. The P-660H has a 4-port switch that allows you to connect up to 4 computers to the Prestige without purchasing a switch/hub. Note: Register your product online to receive e-mail notices of firmware upgrades and information at www.zyxel.com for global products, or at www.us.zyxel.com for North American products.
Page 38: User Guide Feedback
Help us help you. E-mail all User Guide-related comments, questions or suggestions for improvement to techwriters@zyxel.com.tw or send regular mail to The Technical Writing Team, ZyXEL Communications Corp., 6 Innovation Road II, Science-Based Industrial Park, Hsinchu, 300, Taiwan. Thank you.
Page 39: Getting To Know Your Prestige
Getting To Know Your Prestige This chapter describes the key features and applications of your Prestige 1.1 Introducing the Prestige The Prestige is an ADSL2+ gateway that allows super-fast, secure Internet access over analog (POTS) or digital (ISDN) telephone lines (depending on your model). In the Prestige product name, “R”...
Page 40: Table 2 Model Specific Features
P-660R/H-D Series User’s Guide Note: See the product specifications in the appendix for detailed features and standards support. Table 2 Model Specific Features FEATURE Integrated 4-port Switch Firewall Meida Bandwidth Management Content Filtering Internet Security Filtering Centralized Logs Table Key: An O in a mode’s column shows that the device mode has the specified feature. The information in this table was correct at the time of writing, although it may be subject to change.
Page 41: Dynamic Dns Support
Content Filtering Content filtering allows you to block access to forbidden Internet web sites, schedule when the Prestige should perform the filtering and give trusted LAN IP addresses unfiltered Internet access. Traffic Redirect Traffic redirect forwards WAN traffic to a backup gateway when the Prestige cannot connect to the Internet, thus acting as an auxiliary if your regular WAN connection fails.
Page 42: Applications For The Prestige
P-660R/H-D Series User’s Guide DHCP DHCP (Dynamic Host Configuration Protocol) allows the individual clients (computers) to obtain the TCP/IP configuration at start-up from a centralized DHCP server. The Prestige has built-in DHCP server capability enabled by default. It can assign IP addresses, an IP default gateway and DNS servers to DHCP clients.
Page 43: Protected Internet Access
1.3.1 Protected Internet Access The Prestige is the ideal high-speed Internet access solution. It is compatible with all major ADSL DSLAM (Digital Subscriber Line Access Multiplexer) providers and supports the ADSL standards as shown in The Prestige provides protection from attacks by Internet hackers. By default, the firewall blocks all incoming traffic from the WAN.
Page 44: Hardware Connection
P-660R/H-D Series User’s Guide Figure 3 Front Panel The following table describes the LEDs. Table 3 Front Panel LEDs COLOR PWR/SYS Green Green 10/100M (P-660H-D) Green 10/100M (P-660R-D) Amber Green INTERNET Green 1.5 Hardware Connection Refer to the Quick Start Guide for information on hardware connection. STATUS DESCRIPTION The Prestige is receiving power and functioning properly.
Page 45: Introducing The Web Configurator
This chapter describes how to access and navigate the web configurator. 2.1 Web Configurator Overview The web configurator is an HTML-based management interface that allows easy Prestige setup and management via Internet browser. Use Internet Explorer 6.0 and later or Netscape Navigator 7.0 and later versions.
Page 46: Resetting The Prestige
P-660R/H-D Series User’s Guide 6 It is highly recommended you change the default password! Enter a new password between 1 and 30 characters, retype it to confirm and click Apply; alternatively click Ignore to proceed to the main menu if you do not want to change the password now. Note: If you do not change the password at least once, the following screen appears every time you log in.
Page 47: Figure 6 Web Configurator: Site Map Screen
• Click a link under Maintenance to see Prestige performance statistics, upload firmware and back up, restore or upload a configuration file. • Click Site Map to go to the Site Map screen. • Click Logout in the navigation panel when you have finished a Prestige management session.
Page 48 P-660R/H-D Series User’s Guide Table 4 Web Configurator Screens Summary (continued) LINK SUB-LINK Firewall Default Policy (P-660H-D only) Rule Summary Anti Probing Threshold Content Filter Keyword (P-660H-D only) Schedule Trusted Remote Management UPnP Logs Log Settings (P-660H-D only) View Log Media Bandwidth Summary Management...
Page 49: Change Login Password
2.2 Change Login Password It is highly recommended that you periodically change the password for accessing the Prestige. If you didn’t change the default one after you logged in or you want to change to a new password again, then click Password in the Site Map screen to display the screen as shown next.
Page 50 P-660R/H-D Series User’s Guide Chapter 2 Introducing the Web Configurator...
Page 51: Wizard Setup For Internet Access
Wizard Setup for Internet Access This chapter provides information on the Wizard Setup screens for Internet access in the web configurator. 3.1 Introduction Use the Wizard Setup screens to configure your system for Internet access with the information given to you by your ISP. Note: See the advanced menu chapters for background information on these fields.
Page 52: Figure 9 Internet Connection With Pppoe
P-660R/H-D Series User’s Guide Table 6 Internet Access Wizard Setup: ISP Parameters LABEL DESCRIPTION Mode From the Mode drop-down list box, select Routing (default) if your ISP allows multiple computers to share an Internet account. Otherwise select Bridge. Encapsulation Select the encapsulation type your ISP uses from the Encapsulation drop-down list box.
Page 53: Figure 10 Internet Connection With Rfc 1483
Table 7 Internet Connection with PPPoE LABEL DESCRIPTION Service Name Type the name of your PPPoE service here. User Name Enter the user name exactly as your ISP assigned. If assigned a name in the form user@domain where domain identifies a service name, then enter both components exactly as given.
Page 54: Figure 11 Internet Connection With Enet Encap
P-660R/H-D Series User’s Guide Table 8 Internet Connection with RFC 1483 (continued) LABEL DESCRIPTION Back Click Back to go back to the first wizard screen. Next Click Next to continue to the next wizard screen. Figure 11 Internet Connection with ENET ENCAP The following table describes the fields in this screen.
Page 55: Figure 12 Internet Connection With Pppoa
Figure 12 Internet Connection with PPPoA The following table describes the fields in this screen. Table 10 Internet Connection with PPPoA LABEL DESCRIPTION User Name Enter the login name that your ISP gives you. Password Enter the password associated with the user name above. IP Address This option is available if you select Routing in the Mode field.
Page 56: Figure 13 Internet Access Wizard Setup: Third Screen
P-660R/H-D Series User’s Guide 3 Verify the settings in the screen shown next. To change the LAN information on the Prestige, click Change LAN Configurations. Otherwise click Save Settings to save the configuration and skip to the section 3.13. Figure 13 Internet Access Wizard Setup: Third Screen If you want to change your Prestige LAN settings, click Change LAN Configuration to display the screen as shown next.
Page 57: Figure 15 Internet Access Wizard Setup: Connection Tests
The following table describes the fields in this screen. Table 11 Internet Access Wizard Setup: LAN Configuration LABEL LAN IP Address LAN Subnet Mask DHCP DHCP Server Client IP Pool Starting Address Size of Client IP Pool Primary DNS Server Secondary DNS Server As above.
Page 58 P-660R/H-D Series User’s Guide Chapter 3 Wizard Setup for Internet Access...
Page 59: Wizard Setup For Media Bandwidth Management
Wizard Setup for Media Bandwidth Management This chapter shows you how to configure basic bandwidth management using the wizard screens. This chapter applies to the P-660H-D. 4.1 Introduction The web configurator’s Media Bandwidth Magnt. screens under Wizard Setup allows you to specify bandwidth classes based on an application (or service).
Page 60: Media Bandwidth Management Setup
P-660R/H-D Series User’s Guide Table 12 Media Bandwidth Mgnt. Wizard Setup: Services (continued) SERVICE DESCRIPTION E-Mail Electronic mail consists of messages sent through a computer network to specific groups or individuals. Here are some default ports for e-mail: POP3 - port 110 IMAP - port 143 SMTP - port 25 HTTP - port 80...
Page 61: Figure 17 Media Bandwidth Mgnt. Wizard Setup: Second Screen
The following table describes the labels in this screen. Table 13 Media Bandwidth Mgnt. Wizard Setup: First Screen LABEL Active Select the service to apply bandwidth management. Next 2 The Prestige automatically creates the bandwidth class for each service you select. You may set the priority for each bandwidth class in the second wizard screen.
Page 62: Figure 18 Media Bandwidth Mgnt. Wizard Setup: Finish
P-660R/H-D Series User’s Guide Table 14 Media Bandwidth Mgnt. Wizard Setup: Second Screen LABEL DESCRIPTION Back Click Back to return to the previous screen. Finish Click Finish to complete and save the bandwidth management setup. 3 Well done! You have finished configuration of Media Bandwidth Management. You may now continue configuring your device.
Page 63: Chapter 5 Lan Setup
This chapter describes how to configure LAN settings. 5.1 LAN Overview A Local Area Network (LAN) is a shared communication system to which many computers are attached. A LAN is a computer network limited to the immediate area, usually the same building or floor of a building.
Page 64: Dhcp Setup
P-660R/H-D Series User’s Guide 5.1.2 DHCP Setup DHCP (Dynamic Host Configuration Protocol, RFC 2131 and RFC 2132) allows individual clients to obtain TCP/IP configuration at start-up from a server. You can configure the Prestige as a DHCP server or disable it. When configured as a server, the Prestige provides the TCP/IP configuration for the clients.
Page 65: Lan Tcp/Ip
There are two ways that an ISP disseminates the DNS server addresses. • The ISP tells you the DNS server addresses, usually in the form of an information sheet, when you sign up. If your ISP gives you DNS server addresses, enter them in the DNS Server fields in the LAN Setup screen.
Page 66: Private Ip Addresses
P-660R/H-D Series User’s Guide 5.2.1.1 Private IP Addresses Every machine on the Internet must have a unique address. If your networks are isolated from the Internet, for example, only between your two branch offices, you can assign any IP addresses to the hosts without problems. However, the Internet Assigned Numbers Authority (IANA) has reserved the following three blocks of IP addresses specifically for private networks: •...
Page 67: Multicast
5.2.3 Multicast Traditionally, IP packets are transmitted in one of either two ways - Unicast (1 sender - 1 recipient) or Broadcast (1 sender - everybody on the network). Multicast delivers IP packets to a group of hosts on the network - not everybody and not just 1. IGMP (Internet Group Multicast Protocol) is a network-layer protocol used to establish membership in a Multicast group - it is not used to carry user data.
Page 68: How Any Ip Works
P-660R/H-D Series User’s Guide Figure 20 Any IP Example The Any IP feature does not apply to a computer using either a dynamic IP address or a static IP address that is in the same subnet as the Prestige’s IP address. Note: You must enable NAT/SUA to use the Any IP feature on the Prestige.
Page 69: Configuring Lan
5.3 Configuring LAN Click LAN to open the LAN Setup screen. See information. Figure 21 LAN Setup The following table describes the fields in this screen. Table 15 LAN Setup LABEL DESCRIPTION DHCP DHCP If set to Server, your Prestige can assign IP addresses, an IP default gateway and DNS servers to Windows 95, Windows NT and other systems that support the DHCP client.
Page 70 P-660R/H-D Series User’s Guide Table 15 LAN Setup (continued) LABEL DESCRIPTION Size of Client IP This field specifies the size or count of the IP address pool. Pool Primary DNS Server Enter the IP addresses of the DNS servers. The DNS servers are passed to the DHCP clients along with the IP address and the subnet mask.
Page 71: Chapter 6 Wan Setup
This chapter describes how to configure WAN settings. 6.1 WAN Overview A WAN (Wide Area Network) is an outside connection to another network or the Internet. 6.1.1 Encapsulation Be sure to use the encapsulation method required by your ISP. The Prestige supports the following methods.
Page 72: Rfc 1483
P-660R/H-D Series User’s Guide 6.1.1.4 RFC 1483 RFC 1483 describes two methods for Multiprotocol Encapsulation over ATM Adaptation Layer 5 (AAL5). The first method allows multiplexing of multiple protocols over a single ATM virtual circuit (LLC-based multiplexing) and the second method assumes that each protocol is carried over a separate ATM virtual circuit (VC-based multiplexing).
Page 73: Ip Assignment With Rfc 1483 Encapsulation
6.1.4.2 IP Assignment with RFC 1483 Encapsulation In this case the IP Address Assignment must be static with the same requirements for the IP Address and ENET ENCAP Gateway fields as stated above. 6.1.4.3 IP Assignment with ENET ENCAP Encapsulation In this case you can have either a static or dynamic IP.
Page 74: Pppoe Encapsulation
P-660R/H-D Series User’s Guide For example, if the normal route has a metric of "1" and the traffic-redirect route has a metric of "2" and dial-backup route has a metric of "3", then the normal route acts as the primary default route.
Page 75: Zero Configuration Internet Access
Sustained Cell Rate (SCR) is the mean cell rate of each bursty traffic source. It specifies the maximum average rate at which cells can be sent over the virtual connection. SCR may not be greater than the PCR. Maximum Burst Size (MBS) is the maximum number of cells that can be sent at the PCR. After MBS is reached, cell rates fall below SCR until cell rate averages to the SCR again.
Page 76: Configuring Wan Setup
P-660R/H-D Series User’s Guide Figure 23 WAN The following table describes the links in this screen. Table 16 WAN LINK DESCRIPTION WAN Setup Click this link to go to the screen where you can configure your Prestige for an Internet connection.
Page 77: Figure 24 Wan Setup (Pppoe)
Figure 24 WAN Setup (PPPoE) The following table describes the fields in this screen. Table 17 WAN Setup LABEL Name Mode Chapter 6 WAN Setup DESCRIPTION Enter the name of your Internet Service Provider, e.g., MyISP. This information is for identification purposes only. Select Routing (default) from the drop-down list box if your ISP allows multiple computers to share an Internet account.
Page 78 P-660R/H-D Series User’s Guide Table 17 WAN Setup (continued) LABEL Encapsulation Multiplex Virtual Circuit ID ATM QoS Type Cell Rate Peak Cell Rate Sustain Cell Rate Maximum Burst Size Maximum Burst Size (MBS) refers to the maximum number of cells that can be Login Information Service Name User Name...
Page 79: Traffic Redirect
Table 17 WAN Setup (continued) LABEL Max Idle Timeout PPPoE Passthrough (PPPoE encapsulation only) Subnet Mask (ENET ENCAP encapsulation only) ENET ENCAP Gateway (ENET ENCAP encapsulation only) Zero Configuration Back Apply Cancel 6.8 Traffic Redirect Traffic redirect forwards traffic to a backup gateway when the Prestige cannot connect to the Internet.
Page 80: Configuring Wan Backup
P-660R/H-D Series User’s Guide Figure 25 Traffic Redirect Example The following network topology allows you to avoid triangle route security issues when the backup gateway is connected to the LAN. Use IP alias to configure the LAN into two or three logical networks with the Prestige itself as the gateway for each LAN network.
Page 81: Figure 27 Wan Backup
Figure 27 WAN Backup The following table describes the fields in this screen. Table 18 WAN Backup LABEL DESCRIPTION Backup Type Select the method that the Prestige uses to check the DSL connection. Select DSL Link to have the Prestige check if the connection to the DSLAM is up. Select ICMP to have the Prestige periodically ping the IP addresses configured in the Check WAN IP Address fields.
Page 82 P-660R/H-D Series User’s Guide Table 18 WAN Backup (continued) LABEL DESCRIPTION Timeout Type the number of seconds (3 recommended) for your Prestige to wait for a ping response from one of the IP addresses in the Check WAN IP Address field before timing out the request.
Page 83: Network Address Translation (Nat) Screens
Network Address Translation This chapter discusses how to configure NAT on the Prestige. 7.1 NAT Overview NAT (Network Address Translation - NAT, RFC 1631) is the translation of the IP address of a host in a packet, for example, the source address of an outgoing packet, used within one network to a different IP address known within another network.
Page 84: What Nat Does
P-660R/H-D Series User’s Guide 7.1.2 What NAT Does In the simplest form, NAT changes the source IP address in a packet received from a subscriber (the inside local address) to another (the inside global address) before forwarding the packet to the WAN side. When the response comes back, NAT translates the destination address (the inside global address) back to the inside local address before forwarding it to the original inside host.
Page 85: Nat Application
7.1.4 NAT Application The following figure illustrates a possible NAT application, where three inside LANs (logical LANs using IP Alias) behind the Prestige can communicate with three distinct WAN networks. More examples follow at the end of this chapter. Figure 29 NAT Application With IP Alias 7.1.5 NAT Mapping Types NAT supports five types of IP/port mapping.
Page 86: Sua (Single User Account) Versus Nat
P-660R/H-D Series User’s Guide Port numbers do NOT change for One-to-One and Many-to-Many No Overload NAT mapping types. The following table summarizes these types. Table 20 NAT Mapping Types TYPE One-to-One Many-to-One (SUA/PAT) Many-to-Many Overload Many-to-Many No Overload Server 7.2 SUA (Single User Account) Versus NAT SUA (Single User Account) is a ZyNOS implementation of a subset of NAT that supports two types of mapping, Many-to-One and Server.
Page 87: Default Server Ip Address
You may enter a single port number or a range of port numbers to be forwarded, and the local IP address of the desired server. The port number identifies a service; for example, web service is on port 80 and FTP on port 21. In some cases, such as for unknown services or where one server can support more than one service (for example both FTP and web service), it might be better to specify a range of port numbers.
Page 88: Configuring Servers Behind Sua (Example)
P-660R/H-D Series User’s Guide 7.3.3 Configuring Servers Behind SUA (Example) Let's say you want to assign ports 21-25 to one FTP, Telnet and SMTP server (A in the example), port 80 to another (B in the example) and assign a default server IP address of 192.168.1.35 to a third (C in the example).
Page 89: Configuring Sua Server Set
The following table describes the labels in this screen. Table 22 NAT Mode LABEL DESCRIPTION None Select this radio button to disable NAT. SUA Only Select this radio button if you have just one public WAN IP address for your Prestige. The Prestige uses Address Mapping Set 1 in the NAT - Edit SUA/NAT Server Set screen.
Page 90: Figure 32 Edit Sua/Nat Server Set
P-660R/H-D Series User’s Guide Figure 32 Edit SUA/NAT Server Set The following table describes the fields in this screen. Table 23 Edit SUA/NAT Server Set LABEL Start Port No. Enter a port number in this field. To forward only one port, enter the port number again in the End Port No. field. To forward a series of ports, enter the start port number here and the end port number in the End Port No.
Page 91: Configuring Address Mapping Rules
7.6 Configuring Address Mapping Rules Ordering your rules is important because the Prestige applies the rules in the order that you specify. When a rule matches the current packet, the Prestige takes the corresponding action and the remaining rules are ignored. If there are any empty rules before your new configured rule, your configured rule will be pushed up by that number of empty rules.
Page 92: Editing An Address Mapping Rule
P-660R/H-D Series User’s Guide Table 24 Address Mapping Rules (continued) LABEL DESCRIPTION Type 1-1: One-to-one mode maps one local IP address to one global IP address. Note that port numbers do not change for the One-to-one NAT mapping type. M-1: Many-to-One mode maps multiple local IP addresses to one global IP address. This is equivalent to SUA (i.e., PAT, port address translation), ZyXEL's Single User Account feature that previous ZyXEL routers supported only.
Page 93: Table 25 Edit Address Mapping Rule
The following table describes the fields in this screen. Table 25 Edit Address Mapping Rule LABEL Type Choose the port mapping type from one of the following. • One-to-One: One-to-One mode maps one local IP address to one global IP address.
Page 94 P-660R/H-D Series User’s Guide Chapter 7 Network Address Translation (NAT) Screens...
Page 95: Chapter 8 Dynamic Dns Setup
This chapter discusses how to configure your Prestige to use Dynamic DNS. 8.1 Dynamic DNS Overview Dynamic DNS allows you to update your current dynamic IP address with one or many dynamic DNS services so that anyone can contact you (in NetMeeting, CU-SeeMe, etc.). You can also access your FTP server or Web site on your own computer using a domain name (for instance myhost.dhs.org, where myhost is a name of your choice) that will never change instead of using an IP address that changes each time you reconnect.
Page 96: Figure 35 Dynamic Dns
P-660R/H-D Series User’s Guide Figure 35 Dynamic DNS The following table describes the fields in this screen. Table 26 Dynamic DNS LABEL DESCRIPTION Active Select this check box to use dynamic DNS. Service Provider This is the name of your Dynamic DNS service provider. Host Names Type the domain name assigned to your Prestige by your Dynamic DNS provider.
Page 97: Chapter 9 Time And Date
This screen is not available on all models. Use this screen to configure the Prestige’s time and date settings. 9.1 Configuring Time and Date To change your Prestige’s time and date, click Time And Date. The screen appears as shown. Use this screen to configure the Prestige’s time based on your local time zone.
Page 98: Table 27 Time And Date
P-660R/H-D Series User’s Guide Table 27 Time and Date LABEL DESCRIPTION Time Server Use Protocol when Select the time service protocol that your time server sends when you turn on the Bootup Prestige. Not all time servers support all protocols, so you may have to check with your ISP/network administrator or use trial and error to find a protocol that works.
Page 99: Chapter 10 Firewalls
This chapter gives some background information on firewalls and introduces the Prestige firewall. This chapter applies to the P-660H-D. 10.1 Firewall Overview Originally, the term firewall referred to a construction technique designed to prevent the spread of fire from one room to another. The networking term “firewall” is a system or group of systems that enforces an access-control policy between two networks.
Page 100: Application-Level Firewalls
P-660R/H-D Series User’s Guide 10.2.2 Application-level Firewalls Application-level firewalls restrict access by serving as proxies for external servers. Since they use programs written for specific Internet services, such as HTTP, FTP and telnet, they can evaluate network packets for valid application-specific data. Application-level gateways have a number of general advantages over the default mode of permitting application traffic directly to internal hosts: Information hiding prevents the names of internal systems from being made known via DNS...
Page 101: Denial Of Service Attacks
• The LAN (Local Area Network) port attaches to a network of computers, which needs security from the outside world. These computers will have access to Internet services such as e-mail, FTP, and the World Wide Web. However, “inbound access” will not be allowed unless you configure remote management or create a firewall rule to allow a remote host to use a specific service.
Page 102: Types Of Dos Attacks
P-660R/H-D Series User’s Guide Table 28 Common IP Ports Telnet SMTP 10.4.2 Types of DoS Attacks There are four types of DoS attacks: 1 Those that exploit bugs in a TCP/IP implementation. 2 Those that exploit weaknesses in the TCP/IP specification. 3 Brute-force attacks that flood a network with useless data.
Page 103: Figure 38 Three-Way Handshake
Figure 38 Three-Way Handshake Under normal circumstances, the application that initiates a session sends a SYN (synchronize) packet to the receiving server. The receiver sends back an ACK (acknowledgment) packet and its own SYN, and then the initiator responds with an ACK (acknowledgment).
Page 104: Icmp Vulnerability
P-660R/H-D Series User’s Guide the broadcast address of the network, the router will broadcast the ICMP echo request packet to all hosts on the network. If there are numerous hosts, this will create a large amount of ICMP echo request and response traffic. If a hacker chooses to spoof the source IP address of the ICMP echo request packet, the resulting ICMP traffic will not only clog up the "intermediary"...
Page 105: Traceroute
All SMTP commands are illegal except for those displayed in the following tables. Table 31 Legal SMTP Commands AUTH DATA EHLO QUIT RCPT RSET 10.4.2.3 Traceroute Traceroute is a utility used to determine the path a packet takes between two endpoints. Sometimes when a packet filter firewall is configured incorrectly an attacker can traceroute the firewall gaining knowledge of the network topology inside the firewall.
Page 106: Stateful Inspection Process
P-660R/H-D Series User’s Guide Figure 41 Stateful Inspection The previous figure shows the Prestige’s default firewall rules in action as well as demonstrates how stateful inspection works. User A can initiate a Telnet session from within the LAN and responses to this request are allowed. However other Telnet traffic initiated from the WAN is blocked.
Page 107: Stateful Inspection And The Prestige
temporary entries might be modified, in order to permit only packets that are valid for the current state of the connection. 8 Any additional inbound or outbound packets that belong to the connection are inspected to update the state table entry and to modify the temporary inbound access list entries as required, and are forwarded through the interface.
Page 108: Udp/Icmp Security
P-660R/H-D Series User’s Guide When the Prestige receives any subsequent packet (from the Internet or from the LAN), its connection information is extracted and checked against the cache. A packet is only allowed to pass through if it corresponds to a valid connection (that is, if it is a response to a connection which originated on the LAN).
Page 109: Security In General
• Limit who can telnet into your router. • Don't enable any local service (such as SNMP or NTP) that you don't use. Any enabled service could present a potential security risk. A determined hacker might be able to find creative ways to misuse the enabled services to access the firewall or the network.
Page 110: Packet Filtering Vs Firewall
P-660R/H-D Series User’s Guide • Always shred confidential information, particularly about your computer, before throwing it away. Some hackers dig through the trash of companies or individuals for information that might help them in an attack. 10.7 Packet Filtering Vs Firewall Below are some comparisons between the Prestige’s filtering and firewall functions.
Page 111 • A range of source and destination IP addresses as well as port numbers can be specified within one firewall rule making the firewall a better choice when complex rules are required. • To selectively block/allow inbound or outbound traffic between inside host/networks and outside host/networks.
Page 112 P-660R/H-D Series User’s Guide Chapter 10 Firewalls...
Page 113: Firewall Configuration
This chapter shows you how to enable and configure the Prestige firewall. 11.1 Access Methods The web configurator is, by far, the most comprehensive firewall configuration tool your Prestige has to offer. For this reason, it is recommended that you configure your firewall using the web configurator.
Page 114: Rule Logic Overview
P-660R/H-D Series User’s Guide Note: If you configure firewall rules without a good understanding of how they work, you might inadvertently introduce security risks to the firewall and to the protected network. Make sure you test your rules after you configure them. For example, you may create rules to: •...
Page 115: Key Fields For Configuring Rules
4 Does a rule that allows Internet users access to resources on the LAN create a security vulnerability? For example, if FTP ports (TCP 20, 21) are allowed from the Internet to the LAN, Internet users may be able to connect to computers with running FTP servers. 5 Does this rule conflict with any existing rules? 6 Once these questions have been answered, adding rules is simply a matter of plugging the information into the correct fields in the web configurator screens.
Page 116: Alerts
P-660R/H-D Series User’s Guide The default rule for WAN to LAN traffic blocks all incoming connections (WAN to LAN). If you wish to allow certain WAN users to have access to your LAN, you will need to create custom rules to allow it. 11.4.2 Alerts Alerts are reports on events, such as attacks, that you may want to know about right away.
Page 117: Rule Summary
Figure 42 Firewall: Default Policy The following table describes the labels in this screen. Table 32 Firewall: Default Policy LABEL DESCRIPTION Enable Firewall Select this check box to activate the firewall. The Prestige performs access control and protects against Denial of Service (DoS) attacks when the firewall is activated. Allow Select this check box to have the Prestige firewall permit the use of triangle route Asymmetrical...
Page 118: Figure 43 Firewall: Rule Summary
P-660R/H-D Series User’s Guide Click on Firewall, then Rule Summary to bring up the following screen. This screen is a summary of the existing rules. Note the order in which the rules are listed. Figure 43 Firewall: Rule Summary The following table describes the labels in this screen. Table 33 Rule Summary LABEL DESCRIPTION...
Page 119: Configuring Firewall Rules
Table 33 Rule Summary (continued) LABEL DESCRIPTION Service This drop-down list box displays the services to which this firewall rule applies. Please note that a blank service type is equivalent to Any. See page 126 Action This is the specified action for that rule, either Block or Forward. Note that Block means the firewall silently discards the packet.
Page 120: Figure 44 Firewall: Edit Rule
P-660R/H-D Series User’s Guide Figure 44 Firewall: Edit Rule The following table describes the labels in this screen. Chapter 11 Firewall Configuration...
Page 121: Table 34 Firewall: Edit Rule
Table 34 Firewall: Edit Rule LABEL DESCRIPTION Active Select this option to enable this firewall rule. Action for Matched Use the radio button to select whether to discard (Block) or allow the passage of Packet (Forward) packets that match this rule. Source/Destination Address Address Type...
Page 122: Customized Services
P-660R/H-D Series User’s Guide 11.7 Customized Services Configure customized services and port numbers not predefined by the Prestige. For a comprehensive list of port numbers and services, visit the IANA (Internet Assigned Number Authority) website. For further information on these services, please read page 126.
Page 123: Example Firewall Rule
Refer to Section 10.1 on page 98 Figure 46 Firewall: Configure Customized Services The following table describes the labels in this screen. Table 36 Firewall: Configure Customized Services LABEL DESCRIPTION Service Name Type a unique name for your custom port. Service Type Choose the IP port (TCP, UDP or TCP/UDP) that defines your customized port from the drop down list box.
Page 124: Figure 47 Firewall Example: Rule Summary
P-660R/H-D Series User’s Guide Figure 47 Firewall Example: Rule Summary 3 In the Rule Summary screen, type the index number for where you want to put the rule. For example, if you type “6”, your new rule becomes number 6 and the previous rule 6 (if there is one) becomes rule 7.
Page 125: Figure 48 Firewall Example: Edit Rule: Destination Address
Figure 48 Firewall Example: Edit Rule: Destination Address 7 In the Edit Rule screen, click the Customized Services link to open the Customized Service screen. 8 Click an index number to display the Customized Services -Config screen and configure the screen as follows and click Apply. Figure 49 Edit Custom Port Example 9 In the Edit Rule screen, use the Add>>...
Page 126: Figure 50 Firewall Example: Edit Rule: Select Customized Services
P-660R/H-D Series User’s Guide Figure 50 Firewall Example: Edit Rule: Select Customized Services Note: Custom ports show up with an “*” before their names in the Services list box and the Rule Summary list box. Click Apply after you’ve created your custom port.
Page 127: Predefined Services
Rule 2 allows a “My Service” connection from the WAN to IP addresses 10.0.0.10 through 10.0.0.15 on the LAN. Figure 51 Firewall Example: Rule Summary: My Service 11.10 Predefined Services The Available Services list box in the Edit Rule screen (see displays all predefined services that the Prestige already supports.
Page 128 P-660R/H-D Series User’s Guide Table 37 Predefined Services (continued) SERVICE CU-SEEME(TCP/UDP:7648, 24032) DNS(UDP/TCP:53) FINGER(TCP:79) FTP(TCP:20.21) H.323(TCP:1720) HTTP(TCP:80) HTTPS(TCP:443) ICQ(UDP:4000) IPSEC_TRANSPORT/ TUNNEL(AH:0) IPSEC_TUNNEL(ESP:0) IRC(TCP/UDP:6667) MSN Messenger(TCP:1863) MULTICAST(IGMP:0) NEWS(TCP:144) NFS(UDP:2049) NNTP(TCP:119) PING(ICMP:0) POP3(TCP:110) PPTP(TCP:1723) PPTP_TUNNEL(GRE:0) RCMD(TCP:512) REAL_AUDIO(TCP:7070) REXEC(TCP:514) RLOGIN(TCP:513) RTELNET(TCP:107) RTSP(TCP/UDP:554) SFTP(TCP:115) DESCRIPTION A popular videoconferencing solution from White Pines Software.
Page 129: Anti-Probing
Table 37 Predefined Services (continued) SERVICE SMTP(TCP:25) SNMP(TCP/UDP:161) SNMP-TRAPS (TCP/ UDP:162) SQL-NET(TCP:1521) SSDP(UDP:1900) SSH(TCP/UDP:22) STRMWORKS(UDP:1558) SYSLOG(UDP:514) TACACS(UDP:49) TELNET(TCP:23) TFTP(UDP:69) VDOLIVE(TCP:7000) 11.11 Anti-Probing If an outside user attempts to probe an unsupported port on your Prestige, an ICMP response packet is automatically returned. This allows the outside user to know the Prestige exists. The Prestige supports anti-probing, which prevents the ICMP response packet from being sent.
Page 130: Dos Thresholds
P-660R/H-D Series User’s Guide Figure 52 Firewall: Anti Probing The following table describes the labels in this screen. Table 38 Firewall: Anti Probing LABEL DESCRIPTION Respond to PING The Prestige does not respond to any incoming Ping requests when Disable is selected.
Page 131: Threshold Values
11.12.1 Threshold Values Tune these parameters when something is not working and after you have checked the firewall counters. These default values should work fine for most small offices. Factors influencing choices for threshold values are: • The maximum number of opened sessions. •...
Page 132: Configuring Firewall Thresholds
P-660R/H-D Series User’s Guide Whenever the number of half-open sessions with the same destination host address rises above a threshold (TCP Maximum Incomplete), the Prestige starts deleting half-open sessions according to one of the following methods: • If the Blocking Time timeout is 0 (the default), then the Prestige deletes the oldest existing half-open session for the host for every new connection request to the host.
Page 133: Table 39 Firewall: Threshold
Table 39 Firewall: Threshold LABEL DESCRIPTION Denial of Service Thresholds One Minute Low This is the rate of new half-open sessions that causes the firewall to stop deleting half-open sessions. The Prestige continues to delete half-open sessions as necessary, until the rate of new connection attempts drops below this number.
Page 134 P-660R/H-D Series User’s Guide Table 39 Firewall: Threshold (continued) LABEL DESCRIPTION Deny new Select this radio button and specify for how connection long the Prestige should block new request for connection requests when TCP Maximum Incomplete is reached. Enter the length of blocking time in minutes (between 1 and 256).
Page 135: Chapter 12 Content Filtering
This chapter covers how to configure content filtering. This chapter applies to the P-660H-D. 12.1 Content Filtering Overview Internet content filtering allows you to create and enforce Internet access policies tailored to your needs. Content filtering gives you the ability to block web sites that contain key words (that you specify) in the URL.
Page 136: Configuring Keyword Blocking
P-660R/H-D Series User’s Guide 12.3 Configuring Keyword Blocking Use this screen to block sites containing certain keywords in the URL. For example, if you enable the keyword "bad", the Prestige blocks all sites containing this keyword including the URL http://www.website.com/bad.html, even if it is not included in the Filter List. To have your Prestige block Web sites containing keywords in their URLs, click Content Filter and Keyword.
Page 137: Configuring The Schedule
12.4 Configuring the Schedule To set the days and times for the Prestige to perform content filtering, click Content Filter and Schedule. The screen appears as shown. Figure 56 Content Filter: Schedule The following table describes the labels in this screen. Table 42 Content Filter: Schedule LABEL DESCRIPTION...
Page 138: Figure 57 Content Filter: Trusted
P-660R/H-D Series User’s Guide Figure 57 Content Filter: Trusted The following table describes the labels in this screen. Table 43 Content Filter: Trusted LABEL Trusted User IP Range From Back Apply Cancel DESCRIPTION Type the IP address of a computer (or the beginning IP address of a specific range of computers) on the LAN that you want to exclude from content filtering.
Page 139: Remote Management Configuration
This chapter provides information on configuring remote management. 13.1 Remote Management Overview Remote management allows you to determine which services/protocols can access which Prestige interface (if any) from which computers. When you configure remote management to allow management from the WAN, you still need to configure a firewall rule to allow access.
Page 140: Remote Management And Nat
P-660R/H-D Series User’s Guide • A filter in SMT menu 3.1 (LAN) or in menu 11.5 (WAN) is applied to block a Telnet, FTP or Web service. • You have disabled that service in one of the remote management screens. •...
Page 141: Ftp
13.3 FTP You can upload and download Prestige firmware and configuration files using FTP. To use this feature, your computer must have an FTP client. 13.4 Web You can use the Prestige’s embedded web configurator for configuration and file management. See the online help for details. 13.5 Configuring Remote Management Click Remote Management to open the following screen.
Page 142 P-660R/H-D Series User’s Guide Chapter 13 Remote Management Configuration...
Page 143: Universal Plug-And-Play (Upnp)
Universal Plug-and-Play (UPnP) This chapter introduces the UPnP feature in the web configurator. 14.1 Introducing Universal Plug and Play Universal Plug and Play (UPnP) is a distributed, open networking standard that uses TCP/IP for simple peer-to-peer network connectivity between devices. A UPnP device can dynamically join a network, obtain an IP address, convey its capabilities and learn about other devices on the network.
Page 144: Cautions With Upnp
P-660R/H-D Series User’s Guide 14.1.3 Cautions with UPnP The automated nature of NAT traversal applications in establishing their own services and opening firewall ports may present network security issues. Network information and configuration may also be obtained and modified by users in some network environments. All UPnP-enabled devices may communicate freely with each other without additional configuration.
Page 145: Installing Upnp In Windows Example
Table 45 Configuring UPnP LABEL Enable the Universal Plug and Play (UPnP) Service Allow users to make configuration changes through UPnP Allow UPnP to pass through Firewall Apply Cancel 14.3 Installing UPnP in Windows Example This section shows how to install UPnP in Windows Me and Windows XP. Installing UPnP in Windows Me Follow the steps below to install the UPnP in Windows Me.
Page 146: Figure 61 Add/Remove Programs: Windows Setup: Communication
P-660R/H-D Series User’s Guide Figure 61 Add/Remove Programs: Windows Setup: Communication 3 In the Communications window, select the Universal Plug and Play check box in the Components selection box. Figure 62 Add/Remove Programs: Windows Setup: Communication: Components 4 Click OK to go back to the Add/Remove Programs Properties window and click Next. 5 Restart the computer when prompted.
Page 147: Figure 63 Network Connections
Installing UPnP in Windows XP Follow the steps below to install the UPnP in Windows XP. 1 Click Start and Control Panel. 2 Double-click Network Connections. 3 In the Network Connections window, click Advanced in the main menu and select Optional Networking Components ….
Page 148: Using Upnp In Windows Xp Example
P-660R/H-D Series User’s Guide 5 In the Networking Services window, select the Universal Plug and Play check box. Figure 65 Networking Services 6 Click OK to go back to the Windows Optional Networking Component Wizard window and click Next. 14.4 Using UPnP in Windows XP Example This section shows you how to use the UPnP feature in Windows XP.
Page 149: Figure 66 Network Connections
P-660R/H-D Series User’s Guide Figure 66 Network Connections 3 In the Internet Connection Properties window, click Settings to see the port mappings there were automatically created. Chapter 14 Universal Plug-and-Play (UPnP)
Page 150: Figure 67 Internet Connection Properties
P-660R/H-D Series User’s Guide Figure 67 Internet Connection Properties 4 You may edit or delete the port mappings or click Add to manually add port mappings. Chapter 14 Universal Plug-and-Play (UPnP)
Page 151: Figure 68 Internet Connection Properties: Advanced Settings
Figure 68 Internet Connection Properties: Advanced Settings Figure 69 Internet Connection Properties: Advanced Settings: Add 5 When the UPnP-enabled device is disconnected from your computer, all port mappings will be deleted automatically. 6 Select Show icon in notification area when connected option and click OK. An icon displays in the system tray.
Page 152: Figure 70 System Tray Icon
P-660R/H-D Series User’s Guide Figure 70 System Tray Icon 7 Double-click on the icon to display your current Internet connection status. Figure 71 Internet Connection Status Web Configurator Easy Access With UPnP, you can access the web-based configurator on the Prestige without finding out the IP address of the Prestige first.
Page 153: Figure 72 Network Connections
Figure 72 Network Connections 4 An icon with the description for each UPnP-enabled device displays under Local Network. 5 Right-click on the icon for your Prestige and select Invoke. The web configurator login screen displays. Chapter 14 Universal Plug-and-Play (UPnP) P-660R/H-D Series User’s Guide...
Page 154: Figure 73 Network Connections: My Network Places
P-660R/H-D Series User’s Guide Figure 73 Network Connections: My Network Places 6 Right-click on the icon for your Prestige and select Properties. A properties window displays with basic information about the Prestige. Figure 74 Network Connections: My Network Places: Properties: Example Chapter 14 Universal Plug-and-Play (UPnP)
Page 155: Chapter 15 Logs Screens
This chapter contains information about configuring general log settings and viewing the Prestige’s logs. Refer to the appendix for example log message explanations. This chapter applies to the P-660H-D. 15.1 Logs Overview The web configurator allows you to choose which categories of events and/or alerts to have the Prestige log and then display the logs or have the Prestige send them to an administrator (as e-mail) or to a syslog server.
Page 156: Figure 75 Log Settings
P-660R/H-D Series User’s Guide Figure 75 Log Settings The following table describes the fields in this screen. Table 46 Log Settings LABEL DESCRIPTION Address Info Mail Server Enter the server name or the IP address of the mail server for the e-mail addresses specified below.
Page 157: Displaying The Logs
Table 46 Log Settings LABEL DESCRIPTION UNIX Syslog Syslog logging sends a log to an external syslog server used to store logs. Active Click Active to enable syslog logging. Syslog IP Enter the server name or IP address of the syslog server that will log the selected Address categories of logs.
Page 158: Smtp Error Messages
P-660R/H-D Series User’s Guide Figure 76 View Logs The following table describes the fields in this screen. Table 47 View Logs LABEL DESCRIPTION Display The categories that you select in the Log Settings screen display in the drop-down list box. Select a category of logs to view;...
Page 159: Example E-Mail Log
Table 48 SMTP Error Messages -6 means RCPT TO fail -7 means DATA fail -8 means mail data send fail 15.4.1 Example E-mail Log An "End of Log" message displays for each mail in which a complete log has been sent. The following is an example of a log sent by e-mail.
Page 160 P-660R/H-D Series User’s Guide Chapter 15 Logs Screens...
Page 161: Media Bandwidth Management Advanced Setup
Media Bandwidth Management This chapter describes bandwidth management with one level of child class. This chapter applies to the P-660H-D. 16.1 Media Bandwidth Management Overview Bandwidth management allows you to allocate an interface’s outgoing capacity to specific types of traffic. It can also help you make sure that the Prestige forwards certain types of traffic (especially real-time applications) with minimum delay.
Page 162: Bandwidth Classes And Filters
P-660R/H-D Series User’s Guide 16.2 Bandwidth Classes and Filters Use bandwidth classes and child-classes to allocate specific amounts of bandwidth capacity (bandwidth budgets). Configure a bandwidth filter to define a bandwidth class (or child-class) based on a specific application and/or subnet. Use the Class Setup screen (see on page 168) to set up a bandwidth class’s name, bandwidth allotment, and bandwidth filter.
Page 163: Application And Subnet-Based Bandwidth Management
Figure 78 Subnet-based Bandwidth Management Example 16.6 Application and Subnet-based Bandwidth Management You could also create bandwidth classes based on a combination of a subnet and an application. The following example table shows bandwidth allocations for application specific traffic from separate LAN subnets. Table 49 Application and Subnet-based Bandwidth Management Example TRAFFIC TYPE VoIP...
Page 164: Fairness-Based Scheduler
P-660R/H-D Series User’s Guide 16.7.2 Fairness-based Scheduler The Prestige divides bandwidth equally among bandwidth classes when using the fairness- based scheduler; thus preventing one bandwidth class from using all of the interface’s bandwidth. 16.7.3 Maximize Bandwidth Usage The maximize bandwidth usage option (see divide up any available bandwidth on the interface (including unallocated bandwidth and any allocated bandwidth that a class is not using) among the bandwidth classes that require more bandwidth.
Page 165: Maximize Bandwidth Usage Example
16.7.5 Maximize Bandwidth Usage Example Here is an example of a Prestige that has maximize bandwidth usage enabled on an interface. The following table shows each bandwidth class’s bandwidth budget. The classes are set up based on subnets. The interface is set to 10240 kbps. Each subnet is allocated 2048 kbps. The unbudgeted 2048 kbps allows traffic not defined in any of the bandwidth filters to go out when you do not select the maximize bandwidth option.
Page 166: Fairness-Based Allotment Of Unused And Unbudgeted Bandwidth
P-660R/H-D Series User’s Guide • Research requires more bandwidth but only gets its budgeted 2048 kbps because all of the unbudgeted and unused bandwidth goes to the higher priority sales and marketing classes. 16.7.5.2 Fairness-based Allotment of Unused and Unbudgeted Bandwidth The following table shows the amount of bandwidth that each class gets.
Page 167: Bandwidth Borrowing Example
16.8.1 Bandwidth Borrowing Example Here is an example of bandwidth management with classes configured for bandwidth borrowing. The classes are set up based on departments and individuals within certain departments. Table 53 Bandwidth Borrowing Example BANDWIDTH CLASSES AND BANDWIDTH BORROWING SETTINGS Root Class: Administration: Borrowing Enabled Sales: Borrowing Disabled...
Page 168: Configuring Summary
P-660R/H-D Series User’s Guide Figure 79 Media Bandwidth Mgnt. The following table describes the links in this screen. Table 54 Media Bandwidth Mgnt. LINK DESCRIPTION Summary Click this link to display a screen where you can enable bandwidth management on an interface and set the maximum allowed bandwidth for that interface. Class Setup Click this link to display a screen thwere you can configure bandwidth classes.
Page 169: Configuring Class Setup
The following table describes the labels in this screen. Table 55 Media Bandwidth Management: Summary LABEL DESCRIPTION Interface These read-only labels represent the physical interfaces. Select an interface’s check box to enable bandwidth management on that interface. Bandwidth management applies to all traffic flowing out of the router through the interface, regardless of the traffic’s source.
Page 170: Diffserv
P-660R/H-D Series User’s Guide Figure 81 Media Bandwidth Management: Class Setup The following table describes the labels in this screen. Table 56 Media Bandwidth Management: Class Setup LABEL DESCRIPTION Interface Select an interface from the drop-down list box for which you wish to set up classes. Back Click Back to go to the main Media Bandwidth Management screen.
Page 171: Media Bandwidth Management Class Configuration
DSCP is backward compatible with the three precedence bits in the ToS octet so that non- DiffServ compliant, ToS-enabled network device will not conflict with the DSCP mapping. Figure 82 DiffServ: Differentiated Service Field DSCP (6-bit) The DSCP value determines the forwarding behavior, the PHB (Per-Hop Behavior), that each packet gets across the DiffServ network.
Page 172: Figure 83 Media Bandwidth Management: Class Configuration
P-660R/H-D Series User’s Guide Figure 83 Media Bandwidth Management: Class Configuration The following table describes the labels in this screen. Table 57 Media Bandwidth Management: Class Configuration LABEL Class Name BW Budget (kbps) Priority Borrow bandwidth from parent class DESCRIPTION Use the auto-generated name or enter a descriptive name of up to 20 alphanumeric characters, including spaces.
Page 173 Table 57 Media Bandwidth Management: Class Configuration (continued) LABEL Enable DiffServ Marking DiffServ Mark Bandwidth Filter The Prestige uses a bandwidth filter to identify the traffic that belongs to a bandwidth class. Active Service Destination IP Address Destination Subnet Mask Destination Port Source IP Address Source Subnet...
Page 174: Media Bandwidth Management Statistics
P-660R/H-D Series User’s Guide Table 57 Media Bandwidth Management: Class Configuration (continued) LABEL TOS Mask Back Apply Cancel Table 58 Services and Port Numbers SERVICES ECHO FTP (File Transfer Protocol) SMTP (Simple Mail Transfer Protocol) DNS (Domain Name System) Finger HTTP (Hyper Text Transfer protocol or WWW, Web) POP3 (Post Office Protocol) NNTP (Network News Transport Protocol)
Page 175: Bandwidth Monitor
The following table describes the labels in this screen. Table 59 Media Bandwidth Management Statistics LABEL DESCRIPTION Class Name This field displays the name of the class the statistics page is showing. Budget (kbps) This field displays the amount of bandwidth allocated to the class. Tx Packets This field displays the total number of packets transmitted.
Page 176: Table 60 Media Bandwidth Management: Monitor
P-660R/H-D Series User’s Guide The following table describes the labels in this screen. Table 60 Media Bandwidth Management: Monitor LABEL Interface Class Name Budget (kbps) Current Usage (kbps) Back Refresh DESCRIPTION Select an interface from the drop-down list box to view the bandwidth usage of its bandwidth classes.
Page 177: Chapter 17 Maintenance
This chapter displays system information such as ZyNOS firmware, port IP addresses and port traffic statistics. 17.1 Maintenance Overview The maintenance screens can help you view system information, upload new firmware, manage configuration and restart your Prestige. 17.2 System Status Screen Click System Status under Maintenance to open the following screen, where you can use to monitor your Prestige.
Page 178: Figure 86 System Status
P-660R/H-D Series User’s Guide Figure 86 System Status The following table describes the fields in this screen. Table 61 System Status LABEL DESCRIPTION System Status System Name This is the name of your Prestige. It is for identification purposes. ZyNOS Firmware This is the ZyNOS firmware version and the date created.
Page 179: System Statistics
Table 61 System Status (continued) LABEL DESCRIPTION Default Gateway This is the IP address of the default gateway, if applicable. VPI/VCI This is the Virtual Path Identifier and Virtual Channel Identifier that you entered in the first Wizard screen. LAN Information MAC Address This is the MAC (Media Access Control) or Ethernet address unique to your Prestige.
Page 180: Dhcp Table Screen
P-660R/H-D Series User’s Guide The following table describes the fields in this screen. Table 62 System Status: Show Statistics LABEL DESCRIPTION System up Time This is the elapsed time the system has been up. CPU Load This field specifies the percentage of CPU utilization. LAN or WAN Port This is the WAN or LAN port.
Page 181: Any Ip Table Screen
Figure 88 DHCP Table The following table describes the fields in this screen. Table 63 DHCP Table LABEL DESCRIPTION Host Name This is the name of the host computer. IP Address This field displays the IP address relative to the Host Name field. MAC Address This field displays the MAC (Media Access Control) address of the computer with the displayed host name.
Page 182: Diagnostic Screens
P-660R/H-D Series User’s Guide Table 64 Any IP Table LABEL DESCRIPTION MAC Address This field displays the MAC (Media Access Control) address of the computer with the displayed IP address. Every Ethernet device has a unique MAC address. The MAC address is assigned at the factory and consists of six pairs of hexadecimal characters, for example, 00:A0:C5:00:00:02.
Page 183: Dsl Line Diagnostic
The following table describes the fields in this screen. Table 65 Diagnostic: General LABEL DESCRIPTION TCP/IP Type the IP address of a computer that you want to ping in order to test a connection. Address Ping Click this button to ping the IP address that you entered. Reset System Click this button to reboot the Prestige.
Page 184: Firmware Upgrade
P-660R/H-D Series User’s Guide The following table describes the fields in this screen. Table 66 Diagnostic: DSL Line LABEL Reset ADSL Click this button to reinitialize the ADSL line. The large text box above then displays Line the progress and results of this operation, for example: "Start to reset ADSL Loading ADSL modem F/W...
Page 185: Figure 92 Firmware Upgrade
Figure 92 Firmware Upgrade The following table describes the labels in this screen. Table 67 Firmware Upgrade LABEL DESCRIPTION File Path Type in the location of the file you want to upload in this field or click Browse ... to find it. Browse...
Page 186: Figure 94 Error Message
P-660R/H-D Series User’s Guide Figure 94 Error Message Chapter 17 Maintenance...
Page 187: Chapter 18 Introducing The Smt
This chapter explains how to access and navigate the System Management Terminal and gives an overview of its menus. 18.1 SMT Introduction The Prestige’s SMT (System Management Terminal) is a menu-driven interface that you can access from a terminal emulator over a telnet connection. This chapter shows you how to access the SMT (System Management Terminal) menus via Telnet, how to navigate the SMT and how to configure SMT menus.
Page 188: Prestige Smt Menus Overview
P-660R/H-D Series User’s Guide 18.1.3 Prestige SMT Menus Overview The following table gives you an overview of your Prestige’s various SMT menus. Table 68 SMT Menus Overview MENUS SUB MENUS 1 General Setup 1.1 Configure Dynamic DNS 2 WAN Backup Setup 2.1 Traffic Redirect Setup 3 LAN Setup 3.1 LAN Port Filter Setup...
Page 189: Navigating The Smt Interface
Table 68 SMT Menus Overview (continued) MENUS SUB MENUS 24 System Maintenance 24.1 System Status 24.2 System Information and Console Port Speed 24.3 Log and Trace 24.4 Diagnostic 24.5 Backup Configuration 24.6 Restore Configuration 24.7 Upload Firmware 24.8 Command Interpreter Mode 24.9 Call Control 24.10 Time and Date Setting 24.11 Remote Management...
Page 190: System Management Terminal Interface Summary
Exit the SMT After you enter the password, the SMT displays the main menu, as shown next. Figure 96 SMT Main Menu Copyright (c) 1994 - 2004 ZyXEL Communications Corp. Getting Started 1. General Setup 2. WAN Backup Setup 3.
Page 191: Changing The System Password
Table 70 Main Menu Summary MENU TITLE Internet Access Setup Remote Node Setup Static Routing Setup NAT Setup Filter and Firewall Setup or Filter Set Configuration SNMP Configuration System Password System Maintenance IP Routing Policy Setup Schedule Setup Exit 18.3 Changing the System Password Change the Prestige default password by following the steps shown next.
Page 192 P-660R/H-D Series User’s Guide Chapter 18 Introducing the SMT...
Page 193: Chapter 19 Menu 1 General Setup
Menu 1 - General Setup contains administrative and system-related information. 19.1 General Setup Menu 1 — General Setup contains administrative and system-related information (shown next). The System Name field is for identification purposes. However, because some ISPs check this name you should enter your computer's "Computer Name". •...
Page 194: Procedure To Configure Dynamic Dns
P-660R/H-D Series User’s Guide Figure 98 Menu 1 General Setup Press ENTER to Confirm or ESC to Cancel: Fill in the required fields. Refer to the table shown next for more information about these fields. Table 71 Menu 1 General Setup FIELD System Name Location (optional)
Page 195: Figure 99 Menu 1.1 Configure Dynamic Dns
Figure 99 Menu 1.1 Configure Dynamic DNS Follow the instructions in the next table to configure dynamic DNS parameters. Table 72 Menu 1.1 Configure Dynamic DNS FIELD DESCRIPTION Service Provider This is the name of your dynamic DNS service provider. Active Press [SPACE BAR] to select Yes and then press [ENTER] to make dynamic DNS active.
Page 196 P-660R/H-D Series User’s Guide Chapter 19 Menu 1 General Setup...
Page 197: Menu 2 Wan Backup Setup
Menu 2 WAN Backup Setup This chapter describes how to configure traffic redirect and dial-backup using menu 2 and 2.1. 20.1 Introduction to WAN Backup Setup This chapter explains how to configure the Prestige for traffic redirect and dial backup connections.
Page 198: Traffic Redirect Setup
P-660R/H-D Series User’s Guide Table 73 Menu 2 WAN Backup Setup (continued) FIELD KeepAlive Fail Tolerance Recovery Interval(sec) When the Prestige is using a lower priority connection (usually a WAN backup ICMP Timeout Traffic Redirect When you have completed this menu, press [ENTER] at the prompt “ or ESC to Cancel: 20.2.1 Traffic Redirect Setup Configure parameters that determine when the Prestige will forward WAN traffic to the...
Page 199 Table 74 Menu 2.1Traffic Redirect Setup FIELD DESCRIPTION Metric This field sets this route's priority among the routes the Prestige uses. The metric represents the "cost of transmission". A router determines the best route for transmission by choosing a path with the lowest "cost". RIP routing uses hop count as the measurement of cost, with a minimum of "1"...
Page 200 P-660R/H-D Series User’s Guide Chapter 20 Menu 2 WAN Backup Setup...
Page 201: Chapter 21 Menu 3 Lan Setup
This chapter covers how to configure your wired Local Area Network (LAN) settings. 21.1 LAN Setup This section describes how to configure the Ethernet using Menu 3 — LAN Setup. From the main menu, enter 3 to display menu 3. Figure 102 Menu 3 LAN Setup Menu 3 - LAN Setup 1.
Page 202: Protocol Dependent Ethernet Setup
P-660R/H-D Series User’s Guide 21.2 Protocol Dependent Ethernet Setup Depending on the protocols for your applications, you need to configure the respective Ethernet Setup, as outlined below. • TCP/IP Ethernet setup • Bridging Ethernet setup 21.3 TCP/IP Ethernet Setup and DHCP Use menu 3.2 to configure your Prestige for TCP/IP.
Page 203: Table 75 Dhcp Ethernet Setup
Follow the instructions in the following table on how to configure the DHCP fields. Table 75 DHCP Ethernet Setup FIELD DHCP Setup DHCP Client IP Pool Starting Address Size of Client IP Pool Primary DNS Server Secondary DNS Server Remote DHCP Serve Follow the instructions in the following table to configure TCP/IP parameters for the Ethernet port.
Page 204 P-660R/H-D Series User’s Guide Chapter 21 Menu 3 LAN Setup...
Page 205: Chapter 22 Internet Access
This chapter shows you how to configure the LAN and WAN of your Prestige for Internet access 22.1 Internet Access Overview Refer to the chapters on the web configurator’s wizard, LAN and WAN screens for more background information on fields in the SMT screens covered in this chapter. 22.2 IP Policies Traditionally, routing is based on the destination address only and the router takes the shortest path to forward a packet.
Page 206: Ip Alias Setup
P-660R/H-D Series User’s Guide Figure 105 IP Alias Network Example Use menu 3.2.1 to configure IP Alias on your Prestige. 22.4 IP Alias Setup Use menu 3.2 to configure the first network. Move the cursor to Edit IP Alias field and press [SPACEBAR] to choose Yes and press [ENTER] to configure the second and third network.
Page 207: Route Ip Setup
Figure 107 Menu 3.2.1 IP Alias Setup Menu 3.2.1 - IP Alias Setup IP Alias 1= No IP Alias 2= No Follow the instructions in the following table to configure IP Alias parameters. Table 77 Menu 3.2.1 IP Alias Setup FIELD DESCRIPTION IP Alias...
Page 208: Internet Access Configuration
P-660R/H-D Series User’s Guide Figure 108 Menu 1 General Setup Menu 1 - General Setup Press ENTER to Confirm or ESC to Cancel: 22.6 Internet Access Configuration Menu 4 allows you to enter the Internet Access information in one screen. Menu 4 is actually a simplified setup for one of the remote nodes that you can access in menu 11.
Page 209: Table 78 Menu 4 Internet Access Setup
Menu 4 Internet Access Setup Table 78 FIELD DESCRIPTION ISP’s Name Enter the name of your Internet Service Provider (ISP). This information is for identification purposes only. Encapsulation Press [ Choices are PPPoE, PPPoA, RFC 1483 or ENET ENCAP. Multiplexing Press [ Choices are VC-based or LLC-based.
Page 210 P-660R/H-D Series User’s Guide Chapter 22 Internet Access...
Page 211: Remote Node Configuration
Remote Node Configuration This chapter covers remote node configuration. 23.1 Remote Node Setup Overview This section describes the protocol-independent parameters for a remote node. A remote node is required for placing calls to a remote gateway. A remote node represents both the remote gateway and the network behind it across a WAN connection.
Page 212: Encapsulation And Multiplexing Scenarios
P-660R/H-D Series User’s Guide Figure 110 Menu 11 Remote Node Setup 23.2.2 Encapsulation and Multiplexing Scenarios For Internet access you should use the encapsulation and multiplexing methods used by your ISP. Consult your telephone company for information on encapsulation and multiplexing methods for LAN-to-LAN applications, for example between a branch office and corporate headquarters.
Page 213: Figure 111 Menu 11.1 Remote Node Profile
Figure 111 Menu 11.1 Remote Node Profile Rem Node Name= MyISP Active= Yes Encapsulation= RFC 1483 Multiplexing= LLC-based Service Name= N/A Incoming: Rem Login= N/A Rem Password= N/A Outgoing: My Login= N/A My Password= N/A Authen= N/A Press ENTER to Confirm or ESC to Cancel: In Menu 11.1 –...
Page 214: Outgoing Authentication Protocol
P-660R/H-D Series User’s Guide Table 79 Menu 11.1 Remote Node Profile (continued) FIELD DESCRIPTION Route This field determines the protocol used in routing. Options are IP and None. Bridge When bridging is enabled, your Prestige will forward any packet that it does not route to this remote node;...
Page 215: Figure 112 Menu 11.3 Remote Node Network Layer Options
1 In menu 11.1, make sure IP is among the protocols in the Route field. 2 Move the cursor to the Edit IP/Bridge field, press [SPACE BAR] to select Yes, then press [ENTER] to display Menu 11.3 – Remote Node Network Layer Options. Figure 112 Menu 11.3 Remote Node Network Layer Options Menu 11.3 - Remote Node Network Layer Options IP Options:...
Page 216: My Wan Addr Sample Ip Addresses
P-660R/H-D Series User’s Guide Table 80 Menu 11.3 Remote Node Network Layer Options (continued) FIELD DESCRIPTION Metric The metric represents the cost of transmission for routing purposes. IP routing uses hop count as the cost measurement, with a minimum of 1 for directly connected networks.
Page 217: Remote Node Filter
Figure 113 Sample IP Addresses for a TCP/IP LAN-to-LAN Connection 23.4 Remote Node Filter Move the cursor to the Edit Filter Sets field in menu 11.1, then press [SPACE BAR] to select Yes. Press [ENTER] to display Menu 11.5 – Remote Node Filter. Use Menu 11.5 –...
Page 218: Web Configurator Internet Security Filter Rules
P-660R/H-D Series User’s Guide Figure 115 Menu 11.5 Remote Node Filter (PPPoA or PPPoE Encapsulation) 23.4.1 Web Configurator Internet Security Filter Rules In the web configurator, open the Security screen as shown next. Select the predefined filter rules and click Apply. This section applies to the P-660R-D. Figure 116 Internet Security Once you apply the filter rules in the web configurator, filter sets 11 and 12 are automatically applied in the protocol filters field under Input Filter Sets in SMT menu 11.5.
Page 219: Figure 117 Menu 21 Filer Set Configuration
Figure 117 Menu 21 Filer Set Configuration Filter Set # ------ The following figures display the filter rules in filter sets 11 and 12. Figure 118 Menu 21.11 WebSet 11 # A Type - - ---- ----------------------------------------------------------- - - - 1 Y IP Pr=17, SA=0.0.0.0, DA=0.0.0.0, DP=161 2 Y IP...
Page 220: Editing Atm Layer Options
P-660R/H-D Series User’s Guide Note: Do not edit filter sets 11 and 12. They are used exclusively by the web configurator. Any rules you configured in sets 11 and 12 will be erased and replaced when you apply the web configurator-generated filter rules. 23.5 Editing ATM Layer Options Follow the steps shown next to edit Menu 11.6 –...
Page 221: Advance Setup Options
Figure 121 Menu 11.6 for LLC-based Multiplexing or PPP Encapsulation Menu 11.6 - Remote Node ATM Layer Options VPI/VCI (LLC-Multiplexing or PPP-Encapsulation) ENTER here to CONFIRM or ESC to CANCEL: In this case, only one set of VPI and VCI numbers need be specified for all protocols. The valid range for the VPI is 0 to 255 and for the VCI is 32 to 65535 (1 to 31 is reserved for local management of ATM traffic).
Page 222: Figure 123 Menu 11.8 Advance Setup Options
P-660R/H-D Series User’s Guide Figure 123 Menu 11.8 Advance Setup Options The following table describes the fields in this menu. Table 81 Menu 11.8 Advance Setup Options FIELD PPPoE pass-through When you have completed this menu, press [ENTER] at the prompt “ or ESC to Cancel: Menu 11.8 - Advance Setup Options PPPoE pass-through= No...
Page 223: Chapter 24 Static Route Setup
This chapter shows how to setup IP static routes. 24.1 IP Static Route Overview Static routes tell the Prestige routing information that it cannot learn automatically through other means. This can arise in cases where RIP is disabled on the LAN or a remote network is beyond the one that is directly connected to a remote node.
Page 224: Figure 125 Menu 12 Static Route Setup
P-660R/H-D Series User’s Guide Figure 125 Menu 12 Static Route Setup From menu 12, select 1 to open Menu 12.1 — IP Static Route Setup (shown next). Figure 126 Menu 12.1 IP Static Route Setup Now, type the route number of a static route you want to configure. Figure 127 Menu12.1.1 Edit IP Static Route Menu 12.1.1 - Edit IP Static Route Press ENTER to Confirm or ESC to Cancel:...
Page 225: Table 82 Menu12.1.1 Edit Ip Static Route
The following table describes the fields for Menu 12.1.1 – Edit IP Static Route Setup. Table 82 Menu12.1.1 Edit IP Static Route FIELD Route # Route Name Active Destination IP Address IP Subnet Mask Gateway IP Address Metric Private When you have completed this menu, press [ENTER] at the prompt “ or ESC to Cancel: Chapter 24 Static Route Setup DESCRIPTION...
Page 226 P-660R/H-D Series User’s Guide Chapter 24 Static Route Setup...
Page 227: Chapter 25 Bridging Setup
This chapter shows you how to configure the bridging parameters of your Prestige. 25.1 Bridging in General Bridging bases the forwarding decision on the MAC (Media Access Control), or hardware address, while routing does it on the network layer (IP) address. Bridging allows the Prestige to transport packets of network layer protocols that it does not route, for example, SNA, from one network to another.
Page 228: Figure 128 Menu 11.1 Remote Node Profile
P-660R/H-D Series User’s Guide Figure 128 Menu 11.1 Remote Node Profile Rem Node Name= ? Active= Yes Encapsulation= ENET ENCAP Multiplexing= VC-based Service Name= N/A Incoming: Rem Login= N/A Rem Password= N/A Outgoing: My Login= N/A My Password= N/A Authen= N/A Press ENTER to Confirm or ESC to Cancel: 3 Move the cursor to the Edit IP/Bridge field, then press [SPACE BAR] to set the value to Yes and press [ENTER] to edit Menu 11.3 –...
Page 229: Bridge Static Route Setup
25.2.2 Bridge Static Route Setup Similar to network layer static routes, a bridging static route tells the Prestige the route to a node before a connection is established. You configure bridge static routes in menu 12.3.1 (go to menu 12, choose option 3, then choose a static route to edit) as shown next. Figure 130 Menu 12.3.1 Edit Bridge Static Route Menu 12.3.1 - Edit Bridge Static Route Route #: 1...
Page 230 P-660R/H-D Series User’s Guide Chapter 25 Bridging Setup...
Page 231: Network Address Translation (Nat)
Network Address Translation This chapter discusses how to configure NAT on the Prestige. 26.1 Using NAT You must create a firewall rule in addition to setting up SUA/NAT, to allow traffic from the WAN to be forwarded through the Prestige. 26.1.1 SUA (Single User Account) Versus NAT SUA (Single User Account) is a ZyNOS implementation of a subset of NAT that supports two types of mapping, Many-to-One and Server.
Page 232: Figure 131 Menu 4 Applying Nat For Internet Access
P-660R/H-D Series User’s Guide Figure 131 Menu 4 Applying NAT for Internet Access Menu 4 - Internet Access Setup Press ENTER to Confirm or ESC to Cancel: The following figure shows how you apply NAT to the remote node in menu 11.1. 1 Enter 11 from the main menu.
Page 233: Nat Setup
Table 85 Applying NAT in Menus 4 & 11.3 FIELD DESCRIPTION Press [SPACE BAR] and then [ENTER] to select Full Feature if you have multiple public WAN IP addresses for your Prestige. The SMT uses the address mapping set that you configure and enter in the Address Mapping Set field (see Select None to disable NAT.
Page 234: Sua Address Mapping Set
P-660R/H-D Series User’s Guide Figure 134 Menu 15.1 Address Mapping Sets Menu 15.1 - Address Mapping Sets Enter Menu Selection Number: 26.3.1.1 SUA Address Mapping Set Enter 255 to display the next screen (see also menu cannot be changed. Figure 135 Menu 15.1.255 SUA Address Mapping Rules Menu 15.1.255 - Address Mapping Rules Set Name= Local Start IP...
Page 235: User-Defined Address Mapping Sets
Table 86 SUA Address Mapping Rules (continued) FIELD DESCRIPTION Local End IP Local End IP is the ending local IP address (ILA). If the rule is for all local IPs, then the Start IP is 0.0.0.0 and the End IP is 255.255.255.255. Global Start IP This is the starting global IP address (IGA).
Page 236: Ordering Your Rules
P-660R/H-D Series User’s Guide 26.3.1.3 Ordering Your Rules Ordering your rules is important because the Prestige applies the rules in the order that you specify. When a rule matches the current packet, the Prestige takes the corresponding action and the remaining rules are ignored. If there are any empty rules before your new configured rule, your configured rule will be pushed up by that number of empty rules.
Page 237: Configuring A Server Behind Nat
The following table explains the fields in this menu. Menu 15.1.1.1 Editing/Configuring an Individual Rule in a Set Table 88 FIELD DESCRIPTION Type Press [SPACE BAR] and then [ENTER] to select from a total of five types. These are the mapping types discussed in the web configurator NAT chapter. Server allows you to specify multiple servers of different types behind NAT to this computer.
Page 238: General Nat Examples
P-660R/H-D Series User’s Guide Figure 139 Menu 15.2.1 NAT Server Setup Menu 15.2 - NAT Server Setup Rule Start Port No. --------------------------------------------------- Default Press ENTER to Confirm or ESC to Cancel: 4 Enter a port number in an unused Start Port No field. To forward only one port, enter it again in the End Port No field.
Page 239: Example 1: Internet Access Only
26.5.1 Example 1: Internet Access Only In the following Internet access example, you only need one rule where your ILAs (Inside Local addresses) all map to one dynamic IGA (Inside Global Address) assigned by your ISP. Figure 141 NAT Example 1 Figure 142 Menu 4 Internet Access &...
Page 240: Example 3: Multiple Public Ip Addresses With Inside Servers
P-660R/H-D Series User’s Guide Figure 143 NAT Example 2 In this case, you do exactly as above (use the convenient pre-configured SUA Only set) and also go to menu 15.2 to specify the Inside Server behind the NAT as shown in the next figure. Figure 144 Menu 15.2.1 Specifying an Inside Server Menu 15.2.1 - NAT Server Setup (Used for SUA Only) Rule...
Page 241: Figure 145 Nat Example 3
Map the other outgoing LAN traffic to IGA3 (Many : 1 mapping). You also map your third IGA to the web server and mail server on the LAN. Type Server allows you to specify multiple servers, of different types, to other computers behind NAT on the LAN.
Page 242: Figure 146 Example 3: Menu 11.3
P-660R/H-D Series User’s Guide Figure 146 Example 3: Menu 11.3 Menu 11.3 - Remote Node Network Layer Options IP Options: IP Address Assignment= Static Rem IP Addr: 0.0.0.0 Rem Subnet Mask= 0.0.0.0 My WAN Addr= 0.0.0.0 NAT= Full Feature Address Mapping Set= 2 Metric= 2 Private= No RIP Direction= Both...
Page 243: Figure 148 Example 3: Final Menu 15.1.1
Figure 148 Example 3: Final Menu 15.1.1 Menu 15.1.1 - Address Mapping Rules Set Name= Example3 Local Start IP --------------- 1. 192.168.1.10 192.168.1.11 3. 0.0.0.0 Action= Edit Press ENTER to Confirm or ESC to Cancel: Now configure the IGA3 to map to our web server and mail server on the LAN. 1 Enter 15 from the main menu.
Page 244: Example 4: Nat Unfriendly Application Programs
P-660R/H-D Series User’s Guide 26.5.4 Example 4: NAT Unfriendly Application Programs Some applications do not support NAT Mapping using TCP or UDP port address translation. In this case it is better to use Many-to-Many No Overload mapping as port numbers do not change for Many-to-Many No Overload (and One-to-One) NAT mapping types.
Page 245: Figure 152 Example 4: Menu 15.1.1 Address Mapping Rules
Figure 152 Example 4: Menu 15.1.1 Address Mapping Rules Menu 15.1.1 - Address Mapping Rules Set Name= Example4 Local Start IP --------------- 192.168.1.10 NO OV Press ENTER to Confirm or ESC to Cancel: Chapter 26 Network Address Translation (NAT) Local End IP Global Start IP ------------ ---------------...
Page 246 P-660R/H-D Series User’s Guide Chapter 26 Network Address Translation (NAT)
Page 247: Chapter 27 Enabling The Firewall
This chapter shows you how to get started with the Prestige firewall. This chapter applies to the P-660H-D. 27.1 Remote Management and the Firewall When SMT menu 24.11 is configured to allow management and the firewall is enabled: • The firewall blocks remote management from the WAN unless you configure a firewall rule to allow it.
Page 248: Figure 153 Menu 21.2 Firewall Setup
P-660R/H-D Series User’s Guide Figure 153 Menu 21.2 Firewall Setup Menu 21.2 - Firewall Setup The firewall protects against Denial of Service (DOS) attacks when it is active. The default Policy sets 1. allow all sessions originating from the LAN to the WAN and 2.
Page 249: Chapter 28 Filter Configuration
This chapter shows you how to create and apply filters. 28.1 About Filtering Your Prestige uses filters to decide whether or not to allow passage of a data packet and/or to make a call. There are two types of filter applications: data filtering and call filtering. Filters are subdivided into device and protocol filters, which are discussed later.
Page 250: The Filter Structure Of The Prestige
P-660R/H-D Series User’s Guide Figure 155 Filter Rule Process You can apply up to four filter sets to a particular port to block various types of packets. Because each filter set can have up to six rules, you can have a maximum of 24 rules active for a single port.
Page 251: Configuring A Filter Set For The Prestige
28.2 Configuring a Filter Set for the Prestige To configure a filter set, follow the steps shown next. 1 Enter 21 in the main menu to display Menu 21 – Filter and Firewall Setup. 2 Enter 1 to display Menu 21.1 – Filter Set Configuration as shown next. Figure 156 Menu 21 Filter Set Configuration Menu 21.1 - Filter Set Configuration Filter...
Page 252: Filter Rules Summary Menus
P-660R/H-D Series User’s Guide Figure 158 NetBIOS_LAN Filter Rules Summary Menu 21.1.3 - Filter Rules Summary # A Type - - ---- ------------------------------------------------------------ - - - 1 Y IP Pr=17, SA=0.0.0.0, SP=137, DA=0.0.0.0, DP=53 Enter Filter Rule Number (1-6) to Configure: Figure 159 IGMP Filter Rules Summary Menu 21.1.4 - Filter Rules Summary # A Type...
Page 253: Configuring A Filter Rule
Table 89 Abbreviations Used in the Filter Rules Summary Menu (continued) FIELD DESCRIPTION Action Matched. “F” means to forward the packet immediately and skip checking the remaining rules. “D” means to drop the packet. “N“means to check the next rule. Action Not Matched.
Page 254: Tcp/Ip Filter Rule
P-660R/H-D Series User’s Guide 28.4.1 TCP/IP Filter Rule This section shows you how to configure a TCP/IP filter rule. TCP/IP rules allow you to base the rule on the fields in the IP and the upper layer protocol, for example, UDP and TCP headers.
Page 255 Table 91 Menu 21.1.x.1 TCP/IP Filter Rule (continued) FIELD DESCRIPTION Port # Type the destination port of the packets you want to filter. The field range is 0 to 65535. A 0 field is ignored. Port # Comp Select the comparison to apply to the destination port in the packet against the value given in Destination: Port #.
Page 256: Generic Filter Rule
P-660R/H-D Series User’s Guide Figure 161 Executing an IP Filter 28.4.2 Generic Filter Rule This section shows you how to configure a generic filter rule. The purpose of generic rules is to allow you to filter non-IP packets. For IP, it is generally easier to use the IP rules directly. For generic rules, the Prestige treats a packet as a byte stream as opposed to an IP packet.
Page 257: Figure 162 Menu 21.1.5.1 Generic Filter Rule
To configure a generic rule select an empty filter set in menu 21, for example 5. Select Generic Filter Rule in the Filter Type field and press [ENTER] to open Menu 21.1.5.1 – Generic Filter Rule, as shown in the following figure. Figure 162 Menu 21.1.5.1 Generic Filter Rule Menu 21.1.5.1 - Generic Filter Rule Filter #: 5,1...
Page 258: Filter Types And Nat
P-660R/H-D Series User’s Guide Table 92 Menu 21.1.5.1 Generic Filter Rule (continued) FIELD DESCRIPTION Action Not Select the action for a packet not matching the rule. Choices are Check Next Rule, Matched Forward or Drop. When you have completed this menu, press [ENTER] at the prompt “ or ESC to Cancel: 28.5 Filter Types and NAT There are two classes of filter rules, Generic Filter Device rules and Protocol Filter (TCP/IP)
Page 259: Figure 164 Sample Telnet Filter
Figure 164 Sample Telnet Filter 1 Enter 1 in the menu 21 to display Menu 21.1 — Filter Set Configuration. 2 Enter the index number of the filter set you want to configure (in this case 6) 3 Type a descriptive name or comment in the Edit Comments field (for example, TELNET_WAN) and press [ENTER].
Page 260: Applying Filters And Factory Defaults
P-660R/H-D Series User’s Guide 2 Go to the Edit Filter Sets field, press [SPACE BAR] to choose Yes and press [ENTER]. This brings you to menu 11.5. Apply the example filter set (for example, filter set 3) in this menu as shown in the next section. This shows you that you have configured and activated (A = Y) a TCP/IP filter rule (Type = IP, Pr = 6) for destination telnet ports (DP = 23).
Page 261: Ethernet Traffic
28.7.1 Ethernet Traffic You seldom need to filter Ethernet traffic; however, the filter sets may be useful to block certain packets, reduce traffic and prevent security breaches. Go to menu 3.1 (shown next) and type the number(s) of the filter set(s) that you want to apply as appropriate. You can choose up to four filter sets (from twelve) by typing their numbers separated by commas, for example, 3, 4, 6, 11.
Page 262 P-660R/H-D Series User’s Guide Chapter 28 Filter Configuration...
Page 263: Chapter 29 Snmp Configuration
This chapter explains SNMP Configuration menu 22. 29.1 About SNMP Simple Network Management Protocol (SNMP) is a protocol used for exchanging management information between network devices. SNMP is a member of the TCP/IP protocol suite. Your Prestige supports SNMP agent functionality, which allows a manager station to manage and monitor the Prestige through the network.
Page 264: Supported Mibs
P-660R/H-D Series User’s Guide The managed devices contain object variables/managed objects that define each piece of information to be collected about a device. Examples of variables include the number of packets received, node port status etc. A Management Information Base (MIB) is a collection of managed objects.
Page 265: Snmp Traps
Figure 170 Menu 22 SNMP Configuration Menu 22 - SNMP Configuration SNMP: Get Community= public Set Community= public Trusted Host= 0.0.0.0 Trap: Press ENTER to Confirm or ESC to Cancel: The following table describes the SNMP configuration parameters. Table 94 Menu 22 SNMP Configuration FIELD SNMP: Get Community...
Page 266: Table 96 Ports And Permanent Virtual Circuits
P-660R/H-D Series User’s Guide Table 95 SNMP Traps (continued) TRAP # TRAP NAME whyReboot (defined in ZYXEL-MIB) A trap is sent with the reason of restart before For intentional reboot : The port number is its interface index under the interface group. Table 96 Ports and Permanent Virtual Circuits PORT PVC (PERMANENT VIRTUAL CIRCUIT)
Page 267: System Information And Diagnosis
System Information and This chapter covers the information and diagnostic tools in SMT menus 24.1 to 24.4. 30.1 Overview These tools include updates on system status, port status, log and trace capabilities and upgrades for the system software. This chapter describes how to use these tools in detail. Type 24 in the main menu to open Menu 24 –...
Page 268: Figure 172 Menu 24.1 System Maintenance : Status
P-660R/H-D Series User’s Guide The following table describes the fields present in Menu 24.1 - System Maintenance - Status which are read-only and meant for diagnostic purposes. Figure 172 Menu 24.1 System Maintenance : Status Node-Lnk Status 1-ENET My WAN IP (from ISP): 0.0.0.0 Ethernet: Status: 100M/Full Duplex Tx Pkts: 5731 Collisions: 0...
Page 269: System Information
Table 97 Menu 24.1 System Maintenance: Status (continued) FIELD DESCRIPTION Collision This is the number of collisions. This shows statistics for the WAN. Line Status This shows the current status of the xDSL line, which can be Up or Down. Upstream This shows the upstream transfer rate in kbps.
Page 270: Console Port Speed
Menu 1 - General Setup. Refers to the routing protocol used. Refers to the ZyNOS (ZyXEL Network Operating System) system firmware version. ZyNOS is a registered trademark of ZyXEL Communications Corporation. Displays the vendor of the ADSL chipset and DSL version.
Page 271: Log And Trace
Figure 175 Menu 24.2.2 System Maintenance : Change Console Port Speed Menu 24.2.2 – System Maintenance – Change Console Port Speed Press ENTER to Confirm or ESC to Cancel: Once you change the Prestige console port speed, you must also set the speed parameter for the communication software you are using to connect to the Prestige.
Page 272: Syslog And Accounting
P-660R/H-D Series User’s Guide Figure 177 Sample Error and Information Messages 53 Sat Jan 01 00:00:03 2000 PP01 -WARN SNMP TRAP 0: cold start 54 Sat Jan 01 00:00:03 2000 PP01 55 Sat Jan 01 00:00:03 2000 PP01 56 Sat Jan 01 00:00:03 2000 PP20 57 Sat Jan 01 00:00:03 2000 PP21 58 Sat Jan 01 00:03:06 2000 PP19 59 Sat Jan 01 00:03:06 2000 PP01...
Page 273: Figure 179 Syslog Example
Figure 179 Syslog Example 1 - CDR SdcmdSyslogSend ( SYSLOG_CDR, SYSLOG_INFO, String); String = board xx line xx channel xx, call xx, str board = the hardware board ID line = the WAN ID in a board Channel = channel ID within the WAN call = the call reference number which starts from 1 and increments by 1 for each new call str = C01 Outgoing Call dev xx ch xx (dev:device No.
Page 274: Diagnostic
P-660R/H-D Series User’s Guide Figure 179 Syslog Example (continued) prot: Protocol (“TCP”, ”UDP”, ”ICMP”) spo: Source port dpo: Destination port Jul 19 14:43:55 192.168.102.2 ZYXEL: IP [Src=202.132.154.123 Dst=255.255.255.255 UDP spo=0208 dpo=0208]} S03>R01mF Jul 19 14:44:00 192.168.102.2 ZYXEL: IP [Src=192.168.102.20 Dst=202.132.154.1 UDP spo=05d4 dpo=0035]} S03>R01mF Jul 19 14:44:04 192.168.102.2 ZYXEL: IP [Src=192.168.102.20 Dst=202.132.154.1 UDP spo=05d4 dpo=0035]} S03>R01mF...
Page 275: Table 100 Menu 24.4 System Maintenance Menu: Diagnostic
The following table describes the diagnostic tests available in menu 24.4 for and the connections. Table 100 Menu 24.4 System Maintenance Menu: Diagnostic FIELD DESCRIPTION Reset xDSL Re-initialize the xDSL link to the telephone company. Ping Host Ping the host to see if the links and TCP/IP protocol on both systems are working. Reboot System Reboot the Prestige.
Page 276 P-660R/H-D Series User’s Guide Chapter 30 System Information and Diagnosis...
Page 277: Firmware And Configuration File Maintenance
Firmware and Configuration File This chapter tells you how to backup and restore your configuration file as well as upload new firmware and configuration files. 31.1 Filename Conventions The configuration file (often called the romfile or rom-0) contains the factory default settings in the menus such as password, DHCP Setup, TCP/IP Setup, etc.
Page 278: Backup Configuration
P-660R/H-D Series User’s Guide The following table is a summary. Please note that the internal filename refers to the filename on the Prestige and the external filename refers to the filename not on the Prestige, that is, on your computer, local network or FTP site and so the name (but not the extension) may vary. After uploading new firmware, see the ZyNOS F/W Version field in Menu 24.2.1 - System Maintenance - Information to confirm that you have uploaded the correct firmware version.
Page 279: Using The Ftp Command From The Command Line
Figure 181 Telnet in Menu 24.5 Menu 24.5 - System Maintenance - Backup Configuration To transfer the configuration file to your workstation, follow the procedure below: 1. Launch the FTP client on your workstation. 2. Type "open" and the IP address of your Prestige. Then type "root" and SMT password as requested.
Page 280: Gui-Based Ftp Clients
P-660R/H-D Series User’s Guide Figure 182 FTP Session Example 331 Enter PASS command Password: 230 Logged in ftp> bin 200 Type I OK ftp> get rom-0 zyxel.rom 200 Port command okay 150 Opening data connection for STOR ras 226 File received OK ftp: 16384 bytes sent in 1.10Seconds 297.89Kbytes/sec.
Page 281: Backup Configuration Using Tftp
31.2.6 Backup Configuration Using TFTP The Prestige supports the up/downloading of the firmware and the configuration file using TFTP (Trivial File Transfer Protocol) over LAN. Although TFTP should work over WAN as well, it is not recommended. To use TFTP, your computer must have both telnet and TFTP clients. To backup the configuration file, follow the procedure shown next.
Page 282: Restore Configuration
P-660R/H-D Series User’s Guide Table 103 General Commands for GUI-based TFTP Clients COMMAND DESCRIPTION Host Enter the IP address of the Prestige. 192.168.1.1 is the Prestige’s default IP address when shipped. Send/Fetch Use “Send” to upload the file to the Prestige and “Fetch” to back up the file on your computer.
Page 283: Restore Using Ftp Session Example
Figure 183 Telnet into Menu 24.6 Menu 24.6 -- System Maintenance - Restore Configuration To transfer the firmware and configuration file to your workstation, follow the procedure below: 1. Launch the FTP client on your workstation. 2. Type "open" and the IP address of your Prestige. Then type "root" and SMT password as requested.
Page 284: Uploading Firmware And Configuration Files
P-660R/H-D Series User’s Guide 31.4 Uploading Firmware and Configuration Files This section shows you how to upload firmware and configuration files. You can upload configuration files by following the procedure in instructions in Menu 24.7.2 - System Maintenance - Upload System Configuration File. Note: Do not interrupt the file transfer process as this may PERMANENTLY DAMAGE YOUR Prestige.
Page 285: Ftp File Upload Command From The Dos Prompt Example
Figure 186 Telnet Into Menu 24.7.2 System Maintenance Menu 24.7.2 - System Maintenance - Upload System Configuration File To upload the system configuration file, follow the procedure below: 1. Launch the FTP client on your workstation. 2. Type "open" and the IP address of your system. Then type "root" and SMT password as requested.
Page 286: Ftp Session Example Of Firmware File Upload
P-660R/H-D Series User’s Guide 31.4.4 FTP Session Example of Firmware File Upload Figure 187 FTP Session Example of Firmware File Upload 331 Enter PASS command Password: 230 Logged in ftp> bin 200 Type I OK ftp> put firmware.bin ras 200 Port command okay 150 Opening data connection for STOR ras 226 File received OK ftp: 1103936 bytes sent in 1.10Seconds 297.89Kbytes/sec.
Page 287: Tftp Upload Command Example
31.4.6 TFTP Upload Command Example The following is an example TFTP command: tftp [-i] host put firmware.bin ras where “ ” specifies binary image transfer mode (use this mode when transferring binary files), “ ” is the Prestige’s IP address and “ host –...
Page 288 P-660R/H-D Series User’s Guide Chapter 31 Firmware and Configuration File Maintenance...
Page 289: Chapter 32 System Maintenance
System Maintenance. A list of valid commands can be found by typing help or ? at the command prompt. Type “ Figure 188 Command Mode in Menu 24 Enter Menu Selection Number: Figure 189 Valid Commands Copyright (c) 1994 - 2004 ZyXEL Communications Corp. ras> ? Valid commands are: exit bridge ras>...
Page 290: Call Control Support
P-660R/H-D Series User’s Guide 32.2 Call Control Support Call Control Support is only applicable when Encapsulation is set to PPPoE in menu 4 or menu 11.1. The budget management function allows you to set a limit on the total outgoing call time of the Prestige within certain times.
Page 291: Time And Date Setting
The total budget is the time limit on the accumulated time for outgoing calls to a remote node. When this limit is reached, the call will be dropped and further outgoing calls to that remote node will be blocked. After each period, the total budget is reset. The default for the total budget is 0 minutes and the period is 0 hours, meaning no budget control.
Page 292: Resetting The Time
P-660R/H-D Series User’s Guide Figure 193 Menu 24.10 System Maintenance: Time and Date Setting Menu 24.10 - System Maintenance - Time and Date Setting Use Time Server when Bootup= None Time Server Address= N/A Current Time: New Time (hh:mm:ss): Current Date: New Date (yyyy-mm-dd): Time Zone= GMT Daylight Saving= No...
Page 293 P-660R/H-D Series User’s Guide • On leaving menu 24.10 after making changes. • When the Prestige starts up, if there is a timeserver configured in menu 24.10. • 24-hour intervals after starting. Chapter 32 System Maintenance...
Page 294 P-660R/H-D Series User’s Guide Chapter 32 System Maintenance...
Page 295: Chapter 33 Remote Management
This chapter covers remote management (SMT menu 24.11). 33.1 Remote Management Overview Remote management allows you to determine which services/protocols can access which Prestige interface (if any) from which computers. When you configure remote management to allow management from the WAN, you still need to configure a firewall rule to allow access.
Page 296: Remote Management Limitations
P-660R/H-D Series User’s Guide Figure 194 Menu 24.11 Remote Management Control Menu 24.11 - Remote Management Control TELNET Server: Server Port = 23 Secured Client IP = 0.0.0.0 FTP Server: Server Port = 21 Secured Client IP = 0.0.0.0 Web Server: Server Port = 80 Secured Client IP = 0.0.0.0 Press ENTER to Confirm or ESC to Cancel:...
Page 297: Remote Management And Nat
33.3 Remote Management and NAT When NAT is enabled: • Use the Prestige’s WAN IP address when configuring from the WAN. • Use the Prestige’s LAN IP address when configuring from the LAN. 33.4 System Timeout There is a default system management idle timeout of five minutes (three hundred seconds). The Prestige automatically logs you out if the management session remains idle for longer than this timeout period.
Page 298 P-660R/H-D Series User’s Guide Chapter 33 Remote Management...
Page 299: Chapter 34 Ip Policy Routing
This chapter covers setting and applying policies used for IP routing. 34.1 IP Policy Routing Overview Traditionally, routing is based on the destination address only and the IAD takes the shortest path to forward a packet. IP Routing Policy (IPPR) provides a mechanism to override the default routing behavior and alter the packet forwarding based on the policy defined by the network administrator.
Page 300: Ip Routing Policy Setup
P-660R/H-D Series User’s Guide • routing the packet to a different gateway (and hence the outgoing interface). • setting the TOS and precedence fields in the IP header. IPPR follows the existing packet filtering facility of RAS in style and in implementation. The policies are divided into sets, where related policies are grouped together.
Page 301: Figure 196 Menu 25.1 Ip Routing Policy Setup
Figure 196 Menu 25.1 IP Routing Policy Setup Menu 25.1 - IP Routing Policy Setup - - ---------------------------------------------------------------------- 1 Y SA=1.1.1.1-1.1.1.1,DA=2.2.2.2-2.2.2.5 SP=20-25,DP=20-25,P=6,T=NM,PR=0 2 N ______________________________________________________________________ ______________________________________________________________________ 3 N ______________________________________________________________________ ______________________________________________________________________ 4 N ______________________________________________________________________ ______________________________________________________________________ 5 N ______________________________________________________________________ ______________________________________________________________________ 6 N ______________________________________________________________________ ______________________________________________________________________ Enter Policy Rule Number (1-6) to Configure: Table 107 Menu 25.1 IP Routing Policy Setup...
Page 302: Figure 197 Menu 25.1.1 Ip Routing Policy
P-660R/H-D Series User’s Guide Figure 197 Menu 25.1.1 IP Routing Policy Menu 25.1.1 - IP Routing Policy Policy Set Name= test Active= No Criteria: IP Protocol Type of Service= Don't Care Precedence Source: addr start= 0.0.0.0 port start= N/A Destination: addr start= 0.0.0.0 port start= N/A Action= Matched...
Page 303: Applying An Ip Policy
Table 108 Menu 25.1.1 IP Routing Policy (continued) FIELD Gateway type Gateway addr Gateway node Type of Service Precedence When you have completed this menu, press [ENTER] at the prompt “ or ESC to Cancel: 34.5 Applying an IP Policy This section shows you where to apply the IP policies after you design them.
Page 304: Ip Policy Routing Example
P-660R/H-D Series User’s Guide Figure 198 Menu 3.2 TCP/IP and DHCP Ethernet Setup Menu 3.2 - TCP/IP and DHCP Setup Press ENTER to Confirm or ESC to Cancel: Go to menu 11.3 (shown next) and type the number(s) of the IP Routing Policy set(s) as appropriate.
Page 305: Figure 200 Example Of Ip Policy Routing
Route 1 represents the default IP route and route 2 represents the configured IP route. Figure 200 Example of IP Policy Routing To force packets coming from clients with IP addresses of 192.168.1.33 to 192.168.1.64 to be routed to the Internet via the WAN port of the Prestige, follow the steps as shown next. 1 Create a routing policy set in menu 25.
Page 306: Figure 202 Ip Routing Policy Example
P-660R/H-D Series User’s Guide 1 Check Menu 25.1 — IP Routing Policy Setup to see if the rule is added correctly. 2 Create another policy set in menu 25. 3 Create a rule in menu 25.1 for this set to route packets from any host ( means any host) with protocol TCP and port FTP access through another gateway (192.168.1.100).
Page 307: Figure 203 Applying Ip Policies Example
Figure 203 Applying IP Policies Example Menu 3.2 - TCP/IP and DHCP Ethernet Setup Press ENTER to Confirm or ESC to Cancel: Chapter 34 IP Policy Routing DHCP Setup DHCP= Server Client IP Pool Starting Address= 192.168.1.33 Size of Client IP Pool= 64 Primary DNS Server= 0.0.0.0 Secondary DNS Server= 0.0.0.0 Remote DHCP Server= N/A...
Page 308 P-660R/H-D Series User’s Guide Chapter 34 IP Policy Routing...
Page 309: Chapter 35 Call Scheduling
Call scheduling (applicable for PPPoA or PPPoE encapsulation only) allows you to dictate when a remote node should be called and for how long. 35.1 Introduction The call scheduling feature allows the Prestige to manage a remote node and dictate when a remote node should be called and for how long.
Page 310: Figure 205 Menu 26.1 Schedule Set Setup
P-660R/H-D Series User’s Guide To setup a schedule set, select the schedule set you want to setup from menu 26 (1-12) and press [ENTER] to see Menu 26.1 - Schedule Set Setup as shown next. Figure 205 Menu 26.1 Schedule Set Setup Menu 26.1 Schedule Set Setup Press ENTER to Confirm or ESC to Cancel: If a connection has been already established, your Prestige will not drop it.
Page 311: Figure 206 Applying Schedule Set(S) To A Remote Node (Pppoe)
Table 109 Menu 26.1 Schedule Set Setup (continued) FIELD DESCRIPTION Action Forced On means that the connection is maintained whether or not there is a demand call on the line and will persist for the time period specified in the Duration field. Forced Down means that the connection is blocked whether or not there is a demand call on the line.
Page 312 P-660R/H-D Series User’s Guide Chapter 35 Call Scheduling...
Page 313: Chapter 36 Troubleshooting
This chapter covers potential problems and the corresponding remedies. 36.1 Problems Starting Up the Prestige Table 110 Troubleshooting Starting Up Your Prestige PROBLEM CORRECTIVE ACTION None of the Make sure that the Prestige’s power adaptor is connected to the Prestige and plugged LEDs turn on in to an appropriate power source.
Page 314: Problems With The Wan
P-660R/H-D Series User’s Guide 36.3 Problems with the WAN Table 112 Troubleshooting the WAN PROBLEM CORRECTIVE ACTION The DSL LED is Check the telephone wire and connections between the Prestige DSL port and the off. wall jack. Make sure that the telephone company has checked your phone line and set it up for DSL service.
Page 315: Problems Accessing The Prestige
36.4 Problems Accessing the Prestige Table 113 Troubleshooting Accessing the Prestige PROBLEM CORRECTIVE ACTION I cannot The username is “admin”. The default password is “1234”. The Password and access the Username fields are case-sensitive. Make sure that you enter the correct password Prestige.
Page 316: Figure 207 Pop-Up Blocker
P-660R/H-D Series User’s Guide Figure 207 Pop-up Blocker You can also check if pop-up blocking is disabled in the Pop-up Blocker section in the Privacy tab. 1 In Internet Explorer, select Tools, Internet Options, Privacy. 2 Clear the Block pop-ups check box in the Pop-up Blocker section of the screen. This disables any web pop-up blockers you may have enabled.
Page 317: Figure 209 Internet Options
P-660R/H-D Series User’s Guide Figure 209 Internet Options 3 Type the IP address of your device (the web page that you do not want to have blocked) with the prefix “http://”. For example, http://192.168.1.1. 4 Click Add to move the IP address to the list of Allowed sites. Chapter 36 Troubleshooting...
Page 318: Javascripts
P-660R/H-D Series User’s Guide Figure 210 Pop-up Blocker Settings 5 Click Close to return to the Privacy screen. 6 Click Apply to save this setting. 36.4.1.2 JavaScripts If pages of the web configurator do not display properly in Internet Explorer, check that JavaScripts are allowed.
Page 319: Figure 211 Internet Options
P-660R/H-D Series User’s Guide Figure 211 Internet Options 2 Click the Custom Level... button. 3 Scroll down to Scripting. 4 Under Active scripting make sure that Enable is selected (the default). 5 Under Scripting of Java applets make sure that Enable is selected (the default). 6 Click OK to close the window.
Page 320: Java Permissions
P-660R/H-D Series User’s Guide Figure 212 Security Settings - Java Scripting 36.4.1.3 Java Permissions 1 From Internet Explorer, click Tools, Internet Options and then the Security tab. 2 Click the Custom Level... button. 3 Scroll down to Microsoft VM. 4 Under Java permissions make sure that a safety level is selected. 5 Click OK to close the window.
Page 321: Figure 213 Security Settings - Java
Figure 213 Security Settings - Java 36.4.1.3.1 JAVA (Sun) 1 From Internet Explorer, click Tools, Internet Options and then the Advanced tab. 2 make sure that Use Java 2 for <applet> under Java (Sun) is selected. 3 Click OK to close the window. Chapter 36 Troubleshooting P-660R/H-D Series User’s Guide...
Page 322: Activex Controls In Internet Explorer
P-660R/H-D Series User’s Guide Figure 214 Java (Sun) 36.4.2 ActiveX Controls in Internet Explorer If ActiveX is disabled, you will not be able to download ActiveX controls or to use Trend Micro Security Services. Make sure that ActiveX controls are allowed in Internet Explorer. Screen shots for Internet Explorer 6 are shown.
Page 323: Figure 215 Internet Options Security
P-660R/H-D Series User’s Guide Figure 215 Internet Options Security 3 Scroll down to ActiveX controls and plug-ins. 4 Under Download signed ActiveX controls select the Prompt radio button. 5 Under Run ActiveX controls and plug-ins make sure the Enable radio button is selected.
Page 324: Figure 216 Security Setting Activex Controls
P-660R/H-D Series User’s Guide Figure 216 Security Setting ActiveX Controls Chapter 36 Troubleshooting...
Page 325: Product Specifications
See also the Introduction chapter for a general overview of the key features. Specification Tables Table 114 Device Default IP Address Default Subnet Mask Default Password DHCP Pool Dimensions (W x D x H) Weight Power Specification Built-in Switch (P-660H-D only) Operation Temperature Storage Temperature Operation Humidity...
Page 326: Table 115 Firmware
P-660R/H-D Series User’s Guide Table 115 Firmware ADSL Standards Other Protocol Support PPP (Point-to-Point Protocol) link layer protocol. Management Firewall (P-660H-D only) Multi-Mode standard (ANSI T1.413,Issue 2; G.dmt(G.992.1); G.lite(G992.2)). ADSL2 G.dmt.bis (G.992.3) ADSL2 G.lite.bis (G.992.4) ADSL2+ (G.992.5) Reach-Extended ADSL (RE ADSL) SRA (Seamless Rate Adaptation) Auto-negotiating rate adaptation ADSL physical connection ATM AAL5 (ATM Adaptation Layer type 5)
Page 327 Table 115 Firmware (continued) NAT/SUA Content Filtering (P-660H-D only) Static Routes Other Features Appendix A Product Specifications Port Forwarding 1024 NAT sessions Multimedia application PPTP under NAT/SUA IPSec passthrough SIP ALG passthrough VPN passthrough Web page blocking by URL keyword. 16 IP and 4 Bridge Any IP Zero Configuration (VC auto-hunting)
Page 328 P-660R/H-D Series User’s Guide Appendix A Product Specifications...
Page 329: Appendix B About Adsl
Introduction to DSL DSL (Digital Subscriber Line) technology enhances the data capacity of the existing twisted- pair wire that runs between the local telephone company switching offices and most homes and offices. While the wire itself can handle higher frequencies, the telephone switching equipment is designed to cut off signals above 4,000 Hz to filter noise off the voice line, but now everybody is searching for ways to get more bandwidth to improve access to the Web - hence DSL technologies.
Page 330 P-660R/H-D Series User’s Guide cable modems, transmission speeds drop significantly as more users go on-line because the line is shared. 3 ADSL can be "always on" (connected). This means that there is no time wasted dialing up the service several times a day and waiting to be connected; ADSL is on standby, ready for use whenever you need it.
Page 331: Virtual Circuit Topology
ATM is a connection-oriented technology, meaning that it sets up virtual circuits over which end systems communicate. The terminology for virtual circuits is as follows: • Virtual Channel Logical connections between ATM switches • Virtual Path A bundle of virtual channels •...
Page 332 P-660R/H-D Series User’s Guide Appendix C Virtual Circuit Topology...
Page 333: Wall-Mounting Instructions
Do the following to hang your Prestige on a wall. Note: See the product specifications appendix for the size of screws to use and how far apart to place them. 1 Locate a high position on wall that is free of obstructions. Use a sturdy wall. 2 Drill two holes for the screws.
Page 334 P-660R/H-D Series User’s Guide Appendix D Wall-mounting Instructions...
Page 335: Setting Up Your Computer's Ip Address
Setting up Your Computer’s IP Address All computers must have a 10M or 100M Ethernet adapter card and TCP/IP installed. Windows 95/98/Me/NT/2000/XP, Macintosh OS 7 and later operating systems and all versions of UNIX/LINUX include the software components you need to install and use TCP/ IP on your computer.
Page 336: Figure 219 Windows 95/98/Me: Network: Configuration
P-660R/H-D Series User’s Guide Figure 219 WIndows 95/98/Me: Network: Configuration Installing Components The Network window Configuration tab displays a list of installed components. You need a network adapter, the TCP/IP protocol and Client for Microsoft Networks. If you need the adapter: 1 In the Network window, click Add.
Page 337: Figure 220 Windows 95/98/Me: Tcp/Ip Properties: Ip Address
3 Select Microsoft from the list of manufacturers. 4 Select Client for Microsoft Networks from the list of network clients and then click 5 Restart your computer so the changes you made take effect. Configuring 1 In the Network window Configuration tab, select your network adapter's TCP/IP entry and click Properties 2 Click the IP Address tab.
Page 338: Windows 2000/Nt/Xp
P-660R/H-D Series User’s Guide Figure 221 Windows 95/98/Me: TCP/IP Properties: DNS Configuration 4 Click the Gateway tab. • If you do not know your gateway’s IP address, remove previously installed gateways. • If you have a gateway IP address, type it in the New gateway field and click Add. 5 Click OK to save and close the TCP/IP Properties window.
Page 339: Figure 222 Windows Xp: Start Menu
Figure 222 Windows XP: Start Menu 2 In the Control Panel, double-click Network Connections (Network and Dial-up Connections in Windows 2000/NT). Figure 223 Windows XP: Control Panel 3 Right-click Local Area Connection and then click Properties. Appendix E Setting up Your Computer’s IP Address P-660R/H-D Series User’s Guide...
Page 340: Figure 224 Windows Xp: Control Panel: Network Connections: Properties
P-660R/H-D Series User’s Guide Figure 224 Windows XP: Control Panel: Network Connections: Properties 4 Select Internet Protocol (TCP/IP) (under the General tab in Win XP) and then click Properties. Figure 225 Windows XP: Local Area Connection Properties 5 The Internet Protocol TCP/IP Properties window opens (the General tab in Windows XP).
Page 341: Figure 226 Windows Xp: Internet Protocol (Tcp/Ip) Properties
• Click Advanced. Figure 226 Windows XP: Internet Protocol (TCP/IP) Properties 6 If you do not know your gateway's IP address, remove any previously installed gateways in the IP Settings tab and click OK. Do one or more of the following if you want to configure additional IP addresses: •...
Page 342: Figure 227 Windows Xp: Advanced Tcp/Ip Properties
P-660R/H-D Series User’s Guide Figure 227 Windows XP: Advanced TCP/IP Properties 7 In the Internet Protocol TCP/IP Properties window (the General tab in Windows XP): • Click Obtain DNS server address automatically if you do not know your DNS server IP address(es). •...
Page 343: Macintosh Os 8/9
Figure 228 Windows XP: Internet Protocol (TCP/IP) Properties 8 Click OK to close the Internet Protocol (TCP/IP) Properties window. 9 Click Close (OK in Windows 2000/NT) to close the Local Area Connection Properties window. 10 Close the Network Connections window (Network and Dial-up Connections in Windows 2000/NT).
Page 344: Figure 229 Macintosh Os 8/9: Apple Menu
P-660R/H-D Series User’s Guide Figure 229 Macintosh OS 8/9: Apple Menu 2 Select Ethernet built-in from the Connect via list. Figure 230 Macintosh OS 8/9: TCP/IP 3 For dynamically assigned settings, select Using DHCP Server from the Configure: list. Appendix E Setting up Your Computer’s IP Address...
Page 345: Macintosh Os X
4 For statically assigned settings, do the following: • From the Configure box, select Manually. • Type your IP address in the IP Address box. • Type your subnet mask in the Subnet mask box. • Type the IP address of your Prestige in the Router address box. 5 Close the TCP/IP Control Panel.
Page 346: Linux
P-660R/H-D Series User’s Guide Figure 232 Macintosh OS X: Network 4 For statically assigned settings, do the following: • From the Configure box, select Manually. • Type your IP address in the IP Address box. • Type your subnet mask in the Subnet mask box. •...
Page 347: Figure 233 Red Hat 9.0: Kde: Network Configuration: Devices
Note: Make sure you are logged in as the root administrator. Using the K Desktop Environment (KDE) Follow the steps below to configure your computer IP address using the KDE. 1 Click the Red Hat button (located on the bottom left corner), select System Setting and click Network.
Page 348: Figure 235 Red Hat 9.0: Kde: Network Configuration: Dns
P-660R/H-D Series User’s Guide • If you have a dynamic IP address click Automatically obtain IP address settings with and select dhcp from the drop down list. • If you have a static IP address click Statically set IP Addresses and fill in the Address, Subnet mask, and Default Gateway Address fields.
Page 349: Figure 237 Red Hat 9.0: Dynamic Ip Address Setting In Ifconfig-Eth0
1 Assuming that you have only one network card on the computer, locate the configuration file (where eth0 configuration file with any plain text editor. • If you have a dynamic IP address, enter following figure shows an example. Figure 237 Red Hat 9.0: Dynamic IP Address Setting in ifconfig-eth0 DEVICE=eth0 ONBOOT=yes BOOTPROTO=dhcp...
Page 350: Figure 240 Red Hat 9.0: Restart Ethernet Card
P-660R/H-D Series User’s Guide Figure 240 Red Hat 9.0: Restart Ethernet Card [root@localhost init.d]# network restart Shutting down interface eth0: Shutting down loopback interface: Setting network parameters: Bringing up loopback interface: Bringing up interface eth0: Verifying Settings Enter in a terminal screen to check your TCP/IP properties. ifconfig Figure 241 Red Hat 9.0: Checking TCP/IP Properties [root@localhost]# ifconfig...
Page 351: Ip Subnetting
IP Addressing Routers “route” based on the network number. The router that delivers the data packet to the correct destination host uses the host ID. IP Classes An IP address is made up of four octets (eight bits), written in dotted decimal notation, for example, 192.168.1.1.
Page 352: Subnet Masks
P-660R/H-D Series User’s Guide Since the first octet of a class “A” IP address must contain a “0”, the first octet of a class “A” address can have a value of 0 to 127. Similarly the first octet of a class “B” must begin with “10”, therefore the first octet of a class “B”...
Page 353: Example: Two Subnets
Since the mask is always a continuous number of ones beginning from the left, followed by a continuous number of zeros for the remainder of the 32 bit mask, you can simply specify the number of ones instead of writing the value of each octet. This is usually specified by writing a “/”...
Page 354: Table 121 Subnet 1
P-660R/H-D Series User’s Guide Note: In the following charts, shaded/bolded last octet bit values indicate host ID bits “borrowed” to form network ID bits. The number of “borrowed” host ID bits determines the number of subnets you can have. The remaining number of host ID bits (after “borrowing”) determines the number of hosts you can have on each subnet.
Page 355: Example: Four Subnets
Example: Four Subnets The above example illustrated using a 25-bit subnet mask to divide a class “C” address space into two subnets. Similarly to divide a class “C” address into four subnets, you need to “borrow” two host ID bits to give four possible combinations of 00, 01, 10 and 11. The subnet mask is 26 bits (11111111.11111111.11111111.11000000) or 255.255.255.192.
Page 356: Example Eight Subnets
P-660R/H-D Series User’s Guide Table 126 Subnet 4 IP/SUBNET MASK IP Address IP Address (Binary) Subnet Mask (Binary) Subnet Address: 192.168.1.192 Broadcast Address: 192.168.1.255 Example Eight Subnets Similarly use a 27-bit mask to create 8 subnets (001, 010, 011, 100, 101, 110). The following table shows class C IP address last octet values for each subnet.
Page 357: Subnetting With Class A And Class B Networks
Subnetting With Class A and Class B Networks. For class “A” and class “B” addresses the subnet mask also determines which bits are part of the network number and which are part of the host ID. A class “B” address has two host ID octets available for subnetting and a class “A” address has three host ID octets (see The following table is a summary for class “B”...
Page 358 P-660R/H-D Series User’s Guide Appendix F IP Subnetting...
Page 359: Appendix G Boot Commands
The BootModule AT commands execute from within the router’s bootup software, when debug mode is selected before the main router firmware is started. When you start up your Prestige, you are given a choice to go into debug mode by pressing a key at the prompt shown in the following screen.
Page 360: Figure 243 Boot Module Commands
P-660R/H-D Series User’s Guide Figure 243 Boot Module Commands just answer OK ATHE print help ATBAx change baudrate. 1:38.4k, 2:19.2k, 3:9.6k 4:57.6k 5:115.2k ATENx,(y) set BootExtension Debug Flag (y=password) ATSE show the seed of password generator ATTI(h,m,s) change system time to hour:min:sec or show current time ATDA(y,m,d) change system date to year/month/day or show current date ATDS...
Page 361: Appendix H Command Interpreter
The following describes how to use the command interpreter. Enter 24 in the main menu to bring up the system maintenance menu. Enter 8 to go to Menu 24.8 - Command Interpreter Mode. See the included disk or zyxel.com for more detailed information on these commands. Note: Use of undocumented commands or misconfiguration can damage the unit and possibly render it unusable.
Page 362 P-660R/H-D Series User’s Guide Appendix H Command Interpreter...
Page 363: Appendix I Firewall Commands
The following describes the firewall commands. Table 130 Firewall Commands FUNCTION COMMAND Firewall SetUp config edit firewall active <yes | no> config retrieve firewall config save firewall Display config display firewall config display firewall set <set #> config display firewall set <set #>...
Page 364: Table 130 Firewall Commands
P-660R/H-D Series User’s Guide Table 130 Firewall Commands (continued) FUNCTION COMMAND config edit firewall e-mail return-addr <e-mail address> config edit firewall e-mail email-to <e-mail address> config edit firewall e-mail policy <full | hourly | daily | weekly> config edit firewall e-mail day <sunday | monday | tuesday | wednesday | thursday | friday | saturday>...
Page 365 Table 130 Firewall Commands (continued) FUNCTION COMMAND config edit firewall attack minute-low <0-255> config edit firewall attack max-incomplete-high <0-255> config edit firewall attack max-incomplete-low <0-255> config edit firewall attack tcp-max-incomplete <0-255> Sets config edit firewall set <set #> name <desired name> Config edit firewall set <set #>...
Page 366 P-660R/H-D Series User’s Guide Table 130 Firewall Commands (continued) FUNCTION COMMAND Config edit firewall set <set #> log <yes | no> Rules Config edit firewall set <set #> rule <rule #> permit <forward | block> Config edit firewall set <set #>...
Page 367 Table 130 Firewall Commands (continued) FUNCTION COMMAND config edit firewall set <set #> rule <rule #> destaddr- range <start ip address> <end ip address> config edit firewall set <set #> rule <rule #> TCP destport- single <port #> config edit firewall set <set #>...
Page 368 P-660R/H-D Series User’s Guide Appendix I Firewall Commands...
Page 369: Splitters And Microfilters
This appendix tells you how to install a POTS splitter or a telephone microfilter. Connecting a POTS Splitter When you use the Full Rate (G.dmt) ADSL standard, you can use a POTS (Plain Old Telephone Service) splitter to separate the telephone and ADSL signals. This allows simultaneous Internet access and telephone service on the same line.
Page 370: Prestige With Isdn
P-660R/H-D Series User’s Guide 2 Connect a cable from the double jack end of the Y-Connector to the “wall side” of the microfilter. 3 Connect another cable from the double jack end of the Y-Connector to the Prestige. 4 Connect the “phone side” of the microfilter to your telephone as shown in the following figure.
Page 371: Appendix Kpppoe
PPPoE in Action An ADSL modem bridges a PPP session over Ethernet (PPP over Ethernet, RFC 2516) from your computer to an ATM PVC (Permanent Virtual Circuit) which connects to a DSL Access Concentrator where the PPP session terminates (see support any number of PPP sessions from your LAN.
Page 372: How Pppoe Works
P-660R/H-D Series User’s Guide Figure 247 Single-Computer per Router Hardware Configuration How PPPoE Works The PPPoE driver makes the Ethernet appear as a serial link to the computer and the computer runs PPP over it, while the modem bridges the Ethernet frames to the Access Concentrator (AC).
Page 373: Appendix L Internal Sptgen
Internal SPTGEN Overview Internal SPTGEN (System Parameter Table Generator) is a configuration text file useful for efficient configuration of multiple Prestiges. Internal SPTGEN lets you configure, save and upload multiple menus at the same time using just one configuration text file – eliminating the need to navigate and configure individual SMT menus for each Prestige.
Page 374: Internal Sptgen Ftp Download Example
P-660R/H-D Series User’s Guide Some parameters are dependent on others. For example, if you disable the Configured field in menu 1 (see Figure 249 on page If you enter a parameter that is invalid in the Input column, the Prestige will not save the configuration and the command line will display the Field Identification Number.
Page 375: Internal Sptgen Ftp Upload Example
Figure 252 Internal SPTGEN FTP Download Example c:\ftp 192.168.1.1 220 PPP FTP version 1.0 ready at Sat Jan 1 03:22:12 2000 User (192.168.1.1:(none)): 331 Enter PASS command Password: 230 Logged in ftp>bin 200 Type I OK ftp> get rom-t ftp>bye c:\edit rom-t (edit the rom-t text file by a text editor and save it) Note: You can rename your “...
Page 376: Table 131 Abbreviations Used In The Example Internal Sptgen Screens Table
P-660R/H-D Series User’s Guide This section covers Prestige Internal SPTGEN screens. Table 131 Abbreviations Used in the Example Internal SPTGEN Screens Table ABBREVIATION MEANING Field Identification Number (not seen in SMT screens) Field Name Parameter Values Allowed INPUT An example of what you may enter Applies to the Prestige.
Page 377 Table 133 Menu 3 (SMT Menu 3 (continued)) 30100014 = Output device filters Set 2 30100015 = Output device filters Set 3 30100016 = Output device filters Set 4 / Menu 3.2 TCP/IP and DHCP Ethernet Setup (SMT Menu 3.2) 30200001 = DHCP 30200002 =...
Page 378 P-660R/H-D Series User’s Guide Table 133 Menu 3 (SMT Menu 3 (continued)) 30201006 = IP Alias #1 Incoming protocol filters Set 1 30201007 = IP Alias #1 Incoming protocol filters Set 2 30201008 = IP Alias #1 Incoming protocol filters Set 3 30201009 = IP Alias #1 Incoming protocol filters...
Page 379 Table 134 Menu 4 Internet Access Setup (SMT Menu 4) / Menu 4 Internet Access Setup (SMT Menu 4) 40000000 = Configured 40000001 = 40000002 = Active 40000003 = ISP's Name 40000004 = Encapsulation 40000005 = Multiplexing 40000006 = VPI # 40000007 = VCI # 40000008 =...
Page 380: Table 134 Menu 4 Internet Access Setup (Smt Menu 4)
P-660R/H-D Series User’s Guide Table 134 Menu 4 Internet Access Setup (SMT Menu 4) (continued) 40000027 = ATM QoS Type 40000028 = Peak Cell Rate (PCR) 40000029 = Sustain Cell Rate (SCR) 40000030 = Maximum Burst Size(MBS) 40000031= RIP Direction 40000032= RIP Version 40000033=...
Page 381 Table 135 Menu 12 (SMT Menu 12) (continued) 120103002 = IP Static Route set #3, Active 120103003 = IP Static Route set #3, Destination IP address 120103004 = IP Static Route set #3, Destination IP subnetmask 120103005 = IP Static Route set #3, Gateway 120103006 = IP Static Route set #3, Metric 120103007 =...
Page 382 P-660R/H-D Series User’s Guide Table 135 Menu 12 (SMT Menu 12) (continued) 120107001 = IP Static Route set #7, Name 120107002 = IP Static Route set #7, Active 120107003 = IP Static Route set #7, Destination IP address 120107004 = IP Static Route set #7, Destination IP subnetmask 120107005 =...
Page 383 Table 135 Menu 12 (SMT Menu 12) (continued) 120110007 = IP Static Route set #10, Private */ Menu 12.1.11 IP Static Route Setup (SMT Menu 12.1.11) 120111001 = IP Static Route set #11, Name 120111002 = IP Static Route set #11, Active 120111003 = IP Static Route set #11, Destination IP address...
Page 384 P-660R/H-D Series User’s Guide Table 135 Menu 12 (SMT Menu 12) (continued) 120114005 = IP Static Route set #14, Gateway 120114006 = IP Static Route set #14, Metric 120114007 = IP Static Route set #14, Private */ Menu 12.1.15 IP Static Route Setup (SMT Menu 12.1. 15) 120115001 = IP Static Route set #15, Name 120115002 =...
Page 385: Table 136 Menu 15 Sua Server Setup (Smt Menu 15)
Table 136 Menu 15 SUA Server Setup (SMT Menu 15) (continued) 150000008 = SUA Server #3 Protocol 150000009 = SUA Server #3 Port Start 150000010 = SUA Server #3 Port End 150000011 = SUA Server #3 Local IP address 150000012 = SUA Server #4 Active 150000013 = SUA Server #4 Protocol...
Page 386: Table 137 Menu 21.1 Filter Set #1 (Smt Menu 21.1)
P-660R/H-D Series User’s Guide Table 136 Menu 15 SUA Server Setup (SMT Menu 15) (continued) 150000042 = SUA Server #10 Active 150000043 = SUA Server #10 Protocol 150000044 = SUA Server #10 Port Start 150000045 = SUA Server #10 Port End 150000046 = SUA Server #10 Local IP address 150000047 =...
Page 387 Table 137 Menu 21.1 Filter Set #1 (SMT Menu 21.1) (continued) 210101011 = IP Filter Set 1,Rule 1 Src Port Comp 210101013 = IP Filter Set 1,Rule 1 Act Match 210101014 = IP Filter Set 1,Rule 1 Act Not Match / Menu 21.1.1.2 set #1, rule #2 (SMT Menu 21.1.1.2) 210102001 = IP Filter Set 1,Rule 2 Type...
Page 388 P-660R/H-D Series User’s Guide Table 137 Menu 21.1 Filter Set #1 (SMT Menu 21.1) (continued) 210103007 = IP Filter Set 1,Rule 3 Dest Port Comp 210103008 = IP Filter Set 1,Rule 3 Src IP address 210103009 = IP Filter Set 1,Rule 3 Src Subnet Mask 210103010 = IP Filter Set 1,Rule 3 Src Port 210103011 =...
Page 389 Table 137 Menu 21.1 Filter Set #1 (SMT Menu 21.1) (continued) 210105002 = IP Filter Set 1,Rule 5 Active 210105003 = IP Filter Set 1,Rule 5 Protocol 210105004 = IP Filter Set 1,Rule 5 Dest IP address 210105005 = IP Filter Set 1,Rule 5 Dest Subnet Mask 210105006 = IP Filter Set 1,Rule 5 Dest Port 210105007 =...
Page 390: Table 138 Menu 21.1 Filer Set #2, (Smt Menu 21.1)
P-660R/H-D Series User’s Guide Table 137 Menu 21.1 Filter Set #1 (SMT Menu 21.1) (continued) 210106013 = IP Filter Set 1,Rule 6 Act Match 210106014 = IP Filter Set 1,Rule 6 Act Not Match Table 138 Menu 21.1 Filer Set #2, (SMT Menu 21.1) / Menu 21.1 filter set #2, 210200001 = Filter Set 2, Nam...
Page 391 Table 138 Menu 21.1 Filer Set #2, (SMT Menu 21.1) (continued) 210202001 = IP Filter Set 2, Rule 2 Type 210202002 = IP Filter Set 2, Rule 2 Active 210202003 = IP Filter Set 2, Rule 2 Protocol 210202004 = IP Filter Set 2, Rule 2 Dest IP address 210202005 =...
Page 392 P-660R/H-D Series User’s Guide Table 138 Menu 21.1 Filer Set #2, (SMT Menu 21.1) (continued) 210203011 = IP Filter Set 2, Rule 3 Src Port Comp 210203013 = IP Filter Set 2, Rule 3 Act Match 210203014 = IP Filter Set 2,Rule 3 Act Not Match / Menu 21.1.2.4 Filter set #2, rule #4 (SMT Menu 21.1.2.4) 210204001 =...
Page 393 Table 138 Menu 21.1 Filer Set #2, (SMT Menu 21.1) (continued) 210205004 = IP Filter Set 2, Rule 5 Dest IP address 210205005 = IP Filter Set 2, Rule 5 Dest Subnet Mask 210205006 = IP Filter Set 2, Rule 5 Dest Port 210205007 = IP Filter Set 2, Rule 5 Dest Port Comp...
Page 394: Table 139 Menu 23 System Menus (Smt Menu 23)
P-660R/H-D Series User’s Guide Table 138 Menu 21.1 Filer Set #2, (SMT Menu 21.1) (continued) 210206013 = IP Filter Set 2,Rule 6 Act Match 210206014 = IP Filter Set 2,Rule 6 Act Not Match 241100005 = FTP Server Access 241100006 = FTP Server Secured IP address 241100007 = WEB Server Port...
Page 395: Table 140 Menu 24.11 Remote Management Control (Smt Menu 24.11)
Table 139 Menu 23 System Menus (SMT Menu 23) (continued) 230400001 = Wireless Port Control 230400002 = ReAuthentication Timer (in second) 230400003 = Idle Timeout (in second) 230400004 = Authentication Databases 230400005 = Key Management Protocol 230400006 = Dynamic WEP Key Exchange 230400007 = 230400008 = WPA Mixed Mode...
Page 396: Command Examples
P-660R/H-D Series User’s Guide Command Examples The following are example Internal SPTGEN screens associated with the Prestige’s command interpreter commands. Table 141 Command Examples /ci command (for annex A): wan adsl opencmd 990000001 = ADSL OPMD /ci command (for annex B): wan adsl opencmd 990000001 = ADSL OPMD INPUT...
Page 397: Appendix M Log Descriptions
This appendix provides descriptions of example log messages. Table 142 System Maintenance Logs LOG MESSAGE Time calibration is successful Time calibration failed WAN interface gets IP:%s DHCP client IP expired DHCP server assigns%s Successful SMT login SMT login failed Successful WEB login WEB login failed Successful TELNET login TELNET login failed...
Page 398: Table 143 System Error Logs
P-660R/H-D Series User’s Guide Table 142 System Maintenance Logs (continued) LOG MESSAGE Configuration Change: PC = 0x%x, Task ID = 0x%x Successful SSH login SSH login failed Successful HTTPS login HTTPS login failed Table 143 System Error Logs LOG MESSAGE %s exceeds the max.
Page 399: Table 145 Tcp Reset Logs
Table 145 TCP Reset Logs LOG MESSAGE Under SYN flood attack, sent TCP RST Exceed TCP MAX incomplete, sent TCP RST Peer TCP state out of order, sent TCP RST Firewall session time out, sent TCP RST Exceed MAX incomplete, sent TCP RST Access block, sent TCP Table 146 Packet Filter Logs...
Page 400: Table 147 Icmp Logs
P-660R/H-D Series User’s Guide Table 147 ICMP Logs LOG MESSAGE Firewall default policy: ICMP <Packet Direction>, <type:%d>, <code:%d> Firewall rule [NOT] match: ICMP <Packet Direction>, <rule:%d>, <type:%d>, <code:%d> Triangle route packet forwarded: ICMP Packet without a NAT table entry blocked: ICMP Unsupported/out-of-order ICMP: ICMP Router reply ICMP packet: ICMP...
Page 401: Table 150 Upnp Logs
Table 149 PPP Logs (continued) LOG MESSAGE ppp:LCP Closing ppp:IPCP Closing Table 150 UPnP Logs LOG MESSAGE UPnP pass through Firewall Table 151 Content Filtering Logs LOG MESSAGE %s: Keyword blocking %s: Not in trusted web list %s: Forbidden Web site The web site is in the forbidden web site list. %s: Contains ActiveX %s: Contains Java applet...
Page 402: Table 152 Attack Logs
P-660R/H-D Series User’s Guide Table 151 Content Filtering Logs (continued) LOG MESSAGE Connecting to content filter server fail License key is invalid The external content filtering license key is invalid. Table 152 Attack Logs LOG MESSAGE attack [TCP | UDP | IGMP | ESP | GRE | OSPF] attack ICMP (type:%d, code:%d)
Page 403: Table 153 Ipsec Logs
Table 153 IPSec Logs LOG MESSAGE Discard REPLAY packet Inbound packet authentication failed Receive IPSec packet, but no corresponding tunnel exists Rule <%d> idle time out, disconnect WAN IP changed to <IP> Table 154 IKE Logs LOG MESSAGE Active connection allowed exceeded Start Phase 2: Quick Mode Verifying Remote ID failed:...
Page 404 P-660R/H-D Series User’s Guide Table 154 IKE Logs (continued) LOG MESSAGE Cannot resolve Secure Gateway Addr for rule <%d> Peer ID: <peer id> <My remote type> -<My local type> vs. My Remote <My remote> - <My remote> vs. My Local <My local>-<My local>...
Page 405 Table 154 IKE Logs (continued) LOG MESSAGE XAUTH fail! Username: <Username> Rule[%d] Phase 1 negotiation mode mismatch Rule [%d] Phase 1 encryption algorithm mismatch Rule [%d] Phase 1 authentication algorithm mismatch Rule [%d] Phase 1 authentication method mismatch Rule [%d] Phase 1 key group mismatch Rule [%d] Phase 2 protocol mismatch...
Page 406: Table 155 Pki Logs
P-660R/H-D Series User’s Guide Table 154 IKE Logs (continued) LOG MESSAGE Rule [%d] phase 2 mismatch Rule [%d] Phase 2 key length mismatch Table 155 PKI Logs LOG MESSAGE Enrollment successful Enrollment failed Failed to resolve <SCEP CA server url> Enrollment successful Enrollment failed Failed to resolve <CMP...
Page 407: Table 156 Certificate Path Verification Failure Reason Codes
Table 155 PKI Logs (continued) LOG MESSAGE Rcvd data <size> too large! Max size allowed: <max size> Cert trusted: <subject name> Due to <reason codes>, cert not trusted: <subject name> Table 156 Certificate Path Verification Failure Reason Codes CODE DESCRIPTION Algorithm mismatch between the certificate and the search constraints.
Page 408: Table 157 802.1X Logs
P-660R/H-D Series User’s Guide Table 156 Certificate Path Verification Failure Reason Codes (continued) CODE DESCRIPTION Database method failed. Path was not verified. Maximum path length reached. Table 157 802.1X Logs LOG MESSAGE Local User Database accepts user. Local User Database reports user credential error.
Page 409: Table 158 Acl Setting Notes
Table 158 ACL Setting Notes PACKET DIRECTION (L to W) (W to L) (D to L) (D to W) (W to D) (L to D) (L to L/ZW) (W to W/ZW) (D to D/ZW) Table 159 ICMP Notes TYPE CODE Appendix M Log Descriptions DIRECTION DESCRIPTION...
Page 410: Table 160 Syslog Logs
P-660R/H-D Series User’s Guide Table 159 ICMP Notes (continued) TYPE CODE Table 160 Syslog Logs LOG MESSAGE <Facility*8 + Severity>Mon dd hr:mm:ss hostname src="<srcIP:srcPort>" dst="<dstIP:dstPort>" msg="<msg>" note="<note>" devID="<mac address last three numbers>" cat="<category> The following table shows RFC-2408 ISAKMP payload types that the log displays. Please refer to the RFC for detailed information on each type.
Page 411: Log Commands
1 Use the sys logs load command to load the log setting buffer that allows you to configure which logs the Prestige is to record. 2 Use sys logs category to view a list of the log categories. Figure 254 Displaying Log Categories Example Copyright (c) 1994 - 2004 ZyXEL Communications Corp. ras>? Valid commands are: certificates ras>...
Page 412: Log Command Example
P-660R/H-D Series User’s Guide Use 0 to not record logs for that category, 1 to record only logs for that category, 2 to record only alerts for that category, and 3 to record both logs and alerts for that category. Not every parameter is available with every category.
Page 413: Index
Numerics 110V AC 230V AC Abnormal Working Conditions Access methods Accessories Acts of God Address Assignment Address mapping Address Resolution Protocol (ARP) ADSLstandards Airflow Alternative Subnet Mask Notation American Wire Gauge Any IP 39, 66 How it works note Any IP Setup Any IP table applicaions Internet access...
Page 414 P-660R/H-D Series User’s Guide Charge Circuit Class B Class Name Class of Service Class of Service (CoS) Collision Command Interpreter Mode Communications Community compact compact guide Compliance, FCC Components Computer Name Condition Conditions that prevent TFTP and FTP from working over WAN Configuration 63, 179...
Page 415 Electric Shock Electrical Pipes Electrocution E-mail Log Example embedded help Encapsulated Routing Link Protocol (ENET ENCAP) Encapsulation 70, 208, 211 ENET ENCAP PPP over Ethernet PPPoA RFC 1483 Equal Value Error Log Ethernet Europe Exposure Failure Fairness-based Scheduler Rules, Part 15 FCC Rules Federal Communications Commission Filename Conventions...
Page 416 P-660R/H-D Series User’s Guide High Voltage Points Hop Count 215, 224 Host Host IDs HTTP 86, 99, 100, 101 HTTP (Hypertext Transfer Protocol) IANA IANA (Internet Assigned Number Authority) ICMP echo Idle timeout IGMP IGMP support Indirect Damages Install UPnP Windows Me Windows XP Insurance...
Page 417 Login Logs MAC (Media Access Control) MAC address Main Menu maintenance management idle timeout period Management Information Base (MIB) Materials Maximize Bandwidth Usage Maximum Burst Size (MBS) 74, 77 Max-incomplete High Max-incomplete Low MBSSee Maximum Burst Size Media Access Control Media Bandwidth Management Merchantability Message Logging...
Page 418 P-660R/H-D Series User’s Guide Point-to-Point Point-to-Point Tunneling Protocol policy-based routing Pool POP3 86, 100, 101 Port Numbers Postage Prepaid. Power Adaptor Power Cord Power Outlet Power Supply Power Supply, repair PPP Encapsulation PPP Log PPP session over Ethernet (PPP over Ethernet, RFC 2516) PPPoA PPPoE...
Page 419 Rights Rights, Legal 202, 215 RIPSee Routing Information Protocol Risk Risks romfile Root Class Routing Routing Information Protocol Direction Version Routing Policy Rule Summary Rules Checklist Key Fields LAN to WAN Logic Predefined Services Summary Safety Warnings Sample IP Addresses Saving the State Schedule Sets Duration...
Page 420 P-660R/H-D Series User’s Guide System Management Terminal System Parameter Table Generator System Status System Timeout 139, 296 Tampering TCP Maximum Incomplete 130, 131 TCP Security TCP/IP 100, 101, 139, 257, 274 Teardrop Telecommunication Line Cord. Telephone Television Interference Television Reception Telnet 139, 186 Telnet Configuration...
Page 421 Written Permission XMODEM protocol Zero Configuration Internet Access Zero configuration Internet access ZyNOS 2, 277 ZyNOS (ZyXEL Network Operating System) ZyNOS F/W Version ZyXEL Communications Corporation ZyXEL Home Page ZyXEL Limited Warranty Note ZyXEL Network Operating System ZyXEL_s Firewall Introduction Index...

This manual is also suitable for:

P-660d - v3.40 P-660h - v3.40 P-660r - v3.40 P-660r-d series

ZyXEL Communications P-660H-D Series User Manual

Table of Contents

List of Tables

Chapter 1 Getting to Know Your Prestige

Chapter 2 Introducing the Web Configurator

Chapter 3 Wizard Setup for Internet Access

Chapter 4 Wizard Setup for Media Bandwidth Management

Chapter 5 LAN Setup

Chapter 6 WAN Setup

Chapter 7 Network Address Translation (NAT) Screens

Chapter 8 Dynamic DNS Setup

Chapter 9 Time and Date

Chapter 10 Firewalls

Chapter 11 Firewall Configuration

Chapter 12 Content Filtering

Chapter 13 Remote Management Configuration

Chapter 14 Universal Plug-And-Play (Upnp)

Chapter 15 Logs Screens

Chapter 16 Media Bandwidth Management Advanced Setup

Chapter 17 Maintenance

Chapter 18 Introducing the SMT

Chapter 19 Menu 1 General Setup

Chapter 20 Menu 2 WAN Backup Setup

Chapter 21 Menu 3 LAN Setup

Chapter 22 Internet Access

Chapter 23 Remote Node Configuration

Chapter 24 Static Route Setup

Chapter 25 Bridging Setup

Chapter 26 Network Address Translation (NAT)

Chapter 27 Enabling the Firewall

Chapter 28 Filter Configuration

Chapter 29 SNMP Configuration

Chapter 30 System Information and Diagnosis

Chapter 31 Firmware and Configuration File Maintenance

Chapter 32 System Maintenance

Chapter 33 Remote Management

Chapter 34 IP Policy Routing

Chapter 35 Call Scheduling

Chapter 36 Troubleshooting

Appendix A Product Specifications

Appendix B about ADSL

Appendix C

Appendix D

Appendix E Setting up Your Computer's IP Address

Appendix F IP Subnetting

Appendix G Boot Commands

Appendix H Command Interpreter

Appendix I Firewall Commands

Appendix J Splitters and Microfilters

Appendix Kpppoe

Appendix L Internal SPTGEN

Appendix M Log Descriptions

Quick Links

Chapters

Troubleshooting

Related Manuals for ZyXEL Communications P-660H-D Series

Summary of Contents for ZyXEL Communications P-660H-D Series