Page 1 P-335 Firewall Router with Print Server P-335WT 802.11g Wireless Firewall Router with Print Server User’s Guide Version 3.60 4/2005...
Page 3: Copyright
Published by ZyXEL Communications Corporation. All rights reserved. Disclaimer ZyXEL does not assume any liability arising out of the application or use of any products, or software described herein. Neither does it convey any license under its patent rights nor the patent rights of others.
Page 4: Federal Communications Commission (Fcc) Interference Statement
Certifications Go to www.zyxel.com 1 Select your product from the drop-down list box on the ZyXEL home page to go to that product's page. 2 Select the certification you wish to view from this page Federal Communications Commission (FCC) Interference Statement...
Page 5 P-335 Series User’s Guide Federal Communications Commission (FCC) Interference Statement...
Page 6: Zyxel Limited Warranty
Any replacement will consist of a new or re-manufactured functionally equivalent product of equal value, and will be solely at the discretion of ZyXEL. This warranty shall not apply if the product is modified, misused, tampered with, damaged by an act of God, or subjected to abnormal working conditions.
Page 7: Customer Support
• Brief description of the problem and the steps you took to solve it. METHOD SUPPORT E-MAIL TELEPHONE WEB SITE REGULAR MAIL SALES E-MAIL FTP SITE LOCATION support@zyxel.com.tw +886-3-578-3942 www.zyxel.com ZyXEL Communications Corp. CORPORATE www.europe.zyxel.com 6 Innovation Road II HEADQUARTERS Science Park sales@zyxel.com.tw +886-3-578-2439 ftp.zyxel.com Hsinchu 300 (WORLDWIDE) Taiwan ftp.europe.zyxel.com...
Page 8 TELEPHONE WEB SITE REGULAR MAIL SALES E-MAIL FTP SITE LOCATION technical@zyxel.co.uk +44 (0) 8702 909090 www.zyxel.co.uk ZyXEL Communications UK Ltd.,11, The Courtyard, sales@zyxel.co.uk +44 (0) 8702 909091 ftp.zyxel.co.uk UNITED KINGDOM Eastern Road, Bracknell, Berkshire, RG12 2XB, United Kingdom (UK) a. “+” is the (prefix) number you enter to make an international telephone call.
Page 9: Table Of Contents
1.2.2.4 Trend Micro Security Services ............44 1.2.2.5 IPSec VPN Capability ..............45 1.2.2.6 Firewall ....................45 1.2.2.7 IEEE 802.1x Network Security (P-335WT only) ......45 1.2.2.8 Content Filtering ................45 1.2.2.9 Brute-Force Password Guessing Protection ........45 1.2.2.10 802.11b Wireless LAN Standard (P-335WT only) ......45 1.2.2.11 802.11g Wireless LAN Standard (P-335WT only) ......46...
Page 10 3.3.1 Wizard Setup : Wireless LAN : Basic Security ..........61 3.3.2 Wizard Setup : Wireless LAN : Extended Security ........63 3.4 Wizard Setup : Wireless LAN : OTIST (P-335WT only) ........63 3.5 Wizard Setup : Internet Access ................65 Table of Contents...
Page 11 P-335 Series User’s Guide 3.5.1 Ethernet ....................65 3.5.2 PPPoE Encapsulation ................66 3.5.3 PPTP Encapsulation .................67 3.6 Wizard Setup : WAN ..................69 3.6.1 WAN IP Address Assignment ..............69 3.6.2 IP Address and Subnet Mask ..............69 3.6.3 DNS Server Address Assignment .............70 3.6.4 WAN MAC Address ..................70 3.7 Wizard Setup : Complete ...................73 Chapter 4...
Page 12 P-335 Series User’s Guide 6.7 Configuring IP Alias ....................94 Chapter 7 Wireless LAN (P-335WT)..................97 7.1 Introduction ......................97 7.2 Wireless Security Overview ................97 7.2.1 Encryption ....................97 7.2.2 Authentication ...................97 7.2.3 Restricted Access ..................98 7.2.4 Hide Prestige Identity ................98 7.2.5 G-plus .......................98 7.2.6 Using OTIST .....................98...
Page 13 11.1.1 How Do I Know If I'm Using UPnP? ............161 11.1.2 NAT Traversal ..................161 11.1.3 Cautions with UPnP ................161 11.2 UPnP and ZyXEL ...................162 11.3 Configuring UPnP ...................162 11.4 Installing UPnP in Windows Example .............163 11.4.1 Installing UPnP in Windows Me ............164 11.4.2 Installing UPnP in Windows XP ............165...
Page 14 P-335 Series User’s Guide 11.5 Using UPnP in Windows XP Example ............166 11.5.1 Auto-discover Your UPnP-enabled Network Device ......167 11.5.2 Web Configurator Easy Access ............168 11.5.3 Web Configurator Easy Access ............169 Chapter 12 Trend Micro Security Services................171 12.1 Trend Micro Security Services Overview ............171 12.1.1 TMSS Web Page ..................171 12.2 Configuring TMSS on the Prestige ..............174 12.2.1 TMSS Service Settings .................175...
Page 15 P-335 Series User’s Guide 15.1.2 Remote Management and NAT ............198 15.1.3 System Timeout ...................198 15.2 Configuring WWW ..................198 15.3 Configuring Telnet ..................199 15.4 Configuring TELNET ..................200 15.5 Configuring FTP .....................201 15.6 SNMP ......................202 15.6.1 Supported MIBs ..................203 15.6.2 SNMP Traps ..................203 15.6.3 Configuring SNMP ................203 15.7 Configuring DNS ....................205 15.8 Configuring Security ..................206...
Page 16 P-335 Series User’s Guide 17.7 NAT Traversal ....................219 17.7.1 NAT Traversal Configuration ..............219 17.7.2 Remote DNS Server ................220 17.8 ID Type and Content ..................221 17.8.1 ID Type and Content Examples ............222 17.9 Pre-Shared Key ....................222 17.10 Editing VPN Rules ..................223 17.11 IKE Phases ....................226 17.11.1 Negotiation Mode ................227 17.11.2 Diffie-Hellman (DH) Key Groups ............228...
Page 17 P-335 Series User’s Guide 20.1.6.1 Xbox Live ..................255 20.1.6.2 VoIP (SIP) ..................256 20.1.6.3 FTP .....................256 20.1.6.4 E-Mail ..................256 20.1.6.5 eMule/eDonkey ................256 20.1.6.6 WWW ..................256 20.1.7 Services ....................257 20.2 Media Bandwidth Management Configuration Screen ........258 20.3 Editing Bandwidth Management Rules ............260 20.3.1 Bandwidth Borrowing ................260 20.4 Configuring Bandwidth Management Rules and Services ......261 20.5 Monitor Screen ....................262...
Page 18 25.2 Protocol Dependent Ethernet Setup ..............292 25.3 TCP/IP Ethernet Setup and DHCP ..............292 25.3.1 IP Alias Setup ..................294 25.4 Wireless LAN Setup (P-335WT only) .............295 25.4.1 Configuring MAC Address Filter ............297 25.4.2 Configuring Roaming on the Prestige ...........299 Chapter 26 Internet Access ....................
Page 19 P-335 Series User’s Guide Chapter 29 Network Address Translation (NAT) ..............317 29.1 Using NAT ......................317 29.1.1 SUA (Single User Account) Versus NAT ..........317 29.2 Applying NAT ....................317 29.3 NAT Setup ......................319 29.3.1 Address Mapping Sets ................320 29.3.1.1 User-Defined Address Mapping Sets ..........321 29.3.1.2 Ordering Your Rules ..............322 29.4 Configuring a Server behind NAT ..............324 29.5 General NAT Examples ..................325...
Page 20 P-335 Series User’s Guide 32.4 SNMP Traps ....................351 Chapter 33 System Security ....................353 33.1 System Security .....................353 33.1.1 System Password .................353 33.1.2 Configuring External RADIUS Server ...........353 33.1.3 802.1x ....................355 Chapter 34 System Information and Diagnosis ..............359 34.1 System Status ....................359 34.2 System Information ..................361 34.2.1 System Information ................361 34.2.2 Console Port Speed ................362...
Page 21 P-335 Series User’s Guide 35.4.2 Configuration File Upload ..............379 35.4.3 FTP File Upload Command from the DOS Prompt Example ....379 35.4.4 FTP Session Example of Firmware File Upload ........380 35.4.5 TFTP File Upload ..................380 35.4.6 TFTP Upload Command Example ............381 Chapter 36 System Maintenance....................
Page 22 P-335 Series User’s Guide 41.2 Problems with the LAN ...................413 41.3 Problems with the WAN .................414 41.4 Problems Accessing the Prestige ..............415 41.5 Problems with Restricted Web Pages and Keyword Blocking .......415 41.5.1 Pop-up Windows, JavaScripts and Java Permissions ......416 41.5.1.1 Internet Explorer Pop-up Blockers ..........417 41.5.1.2 JavaScripts ..................420 41.5.1.3 Java Permissions ................422...
Page 23 P-335 Series User’s Guide Table of Contents...
Page 24 P-335 Series User’s Guide Table of Contents...
Page 25 P-335 Series User’s Guide List of Figures Figure 1 Prestige Print Server Application ................49 Figure 2 Secure Internet Access via Cable, DSL or Wireless Modem ........ 50 Figure 3 VPN Application ....................50 Figure 4 Internet Access Application Example ..............51 Figure 5 Change Password Screen ..................
Page 26 P-335 Series User’s Guide Figure 37 WPA with RADIUS Application Example ............109 Figure 38 Wireless: WPA ....................110 Figure 39 Wireless: 802.1x and Dynamic WEP ..............113 Figure 40 Wireless: 802.1x and Static WEP ............... 116 Figure 41 Wireless: 802.1x ....................119 Figure 42 MAC Address Filter .....................
Page 27 P-335 Series User’s Guide Figure 80 Parental Controls ....................179 Figure 81 Parental Controls Statistics ................. 181 Figure 82 Firewall: Settings ....................185 Figure 83 Firewall Rule Directions ..................186 Figure 84 Firewall: Service ....................188 Figure 85 Content Filter ...................... 192 Figure 86 Remote Management: WWW ................
Page 28 P-335 Series User’s Guide Figure 123 Maintenance DHCP Table ................. 268 Figure 124 Maintenance Any IP ..................269 Figure 125 Maintenance Association List ................270 Figure 126 Maintenance Firmware Upload ................. 271 Figure 127 Upload Warning ....................272 Figure 128 Network Temporarily Disconnected ..............272 Figure 129 Upload Error Message ..................
Page 29 P-335 Series User’s Guide Figure 166 Menu 11.3 Applying NAT to the Remote Node ..........319 Figure 167 Menu 15 NAT Setup ..................320 Figure 168 Menu 15.1 Address Mapping Sets ..............320 Figure 169 Menu 15.1.255 SUA Address Mapping Rules ..........320 Figure 170 Menu 15.1.1 First Set ..................
Page 30 P-335 Series User’s Guide Figure 209 Menu 24.1 System Maintenance : Status ............360 Figure 210 Menu 24.2 System Information and Console Port Speed ....... 361 Figure 211 Menu 24.2.1 System Maintenance : Information ..........361 Figure 212 Menu 24.2.2 System Maintenance : Change Console Port Speed ....362 Figure 213 Menu 24.3.2 System Maintenance : Syslog Logging ........
Page 31 P-335 Series User’s Guide Figure 252 Security Setting ActiveX Controls ..............426 Figure 253 Single-Computer per Router Hardware Configuration ........430 Figure 254 Prestige as a PPPoE Client ................430 Figure 255 Transport PPP frames over Ethernet ............... 431 Figure 256 PPTP Protocol Overview .................. 432 Figure 257 Example Message Exchange between Computer and an ANT ......
Page 32 P-335 Series User’s Guide Figure 295 Windows 95/98/Me: TCP/IP Properties: IP Address ......... 467 Figure 296 Windows 95/98/Me: TCP/IP Properties: DNS Configuration ......468 Figure 297 Windows XP: Start Menu .................. 469 Figure 298 Windows XP: Control Panel ................469 Figure 299 Windows XP: Control Panel: Network Connections: Properties .......
Page 33 P-335 Series User’s Guide List of Tables Table 1 IEEE 802.11b ......................45 Table 2 IEEE 802.11g ......................46 Table 3 Screens Summary ....................56 Table 4 Wizard Setup : Wireless LAN ................60 Table 5 Wizard Setup : Wireless LAN Setup : Basic Security ..........62 Table 6 Wizard Setup : Wireless LAN : Extended Security ..........
Page 34 P-335 Series User’s Guide Table 37 WAN: Route ......................128 Table 38 Ethernet Encapsulation ..................129 Table 39 PPPoE Encapsulation ..................131 Table 40 PPTP Encapsulation .................... 133 Table 41 WAN: IP ....................... 135 Table 42 Traffic Redirect ....................140 Table 43 NAT Definitions ....................
Page 35 P-335 Series User’s Guide Table 80 Log Settings ......................247 Table 81 Configuring Print Server ..................250 Table 82 Application and Subnet-based Bandwidth Management Example ...... 253 Table 83 Media Mandwidth Management Priorities ............255 Table 84 Commonly Used Services ................... 257 Table 85 Bandwidth Management Configuration ...............
Page 36 P-335 Series User’s Guide Table 123 Menu 22 SNMP Configuration ................351 Table 124 SNMP Traps ...................... 351 Table 125 Ports and Permanent Virtual Circuits ..............352 Table 126 Menu 23.2 System Security : RADIUS Server ..........354 Table 127 Menu 23.4 System Security : IEEE802.1x ............356 Table 128 System Maintenance: Status Menu Fields ............
Page 37 P-335 Series User’s Guide Table 166 Brute-Force Password Guessing Protection Commands ........493 Table 167 myZyXEL.com Numbers ..................499 List of Tables...
Page 38 P-335 Series User’s Guide List of Tables...
Page 39: Preface
Preface Congratulations on your purchase of the P-335, Firewall Router with Print Server or the P-335WT, 802.11g Wireless Firewall Router with Print Server. This manual is designed to guide you through the configuration of your Prestige for its various applications.
Page 40: User Guide Feedback
P-335 Series User’s Guide Please refer to www.zyxel.com for an online glossary of networking terms and additional support documentation. User Guide Feedback Help us help you! E-mail all User Guide-related comments, questions or suggestions for improvement to techwriters@zyxel.com.tw or send regular mail to The Technical Writing Team, ZyXEL Communications Corp., 6 Innovation Road II, Science-Based Industrial Park,...
Page 41 P-335 Series User’s Guide Graphics Icons Key Prestige Computer Notebook computer Server DSLAM Firewall Modem Switch Router Wireless Signal Printer Preface...
Page 42 P-335 Series User’s Guide Preface...
Page 43: Getting To Know Your Prestige
The Prestige is the ideal secure gateway for all data passing between the Internet and LAN’s. By integrating NAT, firewall, media bandwidth management and VPN capability, ZyXEL’s Prestige is a complete security solution that protects your Intranet and efficiently manages data traffic on your network.
Page 44: Auto-Crossover 10/100 Mbps Ethernet Interface(S)
Prestige’s OTIST feature supports static WEP or WPA-PSK encryption security settings. 1.2.2.3 Media Bandwidth Management ZyXEL’s Media Bandwidth Management allows you to specify bandwidth classes based on an application and/or subnet. You can allocate specific amounts of bandwidth capacity (bandwidth budgets) to different bandwidth classes.
Page 45: Ipsec Vpn Capability
LAN. The Prestige firewall supports TCP/UDP inspection, DoS detection and prevention, real time alerts, reports and logs. 1.2.2.7 IEEE 802.1x Network Security (P-335WT only) The Prestige supports the IEEE 802.1x standard to enhance user authentication. Use the built- in user profile database to authenticate up to 32 users using MD5 encryption.
Page 46: Wireless Lan Standard (P-335Wt Only)
Bluetooth enabled devices, and other wireless LANs 1.2.2.11 802.11g Wireless LAN Standard (P-335WT only) The Prestige, complies with the 802.11g wireless standard and is also fully compatible with the 802.11b standard. This means an 802.11b radio card can interface directly with an 802.11g device (and vice versa) at 11 Mbps or lower depending on range.
Page 47: Dynamic Dns Support
P-335 Series User’s Guide 1.2.2.17 Dynamic DNS Support With Dynamic DNS (Domain Name System) support, you can have a static hostname alias for a dynamic IP address, allowing the host to be more easily accessible from various locations on the Internet. You must register for this service with a Dynamic DNS service provider. 1.2.2.18 IP Multicast Deliver IP packets to a specific group of hosts using IP multicast.
Page 48: Dhcp (Dynamic Host Configuration Protocol)
The Prestige’s embedded FTP and TFTP Servers enable fast firmware upgrades as well as configuration file backups and restoration. 1.2.2.31 Wireless Association List (P-335WT only) With the Wireless Association List, you can see the list of the wireless stations that are currently using the Prestige to access your wired network.
Page 49: Wireless Lan Channel Usage (P-335Wt Only)
P-335 Series User’s Guide 1.2.2.32 Wireless LAN Channel Usage (P-335WT only) The Wireless Channel Usage displays whether the radio channels are used by other wireless devices within the transmission range of the Prestige. This allows you to select the channel with minimum interference for your Prestige.
Page 50: Vpn Application
Internet without the need (and expense) for leased lines between sites. Figure 3 VPN Application 1.3.4 Wireless LAN Application (P-335WT only) Add a wireless LAN to your existing network without expensive network cables. Wireless stations can move freely anywhere in the coverage area and use resources on the wired network.
Page 51: Figure 4 Internet Access Application Example
P-335 Series User’s Guide Figure 4 Internet Access Application Example Chapter 1 Getting to Know Your Prestige...
Page 52 P-335 Series User’s Guide Chapter 1 Getting to Know Your Prestige...
Page 53: Introducing The Web Configurator
P-335 Series User’s Guide H A P T E R Introducing the Web Configurator This chapter describes how to access the Prestige web configurator and provides an overview of its screens. 2.1 Web Configurator Overview The web configurator is an HTML-based management interface that allows easy Prestige setup and management via Internet browser.
Page 54: Resetting The Prestige
P-335 Series User’s Guide Figure 5 Change Password Screen You should now see the MAIN MENU screen) Note: The management session automatically times out when the time period set in the Administrator Inactivity Timer field expires (default five minutes). Simply log back into the Prestige if this happens to you 2.3 Resetting the Prestige If you forget your password or cannot access the web configurator, you will need to use the...
Page 55: Navigation Panel
P-335 Series User’s Guide • Click to view the web configurator in the language of your choice. • Click LOGOUT at any time to exit the web configurator. • Click MAINTENANCE to view information about your Prestige or upgrade configuration/firmware files. Maintenance includes Status (Statistics), DHCP Table, F/ W (firmware) Upload, Configuration (Backup, Restore, Defaults) and Restart.
Page 56: Table 3 Screens Summary
Use this screen to partition your LAN interface into subnets. WIRELESS Wireless Use this screen to configure wireless LAN. (P-335WT only) MAC Filter Use the MAC filter screen to configure the Prestige to block access to devices or block the devices from accessing the Prestige.
Page 57 P-335 Series User’s Guide Table 3 Screens Summary LINK FUNCTION REMOTE MGMT TELNET Use this screen to configure through which interface(s) and from which IP address(es) users can use Telnet to manage the Prestige. Use this screen to configure through which interface(s) and from which IP address(es) users can use FTP to access the Prestige.
Page 58 P-335 Series User’s Guide Table 3 Screens Summary LINK FUNCTION MAINTENANCE Status This screen contains administrative and system-related information. DHCP Table This screen displays DHCP (Dynamic Host Configuration Protocol) related information and is READ-ONLY. Any IP Use this screen to allow a computer to access the Internet without changing the network settings of the computer, when the IP addresses of the computer and the Prestige are not in the same subnet.
Page 59: Chapter 3 Wizard Setup
P-335 Series User’s Guide H A P T E R Wizard Setup This chapter provides information on the Wizard Setup screens in the web configurator. 3.1 Wizard Setup Overview The web configurator’s Wizard Setup helps you configure your device to access the Internet. The second screen has three variations depending on what encapsulation type you use.
Page 60: Wizard Setup: Wireless Lan (P-335Wt Only)
P-335 Series User’s Guide Figure 7 Wizard Setup : General 3.3 Wizard Setup: Wireless LAN (P-335WT only) Set up your wireless LAN using the following screen. Figure 8 Wizard Setup : Wireless LAN The following table describes the labels in this screen.
Page 61: Wizard Setup : Wireless Lan : Basic Security
P-335 Series User’s Guide Table 4 Wizard Setup : Wireless LAN LABEL DESCRIPTION Security The Security can be selected as auto, none, basic or extended. Choose Auto to use WPA-PSK security with a default Pre-Shared Key and proceed to another wireless LAN setup screen where you can enable OTIST. Choose this option only if your wireless clients support WPA-PSK.
Page 62: Figure 9 Wizard Setup : Wireless Lan : Basic Security
P-335 Series User’s Guide Figure 9 Wizard Setup : Wireless LAN : Basic Security The following table describes the labels in this screen. Table 5 Wizard Setup : Wireless LAN Setup : Basic Security LABEL DESCRIPTION Passphrase Enter a Passphrase (up to 32 printable characters) and clicking Generate. The Prestige automatically generates a WEP key.
Page 63: Wizard Setup : Wireless Lan : Extended Security
Click Back to display the previous screen. Next Click Next to proceed to the next screen. 3.4 Wizard Setup : Wireless LAN : OTIST (P-335WT only) The following screen allows you to enable Prestige One-Touch Intelligent Security Technology (OTIST). One-Touch Intelligent Security Technology (OTIST) allows your Prestige to assign wireless clients the Prestige’s SSID and static WEP or WPA-PSK...
Page 64: Figure 11 Wizard Setup : Wireless Lan : Otist
P-335 Series User’s Guide Figure 11 Wizard Setup : Wireless LAN : OTIST The following table describes the labels in this screen. Table 7 Wizard Setup : Wireless LAN : OTIST LABEL DESCRIPTION Do you want to Select the Yes radio button and click Finish to enable One-Touch Intelligent Security enable One- Technology (OTIST), complete the wizard setup and save your configuration.
Page 65: Wizard Setup : Internet Access
P-335 Series User’s Guide 3.5 Wizard Setup : Internet Access The Prestige offers three choices of encapsulation. They are Ethernet, PPP over Ethernet or PPTP. 3.5.1 Ethernet Choose Ethernet when the WAN port is used as a regular Ethernet. Figure 12 Wizard Setup : Internet Access : Ethernet Encapsulation The following table describes the labels in this screen.
Page 66: Pppoe Encapsulation
P-335 Series User’s Guide 3.5.2 PPPoE Encapsulation Point-to-Point Protocol over Ethernet (PPPoE) functions as a dial-up connection. PPPoE is an IETF (Internet Engineering Task Force) draft standard specifying how a host personal computer interacts with a broadband modem (for example DSL, cable, wireless, etc.) to achieve access to high-speed data networks.
Page 67: Pptp Encapsulation
P-335 Series User’s Guide Figure 13 Wizard Setup : Internet Access : PPPoE Encapsulation The following table describes the labels in this screen. Table 9 Wizard Setup : Internet Access : PPPoE Encapsulation LABEL DESCRIPTION ISP Parameter for Internet Access Encapsulation Choose PPP over Ethernet from the pull-down list box.
Page 68: Figure 14 Wizard Setup : Internet Access : Pptp Encapsulation
P-335 Series User’s Guide Refer to the appendix for more information on PPTP. Note: The PRESTIGE supports one PPTP server connection at any given time. Figure 14 Wizard Setup : Internet Access : PPTP Encapsulation The following table describes the fields in this screen Table 10 Wizard Setup : Internet Access : PPTP Encapsulation LABEL DESCRIPTION...
Page 69: Wizard Setup : Wan
P-335 Series User’s Guide Table 10 Wizard Setup : Internet Access : PPTP Encapsulation LABEL DESCRIPTION Connection ID/ Enter the connection ID or connection name in this field. It must follow the "c:id" Name and "n:name" format. For example, C:12 or N:My ISP. This field is optional and depends on the requirements of your ISP.
Page 70: Dns Server Address Assignment
Use DNS (Domain Name System) to map a domain name to its corresponding IP address and vice versa, for instance, the IP address of www.zyxel.com is 204.217.0.2. The DNS server is extremely important because without it, you must know the IP address of a computer before you can access it.
Page 71: Figure 15 Wizard Setup : Wan
P-335 Series User’s Guide You can configure the WAN port's MAC address by either using the factory default or cloning the MAC address from a computer on your LAN. Once it is successfully configured, the address will be copied to the "rom" file (ZyNOS configuration file). It will not change unless you change the setting or upload a different "rom"...
Page 72: Figure 16 Wizard Setup : Wan Ip And Dns Server Address Assignment
P-335 Series User’s Guide Figure 16 Wizard Setup : WAN IP and DNS Server Address Assignment The following table describes the labels in this screen Table 14 Wizard Setup : WAN IP and DNS Server Address Assignment LABEL DESCRIPTION WAN IP Address Assignment My WAN IP Address Enter the IP address of your Prestige in dotted decimal notation.
Page 73: Wizard Setup : Complete
P-335 Series User’s Guide Table 14 Wizard Setup : WAN IP and DNS Server Address Assignment LABEL DESCRIPTION Back Click Back to return to the previous screen. Next Click Next to continue. Select Get automatically from ISP (Default) in the first WAN wizard setup screen and click Next to view the following WAN MAC Address screen.
Page 74: Figure 18 Wizard Setup : Complete
P-335 Series User’s Guide Figure 18 Wizard Setup : Complete Well done! You have successfully set up your Prestige to operate on your network and access the Internet Chapter 3 Wizard Setup...
Page 75: Media Bandwidth Management Setup
P-335 Series User’s Guide H A P T E R Media Bandwidth Management Setup This chapter provides information on the bandwidth management setup screens in the web configurator. 4.1 Media Bandwidth Management Setup Overview The web configurator’s BW SETUP allows you to specify bandwidth classes based on an application and/or subnet.
Page 76: Media Bandwidth Management Setup : Services
P-335 Series User’s Guide Figure 19 Media Bandwidth Management Setup The following fields describe the label in this screen. Table 16 Media Bandwidth Management Setup LABEL DESCRIPTION Active Select the Active check box to have the Prestige apply bandwidth management to traffic going out through the Prestige’s WAN, LAN or WLAN port.
Page 77: Media Bandwidth Management Setup : Service Priority
P-335 Series User’s Guide Figure 20 Media Bandwidth Management Setup : Services The following table describes the labels in this screen. Table 17 Media Bandwidth Management Setup : Services LABEL DESCRIPTION Choose Create bandwidth management classes by selecting services from the list provided. Channel ID •...
Page 78: Media Bandwidth Management Setup Complete
P-335 Series User’s Guide Figure 21 Media Bandwidth Management Setup : Service Priority The following table describes the fields in this screen. Table 18 Media Bandwidth Management Setup : Service Priority LABELS DESCRIPTION Service These fields display the services selected in the previous screen. Priority Select High, Mid or Low priority for each service to have your Prestige use a priority for traffic that matches that service.
Page 79: Chapter 5 System Screens
P-335 Series User’s Guide H A P T E R System Screens This chapter provides information on the System screens. 5.1 System Overview See the Wizard Setup chapter for more information on the next few screens. 5.2 Configuring General Setup Click SYSTEM to open the General screen.
Page 80: Figure 23 System General Setup
P-335 Series User’s Guide Figure 23 System General Setup The following table describes the labels in this screen. Table 19 System General Setup LABEL DESCRIPTION System Name System Name is a unique name to identify the Prestige in an Ethernet network.. It is recommended you enter your computer’s “Computer name”...
Page 81: Dynamic Dns
P-335 Series User’s Guide Table 19 System General Setup LABEL DESCRIPTION First DNS Server Select From ISP if your ISP dynamically assigns DNS server information (and the Prestige's WAN IP address). The field below displays the (read-only) DNS server Second DNS Server IP address that the ISP assigns.
Page 82: Figure 24 Ddns
P-335 Series User’s Guide Figure 24 DDNS The following table describes the labels in this screen. Table 20 DDNS LABEL DESCRIPTION Enable DDNS Select this check box to use dynamic DNS. Service Provider Select the name of your Dynamic DNS service provider. DDNS Type Select the type of service that you are registered for from your Dynamic DNS service provider.
Page 83: Configuring Password
P-335 Series User’s Guide Table 20 DDNS LABEL DESCRIPTION Use specified IP Type the IP address of the host name(s). Use this if you have a static IP Address address. Apply Click Apply to save your changes back to the Prestige. Reset Click Reset to begin configuring this screen afresh.
Page 84: Figure 26 Time Setting
P-335 Series User’s Guide Figure 26 Time Setting The following table describes the labels in this screen. Table 22 Time Setting LABEL DESCRIPTION Time Protocol Select the time service protocol that your time server sends when you turn on the Prestige. Not all time servers support all protocols, so you may have to check with your ISP/network administrator or use trial and error to find a protocol that works.
Page 85 P-335 Series User’s Guide Table 22 Time Setting LABEL DESCRIPTION Current Date This field displays the date of your Prestige. Each time you reload this page, the Prestige synchronizes the time with the time server. New Date This field displays the last updated date from the time server. When you select None in the Time Protocol field, enter the new date in this field and then click Apply.
Page 86 P-335 Series User’s Guide Chapter 5 System Screens...
Page 87: Chapter 6 Lan Screens
P-335 Series User’s Guide H A P T E R LAN Screens This chapter describes how to configure LAN settings. 6.1 LAN Overview Local Area Network (LAN) is a shared communication system to which many computers are attached. The LAN screens can help you configure a LAN DHCP server, manage IP addresses, and partition your physical network into logical networks.
Page 88: Ip Address And Subnet Mask
P-335 Series User’s Guide • IP address of 192.168.1.1 with subnet mask of 255.255.255.0 (24 bits) • DHCP server enabled with 32 client IP addresses starting from 192.168.1.33. These parameters should work for the majority of installations. If your ISP gives you explicit DNS server address(es), read the embedded web configurator help regarding what fields need to be configured.
Page 89: Any Ip
P-335 Series User’s Guide 224.0.0.0 is not assigned to any group and is used by IP multicast computers. The address 224.0.0.1 is used for query messages and is assigned to the permanent group of all IP hosts (including gateways). All hosts must join the 224.0.0.1 group in order to participate in IGMP. The address 224.0.0.2 is assigned to the multicast routers group.
Page 90: How Any Ip Works
P-335 Series User’s Guide The Any IP feature does not apply to a computer using either a dynamic IP address or a static IP address that is in the same subnet as the Prestige’s IP address. Note: You must enable NAT to use the Any IP feature on the Prestige 6.4.1 How Any IP Works Address Resolution Protocol (ARP) is a protocol for mapping an Internet Protocol address (IP...
Page 91: Figure 28 Lan Ip
P-335 Series User’s Guide Figure 28 LAN IP The following table describes the labels in this screen. Table 23 LAN IP LABEL DESCRIPTION DHCP Server DHCP (Dynamic Host Configuration Protocol, RFC 2131 and RFC 2132) allows individual clients (computers) to obtain TCP/IP configuration at startup from a server.
Page 92 P-335 Series User’s Guide Table 23 LAN IP LABEL DESCRIPTION DNS Servers Assigned by DHCP Server The Prestige passes a DNS (Domain Name System) server IP address (in the order you specify here) to the DHCP clients. The Prestige only passes this information to the LAN DHCP clients when you select the DHCP Server check box.
Page 93: Configuring Static Dhcp
P-335 Series User’s Guide Table 23 LAN IP LABEL DESCRIPTION Any IP Setup Active Select this option to activate the Any-IP feature. This allows a computer to access the Internet without changing the network settings (such as IP address and sub- net mask) of the computer, even when the IP addresses of the computer and the Prestige are not in the same subnet.
Page 94: Configuring Ip Alias
P-335 Series User’s Guide Figure 29 Static DHCP The following table describes the labels in this screen. Table 24 Static DHCP LABEL DESCRIPTION This is the index number of the Static IP table entry (row). MAC Address Type the MAC address (with colons) of a computer on your LAN. IP Address Type the LAN IP address in this field.
Page 95: Figure 30 Ip Alias
P-335 Series User’s Guide Figure 30 IP Alias The following table describes the labels in this screen. Table 25 IP Alias LABEL DESCRIPTION IP Alias 1,2 Select the check box to configure another LAN network for the Prestige. IP Address Enter the IP address of your Prestige in dotted decimal notation.
Page 96 P-335 Series User’s Guide Chapter 6 LAN Screens...
Page 97: Chapter 7 Wireless Lan (P-335Wt)
• Use RADIUS authentication if you have a RADIUS server. See the appendices for information on protocols used when a client authenticates with a RADIUS server via the Prestige. Chapter 7 Wireless LAN (P-335WT)
Page 98: Restricted Access
1 Configure the SSID and WEP in the Wireless screen. If you configure WEP, you can’t configure WPA or WPA-PSK. 2 Use the MAC Filter screen to restrict access to your wireless network by MAC address. 3 Configure the RADIUS authentication database settings in the Wireless screen. Chapter 7 Wireless LAN (P-335WT)
Page 99: Configuring The Wireless Screen
SSID or WEP settings, you will lose your wireless connection when you press Apply to confirm. You must then change the wireless settings of your computer to match the Prestige’s new settings. Click the WIRELESS link under ADVANCED to open the Wireless screen. Chapter 7 Wireless LAN (P-335WT)
Page 100: Figure 32 Wireless
LAN and you change the Prestige’s SSID or WEP settings, you will lose your wireless connection when you press Apply to confirm. You must then change the wireless settings of your computer to match the Prestige’s new settings. Chapter 7 Wireless LAN (P-335WT)
Page 101: No Security
Select No Security to allow wireless stations to communicate with the access points without any data encryption. Note: If you do not enable any wireless security on your Prestige, your network is accessible to any wireless networking device that is within range. Chapter 7 Wireless LAN (P-335WT)
Page 102: Figure 33 Wireless: No Security
Choose No Security from the drop-down list box. Preamble Select a preamble type from the drop-down list menu. Choices are Long, Short and Dynamic. The default setting is Long. See the section on preamble for more information. Chapter 7 Wireless LAN (P-335WT)
Page 103: Wep Encryption
Prestige. The transmission rate of your Prestige might be reduced. G+ Enhanced Select G+ Enhanced checkbox to allow any ZyXEL WLAN devices that support this feature to associate with the Prestige. This permits the Prestige to transmit at a higher speed than the 802.11g Only mode.
Page 104: Figure 34 Wireless: Static Wep Encryption
Table 28 Wireless: Static WEP Encryption LABEL DESCRIPTION Passphrase Enter a Passphrase (up to 32 printable characters) and clicking Generate. The Prestige automatically generates a WEP key. Select 64-bit WEP, 128-bit WEP or 256-bit WEP to enable data encryption. Encryption Chapter 7 Wireless LAN (P-335WT)
Page 105: Introduction To Wpa
Prestige. The transmission rate of your Prestige might be reduced. G+ Enhanced Select G+ Enhanced checkbox to allow any ZyXEL WLAN devices that support this feature to associate with the Prestige. This permits the Prestige to transmit at a higher speed than the 802.11g Only mode.
Page 106: Wpa-Psk Application Example
Figure 35 WPA - PSK Authentication 7.4.6 Configuring WPA-PSK Authentication In order to configure and enable WPA-PSK Authentication; click the WIRELESS link under ADVANCED to display the Wireless screen. Select WPA-PSK from the Security list. Chapter 7 Wireless LAN (P-335WT)
Page 107: Figure 36 Wireless: Wpa-Psk
Enter a time interval between 10 and 9999 seconds. The default time interval is 1800 seconds (30 minutes). Note: If wireless station authentication is done using a RADIUS server, the reauthentication timer on the RADIUS server has priority. Chapter 7 Wireless LAN (P-335WT)
Page 108: Wireless Client Wpa Supplicants
Prestige. The transmission rate of your Prestige might be reduced. G+ Enhanced Select G+ Enhanced checkbox to allow any ZyXEL WLAN devices that support this feature to associate with the Prestige. This permits the Prestige to transmit at a higher speed than the 802.11g Only mode.
Page 109: Configuring Wpa Authentication
Figure 37 WPA with RADIUS Application Example 7.4.9 Configuring WPA Authentication In order to configure and enable WPA Authentication; click the WIRELESS link under ADVANCED to display the Wireless screen. Select WPA from the Security list. Chapter 7 Wireless LAN (P-335WT)
Page 110: Figure 38 Wireless: Wpa
P-335 Series User’s Guide Figure 38 Wireless: WPA Chapter 7 Wireless LAN (P-335WT)
Page 111: Table 30 Wireless: Wpa
The key is not sent over the network. Preamble Select a preamble type from the drop-down list menu. Choices are Long, Short or Dynamic. The default setting is Long. See the section on preamble for more information. Chapter 7 Wireless LAN (P-335WT)
Page 112: Overview
Prestige. The transmission rate of your Prestige might be reduced. G+ Enhanced Select G+ Enhanced checkbox to allow any ZyXEL WLAN devices that support this feature to associate with the Prestige. This permits the Prestige to transmit at a higher speed than the 802.11g Only mode.
Page 113: Figure 39 Wireless: 802.1X And Dynamic Wep
P-335 Series User’s Guide Figure 39 Wireless: 802.1x and Dynamic WEP Chapter 7 Wireless LAN (P-335WT)
Page 114: Table 31 Wireless: 802.1X And Dynamic Wep
The key is not sent over the network. Preamble Select a preamble type from the drop-down list menu. Choices are Long, Short or Dynamic. The default setting is Long. See the section on preamble for more information. Chapter 7 Wireless LAN (P-335WT)
Page 115: Configuring 802.1X And Static Wep Key Exchange
Prestige. The transmission rate of your Prestige might be reduced. G+ Enhanced Select G+ Enhanced checkbox to allow any ZyXEL WLAN devices that support this feature to associate with the Prestige. This permits the Prestige to transmit at a higher speed than the 802.11g Only mode.
Page 116: Figure 40 Wireless: 802.1X And Static Wep
P-335 Series User’s Guide Figure 40 Wireless: 802.1x and Static WEP Chapter 7 Wireless LAN (P-335WT)
Page 117: Table 32 Wireless: 802.1X And Static Wep
The key must be the same on the external authentication server and your Prestige. The key is not sent over the network. Accounting Server Active Select Yes from the drop down list box to enable user accounting through an external authentication server. Chapter 7 Wireless LAN (P-335WT)
Page 118: Configuring 802.1X
Prestige. The transmission rate of your Prestige might be reduced. G+ Enhanced Select G+ Enhanced checkbox to allow any ZyXEL WLAN devices that support this feature to associate with the Prestige. This permits the Prestige to transmit at a higher speed than the 802.11g Only mode.
Page 119: Figure 41 Wireless: 802.1X
P-335 Series User’s Guide Figure 41 Wireless: 802.1x Chapter 7 Wireless LAN (P-335WT)
Page 120: Table 33 Wireless: 802.1X And No Wep
Select 802.11g Only to allow only IEEE 802.11g compliant WLAN devices to associate with the Prestige. Select Mixed to allow either IEEE802.11b or IEEE802.11g compliant WLAN devices to associate with the Prestige. The transmission rate of your Prestige might be reduced. Chapter 7 Wireless LAN (P-335WT)
Page 121: Mac Filter
Table 33 Wireless: 802.1x and No WEP LABEL DESCRIPTION G+ Enhanced Select G+ Enhanced checkbox to allow any ZyXEL WLAN devices that support this feature to associate with the Prestige. This permits the Prestige to transmit at a higher speed than the 802.11g Only mode. Apply Click Apply to save your changes back to the Prestige.
Page 122: Figure 42 Mac Address Filter
Prestige Select Allow Association to permit access to the Prestige, MAC addresses not listed will be denied access to the Prestige. This is the index number of the MAC address. Chapter 7 Wireless LAN (P-335WT)
Page 123: Roaming
APs. The default is 3517. Make sure this port is not used by other services. Apply Click Apply to save your changes back to the Prestige. Reset Click Reset to reload the previous configuration for this screen. Chapter 7 Wireless LAN (P-335WT)
Page 124: Otist
Prestige set the wireless station to use the same wireless settings as the Prestige. You must also activate and start OTIST on the wireless station at the same time. The process takes three minutes to complete. Chapter 7 Wireless LAN (P-335WT)
Page 125: Activating Otist
Use the OTIST button to set up OTIST using the current OTIST Setup Key and the Prestige’s current wireless security settings. 1 Log out of your current configuration management session. 2 Push the OTIST button once on the back panel of the Prestige device to enable OTIST. Chapter 7 Wireless LAN (P-335WT)
Page 126 P-335 Series User’s Guide Chapter 7 Wireless LAN (P-335WT)
Page 127: Chapter 8 Wan Screens
P-335 Series User’s Guide H A P T E R WAN Screens This chapter describes how to configure WAN settings. 8.1 WAN Overview See the Wizard Setup chapter for more information on the fields in the WAN screens. 8.2 TCP/IP Priority (Metric) The metric represents the "cost of transmission".
Page 128: Configuring Wan Isp
P-335 Series User’s Guide Figure 47 WAN: Route The following table describes the labels in this screen. Table 37 WAN: Route LABEL DESCRIPTION WAN Traffic The metric represents the "cost of transmission". A router determines the best route Redirect for transmission by choosing a path with the lowest "cost". RIP routing uses hop count as the measurement of cost, with a minimum of "1"...
Page 129: Pppoe Encapsulation
P-335 Series User’s Guide Figure 48 Ethernet Encapsulation The following table describes the labels in this screen. Table 38 Ethernet Encapsulation LABEL DESCRIPTION Encapsulation You must choose the Ethernet option when the WAN port is used as a regular Ethernet. Service Type Choose from Standard, Telstra (RoadRunner Telstra authentication method), RR-Manager (Roadrunner Manager authentication method), RR-Toshiba...
Page 130 P-335 Series User’s Guide For the service provider, PPPoE offers an access and authentication method that works with existing access control systems (for example Radius). PPPoE provides a login and authentication method that the existing Microsoft Dial-Up Networking software can activate, and therefore requires no new learning or procedures for Windows users.
Page 131: Figure 49 Pppoe Encapsulation
P-335 Series User’s Guide Figure 49 PPPoE Encapsulation The following table describes the labels in this screen. Table 39 PPPoE Encapsulation LABEL DESCRIPTION ISP Parameters for Internet Access Encapsulation The PPP over Ethernet choice is for a dial-up connection using PPPoE. The Prestige supports PPPoE (Point-to-Point Protocol over Ethernet).
Page 132: Pptp Encapsulation
P-335 Series User’s Guide 8.4.3 PPTP Encapsulation Point-to-Point Tunneling Protocol (PPTP) is a network protocol that enables secure transfer of data from a remote client to a private server, creating a Virtual Private Network (VPN) using TCP/IP-based networks. PPTP supports on-demand, multi-protocol and virtual private networking over public networks, such as the Internet.
Page 133: Figure 50 Pptp Encapsulation
P-335 Series User’s Guide Figure 50 PPTP Encapsulation The following table describes the labels in this screen. Table 40 PPTP Encapsulation LABEL DESCRIPTION ISP Parameters for Internet Access Encapsulation Point-to-Point Tunneling Protocol (PPTP) is a network protocol that enables secure transfer of data from a remote client to a private server, creating a Virtual Private Network (VPN) using TCP/IP-based networks.
Page 134: Configuring Wan Ip
P-335 Series User’s Guide Table 40 PPTP Encapsulation LABEL DESCRIPTION My IP Subnet Mask Your Prestige will automatically calculate the subnet mask based on the IP address that you assign. Unless you are implementing subnetting, use the subnet mask computed by the Prestige. Server IP Address Type the IP address of the PPTP server.
Page 135: Figure 51 Wan: Ip
P-335 Series User’s Guide Figure 51 WAN: IP The following table describes the labels in this screen. Table 41 WAN: IP LABEL DESCRIPTION WAN IP Address Assignment Get automatically from Select this option If your ISP did not assign you a fixed IP address. This is the default selection.
Page 136 P-335 Series User’s Guide Table 41 WAN: IP LABEL DESCRIPTION Network Address Network Address Translation (NAT) allows the translation of an Internet Translation protocol address used within one network (for example a private IP address used in a local network) to a different IP address known within another network (for example a public IP address used on the Internet).
Page 137: Configuring Wan Mac
P-335 Series User’s Guide Table 41 WAN: IP LABEL DESCRIPTION Multicast Choose None (default), IGMP-V1 or IGMP-V2. IGMP (Internet Group Multicast Protocol) is a network-layer protocol used to establish membership in a Multicast group - it is not used to carry user data. IGMP version 2 (RFC 2236) is an improvement over version 1 (RFC 1112) but IGMP version 1 is still in wide use.
Page 138: Traffic Redirect
P-335 Series User’s Guide Otherwise, click Spoof this computer's MAC address - IP Address and enter the IP address of the computer on the LAN whose MAC you are cloning. Once it is successfully configured, the address will be copied to the rom file (ZyNOS configuration file). It will not change unless you change the setting or upload a different ROM file.
Page 139: Configuring Traffic Redirect
P-335 Series User’s Guide Figure 54 Traffic Redirect LAN Setup 8.8 Configuring Traffic Redirect To change your Prestige’s Traffic Redirect settings, click WAN, then the Traffic Redirect tab. The screen appears as shown. Chapter 8 WAN Screens...
Page 140: Figure 55 Wan: Traffic Redirect
P-335 Series User’s Guide Figure 55 WAN: Traffic Redirect The following table describes the labels in this screen. Table 42 Traffic Redirect LABEL DESCRIPTION Active Select this check box to have the Prestige use traffic redirect if the normal WAN connection goes down.
Page 141 P-335 Series User’s Guide Table 42 Traffic Redirect LABEL DESCRIPTION Apply Click Apply to save your changes back to the Prestige. Reset Click Reset to begin configuring this screen afresh. Chapter 8 WAN Screens...
Page 142 P-335 Series User’s Guide Chapter 8 WAN Screens...
Page 143: Network Address Translation (Nat) Screens
P-335 Series User’s Guide H A P T E R Network Address Translation (NAT) Screens This chapter discusses how to configure NAT on the Prestige. 9.1 NAT Overview NAT (Network Address Translation - NAT, RFC 1631) is the translation of the IP address of a host in a packet.
Page 144: What Nat Does
P-335 Series User’s Guide Note: NAT never changes the IP address (either local or global) of an outside host. 9.1.2 What NAT Does In the simplest form, NAT changes the source IP address in a packet received from a subscriber (the inside local address) to another (the inside global address) before forwarding the packet to the WAN side.
Page 145: Nat Application
P-335 Series User’s Guide Figure 56 How NAT Works 9.1.4 NAT Application The following figure illustrates a possible NAT application, where three inside LANs (logical LANs using IP Alias) behind the Prestige can communicate with three distinct WAN networks. More examples follow at the end of this chapter. Figure 57 NAT Application With IP Alias 9.1.5 NAT Mapping Types NAT supports five types of IP/port mapping.
Page 146: Table 44 Nat Mapping Types
• Many to One: In Many-to-One mode, the Prestige maps multiple local IP addresses to one global IP address. This is equivalent to SUA (i.e., PAT, port address translation), ZyXEL’s Single User Account feature (the SUA Only option). • Many-to-Many Overload: In Many-to-Many Overload mode, the Prestige maps the multiple local IP addresses to shared global IP addresses.
Page 147: Using Nat
P-335 Series User’s Guide 9.2 Using NAT Note: You must create a firewall rule in addition to setting up SUA/NAT, to allow traffic from the WAN to be forwarded through the Prestige. 9.2.1 SUA (Single User Account) Versus NAT SUA (Single User Account) is a ZyNOS implementation of a subset of NAT that supports two types of mapping, Many-to-One and Server.
Page 148: Port Forwarding: Services And Port Numbers
P-335 Series User’s Guide 9.3.2 Port Forwarding: Services and Port Numbers A NAT server set is a list of inside (behind NAT on the LAN) servers, for example, web or FTP, that you can make accessible to the outside world even though NAT makes your whole inside network appear as a single machine to the outside world.
Page 149: Configuring Servers Behind Sua (Example)
P-335 Series User’s Guide 9.3.3 Configuring Servers Behind SUA (Example) Let's say you want to assign ports 21-25 to one FTP, Telnet and SMTP server (A in the example), port 80 to another (B in the example) and assign a default server IP address of 192.168.1.35 to a third (C in the example).
Page 150: Figure 59 Sua/Nat Setup
P-335 Series User’s Guide Figure 59 SUA/NAT Setup The following table describes the labels in this screen. Table 46 SUA/NAT Setup LABEL DESCRIPTION Default Server In addition to the servers for specified services, NAT supports a default server. A default server receives packets from ports that are not specified in this screen. If you do not assign a Default Server IP Address, the Prestige discards all packets received for ports that are not specified in this screen or remote management.
Page 151: Configuring Address Mapping
P-335 Series User’s Guide 9.5 Configuring Address Mapping Ordering your rules is important because the Prestige applies the rules in the order that you specify. When a rule matches the current packet, the Prestige takes the corresponding action and the remaining rules are ignored. If there are any empty rules before your new configured rule, your configured rule will be pushed up by that number of empty rules.
Page 152: Configuring Address Mapping
One-to-one NAT mapping type. 2. Many-to-One mode maps multiple local IP addresses to one global IP address. This is equivalent to SUA (i.e., PAT, port address translation), ZyXEL's Single User Account feature that previous ZyXEL routers supported only.
Page 153: Figure 61 Address Mapping Rule
2. Many-to-One: Many-to-One mode maps multiple local IP addresses to one global IP address. This is equivalent to SUA (i.e., PAT, port address translation), ZyXEL's Single User Account feature. 3. Many-to-Many Overload: Many-to-Many Overload mode maps multiple local IP addresses to shared global IP addresses.
Page 154: Trigger Port Forwarding
P-335 Series User’s Guide 9.6 Trigger Port Forwarding Some services use a dedicated range of ports on the client side and a dedicated range of ports on the server side. With regular port forwarding you set a forwarding port in NAT to forward a service (coming in from the server on the WAN) to the IP address of a computer on the client side (LAN).
Page 155: Two Points To Remember About Trigger Ports
P-335 Series User’s Guide 9.6.2 Two Points To Remember About Trigger Ports 1 Trigger events only happen on data that is going coming from inside the Prestige and going to the outside. 2 If an application needs a continuous data stream, that port (range) will be tied up so that another computer on the LAN can’t trigger it.
Page 156: Figure 63 Trigger Port
P-335 Series User’s Guide Figure 63 Trigger Port The following table describes the labels in this screen. Table 49 Trigger Port LABEL DESCRIPTION This is the rule index number (read-only). Name Type a unique name (up to 15 characters) for identification purposes. All characters are permitted - including spaces.
Page 157: Chapter 10 Static Route Screens
P-335 Series User’s Guide H A P T E R Static Route Screens This chapter shows you how to configure static routes for your Prestige. 10.1 Static Route Overview Each remote node specifies only the network to which the gateway is directly connected, and the Prestige has no knowledge of the networks beyond.
Page 158: Configuring Route Entry
P-335 Series User’s Guide Figure 65 Static Route The following table describes the labels in this screen. Table 50 Static Route LABEL DESCRIPTION Number of an individual static route. Name Name that describes or identifies this route. Active This field shows whether this static route is active (Yes) or not (No). Destination This parameter specifies the IP network address of the final destination.
Page 159: Figure 66 Static Route: Edit
P-335 Series User’s Guide Figure 66 Static Route: Edit The following table describes the labels in this screen. Table 51 Static Route: Edit LABEL DESCRIPTION Route Name Enter the name of the IP static route. Leave this field blank to delete this static route. Active This field allows you to activate/deactivate this static route.
Page 160 P-335 Series User’s Guide Chapter 10 Static Route Screens...
Page 161: Chapter 11 Upnp
P-335 Series User’s Guide H A P T E R UP N P This chapter introduces the Universal Plug and Play feature. 11.1 Universal Plug and Play Overview Universal Plug and Play (UPnP) is a distributed, open networking standard that uses TCP/IP for simple peer-to-peer network connectivity between devices.
Page 162: Upnp And Zyxel
Disable UPnP if this is not your intention. 11.2 UPnP and ZyXEL ZyXEL has achieved UPnP certification from the Universal Plug and Play Forum Creates UPnP™ Implementers Corp. (UIC). ZyXEL's UPnP implementation supports IGD 1.0 (Internet Gateway Device). At the time of writing ZyXEL's UPnP implementation supports Windows Messenger 4.6 and 4.7 while Windows Messenger 5.0 and Xbox are still being...
Page 163: Installing Upnp In Windows Example
P-335 Series User’s Guide Figure 67 Configuring UPnP The following table describes the labels in this screen. Table 52 Configuring UPnP LABEL DESCRIPTION Enable the Universal Plug Select this checkbox to activate UPnP. Be aware that anyone could use and Play (UPnP) feature a UPnP application to open the web configurator's login screen without entering the Prestige's IP address (although you must still enter the password to access the web configurator).
Page 164: Installing Upnp In Windows Me
P-335 Series User’s Guide 11.4.1 Installing UPnP in Windows Me Follow the steps below to install UPnP in Windows Me. 1 Click Start and Control Panel. Double- click Add/Remove Programs. 2 Click on the Windows Setup tab and select Communication in the Components selection box.
Page 165: Installing Upnp In Windows Xp
P-335 Series User’s Guide 11.4.2 Installing UPnP in Windows XP Follow the steps below to install UPnP in Windows XP. 1 Click Start and Control Panel. 2 Double-click Network Connections. 3 In the Network Connections window, click Advanced in the main menu and select Optional Networking Components ….The Windows Optional Networking...
Page 166: Using Upnp In Windows Xp Example
This section shows you how to use the UPnP feature in Windows XP. You must already have UPnP installed in Windows XP and UPnP activated on the ZyXEL device. Make sure the computer is connected to a LAN port of the ZyXEL device. Turn on your computer and the ZyXEL device.
Page 167: Auto-Discover Your Upnp-Enabled Network Device
P-335 Series User’s Guide 11.5.1 Auto-discover Your UPnP-enabled Network Device 1 Click Start and Control Panel. Double-click Network Connections. An icon displays under Internet Gateway. 2 Right-click the icon and select Properties. 3 In the Internet Connection Properties 4 You may edit or delete the port window, click Settings to see the port mappings or click Add to mappings that were automatically created.
Page 168: Web Configurator Easy Access
11.5.2 Web Configurator Easy Access With UPnP, you can access the web-based configurator on the ZyXEL device without finding out the IP address of the ZyXEL device first. This is helpful if you do not know the IP address of the ZyXEL device.
Page 169: Web Configurator Easy Access
11.5.3 Web Configurator Easy Access With UPnP, you can access the web-based configurator on the ZyXEL device without finding out the IP address of the ZyXEL device first. This is helpful if you do not know the IP address of the ZyXEL device.
Page 170 Other Places. 4 An icon with the description for each UPnP-enabled device displays under Local Network. 5 Right-click the icon for your ZyXEL device and select Invoke. The web configurator login screen displays. 6 Right-click the icon for your ZyXEL device and select Properties.
Page 171: Trend Micro Security Services
P-335 Series User’s Guide H A P T E R Trend Micro Security Services This chapter contains information about configuring Trend Micro Security Services (TMSS). 12.1 Trend Micro Security Services Overview TMSS helps protect computers on a network that access the Internet through the Prestige. TMSS scans computers behind the Prestige for potential vulnerabilities such as spyware, missing security patches, trojans etc.
Page 172: Figure 69 Download Activex To View Tmss Web Page
P-335 Series User’s Guide Figure 69 Download ActiveX to View TMSS Web Page 2 In the TMSS web page, click Service Summary. Figure 70 TMSS Web Page(Dashboard) 3 Click Activate My Services to begin a 3-step process to activate TMSS. Figure 71 TMSS Service Summary 4 Click Next to begin the process as outlined in the screen.
Page 173: Figure 72 Tmss 3 Steps
P-335 Series User’s Guide Figure 72 TMSS 3 Steps 5 Fill in the registration form and submit it. Figure 73 TMSS Registration Form 6 After you submit the registration form, you will receive an e-mail with instructions for validating your e-mail address. Follow the instructions. 7 Download TMSS to each computer (behind the Prestige) that you want TMSS to monitor.
Page 174: Configuring Tmss On The Prestige
P-335 Series User’s Guide Figure 74 Example TMSS Activated Service Summary Screen You need a Parental Control license to activate configure Parental Control categories on the Prestige (see Figure 80 on page 179). The following screen is an example of theParental Control screen with TMSS activated.
Page 175: Tmss Service Settings
P-335 Series User’s Guide 2 Use the Virus Protection screen to configure if and how often updates are checked and to display the status of computers under TMSS monitoring. 3 Use the Parental Controls screen to schedule and block web pages based on pre-defined web site categories such as pornography, gambling etc.
Page 176: Configuring Virus Protection
P-335 Series User’s Guide The following table describes the labels in this screen. Table 53 Service Settings LABEL DESCRIPTION Enable Trend Micro Select the checkbox to enable Trend Micro Security Services on your Security Services Prestige. Security Services Display Interval Automatically display Select from the drop-down list box how often the TMSS web page appears TMSS Web page every:...
Page 177: Table 54 Virus Protection
P-335 Series User’s Guide The following table describes the labels in this screen. Table 54 Virus Protection LABEL DESCRIPTION Check for Trend Micro Internet Security Automatically check for Select the checkbox to have the Prestige download the latest scan engine update components and virus pattern version numbers (not the actual software) from the Trend Micro website.
Page 178: Parental Controls Configuration
P-335 Series User’s Guide Table 54 Virus Protection (continued) LABEL DESCRIPTION Status This field displays whether you have (the latest) Trend Micro anti-virus software installed on a TMSS client computer. Potential Threat displays if: • The Prestige had no response after an update request. •...
Page 179: Figure 80 Parental Controls
P-335 Series User’s Guide Figure 80 Parental Controls The following table describes the labels in this screen. Table 55 Parental Controls LABEL DESCRIPTION Enable Parental Controls Select the check box to enable this feature on your Prestige. Blocking Schedule The blocking schedule for TMSS is the same as that used for content filtering (web site blocking by keyword).
Page 180 P-335 Series User’s Guide Table 55 Parental Controls LABEL DESCRIPTION Time of Day to Block (24- Select the time of day you want web page blocking to take effect. Hour Format) Configure blocking to take effect all day by selecting the All Day check box.
Page 181: Parental Controls Statistics
P-335 Series User’s Guide Table 55 Parental Controls LABEL DESCRIPTION Exclude specified address Select the radio button to exempt computers with IP addresses displayed ranges from the Parental in the Selected IP Addresses list box from Parental Controls. Control enforcement. Available IP Addresses This box displays the IP addresses of all TMSS clients.
Page 182 P-335 Series User’s Guide Table 56 Parental Controls Statistics LABEL DESCRIPTION Reset Click Reset to clear all of the fields in this screen. Refresh Click Refresh to renew the statistics screen. Chapter 12 Trend Micro Security Services...
Page 183: Chapter 13 Firewall
P-335 Series User’s Guide H A P T E R Firewall This chapter gives some background information on firewalls and explains how to get started with the Prestige firewall. 13.1 Introduction 13.1.1 What is a Firewall? Originally, the term firewall referred to a construction technique designed to prevent the spread of fire from one room to another.
Page 184: Guidelines For Enhancing Security With Your Firewall
P-335 Series User’s Guide The Prestige has one Ethernet WAN port and four Ethernet LAN ports, which are used to physically separate the network into two areas.The WAN (Wide Area Network) port attaches to the broadband (cable or DSL) modem to the Internet. The LAN (Local Area Network) port attaches to a network of computers, which needs security from the outside world.
Page 185: Figure 82 Firewall: Settings
P-335 Series User’s Guide Figure 82 Firewall: Settings The following table describes the labels in this screen. Table 57 Firewall: Settings LABEL DESCRIPTION Enable Firewall Select this check box to activate the firewall. The Prestige performs access control and protects against Denial of Service (DoS) attacks when the firewall is activated. Bypass Triangle Select this check box to have the Prestige firewall ignore the use of triangle route Route...
Page 186: The Firewall, Nat And Remote Management
P-335 Series User’s Guide Table 57 Firewall: Settings LABEL DESCRIPTION Packets to Log Choose what WAN to LAN and WAN to WAN/Prestige packets to log. Choose from: No Log Log Forwarded (see how to forward WAN to LAN traffic in the next section) Log All (log all WAN to LAN packets).
Page 187: Wan-To-Lan Rules
P-335 Series User’s Guide 13.3.2 WAN-to-LAN rules WAN-to-LAN rules are Internet to your local network firewall rules. The default is to block all traffic from the Internet to your local network. How can you forward certain WAN to LAN traffic? You may allow traffic originating from the WAN to be forwarded to the LAN by: •...
Page 188: Figure 84 Firewall: Service
P-335 Series User’s Guide Figure 84 Firewall: Service The following table describes the labels in this screen. Table 58 Firewall: Service LABEL DESCRIPTION Enable Services Select this check box to enable this feature. Blocking Available Service This is a list of pre-defined services (ports) you may prohibit your LAN computers from using.
Page 189 P-335 Series User’s Guide Table 58 Firewall: Service LABEL DESCRIPTION Port Number Enter the port number range that defines the service. For example, suppose you want to define the Gnutella service. Select TCP type and enter a port range from 6345-6349.
Page 190 P-335 Series User’s Guide Chapter 13 Firewall...
Page 191: Chapter 14 Content Filtering
P-335 Series User’s Guide H A P T E R Content Filtering This chapter provides a brief overview of content filtering using the embedded WebGUI. 14.1 Introduction to Content Filtering Internet content filtering allows you to create and enforce Internet access policies tailored to their needs.
Page 192: Figure 85 Content Filter
P-335 Series User’s Guide Figure 85 Content Filter Chapter 14 Content Filtering...
Page 193: Table 59 Content Filter
P-335 Series User’s Guide The following table describes the labels in this screen. Table 59 Content Filter LABEL DESCRIPTION Trusted Computer To enable this feature, type an IP address of any one of the computers in your IP Address network (displayed in Parental Controls) that you want to have as a trusted computer.
Page 194: Customizing Keyword Blocking Url Checking
Full path URL checking has the Prestige check the characters that come before the last slash in the URL. For example, with the URL www.zyxel.com.tw/news/pressroom.php, full path URL checking searches for keywords within www.zyxel.com.tw/news/. Use the ip urlfilter customize actionFlags 6 [disable | enable] command to extend (or not extend) the keyword blocking search to include the URL's full path.
Page 195 P-335 Series User’s Guide For example, filename URL checking searches for keywords within the URL www.zyxel.com.tw/news/pressroom.php. Use the ip urlfilter customize actionFlags 8 [disable | enable] command to extend (or not extend) the keyword blocking search to include the URL's complete filename.Prestige...
Page 196 P-335 Series User’s Guide Chapter 14 Content Filtering...
Page 197: Remote Management Screens
P-335 Series User’s Guide H A P T E R Remote Management Screens This chapter provides information on the Remote Management screens. 15.1 Remote Management Overview Remote management allows you to determine which services/protocols can access which Prestige interface (if any) from which computers. Note: When you configure remote management to allow management from the WAN, you still need to configure a firewall rule to allow access.
Page 198: Remote Management And Nat
P-335 Series User’s Guide 2 You have disabled that service in one of the remote management screens. 3 The IP address in the Secured Client IP field does not match the client IP address. If it does not match, the Prestige will disconnect the session immediately. 4 There is already another remote management session with an equal or higher priority running.
Page 199: Configuring Telnet
P-335 Series User’s Guide Figure 86 Remote Management: WWW The following table describes the labels in this screen. Table 60 Remote Management: WWW LABEL DESCRIPTION Server Port You may change the server port number for a service if needed, however you must use the same port number in order to use that service for remote management.
Page 200: Configuring Telnet
P-335 Series User’s Guide Figure 87 Telnet Configuration on a TCP/IP Network 15.4 Configuring TELNET Click REMOTE MGMT and the TELNET tab to display the screen as shown. Figure 88 Remote Management: Telnet The following table describes the labels in this screen. Table 61 Remote Management: Telnet LABEL DESCRIPTION...
Page 201: Configuring Ftp
P-335 Series User’s Guide Table 61 Remote Management: Telnet LABEL DESCRIPTION Apply Click Apply to save your customized settings and exit this screen. Reset Click Reset to begin configuring this screen afresh. 15.5 Configuring FTP You can upload and download the Prestige’s firmware and configuration files using FTP, please see the chapter on firmware and configuration file maintenance for details.
Page 202: Snmp
P-335 Series User’s Guide 15.6 SNMP Simple Network Management Protocol (SNMP) is a protocol used for exchanging management information between network devices. SNMP is a member of the TCP/IP protocol suite. Your Prestige supports SNMP agent functionality, which allows a manager station to manage and monitor the Prestige through the network.
Page 203: Supported Mibs
A trap is sent to the manager when receiving any RFC-1215) SNMP get or set requirements with the wrong community (password). whyReboot (defined in ZYXEL- A trap is sent with the reason of restart before MIB) rebooting when the system is going to restart (warm start).
Page 204: Figure 91 Remote Management: Snmp
P-335 Series User’s Guide Figure 91 Remote Management: SNMP The following table describes the labels in this screen. Table 64 Remote Management: SNMP LABEL DESCRIPTION SNMP Configuration Get Community Enter the Get Community, which is the password for the incoming Get and GetNext requests from the management station.
Page 205: Configuring Dns
P-335 Series User’s Guide Table 64 Remote Management: SNMP LABEL DESCRIPTION Apply Click Apply to save your customized settings and exit this screen. Reset Click Reset to begin configuring this screen afresh. 15.7 Configuring DNS Use DNS (Domain Name System) to map a domain name to its corresponding IP address and vice versa.
Page 206: Configuring Security
P-335 Series User’s Guide 15.8 Configuring Security To change your Prestige’s security settings, click REMOTE MGMT, then the Security tab. The screen appears as shown. If an outside user attempts to probe an unsupported port on your Prestige, an ICMP response packet is automatically returned.
Page 207 P-335 Series User’s Guide Table 66 Security LABEL DESCRIPTION Apply Click Apply to save your customized settings and exit this screen. Reset Click Reset to begin configuring this screen afresh. Chapter 15 Remote Management Screens...
Page 208 P-335 Series User’s Guide Chapter 15 Remote Management Screens...
Page 209: Chapter 16 Introduction To Ipsec
P-335 Series User’s Guide H A P T E R Introduction to IPSec This chapter introduces the basics of IPSec VPNs 16.1 VPN Overview A VPN (Virtual Private Network) provides secure communications between sites without the expense of leased site-to-site lines. A secure VPN is a combination of tunneling, encryption, authentication, access control and auditing technologies/services used to transport traffic over the Internet or any insecure network that uses the TCP/IP protocol suite for communication.
Page 210: Data Confidentiality
P-335 Series User’s Guide Figure 94 Encryption and Decryption 16.1.3.2 Data Confidentiality The IPSec sender can encrypt packets before transmitting them across a network. 16.1.3.3 Data Integrity The IPSec receiver can validate packets sent by the IPSec sender to ensure that the data has not been altered during transmission.
Page 211: Ipsec Algorithms
P-335 Series User’s Guide Figure 95 IPSec Architecture 16.2.1 IPSec Algorithms The ESP (Encapsulating Security Payload) Protocol (RFC 2406) and AH (Authentication Header) protocol (RFC 2402) describe the packet formats and the default standards for packet structure (including implementation algorithms). The Encryption Algorithm describes the use of encryption techniques such as DES (Data Encryption Standard) and Triple DES algorithms.
Page 212: Transport Mode
P-335 Series User’s Guide Figure 96 Transport and Tunnel Mode IPSec Encapsulation 16.3.1 Transport Mode Transport mode is used to protect upper layer protocols and only affects the data in the IP packet. In Transport mode, the IP packet contains the security protocol (AH or ESP) located after the original IP header and options, but before any upper layer protocols contained in the packet (such as TCP and UDP).
Page 213: Table 67 Vpn And Nat
P-335 Series User’s Guide NAT is incompatible with the AH protocol in both Transport and Tunnel mode. An IPSec VPN using the AH protocol digitally signs the outbound packet, both data payload and headers, with a hash value appended to the packet. When using AH protocol, packet contents (the data payload) are not encrypted.
Page 214 P-335 Series User’s Guide Chapter 16 Introduction to IPSec...
Page 215: Chapter 17 Vpn Screens
P-335 Series User’s Guide H A P T E R VPN Screens This chapter introduces the VPN Web Configurator. See the Logs chapter for information on viewing logs and the Appendices for IPSec log descriptions. 17.1 VPN/IPSec Overview Use the screens documented in this chapter to configure rules for VPN connections and manage VPN connections.
Page 216: My Ip Address
P-335 Series User’s Guide Table 68 AH and ESP Encryption DES (default) Data Encryption Standard (DES) is a widely used method of data encryption using a secret key. DES applies a 56-bit key to each 64-bit block of data. 3DES Triple DES (3DES) is a variant of DES, which iterates three times with three separate keys (3 x 56 = 168 bits),...
Page 217: Dynamic Secure Gateway Address
P-335 Series User’s Guide You can also enter a remote secure gateway’s domain name in the Secure Gateway Address field if the remote secure gateway has a dynamic WAN IP address and is using DDNS. The Prestige has to rebuild the VPN tunnel each time the remote secure gateway’s WAN IP address changes (there may be a delay until the DDNS servers are updated with the remote gateway’s new WAN IP address).
Page 218: Figure 98 Vpn: Summary
P-335 Series User’s Guide Figure 98 VPN: Summary The following table describes the labels in this screen. Table 69 VPN: Summary LABEL DESCRIPTION The VPN policy index number. Active This field displays whether the VPN policy is active or not. A Y signifies that this VPN policy is active.
Page 219: Keep Alive
P-335 Series User’s Guide 17.6 Keep Alive When you initiate an IPSec tunnel with keep alive enabled, the Prestige automatically renegotiates the tunnel when the IPSec SA lifetime period expires ( the IPSec Algorithms section for more on the IPSec SA lifetime). In effect, the IPSec tunnel becomes an “always on”...
Page 220: Remote Dns Server
P-335 Series User’s Guide • Use IKE keying mode. • Enable NAT traversal on both IPSec endpoints. In order for IPSec router A (see the figure) to receive an initiating IPSec packet from IPSec router B, set the NAT router to forward UDP port 500 to IPSec router A. 17.7.2 Remote DNS Server In cases where you want to use domain names to access Intranet servers on a remote network that has a DNS server, you must identify that DNS server.
Page 221: Id Type And Content
P-335 Series User’s Guide 17.8 ID Type and Content With aggressive negotiation mode (see Section Negotiation Mode), the Prestige identifies incoming SAs by ID type and content since this identifying information is not encrypted. This enables the Prestige to distinguish between multiple rules for SAs that connect from remote IPSec routers that have dynamic WAN IP addresses.
Page 222: Id Type And Content Examples
P-335 Series User’s Guide Table 71 Peer ID Type and Content Fields PEER ID TYPE CONTENT E-mail Type an e-mail address (up to 31 characters) by which to identify the remote IPSec router. The domain name or e-mail address that you use in the Content field is used for identification purposes only and does not need to be a real domain name or e-mail address.
Page 223: Editing Vpn Rules
P-335 Series User’s Guide 17.10 Editing VPN Rules Click Edit on the Summary screen or click the Rule Setup tab to edit VPN rules. Figure 102 VPN: Rule Setup (Basic) The following table describes the labels in this screen. Table 73 VPN: Rule Setup (Basic) LABEL DESCRIPTION Active...
Page 224 P-335 Series User’s Guide Table 73 VPN: Rule Setup (Basic) LABEL DESCRIPTION NAT Traversal Select this check box to enable NAT traversal. NAT traversal allows you to set up a VPN connection when there are NAT routers between the two IPSec routers. The remote IPSec router must also have NAT traversal enabled.
Page 225 P-335 Series User’s Guide Table 73 VPN: Rule Setup (Basic) LABEL DESCRIPTION Local Content When you select IP in the Local ID Type field, type the IP address of your computer in the local Content field. The Prestige automatically uses the IP address in the My IP Address field (refer to the My IP Address field description) if you configure the local Content field to 0.0.0.0 or leave it blank.
Page 226: Ike Phases
P-335 Series User’s Guide Table 73 VPN: Rule Setup (Basic) LABEL DESCRIPTION Pre-Shared Key Type your pre-shared key in this field. A pre-shared key identifies a communicating party during a phase 1 IKE negotiation. It is called "pre-shared" because you have to share it with another party before you can communicate with them over a secure connection.
Page 227: Negotiation Mode
P-335 Series User’s Guide Figure 103 Two Phases to Set Up the IPSec SA In phase 1 you must: • Choose a negotiation mode. • Authenticate the connection by entering a pre-shared key. • Choose an encryption algorithm. • Choose an authentication algorithm. •...
Page 228: Diffie-Hellman (Dh) Key Groups
P-335 Series User’s Guide • Main Mode ensures the highest level of security when the communicating parties are negotiating authentication (phase 1). It uses 6 messages in three round trips: SA negotiation, Diffie-Hellman exchange and an exchange of nonces (a nonce is a random number).
Page 229: Figure 104 Vpn Ike: Advanced
P-335 Series User’s Guide Figure 104 VPN IKE: Advanced Chapter 17 VPN Screens...
Page 230: Table 74 Vpn Ike: Advanced
P-335 Series User’s Guide The following table describes the labels in this screen. Table 74 VPN IKE: Advanced LABEL DESCRIPTION Active Select this check box to activate this VPN policy. Keep Alive Select this check box to turn on the Keep Alive feature for this SA. Turn on Keep Alive to have the Prestige automatically reinitiate the SA after the SA lifetime times out, even if there is no traffic.
Page 231 P-335 Series User’s Guide Table 74 VPN IKE: Advanced LABEL DESCRIPTION Remote Address End/ When the remote IP address is a single address, type it a second time here. Mask When the remote IP address is a range, enter the end (static) IP address, in a range of computers on the network behind the remote IPSec router.
Page 232 P-335 Series User’s Guide Table 74 VPN IKE: Advanced LABEL DESCRIPTION Peer Content The configuration of the peer content depends on the peer ID type. • For IP, type the IP address of the computer with which you will make the VPN connection.
Page 233: Manual Key Setup
P-335 Series User’s Guide Table 74 VPN IKE: Advanced LABEL DESCRIPTION IPSec Protocol Select ESP or AH from the drop-down list box. The Prestige's IPSec Protocol should be identical to the secure remote gateway. The ESP (Encapsulation Security Payload) protocol (RFC 2406) provides encryption as well as the authentication offered by AH.
Page 234: Security Parameter Index (Spi)
VPN gateway. The local VPN gateway then uses the network, encryption and key values that the administrator associated with the SPI to establish the tunnel. Note: Current ZyXEL implementation assumes identical outgoing and incoming SPIs 17.14 Configuring Manual Key You only configure VPN Manual Key when you select Manual in the IPSec Keying Mode field on the Rule Setup IKE screen.
Page 235: Figure 105 Setup: Manual
P-335 Series User’s Guide Figure 105 Setup: Manual The following table describes the labels in this screen. Table 75 Rule Setup: Manual LABEL DESCRIPTION Active Select this check box to activate this VPN policy. IPSec Keying Mode Select IKE or Manual from the drop-down list box. Manual is a useful option for troubleshooting if you have problems using IKE key management.
Page 236 P-335 Series User’s Guide Table 75 Rule Setup: Manual LABEL DESCRIPTION Local Address The Local IP address must be static and correspond to the remote IPSec router's configured remote IP addresses. Two active SAs can have the same local or remote IP address, but not both. You can configure multiple SAs between the same local and remote IP addresses, as long as only one is active at any time.
Page 237: Viewing Sa Monitor
P-335 Series User’s Guide Table 75 Rule Setup: Manual LABEL DESCRIPTION IPSec Protocol Select ESP if you want to use ESP (Encapsulation Security Payload). The ESP protocol (RFC 2406) provides encryption as well as some of the services offered by AH. If you select ESP here, you must select options from the Encryption Algorithm and Authentication Algorithm fields (described next).
Page 238: Configuring Global Setting
P-335 Series User’s Guide Figure 106 SA Monitor The following table describes the labels in this screen. Table 76 SA Monitor LABEL DESCRIPTION This is the security association index number. Name This field displays the identification name for this VPN policy. Encapsulation This field displays Tunnel or Transport mode.
Page 239: Telecommuter Vpn/Ipsec Examples
P-335 Series User’s Guide Figure 107 VPN: Global Setting The following table describes the labels in this screen. Table 77 VPN: Global Setting LABEL DESCRIPTION Windows Networking NetBIOS (Network Basic Input/Output System) are TCP or UDP broadcast (NetBIOS over TCP/IP) packets that enable a computer to find other computers.
Page 240: Telecommuters Using Unique Vpn Rules Example
P-335 Series User’s Guide Having everyone use the same pre-shared key may create a vulnerability. If the pre-shared key is compromised, all of the VPN connections using that VPN rule are at risk. A recommended alternative is to use a different VPN rule for each telecommuter and identify them by unique IDs (see the Telecommuters Using Unique VPN Rules Example section Table 78 Telecommuter and Headquarters Configuration Example...
Page 241: Vpn And Remote Management
P-335 Series User’s Guide See the following graphic for an example where three telecommuters each use a different VPN rule to initiate a VPN connection to a Prestige located at headquarters. The Prestige at headquarters identifies each by its secure gateway address (a dynamic domain name) and uses the appropriate VPN rule to establish the VPN connection.
Page 242 P-335 Series User’s Guide Chapter 17 VPN Screens...
Page 243: Chapter 18 Centralized Logs
P-335 Series User’s Guide H A P T E R Centralized Logs This chapter contains information about configuring general log settings and viewing the Prestige’s logs. Refer to the appendices for example log message explanations. 18.1 View Log The web configurator allows you to look at all of the Prestige’s logs in one location. Click the LOGS in the navigation panel to open the View Log screen.
Page 244: Log Settings
P-335 Series User’s Guide Figure 110 View Logs The following table describes the labels in this screen. Table 79 View Logs LABEL DESCRIPTION Display The categories that you select in the Log Settings page (see section ) display in the drop-down list box. Select a category of logs to view;...
Page 245 P-335 Series User’s Guide Use the Log Settings screen to configure to where the Prestige is to send logs; the schedule for when the Prestige is to send the logs and which logs and/or immediate alerts the Prestige to send. An alert is a type of log that warrants more serious attention.
Page 246: Figure 111 Log Settings
P-335 Series User’s Guide Figure 111 Log Settings Chapter 18 Centralized Logs...
Page 247: Table 80 Log Settings
P-335 Series User’s Guide The following table describes the labels in this screen. Table 80 Log Settings LABEL DESCRIPTION Address Info Mail Server Enter the server name or the IP address of the mail server for the e-mail addresses specified below. If this field is left blank, logs and alert messages will not be sent via E-mail.
Page 248 P-335 Series User’s Guide Chapter 18 Centralized Logs...
Page 249: Chapter 19 Print Server
P-335 Series User’s Guide H A P T E R Print Server This chapter discusses how to configure the print server on the Prestige. 19.1 Print Server Overview A print server is a device or software that provides users on a network with shared access to one or more printers.
Page 250: Prestige Print Server Configuration
P-335 Series User’s Guide The print server must be set up on each computer in your network that you want to use the print server. Before you set up the print server, make sure the USB printer is connected to the Prestige using the USB cable and that both the Prestige and the USB printer are turned on.
Page 251: Media Bandwidth Management
Prestige’s media bandwidth management logs. 20.1 Media Bandwidth Management Overview ZyXEL’s Media Bandwidth Management allows you to specify bandwidth management rules based on an application and/or subnet. You can allocate specific amounts of bandwidth capacity (bandwidth budgets) to different bandwidth rules.
Page 252: Subnet-Based Bandwidth Management Example
P-335 Series User’s Guide Figure 113 Application-based Bandwidth Management Example 20.1.2 Subnet-based Bandwidth Management Example The following example uses bandwidth rules based solely on LAN subnets. Each bandwidth rule (Subnet A and Subnet B) is allotted 320 Kbps. Figure 114 Subnet-based Bandwidth Management Example 20.1.3 Application and Subnet-based Bandwidth Management Example The following example uses bandwidth rules based on LAN subnets and applications (specific...
Page 253: Bandwidth Usage Example
P-335 Series User’s Guide Figure 115 Application and Subnet-based Bandwidth Management Example Table 82 Application and Subnet-based Bandwidth Management Example TRAFFIC TYPE FROM SUBNET A FROM SUBNET B VoIP 64 Kbps 64 Kbps 64 Kbps 64 Kbps 64 Kbps 64 Kbps E-mail 64 Kbps 64 Kbps...
Page 254: Figure 116 Bandwidth Usage Example
P-335 Series User’s Guide Figure 116 Bandwidth Usage Example The following figure shows the bandwidth usage with the maximize bandwidth usage option enabled. The Prestige divides up the unbudgeted 64 Kbps among the rules that require more bandwidth. If the administration department only uses 32 Kbps of the budgeted 64 Kbps, the Prestige also divides the remaining 32 Kbps among the rules that require more bandwidth.
Page 255: Bandwidth Management Priorities
P-335 Series User’s Guide Figure 117 Maximize Bandwidth Usage Example 20.1.5 Bandwidth Management Priorities The following table describes the priorities that you can apply to traffic that the Prestige forwards out through an interface. Table 83 Media Mandwidth Management Priorities PRIORITY LEVELS: TRAFFIC WITH A HIGHER PRIORITY GETS THROUGH FASTER WHILE TRAFFIC WITH A LOWER PRIORITY IS DROPPED IF THE NETWORK IS CONGESTED.
Page 256: Voip (Sip)
P-335 Series User’s Guide 20.1.6.2 VoIP (SIP) Sending voice signals over the Internet is called Voice over IP or VoIP. Session Initiated Protocol (SIP) is an internationally recognized standard for implementing VoIP. SIP is an application-layer control (signaling) protocol that handles the setting up, altering and tearing down of voice and multimedia sessions over the Internet.
Page 257: Services
A popular videoconferencing solution from White Pines Software. 24032) DNS(UDP/TCP:53) Domain Name Server, a service that matches web names (e.g. www.zyxel.com) to IP numbers. FINGER(TCP:79) Finger is a UNIX or Internet related command that can be used to find out if a user is logged on.
Page 258: Media Bandwidth Management Configuration Screen
P-335 Series User’s Guide Table 84 Commonly Used Services SERVICE DESCRIPTION PING(ICMP:0) Packet INternet Groper is a protocol that sends out ICMP echo requests to test whether or not a remote host is reachable. POP3(TCP:110) Post Office Protocol version 3 lets a client computer get e-mail from a POP3 server through a temporary connection (TCP/IP or other).
Page 259: Figure 118 Bandwidth Management Configuration
P-335 Series User’s Guide Figure 118 Bandwidth Management Configuration Chapter 20 Media Bandwidth Management...
Page 260: Editing Bandwidth Management Rules
P-335 Series User’s Guide The following table describes the labels in this screen. Table 85 Bandwidth Management Configuration LABEL DESCRIPTION Active Select this check box to have the Prestige apply bandwidth management. Enable bandwidth management to give traffic that matches a bandwidth rule priority over traffic that does not match a bandwidth rule.
Page 261: Configuring Bandwidth Management Rules And Services
P-335 Series User’s Guide 20.4 Configuring Bandwidth Management Rules and Services Select a radio button for a rule and then click Edit to open the Bandwidth Management Configuration Edit screen. Figure 119 Bandwidth Management Edit The following table describes the labels in this screen. Table 86 Bandwidth Management Edit LABEL DESCRIPTION...
Page 262: Monitor Screen
P-335 Series User’s Guide Table 86 Bandwidth Management Edit LABEL DESCRIPTION Use All Managed Select this option to allow a rule to borrow unused bandwidth on the interface. Bandwidth Bandwidth borrowing is governed by the priority of the rules. That is, a rule with the highest priority is the first to borrow bandwidth.
Page 263: Figure 120 Bandwidth Management Monitor
P-335 Series User’s Guide Figure 120 Bandwidth Management Monitor Chapter 20 Media Bandwidth Management...
Page 264 P-335 Series User’s Guide Chapter 20 Media Bandwidth Management...
Page 265: Chapter 21 Maintenance
P-335 Series User’s Guide H A P T E R Maintenance This chapter displays system information such as ZyNOS firmware, port IP addresses and port traffic statistics. 21.1 Maintenance Overview The maintenance screens can help you view system information, upload new firmware, manage configuration and restart your Prestige.
Page 266: Figure 121 Maintenance Status
Prestige. If you are uploading firmware, be sure to upload firmware for this exact model name. This field is not available on all models. ZyNOS Firmware This is the ZyNOS Firmware version and the date created. ZyNOS is ZyXEL's Version proprietary Network Operating System design.
Page 267: System Statistics
P-335 Series User’s Guide 21.2.1 System Statistics Read-only information here includes port status and packet specific statistics. Also provided are "system up time" and "poll interval(s)". The Poll Interval(s) field is configurable. Figure 122 Maintenance System Statistics The following table describes the labels in this screen. Table 88 Maintenance System Statistics LABEL DESCRIPTION...
Page 268: Any Ip Table
P-335 Series User’s Guide Click MAINTENANCE, and then the DHCP Table tab. Read-only information here relates to your DHCP status. The DHCP table shows current DHCP Client information (including IP Address, Host Name and MAC Address) of all network clients using the DHCP server. Figure 123 Maintenance DHCP Table The following table describes the labels in this screen.
Page 269: Association List
P-335 Series User’s Guide Figure 124 Maintenance Any IP The following table describes the labels in this screen. Table 90 Maintenance Any IP LABEL DESCRIPTION This field displays the index number. IP Address This field displays the IP address of the network device. MAC Address This field displays the MAC (Media Access Control) address of the computer with the displayed IP address.
Page 270: F/W Upload Screen
Click Refresh to redisplay the current screen. 21.6 F/W Upload Screen Find firmware at www.zyxel.com in a file that (usually) uses the system model name with a "*.bin" extension, e.g., "Prestige.bin". The upload process uses HTTP (Hypertext Transfer Protocol) and may take up to two minutes. After a successful upload, the system will reboot.
Page 271: Figure 126 Maintenance Firmware Upload
P-335 Series User’s Guide Figure 126 Maintenance Firmware Upload The following table describes the labels in this screen. Table 92 Maintenance Firmware Upload LABEL DESCRIPTION File Path Type in the location of the file you want to upload in this field or click Browse ... to find it. Browse...
Page 272: Figure 127 Upload Warning
P-335 Series User’s Guide Figure 127 Upload Warning The Prestige automatically restarts in this time causing a temporary network disconnect. In some operating systems, you may see the following icon on your desktop. Figure 128 Network Temporarily Disconnected After two minutes, log in again and check your new firmware version in the System Status screen.
Page 273: Configuration Screen
P-335 Series User’s Guide Figure 129 Upload Error Message 21.7 Configuration Screen See the Firmware and Configuration File Maintenance chapter for transferring configuration files using FTP/TFTP commands. Click MAINTENANCE, and then the Configuration tab. Information related to factory defaults, backup configuration, and restoring configuration appears as shown next. Chapter 21 Maintenance...
Page 274: Backup Configuration
P-335 Series User’s Guide Figure 130 Maintenance Configuration 21.7.1 Backup Configuration Backup configuration allows you to back up (save) the Prestige’s current configuration to a file on your computer. Once your Prestige is configured and functioning properly, it is highly recommended that you back up your configuration file before making configuration changes.
Page 275: Restore Configuration
P-335 Series User’s Guide 21.7.2 Restore Configuration Restore configuration allows you to upload a new or previously saved configuration file from your computer to your Prestige. Table 93 Maintenance Restore Configuration LABEL DESCRIPTION File Path Type in the location of the file you want to upload in this field or click Browse ... to find it. Browse...
Page 276: Back To Factory Defaults
P-335 Series User’s Guide Figure 132 Temporarily Disconnected If you uploaded the default configuration file you may need to change the IP address of your computer to be in the same subnet as that of the default Prestige IP address (192.168.1.1). See your Quick Start Guide for details on how to set up your computer’s IP address.
Page 277: Figure 134 System Restart
P-335 Series User’s Guide Figure 134 System Restart Chapter 21 Maintenance...
Page 278 P-335 Series User’s Guide Chapter 21 Maintenance...
Page 279: Chapter 22 Introducing The Smt
P-335 Series User’s Guide H A P T E R Introducing the SMT This chapter explains how to access and navigate the System Management Terminal and gives an overview of its menus. 22.1 SMT Introduction The Prestige’s SMT (System Management Terminal) is a menu-driven interface that you can access over a telnet connection.
Page 280: Prestige Smt Menu Overview
P-335 Series User’s Guide Figure 135 Login Screen Enter Password : **** 22.1.3 Prestige SMT Menu Overview The following figure gives you an overview of the various SMT menu screens of your Prestige. Figure 136 SMT Menu Overview Chapter 22 Introducing the SMT...
Page 281: Navigating The Smt Interface
P-335 Series User’s Guide 22.2 Navigating the SMT Interface The SMT(System Management Terminal) is the interface that you use to configure your Prestige. Several operations that you should be familiar with before you attempt to modify the configuration are listed in the table below. Table 94 Main Menu Commands OPERATION KEYSTROKE...
Page 282: System Management Terminal Interface Summary
P-335 Series User’s Guide Figure 137 SMT Main Menu Copyright (c) 1994 - 2004 ZyXEL Communications Corp. P-335/P-335WT Main Menu Getting Started Advanced Management 1. General Setup 21. Filter and Firewall Setup 2. WAN Setup 22. SNMP Configuration 3. LAN Setup 23.
Page 283: Changing The System Password
P-335 Series User’s Guide 22.3 Changing the System Password Change the Prestige default password by following the steps shown next. 1 Enter 23 in the main menu to display Menu 23 - System Security as shown next. Figure 138 Menu 23: System Security Menu 23 - System Security Change Password RADIUS Server...
Page 284 P-335 Series User’s Guide Chapter 22 Introducing the SMT...
Page 285: Chapter 23 Menu 1 General Setup
P-335 Series User’s Guide H A P T E R Menu 1 General Setup Menu 1 - General Setup contains administrative and system-related information. 23.1 General Setup Menu 1 — General Setup contains administrative and system-related information (shown next). The System Name field is for identification purposes. However, because some ISPs check this name you should enter your computer's "Computer Name".
Page 286: Figure 140 Menu 1 General Setup
P-335 Series User’s Guide Figure 140 Menu 1 General Setup. Menu 1 - General Setup System Name= P-335/P-335WT Domain Name= First System DNS Server= From ISP IP Address= N/A Second System DNS Server= From ISP IP Address= N/A Third System DNS Server= From ISP...
Page 287: Procedure To Configure Dynamic Dns
P-335 Series User’s Guide 23.2.1 Procedure to Configure Dynamic DNS Note: If you have a private WAN IP address, then you cannot use Dynamic DNS To configure Dynamic DNS, go to Menu 1 — General Setup and select Yes in the Edit Dynamic DNS field.
Page 288 P-335 Series User’s Guide Table 97 Menu 1.1 Configure Dynamic DNS FIELD DESCRIPTION Offline This field is only available when CustomDNS is selected in the DDNS Type field. http:/ Press [SPACE BAR] and then [ENTER] to select Yes. When Yes is selected, /www.dyndns.org/ traffic is redirected to a URL that you have previously specified (see...
Page 289: Chapter 24 Menu 2 Wan Setup
P-335 Series User’s Guide H A P T E R Menu 2 WAN Setup This chapter describes how to configure the WAN using menu 2. 24.1 Introduction to WAN This chapter explains how to configure settings for your WAN port. 24.2 WAN Setup From the main menu, enter 2 to open menu 2.
Page 290 P-335 Series User’s Guide Chapter 24 Menu 2 WAN Setup...
Page 291: Chapter 25 Menu 3 Lan Setup
P-335 Series User’s Guide H A P T E R Menu 3 LAN Setup This chapter covers how to configure your wired Local Area Network (LAN) settings. 25.1 LAN Setup This section describes how to configure the Ethernet using Menu 3 — LAN Setup. From the main menu, enter 3 to display menu 3.
Page 292: Protocol Dependent Ethernet Setup
P-335 Series User’s Guide 25.2 Protocol Dependent Ethernet Setup Depending on the protocols for your applications, you need to configure the respective Ethernet Setup, as outlined below. • For TCP/IP Ethernet setup refer to the Internet Access Application chapter. • For bridging Ethernet setup refer to the Bridging Setup chapter. 25.3 TCP/IP Ethernet Setup and DHCP Use menu 3.2 to configure your Prestige for TCP/IP.
Page 293: Table 100 Menu 3.2: Lan Tcp/Ip Setup Fields
P-335 Series User’s Guide Table 99 DHCP Ethernet Setup Fields FIELD DESCRIPTION Size of Client IP This field specifies the size, or count of the IP address pool. Pool The Prestige passes a DNS (Domain Name System) server IP address (in the order First DNS Server you specify here) to the DHCP clients.
Page 294: Ip Alias Setup
P-335 Series User’s Guide 25.3.1 IP Alias Setup IP alias allows you to partition a physical network into different logical networks over the same Ethernet interface. The Prestige supports three logical LAN interfaces via its single physical Ethernet interface with the Prestige itself as the gateway for each LAN network. Figure 146 Physical Network &...
Page 295: Wireless Lan Setup (P-335Wt Only)
When you have completed this menu, press [ENTER] at the prompt [Press ENTER to Confirm…] to save your configuration, or press [ESC] at any time to cancel. 25.4 Wireless LAN Setup (P-335WT only) Use menu 3.5 to set up your Prestige as the wireless access point. To edit menu 3.5, enter 3 from the main menu to display Menu 3 –...
Page 296: Figure 148 Menu 3.5 Wireless Lan Setup
P-335 Series User’s Guide Figure 148 Menu 3.5 Wireless LAN Setup Menu 3.5 - Wireless LAN Setup ESSID= Wireless Hide ESSID= No Channel ID= CH06 2437MHz RTS Threshold= 2432 Frag. Threshold= 2432 WEP Encryption= Disable Default Key= N/A Key1= N/A Key2= N/A Key3= N/A Key4= N/A...
Page 297: Configuring Mac Address Filter
P-335 Series User’s Guide Table 102 Menu 3.5 Wireless LAN Setup FIELD DESCRIPTION Key 1 to Key 4 The WEP keys are used to encrypt data. Both the Prestige and the wireless stations must use the same WEP key for data transmission. If you chose 64-bit WEP in the WEP Encryption field, then enter any 5 ASCII char- acters or 10 hexadecimal characters ("0-9", "A-F").
Page 298: Figure 149 Menu 3.5 Wireless Lan Setup
P-335 Series User’s Guide Figure 149 Menu 3.5 Wireless LAN Setup Menu 3.5 - Wireless LAN Setup ESSID= ZyXEL Hide ESSID= No Channel ID= CH06 2437MHz Edit MAC Address Filter= No RTS Threshold= 4096 Edit Roaming Configuration= No Frag. Threshold= 4096...
Page 299: Configuring Roaming On The Prestige
P-335 Series User’s Guide Figure 150 Menu 3.5.1 WLAN MAC Address Filter Menu 3.5.1 - WLAN MAC Address Filter Active= No Filter Action= Allowed Association --------------------------------------------------------------------------- 00:00:00:00:00:00 00:00:00:00:00:00 00:00:00:00:00:00 00:00:00:00:00:00 00:00:00:00:00:00 00:00:00:00:00:00 00:00:00:00:00:00 00:00:00:00:00:00 00:00:00:00:00:00 00:00:00:00:00:00 00:00:00:00:00:00 00:00:00:00:00:00 00:00:00:00:00:00 00:00:00:00:00:00 00:00:00:00:00:00 00:00:00:00:00:00 00:00:00:00:00:00...
Page 300: Figure 151 Menu 3.5 Wireless Lan Setup
P-335 Series User’s Guide Figure 151 Menu 3.5 Wireless LAN Setup Menu 3.5 - Wireless LAN Setup ESSID= Wireless Hide ESSID= No Channel ID= CH06 2437MHz RTS Threshold= 2432 Frag. Threshold= 2432 WEP Encryption= Disable Default Key= N/A Key1= N/A Key2= N/A Key3= N/A Key4= N/A...
Page 301: Chapter 26 Internet Access
P-335 Series User’s Guide H A P T E R Internet Access This chapter shows you how to configure your Prestige for Internet access 26.1 Introduction to Internet Access Setup Use information from your ISP along with the instructions in this chapter to set up your Prestige to access the Internet.
Page 302 P-335 Series User’s Guide Table 105 Internet Access Setup (Ethernet (continued) Encapsulation Press [SPACE BAR] and then press [ENTER] to choose Ethernet. The encapsulation method influences your choices for the IP Address field. Service Type Press [SPACE BAR] and then [ENTER] to select Standard, RR-Toshiba (RoadRunner Toshiba authentication method), RR-Manager (RoadRunner Manager authentication method), RR-Telstra or Telia Login.
Page 303: Configuring The Pptp Client
P-335 Series User’s Guide 26.3 Configuring the PPTP Client Note: The Prestige supports only one PPTP server connection at any given time To configure a PPTP client, you must configure the My Login and Password fields for a PPP connection and the PPTP parameters for a PPTP connection. After configuring My Login and Password for PPP connection, press [SPACE BAR] and then [ENTER] in the Encapsulation field in Menu 4 -Internet Access Setup to choose PPTP as your encapsulation option.
Page 304: Basic Setup Complete
P-335 Series User’s Guide Figure 155 Internet Access Setup (PPPoE) Menu 4 - Internet Access Setup ISP's Name= MyISP Encapsulation= PPPoE Service Type= N/A My Login= My Password= ******** Retype to Confirm= ******** Idle Timeout= 100 IP Address Assignment= Dynamic IP Address= N/A IP Subnet Mask= N/A Gateway IP Address= N/A...
Page 305: Remote Node Configuration
P-335 Series User’s Guide H A P T E R Remote Node Configuration This chapter covers remote node configuration. 27.1 Introduction to Remote Node Setup A remote node is required for placing calls to a remote gateway. A remote node represents both the remote gateway and the network behind it across a WAN connection.
Page 306: Figure 156 Menu 11.1 Remote Node Profile For Ethernet Encapsulation
P-335 Series User’s Guide Figure 156 Menu 11.1 Remote Node Profile for Ethernet Encapsulation Menu 11.1 - Remote Node Profile Rem Node Name= MyISP Route= IP Active= Yes Encapsulation= Ethernet Edit IP= No Service Type= Standard Session Options: Service Name= N/A Edit Filter Sets= No Outgoing: My Login= N/A...
Page 307: Pppoe Encapsulation
P-335 Series User’s Guide Table 108 Menu 11.1 Remote Node Profile for Ethernet Encapsulation FIELD DESCRIPTION Session Options Edit Filter Sets This field leads to another “hidden” menu. Use [SPACE BAR] to select Yes and press [ENTER] to open menu 11.5 to edit the filter sets. See the Remote Node Filter section for more details.
Page 308: Nailed-Up Connection
P-335 Series User’s Guide 27.2.2.2 Nailed-Up Connection A nailed-up connection is a dial-up line where the connection is always up regardless of traffic demand. The Prestige does two things when you specify a nailed-up connection. The first is that idle timeout is disabled. The second is that the Prestige will try to bring up the connection when turned on and whenever the connection is down.
Page 309: Edit Ip
P-335 Series User’s Guide Figure 158 Menu 11.1 Remote Node Profile for PPTP Encapsulation Menu 11.1 - Remote Node Profile Rem Node Name= MyISP Route= IP Active= Yes Encapsulation= PPTP Edit IP= No Service Type= Standard Telco Option: Service Name= N/A Allocated Budget(min)= 0 Outgoing: Period(hr)= 0...
Page 310: Figure 159 Menu 11.3 Remote Node Network Layer Options For Ethernet Encapsulation
P-335 Series User’s Guide Figure 159 Menu 11.3 Remote Node Network Layer Options for Ethernet Encapsulation Menu 11.3 - Remote Node Network Layer Options IP Address Assignment= Dynamic IP Address= N/A IP Subnet Mask= N/A Gateway IP Addr= N/A Network Address Translation= SUA Only Metric= 1 Private= N/A RIP Direction= None...
Page 311: Remote Node Filter
P-335 Series User’s Guide Table 111 Remote Node Network Layer Options FIELD DESCRIPTION Private This field is valid only for PPTP/PPPoE encapsulation. This parameter determines if the Prestige will include the route to this remote node in its RIP broadcasts. If set to Yes, this route is kept private and not included in RIP broadcast.
Page 312: Traffic Redirect Setup
P-335 Series User’s Guide Figure 160 M enu 11.5: Remote Node Filter (Ethernet Encapsulation) Menu 11.5 - Remote Node Filter Input Filter Sets: protocol filters= device filters= Output Filter Sets: protocol filters= device filters= Enter here to CONFIRM or ESC to CANCEL: Figure 161 Menu 11.5: Remote Node Filter (PPPoE or PPTP Encapsulation) Menu 11.5 - Remote Node Filter...
Page 313: Figure 162 Menu 11.6: Traffic Redirect Setup
P-335 Series User’s Guide Figure 162 Menu 11.6: Traffic Redirect Setup Menu 11.6 - Traffic Redirect Setup Active= Yes Configuration: Backup Gateway IP Address= 0.0.0.0 Metric= 15 Check WAN IP Address= 0.0.0.0 Fail Tolerance= 2 Period(sec)= 5 Timeout(sec)= 3 Press ENTER to Confirm or ESC to Cancel: The following table describes the fields in this screen.
Page 314 P-335 Series User’s Guide Chapter 27 Remote Node Configuration...
Page 315: Chapter 28 Static Route Setup
P-335 Series User’s Guide H A P T E R Static Route Setup This chapter shows how to setup IP static routes. 28.1 IP Static Route Setup To configure an IP static route, use Menu 12 – Static Routing Setup (shown next). Figure 163 Menu 12 IP Static Route Setup Menu 12 - IP Static Route Setup 1.
Page 316 P-335 Series User’s Guide Table 113 Menu12.1 Edit IP Static Route FIELD DESCRIPTION Active This field allows you to activate/deactivate this static route. Destination IP Address This parameter specifies the IP network address of the final destination. Routing is always based on network number. If you need to specify a route to a single host, use a subnet mask of 255.255.255.255 in the subnet mask field to force the network number to be identical to the host ID.
Page 317: Network Address Translation (Nat)
P-335 Series User’s Guide H A P T E R Network Address Translation (NAT) This chapter discusses how to configure NAT on the Prestige. 29.1 Using NAT Note: You must create a firewall rule in addition to setting up SUA/NAT, to allow traffic from the WAN to be forwarded through the Prestige 29.1.1 SUA (Single User Account) Versus NAT SUA (Single User Account) is a ZyNOS implementation of a subset of NAT that supports two...
Page 318: Figure 165 Menu 4 Applying Nat For Internet Access
P-335 Series User’s Guide Figure 165 Menu 4 Applying NAT for Internet Access Menu 4 - Internet Access Setup ISP's Name= MyISP Encapsulation= Ethernet Service Type= Standard My Login= N/A My Password= N/A Retype to Confirm= N/A Login Server= N/A Relogin Every (min)= IP Address Assignment= Dynamic IP Address= N/A...
Page 319: Nat Setup
P-335 Series User’s Guide Figure 166 Menu 11.3 Applying NAT to the Remote Node Menu 11.3 - Remote Node Network Layer Options IP Address Assignment= Dynamic IP Address= N/A IP Subnet Mask= N/A Gateway IP Addr= N/A Network Address Translation= SUA Only Metric= 1 Private= N/A RIP Direction= None...
Page 320: Address Mapping Sets
P-335 Series User’s Guide Figure 167 Menu 15 NAT Setup Menu 15 - NAT Setup 1. Address Mapping Sets 2. Port Forwarding Setup 3. Trigger Port Setup Enter Menu Selection Number: 29.3.1 Address Mapping Sets Enter 1 to bring up Menu 15.1 — Address Mapping Sets. Figure 168 Menu 15.1 Address Mapping Sets Menu 15.1 - Address Mapping Sets 1.
Page 321: User-Defined Address Mapping Sets
P-335 Series User’s Guide Table 115 SUA Address Mapping Rules FIELD DESCRIPTION Local End IP Local End IP is the ending local IP address (ILA). If the rule is for all local IPs, then the Start IP is 0.0.0.0 and the End IP is 255.255.255.255. Global Start IP This is the starting global IP address (IGA).
Page 322: Ordering Your Rules
P-335 Series User’s Guide Figure 170 Menu 15.1.1 First Set Menu 15.1.1 - Address Mapping Rules Set Name= NAT_SET Local Start IP Local End IP Global Start IP Global End IP Type --------------- -------------- --------------- --------------- ------ Action= Edit Select Rule= Press ENTER to Confirm or ESC to Cancel: Note: If the Set Name field is left blank, the entire set will be deleted.
Page 323: Figure 171 Menu 15.1.1.1 Editing/Configuring An Individual Rule In A Set
P-335 Series User’s Guide Note: You must press [ENTER] at the bottom of the screen to save the whole set. You must do this again if you make any changes to the set – including deleting a rule. No changes to the set take place until this action is taken Selecting Edit in the Action field and then selecting a rule brings up the following menu, Menu 15.1.1.1 - Address Mapping Rule in which you can edit an individual rule and...
Page 324: Configuring A Server Behind Nat
P-335 Series User’s Guide 29.4 Configuring a Server behind NAT Follow these steps to configure a server behind NAT: 1 Enter 15 in the main menu to go to Menu 15 - NAT Setup. 2 Enter 2 to display Menu 15.2 - NAT Server Setup as shown next. Figure 172 Menu 15.2.1 NAT Server Setup Menu 15.2 - NAT Server Setup...
Page 325: General Nat Examples
P-335 Series User’s Guide Figure 173 Multiple Servers Behind NAT Example 29.5 General NAT Examples The following are some examples of NAT configuration. 29.5.1 Example 1: Internet Access Only In the following Internet access example, you only need one rule where the ILAs (Inside Local Addresses) of computers A through D map to one dynamic IGA (Inside Global Address) assigned by your ISP.
Page 326: Example 2: Internet Access With An Inside Server
P-335 Series User’s Guide Figure 175 Menu 4 Internet Access & NAT Example Menu 4 - Internet Access Setup ISP's Name= MyISP Encapsulation= Ethernet Service Type= Standard My Login= N/A My Password= N/A Retype to Confirm= N/A Login Server= N/A Relogin Every (min)= IP Address Assignment= Dynamic IP Address= N/A...
Page 327: Example 3: Multiple Public Ip Addresses With Inside Servers
P-335 Series User’s Guide Figure 177 Menu 15.2.1 Specifying an Inside Server Menu 15.2.1 - NAT Server Setup Rule Start Port No. End Port No. IP Address --------------------------------------------------- Default Default 192.168.1.10 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 Press ENTER to Confirm or ESC to Cancel:...
Page 328: Figure 178 Nat Example 3
P-335 Series User’s Guide Figure 178 NAT Example 3 1 In this case you need to configure Address Mapping Set 1 from Menu 15.1 - Address Mapping Sets. Therefore you must choose the Full Feature option from the Network Address Translation field (in menu 4 or menu 11.3) see Figure 159.
Page 329: Figure 180 Example 3: Menu 15.1.1.1
P-335 Series User’s Guide Figure 180 Example 3: Menu 15.1.1.1 Menu 15.1.1.1 Address Mapping Rule Type= One-to-One Local IP: Start= 192.168.1.10 = N/A Global IP: Start= 10.132.50.1 = N/A Press ENTER to Confirm or ESC to Cancel: Press Space Bar to Toggle. Figure 181 Example 3: Final Menu 15.1.1 Menu 15.1.1 - Address Mapping Rules Set Name=...
Page 330: Example 4: Nat Unfriendly Application Programs
P-335 Series User’s Guide Figure 182 Example 3: Menu 15.2 Menu 15.2 - NAT Server Setup Rule Start Port No. End Port No. IP Address --------------------------------------------------- Default Default 0.0.0.0 192.168.1.21 192.168.1.20 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 Press ENTER to Confirm or ESC to Cancel: HTTP:80 FTP:21 Telnet:23 SMTP:25 POP3:110 PPTP:1723 29.5.4 Example 4: NAT Unfriendly Application Programs...
Page 331: Configuring Trigger Port Forwarding
P-335 Series User’s Guide Figure 184 Example 4: Menu 15.1.1.1 Address Mapping Rule. Menu 15.1.1.1 Address Mapping Rule Type= Many-One-to-One Local IP: Start= 192.168.1.10 = 192.168.1.12 Global IP: Start= 10.132.50.1 = 10.132.50.3 Press ENTER to Confirm or ESC to Cancel: After you’ve configured your rule, you should be able to check the settings in menu 15.1.1 as shown next.
Page 332: Figure 186 Menu 15.3 Trigger Port Setup
P-335 Series User’s Guide Figure 186 Menu 15.3 Trigger Port Setup Menu 15.3 - Trigger Port Setup Incoming Trigger Rule Name Start Port End Port Start Port End Port ---------------------------------------------------------------------- Real Audio 6970 7170 7070 7070 Press ENTER to Confirm or ESC to Cancel: The following table describes the fields in this screen.
Page 333: Chapter 30 Enabling The Firewall
P-335 Series User’s Guide H A P T E R Enabling the Firewall This chapter shows you how to get started with the Prestige firewall. 30.1 Remote Management and the Firewall When SMT menu 24.11 is configured to allow management (see the Remote Management chapter) and the firewall is enabled: •...
Page 334: Figure 187 Menu 21.2 Firewall Setup
P-335 Series User’s Guide Figure 187 Menu 21.2 Firewall Setup Menu 21.2 - Firewall Setup The firewall protects against Denial of Service (DoS) attacks when it is active. Your network is vulnerable to attacks when the firewall is turned off. Refer to the User's Guide for details about the firewall default policies.
Page 335: Chapter 31 Filter Configuration
P-335 Series User’s Guide H A P T E R Filter Configuration This chapter shows you how to create and apply filters. 31.1 Introduction to Filters Your Prestige uses filters to decide whether to allow passage of a data packet and/or to make a call.
Page 336: The Filter Structure Of The Prestige
P-335 Series User’s Guide 31.1.1 The Filter Structure of the Prestige A filter set consists of one or more filter rules. Usually, you would group related rules, e.g., all the rules for NetBIOS, into a single set and give it a descriptive name. The Prestige allows you to configure up to twelve filter sets with six rules in each set, for a total of 72 filter rules in the system.
Page 337: Configuring A Filter Set
P-335 Series User’s Guide 31.2 Configuring a Filter Set The Prestige includes filtering for NetBIOS over TCP/IP packets by default. To configure another filter set, follow the procedure below. 1 Enter 21 in the main menu to open menu 21. Figure 190 Menu 21: Filter and Firewall Setup Menu 21 - Filter and Firewall Setup 1.
Page 338: Configuring A Filter Rule
P-335 Series User’s Guide Table 119 Abbreviations Used in the Filter Rules Summary Menu FIELD DESCRIPTION Filter Rules These parameters are displayed here. More. “Y” means there are more rules to check which form a rule chain with the present rule. An action cannot be taken until the rule chain is complete.
Page 339: Configuring A Tcp/Ip Filter Rule
P-335 Series User’s Guide 31.2.2 Configuring a TCP/IP Filter Rule This section shows you how to configure a TCP/IP filter rule. TCP/IP rules allow you to base the rule on the fields in the IP and the upper layer protocol, for example, UDP and TCP headers.
Page 340 P-335 Series User’s Guide Table 121 TCP/IP Filter Rule FIELD DESCRIPTION OPTIONS Port # Comp Press [SPACE BAR] and then [ENTER] to select the comparison None to apply to the destination port in the packet against the value Less given in Destination: Port #. Greater Equal Not Equal...
Page 341: Configuring A Generic Filter Rule
P-335 Series User’s Guide Figure 193 Executing an IP Filter 31.2.3 Configuring a Generic Filter Rule This section shows you how to configure a generic filter rule. The purpose of generic rules is to allow you to filter non-IP packets. For IP, it is generally easier to use the IP rules directly. For generic rules, the Prestige treats a packet as a byte stream as opposed to an IP or IPX packet.
Page 342: Figure 194 Menu 21.1.4.1 Generic Filter Rule
P-335 Series User’s Guide Figure 194 Menu 21.1.4.1 Generic Filter Rule Menu 21.1.4.1 - Generic Filter Rule Filter #: 4,1 Filter Type= Generic Filter Rule Active= No Offset= 0 Length= 0 Mask= N/A Value= N/A More= No Log= None Action Matched= Check Next Rule Action Not Matched= Check Next Rule Press ENTER to Confirm or ESC to Cancel: The following table describes the fields in the Generic Filter Rule menu.
Page 343: Example Filter
P-335 Series User’s Guide Table 122 Generic Filter Rule Menu Fields FIELD DESCRIPTION OPTIONS Action Not Select the action for a packet not matching the rule. Check Next Rule Matched Forward Drop Once you have completed filling in Menu 21.4.1.1 - Generic Filter Rule, press [ENTER] at the message “Press ENTER to Confirm”...
Page 344: Figure 196 Example Filter: Menu 21.1.3.1
P-335 Series User’s Guide Figure 196 Example Filter: Menu 21.1.3.1 Menu 21.1.3.1 - TCP/IP Filter Rule Filter #: 3,1 Filter Type= TCP/IP Filter Rule Active= Yes IP Protocol= 6 IP Source Route= No Destination: IP Addr= 0.0.0.0 IP Mask= 0.0.0.0 Port #= 23 Port # Comp= Equal Source: IP Addr= 0.0.0.0...
Page 345: Filter Types And Nat
P-335 Series User’s Guide Figure 197 Example Filter Rules Summary: Menu 21.1.3 Menu 21.1.3 - Filter Rules Summary # A Type Filter Rules M m n - - ---- --------------------------------------------------------- - - - 1 Y IP Pr=6, SA=0.0.0.0, DA=0.0.0.0, DP=23 N D F Enter Filter Rule Number (1-6) to Configure: This shows you that you have configured and activated (A = Y) a TCP/IP filter rule (Type =...
Page 346: Firewall Versus Filters
P-335 Series User’s Guide Figure 198 Protocol and Device Filter Sets 31.5 Firewall Versus Filters Firewall configuration is discussed in the firewall chapters of this manual. Further comparisons are also made between filtering, NAT and the firewall. 31.6 Applying a Filter This section shows you where to apply the filter(s) after you design it (them).
Page 347: Applying Remote Node Filters
P-335 Series User’s Guide Figure 199 Filtering LAN Traffic Menu 3.1 - LAN Port Filter Setup Input Filter Sets: protocol filters= device filters= Output Filter Sets: protocol filters= device filters= Press ENTER to Confirm or ESC to Cancel: 31.6.2 Applying Remote Node Filters Go to menu 11.5 (shown below –...
Page 348 P-335 Series User’s Guide Chapter 31 Filter Configuration...
Page 349: Chapter 32 Snmp Configuration
P-335 Series User’s Guide H A P T E R SNMP Configuration This chapter explains SNMP Configuration menu 22. 32.1 About SNMP Simple Network Management Protocol is a protocol used for exchanging management information between network devices. SNMP is a member of the TCP/IP protocol suite. Your Prestige supports SNMP agent functionality, which allows a manager station to manage and monitor the Prestige through the network.
Page 350: Supported Mibs
4 Trap - Used by the agent to inform the manager of some events. 32.2 Supported MIBs The Prestige supports RFC-1215 and MIB II as defined in RFC-1213 as well as ZyXEL private MIBs. The focus of the MIBs is to let administrators collect statistic data and monitor status and performance.
Page 351: Snmp Traps
P-335 Series User’s Guide Figure 202 Menu 22 SNMP Configuration Menu 22 - SNMP Configuration SNMP: Get Community= public Set Community= public Trusted Host= 0.0.0.0 Trap: Community= public Destination= 0.0.0.0 Press ENTER to Confirm or ESC to Cancel: The following table describes the SNMP configuration parameters. Table 123 Menu 22 SNMP Configuration FIELD DESCRIPTION...
Page 352: Table 125 Ports And Permanent Virtual Circuits
A trap is sent to the manager when receiving any RFC-1215) SNMP gets or sets requirements with wrong community (password). whyReboot (defined in ZYXEL-MIB) A trap is sent with the reason of restart before rebooting when the system is going to restart (warm start). For intentional reboot : A trap is sent with the message "System reboot by...
Page 353: Chapter 33 System Security
P-335 Series User’s Guide H A P T E R System Security This chapter describes how to configure the system security on the Prestige. 33.1 System Security You can configure the system password, an external RADIUS server and 802.1x in this menu. 33.1.1 System Password Figure 203 Menu 23 System Security...
Page 354: Figure 205 Menu 23.2 System Security : Radius Server
P-335 Series User’s Guide Figure 205 Menu 23.2 System Security : RADIUS Server Menu 23.2 - System Security - RADIUS Server Authentication Server: Active= No Server Address= 10.11.12.13 Port #= 1812 Shared Secret= ******** Accounting Server: Active= No Server Address= 10.11.12.13 Port #= 1813 Shared Secret= ******** Press ENTER to Confirm or ESC to Cancel:...
Page 355: 355
P-335 Series User’s Guide 33.1.3 802.1x The IEEE802.1x standards outline enhanced security methods for both the authentication of wireless stations and encryption key management. Follow the steps below to enable EAP authentication on your Prestige. 1 From the main menu, enter 23 to display Menu23 – System Security. Figure 206 Menu 23 System Security Menu 23 - System Security 1.
Page 356: Figure 207 Menu 23.4 System Security : Ieee802.1X
P-335 Series User’s Guide Figure 207 Menu 23.4 System Security : IEEE802.1x Menu 23.4 - System Security - IEEE802.1x Wireless Port Control= No Authentication Required ReAuthentication Timer (in second)= 1800 Idle Timeout (in second)= 3600 Key Management Protocol= WPA-PSK Dynamic WEP Key Exchange= 64-bit WEP PSK = N/A WPA Mixed Mode= N/A Data Privacy for Broadcast/Multicast packets= N/A...
Page 357 P-335 Series User’s Guide Table 127 Menu 23.4 System Security : IEEE802.1x FIELD DESCRIPTION Dynamic WEP This field is activated only when you select Authentication Required in the Wire- Key Exchange less Port Control field. Also set the Authentication Databases field to RADIUS Only.
Page 358 P-335 Series User’s Guide Chapter 33 System Security...
Page 359: System Information And Diagnosis
P-335 Series User’s Guide H A P T E R System Information and Diagnosis This chapter covers the information and diagnostic tools in SMT menus 24.1 to 24.4. These tools include updates on system status, port status, log and trace capabilities and upgrades for the system software.
Page 360: Figure 209 Menu 24.1 System Maintenance : Status
P-335 Series User’s Guide Figure 209 Menu 24.1 System Maintenance : Status Menu 24.1 - System Maintenance - Status 07:33:32 Wed. Dec. 24, 2003 Port Status TxPkts RxPkts Cols Tx B/s Rx B/s Up Time 100M/Full 15982 938667 2520 2:07:57 100M/Full 22381 21235...
Page 361: System Information
Routing Refers to the routing protocol used. ZyNOS F/W Version Refers to the ZyNOS (ZyXEL Network Operating System) system firmware version. ZyNOS is a registered trademark of ZyXEL Communications Corporation. Ethernet Address Refers to the Ethernet MAC (Media Access Control) of your Prestige.
Page 362: Console Port Speed
P-335 Series User’s Guide 34.2.2 Console Port Speed You can set up different port speeds for the console port through Menu 24.2.2 – System Maintenance – Console Port Speed. Your Prestige supports 9600 (default), 19200, 38400, 57600 and 115200 bps. Press [SPACE BAR] and then [ENTER] to select the desired speed in menu 24.2.2, as shown in the following figure.
Page 363 P-335 Series User’s Guide Table 130 Menu 24.3.2 System Maintenance : Syslog and Accounting PARAMETER DESCRIPTION Log Facility Press [SPACE BAR] and then [ENTER] to select a Local option. The log facility allows you to log the message to different files in the server. Please refer to the documentation of your syslog program for more details.
Page 364: Cdr
L02 Call Terminated C02 Call Terminated Jul 19 11:19:27 192.168.102.2 ZYXEL: board 0 line 0 channel 0, call 1, C01 Outgoing Call dev=2 ch=0 40002 Jul 19 11:19:32 192.168.102.2 ZYXEL: board 0 line 0 channel 0, call 1, C02 OutCall Connected 64000 40002 Jul 19 11:20:06 192.168.102.2 ZYXEL: board 0 line 0 channel 0, call 1, C02 Call...
Page 365 P-335 Series User’s Guide prot: Protocol (“TCP”, ”UDP”, ”ICMP”) spo: Source port dpo: Destination port Jul 19 14:43:55 192.168.102.2 ZYXEL: IP [Src=202.132.154.123 Dst=255.255.255.255 UDP spo=0208 dpo=0208]} S03>R01mF Jul 19 14:44:00 192.168.102.2 ZYXEL: IP [Src=192.168.102.20 Dst=202.132.154.1 UDP spo=05d4 dpo=0035]} S03>R01mF Jul 19 14:44:04 192.168.102.2 ZYXEL: IP [Src=192.168.102.20 Dst=202.132.154.1 UDP spo=05d4 dpo=0035]} S03>R01mF...
Page 366: Packet Triggered
Sring = Packet trigger: Protocol=xx Data=xxxxxxxxxx…..x Protocol: (1:IP 2:IPX 3:IPXHC 4:BPDU 5:ATALK 6:IPNG) Data: We will send forty-eight Hex characters to the server Jul 19 11:28:39 192.168.102.2 ZyXEL: Packet Trigger: Protocol=1, Data=4500003c100100001f010004c0a86614ca849a7b08004a5c020001006162636465666768696a6b6c 6d6e6f7071727374 Jul 19 11:28:56 192.168.102.2 ZyXEL: Packet Trigger: Protocol=1,...
Page 367: Firewall Log
P-335 Series User’s Guide 34.3.1.5 Firewall log Firewall Log Message Format SdcmdSyslogSend(SYSLOG_FIREWALL, SYSLOG_NOTICE, buf); buf = IP[Src=xx.xx.xx.xx : spo=xxxx Dst=xx.xx.xx.xx : dpo=xxxx | prot | rule | action] Src: Source Address spo: Source port (empty means no source port information) Dst: Destination Address dpo: Destination port (empty means no destination port information) prot: Protocol (“TCP”,”UDP”,”ICMP”, ”IGMP”, ”GRE”, ”ESP”)
Page 368: Diagnostic
P-335 Series User’s Guide Figure 215 Call-Triggering Packet Example IP Frame: ENET0-RECV Size: Time: 17:02:44.262 Frame Type: IP Header: IP Version Header Length = 20 Type of Service = 0x00 (0) Total Length = 0x002C (44) Identification = 0x0002 (2) Flags = 0x00 Fragment Offset...
Page 369: Wan Dhcp
P-335 Series User’s Guide Figure 216 Menu 24.4 System Maintenance : Diagnostic Menu 24.4 - System Maintenance - Diagnostic TCP/IP 1. Ping Host 2. WAN DHCP Release 3. WAN DHCP Renewal 4. Internet Setup Test System 11. Reboot System Enter Menu Selection Number: Host IP Address= N/A 34.4.1 WAN DHCP DHCP functionality can be enabled on the LAN or WAN as shown in LAN &...
Page 370 P-335 Series User’s Guide Table 131 System Maintenance Menu Diagnostic FIELD DESCRIPTION Reboot System Enter 11 to reboot the Prestige. Host IP Address= If you entered 1 in Ping Host, then enter the IP address of the computer you want to ping in this field. Enter the number of the selection you would like to perform or press [ESC] to cancel.
Page 371: Firmware And Configuration File Maintenance
The configuration file (often called the romfile or rom-0) contains the factory default settings in the menus such as password, DHCP Setup, TCP/IP Setup, etc. It arrives from ZyXEL with a “rom” filename extension. Once you have customized the Prestige's settings, they can be saved back to your computer under a filename of your choosing.
Page 372: Backup Configuration
P-335 Series User’s Guide The following table is a summary. Please note that the internal filename refers to the filename on the Prestige and the external filename refers to the filename not on the Prestige, that is, on your computer, local network or FTP site and so the name (but not the extension) may vary. After uploading new firmware, see the ZyNOS F/W Version field in Menu 24.2.1 –...
Page 373: Using The Ftp Command From The Command Line
P-335 Series User’s Guide Figure 218 Telnet in Menu 24.5 Menu 24.5 - System Maintenance - Backup Configuration To transfer the configuration file to your workstation, follow the procedure below: 1. Launch the FTP client on your workstation. 2. Type "open" and the IP address of your Prestige. Then type "root" and SMT password as requested.
Page 374: Example Of Ftp Commands From The Command Line
331 Enter PASS command Password: 230 Logged in ftp> bin 200 Type I OK ftp> get rom-0 zyxel.rom 200 Port command okay 150 Opening data connection for STOR ras 226 File received OK ftp: 16384 bytes sent in 1.10Seconds 297.89Kbytes/sec.
Page 375: Backup Configuration Using Tftp
P-335 Series User’s Guide 35.2.6 Backup Configuration Using TFTP The Prestige supports the up/downloading of the firmware and the configuration file using TFTP (Trivial File Transfer Protocol) over LAN. Although TFTP should work over WAN as well, it is not recommended. To use TFTP, your computer must have both telnet and TFTP clients.
Page 376: Gui-Based Tftp Clients
P-335 Series User’s Guide 35.2.8 GUI-based TFTP Clients The following table describes some of the fields that you may see in GUI-based TFTP clients. Table 134 General Commands for GUI-based TFTP Clients COMMAND DESCRIPTION Host Enter the IP address of the Prestige. 192.168.1.1 is the Prestige’s default IP address when shipped.
Page 377: Figure 220 Telnet Into Menu 24.6
P-335 Series User’s Guide Figure 220 Telnet into Menu 24.6. Menu 24.6 -- System Maintenance - Restore Configuration To transfer the firmware and configuration file to your workstation, follow the procedure below: 1. Launch the FTP client on your workstation. 2.
Page 378: Restore Using Ftp Session Example
P-335 Series User’s Guide 35.3.2 Restore Using FTP Session Example Figure 221 Restore Using FTP Session Example ftp> put config.rom rom-0 200 Port command okay 150 Opening data connection for STOR rom-0 226 File received OK 221 Goodbye for writing flash ftp: 16384 bytes sent in 0.06Seconds 273.07Kbytes/sec.
Page 379: Configuration File Upload
P-335 Series User’s Guide Figure 222 Telnet Into Menu 24.7.1 Upload System Firmware Menu 24.7.1 - System Maintenance - Upload System Firmware To upload the system firmware, follow the procedure below: 1. Launch the FTP client on your workstation. 2. Type "open" and the IP address of your system. Then type "root" and SMT password as requested.
Page 380: Ftp Session Example Of Firmware File Upload
P-335 Series User’s Guide 6 Use “put” to transfer files from the computer to the Prestige, for example, “put firmware.bin ras” transfers the firmware on your computer (firmware.bin) to the Prestige and renames it “ras”. Similarly, “put config.rom rom-0” transfers the configuration file on your computer (config.rom) to the Prestige and renames it “rom-0”.
Page 381: Tftp Upload Command Example
P-335 Series User’s Guide 4 Launch the TFTP client on your computer and connect to the Prestige. Set the transfer mode to binary before starting data transfer. 5 Use the TFTP client (see the example below) to transfer files between the Prestige and the computer.
Page 382 P-335 Series User’s Guide Chapter 35 Firmware and Configuration File Maintenance...
Page 383: Chapter 36 System Maintenance
Enter the CI from the SMT by selecting menu 24.8. See the included disk or the zyxel.com web site for more detailed information on CI commands. Enter 8 from Menu 24 — System Maintenance. A list of valid commands can be found by typing help or ? at the command prompt.
Page 384: Command Usage
A list of commands can be found by typing help or ? at the command prompt. Always type the full command. Type exit to return to the SMT main menu when finished. Figure 226 Valid Commands Copyright (c) 1994 - 2003 ZyXEL Communications Corp. ras> ? Valid commands are: exit...
Page 385: Call History
P-335 Series User’s Guide Figure 228 Budget Management Menu 24.9.1 - Budget Management Remote Node Connection Time/Total Budget Elapsed Time/Total Period 1. MyISP No Budget No Budget Reset Node (0 to update screen): The total budget is the time limit on the accumulated time for outgoing calls to a remote node. When this limit is reached, the call will be dropped and further outgoing calls to that remote node will be blocked.
Page 386: Time And Date Setting
P-335 Series User’s Guide The following table describes the fields in this menu. Table 136 Call History Fields FIELD DESCRIPTION Phone Number The PPPoE service names are shown here. This shows whether the call was incoming or outgoing. Rate This is the transfer rate of the call. #call This is the number of calls made to or received from that telephone number.
Page 387: Figure 231 Menu 24.10 System Maintenance: Time And Date Setting
P-335 Series User’s Guide Figure 231 Menu 24.10 System Maintenance: Time and Date Setting Menu 24.10 - System Maintenance - Time and Date Setting Time Protocol= NTP (RFC-1305) Time Server Address= time-b.nist.gov Current Time: 08 : 07 : 14 New Time (hh:mm:ss): 08 : 06 : 48 Current Date: 2003 - 12 - 24...
Page 388: Resetting The Time
P-335 Series User’s Guide 36.3.1 Resetting the Time The Prestige resets the time in three instances: 1 On leaving menu 24.10 after making changes. 2 When the Prestige starts up, if there is a timeserver configured in menu 24.10. 3 24-hour intervals after starting. Chapter 36 System Maintenance...
Page 389: Chapter 37 Remote Management
P-335 Series User’s Guide H A P T E R Remote Management This chapter covers remote management (SMT menu 24.11). 37.1 Remote Management Remote management allows you to determine which services/protocols can access which Prestige interface (if any) from which computers. You may manage your Prestige from a remote location via: •...
Page 390: Remote Management Limitations
P-335 Series User’s Guide Figure 232 Menu 24.11 – Remote Management Control Menu 24.11 - Remote Management Control TELNET Server: Port = 23 Access = ALL Secure Client IP = 0.0.0.0 FTP Server: Port = 21 Access = ALL Secure Client IP = 0.0.0.0 Web Server: Port = 80 Access = ALL...
Page 391 P-335 Series User’s Guide 2 There is already another remote management session with an equal or higher priority running. You may only have one remote management session running at one time. 3 There is a firewall rule that blocks it. Chapter 37 Remote Management...
Page 392 P-335 Series User’s Guide Chapter 37 Remote Management...
Page 393: Chapter 38 Call Scheduling
P-335 Series User’s Guide H A P T E R Call Scheduling Call scheduling (applicable for PPPoA or PPPoE encapsulation only) allows you to dictate when a remote node should be called and for how long. 38.1 Introduction to Call Scheduling The call scheduling feature allows the Prestige to manage a remote node and dictate when a remote node should be called and for how long.
Page 394: Figure 234 Menu 26.1 Schedule Set Setup
P-335 Series User’s Guide You can design up to 12 schedule sets but you can only apply up to four schedule sets for a remote node. Note: To delete a schedule set, enter the set number and press [SPACE BAR] and then [ENTER] (or delete) in the Edit Name field. To setup a schedule set, select the schedule set you want to setup from menu 26 (1-12) and press [ENTER] to see Menu 26.1 —...
Page 395: Figure 235 Applying Schedule Set(S) To A Remote Node (Pppoe)
P-335 Series User’s Guide Table 139 Menu 26.1 Schedule Set Setup FIELD DESCRIPTION Start Time Enter the start time when you wish the schedule set to take effect in hour-minute format. Duration Enter the maximum length of time this connection is allowed in hour-minute format. Action Forced On means that the connection is maintained whether or not there is a demand call on the line and will persist for the time period specified in the Duration field.
Page 396 P-335 Series User’s Guide Chapter 38 Call Scheduling...
Page 397: Chapter 39 Vpn/Ipsec Setup
P-335 Series User’s Guide H A P T E R VPN/IPSec Setup This chapter introduces the VPN SMT menus. 39.1 VPN/IPSec Overview The VPN/IPSec main SMT menu has these main submenus: 1 Define VPN policies in menu 27.1 submenus, including security policies, endpoint IP addresses, peer IPSec router IP address and key management.
Page 398: Ipsec Summary Screen
192.168.1.38 Tunnel 193.81.13.2 zw50 4.4.4.4 172.16.2.46 Tunnel AH SHA1 192.168.1.40 1.1.1.1 Tunnel zw50test.zyxel. China 255.255.0.0 ESP DES MD5 192.168.1.42 0.0.0.0 Select Command= NoneSelect Rule= N/A Press ENTER to Confirm or ESC to Cancel: Table 140 Menu 27.1 IPSec Summary FIELD DESCRIPTION This is the VPN policy index number.
Page 399 P-335 Series User’s Guide Table 140 Menu 27.1 IPSec Summary FIELD DESCRIPTION Local Addr When the Addr Type field in Menu 27.1.1 IPSec Setup is configured to Single, this is a Start static IP address on the LAN behind your Prestige. When the Addr Type field in Menu 27.1.1 IPSec Setup is configured to Range, this is the beginning (static) IP address, in a range of computers on the LAN behind your Pres- tige.
Page 400 P-335 Series User’s Guide Table 140 Menu 27.1 IPSec Summary FIELD DESCRIPTION Remote Addr When the Addr Type field in Menu 27.1.1 IPSec Setup is configured to Single, this is the same (static) IP address as in the Remote Addr Start field. When the Addr Type field in Menu 27.1.1 IPSec Setup is configured to Range, this is the end (static) IP address, in a range of computers on the network behind the remote IPSec router.
Page 401: Figure 239 Menu 27.1.1 Ipsec Setup
Keep Alive= No Nat Traversal= No Local ID type Content= My IP Addr= 0.0.0.0 Peer ID type= IP Content= Secure Gateway Address= zw50test.zyxel.com.tw Protocol= 0 DNS Server= 0.0.0.0 Local: Addr Type= SINGLE End= N/A Local IP Addr= 1.1.1.1 End/Subnet Mask= 255.255.0.0...
Page 402 P-335 Series User’s Guide Table 141 Menu 27.1.1 IPSec Setup FIELD DESCRIPTION Content When you select IP in the Local ID Type field, type the IP address of your computer or leave the field blank to have the Prestige automatically use its own IP address. When you select DNS in the Local ID Type field, type a domain name (up to 31 char- acters) by which to identify this Prestige.
Page 403 P-335 Series User’s Guide Table 141 Menu 27.1.1 IPSec Setup FIELD DESCRIPTION Port Start 0 is the default and signifies any port. Type a port number from 0 to 65535. You cannot create a VPN tunnel if you try to connect using a port number that does not match this port number or range of port numbers.
Page 404: Ike Setup
P-335 Series User’s Guide Table 141 Menu 27.1.1 IPSec Setup FIELD DESCRIPTION Enable Replay As a VPN setup is processing intensive, the system is vulnerable to Denial of Service Detection (DoS) attacks The IPSec receiver can detect and reject old or duplicate packets to pro- tect against replay attacks.
Page 405: Figure 240 Menu 27.1.1.1 Ike Setup
P-335 Series User’s Guide Figure 240 Menu 27.1.1.1 IKE Setup Menu 27.1.1.1 - IKE Setup Phase 1 Negotiation Mode= Main PSK= qwer1234 Encryption Algorithm= DES Authentication Algorithm= MD5 SA Life Time (Seconds)= 28800 Key Group= DH1 Phase 2 Active Protocol= ESP Encryption Algorithm= DES Authentication Algorithm= SHA1 SA Life Time (Seconds)= 28800...
Page 406: Manual Setup
P-335 Series User’s Guide Table 142 Menu 27.1.1.1 IKE Setup FIELD DESCRIPTION SA Life Time Define the length of time before an IKE Security Association automatically renegoti- (Seconds) ates in this field. It may range from 60 to 3,000,000 seconds (almost 35 days). A short SA Life Time increases security by forcing the two VPN gateways to update the encryption and authentication keys.
Page 407: Active Protocol
P-335 Series User’s Guide 39.4.1 Active Protocol This field is a combination of mode and security protocols used for the VPN. See the Web Configurator part on VPN for more information on these parameters. Table 143 Active Protocol: Encapsulation and Security Protocol MODE SECURITY PROTOCOL Tunnel...
Page 408 P-335 Series User’s Guide Table 144 Menu 27.1.1.2 Manual Setup FIELD DESCRIPTION Encryption Press [SPACE BAR] to choose from NULL, 3DES or DES and then press [ENTER]. Algorithm Fill in the Key1 field below when you choose DES and fill in fields Key1 to Key3 when you choose 3DES.
Page 409: Sa Monitor
P-335 Series User’s Guide H A P T E R SA Monitor This chapter teaches you how to manage your SAs by using the SA Monitor in SMT menu 27.2. 40.1 SA Monitor Overview A Security Association (SA) is the group of security settings related to a specific VPN tunnel. This menu (shown next) displays active VPN connections.
Page 410: Figure 242 Menu 27.2 Sa Monitor
P-335 Series User’s Guide Figure 242 Menu 27.2 SA Monitor Menu 27.2 - SA Monitor Name Encap. IPSec ALgorithm -------------------------------- --------- ---------------- Taiwan : 3.3.3.1 – 3.3.3.3.100 Tunnel ESP DES MD5 Select Command= Refresh Select Connection= N/A Press ENTER to Confirm or ESC to Cancel: The following table describes the fields in this menu.
Page 411 P-335 Series User’s Guide Table 145 Menu 27.2 SA Monitor FIELD DESCRIPTION Select Press [SPACE BAR] to choose from Refresh, Disconnect, None, Next Page, or Previ- Command ous Page and then press [ENTER]. You must select a connection in the next field when you choose the Disconnect command.
Page 412 P-335 Series User’s Guide Chapter 40 SA Monitor...
Page 413: Chapter 41 Troubleshooting
P-335 Series User’s Guide H A P T E R Troubleshooting This chapter covers potential problems and the corresponding remedies. 41.1 Problems Starting Up the Prestige Table 146 Troubleshooting Starting Up Your Prestige PROBLEM CORRECTIVE ACTION None of the Make sure that the Prestige’s power adaptor is connected to the Prestige and plugged LEDs turn on in to an appropriate power source.
Page 414: Problems With The Wan
P-335 Series User’s Guide 41.3 Problems with the WAN Table 148 Troubleshooting the WAN PROBLEM CORRECTIVE ACTION The WAN LED is Check the connections between the Prestige WAN port and the cable/DSL modem off. or ethernet jack. Check whether your cable/DSL device requires a crossover or straight-through cable.
Page 415: Problems Accessing The Prestige
P-335 Series User’s Guide 41.4 Problems Accessing the Prestige Table 149 Troubleshooting Accessing the Prestige PROBLEM CORRECTIVE ACTION I cannot The username is “admin”. The default password is “1234”. The Password and access the Username fields are case-sensitive. Make sure that you enter the correct password Prestige.
Page 416: Pop-Up Windows, Javascripts And Java Permissions
P-335 Series User’s Guide Table 150 Troubleshooting Restricted Web Pages and Keyword Blocking PROBLEM CORRECTIVE ACTION Parental Restart the device to clear the cache. Control is The content filter server may be unavailable. The View Logs screen can display configured content filtering log messages.
Page 417: Internet Explorer Pop-Up Blockers
P-335 Series User’s Guide • Java permissions (enabled by default). Note: Internet Explorer 6 screens are used here. Screens for other Internet Explorer versions may vary. 41.5.1.1 Internet Explorer Pop-up Blockers You may have to disable pop-up blocking to log into your device. Either disable pop-up blocking (enabled by default in Windows XP SP (Service Pack) 2) or allow pop-up blocking and create an exception for your device’s IP address.
Page 418: Figure 244 Internet Options
P-335 Series User’s Guide Figure 244 Internet Options 3 Click Apply to save this setting. 41.5.1.1.2 Enable pop-up Blockers with Exceptions Alternatively, if you only want to allow pop-up windows from your device, see the following steps. 1 In Internet Explorer, select Tools, Internet Options and then the Privacy tab. 2 Select Settings…to open the Pop-up Blocker Settings screen.
Page 419: Figure 245 Internet Options
P-335 Series User’s Guide Figure 245 Internet Options 3 Type the IP address of your device (the web page that you do not want to have blocked) with the prefix “http://”. For example, http://192.168.1.1. 4 Click Add to move the IP address to the list of Allowed sites. Note: If you change the IP address of your device, make sure that the new address matches the address you type in the Pop-up Blocker Settings screen.
Page 420: Javascripts
P-335 Series User’s Guide Figure 246 Pop-up Blocker Settings 5 Click Close to return to the Privacy screen. 6 Click Apply to save this setting. 41.5.1.2 JavaScripts If pages of the web configurator do not display properly in Internet Explorer, check that JavaScripts are allowed.
Page 421: Figure 247 Internet Options
P-335 Series User’s Guide Figure 247 Internet Options 2 Click the Custom Level... button. 3 Scroll down to Scripting. 4 Under Active scripting make sure that Enable is selected (the default). 5 Under Scripting of Java applets make sure that Enable is selected (the default). 6 Click OK to close the window.
Page 422: Java Permissions
P-335 Series User’s Guide Figure 248 Security Settings - Java Scripting 41.5.1.3 Java Permissions 1 From Internet Explorer, click Tools, Internet Options and then the Security tab. 2 Click the Custom Level... button. 3 Scroll down to Microsoft VM. 4 Under Java permissions make sure that a safety level is selected. 5 Click OK to close the window.
Page 423: Figure 249 Security Settings - Java
P-335 Series User’s Guide Figure 249 Security Settings - Java 41.5.1.3.1 JAVA (Sun) 1 From Internet Explorer, click Tools, Internet Options and then the Advanced tab. 2 Make sure that Use Java 2 for <applet> under Java (Sun) is selected. 3 Click OK to close the window.
Page 424: Activex Controls In Internet Explorer
P-335 Series User’s Guide Figure 250 Java (Sun) 41.5.2 ActiveX Controls in Internet Explorer If ActiveX is disabled, you will not be able to download ActiveX controls or to use Trend Micro Security Serivces. Make sure that ActiveX controls are allowed in Internet Explorer. Screen shots for Internet Explorer 6 are shown.
Page 425: Figure 251 Internet Options Security
P-335 Series User’s Guide Figure 251 Internet Options Security 3 Scroll down to ActiveX controls and plug-ins. 4 Under Download signed ActiveX controls select the Prompt radio button. 5 Under Run ActiveX controls and plug-ins make sure the Enable radio button is selected.
Page 426: Figure 252 Security Setting Activex Controls
P-335 Series User’s Guide Figure 252 Security Setting ActiveX Controls Chapter 41 Troubleshooting...
Page 427: Table 153 Device
Default Password 1234 DHCP Pool 192.168.1.32 to 192.168.1.64 Dimensions P-335: (150 W) x (190 D) x (22 H) mm P-335WT: (190 W) x (133 D) x (32 H) mm Weight P-335: 381g P-335WT: 424g Power Specification 12VDC 1A Built-in Switch...
Page 428 FTP for firmware downloading, configuration backup and restoration. Syslog. Built-in Diagnostic Tools for FLASH memory, ADSL circuitry, RAM and LAN port Syslog Wireless (P-335WT IEEE 802.11g Compliance only) Frequency Range: 2.4 GHz Advanced Orthogonal Frequency Division Multiplexing (OFDM) Data Rates: 54Mbps and Auto Fallback Wired Equivalent Privacy (WEP) Data Encryption 64/128/256 bit.
Page 429: Pppoe In Action
P-335 Series User’s Guide Appendix B PPPoE PPPoE in Action An ADSL modem bridges a PPP session over Ethernet (PPP over Ethernet, RFC 2516) from your computer to an ATM PVC (Permanent Virtual Circuit) which connects to a DSL Access Concentrator where the PPP session terminates (see the next figure).
Page 430: Figure 253 Single-Computer Per Router Hardware Configuration
P-335 Series User’s Guide Figure 253 Single-Computer per Router Hardware Configuration How PPPoE Works The PPPoE driver makes the Ethernet appear as a serial link to the computer and the computer runs PPP over it, while the modem bridges the Ethernet frames to the Access Concentrator (AC).
Page 431: Figure 255 Transport Ppp Frames Over Ethernet
P-335 Series User’s Guide Appendix C PPTP What is PPTP? PPTP (Point-to-Point Tunneling Protocol) is a Microsoft proprietary protocol (RFC 2637 for PPTP is informational only) to tunnel PPP frames. How can we transport PPP frames from a computer to a broadband modem over Ethernet? A solution is to build PPTP into the ANT (ADSL Network Termination) where PPTP is used only over the short haul between the computer and the modem over Ethernet.
Page 432: Figure 256 Pptp Protocol Overview
P-335 Series User’s Guide PPTP Protocol Overview PPTP is very similar to L2TP, since L2TP is based on both PPTP and L2F (Cisco’s Layer 2 Forwarding). Conceptually, there are three parties in PPTP, namely the PNS (PPTP Network Server), the PAC (PPTP Access Concentrator) and the PPTP user. The PNS is the box that hosts both the PPP and the PPTP stacks and forms one end of the PPTP tunnel.
Page 433: Figure 257 Example Message Exchange Between Computer And An Ant
P-335 Series User’s Guide Figure 257 Example Message Exchange between Computer and an ANT PPP Data Connection The PPP frames are tunneled between the PNS and PAC over GRE (General Routing Encapsulation, RFC 1701, 1702). The individual calls within a tunnel are distinguished using the Call ID field in the GRE header.
Page 434 P-335 Series User’s Guide Appendix C PPTP...
Page 435 P-335 Series User’s Guide Appendix D Print Server This appendix shows you how to set up a print server for the following operating systems: • Windows 95 • Windows 98 • Windows 98 SE (Second Edition) • Windows ME • Windows 2000 •...
Page 436: Figure 258 Network Print Server Setup Wizard
P-335 Series User’s Guide Installation Requirements To install the print server driver you will need the following requirements • Microsoft Windows 95, Windows 98 SE (Second Edition), Windows ME, Windows NT 4.0, Windows 2000, Windows XP or Macintosh OS X •...
Page 437: Figure 259 Network Print Server Setup Wizard : Welcome
P-335 Series User’s Guide Figure 259 Network Print Server Setup Wizard : Welcome 4 The Select A Print Server screen displays. The wizard automatically detects whether or not a print server is connected to your computer. Make sure that your Prestige is correctly connected and a compatible USB printer is connected to the Prestige.
Page 438: Figure 260 Network Print Server Setup Wizard : Select A Print Server
P-335 Series User’s Guide Figure 260 Network Print Server Setup Wizard : Select A Print Server 5 The Change Settings screen displays. Select the Yes, I want to change settings radio button, type a password and click Next to change your print server settings. Alternatively select No, I don’t want to change settings and click Next to use the current print server settings and continue with the wizard.
Page 439: Figure 261 Network Print Server Setup Wizard : Change Settings
P-335 Series User’s Guide Figure 261 Network Print Server Setup Wizard : Change Settings 6 Select the printer which is connected to the Prestige USB port. 7 Click Next to continue. Appendix D Print Server...
Page 440: Figure 262 Network Print Server Setup Wizard : Select A Printer
P-335 Series User’s Guide Figure 262 Network Print Server Setup Wizard : Select A Printer 8 If your printer is not listed, you can use the pop-up help dialog box to guide you through the add printer process. After you have added a printer, the Select A Printer screen displays again.
Page 441: Figure 264 Network Print Server Setup Wizard : Summary
P-335 Series User’s Guide Figure 264 Network Print Server Setup Wizard : Summary 10Click Finish to save and close your Network Print Server Setup Wizard. Your print server setup is complete. Figure 265 Network Print Server Setup Wizard : Installation Complete Appendix D Print Server...
Page 442: Figure 266
P-335 Series User’s Guide Windows 95/98/ME/NT/2000/XP : Print Server Setup Wizard The following Setup Wizard for Windows 98/ME/NT/2000/XP uses a print server protocol called Line Printer Daemon (LPD). You must use this wizard if you want to set up your network print server on the following operating systems: •...
Page 443: Figure 267 Network Print Monitor Setup : Welcome
P-335 Series User’s Guide Figure 267 Network Print Monitor Setup : Welcome 4 The Choose Destination Location screen displays. Choose a file location to install your print monitor and click Next to continue. Figure 268 Network Print Monitor Setup : Location 5 The Setup Complete screen displays.
Page 444: Figure 269 Network Print Monitor Setup : Complete
P-335 Series User’s Guide Figure 269 Network Print Monitor Setup : Complete Windows 2000/NT/XP : Computer Wizard Use the following wizard if you do not want to use the provided setup wizards.Windows 95, Windows 98, Windows 98 SE (Second Edition) and Windows ME have similar print server setups.
Page 445: Figure 271 Add Printer Wizard Welcome Screen
P-335 Series User’s Guide Figure 271 Add Printer Wizard Welcome Screen 4 Select the Local printer radio button. 5 Click Next to continue. Figure 272 Local Printer Screen 6 Select the Create a new port radio button. 7 Choose Standard TCP/IP Port from the Type drop-down list box. 8 Click Next to continue.
Page 446: Figure 273 Select Printer Port Screen
P-335 Series User’s Guide Figure 273 Select Printer Port Screen 9 Follow the on-screen instructions and click Next to continue. Figure 274 Add Standard TCP/IP Printer Port Screen 10 Type the IP Address of your Prestige. A default Port Name displays as you type the IP Address.
Page 447: Figure 275 Add Port Screen
P-335 Series User’s Guide Figure 275 Add Port Screen 12 Select the Custom radio button and click the Settings… button. Fill in additional print server port information in the following screen. Figure 276 Additional Port Information Screen 13 Select the LPR radio button as the printing Protocol. 14 Type LP1 in the LPR Settings Queue Name field.
Page 448: Figure 277 Port Settings Screen
P-335 Series User’s Guide Figure 277 Port Settings Screen 16 Make sure that your printer port settings are correct. Click the Finish button to complete printer TCP/IP and port set up and then return to the Add Pinter Wizard. Figure 278 Add Standard TCP/IP Printer Port Complete 17 Select the make of the printer that you want to connect to the print server in the Manufacturers list of printers.
Page 449: Figure 279 Add Printer Screen
P-335 Series User’s Guide Figure 279 Add Printer Screen 21 If the following screen displays, select Keep existing driver radio button if you already have a printer driver installed on your computer and you do not want to change it. 22 Click Next to continue.
Page 450: Figure 281 Name Your Printer Screen
P-335 Series User’s Guide Figure 281 Name Your Printer Screen 24 Select the Do not share this printer radio button. 25 Click Next to proceed to the following screen. Figure 282 Printer Sharing Screen 26 These fields are optional. Type where your printer is located in the Location field. Type additional information about the printer in the Comment field.
Page 451: Figure 283 Location And Comment Screen
P-335 Series User’s Guide Figure 283 Location and Comment Screen 28 Select the Yes radio button and then click the Next button if you want to print a test page. A pop-up screen displays to ask if the test page printed correctly. Otherwise select the No radio button and then click Next to continue.
Page 452: Figure 285 Add Printer Wizard Complete
P-335 Series User’s Guide Figure 285 Add Printer Wizard Complete Macintosh OS X Use the following steps to set up a print server on your Macintosh computer. 1 Click the Print Center icon located in the Macintosh Dock. Proceed to step 6 to continue.
Page 453: Figure 288 Applications Folder
P-335 Series User’s Guide Figure 288 Applications Folder 5 Double-click the Print Center icon. Figure 289 Utilities Folder 6 Click the Add icon at the top of the screen. Figure 290 Printer List Folder 7 Set up your printer in the Printer List configuration screen. Select IP Printing from the drop-down list box.
Page 454: Figure 291 Printer Configuration
P-335 Series User’s Guide Figure 291 Printer Configuration 12Click Add to select a printer model, save and close the Printer List configuration screen. Figure 292 Printer Model 13The Name “LP1 on 192.168.1.1” displays in the Printer List field. The default printer Name displays in bold type.
Page 455: Figure 293 Print Server
P-335 Series User’s Guide Figure 293 Print Server 14Your Macintosh print server set up is complete. You can now use the Prestige’s print server to print from a Macintosh computer. Refer to the “Print Server” on page 249 information on your Prestige print server configuration screen. Appendix D Print Server...
Page 456 P-335 Series User’s Guide Appendix D Print Server...
Page 457: Table 155 Print Server Interface
P-335 Series User’s Guide Appendix E Print Server Specifications This appendix provides details on the print server interface and system requirements. Table 155 Print Server Interface PRINT SERVER INTERFACE USB 1.1 (full speed) - compliant port, 1.5Mbps (low speed) and 12Mbps (full speed) data transmission rates.
Page 458 P-335 Series User’s Guide Appendix E Print Server Specifications...
Page 459: Table 157 Compatible Usb Printers
P-335 Series User’s Guide Table 157 Compatible USB Printers PRINTER MODEL TYPE HP DeskJet 810C Inkjet HP DeskJet 845C Inkjet HP DeskJet 5550 Inkjet HP DeskJet 1125C Inkjet HP DeskJet 1180 Inkjet HP DeskJet 1220C Inkjet HP DeskJet 3535 Inkjet HP DeskJet 5652 Inkjet HP Photosmart 7150...
Page 460 P-335 Series User’s Guide Table 157 Compatible USB Printers (continued) PRINTER MODEL TYPE Canon BJ F9000 Inkjet Canon PIXUS 990i Inkjet Canon MP730 Inkjet Epson Stylus C60 Inkjet Epson Stylus Color 670 Inkjet Epson Stylus Photo 830U Inkjet (Photo) Epson RX510 Inkjet(MFP) Epson Laser lp-8900 Laser...
Page 461: Netbios Filter Commands
P-335 Series User’s Guide Appendix F NetBIOS Filter Commands The following describes the NetBIOS packet filter commands. Introduction NetBIOS (Network Basic Input/Output System) are TCP or UDP broadcast packets that enable a computer to connect to and communicate with a LAN. For some dial-up services such as PPPoE or PPTP, NetBIOS packets cause unwanted calls.
Page 462: Table 158 Netbios Filter Default Settings
P-335 Series User’s Guide The filter types and their default settings are as follows. Table 158 NetBIOS Filter Default Settings NAME DESCRIPTION EXAMPLE This field displays whether NetBIOS packets are blocked or forwarded Between LAN Block between the LAN and the WAN. and WAN This field displays whether NetBIOS packets sent through a VPN IPSec...
Page 463: Table 159 System Error Logs
P-335 Series User’s Guide Appendix G Log Descriptions Configure centralized logs using the embedded web configurator; see online help for details. This appendix provides descriptions of example log messages. Table 159 System Error logs LOG MESSAGE DESCRIPTION This attempt to create a NAT session exceeds the maximum %s exceeds the max.
Page 464: Table 161 Upnp Logs
P-335 Series User’s Guide Table 161 UPnP Logs LOG MESSAGE DESCRIPTION UPnP packets can pass through the firewall. UPnP pass through Firewall Table 162 ICMP Type and Code Explanations TYPE CODE DESCRIPTION Echo Reply Echo reply message Destination Unreachable Net unreachable Host unreachable Protocol unreachable Port unreachable...
Page 465: Setting Up Your Computer's Ip Address
P-335 Series User’s Guide Appendix H Setting up Your Computer’s IP Address All computers must have a 10M or 100M Ethernet adapter card and TCP/IP installed. Windows 95/98/Me/NT/2000/XP, Macintosh OS 7 and later operating systems and all versions of UNIX/LINUX include the software components you need to install and use TCP/ IP on your computer.
Page 466: Figure 294 Windows 95/98/Me: Network: Configuration
P-335 Series User’s Guide Figure 294 WIndows 95/98/Me: Network: Configuration Installing Components The Network window Configuration tab displays a list of installed components. You need a network adapter, the TCP/IP protocol and Client for Microsoft Networks. If you need the adapter: 1 In the Network window, click Add.
Page 467: Figure 295 Windows 95/98/Me: Tcp/Ip Properties: Ip Address
P-335 Series User’s Guide 3 Select Microsoft from the list of manufacturers. 4 Select Client for Microsoft Networks from the list of network clients and then click 5 Restart your computer so the changes you made take effect. Configuring 1 In the Network window Configuration tab, select your network adapter's TCP/IP entry and click Properties 2 Click the IP Address tab.
Page 468: Figure 296 Windows 95/98/Me: Tcp/Ip Properties: Dns Configuration
P-335 Series User’s Guide Figure 296 Windows 95/98/Me: TCP/IP Properties: DNS Configuration 4 Click the Gateway tab. • If you do not know your gateway’s IP address, remove previously installed gateways. • If you have a gateway IP address, type it in the New gateway field and click Add.
Page 469: Figure 297 Windows Xp: Start Menu
P-335 Series User’s Guide Figure 297 Windows XP: Start Menu 2 For Windows XP, click Network Connections. For Windows 2000/NT, click Network and Dial-up Connections. Figure 298 Windows XP: Control Panel 3 Right-click Local Area Connection and then click Properties. Appendix H Setting up Your Computer’s IP Address...
Page 470: Figure 299 Windows Xp: Control Panel: Network Connections: Properties
P-335 Series User’s Guide Figure 299 Windows XP: Control Panel: Network Connections: Properties 4 Select Internet Protocol (TCP/IP) (under the General tab in Win XP) and click Properties. Figure 300 Windows XP: Local Area Connection Properties 5 The Internet Protocol TCP/IP Properties window opens (the General tab in Windows XP).
Page 471: Figure 301 Windows Xp: Advanced Tcp/Ip Settings
P-335 Series User’s Guide • If you have a static IP address click Use the following IP Address and fill in the IP address, Subnet mask, and Default gateway fields. Click Advanced. Figure 301 Windows XP: Advanced TCP/IP Settings 6 If you do not know your gateway's IP address, remove any previously installed gateways in the IP Settings tab and click OK.
Page 472: Figure 302 Windows Xp: Internet Protocol (Tcp/Ip) Properties
P-335 Series User’s Guide 7 In the Internet Protocol TCP/IP Properties window (the General tab in Windows XP): • Click Obtain DNS server address automatically if you do not know your DNS server IP address(es). • If you know your DNS server IP address(es), click Use the following DNS server addresses, and type them in the Preferred DNS server and Alternate DNS server fields.
Page 473: Figure 303 Macintosh Os 8/9: Apple Menu
P-335 Series User’s Guide Macintosh OS 8/9 1 Click the Apple menu, Control Panel and double-click TCP/IP to open the TCP/IP Control Panel. Figure 303 Macintosh OS 8/9: Apple Menu 2 Select Ethernet built-in from the Connect via list. Appendix H Setting up Your Computer’s IP Address...
Page 474: Figure 304 Macintosh Os 8/9: Tcp/Ip
P-335 Series User’s Guide Figure 304 Macintosh OS 8/9: TCP/IP 3 For dynamically assigned settings, select Using DHCP Server from the Configure: list. 4 For statically assigned settings, do the following: • From the Configure box, select Manually. • Type your IP address in the IP Address box. •...
Page 475: Figure 306 Macintosh Os X: Network
P-335 Series User’s Guide • Select Built-in Ethernet from the Show list. • Click the TCP/IP tab. 3 For dynamically assigned settings, select Using DHCP from the Configure list. Figure 306 Macintosh OS X: Network 4 For statically assigned settings, do the following: •...
Page 476 P-335 Series User’s Guide Appendix H Setting up Your Computer’s IP Address...
Page 477: Figure 307 Peer-To-Peer Communication In An Ad-Hoc Network
P-335 Series User’s Guide Appendix I Wireless LANs Wireless LAN Topologies This section discusses ad-hoc and infrastructure wireless LAN topologies. Ad-hoc Wireless LAN Configuration The simplest WLAN configuration is an independent (Ad-hoc) WLAN that connects a set of computers with wireless stations (A, B, C). Any time two or more wireless adapters are within range of each other, they can set up an independent network, which is commonly referred to as an Ad-hoc network or Independent Basic Service Set (IBSS).
Page 478: Figure 308 Basic Service Set
P-335 Series User’s Guide Figure 308 Basic Service Set An Extended Service Set (ESS) consists of a series of overlapping BSSs, each containing an access point, with each access point connected together by a wired network. This wired connection between APs is called a Distribution System (DS). This type of wireless LAN topology is called an Infrastructure WLAN.
Page 479: Figure 309 Infrastructure Wlan
P-335 Series User’s Guide Figure 309 Infrastructure WLAN Channel A channel is the radio frequency(ies) used by IEEE 802.11a/b/g wireless devices. Channels available depend on your geographical area. You may have a choice of channels (for your region) so you should use a different channel than an adjacent AP (access point) to reduce interference.
Page 480: Figure 310 Rts/Cts
P-335 Series User’s Guide Figure 310 RTS/CTS When station A sends data to the AP, it might not know that the station B is already using the channel. If these two stations send data at the same time, collisions may occur when both sets of data arrive at the AP at the same time, resulting in a loss of messages for both stations.
Page 481: Table 163 Ieee802.11G
P-335 Series User’s Guide A large Fragmentation Threshold is recommended for networks not prone to interference while you should set a smaller threshold for busy networks or networks that are prone to interference. If the Fragmentation Threshold value is smaller than the RTS/CTS value (see previously) you set then the RTS (Request To Send)/CTS (Clear to Send) handshake will never occur as data frames will be fragmented before they reach RTS/CTS size.
Page 482: Types Of Radius Messages
P-335 Series User’s Guide IEEE 802.1x In June 2001, the IEEE 802.1x standard was designed to extend the features of IEEE 802.11 to support extended authentication as well as providing additional accounting and control features. It is supported by Windows XP and a number of network devices. Some advantages of IEEE 802.1x are: •...
Page 483: Figure 311 Eap Authentication
P-335 Series User’s Guide • Access-Challenge Sent by a RADIUS server requesting more information in order to allow access. The access point sends a proper response from the user and then sends another Access- Request message. The following types of RADIUS messages are exchanged between the access point and the RADIUS server for user accounting: •...
Page 484: Types Of Authentication
P-335 Series User’s Guide 3 The wireless station replies with identity information, including username and password. The RADIUS server checks the user information against its user profile database and determines whether or not to authenticate the wireless station. Types of Authentication This appendix discusses some popular authentication types: EAP-MD5, EAP-TLS, EAP- TTLS, PEAP and LEAP.
Page 485: Figure 312 Wep Authentication Steps
P-335 Series User’s Guide PEAP (Protected EAP) Like EAP-TTLS, server-side certificate authentication is used to establish a secure connection, then use simple username and password methods through the secured connection to authenticate the clients, thus hiding client identity. However, PEAP only supports EAP methods, such as EAP-MD5, EAP-MSCHAPv2 and EAP-GTC (EAP-Generic Token Card), for client authentication.
Page 486: Table 164 Comparison Of Eap Authentication Types
P-335 Series User’s Guide Shared key authentication involves a four-message procedure. A wireless station sends a shared key authentication request to the AP, which will then reply with a challenge text message. The wireless station must then use the AP’s default WEP key to encrypt the challenge text and return it to the AP, which attempts to decrypt the message using the AP’s default WEP key.
Page 487: User Authentication
P-335 Series User’s Guide User Authentication WPA applies IEEE 802.1x and Extensible Authentication Protocol (EAP) to authenticate wireless stations using an external RADIUS database. Encryption WPA improves data encryption by using Temporal Key Integrity Protocol (TKIP) or Advanced Encryption Standard (AES), Message Integrity Check (MIC) and IEEE 802.1x. TKIP uses 128-bit keys that are dynamically generated and distributed by the authentication server.
Page 488: Table 165 Wireless Security Relational Matrix
P-335 Series User’s Guide Security Parameters Summary Refer to this table to see what other security parameters you should configure for each Authentication Method/ key management protocol type. MAC address filters are not dependent on how you configure these security features. Table 165 Wireless Security Relational Matrix AUTHENTICATION ENCRYPTION...
Page 489: Figure 313 Roaming Example
P-335 Series User’s Guide Figure 313 Roaming Example The steps below describe the roaming process. 1 As wireless station Y moves from the coverage area of access point P1 to that of access point 2 P2, it scans and uses the signal of access point P2. 3 Access point P2 acknowledges the presence of wireless station Y and relays this information to access point P1 through the wired LAN.
Page 490 P-335 Series User’s Guide Appendix I Wireless LANs...
Page 491: Antenna Characteristics
P-335 Series User’s Guide Appendix J Antenna Selection and Positioning Recommendation An antenna couples RF signals onto air. A transmitter within a wireless device sends an RF signal to the antenna, which propagates the signal through the air. The antenna also operates in reverse by capturing RF signals from the air.
Page 492: Positioning Antennas
P-335 Series User’s Guide • Omni-directional antennas send the RF signal out in all directions on a horizontal plane. The coverage area is torus-shaped (like a donut) which makes these antennas ideal for a room environment. With a wide coverage area, it is possible to make circular overlapping coverage areas with multiple access points.
Page 493 P-335 Series User’s Guide Appendix K Brute-Force Password Guessing Protection The following describes the commands for enabling, disabling and configuring the brute-force password guessing protection mechanism for the password. Table 166 Brute-Force Password Guessing Protection Commands COMMAND DESCRIPTION sys pwderrtm This command displays the brute-force guessing password protection settings.
Page 494 P-335 Series User’s Guide Appendix K Brute-Force Password Guessing Protection...
Page 495: Figure 314 Ideal Setup
P-335 Series User’s Guide Appendix L Triangle Route The Ideal Setup When the firewall is on, your Prestige acts as a secure gateway between your LAN and the Internet. In an ideal network topology, all incoming and outgoing network traffic passes through the Prestige to protect your LAN against attacks.
Page 496: Figure 315 "Triangle Route" Problem
P-335 Series User’s Guide Figure 315 “Triangle Route” Problem The “Triangle Route” Solutions This section presents you two solutions to the “triangle route” problem. IP Aliasing IP alias allows you to partition your network into logical sections over the same Ethernet interface.
Page 497: Figure 316 Ip Alias
P-335 Series User’s Guide Figure 316 IP Alias Gateways on the WAN Side A second solution to the “triangle route” problem is to put all of your network gateways on the WAN side as the following figure shows. This ensures that all incoming network traffic passes through your Prestige to your LAN.
Page 498 P-335 Series User’s Guide Appendix L Triangle Route...
Page 499 You need the serial number to register your ZyXEL device. Locate the serial number on your ZyXEL device. Authentication Code This is the MAC address of your ZyXEL device. You need this number to register your ZyXEL device at myZyXEL.com. Locate the MAC address on your ZyXEL device.
Page 500: Figure 318 Myzyxel.com Login Screen
Simply log back into your myZyXEL.com account if this happens to you. Registering Your ZyXEL Device 1 After you have created a myZyXEL.com account, log in and register your ZyXEL device by clicking the hyperlink as shown in the next screen. Appendix M...
Page 501: Figure 319 Logged Into Myzyxel.com
P-335 Series User’s Guide Figure 319 Logged Into myZyXEL.com Click here to register a new product. 2 Click Add in the next screen. Figure 320 Product Registration Click Add. 3 The Add New Product screen displays. Enter the produce serial number in the Serial Number field.
Page 502: Figure 321 Add New Product
8 Specify the purchase information and click Continue. Figure 322 Product Survey 9 Click Continue again. 10After you have registered your ZyXEL device, you can view its registration details in the screen shown next. Appendix M...
Page 503: Figure 323 Service Management
Activating a Service The product is now registered but the related service(s) is not activated. You need to activate the service(s) before you can use it on your ZyXEL device. 1 Display the Service Management screen (see Figure 323) for your registered ZyXEL device (click My Product and the link for your ZyXEL device).
Page 504 Prestige 660H/HW Series User’s Guide Congratulations! You have successfully registered your ZyXEL device and activated a service at myZyXEL.com. Note: You must then activate the service(s) on your ZyXEL device via its web configurator to start using the service(s). Appendix M...
Page 505 P-335 Series User’s Guide Index Numerics PPPoE Precedence Precedence Example 802.1x Call-Trigerring Packet CDR (Call Detail Record) Certificate Authority Channel Interference Active Channel ID ActiveX Command Interpreter Mode Address Resolution Protocol (ARP) Community Allocated Budget Computer Name Antenna Conditions that prevent TFTP and FTP from working Directional over WAN Omni-directional...
Page 506 P-335 Series User’s Guide Gateway EAP Authentication 483, 484 Gateway IP Addr ECHO Gateway IP Address Edit IP General Setup eDonkey Germany, Contact Information E-Mail Global eMule Encapsulation 306, 309 Encryption Ethernet Hidden Menus Ethernet Encapsulation 148, 305, 306 Hidden node Extended Service Set Hop Count Extended Service Set IDentification...
Page 507 P-335 Series User’s Guide Non NAT Friendly Application Programs Ordering Rules Server Sets LAN Setup 87, 127 What NAT does LAN TCP/IP Network Address Translation (NAT) Local Network Management Log Facility NNTP Login Name North America Contact Information Norway, Contact Information MAC Address MAC Address Filter Action One to One...
Page 508 P-335 Series User’s Guide Related Documentation Trusted Host Rem Node Name Spain, Contact Information Remote Management Stateful Inspection Firewall Static Route Remote Management and NAT 147, 148, 149 Remote Management Limitations 197, 390 SUA (Single User Account) Remote Node Filter Subnet Mask 88, 92, 293, 302, 310, 316, 361 Required fields...
Page 509 Wireless Client WPA Supplicants Wireless LAN Configuring Wireless security WLAN Interference Security parameters Worldwide Contact Information WPA -Pre-Shared Key WPA with RADIUS Application WPA-PSK WPA-PSK Application www.dyndns.org ZyNOS 360, 372 ZyNOS F/W Version 360, 372 ZyXEL’s online services center Index...

This manual is also suitable for:

P-335

ZyXEL Communications P-335WT User Manual

Table of Contents

List of Figures

Chapter 1 Getting to Know Your Prestige

Chapter 2 Introducing the Web Configurator

Chapter 3 Wizard Setup

Chapter 4 Media Bandwidth Management Setup

Chapter 5 System Screens

Chapter 6 LAN Screens

Chapter 7 Wireless LAN (P-335WT)

Chapter 8 WAN Screens

Chapter 9 Network Address Translation (NAT) Screens

Chapter 10 Static Route Screens

Chapter 11 Upnp

Chapter 12 Trend Micro Security Services

Chapter 13 Firewall

Chapter 14 Content Filtering

Chapter 15 Remote Management Screens

Chapter 16 Introduction to Ipsec

Chapter 17 VPN Screens

Chapter 18 Centralized Logs

Chapter 19 Print Server

Chapter 20 Media Bandwidth Management

Chapter 21 Maintenance

Chapter 22 Introducing the SMT

Chapter 23 Menu 1 General Setup

Chapter 24 Menu 2 WAN Setup

Chapter 25 Menu 3 LAN Setup

Chapter 26 Internet Access

Chapter 27 Remote Node Configuration

Chapter 28 Static Route Setup

Chapter 29 Network Address Translation (NAT)

Chapter 30 Enabling the Firewall

Chapter 31 Filter Configuration

Chapter 32 SNMP Configuration

Chapter 33 System Security

Chapter 34 System Information and Diagnosis

Chapter 35 Firmware and Configuration File Maintenance

Chapter 36 System Maintenance

Chapter 37 Remote Management

Chapter 38 Call Scheduling

Chapter 39 Vpn/Ipsec Setup

Chapter 40 SA Monitor

Chapter 41 Troubleshooting

Quick Links

Chapters

Troubleshooting

Related Manuals for ZyXEL Communications P-335WT

Summary of Contents for ZyXEL Communications P-335WT