Page 1 Prestige 661H Series ADSL 2+ Security Gateway Prestige 661HW Series 802.11g Wireless ADSL 2+ Gateway User’s Guide Version 3.40 12/2005...
Page 3: Federal Communications Commission (Fcc) Interference Statement
Prestige 661H/HW Series User’s Guide Federal Communications Commission (FCC) Interference Statement This device complies with Part 15 of FCC rules. Operation is subject to the following two conditions: • This device may not cause harmful interference. • This device must accept any interference received, including interference that may cause undesired operations.
Page 4: Safety Warnings
Prestige 661H/HW Series User’s Guide Safety Warnings For your safety, be sure to read and follow all warning notices and instructions. • To reduce the risk of fire, use only No. 26 AWG (American Wire Gauge) or larger telecommunication line cord. •...
Page 5: Zyxel Limited Warranty
Prestige 661H/HW Series User’s Guide ZyXEL Limited Warranty ZyXEL warrants to the original end user (purchaser) that this product is free from any defects in materials or workmanship for a period of up to two years from the date of purchase. During the warranty period, and upon proof of purchase, should the product have indications of failure due to faulty workmanship and/or materials, ZyXEL will, at its discretion, repair or replace the defective products or components without charge for either parts or labor, and to whatever...
Page 6: Customer Support
• Brief description of the problem and the steps you took to solve it. METHOD SUPPORT E-MAIL TELEPHONE WEB SITE REGULAR MAIL SALES E-MAIL FTP SITE LOCATION support@zyxel.com.tw +886-3-578-3942 www.zyxel.com ZyXEL Communications Corp. CORPORATE www.europe.zyxel.com 6 Innovation Road II HEADQUARTERS Science Park sales@zyxel.com.tw +886-3-578-2439 ftp.zyxel.com Hsinchu 300 (WORLDWIDE) Taiwan ftp.europe.zyxel.com...
Page 7 +34-902-195-420 www.zyxel.es ZyXEL Communications Alejandro Villegas 33 SPAIN sales@zyxel.es +34-913-005-345 1º, 28043 Madrid Spain support@zyxel.se +46-31-744-7700 www.zyxel.se ZyXEL Communications A/S SWEDEN Sjöporten 4, 41764 Göteborg sales@zyxel.se +46-31-744-7701 Sweden support@ua.zyxel.com +380-44-247-69-78 www.ua.zyxel.com ZyXEL Ukraine 13, Pimonenko Str. UKRAINE sales@ua.zyxel.com +380-44-494-49-32...
Page 8: Table Of Contents
Prestige 661H/HW Series User’s Guide Table of Contents Copyright ........................2 Federal Communications Commission (FCC) Interference Statement ....3 Safety Warnings ....................... 4 ZyXEL Limited Warranty..................5 Customer Support....................6 Table of Contents ..................... 8 List of Figures ......................24 List of Tables ......................
Page 9 Prestige 661H/HW Series User’s Guide Chapter 4 Wizard Setup for Media Bandwidth Management ..........68 4.1 Introduction ......................68 4.1.1 Predefined Media Bandwidth Management Services .......68 4.2 Media Bandwidth Management Setup ...............69 Chapter 5 LAN Setup....................... 72 5.1 LAN Overview ....................72 5.1.1 LANs, WANs and the Prestige ..............72 5.1.2 DHCP Setup .....................72 5.1.2.1 IP Pool Setup ..................73...
Page 10 Prestige 661H/HW Series User’s Guide 6.6.2 Authentication Required: WPA ..............93 6.6.3 Authentication Required: WPA-PSK ............95 6.7 Configuring Local User Authentication ...............96 6.8 Configuring RADIUS ..................97 6.9 Introduction to OTIST ..................98 6.9.1 Enabling OTIST ..................98 6.9.1.1 AP ....................98 6.9.1.2 Wireless Client ................100 6.9.2 Starting OTIST ..................100 6.9.3 Notes on OTIST ..................101 Chapter 7...
Page 11 Prestige 661H/HW Series User’s Guide 8.1.4 NAT Application ..................116 8.1.5 NAT Mapping Types ................117 8.2 SUA (Single User Account) Versus NAT ............118 8.3 SUA Server ......................118 8.3.1 Default Server IP Address ..............118 8.3.2 Port Forwarding: Services and Port Numbers ........118 8.3.3 Configuring Servers Behind SUA (Example) ..........119 8.4 Selecting the NAT Mode ..................119 8.5 Configuring SUA Server ...................120...
Page 12 Prestige 661H/HW Series User’s Guide 11.6 Guidelines for Enhancing Security with Your Firewall ........139 11.6.1 Security In General ................140 11.7 Packet Filtering Vs Firewall ................141 11.7.1 Packet Filtering: ..................141 11.7.1.1 When To Use Filtering ..............141 11.7.2 Firewall ....................141 11.7.2.1 When To Use The Firewall ............141 Chapter 12 Firewall Configuration ..................
Page 13 Prestige 661H/HW Series User’s Guide Chapter 14 Introduction to IPSec ................... 170 14.1 VPN Overview ....................170 14.1.1 IPSec ....................170 14.1.2 Security Association ................170 14.1.3 Other Terminology ................170 14.1.3.1 Encryption ...................170 14.1.3.2 Data Confidentiality ..............171 14.1.3.3 Data Integrity ................171 14.1.3.4 Data Origin Authentication ............171 14.1.4 VPN Applications ..................171 14.2 IPSec Architecture ..................171 14.2.1 IPSec Algorithms ..................172...
Page 14 Prestige 661H/HW Series User’s Guide 15.15 Viewing SA Monitor ..................197 15.16 Configuring Global Setting ................198 15.17 Telecommuter VPN/IPSec Examples ............199 15.17.1 Telecommuters Sharing One VPN Rule Example ......199 15.17.2 Telecommuters Using Unique VPN Rules Example ......200 15.18 VPN and Remote Management ..............202 Chapter 16 Remote Management Configuration ..............
Page 15 Prestige 661H/HW Series User’s Guide 19.4 Bandwidth Management Usage Examples ............229 19.4.1 Application-based Bandwidth Management Example ......229 19.4.2 Subnet-based Bandwidth Management Example .........229 19.4.3 Application and Subnet-based Bandwidth Management Example ..230 19.5 Scheduler .......................231 19.5.1 Priority-based Scheduler ..............231 19.5.2 Fairness-based Scheduler ..............231 19.6 Maximize Bandwidth Usage ................231 19.6.1 Reserving Bandwidth for Non-Bandwidth Class Traffic ......231 19.6.2 Maximize Bandwidth Usage Example ..........232...
Page 16 Prestige 661H/HW Series User’s Guide Chapter 22 Introducing the SMT .................... 266 22.1 SMT Introduction ....................266 22.1.1 Procedure for SMT Configuration via Telnet .........266 22.1.2 Entering Password ................266 22.1.3 Prestige SMT Menus Overview ............267 22.2 Navigating the SMT Interface .................268 22.2.1 System Management Terminal Interface Summary ......270 22.3 Changing the System Password ..............270 Chapter 23...
Page 17 Prestige 661H/HW Series User’s Guide Chapter 28 Remote Node Configuration ................294 28.1 Remote Node Setup Overview ...............294 28.2 Remote Node Setup ..................294 28.2.1 Remote Node Profile ................294 28.2.2 Encapsulation and Multiplexing Scenarios ...........295 28.2.2.1 Scenario 1: One VC, Multiple Protocols ........295 28.2.2.2 Scenario 2: One VC, One Protocol (IP) ........295 28.2.2.3 Scenario 3: Multiple VCs .............295 28.2.3 Outgoing Authentication Protocol ............297...
Page 18 Prestige 661H/HW Series User’s Guide 31.5.2 Example 2: Internet Access with an Inside Server .......320 31.5.3 Example 3: Multiple Public IP Addresses With Inside Servers .....321 31.5.4 Example 4: NAT Unfriendly Application Programs .......325 Chapter 32 Enabling the Firewall ................... 328 32.1 Remote Management and the Firewall ............328 32.2 Access Methods .....................328 32.3 Enabling the Firewall ..................328...
Page 19 Prestige 661H/HW Series User’s Guide 36.2 System Status ....................354 36.3 System Information ..................356 36.3.1 System Information ................356 36.3.2 Console Port Speed ................357 36.4 Log and Trace ....................358 36.4.1 Viewing Error Log .................358 36.4.2 Syslog and Accounting .................359 36.5 Diagnostic ......................361 Chapter 37 Firmware and Configuration File Maintenance ..........
Page 20 Prestige 661H/HW Series User’s Guide 39.2 Remote Management ..................382 39.2.1 Remote Management Setup ..............382 39.2.2 Remote Management Limitations ............383 39.3 Remote Management and NAT ..............384 39.4 System Timeout .....................384 Chapter 40 IP Policy Routing....................386 40.1 IP Policy Routing Overview ................386 40.2 Benefits of IP Policy Routing ................386 40.3 Routing Policy ....................386 40.4 IP Routing Policy Setup .................387...
Page 21 Prestige 661H/HW Series User’s Guide 44.4.1.2 JavaScripts ..................421 44.4.1.3 Java Permissions ................423 44.4.2 ActiveX Controls in Internet Explorer ............425 Appendix A Product Specifications ..................428 Appendix B Setting up Your Computer’s IP Address............432 Windows 95/98/Me....................432 Installing Components ..................433 Configuring ......................
Page 22 Prestige 661H/HW Series User’s Guide Introduction ......................462 Display NetBIOS Filter Settings ................462 NetBIOS Filter Configuration.................. 463 Appendix H VPN Setup......................466 General Notes ......................466 Dynamic IPSec Rule..................466 Full Feature NAT Mode..................466 VPN Configuration via Web Configurator............... 467 Dialing the VPN Tunnel via Web Configurator..........
Page 23 Prestige 661H/HW Series User’s Guide Wireless LAN Topologies ..................502 Ad-hoc Wireless LAN Configuration ..............502 BSS........................502 ESS........................503 Channel........................504 RTS/CTS ........................ 504 Fragmentation Threshold ..................505 Preamble Type ....................... 506 IEEE 802.1x ......................507 RADIUS........................507 Types of RADIUS Messages ................507 Types of Authentication..................
Page 24: List Of Figures
Prestige 661H/HW Series User’s Guide List of Figures Figure 1 Protected Internet Access Applications ..............48 Figure 2 P-661HW LAN-to-LAN Application Example ............49 Figure 3 P-661H Front Panel ....................49 Figure 4 P-661HW Front Panel ................... 49 Figure 5 Password Screen ....................53 Figure 6 Change Password at Login ...................
Page 25 Prestige 661H/HW Series User’s Guide Figure 39 OTIST in Progress (Prestige) ................100 Figure 40 OTIST in Progress (Client) .................. 100 Figure 41 No AP with OTIST Found ................... 101 Figure 42 Start OTIST? ....................... 101 Figure 43 Example of Traffic Shaping ................. 106 Figure 44 WAN Setup (PPPoE) ..................
Page 26 Prestige 661H/HW Series User’s Guide Figure 82 VPN Host using Intranet DNS Server Example ..........181 Figure 83 VPN IKE ......................184 Figure 84 Two Phases to Set Up the IPSec SA ..............188 Figure 85 VPN IKE: Advanced Setup ................. 191 Figure 86 VPN: Manual Key ....................
Page 27 Prestige 661H/HW Series User’s Guide Figure 125 TMSS 3 Steps ....................244 Figure 126 TMSS Registration Form .................. 244 Figure 127 Example TMSS Activated Service Summary Screen ........245 Figure 128 Example TMSS Activated Parental Controls Screen ........245 Figure 129 TMSS Main Screen ................... 246 Figure 130 TMSS Service Settings ..................
Page 28 Prestige 661H/HW Series User’s Guide Figure 168 Menu 11.6 for LLC-based Multiplexing or PPP Encapsulation ......302 Figure 169 Menu 11.1 Remote Node Profile ............... 302 Figure 170 Menu 11.8 Advance Setup Options ..............303 Figure 171 Sample Static Routing Topology ............... 304 Figure 172 Menu 12 Static Route Setup ................
Page 29 Prestige 661H/HW Series User’s Guide Figure 211 Sample Telnet Filter ..................340 Figure 212 Menu 21.1.6.1 Sample Filter ................340 Figure 213 Menu 21.1.6.1 Sample Filter Rules Summary ..........341 Figure 214 Filtering Ethernet Traffic ..................342 Figure 215 Filtering Remote Node Traffic ................342 Figure 216 SNMP Management Model ................
Page 30 Prestige 661H/HW Series User’s Guide Figure 254 IP Routing Policy Example ................393 Figure 255 IP Routing Policy Example ................394 Figure 256 Applying IP Policies Example ................394 Figure 257 Menu 26 Schedule Setup .................. 396 Figure 258 Menu 26.1 Schedule Set Setup ............... 397 Figure 259 Applying Schedule Set(s) to a Remote Node (PPPoE) ........
Page 31 Prestige 661H/HW Series User’s Guide Figure 297 VPN Tunnel Established ................... 471 Figure 298 Menu 27: VPN/IPSec Setup ................471 Figure 299 Menu 27.1: IPSec Summary ................472 Figure 300 Headquarters Menu 27.1.1: IPSec Setup ............472 Figure 301 Branch Office Menu 27.1.1: IPSec Setup ............473 Figure 302 Menu 27.1.1.1: IKE Setup .................
Page 32: List Of Tables
Prestige 661H/HW Series User’s Guide List of Tables Table 1 ADSL Standards ....................42 Table 2 Front Panel LEDs ....................49 Table 3 Web Configurator Screens Summary ..............55 Table 4 Password ....................... 57 Table 5 Internet Access Wizard Setup: ISP Parameters ............ 59 Table 6 Internet Connection with PPPoE ................
Page 33 Prestige 661H/HW Series User’s Guide Table 39 Legal SMTP Commands ..................136 Table 40 Firewall: Default Policy ..................147 Table 41 Rule Summary ..................... 149 Table 42 Firewall: Edit Rule ....................152 Table 43 Customized Services ................... 153 Table 44 Firewall: Configure Customized Services ............154 Table 45 Predefined Services ...................
Page 34 Prestige 661H/HW Series User’s Guide Table 82 System Status: Show Statistics ................257 Table 83 DHCP Table ......................258 Table 84 Any IP Table ......................259 Table 85 Association List ....................260 Table 86 Diagnostic: General ..................... 261 Table 87 Diagnostic: DSL Line ................... 262 Table 88 Firmware Upgrade ....................
Page 35 Prestige 661H/HW Series User’s Guide Table 125 Menu 24.2.1 System Maintenance: Information ..........357 Table 126 Menu 24.3.2 System Maintenance : Syslog and Accounting ......359 Table 127 Menu 24.4 System Maintenance Menu: Diagnostic .......... 362 Table 128 Filename Conventions ..................365 Table 129 General Commands for GUI-based FTP Clients ..........
Page 36 Prestige 661H/HW Series User’s Guide Table 168 TCP Reset Logs ....................488 Table 169 Packet Filter Logs ....................488 Table 170 ICMP Logs ......................489 Table 171 CDR Logs ......................489 Table 172 PPP Logs ......................489 Table 173 UPnP Logs ......................490 Table 174 Content Filtering Logs ..................
Page 37 Prestige 661H/HW Series User’s Guide List of Tables...
Page 38: Preface
Prestige 661H/HW Series User’s Guide Preface The Prestige 661H (P-661H) and Prestige 661HW (P-661HW) are ADSL routers with a built- in switch. They allow super-fast, secure Internet access over analog (POTS) or digital (ISDN) telephone lines (depending on your model). The Prestige 661HW also has IEEE 802.11g wireless capability.
Page 39 Help us help you. E-mail all User Guide-related comments, questions or suggestions for improvement to techwriters@zyxel.com.tw or send regular mail to The Technical Writing Team, ZyXEL Communications Corp., 6 Innovation Road II, Science-Based Industrial Park, Hsinchu, 300, Taiwan. Thank you.
Page 40: Introduction To Dsl
Prestige 661H/HW Series User’s Guide Introduction to DSL DSL (Digital Subscriber Line) technology enhances the data capacity of the existing twisted- pair wire that runs between the local telephone company switching offices and most homes and offices. While the wire itself can handle higher frequencies, the telephone switching equipment is designed to cut off signals above 4,000 Hz to filter noise off the voice line, but now everybody is searching for ways to get more bandwidth to improve access to the Web - hence DSL technologies.
Page 41 Prestige 661H/HW Series User’s Guide Introduction to DSL...
Page 42: Getting To Know Your Prestige
Prestige 661H/HW Series User’s Guide H A P T E R Getting To Know Your Prestige Prestige. This chapter describes the key features and applications of your 1.1 Introducing the Prestige The Prestige 661H (P-661H) and Prestige 661HW (P-661HW) are ADSL routers with a built- in switch.
Page 43: Features Of The Prestige
Prestige 661H/HW Series User’s Guide Table 1 ADSL Standards DATA RATE STANDARD UPSTREAM DOWNSTREAM 3.5Mbps 12Mbps ADSL2 3.5Mbps 24Mbps ADSL2+ Note: The standard your ISP supports determines the maximum upstream and downstream speeds attainable. Actual speeds attained also depend on the distance from your ISP, line quality, etc.
Page 44: Traffic Redirect
Prestige 661H/HW Series User’s Guide Trend Micro Security Services TMSS (Trend Micro Security Services) identifies vulnerabilities and protects computers and networks that have Internet connections. TMSS is enabled by default on the Prestige but you must register at the TMSS web page. After you register, you can configure TMSS using the Prestige web configurator.
Page 45: Dynamic Dns Support
Prestige 661H/HW Series User’s Guide PPPoE (RFC2516) PPPoE (Point-to-Point Protocol over Ethernet) emulates a dial-up connection. It allows your ISP to use their existing network configuration with newer broadband technologies such as ADSL. The PPPoE driver on the Prestige is transparent to the computers on the LAN, which see only Ethernet and are not aware of PPPoE thus saving you from having to manage PPPoE clients on individual computers.
Page 46: P-661Hw Wireless Features
Prestige 661H/HW Series User’s Guide Housing Your Prestige's compact and ventilated housing minimizes space requirements making it easy to position anywhere in your busy office. 1.1.1.1 P-661HW Wireless Features Wireless LAN The Prestige supports the IEEE 802.11g standard, which is fully compatible with the IEEE 802.11b standard, meaning that you can have both IEEE 802.11b and IEEE 802.11g wireless clients in the same wireless network.
Page 47: Applications For The Prestige
Prestige 661H/HW Series User’s Guide 1.1.2 Applications for the Prestige Here are some example uses for which the Prestige is well suited. 1.1.2.1 Protected Internet Access The Prestige is the ideal high-speed Internet access solution. It is compatible with all major ADSL DSLAM (Digital Subscriber Line Access Multiplexer) providers and supports the ADSL standards as shown in Table 1 on page...
Page 48: Lan To Lan Application
Prestige 661H/HW Series User’s Guide Figure 1 Protected Internet Access Applications 1.1.2.2 LAN to LAN Application You can use the Prestige to connect two geographically dispersed networks over the ADSL line. A typical LAN-to-LAN application example for the P-661HW is shown as follows. Chapter 1 Getting To Know Your Prestige...
Page 49: Front Panel Leds
Prestige 661H/HW Series User’s Guide Figure 2 P-661HW LAN-to-LAN Application Example 1.1.3 Front Panel LEDs Figure 3 P-661H Front Panel Figure 4 P-661HW Front Panel The following table describes the LEDs. Table 2 Front Panel LEDs COLOR STATUS DESCRIPTION PWR/SYS Green The Prestige is receiving power and functioning properly.
Page 50 Prestige 661H/HW Series User’s Guide Table 2 Front Panel LEDs (continued) COLOR STATUS DESCRIPTION WLAN (P- Green The Prestige is ready, but is not sending/receiving data 661HW only) through the wireless LAN. Blinking The Prestige is sending/receiving data through the wireless LAN.
Page 51 Prestige 661H/HW Series User’s Guide Chapter 1 Getting To Know Your Prestige...
Page 52: Introducing The Web Configurator
Prestige 661H/HW Series User’s Guide H A P T E R Introducing the Web Configurator This chapter describes how to access and navigate the web configurator. 2.1 Web Configurator Overview The web configurator is an HTML-based management interface that allows easy Prestige setup and management via Internet browser.
Page 53: Resetting The Prestige
Prestige 661H/HW Series User’s Guide Figure 5 Password Screen 6 It is highly recommended you change the default password! Enter a new password between 1 and 30 characters, retype it to confirm and click Apply; alternatively click Ignore to proceed to the main menu if you do not want to change the password now. Note: If you do not change the password at least once, the following screen appears every time you log in.
Page 54: Navigating The Prestige Web Configurator
Prestige 661H/HW Series User’s Guide 2 Press the RESET button for ten seconds or until the PWR/SYS LED begins to blink and then release it. When the PWR/SYS LED begins to blink, the defaults have been restored and the Prestige restarts. 2.1.3 Navigating the Prestige Web Configurator The following summarizes how to navigate the web configurator from the SITE MAP screen.
Page 55: Figure 7 Web Configurator: P-661Hw Site Map Screen
Prestige 661H/HW Series User’s Guide Figure 7 Web Configurator: P-661HW Site Map Screen Note: Click the icon (located in the top right corner of most screens) to view embedded help. Table 3 Web Configurator Screens Summary LINK SUB-LINK FUNCTION Wizard Setup Connection Setup Use these screens for initial configuration including general setup, ISP parameters for Internet Access and WAN IP/DNS...
Page 56 Prestige 661H/HW Series User’s Guide Table 3 Web Configurator Screens Summary (continued) LINK SUB-LINK FUNCTION Full Feature Use this screen to configure network address translation mapping rules. Dynamic DNS Use this screen to set up dynamic DNS. Time and Date Use this screen to change your Prestige’s time and date.
Page 57: Figure 8 Password
Prestige 661H/HW Series User’s Guide Table 3 Web Configurator Screens Summary (continued) LINK SUB-LINK FUNCTION Wireless LAN (P- Association List This screen displays the MAC address(es) of the wireless 661HW only) stations that are currently associating with the Prestige. Diagnostic General These screens display information to help you identify problems with the Prestige general connection.
Page 58: Wizard Setup For Internet Access
Prestige 661H/HW Series User’s Guide H A P T E R Wizard Setup for Internet Access This chapter provides information on the Wizard Setup screens for Internet access in the web configurator. 3.1 Introduction Use the Wizard Setup screens to configure your system for Internet access with the information given to you by your ISP.
Page 59: Figure 9 Internet Access Wizard Setup: Isp Parameters
Prestige 661H/HW Series User’s Guide Figure 9 Internet Access Wizard Setup: ISP Parameters The following table describes the fields in this screen. Table 5 Internet Access Wizard Setup: ISP Parameters LABEL DESCRIPTION Mode From the Mode drop-down list box, select Routing (default) if your ISP allows multiple computers to share an Internet account.
Page 60: Figure 10 Internet Connection With Pppoe
Prestige 661H/HW Series User’s Guide Figure 10 Internet Connection with PPPoE The following table describes the fields in this screen. Table 6 Internet Connection with PPPoE LABEL DESCRIPTION Service Name Type the name of your PPPoE service here. User Name Enter the user name exactly as your ISP assigned.
Page 61: Figure 11 Internet Connection With Rfc 1483
Prestige 661H/HW Series User’s Guide Figure 11 Internet Connection with RFC 1483 The following table describes the fields in this screen. Table 7 Internet Connection with RFC 1483 LABEL DESCRIPTION IP Address This field is available if you select Routing in the Mode field. Type your ISP assigned IP address in this field.
Page 62: Figure 12 Internet Connection With Enet Encap
Prestige 661H/HW Series User’s Guide Figure 12 Internet Connection with ENET ENCAP The following table describes the fields in this screen. Table 8 Internet Connection with ENET ENCAP LABEL DESCRIPTION IP Address A static IP address is a fixed IP that your ISP gives you. A dynamic IP address is not fixed;...
Page 63: Figure 13 Internet Connection With Pppoa
Prestige 661H/HW Series User’s Guide Figure 13 Internet Connection with PPPoA The following table describes the fields in this screen. Table 9 Internet Connection with PPPoA LABEL DESCRIPTION User Name Enter the login name that your ISP gives you. Password Enter the password associated with the user name above.
Page 64: Figure 14 Internet Access Wizard Setup: Third Screen
Prestige 661H/HW Series User’s Guide 3 Verify the settings in the screen shown next. To change the LAN information on the Prestige, click Change LAN Configurations. Otherwise click Save Settings to save the configuration and skip to the section 3.13. Figure 14 Internet Access Wizard Setup: Third Screen If you want to change your Prestige LAN settings, click Change LAN Configuration to display the screen as shown next.
Page 65: Figure 15 Internet Access Wizard Setup: Lan Configuration
Prestige 661H/HW Series User’s Guide Figure 15 Internet Access Wizard Setup: LAN Configuration The following table describes the fields in this screen. Table 10 Internet Access Wizard Setup: LAN Configuration LABEL DESCRIPTION LAN IP Address Enter the IP address of your Prestige in dotted decimal notation, for example, 192.168.1.1 (factory default).
Page 66: Figure 16 Internet Access Wizard Setup: Connection Tests
Prestige 661H/HW Series User’s Guide Figure 16 Internet Access Wizard Setup: Connection Tests 5 Launch your web browser and navigate to www.zyxel.com. Internet access is just the beginning. Refer to the rest of this guide for more detailed information on the complete range of Prestige features.
Page 67 Prestige 661H/HW Series User’s Guide Chapter 3 Wizard Setup for Internet Access...
Page 68: Wizard Setup For Media Bandwidth Management
Prestige 661H/HW Series User’s Guide H A P T E R Wizard Setup for Media Bandwidth Management This chapter shows you how to configure basic bandwidth management using the wizard screens. 4.1 Introduction The web configurator’s Media Bandwidth Magnt. screens under Wizard Setup allows you to specify bandwidth classes based on an application (or service).
Page 69: Media Bandwidth Management Setup
Prestige 661H/HW Series User’s Guide Table 11 Media Bandwidth Mgnt. Wizard Setup: Services (continued) SERVICE DESCRIPTION E-Mail Electronic mail consists of messages sent through a computer network to specific groups or individuals. Here are some default ports for e-mail: POP3 - port 110 IMAP - port 143 SMTP - port 25 HTTP - port 80...
Page 70: Figure 18 Media Bandwidth Mgnt. Wizard Setup: Second Screen
Prestige 661H/HW Series User’s Guide The following table describes the labels in this screen. Table 12 Media Bandwidth Mgnt. Wizard Setup: First Screen LABEL DESCRIPTION Active Select the Active check box to have the Prestige apply bandwidth management to traffic going out through the Prestige’s WAN, LAN or WLAN port. Select the service to These checkboxes are applicable when you select the Active check box above.
Page 71: Figure 19 Media Bandwidth Mgnt. Wizard Setup: Finish
Prestige 661H/HW Series User’s Guide Table 13 Media Bandwidth Mgnt. Wizard Setup: Second Screen LABEL DESCRIPTION Back Click Back to return to the previous screen. Finish Click Finish to complete and save the bandwidth management setup. 3 Well done! You have finished configuration of Media Bandwidth Management. You may now continue configuring your device.
Page 72: Chapter 5 Lan Setup
Prestige 661H/HW Series User’s Guide H A P T E R LAN Setup This chapter describes how to configure LAN settings and set up static DHCP. 5.1 LAN Overview A Local Area Network (LAN) is a shared communication system to which many computers are attached.
Page 73: Ip Pool Setup
Prestige 661H/HW Series User’s Guide 5.1.2.1 IP Pool Setup The Prestige is pre-configured with a pool of IP addresses for the DHCP clients (DHCP Pool). See the product specifications in the appendices. Do not assign static IP addresses from the DHCP pool to your LAN computers.
Page 74: Lan Tcp/Ip
Prestige 661H/HW Series User’s Guide 5.2 LAN TCP/IP The Prestige has built-in DHCP server capability that assigns IP addresses and DNS servers to systems that support DHCP client capability. 5.2.1 IP Address and Subnet Mask Similar to the way houses on a street share a common street name, so too do computers on a LAN share one common network number.
Page 75: Rip Setup
Prestige 661H/HW Series User’s Guide You can obtain your IP address from the IANA, from an ISP or it can be assigned from a private network. If you belong to a small organization and your Internet access is through an ISP, the ISP can provide you with the Internet addresses for your local networks.
Page 76: Any Ip
Prestige 661H/HW Series User’s Guide 224.0.0.0 is not assigned to any group and is used by IP multicast computers. The address 224.0.0.1 is used for query messages and is assigned to the permanent group of all IP hosts (including gateways). All hosts must join the 224.0.0.1 group in order to participate in IGMP. The address 224.0.0.2 is assigned to the multicast routers group.
Page 77: How Any Ip Works
Prestige 661H/HW Series User’s Guide Note: You must enable NAT/SUA to use the Any IP feature on the Prestige. 5.2.4.1 How Any IP Works Address Resolution Protocol (ARP) is a protocol for mapping an Internet Protocol address (IP address) to a physical machine address, also known as a Media Access Control or MAC address, on the local area network.
Page 78: Figure 22 Lan Setup
Prestige 661H/HW Series User’s Guide Figure 22 LAN Setup The following table describes the fields in this screen. Table 14 LAN Setup LABEL DESCRIPTION DHCP DHCP If set to Server, your Prestige can assign IP addresses, an IP default gateway and DNS servers to Windows 95, Windows NT and other systems that support the DHCP client.
Page 79: Configuring Static Dhcp
Prestige 661H/HW Series User’s Guide Table 14 LAN Setup (continued) LABEL DESCRIPTION Secondary DNS As above. Server Remote DHCP If Relay is selected in the DHCP field above then enter the IP address of the Server actual remote DHCP server here. TCP/IP IP Address Enter the IP address of your Prestige in dotted decimal notation, for example,...
Page 80: Figure 23 Lan: Static Dhcp
Prestige 661H/HW Series User’s Guide Figure 23 LAN: Static DHCP The following table describes the labels in this screen. Table 15 LAN: Static DHCP LABEL DESCRIPTION This is the index number of the Static IP table entry (row). MAC Address Type the MAC address (with colons) of a computer on your LAN.
Page 81 Prestige 661H/HW Series User’s Guide Chapter 5 LAN Setup...
Page 82: Wireless Lan (Prestige 661Hw)
Prestige 661H/HW Series User’s Guide H A P T E R Wireless LAN (Prestige 661HW) This chapter discusses how to configure Wireless LAN. 6.1 Introduction A wireless LAN can be as simple as two computers with wireless LAN adapters communicating in a peer-to-peer network or as complex as a number of computers with wireless LAN adapters communicating through access points which bridge network traffic to the wired LAN.
Page 83: Restricted Access
Prestige 661H/HW Series User’s Guide • Use the Local User Database if you have less than 32 wireless clients in your network. The Prestige uses MD5 encryption when a client authenticates with the Local User Database 6.2.3 Restricted Access The MAC Filter screen allows you to configure the AP to give exclusive access to devices (Allow Association) or exclude them from accessing the AP (Deny Association).
Page 84: Configuring The Wireless Screen
Prestige 661H/HW Series User’s Guide Figure 24 Wireless Security Methods Note: You must enable the same wireless security settings on the Prestige and on all wireless clients that you want to associate with it. If you do not enable any wireless security on your Prestige, your network is accessible to any wireless networking device that is within range.
Page 85: Figure 25 Wireless Screen
Prestige 661H/HW Series User’s Guide Figure 25 Wireless Screen The following table describes the labels in this screen. Table 16 Wireless LAN LABEL DESCRIPTION Enable Wireless You should configure some wireless security (see Figure 24 on page 84) when you enable the wireless LAN.
Page 86 Prestige 661H/HW Series User’s Guide Table 16 Wireless LAN (continued) LABEL DESCRIPTION RTS/CTS The RTS (Request To Send) threshold (number of bytes) is for enabling RTS/CTS. Threshold Data with its frame size larger than this value will perform the RTS/CTS handshake. Setting this value to be larger than the maximum MSDU (MAC service data unit) size turns off RTS/CTS.
Page 87: Configuring Mac Filters
Prestige 661H/HW Series User’s Guide 6.4 Configuring MAC Filters Every Ethernet device has a unique MAC (Media Access Control) address. The MAC address is assigned at the factory and consists of six pairs of hexadecimal characters, for example, 00:A0:C5:00:00:02. You need to know the MAC addresses of the devices to configure this screen.
Page 88: Introduction To Wpa
Prestige 661H/HW Series User’s Guide The following table describes the fields in this menu. Table 17 MAC Address Filter LABEL DESCRIPTION Active Select Yes from the drop down list box to enable MAC address filtering. Action Define the filter action for the list of MAC addresses in the MAC Address table. Select Deny Association to block access to the router, MAC addresses not listed will be allowed to access the Prestige.
Page 89: Wpa With Radius Application Example
Prestige 661H/HW Series User’s Guide Figure 27 WPA - PSK Authentication 6.5.2 WPA with RADIUS Application Example You need the IP address, port number (default is 1812) and shared secret of a RADIUS server. A WPA application example with an external RADIUS server looks as follows. "A" is the RADIUS server.
Page 90: Wireless Client Wpa Supplicants
Prestige 661H/HW Series User’s Guide Figure 28 WPA with RADIUS Application Example2 6.5.3 Wireless Client WPA Supplicants A wireless client supplicant is the software that runs on an operating system instructing the wireless client how to use WPA. At the time of writing, the most widely available supplicants are the WPA patch for Windows XP, Funk Software's Odyssey client, and Meetinghouse Data Communications' AEGIS client.
Page 91: Authentication Required: 802.1X
Prestige 661H/HW Series User’s Guide Figure 29 Wireless LAN: 802.1x/WPA: No Access Allowed Figure 30 Wireless LAN: 802.1x/WPA: No Authentication The following table describes the label in these screens. Table 18 Wireless LAN: 802.1x/WPA: No Access/Authentication LABEL DESCRIPTION Wireless Port To control wireless station access to the wired network, select a control method from Control the drop-down list box.
Page 92: Figure 31 Wireless Lan: 802.1X/Wpa: 802.1Xl
Prestige 661H/HW Series User’s Guide • A wireless station computer must be running IEEE 802.1x-compliant software. Not all Windows operating systems support IEEE 802.1x (see the Microsoft web site for details). For other operating systems, see their documentation. If your operating system does not support IEEE 802.1x, then you may need to install IEEE 802.1x client software.
Page 93: Authentication Required: Wpa
Prestige 661H/HW Series User’s Guide Table 19 Wireless LAN: 802.1x/WPA: 802.1x (continued) LABEL DESCRIPTION Key Management Choose 802.1x from the drop-down list. Protocol Dynamic WEP Key This field is activated only when you select Authentication Required in the Exchange Wireless Port Control field. Also set the Authentication Databases field to RADIUS Only.
Page 94: Figure 32 Wireless Lan: 802.1X/Wpa: Wpa
Prestige 661H/HW Series User’s Guide Figure 32 Wireless LAN: 802.1x/WPA: WPA The following table describes the labels not previously discussed Table 20 Wireless LAN: 802.1x/WPA: WPA LABEL DESCRIPTION Key Management Choose WPA in this field. Protocol WPA Mixed Mode The Prestige can operate in WPA Mixed Mode, which supports both clients running WPA and clients running dynamic WEP key exchange with 802.1x in the same Wi-Fi network.
Page 95: Authentication Required: Wpa-Psk
Prestige 661H/HW Series User’s Guide 6.6.3 Authentication Required: WPA-PSK Select Authentication Required in the Wireless Port Control field and WPA-PSK in the Key Management Protocol field to display the next screen. Figure 33 Wireless LAN: 802.1x/WPA:WPA-PSK The following table describes the labels not previously discussed. Table 21 Wireless LAN: 802.1x/WPA: WPA-PSK LABEL DESCRIPTION...
Page 96: Configuring Local User Authentication
Prestige 661H/HW Series User’s Guide 6.7 Configuring Local User Authentication By storing user profiles locally, your Prestige is able to authenticate wireless users without interacting with a network RADIUS server. However, there is a limit on the number of users you may authenticate in this way.
Page 97: Configuring Radius
Prestige 661H/HW Series User’s Guide Table 22 Local User Database (continued) LABEL DESCRIPTION Password Enter a password of up to 31 printable characters (including spaces; alphabetic characters are case-sensitive) if you’re using MD5 encryption and maximum 14 if you’re using PEAP. Back Click Back to go to the main wireless LAN setup screen.
Page 98: Introduction To Otist
Prestige 661H/HW Series User’s Guide Table 23 RADIUS (continued) LABEL DESCRIPTION Shared Secret Enter a password (up to 31 alphanumeric characters) as the key to be shared between the external authentication server and the access points. The key is not sent over the network. This key must be the same on the external authentication server and Prestige.
Page 99: Figure 36 Otist
Prestige 661H/HW Series User’s Guide 6.9.1.1.1 Reset button If you use the Reset button, the default (01234567) or previous saved (through the web configurator) Setup key is used to encrypt the settings that you want to transfer. Hold in the Reset button for one or two seconds. Note: If you hold in the Reset button too long, the device will reset to the factory defaults! 6.9.1.1.2 Web Configurator...
Page 100: Wireless Client
Prestige 661H/HW Series User’s Guide 6.9.1.2 Wireless Client Start the ZyXEL utility and click the Adapter tab. Select the OTIST check box, enter the same Setup Key as your AP’s and click Save. Figure 37 Example Wireless Client OTIST Screen 6.9.2 Starting OTIST Note: You must click Start in the AP OTIST web configurator screen and in the wireless client(s) Adapter screen all within three minutes (at the time or...
Page 101: Notes On Otist
Prestige 661H/HW Series User’s Guide OTIST • In the wireless client, you see this screen Figure 41 No with Found if it can't find an OTIST-enabled AP (with the same Setup key). Click OK to go back to the ZyXEL utility main screen.
Page 102: Chapter 7 Wan Setup
Prestige 661H/HW Series User’s Guide H A P T E R WAN Setup This chapter describes how to configure WAN settings. 7.1 WAN Overview A WAN (Wide Area Network) is an outside connection to another network or the Internet. 7.1.1 Encapsulation Be sure to use the encapsulation method required by your ISP.
Page 103: Rfc 1483
Prestige 661H/HW Series User’s Guide 7.1.1.4 RFC 1483 RFC 1483 describes two methods for Multiprotocol Encapsulation over ATM Adaptation Layer 5 (AAL5). The first method allows multiplexing of multiple protocols over a single ATM virtual circuit (LLC-based multiplexing) and the second method assumes that each protocol is carried over a separate ATM virtual circuit (VC-based multiplexing).
Page 104: Ip Assignment With Rfc 1483 Encapsulation
Prestige 661H/HW Series User’s Guide 7.1.4.2 IP Assignment with RFC 1483 Encapsulation In this case the IP Address Assignment must be static with the same requirements for the IP Address and ENET ENCAP Gateway fields as stated above. 7.1.4.3 IP Assignment with ENET ENCAP Encapsulation In this case you can have either a static or dynamic IP.
Page 105: Pppoe Encapsulation
Prestige 661H/HW Series User’s Guide For example, if the normal route has a metric of "1" and the traffic-redirect route has a metric of "2" and dial-backup route has a metric of "3", then the normal route acts as the primary default route.
Page 106: Zero Configuration Internet Access
Prestige 661H/HW Series User’s Guide Peak Cell Rate (PCR) is the maximum rate at which the sender can send cells. This parameter may be lower (but not higher) than the maximum line speed. 1 ATM cell is 53 bytes (424 bits), so a maximum speed of 832Kbps gives a maximum PCR of 1962 cells/sec.
Page 107: Configuring Wan Setup
Prestige 661H/HW Series User’s Guide 7.6 Configuring WAN Setup To change your Prestige’s WAN remote node settings, click WAN and WAN Setup. The screen differs by the encapsulation. Chapter 7 WAN Setup...
Page 108: Figure 44 Wan Setup (Pppoe)
Prestige 661H/HW Series User’s Guide Figure 44 WAN Setup (PPPoE) The following table describes the fields in this screen. Table 25 WAN Setup LABEL DESCRIPTION Name Enter the name of your Internet Service Provider, e.g., MyISP. This information is for identification purposes only. Mode Select Routing (default) from the drop-down list box if your ISP allows multiple computers to share an Internet account.
Page 109 Prestige 661H/HW Series User’s Guide Table 25 WAN Setup (continued) LABEL DESCRIPTION Encapsulation Select the method of encapsulation used by your ISP from the drop-down list box. Choices vary depending on the mode you select in the Mode field. If you select Bridge in the Mode field, select either PPPoA or RFC 1483. If you select Routing in the Mode field, select PPPoA, RFC 1483, ENET ENCAP or PPPoE.
Page 110: Traffic Redirect
Prestige 661H/HW Series User’s Guide Table 25 WAN Setup (continued) LABEL DESCRIPTION Connect on Demand Select Connect on Demand when you don't want the connection up all the time and specify an idle time-out in the Max Idle Timeout field. Max Idle Timeout Specify an idle time-out in the Max Idle Timeout field when you select Connect on Demand.
Page 111: Configuring Wan Backup
Prestige 661H/HW Series User’s Guide Figure 45 Traffic Redirect Example The following network topology allows you to avoid triangle route security issues when the backup gateway is connected to the LAN. Use IP alias to configure the LAN into two or three logical networks with the Prestige itself as the gateway for each LAN network.
Page 112: Figure 47 Wan Backup
Prestige 661H/HW Series User’s Guide Figure 47 WAN Backup The following table describes the fields in this screen. Table 26 WAN Backup LABEL DESCRIPTION Backup Type Select the method that the Prestige uses to check the DSL connection. Select DSL Link to have the Prestige check if the connection to the DSLAM is up. Select ICMP to have the Prestige periodically ping the IP addresses configured in the Check WAN IP Address fields.
Page 113 Prestige 661H/HW Series User’s Guide Table 26 WAN Backup (continued) LABEL DESCRIPTION Timeout Type the number of seconds (3 recommended) for your Prestige to wait for a ping response from one of the IP addresses in the Check WAN IP Address field before timing out the request.
Page 114: Network Address Translation (Nat) Screens
Prestige 661H/HW Series User’s Guide H A P T E R Network Address Translation (NAT) Screens This chapter discusses how to configure NAT on the Prestige. 8.1 NAT Overview NAT (Network Address Translation - NAT, RFC 1631) is the translation of the IP address of a host in a packet, for example, the source address of an outgoing packet, used within one network to a different IP address known within another network.
Page 115: What Nat Does
Prestige 661H/HW Series User’s Guide 8.1.2 What NAT Does In the simplest form, NAT changes the source IP address in a packet received from a subscriber (the inside local address) to another (the inside global address) before forwarding the packet to the WAN side. When the response comes back, NAT translates the destination address (the inside global address) back to the inside local address before forwarding it to the original inside host.
Page 116: Nat Application
Prestige 661H/HW Series User’s Guide Figure 48 How NAT Works 8.1.4 NAT Application The following figure illustrates a possible NAT application, where three inside LANs (logical LANs using IP Alias) behind the Prestige can communicate with three distinct WAN networks. More examples follow at the end of this chapter. Figure 49 NAT Application With IP Alias Chapter 8 Network Address Translation (NAT) Screens...
Page 117: Nat Mapping Types
Prestige 661H/HW Series User’s Guide 8.1.5 NAT Mapping Types NAT supports five types of IP/port mapping. They are: • One to One: In One-to-One mode, the Prestige maps one local IP address to one global IP address. • Many to One: In Many-to-One mode, the Prestige maps multiple local IP addresses to one global IP address.
Page 118: Sua (Single User Account) Versus Nat
Prestige 661H/HW Series User’s Guide 8.2 SUA (Single User Account) Versus NAT SUA (Single User Account) is a ZyNOS implementation of a subset of NAT that supports two types of mapping, Many-to-One and Server. The Prestige also supports Full Feature NAT to map multiple global IP addresses to multiple private LAN IP addresses of clients or servers using mapping types as outlined in Table 28 on page...
Page 119: Configuring Servers Behind Sua (Example)
Prestige 661H/HW Series User’s Guide Table 29 Services and Port Numbers (continued) SERVICES PORT NUMBER SMTP (Simple Mail Transfer Protocol) DNS (Domain Name System) Finger HTTP (Hyper Text Transfer protocol or WWW, Web) POP3 (Post Office Protocol) NNTP (Network News Transport Protocol) SNMP (Simple Network Management Protocol) SNMP trap PPTP (Point-to-Point Tunneling Protocol)
Page 120: Configuring Sua Server
Prestige 661H/HW Series User’s Guide Figure 51 NAT Mode The following table describes the labels in this screen. Table 30 NAT Mode LABEL DESCRIPTION None Select this radio button to disable NAT. SUA Only Select this radio button if you have just one public WAN IP address for your Prestige. The Prestige uses Address Mapping Set 1 in the NAT - Edit SUA/NAT Server Set screen.
Page 121: Figure 52 Edit Sua/Nat Server Set
Prestige 661H/HW Series User’s Guide Figure 52 Edit SUA/NAT Server Set The following table describes the fields in this screen. Table 31 Edit SUA/NAT Server Set LABEL DESCRIPTION Start Port No. Enter a port number in this field. To forward only one port, enter the port number again in the End Port No. field. To forward a series of ports, enter the start port number here and the end port number in the End Port No.
Page 122: Configuring Address Mapping
Prestige 661H/HW Series User’s Guide 8.6 Configuring Address Mapping Ordering your rules is important because the Prestige applies the rules in the order that you specify. When a rule matches the current packet, the Prestige takes the corresponding action and the remaining rules are ignored. If there are any empty rules before your new configured rule, your configured rule will be pushed up by that number of empty rules.
Page 123: Editing An Address Mapping Rule
Prestige 661H/HW Series User’s Guide Table 32 Address Mapping Rules (continued) LABEL DESCRIPTION Type 1-1: One-to-one mode maps one local IP address to one global IP address. Note that port numbers do not change for the One-to-one NAT mapping type. M-1: Many-to-One mode maps multiple local IP addresses to one global IP address.
Page 124: Table 33 Address Mapping Rule Edit
Prestige 661H/HW Series User’s Guide Table 33 Address Mapping Rule Edit LABEL DESCRIPTION Type Choose the port mapping type from one of the following. • One-to-One: One-to-One mode maps one local IP address to one global IP address. Note that port numbers do not change for One-to-one NAT mapping type.
Page 125 Prestige 661H/HW Series User’s Guide Chapter 8 Network Address Translation (NAT) Screens...
Page 126: Chapter 9 Dynamic Dns Setup
Prestige 661H/HW Series User’s Guide H A P T E R Dynamic DNS Setup This chapter discusses how to configure your Prestige to use Dynamic DNS. 9.1 Dynamic DNS Dynamic DNS allows you to update your current dynamic IP address with one or many dynamic DNS services so that anyone can contact you (in NetMeeting, CU-SeeMe, etc.).
Page 127: Figure 55 Dynamic Dns
Prestige 661H/HW Series User’s Guide Figure 55 Dynamic DNS The following table describes the fields in this screen. Table 34 Dynamic DNS LABEL DESCRIPTION Active Select this check box to use dynamic DNS. Service Provider This is the name of your Dynamic DNS service provider. Host Names Type the domain name assigned to your Prestige by your Dynamic DNS provider.
Page 128: Chapter 10 Time And Date
Prestige 661H/HW Series User’s Guide H A P T E R Time and Date This screen is not available on all models. Use this screen to configure the Prestige’s time and date settings. 10.1 Configuring Time and Date To change your Prestige’s time and date, click Time And Date. The screen appears as shown. Use this screen to configure the Prestige’s time based on your local time zone.
Page 129: Table 35 Time And Date
Prestige 661H/HW Series User’s Guide Table 35 Time and Date LABEL DESCRIPTION Time Server Use Protocol when Select the time service protocol that your time server sends when you turn on the Bootup Prestige. Not all time servers support all protocols, so you may have to check with your ISP/network administrator or use trial and error to find a protocol that works.
Page 130: Chapter 11 Firewalls
Prestige 661H/HW Series User’s Guide H A P T E R Firewalls This chapter gives some background information on firewalls and introduces the Prestige firewall. 11.1 Firewall Overview Originally, the term firewall referred to a construction technique designed to prevent the spread of fire from one room to another.
Page 131: Stateful Inspection Firewalls
Prestige 661H/HW Series User’s Guide Information hiding prevents the names of internal systems from being made known via DNS to outside systems, since the application gateway is the only host whose name must be made known to outside systems. Robust authentication and logging pre-authenticates application traffic before it reaches internal hosts and causes it to be logged more effectively than if it were logged with standard host logging.
Page 132: Denial Of Service Attacks
Prestige 661H/HW Series User’s Guide 11.3.1 Denial of Service Attacks Figure 57 Prestige Firewall Application 11.4 Denial of Service Denials of Service (DoS) attacks are aimed at devices and networks with a connection to the Internet. Their goal is not to steal information, but to disable a device or network so users no longer have access to network resources.
Page 133: Types Of Dos Attacks
Prestige 661H/HW Series User’s Guide Table 36 Common IP Ports Telnet HTTP SMTP POP3 11.4.2 Types of DoS Attacks There are four types of DoS attacks: 1 Those that exploit bugs in a TCP/IP implementation. 2 Those that exploit weaknesses in the TCP/IP specification. 3 Brute-force attacks that flood a network with useless data.
Page 134: Figure 58 Three-Way Handshake
Prestige 661H/HW Series User’s Guide Figure 58 Three-Way Handshake Under normal circumstances, the application that initiates a session sends a SYN (synchronize) packet to the receiving server. The receiver sends back an ACK (acknowledgment) packet and its own SYN, and then the initiator responds with an ACK (acknowledgment).
Page 135: Icmp Vulnerability
Prestige 661H/HW Series User’s Guide (ICMP) echo request packets (pings). Since the destination IP address of each packet is the broadcast address of the network, the router will broadcast the ICMP echo request packet to all hosts on the network. If there are numerous hosts, this will create a large amount of ICMP echo request and response traffic.
Page 136: Traceroute
Prestige 661H/HW Series User’s Guide Table 38 Legal NetBIOS Commands RETARGET: KEEPALIVE: All SMTP commands are illegal except for those displayed in the following tables. Table 39 Legal SMTP Commands AUTH DATA EHLO ETRN EXPN HELO HELP MAIL NOOP QUIT RCPT RSET SAML...
Page 137: Stateful Inspection Process
Prestige 661H/HW Series User’s Guide Figure 61 Stateful Inspection The previous figure shows the Prestige’s default firewall rules in action as well as demonstrates how stateful inspection works. User A can initiate a Telnet session from within the LAN and responses to this request are allowed. However other Telnet traffic initiated from the WAN is blocked.
Page 138: Stateful Inspection And The Prestige
Prestige 661H/HW Series User’s Guide temporary entries might be modified, in order to permit only packets that are valid for the current state of the connection. 8 Any additional inbound or outbound packets that belong to the connection are inspected to update the state table entry and to modify the temporary inbound access list entries as required, and are forwarded through the interface.
Page 139: Udp/Icmp Security
Prestige 661H/HW Series User’s Guide When the Prestige receives any subsequent packet (from the Internet or from the LAN), its connection information is extracted and checked against the cache. A packet is only allowed to pass through if it corresponds to a valid connection (that is, if it is a response to a connection which originated on the LAN).
Page 140: Security In General
Prestige 661H/HW Series User’s Guide • Limit who can telnet into your router. • Don't enable any local service (such as SNMP or NTP) that you don't use. Any enabled service could present a potential security risk. A determined hacker might be able to find creative ways to misuse the enabled services to access the firewall or the network.
Page 141: Packet Filtering Vs Firewall
Prestige 661H/HW Series User’s Guide • Always shred confidential information, particularly about your computer, before throwing it away. Some hackers dig through the trash of companies or individuals for information that might help them in an attack. 11.7 Packet Filtering Vs Firewall Below are some comparisons between the Prestige’s filtering and firewall functions.
Page 142 Prestige 661H/HW Series User’s Guide • A range of source and destination IP addresses as well as port numbers can be specified within one firewall rule making the firewall a better choice when complex rules are required. • To selectively block/allow inbound or outbound traffic between inside host/networks and outside host/networks.
Page 143 Prestige 661H/HW Series User’s Guide Chapter 11 Firewalls...
Page 144: Firewall Configuration
Prestige 661H/HW Series User’s Guide H A P T E R Firewall Configuration This chapter shows you how to enable and configure the Prestige firewall. 12.1 Access Methods The web configurator is, by far, the most comprehensive firewall configuration tool your Prestige has to offer.
Page 145: Rule Logic Overview
Prestige 661H/HW Series User’s Guide Note: If you configure firewall rules without a good understanding of how they work, you might inadvertently introduce security risks to the firewall and to the protected network. Make sure you test your rules after you configure them. For example, you may create rules to: •...
Page 146: Key Fields For Configuring Rules
Prestige 661H/HW Series User’s Guide 4 Does a rule that allows Internet users access to resources on the LAN create a security vulnerability? For example, if FTP ports (TCP 20, 21) are allowed from the Internet to the LAN, Internet users may be able to connect to computers with running FTP servers. 5 Does this rule conflict with any existing rules? 6 Once these questions have been answered, adding rules is simply a matter of plugging the information into the correct fields in the web configurator screens.
Page 147: Alerts
Prestige 661H/HW Series User’s Guide The default rule for WAN to LAN traffic blocks all incoming connections (WAN to LAN). If you wish to allow certain WAN users to have access to your LAN, you will need to create custom rules to allow it. 12.4.2 Alerts Alerts are reports on events, such as attacks, that you may want to know about right away.
Page 148: Rule Summary
Prestige 661H/HW Series User’s Guide Table 40 Firewall: Default Policy (continued) LABEL DESCRIPTION Packet Direction This is the direction of travel of packets (LAN to LAN/Router, LAN to WAN, WAN to WAN/Router, WAN to LAN). Firewall rules are grouped based on the direction of travel of packets to which they apply.
Page 149: Table 41 Rule Summary
Prestige 661H/HW Series User’s Guide The following table describes the labels in this screen. Table 41 Rule Summary LABEL DESCRIPTION Firewall Rules This read-only bar shows how much of the Prestige's memory for recording firewall Storage Space rules it is currently using. When you are using 80% or less of the storage space, the in Use bar is green.
Page 150: Configuring Firewall Rules
Prestige 661H/HW Series User’s Guide 12.6.1 Configuring Firewall Rules Follow these directions to create a new rule. 1 In the Rule Summary screen, type the index number for where you want to put the rule. For example, if you type “6”, your new rule becomes number 6 and the previous rule 6 (if there is one) becomes rule 7.
Page 151: Figure 64 Firewall: Edit Rule
Prestige 661H/HW Series User’s Guide Figure 64 Firewall: Edit Rule Chapter 12 Firewall Configuration...
Page 152: Table 42 Firewall: Edit Rule
Prestige 661H/HW Series User’s Guide The following table describes the labels in this screen. Table 42 Firewall: Edit Rule LABEL DESCRIPTION Active Select this option to enable this firewall rule. Action for Matched Use the radio button to select whether to discard (Block) or allow the passage of Packet (Forward) packets that match this rule.
Page 153: Customized Services
Prestige 661H/HW Series User’s Guide 12.7 Customized Services Configure customized services and port numbers not predefined by the Prestige. For a comprehensive list of port numbers and services, visit the IANA (Internet Assigned Number Authority) website. For further information on these services, please read Section 12.10 on page 158.
Page 154: Example Firewall Rule
Prestige 661H/HW Series User’s Guide Figure 66 Firewall: Configure Customized Services The following table describes the labels in this screen. Table 44 Firewall: Configure Customized Services LABEL DESCRIPTION Service Name Type a unique name for your custom port. Service Type Choose the IP port (TCP, UDP or TCP/UDP) that defines your customized port from the drop down list box.
Page 155: Figure 67 Firewall Example: Rule Summary
Prestige 661H/HW Series User’s Guide Figure 67 Firewall Example: Rule Summary 3 In the Rule Summary screen, type the index number for where you want to put the rule. For example, if you type “6”, your new rule becomes number 6 and the previous rule 6 (if there is one) becomes rule 7.
Page 156: Figure 68 Firewall Example: Edit Rule: Destination Address
Prestige 661H/HW Series User’s Guide Figure 68 Firewall Example: Edit Rule: Destination Address 7 In the Edit Rule screen, click the Customized Services link to open the Customized Service screen. 8 Click an index number to display the Customized Services -Config screen and configure the screen as follows and click Apply.
Page 157: Figure 70 Firewall Example: Edit Rule: Select Customized Services
Prestige 661H/HW Series User’s Guide Figure 70 Firewall Example: Edit Rule: Select Customized Services Note: Custom ports show up with an “*” before their names in the Services list box and the Rule Summary list box. Click Apply after you’ve created your custom port.
Page 158: Predefined Services
Prestige 661H/HW Series User’s Guide Rule 2 allows a “My Service” connection from the WAN to IP addresses 10.0.0.10 through 10.0.0.15 on the LAN. Figure 71 Firewall Example: Rule Summary: My Service 12.10 Predefined Services The Available Services list box in the Edit Rule screen (see Section 12.6.1 on page 150) displays all predefined services that the Prestige already supports.
Page 159 Prestige 661H/HW Series User’s Guide Table 45 Predefined Services (continued) SERVICE DESCRIPTION CU-SEEME(TCP/UDP:7648, A popular videoconferencing solution from White Pines Software. 24032) DNS(UDP/TCP:53) Domain Name Server, a service that matches web names (e.g. ) to IP numbers. www.zyxel.com FINGER(TCP:79) Finger is a UNIX or Internet related command that can be used to find out if a user is logged on.
Page 160: Anti-Probing
Prestige 661H/HW Series User’s Guide Table 45 Predefined Services (continued) SERVICE DESCRIPTION SMTP(TCP:25) Simple Mail Transfer Protocol is the message-exchange standard for the Internet. SMTP enables you to move messages from one e-mail server to another. SNMP(TCP/UDP:161) Simple Network Management Program. SNMP-TRAPS (TCP/ Traps for use with the SNMP (RFC:1215).
Page 161: Dos Thresholds
Prestige 661H/HW Series User’s Guide Figure 72 Firewall: Anti Probing The following table describes the labels in this screen. Table 46 Firewall: Anti Probing LABEL DESCRIPTION Respond to PING The Prestige does not respond to any incoming Ping requests when Disable is selected.
Page 162: Threshold Values
Prestige 661H/HW Series User’s Guide 12.12.1 Threshold Values Tune these parameters when something is not working and after you have checked the firewall counters. These default values should work fine for most small offices. Factors influencing choices for threshold values are: •...
Page 163: Figure 73 Firewall: Threshold
Prestige 661H/HW Series User’s Guide Whenever the number of half-open sessions with the same destination host address rises above a threshold (TCP Maximum Incomplete), the Prestige starts deleting half-open sessions according to one of the following methods: • If the Blocking Time timeout is 0 (the default), then the Prestige deletes the oldest existing half-open session for the host for every new connection request to the host.
Page 164 Prestige 661H/HW Series User’s Guide Table 47 Firewall: Threshold (continued) LABEL DESCRIPTION DEFAULT VALUES One Minute High This is the rate of new half-open sessions that 100 half-open sessions per minute. causes the firewall to start deleting half-open The above numbers cause the sessions.
Page 165 Prestige 661H/HW Series User’s Guide Chapter 12 Firewall Configuration...
Page 166: Chapter 13 Content Filtering
Prestige 661H/HW Series User’s Guide H A P T E R Content Filtering This chapter covers how to configure content filtering. 13.1 Content Filtering Overview Internet content filtering allows you to create and enforce Internet access policies tailored to your needs. Content filtering gives you the ability to block web sites that contain key words (that you specify) in the URL.
Page 167: Configuring The Schedule
Prestige 661H/HW Series User’s Guide The following table describes the labels in this screen. Table 48 Content Filter: Keyword LABEL DESCRIPTION Enable Keyword Blocking Select this check box to enable this feature. Block Websites that contain This box contains the list of all the keywords that you have configured the these keywords in the URL: Prestige to block.
Page 168: Configuring Trusted Computers
Prestige 661H/HW Series User’s Guide The following table describes the labels in this screen. Table 49 Content Filter: Schedule LABEL DESCRIPTION Days to Block: Select a check box to configure which days of the week (or everyday) you want the content filtering to be active.
Page 169 Prestige 661H/HW Series User’s Guide Chapter 13 Content Filtering...
Page 170: Chapter 14 Introduction To Ipsec
Prestige 661H/HW Series User’s Guide H A P T E R Introduction to IPSec This chapter introduces the basics of IPSec VPNs. 14.1 VPN Overview A VPN (Virtual Private Network) provides secure communications between sites without the expense of leased site-to-site lines. A secure VPN is a combination of tunneling, encryption, authentication, access control and auditing technologies/services used to transport traffic over the Internet or any insecure network that uses the TCP/IP protocol suite for communication.
Page 171: Data Confidentiality
Prestige 661H/HW Series User’s Guide Figure 77 Encryption and Decryption 14.1.3.2 Data Confidentiality The IPSec sender can encrypt packets before transmitting them across a network. 14.1.3.3 Data Integrity The IPSec receiver can validate packets sent by the IPSec sender to ensure that the data has not been altered during transmission.
Page 172: Ipsec Algorithms
Prestige 661H/HW Series User’s Guide Figure 78 IPSec Architecture 14.2.1 IPSec Algorithms The ESP (Encapsulating Security Payload) Protocol (RFC 2406) and AH (Authentication Header) protocol (RFC 2402) describe the packet formats and the default standards for packet structure (including implementation algorithms). The Encryption Algorithm describes the use of encryption techniques such as DES (Data Encryption Standard) and Triple DES algorithms.
Page 173: Transport Mode
Prestige 661H/HW Series User’s Guide Figure 79 Transport and Tunnel Mode IPSec Encapsulation 14.3.1 Transport Mode Transport mode is used to protect upper layer protocols and only affects the data in the IP packet. In Transport mode, the IP packet contains the security protocol (AH or ESP) located after the original IP header and options, but before any upper layer protocols contained in the packet (such as TCP and UDP).
Page 174: Table 51 Vpn And Nat
Prestige 661H/HW Series User’s Guide NAT is incompatible with the AH protocol in both Transport and Tunnel mode. An IPSec VPN using the AH protocol digitally signs the outbound packet, both data payload and headers, with a hash value appended to the packet. When using AH protocol, packet contents (the data payload) are not encrypted.
Page 175 Prestige 661H/HW Series User’s Guide Chapter 14 Introduction to IPSec...
Page 176: Chapter 15 Vpn Screens
Prestige 661H/HW Series User’s Guide H A P T E R VPN Screens This chapter introduces the VPN screens. See the Logs chapter for information on viewing logs and the appendix for IPSec log descriptions. 15.1 VPN/IPSec Overview Use the screens documented in this chapter to configure rules for VPN connections and manage VPN connections.
Page 177: Esp (Encapsulating Security Payload) Protocol
Prestige 661H/HW Series User’s Guide 15.2.2 ESP (Encapsulating Security Payload) Protocol The ESP protocol (RFC 2406) provides encryption as well as the services offered by AH. ESP authenticating properties are limited compared to the AH due to the non-inclusion of the IP header information during the authentication process.
Page 178: Secure Gateway Address
Prestige 661H/HW Series User’s Guide • The Prestige uses the current Prestige WAN IP address (static or dynamic) to set up the VPN tunnel. • If the WAN connection goes down, the Prestige uses the LAN IP address when using traffic redirect.
Page 179: Figure 80 Ipsec Summary Fields
Prestige 661H/HW Series User’s Guide Figure 80 IPSec Summary Fields Local and remote IP addresses must be static. Click VPN and Setup to open the VPN Summary screen. This is a read-only menu of your IPSec rules (tunnels). The IPSec summary menu is read-only. Edit a VPN by selecting an index number and then configuring its associated submenus.
Page 180: Keep Alive
Prestige 661H/HW Series User’s Guide Table 53 VPN Summary (continued) LABEL DESCRIPTION Remote This is the IP address(es) of computer(s) on the remote network behind the remote Address IPSec router. This field displays N/A when the Secure Gateway Address field displays 0.0.0.0. In this case only the remote IPSec router can initiate the VPN.
Page 181: Id Type And Content
Prestige 661H/HW Series User’s Guide The following figure depicts an example where three VPN tunnels are created from Prestige A; one to branch office 2, one to branch office 3 and another to headquarters. In order to access computers that use private domain names on the headquarters (HQ) network, the Prestige at branch office 1 uses the Intranet DNS server in headquarters.
Page 182: Id Type And Content Examples
Prestige 661H/HW Series User’s Guide Table 54 Local ID Type and Content Fields LOCAL ID TYPE= CONTENT= Type the IP address of your computer or leave the field blank to have the Prestige automatically use its own IP address. Type a domain name (up to 31 characters) by which to identify this Prestige. E-mail Type an e-mail address (up to 31 characters) by which to identify this Prestige.
Page 183: Pre-Shared Key
Prestige 661H/HW Series User’s Guide The two Prestiges in this example cannot complete their negotiation because Prestige B’s Local ID type is IP, but Prestige A’s Peer ID type is set to E-mail. An “ID mismatched” message displays in the IPSEC LOG. Table 57 Mismatching ID Type and Content Configuration Example PRESTIGE A PRESTIGE B...
Page 184: Figure 83 Vpn Ike
Prestige 661H/HW Series User’s Guide Figure 83 VPN IKE The following table describes the fields in this screen. Chapter 15 VPN Screens...
Page 185: Table 58 Vpn Ike
Prestige 661H/HW Series User’s Guide Table 58 VPN IKE LABEL DESCRIPTION IPSec Setup Active Select this check box to activate this VPN policy. This option determines whether a VPN rule is applied before a packet leaves the firewall. Keep Alive Select either Yes or No from the drop-down list box. Select Yes to have the Prestige automatically reinitiate the SA after the SA lifetime times out, even if there is no traffic.
Page 186 Prestige 661H/HW Series User’s Guide Table 58 VPN IKE (continued) LABEL DESCRIPTION Remote Remote IP addresses must be static and correspond to the remote IPSec router's configured local IP addresses. The remote fields do not apply when the Secure Gateway IP Address field is configured to 0.0.0.0. In this case only the remote IPSec router can initiate the VPN.
Page 187 Prestige 661H/HW Series User’s Guide Table 58 VPN IKE (continued) LABEL DESCRIPTION Content The configuration of the peer content depends on the peer ID type. For IP, type the IP address of the computer with which you will make the VPN connection.
Page 188: Ike Phases
Prestige 661H/HW Series User’s Guide Table 58 VPN IKE (continued) LABEL DESCRIPTION Authentication Select SHA1 or MD5 from the drop-down list box. MD5 (Message Digest 5) and Algorithm SHA1 (Secure Hash Algorithm) are hash algorithms used to authenticate packet data. The SHA1 algorithm is generally considered stronger than MD5, but is slower.
Page 189: Negotiation Mode
Prestige 661H/HW Series User’s Guide In phase 2 you must: • Choose which protocol to use (ESP or AH) for the IKE key exchange. • Choose an encryption algorithm. • Choose an authentication algorithm • Choose whether to enable Perfect Forward Secrecy (PFS) using Diffie-Hellman public- key cryptography –...
Page 190: Perfect Forward Secrecy (Pfs)
Prestige 661H/HW Series User’s Guide 15.11.3 Perfect Forward Secrecy (PFS) Enabling PFS means that the key is transient. The key is thrown away and replaced by a brand new key using a new Diffie-Hellman exchange for each new IPSec SA setup. With PFS enabled, if one key is compromised, previous and subsequent keys are not compromised, because subsequent keys are not derived from previous keys.
Page 191: Figure 85 Vpn Ike: Advanced Setup
Prestige 661H/HW Series User’s Guide Figure 85 VPN IKE: Advanced Setup The following table describes the fields in this screen. Table 59 VPN IKE: Advanced Setup LABEL DESCRIPTION VPN - IKE Protocol Enter 1 for ICMP, 6 for TCP, 17 for UDP, etc. 0 is the default and signifies any protocol.
Page 192 Prestige 661H/HW Series User’s Guide Table 59 VPN IKE: Advanced Setup (continued) LABEL DESCRIPTION Remote Start Port 0 is the default and signifies any port. Type a port number from 0 to 65535. Some of the most common IP ports are: 21, FTP; 53, DNS; 23, Telnet; 80, HTTP; 25, SMTP;...
Page 193: Manual Key Setup
Prestige 661H/HW Series User’s Guide Table 59 VPN IKE: Advanced Setup (continued) LABEL DESCRIPTION Encryption This field is available when you select ESP in the Active Protocol field. Algorithm Select DES, 3DES, AES or NULL from the drop-down list box. When you use one of these encryption algorithms for data communications, both the sending device and the receiving device must use the same secret key, which can be used to encrypt and decrypt the message or to generate and verify a...
Page 194: Configuring Manual Key
Prestige 661H/HW Series User’s Guide 15.14 Configuring Manual Key You only configure VPN Manual Key when you select Manual in the IPSec Key Mode field on the VPN IKE screen. This is the VPN Manual Key screen as shown next. Figure 86 VPN: Manual Key The following table describes the fields in this screen.
Page 195: Table 60 Vpn: Manual Key
Prestige 661H/HW Series User’s Guide Table 60 VPN: Manual Key LABEL DESCRIPTION IPSec Setup Active Select this check box to activate this VPN policy. Name Type up to 32 characters to identify this VPN policy. You may use any character, including spaces, but the Prestige drops trailing spaces.
Page 196 Prestige 661H/HW Series User’s Guide Table 60 VPN: Manual Key (continued) LABEL DESCRIPTION End / Subnet Mask When the Remote Address Type field is configured to Single, this field is N/A. When the Remote Address Type field is configured to Range, enter the end (static) IP address, in a range of computers on the network behind the remote IPSec router.
Page 197: Viewing Sa Monitor
Prestige 661H/HW Series User’s Guide 15.15 Viewing SA Monitor Click VPN and Monitor to open the SA Monitor screen as shown. Use this screen to display and manage active VPN connections. A Security Association (SA) is the group of security settings related to a specific VPN tunnel. This screen displays active VPN connections.
Page 198: Configuring Global Setting
Prestige 661H/HW Series User’s Guide Table 61 VPN: SA Monitor LABEL DESCRIPTION This is the security association index number. Name This field displays the identification name for this VPN policy. Encapsulation This field displays Tunnel or Transport mode. IPSec Algorithm This field displays the security protocols used for an SA.
Page 199: Telecommuter Vpn/Ipsec Examples
Prestige 661H/HW Series User’s Guide Table 62 VPN: Global Setting (continued) LABEL DESCRIPTION Apply Click Apply to save your changes back to the Prestige. Cancel Click Cancel to begin configuring this screen afresh. 15.17 Telecommuter VPN/IPSec Examples The following examples show how multiple telecommuters can make VPN connections to a single Prestige at headquarters.
Page 200: Telecommuters Using Unique Vpn Rules Example
Prestige 661H/HW Series User’s Guide Table 63 Telecommuters Sharing One VPN Rule Example FIELDS TELECOMMUTERS HEADQUARTERS My IP Address: 0.0.0.0 (dynamic IP address assigned Public static IP address by the ISP) Secure Gateway IP Public static IP address 0.0.0.0 With this IP address only the Address: telecommuter can initiate the IPSec tunnel.
Page 201: Figure 90 Telecommuters Using Unique Vpn Rules Example
Prestige 661H/HW Series User’s Guide Figure 90 Telecommuters Using Unique VPN Rules Example Table 64 Telecommuters Using Unique VPN Rules Example TELECOMMUTERS HEADQUARTERS All Telecommuter Rules: All Headquarters Rules: My IP Address 0.0.0.0 My IP Address: bigcompanyhq.com Secure Gateway Address: bigcompanyhq.com Local IP Address: 192.168.1.10 Remote IP Address: 192.168.1.10 Local ID Type: E-mail...
Page 202: Vpn And Remote Management
Prestige 661H/HW Series User’s Guide 15.18 VPN and Remote Management If a VPN tunnel uses Telnet, FTP, WWW, then you should configure remote management (Remote Management) to allow access for that service. Chapter 15 VPN Screens...
Page 203 Prestige 661H/HW Series User’s Guide Chapter 15 VPN Screens...
Page 204: Remote Management Configuration
Prestige 661H/HW Series User’s Guide H A P T E R Remote Management Configuration This chapter provides information on configuring remote management. 16.1 Remote Management Overview Remote management allows you to determine which services/protocols can access which Prestige interface (if any) from which computers. When you configure remote management to allow management from the WAN, you still need to configure a firewall rule to allow access.
Page 205: Remote Management And Nat
Prestige 661H/HW Series User’s Guide • A filter in SMT menu 3.1 (LAN) or in menu 11.5 (WAN) is applied to block a Telnet, FTP or Web service. • You have disabled that service in one of the remote management screens. •...
Page 206: Web
Prestige 661H/HW Series User’s Guide 16.4 Web You can use the Prestige’s embedded web configurator for configuration and file management. See the online help for details. 16.5 Configuring Remote Management Click Remote Management to open the following screen. Figure 92 Remote Management The following table describes the fields in this screen.
Page 207 Prestige 661H/HW Series User’s Guide Chapter 16 Remote Management Configuration...
Page 208: Universal Plug-And-Play (Upnp)
Prestige 661H/HW Series User’s Guide H A P T E R Universal Plug-and-Play (UPnP) This chapter introduces the UPnP feature in the web configurator. 17.1 Introducing Universal Plug and Play Universal Plug and Play (UPnP) is a distributed, open networking standard that uses TCP/IP for simple peer-to-peer network connectivity between devices.
Page 209: Upnp And Zyxel
Prestige 661H/HW Series User’s Guide All UPnP-enabled devices may communicate freely with each other without additional configuration. Disable UPnP if this is not your intention. 17.2 UPnP and ZyXEL ZyXEL has achieved UPnP certification from the Universal Plug and Play Forum Creates UPnP™...
Page 210: Installing Upnp In Windows Example
Prestige 661H/HW Series User’s Guide Table 66 Configuring UPnP LABEL DESCRIPTION Enable the Universal Plug Select this check box to activate UPnP. Be aware that anyone could use and Play (UPnP) Service a UPnP application to open the web configurator's login screen without entering the Prestige's IP address (although you must still enter the password to access the web configurator).
Page 211: Figure 94 Add/Remove Programs: Windows Setup: Communication
Prestige 661H/HW Series User’s Guide Figure 94 Add/Remove Programs: Windows Setup: Communication 3 In the Communications window, select the Universal Plug and Play check box in the Components selection box. Figure 95 Add/Remove Programs: Windows Setup: Communication: Components 4 Click OK to go back to the Add/Remove Programs Properties window and click Next. 5 Restart the computer when prompted.
Page 212: Figure 96 Network Connections
Prestige 661H/HW Series User’s Guide Installing UPnP in Windows XP Follow the steps below to install the UPnP in Windows XP. 1 Click Start and Control Panel. 2 Double-click Network Connections. 3 In the Network Connections window, click Advanced in the main menu and select Optional Networking Components ….
Page 213: Figure 97 Windows Optional Networking Components Wizard
Prestige 661H/HW Series User’s Guide Figure 97 Windows Optional Networking Components Wizard 5 In the Networking Services window, select the Universal Plug and Play check box. Chapter 17 Universal Plug-and-Play (UPnP)
Page 214: Using Upnp In Windows Xp Example
Prestige 661H/HW Series User’s Guide Figure 98 Networking Services 6 Click OK to go back to the Windows Optional Networking Component Wizard window and click Next. 17.4 Using UPnP in Windows XP Example This section shows you how to use the UPnP feature in Windows XP. You must already have UPnP installed in Windows XP and UPnP activated on the Prestige.
Page 215: Figure 99 Network Connections
Prestige 661H/HW Series User’s Guide Figure 99 Network Connections 3 In the Internet Connection Properties window, click Settings to see the port mappings there were automatically created. Chapter 17 Universal Plug-and-Play (UPnP)
Page 216: Figure 100 Internet Connection Properties
Prestige 661H/HW Series User’s Guide Figure 100 Internet Connection Properties 4 You may edit or delete the port mappings or click Add to manually add port mappings. Chapter 17 Universal Plug-and-Play (UPnP)
Page 217: Figure 101 Internet Connection Properties: Advanced Settings
Prestige 661H/HW Series User’s Guide Figure 101 Internet Connection Properties: Advanced Settings Figure 102 Internet Connection Properties: Advanced Settings: Add 5 When the UPnP-enabled device is disconnected from your computer, all port mappings will be deleted automatically. 6 Select Show icon in notification area when connected option and click OK. An icon displays in the system tray.
Page 218: Figure 103 System Tray Icon
Prestige 661H/HW Series User’s Guide Figure 103 System Tray Icon 7 Double-click on the icon to display your current Internet connection status. Figure 104 Internet Connection Status Web Configurator Easy Access With UPnP, you can access the web-based configurator on the Prestige without finding out the IP address of the Prestige first.
Page 219: Figure 105 Network Connections
Prestige 661H/HW Series User’s Guide Figure 105 Network Connections 4 An icon with the description for each UPnP-enabled device displays under Local Network. 5 Right-click on the icon for your Prestige and select Invoke. The web configurator login screen displays. Chapter 17 Universal Plug-and-Play (UPnP)
Page 220: Figure 106 Network Connections: My Network Places
Prestige 661H/HW Series User’s Guide Figure 106 Network Connections: My Network Places 6 Right-click on the icon for your Prestige and select Properties. A properties window displays with basic information about the Prestige. Figure 107 Network Connections: My Network Places: Properties: Example Chapter 17 Universal Plug-and-Play (UPnP)
Page 221 Prestige 661H/HW Series User’s Guide Chapter 17 Universal Plug-and-Play (UPnP)
Page 222: Chapter 18 Logs Screens
Prestige 661H/HW Series User’s Guide H A P T E R Logs Screens This chapter contains information about configuring general log settings and viewing the Prestige’s logs. Refer to the appendix for example log message explanations. 18.1 Logs Overview The web configurator allows you to choose which categories of events and/or alerts to have the Prestige log and then display the logs or have the Prestige send them to an administrator (as e-mail) or to a syslog server.
Page 223: Figure 108 Log Settings
Prestige 661H/HW Series User’s Guide Figure 108 Log Settings The following table describes the fields in this screen. Table 67 Log Settings LABEL DESCRIPTION Address Info Mail Server Enter the server name or the IP address of the mail server for the e-mail addresses specified below.
Page 224: Displaying The Logs
Prestige 661H/HW Series User’s Guide Table 67 Log Settings LABEL DESCRIPTION Send log to Logs are sent to the e-mail address specified in this field. If this field is left blank, logs will not be sent via e-mail. Send alerts to Alerts are sent to the e-mail address specified in this field.
Page 225: Smtp Error Messages
Prestige 661H/HW Series User’s Guide Figure 109 View Logs The following table describes the fields in this screen. Table 68 View Logs LABEL DESCRIPTION Display The categories that you select in the Log Settings screen (see Section 18.2 on page 222) display in the drop-down list box.
Page 226: Example E-Mail Log
Prestige 661H/HW Series User’s Guide Table 69 SMTP Error Messages -5 means MAIL FROM fail -6 means RCPT TO fail -7 means DATA fail -8 means mail data send fail 18.4.1 Example E-mail Log An "End of Log" message displays for each mail in which a complete log has been sent. The following is an example of a log sent by e-mail.
Page 227 Prestige 661H/HW Series User’s Guide Chapter 18 Logs Screens...
Page 228: Media Bandwidth Management Advanced Setup
Prestige 661H/HW Series User’s Guide H A P T E R Media Bandwidth Management Advanced Setup This chapter describes bandwidth management with one level of child class. 19.1 Bandwidth Management Advanced Setup Overview Bandwidth management allows you to allocate an interface’s outgoing capacity to specific types of traffic.
Page 229: Proportional Bandwidth Allocation
Prestige 661H/HW Series User’s Guide you configure child-classes with filters for any classes that you configure without filters. The Prestige leaves the bandwidth budget allocated and unused for a class that does not have a filter itself or child-classes with filters. View your configured bandwidth classes and child- classes in the Class Setup screen (see Section 19.9 on page 235 for details).
Page 230: Application And Subnet-Based Bandwidth Management Example
Prestige 661H/HW Series User’s Guide Figure 112 Subnet-based Bandwidth Management Example 19.4.3 Application and Subnet-based Bandwidth Management Example The following example uses bandwidth classes based on LAN subnets and applications (specific applications in each subnet are allotted bandwidth). Table 70 Application and Subnet-based Bandwidth Management Example TRAFFIC TYPE FROM SUBNET A FROM SUBNET B...
Page 231: Scheduler
Prestige 661H/HW Series User’s Guide 19.5 Scheduler The scheduler divides up an interface’s bandwidth among the bandwidth classes. The Prestige has two types of scheduler: fairness-based and priority-based. 19.5.1 Priority-based Scheduler With the priority-based scheduler, the Prestige forwards traffic from bandwidth classes according to the priorities that you assign to the bandwidth classes.
Page 232: Maximize Bandwidth Usage Example
Prestige 661H/HW Series User’s Guide 19.6.2 Maximize Bandwidth Usage Example Here is an example of a Prestige that has maximized bandwidth usage enabled on an interface. The first figure shows each bandwidth class’s bandwidth budget and priority. The classes are set up based on subnets.
Page 233: Bandwidth Borrowing
Prestige 661H/HW Series User’s Guide Figure 115 Maximize Bandwidth Usage Example 19.7 Bandwidth Borrowing Bandwidth borrowing allows a child-class to borrow unused bandwidth from its parent class, whereas maximize bandwidth usage allows bandwidth classes to borrow any unused or unbudgeted bandwidth on the whole interface. Enable bandwidth borrowing on a child-class to allow the child-class to use its parent class’s unused bandwidth.
Page 234: Configuring Summary
Prestige 661H/HW Series User’s Guide 4 The Prestige assigns any remaining unbudgeted bandwidth to traffic that does not match any of the bandwidth classes. 19.8 Configuring Summary Click Media Bandwidth Management, Summary to open the screen as shown next. Enable bandwidth management on an interface and set the maximum allowed bandwidth for that interface.
Page 235: Configuring Class Setup
Prestige 661H/HW Series User’s Guide Table 71 Media Bandwidth Management: Summary (continued) LABEL DESCRIPTION Maximize Select this check box to have the Prestige divide up all of the interface’s unallocated Bandwidth and/or unused bandwidth among the bandwidth classes that require bandwidth. Do not Usage select this if you want to reserve bandwidth for traffic that does not match a bandwidth class or you want to limit the speed of this interface (see the Speed field description).
Page 236: Media Bandwidth Management Class Configuration
Prestige 661H/HW Series User’s Guide Table 72 Media Bandwidth Management: Class Setup LABEL DESCRIPTION Delete Click Delete to delete the class and all its child-classes. You cannot delete the root class. Statistics Click Statistics to display the status of the selected class. 19.9.1 Media Bandwidth Management Class Configuration Configure a bandwidth management class in the Class Configuration screen.
Page 237: Figure 118 Media Bandwidth Management: Class Configuration
Prestige 661H/HW Series User’s Guide Figure 118 Media Bandwidth Management: Class Configuration The following table describes the labels in this screen Table 73 Media Bandwidth Management: Class Configuration LABEL DESCRIPTION Class Name Use the auto-generated name or enter a descriptive name of up to 20 alphanumeric characters, including spaces.
Page 238 Prestige 661H/HW Series User’s Guide Table 73 Media Bandwidth Management: Class Configuration (continued) LABEL DESCRIPTION Service You can select a predefined service instead of configuring the Destination Port, Source Port and Protocol ID fields. SIP (Session Initiation Protocol) is a signaling protocol used in Internet telephony, instant messaging and other VoIP (Voice over IP) applications.
Page 239: Media Bandwidth Management Statistics
Prestige 661H/HW Series User’s Guide Table 74 Services and Port Numbers SERVICES PORT NUMBER Finger HTTP (Hyper Text Transfer protocol or WWW, Web) POP3 (Post Office Protocol) NNTP (Network News Transport Protocol) SNMP (Simple Network Management Protocol) SNMP trap PPTP (Point-to-Point Tunneling Protocol) 1723 19.9.2 Media Bandwidth Management Statistics Use the Media Bandwidth Management Statistics screen to view network performance...
Page 240: Bandwidth Monitor
Prestige 661H/HW Series User’s Guide Table 75 Media Bandwidth Management Statistics LABEL DESCRIPTION Set Interval Click Set Interval to apply the new update period you entered in the Update Period field above. Stop Update Click Stop Update to stop the browser from refreshing bandwidth management statistics.
Page 241 Prestige 661H/HW Series User’s Guide Chapter 19 Media Bandwidth Management Advanced Setup...
Page 242: Trend Micro Security Services
Prestige 661H/HW Series User’s Guide H A P T E R Trend Micro Security Services This chapter contains information about configuring Trend Micro Security Services (TMSS). 20.1 Trend Micro Security Services Overview TMSS helps protect computers on a network that access the Internet through the Prestige. TMSS scans computers behind the Prestige for potential vulnerabilities such as spyware, missing security patches, trojans etc.
Page 243: Figure 122 Download Activex To View Tmss Web Page
Prestige 661H/HW Series User’s Guide Figure 122 Download ActiveX to View TMSS Web Page 2 In the TMSS web page, click Service Summary. Figure 123 TMSS Web Page (Dashboard) 3 Click Activate My Services to begin a 3-step process to activate TMSS. Figure 124 TMSS Service Summary 4 Click Next to begin the process as outlined in the screen.
Page 244: Figure 125 Tmss 3 Steps
Prestige 661H/HW Series User’s Guide Figure 125 TMSS 3 Steps 5 Fill in the registration form and submit it. Figure 126 TMSS Registration Form 6 After you submit the registration form, you will receive an e-mail with instructions for validating your e-mail address. Follow the instructions. 7 Download TMSS to each computer (behind the Prestige) that you want TMSS to monitor.
Page 245: Configuring Tmss On The Prestige
Prestige 661H/HW Series User’s Guide Figure 127 Example TMSS Activated Service Summary Screen You need a Parental Control license to activate configure Parental Control categories on the Prestige (see Figure 133 on page 250). The following screen is an example of the Parental Control screen with TMSS activated.
Page 246: Tmss Service Settings
Prestige 661H/HW Series User’s Guide Figure 129 TMSS Main Screen 1 Use the Service Settings screen to enable or disable TMSS, configure how often the TMSS web page displays (Figure 123 on page 243) and exempt computers from TMSS monitoring. 2 Use the Virus Protection screen to configure if and how often updates are checked and to display the status of computers under TMSS monitoring.
Page 247: Configuring Virus Protection
Prestige 661H/HW Series User’s Guide The following table describes the labels in this screen. Table 77 Service Settings LABEL DESCRIPTION Enable Trend Micro Select the check box to enable Trend Micro Security Services on your Security Services Prestige. Security Services Display Interval Automatically display Select from the drop-down list box how often the TMSS web page appears...
Page 248: Table 78 Virus Protection
Prestige 661H/HW Series User’s Guide The following table describes the labels in this screen. Table 78 Virus Protection LABEL DESCRIPTION Check for Trend Micro Internet Security Automatically check for Select the check box to have the Prestige download the latest scan engine update components and virus pattern version numbers (not the actual software) from the Trend Micro website.
Page 249: Parental Controls Configuration
Prestige 661H/HW Series User’s Guide Table 78 Virus Protection (continued) LABEL DESCRIPTION Apply Click Apply to save the settings. Reset Click Reset to begin configuring this screen afresh. 20.4 Parental Controls Configuration Select Parental Controls from the TMSS main screen. You need a Trend Micro Parental Control license in order to configure this screen.
Page 250: Figure 133 Parental Controls
Prestige 661H/HW Series User’s Guide Figure 133 Parental Controls The following table describes the labels in this screen. Table 79 Parental Controls LABEL DESCRIPTION Enable Parental Controls Select the check box to enable this feature on your Prestige. Blocking Schedule The blocking schedule for TMSS is the same as that used for content filtering (web site blocking by keyword).
Page 251 Prestige 661H/HW Series User’s Guide Table 79 Parental Controls LABEL DESCRIPTION Time of Day to Block (24- Select the time of day you want web page blocking to take effect. Hour Format) Configure blocking to take effect all day by selecting the All Day check box.
Page 252: Parental Controls Statistics
Prestige 661H/HW Series User’s Guide Table 79 Parental Controls LABEL DESCRIPTION Exclude specified address Select the radio button to exempt computers with IP addresses displayed ranges from the Parental in the Selected IP Addresses list box from Parental Controls. Control enforcement. Available IP Addresses This box displays the IP addresses of all TMSS clients.
Page 253 Prestige 661H/HW Series User’s Guide Table 80 Parental Controls Statistics LABEL DESCRIPTION Reset Click Reset to clear all of the fields in this screen. Refresh Click Refresh to renew the statistics screen. Chapter 20 Trend Micro Security Services...
Page 254: Chapter 21 Maintenance
Prestige 661H/HW Series User’s Guide H A P T E R Maintenance This chapter displays system information such as ZyNOS firmware, port IP addresses and port traffic statistics. 21.1 Maintenance Overview The maintenance screens can help you view system information, upload new firmware, manage configuration and restart your Prestige.
Page 255: Figure 135 System Status
Prestige 661H/HW Series User’s Guide Figure 135 System Status The following table describes the fields in this screen. Table 81 System Status LABEL DESCRIPTION System Status System Name This is the name of your Prestige. It is for identification purposes. Chapter 21 Maintenance...
Page 256: System Statistics
Prestige 661H/HW Series User’s Guide Table 81 System Status (continued) LABEL DESCRIPTION ZyNOS Firmware This is the ZyNOS firmware version and the date created. ZyNOS is ZyXEL's Version proprietary Network Operating System design. DSL FW Version This is the DSL firmware version associated with your Prestige. Standard This is the standard that your Prestige is using.
Page 257: Figure 136 System Status: Show Statistics
Prestige 661H/HW Series User’s Guide Figure 136 System Status: Show Statistics The following table describes the fields in this screen. Table 82 System Status: Show Statistics LABEL DESCRIPTION System up Time This is the elapsed time the system has been up. CPU Load This field specifies the percentage of CPU utilization.
Page 258: Dhcp Table Screen
Prestige 661H/HW Series User’s Guide Table 82 System Status: Show Statistics (continued) LABEL DESCRIPTION Poll Interval(s) Type the time interval for the browser to refresh system statistics. Set Interval Click this button to apply the new poll interval you entered in the Poll Interval field above.
Page 259: Any Ip Table Screen
Prestige 661H/HW Series User’s Guide 21.4 Any IP Table Screen Click Maintenance, Any IP. The Any IP table shows current read-only information (including the IP address and the MAC address) of all network devices that use the Any IP feature to communicate with the Prestige. Figure 138 Any IP Table The following table describes the labels in this screen.
Page 260: Diagnostic Screens
Prestige 661H/HW Series User’s Guide Figure 139 Association List The following table describes the fields in this screen. Table 85 Association List LABEL DESCRIPTION This is the index number of an associated wireless station. MAC Address This field displays the MAC (Media Access Control) address of an associated wireless station.
Page 261: Diagnostic Dsl Line Screen
Prestige 661H/HW Series User’s Guide Figure 140 Diagnostic: General The following table describes the fields in this screen. Table 86 Diagnostic: General LABEL DESCRIPTION TCP/IP Type the IP address of a computer that you want to ping in order to test a connection. Address Ping Click this button to ping the IP address that you entered.
Page 262: Figure 141 Diagnostic: Dsl Line
Prestige 661H/HW Series User’s Guide Figure 141 Diagnostic: DSL Line The following table describes the fields in this screen. Table 87 Diagnostic: DSL Line LABEL DESCRIPTION Reset ADSL Click this button to reinitialize the ADSL line. The large text box above then displays Line the progress and results of this operation, for example: "Start to reset ADSL...
Page 263: Firmware Screen
Prestige 661H/HW Series User’s Guide 21.7 Firmware Screen Find firmware at www.zyxel.com in a file that (usually) uses the system model name with a.bin extension, for example, "Prestige.bin". The upload process uses HTTP (Hypertext Transfer Protocol) and may take up to two minutes. After a successful upload, the system will reboot.
Page 264: Figure 143 Network Temporarily Disconnected
Prestige 661H/HW Series User’s Guide The Prestige automatically restarts in this time causing a temporary network disconnect. In some operating systems, you may see the following icon on your desktop. Figure 143 Network Temporarily Disconnected After two minutes, log in again and check your new firmware version in the System Status screen.
Page 265 Prestige 661H/HW Series User’s Guide Chapter 21 Maintenance...
Page 266: Chapter 22 Introducing The Smt
Prestige 661H/HW Series User’s Guide H A P T E R Introducing the SMT This chapter explains how to access and navigate the System Management Terminal and gives an overview of its menus. 22.1 SMT Introduction The Prestige’s SMT (System Management Terminal) is a menu-driven interface that you can access from a terminal emulator over a telnet connection.
Page 267: Prestige Smt Menus Overview
Prestige 661H/HW Series User’s Guide Figure 145 Login Screen Enter Password: **** 22.1.3 Prestige SMT Menus Overview The following table gives you an overview of your Prestige’s various SMT menus. Table 89 SMT Menus Overview MENUS SUB MENUS 1 General Setup 1.1 Configure Dynamic DNS 2 WAN Backup Setup 3 LAN Setup...
Page 268: Navigating The Smt Interface
Prestige 661H/HW Series User’s Guide Table 89 SMT Menus Overview (continued) MENUS SUB MENUS 24 System Maintenance 24.1 Status 24.2 System Information and Console 24.2.1 Information Port Speed 24.2.2 Change Console Port Speed 24.3 Log and Trace 24.3.1 View Error Log 24.3.2 UNIX Syslog 24.4 Diagnostic 24.5 Backup Configuration...
Page 269: Table 91 Smt Main Menu
[ENTER] to exit the SMT interface. After you enter the password, the SMT displays the main menu, as shown next. Table 91 SMT Main Menu Copyright (c) 1994 - 2005 ZyXEL Communications Corp. Prestige 661HW-61 Main Menu Getting Started Advanced Management 1.
Page 270: System Management Terminal Interface Summary
Prestige 661H/HW Series User’s Guide 22.2.1 System Management Terminal Interface Summary Table 92 Main Menu Summary MENU TITLE DESCRIPTION General Setup Use this menu to set up your general information. WAN Backup Setup Use this menu to setup traffic redirect and dial-back up. LAN Setup Use this menu to set up your wireless LAN and LAN connection.
Page 271: Figure 146 Menu 23.1 Change Password
Prestige 661H/HW Series User’s Guide Figure 146 Menu 23.1 Change Password Menu 23.1 - System Security - Change Password Old Password= ? New Password= ? Retype to confirm=? Enter here to CONFIRM or ESC to CANCEL: 4 Type your new system password in the New Password field (up to 30 characters), and press [ENTER].
Page 272: Chapter 23 Menu 1 General Setup
Prestige 661H/HW Series User’s Guide H A P T E R Menu 1 General Setup Menu 1 - General Setup contains administrative and system-related information. 23.1 General Setup Menu 1 — General Setup contains administrative and system-related information (shown next). The System Name field is for identification purposes. However, because some ISPs check this name you should enter your computer's "Computer Name".
Page 273: Procedure To Configure Dynamic Dns
Prestige 661H/HW Series User’s Guide Figure 147 Menu 1 General Setup Menu 1 General Setup System Name= ? Location= Contact Person's Name= Domain Name= Edit Dynamic DNS= No Route IP= Yes Bridge= No Press ENTER to Confirm or ESC to Cancel: Fill in the required fields.
Page 274: Figure 148 Menu 1.1 Configure Dynamic Dns
Prestige 661H/HW Series User’s Guide Figure 148 Menu 1.1 Configure Dynamic DNS Menu 1.1 - Configure Dynamic DNS Service Provider= WWW.DynDNS.ORG Active= No Host= EMAIL= USER= Password= ******** Enable Wildcard= No Press ENTER to Confirm or ESC to Cancel: Follow the instructions in the next table to configure dynamic DNS parameters. Table 94 Menu 1.1 Configure Dynamic DNS FIELD DESCRIPTION...
Page 275 Prestige 661H/HW Series User’s Guide Chapter 23 Menu 1 General Setup...
Page 276: Chapter 24 Menu 2 Wan Backup Setup
Prestige 661H/HW Series User’s Guide H A P T E R Menu 2 WAN Backup Setup This chapter describes how to configure traffic redirect and dial-backup using menu 2 and 2.1. 24.1 Introduction to WAN Backup Setup This chapter explains how to configure the Prestige for traffic redirect connections. 24.2 Configuring WAN Backup in Menu 2 From the main menu, enter 2 to open menu 2.
Page 277: Traffic Redirect Setup
Prestige 661H/HW Series User’s Guide Table 95 Menu 2 WAN Backup Setup (continued) FIELD DESCRIPTION KeepAlive Fail Type the number of times (2 recommended) that your Prestige may ping the IP Tolerance addresses configured in the Check WAN IP Address field without getting a response before switching to a WAN backup connection (or a different WAN backup connection).
Page 278 Prestige 661H/HW Series User’s Guide Table 96 Menu 2.1Traffic Redirect Setup FIELD DESCRIPTION Metric This field sets this route's priority among the routes the Prestige uses. The metric represents the "cost of transmission". A router determines the best route for transmission by choosing a path with the lowest "cost". RIP routing uses hop count as the measurement of cost, with a minimum of "1"...
Page 279 Prestige 661H/HW Series User’s Guide Chapter 24 Menu 2 WAN Backup Setup...
Page 280: Chapter 25 Menu 3 Lan Setup
Prestige 661H/HW Series User’s Guide H A P T E R Menu 3 LAN Setup This chapter covers how to configure your wired Local Area Network (LAN) settings. 25.1 LAN Setup This section describes how to configure the Ethernet using Menu 3 — LAN Setup. From the main menu, enter 3 to display menu 3.
Page 281: Protocol Dependent Ethernet Setup
Prestige 661H/HW Series User’s Guide 25.2 Protocol Dependent Ethernet Setup Depending on the protocols for your applications, you need to configure the respective Ethernet Setup, as outlined below. • TCP/IP Ethernet setup • Bridging Ethernet setup 25.3 TCP/IP Ethernet Setup and DHCP Use menu 3.2 to configure your Prestige for TCP/IP.
Page 282: Table 97 Dhcp Ethernet Setup
Prestige 661H/HW Series User’s Guide Follow the instructions in the following table on how to configure the DHCP fields. Table 97 DHCP Ethernet Setup FIELD DESCRIPTION DHCP Setup DHCP If set to Server, your Prestige can assign IP addresses, an IP default gateway and DNS servers to Windows 95, Windows NT and other systems that support the DHCP client.
Page 283 Prestige 661H/HW Series User’s Guide Chapter 25 Menu 3 LAN Setup...
Page 284: Chapter 26 Wireless Lan Setup
Prestige 661H/HW Series User’s Guide H A P T E R Wireless LAN Setup This chapter covers how to configure wireless LAN settings in SMT menu 3.5. 26.1 Wireless LAN Overview Refer to the chapter on the wireless LAN screens for wireless LAN background information. 26.2 Wireless LAN Setup Use menu 3.5 to set up your Prestige as the wireless access point.
Page 285: Wireless Lan Mac Address Filter
Prestige 661H/HW Series User’s Guide Table 99 Menu 3.5 - Wireless LAN Setup (continued) FIELD DESCRIPTION Channel ID Press [SPACE BAR] to select a channel. This allows you to set the operating frequency/ channel depending on your particular region. RTS(Request To Send) threshold (number of bytes) enables RTS/CTS handshake. Data Threshold with its frame size larger than this value will perform the RTS/CTS handshake.
Page 286: Figure 155 Menu 3.5.1 Wlan Mac Address Filtering
Prestige 661H/HW Series User’s Guide Figure 155 Menu 3.5.1 WLAN MAC Address Filtering Menu 3.5.1 - WLAN MAC Address Filter Active= No Filter Action= Allowed Association -------------------------------------------------------------------------- 00:00:00:00:00:00 00:00:00:00:00:00 00:00:00:00:00:00 00:00:00:00:00:00 00:00:00:00:00:00 00:00:00:00:00:00 00:00:00:00:00:00 00:00:00:00:00:00 00:00:00:00:00:00 00:00:00:00:00:00 00:00:00:00:00:00 00:00:00:00:00:00 00:00:00:00:00:00 00:00:00:00:00:00 00:00:00:00:00:00 00:00:00:00:00:00...
Page 287 Prestige 661H/HW Series User’s Guide Chapter 26 Wireless LAN Setup...
Page 288: Chapter 27 Internet Access
Prestige 661H/HW Series User’s Guide H A P T E R Internet Access This chapter shows you how to configure the LAN and WAN of your Prestige for Internet access 27.1 Internet Access Overview Refer to the chapters on the web configurator’s wizard, LAN and WAN screens for more background information on fields in the SMT screens covered in this chapter.
Page 289: Ip Alias Setup
Prestige 661H/HW Series User’s Guide Figure 156 IP Alias Network Example Use menu 3.2.1 to configure IP Alias on your Prestige. 27.4 IP Alias Setup Use menu 3.2 to configure the first network. Move the cursor to Edit IP Alias field and press [SPACEBAR] to choose Yes and press [ENTER] to configure the second and third network.
Page 290: Route Ip Setup
Prestige 661H/HW Series User’s Guide Figure 158 Menu 3.2.1 IP Alias Setup Menu 3.2.1 - IP Alias Setup IP Alias 1= No IP Address= N/A IP Subnet Mask= N/A RIP Direction= N/A Version= N/A Incoming protocol filters= N/A Outgoing protocol filters= N/A IP Alias 2= No IP Address= N/A IP Subnet Mask= N/A...
Page 291: Internet Access Configuration
Prestige 661H/HW Series User’s Guide Figure 159 Menu 1 General Setup Menu 1 - General Setup System Name= ? Location= location Contact Person's Name= Domain Name= Edit Dynamic DNS= No Route IP= Yes Bridge= No Press ENTER to Confirm or ESC to Cancel: 27.6 Internet Access Configuration Menu 4 allows you to enter the Internet Access information in one screen.
Page 292: Table 102 Menu 4 Internet Access Setup
Prestige 661H/HW Series User’s Guide Menu 4 Internet Access Setup Table 102 FIELD DESCRIPTION ISP’s Name Enter the name of your Internet Service Provider (ISP). This information is for identification purposes only. SPACE BAR Encapsulation Press [ ] to select the method of encapsulation used by your ISP. Choices are PPPoE, PPPoA, RFC 1483 or ENET ENCAP.
Page 293 Prestige 661H/HW Series User’s Guide Chapter 27 Internet Access...
Page 294: Remote Node Configuration
Prestige 661H/HW Series User’s Guide H A P T E R Remote Node Configuration This chapter covers remote node configuration. 28.1 Remote Node Setup Overview This section describes the protocol-independent parameters for a remote node. A remote node is required for placing calls to a remote gateway. A remote node represents both the remote gateway and the network behind it across a WAN connection.
Page 295: Encapsulation And Multiplexing Scenarios
Prestige 661H/HW Series User’s Guide Figure 161 Menu 11 Remote Node Setup Menu 11 - Remote Node Setup 1. MyISP (ISP, SUA) 2. ________ 3. ________ 4. ________ 5. ________ 6. ________ 7. ________ 8. ________ Enter Node # to Edit: 28.2.2 Encapsulation and Multiplexing Scenarios For Internet access you should use the encapsulation and multiplexing methods used by your ISP.
Page 296: Figure 162 Menu 11.1 Remote Node Profile
Prestige 661H/HW Series User’s Guide Figure 162 Menu 11.1 Remote Node Profile Menu 11.1 - Remote Node Profile Rem Node Name= MyISP Route= IP Active= Yes Bridge= No Encapsulation= RFC 1483 Edit IP/Bridge= No Multiplexing= LLC-based Edit ATM Options= No Service Name= N/A Edit Advance Options= N/A Incoming:...
Page 297: Outgoing Authentication Protocol
Prestige 661H/HW Series User’s Guide Table 103 Menu 11.1 Remote Node Profile (continued) FIELD DESCRIPTION PAP – accept PAP (Password Authentication Protocol) only. Route This field determines the protocol used in routing. Options are IP and None. Bridge When bridging is enabled, your Prestige will forward any packet that it does not route to this remote node;...
Page 298: Remote Node Network Layer Options
Prestige 661H/HW Series User’s Guide 28.3 Remote Node Network Layer Options For the TCP/IP parameters, perform the following steps to edit Menu 11.3 – Remote Node Network Layer Options as shown next. 1 In menu 11.1, make sure IP is among the protocols in the Route field. 2 Move the cursor to the Edit IP/Bridge field, press [SPACE BAR] to select Yes, then press [ENTER] to display Menu 11.3 –...
Page 299: My Wan Addr Sample Ip Addresses
Prestige 661H/HW Series User’s Guide Table 104 Menu 11.3 Remote Node Network Layer Options (continued) FIELD DESCRIPTION Address When Full Feature is selected in the NAT field, configure address mapping sets in Mapping Set menu 15.1. Select one of the NAT server sets (2-10) in menu 15.2 (see Chapter 31 on page 312 for details) and type that number here.
Page 300: Remote Node Filter
Prestige 661H/HW Series User’s Guide Figure 164 Sample IP Addresses for a TCP/IP LAN-to-LAN Connection 28.4 Remote Node Filter Move the cursor to the Edit Filter Sets field in menu 11.1, then press [SPACE BAR] to select Yes. Press [ENTER] to display Menu 11.5 – Remote Node Filter. Use Menu 11.5 –...
Page 301: Editing Atm Layer Options
Prestige 661H/HW Series User’s Guide Figure 166 Menu 11.5 Remote Node Filter (PPPoA or PPPoE Encapsulation) Menu 11.5 - Remote Node Filter Input Filter Sets: protocol filters= device filters= Output Filter Sets: protocol filters= device filters= Call Filter Sets: protocol filters= device filters= Enter here to CONFIRM or ESC to CANCEL: 28.5 Editing ATM Layer Options...
Page 302: Advance Setup Options
Prestige 661H/HW Series User’s Guide Figure 168 Menu 11.6 for LLC-based Multiplexing or PPP Encapsulation Menu 11.6 - Remote Node ATM Layer Options VPI/VCI (LLC-Multiplexing or PPP-Encapsulation) VPI #= 0 VCI #= 38 ATM QoS Type= UBR Peak Cell Rate (PCR)= 0 Sustain Cell Rate (SCR)= 0 Maximum Burst Size (MBS)= 0 ENTER here to CONFIRM or ESC to CANCEL:...
Page 303: Figure 170 Menu 11.8 Advance Setup Options
Prestige 661H/HW Series User’s Guide Figure 170 Menu 11.8 Advance Setup Options Menu 11.8 - Advance Setup Options PPPoE pass-through= No Press ENTER to Confirm or ESC to Cancel: The following table describes the fields in this menu. Table 105 Menu 11.8 Advance Setup Options FIELD DESCRIPTION PPPoE pass-through...
Page 304: Chapter 29 Static Route Setup
Prestige 661H/HW Series User’s Guide H A P T E R Static Route Setup This chapter shows how to setup IP static routes. 29.1 IP Static Route Overview Static routes tell the Prestige routing information that it cannot learn automatically through other means.
Page 305: Figure 172 Menu 12 Static Route Setup
Prestige 661H/HW Series User’s Guide Figure 172 Menu 12 Static Route Setup Menu 12 - Static Route Setup 1. IP Static Route 3. Bridge Static Route Please enter selection: From menu 12, select 1 to open Menu 12.1 — IP Static Route Setup (shown next). Figure 173 Menu 12.1 IP Static Route Setup Menu 12.1 - IP Static Route Setup 1.
Page 306: Table 106 Menu12.1.1 Edit Ip Static Route
Prestige 661H/HW Series User’s Guide The following table describes the fields for Menu 12.1.1 – Edit IP Static Route Setup. Table 106 Menu12.1.1 Edit IP Static Route FIELD DESCRIPTION Route # This is the index number of the static route that you chose in menu 12.1. Route Name Type a descriptive name for this route.
Page 307 Prestige 661H/HW Series User’s Guide Chapter 29 Static Route Setup...
Page 308: Chapter 30 Bridging Setup
Prestige 661H/HW Series User’s Guide H A P T E R Bridging Setup This chapter shows you how to configure the bridging parameters of your Prestige. 30.1 Bridging in General Bridging bases the forwarding decision on the MAC (Media Access Control), or hardware address, while routing does it on the network layer (IP) address.
Page 309: Figure 175 Menu 11.1 Remote Node Profile
Prestige 661H/HW Series User’s Guide Figure 175 Menu 11.1 Remote Node Profile Menu 11.1 - Remote Node Profile Rem Node Name= ? Route= IP Active= Yes Bridge= Yes Encapsulation= ENET ENCAP Edit IP/Bridge= No Multiplexing= VC-based Edit ATM Options= No Service Name= N/A Edit Advance Options= N/A Incoming:...
Page 310: Bridge Static Route Setup
Prestige 661H/HW Series User’s Guide 30.2.2 Bridge Static Route Setup Similar to network layer static routes, a bridging static route tells the Prestige the route to a node before a connection is established. You configure bridge static routes in menu 12.3.1 (go to menu 12, choose option 3, then choose a static route to edit) as shown next.
Page 311 Prestige 661H/HW Series User’s Guide Chapter 30 Bridging Setup...
Page 312: Network Address Translation (Nat)
Prestige 661H/HW Series User’s Guide H A P T E R Network Address Translation (NAT) This chapter discusses how to configure NAT on the Prestige. 31.1 Using NAT You must create a firewall rule in addition to setting up SUA/NAT, to allow traffic from the WAN to be forwarded through the Prestige.
Page 313: Figure 178 Menu 4 Applying Nat For Internet Access
Prestige 661H/HW Series User’s Guide Figure 178 Menu 4 Applying NAT for Internet Access Menu 4 - Internet Access Setup ISP's Name= MyISP Encapsulation= RFC 1483 Multiplexing= LLC-based VPI #= 8 VCI #= 35 ATM QoS Type= UBR Peak Cell Rate (PCR)= 0 Sustain Cell Rate (SCR)= 0 Maximum Burst Size (MBS)= 0 My Login= N/A...
Page 314: Nat Setup
Prestige 661H/HW Series User’s Guide Table 109 Applying NAT in Menus 4 & 11.3 FIELD DESCRIPTION Press [SPACE BAR] and then [ENTER] to select Full Feature if you have multiple public WAN IP addresses for your Prestige. The SMT uses the address mapping set that you configure and enter in the Address Mapping Set field (seeFigure 181 on page 315).
Page 315: Sua Address Mapping Set
Prestige 661H/HW Series User’s Guide Figure 181 Menu 15.1 Address Mapping Sets Menu 15.1 - Address Mapping Sets 255. SUA (read only) Enter Menu Selection Number: 31.3.1.1 SUA Address Mapping Set Enter 255 to display the next screen (see also Section 31.1.1 on page 312).
Page 316: User-Defined Address Mapping Sets
Prestige 661H/HW Series User’s Guide Table 110 SUA Address Mapping Rules (continued) FIELD DESCRIPTION Local End IP Local End IP is the ending local IP address (ILA). If the rule is for all local IPs, then the Start IP is 0.0.0.0 and the End IP is 255.255.255.255. Global Start IP This is the starting global IP address (IGA).
Page 317: Ordering Your Rules
Prestige 661H/HW Series User’s Guide 31.3.1.3 Ordering Your Rules Ordering your rules is important because the Prestige applies the rules in the order that you specify. When a rule matches the current packet, the Prestige takes the corresponding action and the remaining rules are ignored. If there are any empty rules before your new configured rule, your configured rule will be pushed up by that number of empty rules.
Page 318: Configuring A Server Behind Nat
Prestige 661H/HW Series User’s Guide The following table explains the fields in this menu. Menu 15.1.1.1 Editing/Configuring an Individual Rule in a Set Table 112 FIELD DESCRIPTION Type Press [SPACE BAR] and then [ENTER] to select from a total of five types. These are the mapping types discussed in the web configurator NAT chapter.
Page 319: General Nat Examples
Prestige 661H/HW Series User’s Guide Figure 186 Menu 15.2.1 NAT Server Setup Menu 15.2 - NAT Server Setup Rule Start Port No. End Port No. IP Address --------------------------------------------------- Default Default 0.0.0.0 192.168.1.33 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 Press ENTER to Confirm or ESC to Cancel:...
Page 320: Example 1: Internet Access Only
Prestige 661H/HW Series User’s Guide 31.5.1 Example 1: Internet Access Only In the following Internet access example, you only need one rule where your ILAs (Inside Local addresses) all map to one dynamic IGA (Inside Global Address) assigned by your ISP. Figure 188 NAT Example 1 Figure 189 Menu 4 Internet Access &...
Page 321: Example 3: Multiple Public Ip Addresses With Inside Servers
Prestige 661H/HW Series User’s Guide Figure 190 NAT Example 2 In this case, you do exactly as above (use the convenient pre-configured SUA Only set) and also go to menu 15.2 to specify the Inside Server behind the NAT as shown in the next figure. Figure 191 Menu 15.2.1 Specifying an Inside Server Menu 15.2.1 - NAT Server Setup (Used for SUA Only) Rule...
Page 322: Figure 192 Nat Example 3
Prestige 661H/HW Series User’s Guide Map the other outgoing LAN traffic to IGA3 (Many : 1 mapping). You also map your third IGA to the web server and mail server on the LAN. Type Server allows you to specify multiple servers, of different types, to other computers behind NAT on the LAN.
Page 323: Figure 193 Example 3: Menu 11.3
Prestige 661H/HW Series User’s Guide Figure 193 Example 3: Menu 11.3 Menu 11.3 - Remote Node Network Layer Options IP Options: Bridge Options: IP Address Assignment= Static Ethernet Addr Timeout (min)= 0 Rem IP Addr: 0.0.0.0 Rem Subnet Mask= 0.0.0.0 My WAN Addr= 0.0.0.0 NAT= Full Feature Address Mapping Set= 2...
Page 324: Figure 195 Example 3: Final Menu 15.1.1
Prestige 661H/HW Series User’s Guide Figure 195 Example 3: Final Menu 15.1.1 Menu 15.1.1 - Address Mapping Rules Set Name= Example3 Local Start IP Local End IP Global Start IP Global End IP Type --------------- ------------- --------------- -------------- ---- 1. 192.168.1.10 10.132.50.1 192.168.1.11 10.132.50.2...
Page 325: Example 4: Nat Unfriendly Application Programs
Prestige 661H/HW Series User’s Guide 31.5.4 Example 4: NAT Unfriendly Application Programs Some applications do not support NAT Mapping using TCP or UDP port address translation. In this case it is better to use Many-to-Many No Overload mapping as port numbers do not change for Many-to-Many No Overload (and One-to-One) NAT mapping types.
Page 326: Figure 199 Example 4: Menu 15.1.1 Address Mapping Rules
Prestige 661H/HW Series User’s Guide Figure 199 Example 4: Menu 15.1.1 Address Mapping Rules Menu 15.1.1 - Address Mapping Rules Set Name= Example4 Local Start IP Local End IP Global Start IP Global End IP Type --------------- ------------ --------------- --------------- ---- 192.168.1.10 192.168.1.12...
Page 327 Prestige 661H/HW Series User’s Guide Chapter 31 Network Address Translation (NAT)
Page 328: Chapter 32 Enabling The Firewall
Prestige 661H/HW Series User’s Guide H A P T E R Enabling the Firewall This chapter shows you how to get started with the Prestige firewall. 32.1 Remote Management and the Firewall When SMT menu 24.11 is configured to allow management and the firewall is enabled: •...
Page 329: Figure 200 Menu 21.2 Firewall Setup
Prestige 661H/HW Series User’s Guide Figure 200 Menu 21.2 Firewall Setup Menu 21.2 - Firewall Setup The firewall protects against Denial of Service (DOS) attacks when it is active. The default Policy sets 1. allow all sessions originating from the LAN to the WAN and 2.
Page 330: Chapter 33 Filter Configuration
Prestige 661H/HW Series User’s Guide H A P T E R Filter Configuration This chapter shows you how to create and apply filters. 33.1 About Filtering Your Prestige uses filters to decide whether or not to allow passage of a data packet and/or to make a call.
Page 331: The Filter Structure Of The Prestige
Prestige 661H/HW Series User’s Guide Figure 202 Filter Rule Process You can apply up to four filter sets to a particular port to block various types of packets. Because each filter set can have up to six rules, you can have a maximum of 24 rules active for a single port.
Page 332: Configuring A Filter Set For The Prestige
Prestige 661H/HW Series User’s Guide 33.2 Configuring a Filter Set for the Prestige To configure a filter set, follow the steps shown next. 1 Enter 21 in the main menu to display Menu 21 – Filter and Firewall Setup. 2 Enter 1 to display Menu 21.1 – Filter Set Configuration as shown next. Figure 203 Menu 21 Filter Set Configuration Menu 21.1 - Filter Set Configuration Filter...
Page 333: Filter Rules Summary Menus
Prestige 661H/HW Series User’s Guide Figure 205 NetBIOS_LAN Filter Rules Summary Menu 21.1.3 - Filter Rules Summary # A Type Filter Rules M m n - - ---- ------------------------------------------------------------ - - - 1 Y IP Pr=17, SA=0.0.0.0, SP=137, DA=0.0.0.0, DP=53 N D F Enter Filter Rule Number (1-6) to Configure: Figure 206 IGMP Filter Rules Summary...
Page 334: Configuring A Filter Rule
Prestige 661H/HW Series User’s Guide Table 113 Abbreviations Used in the Filter Rules Summary Menu (continued) FIELD DESCRIPTION Action Matched. “F” means to forward the packet immediately and skip checking the remaining rules. “D” means to drop the packet. “N“means to check the next rule. Action Not Matched.
Page 335: Tcp/Ip Filter Rule
Prestige 661H/HW Series User’s Guide 33.4.1 TCP/IP Filter Rule This section shows you how to configure a TCP/IP filter rule. TCP/IP rules allow you to base the rule on the fields in the IP and the upper layer protocol, for example, UDP and TCP headers.
Page 336 Prestige 661H/HW Series User’s Guide Table 115 Menu 21.1.x.1 TCP/IP Filter Rule (continued) FIELD DESCRIPTION Port # Type the destination port of the packets you want to filter. The field range is 0 to 65535. A 0 field is ignored. Port # Comp Select the comparison to apply to the destination port in the packet against the value given in Destination: Port #.
Page 337: Generic Filter Rule
Prestige 661H/HW Series User’s Guide Figure 208 Executing an IP Filter 33.4.2 Generic Filter Rule This section shows you how to configure a generic filter rule. The purpose of generic rules is to allow you to filter non-IP packets. For IP, it is generally easier to use the IP rules directly. Chapter 33 Filter Configuration...
Page 338: Figure 209 Menu 21.1.5.1 Generic Filter Rule
Prestige 661H/HW Series User’s Guide For generic rules, the Prestige treats a packet as a byte stream as opposed to an IP packet. You specify the portion of the packet to check with the Offset (from 0) and the Length fields, both in bytes.
Page 339: Filter Types And Nat
Prestige 661H/HW Series User’s Guide Table 116 Menu 21.1.5.1 Generic Filter Rule (continued) FIELD DESCRIPTION Select the logging option from the following: None – No packets will be logged. Action Matched – Only matching packets and rules will be logged. Action Not Matched –...
Page 340: Figure 211 Sample Telnet Filter
Prestige 661H/HW Series User’s Guide Figure 211 Sample Telnet Filter 1 Enter 1 in the menu 21 to display Menu 21.1 — Filter Set Configuration. 2 Enter the index number of the filter set you want to configure (in this case 6) 3 Type a descriptive name or comment in the Edit Comments field (for example, TELNET_WAN) and press [ENTER].
Page 341: Applying Filters And Factory Defaults
Prestige 661H/HW Series User’s Guide 2 Go to the Edit Filter Sets field, press [SPACE BAR] to choose Yes and press [ENTER]. This brings you to menu 11.5. Apply the example filter set (for example, filter set 3) in this menu as shown in the next section.
Page 342: Ethernet Traffic
Prestige 661H/HW Series User’s Guide 33.7.1 Ethernet Traffic You seldom need to filter Ethernet traffic; however, the filter sets may be useful to block certain packets, reduce traffic and prevent security breaches. Go to menu 3.1 (shown next) and type the number(s) of the filter set(s) that you want to apply as appropriate. You can choose up to four filter sets (from twelve) by typing their numbers separated by commas, for example, 3, 4, 6, 11.
Page 343 Prestige 661H/HW Series User’s Guide Chapter 33 Filter Configuration...
Page 344: Chapter 34 Snmp Configuration
Prestige 661H/HW Series User’s Guide H A P T E R SNMP Configuration This chapter explains SNMP Configuration menu 22. 34.1 About SNMP Simple Network Management Protocol (SNMP) is a protocol used for exchanging management information between network devices. SNMP is a member of the TCP/IP protocol suite.
Page 345: Supported Mibs
Prestige 661H/HW Series User’s Guide The managed devices contain object variables/managed objects that define each piece of information to be collected about a device. Examples of variables include the number of packets received, node port status etc. A Management Information Base (MIB) is a collection of managed objects.
Page 346: Snmp Traps
Prestige 661H/HW Series User’s Guide Figure 217 Menu 22 SNMP Configuration Menu 22 - SNMP Configuration SNMP: Get Community= public Set Community= public Trusted Host= 0.0.0.0 Trap: Community= public Destination= 0.0.0.0 Press ENTER to Confirm or ESC to Cancel: The following table describes the SNMP configuration parameters. Table 118 Menu 22 SNMP Configuration FIELD DESCRIPTION...
Page 347: Table 120 Ports And Permanent Virtual Circuits
Prestige 661H/HW Series User’s Guide Table 119 SNMP Traps (continued) TRAP # TRAP NAME DESCRIPTION authenticationFailure (defined in A trap is sent to the manager when receiving any RFC-1215) SNMP gets or sets requirements with wrong community (password). whyReboot (defined in ZYXEL-MIB) A trap is sent with the reason of restart before rebooting when the system is going to restart (warm start).
Page 348: Chapter 35 System Security
Prestige 661H/HW Series User’s Guide H A P T E R System Security This chapter describes how to configure the system security on the Prestige. 35.1 System Security You can configure the system password. 35.1.1 System Password Enter 23 in the main menu to display Menu 23 – System Security. You should change the default password.
Page 349: Figure 219 Menu 23.2 System Security: Radius Server
Prestige 661H/HW Series User’s Guide Figure 219 Menu 23.2 System Security: RADIUS Server Menu 23.2 - System Security - RADIUS Server Authentication Server: Active= No Server Address= 10.11.12.13 Port #= 1812 Shared Secret= ******** Accounting Server: Active= No Server Address= 10.11.12.13 Port #= 1813 Shared Secret= ******** Press ENTER to Confirm or ESC to Cancel:...
Page 350: Ieee 802.1X
Prestige 661H/HW Series User’s Guide 35.1.3 IEEE 802.1x The IEEE 802.1x standards outline enhanced security methods for both the authentication of wireless stations and encryption key management. Follow the steps below to enable EAP authentication on your Prestige. 1 From the main menu, enter 23 to display Menu23 – System Security. Figure 220 Menu 23 System Security Menu 23 - System Security 1.
Page 351: Table 122 Menu 23.4 System Security: Ieee 802.1X
Prestige 661H/HW Series User’s Guide Table 122 Menu 23.4 System Security: IEEE 802.1x FIELD DESCRIPTION Wireless Port Press [SPACE BAR] and select a security mode for the wireless LAN access. Control Select No Authentication Required to allow any wireless stations access to your wired network without entering usernames and passwords.
Page 352: Creating User Accounts On The Prestige
Prestige 661H/HW Series User’s Guide Table 122 Menu 23.4 System Security: IEEE 802.1x (continued) FIELD DESCRIPTION Authentication The authentication database contains wireless station login information. The local Databases user database is the built-in database on the Prestige. The RADIUS is an external server.
Page 353: Figure 222 Menu 14 Dial-In User Setup
Prestige 661H/HW Series User’s Guide Figure 222 Menu 14 Dial-in User Setup Menu 14 - Dial-in User Setup 1. ________ 9. ________ 17. ________ 25. ________ 2. ________ 10. ________ 18. ________ 26. ________ 3. ________ 11. ________ 19. ________ 27.
Page 354: System Information And Diagnosis
Prestige 661H/HW Series User’s Guide H A P T E R System Information and Diagnosis This chapter covers the information and diagnostic tools in SMT menus 24.1 to 24.4. 36.1 Overview These tools include updates on system status, port status, log and trace capabilities and upgrades for the system software.
Page 355: Figure 225 Menu 24.1 System Maintenance : Status
Prestige 661H/HW Series User’s Guide The following table describes the fields present in Menu 24.1 — System Maintenance — Status which are read-only and meant for diagnostic purposes. Figure 225 Menu 24.1 System Maintenance : Status Menu 24.1 - System Maintenance - Status 03:53:21 Sat.
Page 356: System Information
Prestige 661H/HW Series User’s Guide Table 124 Menu 24.1 System Maintenance: Status (continued) FIELD DESCRIPTION This shows statistics for the WAN. Line Status This shows the current status of the xDSL line, which can be Up or Down. Upstream This shows the upstream transfer rate in kbps. Speed Downstream This shows the downstream transfer rate in kbps.
Page 357: Console Port Speed
Refers to the routing protocol used. ZyNOS F/W Version Refers to the ZyNOS (ZyXEL Network Operating System) system firmware version. ZyNOS is a registered trademark of ZyXEL Communications Corporation. ADSL Chipset Displays the vendor of the ADSL chipset and DSL version.
Page 358: Log And Trace
Prestige 661H/HW Series User’s Guide Figure 228 Menu 24.2.2 System Maintenance : Change Console Port Speed Menu 24.2.2 – System Maintenance – Change Console Port Speed Console Port Speed: 9600 Press ENTER to Confirm or ESC to Cancel: Once you change the Prestige console port speed, you must also set the speed parameter for the communication software you are using to connect to the Prestige.
Page 359: Syslog And Accounting
Prestige 661H/HW Series User’s Guide Figure 230 Sample Error and Information Messages 53 Sat Jan 01 00:00:03 2000 PP01 -WARN SNMP TRAP 0: cold start 54 Sat Jan 01 00:00:03 2000 PP01 INFO main: init completed 55 Sat Jan 01 00:00:03 2000 PP01 INFO Starting Connectivity Monitor 56 Sat Jan 01 00:00:03 2000 PP20...
Page 360: Figure 232 Syslog Example
Prestige 661H/HW Series User’s Guide Figure 232 Syslog Example 1 - CDR SdcmdSyslogSend ( SYSLOG_CDR, SYSLOG_INFO, String); String = board xx line xx channel xx, call xx, str board = the hardware board ID line = the WAN ID in a board Channel = channel ID within the WAN call = the call reference number which starts from 1 and increments by 1 for each new call...
Page 361: Diagnostic
Prestige 661H/HW Series User’s Guide Figure 232 Syslog Example (continued) prot: Protocol (“TCP”, ”UDP”, ”ICMP”) spo: Source port dpo: Destination port Jul 19 14:43:55 192.168.102.2 ZYXEL: IP [Src=202.132.154.123 Dst=255.255.255.255 UDP spo=0208 dpo=0208]} S03>R01mF Jul 19 14:44:00 192.168.102.2 ZYXEL: IP [Src=192.168.102.20 Dst=202.132.154.1 UDP spo=05d4 dpo=0035]} S03>R01mF Jul 19 14:44:04 192.168.102.2 ZYXEL: IP [Src=192.168.102.20 Dst=202.132.154.1 UDP spo=05d4 dpo=0035]} S03>R01mF...
Page 362: Table 127 Menu 24.4 System Maintenance Menu: Diagnostic
Prestige 661H/HW Series User’s Guide The following table describes the diagnostic tests available in menu 24.4 for and the connections. Table 127 Menu 24.4 System Maintenance Menu: Diagnostic FIELD DESCRIPTION Reset xDSL Re-initialize the xDSL link to the telephone company. Ping Host Ping the host to see if the links and TCP/IP protocol on both systems are working.
Page 363 Prestige 661H/HW Series User’s Guide Chapter 36 System Information and Diagnosis...
Page 364: Firmware And Configuration File Maintenance
Prestige 661H/HW Series User’s Guide H A P T E R Firmware and Configuration File Maintenance This chapter tells you how to backup and restore your configuration file as well as upload new firmware and configuration files. 37.1 Filename Conventions The configuration file (often called the romfile or rom-0) contains the factory default settings in the menus such as password, DHCP Setup, TCP/IP Setup, etc.
Page 365: Backup Configuration
Prestige 661H/HW Series User’s Guide The following table is a summary. Please note that the internal filename refers to the filename on the Prestige and the external filename refers to the filename not on the Prestige, that is, on your computer, local network or FTP site and so the name (but not the extension) may vary. After uploading new firmware, see the ZyNOS F/W Version field in Menu 24.2.1 –...
Page 366: Using The Ftp Command From The Command Line
Prestige 661H/HW Series User’s Guide Figure 234 Telnet in Menu 24.5 Menu 24.5 - System Maintenance - Backup Configuration To transfer the configuration file to your workstation, follow the procedure below: 1. Launch the FTP client on your workstation. 2. Type "open" and the IP address of your Prestige. Then type "root" and SMT password as requested.
Page 367: Gui-Based Ftp Clients
Prestige 661H/HW Series User’s Guide Figure 235 FTP Session Example 331 Enter PASS command Password: 230 Logged in ftp> bin 200 Type I OK ftp> get rom-0 zyxel.rom 200 Port command okay 150 Opening data connection for STOR ras 226 File received OK ftp: 16384 bytes sent in 1.10Seconds 297.89Kbytes/sec.
Page 368: Backup Configuration Using Tftp
Prestige 661H/HW Series User’s Guide 37.2.6 Backup Configuration Using TFTP The Prestige supports the up/downloading of the firmware and the configuration file using TFTP (Trivial File Transfer Protocol) over LAN. Although TFTP should work over WAN as well, it is not recommended. To use TFTP, your computer must have both telnet and TFTP clients.
Page 369: Restore Configuration
Prestige 661H/HW Series User’s Guide Table 130 General Commands for GUI-based TFTP Clients COMMAND DESCRIPTION Host Enter the IP address of the Prestige. 192.168.1.1 is the Prestige’s default IP address when shipped. Send/Fetch Use “Send” to upload the file to the Prestige and “Fetch” to back up the file on your computer.
Page 370: Restore Using Ftp Session Example
Prestige 661H/HW Series User’s Guide Figure 236 Telnet into Menu 24.6 Menu 24.6 -- System Maintenance - Restore Configuration To transfer the firmware and configuration file to your workstation, follow the procedure below: 1. Launch the FTP client on your workstation. 2.
Page 371: Uploading Firmware And Configuration Files
Prestige 661H/HW Series User’s Guide 37.4 Uploading Firmware and Configuration Files This section shows you how to upload firmware and configuration files. You can upload configuration files by following the procedure in Section 37.2 on page 365 or by following the instructions in Menu 24.7.2 –...
Page 372: Ftp File Upload Command From The Dos Prompt Example
Prestige 661H/HW Series User’s Guide Figure 239 Telnet Into Menu 24.7.2 System Maintenance Menu 24.7.2 - System Maintenance - Upload System Configuration File To upload the system configuration file, follow the procedure below: 1. Launch the FTP client on your workstation. 2.
Page 373: Ftp Session Example Of Firmware File Upload
Prestige 661H/HW Series User’s Guide 37.4.4 FTP Session Example of Firmware File Upload Figure 240 FTP Session Example of Firmware File Upload 331 Enter PASS command Password: 230 Logged in ftp> bin 200 Type I OK ftp> put firmware.bin ras 200 Port command okay 150 Opening data connection for STOR ras 226 File received OK...
Page 374: Tftp Upload Command Example
Prestige 661H/HW Series User’s Guide 37.4.6 TFTP Upload Command Example The following is an example TFTP command: tftp [-i] host put firmware.bin ras where “ ” specifies binary image transfer mode (use this mode when transferring binary files), “ ” is the Prestige’s IP address and “ ”...
Page 375 Prestige 661H/HW Series User’s Guide Chapter 37 Firmware and Configuration File Maintenance...
Page 376: Chapter 38 System Maintenance
Upload Firmware Command Interpreter Mode Call Control 10. Time and Date Setting 11. Remote Management Enter Menu Selection Number: Figure 242 Valid Commands Copyright (c) 1994 - 2004 ZyXEL Communications Corp. ras> ? Valid commands are: exit ether wlan ipsec...
Page 377: Call Control Support
Prestige 661H/HW Series User’s Guide 38.2 Call Control Support Call Control Support is only applicable when Encapsulation is set to PPPoE in menu 4 or menu 11.1. The budget management function allows you to set a limit on the total outgoing call time of the Prestige within certain times.
Page 378: Time And Date Setting
Prestige 661H/HW Series User’s Guide Figure 244 Menu 24.9.1 System Maintenance: Budget Management Menu 24.9.1 - System Maintenance - Budget Management Remote Node Connection Time/Total Budget Elapsed Time/Total Period 1.MyIsp No Budget No Budget 2.-------- 3.-------- 4.-------- 5.-------- 6.-------- 7.-------- 8.-------- Reset Node (0 to update screen): The total budget is the time limit on the accumulated time for outgoing calls to a remote node.
Page 379: Figure 245 Menu 24 System Maintenance
Prestige 661H/HW Series User’s Guide Figure 245 Menu 24 System Maintenance Menu 24 - System Maintenance System Status System Information and Console Port Speed Log and Trace Diagnostic Backup Configuration Restore Configuration Upload Firmware Command Interpreter Mode Call Control 10. Time and Date Setting 11.
Page 380: Resetting The Time
Prestige 661H/HW Series User’s Guide Table 132 Menu 24.10 System Maintenance: Time and Date Setting (continued) FIELD DESCRIPTION Current Time This field displays an updated time only when you reenter this menu. New Time Enter the new time in hour, minute and second format. Current Date This field displays an updated date only when you re-enter this menu.
Page 381 Prestige 661H/HW Series User’s Guide Chapter 38 System Maintenance...
Page 382: Chapter 39 Remote Management
Prestige 661H/HW Series User’s Guide H A P T E R Remote Management This chapter covers remote management (SMT menu 24.11). 39.1 Remote Management Overview Remote management allows you to determine which services/protocols can access which Prestige interface (if any) from which computers. When you configure remote management to allow management from the WAN, you still need to configure a firewall rule to allow access.
Page 383: Remote Management Limitations
Prestige 661H/HW Series User’s Guide Figure 247 Menu 24.11 Remote Management Control Menu 24.11 - Remote Management Control TELNET Server: Server Port = 23 Server Access = LAN only Secured Client IP = 0.0.0.0 FTP Server: Server Port = 21 Server Access = LAN only Secured Client IP = 0.0.0.0 Web Server:...
Page 384: Remote Management And Nat
Prestige 661H/HW Series User’s Guide 39.3 Remote Management and NAT When NAT is enabled: • Use the Prestige’s WAN IP address when configuring from the WAN. • Use the Prestige’s LAN IP address when configuring from the LAN. 39.4 System Timeout There is a default system management idle timeout of five minutes (three hundred seconds).
Page 385 Prestige 661H/HW Series User’s Guide Chapter 39 Remote Management...
Page 386: Chapter 40 Ip Policy Routing
Prestige 661H/HW Series User’s Guide H A P T E R IP Policy Routing This chapter covers setting and applying policies used for IP routing. 40.1 IP Policy Routing Overview Traditionally, routing is based on the destination address only and the IAD takes the shortest path to forward a packet.
Page 387: Ip Routing Policy Setup
Prestige 661H/HW Series User’s Guide • routing the packet to a different gateway (and hence the outgoing interface). • setting the TOS and precedence fields in the IP header. IPPR follows the existing packet filtering facility of RAS in style and in implementation. The policies are divided into sets, where related policies are grouped together.
Page 388: Figure 249 Menu 25.1 Ip Routing Policy Setup
Prestige 661H/HW Series User’s Guide Figure 249 Menu 25.1 IP Routing Policy Setup Menu 25.1 - IP Routing Policy Setup Criteria/Action - - ---------------------------------------------------------------------- 1 Y SA=1.1.1.1-1.1.1.1,DA=2.2.2.2-2.2.2.5 SP=20-25,DP=20-25,P=6,T=NM,PR=0 |GW=192.168.1.1,T=MT,PR=0 2 N ______________________________________________________________________ ______________________________________________________________________ 3 N ______________________________________________________________________ ______________________________________________________________________ 4 N ______________________________________________________________________ ______________________________________________________________________ 5 N ______________________________________________________________________ ______________________________________________________________________...
Page 389: Figure 250 Menu 25.1.1 Ip Routing Policy
Prestige 661H/HW Series User’s Guide Figure 250 Menu 25.1.1 IP Routing Policy Menu 25.1.1 - IP Routing Policy Policy Set Name= test Active= No Criteria: IP Protocol Type of Service= Don't Care Packet length= 0 Precedence = Don't Care Len Comp= N/A Source: addr start= 0.0.0.0 end= N/A...
Page 390: Applying An Ip Policy
Prestige 661H/HW Series User’s Guide Table 135 Menu 25.1.1 IP Routing Policy (continued) FIELD DESCRIPTION Gateway addr Defines the outgoing gateway address. The gateway must be on the same subnet as the Prestige if it is on the LAN, otherwise, the gateway must be the IP address of a remote node.
Page 391: Ip Policy Routing Example
Prestige 661H/HW Series User’s Guide Figure 251 Menu 3.2 TCP/IP and DHCP Ethernet Setup Menu 3.2 - TCP/IP and DHCP Setup DHCP Setup DHCP= Server Client IP Pool Starting Address= 192.168.1.33 Size of Client IP Pool= 32 Primary DNS Server= 0.0.0.0 Secondary DNS Server= 0.0.0.0 Remote DHCP Server= N/A TCP/IP Setup:...
Page 392: Figure 253 Example Of Ip Policy Routing
Prestige 661H/HW Series User’s Guide Route 1 represents the default IP route and route 2 represents the configured IP route. Figure 253 Example of IP Policy Routing To force packets coming from clients with IP addresses of 192.168.1.33 to 192.168.1.64 to be routed to the Internet via the WAN port of the Prestige, follow the steps as shown next.
Page 393: Figure 254 Ip Routing Policy Example
Prestige 661H/HW Series User’s Guide Figure 254 IP Routing Policy Example Menu 25.1.1 - IP Routing Policy Policy Set Name= set1 Packet length= 10 Active= Yes Len Comp= N/A Criteria: IP Protocol end= 192.168.1.64 Type of Service= Don't Care end= N/A Precedence = Don't Care end= N/A...
Page 394: Figure 255 Ip Routing Policy Example
Prestige 661H/HW Series User’s Guide Figure 255 IP Routing Policy Example Menu 25.1.1 - IP Routing Policy Policy Set Name= set2 Packet length= 10 Active= Yes Len Comp= N/A Criteria: IP Protocol end= N/A Type of Service= Don't Care end= N/A Precedence = Don't Care end= N/A...
Page 395 Prestige 661H/HW Series User’s Guide Chapter 40 IP Policy Routing...
Page 396: Chapter 41 Call Scheduling
Prestige 661H/HW Series User’s Guide H A P T E R Call Scheduling Call scheduling (applicable for PPPoA or PPPoE encapsulation only) allows you to dictate when a remote node should be called and for how long. 41.1 Introduction The call scheduling feature allows the Prestige to manage a remote node and dictate when a remote node should be called and for how long.
Page 397: Figure 258 Menu 26.1 Schedule Set Setup
Prestige 661H/HW Series User’s Guide To setup a schedule set, select the schedule set you want to setup from menu 26 (1-12) and press [ENTER] to see Menu 26.1 — Schedule Set Setup as shown next. Figure 258 Menu 26.1 Schedule Set Setup Menu 26.1 Schedule Set Setup Active= Yes Start Date(yyyy-mm-dd)= 2000 - 01 - 01...
Page 398: Figure 259 Applying Schedule Set(S) To A Remote Node (Pppoe)
Prestige 661H/HW Series User’s Guide Table 136 Menu 26.1 Schedule Set Setup (continued) FIELD DESCRIPTION Action Forced On means that the connection is maintained whether or not there is a demand call on the line and will persist for the time period specified in the Duration field. Forced Down means that the connection is blocked whether or not there is a demand call on the line.
Page 399 Prestige 661H/HW Series User’s Guide Chapter 41 Call Scheduling...
Page 400: Chapter 42 Vpn/Ipsec Setup
Prestige 661H/HW Series User’s Guide H A P T E R VPN/IPSec Setup This chapter introduces the VPN SMT menus. 42.1 VPN/IPSec Overview The VPN/IPSec main SMT menu has these main submenus: Define VPN policies in menu 27.1 submenus, including security policies, endpoint IP addresses, peer IPSec router IP address and key management.
Page 401: Figure 261 Menu 27.1 Ipsec Summary
Prestige 661H/HW Series User’s Guide Figure 261 Menu 27.1 IPSec Summary Menu 27.1 – IPSec Summary Name Local Addr Start - Addr End / Mask Encap IPSec Algorithm Key Mgt Remote Addr Start - Addr End / Mask Secure GW Addr ------ ----------------- ---------------...
Page 402 Prestige 661H/HW Series User’s Guide Table 137 Menu 27.1 IPSec Summary (continued) FIELD DESCRIPTION IPSec This field displays the security protocols used for an SA. ESP provides confidentiality Algorithm and integrity of data by encrypting the data and encapsulating it into IP packets. Encryption methods include 56-bit DES and 168-bit 3DES.
Page 403: Ipsec Setup
Prestige 661H/HW Series User’s Guide 42.3 IPSec Setup Select Edit in the Select Command field; type the index number of a rule in the Select Rule field and press [ENTER] to edit the VPN using the menu shown next. Note: You must also configure menu 27.1.1.1 or menu 27.1.1.2 to fully configure and use a VPN.
Page 404 Prestige 661H/HW Series User’s Guide Table 138 Menu 27.1.1 IPSec Setup (continued) FIELD DESCRIPTION Keep Alive Press [SPACE BAR] to choose either Yes or No. Choose Yes and press [ENTER] to have the Prestige automatically re-initiate the SA after the SA lifetime times out, even if there is no traffic.
Page 405 Prestige 661H/HW Series User’s Guide Table 138 Menu 27.1.1 IPSec Setup (continued) FIELD DESCRIPTION Local Local IP addresses must be static and correspond to the remote IPSec router’s configured remote IP addresses. Two active SAs cannot have the local and remote IP address(es) both the same. Two active SAs can have the same local or remote IP address, but not both.
Page 406: Ike Setup
Prestige 661H/HW Series User’s Guide Table 138 Menu 27.1.1 IPSec Setup (continued) FIELD DESCRIPTION End/Subnet When the Addr Type field is configured to Single, this field is N/A. Mask When the Addr Type field is configured to Range, enter the end (static) IP address, in a range of computers on the network behind the remote IPSec router.
Page 407: Figure 263 Menu 27.1.1.1Ke Setup
Prestige 661H/HW Series User’s Guide Figure 263 Menu 27.1.1.1KE Setup Menu 27.1.1.1 - IKE Setup Phase 1 Negotiation Mode= Main PSK= Encryption Algorithm = AES Authentication Algorithm = SHA1 SA Life Time (Seconds)= 28800 Key Group= DH1 Phase 2 Active Protocol = ESP Encryption Algorithm = AES...
Page 408: Manual Setup
Prestige 661H/HW Series User’s Guide Table 139 Menu 27.1.1.1 IKE Setup (continued) FIELD DESCRIPTION Key Group You must choose a key group for phase 1 IKE setup. DH1 (default) refers to Diffie- Hellman Group 1 a 768 bit random number. DH2 refers to Diffie-Hellman Group 2 a 1024 bit (1Kb) random number.
Page 409: Figure 264 Menu 27.1.1.2 Manual Setup
Prestige 661H/HW Series User’s Guide Figure 264 Menu 27.1.1.2 Manual Setup Menu 27.1.1.2 – Manual Setup Active Protocol= ESP Tunnel ESP Setup SPI (Decimal)= 0 Encryption Algorithm= DES Key1= ? Key2= N/A Key3= N/A Authentication Algorithm= MD5 Key= ? AH Setup SPI (Decimal)= N/A Authentication Algorithm= N/A Key= N/A...
Page 410 Prestige 661H/HW Series User’s Guide Table 141 Menu 27.1.1.2 Manual Setup (continued) FIELD DESCRIPTION Authentication Press [SPACE BAR] to choose from MD5 or SHA1 and then press [ENTER]. Algorithm Key Enter the authentication key to be used by IPSec if applicable. The key must be unique.
Page 411 Prestige 661H/HW Series User’s Guide Chapter 42 VPN/IPSec Setup...
Page 412: Chapter 43 Sa Monitor
Prestige 661H/HW Series User’s Guide H A P T E R SA Monitor This chapter teaches you how to manage your SAs by using the SA Monitor in SMT menu 27.2. 43.1 SA Monitor Overview A Security Association (SA) is the group of security settings related to a specific VPN tunnel. This menu (shown next) displays active VPN connections.
Page 413: Figure 265 Menu 27.2 Sa Monitor
Prestige 661H/HW Series User’s Guide Figure 265 Menu 27.2 SA Monitor Menu 27.2 - SA Monitor Name Encap. IPSec ALgorithm -------------------------------- --------- ---------------- Taiwan : 3.3.3.1 – 3.3.3.3.100 Tunnel ESP DES MD5 Select Command= Refresh Select Connection= N/A Press ENTER to Confirm or ESC to Cancel: The following table describes the fields in this menu.
Page 414 Prestige 661H/HW Series User’s Guide Table 142 Menu 27.2 SA Monitor (continued) FIELD DESCRIPTION Select Press [SPACE BAR] to choose from Refresh, Disconnect, None, Next Page, or Command Previous Page and then press [ENTER]. You must select a connection in the next field when you choose the Disconnect command.
Page 415 Prestige 661H/HW Series User’s Guide Chapter 43 SA Monitor...
Page 416: Chapter 44 Troubleshooting
Prestige 661H/HW Series User’s Guide H A P T E R Troubleshooting This chapter covers potential problems and the corresponding remedies. 44.1 Problems Starting Up the Prestige Table 143 Troubleshooting Starting Up Your Prestige PROBLEM CORRECTIVE ACTION None of the Make sure that the Prestige’s power adaptor is connected to the Prestige and plugged LEDs turn on in to an appropriate power source.
Page 417: Problems With The Wan
Prestige 661H/HW Series User’s Guide 44.3 Problems with the WAN Table 145 Troubleshooting the WAN PROBLEM CORRECTIVE ACTION The DSL LED is Check the telephone wire and connections between the Prestige DSL port and the off. wall jack. Make sure that the telephone company has checked your phone line and set it up for DSL service.
Page 418: Problems Accessing The Prestige
Prestige 661H/HW Series User’s Guide 44.4 Problems Accessing the Prestige Table 146 Troubleshooting Accessing the Prestige PROBLEM CORRECTIVE ACTION I cannot The username is “admin”. The default password is “1234”. The Password and access the Username fields are case-sensitive. Make sure that you enter the correct password Prestige.
Page 419: Figure 266 Pop-Up Blocker
Prestige 661H/HW Series User’s Guide Figure 266 Pop-up Blocker You can also check if pop-up blocking is disabled in the Pop-up Blocker section in the Privacy tab. 1 In Internet Explorer, select Tools, Internet Options, Privacy. 2 Clear the Block pop-ups check box in the Pop-up Blocker section of the screen. This disables any web pop-up blockers you may have enabled.
Page 420: Figure 268 Internet Options
Prestige 661H/HW Series User’s Guide Figure 268 Internet Options 3 Type the IP address of your device (the web page that you do not want to have blocked) with the prefix “http://”. For example, http://192.168.1.1. 4 Click Add to move the IP address to the list of Allowed sites. Chapter 44 Troubleshooting...
Page 421: Javascripts
Prestige 661H/HW Series User’s Guide Figure 269 Pop-up Blocker Settings 5 Click Close to return to the Privacy screen. 6 Click Apply to save this setting. 44.4.1.2 JavaScripts If pages of the web configurator do not display properly in Internet Explorer, check that JavaScripts are allowed.
Page 422: Figure 270 Internet Options
Prestige 661H/HW Series User’s Guide Figure 270 Internet Options 2 Click the Custom Level... button. 3 Scroll down to Scripting. 4 Under Active scripting make sure that Enable is selected (the default). 5 Under Scripting of Java applets make sure that Enable is selected (the default). 6 Click OK to close the window.
Page 423: Java Permissions
Prestige 661H/HW Series User’s Guide Figure 271 Security Settings - Java Scripting 44.4.1.3 Java Permissions 1 From Internet Explorer, click Tools, Internet Options and then the Security tab. 2 Click the Custom Level... button. 3 Scroll down to Microsoft VM. 4 Under Java permissions make sure that a safety level is selected.
Page 424: Figure 272 Security Settings - Java
Prestige 661H/HW Series User’s Guide Figure 272 Security Settings - Java 44.4.1.3.1 JAVA (Sun) 1 From Internet Explorer, click Tools, Internet Options and then the Advanced tab. 2 make sure that Use Java 2 for <applet> under Java (Sun) is selected. 3 Click OK to close the window.
Page 425: Activex Controls In Internet Explorer
Prestige 661H/HW Series User’s Guide Figure 273 Java (Sun) 44.4.2 ActiveX Controls in Internet Explorer If ActiveX is disabled, you will not be able to download ActiveX controls or to use Trend Micro Security Services. Make sure that ActiveX controls are allowed in Internet Explorer. Screen shots for Internet Explorer 6 are shown.
Page 426: Figure 274 Internet Options Security
Prestige 661H/HW Series User’s Guide Figure 274 Internet Options Security 3 Scroll down to ActiveX controls and plug-ins. 4 Under Download signed ActiveX controls select the Prompt radio button. 5 Under Run ActiveX controls and plug-ins make sure the Enable radio button is selected.
Page 427: Figure 275 Security Setting Activex Controls
Prestige 661H/HW Series User’s Guide Figure 275 Security Setting ActiveX Controls Chapter 44 Troubleshooting...
Page 428: Product Specifications
Prestige 661H/HW Series User’s Guide Appendix A Product Specifications See also the Introduction chapter for a general overview of the key features. Specification Tables Table 147 Device Default IP Address 192.168.1.1 Default Subnet Mask 255.255.255.0 (24 bits) Default Password 1234 DHCP Pool 192.168.1.32 to 192.168.1.64 Dimensions...
Page 429: Table 148 Firmware
Prestige 661H/HW Series User’s Guide Table 148 Firmware ADSL Standards Multi-Mode standard (ANSI T1.413,Issue 2; G.dmt(G.992.1); G.lite(G992.2)). ADSL2 G.dmt.bis (G.992.3) ADSL2 G.lite.bis (G.992.4) ADSL2+ (G.992.5) Reach-Extended ADSL (RE ADSL) SRA (Seamless Rate Adaptation) Auto-negotiating rate adaptation ADSL physical connection ATM AAL5 (ATM Adaptation Layer type 5) Multi-protocol over AAL5 (RFC2684/1483) PPP over ATM AAL5 (RFC 2364) PPP over Ethernet (RFC 2516)
Page 430 Prestige 661H/HW Series User’s Guide Table 148 Firmware (continued) Wireless (P-661HW IEEE 802.11g Compliance only) Wireless g+ technology Frequency Range: 2.4 GHz Advanced Orthogonal Frequency Division Multiplexing (OFDM) Data Rates: 54Mbps and Auto Fallback Wired Equivalent Privacy (WEP) Data Encryption 64/128/256 bit. WLAN bridge to LAN Up to 32 MAC Address filters WPA, WPA-PSK...
Page 431 Prestige 661H/HW Series User’s Guide Appendix A...
Page 432: Setting Up Your Computer's Ip Address
Prestige 661H/HW Series User’s Guide Appendix B Setting up Your Computer’s IP Address All computers must have a 10M or 100M Ethernet adapter card and TCP/IP installed. Windows 95/98/Me/NT/2000/XP, Macintosh OS 7 and later operating systems and all versions of UNIX/LINUX include the software components you need to install and use TCP/ IP on your computer.
Page 433: Installing Components
Prestige 661H/HW Series User’s Guide Figure 276 WIndows 95/98/Me: Network: Configuration Installing Components The Network window Configuration tab displays a list of installed components. You need a network adapter, the TCP/IP protocol and Client for Microsoft Networks. If you need the adapter: 1 In the Network window, click Add.
Page 434: Configuring
Prestige 661H/HW Series User’s Guide 3 Select Microsoft from the list of manufacturers. 4 Select Client for Microsoft Networks from the list of network clients and then click 5 Restart your computer so the changes you made take effect. Configuring 1 In the Network window Configuration tab, select your network adapter's TCP/IP entry and click Properties 2 Click the IP Address tab.
Page 435: Verifying Settings
Prestige 661H/HW Series User’s Guide Figure 278 Windows 95/98/Me: TCP/IP Properties: DNS Configuration 4 Click the Gateway tab. • If you do not know your gateway’s IP address, remove previously installed gateways. • If you have a gateway IP address, type it in the New gateway field and click Add.
Page 436: Figure 279 Windows Xp: Start Menu
Prestige 661H/HW Series User’s Guide Figure 279 Windows XP: Start Menu 2 In the Control Panel, double-click Network Connections (Network and Dial-up Connections in Windows 2000/NT). Figure 280 Windows XP: Control Panel 3 Right-click Local Area Connection and then click Properties. Appendix B Setting up Your Computer’s IP Address...
Page 437: Figure 281 Windows Xp: Control Panel: Network Connections: Properties
Prestige 661H/HW Series User’s Guide Figure 281 Windows XP: Control Panel: Network Connections: Properties 4 Select Internet Protocol (TCP/IP) (under the General tab in Win XP) and then click Properties. Figure 282 Windows XP: Local Area Connection Properties 5 The Internet Protocol TCP/IP Properties window opens (the General tab in Windows XP).
Page 438: Figure 283 Windows Xp: Internet Protocol (Tcp/Ip) Properties
Prestige 661H/HW Series User’s Guide • If you have a static IP address click Use the following IP Address and fill in the IP address, Subnet mask, and Default gateway fields. • Click Advanced. Figure 283 Windows XP: Internet Protocol (TCP/IP) Properties 6 If you do not know your gateway's IP address, remove any previously installed gateways in the IP Settings tab and click OK.
Page 439: Figure 284 Windows Xp: Advanced Tcp/Ip Properties
Prestige 661H/HW Series User’s Guide Figure 284 Windows XP: Advanced TCP/IP Properties 7 In the Internet Protocol TCP/IP Properties window (the General tab in Windows XP): • Click Obtain DNS server address automatically if you do not know your DNS server IP address(es). •...
Page 440: Verifying Settings
Prestige 661H/HW Series User’s Guide Figure 285 Windows XP: Internet Protocol (TCP/IP) Properties 8 Click OK to close the Internet Protocol (TCP/IP) Properties window. 9 Click Close (OK in Windows 2000/NT) to close the Local Area Connection Properties window. 10 Close the Network Connections window (Network and Dial-up Connections in Windows 2000/NT).
Page 441: Figure 286 Macintosh Os 8/9: Apple Menu
Prestige 661H/HW Series User’s Guide Figure 286 Macintosh OS 8/9: Apple Menu 2 Select Ethernet built-in from the Connect via list. Figure 287 Macintosh OS 8/9: TCP/IP 3 For dynamically assigned settings, select Using DHCP Server from the Configure: list. Appendix B Setting up Your Computer’s IP Address...
Page 442: Verifying Settings
Prestige 661H/HW Series User’s Guide 4 For statically assigned settings, do the following: • From the Configure box, select Manually. • Type your IP address in the IP Address box. • Type your subnet mask in the Subnet mask box. •...
Page 443: Verifying Settings
Prestige 661H/HW Series User’s Guide Figure 289 Macintosh OS X: Network 4 For statically assigned settings, do the following: • From the Configure box, select Manually. • Type your IP address in the IP Address box. • Type your subnet mask in the Subnet mask box. •...
Page 444: Ip Subnetting
Prestige 661H/HW Series User’s Guide Appendix C IP Subnetting IP Addressing Routers “route” based on the network number. The router that delivers the data packet to the correct destination host uses the host ID. IP Classes An IP address is made up of four octets (eight bits), written in dotted decimal notation, for example, 192.168.1.1.
Page 445: Subnet Masks
Prestige 661H/HW Series User’s Guide Since the first octet of a class “A” IP address must contain a “0”, the first octet of a class “A” address can have a value of 0 to 127. Similarly the first octet of a class “B” must begin with “10”, therefore the first octet of a class “B”...
Page 446: Example: Two Subnets
Prestige 661H/HW Series User’s Guide Since the mask is always a continuous number of ones beginning from the left, followed by a continuous number of zeros for the remainder of the 32 bit mask, you can simply specify the number of ones instead of writing the value of each octet. This is usually specified by writing a “/”...
Page 447: Table 154 Subnet 1
Prestige 661H/HW Series User’s Guide Note: In the following charts, shaded/bolded last octet bit values indicate host ID bits “borrowed” to form network ID bits. The number of “borrowed” host ID bits determines the number of subnets you can have. The remaining number of host ID bits (after “borrowing”) determines the number of hosts you can have on each subnet.
Page 448: Example: Four Subnets
Prestige 661H/HW Series User’s Guide Example: Four Subnets The above example illustrated using a 25-bit subnet mask to divide a class “C” address space into two subnets. Similarly to divide a class “C” address into four subnets, you need to “borrow”...
Page 449: Example Eight Subnets
Prestige 661H/HW Series User’s Guide Table 159 Subnet 4 IP/SUBNET MASK NETWORK NUMBER LAST OCTET BIT VALUE IP Address 192.168.1. IP Address (Binary) 11000000.10101000.00000001. 11000000 Subnet Mask (Binary) 11111111.11111111.11111111. 11000000 Subnet Address: Lowest Host ID: 192.168.1.193 192.168.1.192 Broadcast Address: Highest Host ID: 192.168.1.254 192.168.1.255 Example Eight Subnets Similarly use a 27-bit mask to create 8 subnets (001, 010, 011, 100, 101, 110).
Page 450: Subnetting With Class A And Class B Networks
Prestige 661H/HW Series User’s Guide Subnetting With Class A and Class B Networks. For class “A” and class “B” addresses the subnet mask also determines which bits are part of the network number and which are part of the host ID. A class “B”...
Page 451 Prestige 661H/HW Series User’s Guide Appendix C IP Subnetting...
Page 452: Appendix D Boot Commands
Prestige 661H/HW Series User’s Guide Appendix D Boot Commands The BootModule AT commands execute from within the router’s bootup software, when debug mode is selected before the main router firmware is started. When you start up your Prestige, you are given a choice to go into debug mode by pressing a key at the prompt shown in the following screen.
Page 453: Figure 291 Boot Module Commands
Prestige 661H/HW Series User’s Guide Figure 291 Boot Module Commands just answer OK ATHE print help ATBAx change baudrate. 1:38.4k, 2:19.2k, 3:9.6k 4:57.6k 5:115.2k ATENx,(y) set BootExtension Debug Flag (y=password) ATSE show the seed of password generator ATTI(h,m,s) change system time to hour:min:sec or show current time ATDA(y,m,d) change system date to year/month/day or show...
Page 454: Appendix E Command Interpreter
Prestige 661H/HW Series User’s Guide Appendix E Command Interpreter The following describes how to use the command interpreter. Enter 24 in the main menu to bring up the system maintenance menu. Enter 8 to go to Menu 24.8 - Command Interpreter Mode.
Page 455 Prestige 661H/HW Series User’s Guide Appendix E Command Interpreter...
Page 456: Appendix F Firewall Commands
Prestige 661H/HW Series User’s Guide Appendix F Firewall Commands The following describes the firewall commands. Table 163 Firewall Commands FUNCTION COMMAND DESCRIPTION Firewall SetUp This command turns the firewall on or off. config edit firewall active <yes | no> This command returns the previously saved config retrieve firewall firewall settings.
Page 457 Prestige 661H/HW Series User’s Guide Table 163 Firewall Commands (continued) FUNCTION COMMAND DESCRIPTION This command sets the source e-mail address config edit firewall e-mail of the firewall e-mails. return-addr <e-mail address> This command sets the e-mail address to config edit firewall e-mail which the firewall e-mails are sent.
Page 458 Prestige 661H/HW Series User’s Guide Table 163 Firewall Commands (continued) FUNCTION COMMAND DESCRIPTION This command sets the threshold of half-open config edit firewall attack sessions where the Prestige stops deleting minute-low <0-255> half-opened sessions. This command sets the threshold of half-open config edit firewall attack sessions where the Prestige starts deleting old max-incomplete-high <0-255>...
Page 459 Prestige 661H/HW Series User’s Guide Table 163 Firewall Commands (continued) FUNCTION COMMAND DESCRIPTION This command sets whether or not the Config edit firewall set <set Prestige creates logs for packets that match #> log <yes | no> the firewall’s default rule set. Rules This command sets whether packets that Config edit firewall set <set...
Page 460 Prestige 661H/HW Series User’s Guide Table 163 Firewall Commands (continued) FUNCTION COMMAND DESCRIPTION This command sets a rule to have the Prestige config edit firewall set <set check for traffic going to this range of #> rule <rule #> destaddr- addresses.
Page 461 Prestige 661H/HW Series User’s Guide Appendix F Firewall Commands...
Page 462: Netbios Filter Commands
Prestige 661H/HW Series User’s Guide Appendix G NetBIOS Filter Commands The following describes the NetBIOS packet filter commands. Introduction NetBIOS (Network Basic Input/Output System) are TCP or UDP broadcast packets that enable a computer to connect to and communicate with a LAN. For some dial-up services such as PPPoE or PPTP, NetBIOS packets cause unwanted calls.
Page 463: Netbios Filter Configuration
Prestige 661H/HW Series User’s Guide The filter types and their default settings are as follows. Table 164 NetBIOS Filter Default Settings NAME DESCRIPTION EXAMPLE Between LAN This field displays whether NetBIOS packets are blocked or forwarded Block and WAN between the LAN and the WAN. Between LAN This field displays whether NetBIOS packets are blocked or forwarded Block...
Page 464 Prestige 661H/HW Series User’s Guide Appendix G NetBIOS Filter Commands...
Page 465 Prestige 661H/HW Series User’s Guide Appendix G NetBIOS Filter Commands...
Page 466: Appendix Hvpn Setup
Prestige 661H/HW Series User’s Guide Appendix H VPN Setup This appendix will help you to quickly create a IPSec/VPN connection between two ZyXEL IPSec routers. It should be considered a quick reference for experienced users. General Notes • The private networks behind the IPSec routers must be on different subnets. For example, 192.168.10.0/24 and 192.168.20.0/24.
Page 467: Vpn Configuration Via Web Configurator
Prestige 661H/HW Series User’s Guide The following pages show a typical configuration that builds a tunnel between two private networks. One network is the headquarters (HQ) and the other is a branch office. Both sites have static (fixed) public addresses. Replace the Secure Gateway Address and Local/ Remote IP Address Start settings with your own values.
Page 468: Figure 293 Headquarters Vpn Rule Edit
Prestige 661H/HW Series User’s Guide Figure 293 Headquarters VPN Rule Edit IP addresses on different subnets. The IP address of the branch office IPSec router. Appendix H VPN Setup...
Page 469: Dialing The Vpn Tunnel Via Web Configurator
Prestige 661H/HW Series User’s Guide Figure 294 Branch Office VPN Rule Edit IP addresses on different subnets. The IP address of the headquarters IPSec router. Dialing the VPN Tunnel via Web Configurator Appendix H VPN Setup...
Page 470: Figure 295 Vpn Rule Configured
Prestige 661H/HW Series User’s Guide To test whether the IPSec routers can build the VPN tunnel, click the dial icon in the VPN Rules screen’s Modify column to have the IPSec routers set up the tunnel. Figure 295 VPN Rule Configured Dial Icon The following screen displays.
Page 471: Vpn Configuration Via Smt
Prestige 661H/HW Series User’s Guide Figure 297 VPN Tunnel Established VPN Configuration via SMT This section gives a VPN rule configuration example using the SMT. 1 From the main menu, enter 27 to display the first VPN menu (shown next). Figure 298 Menu 27: VPN/IPSec Setup Menu 27 - VPN/IPSec Setup 1.
Page 472: Figure 299 Menu 27.1: Ipsec Summary
Prestige 661H/HW Series User’s Guide Figure 299 Menu 27.1: IPSec Summary Menu 27.1 - IPSec Summary Name A Local Addr Start - Addr End / Mask Encap IPSec Algorithm Key Mgt Remote Addr Start - Addr End / Mask Secure Gw Addr --- ---------- - ----------------- ----------------- ------ -------------- Select Command=...
Page 473: Figure 301 Branch Office Menu 27.1.1: Ipsec Setup
Prestige 661H/HW Series User’s Guide Note: Press [ENTER] at the bottom of each screen to save your configuration. You can press the ‘Up’ arrow at the top of a menu to quickly reach the bottom of the menu. Figure 301 Branch Office Menu 27.1.1: IPSec Setup Menu 27.1.1 - IPSec Setup Index #= 1 Name= HQ...
Page 474: Dialing The Vpn Tunnel Via Smt
‘ipsec dial n’ (where “n” is the number of the VPN rule) command from the Command Interpreter - Menu 24.8 to have the IPSec device set up the tunnel. Here is an example. Copyright (c) 1994 - 2004 ZyXEL Communications Corp. ras> ipsec dial 1 Tunnel built successfully!
Page 475: Vpn Log
Prestige 661H/HW Series User’s Guide VPN Log The system log can often help to identify a configuration problem. Enable IKE & IPSec logging via the web configurator at both ends, clear the log and then build the tunnel. View the log via the web configurator or type ‘sys log disp’ from SMT Menu 24.8. Figure 303 VPN Log Example zw5>...
Page 476: Ipsec Debug
<0:None | 1:User | 2:Low | 3:High> ras> ipsec debug type 1 on ras> ipsec debug type 2 on ras> ipsec debug level 3 Copyright (c) 1994 - 2004 ZyXEL Communications Corp. ras> ipsec dial 1 Start dialing for tunnel <rule# 1>... ikeStartNegotiate(): saIndex<0>...
Page 477: Ftp Example
Prestige 661H/HW Series User’s Guide FTP Example The following example shows a text-based login from a branch office computer to an FTP server behind the remote IPSec router at headquarters. The server’s IP address (192.168.10.33) is in the subnet configured in the Local Policy fields in Figure 293 on page 468.
Page 478 Prestige 661H/HW Series User’s Guide ftp: 5631148 bytes sent in 614.8Seconds 9.17Kbytes/sec. Appendix H VPN Setup...
Page 479 Prestige 661H/HW Series User’s Guide Appendix H VPN Setup...
Page 480: Splitters And Microfilters
Prestige 661H/HW Series User’s Guide Appendix I Splitters and Microfilters This appendix tells you how to install a POTS splitter or a telephone microfilter. Connecting a POTS Splitter When you use the Full Rate (G.dmt) ADSL standard, you can use a POTS (Plain Old Telephone Service) splitter to separate the telephone and ADSL signals.
Page 481: Prestige With Isdn
Prestige 661H/HW Series User’s Guide 1 Connect a phone cable from the wall jack to the single jack end of the Y- Connector. 2 Connect a cable from the double jack end of the Y-Connector to the “wall side” of the microfilter.
Page 482 Prestige 661H/HW Series User’s Guide Appendix I Splitters and Microfilters...
Page 483 Prestige 661H/HW Series User’s Guide Appendix I Splitters and Microfilters...
Page 484: Appendix Jpppoe
Prestige 661H/HW Series User’s Guide Appendix J PPPoE PPPoE in Action An ADSL modem bridges a PPP session over Ethernet (PPP over Ethernet, RFC 2516) from your computer to an ATM PVC (Permanent Virtual Circuit) which connects to a DSL Access Concentrator where the PPP session terminates (see Figure 308 on page 485).
Page 485: How Pppoe Works
Prestige 661H/HW Series User’s Guide Figure 308 Single-Computer per Router Hardware Configuration How PPPoE Works The PPPoE driver makes the Ethernet appear as a serial link to the computer and the computer runs PPP over it, while the modem bridges the Ethernet frames to the Access Concentrator (AC).
Page 486: Appendix K Log Descriptions
Prestige 661H/HW Series User’s Guide Appendix K Log Descriptions This appendix provides descriptions of example log messages. Table 165 System Maintenance Logs LOG MESSAGE DESCRIPTION The router has adjusted its time based on information from the Time calibration is time server. successful The router failed to get information from the time server.
Page 487: Table 166 System Error Logs
Prestige 661H/HW Series User’s Guide Table 165 System Maintenance Logs (continued) LOG MESSAGE DESCRIPTION The router is saving configuration changes. Configuration Change: PC = 0x%x, Task ID = 0x%x Someone has logged on to the router’s SSH server. Successful SSH login Someone has failed to log on to the router’s SSH server.
Page 488: Table 168 Tcp Reset Logs
Prestige 661H/HW Series User’s Guide Table 168 TCP Reset Logs LOG MESSAGE DESCRIPTION The router sent a TCP reset packet when a host was under a SYN Under SYN flood attack, flood attack (the TCP incomplete count is per destination host.) sent TCP RST The router sent a TCP reset packet when the number of TCP Exceed TCP MAX...
Page 489: Table 170 Icmp Logs
Prestige 661H/HW Series User’s Guide Table 170 ICMP Logs LOG MESSAGE DESCRIPTION ICMP access matched the default policy and was blocked Firewall default policy: ICMP or forwarded according to the user's setting. For type and <Packet Direction>, <type:%d>, code details, see Table 182 on page 498.
Page 490: Table 173 Upnp Logs
Prestige 661H/HW Series User’s Guide Table 172 PPP Logs (continued) LOG MESSAGE DESCRIPTION The PPP connection’s Link Control Protocol stage is closing. ppp:LCP Closing The PPP connection’s Internet Protocol Control Protocol stage is closing. ppp:IPCP Closing Table 173 UPnP Logs LOG MESSAGE DESCRIPTION UPnP packets can pass through the firewall.
Page 491: Table 175 Attack Logs
Prestige 661H/HW Series User’s Guide Table 174 Content Filtering Logs (continued) LOG MESSAGE DESCRIPTION The connection to the external content filtering server failed. Connecting to content filter server fail License key is invalid The external content filtering license key is invalid. Table 175 Attack Logs LOG MESSAGE DESCRIPTION...
Page 492: Table 176 Ipsec Logs
Prestige 661H/HW Series User’s Guide Table 176 IPSec Logs LOG MESSAGE DESCRIPTION The router received and discarded a packet with an incorrect Discard REPLAY packet sequence number. The router received a packet that has been altered. A third party may Inbound packet have altered or tampered with the packet.
Page 493 Prestige 661H/HW Series User’s Guide Table 177 IKE Logs (continued) LOG MESSAGE DESCRIPTION The router couldn’t resolve the IP address from the domain Cannot resolve Secure Gateway name that was used for the secure gateway address. Addr for rule <%d> The displayed ID information did not match between the two Peer ID: <peer id>...
Page 494 Prestige 661H/HW Series User’s Guide Table 177 IKE Logs (continued) LOG MESSAGE DESCRIPTION The router was not able to use extended authentication to XAUTH fail! Username: authenticate the listed username. <Username> The listed rule’s IKE phase 1 negotiation mode did not match Rule[%d] Phase 1 negotiation between the router and the peer.
Page 495: Table 178 Pki Logs
Prestige 661H/HW Series User’s Guide Table 177 IKE Logs (continued) LOG MESSAGE DESCRIPTION The listed rule’s IKE phase 2 did not match between the router Rule [%d] phase 2 mismatch and the peer. The listed rule’s IKE phase 2 key lengths (with the AES Rule [%d] Phase 2 key length encryption algorithm) did not match between the router and mismatch...
Page 496: Table 179 Certificate Path Verification Failure Reason Codes
Prestige 661H/HW Series User’s Guide Table 178 PKI Logs (continued) LOG MESSAGE DESCRIPTION The router received directory data that was too large (the size is listed) Rcvd data <size> too from the LDAP server whose address and port are recorded in the large! Max size Source field.
Page 497: Table 180 802.1X Logs
Prestige 661H/HW Series User’s Guide Table 179 Certificate Path Verification Failure Reason Codes (continued) CODE DESCRIPTION Database method failed. Path was not verified. Maximum path length reached. Table 180 802.1X Logs LOG MESSAGE DESCRIPTION A user was authenticated by the local user database. Local User Database accepts user.
Page 498: Table 181 Acl Setting Notes
Prestige 661H/HW Series User’s Guide Table 181 ACL Setting Notes PACKET DIRECTION DIRECTION DESCRIPTION (L to W) LAN to WAN ACL set for packets traveling from the LAN to the WAN. (W to L) WAN to LAN ACL set for packets traveling from the WAN to the LAN. (D to L) DMZ to LAN ACL set for packets traveling from the DMZ to the LAN.
Page 499: Table 183 Syslog Logs
Prestige 661H/HW Series User’s Guide Table 182 ICMP Notes (continued) TYPE CODE DESCRIPTION Time Exceeded Time to live exceeded in transit Fragment reassembly time exceeded Parameter Problem Pointer indicates the error Timestamp Timestamp request message Timestamp Reply Timestamp reply message Information Request Information request message Information Reply...
Page 500: Log Commands
1 Use the sys logs load command to load the log setting buffer that allows you to configure which logs the Prestige is to record. 2 Use sys logs category to view a list of the log categories. Figure 310 Displaying Log Categories Example Copyright (c) 1994 - 2004 ZyXEL Communications Corp. ras>? Valid commands are: exit...
Page 501: Displaying Logs
Prestige 661H/HW Series User’s Guide Use 0 to not record logs for that category, 1 to record only logs for that category, 2 to record only alerts for that category, and 3 to record both logs and alerts for that category. Not every parameter is available with every category.
Page 502: Appendix L Wireless Lans
Prestige 661H/HW Series User’s Guide Appendix L Wireless LANs Wireless LAN Topologies This section discusses ad-hoc and infrastructure wireless LAN topologies. Ad-hoc Wireless LAN Configuration The simplest WLAN configuration is an independent (Ad-hoc) WLAN that connects a set of computers with wireless stations (A, B, C). Any time two or more wireless adapters are within range of each other, they can set up an independent network, which is commonly referred to as an Ad-hoc network or Independent Basic Service Set (IBSS).
Page 503: Ess
Prestige 661H/HW Series User’s Guide Figure 313 Basic Service Set An Extended Service Set (ESS) consists of a series of overlapping BSSs, each containing an access point, with each access point connected together by a wired network. This wired connection between APs is called a Distribution System (DS). This type of wireless LAN topology is called an Infrastructure WLAN.
Page 504: Channel
Prestige 661H/HW Series User’s Guide Figure 314 Infrastructure WLAN Channel A channel is the radio frequency(ies) used by IEEE 802.11a/b/g wireless devices. Channels available depend on your geographical area. You may have a choice of channels (for your region) so you should use a different channel than an adjacent AP (access point) to reduce interference.
Page 505: Fragmentation Threshold
Prestige 661H/HW Series User’s Guide Figure 315 RTS/CTS When station A sends data to the AP, it might not know that the station B is already using the channel. If these two stations send data at the same time, collisions may occur when both sets of data arrive at the AP at the same time, resulting in a loss of messages for both stations.
Page 506: Preamble Type
Prestige 661H/HW Series User’s Guide A large Fragmentation Threshold is recommended for networks not prone to interference while you should set a smaller threshold for busy networks or networks that are prone to interference. If the Fragmentation Threshold value is smaller than the RTS/CTS value (see previously) you set then the RTS (Request To Send)/CTS (Clear to Send) handshake will never occur as data frames will be fragmented before they reach RTS/CTS size.
Page 507: Ieee 802.1X
Prestige 661H/HW Series User’s Guide IEEE 802.1x In June 2001, the IEEE 802.1x standard was designed to extend the features of IEEE 802.11 to support extended authentication as well as providing additional accounting and control features. It is supported by Windows XP and a number of network devices. Some advantages of IEEE 802.1x are: •...
Page 508: Types Of Authentication
Prestige 661H/HW Series User’s Guide • Access-Challenge Sent by a RADIUS server requesting more information in order to allow access. The access point sends a proper response from the user and then sends another Access- Request message. The following types of RADIUS messages are exchanged between the access point and the RADIUS server for user accounting: •...
Page 509: Eap-Tls (Transport Layer Security)
Prestige 661H/HW Series User’s Guide EAP-TLS (Transport Layer Security) With EAP-TLS, digital certifications are needed by both the server and the wireless stations for mutual authentication. The server presents a certificate to the client. After validating the identity of the server, the client sends a different certificate to the server. The exchange of certificates is done in the open before a secured tunnel is created.
Page 510: Wpa
Prestige 661H/HW Series User’s Guide For added security, certificate-based authentications (EAP-TLS, EAP-TTLS and PEAP) use dynamic keys for data encryption. They are often deployed in corporate environments, but for public deployment, a simple user name and password pair is more practical. The following table is a comparison of the features of authentication types.
Page 511: Security Parameters Summary
Prestige 661H/HW Series User’s Guide The Message Integrity Check (MIC) is designed to prevent an attacker from capturing data packets, altering them and resending them. The MIC provides a strong mathematical function in which the receiver and the transmitter each compute and then compare the MIC. If they do not match, it is assumed that the data has been tampered with and the packet is dropped.
Page 512: Appendix M Internal Sptgen
Prestige 661H/HW Series User’s Guide P P E N D I X Internal SPTGEN Internal SPTGEN Overview Internal SPTGEN (System Parameter Table Generator) is a configuration text file useful for efficient configuration of multiple Prestiges. Internal SPTGEN lets you configure, save and upload multiple menus at the same time using just one configuration text file –...
Page 513: Internal Sptgen Ftp Download Example
Prestige 661H/HW Series User’s Guide Some parameters are dependent on others. For example, if you disable the Configured field in menu 1 (see Figure 316 on page 512), then you disable every field in this menu. If you enter a parameter that is invalid in the Input column, the Prestige will not save the configuration and the command line will display the Field Identification Number.
Page 514: Internal Sptgen Ftp Upload Example
Prestige 661H/HW Series User’s Guide Figure 319 Internal SPTGEN FTP Download Example c:\ftp 192.168.1.1 220 PPP FTP version 1.0 ready at Sat Jan 1 03:22:12 2000 User (192.168.1.1:(none)): 331 Enter PASS command Password: 230 Logged in ftp>bin 200 Type I OK ftp>...
Page 515: Table 189 Menu 1 General Setup (Smt Menu 1)
Prestige 661H/HW Series User’s Guide Table 188 Abbreviations Used in the Example Internal SPTGEN Screens Table (continued) ABBREVIATION MEANING Parameter Values Allowed INPUT An example of what you may enter Applies to the Prestige. The following are Internal SPTGEN screens associated with the SMT screens of your Prestige. Table 189 Menu 1 General Setup (SMT Menu 1) / Menu 1 General Setup (SMT Menu 1) INPUT...
Page 516 Prestige 661H/HW Series User’s Guide Table 190 Menu 3 (SMT Menu 3 (continued)) INPUT 30200001 = DHCP <0(None) | 1(Server) | 2(Relay)> 30200002 = Client IP Pool Starting Address 192.168.1.33 30200003 = Size of Client IP Pool = 32 30200004 = Primary DNS Server = 0.0.0.0 30200005 =...
Page 517 Prestige 661H/HW Series User’s Guide Table 190 Menu 3 (SMT Menu 3 (continued)) 30201008 = IP Alias #1 Incoming protocol filters = 256 Set 3 30201009 = IP Alias #1 Incoming protocol filters = 256 Set 4 30201010 = IP Alias #1 Outgoing protocol filters = 256 Set 1 30201011 =...
Page 518: Table 191 Menu 4 Internet Access Setup (Smt Menu 4)
Prestige 661H/HW Series User’s Guide Table 190 Menu 3 (SMT Menu 3 (continued)) 30500004 = RTS Threshold <0 ~ 2432> = 2432 30500005 = FRAG. Threshold <256 ~ 2432> = 2432 30500006 = <0(DISABLE) | 1(64-bit WEP) | 2(128-bit WEP)> 30500007 = Default Key <1|2|3|4>...
Page 519 Prestige 661H/HW Series User’s Guide Table 191 Menu 4 Internet Access Setup (SMT Menu 4) (continued) 40000002 = Active <0(No) | 1(Yes)> 40000003 = ISP's Name = ChangeMe 40000004 = Encapsulation <2(PPPOE) | 3(RFC 1483)| 4(PPPoA )| 5(ENET ENCAP)> 40000005 = Multiplexing <1(LLC-based) | 2(VC-based)
Page 520: Table 192 Menu 12 (Smt Menu 12)
Prestige 661H/HW Series User’s Guide Table 191 Menu 4 Internet Access Setup (SMT Menu 4) (continued) 40000032= RIP Version <0(Rip-1) | 1(Rip-2B) |2(Rip-2M)> 40000033= Nailed-up Connection <0(No) |1(Yes)> Table 192 Menu 12 (SMT Menu 12) / Menu 12.1.1 IP Static Route Setup (SMT Menu 12.1.1) INPUT 120101001 = IP Static Route set #1, Name...
Page 521 Prestige 661H/HW Series User’s Guide Table 192 Menu 12 (SMT Menu 12) (continued) / Menu 12.1.4 IP Static Route Setup (SMT Menu 12.1.4) INPUT 120104001 = IP Static Route set #4, Name <Str> 120104002 = IP Static Route set #4, Active <0(No) |1(Yes)>...
Page 522 Prestige 661H/HW Series User’s Guide Table 192 Menu 12 (SMT Menu 12) (continued) 120107006 = IP Static Route set #7, Metric 120107007 = IP Static Route set #7, Private <0(No) |1(Yes)> / Menu 12.1.8 IP Static Route Setup (SMT Menu 12.1.8) INPUT 120108001 = IP Static Route set #8, Name...
Page 523 Prestige 661H/HW Series User’s Guide Table 192 Menu 12 (SMT Menu 12) (continued) 120111004 = IP Static Route set #11, Destination IP subnetmask 120111005 = IP Static Route set #11, Gateway = 0.0.0.0 120111006 = IP Static Route set #11, Metric 120111007 = IP Static Route set #11, Private <0(No) |1(Yes)>...
Page 524: Table 193 Menu 15 Sua Server Setup (Smt Menu 15)
Prestige 661H/HW Series User’s Guide Table 192 Menu 12 (SMT Menu 12) (continued) 120115002 = IP Static Route set #15, Active <0(No) |1(Yes)> 120115003 = IP Static Route set #15, Destination = 0.0.0.0 IP address 120115004 = IP Static Route set #15, Destination IP subnetmask 120115005 = IP Static Route set #15, Gateway...
Page 525 Prestige 661H/HW Series User’s Guide Table 193 Menu 15 SUA Server Setup (SMT Menu 15) (continued) 150000014 = SUA Server #4 Port Start 150000015 = SUA Server #4 Port End 150000016 = SUA Server #4 Local IP address = 0.0.0.0 150000017 = SUA Server #5 Active <0(No) | 1(Yes)>...
Page 526: Table 194 Menu 21.1 Filter Set #1 (Smt Menu 21.1)
Prestige 661H/HW Series User’s Guide Table 193 Menu 15 SUA Server Setup (SMT Menu 15) (continued) 150000048 = SUA Server #11 Protocol <0(All)|6(TCP)|17(U DP)> 150000049 = SUA Server #11 Port Start 150000050 = SUA Server #11 Port End 150000051 = SUA Server #11 Local IP address = 0.0.0.0 150000052 =...
Page 527 Prestige 661H/HW Series User’s Guide Table 194 Menu 21.1 Filter Set #1 (SMT Menu 21.1) (continued) / Menu 21.1.1.2 set #1, rule #2 (SMT Menu 21.1.1.2) INPUT 210102001 = IP Filter Set 1,Rule 2 Type <2(TCP/IP)> 210102002 = IP Filter Set 1,Rule 2 Active <0(No)|1(Yes)>...
Page 528 Prestige 661H/HW Series User’s Guide Table 194 Menu 21.1 Filter Set #1 (SMT Menu 21.1) (continued) 210103013 = IP Filter Set 1,Rule 3 Act Match <1(check next)|2(forward)| 3(drop) 210103014 = IP Filter Set 1,Rule 3 Act Not Match <1(check next)|2(forward)| 3(drop) / Menu 21.1.1.4 set #1, rule #4 (SMT Menu 21.1.1.4) INPUT...
Page 529: Table 195 Menu 21.1 Filer Set #2, (Smt Menu 21.1)
Prestige 661H/HW Series User’s Guide Table 194 Menu 21.1 Filter Set #1 (SMT Menu 21.1) (continued) 210105009 = IP Filter Set 1,Rule 5 Src Subnet Mask 210105010 = IP Filter Set 1,Rule 5 Src Port 210105011 = IP Filter Set 1,Rule 5 Src Port Comp <0(none)|1(equal) |2(not equal)|3(less)|4(...
Page 530 Prestige 661H/HW Series User’s Guide Table 195 Menu 21.1 Filer Set #2, (SMT Menu 21.1) (continued) / Menu 21.1.2.1 Filter set #2, rule #1 (SMT Menu 21.1.2.1) INPUT 210201001 = IP Filter Set 2, Rule 1 Type <0(none)|2(TCP/IP)> = 2 210201002 = IP Filter Set 2, Rule 1 Active <0(No)|1(Yes)>...
Page 531 Prestige 661H/HW Series User’s Guide Table 195 Menu 21.1 Filer Set #2, (SMT Menu 21.1) (continued) 210202009 = IP Filter Set 2, Rule 2 Src Subnet Mask 210202010 = IP Filter Set 2,Rule 2 Src Port 210202011 = IP Filter Set 2, Rule 2 Src Port <0(none)|1(equal)|2 Comp (not...
Page 532 Prestige 661H/HW Series User’s Guide Table 195 Menu 21.1 Filer Set #2, (SMT Menu 21.1) (continued) 210204002 = IP Filter Set 2, Rule 4 Active <0(No)|1(Yes )> = 1 210204003 = IP Filter Set 2, Rule 4 Protocol = 17 210204004 = IP Filter Set 2, Rule 4 Dest IP = 0.0.0.0...
Page 533 Prestige 661H/HW Series User’s Guide Table 195 Menu 21.1 Filer Set #2, (SMT Menu 21.1) (continued) 210205011 = IP Filter Set 2, Rule 5 Src Port <0(none)|1(equal)|2 Comp (not equal)|3(less)|4(gr eater)> 210205013 = IP Filter Set 2, Rule 5 Act Match <1(check next)|2(forward)|3( drop)>...
Page 534: Table 196 Menu 23 System Menus (Smt Menu 23)
Prestige 661H/HW Series User’s Guide Table 196 Menu 23 System Menus (SMT Menu 23) */ Menu 23.1 System Password Setup (SMT Menu 23.1) INPUT 230000000 = System Password = 1234 */ Menu 23.2 System security: radius server (SMT Menu 23.2) INPUT 230200001 = Authentication Server Configured...
Page 535: Command Examples
Prestige 661H/HW Series User’s Guide Table 196 Menu 23 System Menus (SMT Menu 23) (continued) 230400008 = WPA Mixed Mode <0(Disable) |1(Enable)> 230400009 = Data Privacy for Broadcast/ <0(TKIP) |1(WEP)> Multicast packets 230400010 = WPA Broadcast/Multicast Key Update Timer Table 197 Menu 24.11 Remote Management Control (SMT Menu 24.11) / Menu 24.11 Remote Management Control (SMT Menu 24.11) INPUT 241100001 =...
Page 536 Prestige 661H/HW Series User’s Guide Table 198 Command Examples (continued) INPUT INPUT 990000001 = ADSL OPMD <0(etsi)|1(normal) |2(gdmt)|3(multimo de)> Appendix M Internal SPTGEN...
Page 537 Prestige 661H/HW Series User’s Guide Appendix M Internal SPTGEN...
Page 538: Index
Prestige 661H/HW Series User’s Guide Index Authority auto-negotiation Numerics Backup 110V AC Backup Typ 230V AC Bandwidth Borrowing bandwidth budget bandwidth capacity Bandwidth Class bandwidth class Abnormal Working Conditions Bandwidth Filter bandwidth filter Access methods Bandwidth Management Accessories Bandwidth Management Statistics Acts of God Bandwidth Manager Class Configuration Address Assignment...
Page 539 Prestige 661H/HW Series User’s Guide Precedence Example Customer Support CBR (Continuous Bit Rate) Customized Services Customized services CDR (Call Detail Record) Certificate Authority Certifications change password at login Changes or Modifications Damage Channel Interference Dampness Channel ID Danger CHAP Data Confidentiality Charge Data Filtering Circuit...
Page 540 Prestige 661H/HW Series User’s Guide DSL line, reinitialize Fairness-based Scheduler DSL, What Is It? Compliance DSLAM (Digital Subscriber Line Access Multiplexer) Rules, Part 15 Dust FCC Rules Dynamic DNS 45, 126, 273 Federal Communications Commission dynamic DNS 45, 273 Filename Conventions Dynamic Host Configuration Protocol filename conventions Dynamic Secure Gateway Address...
Page 541 Prestige 661H/HW Series User’s Guide Fitness IEEE 802.11g 46, 506 Fragment Threshold IEEE 802.11i Fragmentation Threshold IEEE802.1x Fragmentation threshold IGMP 75, 76 France, Contact Information IGMP support 118, 204, 383 IKE Phases Restrictions Independent Basic Service Set FTP File Transfer Indirect Damages FTP Restrictions 204, 367...
Page 542 Prestige 661H/HW Series User’s Guide IP Pool Setup Rule Summary IP Ports 405, 406 Local User Database IP Protocol Local user database IP protocol Log and Trace IP protocol type Log Facility IP Routing Policy (IPPR) Logging Option 336, 339 Benefits Logical networks Cost Savings...
Page 543 Prestige 661H/HW Series User’s Guide Packet filtering When to use Packet Filtering Firewalls Nailed-Up Connection Packet Triggered 74, 118, 119, 339 Packets Address mapping rule Pairwise Master Key (PMK) Application Applying NAT in the SMT Menus Configuring Parts Definitions Password 266, 270, 296, 345 Examples password...
Page 544 Prestige 661H/HW Series User’s Guide Priority-based Scheduler Related Documentation Private 299, 306 Relocate Product Model Re-manufactured Product Page Remote DHCP Server Product Serial Number Remote Management Firewall Products Remote Management and NAT Proof of Purchase Remote Management Limitations 204, 383 Proper Operating Condition Remote Management Setup Proportional Bandwidth Allocation...
Page 545 Prestige 661H/HW Series User’s Guide RTS Threshold 285, 504, 505 SNMP Community RTS(Request To Send) Configuration Rule Summary Rules GetNext Checklist Manager Key Fields MIBs LAN to WAN Logic Trap Predefined Services Trusted Host Summary Source Address 146, 152 Source-Based Routing Spain, Contact Information 193, 408, 409 Splitters...
Page 546 Prestige 661H/HW Series User’s Guide System Information & Diagnosis Transport Mode System Maintenance 354, 356, 365, 368, 373, 376, 377, Triple DES (3DES) Tunnel Mode System Management Terminal TV Technician System Parameter Table Generator Type of Service 386, 388, 389, 390 System password System Security System Status...
Page 547 ZyNOS 2, 365 Warranty Period ZyNOS (ZyXEL Network Operating System) Water ZyNOS F/W Version Water Pipes ZyXEL Communications Corporation Web Configurator 52, 54, 55, 131, 139, 146, 329 ZyXEL Home Page web configurator screen summary ZyXEL Limited Warranty Web Site...

This manual is also suitable for:

Prestige 661hw series

ZyXEL Communications Prestige 661H Series User Manual

Chapter 1 Getting to Know Your Prestige

Chapter 2 Introducing the Web Configurator

Chapter 3 Wizard Setup for Internet Access

Chapter 4 Wizard Setup for Media Bandwidth Management

Chapter 5 LAN Setup

Chapter 6 Wireless LAN (Prestige 661HW)

Chapter 7 WAN Setup

Chapter 8 Network Address Translation (NAT) Screens

Chapter 9 Dynamic DNS Setup

Chapter 10 Time and Date

Chapter 11 Firewalls

Chapter 12 Firewall Configuration

Chapter 13 Content Filtering

Quick Links

Troubleshooting

Related Manuals for ZyXEL Communications Prestige 661H Series

Summary of Contents for ZyXEL Communications Prestige 661H Series