Page 1 Prestige 2602H Series ADSL VoIP IAD Prestige 2602HW Series 802.11g Wireless ADSL VoIP IAD User’s Guide Version 3.40 5/2005...
Page 4: Federal Communications Commission (Fcc) Interference Statement
Prestige 2602H/HW Series User’s Guide Federal Communications Commission (FCC) Interference This device complies with Part 15 of FCC rules. Operation is subject to the following two conditions: • This device may not cause harmful interference. • This device must accept any interference received, including interference that may cause undesired operations.
Page 5 Prestige 2602H/HW Series User’s Guide 1 Select your product from the drop-down list box on the ZyXEL home page to go to that product's page. 2 Select the certification you wish to view from this page. Federal Communications Commission (FCC) Interference Statement...
Page 6: Safety Warnings
Prestige 2602H/HW Series User’s Guide For your safety, be sure to read and follow all warning notices and instructions. • To reduce the risk of fire, use only No. 26 AWG (American Wire Gauge) or larger telecommunication line cord. • Do NOT open the device or unit. Opening or removing covers can expose you to dangerous high voltage points or other risks.
Page 7: Zyxel Limited Warranty
Prestige 2602H/HW Series User’s Guide ZyXEL Limited Warranty ZyXEL warrants to the original end user (purchaser) that this product is free from any defects in materials or workmanship for a period of up to two years from the date of purchase. During the warranty period, and upon proof of purchase, should the product have indications of failure due to faulty workmanship and/or materials, ZyXEL will, at its discretion, repair or replace the defective products or components without charge for either parts or labor, and to whatever...
Page 8: Customer Support
+47 22 80 61 81 +34 902 195 420 www.zyxel.es +34 913 005 345 +46 31 744 7700 www.zyxel.se +46 31 744 7701 REGULAR MAIL ZyXEL Communications Corp. 6 Innovation Road II Science Park Hsinchu 300 Taiwan ZyXEL Communications Czech s.r.o. Modranská 621 143 01 Praha 4 - Modrany Ceská...
Page 9 Prestige 2602H/HW Series User’s Guide TELEPHONE WEB SITE FTP SITE +44 (0) 1344 303044 www.zyxel.co.uk 08707 555779 (UK only) +44 (0) 1344 303034 ftp.zyxel.co.uk REGULAR MAIL ZyXEL Communications UK Ltd.,11 The Courtyard, Eastern Road, Bracknell, Berkshire, RG12 2XB, United Kingdom (UK)
Page 10 Prestige 2602H/HW Series User’s Guide Customer Support...
Page 11: Table Of Contents
Copyright ... 3 Federal Communications Commission (FCC) Interference Statement ... 4 Safety Warnings ... 6 ZyXEL Limited Warranty... 7 Customer Support... 8 Table of Contents ... 11 List of Figures ... 29 List of Tables ... 37 Preface ... 43 Introduction to DSL...
Page 12 Prestige 2602H/HW Series User’s Guide Chapter 3 Wizard Setup ... 65 3.1 Wizard Setup Introduction ...65 3.1.1 Wizard Setup: First Screen ...65 3.1.2 Wizard Setup: Second Screen ...66 3.1.3 Wizard Setup: Third Screen ...70 3.1.4 Internet Access Wizard Setup: Fourth Screen ...72 3.1.5 Wizard Setup: Connection Test ...74 3.1.5.1 Test Your Internet Connection ...75 3.2 Media Bandwidth Management Wizard ...75...
Page 13 5.2.3 Restricted Access ...92 5.2.4 Hide Prestige Identity ...92 5.2.5 Configuring Wireless LAN on the Prestige ...92 5.3 Configuring the Wireless Screen ...93 5.3.1 WEP Encryption ...93 5.4 Configuring MAC Filters ...95 5.5 Introduction to WPA ...97 5.5.1 WPA-PSK Application Example ...97 5.5.2 WPA with RADIUS Application Example ...98 5.5.3 Wireless Client WPA Supplicants ...99 5.6 Configuring IEEE 802.1x and WPA ...99...
Page 14 Prestige 2602H/HW Series User’s Guide Chapter 7 Network Address Translation (NAT) Screens ... 121 7.1 NAT Overview ...121 7.1.1 NAT Definitions ...121 7.1.2 What NAT Does ...122 7.1.3 How NAT Works ...122 7.1.4 NAT Application ...123 7.1.5 NAT Mapping Types ...123 7.2 SUA (Single User Account) Versus NAT ...124 7.3 SUA Server ...125 7.3.1 Default Server IP Address ...125...
Page 15 9.2 SIP Settings Configuration ...139 9.3 Advanced Voice Settings Configuration ...140 9.4 Quality of Service (QoS) ...143 9.4.1 Type Of Service (ToS) ...143 9.4.2 DiffServ ...143 9.4.2.1 DSCP and Per-Hop Behavior ...143 9.4.3 VLAN ...143 9.5 QoS Configuration ...144 9.6 Phone ...145 9.6.1 Voice Activity Detection/Silence Suppression ...145 9.6.2 Comfort Noise Generation ...145 9.6.3 Echo Cancellation ...145...
Page 16 Prestige 2602H/HW Series User’s Guide Chapter 11 Dynamic DNS Setup... 161 11.1 Dynamic DNS ...161 11.1.1 DYNDNS Wildcard ...161 11.2 Configuring Dynamic DNS ...161 Chapter 12 Time and Date... 163 12.1 Pre-defined NTP Time Servers List ...163 12.2 Configuring Time and Date ...163 Chapter 13 Firewalls...
Page 17 14.2 Firewall Policies Overview ...181 14.3 Rule Logic Overview ...182 14.3.1 Rule Checklist ...182 14.3.2 Security Ramifications ...182 14.3.3 Key Fields For Configuring Rules ...183 14.3.3.1 Action ...183 14.3.3.2 Service ...183 14.3.3.3 Source Address ...183 14.3.3.4 Destination Address ...183 14.4 Connection Direction Example ...183 14.4.1 LAN to WAN Rules ...184 14.4.2 WAN to LAN Rules ...184 14.4.3 Alerts ...185...
Page 18 Prestige 2602H/HW Series User’s Guide 16.1.4 VPN Applications ...208 16.2 IPSec Architecture ...209 16.2.1 IPSec Algorithms ...209 16.2.2 Key Management ...209 16.3 Encapsulation ...209 16.3.1 Transport Mode ...210 16.3.2 Tunnel Mode ...210 16.4 IPSec and NAT ...210 Chapter 17 VPN Screens... 213 17.1 VPN/IPSec Overview ...213 17.2 IPSec Algorithms ...213 17.2.1 AH (Authentication Header) Protocol ...213...
Page 19 Chapter 18 Remote Management Configuration ... 241 18.1 Remote Management Overview ...241 18.1.1 Remote Management Limitations ...241 18.1.2 Remote Management and NAT ...242 18.1.3 System Timeout ...242 18.2 Telnet ...242 18.3 FTP ...242 18.4 Web ...243 18.5 Configuring Remote Management ...243 Chapter 19 Universal Plug-and-Play (UPnP) ...
Page 20 Prestige 2602H/HW Series User’s Guide 21.6 Maximize Bandwidth Usage ...268 21.6.1 Reserving Bandwidth for Non-Bandwidth Class Traffic ...268 21.6.2 Maximize Bandwidth Usage Example ...269 21.7 Bandwidth Borrowing ...270 21.7.1 Bandwidth Borrowing Example ...270 21.7.2 Maximize Bandwidth Usage With Bandwidth Borrowing ...271 21.8 Configuring Summary ...271 21.9 Configuring Class Setup ...273 21.9.1 Media Bandwidth Management Class Configuration ...274...
Page 21 Chapter 25 Menu 2 WAN Backup Setup ... 301 25.1 Introduction to WAN Backup Setup ...301 25.2 Configuring WAN Backup in Menu 2 ...301 25.2.1 Traffic Redirect Setup ...302 Chapter 26 Menu 3 LAN Setup ... 305 26.1 LAN Setup ...305 26.1.1 General Ethernet Setup ...305 26.2 Protocol Dependent Ethernet Setup ...305 26.3 TCP/IP Ethernet Setup and DHCP ...306...
Page 22 Prestige 2602H/HW Series User’s Guide 29.5.2 LLC-based Multiplexing or PPP Encapsulation ...327 29.5.3 Advance Setup Options ...327 Chapter 30 Static Route Setup ... 329 30.1 IP Static Route Overview ...329 30.2 Configuration ...329 Chapter 31 Bridging Setup ... 333 31.1 Bridging in General ...333 31.2 Bridge Ethernet Setup ...333 31.2.1 Remote Node Bridging Setup ...333 31.2.2 Bridge Static Route Setup ...335...
Page 23 34.3 Filter Rules Summary Menus ...358 34.4 Configuring a Filter Rule ...359 34.4.1 TCP/IP Filter Rule ...360 34.4.2 Generic Filter Rule ...362 34.5 Filter Types and NAT ...364 34.6 Example Filter ...364 34.7 Applying Filters and Factory Defaults ...366 34.7.1 Ethernet Traffic ...367 34.7.2 Remote Node Filters ...367 Chapter 35 SNMP Configuration ...
Page 24 Prestige 2602H/HW Series User’s Guide 38.2.3 Example of FTP Commands from the Command Line ...391 38.2.4 GUI-based FTP Clients ...392 38.2.5 TFTP and FTP over WAN Management Limitations ...392 38.2.6 Backup Configuration Using TFTP ...393 38.2.7 TFTP Command Example ...393 38.2.8 GUI-based TFTP Clients ...393 38.3 Restore Configuration ...394 38.3.1 Restore Using FTP ...394...
Page 25 Chapter 42 Call Scheduling ... 419 42.1 Introduction ...419 Chapter 43 VPN/IPSec Setup ... 423 43.1 VPN/IPSec Overview ...423 43.2 IPSec Summary Screen ...424 43.3 IPSec Setup ...426 43.4 IKE Setup ...430 43.5 Manual Setup ...432 43.5.1 Active Protocol ...432 43.5.2 Security Parameter Index (SPI) ...432 Chapter 44 SA Monitor ...
Page 26 Prestige 2602H/HW Series User’s Guide Macintosh OS 8/9... 465 Verifying Settings ... 466 Macintosh OS X ... 466 Verifying Settings ... 468 Appendix C IP Subnetting ... 469 IP Addressing... 469 IP Classes ... 469 Subnet Masks ... 470 Subnetting ... 470 Example: Two Subnets ...
Page 27 LEAP... 486 Dynamic WEP Key Exchange ... 486 WPA ... 487 User Authentication ... 487 Encryption ... 487 Security Parameters Summary ... 488 Appendix F Triangle Route ... 489 The Ideal Setup... 489 The “Triangle Route” Problem... 489 The “Triangle Route” Solutions ... 490 IP Aliasing ...
Page 28 Prestige 2602H/HW Series User’s Guide Index... 537 Table of Contents...
Page 29: List Of Figures
Prestige 2602H/HW Series User’s Guide List of Figures Figure 1 Prestige Internet Access Application ... 54 Figure 2 Internet Telephony Service Provider Application ... 54 Figure 3 Peer-to-peer Calling ... 55 Figure 4 Firewall Application ... 55 Figure 5 Prestige LAN-to-LAN Application ... 56 Figure 6 P2602H-C Series Front Panel ...
Page 30 Prestige 2602H/HW Series User’s Guide Figure 38 Local User Database ... 105 Figure 39 RADIUS ... 106 Figure 40 Example of Traffic Shaping ... 113 Figure 41 WAN Setup (PPPoE) ... 114 Figure 42 Traffic Redirect Example ... 117 Figure 43 Traffic Redirect LAN Setup ... 117 Figure 44 WAN Backup ...
Page 31 Prestige 2602H/HW Series User’s Guide Figure 81 Firewall Example: Edit Rule: Select Customized Services ... 195 Figure 82 Firewall Example: Rule Summary: My Service ... 196 Figure 83 Firewall: Anti Probing ... 199 Figure 84 Firewall: Threshold ... 201 Figure 85 Content Filter: Keyword ... 204 Figure 86 Content Filter: Schedule ...
Page 32 Prestige 2602H/HW Series User’s Guide Figure 123 Application-based Bandwidth Management Example ... 266 Figure 124 Subnet-based Bandwidth Management Example ... 267 Figure 125 Application and Subnet-based Bandwidth Management Example ... 267 Figure 126 Bandwidth Allotment Example ... 269 Figure 127 Maximize Bandwidth Usage Example ... 270 Figure 128 Bandwidth Borrowing Example ...
Page 33 Prestige 2602H/HW Series User’s Guide Figure 166 Menu 11.6 for VC-based Multiplexing ... 327 Figure 167 Menu 11.6 for LLC-based Multiplexing or PPP Encapsulation ... 327 Figure 168 Menu 11.1 Remote Node Profile ... 328 Figure 169 Menu 11.8 Advance Setup Options ... 328 Figure 170 Sample Static Routing Topology ...
Page 34 Prestige 2602H/HW Series User’s Guide Figure 209 Protocol and Device Filter Sets ... 364 Figure 210 Sample Telnet Filter ... 365 Figure 211 Menu 21.1.6.1 Sample Filter ... 365 Figure 212 Menu 21.1.6.1 Sample Filter Rules Summary ... 366 Figure 213 Filtering Ethernet Traffic ... 367 Figure 214 Filtering Remote Node Traffic ...
Page 35 Prestige 2602H/HW Series User’s Guide Figure 252 Menu 11.3 Remote Node Network Layer Options ... 416 Figure 253 Example of IP Policy Routing ... 417 Figure 254 IP Routing Policy Example ... 417 Figure 255 IP Routing Policy Example ... 418 Figure 256 Applying IP Policies Example ...
Page 36 Prestige 2602H/HW Series User’s Guide Figure 295 RTS/CTS ... 482 Figure 296 Ideal Setup ... 489 Figure 297 “Triangle Route” Problem ... 490 Figure 298 IP Alias ... 490 Figure 299 Gateways on the WAN Side ... 491 Figure 300 Configuration Text File Format: Column Descriptions ... 493 Figure 301 Invalid Parameter Entered: Command Line Example ...
Page 37: List Of Tables
Prestige 2602H/HW Series User’s Guide List of Tables Table 1 Models Covered ... 47 Table 2 ADSL Standards ... 48 Table 3 IEEE 802.11g ... 52 Table 4 P2602H/HW-C Series Front Panel LEDs ... 56 Table 5 Web Configurator Screens Summary ... 62 Table 6 Wizard Setup: First Screen ...
Page 38 Prestige 2602H/HW Series User’s Guide Table 39 QoS ... 144 Table 40 Phone ... 146 Table 41 Speed Dial ... 148 Table 42 Lifeline ... 150 Table 43 European Flash Key Commands ... 151 Table 44 USA Flash Key Commands ... 153 Table 45 Voice Common ...
Page 39 Prestige 2602H/HW Series User’s Guide Table 82 View Logs ... 262 Table 83 SMTP Error Messages ... 263 Table 84 Application and Subnet-based Bandwidth Management Example ... 267 Table 85 Media Bandwidth Management: Summary ... 272 Table 86 Media Bandwidth Management: Class Setup ... 273 Table 87 Media Bandwidth Management: Class Configuration ...
Page 40 Prestige 2602H/HW Series User’s Guide Table 125 Menu 21.1.x.x TCP/IP Filter Rule ... 360 Table 126 Menu 21.1.5.1 Generic Filter Rule ... 363 Table 127 Filter Sets Table ... 366 Table 128 Menu 22 SNMP Configuration ... 371 Table 129 SNMP Traps ... 371 Table 130 Ports and Permanent Virtual Circuits ...
Page 41 Prestige 2602H/HW Series User’s Guide Table 168 Subnet 1 ... 473 Table 169 Subnet 2 ... 473 Table 170 Subnet 3 ... 473 Table 171 Subnet 4 ... 474 Table 172 Eight Subnets ... 474 Table 173 Class C Subnet Planning ... 474 Table 174 Class B Subnet Planning ...
Page 42 Prestige 2602H/HW Series User’s Guide List of Tables...
Page 43: Preface
Help us help you. E-mail all User Guide-related comments, questions or suggestions for improvement to techwriters@zyxel.com.tw or send regular mail to The Technical Writing Team, ZyXEL Communications Corp., 6 Innovation Road II, Science-Based Industrial Park, Hsinchu, 300, Taiwan. Thank you.
Page 44: Syntax Conventions
Prestige 2602H/HW Series User’s Guide Syntax Conventions • “Enter” means for you to type one or more characters. “Select” or “Choose” means for you to use one predefined choices. • The SMT menu titles and labels are in Bold Times New Roman font. Predefined field choices are in Bold Arial font.
Page 45: Introduction To Dsl
Graphics Icons Key Prestige Server Telephone Firewall DSL (Digital Subscriber Line) technology enhances the data capacity of the existing twisted- pair wire that runs between the local telephone company switching offices and most homes and offices. While the wire itself can handle higher frequencies, the telephone switching equipment is designed to cut off signals above 4,000 Hz to filter noise off the voice line, but now everybody is searching for ways to get more bandwidth to improve access to the Web - hence DSL technologies.
Page 46 Prestige 2602H/HW Series User’s Guide As data rates increase, the carrying distance decreases. That means that users who are beyond a certain distance from the telephone company’s central office may not be able to obtain the higher speeds. A DSL connection is a point-to-point dedicated circuit, meaning that the link is always up and there is no dialing required.
Page 47: Getting To Know Your Prestige
Getting To Know Your Prestige This chapter describes the key features and applications of your Introducing the Prestige The Prestige 2602H/HL/HW/HWL-C are ADSL VoIP IADs (Integrated Access Device) with a built-in switch. They combine high-speed Internet access and Voice over IP (VoIP) communication capabilities.
Page 48: Features Of The Prestige
Prestige 2602H/HW Series User’s Guide The built-in Ethernet switch consists of four auto-negotiating 10/100BASE-T, auto-crossover RJ-45 ports (either a crossover or straight-through Ethernet cable can be used) for connecting to your local computers. Note: The Prestige is ideal for high-speed Internet browsing and making LAN-to-LAN connections to remote networks.
Page 49: Zero Configuration Internet Access
Zero Configuration Internet Access Once you connect and turn on the Prestige, it automatically detects the Internet connection settings (such as the VCI/VPI numbers and the encapsulation method) from the ISP and makes the necessary configuration changes. In cases where additional account information (such as an Internet account user name and password) is required or the Prestige cannot connect to the ISP, you will be redirected to web screen(s) for information input or troubleshooting.
Page 50 Prestige 2602H/HW Series User’s Guide Content Filtering Content filtering allows you to block access to Internet web sites that contain key words (that you specify) in the URL. You can also schedule when the Prestige should perform the filtering and give trusted LAN IP addresses unfiltered Internet access. A Ringer Equivalence Number is used to determine the number of devices that may be connected to the telephone line.
Page 51: Traffic Redirect
SIP ALG The Prestige 2602HW is a SIP Application Layer Gateway (ALG). It allows VoIP calls to pass through NAT for devices behind the Prestige (such as a SIP-based VoIP software application on a computer). Traffic Redirect Traffic redirect forwards WAN traffic to a backup gateway when the Prestige cannot connect to the Internet, thus acting as an auxiliary if your regular WAN connection fails.
Page 52: P2602Hw Wireless Features
Prestige 2602H/HW Series User’s Guide IP Policy Routing (IPPR) Traditionally, routing is based on the destination address only and the router takes the shortest path to forward a packet. IP Policy Routing (IPPR) provides a mechanism to override the default routing behavior and alter the packet forwarding based on the policy defined by the network administrator.
Page 53: Applications For The Prestige
External Antenna The Prestige is equipped with an antenna connector and comes with a detachable 5dBi antenna to provide clear radio signal between the wireless stations and the access points. Wireless LAN MAC Address Filtering Your Prestige can check the MAC addresses of wireless stations against a list of allowed or denied MAC addresses.
Page 54: Internet Single User Account
Prestige 2602H/HW Series User’s Guide Figure 1 Prestige Internet Access Application 1.2.1.1 Internet Single User Account For a SOHO (Small Office/Home Office) environment, your Prestige offers the Single User Account (SUA) feature that allows multiple users on the LAN (Local Area Network) to access the Internet concurrently for the cost of a single IP address 1.2.2 Making Calls via Internet Telephony Service Provider In a home or small office environment, you can use the Prestige to make and receive VoIP...
Page 55: Firewall For Secure Broadband Internet Access
The following figure shows a basic example of how you would make a peer-to-peer VoIP call. You use your analog phone (A in the figure) and the Prestige (B) changes the call into VoIP. The Prestige then sends your call through the Internet to the peer VoIP device (C). Figure 3 Peer-to-peer Calling 1.2.4 Firewall for Secure Broadband Internet Access The Prestige provides protection from attacks by Internet hackers.
Page 56: Front Panel Leds
Prestige 2602H/HW Series User’s Guide Figure 5 Prestige LAN-to-LAN Application 1.2.6 Front Panel LEDs Figure 6 P2602H-C Series Front Panel Figure 7 P2602HW-C Series Front Panel The following table describes the LEDs. Table 4 P2602H/HW-C Series Front Panel LEDs COLOR PWR/SYS Green None...
Page 57 Table 4 P2602H/HW-C Series Front Panel LEDs (continued) COLOR LAN 1-4 Green None WLAN (W Green models only) None Green None INTERNET Green None PHONE 1, 2 Green None Refer to the Quick Start Guide for information on hardware connections. Chapter 1 Getting To Know Your Prestige Prestige 2602H/HW Series User’s Guide STATUS...
Page 58 Prestige 2602H/HW Series User’s Guide Chapter 1 Getting To Know Your Prestige...
Page 59: Introducing The Web Configurator
This chapter describes how to access and navigate the web configurator. 2.1 Web Configurator Overview The web configurator is an HTML-based management interface that allows easy Prestige setup and management via Internet browser. Use Internet Explorer 6.0 and later or Netscape Navigator 7.0 and later versions.
Page 60: Resetting The Prestige
Prestige 2602H/HW Series User’s Guide Figure 8 Password Screen 6 It is highly recommended you change the default password. Enter a new password, retype it to confirm and click Apply; alternatively click Ignore to proceed to the main menu if you do not want to change the password now.
Page 61: Navigating The Prestige Web Configurator
2.1.3 Navigating the Prestige Web Configurator The following summarizes how to navigate the web configurator from the SITE MAP screen. We use the Prestige 2602HW-61 web screens in this guide as an example. Screens vary slightly for different Prestige models. •...
Page 62: Figure 10 Web Configurator Site Map Screen
Prestige 2602H/HW Series User’s Guide Figure 10 Web Configurator SITE MAP Screen Note: Click the embedded help. Table 5 Web Configurator Screens Summary LINK SUB-LINK Wizard Setup Connection Setup Media Bandwidth Mgnt Advanced Setup Password LAN Setup Static DHCP Wireless LAN Wireless MAC Filter 802.1X/WPA...
Page 63 Table 5 Web Configurator Screens Summary (continued) LINK SUB-LINK Voice SIP Settings Phone Speed Dial Lifeline Common Call Forward Dynamic DNS Time and Date Firewall Default Policy Rule Summary Anti Probing Threshold Content Filter Keyword Schedule Trusted Setup Monitor Global Setting Remote Management UPnP...
Page 64 Prestige 2602H/HW Series User’s Guide Table 5 Web Configurator Screens Summary (continued) LINK SUB-LINK DHCP Table Any IP Table Wireless LAN Association List Diagnostic General DSL Line Firmware FUNCTION This screen displays DHCP (Dynamic Host Configuration Protocol) related information and is READ-ONLY. This screen lists the devices that are using the Any IP feature to communicate with the Prestige.
Page 65: Chapter 3 Wizard Setup
This chapter provides information on the Wizard Setup screens for Internet access and VoIP in the web configurator. 3.1 Wizard Setup Introduction Use the Wizard Setup screens to configure your system for Internet access and Voice with the information provided by your ISP and voice service provider. Your ISP may have already configured some of the fields in the wizard screens for you.
Page 66: Wizard Setup: Second Screen
Prestige 2602H/HW Series User’s Guide The following table describes the fields in this screen. Table 6 Wizard Setup: First Screen LABEL DESCRIPTION Mode From the Mode drop-down list box, select Routing (default) if your ISP allows multiple computers to share an Internet account. Otherwise select Bridge. Encapsulation Select the encapsulation type your ISP uses from the Encapsulation drop-down list box.
Page 67: Figure 12 Internet Connection With Pppoe
Figure 12 Internet Connection with PPPoE The following table describes the fields in this screen. Table 7 Internet Connection with PPPoE LABEL DESCRIPTION Service Name Type the name of your PPPoE service here. User Name Enter the user name exactly as your ISP assigned. If assigned a name in the form user@domain exactly as given.
Page 68: Figure 13 Internet Connection With Rfc 1483
Prestige 2602H/HW Series User’s Guide Figure 13 Internet Connection with RFC 1483 The following table describes the fields in this screen. Table 8 Internet Connection with RFC 1483 LABEL DESCRIPTION IP Address This field is available if you select Routing in the Mode field. Type your ISP assigned IP address in this field.
Page 69: Figure 15 Internet Connection With Pppoa
Table 9 Internet Connection with ENET ENCAP LABEL DESCRIPTION IP Address A static IP address is a fixed IP that your ISP gives you. A dynamic IP address is not fixed; the ISP assigns you a different one each time you connect to the Internet. Select Obtain an IP Address Automatically if you have a dynamic IP address;...
Page 70: Wizard Setup: Third Screen
Prestige 2602H/HW Series User’s Guide Table 10 Internet Connection with PPPoA LABEL DESCRIPTION User Name Enter the login name that your ISP gives you. Password Enter the password associated with the user name above. IP Address This option is available if you select Routing in the Mode field. A static IP address is a fixed IP that your ISP gives you.
Page 71: Figure 16 Wizard Setup: Third Screen
Figure 16 Wizard Setup: Third Screen Table 11 Wizard Setup: Voice Configuration LABEL Active SIP Number SIP Local Port SIP Server Address SIP Server Port REGISTER Server Address REGISTER Server Port Enter the SIP register server’s listening port for SIP in this field. SIP Service Domain Authentication User ID Chapter 3 Wizard Setup...
Page 72: Internet Access Wizard Setup: Fourth Screen
Prestige 2602H/HW Series User’s Guide Table 11 Wizard Setup: Voice Configuration (continued) LABEL Authentication Password Send Caller ID Back Next 3.1.4 Internet Access Wizard Setup: Fourth Screen Verify the settings in the screen shown next. To change the LAN information on the Prestige, click Change LAN Configurations.
Page 73: Figure 17 Internet Access Wizard Setup: Fourth Screen
Prestige 2602H/HW Series User’s Guide Figure 17 Internet Access Wizard Setup: Fourth Screen If you want to change your Prestige LAN settings, click Change LAN Configuration to display the screen as shown next. Chapter 3 Wizard Setup...
Page 74: Wizard Setup: Connection Test
Prestige 2602H/HW Series User’s Guide Figure 18 Wizard Setup: LAN Configuration The following table describes the fields in this screen. Table 12 Wizard Setup: LAN Configuration LABEL LAN IP Address LAN Subnet Mask DHCP DHCP Server Client IP Pool Starting Address Size of Client IP Pool Primary DNS Server...
Page 75: Test Your Internet Connection
Figure 19 Wizard Setup: Connection Tests 3.1.5.1 Test Your Internet Connection Launch your web browser and navigate to www.zyxel.com. Internet access is just the beginning. Refer to the rest of this User’s Guide for more detailed information on the complete range of Prestige features.
Page 76: Predefined Media Bandwidth Management Services
Prestige 2602H/HW Series User’s Guide 3.2.1 Predefined Media Bandwidth Management Services The following is a description of the services that you can select and to which you can apply media bandwidth management using the Wizard Setup screens. Table 13 Media Bandwidth Mgnt. Wizard Setup: Services SERVICE DESCRIPTION Xbox Live...
Page 77: Media Bandwidth Mgnt. Wizard Setup: Second Screen
Figure 20 Media Bandwidth Mgnt. Wizard Setup: First Screen The following table describes the labels in this screen. Table 14 Media Bandwidth Mgnt. Wizard Setup: First Screen LABEL Active Select the service to apply bandwidth management. Next 3.2.3 Media Bandwidth Mgnt. Wizard Setup: Second Screen The Prestige automatically creates the bandwidth class for each service you select.
Page 78: Media Bandwidth Mgnt. Wizard Setup: Finish
Prestige 2602H/HW Series User’s Guide Figure 21 Media Bandwidth Mgnt. Wizard Setup: Second Screen (all services selected) The following table describes the fields in this screen. Table 15 Media Bandwidth Mgnt. Wizard Setup: Second Screen LABEL DESCRIPTION Service These fields display the service(s) selected in the previous screen. Priority Select High, Mid or Low priority for each service to have your Prestige use a priority for traffic that matches that service.
Page 79: Password Setup
Figure 22 Media Bandwidth Mgnt. Wizard Setup: Finish 3.3 Password Setup It is highly recommended that you change the password for accessing the Prestige. 3.3.1 Configuring Password To change your Prestige’s password (recommended), click Password in the Site Map screen. Figure 23 Password The following table describes the fields in this screen.
Page 80 Prestige 2602H/HW Series User’s Guide Chapter 3 Wizard Setup...
Page 81: Chapter 4 Lan Setup
This chapter describes how to configure LAN settings. 4.1 LAN Overview A Local Area Network (LAN) is a shared communication system to which many computers are attached. A LAN is a computer network limited to the immediate area, usually the same building or floor of a building.
Page 82: Ip Pool Setup
Prestige 2602H/HW Series User’s Guide 4.1.2.1 IP Pool Setup The Prestige is pre-configured with a pool of IP addresses for the DHCP clients (DHCP Pool). See the product specifications in the appendices. Do not assign static IP addresses from the DHCP pool to your LAN computers.
Page 83: Lan Tcp/Ip
• The ISP tells you the DNS server addresses, usually in the form of an information sheet, when you sign up. If your ISP gives you DNS server addresses, enter them in the DNS Server fields in DHCP Setup. • The Prestige acts as a DNS proxy when the Primary and Secondary DNS Server fields are left blank in the LAN Setup screen.
Page 84: Private Ip Addresses
Prestige 2602H/HW Series User’s Guide told otherwise. Let's say you select 192.168.1.0 as the network number; which covers 254 individual addresses, from 192.168.1.1 to 192.168.1.254 (zero and 255 are reserved). In other words, the first three numbers specify the network number while the last number identifies an individual computer on that network.
Page 85: Multicast
• Out Only - the Prestige will send out RIP packets but will not accept any RIP packets received. • None - the Prestige will not send any RIP packets and will ignore any RIP packets received. The Version field controls the format and the broadcasting method of the RIP packets that the Prestige sends (it recognizes both formats when receiving).
Page 86: How Any Ip Works
Prestige 2602H/HW Series User’s Guide With the Any IP feature and NAT enabled, the Prestige allows a computer to access the Internet without changing the network settings (such as IP address and subnet mask) of the computer, when the IP addresses of the computer and the Prestige are not in the same subnet. Whether a computer is set to use a dynamic or static (fixed) IP address, you can simply connect the computer to the Prestige and access the Internet.
Page 87: Configuring Lan
3 The Prestige receives the ARP request and replies to the computer with its own MAC address. 4 The computer updates the MAC address for the default gateway to the ARP table. Once the ARP table is updated, the computer is able to access the Internet through the Prestige. 5 When the Prestige receives packets from the computer, it creates an entry in the IP routing table so it can properly forward packets intended for the computer.
Page 88: Table 17 Lan Setup
Prestige 2602H/HW Series User’s Guide The following table describes the fields in this screen. Table 17 LAN Setup LABEL DESCRIPTION DHCP DHCP If set to Server, your Prestige can assign IP addresses, an IP default gateway and DNS servers to Windows 95, Windows NT and other systems that support the DHCP client.
Page 89: Configuring Static Dhcp
4.8 Configuring Static DHCP This table allows you to assign IP addresses on the LAN to specific individual computers based on their MAC Addresses. Every Ethernet device has a unique MAC (Media Access Control) address. The MAC address is assigned at the factory and consists of six pairs of hexadecimal characters, for example, 00:A0:C5:00:00:02.
Page 90 Prestige 2602H/HW Series User’s Guide Chapter 4 LAN Setup...
Page 91: Wireless Lan (P2602Hw Models)
Wireless LAN (P2602HW Models) This chapter discusses how to configure Wireless LAN. 5.1 Introduction A wireless LAN can be as simple as two computers with wireless LAN adapters communicating in a peer-to-peer network or as complex as a number of computers with wireless LAN adapters communicating through access points which bridge network traffic to the wired LAN.
Page 92: Restricted Access
Prestige 2602H/HW Series User’s Guide • Use the Local User Database if you have less than 32 wireless clients in your network. The Prestige uses MD5 encryption when a client authenticates with the Local User Database 5.2.3 Restricted Access The MAC Filter screen allows you to configure the AP to give exclusive access to devices (Allow Association) or exclude them from accessing the AP (Deny Association).
Page 93: Configuring The Wireless Screen
Figure 28 Wireless Security Methods Note: You must enable the same wireless security settings on the Prestige and on all wireless clients that you want to associate with it. If you do not enable any wireless security on your Prestige, your network is accessible to any wireless networking device that is within range.
Page 94: Figure 29 Wireless Screen
Prestige 2602H/HW Series User’s Guide Figure 29 Wireless Screen The following table describes the labels in this screen. Table 19 Wireless LAN LABEL DESCRIPTION Enable Wireless You should configure some wireless security (see enable the wireless LAN. Select the check box to enable the wireless LAN. ESSID The ESSID (Extended Service Set IDentification) is a unique name to identify the Prestige in the wireless LAN.
Page 95: Configuring Mac Filters
Table 19 Wireless LAN (continued) LABEL DESCRIPTION You won’t see the following WEP-related fields if you have WPA or WPA-PSK enabled. WEP Encryption WEP (Wired Equivalent Privacy) encrypts data frames before transmitting over the wireless network. Select Disable to allow all wireless stations to communicate with the access points without any data encryption.
Page 96: Figure 30 Mac Address Filter
Prestige 2602H/HW Series User’s Guide Figure 30 MAC Address Filter The following table describes the fields in this menu. Table 20 MAC Address Filter LABEL DESCRIPTION Active Select Yes from the drop down list box to enable MAC address filtering. Action Define the filter action for the list of MAC addresses in the MAC Address table.
Page 97: Introduction To Wpa
Table 20 MAC Address Filter (continued) LABEL DESCRIPTION Apply Click Apply to save your changes back to the Prestige. Cancel Click Cancel to begin configuring this screen afresh. 5.5 Introduction to WPA Wi-Fi Protected Access (WPA) is a subset of the IEEE 802.11i standard. WPA is preferred to WEP as WPA has user authentication and improved data encryption.
Page 98: Wpa With Radius Application Example
Prestige 2602H/HW Series User’s Guide Figure 31 WPA - PSK Authentication 5.5.2 WPA with RADIUS Application Example You need the IP address, port number (default is 1812) and shared secret of a RADIUS server. A WPA application example with an external RADIUS server looks as follows. "A" is the RADIUS server.
Page 99: Wireless Client Wpa Supplicants
Figure 32 WPA with RADIUS Application Example2 5.5.3 Wireless Client WPA Supplicants A wireless client supplicant is the software that runs on an operating system instructing the wireless client how to use WPA. At the time of writing, the most widely available supplicants are the WPA patch for Windows XP, Funk Software's Odyssey client, and Meetinghouse Data Communications' AEGIS client.
Page 100: Authentication Required: 802.1X
Prestige 2602H/HW Series User’s Guide Figure 33 Wireless LAN: 802.1x/WPA: No Access Allowed Figure 34 Wireless LAN: 802.1x/WPA: No Authentication The following table describes the label in these screens. Table 21 Wireless LAN: 802.1x/WPA: No Access/Authentication LABEL DESCRIPTION Wireless Port To control wireless station access to the wired network, select a control method from Control the drop-down list box.
Page 101: Figure 35 Wireless Lan: 802.1X/Wpa: 802.1Xl
• A wireless station computer must be running IEEE 802.1x-compliant software. Not all Windows operating systems support IEEE 802.1x (see the Microsoft web site for details). For other operating systems, see their documentation. If your operating system does not support IEEE 802.1x, then you may need to install IEEE 802.1x client software. •...
Page 102: Authentication Required: Wpa
Prestige 2602H/HW Series User’s Guide Table 22 Wireless LAN: 802.1x/WPA: 802.1x (continued) LABEL DESCRIPTION Key Management Choose 802.1x from the drop-down list. Protocol Dynamic WEP Key This field is activated only when you select Authentication Required in the Exchange Wireless Port Control field. Also set the Authentication Databases field to RADIUS Only.
Page 103: Figure 36 Wireless Lan: 802.1X/Wpa: Wpa
Figure 36 Wireless LAN: 802.1x/WPA: WPA The following table describes the labels not previously discussed Table 23 Wireless LAN: 802.1x/WPA: WPA LABEL DESCRIPTION Key Management Choose WPA in this field. Protocol WPA Mixed Mode The Prestige can operate in WPA Mixed Mode, which supports both clients running WPA and clients running dynamic WEP key exchange with 802.1x in the same Wi-Fi network.
Page 104: Authentication Required: Wpa-Psk
Prestige 2602H/HW Series User’s Guide 5.6.3 Authentication Required: WPA-PSK Select Authentication Required in the Wireless Port Control field and WPA-PSK in the Key Management Protocol field to display the next screen. Figure 37 Wireless LAN: 802.1x/WPA:WPA-PSK The following table describes the labels not previously discussed. Table 24 Wireless LAN: 802.1x/WPA: WPA-PSK LABEL DESCRIPTION...
Page 105: Configuring Local User Authentication
5.7 Configuring Local User Authentication By storing user profiles locally, your Prestige is able to authenticate wireless users without interacting with a network RADIUS server. However, there is a limit on the number of users you may authenticate in this way. To change your Prestige’s local user database, click Wireless LAN, Local User Database.
Page 106: Configuring Radius
Prestige 2602H/HW Series User’s Guide Table 25 Local User Database (continued) LABEL DESCRIPTION Password Enter a password of up to 31 printable characters (including spaces; alphabetic characters are case-sensitive) if you’re using MD5 encryption and maximum 14 if you’re using PEAP. Back Click Back to go to the main wireless LAN setup screen.
Page 107 Table 26 RADIUS (continued) LABEL Shared Secret Accounting Server Active Server IP Address Port Number Shared Secret Back Apply Cancel Chapter 5 Wireless LAN (P2602HW Models) Prestige 2602H/HW Series User’s Guide DESCRIPTION Enter a password (up to 31 alphanumeric characters) as the key to be shared between the external authentication server and the access points.
Page 108 Prestige 2602H/HW Series User’s Guide Chapter 5 Wireless LAN (P2602HW Models)
Page 109: Chapter 6 Wan Setup
This chapter describes how to configure WAN settings. 6.1 WAN Overview A WAN (Wide Area Network) is an outside connection to another network or the Internet. 6.1.1 Encapsulation Be sure to use the encapsulation method required by your ISP. The Prestige supports the following methods.
Page 110: Rfc 1483
Prestige 2602H/HW Series User’s Guide 6.1.1.4 RFC 1483 RFC 1483 describes two methods for Multiprotocol Encapsulation over ATM Adaptation Layer 5 (AAL5). The first method allows multiplexing of multiple protocols over a single ATM virtual circuit (LLC-based multiplexing) and the second method assumes that each protocol is carried over a separate ATM virtual circuit (VC-based multiplexing).
Page 111: Ip Assignment With Rfc 1483 Encapsulation
6.1.4.2 IP Assignment with RFC 1483 Encapsulation In this case the IP Address Assignment must be static with the same requirements for the IP Address and ENET ENCAP Gateway fields as stated above. 6.1.4.3 IP Assignment with ENET ENCAP Encapsulation In this case you can have either a static or dynamic IP.
Page 112: Pppoe Encapsulation
Prestige 2602H/HW Series User’s Guide IP Policy Routing overrides the default routing behavior and takes priority over all of the routes mentioned above (see 6.3 PPPoE Encapsulation The Prestige supports PPPoE (Point-to-Point Protocol over Ethernet). PPPoE is an IETF standard (RFC 2516) specifying how a personal computer (PC) interacts with a broadband modem (DSL, cable, wireless, etc.) connection.
Page 113: Zero Configuration Internet Access
The following figure illustrates the relationship between PCR, SCR and MBS. Figure 40 Example of Traffic Shaping 6.5 Zero Configuration Internet Access Once you turn on and connect the Prestige to a telephone jack, it automatically detects the Internet connection settings (such as the VCI/VPI numbers and the encapsulation method) from the ISP and makes the necessary configuration changes.
Page 114: Figure 41 Wan Setup (Pppoe)
Prestige 2602H/HW Series User’s Guide Figure 41 WAN Setup (PPPoE) The following table describes the fields in this screen. Table 27 WAN Setup LABEL Name Mode DESCRIPTION Enter the name of your Internet Service Provider, e.g., MyISP. This information is for identification purposes only.
Page 115 Table 27 WAN Setup (continued) LABEL Encapsulation Multiplex Virtual Circuit ID ATM QoS Type Cell Rate Peak Cell Rate Sustain Cell Rate Maximum Burst Size Maximum Burst Size (MBS) refers to the maximum number of cells that can be Login Information Service Name User Name Password...
Page 116: Traffic Redirect
Prestige 2602H/HW Series User’s Guide Table 27 WAN Setup (continued) LABEL Connect on Demand Select Connect on Demand when you don't want the connection up all the time Max Idle Timeout PPPoE Passthrough (PPPoE encapsulation only) Subnet Mask (ENET ENCAP encapsulation only) ENET ENCAP Gateway...
Page 117: Configuring Wan Backup
Figure 42 Traffic Redirect Example The following network topology allows you to avoid triangle route security issues when the backup gateway is connected to the LAN. Use IP alias to configure the LAN into two or three logical networks with the Prestige itself as the gateway for each LAN network. Put the protected LAN in one subnet (Subnet 1 in the following figure) and the backup gateway in another subnet (Subnet 2).
Page 118: Figure 44 Wan Backup
Prestige 2602H/HW Series User’s Guide Figure 44 WAN Backup The following table describes the fields in this screen. Table 28 WAN Backup LABEL DESCRIPTION Backup Type Select the method that the Prestige uses to check the DSL connection. Select DSL Link to have the Prestige check if the connection to the DSLAM is up. Select ICMP to have the Prestige periodically ping the IP addresses configured in the Check WAN IP Address fields.
Page 119 Table 28 WAN Backup (continued) LABEL DESCRIPTION Timeout Type the number of seconds (3 recommended) for your Prestige to wait for a ping response from one of the IP addresses in the Check WAN IP Address field before timing out the request. The WAN connection is considered "down" after the Prestige times out the number of times specified in the Fail Tolerance field.
Page 120 Prestige 2602H/HW Series User’s Guide Chapter 6 WAN Setup...
Page 121: Network Address Translation (Nat) Screens
Network Address Translation This chapter discusses how to configure NAT on the Prestige. 7.1 NAT Overview NAT (Network Address Translation - NAT, RFC 1631) is the translation of the IP address of a host in a packet, for example, the source address of an outgoing packet, used within one network to a different IP address known within another network.
Page 122: What Nat Does
Prestige 2602H/HW Series User’s Guide 7.1.2 What NAT Does In the simplest form, NAT changes the source IP address in a packet received from a subscriber (the inside local address) to another (the inside global address) before forwarding the packet to the WAN side. When the response comes back, NAT translates the destination address (the inside global address) back to the inside local address before forwarding it to the original inside host.
Page 123: Nat Application
Figure 45 How NAT Works 7.1.4 NAT Application The following figure illustrates a possible NAT application, where three inside LANs (logical LANs using IP Alias) behind the Prestige can communicate with three distinct WAN networks. More examples follow at the end of this chapter. Figure 46 NAT Application With IP Alias 7.1.5 NAT Mapping Types NAT supports five types of IP/port mapping.
Page 124: Sua (Single User Account) Versus Nat
Prestige 2602H/HW Series User’s Guide • One to One: In One-to-One mode, the Prestige maps one local IP address to one global IP address. • Many to One: In Many-to-One mode, the Prestige maps multiple local IP addresses to one global IP address. This is equivalent to SUA (for instance, PAT, port address translation), ZyXEL’s Single User Account feature that previous ZyXEL routers supported (the SUA Only option in today’s routers).
Page 125: Sua Server
• Choose Full Feature if you have multiple public WAN IP addresses for your Prestige. 7.3 SUA Server A SUA server set is a list of inside (behind NAT on the LAN) servers, for example, web or FTP, that you can make visible to the outside world even though SUA makes your whole inside network appear as a single computer to the outside world.
Page 126: Configuring Servers Behind Sua (Example)
Prestige 2602H/HW Series User’s Guide Table 31 Services and Port Numbers (continued) SERVICES SNMP trap PPTP (Point-to-Point Tunneling Protocol) 7.3.3 Configuring Servers Behind SUA (Example) Let's say you want to assign ports 21-25 to one FTP, Telnet and SMTP server (A in the example), port 80 to another (B in the example) and assign a default server IP address of 192.168.1.35 to a third (C in the example).
Page 127: Configuring Sua Server
Figure 48 NAT Mode The following table describes the labels in this screen. Table 32 NAT Mode LABEL DESCRIPTION None Select this radio button to disable NAT. SUA Only Select this radio button if you have just one public WAN IP address for your Prestige. The Prestige uses Address Mapping Set 1 in the NAT - Edit SUA/NAT Server Set screen.
Page 128: Figure 49 Edit Sua/Nat Server Set
Prestige 2602H/HW Series User’s Guide Figure 49 Edit SUA/NAT Server Set The following table describes the fields in this screen. Table 33 Edit SUA/NAT Server Set LABEL DESCRIPTION Start Port No. Enter a port number in this field. To forward only one port, enter the port number again in the End Port No. field. To forward a series of ports, enter the start port number here and the end port number in the End Port No.
Page 129: Configuring Address Mapping
7.6 Configuring Address Mapping Ordering your rules is important because the Prestige applies the rules in the order that you specify. When a rule matches the current packet, the Prestige takes the corresponding action and the remaining rules are ignored. If there are any empty rules before your new configured rule, your configured rule will be pushed up by that number of empty rules.
Page 130: Editing An Address Mapping Rule
Prestige 2602H/HW Series User’s Guide Table 34 Address Mapping Rules (continued) LABEL DESCRIPTION Type 1-1: One-to-one mode maps one local IP address to one global IP address. Note that port numbers do not change for the One-to-one NAT mapping type. M-1: Many-to-One mode maps multiple local IP addresses to one global IP address.
Page 131: Table 35 Address Mapping Rule Edit
Table 35 Address Mapping Rule Edit LABEL DESCRIPTION Type Choose the port mapping type from one of the following. • One-to-One: One-to-One mode maps one local IP address to one global IP address. Note that port numbers do not change for One-to-one NAT mapping type.
Page 132 Prestige 2602H/HW Series User’s Guide Chapter 7 Network Address Translation (NAT) Screens...
Page 133: Introduction To Voip
This chapter provides background information on VoIP and SIP. 8.1 Introduction to VoIP VoIP is the sending of voice signals over the Internet Protocol. This allows you to make phone calls and send faxes over the Internet at a fraction of the cost of using the traditional circuit- switched telephone network.
Page 134: Sip Service Domain
Prestige 2602H/HW Series User’s Guide 8.2.1.2 SIP Service Domain The SIP service domain of the VoIP service provider is the domain name in a SIP URI. For example, if the SIP address is 1122334455@VoIP-provider.com, then “VoIP-provider.com” is the SIP service domain. 8.2.2 SIP Call Progression The following figure displays the basic steps in the setup and tear down of a SIP call.
Page 135: Sip User Agent
8.2.3.1 SIP User Agent A SIP user agent can make and receive VoIP telephone calls. This means that SIP can be used for peer-to-peer communications even though it is a client-server protocol. In the following figure, either A or B can act as a SIP user agent client to initiate a call. A and B can also both act as a SIP user agent to receive the call.
Page 136: Sip Redirect Server
Prestige 2602H/HW Series User’s Guide Figure 53 SIP Proxy Server 8.2.3.3 SIP Redirect Server A SIP redirect server accepts SIP requests, translates the destination address to an IP address and sends the translated IP address back to the device that sent the request. Then the client device that originally sent the request can send requests to the IP address that it received back from the redirect server.
Page 137: Sip Register Server
Figure 54 SIP Redirect Server 8.2.3.4 SIP Register Server A SIP register server maintains a database of SIP identity-to-IP address (or domain name) mapping. The register server checks your user name and password when you register. 8.2.4 RTP When you make a VoIP call using SIP, the RTP (Real time Transport Protocol) is used to handle voice data transfer.
Page 138: Voice Coding
Prestige 2602H/HW Series User’s Guide 8.5 Voice Coding A codec (coder/decoder) codes analog voice signals into digital signals and decodes the digital signals back into voice signals. The Prestige supports the following codecs. 8.5.1 G.711 G.711 is a Pulse Code Modulation (PCM) waveform codec. G.711 provides very good sound quality but requires 64kbps of bandwidth.
Page 139: Chapter 9 Voice Screens
This chapter describes how to configure advanced VoIP, QoS, phone and phone book settings. 9.1 Voice Screens Introduction This chapter covers the configuration of the VoIP screens. 9.2 SIP Settings Configuration Click Voice in the navigation panel and then SIP Settings to display the following screen. Use this screen to configure the Prestige’s SIP settings.
Page 140: Advanced Voice Settings Configuration
Prestige 2602H/HW Series User’s Guide Table 37 SIP Settings LABEL DESCRIPTION SIP Account You can configure the Prestige to use multiple SIP accounts. Select one to configure its settings on the Prestige. Active SIP Select this check box to have the Prestige use this SIP account. Clear the check box to have the Prestige not use this SIP account.
Page 141: Figure 56 Voice Advanced Setup
Figure 56 Voice Advanced Setup The following table describes the labels in this screen. Table 38 Voice Advanced Setup LABEL DESCRIPTION SIP Account This read-only field displays the number of the SIP account that you are configuring. The changes that you save in this page affect the Prestige’s settings with the SIP account displayed here.
Page 142 Prestige 2602H/HW Series User’s Guide Table 38 Voice Advanced Setup (continued) LABEL DESCRIPTION Session Expires Use this field to set the longest time that the Prestige will allow a SIP session to remain idle (without traffic) before dropping it. Min-SE When two SIP devices negotiate a SIP session, they must negotiate a common expiration time for idle SIP sessions.
Page 143: Quality Of Service (Qos)
9.4 Quality of Service (QoS) Quality of Service (QoS) refers to both a network's ability to deliver data with minimum delay, and the networking methods used to provide bandwidth for real-time multimedia applications. 9.4.1 Type Of Service (ToS) Network traffic can be classified by setting the ToS (Type Of Service) values at the data source (for example, at the Prestige) so a server can decide the best method of delivery, that is the least cost, fastest route and so on.
Page 144: Qos Configuration
Prestige 2602H/HW Series User’s Guide Your Prestige can add IEEE 802.1Q VLAN ID tags to voice frames that it sends to the network. This allows the Prestige to communicate with a SIP server that is a member of the same VLAN group. Some ISPs use the VLAN tag to identify voice traffic and give it priority over other traffic.
Page 145: Phone
9.6 Phone You can configure the volume, echo cancellation and VAD settings for each individual phone port on the Prestige. You can also select which SIP account to use for making outgoing calls. 9.6.1 Voice Activity Detection/Silence Suppression Voice Activity Detection (VAD) detects whether or not speech is present. This lets the Prestige reduce the bandwidth that a call uses by not transmitting “silent packets”...
Page 146: Figure 59 Phone
Prestige 2602H/HW Series User’s Guide Figure 59 Phone The following table describes the labels in this screen. Table 40 Phone LABEL Phone Port Settings Speaking Volume Listening Volume Outgoing Call use G.168 Active VAD Support DESCRIPTION Use this field to select the phone port that you want to configure. Use this field to set the loudness that the Prestige uses for the speech signal that it sends to the peer device.
Page 147: Speed Dial
Table 40 Phone (continued) LABEL Dialing Interval Back Apply Cancel 9.8 Speed Dial Speed dial provides shortcuts for dialing frequently used (VoIP) phone numbers. 9.8.1 Peer-to-Peer Calls You can call another VoIP device directly without going through a SIP server. You must set up a speed dial entry in the phone book in order to do this.
Page 148: Figure 60 Speed Dial
Prestige 2602H/HW Series User’s Guide Figure 60 Speed Dial The following table describes the labels in this screen. Table 41 Speed Dial LABEL DESCRIPTION Add New Entry Use this section of the screen to edit and save new or existing speed dial phone book entries.
Page 149: Lifeline (Prestige 2602Hl/Hwl)
Table 41 Speed Dial (continued) LABEL DESCRIPTION Name This is the descriptive name of the party that you will use this speed dial entry to call. Destination This field displays Use Proxy if calls to this party use one of your SIP accounts. This field displays the SIP server’s or the party’s IP address or domain name if calls to this party do not use one of your SIP accounts.
Page 150: Supplementary Phone Services Overview
Prestige 2602H/HW Series User’s Guide Figure 61 Lifeline The following table describes the labels in this screen. Table 42 Lifeline LABEL DESCRIPTION PSTN Pre-fix Specify the prefix number for dialing regular calls when VoIP service is available. Number Relay to PSTN Use these fields to specify phone numbers to which the Prestige will always send calls through the regular phone service without the need of dialing a prefix number.
Page 151: The Flash Key
• Internal Calls (see Note: To take full advantage of the supplementary phone services available though the Prestige's phone ports, you may need to subscribe to the services from your voice service provider. 9.12.1 The Flash Key Flashing means to press the hook for a short period of time (a few hundred milliseconds) before releasing it.
Page 152: European Call Waiting
Prestige 2602H/HW Series User’s Guide Press the flash key and then “0” to disconnect the call presently on hold and keep the current call on line. Press the flash key and then “1” to disconnect the current call and resume the call on hold. If you hang up the phone but a caller is still on hold, there will be a remind ring.
Page 153: Usa Type Supplementary Services
USA Type Supplementary Services 9.12.3 This section describes how to use supplementary phone services with the USA Type Call Service Mode. Commands for supplementary services are listed in the table below. After pressing the flash key, if you do not issue the sub-command before the default sub- command timeout (2 seconds) expires or issue an invalid sub-command, the current operation will be aborted.
Page 154: Common Phone Port Configuration
Prestige 2602H/HW Series User’s Guide 1 When you are on the phone talking to someone, place the flash key to put the caller on hold and get a dial tone. 2 Dial a phone number directly to make another call. 3 When the second call is answered, press the flash key, wait for the sub-command tone and press “3”...
Page 155: Call Forward Configuration
Table 45 Voice Common (continued) LABEL Incoming Lifeline Call mapping to (Lifeline models only) Call Service Mode Back Apply Cancel 9.14 Call Forward Configuration Click Voice in the navigation panel and then Call Forward to display the following screen. Use this screen to configure the Prestige to block or redirect calls. You can configure a different call forwarding table for each SIP account or use the same call forwarding table for both.
Page 156: Figure 63 Voice Call Forward
Prestige 2602H/HW Series User’s Guide Figure 63 Voice Call Forward The following table describes the labels in this screen. Table 46 Voice Call Forward LABEL Table Number Forward to Number Setup DESCRIPTION Select which call forwarding table you want to configure. You can configure a different call forwarding table for each SIP account or use the same call forwarding table for both.
Page 157 Table 46 Voice Call Forward LABEL Unconditional Forward to Number Busy Forward to Number No Answer Forward to Number No Answer Waiting Time Advanced Setup Activate Incoming Call Number Forward to Number Condition Apply Cancel Chapter 9 Voice Screens Prestige 2602H/HW Series User’s Guide DESCRIPTION Enable this feature to have the Prestige forward all incoming calls to the number that you configure regardless of whether or not the phone(s) connected to the...
Page 158 Prestige 2602H/HW Series User’s Guide Chapter 9 Voice Screens...
Page 159: Chapter 10 Phone Usage
This chapter describes how to use a phone connected to your Prestige for basic tasks. 10.1 Dialing a Telephone Number The PHONE LED turns green when your SIP account is registered. Dial a SIP number like “12345” on your phone’s keypad. Use speed dial entries (see use letters.
Page 160: Auto Firmware Upgrade
Prestige 2602H/HW Series User’s Guide 10.5 Auto Firmware Upgrade During auto-provisioning, the Prestige checks to see if there is a newer firmware version. If newer firmware is available, the Prestige plays a recording when you pick up your phone’s handset. Press “*99#”...
Page 161: Chapter 11 Dynamic Dns Setup
This chapter discusses how to configure your Prestige to use Dynamic DNS. 11.1 Dynamic DNS Dynamic DNS allows you to update your current dynamic IP address with one or many dynamic DNS services so that anyone can contact you (in NetMeeting, CU-SeeMe, etc.). You can also access your FTP server or Web site on your own computer using a domain name (for instance myhost.dhs.org, where myhost is a name of your choice) that will never change instead of using an IP address that changes each time you reconnect.
Page 162: Figure 64 Dynamic Dns
Prestige 2602H/HW Series User’s Guide Figure 64 Dynamic DNS The following table describes the fields in this screen. Table 47 Dynamic DNS LABEL DESCRIPTION Active Select this check box to use dynamic DNS. Service Provider This is the name of your Dynamic DNS service provider. Host Names Type the domain name assigned to your Prestige by your Dynamic DNS provider.
Page 163: Chapter 12 Time And Date
Use this screen to configure the Prestige’s time and date settings. 12.1 Pre-defined NTP Time Servers List The Prestige uses the following pre-defined list of NTP time servers if you do not specify a time server or it cannot synchronize with the time server you specified. Note: The Prestige can use this pre-defined list of time servers regardless of the Time Protocol you select.
Page 164: Figure 65 Time And Date
Prestige 2602H/HW Series User’s Guide Figure 65 Time and Date The following table describes the fields in this screen. Table 49 Time and Date LABEL DESCRIPTION Time Server Use Protocol when Select the time service protocol that your time server uses. Not all time servers Bootup support all protocols, so you may have to check with your ISP/network administrator or use trial and error to find a protocol that works.
Page 165 Table 49 Time and Date (continued) LABEL DESCRIPTION Start Date Enter the month and day that your daylight-savings time starts on if you selected Daylight Savings. End Date Enter the month and day that your daylight-savings time ends on if you selected Daylight Savings.
Page 166 Prestige 2602H/HW Series User’s Guide Chapter 12 Time and Date...
Page 167: Chapter 13 Firewalls
This chapter gives some background information on firewalls and introduces the Prestige firewall. 13.1 Firewall Overview Originally, the term firewall referred to a construction technique designed to prevent the spread of fire from one room to another. The networking term “firewall” is a system or group of systems that enforces an access-control policy between two networks.
Page 168: Stateful Inspection Firewalls
Prestige 2602H/HW Series User’s Guide Information hiding prevents the names of internal systems from being made known via DNS to outside systems, since the application gateway is the only host whose name must be made known to outside systems. Robust authentication and logging pre-authenticates application traffic before it reaches internal hosts and causes it to be logged more effectively than if it were logged with standard host logging.
Page 169: Denial Of Service Attacks
13.3.1 Denial of Service Attacks Figure 66 Prestige Firewall Application 13.4 Denial of Service Denials of Service (DoS) attacks are aimed at devices and networks with a connection to the Internet. Their goal is not to steal information, but to disable a device or network so users no longer have access to network resources.
Page 170: Types Of Dos Attacks
Prestige 2602H/HW Series User’s Guide Table 50 Common IP Ports 13.4.2 Types of DoS Attacks There are four types of DoS attacks: 1 Those that exploit bugs in a TCP/IP implementation. 2 Those that exploit weaknesses in the TCP/IP specification. 3 Brute-force attacks that flood a network with useless data.
Page 171: Figure 67 Three-Way Handshake
Figure 67 Three-Way Handshake Under normal circumstances, the application that initiates a session sends a SYN (synchronize) packet to the receiving server. The receiver sends back an ACK (acknowledgment) packet and its own SYN, and then the initiator responds with an ACK (acknowledgment).
Page 172: Icmp Vulnerability
Prestige 2602H/HW Series User’s Guide amount of ICMP echo request and response traffic. If a hacker chooses to spoof the source IP address of the ICMP echo request packet, the resulting ICMP traffic will not only clog up the "intermediary" network, but will also congest the network of the spoofed source IP address, known as the "victim"...
Page 173: Traceroute
Table 53 Legal SMTP Commands AUTH DATA EHLO QUIT RCPT RSET 13.4.2.3 Traceroute Traceroute is a utility used to determine the path a packet takes between two endpoints. Sometimes when a packet filter firewall is configured incorrectly an attacker can traceroute the firewall gaining knowledge of the network topology inside the firewall.
Page 174: Stateful Inspection Process
Prestige 2602H/HW Series User’s Guide Figure 70 Stateful Inspection The previous figure shows the Prestige’s default firewall rules in action as well as demonstrates how stateful inspection works. User A can initiate a Telnet session from within the LAN and responses to this request are allowed. However other Telnet traffic initiated from the WAN is blocked.
Page 175: Stateful Inspection And The Prestige
temporary entries might be modified, in order to permit only packets that are valid for the current state of the connection. 8 Any additional inbound or outbound packets that belong to the connection are inspected to update the state table entry and to modify the temporary inbound access list entries as required, and are forwarded through the interface.
Page 176: Udp/Icmp Security
Prestige 2602H/HW Series User’s Guide When the Prestige receives any subsequent packet (from the Internet or from the LAN), its connection information is extracted and checked against the cache. A packet is only allowed to pass through if it corresponds to a valid connection (that is, if it is a response to a connection which originated on the LAN).
Page 177: Security In General
• Limit who can telnet into your router. • Don't enable any local service (such as SNMP or NTP) that you don't use. Any enabled service could present a potential security risk. A determined hacker might be able to find creative ways to misuse the enabled services to access the firewall or the network.
Page 178: Packet Filtering Vs Firewall
Prestige 2602H/HW Series User’s Guide • Always shred confidential information, particularly about your computer, before throwing it away. Some hackers dig through the trash of companies or individuals for information that might help them in an attack. 13.7 Packet Filtering Vs Firewall Below are some comparisons between the Prestige’s filtering and firewall functions.
Page 179 • A range of source and destination IP addresses as well as port numbers can be specified within one firewall rule making the firewall a better choice when complex rules are required. • To selectively block/allow inbound or outbound traffic between inside host/networks and outside host/networks.
Page 180 Prestige 2602H/HW Series User’s Guide Chapter 13 Firewalls...
Page 181: Firewall Configuration
This chapter shows you how to enable and configure the Prestige firewall. 14.1 Access Methods The web configurator is, by far, the most comprehensive firewall configuration tool your Prestige has to offer. For this reason, it is recommended that you configure your firewall using the web configurator.
Page 182: Rule Logic Overview
Prestige 2602H/HW Series User’s Guide Note: If you configure firewall rules without a good understanding of how they work, you might inadvertently introduce security risks to the firewall and to the protected network. Make sure you test your rules after you configure them. For example, you may create rules to: •...
Page 183: Key Fields For Configuring Rules
4 Does a rule that allows Internet users access to resources on the LAN create a security vulnerability? For example, if FTP ports (TCP 20, 21) are allowed from the Internet to the LAN, Internet users may be able to connect to computers with running FTP servers. 5 Does this rule conflict with any existing rules? 6 Once these questions have been answered, adding rules is simply a matter of plugging the information into the correct fields in the web configurator screens.
Page 184: Lan To Wan Rules
Prestige 2602H/HW Series User’s Guide 14.4.1 LAN to WAN Rules The default rule for LAN to WAN traffic is that all users on the LAN are allowed non- restricted access to the WAN. When you configure a LAN to WAN rule, you in essence want to limit some or all users from accessing certain services on the WAN.
Page 185: Alerts
14.4.3 Alerts Alerts are reports on events, such as attacks, that you may want to know about right away. You can choose to generate an alert when an attack is detected in the Edit Rule screen (select the Send Alert Message to Administrator When Matched check box) or when a rule is matched in the Edit Rule screen (see message can be immediately sent to an e-mail account that you specify in the Log Settings screen (see the chapter on logs).
Page 186: Rule Summary
Prestige 2602H/HW Series User’s Guide Table 54 Firewall: Default Policy (continued) LABEL DESCRIPTION Packet Direction This is the direction of travel of packets (LAN to LAN/Router, LAN to WAN, WAN to WAN/Router or WAN to LAN. Firewall rules are grouped based on the direction of travel of packets to which they apply.
Page 187: Figure 74 Firewall: Rule Summary
Figure 74 Firewall: Rule Summary Table 55 Rule Summary LABEL DESCRIPTION Firewall Rules This read-only bar shows how much of the Prestige's memory for recording firewall Storage Space rules it is currently using. The bar turns from green to red when the maximum is in Use being approached.
Page 188: Configuring Firewall Rules
Prestige 2602H/HW Series User’s Guide Table 55 Rule Summary (continued) LABEL DESCRIPTION Service This drop-down list box displays the services to which this firewall rule applies. Please note that a blank service type is equivalent to Any. See for more information.
Page 189: Figure 75 Firewall: Edit Rule
Prestige 2602H/HW Series User’s Guide Figure 75 Firewall: Edit Rule The following table describes the labels in this screen. Chapter 14 Firewall Configuration...
Page 190: Table 56 Firewall: Edit Rule
Prestige 2602H/HW Series User’s Guide Table 56 Firewall: Edit Rule LABEL Active Action for Matched Packet Source/Destination Address Address Type Start IP Address End IP Address Subnet Mask Edit Delete Services Available/ Selected Services Edit Customized Services Schedule Day to Apply Time of Day to Apply (24-Hour Format)
Page 191: Customized Services
14.7 Customized Services Configure customized services and port numbers not predefined by the Prestige. For a comprehensive list of port numbers and services, visit the IANA (Internet Assigned Number Authority) website. For further information on these services, please read page 196.
Page 192: Example Firewall Rule
Prestige 2602H/HW Series User’s Guide Figure 77 Firewall: Configure Customized Services The following table describes the labels in this screen. Table 58 Firewall: Configure Customized Services LABEL DESCRIPTION Service Name Type a unique name for your custom port. Service Type Choose the IP port (TCP, UDP or TCP/UDP) that defines your customized port from the drop down list box.
Page 193: Figure 78 Firewall Example: Rule Summary
Figure 78 Firewall Example: Rule Summary 3 In the Rule Summary screen, type the index number for where you want to put the rule. For example, if you type “6”, your new rule becomes number 6 and the previous rule 6 (if there is one) becomes rule 7.
Page 194: Figure 79 Firewall Example: Edit Rule: Destination Address
Prestige 2602H/HW Series User’s Guide Figure 79 Firewall Example: Edit Rule: Destination Address 7 In the Edit Rule screen, click the Edit Customized Services link to open the Customized Services screen. 8 Click the number of a customized service to open the configuration screen. Configure it as follows and click Apply.
Page 195: Figure 81 Firewall Example: Edit Rule: Select Customized Services
Figure 81 Firewall Example: Edit Rule: Select Customized Services Note: Custom ports show up with an “*” before their names in the Services list box and the Rule Summary list box. Click Apply after you’ve created your custom port. On completing the configuration procedure for this Internet firewall rule, the Rule Summary screen should look like the following.
Page 196: Predefined Services
Prestige 2602H/HW Series User’s Guide Figure 82 Firewall Example: Rule Summary: My Service 14.10 Predefined Services The Available Services list box in the Edit Rule screen (see displays all predefined services that the Prestige already supports. Next to the name of the service, two fields appear in brackets.
Page 197 Table 59 Predefined Services (continued) SERVICE HTTP(TCP:80) HTTPS ICQ(UDP:4000) IKE(UDP:500) IP(AX.25:0) IP(IPv6:0) IPSEC_TRANSPORT/ TUNNEL(AH:0) IPSEC_TUNNEL(ESP:0) IRC(TCP/UDP:6667) MSN Messenger(TCP:1863) MULTICAST(IGMP:0) NetBIOS(TCP/UDP:137~139, NEWS(TCP:144) NFS(UDP:2049) NNTP(TCP:119) PING(ICMP:0) POP3(TCP:110) PPTP(TCP:1723) PPTP_TUNNEL(GRE:0) RCMD(TCP:512) REAL_AUDIO(TCP:7070) REXEC(TCP:514) RLOGIN(TCP:513) RTELNET(TCP:107) RTSP(TCP/UDP:554) SFTP(TCP:115) SMTP(TCP:25) Chapter 14 Firewall Configuration Prestige 2602H/HW Series User’s Guide DESCRIPTION Hyper Text Transfer Protocol - a client/server protocol for the world wide web.
Page 198: Anti-Probing
Prestige 2602H/HW Series User’s Guide Table 59 Predefined Services (continued) SERVICE SNMP(TCP/UDP:161) SNMP-TRAPS (TCP/ UDP:162) SQL-NET(TCP:1521) SSDP(UDP:1900) SSH(TCP/UDP:22) STRMWORKS(UDP:1558) SYSLOG(UDP:514) TACACS(UDP:49) TELNET(TCP:23) TFTP(UDP:69) VDOLIVE(TCP:7000) Microsoft RDP(TCP:3389) VNC(TCP:5900) NTP(TCP/UDP:123) 14.11 Anti-Probing If an outside user attempts to probe an unsupported port on your Prestige, an ICMP response packet is automatically returned.
Page 199: Dos Thresholds
Figure 83 Firewall: Anti Probing The following table describes the labels in this screen. Table 60 Firewall: Anti Probing LABEL DESCRIPTION Respond to PING The Prestige does not respond to any incoming Ping requests when Disable is selected. Select LAN to reply to incoming LAN Ping requests. Select WAN to reply to incoming WAN Ping requests.
Page 200: Threshold Values
Prestige 2602H/HW Series User’s Guide 14.12.1 Threshold Values Tune these parameters when something is not working and after you have checked the firewall counters. These default values should work fine for most small offices. Factors influencing choices for threshold values are: •...
Page 201: Figure 84 Firewall: Threshold
The Prestige also sends alerts whenever TCP Maximum Incomplete is exceeded. The global values specified for the threshold and timeout apply to all TCP connections. Click Firewall, and Threshold to bring up the next screen. Figure 84 Firewall: Threshold The following table describes the labels in this screen. Table 61 Firewall: Threshold LABEL DESCRIPTION...
Page 202 Prestige 2602H/HW Series User’s Guide Table 61 Firewall: Threshold (continued) LABEL DESCRIPTION Maximum This is the number of existing half-open Incomplete High sessions that causes the firewall to start deleting half-open sessions. When the number of existing half-open sessions rises above this number, the Prestige deletes half- open sessions as required to accommodate new connection requests.
Page 203: Chapter 15 Content Filtering
This chapter covers how to configure content filtering. 15.1 Content Filtering Overview Internet content filtering allows you to create and enforce Internet access policies tailored to your needs. Content filtering gives you the ability to block web sites that contain key words (that you specify) in the URL.
Page 204: Configuring The Schedule
Prestige 2602H/HW Series User’s Guide Figure 85 Content Filter: Keyword The following table describes the labels in this screen. Table 62 Content Filter: Keyword LABEL Enable Keyword Blocking Block Websites that contain these keywords in the URL: Delete Clear All Keyword Add Keyword Back...
Page 205: Configuring Trusted Computers
Figure 86 Content Filter: Schedule The following table describes the labels in this screen. Table 63 Content Filter: Schedule LABEL DESCRIPTION Days to Block: Select a check box to configure which days of the week (or everyday) you want the content filtering to be active.
Page 206: Figure 87 Content Filter: Trusted
Prestige 2602H/HW Series User’s Guide Figure 87 Content Filter: Trusted The following table describes the labels in this screen. Table 64 Content Filter: Trusted LABEL Trusted User IP Range From Back Apply Cancel DESCRIPTION Type the IP address of a computer (or the beginning IP address of a specific range of computers) on the LAN that you want to exclude from content filtering.
Page 207: Chapter 16 Introduction To Ipsec
This chapter introduces the basics of IPSec VPNs. 16.1 VPN Overview A VPN (Virtual Private Network) provides secure communications between sites without the expense of leased site-to-site lines. A secure VPN is a combination of tunneling, encryption, authentication, access control and auditing technologies/services used to transport traffic over the Internet or any insecure network that uses the TCP/IP protocol suite for communication.
Page 208: Data Confidentiality
Prestige 2602H/HW Series User’s Guide Figure 88 Encryption and Decryption 16.1.3.2 Data Confidentiality The IPSec sender can encrypt packets before transmitting them across a network. 16.1.3.3 Data Integrity The IPSec receiver can validate packets sent by the IPSec sender to ensure that the data has not been altered during transmission.
Page 209: Ipsec Architecture
16.2 IPSec Architecture The overall IPSec architecture is shown as follows. Figure 89 IPSec Architecture 16.2.1 IPSec Algorithms The ESP (Encapsulating Security Payload) Protocol (RFC 2406) and AH (Authentication Header) protocol (RFC 2402) describe the packet formats and the default standards for packet structure (including implementation algorithms).
Page 210: Transport Mode
Prestige 2602H/HW Series User’s Guide Figure 90 Transport and Tunnel Mode IPSec Encapsulation 16.3.1 Transport Mode Transport mode is used to protect upper layer protocols and only affects the data in the IP packet. In Transport mode, the IP packet contains the security protocol (AH or ESP) located after the original IP header and options, but before any upper layer protocols contained in the packet (such as TCP and UDP).
Page 211: Table 65 Vpn And Nat
NAT is incompatible with the AH protocol in both Transport and Tunnel mode. An IPSec VPN using the AH protocol digitally signs the outbound packet, both data payload and headers, with a hash value appended to the packet. When using AH protocol, packet contents (the data payload) are not encrypted.
Page 212 Prestige 2602H/HW Series User’s Guide Chapter 16 Introduction to IPSec...
Page 213: Chapter 17 Vpn Screens
This chapter introduces the VPN screens. See the chapter on logs for information on viewing logs and the appendix on logs for IPSec log descriptions. 17.1 VPN/IPSec Overview Use the screens documented in this chapter to configure rules for VPN connections and manage VPN connections.
Page 214: Esp (Encapsulating Security Payload) Protocol
Prestige 2602H/HW Series User’s Guide 17.2.2 ESP (Encapsulating Security Payload) Protocol The ESP protocol (RFC 2406) provides encryption as well as the services offered by AH. ESP authenticating properties are limited compared to the AH due to the non-inclusion of the IP header information during the authentication process.
Page 215: Secure Gateway Address
• If the WAN connection goes down, the Prestige uses the dial backup IP address for the VPN tunnel when using dial backup or the LAN IP address when using traffic redirect. See the chapter on WAN for details on dial backup and traffic redirect. 17.4 Secure Gateway Address Secure Gateway Address is the WAN IP address or domain name of the remote IPSec router (secure gateway).
Page 216: Figure 92 Vpn Summary
Prestige 2602H/HW Series User’s Guide Click VPN and Setup to open the VPN Summary screen. This is a read-only menu of your IPSec rules (tunnels). The IPSec summary menu is read-only. Edit a VPN by selecting an index number and then configuring its associated submenus. Figure 92 VPN Summary The following table describes the fields in this screen.
Page 217: Keep Alive
Table 67 VPN Summary (continued) LABEL DESCRIPTION Remote This is the IP address(es) of computer(s) on the remote network behind the remote Address IPSec router. This field displays N/A when the Secure Gateway Address field displays 0.0.0.0. In this case only the remote IPSec router can initiate the VPN. The same (static) IP address is displayed twice when the Remote Address Type field in the VPN-IKE (or VPN-Manual Key) screen is configured to Single.
Page 218: Nat Traversal
Prestige 2602H/HW Series User’s Guide The following figure depicts an example where three VPN tunnels are created from Prestige A; one to branch office 2, one to branch office 3 and another to headquarters. In order to access computers that use private domain names on the headquarters (HQ) network, the Prestige at branch office 1 uses the Intranet DNS server in headquarters.
Page 219: Nat Traversal Configuration
17.8.1 NAT Traversal Configuration For NAT traversal to work you must: • Use ESP security protocol (in either transport or tunnel mode). • Use IKE keying mode. • Enable NAT traversal on both IPSec endpoints. In order for IPSec router A (see from IPSec router B, set the NAT router to forward UDP port 500 to IPSec router A.
Page 220: Id Type And Content Examples
Prestige 2602H/HW Series User’s Guide Table 68 Local ID Type and Content Fields LOCAL ID TYPE= CONTENT= Type the IP address of your computer or leave the field blank to have the Prestige automatically use its own IP address. Type a domain name (up to 31 characters) by which to identify this Prestige. E-mail Type an e-mail address (up to 31 characters) by which to identify this Prestige.
Page 221: Pre-Shared Key
The two Prestiges in this example cannot complete their negotiation because Prestige B’s Local ID type is IP, but Prestige A’s Peer ID type is set to E-mail. An “ID mismatched” message displays in the IPSEC LOG. Table 71 Mismatching ID Type and Content Configuration Example PRESTIGE A Local ID type: IP Local ID content: 1.1.1.10...
Page 222: Figure 95 Vpn Ike
Prestige 2602H/HW Series User’s Guide Figure 95 VPN IKE The following table describes the fields in this screen. Chapter 17 VPN Screens...
Page 223: Table 72 Vpn Ike
Table 72 VPN IKE LABEL DESCRIPTION IPSec Setup Active Select this check box to activate this VPN policy. This option determines whether a VPN rule is applied before a packet leaves the firewall. Keep Alive Select either Yes or No from the drop-down list box. Select Yes to have the Prestige automatically reinitiate the SA after the SA lifetime times out, even if there is no traffic.
Page 224 Prestige 2602H/HW Series User’s Guide Table 72 VPN IKE (continued) LABEL DESCRIPTION IP Address Start When the Local Address Type field is configured to Single, enter a (static) IP address on the LAN behind your Prestige. When the Local Address Type field is configured to Range, enter the beginning (static) IP address, in a range of computers on your LAN behind your Prestige.
Page 225 Table 72 VPN IKE (continued) LABEL DESCRIPTION My IP Address Enter the WAN IP address of your Prestige. The VPN tunnel has to be rebuilt if this IP address changes. The following applies if this field is configured as 0.0.0.0: The Prestige uses the current Prestige WAN IP address (static or dynamic) to set up the VPN tunnel.
Page 226: Ike Phases
Prestige 2602H/HW Series User’s Guide Table 72 VPN IKE (continued) LABEL DESCRIPTION Pre-Shared Key Type your pre-shared key in this field. A pre-shared key identifies a communicating party during a phase 1 IKE negotiation. It is called "pre-shared" because you have to share it with another party before you can communicate with them over a secure connection.
Page 227: Figure 96 Two Phases To Set Up The Ipsec Sa
Figure 96 Two Phases to Set Up the IPSec SA In phase 1 you must: • Choose a negotiation mode. • Authenticate the connection by entering a pre-shared key. • Choose an encryption algorithm. • Choose an authentication algorithm. • Choose a Diffie-Hellman public-key cryptography key group (DH1 or DH2). •...
Page 228: Negotiation Mode
Prestige 2602H/HW Series User’s Guide 17.12.1 Negotiation Mode The phase 1 Negotiation Mode you select determines how the Security Association (SA) will be established for each connection through IKE negotiations. • Main Mode ensures the highest level of security when the communicating parties are negotiating authentication (phase 1).
Page 229: Figure 97 Vpn Ike: Advanced Setup
Figure 97 VPN IKE: Advanced Setup The following table describes the fields in this screen. Table 73 VPN IKE: Advanced Setup LABEL DESCRIPTION VPN - IKE Protocol Enter 1 for ICMP, 6 for TCP, 17 for UDP, etc. 0 is the default and signifies any protocol.
Page 230 Prestige 2602H/HW Series User’s Guide Table 73 VPN IKE: Advanced Setup (continued) LABEL DESCRIPTION Remote Start Port 0 is the default and signifies any port. Type a port number from 0 to 65535. Some of the most common IP ports are: 21, FTP; 53, DNS; 23, Telnet; 80, HTTP; 25, SMTP;...
Page 231: Manual Key Setup
Table 73 VPN IKE: Advanced Setup (continued) LABEL DESCRIPTION Encryption This field is available when you select ESP in the Active Protocol field. Algorithm Select DES, 3DES, AES or NULL from the drop-down list box. When you use one of these encryption algorithms for data communications, both the sending device and the receiving device must use the same secret key, which can be used to encrypt and decrypt the message or to generate and verify a message authentication code.
Page 232: Configuring Manual Key
Prestige 2602H/HW Series User’s Guide 17.15 Configuring Manual Key You only configure VPN Manual Key when you select Manual in the IPSec Key Mode field on the VPN IKE screen. This is the VPN Manual Key screen as shown next. Figure 98 VPN: Manual Key The following table describes the fields in this screen.
Page 233: Table 74 Vpn: Manual Key
Table 74 VPN: Manual Key LABEL DESCRIPTION IPSec Setup Active Select this check box to activate this VPN policy. Name Type up to 32 characters to identify this VPN policy. You may use any character, including spaces, but the Prestige drops trailing spaces. IPSec Key Mode Select IKE or Manual from the drop-down list box.
Page 234 Prestige 2602H/HW Series User’s Guide Table 74 VPN: Manual Key (continued) LABEL DESCRIPTION End / Subnet Mask When the Remote Address Type field is configured to Single, this field is N/A. When the Remote Address Type field is configured to Range, enter the end (static) IP address, in a range of computers on the network behind the remote IPSec router.
Page 235: Viewing Sa Monitor
17.16 Viewing SA Monitor Click VPN and Monitor to open the SA Monitor screen as shown. Use this screen to display and manage active VPN connections. A Security Association (SA) is the group of security settings related to a specific VPN tunnel. This screen displays active VPN connections.
Page 236: Figure 99 Vpn: Sa Monitor
Prestige 2602H/HW Series User’s Guide Figure 99 VPN: SA Monitor The following table describes the fields in this screen. Table 75 VPN: SA Monitor LABEL DESCRIPTION This is the security association index number. Name This field displays the identification name for this VPN policy. Encapsulation This field displays Tunnel or Transport mode.
Page 237: Configuring Global Setting
17.17 Configuring Global Setting To change your Prestige’s global settings, click VPN and then Global Setting. The screen appears as shown. Figure 100 VPN: Global Setting The following table describes the fields in this screen. Table 76 VPN: Global Setting LABEL Windows Networking (NetBIOS over TCP/IP)
Page 238: Telecommuters Using Unique Vpn Rules Example
Prestige 2602H/HW Series User’s Guide Figure 101 Telecommuters Sharing One VPN Rule Example Table 77 Telecommuters Sharing One VPN Rule Example FIELDS TELECOMMUTERS My IP Address: 0.0.0.0 (dynamic IP address assigned by the ISP) Secure Gateway IP Public static IP address Address: Local IP Address: Telecommuter A: 192.168.2.12...
Page 239: Figure 102 Telecommuters Using Unique Vpn Rules Example
Figure 102 Telecommuters Using Unique VPN Rules Example Table 78 Telecommuters Using Unique VPN Rules Example TELECOMMUTERS All Telecommuter Rules: My IP Address 0.0.0.0 Secure Gateway Address: bigcompanyhq.com Remote IP Address: 192.168.1.10 Peer ID Type: E-mail Peer ID Content: bob@bigcompanyhq.com Telecommuter A (telecommutera.dydns.org) Local ID Type: IP Local ID Content: 192.168.2.12...
Page 240: Vpn And Remote Management
Prestige 2602H/HW Series User’s Guide 17.19 VPN and Remote Management If a VPN tunnel uses Telnet, FTP, WWW, then you should configure remote management (Remote Management) to allow access for that service. Chapter 17 VPN Screens...
Page 241: Remote Management Configuration
This chapter provides information on configuring remote management. 18.1 Remote Management Overview Remote management allows you to determine which services/protocols can access which Prestige interface (if any) from which computers. When you configure remote management to allow management from the WAN, you still need to configure a firewall rule to allow access.
Page 242: Remote Management And Nat
Prestige 2602H/HW Series User’s Guide • A filter in SMT menu 3.1 (LAN) or in menu 11.5 (WAN) is applied to block a Telnet, FTP or Web service. • You have disabled that service in one of the remote management screens. •...
Page 243: Web
18.4 Web You can use the Prestige’s embedded web configurator for configuration and file management. See the online help for details. 18.5 Configuring Remote Management Click Remote Management to open the following screen. Figure 104 Remote Management The following table describes the fields in this screen. Table 79 Remote Management LABEL DESCRIPTION...
Page 244 Prestige 2602H/HW Series User’s Guide Chapter 18 Remote Management Configuration...
Page 245: Universal Plug-And-Play (Upnp)
Universal Plug-and-Play (UPnP) This chapter introduces the UPnP feature in the web configurator. 19.1 Introducing Universal Plug and Play Universal Plug and Play (UPnP) is a distributed, open networking standard that uses TCP/IP for simple peer-to-peer network connectivity between devices. A UPnP device can dynamically join a network, obtain an IP address, convey its capabilities and learn about other devices on the network.
Page 246: Upnp And Zyxel
Prestige 2602H/HW Series User’s Guide All UPnP-enabled devices may communicate freely with each other without additional configuration. Disable UPnP if this is not your intention. 19.2 UPnP and ZyXEL ZyXEL has achieved UPnP certification from the Universal Plug and Play Forum Creates UPnP™...
Page 247: Installing Upnp In Windows Example
Table 80 Configuring UPnP LABEL Enable the Universal Plug and Play (UPnP) Service Allow users to make configuration changes through UPnP Allow UPnP to pass through Firewall Apply Cancel 19.3 Installing UPnP in Windows Example This section shows how to install UPnP in Windows Me and Windows XP. Installing UPnP in Windows Me Follow the steps below to install the UPnP in Windows Me.
Page 248: Figure 106 Add/Remove Programs: Windows Setup: Communication
Prestige 2602H/HW Series User’s Guide Figure 106 Add/Remove Programs: Windows Setup: Communication 3 In the Communications window, select the Universal Plug and Play check box in the Components selection box. Figure 107 Add/Remove Programs: Windows Setup: Communication: Components 4 Click OK to go back to the Add/Remove Programs Properties window and click Next. 5 Restart the computer when prompted.
Page 249: Figure 108 Network Connections
Installing UPnP in Windows XP Follow the steps below to install the UPnP in Windows XP. 1 Click Start and Control Panel. 2 Double-click Network Connections. 3 In the Network Connections window, click Advanced in the main menu and select Optional Networking Components ….
Page 250: Figure 109 Windows Optional Networking Components Wizard
Prestige 2602H/HW Series User’s Guide Figure 109 Windows Optional Networking Components Wizard 5 In the Networking Services window, select the Universal Plug and Play check box. Chapter 19 Universal Plug-and-Play (UPnP)
Page 251: Using Upnp In Windows Xp Example
Figure 110 Networking Services 6 Click OK to go back to the Windows Optional Networking Component Wizard window and click Next. 19.4 Using UPnP in Windows XP Example This section shows you how to use the UPnP feature in Windows XP. You must already have UPnP installed in Windows XP and UPnP activated on the Prestige.
Page 252: Figure 111 Network Connections
Prestige 2602H/HW Series User’s Guide Figure 111 Network Connections 3 In the Internet Connection Properties window, click Settings to see the port mappings there were automatically created. Chapter 19 Universal Plug-and-Play (UPnP)
Page 253: Figure 112 Internet Connection Properties
Prestige 2602H/HW Series User’s Guide Figure 112 Internet Connection Properties 4 You may edit or delete the port mappings or click Add to manually add port mappings. Chapter 19 Universal Plug-and-Play (UPnP)
Page 254: Figure 113 Internet Connection Properties: Advanced Settings
Prestige 2602H/HW Series User’s Guide Figure 113 Internet Connection Properties: Advanced Settings Figure 114 Internet Connection Properties: Advanced Settings: Add 5 When the UPnP-enabled device is disconnected from your computer, all port mappings will be deleted automatically. 6 Select Show icon in notification area when connected option and click OK. An icon displays in the system tray.
Page 255: Figure 115 System Tray Icon
Figure 115 System Tray Icon 7 Double-click on the icon to display your current Internet connection status. Figure 116 Internet Connection Status Web Configurator Easy Access With UPnP, you can access the web-based configurator on the Prestige without finding out the IP address of the Prestige first.
Page 256: Figure 117 Network Connections
Prestige 2602H/HW Series User’s Guide Figure 117 Network Connections 4 An icon with the description for each UPnP-enabled device displays under Local Network. 5 Right-click on the icon for your Prestige and select Invoke. The web configurator login screen displays. Chapter 19 Universal Plug-and-Play (UPnP)
Page 257: Figure 118 Network Connections: My Network Places
Prestige 2602H/HW Series User’s Guide Figure 118 Network Connections: My Network Places 6 Right-click on the icon for your Prestige and select Properties. A properties window displays with basic information about the Prestige. Figure 119 Network Connections: My Network Places: Properties: Example Chapter 19 Universal Plug-and-Play (UPnP)
Page 258 Prestige 2602H/HW Series User’s Guide Chapter 19 Universal Plug-and-Play (UPnP)
Page 259: Chapter 20 Logs Screens
This chapter contains information about configuring general log settings and viewing the Prestige’s logs. Refer to the appendix for example log message explanations. 20.1 Logs Overview The web configurator allows you to choose which categories of events and/or alerts to have the Prestige log and then display the logs or have the Prestige send them to an administrator (as e-mail) or to a syslog server.
Page 260: Figure 120 Log Settings
Prestige 2602H/HW Series User’s Guide Figure 120 Log Settings Chapter 20 Logs Screens...
Page 261: Table 81 Log Settings
The following table describes the fields in this screen. Table 81 Log Settings LABEL DESCRIPTION Address Info Mail Server Enter the server name or the IP address of the mail server for the e-mail addresses specified below. If this field is left blank, logs and alert messages will not be sent via e-mail.
Page 262: Displaying The Logs
Prestige 2602H/HW Series User’s Guide 20.3 Displaying the Logs Click Logs and then View Log to open the View Logs screen. Use the View Logs screen to see the logs for the categories that you selected in the Log Settings screen (see page 259).
Page 263: Example E-Mail Log
E-mail error messages appear in SMT menu 24.3.1 as "SMTP action request failed. ret= ??". The “??"are described in the following table. Table 83 SMTP Error Messages -1 means Prestige out of socket -2 means tcp SYN fail -3 means smtp server OK fail -4 means HELO fail -5 means MAIL FROM fail -6 means RCPT TO fail...
Page 264: Figure 122 E-Mail Log Example
Prestige 2602H/HW Series User’s Guide Figure 122 E-mail Log Example Subject: Firewall Alert From Prestige Date: Fri, 07 Apr 2000 10:05:42 From: user@zyxel.com user@zyxel.com 1|Apr 7 00 |From:192.168.1.1 |forward | 09:54:03 |UDP 2|Apr 7 00 |From:192.168.1.131 |forward | 09:54:17 |UDP 3|Apr 7 00 |From:192.168.1.6 | 09:54:19 |UDP...
Page 265: Media Bandwidth Management Advanced Setup
Media Bandwidth Management This chapter describes the functions and advanced configuration of bandwidth management. 21.1 Bandwidth Management Advanced Setup Overview Bandwidth management allows you to allocate an interface’s outgoing capacity to specific types of traffic. It can also help you make sure that the Prestige forwards certain types of traffic (especially real-time applications) with minimum delay.
Page 266: Proportional Bandwidth Allocation
Prestige 2602H/HW Series User’s Guide you configure child-classes with filters for any classes that you configure without filters. The Prestige leaves the bandwidth budget allocated and unused for a class that does not have a filter itself or child-classes with filters. View your configured bandwidth classes and child- classes in the Class Setup screen (see The total of the configured bandwidth budgets for child-classes cannot exceed the configured bandwidth budget speed of the parent class.
Page 267: Application And Subnet-Based Bandwidth Management Example
Figure 124 Subnet-based Bandwidth Management Example 21.4.3 Application and Subnet-based Bandwidth Management Example The following example uses bandwidth classes based on LAN subnets and applications (specific applications in each subnet are allotted bandwidth). Table 84 Application and Subnet-based Bandwidth Management Example TRAFFIC TYPE VoIP E-mail...
Page 268: Scheduler
Prestige 2602H/HW Series User’s Guide 21.5 Scheduler The scheduler divides up an interface’s bandwidth among the bandwidth classes. The Prestige has two types of scheduler: fairness-based and priority-based. 21.5.1 Priority-based Scheduler With the priority-based scheduler, the Prestige forwards traffic from bandwidth classes according to the priorities that you assign to the bandwidth classes.
Page 269: Maximize Bandwidth Usage Example
21.6.2 Maximize Bandwidth Usage Example Here is an example of a Prestige that has maximized bandwidth usage enabled on an interface. The first figure shows each bandwidth class’s bandwidth budget and priority. The classes are set up based on subnets. The interface is set to 10 Mbps. Each subnet is allocated 2 Mbps. The unbudgeted 2 Mbps allows traffic not defined in one of the bandwidth filters to go out when you do not select the maximize bandwidth option.
Page 270: Bandwidth Borrowing
Prestige 2602H/HW Series User’s Guide Figure 127 Maximize Bandwidth Usage Example 21.7 Bandwidth Borrowing Bandwidth borrowing allows a child-class to borrow unused bandwidth from its parent class, whereas maximize bandwidth usage allows bandwidth classes to borrow any unused or unbudgeted bandwidth on the whole interface. Enable bandwidth borrowing on a child-class to allow the child-class to use its parent class’s unused bandwidth.
Page 271: Maximize Bandwidth Usage With Bandwidth Borrowing
Figure 128 Bandwidth Borrowing Example • The Administration and Sales classes cannot borrow unused bandwidth from the Root class because the Administration and Sales classes has bandwidth borrowing disabled. • The Marketing and R&D classes can both borrow unused bandwidth from the Root class because the Marketing and R&D classes both have bandwidth borrowing enabled.
Page 272: Figure 129 Media Bandwidth Management: Summary
Prestige 2602H/HW Series User’s Guide Figure 129 Media Bandwidth Management: Summary The following table describes the labels in this screen. Table 85 Media Bandwidth Management: Summary LABEL DESCRIPTION These read-only labels represent the physical interfaces. WLAN Active Select an interface’s check box to enable bandwidth management on that interface. Bandwidth management applies to all traffic flowing out of the router through the interface, regardless of the traffic’s source.
Page 273: Configuring Class Setup
21.9 Configuring Class Setup The class setup screen displays the configured bandwidth classes by individual interface. Select an interface and click the buttons to perform the actions described next. Click “+” to expand the class tree or click “-“ to collapse the class tree. Each interface has a permanent root class.
Page 274: Media Bandwidth Management Class Configuration
Prestige 2602H/HW Series User’s Guide 21.9.1 Media Bandwidth Management Class Configuration Configure a bandwidth management class in the Class Configuration screen. You must use the Media Bandwidth Management - Summary screen to enable bandwidth management on an interface before you can configure classes for that interface. To add a child class, click Media Bandwidth Management, then Class Setup.
Page 275 Table 87 Media Bandwidth Management: Class Configuration (continued) LABEL Borrow bandwidth from parent class Bandwidth Filter The Prestige uses a bandwidth filter to identify the traffic that belongs to a bandwidth class. Active Service Destination IP Address Destination Subnet Mask Destination Port Source IP Address Source Subnet...
Page 276: Media Bandwidth Management Statistics
Prestige 2602H/HW Series User’s Guide Table 87 Media Bandwidth Management: Class Configuration (continued) LABEL Apply Cancel Table 88 Services and Port Numbers SERVICES ECHO FTP (File Transfer Protocol) SMTP (Simple Mail Transfer Protocol) DNS (Domain Name System) Finger HTTP (Hyper Text Transfer protocol or WWW, Web) POP3 (Post Office Protocol) NNTP (Network News Transport Protocol) SNMP (Simple Network Management Protocol)
Page 277: Bandwidth Monitor
Figure 132 Media Bandwidth Management Statistics The following table describes the labels in this screen. Table 89 Media Bandwidth Management Statistics LABEL DESCRIPTION Class Name This field displays the name of the class the statistics page is showing. Budget (kbps) This field displays the amount of bandwidth allocated to the class.
Page 278: Figure 133 Media Bandwidth Management: Monitor
Prestige 2602H/HW Series User’s Guide Figure 133 Media Bandwidth Management: Monitor The following table describes the labels in this screen. Table 90 Media Bandwidth Management: Monitor LABEL Interface Class Name Budget (kbps) Current Usage (kbps) Back Refresh DESCRIPTION Select an interface from the drop-down list box to view the bandwidth usage of its bandwidth classes.
Page 279: Chapter 22 Maintenance
This chapter displays system information such as ZyNOS firmware, port IP addresses and port traffic statistics. 22.1 Maintenance Overview The maintenance screens can help you view system information, upload new firmware, manage configuration and restart your Prestige. 22.2 System Status Screen Click System Status to open the following screen, where you can use to monitor your Prestige.
Page 280: Figure 134 System Status
Prestige 2602H/HW Series User’s Guide Figure 134 System Status Chapter 22 Maintenance...
Page 281: Table 91 System Status
The following table describes the fields in this screen. Table 91 System Status LABEL DESCRIPTION System Status System Name This is the name of your Prestige. It is for identification purposes. ZyNOS Firmware This is the ZyNOS firmware version and the date created. ZyNOS is ZyXEL's Version proprietary Network Operating System design.
Page 282: System Statistics
Prestige 2602H/HW Series User’s Guide 22.2.1 System Statistics Click Show Statistics in the System Status screen to open the following screen. Read-only information here includes port status and packet specific statistics. Also provided are "system up time" and "poll interval(s)". The Poll Interval(s) field is configurable. Figure 135 System Status: Show Statistics The following table describes the fields in this screen.
Page 283: Dhcp Table Screen
Table 92 System Status: Show Statistics (continued) LABEL DESCRIPTION Status For the WAN port, this displays the port speed and duplex setting if you're using Ethernet encapsulation and down (line is down), idle (line (ppp) idle), dial (starting to trigger a call) and drop (dropping a call) if you're using PPPoE encapsulation.
Page 284: Any Ip Table Screen
Prestige 2602H/HW Series User’s Guide Figure 136 DHCP Table The following table describes the fields in this screen. Table 93 DHCP Table LABEL DESCRIPTION Host Name This is the name of the host computer. IP Address This field displays the IP address relative to the Host Name field. MAC Address This field displays the MAC (Media Access Control) address of the computer with the displayed host name.
Page 285: Wireless Screen
Table 94 Any IP Table LABEL DESCRIPTION MAC Address This field displays the MAC (Media Access Control) address of the computer with the displayed IP address. Every Ethernet device has a unique MAC address. The MAC address is assigned at the factory and consists of six pairs of hexadecimal characters, for example, 00:A0:C5:00:00:02.
Page 286: Diagnostic Screens
Prestige 2602H/HW Series User’s Guide 22.6 Diagnostic Screens These read-only screens display information to help you identify problems with the Prestige. 22.6.1 Diagnostic General Screen Click Diagnostic and then General to open the screen shown next. Figure 139 Diagnostic: General The following table describes the fields in this screen.
Page 287: Figure 140 Diagnostic: Dsl Line
Figure 140 Diagnostic: DSL Line The following table describes the fields in this screen. Table 97 Diagnostic: DSL Line LABEL Reset ADSL Click this button to reinitialize the ADSL line. The large text box above then displays Line the progress and results of this operation, for example: "Start to reset ADSL Loading ADSL modem F/W...
Page 288: Firmware Screen
Prestige 2602H/HW Series User’s Guide 22.7 Firmware Screen Find firmware at www.zyxel.com in a file that (usually) uses the system model name with a "*.bin" extension, e.g., "Prestige.bin". The upload process uses HTTP (Hypertext Transfer Protocol) and may take up to two minutes. After a successful upload, the system will reboot. Chapter 38 on page 389 Only use firmware for your device’s specific model.
Page 289: Figure 142 Network Temporarily Disconnected
Prestige 2602H/HW Series User’s Guide The Prestige automatically restarts in this time causing a temporary network disconnect. In some operating systems, you may see the following icon on your desktop. Figure 142 Network Temporarily Disconnected After two minutes, log in again and check your new firmware version in the System Status screen.
Page 290 Prestige 2602H/HW Series User’s Guide Chapter 22 Maintenance...
Page 291: Chapter 23 Introducing The Smt
This chapter explains how to access and navigate the System Management Terminal and gives an overview of its menus. 23.1 Introduction to the SMT The Prestige’s SMT (System Management Terminal) is a menu-driven interface that you can access over a telnet connection. This chapter shows you how to access the SMT menus Telnet. 23.1.1 Procedure for SMT Configuration via Telnet The following procedure details how to telnet into your Prestige.
Page 292: Navigating The Smt Interface
Prestige 2602H/HW Series User’s Guide Figure 144 Login Screen Enter Password : **** 23.2 Navigating the SMT Interface The SMT (System Management Terminal) is the interface that you use to configure your Prestige. Several operations that you should be familiar with before you attempt to modify the configuration are listed in the table below.
Page 293: System Management Terminal Interface Summary
After you enter the password, the SMT displays the main menu, as shown next. Table 100 SMT Main Menu Copyright (c) 1994 - 2004 ZyXEL Communications Corp. Getting Started 1. General Setup 2. WAN Backup Setup 3. LAN Setup 4. Internet Access Setup Advanced Applications 11.
Page 294: Smt Menus Overview
Prestige 2602H/HW Series User’s Guide 23.2.2 SMT Menus Overview The following table gives you an overview of your Prestige’s various SMT menus. Table 102 SMT Menus Overview MENUS 1 General Setup 2 WAN Backup Setup 3 LAN Setup 4 Internet Access Setup 11 Remote Node Setup...
Page 295: Changing The System Password
Table 102 SMT Menus Overview (continued) MENUS 24 System Maintenance 25 IP Routing Policy Setup 26 Schedule Setup 27 VPN/IPSec Setup 27.1 IPSec Summary 23.3 Changing the System Password Change the Prestige default password by following the steps shown next. 1 Enter 23 in the main menu to display Menu 23 - System Security.
Page 296: Figure 145 Menu 23.1 Change Password
Prestige 2602H/HW Series User’s Guide Figure 145 Menu 23.1 Change Password Menu 23.1 - System Security - Change Password Enter here to CONFIRM or ESC to CANCEL: 4 Type your new system password in the New Password field (up to 30 characters), and press [ENTER].
Page 297: Chapter 24 Menu 1 General Setup
Menu 1 - General Setup contains administrative and system-related information. 24.1 General Setup Menu 1 — General Setup contains administrative and system-related information (shown next). The System Name field is for identification purposes. However, because some ISPs check this name you should enter your computer's "Computer Name". •...
Page 298: Procedure To Configure Dynamic Dns
Prestige 2602H/HW Series User’s Guide Figure 146 Menu 1 General Setup Press ENTER to Confirm or ESC to Cancel: Fill in the required fields. Refer to the table shown next for more information about these fields. Table 103 Menu 1 General Setup FIELD System Name Location (optional)
Page 299: Figure 147 Menu 1.1 Configure Dynamic Dns
Figure 147 Menu 1.1 Configure Dynamic DNS Follow the instructions in the next table to configure dynamic DNS parameters. Table 104 Menu 1.1 Configure Dynamic DNS FIELD DESCRIPTION Service Provider This is the name of your dynamic DNS service provider. Active Press [SPACE BAR] to select Yes and then press [ENTER] to make dynamic DNS active.
Page 300 Prestige 2602H/HW Series User’s Guide Chapter 24 Menu 1 General Setup...
Page 301: Chapter 25 Menu 2 Wan Backup Setup
Menu 2 WAN Backup Setup This chapter describes how to configure traffic redirect and dial-backup using menu 2 and 2.1. 25.1 Introduction to WAN Backup Setup This chapter explains how to configure the Prestige for traffic redirect connections. 25.2 Configuring WAN Backup in Menu 2 From the main menu, enter 2 to open menu 2.
Page 302: Traffic Redirect Setup
Prestige 2602H/HW Series User’s Guide Table 105 Menu 2 WAN Backup Setup (continued) FIELD KeepAlive Fail Tolerance Recovery Interval(sec) When the Prestige is using a lower priority connection (usually a WAN backup ICMP Timeout Traffic Redirect When you have completed this menu, press [ENTER] at the prompt “ or ESC to Cancel: 25.2.1 Traffic Redirect Setup Configure parameters that determine when the Prestige will forward WAN traffic to the...
Page 303 Table 106 Menu 2.1Traffic Redirect Setup FIELD DESCRIPTION Metric This field sets this route's priority among the routes the Prestige uses. The metric represents the "cost of transmission". A router determines the best route for transmission by choosing a path with the lowest "cost". RIP routing uses hop count as the measurement of cost, with a minimum of "1"...
Page 304 Prestige 2602H/HW Series User’s Guide Chapter 25 Menu 2 WAN Backup Setup...
Page 305: Chapter 26 Menu 3 Lan Setup
This chapter covers how to configure your wired Local Area Network (LAN) settings. 26.1 LAN Setup This section describes how to configure the Ethernet using Menu 3 — LAN Setup. From the main menu, enter 3 to display menu 3. Figure 150 Menu 3 LAN Setup Menu 3 - LAN Setup 1.
Page 306: Tcp/Ip Ethernet Setup And Dhcp
Prestige 2602H/HW Series User’s Guide • For TCP/IP Ethernet setup refer to • For bridging Ethernet setup refer to 26.3 TCP/IP Ethernet Setup and DHCP Use menu 3.2 to configure your Prestige for TCP/IP. To edit menu 3.2, enter 3 from the main menu to display Menu 3 — LAN Setup. When menu 3 appears, press 2 and press [ENTER] to display Menu 3.2 —...
Page 307: Table 108 Tcp/Ip Ethernet Setup
Table 107 DHCP Ethernet Setup (continued) FIELD Size of Client IP Pool Primary DNS Server Secondary DNS Server Remote DHCP Serve Follow the instructions in the following table to configure TCP/IP parameters for the Ethernet port. Table 108 TCP/IP Ethernet Setup FIELD DESCRIPTION TCP/IP Setup...
Page 308 Prestige 2602H/HW Series User’s Guide Chapter 26 Menu 3 LAN Setup...
Page 309: Chapter 27 Wireless Lan Setup
This chapter covers how to configure wireless LAN settings in SMT menu 3.5. 27.1 Wireless LAN Overview Refer to the chapter on the wireless LAN screens for wireless LAN background information. 27.2 Wireless LAN Setup Use menu 3.5 to set up your Prestige as the wireless access point. To edit menu 3.5, enter 3 from the main menu to display Menu 3 –...
Page 310: Wireless Lan Mac Address Filter
Prestige 2602H/HW Series User’s Guide Table 109 Menu 3.5 - Wireless LAN Setup (continued) FIELD DESCRIPTION Channel ID Press [SPACE BAR] to select a channel. This allows you to set the operating frequency/ channel depending on your particular region. RTS (Request To Send) threshold (number of bytes) enables RTS/CTS handshake. Threshold Data with its frame size larger than this value will perform the RTS/CTS handshake.
Page 311: Figure 154 Menu 3.5.1 Wlan Mac Address Filtering
Figure 154 Menu 3.5.1 WLAN MAC Address Filtering -------------------------------------------------------------------------- 00:00:00:00:00:00 00:00:00:00:00:00 00:00:00:00:00:00 00:00:00:00:00:00 00:00:00:00:00:00 00:00:00:00:00:00 00:00:00:00:00:00 00:00:00:00:00:00 00:00:00:00:00:00 00:00:00:00:00:00 00:00:00:00:00:00 00:00:00:00:00:00 -------------------------------------------------------------------------- The following table describes the fields in this menu. Table 110 Menu 3.5.1 WLAN MAC Address Filtering FIELD DESCRIPTION Active To enable MAC address filtering, press [SPACE BAR] to select Yes and press...
Page 312 Prestige 2602H/HW Series User’s Guide Chapter 27 Wireless LAN Setup...
Page 313: Chapter 28 Internet Access
This chapter shows you how to configure the LAN and WAN of your Prestige for Internet access 28.1 Internet Access Overview Refer to the chapters on the web configurator’s wizard, LAN and WAN screens for more background information on fields in the SMT screens covered in this chapter. 28.2 IP Policies Traditionally, routing is based on the destination address only and the router takes the shortest path to forward a packet.
Page 314: Ip Alias Setup
Prestige 2602H/HW Series User’s Guide Figure 155 IP Alias Network Example Use menu 3.2.1 to configure IP Alias on your Prestige. 28.4 IP Alias Setup Use menu 3.2 to configure the first network. Move the cursor to Edit IP Alias field and press [SPACEBAR] to choose Yes and press [ENTER] to configure the second and third network.
Page 315: Route Ip Setup
Figure 157 Menu 3.2.1 IP Alias Setup Menu 3.2.1 - IP Alias Setup IP Alias 1= No IP Alias 2= No Follow the instructions in the following table to configure IP Alias parameters. Table 111 Menu 3.2.1 IP Alias Setup FIELD DESCRIPTION IP Alias...
Page 316: Internet Access Configuration
Prestige 2602H/HW Series User’s Guide Figure 158 Menu 1 General Setup Menu 1 - General Setup Press ENTER to Confirm or ESC to Cancel: 28.6 Internet Access Configuration Menu 4 allows you to enter the Internet Access information in one screen. Menu 4 is actually a simplified setup for one of the remote nodes that you can access in menu 11.
Page 317: Table 112 Menu 4 Internet Access Setup
Table 112 Menu 4 Internet Access Setup FIELD DESCRIPTION ISP’s Name Enter the name of your Internet Service Provider (ISP). This information is for identification purposes only. Encapsulation Press [ Choices are PPPoE, PPPoA, RFC 1483 or ENET ENCAP. Multiplexing Press [ Choices are VC-based or LLC-based.
Page 318 Prestige 2602H/HW Series User’s Guide Chapter 28 Internet Access...
Page 319: Remote Node Configuration
Remote Node Configuration This chapter covers remote node configuration. 29.1 Remote Node Setup Overview This section describes the protocol-independent parameters for a remote node. A remote node is required for placing calls to a remote gateway. A remote node represents both the remote gateway and the network behind it across a WAN connection.
Page 320: Encapsulation And Multiplexing Scenarios
Prestige 2602H/HW Series User’s Guide Figure 160 Menu 11 Remote Node Setup 29.2.2 Encapsulation and Multiplexing Scenarios For Internet access you should use the encapsulation and multiplexing methods used by your ISP. Consult your telephone company for information on encapsulation and multiplexing methods for LAN-to-LAN applications, for example between a branch office and corporate headquarters.
Page 321: Figure 161 Menu 11.1 Remote Node Profile
Figure 161 Menu 11.1 Remote Node Profile Menu 11.1 - Remote Node Profile Rem Node Name= MyISP Active= Yes Encapsulation= RFC 1483 Multiplexing= LLC-based Service Name= N/A Incoming: Rem Login= N/A Rem Password= N/A Outgoing: My Login= N/A My Password= N/A Authen= N/A Press ENTER to Confirm or ESC to Cancel: In Menu 11.1 –...
Page 322: Outgoing Authentication Protocol
Prestige 2602H/HW Series User’s Guide Table 113 Menu 11.1 Remote Node Profile (continued) FIELD DESCRIPTION PAP – accept PAP (Password Authentication Protocol) only. Route This field determines the protocol used in routing. Options are IP and None. Bridge When bridging is enabled, your Prestige will forward any packet that it does not route to this remote node;...
Page 323: Remote Node Network Layer Options
29.3 Remote Node Network Layer Options For the TCP/IP parameters, perform the following steps to edit Menu 11.3 – Remote Node Network Layer Options as shown next. 1 In menu 11.1, make sure IP is among the protocols in the Route field. 2 Move the cursor to the Edit IP/Bridge field, press [SPACE BAR] to select Yes, then press [ENTER] to display Menu 11.3 –...
Page 324: My Wan Addr Sample Ip Addresses
Prestige 2602H/HW Series User’s Guide Table 114 Menu 11.3 Remote Node Network Layer Options (continued) FIELD DESCRIPTION Address When Full Feature is selected in the NAT field, configure address mapping sets in Mapping Set menu 15.1. Select one of the NAT server sets (2-10) in menu 15.2 (see on page 337 When SUA Only is selected in the NAT field, the SMT uses NAT server set 1 in menu 15.2 (see...
Page 325: Remote Node Filter
Figure 163 Sample IP Addresses for a TCP/IP LAN-to-LAN Connection 29.4 Remote Node Filter Move the cursor to the Edit Filter Sets field in menu 11.1, then press [SPACE BAR] to select Yes. Press [ENTER] to display Menu 11.5 – Remote Node Filter. Use Menu 11.5 –...
Page 326: Editing Atm Layer Options
Prestige 2602H/HW Series User’s Guide Figure 164 Menu 11.5 Remote Node Filter (RFC 1483 or ENET Encapsulation) Menu 11.5 - Remote Node Filter Figure 165 Menu 11.5 Remote Node Filter (PPPoA or PPPoE Encapsulation) 29.5 Editing ATM Layer Options Follow the steps shown next to edit Menu 11.6 – Remote Node ATM Layer Options. In menu 11.1, move the cursor to the Edit ATM Options field and then press [SPACE BAR] to select Yes.
Page 327: Llc-Based Multiplexing Or Ppp Encapsulation
Figure 166 Menu 11.6 for VC-based Multiplexing Menu 11.6 - Remote Node ATM Layer Options VPI/VCI (VC-Multiplexing) VC Options for IP: VPI #= 8 VCI #= 35 ATM QoS Type= UBR Peak Cell Rate (PCR)= 0 Sustain Cell Rate (SCR)= 0 Maximum Burst Size (MBS)= 0 29.5.2 LLC-based Multiplexing or PPP Encapsulation For LLC-based multiplexing or PPP encapsulation, one VC carries multiple protocols with...
Page 328: Figure 168 Menu 11.1 Remote Node Profile
Prestige 2602H/HW Series User’s Guide Figure 168 Menu 11.1 Remote Node Profile Rem Node Name= MyISP Active= Yes Encapsulation= PPPoE Multiplexing= LLC-based Service Name= Incoming: Rem Login= Rem Password= ******** Outgoing: My Login= ? My Password= ? Authen= CHAP/PAP Move the cursor to the Edit Advance Options field, press [SPACE BAR] to select Yes, then press [ENTER] to display Menu 11.8 –...
Page 329: Chapter 30 Static Route Setup
This chapter shows how to setup IP static routes. 30.1 IP Static Route Overview Static routes tell the Prestige routing information that it cannot learn automatically through other means. This can arise in cases where RIP is disabled on the LAN or a remote network is beyond the one that is directly connected to a remote node.
Page 330: Figure 171 Menu 12 Static Route Setup
Prestige 2602H/HW Series User’s Guide Figure 171 Menu 12 Static Route Setup From menu 12, select 1 to open Menu 12.1 — IP Static Route Setup (shown next). Figure 172 Menu 12.1 IP Static Route Setup Now, type the route number of a static route you want to configure. Figure 173 Menu12.1.1 Edit IP Static Route Menu 12.1.1 - Edit IP Static Route Press ENTER to Confirm or ESC to Cancel:...
Page 331: Table 116 Menu12.1.1 Edit Ip Static Route
Table 116 Menu12.1.1 Edit IP Static Route FIELD Route # Route Name Active Destination IP Address IP Subnet Mask Gateway IP Address Metric Private When you have completed this menu, press [ENTER] at the prompt “ or ESC to Cancel: Chapter 30 Static Route Setup Prestige 2602H/HW Series User’s Guide DESCRIPTION...
Page 332 Prestige 2602H/HW Series User’s Guide Chapter 30 Static Route Setup...
Page 333: Chapter 31 Bridging Setup
This chapter shows you how to configure the bridging parameters of your Prestige. 31.1 Bridging in General Bridging bases the forwarding decision on the MAC (Media Access Control), or hardware address, while routing does it on the network layer (IP) address. Bridging allows the Prestige to transport packets of network layer protocols that it does not route, for example, SNA, from one network to another.
Page 334: Figure 174 Menu 11.1 Remote Node Profile
Prestige 2602H/HW Series User’s Guide Figure 174 Menu 11.1 Remote Node Profile Rem Node Name= ? Active= Yes Encapsulation= ENET ENCAP Multiplexing= VC-based Service Name= N/A Incoming: Rem Login= N/A Rem Password= N/A Outgoing: My Login= N/A My Password= N/A Authen= N/A Press ENTER to Confirm or ESC to Cancel: 3 Move the cursor to the Edit IP/Bridge field, then press [SPACE BAR] to set the value to...
Page 335: Bridge Static Route Setup
31.2.2 Bridge Static Route Setup Similar to network layer static routes, a bridging static route tells the Prestige the route to a node before a connection is established. You configure bridge static routes in menu 12.3.1 (go to menu 12, choose option 3, then choose a static route to edit) as shown next. Figure 176 Menu 12.3.1 Edit Bridge Static Route Menu 12.3.1 - Edit Bridge Static Route Route #: 1...
Page 336 Prestige 2602H/HW Series User’s Guide Chapter 31 Bridging Setup...
Page 337: Network Address Translation (Nat)
Network Address Translation This chapter discusses how to configure NAT on the Prestige. 32.1 Using NAT You must create a firewall rule in addition to setting up SUA/NAT, to allow traffic from the WAN to be forwarded through the Prestige. 32.1.1 SUA (Single User Account) Versus NAT SUA (Single User Account) is a ZyNOS implementation of a subset of NAT that supports two types of mapping, Many-to-One and Server.
Page 338: Figure 177 Menu 4 Applying Nat For Internet Access
Prestige 2602H/HW Series User’s Guide Figure 177 Menu 4 Applying NAT for Internet Access Menu 4 - Internet Access Setup Press ENTER to Confirm or ESC to Cancel: The following figure shows how you apply NAT to the remote node in menu 11.1. 1 Enter 11 from the main menu.
Page 339: Nat Setup
Table 119 Applying NAT in Menus 4 & 11.3 FIELD DESCRIPTION Press [SPACE BAR] and then [ENTER] to select Full Feature if you have multiple public WAN IP addresses for your Prestige. The SMT uses the address mapping set that you configure and enter in the Address Mapping Set field (see Select None to disable NAT.
Page 340: Sua Address Mapping Set
Prestige 2602H/HW Series User’s Guide Figure 180 Menu 15.1 Address Mapping Sets Menu 15.1 - Address Mapping Sets Enter Menu Selection Number: 32.3.1.1 SUA Address Mapping Set Enter 255 to display the next screen (see also section 27.1.1). The fields in this menu cannot be changed.
Page 341: User-Defined Address Mapping Sets
Table 120 SUA Address Mapping Rules (continued) FIELD DESCRIPTION Global Start IP This is the starting global IP address (IGA). If you have a dynamic IP, enter 0.0.0.0 as the Global Start IP. Global End IP This is the ending global IP address (IGA). Type These are the mapping types.
Page 342: Figure 183 Menu 15.1.1.1 Editing/Configuring An Individual Rule In A Set
Prestige 2602H/HW Series User’s Guide Now if you delete rule 4, rules 5 to 7 will be pushed up by 1 rule, so as old rule 5 becomes rule 4, old rule 6 becomes rule 5 and old rule 7 becomes rule 6. Table 121 Menu 15.1.1 First Set FIELD DESCRIPTION...
Page 343: Configuring A Server Behind Nat
Menu 15.1.1.1 Editing/Configuring an Individual Rule in a Set Table 122 FIELD DESCRIPTION This is the ending local IP address (ILA). If the rule is for all local IPs, then put the Start IP as 0.0.0.0 and the End IP as 255.255.255.255. This field is N/A for One-to-One and Server types.
Page 344: General Nat Examples
Prestige 2602H/HW Series User’s Guide Figure 185 Menu 15.2 NAT Server Setup Menu 15.2 - NAT Server Setup Rule Start Port No. --------------------------------------------------- Default Press ENTER to Confirm or ESC to Cancel: 4 Enter a port number in an unused Start Port No field. To forward only one port, enter it again in the End Port No field.
Page 345: Example 1: Internet Access Only
32.5.1 Example 1: Internet Access Only In the following Internet access example, you only need one rule where your ILAs (Inside Local addresses) all map to one dynamic IGA (Inside Global Address) assigned by your ISP. Figure 187 NAT Example 1 Figure 188 Menu 4 Internet Access &...
Page 346: Example 3: Multiple Public Ip Addresses With Inside Servers
Prestige 2602H/HW Series User’s Guide Figure 189 NAT Example 2 In this case, you do exactly as above (use the convenient pre-configured SUA Only set) and also go to menu 15.2 to specify the Inside Server behind the NAT as shown in the next figure. Figure 190 Menu 15.2.1 Specifying an Inside Server Menu 15.2.1 - NAT Server Setup (Used for SUA Only) Rule...
Page 347: Figure 191 Nat Example 3
You also map your third IGA to the web server and mail server on the LAN. Type Server allows you to specify multiple servers, of different types, to other computers behind NAT on the LAN. The example situation looks somewhat like this: Figure 191 NAT Example 3 In this case you need to configure Address Mapping Set 1 from Menu 15.1 - Address Mapping Sets.
Page 348: Figure 192 Example 3: Menu 11.3
Prestige 2602H/HW Series User’s Guide Figure 192 Example 3: Menu 11.3 Menu 11.3 - Remote Node Network Layer Options IP Options: IP Address Assignment= Static Rem IP Addr: 0.0.0.0 Rem Subnet Mask= 0.0.0.0 My WAN Addr= 0.0.0.0 NAT= Full Feature Address Mapping Set= 2 Metric= 2 Private= No...
Page 349: Figure 194 Example 3: Final Menu 15.1.1
Figure 194 Example 3: Final Menu 15.1.1 Menu 15.1.1 - Address Mapping Rules Set Name= Example3 Local Start IP Local End IP --------------- --------------- 1. 192.168.1.10 192.168.1.11 3. 0.0.0.0 255.255.255.255 Action= Edit Press ENTER to Confirm or ESC to Cancel: Now configure the IGA3 to map to our web server and mail server on the LAN.
Page 350: Example 4: Nat Unfriendly Application Programs
Prestige 2602H/HW Series User’s Guide Figure 195 Example 3: Menu 15.2 Rule Start Port No. --------------------------------------------------- Press ENTER to Confirm or ESC to Cancel: 32.5.4 Example 4: NAT Unfriendly Application Programs Some applications do not support NAT Mapping using TCP or UDP port address translation. In this case it is better to use Many-to-Many No Overload mapping as port numbers do not change for Many-to-Many No Overload (and One-to-One) NAT mapping types.
Page 351: Figure 197 Example 4: Menu 15.1.1.1 Address Mapping Rule
Figure 197 Example 4: Menu 15.1.1.1 Address Mapping Rule Menu 15.1.1.1 Address Mapping Rule Press ENTER to Confirm or ESC to Cancel: After you’ve configured your rule, you should be able to check the settings in menu 15.1.1 as shown next. Figure 198 Example 4: Menu 15.1.1 Address Mapping Rules Menu 15.1.1 - Address Mapping Rules Set Name= Example4...
Page 352 Prestige 2602H/HW Series User’s Guide Chapter 32 Network Address Translation (NAT)
Page 353: Chapter 33 Enabling The Firewall
This chapter shows you how to get started with the Prestige firewall. 33.1 Remote Management and the Firewall When SMT menu 24.11 is configured to allow management (see the Remote Management chapter) and the firewall is enabled: • The firewall blocks remote management from the WAN unless you configure a firewall rule to allow it.
Page 354: Figure 199 Menu 21.2 Firewall Setup
Prestige 2602H/HW Series User’s Guide Figure 199 Menu 21.2 Firewall Setup Menu 21.2 - Firewall Setup The firewall protects against Denial of Service (DOS) attacks when it is active. The default Policy sets 1. allow all sessions originating from the LAN to the WAN and 2.
Page 355: Chapter 34 Filter Configuration
This chapter shows you how to create and apply filters. 34.1 About Filtering Your Prestige uses filters to decide whether or not to allow passage of a data packet and/or to make a call. There are two types of filter applications: data filtering and call filtering. Filters are subdivided into device and protocol filters, which are discussed later.
Page 356: The Filter Structure Of The Prestige
Prestige 2602H/HW Series User’s Guide Figure 201 Filter Rule Process Fetch Next Filter Set Next Filter Set Available? Drop Packet You can apply up to four filter sets to a particular port to block various types of packets. Because each filter set can have up to six rules, you can have a maximum of 24 rules active for a single port.
Page 357: Configuring A Filter Set For The Prestige
34.2 Configuring a Filter Set for the Prestige To configure a filter set, follow the steps shown next. 1 Enter 21 in the main menu to display Menu 21 – Filter and Firewall Setup. 2 Enter 1 to display Menu 21.1 – Filter Set Configuration as shown next. Figure 202 Menu 21 Filter Set Configuration Menu 21.1 - Filter Set Configuration Filter...
Page 358: Filter Rules Summary Menus
Prestige 2602H/HW Series User’s Guide Figure 204 NetBIOS_LAN Filter Rules Summary Menu 21.1.3 - Filter Rules Summary # A Type - - ---- --------------------------------------------------------------- - 1 Y IP Pr=17, SA=0.0.0.0, SP=137, DA=0.0.0.0, DP=53 Enter Filter Rule Number (1-6) to Configure: Figure 205 IGMP Filter Rules Summary Menu 21.1.4 - Filter Rules Summary # A Type...
Page 359: Configuring A Filter Rule
Table 123 Abbreviations Used in the Filter Rules Summary Menu (continued) FIELD DESCRIPTION Action Matched. “F” means to forward the packet immediately and skip checking the remaining rules. “D” means to drop the packet. “N“ means to check the next rule. Action Not Matched.
Page 360: Tcp/Ip Filter Rule
Prestige 2602H/HW Series User’s Guide 34.4.1 TCP/IP Filter Rule This section shows you how to configure a TCP/IP filter rule. TCP/IP rules allow you to base the rule on the fields in the IP and the upper layer protocol, for example, UDP and TCP headers.
Page 361 Table 125 Menu 21.1.x.x TCP/IP Filter Rule (continued) FIELD DESCRIPTION Port # Type the destination port of the packets you want to filter. The field range is 0 to 65535. A 0 field is ignored. Port # Comp Select the comparison to apply to the destination port in the packet against the value given in Destination: Port #.
Page 362: Generic Filter Rule
Prestige 2602H/HW Series User’s Guide Figure 207 Executing an IP Filter Packet into IP Filter Filter Active? Apply SrcAddrMask to Src Addr Check Src IP Addr Matched Apply DestAddrMask to Dest Addr Check Dest IP Addr Matched Check IP Protocol Matched Check Src &...
Page 363: Figure 208 Menu 21.1.5.1 Generic Filter Rule
To configure a generic rule select an empty filter set in menu 21, for example 5. Select Generic Filter Rule in the Filter Type field and press [ENTER] to open Menu 21.1.5.1 – Generic Filter Rule, as shown in the following figure. Figure 208 Menu 21.1.5.1 Generic Filter Rule Menu 21.1.5.1 - Generic Filter Rule Filter #: 5,1...
Page 364: Filter Types And Nat
Prestige 2602H/HW Series User’s Guide Table 126 Menu 21.1.5.1 Generic Filter Rule (continued) FIELD DESCRIPTION Action Not Select the action for a packet not matching the rule. Choices are Check Next Rule, Matched Forward or Drop. When you have completed this menu, press [ENTER] at the prompt “ or ESC to Cancel: 34.5 Filter Types and NAT There are two classes of filter rules, Generic Filter Device rules and Protocol Filter (TCP/IP)
Page 365: Figure 210 Sample Telnet Filter
Figure 210 Sample Telnet Filter 1 Enter 1 in the menu 21 to display Menu 21.1 — Filter Set Configuration. 2 Enter the index number of the filter set you want to configure (in this case 6) 3 Type a descriptive name or comment in the Edit Comments field (for example, TELNET_WAN) and press [ENTER].
Page 366: Applying Filters And Factory Defaults
Prestige 2602H/HW Series User’s Guide 2 Go to the Edit Filter Sets field, press [SPACE BAR] to choose Yes and press [ENTER]. This brings you to menu 11.5. Apply the example filter set (for example, filter set 3) in this menu as shown in the next section.
Page 367: Ethernet Traffic
34.7.1 Ethernet Traffic You seldom need to filter Ethernet traffic; however, the filter sets may be useful to block certain packets, reduce traffic and prevent security breaches. Go to menu 3.1 (shown next) and type the number(s) of the filter set(s) that you want to apply as appropriate. You can choose up to four filter sets (from twelve) by typing their numbers separated by commas, for example, 3, 4, 6, 11.
Page 368 Prestige 2602H/HW Series User’s Guide Chapter 34 Filter Configuration...
Page 369: Chapter 35 Snmp Configuration
This chapter explains SNMP Configuration menu 22. 35.1 About SNMP Simple Network Management Protocol (SNMP) is a protocol used for exchanging management information between network devices. SNMP is a member of the TCP/IP protocol suite. Your Prestige supports SNMP agent functionality, which allows a manager station to manage and monitor the Prestige through the network.
Page 370: Supported Mibs
Prestige 2602H/HW Series User’s Guide The managed devices contain object variables/managed objects that define each piece of information to be collected about a device. Examples of variables include the number of packets received, node port status etc. A Management Information Base (MIB) is a collection of managed objects.
Page 371: Snmp Traps
Figure 216 Menu 22 SNMP Configuration Menu 22 - SNMP Configuration SNMP: Get Community= public Set Community= public Trusted Host= 0.0.0.0 Trap: Press ENTER to Confirm or ESC to Cancel: The following table describes the SNMP configuration parameters. Table 128 Menu 22 SNMP Configuration FIELD SNMP: Get Community...
Page 372: Table 130 Ports And Permanent Virtual Circuits
Prestige 2602H/HW Series User’s Guide Table 129 SNMP Traps (continued) TRAP # TRAP NAME authenticationFailure (defined in RFC-1215) whyReboot (defined in ZYXEL-MIB) A trap is sent with the reason of restart before For intentional reboot : The port number is its interface index under the interface group. Table 130 Ports and Permanent Virtual Circuits PORT PVC (PERMANENT VIRTUAL CIRCUIT)
Page 373: Chapter 36 System Security
This chapter describes how to configure the system security on the Prestige. 36.1 System Security You can configure the system password.. 36.1.1 System Password Enter 23 in the main menu to display Menu 23 – System Security. You should change the default password. If you forget your password you have to restore the default configuration file.
Page 374: Figure 219 Menu 23.2 System Security: Radius Server
Prestige 2602H/HW Series User’s Guide Figure 219 Menu 23.2 System Security: RADIUS Server Menu 23.2 - System Security - RADIUS Server Press ENTER to Confirm or ESC to Cancel: The following table describes the fields in this menu. Table 131 Menu 23.2 System Security: RADIUS Server FIELD Authentication Server Active...
Page 375: Ieee802.1X
36.1.3 IEEE802.1x The IEEE802.1x standards outline enhanced security methods for both the authentication of wireless stations and encryption key management. Follow the steps below to enable EAP authentication on your Prestige. 1 From the main menu, enter 23 to display Menu23 – System Security. Figure 220 Menu 23 System Security Menu 23 - System Security Enter Menu Selection Number:...
Page 376: Table 132 Menu 23.4 System Security: Ieee802.1X
Prestige 2602H/HW Series User’s Guide Table 132 Menu 23.4 System Security: IEEE802.1x FIELD DESCRIPTION Wireless Port Press [SPACE BAR] and select a security mode for the wireless LAN access. Control Select No Authentication Required to allow any wireless stations access to your wired network without entering usernames and passwords.
Page 377: Creating User Accounts On The Prestige
Table 132 Menu 23.4 System Security: IEEE802.1x (continued) FIELD DESCRIPTION Authentication The authentication database contains wireless station login information. The local Databases user database is the built-in database on the Prestige. The RADIUS is an external server. Use this field to decide which database the Prestige should use (first) to authenticate a wireless station.
Page 378: Figure 222 Menu 14 Dial-In User Setup
Prestige 2602H/HW Series User’s Guide Figure 222 Menu 14 Dial-in User Setup 1. ________ 2. ________ 3. ________ 4. ________ 5. ________ 6. ________ 7. ________ 8. ________ 2 Type a number and press [ENTER] to edit the user profile. Figure 223 Menu 14.1 Edit Dial-in User Menu 14.1 - Edit Dial-in User Press ENTER to Confirm or ESC to Cancel:...
Page 379: System Information And Diagnosis
System Information and This chapter covers the information and diagnostic tools in SMT menus 24.1 to 24.4. 37.1 Overview These tools include updates on system status, port status, log and trace capabilities and upgrades for the system software. This chapter describes how to use these tools in detail. Type 24 in the main menu to open Menu 24 –...
Page 380: Figure 225 Menu 24.1 System Maintenance: Status
Prestige 2602H/HW Series User’s Guide The following table describes the fields present in Menu 24.1 — System Maintenance — Status which are read-only and meant for diagnostic purposes. Figure 225 Menu 24.1 System Maintenance : Status Menu 24.1 - System Maintenance - Status Node-Lnk Status Time 1-PPPoA N/A...
Page 381: System Information
Table 134 Menu 24.1 System Maintenance: Status (continued) FIELD DESCRIPTION Line Status This shows the current status of the xDSL line, which can be Up or Down. Upstream This shows the upstream transfer rate in kbps. Speed Downstream This shows the downstream transfer rate in kbps. Speed CPU Load This specifies the percentage of CPU utilization.
Page 382: Console Port Speed
Menu 1 – General Setup. Refers to the routing protocol used. Refers to the ZyNOS (ZyXEL Network Operating System) system firmware version. ZyNOS is a registered trademark of ZyXEL Communications Corporation. Displays the vendor of the ADSL chipset and DSL version.
Page 383: Log And Trace
Figure 228 Menu 24.2.2 System Maintenance: Change Console Port Speed Menu 24.2.2 – System Maintenance – Change Console Port Speed Press ENTER to Confirm or ESC to Cancel: Once you change the Prestige console port speed, you must also set the speed parameter for the communication software you are using to connect to the Prestige.
Page 384: Syslog And Accounting
Prestige 2602H/HW Series User’s Guide Figure 230 Sample Error and Information Messages 53 Sat Jan 01 00:00:03 2000 PP01 -WARN 54 Sat Jan 01 00:00:03 2000 PP01 55 Sat Jan 01 00:00:03 2000 PP01 56 Sat Jan 01 00:00:03 2000 PP20 57 Sat Jan 01 00:00:03 2000 PP21 58 Sat Jan 01 00:03:06 2000 PP19 59 Sat Jan 01 00:03:06 2000 PP01...
Page 385: Figure 232 Syslog Example
Figure 232 Syslog Example 1 - CDR SdcmdSyslogSend ( SYSLOG_CDR, SYSLOG_INFO, String); String = board xx line xx channel xx, call xx, str board = the hardware board ID line = the WAN ID in a board Channel = channel ID within the WAN call = the call reference number which starts from 1 and increments by 1 for each new call str = C01 Outgoing Call dev xx ch xx (dev:device No.
Page 386: Diagnostic
Prestige 2602H/HW Series User’s Guide Figure 232 Syslog Example (continued) prot: Protocol (“TCP”, ”UDP”, ”ICMP”) spo: Source port dpo: Destination port Jul 19 14:43:55 192.168.102.2 ZYXEL: IP [Src=202.132.154.123 Dst=255.255.255.255 UDP spo=0208 dpo=0208]} S03>R01mF Jul 19 14:44:00 192.168.102.2 ZYXEL: IP [Src=192.168.102.20 Dst=202.132.154.1 UDP spo=05d4 dpo=0035]} S03>R01mF Jul 19 14:44:04 192.168.102.2 ZYXEL: IP [Src=192.168.102.20 Dst=202.132.154.1 UDP spo=05d4 dpo=0035]} S03>R01mF...
Page 387: Table 137 Menu 24.4 System Maintenance Menu: Diagnostic
The following table describes the diagnostic tests available in menu 24.4 for and the connections. Table 137 Menu 24.4 System Maintenance Menu: Diagnostic FIELD DESCRIPTION Reset xDSL Re-initialize the xDSL link to the telephone company. Ping Host Ping the host to see if the links and TCP/IP protocol on both systems are working. Reboot System Reboot the Prestige.
Page 388 Prestige 2602H/HW Series User’s Guide Chapter 37 System Information and Diagnosis...
Page 389: Firmware And Configuration File Maintenance
Firmware and Configuration File This chapter tells you how to backup and restore your configuration file as well as upload new firmware and configuration files. 38.1 Filename Conventions The configuration file (often called the romfile or rom-0) contains the factory default settings in the menus such as password, DHCP Setup, TCP/IP Setup, etc.
Page 390: Backup Configuration
Prestige 2602H/HW Series User’s Guide The following table is a summary. Please note that the internal filename refers to the filename on the Prestige and the external filename refers to the filename not on the Prestige, that is, on your computer, local network or FTP site and so the name (but not the extension) may vary. After uploading new firmware, see the ZyNOS F/W Version field in Menu 24.2.1 –...
Page 391: Using The Ftp Command From The Command Line
Figure 234 Telnet in Menu 24.5 Menu 24.5 - System Maintenance - Backup Configuration To transfer the configuration file to your workstation, follow the procedure below: 1. Launch the FTP client on your workstation. 2. Type "open" and the IP address of your Prestige. Then type "root" and SMT password as requested.
Page 392: Gui-Based Ftp Clients
Prestige 2602H/HW Series User’s Guide Figure 235 FTP Session Example 331 Enter PASS command Password: 230 Logged in ftp> bin 200 Type I OK ftp> get rom-0 zyxel.rom 200 Port command okay 150 Opening data connection for STOR ras 226 File received OK ftp: 16384 bytes sent in 1.10Seconds 297.89Kbytes/sec.
Page 393: Backup Configuration Using Tftp
38.2.6 Backup Configuration Using TFTP The Prestige supports the up/downloading of the firmware and the configuration file using TFTP (Trivial File Transfer Protocol) over LAN. Although TFTP should work over WAN as well, it is not recommended. To use TFTP, your computer must have both telnet and TFTP clients. To backup the configuration file, follow the procedure shown next.
Page 394: Restore Configuration
Prestige 2602H/HW Series User’s Guide Table 140 General Commands for GUI-based TFTP Clients COMMAND DESCRIPTION Host Enter the IP address of the Prestige. 192.168.1.1 is the Prestige’s default IP address when shipped. Send/Fetch Use “Send” to upload the file to the Prestige and “Fetch” to back up the file on your computer.
Page 395: Restore Using Ftp Session Example
Figure 236 Telnet into Menu 24.6 Menu 24.6 -- System Maintenance - Restore Configuration To transfer the firmware and configuration file to your workstation, follow the procedure below: 1. Launch the FTP client on your workstation. 2. Type "open" and the IP address of your Prestige. Then type "root" and SMT password as requested.
Page 396: Uploading Firmware And Configuration Files
Prestige 2602H/HW Series User’s Guide 38.4 Uploading Firmware and Configuration Files This section shows you how to upload firmware and configuration files. You can upload configuration files by following the procedure in instructions in Menu 24.7.2 – System Maintenance – Upload System Configuration File. Note: Do not interrupt the file transfer process as this may PERMANENTLY DAMAGE YOUR Prestige.
Page 397: Ftp File Upload Command From The Dos Prompt Example
Figure 239 Telnet Into Menu 24.7.2 System Maintenance Menu 24.7.2 - System Maintenance - Upload System Configuration File To upload the system configuration file, follow the procedure below: 1. Launch the FTP client on your workstation. 2. Type "open" and the IP address of your system. Then type "root" and SMT password as requested.
Page 398: Ftp Session Example Of Firmware File Upload
Prestige 2602H/HW Series User’s Guide 38.4.4 FTP Session Example of Firmware File Upload Figure 240 FTP Session Example of Firmware File Upload 331 Enter PASS command Password: 230 Logged in ftp> bin 200 Type I OK ftp> put firmware.bin ras 200 Port command okay 150 Opening data connection for STOR ras 226 File received OK...
Page 399: Tftp Upload Command Example
38.4.6 TFTP Upload Command Example The following is an example TFTP command: tftp [-i] host put firmware.bin ras where “ ” specifies binary image transfer mode (use this mode when transferring binary files), “ ” is the Prestige’s IP address and “ host –...
Page 400 Prestige 2602H/HW Series User’s Guide Chapter 38 Firmware and Configuration File Maintenance...
Page 401: Chapter 39 System Maintenance
System Maintenance. A list of valid commands can be found by typing help or ? at the command prompt. Type “ Figure 241 Command Mode in Menu 24 Enter Menu Selection Number: Figure 242 Valid Commands Copyright (c) 1994 - 2005 ZyXEL Communications Corp. ras> ? Valid commands are: exit ipsec...
Page 402: Call Control Support
Prestige 2602H/HW Series User’s Guide 39.2 Call Control Support Call Control Support is only applicable when Encapsulation is set to PPPoE in menu 4 or menu 11.1. The budget management function allows you to set a limit on the total outgoing call time of the Prestige within certain times.
Page 403: Time And Date Setting
The total budget is the time limit on the accumulated time for outgoing calls to a remote node. When this limit is reached, the call will be dropped and further outgoing calls to that remote node will be blocked. After each period, the total budget is reset. The default for the total budget is 0 minutes and the period is 0 hours, meaning no budget control.
Page 404: Resetting The Time
Prestige 2602H/HW Series User’s Guide Figure 246 Menu 24.10 System Maintenance: Time and Date Setting Menu 24.10 - System Maintenance - Time and Date Setting Use Time Server when Bootup= None Time Server Address= N/A Current Time: New Time (hh:mm:ss): Current Date: New Date (yyyy-mm-dd): Time Zone= GMT...
Page 405 Prestige 2602H/HW Series User’s Guide • 24-hour intervals after starting. Chapter 39 System Maintenance...
Page 406 Prestige 2602H/HW Series User’s Guide Chapter 39 System Maintenance...
Page 407: Chapter 40 Remote Management
This chapter covers remote management (SMT menu 24.11). 40.1 Remote Management Overview Remote management allows you to determine which services/protocols can access which Prestige interface (if any) from which computers. When you configure remote management to allow management from the WAN, you still need to configure a firewall rule to allow access.
Page 408: Remote Management Limitations
Prestige 2602H/HW Series User’s Guide Figure 247 Menu 24.11 Remote Management Control Menu 24.11 - Remote Management Control TELNET Server: Server Port = 23 Secured Client IP = 0.0.0.0 FTP Server: Server Port = 21 Secured Client IP = 0.0.0.0 Web Server: Server Port = 80 Secured Client IP = 0.0.0.0...
Page 409: Remote Management And Nat
40.3 Remote Management and NAT When NAT is enabled: • Use the Prestige’s WAN IP address when configuring from the WAN. • Use the Prestige’s LAN IP address when configuring from the LAN. 40.4 System Timeout There is a default system management idle timeout of five minutes (three hundred seconds). The Prestige automatically logs you out if the management session remains idle for longer than this timeout period.
Page 410 Prestige 2602H/HW Series User’s Guide Chapter 40 Remote Management...
Page 411: Chapter 41 Ip Policy Routing
This chapter covers setting and applying policies used for IP routing. 41.1 IP Policy Routing Overview Traditionally, routing is based on the destination address only and the IAD takes the shortest path to forward a packet. IP Routing Policy (IPPR) provides a mechanism to override the default routing behavior and alter the packet forwarding based on the policy defined by the network administrator.
Page 412: Ip Routing Policy Setup
Prestige 2602H/HW Series User’s Guide • routing the packet to a different gateway (and hence the outgoing interface). • setting the TOS and precedence fields in the IP header. IPPR follows the existing packet filtering facility of RAS in style and in implementation. The policies are divided into sets, where related policies are grouped together.
Page 413: Figure 249 Menu 25.1 Ip Routing Policy Setup
Figure 249 Menu 25.1 IP Routing Policy Setup Menu 25.1 - IP Routing Policy Setup - - -------------------------------------------------------------------------- 1 Y SA=1.1.1.1-1.1.1.1,DA=2.2.2.2-2.2.2.5 SP=20-25,DP=20-25,P=6,T=NM,PR=0 2 N __________________________________________________________________________ __________________________________________________________________________ 3 N __________________________________________________________________________ __________________________________________________________________________ 4 N __________________________________________________________________________ __________________________________________________________________________ 5 N __________________________________________________________________________ __________________________________________________________________________ 6 N __________________________________________________________________________ __________________________________________________________________________ Enter Policy Rule Number (1-6) to Configure: Table 144 Menu 25.1 IP Routing Policy Setup...
Page 414: Figure 250 Menu 25.1.1 Ip Routing Policy
Prestige 2602H/HW Series User’s Guide Figure 250 Menu 25.1.1 IP Routing Policy Menu 25.1.1 - IP Routing Policy Policy Set Name= test Active= No Criteria: IP Protocol Type of Service= Don't Care Precedence Source: addr start= 0.0.0.0 port start= N/A Destination: addr start= 0.0.0.0 port start= N/A...
Page 415: Applying An Ip Policy
Table 145 Menu 25.1.1 IP Routing Policy (continued) FIELD Gateway addr Type of Service Precedence When you have completed this menu, press [ENTER] at the prompt “ or ESC to Cancel: 41.5 Applying an IP Policy This section shows you where to apply the IP policies after you design them. 41.5.1 Ethernet IP Policies From Menu 3 —...
Page 416: Ip Policy Routing Example
Prestige 2602H/HW Series User’s Guide Figure 251 Menu 3.2 TCP/IP and DHCP Ethernet Setup Menu 3.2 - TCP/IP and DHCP Setup Press ENTER to Confirm or ESC to Cancel: Go to menu 11.3 (shown next) and type the number(s) of the IP Routing Policy set(s) as appropriate.
Page 417: Figure 253 Example Of Ip Policy Routing
Figure 253 Example of IP Policy Routing To force packets coming from clients with IP addresses of 192.168.1.33 to 192.168.1.64 to be routed to the Internet via the WAN port of the Prestige, follow the steps as shown next. 1 Create a routing policy set in menu 25. 2 Create a rule for this set in Menu 25.1.1 —...
Page 418: Figure 255 Ip Routing Policy Example
Prestige 2602H/HW Series User’s Guide 3 Create a rule in menu 25.1 for this set to route packets from any host ( means any host) with protocol TCP and port FTP access through another gateway (192.168.1.100). Figure 255 IP Routing Policy Example Menu 25.1.1 - IP Routing Policy Policy Set Name= set2 Active= Yes...
Page 419: Chapter 42 Call Scheduling
Call scheduling (applicable for PPPoA or PPPoE encapsulation only) allows you to dictate when a remote node should be called and for how long. 42.1 Introduction The call scheduling feature allows the Prestige to manage a remote node and dictate when a remote node should be called and for how long.
Page 420: Figure 258 Menu 26.1 Schedule Set Setup
Prestige 2602H/HW Series User’s Guide To setup a schedule set, select the schedule set you want to setup from menu 26 (1-12) and press [ENTER] to see Menu 26.1 — Schedule Set Setup as shown next. Figure 258 Menu 26.1 Schedule Set Setup Menu 26.1 Schedule Set Setup Press ENTER to Confirm or ESC to Cancel: If a connection has been already established, your Prestige will not drop it.
Page 421: Figure 259 Applying Schedule Set(S) To A Remote Node (Pppoe)
Table 146 Menu 26.1 Schedule Set Setup (continued) FIELD DESCRIPTION Action Forced On means that the connection is maintained whether or not there is a demand call on the line and will persist for the time period specified in the Duration field. Forced Down means that the connection is blocked whether or not there is a demand call on the line.
Page 422 Prestige 2602H/HW Series User’s Guide Chapter 42 Call Scheduling...
Page 423: Chapter 43 Vpn/Ipsec Setup
This chapter introduces the VPN SMT menus. 43.1 VPN/IPSec Overview The VPN/IPSec main SMT menu has these main submenus: Define VPN policies in menu 27.1 submenus, including security policies, endpoint IP addresses, peer IPSec router IP address and key management. Menu 27.2 - SA Monitor allows you to manage (refresh or disconnect) your SA connections.
Page 424: Ipsec Summary Screen
Prestige 2602H/HW Series User’s Guide Figure 261 Menu 27 VPN/IPSec Setup Menu 27 - VPN/IPSec Setup Enter Menu Selection Number: 43.2 IPSec Summary Screen Type 1 in menu 27 and then press [ENTER] to display Menu 27.1 IPSec Summary. This is a summary read-only menu of your IPSec rules (tunnels).
Page 425 Table 147 Menu 27.1 IPSec Summary (continued) FIELD DESCRIPTION Y signifies that this VPN rule is active. Local Addr When the Addr Type field in Menu 27.1.1 IPSec Setup is configured to Single, this is a Start static IP address on the LAN behind your Prestige. When the Addr Type field in Menu 27.1.1 IPSec Setup is configured to Range, this is the beginning (static) IP address, in a range of computers on the LAN behind your Prestige.
Page 426: Ipsec Setup
Prestige 2602H/HW Series User’s Guide Table 147 Menu 27.1 IPSec Summary (continued) FIELD DESCRIPTION Secure GW This is the WAN IP address or the domain name (up to the first 15 characters are Addr displayed) of the IPSec router with which you are making the VPN connection. This field displays 0.0.0.0 when you configure the Secure Gateway Address field in SMT 27.1.1 to 0.0.0.0.
Page 427: Figure 263 Menu 27.1.1 Ipsec Setup
Figure 263 Menu 27.1.1 IPSec Setup Menu 27.1.1 – IPSec Setup Index= 1 Active= Yes Local ID type= IP My IP Addr= 0.0.0.0 Peer ID type= IP Secure Gateway Address= zw50test.zyxel.com.tw Protocol= 0 Local: IP Addr Start= 1.1.1.1 Remote: IP Addr Start= 4.4.4.4 Enable Replay Detection = No Key Management= IKE Edit Key Management Setup= No...
Page 428 Prestige 2602H/HW Series User’s Guide Table 148 Menu 27.1.1 IPSec Setup (continued) FIELD DESCRIPTION Nat Traversal Press [SPACE BAR] to choose either Yes or No. Choose Yes and press [ENTER] to enable NAT traversal. NAT traversal allows you to set up a VPN connection when there are NAT routers between the two IPSec routers.
Page 429 Table 148 Menu 27.1.1 IPSec Setup (continued) FIELD DESCRIPTION DNS Server If there is a private DNS server that services the VPN, type its IP address here. The Prestige assigns this additional DNS server to the Prestige's DHCP clients that have IP addresses in this IPSec rule's range of local addresses.
Page 430: Ike Setup
Prestige 2602H/HW Series User’s Guide Table 148 Menu 27.1.1 IPSec Setup (continued) FIELD DESCRIPTION IP Addr Start When the Addr Type field is configured to Single, enter a static IP address on the network behind the remote IPSec router. When the Addr Type field is configured to Range, enter the beginning (static) IP address, in a range of computers on the network behind the remote IPSec router.
Page 431: Figure 264 Menu 27.1.1.1Ke Setup
Figure 264 Menu 27.1.1.1KE Setup Press ENTER to Confirm or ESC to Cancel: The following table describes the fields in this menu. Table 149 Menu 27.1.1.1 IKE Setup FIELD DESCRIPTION Phase 1 Negotiation Press [SPACE BAR] to choose from Main or Aggressive and then press [ENTER]. Mode See earlier for a discussion of these modes.
Page 432: Manual Setup
Prestige 2602H/HW Series User’s Guide Table 149 Menu 27.1.1.1 IKE Setup (continued) FIELD DESCRIPTION Key Group You must choose a key group for phase 1 IKE setup. DH1 (default) refers to Diffie- Hellman Group 1 a 768 bit random number. DH2 refers to Diffie-Hellman Group 2 a 1024 bit (1Kb) random number.
Page 433: Figure 265 Menu 27.1.1.2 Manual Setup
Figure 265 Menu 27.1.1.2 Manual Setup Menu 27.1.1.2 – Manual Setup Active Protocol= ESP Tunnel ESP Setup SPI (Decimal)= 0 Encryption Algorithm= DES Authentication Algorithm= MD5 AH Setup SPI (Decimal)= N/A Authentication Algorithm= N/A Press ENTER to Confirm or ESC to Cancel: The following table describes the fields in this menu.
Page 434 Prestige 2602H/HW Series User’s Guide Table 151 Menu 27.1.1.2 Manual Setup (continued) FIELD DESCRIPTION Authentication Press [SPACE BAR] to choose from MD5 or SHA1 and then press [ENTER]. Algorithm Enter the authentication key to be used by IPSec if applicable. The key must be unique.
Page 435: Chapter 44 Sa Monitor
This chapter teaches you how to manage your SAs by using the SA Monitor in SMT menu 27.2. 44.1 SA Monitor Overview A Security Association (SA) is the group of security settings related to a specific VPN tunnel. This menu (shown next) displays active VPN connections. Note: When there is outbound traffic but no inbound traffic, the SA times out automatically after two minutes.
Page 436: Figure 266 Menu 27.2 Sa Monitor
Prestige 2602H/HW Series User’s Guide Figure 266 Menu 27.2 SA Monitor Menu 27.2 - SA Monitor Name -------------------------------- Taiwan : 3.3.3.1 – 3.3.3.3.100 Select Command= Refresh Select Connection= N/A Press ENTER to Confirm or ESC to Cancel: The following table describes the fields in this menu. Table 152 Menu 27.2 SA Monitor FIELD DESCRIPTION...
Page 437 Table 152 Menu 27.2 SA Monitor (continued) FIELD DESCRIPTION Select Press [SPACE BAR] to choose from Refresh, Disconnect, None, Next Page, or Command Previous Page and then press [ENTER]. You must select a connection in the next field when you choose the Disconnect command. Refresh displays current active VPN connections.
Page 438 Prestige 2602H/HW Series User’s Guide Chapter 44 SA Monitor...
Page 439: Chapter 45 Troubleshooting
This chapter covers potential problems and the corresponding remedies. 45.1 Problems Starting Up the Prestige Table 153 Troubleshooting Starting Up Your Prestige PROBLEM CORRECTIVE ACTION None of the Make sure that the Prestige’s power adaptor is connected to the Prestige and plugged LEDs turn on in to an appropriate power source.
Page 440: Problems With The Wan
Prestige 2602H/HW Series User’s Guide 45.3 Problems with the WAN Table 155 Troubleshooting the WAN PROBLEM CORRECTIVE ACTION The DSL LED is Check the telephone wire and connections between the Prestige DSL port and the off. wall jack. Make sure that the telephone company has checked your phone line and set it up for DSL service.
Page 441: Problems Accessing The Prestige
45.4 Problems Accessing the Prestige Table 156 Troubleshooting Accessing the Prestige PROBLEM CORRECTIVE ACTION I cannot The username is “admin”. The default password is “1234”. The Password and access the Username fields are case-sensitive. Make sure that you enter the correct password Prestige.
Page 442: Internet Explorer Pop-Up Blockers
Prestige 2602H/HW Series User’s Guide • Java permissions (enabled by default). Note: Internet Explorer 6 screens are used here. Screens for other Internet Explorer versions may vary. 45.4.1.1 Internet Explorer Pop-up Blockers You may have to disable pop-up blocking to log into your device. Either disable pop-up blocking (enabled by default in Windows XP SP (Service Pack) 2) or allow pop-up blocking and create an exception for your device’s IP address.
Page 443: Figure 268 Internet Options
Figure 268 Internet Options 3 Click Apply to save this setting. 45.4.1.1.2 Enable pop-up Blockers with Exceptions Alternatively, if you only want to allow pop-up windows from your device, see the following steps. 1 In Internet Explorer, select Tools, Internet Options and then the Privacy tab. 2 Select Settings…to open the Pop-up Blocker Settings screen.
Page 444: Figure 269 Internet Options
Prestige 2602H/HW Series User’s Guide Figure 269 Internet Options 3 Type the IP address of your device (the web page that you do not want to have blocked) with the prefix “http://”. For example, http://192.168.1.1. 4 Click Add to move the IP address to the list of Allowed sites. Chapter 45 Troubleshooting...
Page 445: Javascripts
Figure 270 Pop-up Blocker Settings 5 Click Close to return to the Privacy screen. 6 Click Apply to save this setting. 45.4.1.2 JavaScripts If pages of the web configurator do not display properly in Internet Explorer, check that JavaScripts are allowed. 1 In Internet Explorer, click Tools, Internet Options and then the Security tab.
Page 446: Figure 271 Internet Options
Prestige 2602H/HW Series User’s Guide Figure 271 Internet Options 2 Click the Custom Level... button. 3 Scroll down to Scripting. 4 Under Active scripting make sure that Enable is selected (the default). 5 Under Scripting of Java applets make sure that Enable is selected (the default). 6 Click OK to close the window.
Page 447: Java Permissions
Figure 272 Security Settings - Java Scripting 45.4.1.3 Java Permissions 1 From Internet Explorer, click Tools, Internet Options and then the Security tab. 2 Click the Custom Level... button. 3 Scroll down to Microsoft VM. 4 Under Java permissions make sure that a safety level is selected. 5 Click OK to close the window.
Page 448: Figure 273 Security Settings - Java
Prestige 2602H/HW Series User’s Guide Figure 273 Security Settings - Java 45.4.1.3.1 JAVA (Sun) 1 From Internet Explorer, click Tools, Internet Options and then the Advanced tab. 2 make sure that Use Java 2 for <applet> under Java (Sun) is selected. 3 Click OK to close the window.
Page 449: Telephone Problems
Figure 274 Java (Sun) 45.5 Telephone Problems Table 157 Troubleshooting Telephone PROBLEM CORRECTIVE ACTION The telephone port Check the telephone connections and telephone wire. won’t work or the Make sure you have the Voice SIP Settings screen properly configured. telephone lacks a dial tone.
Page 450 Prestige 2602H/HW Series User’s Guide Chapter 45 Troubleshooting...
Page 451: Product Specifications
See also the Introduction chapter for a general overview of the key features. Specification Tables Table 158 Device Specifications Default IP Address Default Subnet Mask Default Password DHCP Pool Dimensions Weight Power Specification Built-in Switch PHONE Ports RESET Button Antenna (P2602HW models only) Operation Temperature Storage Temperature...
Page 452: Table 159 Firmware Specifications
Prestige 2602H/HW Series User’s Guide Table 159 Firmware Specifications ADSL Standards Other Protocol Support Management Wireless (P2602HW models only) Multi-Mode standard (ANSI T1.413,Issue 2; G.dmt(G.992.1); G.lite(G992.2)) EOC specified in ITU-T G.992.1 ADSL2 G.dmt.bis (G.992.3) ADSL2 G.lite.bis (G.992.4) ADSL2+ (G.992.5) Reach-Extended ADSL (RE ADSL) SRA (Seamless Rate Adaptation) Auto-negotiating rate adaptation ADSL physical connection ATM AAL5 (ATM Adaptation Layer type 5)
Page 453 Table 159 Firmware Specifications (continued) Firewall NAT/SUA Content Filtering Static Routes Appendix A Product Specifications Prestige 2602H/HW Series User’s Guide Stateful Packet Inspection Prevent Denial of Service attacks such as Ping of Death, SYN Flood, LAND, Smurf etc. Real time E-mail alerts Reports and logs SIP ALG passthrough Port Forwarding...
Page 454: Figure 275 Ethernet Cable Pin Assignments
Prestige 2602H/HW Series User’s Guide Table 159 Firmware Specifications (continued) Voice Features Other Features Ethernet Cable Pin Assignments Figure 275 Ethernet Cable Pin Assignments Prestige 2602HL/HWL DSL Port Pin Assignments The following figure describes the pin assignments for the DSL port on the Prestige 2602HL/ HWL.
Page 455: Prestige 2602H/Hw Series Power Adaptor Specifications
Figure 276 Prestige 2602HW-L DSL Port Pin Assignments Prestige 2602H/HW Series Power Adaptor Specifications Table 160 Prestige 2602H/HW Series Power Adaptor Specifications NORTH AMERICAN PLUG STANDARDS AC Power Adapter Model Input Power Output Power Power Consumption Safety Standards EUROPEAN PLUG STANDARDS AC Power Adapter Model Input Power Output Power...
Page 456 Prestige 2602H/HW Series User’s Guide Table 160 Prestige 2602H/HW Series Power Adaptor Specifications (continued) AC Power Adapter Model Input Power Output Power Power Consumption Safety Standards ADS6818-1818-D 1810 AC 100~240Volts/50/60Hz/0.5A DC 18Volts/1A TUV, CE(EN 60950) Appendix A Product Specifications...
Page 457: Setting Up Your Computer's Ip Address
Setting up Your Computer’s IP Address All computers must have a 10M or 100M Ethernet adapter card and TCP/IP installed. Windows 95/98/Me/NT/2000/XP, Macintosh OS 7 and later operating systems and all versions of UNIX/LINUX include the software components you need to install and use TCP/ IP on your computer.
Page 458: Figure 277 Windows 95/98/Me: Network: Configuration
Prestige 2602H/HW Series User’s Guide Figure 277 WIndows 95/98/Me: Network: Configuration Installing Components The Network window Configuration tab displays a list of installed components. You need a network adapter, the TCP/IP protocol and Client for Microsoft Networks. If you need the adapter: 1 In the Network window, click Add.
Page 459: Configuring
3 Select Microsoft from the list of manufacturers. 4 Select Client for Microsoft Networks from the list of network clients and then click 5 Restart your computer so the changes you made take effect. Configuring 1 In the Network window Configuration tab, select your network adapter's TCP/IP entry and click Properties 2 Click the IP Address tab.
Page 460: Verifying Settings
Prestige 2602H/HW Series User’s Guide Figure 279 Windows 95/98/Me: TCP/IP Properties: DNS Configuration 4 Click the Gateway tab. • • 5 Click OK to save and close the TCP/IP Properties window. 6 Click OK to close the Network window. Insert the Windows CD if prompted. 7 Turn on your Prestige and restart your computer when prompted.
Page 461: Figure 280 Windows Xp: Start Menu
Figure 280 Windows XP: Start Menu 2 For Windows XP, click Network Connections. For Windows 2000/NT, click Network and Dial-up Connections. Figure 281 Windows XP: Control Panel 3 Right-click Local Area Connection and then click Properties. Appendix B Setting up Your Computer’s IP Address Prestige 2602H/HW Series User’s Guide...
Page 462: Figure 282 Windows Xp: Control Panel: Network Connections: Properties
Prestige 2602H/HW Series User’s Guide Figure 282 Windows XP: Control Panel: Network Connections: Properties 4 Select Internet Protocol (TCP/IP) (under the General tab in Win XP) and click Properties. Figure 283 Windows XP: Local Area Connection Properties 5 The Internet Protocol TCP/IP Properties window opens (the General tab in Windows XP).
Page 463: Figure 284 Windows Xp: Advanced Tcp/Ip Settings
• Figure 284 Windows XP: Advanced TCP/IP Settings 6 If you do not know your gateway's IP address, remove any previously installed gateways in the IP Settings tab and click OK. Do one or more of the following if you want to configure additional IP addresses: •...
Page 464: Verifying Settings
Prestige 2602H/HW Series User’s Guide 7 In the Internet Protocol TCP/IP Properties window (the General tab in Windows XP): • • Figure 285 Windows XP: Internet Protocol (TCP/IP) Properties 8 Click OK to close the Internet Protocol (TCP/IP) Properties window. 9 Click OK to close the Local Area Connection Properties window.
Page 465: Macintosh Os 8/9
Macintosh OS 8/9 1 Click the Apple menu, Control Panel and double-click TCP/IP to open the TCP/IP Control Panel. Figure 286 Macintosh OS 8/9: Apple Menu 2 Select Ethernet built-in from the Connect via list. Appendix B Setting up Your Computer’s IP Address Prestige 2602H/HW Series User’s Guide...
Page 466: Verifying Settings
Prestige 2602H/HW Series User’s Guide Figure 287 Macintosh OS 8/9: TCP/IP 3 For dynamically assigned settings, select Using DHCP Server from the Configure: list. 4 For statically assigned settings, do the following: • • • • 5 Close the TCP/IP Control Panel. 6 Click Save if prompted, to save changes to your configuration.
Page 467: Figure 288 Macintosh Os X: Apple Menu
Figure 288 Macintosh OS X: Apple Menu 2 Click Network in the icon bar. • • • 3 For dynamically assigned settings, select Using DHCP from the Configure list. Figure 289 Macintosh OS X: Network 4 For statically assigned settings, do the following: •...
Page 468: Verifying Settings
Prestige 2602H/HW Series User’s Guide 5 Click Apply Now and close the window. 6 Turn on your Prestige and restart your computer (if prompted). Verifying Settings Check your TCP/IP properties in the Network window. Appendix B Setting up Your Computer’s IP Address...
Page 469: Appendix Cip Subnetting
IP Addressing Routers “route” based on the network number. The router that delivers the data packet to the correct destination host uses the host ID. IP Classes An IP address is made up of four octets (eight bits), written in dotted decimal notation, for example, 192.168.1.1.
Page 470: Subnet Masks
Prestige 2602H/HW Series User’s Guide Since the first octet of a class “A” IP address must contain a “0”, the first octet of a class “A” address can have a value of 0 to 127. Similarly the first octet of a class “B” must begin with “10”, therefore the first octet of a class “B”...
Page 471: Example: Two Subnets
Since the mask is always a continuous number of ones beginning from the left, followed by a continuous number of zeros for the remainder of the 32 bit mask, you can simply specify the number of ones instead of writing the value of each octet. This is usually specified by writing a “/”...
Page 472: Table 166 Subnet 1
Prestige 2602H/HW Series User’s Guide Note: In the following charts, shaded/bold last octet bit values indicate host ID bits “borrowed” to form network ID bits. The number of “borrowed” host ID bits determines the number of subnets you can have. The remaining number of host ID bits (after “borrowing”) determines the number of hosts you can have on each subnet.
Page 473: Example: Four Subnets
Example: Four Subnets The above example illustrated using a 25-bit subnet mask to divide a class “C” address space into two subnets. Similarly to divide a class “C” address into four subnets, you need to “borrow” two host ID bits to give four possible combinations of 00, 01, 10 and 11. The subnet mask is 26 bits (11111111.11111111.11111111.11000000) or 255.255.255.192.
Page 474: Example Eight Subnets
Prestige 2602H/HW Series User’s Guide Table 171 Subnet 4 IP Address IP Address (Binary) Subnet Mask (Binary) Subnet Address: 192.168.1.192 Broadcast Address: 192.168.1.255 Example Eight Subnets Similarly use a 27-bit mask to create 8 subnets (001, 010, 011, 100, 101, 110). The following table shows class C IP address last octet values for each subnet.
Page 475: Subnetting With Class A And Class B Networks
Subnetting With Class A and Class B Networks. For class “A” and class “B” addresses the subnet mask also determines which bits are part of the network number and which are part of the host ID. A class “B” address has two host ID octets available for subnetting and a class “A” address has three host ID octets (Table 161 on page The following table is a summary for class “B”...
Page 476 Prestige 2602H/HW Series User’s Guide Appendix C IP Subnetting...
Page 477: Appendix Dpppoe
PPPoE in Action An ADSL modem bridges a PPP session over Ethernet (PPP over Ethernet, RFC 2516) from your computer to an ATM PVC (Permanent Virtual Circuit) which connects to a DSL Access Concentrator where the PPP session terminates support any number of PPP sessions from your LAN. PPPoE provides access control and billing functionality in a manner similar to dial-up services using PPP.
Page 478: How Pppoe Works
Prestige 2602H/HW Series User’s Guide Figure 290 Single-Computer per Router Hardware Configuration How PPPoE Works The PPPoE driver makes the Ethernet appear as a serial link to the computer and the computer runs PPP over it, while the modem bridges the Ethernet frames to the Access Concentrator (AC).
Page 479: Appendix E Wireless Lans
Wireless LAN Topologies This section discusses ad-hoc and infrastructure wireless LAN topologies. Ad-hoc Wireless LAN Configuration The simplest WLAN configuration is an independent (Ad-hoc) WLAN that connects a set of computers with wireless stations (A, B, C). Any time two or more wireless adapters are within range of each other, they can set up an independent network, which is commonly referred to as an Ad-hoc network or Independent Basic Service Set (IBSS).
Page 480: Ess
Prestige 2602H/HW Series User’s Guide Figure 293 Basic Service Set An Extended Service Set (ESS) consists of a series of overlapping BSSs, each containing an access point, with each access point connected together by a wired network. This wired connection between APs is called a Distribution System (DS). This type of wireless LAN topology is called an Infrastructure WLAN.
Page 481: Channel
Figure 294 Infrastructure WLAN Channel A channel is the radio frequency(ies) used by IEEE 802.11a/b/g wireless devices. Channels available depend on your geographical area. You may have a choice of channels (for your region) so you should use a different channel than an adjacent AP (access point) to reduce interference.
Page 482: Fragmentation Threshold
Prestige 2602H/HW Series User’s Guide Figure 295 RTS/CTS When station A sends data to the AP, it might not know that the station B is already using the channel. If these two stations send data at the same time, collisions may occur when both sets of data arrive at the AP at the same time, resulting in a loss of messages for both stations.
Page 483: Preamble Type
A large Fragmentation Threshold is recommended for networks not prone to interference while you should set a smaller threshold for busy networks or networks that are prone to interference. If the Fragmentation Threshold value is smaller than the RTS/CTS value (see previously) you set then the RTS (Request To Send)/CTS (Clear to Send) handshake will never occur as data frames will be fragmented before they reach RTS/CTS size.
Page 484: Ieee 802.1X
Prestige 2602H/HW Series User’s Guide IEEE 802.1x In June 2001, the IEEE 802.1x standard was designed to extend the features of IEEE 802.11 to support extended authentication as well as providing additional accounting and control features. It is supported by Windows XP and a number of network devices. Some advantages of IEEE 802.1x are: •...
Page 485: Types Of Authentication
• Access-Challenge Sent by a RADIUS server requesting more information in order to allow access. The access point sends a proper response from the user and then sends another Access- Request message. The following types of RADIUS messages are exchanged between the access point and the RADIUS server for user accounting: •...
Page 486: Eap-Tls (Transport Layer Security)
Prestige 2602H/HW Series User’s Guide EAP-TLS (Transport Layer Security) With EAP-TLS, digital certifications are needed by both the server and the wireless stations for mutual authentication. The server presents a certificate to the client. After validating the identity of the server, the client sends a different certificate to the server. The exchange of certificates is done in the open before a secured tunnel is created.
Page 487: Wpa
For added security, certificate-based authentications (EAP-TLS, EAP-TTLS and PEAP) use dynamic keys for data encryption. They are often deployed in corporate environments, but for public deployment, a simple user name and password pair is more practical. The following table is a comparison of the features of authentication types. Table 176 Comparison of EAP Authentication Types Mutual Authentication Certificate –...
Page 488: Security Parameters Summary
Prestige 2602H/HW Series User’s Guide The Message Integrity Check (MIC) is designed to prevent an attacker from capturing data packets, altering them and resending them. The MIC provides a strong mathematical function in which the receiver and the transmitter each compute and then compare the MIC. If they do not match, it is assumed that the data has been tampered with and the packet is dropped.
Page 489: Appendix F Triangle Route
The Ideal Setup When the firewall is on, your Prestige acts as a secure gateway between your LAN and the Internet. In an ideal network topology, all incoming and outgoing network traffic passes through the Prestige to protect your LAN against attacks. Figure 296 Ideal Setup The “Triangle Route”...
Page 490: The "Triangle Route" Solutions
Prestige 2602H/HW Series User’s Guide Figure 297 “Triangle Route” Problem The “Triangle Route” Solutions This section presents you two solutions to the “triangle route” problem. IP Aliasing IP alias allows you to partition your network into logical sections over the same Ethernet interface.
Page 491: Gateways On The Wan Side
Gateways on the WAN Side A second solution to the “triangle route” problem is to put all of your network gateways on the WAN side as the following figure shows. This ensures that all incoming network traffic passes through your Prestige to your LAN. Therefore your LAN is protected. Figure 299 Gateways on the WAN Side Appendix F Triangle Route Prestige 2602H/HW Series User’s Guide...
Page 492 Prestige 2602H/HW Series User’s Guide Appendix F Triangle Route...
Page 493: Appendix G Internal Sptgen
Internal SPTGEN Overview Internal SPTGEN (System Parameter Table Generator) is a configuration text file useful for efficient configuration of multiple Prestiges. Internal SPTGEN lets you configure, save and upload multiple menus at the same time using just one configuration text file – eliminating the need to navigate and configure individual SMT menus for each Prestige.
Page 494: Internal Sptgen Ftp Download Example
Prestige 2602H/HW Series User’s Guide Some parameters are dependent on others. For example, if you disable the Configured field in menu 1 (see Figure 300 on page If you enter a parameter that is invalid in the Input column, the Prestige will not save the configuration and the command line will display the Field Identification Number.
Page 495: Internal Sptgen Ftp Upload Example
Figure 303 Internal SPTGEN FTP Download Example c:\ftp 192.168.1.1 220 PPP FTP version 1.0 ready at Sat Jan 1 03:22:12 2000 User (192.168.1.1:(none)): 331 Enter PASS command Password: 230 Logged in ftp>bin 200 Type I OK ftp> get rom-t ftp>bye c:\edit rom-t (edit the rom-t text file by a text editor and save it) Note: You can rename your “...
Page 496: Table 179 Menu 1 General Setup (Smt Menu 1)
Prestige 2602H/HW Series User’s Guide Table 178 Abbreviations Used in the Example Internal SPTGEN Screens Table ABBREVIATION MEANING Parameter Values Allowed INPUT An example of what you may enter Applies to the Prestige. The following are Internal SPTGEN screens associated with the SMT screens of your Prestige. Table 179 Menu 1 General Setup (SMT Menu 1) / Menu 1 General Setup (SMT Menu 1) 10000000 =...
Page 497 Table 180 Menu 3 (SMT Menu 3 (continued)) 30200001 = DHCP 30200002 = Client IP Pool Starting Address 30200003 = Size of Client IP Pool 30200004 = Primary DNS Server 30200005 = Secondary DNS Server 30200006 = Remote DHCP Server 30200008 = IP Address 30200009 =...
Page 498 Prestige 2602H/HW Series User’s Guide Table 180 Menu 3 (SMT Menu 3 (continued)) 30201008 = IP Alias #1 Incoming protocol filters Set 3 30201009 = IP Alias #1 Incoming protocol filters Set 4 30201010 = IP Alias #1 Outgoing protocol filters Set 1 30201011 = IP Alias #1 Outgoing protocol filters...
Page 499 Table 180 Menu 3 (SMT Menu 3 (continued)) 30500004 = RTS Threshold 30500005 = FRAG. Threshold 30500006 = 30500007 = Default Key 30500008 = WEP Key1 30500009 = WEP Key2 30500010 = WEP Key3 30500011 = WEP Key4 30500012 = Wlan Active */ MENU 3.5.1 WLAN MAC ADDRESS FILTER (SMT MENU 3.5.1) 30501001 =...
Page 500: Table 181 Menu 4 Internet Access Setup (Smt Menu 4)
Prestige 2602H/HW Series User’s Guide Table 181 Menu 4 Internet Access Setup (SMT Menu 4) (continued) 40000002 = Active 40000003 = ISP's Name 40000004 = Encapsulation 40000005 = Multiplexing 40000006 = VPI # 40000007 = VCI # 40000008 = Service Name 40000009 = My Login 40000010 =...
Page 501: Table 182 Menu 12 (Smt Menu 12)
Table 181 Menu 4 Internet Access Setup (SMT Menu 4) (continued) 40000032= RIP Version 40000033= Nailed-up Connection Table 182 Menu 12 (SMT Menu 12) / Menu 12.1.1 IP Static Route Setup (SMT Menu 12.1.1) 120101001 = IP Static Route set #1, Name 120101002 = IP Static Route set #1, Active 120101003 =...
Page 502 Prestige 2602H/HW Series User’s Guide Table 182 Menu 12 (SMT Menu 12) (continued) / Menu 12.1.4 IP Static Route Setup (SMT Menu 12.1.4) 120104001 = IP Static Route set #4, Name 120104002 = IP Static Route set #4, Active 120104003 = IP Static Route set #4, Destination IP address 120104004 =...
Page 503 Table 182 Menu 12 (SMT Menu 12) (continued) 120107006 = IP Static Route set #7, Metric 120107007 = IP Static Route set #7, Private / Menu 12.1.8 IP Static Route Setup (SMT Menu 12.1.8) 120108001 = IP Static Route set #8, Name 120108002 = IP Static Route set #8, Active 120108003 =...
Page 504 Prestige 2602H/HW Series User’s Guide Table 182 Menu 12 (SMT Menu 12) (continued) 120111004 = IP Static Route set #11, Destination IP subnetmask 120111005 = IP Static Route set #11, Gateway 120111006 = IP Static Route set #11, Metric 120111007 = IP Static Route set #11, Private */ Menu 12.1.12 IP Static Route Setup (SMT Menu 12.1.12) 120112001 =...
Page 505 Table 182 Menu 12 (SMT Menu 12) (continued) 120115002 = IP Static Route set #15, Active 120115003 = IP Static Route set #15, Destination IP address 120115004 = IP Static Route set #15, Destination IP subnetmask 120115005 = IP Static Route set #15, Gateway 120115006 = IP Static Route set #15, Metric 120115007 =...
Page 506: Table 183 Menu 15 Sua Server Setup (Smt Menu 15)
Prestige 2602H/HW Series User’s Guide Table 183 Menu 15 SUA Server Setup (SMT Menu 15) (continued) 150000014 = SUA Server #4 Port Start 150000015 = SUA Server #4 Port End 150000016 = SUA Server #4 Local IP address 150000017 = SUA Server #5 Active 150000018 = SUA Server #5 Protocol...
Page 507: Table 184 Menu 21.1 Filter Set #1 (Smt Menu 21.1)
Table 183 Menu 15 SUA Server Setup (SMT Menu 15) (continued) 150000048 = SUA Server #11 Protocol 150000049 = SUA Server #11 Port Start 150000050 = SUA Server #11 Port End 150000051 = SUA Server #11 Local IP address 150000052 = SUA Server #12 Active 150000053 = SUA Server #12 Protocol...
Page 508 Prestige 2602H/HW Series User’s Guide Table 184 Menu 21.1 Filter Set #1 (SMT Menu 21.1) (continued) / Menu 21.1.1.2 set #1, rule #2 (SMT Menu 21.1.1.2) 210102001 = IP Filter Set 1,Rule 2 Type 210102002 = IP Filter Set 1,Rule 2 Active 210102003 = IP Filter Set 1,Rule 2 Protocol 210102004 =...
Page 509 Table 184 Menu 21.1 Filter Set #1 (SMT Menu 21.1) (continued) 210103013 = IP Filter Set 1,Rule 3 Act Match 210103014 = IP Filter Set 1,Rule 3 Act Not Match / Menu 21.1.1.4 set #1, rule #4 (SMT Menu 21.1.1.4) 210104001 = IP Filter Set 1,Rule 4 Type 210104002 =...
Page 510: Table 185 Menu 21.1 Filer Set #2, (Smt Menu 21.1)
Prestige 2602H/HW Series User’s Guide Table 184 Menu 21.1 Filter Set #1 (SMT Menu 21.1) (continued) 210105009 = IP Filter Set 1,Rule 5 Src Subnet Mask 210105010 = IP Filter Set 1,Rule 5 Src Port 210105011 = IP Filter Set 1,Rule 5 Src Port Comp 210105013 = IP Filter Set 1,Rule 5 Act Match 210105014 =...
Page 511 Table 185 Menu 21.1 Filer Set #2, (SMT Menu 21.1) (continued) / Menu 21.1.2.1 Filter set #2, rule #1 (SMT Menu 21.1.2.1) 210201001 = IP Filter Set 2, Rule 1 Type 210201002 = IP Filter Set 2, Rule 1 Active 210201003 = IP Filter Set 2, Rule 1 Protocol 210201004 =...
Page 512 Prestige 2602H/HW Series User’s Guide Table 185 Menu 21.1 Filer Set #2, (SMT Menu 21.1) (continued) 210202009 = IP Filter Set 2, Rule 2 Src Subnet Mask 210202010 = IP Filter Set 2,Rule 2 Src Port 210202011 = IP Filter Set 2, Rule 2 Src Port Comp 210202013 = IP Filter Set 2, Rule 2 Act Match...
Page 513 Table 185 Menu 21.1 Filer Set #2, (SMT Menu 21.1) (continued) 210204002 = IP Filter Set 2, Rule 4 Active 210204003 = IP Filter Set 2, Rule 4 Protocol 210204004 = IP Filter Set 2, Rule 4 Dest IP address 210204005 = IP Filter Set 2, Rule 4 Dest Subnet Mask...
Page 514 Prestige 2602H/HW Series User’s Guide Table 185 Menu 21.1 Filer Set #2, (SMT Menu 21.1) (continued) 210205011 = IP Filter Set 2, Rule 5 Src Port Comp 210205013 = IP Filter Set 2, Rule 5 Act Match 210205014 = IP Filter Set 2, Rule 5 Act Not Match / Menu 21.1.2.6 Filter set #2, rule #6 (SMT Menu 21.1.2.5) 210206001 =...
Page 515: Table 186 Menu 23 System Menus (Smt Menu 23)
Table 186 Menu 23 System Menus (SMT Menu 23) */ Menu 23.1 System Password Setup (SMT Menu 23.1) 230000000 = System Password */ Menu 23.2 System security: radius server (SMT Menu 23.2) 230200001 = Authentication Server Configured 230200002 = Authentication Server Active 230200003 = Authentication Server IP Address 230200004 =...
Page 516: Command Examples
Prestige 2602H/HW Series User’s Guide Table 186 Menu 23 System Menus (SMT Menu 23) (continued) 230400008 = WPA Mixed Mode 230400009 = Data Privacy for Broadcast/ Multicast packets 230400010 = WPA Broadcast/Multicast Key Update Timer Table 187 Menu 24.11 Remote Management Control (SMT Menu 24.11) / Menu 24.11 Remote Management Control (SMT Menu 24.11) 241100001 = TELNET Server Port...
Page 517 Table 188 Command Examples (continued) 990000001 = ADSL OPMD Appendix G Internal SPTGEN Prestige 2602H/HW Series User’s Guide INPUT INPUT <0(etsi)|1(normal) |2(gdmt)|3(multimo de)>...
Page 518 Prestige 2602H/HW Series User’s Guide Appendix G Internal SPTGEN...
Page 519: Appendix H Command Interpreter
The following describes how to use the command interpreter. Enter 24 in the main menu to bring up the system maintenance menu. Enter 8 to go to Menu 24.8 - Command Interpreter Mode. See the included disk or zyxel.com for more detailed information on these commands. Note: Use of undocumented commands or misconfiguration can damage the unit and possibly render it unusable.
Page 520 Prestige 2602H/HW Series User’s Guide Appendix H Command Interpreter...
Page 521: Appendix I Firewall Commands
Sys Firewall Commands The following describes the firewall commands. See the Command Interpreter appendix for information on the command structure. these commands must be preceded by them. For example, type firewall. Table 189 Sys Firewall Command disp active <yes|no> disp clear pktdump dynamicrule...
Page 522 Prestige 2602H/HW Series User’s Guide Appendix I Firewall Commands...
Page 523: Appendix J Boot Commands
The BootModule AT commands execute from within the router’s bootup software, when debug mode is selected before the main router firmware is started. When you start up your Prestige, you are given a choice to go into debug mode by pressing a key at the prompt shown in the following screen.
Page 524: Figure 306 Boot Module Commands
Prestige 2602H/HW Series User’s Guide Figure 306 Boot Module Commands just answer OK ATHE print help ATBAx change baudrate. 1:38.4k, 2:19.2k, 3:9.6k 4:57.6k 5:115.2k ATENx,(y) set BootExtension Debug Flag (y=password) ATSE show the seed of password generator ATTI(h,m,s) change system time to hour:min:sec or show current time ATDA(y,m,d) change system date to year/month/day or show...
Page 525: Appendix K Log Descriptions
This appendix provides descriptions of example log messages. Table 190 System Maintenance Logs LOG MESSAGE Time calibration is successful Time calibration failed WAN interface gets IP: %s DHCP client IP expired DHCP server assigns %s Successful SMT login SMT login failed Successful WEB login WEB login failed Successful TELNET login...
Page 526: Table 191 System Error Logs
Prestige 2602H/HW Series User’s Guide Table 190 System Maintenance Logs (continued) LOG MESSAGE Configuration Change: PC = 0x%x, Task ID = 0x%x Successful SSH login SSH login failed Successful HTTPS login HTTPS login failed Table 191 System Error Logs LOG MESSAGE %s exceeds the max.
Page 527: Table 193 Tcp Reset Logs
Table 193 TCP Reset Logs LOG MESSAGE Under SYN flood attack, sent TCP RST Exceed TCP MAX incomplete, sent TCP RST Peer TCP state out of order, sent TCP RST Firewall session time out, sent TCP RST Exceed MAX incomplete, sent TCP RST Access block, sent TCP Table 194 Packet Filter Logs...
Page 528: Table 196 Cdr Logs
Prestige 2602H/HW Series User’s Guide Table 195 ICMP Logs (continued) LOG MESSAGE Triangle route packet forwarded: ICMP Packet without a NAT table entry blocked: ICMP Unsupported/out-of-order ICMP: ICMP Router reply ICMP packet: ICMP Table 196 CDR Logs LOG MESSAGE board %d line %d channel %d, call %d, %s C01 Outgoing Call dev=%x ch=%x %s board %d line %d channel %d,...
Page 529: Table 198 Upnp Logs
Table 198 UPnP Logs LOG MESSAGE UPnP pass through Firewall Table 199 Content Filtering Logs LOG MESSAGE %s: block keyword For type and code details, see Table 200 Attack Logs LOG MESSAGE attack [ TCP | UDP | IGMP | ESP | GRE | OSPF ] attack ICMP (type:%d, code:%d) land [ TCP | UDP | IGMP |...
Page 530: Table 201 802.1X Logs
Prestige 2602H/HW Series User’s Guide Table 200 Attack Logs (continued) LOG MESSAGE ip spoofing - no routing entry ICMP (type:%d, code:%d) vulnerability ICMP (type:%d, code:%d) traceroute ICMP (type:%d, code:%d) Table 201 802.1X Logs LOG MESSAGE Local User Database accepts user. Local User Database reports user credential error.
Page 531: Table 202 Acl Setting Notes
Table 201 802.1X Logs (continued) LOG MESSAGE No Server to authenticate user. Local User Database does not find user`s credential. Table 202 ACL Setting Notes PACKET DIRECTION (L to W) (W to L) (L to L/Prestige) (W to W/Prestige) Table 203 ICMP Notes TYPE CODE Appendix K Log Descriptions...
Page 532: Table 204 Syslog Logs
Prestige 2602H/HW Series User’s Guide Table 203 ICMP Notes (continued) TYPE CODE Table 204 Syslog Logs LOG MESSAGE <Facility*8 + Severity>Mon dd hr:mm:ss hostname src="<srcIP:srcPort>" dst="<dstIP:dstPort>" msg="<msg>" note="<note>" devID="<mac address last three numbers>" cat="<category> Table 205 SIP Logs LOG MESSAGE SIP Registration Success by SIP:SIP Phone Number SIP Registration Fail by...
Page 533: Table 206 Rtp Logs
Table 206 RTP Logs LOG MESSAGE Error, RTP init fail Error, Call fail: RTP connect fail Error, RTP connection cannot close Table 207 FSM Logs: Caller Side LOG MESSAGE VoIP Call Start Ph[Phone Port Number] <- Outgoing Call Number VoIP Call Established Ph[Phone Port] ->...
Page 534: Log Commands
1 Use the sys logs load configure which logs the Prestige is to record. 2 Use sys logs category Figure 307 Displaying Log Categories Example Copyright (c) 1994 - 2004 ZyXEL Communications Corp. ras> ? Valid commands are: exit wlan radius 8021x ras>...
Page 535: Displaying Logs
Figure 308 Displaying Log Parameters Example ras> sys logs category access Usage: [0:none/1:log/2:alert/3:both] ras> 4 Use sys logs category record. Use 0 to not record logs for that category, 1 to record only logs for that category, 2 to record only alerts for that category, and 3 to record both logs and alerts for that category. Not every parameter is available with every category.
Page 536: Log Command Example
Prestige 2602H/HW Series User’s Guide Log Command Example This example shows how to set the Prestige to record the access logs and alerts and then view the results. Figure 309 Log Command Example ras> sys logs load ras> sys logs category access 3 ras>...
Page 537 Numerics 110V AC 230V AC 64kbps 8kbps AAL5 Abnormal Working Conditions Access methods Accessories ACK Message Acts of God Address Mapping Address Resolution Protocol (ARP) ADSL Standards ADSL, what is it? ADSL2 AH (Authentication Header) AH Protocol AIM/NEW_ICQ (TCP 5190) Airflow 51, 137 Allow Asymmetrical Route...
Page 538 Prestige 2602H/HW Series User’s Guide Bandwidth Manager Summary Basement BGP (TCP 179) Blocking Time BOOTP_CLIENT (UDP 68) BOOTP_SERVER (UDP 67) Border Gateway Protocol Borrow bandwidth from parent class Bridging 322, 333 Ether Address Ethernet Ethernet Addr Timeout Remote Node Static Route Setup Brute-force Attack Budget Management 402, 403...
Page 539 Customer Support Customized Services Damage Dampness Danger Data Confidentiality Data Encryption Standard Data Filtering Data Integrity Data Origin Authentication Data Privacy Daylight Savings DBPSK Dealer Default LAN IP Address Default User Name and Password Defective Denial of Service 168, 169, 200, 353 Denmark, Contact Information Destination Address Device Filter Rules...
Page 540 Prestige 2602H/HW Series User’s Guide Encapsulation 66, 109, 209, 317, 320 ENET ENCAP PPP over Ethernet PPPoA RFC 1483 Encapsulation Security Payload Encryption 207, 487 Equal Value Error Log Errors ESP Protocol ESSID (Extended Service Set Identification) Europe Europe Type Europe Type Call Service Mode Exiting the SMT Expiration Duration...
Page 541 G.168 50, 145, 454 G.168 Active G.711 138, 142, 454 G.729 138, 142, 454 G.992.1 G.992.3 G.992.4 G.992.5 G.dmt G.lite G992.2 Gas Pipes Gateway Gateway Node General Ethernet Setup General Setup Generic Filter Germany, Contact Information God, act of Graphical User Interface (GUI) H.323 (TCP 1720) H.323 Passthrough Half-Open Sessions...
Page 542 Prestige 2602H/HW Series User’s Guide Internet Group Multicast Protocol Internet Key Exchange Internet Messenger Internet Protocol Security Internet Telephony Service Provider IP (AX.25 0) IP (IPv6) IP Address 77, 83, 125, 283, 307, 331, 335, 361, 382, 387, 413 IP Address Assignment ENET ENCAP PPPoA or PPPoE RFC 1483...
Page 543 Logical Networks Login Logs MAC (Media Access Control) Address MAC Address MAC Address Filter Filter Action MAC Address Filter Action 96, 311 MAC Address Filtering MAC Filter Main Menu Maintenance Management Idle Timeout Period Management Information Base (MIB) Materials Maximize Bandwidth Usage Maximum Burst Size Maximum Burst Size (MBS) 112, 115...
Page 544 Prestige 2602H/HW Series User’s Guide Notebook Computer NTP (TCP/UDP 123) NTP Time Servers OFDM OK Response One-Minute High Opening Operating Condition Operating Frequency Operation Humidity Operation Temperature Orthogonal Frequency Division Multiplexing Modulation Out-dated Warranty Outgoing Call use Outlet Outside Header Packet Error Received...
Page 545 PPTP_TUNNEL (GRE 0) Preamble Mode Precedence 411, 414 Pre-defined NTP Time Servers List Preferred Codec Pre-Shared Key 221, 376, 431 Format Prestige Priority Priority-based Scheduler Private 324, 331 Private MIBs Product Model Product Page Product Serial Number Products Proof of Purchase Proper Operating Condition Proportional Bandwidth Allocation Protocol...
Page 546 Prestige 2602H/HW Series User’s Guide Reorient Repair 6, 7 Replace Replacement Reports and Logs Reproduction Required fields Reset ADSL Line Reset Button Resetting the Prestige Restore Restore Configuration Return Material Authorization (RMA) Number Returned Products Returns REXEC (TCP 514) RF (Radio Frequency) RFC 1483 110, 452 RFC 1631...
Page 547 Server 45, 124, 339, 341, 342, 343, 344, 345, 346, 347, Server Behind NAT Service 6, 7, 183 Service Personnel Service Type 192, 440 Services Session Description Protocol Session Expires Session Initiating Protocol Session Initiation Protocol SFTP (TCP 115) Shared Secret 107, 374 Shipping Shock, Electric...
Page 548 Prestige 2602H/HW Series User’s Guide Supply Voltage Support E-mail Supporting Disk Sustain Cell Rate Sustain Cell Rate (SCR) Sustained Cell Rate (SCR) Sweden, Contact Information Swimming Pool Switch SYN Flood 170, 171 SYN-ACK Syntax Conventions Syslog SYSLOG (UDP 514) Syslog IP Address Syslog Server System Console Port Speed...
Page 549 UBR (Unspecified Bit Rate) UDP/ICMP Security Undesired Operations Uniform Resource Identifier Universal Plug and Play Application Security issues Universal Plug and Play (UPnP) Universal Plug and Play Forum UNIX Syslog 383, 384 UNIX Syslog Parameters Unregister Unspecified Bit Rate Up Time Upload Firmware 288, 396 UPnP...
Page 550 Written Permission Zero Configuration Zero Configuration Internet Access 49, 113 ZyNOS 3, 390 ZyNOS (ZyXEL Network Operating System) ZyNOS F/W Version ZyXEL Communications Corporation ZyXEL Home Page ZyXEL Limited Warranty Note ZyXEL Network Operating System ZyXEL Private MIBs ZyXEL’s Firewall Introduction...

This manual is also suitable for:

P-2602h P-2602hw Prestige 2602hw series

ZyXEL Communications Prestige 2602H Series User Manual

Chapter 1 Getting to Know Your Prestige

Chapter 2 Introducing the Web Configurator

Chapter 3 Wizard Setup

Chapter 4 LAN Setup

Chapter 5 Wireless LAN (P2602HW Models)

Chapter 6 WAN Setup

Chapter 7 Network Address Translation (NAT) Screens

Chapter 8 Introduction to Voip

Chapter 9 Voice Screens

Chapter 10 Phone Usage

Chapter 11 Dynamic DNS Setup

Chapter 12 Time and Date

Quick Links

Troubleshooting

Related Manuals for ZyXEL Communications Prestige 2602H Series

Summary of Contents for ZyXEL Communications Prestige 2602H Series