Page 1 Prestige 662H/HW Series ADSL 2+ 4-Port Security Gateway User’s Guide Version 3.40 November 2004...
Page 3: Federal Communications Commission (Fcc) Interference Statement
Prestige 662H/HW Series User’s Guide Federal Communications Commission (FCC) Interference This device complies with Part 15 of FCC rules. Operation is subject to the following two conditions: • This device may not cause harmful interference. • This device must accept any interference received, including interference that may cause undesired operations.
Page 4: Zyxel Limited Warranty
ZyXEL Limited Warranty ZyXEL warrants to the original end user (purchaser) that this product is free from any defects in materials or workmanship for a period of up to two years from the date of purchase. During the warranty period, and upon proof of purchase, should the product have indications of failure due to faulty workmanship and/or materials, ZyXEL will, at its discretion, repair or replace the defective products or components without charge for either parts or labor, and to whatever extent it shall deem necessary to restore the product or components to proper operating...
Page 5: Customer Support
+47 22 80 61 81 +46 31 744 7700 www.zyxel.se +46 31 744 7701 +358-9-4780-8411 www.zyxel.fi +358-9-4780 8448 REGULAR MAIL ZyXEL Communications Corp. 6 Innovation Road II Science Park Hsinchu 300 Taiwan ZyXEL Communications Inc. 1130 N. Miller St. Anaheim CA 92806-2001 U.S.A.
Page 6 Prestige 662H/HW Series User’s Guide Customer Support...
Page 7 Prestige 662H/HW Series User’s Guide Customer Support...
Page 8: Table Of Contents
Copyright ... 2 Federal Communications Commission (FCC) Interference Statement ... 3 ZyXEL Limited Warranty... 4 Customer Support... 5 Table of Contents ... 8 List of Figures ... 26 List of Tables ... 34 Preface ... 40 Introduction to DSL... 42 Chapter 1 Getting To Know Your Prestige...
Page 9 Prestige 662H/HW Series User’s Guide 3.1.1 Encapsulation ...60 3.1.1.1 ENET ENCAP ...60 3.1.1.2 PPP over Ethernet ...60 3.1.1.3 PPPoA ...60 3.1.1.4 RFC 1483 ...61 3.1.2 Multiplexing ...61 3.1.2.1 VC-based Multiplexing ...61 3.1.2.2 LLC-based Multiplexing ...61 3.1.3 VPI and VCI ...61 3.2 Internet Access Wizard Setup: First Screen ...61 3.3 IP Address and Subnet Mask ...62 3.3.1 IP Address Assignment ...63...
Page 10 6.3 DNS Server Address Assignment ...79 6.4 LAN TCP/IP ...80 6.4.1 Factory LAN Defaults ...80 6.4.2 IP Address and Subnet Mask ...80 6.4.3 RIP Setup ...80 6.4.4 Multicast ...81 6.5 Any IP ...81 6.5.1 How Any IP Works ...82 6.6 Configuring LAN ...83 6.7 Configuring Static DHCP ...84 Chapter 7 DMZ ...
Page 11 Prestige 662H/HW Series User’s Guide 8.12.3 Authentication Required: WPA-PSK ...106 8.13 Configuring Local User Authentication ...108 8.14 Configuring RADIUS ...109 Chapter 9 WAN Setup... 112 9.1 WAN Overview ...112 9.2 Metric ...112 9.3 PPPoE Encapsulation ...113 9.4 Traffic Shaping ...113 9.5 Zero Configuration Internet Access ...114 9.6 Configuring WAN Setup ...114 9.7 Traffic Redirect ...117...
Page 12 Chapter 12 Time and Date... 142 12.1 Configuring Time and Date ...142 Chapter 13 Firewalls... 144 13.1 Firewall Overview ...144 13.2 Types of Firewalls ...144 13.2.1 Packet Filtering Firewalls ...144 13.2.2 Application-level Firewalls ...144 13.2.3 Stateful Inspection Firewalls ...145 13.3 Introduction to ZyXEL’s Firewall ...145 13.3.1 Denial of Service Attacks ...146 13.4 Denial of Service ...146 13.4.1 Basics ...146...
Page 13 Prestige 662H/HW Series User’s Guide 14.3.3.3 Source Address ...160 14.3.3.4 Destination Address ...161 14.4 Connection Direction Example ...161 14.4.1 LAN to WAN Rules ...161 14.4.2 WAN to LAN Rules ...161 14.4.3 Alerts ...162 14.5 Configuring Basic Firewall Settings ...162 14.6 Rule Summary ...164 14.6.1 Configuring Firewall Rules ...165 14.7 Customized Services ...168 14.8 Creating/Editing A Customized Service ...168...
Page 14 Chapter 17 Anti-Virus Packet Scan ... 204 17.1 Overview ...204 17.1.1 Types of Computer Viruses ...204 17.2 Signature-Based Virus Scan ...204 17.2.1 Computer Virus Infection and Prevention ...205 17.3 Introduction to the Prestige Anti-virus Packet Scan ...205 17.3.1 How the Prestige Virus Scan Works ...206 17.3.2 Limitations of the Prestige Packet Scan ...206 17.4 Anti-virus Packet Scan Configuration ...207 17.5 Registration and Online Update ...208...
Page 15 Prestige 662H/HW Series User’s Guide 19.7 NAT Traversal ...222 19.7.1 NAT Traversal Configuration ...223 19.7.2 Remote DNS Server ...223 19.8 ID Type and Content ...224 19.8.1 ID Type and Content Examples ...225 19.9 Pre-Shared Key ...226 19.10 Editing VPN Policies ...226 19.11 IKE Phases ...231 19.11.1 Negotiation Mode ...232 19.11.2 Diffie-Hellman (DH) Key Groups ...233...
Page 16 Chapter 22 Logs Screens... 264 22.1 Logs Overview ...264 22.1.1 Alerts and Logs ...264 22.2 Configuring Log Settings ...264 22.3 Displaying the Logs ...266 22.4 SMTP Error Messages ...267 22.4.1 Example E-mail Log ...268 Chapter 23 Media Bandwidth Management Advanced Setup... 270 23.1 Bandwidth Management Advanced Setup Overview ...270 23.2 Bandwidth Classes and Filters ...270 23.3 Proportional Bandwidth Allocation ...271...
Page 17 Prestige 662H/HW Series User’s Guide 24.6.1 Diagnostic General Screen ...290 24.6.2 Diagnostic DSL Line Screen ...291 24.7 Firmware Screen ...293 Chapter 25 Introducing the SMT ... 296 25.1 SMT Introduction ...296 25.1.1 Procedure for SMT Configuration via Telnet ...296 25.1.2 Entering Password ...296 25.1.3 Prestige SMT Menu Overview ...297 25.2 Navigating the SMT Interface ...297 25.2.1 System Management Terminal Interface Summary ...299...
Page 18 Chapter 30 Internet Access ... 320 30.1 Internet Access Overview ...320 30.2 IP Policies ...320 30.3 IP Alias ...320 30.4 IP Alias Setup ...321 30.5 Route IP Setup ...322 30.6 Internet Access Configuration ...323 Chapter 31 Remote Node Configuration ... 326 31.1 Remote Node Setup Overview ...326 31.2 Remote Node Setup ...326 31.2.1 Remote Node Profile ...326...
Page 19 Prestige 662H/HW Series User’s Guide 34.2 Applying NAT ...344 34.3 NAT Setup ...346 34.3.1 Address Mapping Sets ...346 34.3.1.1 SUA Address Mapping Set ...347 34.3.1.2 User-Defined Address Mapping Sets ...348 34.3.1.3 Ordering Your Rules ...349 34.4 Configuring a Server behind NAT ...350 34.5 General NAT Examples ...352 34.5.1 Example 1: Internet Access Only ...352 34.5.2 Example 2: Internet Access with an Inside Server ...353...
Page 20 Chapter 38 System Security ... 380 38.1 System Security ...380 38.1.1 System Password ...380 38.1.2 Configuring External RADIUS Server ...380 38.1.3 IEEE802.1x ...382 38.2 Creating User Accounts on the Prestige ...384 Chapter 39 System Information and Diagnosis ... 386 39.1 Overview ...386 39.2 System Status ...386 39.3 System Information ...388 39.3.1 System Information ...388...
Page 21 Prestige 662H/HW Series User’s Guide 40.4.6 TFTP Upload Command Example ...408 40.4.7 Uploading Via Console Port ...408 40.4.8 Uploading Firmware File Via Console Port ...408 40.4.9 Example Xmodem Firmware Upload Using HyperTerminal ...409 40.4.10 Uploading Configuration File Via Console Port ...409 40.4.11 Example Xmodem Configuration Upload Using HyperTerminal ...410 Chapter 41 System Maintenance...
Page 22 45.4 IKE Setup ...441 45.5 Manual Setup ...443 45.5.1 Active Protocol ...443 45.5.2 Security Parameter Index (SPI) ...443 Chapter 46 SA Monitor ... 446 46.1 SA Monitor Overview ...446 46.2 Using SA Monitor ...446 Chapter 47 Internal SPTGEN ... 450 47.1 Internal SPTGEN Overview ...450 47.2 The Configuration Text File Format ...450 47.2.1 Internal SPTGEN File Modification - Important Points to Remember ...451...
Page 23 Prestige 662H/HW Series User’s Guide Configuring ... 464 Verifying Settings ... 465 Windows 2000/NT/XP ... 465 Verifying Settings ... 469 Macintosh OS 8/9... 469 Verifying Settings ... 471 Macintosh OS X ... 471 Verifying Settings ... 472 Appendix D IP Subnetting ... 474 IP Addressing...
Page 24 IEEE 802.1x ... 490 Advantages of the IEEE 802.1x ... 490 RADIUS Server Authentication Sequence... 491 Appendix I Types of EAP Authentication ... 492 EAP-MD5 (Message-Digest Algorithm 5)... 492 EAP-TLS (Transport Layer Security)... 492 EAP-TTLS (Tunneled Transport Layer Service) ... 492 PEAP (Protected EAP)...
Page 25 Prestige 662H/HW Series User’s Guide Appendix O Firewall Commands ... 530 Appendix O Sys Firewall Commands ...530 Appendix P NetBIOS Filter Commands ... 532 Introduction ... 532 Display NetBIOS Filter Settings ... 532 NetBIOS Filter Configuration... 533 Appendix Q Brute-Force Password Guessing Protection... 536 Example ...
Page 26: List Of Figures
Prestige 662H/HW Series User’s Guide List of Figures Figure 1 Prestige Internet Access Application ... 51 Figure 2 Firewall Application ... 52 Figure 3 Prestige LAN-to-LAN Application ... 52 Figure 4 Password Screen ... 55 Figure 5 Change Password at Login ... 55 Figure 6 Web Configurator: Site Map Screen ...
Page 27 Prestige 662H/HW Series User’s Guide Figure 37 Example of Traffic Shaping ... 114 Figure 38 WAN Setup (PPPoE) ... 115 Figure 39 Traffic Redirect Example ... 118 Figure 40 Traffic Redirect LAN Setup ... 118 Figure 41 WAN Backup ... 119 Figure 42 Advanced WAN Backup ...
Page 28 Prestige 662H/HW Series User’s Guide Figure 80 Content Access Control: General: Diagnose ... 198 Figure 81 Content Access Control: User Profiles ... 199 Figure 82 Content Access Control: Online Status ... 200 Figure 83 Content Access Control: User Login Screen ...
Page 29 Prestige 662H/HW Series User’s Guide Figure 123 View Logs ... 267 Figure 124 E-mail Log Example ... 268 Figure 125 Application-based Bandwidth Management Example ... 271 Figure 126 Subnet-based Bandwidth Management Example ... 272 Figure 127 Application and Subnet-based Bandwidth Management Example ... 272 Figure 128 Bandwidth Allotment Example ...
Page 30 Prestige 662H/HW Series User’s Guide Figure 166 Menu 11.1 Remote Node Profile ... 328 Figure 167 Menu 11.3 Remote Node Network Layer Options ... 330 Figure 168 Sample IP Addresses for a TCP/IP LAN-to-LAN Connection ... 332 Figure 169 Menu 11.5 Remote Node Filter (RFC 1483 or ENET Encapsulation) ... 333 Figure 170 Menu 11.5 Remote Node Filter (PPPoA or PPPoE Encapsulation) ...
Page 31 Prestige 662H/HW Series User’s Guide Figure 209 NetBIOS_LAN Filter Rules Summary ... 365 Figure 210 IGMP Filter Rules Summary ... 365 Figure 211 Menu 21.1.x.1 TCP/IP Filter Rule ... 367 Figure 212 Executing an IP Filter ... 369 Figure 213 Menu 21.1.5.1 Generic Filter Rule ... 370 Figure 214 Protocol and Device Filter Sets ...
Page 32 Prestige 662H/HW Series User’s Guide Figure 252 Telnet Into Menu 24.7.2 System Maintenance ... 406 Figure 253 FTP Session Example of Firmware File Upload ... 407 Figure 254 Menu 24.7.1 As Seen Using the Console Port ... 408 Figure 255 Example Xmodem Upload ... 409 Figure 256 Menu 24.7.2 As Seen Using the Console Port ...
Page 33 Prestige 662H/HW Series User’s Guide Figure 7 Windows 95/98/Me: TCP/IP Properties: IP Address ... 464 Figure 8 Windows 95/98/Me: TCP/IP Properties: DNS Configuration ... 465 Figure 9 Windows XP: Start Menu ... 466 Figure 10 Windows XP: Control Panel ... 466 Figure 11 Windows XP: Control Panel: Network Connections: Properties ...
Page 34: List Of Tables
Prestige 662H/HW Series User’s Guide List of Tables Table 1 ADSL Standards ... 44 Table 2 IEEE802.11g ... 46 Table 3 Web Configurator Screens Summary ... 57 Table 4 Internet Access Wizard Setup: First Screen ... 62 Table 5 Internet Connection with PPPoE ... 65 Table 6 Internet Connection with RFC 1483 ...
Page 35 Prestige 662H/HW Series User’s Guide Table 37 Dynamic DNS ... 141 Table 38 Time and Date ... 143 Table 39 Common IP Ports ... 147 Table 40 ICMP Commands That Trigger Alerts ... 149 Table 41 Legal NetBIOS Commands ... 149 Table 42 Legal SMTP Commands ...
Page 36 Prestige 662H/HW Series User’s Guide Table 80 Configuring UPnP ... 252 Table 81 Log Settings ... 265 Table 82 View Logs ... 267 Table 83 SMTP Error Messages ... 267 Table 84 Application and Subnet-based Bandwidth Management Example ... 272 Table 85 Media Bandwidth Management: Summary ...
Page 37 Prestige 662H/HW Series User’s Guide Table 123 Menu 15.1.1 First Set ... 349 Table 124 Menu 15.1.1.1 Editing/Configuring an Individual Rule in a Set ... 350 Table 125 Abbreviations Used in the Filter Rules Summary Menu ... 365 Table 126 Rule Abbreviations Used ... 366 Table 127 Menu 21.1.x.1 TCP/IP Filter Rule ...
Page 38 Prestige 662H/HW Series User’s Guide Table 3 Allowed IP Address Range By Class ... 475 Table 4 “Natural” Masks ... 475 Table 5 Alternative Subnet Mask Notation ... 476 Table 6 Two Subnets Example ... 476 Table 7 Subnet 1 ... 477 Table 8 Subnet 2 ...
Page 39 Prestige 662H/HW Series User’s Guide Table 46 Syslog Logs ... 551 Table 47 RFC-2408 ISAKMP Payload Types ... 551...
Page 40: Preface
Congratulations on your purchase of the Prestige 662HW Wireless ADSL Security Gateway or the Prestige 662H ADSL Security Gateway. Note: Register your product online to receive e-mail notices of firmware upgrades and information at www.us.zyxel.com The Prestige 662HW has the built-in IEEE 802.11g wireless feature that provides wireless LAN connection without the expense of additional network cabling infrastructure.
Page 41: User Guide Feedback
Help us help you. E-mail all User Guide-related comments, questions or suggestions for improvement to techwriters@zyxel.com.tw or send regular mail to The Technical Writing Team, ZyXEL Communications Corp., 6 Innovation Road II, Science-Based Industrial Park, Hsinchu, 300, Taiwan. Thank you.
Page 42: Introduction To Dsl
Prestige 662H/HW Series User’s Guide Introduction to DSL DSL (Digital Subscriber Line) technology enhances the data capacity of the existing twisted- pair wire that runs between the local telephone company switching offices and most homes and offices. While the wire itself can handle higher frequencies, the telephone switching equipment is designed to cut off signals above 4,000 Hz to filter noise off the voice line, but now everybody is searching for ways to get more bandwidth to improve access to the Web - hence DSL technologies.
Page 43 Prestige 662H/HW Series User’s Guide Introduction to DSL...
Page 44: Getting To Know Your Prestige
This chapter describes the key features and applications of your Introducing the Prestige Your Prestige integrates high-speed 10/100Mbps auto-negotiating LAN interface(s) and a high-speed ADSL port into a single package. The Prestige is ideal for high-speed Internet browsing and making LAN-to-LAN connections to remote networks. The Prestige is an ADSL router compatible with the ADSL/ADSL2/ADSL2+ standards.
Page 45: Features Of The Prestige
Prestige 662H/HW Series User’s Guide Models ending in “1”, for example Prestige 662HW-61, denote a device that works over the analog telephone system, POTS (Plain Old Telephone Service). Models ending in “3” denote a device that works over ISDN (Integrated Synchronous Digital System). Models ending in “7” denote a device that works over T-ISDN (UR-2).
Page 46: Table 2 Ieee802.11G
Content Filtering Content filtering allows you to block access to forbidden Internet web sites, schedule when the Prestige should perform the filtering and give trusted LAN IP addresses unfiltered Internet access. Content Access Control The Prestige can control access privileges to website and services through Content Access Control (CAC).
Page 47: External Antenna
Prestige 662H/HW Series User’s Guide External Antenna The Prestige is equipped with an antenna connector and comes with a detachable 5dBi antenna to provide clear radio signal between the wireless stations and the access points. Note: Under the CE regulations, when using a 5dBi or higher gain antenna with the Prestige 662HW, the maximum antenna power output must be less or equal to 20dBm.
Page 48: Dynamic Dns Support
PPPoE Support (RFC2516) PPPoE (Point-to-Point Protocol over Ethernet) emulates a dial-up connection. It allows your ISP to use their existing network configuration with newer broadband technologies such as ADSL. The PPPoE driver on the Prestige is transparent to the computers on the LAN, which see only Ethernet and are not aware of PPPoE thus saving you from having to manage PPPoE clients on individual computers.
Page 49: Protocol Support
Prestige 662H/HW Series User’s Guide • Supports Multi-Mode standard (ANSI T1.413, Issue 2; G.dmt (G.992.1); G.lite (G992.2)). • TCP/IP (Transmission Control Protocol/Internet Protocol) network layer protocol. • ATM Forum UNI 3.1/4.0 PVC. • Supports up to 8 PVCs (UBR, CBR, VBR). •...
Page 50: Network Management
Multiplexing The Prestige supports VC-based and LLC-based multiplexing. Encapsulation The Prestige supports PPPoA (RFC 2364 - PPP over ATM Adaptation Layer 5), RFC 1483 encapsulation over ATM, MAC encapsulated routing (ENET encapsulation) as well as PPP over Ethernet (RFC 2516). Network Management •...
Page 51: Applications For The Prestige
Prestige 662H/HW Series User’s Guide Housing Your Prestige's compact and ventilated housing minimizes space requirements making it easy to position anywhere in your busy office. 1.1.2 Applications for the Prestige Here are some example uses for which the Prestige is well suited. 1.1.2.1 Internet Access The Prestige is the ideal high-speed Internet access solution.
Page 52: Lan To Lan Application
Figure 2 Firewall Application 1.1.3.1 LAN to LAN Application You can use the Prestige to connect two geogr A typical LAN-to-LAN application for your Prestige is shown as follows. Figure 3 Prestige LAN-to-LAN Application 1.1.4 Prestige Hardware Installation and Connection Refer to the Quick Start Guide for information on hardware installation and connection and LED descriptions.
Page 53 Prestige 662H/HW Series User’s Guide Chapter 1 Getting To Know Your Prestige...
Page 54: Introducing The Web Configurator
2.1 Web Configurator Overview The web configurator is an HTML-based management interface that allows easy Prestige setup and management via Internet browser. Use Internet Explorer 6.0 and later or Netscape Navigator 7.0 and later versions with JavaScript enabled. Recommended screen resolution is 1024 by 768 pixels.
Page 55: Resetting The Prestige
Prestige 662H/HW Series User’s Guide Figure 4 Password Screen 6 It is highly recommended you change the default password! Enter a new password, retype it to confirm and click Apply; alternatively click Ignore to proceed to the main menu if you do not want to change the password now.
Page 56: Navigating The Prestige Web Configurator
2 Press the RESET button for ten seconds or until the PWR/SYS LED begins to blink and then release it. When the PWR/SYS LED begins to blink, the defaults have been restored and the Prestige restarts. 2.1.3 Navigating the Prestige Web Configurator The following summarizes how to navigate the web configurator from the SITE MAP screen.
Page 57: Table 3 Web Configurator Screens Summary
Prestige 662H/HW Series User’s Guide Table 3 Web Configurator Screens Summary LINK SUB-LINK Wizard Setup Connection Setup Media Bandwidth Mgnt Advanced Setup Password WAN Setup WAN Backup SUA Only Full Feature Dynamic DNS Time and Date Firewall Default Policy Rule Summary Anti Probing Threshold Content Filter...
Page 58 Table 3 Web Configurator Screens Summary (continued) LINK SUB-LINK Media Bandwidth Summary Management Class Setup Monitor Maintenance System Status DHCP Table Diagnostic General DSL Line Firmware LOGOUT Chapter 2 Introducing the Web Configurator Prestige 662H/HW Series User’s Guide FUNCTION Use this screen to allocate an interface's outgoing capacity to specific types of traffic.
Page 59 Prestige 662H/HW Series User’s Guide Chapter 2 Introducing the Web Configurator...
Page 60: Wizard Setup For Internet Access
Wizard Setup for Internet Access This chapter provides information on the Wizard Setup screens for Internet access in the web 3.1 Introduction Use the Wizard Setup screens to configure your system for Internet access with the information (provided by your ISP) that you fill in the Internet Account Information table in the Quick Start Guide.
Page 61: Rfc 1483
Prestige 662H/HW Series User’s Guide 3.1.1.4 RFC 1483 RFC 1483 describes two methods for Multiprotocol Encapsulation over ATM Adaptation Layer 5 (AAL5). The first method allows multiplexing of multiple protocols over a single ATM virtual circuit (LLC-based multiplexing) and the second method assumes that each protocol is carried over a separate ATM virtual circuit (VC-based multiplexing).
Page 62: Ip Address And Subnet Mask
Figure 7 Internet Access Wizard Setup: First Screen The following table describes the fields in this screen. Table 4 Internet Access Wizard Setup: First Screen LABEL DESCRIPTION Mode From the Mode drop-down list box, select Routing (default) if your ISP allows multiple computers to share an Internet account.
Page 63: Ip Address Assignment
Prestige 662H/HW Series User’s Guide If the ISP did not explicitly give you an IP network number, then most likely you have a single user account and the ISP will assign you a dynamic IP address when the connection is established.
Page 64: Private Ip Addresses
3.3.1.4 Private IP Addresses Every machine on the Internet must have a unique address. If your networks are isolated from the Internet, for example, only between your two branch offices, you can assign any IP addresses to the hosts without problems. However, the Internet Assigned Numbers Authority (IANA) has reserved the following three blocks of IP addresses specifically for private networks: •...
Page 65: Figure 8 Internet Connection With Pppoe
Prestige 662H/HW Series User’s Guide Figure 8 Internet Connection with PPPoE The following table describes the fields in this screen. Table 5 Internet Connection with PPPoE LABEL DESCRIPTION Service Name Type the name of your PPPoE service here. User Name Enter the user name exactly as your ISP assigned.
Page 66: Figure 9 Internet Connection With Rfc 1483
Figure 9 Internet Connection with RFC 1483 The following table describes the fields in this screen. Table 6 Internet Connection with RFC 1483 LABEL DESCRIPTION IP Address This field is available if you select Routing in the Mode field. Type your ISP assigned IP address in this field. Network Address Select None, SUA Only or Full Feature from the drop-sown list box.
Page 67: Figure 10 Internet Connection With Enet Encap
Prestige 662H/HW Series User’s Guide Figure 10 Internet Connection with ENET ENCAP The following table describes the fields in this screen. Table 7 Internet Connection with ENET ENCAP LABEL DESCRIPTION IP Address A static IP address is a fixed IP that your ISP gives you. A dynamic IP address is not fixed;...
Page 68: Figure 11 Internet Connection With Pppoa
Figure 11 Internet Connection with PPPoA The following table describes the fields in this screen. Table 8 Internet Connection with PPPoA LABEL DESCRIPTION User Name Enter the login name that your ISP gives you. Password Enter the password associated with the user name above. IP Address This option is available if you select Routing in the Mode field.
Page 69: Dhcp Setup
Prestige 662H/HW Series User’s Guide 3.4.1 DHCP Setup DHCP (Dynamic Host Configuration Protocol, RFC 2131 and RFC 2132) allows individual clients to obtain TCP/IP configuration at start-up from a server. You can configure the Prestige as a DHCP server or disable it. When configured as a server, the Prestige provides the TCP/IP configuration for the clients.
Page 70: Internet Access Wizard Setup: Connection Test
Figure 13 Internet Access Wizard Setup: LAN Configuration The following table describes the fields in this screen. Table 9 Internet Access Wizard Setup: LAN Configuration LABEL LAN IP Address LAN Subnet Mask DHCP DHCP Server Client IP Pool Starting Address Size of Client IP Pool Primary DNS Server Secondary DNS Server As above.
Page 71: Test Your Internet Connection
Prestige 662H/HW Series User’s Guide Figure 14 Internet Access Wizard Setup: Connection Tests 3.5.1 Test Your Internet Connection Launch your web browser and navigate to www.zyxel.com. Internet access is just the beginning. Refer to the rest of this User’s Guide for more detailed information on the complete range of Prestige features.
Page 72: Wizard Setup For Media Bandwidth Management
Wizard Setup for Media Bandwidth Management This chapter shows you how to configure basic bandwidth management using the wizard 4.1 Introduction The web configurator’s Media Bandwidth Magnt. screens under Wizard Setup allows you to specify bandwidth classes based on an application (or service). You can allocate specific amounts of bandwidth capacity (bandwidth budgets) to different bandwidth classes.
Page 73: Media Bandwidth Management Setup 1
Prestige 662H/HW Series User’s Guide Table 10 Media Bandwidth Mgnt. Wizard Setup: Services (continued) SERVICE DESCRIPTION File Transfer Program enables fast transfer of files, including large files that may not be possible by e-mail. FTP uses port number 21. E-Mail Electronic mail consists of messages sent through a computer network to specific groups or individuals.
Page 74: Media Bandwidth Mgnt. Wizard Setup: Second Screen
Figure 15 Media Bandwidth Mgnt. Wizard Setup: First Screen The following table describes the labels in this screen. Table 11 Media Bandwidth Mgnt. Wizard Setup: First Screen LABEL Active Select the service to apply bandwidth management. Next 4.3 Media Bandwidth Mgnt. Wizard Setup: Second Screen The Prestige automatically creates the bandwidth class for each service you select.
Page 75: Media Bandwidth Mgnt. Wizard Setup: Finish
Prestige 662H/HW Series User’s Guide Figure 16 Media Bandwidth Mgnt. Wizard Setup: Second Screen The following table describes the fields in this screen. Table 12 Media Bandwidth Mgnt. Wizard Setup: Second Screen LABEL DESCRIPTION Service These fields display the service(s) selected in the previous screen. Priority Select High, Mid or Low priority for each service to have your Prestige use a priority for traffic that matches that service.
Page 76: Chapter 5 Password Setup
5.1 Password Overview It is highly recommended that you change the password for accessing the Prestige. 5.1.1 Configuring Password To change your Prestige’s password (recommended), click Password in the Site Map screen. Figure 18 Password The following table describes the fields in this screen. Table 13 Password LABEL DESCRIPTION...
Page 77 Prestige 662H/HW Series User’s Guide Chapter 5 Password Setup...
Page 78: Chapter 6 Lan Setup
6.1 LAN Overview A Local Area Network (LAN) is a shared communication system to which many computers are attached. A LAN is a computer network limited to the immediate area, usually the same building or floor of a building. The LAN screens can help you configure a LAN DHCP server and manage IP addresses.
Page 79: Dns Server Address
Prestige 662H/HW Series User’s Guide 6.2 DNS Server Address DNS (Domain Name System) is for mapping a domain name to its corresponding IP address and vice versa. The DNS server is extremely important because without it, you must know the IP address of a machine before you can access it.
Page 80: Lan Tcp/Ip
6.4 LAN TCP/IP The Prestige has built-in DHCP server capability that assigns IP addresses and DNS servers to systems that support DHCP client capability. 6.4.1 Factory LAN Defaults The LAN parameters of the Prestige are preset in the factory with the following values: •...
Page 81: Multicast
Prestige 662H/HW Series User’s Guide 6.4.4 Multicast Traditionally, IP packets are transmitted in one of either two ways - Unicast (1 sender - 1 recipient) or Broadcast (1 sender - everybody on the network). Multicast delivers IP packets to a group of hosts on the network - not everybody and not just 1. IGMP (Internet Group Multicast Protocol) is a network-layer protocol used to establish membership in a Multicast group - it is not used to carry user data.
Page 82: How Any Ip Works
Figure 20 Any IP Example The Any IP feature does not apply to a computer using either a dynamic IP address or a static IP address that is in the same subnet as the Prestige’s IP address. Note: You must enable NAT/SUA to use the Any IP feature on the Prestige. 6.5.1 How Any IP Works Address Resolution Protocol (ARP) is a protocol for mapping an Internet Protocol address (IP address) to a physical machine address, also known as a Media Access Control or MAC...
Page 83: Configuring Lan
Prestige 662H/HW Series User’s Guide After all the routing information is updated, the computer can access the Prestige and the Internet as if it is in the same subnet as the Prestige. 6.6 Configuring LAN Click LAN and LAN Setup to open the following screen. Figure 21 LAN Setup Chapter 6 LAN Setup...
Page 84: Configuring Static Dhcp
The following table describes the fields in this screen. Table 14 LAN Setup LABEL DESCRIPTION DHCP DHCP If set to Server, your Prestige can assign IP addresses, an IP default gateway and DNS servers to Windows 95, Windows NT and other systems that support the DHCP client.
Page 85: Figure 22 Lan: Static Dhcp
Prestige 662H/HW Series User’s Guide Every Ethernet device has a unique MAC (Media Access Control) address. The MAC address is assigned at the factory and consists of six pairs of hexadecimal characters, for example, 00:A0:C5:00:00:02. To change your Prestige’s static DHCP settings, click LAN, then the Static DHCP tab. The screen appears as shown.
Page 86: Chapter 7 Dmz
7.1 Introduction The DeMilitarized Zone (DMZ) auto-negotiating 10/100 Mbps Ethernet port provides a way for public servers (Web, e-mail, FTP, etc.) to be visible to the outside world (while still being protected from DoS (Denial of Service) attacks such as SYN flooding and Ping of Death). These public servers can also still be accessed from the secure LAN.
Page 87: Figure 23 Dmz
Prestige 662H/HW Series User’s Guide Figure 23 DMZ The following table describes the labels in this screen.. Table 16 DMZ LABEL DESCRIPTION DMZ TCP/IP IP Address Type the IP address of your Prestige’s DMZ port in dotted decimal notation. Make sure the IP address is on a separate subnet from the LAN port.
Page 88 Table 16 DMZ (continued) LABEL DESCRIPTION Allow between DMZ Select this check box to forward NetBIOS packets from the LAN to the DMZ and and LAN from the DMZ to the LAN. If your firewall is enabled with the default policy set to block DMZ to LAN traffic, you also need to enable the default DMZ to LAN firewall rule that forwards NetBIOS traffic.Clear this check box to block all NetBIOS packets going from the LAN to the DMZ and from the DMZ to the LAN.
Page 89 Prestige 662H/HW Series User’s Guide Chapter 7 DMZ...
Page 90: Chapter 8 Wireless Lan Setup
8.1 Introduction This section introduces the wireless LAN and some basic configurations. Wireless LANs can be as simple as two computers with wireless LAN cards communicating in a peer-to-peer network or as complex as a number of computers with wireless LAN cards communicating through access points which bridge network traffic to the wired LAN.
Page 91: Ess Id
Prestige 662H/HW Series User’s Guide 8.1.3 ESS ID An Extended Service Set (ESS) is a group of access points or wireless gateways connected to a wired LAN on the same subnet. An ESS ID uniquely identifies each set. All access points or wireless gateways and their associated wireless stations in the same set must have the same ESSID.
Page 92: Fragmentation Threshold
If the RTS/CTS value is greater than the Fragmentation Threshold value (see next), then the RTS (Request To Send)/CTS (Clear to Send) handshake will never occur as data frames will be fragmented before they reach RTS/CTS size. Note: Enabling the RTS Threshold causes redundant network overhead that could negatively affect the throughput performance instead of providing a remedy.
Page 93: Data Encryption With Wep
Prestige 662H/HW Series User’s Guide Figure 25 Prestige Wireless Security Levels If you do not enable any wireless security on your Prestige, your network is accessible to any wireless networking device that is within range. Use the Prestige web configurator to configurator to set up your wireless LAN security settings.
Page 94: Figure 26 Wireless Lan
Click Wireless LAN, Wireless to open the Wireless screen. Figure 26 Wireless LAN The following table describes the fields in this screen. Table 17 Wireless LAN LABEL DESCRIPTION Enable Wireless The wireless LAN is turned off by default, before you enable the wireless LAN you should configure some security by setting MAC filters and/or 802.1x security;...
Page 95: Configuring Mac Filter
Prestige 662H/HW Series User’s Guide Table 17 Wireless LAN (continued) LABEL DESCRIPTION Fragmentation The threshold (number of bytes) for the fragmentation boundary for directed Threshold messages. It is the maximum data fragment size that can be sent. Enter a value between 256 and 2432. WEP Encryption WEP (Wired Equivalent Privacy) encrypts data frames before transmitting over the wireless network.
Page 96: Figure 27 Mac Address Filter
Figure 27 MAC Address Filter The following table describes the fields in this menu. Table 18 MAC Address Filter LABEL DESCRIPTION Active Select Yes from the drop down list box to enable MAC address filtering. Action Define the filter action for the list of MAC addresses in the MAC Address table. Select Deny Association to block access to the router, MAC addresses not listed will be allowed to access the Prestige.
Page 97: Network Authentication
Prestige 662H/HW Series User’s Guide Table 18 MAC Address Filter (continued) LABEL DESCRIPTION Apply Click Apply to save your changes back to the Prestige. Cancel Click Cancel to begin configuring this screen afresh. 8.6 Network Authentication You can set the Prestige and your network to authenticate a wireless station before the wireless station can communicate with the Prestige and the wired network to which the Prestige is connected.
Page 98: Eap Authentication Overview
• Access-Reject Sent by a RADIUS server rejecting access. • Access-Accept Sent by a RADIUS server allowing access. • Access-Challenge Sent by a RADIUS server requesting more information in order to allow access. The access point sends a proper response from the user and then sends another Access- Request message.
Page 99: Introduction To Wpa
Prestige 662H/HW Series User’s Guide 3 The wireless station replies with identity information, including username and password. 4 The RADIUS server checks the user information against its user profile database and determines whether or not to authenticate the wireless station. 8.7 Introduction to WPA Wi-Fi Protected Access (WPA) is a subset of the IEEE 802.11i security specification draft.
Page 100: Wpa-Psk Application Example
By generating unique data encryption keys for every data packet and by creating an integrity checking mechanism (MIC), TKIP makes it much more difficult to decode data on a Wi-Fi network than WEP, making it difficult for an intruder to break into the network. The encryption mechanisms used for WPA and WPA-PSK are the same.
Page 101: Security Parameters Summary
Prestige 662H/HW Series User’s Guide 2 The RADIUS server then checks the user's identification against its database and grants or denies network access accordingly. 3 The RADIUS server distributes a Pairwise Master Key (PMK) key to the AP that then sets up a key hierarchy and management system, using the pair-wise key to dynamically generate unique data encryption keys to encrypt every data packet that is wirelessly communicated between the AP and the wireless clients...
Page 102: Wireless Client Wpa Supplicants
Table 19 Wireless Security Relational Matrix (continued) AUTHENTICATION METHOD/ KEY MANAGEMENT PROTOCOL WPA-PSK WPA-PSK 8.11 Wireless Client WPA Supplicants A wireless client supplicant is the software that runs on an operating system instructing the wireless client how to use WPA. At the time of writing, the most widely available supplicants are the WPA patch for Windows XP, Funk Software's Odyssey client, and Meetinghouse Data Communications' AEGIS client.
Page 103: Authentication Required: 802.1X
Prestige 662H/HW Series User’s Guide Table 20 Wireless LAN: 802.1x/WPA LABEL DESCRIPTION Wireless Port To control wireless stations access to the wired network, select a control method from Control the drop-down list box. Choose from No Access Allowed, No Authentication Required and Authentication Required.
Page 104: Table 21 Wireless Lan: 802.1X/Wpa For 802.1X Protocol
Table 21 Wireless LAN: 802.1x/WPA for 802.1x Protocol LABEL DESCRIPTION Wireless Port To control wireless stations access to the wired network, select a control method Control from the drop-down list box. Choose from No Authentication Required, Authentication Required and No Access Allowed. The following fields are only available when you select Authentication Required.
Page 105: Authentication Required: Wpa
Prestige 662H/HW Series User’s Guide Table 21 Wireless LAN: 802.1x/WPA for 802.1x Protocol (continued) LABEL DESCRIPTION Back Click Back to go to the main wireless LAN setup screen. Apply Click Apply to save your changes back to the Prestige. Cancel Click Cancel to begin configuring this screen afresh.
Page 106: Authentication Required: Wpa-Psk
Table 22 Wireless LAN: 802.1x/WPA for WPA Protocol LABEL Key Management Protocol WPA Mixed Mode Group Data Privacy WPA Group Key Update Timer Authentication Databases 8.12.3 Authentication Required: WPA-PSK Select Authentication Required in the Wireless Port Control field and WPA-PSK in the Key Management Protocol field to display the next screen.
Page 107: Figure 34 Wireless Lan: 802.1X/Wpa For Wpa-Psk Protocol
Prestige 662H/HW Series User’s Guide Figure 34 Wireless LAN: 802.1x/WPA for WPA-PSK Protocol The following table describes the labels not previously discussed. Table 23 Wireless LAN: 802.1x/WPA for WPA-PSK Protocol LABEL Key Management Protocol Pre-Shared Key WPA Mixed Mode Group Data Privacy Authentication Databases DESCRIPTION...
Page 108: Configuring Local User Authentication
8.13 Configuring Local User Authentication By storing user profiles locally, your Prestige is able to authenticate wireless users without interacting with a network RADIUS server. However, there is a limit on the number of users you may authenticate in this way. To change your Prestige’s local user database, click Wireless LAN, Local User Database.
Page 109: Configuring Radius
Prestige 662H/HW Series User’s Guide Table 24 Local User Database LABEL DESCRIPTION This is the index number of a local user account. Active Select this check box to enable the user profile. User Name Enter the user name of the user profile. Password Enter a password up to 31 characters long for this user profile.
Page 110: Table 25 Radius
Table 25 RADIUS LABEL Authentication Server Active Server IP Address Port Number Shared Secret Accounting Server Active Server IP Address Port Number Shared Secret Back Apply Cancel Chapter 8 Wireless LAN Setup Prestige 662H/HW Series User’s Guide DESCRIPTION Select Yes from the drop-down list box to enable user authentication through an external authentication server.
Page 111 Prestige 662H/HW Series User’s Guide Chapter 8 Wireless LAN Setup...
Page 112: Chapter 9 Wan Setup
9.1 WAN Overview A WAN (Wide Area Network) is an outside connection to another network or the Internet. Chapter 3, on page 60 9.2 Metric The metric represents the "cost of transmission". A router determines the best route for transmission by choosing a path with the lowest "cost". RIP routing uses hop count as the measurement of cost, with a minimum of "1"...
Page 113: Pppoe Encapsulation
Prestige 662H/HW Series User’s Guide 9.3 PPPoE Encapsulation The Prestige supports PPPoE (Point-to-Point Protocol over Ethernet). PPPoE is an IETF Draft standard (RFC 2516) specifying how a personal computer (PC) interacts with a broadband modem (DSL, cable, wireless, etc.) connection. The PPPoE option is for a dial-up connection using PPPoE.
Page 114: Zero Configuration Internet Access
Figure 37 Example of Traffic Shaping 9.5 Zero Configuration Internet Access Once you turn on and connect the Prestige to a telephone jack, it automatically detects the Internet connection settings (such as the VCI/VPI numbers and the encapsulation method) from the ISP and makes the necessary configuration changes. In cases where additional account information (such as an Internet account user name and password) is required or the Prestige cannot connect to the ISP, you will be redirected to web screen(s) for information input or troubleshooting.
Page 115: Figure 38 Wan Setup (Pppoe)
Prestige 662H/HW Series User’s Guide Figure 38 WAN Setup (PPPoE) The following table describes the fields in this screen. Table 26 WAN Setup LABEL Name Mode DESCRIPTION Enter the name of your Internet Service Provider, e.g., MyISP. This information is for identification purposes only.
Page 116 Table 26 WAN Setup (continued) LABEL Encapsulation Multiplex Virtual Circuit ID ATM QoS Type Cell Rate Peak Cell Rate Sustain Cell Rate Maximum Burst Size Maximum Burst Size (MBS) refers to the maximum number of cells that can be Login Information Service Name User Name Password...
Page 117: Traffic Redirect
Prestige 662H/HW Series User’s Guide Table 26 WAN Setup (continued) LABEL Connect on Demand Select Connect on Demand when you don't want the connection up all the time Max Idle Timeout PPPoE Passthrough (PPPoE encapsulation only) Subnet Mask (ENET ENCAP encapsulation only) ENET ENCAP Gateway...
Page 118: Configuring Wan Backup
Figure 39 Traffic Redirect Example The following network topology allows you to avoid triangle route security issues when the backup gateway is connected to the LAN. Use IP alias to configure the LAN into two or three logical networks with the Prestige itself as the gateway for each LAN network. Put the protected LAN in one subnet (Subnet 1 in the following figure) and the backup gateway in another subnet (Subnet 2).
Page 119: Figure 41 Wan Backup
Prestige 662H/HW Series User’s Guide Figure 41 WAN Backup The following table describes the fields in this screen. Table 27 WAN Backup LABEL DESCRIPTION Backup Type Select the method that the Prestige uses to check the DSL connection. Select DSL Link to have the Prestige check if the connection to the DSLAM is up. Select ICMP to have the Prestige periodically ping the IP addresses configured in the Check WAN IP Address fields.
Page 120 Table 27 WAN Backup (continued) LABEL DESCRIPTION Recovery Interval When the Prestige is using a lower priority connection (usually a WAN backup connection), it periodically checks to whether or not it can use a higher priority connection. Type the number of seconds (30 recommended) for the Prestige to wait between checks.
Page 121: Configuring Advanced Wan Backup
Prestige 662H/HW Series User’s Guide 9.9 Configuring Advanced WAN Backup To edit your Prestige’s advanced WAN backup settings, click WAN, WAN Backup and then the Advanced Setup button. The screen appears as shown. Figure 42 Advanced WAN Backup The following table describes the fields in this screen. Chapter 9 WAN Setup...
Page 122: Table 28 Advanced Wan Backup
Table 28 Advanced WAN Backup LABEL Basic Login Name Password Retype to Confirm Authentication Type Primary/ Secondary Phone Number Dial Backup Port Speed AT Command Initial String Advanced Modem Setup TCP/IP Options Metric Enable SUA Enable RIP Chapter 9 WAN Setup Prestige 662H/HW Series User’s Guide DESCRIPTION Type the login name assigned by your ISP.
Page 123 Prestige 662H/HW Series User’s Guide Table 28 Advanced WAN Backup (continued) LABEL RIP Version RIP Direction Enable Multicast Multicast PPP Options Encapsulation Compression Connection Nailed-Up Connection Select Nailed-Up Connection when you want your connection up all the time. Connect on Demand Max Idle Timeout Budget Allocate Budget...
Page 124: At Command Strings
Table 28 Advanced WAN Backup (continued) LABEL Back Cancel 9.10 AT Command Strings For regular telephone lines, the default "Dial" string tells the modem that the line uses tone dialing. "ATDT" is the command for a switch that requires tone dialing. If your switch requires pulse dialing, change the string to "ATDP".
Page 125: Figure 43 Advanced Modem Setup
Prestige 662H/HW Series User’s Guide Figure 43 Advanced Modem Setup The following table describes the fields in this screen. Table 29 Advanced Modem Setup LABEL DESCRIPTION AT Command Strings Dial Type the AT Command string to make a call. Example: atdt Drop Type the AT Command string to drop a call.
Page 126 Table 29 Advanced Modem Setup (continued) LABEL DESCRIPTION Retry Interval Type a number of seconds for the Prestige to wait before trying another call after a call has failed. This applies before a phone number is blacklisted. Example: 10 Drop Timeout Type the number of seconds for the Prestige to wait before dropping the DTR signal if it does not receive a positive disconnect confirmation.
Page 127 Prestige 662H/HW Series User’s Guide Chapter 9 WAN Setup...
Page 128: Network Address Translation (Nat) Screens
Network Address Translation 10.1 NAT Overview NAT (Network Address Translation - NAT, RFC 1631) is the translation of the IP address of a host in a packet, for example, the source address of an outgoing packet, used within one network to a different IP address known within another network. 10.1.1 NAT Definitions Inside/outside denotes where a host is located relative to the Prestige, for example, the computers of your subscribers are the inside hosts, while the web servers on the Internet are...
Page 129: What Nat Does
Prestige 662H/HW Series User’s Guide 10.1.2 What NAT Does In the simplest form, NAT changes the source IP address in a packet received from a subscriber (the inside local address) to another (the inside global address) before forwarding the packet to the WAN side. When the response comes back, NAT translates the destination address (the inside global address) back to the inside local address before forwarding it to the original inside host.
Page 130: Nat Application
Figure 44 How NAT Works 10.1.4 NAT Application The following figure illustrates a possible NAT application, where three inside LANs (logical LANs using IP Alias) behind the Prestige can communicate with three distinct WAN networks. More examples follow at the end of this chapter. Figure 45 NAT Application With IP Alias 10.1.5 NAT Mapping Types NAT supports five types of IP/port mapping.
Page 131: Sua (Single User Account) Versus Nat
Prestige 662H/HW Series User’s Guide • One to One: In One-to-One mode, the Prestige maps one local IP address to one global IP address. • Many to One: In Many-to-One mode, the Prestige maps multiple local IP addresses to one global IP address. This is equivalent to SUA (for instance, PAT, port address translation), ZyXEL’s Single User Account feature that previous ZyXEL routers supported (the SUA Only option in today’s routers).
Page 132: Sua Server
• Choose Full Feature if you have multiple public WAN IP addresses for your Prestige. 10.3 SUA Server A SUA server set is a list of inside (behind NAT on the LAN) servers, for example, web or FTP, that you can make visible to the outside world even though SUA makes your whole inside network appear as a single computer to the outside world.
Page 133: Configuring Servers Behind Sua (Example)
Prestige 662H/HW Series User’s Guide Table 32 Services and Port Numbers (continued) SERVICES SNMP trap PPTP (Point-to-Point Tunneling Protocol) 10.3.3 Configuring Servers Behind SUA (Example) Let's say you want to assign ports 21-25 to one FTP, Telnet and SMTP server (A in the example), port 80 to another (B in the example) and assign a default server IP address of 192.168.1.35 to a third (C in the example).
Page 134: Configuring Sua Server
Figure 47 NAT Mode The following table describes the labels in this screen. Table 33 NAT Mode LABEL DESCRIPTION None Select this radio button to disable NAT. SUA Only Select this radio button if you have just one public WAN IP address for your Prestige. The Prestige uses Address Mapping Set 1 in the NAT - Edit SUA/NAT Server Set screen.
Page 135: Figure 48 Edit Sua/Nat Server Set
Prestige 662H/HW Series User’s Guide Figure 48 Edit SUA/NAT Server Set The following table describes the fields in this screen. Table 34 Edit SUA/NAT Server Set LABEL Start Port No. Enter a port number in this field. To forward only one port, enter the port number again in the End Port No. field. To forward a series of ports, enter the start port number here and the end port number in the End Port No.
Page 136: Configuring Address Mapping
10.6 Configuring Address Mapping Ordering your rules is important because the Prestige applies the rules in the order that you specify. When a rule matches the current packet, the Prestige takes the corresponding action and the remaining rules are ignored. If there are any empty rules before your new configured rule, your configured rule will be pushed up by that number of empty rules.
Page 137: Editing An Address Mapping Rule
Prestige 662H/HW Series User’s Guide Table 35 Address Mapping Rules (continued) LABEL DESCRIPTION Type 1-1: One-to-one mode maps one local IP address to one global IP address. Note that port numbers do not change for the One-to-one NAT mapping type. M-1: Many-to-One mode maps multiple local IP addresses to one global IP address.
Page 138: Table 36 Address Mapping Rule Edit
Table 36 Address Mapping Rule Edit LABEL Type Choose the port mapping type from one of the following. • One-to-One: One-to-One mode maps one local IP address to one global IP address. Note that port numbers do not change for One-to-one NAT mapping type.
Page 139 Prestige 662H/HW Series User’s Guide Chapter 10 Network Address Translation (NAT) Screens...
Page 140: Chapter 11 Dynamic Dns Setup
This chapter discusses how to configure your Prestige to use Dynamic DNS. 11.1 Dynamic DNS Dynamic DNS allows you to update your current dynamic IP address with one or many dynamic DNS services so that anyone can contact you (in NetMeeting, CU-SeeMe, etc.). You can also access your FTP server or Web site on your own computer using a domain name (for instance myhost.dhs.org, where myhost is a name of your choice) that will never change instead of using an IP address that changes each time you reconnect.
Page 141: Figure 51 Dynamic Dns
Prestige 662H/HW Series User’s Guide Figure 51 Dynamic DNS The following table describes the fields in this screen. Table 37 Dynamic DNS LABEL DESCRIPTION Active Select this check box to use dynamic DNS. Service Provider This is the name of your Dynamic DNS service provider. Host Names Type the domain name assigned to your Prestige by your Dynamic DNS provider.
Page 142: Chapter 12 Time And Date
This screen is not available on all models. Use this screen to configure the Prestige’s time and 12.1 Configuring Time and Date To change your Prestige’s time and date, click Time And Date. The screen appears as shown. Use this screen to configure the Prestige’s time based on your local time zone. Figure 52 Time and Date The following table describes the fields in this screen.
Page 143: Table 38 Time And Date
Prestige 662H/HW Series User’s Guide Table 38 Time and Date LABEL DESCRIPTION Time Server Use Protocol when Select the time service protocol that your time server sends when you turn on the Bootup Prestige. Not all time servers support all protocols, so you may have to check with your ISP/network administrator or use trial and error to find a protocol that works.
Page 144: Chapter 13 Firewalls
This chapter gives some background information on firewalls and introduces the Prestige 13.1 Firewall Overview Originally, the term firewall referred to a construction technique designed to prevent the spread of fire from one room to another. The networking term “firewall” is a system or group of systems that enforces an access-control policy between two networks.
Page 145: Stateful Inspection Firewalls
Prestige 662H/HW Series User’s Guide Information hiding prevents the names of internal systems from being made known via DNS to outside systems, since the application gateway is the only host whose name must be made known to outside systems. Robust authentication and logging pre-authenticates application traffic before it reaches internal hosts and causes it to be logged more effectively than if it were logged with standard host logging.
Page 146: Denial Of Service Attacks
13.3.1 Denial of Service Attacks Figure 53 Prestige Firewall Application 13.4 Denial of Service Denials of Service (DoS) attacks are aimed at devices and networks with a connection to the Internet. Their goal is not to steal information, but to disable a device or network so users no longer have access to network resources.
Page 147: Types Of Dos Attacks
Prestige 662H/HW Series User’s Guide Table 39 Common IP Ports Telnet SMTP 13.4.2 Types of DoS Attacks There are four types of DoS attacks: 1 Those that exploit bugs in a TCP/IP implementation. 2 Those that exploit weaknesses in the TCP/IP specification. 3 Brute-force attacks that flood a network with useless data.
Page 148: Figure 54 Three-Way Handshake
Figure 54 Three-Way Handshake Under normal circumstances, the application that initiates a session sends a SYN (synchronize) packet to the receiving server. The receiver sends back an ACK (acknowledgment) packet and its own SYN, and then the initiator responds with an ACK (acknowledgment).
Page 149: Icmp Vulnerability
Prestige 662H/HW Series User’s Guide amount of ICMP echo request and response traffic. If a hacker chooses to spoof the source IP address of the ICMP echo request packet, the resulting ICMP traffic will not only clog up the "intermediary" network, but will also congest the network of the spoofed source IP address, known as the "victim"...
Page 150: Traceroute
Table 42 Legal SMTP Commands AUTH DATA EHLO QUIT RCPT RSET 13.4.2.3 Traceroute Traceroute is a utility used to determine the path a packet takes between two endpoints. Sometimes when a packet filter firewall is configured incorrectly an attacker can traceroute the firewall gaining knowledge of the network topology inside the firewall.
Page 151: Stateful Inspection Process
Prestige 662H/HW Series User’s Guide Figure 57 Stateful Inspection The previous figure shows the Prestige’s default firewall rules in action as well as demonstrates how stateful inspection works. User A can initiate a Telnet session from within the LAN and responses to this request are allowed. However other Telnet traffic initiated from the WAN is blocked.
Page 152: Stateful Inspection And The Prestige
temporary entries might be modified, in order to permit only packets that are valid for the current state of the connection. 8 Any additional inbound or outbound packets that belong to the connection are inspected to update the state table entry and to modify the temporary inbound access list entries as required, and are forwarded through the interface.
Page 153: Udp/Icmp Security
Prestige 662H/HW Series User’s Guide If an initiation packet originates on the LAN, this means that someone is trying to make a connection from the LAN to the Internet. Assuming that this is an acceptable part of the security policy (as is the case with the default policy), the connection will be allowed. A cache entry is added which includes connection information such as IP addresses, TCP ports, sequence numbers, etc.
Page 154: Guidelines For Enhancing Security With Your Firewall
Any protocol that operates in this way must be supported on a case-by-case basis. You can use the web configurator’s Custom Ports feature to do this. 13.6 Guidelines for Enhancing Security with Your Firewall • Change the default password via SMT or web configurator. •...
Page 155: Packet Filtering Vs Firewall
Prestige 662H/HW Series User’s Guide • Upgrade your software regularly. Many older versions of software, especially web browsers, have well known security deficiencies. When you upgrade to the latest versions, you get the latest patches and fixes. • If you use “chat rooms” or IRC sessions, be careful with any information you reveal to strangers.
Page 156: When To Use The Firewall
• The firewall provides e-mail service to notify you of routine reports and when alerts occur. 13.7.2.1 When To Use The Firewall • To prevent DoS attacks and prevent hackers cracking your network. • A range of source and destination IP addresses as well as port numbers can be specified within one firewall rule making the firewall a better choice when complex rules are required.
Page 157 Prestige 662H/HW Series User’s Guide Chapter 13 Firewalls...
Page 158: Firewall Configuration
This chapter shows you how to enable and configure the Prestige firewall. 14.1 Access Methods The web configurator is, by far, the most comprehensive firewall configuration tool your Prestige has to offer. For this reason, it is recommended that you configure your firewall using the web configurator.
Page 159: Rule Logic Overview
Prestige 662H/HW Series User’s Guide • WAN to WAN/ Router This prevents computers on the WAN from using the Prestige as a gateway to communicate with other computers on the WAN and/or managing the Prestige. • DMZ to LAN • DMZ to DMZ/ Router This prevents computers on the DMZ from communicating between networks or subnets connected to the DMZ interface and/or managing the Prestige.
Page 160: Security Ramifications
2 What direction of traffic does the rule apply to (refer to the section)? 3 What IP services will be affected? 4 What computers on the LAN or DMZ are to be affected (if any)? 5 What computers on the Internet will be affected? The more specific, the better. For example, if traffic is being allowed from the Internet to the LAN, it is better to allow only certain machines on the Internet to access the LAN.
Page 161: Destination Address
Prestige 662H/HW Series User’s Guide 14.3.3.4 Destination Address What is the connection’s destination address; is it on the LAN, DMZ, WAN? Is it a single IP, a range of IPs or a subnet? 14.4 Connection Direction Example This section describes examples for firewall rules for connections going from LAN to WAN and from WAN to LAN.
Page 162: Alerts
Figure 59 WAN to LAN Traffic 14.4.3 Alerts Alerts are reports on events, such as attacks, that you may want to know about right away. You can choose to generate an alert when an attack is detected in the Edit Rule screen (select the Send Alert Message to Administrator When Matched checkbox) or when a rule is matched in the Edit Rule screen (see the an alert, a message can be immediately sent to an e-mail account that you specify in the Log...
Page 163: Figure 60 Firewall: Default Policy
Prestige 662H/HW Series User’s Guide Figure 60 Firewall: Default Policy The following table describes the labels in this screen. Table 43 Firewall: Default Policy LABEL DESCRIPTION Firewall Enabled Select this check box to activate the firewall. The Prestige performs access control and protects against Denial of Service (DoS) attacks when the firewall is activated.
Page 164: Rule Summary
14.6 Rule Summary Note: The ordering of your rules is very important as rules are applied in turn. Click on Firewall, then Rule Summary to bring up the following screen. This screen is a summary of the existing rules. Note the order in which the rules are listed. Figure 61 Firewall: Rule Summary Table 44 Rule Summary LABEL...
Page 165: Configuring Firewall Rules
Prestige 662H/HW Series User’s Guide Table 44 Rule Summary (continued) LABEL DESCRIPTION Active This field displays whether a firewall is turned on (Y) or not (N). Source IP This drop-down list box displays the source addresses or ranges of addresses to which this firewall rule applies.
Page 166: Figure 62 Firewall: Edit Rule
Prestige 662H/HW Series User’s Guide Figure 62 Firewall: Edit Rule The following table describes the labels in this screen. Chapter 14 Firewall Configuration...
Page 167: Table 45 Firewall: Edit Rule
Prestige 662H/HW Series User’s Guide Table 45 Firewall: Edit Rule LABEL Active Action for Matched Packet Source/Destination Address Address Type Start IP Address End IP Address Subnet Mask Edit Delete Services Available/ Selected Services Edit Customized Service Schedule Day to Apply Select everyday or the day(s) of the week to apply the rule. Time of Day to Apply (24-Hour Format)
Page 168: Customized Services
14.7 Customized Services Configure customized services and port numbers not predefined by the Prestige. For a comprehensive list of port numbers and services, visit the IANA (Internet Assigned Number Authority) website. For further information on these services, please read the Services section.
Page 169: Example Firewall Rule
Prestige 662H/HW Series User’s Guide Figure 64 Firewall: Configure Customized Services The following table describes the labels in this screen. Table 47 Firewall: Configure Customized Services LABEL DESCRIPTION Service Name Type a unique name for your custom port. Service Type Choose the IP port (TCP, UDP or TCP/UDP) that defines your customized port from the drop down list box.
Page 170: Figure 65 Firewall Example: Rule Summary
Figure 65 Firewall Example: Rule Summary 3 In the Rule Summary screen, type the index number for where you want to put the rule. For example, if you type “6”, your new rule becomes number 6 and the previous rule 6 (if there is one) becomes rule 7.
Page 171: Figure 66 Firewall Example: Edit Rule: Destination Address
Prestige 662H/HW Series User’s Guide Figure 66 Firewall Example: Edit Rule: Destination Address 7 In the Edit Rule screen, click the Customized Services link to open the Customized Service screen. 8 Click an index number to display the Customized Services -Config screen and configure the screen as follows and click Apply.
Page 172: Figure 68 Firewall Example: Edit Rule: Select Customized Services
Figure 68 Firewall Example: Edit Rule: Select Customized Services Note: Custom ports show up with an “*” before their names in the Services list box and the Rule Summary list box. Click Apply after you’ve created your custom port. On completing the configuration procedure for this Internet firewall rule, the Rule Summary Chapter 14 Firewall Configuration Prestige 662H/HW Series User’s Guide...
Page 173: Predefined Services
Prestige 662H/HW Series User’s Guide screen should look like the following. Rule 2 allows a “My Service” connection from the WAN to IP addresses 10.0.0.10 through 10.0.0.15 on the LAN. Figure 69 Firewall Example: Rule Summary: My Service 14.10 Predefined Services The Available Services list box in the Edit Rule screen (see the section) displays all predefined services that the Prestige already supports.
Page 174 Table 48 Predefined Services (continued) SERVICE BOOTP_SERVER(UDP:67) CU-SEEME(TCP/UDP:7648, 24032) DNS(UDP/TCP:53) FINGER(TCP:79) FTP(TCP:20.21) H.323(TCP:1720) HTTP(TCP:80) HTTPS ICQ(UDP:4000) IPSEC_TRANSPORT/ TUNNEL(AH:0) IPSEC_TUNNEL(ESP:0) IRC(TCP/UDP:6667) MSN Messenger(TCP:1863) MULTICAST(IGMP:0) NEWS(TCP:144) NFS(UDP:2049) NNTP(TCP:119) PING(ICMP:0) POP3(TCP:110) PPTP(TCP:1723) PPTP_TUNNEL(GRE:0) RCMD(TCP:512) REAL_AUDIO(TCP:7070) REXEC(TCP:514) RLOGIN(TCP:513) RTELNET(TCP:107) RTSP(TCP/UDP:554) SFTP(TCP:115) Chapter 14 Firewall Configuration Prestige 662H/HW Series User’s Guide DESCRIPTION DHCP Server.
Page 175: Anti-Probing
Prestige 662H/HW Series User’s Guide Table 48 Predefined Services (continued) SERVICE SMTP(TCP:25) SNMP(TCP/UDP:161) SNMP-TRAPS (TCP/ UDP:162) SQL-NET(TCP:1521) SSDP(UDP:1900) SSH(TCP/UDP:22) STRMWORKS(UDP:1558) SYSLOG(UDP:514) TACACS(UDP:49) TELNET(TCP:23) TFTP(UDP:69) VDOLIVE(TCP:7000) 14.11 Anti-Probing If an outside user attempts to probe an unsupported port on your Prestige, an ICMP response packet is automatically returned.
Page 176: Configuring Attack Alert
Figure 70 Firewall: Anti Probing The following table describes the labels in this screen. Table 49 Firewall: Anti Probing LABEL DESCRIPTION Respond to PING The Prestige does not respond to any incoming Ping requests when Disable is selected. Select LAN to reply to incoming LAN Ping requests. Select WAN to reply to incoming WAN Ping requests.
Page 177: Threshold Values
Prestige 662H/HW Series User’s Guide 14.12.1 Threshold Values Tune these parameters when something is not working and after you have checked the firewall counters. These default values should work fine for most small offices. Factors influencing choices for threshold values are: •...
Page 178: Figure 71 Firewall: Threshold
Whenever the number of half-open sessions with the same destination host address rises above a threshold (TCP Maximum Incomplete), the Prestige starts deleting half-open sessions according to one of the following methods: • If the Blocking Time timeout is 0 (the default), then the Prestige deletes the oldest existing half-open session for the host for every new connection request to the host.
Page 179 Prestige 662H/HW Series User’s Guide Table 50 Firewall: Threshold (continued) LABEL DESCRIPTION One Minute High This is the rate of new half-open sessions that causes the firewall to start deleting half-open sessions. When the rate of new connection attempts rises above this number, the Prestige deletes half-open sessions as required to accommodate new connection attempts.
Page 180: Chapter 15 Content Filtering
15.1 Content Filtering Overview Internet content filtering allows you to create and enforce Internet access policies tailored to your needs. Content filtering gives you the ability to block web sites that contain key words (that you specify) in the URL. You can set a schedule for when the Prestige performs content filtering.
Page 181: Configuring The Schedule
Prestige 662H/HW Series User’s Guide Figure 72 Content Filter: Keyword The following table describes the labels in this screen. Table 51 Content Filter: Keyword LABEL Enable Keyword Blocking Block Websites that contain these keywords in the URL: Delete Clear All Keyword Add Keyword Back...
Page 182: Configuring Trusted Computers
Figure 73 Content Filter: Schedule The following table describes the labels in this screen. Table 52 Content Filter: Schedule LABEL DESCRIPTION Days to Block: Select a check box to configure which days of the week (or everyday) you want the content filtering to be active.
Page 183: Figure 74 Content Filter: Trusted
Prestige 662H/HW Series User’s Guide Figure 74 Content Filter: Trusted The following table describes the labels in this screen. Table 53 Content Filter: Trusted LABEL Trusted User IP Range From Back Apply Cancel DESCRIPTION Type the IP address of a computer (or the beginning IP address of a specific range of computers) on the LAN that you want to exclude from content filtering.
Page 184: Content Access Control
Content Access Control This chapter gives some background information on Content Access Control and explains 16.1 Content Access Control Overview Content Access Control (CAC) lets a LAN administrator control a LAN user’s Internet access privileges by blocking services that you specify. The administrator can create user groups with access restrictions and set up user accounts (with a login name and password) for each person (user) on the network.
Page 185: Activating Cac And Create User Groups
Prestige 662H/HW Series User’s Guide 16.2 Activating CAC and Create User Groups From the Site Map, click Content Access Control and General to open the configuration screen. Use this screen to activate Content Access Control and set up the four user groups. Note: You must set up all four user groups.
Page 186: Configuring Time Schedule
Table 54 Content Access Control: General LABEL DESCRIPTION Group Name Enter the name of a user group for identification purposes. Restrictions Use the links below to configure the access restrictions for the user group.. Time Click Edit to set up the time allowances, start times and end times of the day(s) when access is allowed.
Page 187: Figure 77 Control Access Control: General: Time Scheduling
Prestige 662H/HW Series User’s Guide Figure 77 Control Access Control: General: Time Scheduling The following table describes the labels in this screen. Table 55 Control Access Control: General: Time Scheduling LABEL DESCRIPTION Time Scheduling Select the first radio button to allow everyday access at the same times to the Internet.
Page 188: Configuring Services
16.2.2 Configuring Services To customize services for each user group, click Edit under Services for that user group in the Content Access Control: General screen. Figure 78 Content Access Control: General: Services The following table describes the labels in this screen. Table 56 Content Access Control: General: Services LABEL DESCRIPTION...
Page 189: Available Services
Prestige 662H/HW Series User’s Guide Table 56 Content Access Control: General: Services (continued) LABEL DESCRIPTION Click Add to add a service to be blocked to the Blocked Services box. Clear All Click Clear All to empty the Blocked Services box. Back Click Back to return to the previous screen.
Page 190 Table 57 Available Services (continued) SERVICE MSN Messenger(TCP:1863) Microsoft Networks’ messenger service uses this protocol. MULTICAST(IGMP:0) NEW-ICQ(TCP:5190) NEWS(TCP:144) NFS(UDP:2049) NNTP(TCP:119) PING(ICMP:0) PING(ICMP:0) PPTP(TCP:1723) PPTP_TUNNEL(GRE:0) RCMD(TCP:512) REAL_AUDIO(TCP:7070) REXEC(TCP:514) RLOGIN(TCP:513) RTELNET(TCP:107) RTSP(TCP/UDP:554) SFTP(TCP:115) SMTP(TCP:25) SNMP(TCP/UDP:161) SNMP-TRAPS(TCP/ UDP:162) SQL-NET(TCP:1521) SSH(TCP/UDP:22) STRM WORKS(UDP:1558) SYSLOG(UDP:514) TACACS(UDP:49) TELNET(TCP:23) Chapter 16 Content Access Control...
Page 191: Configuring Web Site Filters
Prestige 662H/HW Series User’s Guide Table 57 Available Services (continued) SERVICE TFTP(UDP:69) VDOLIVE(TCP:7000) 16.2.3 Configuring Web Site Filters To enable content filtering and to configure URL keyword blocking for a user group, click Edit under Web Browsing in the Content Access Control: General screen. A screen displays as shown next.
Page 192: Figure 79 Content Access Control: General: Web Site Filter
Prestige 662H/HW Series User’s Guide Figure 79 Content Access Control: General: Web Site Filter Chapter 16 Content Access Control...
Page 193: Table 58 Content Access Control: General: Web Site Filter
Prestige 662H/HW Series User’s Guide The following table describes the labels in this screen. Table 58 Content Access Control: General: Web Site Filter LABEL Pre-defined Web Content Categories Enable This field is applicable when you have successfully registered for and Log Matched Web Site Select this option to record attempts to access prohibited web pages.
Page 194 Table 58 Content Access Control: General: Web Site Filter (continued) LABEL Gambling Selecting this category excludes pages where a user can place a bet or Violence/Hate/Racism Selecting this category excludes pages that depict extreme physical harm to Weapons Selecting this category excludes pages that sell, review, or describe Abortion Selecting this category excludes pages that provide information or Arts/Entertainment Selecting this category excludes pages that promote and provide information Business/Economy Selecting this category excludes pages devoted to business firms, business...
Page 195 Prestige 662H/HW Series User’s Guide Table 58 Content Access Control: General: Web Site Filter (continued) LABEL Games Selecting this category excludes pages that provide information and support Government/Legal Selecting this category excludes pages sponsored by or which provide Military Selecting this category excludes pages that promote or provide information Political/Activist Groups Selecting this category excludes pages sponsored by or which provide Health Selecting this category excludes pages that provide advice and information Computers/Internet Selecting this category excludes pages that sponsor or provide information...
Page 196 Table 58 Content Access Control: General: Web Site Filter (continued) LABEL Religion Selecting this category excludes pages that promote and provide information Shopping Selecting this category excludes pages that provide or advertise the means Auctions Selecting this category excludes pages that support the offering and Real Estate Selecting this category excludes pages that provide information on renting, Society/Lifestyle Selecting this category excludes pages providing information on matters of Gay/Lesbian Selecting this category excludes pages that provide information, promote, or...
Page 197: Testing Web Site Access Privileges
Prestige 662H/HW Series User’s Guide Table 58 Content Access Control: General: Web Site Filter (continued) LABEL More/Basic Click more... to see an expanded list of categories, or click basic... to see a Keyword Blocking Block Websites that contain these keywords in the URL Delete Clear All...
Page 198: User Account Setup
Figure 80 Content Access Control: General: Diagnose The following table describes the labels in this screen. Table 59 Content Access Control: General: Diagnose LABEL Test Web Site Attribute Test Result Test if web site is blocked Test Back Cancel 16.3 User Account Setup With Content Access Control, the Prestige requires LAN users to login with valid username and password before they are allowed to access the Internet.
Page 199: Figure 81 Content Access Control: User Profiles
Prestige 662H/HW Series User’s Guide Figure 81 Content Access Control: User Profiles The following table describes the labels in this screen. Table 60 Content Access Control: User Profiles LABEL DESCRIPTION Index This field displays the index number. Username Enter the user name for this account. Password Enter a password associated to the user name above.
Page 200: User Online Status
16.4 User Online Status To view the online status of each user, click Content Access Control in the Site Map screen and click Online Status to display the screen as shown. Figure 82 Content Access Control: Online Status The following table describes the labels in this screen. Table 61 Content Access Control: Online Status LABEL DESCRIPTION...
Page 201: Content Access Control Logins
Prestige 662H/HW Series User’s Guide 16.5 Content Access Control Logins The following sections describe the user and administrator login experience. 16.5.1 User Login 1 Once the initial configuration is complete, a computer on the network cannot gain Internet access without first logging into the Prestige. 2 When you attempt to access a website, you are directed to the Prestige’s user login screen.
Page 202: Administrator Login
16.5.2 Administrator Login The administrator can log into the system. • The administrator opens their browser and is directed to the Prestige user login page (this is the same as the user login). • The administrator enters “admin” as the username and the system password. •...
Page 203 Prestige 662H/HW Series User’s Guide Chapter 16 Content Access Control...
Page 204: Chapter 17 Anti-Virus Packet Scan
Anti-Virus Packet Scan This chapter introduces and shows you how to configure the anti-virus packet scan. 17.1 Overview A computer virus is a small program designed to corrupt and/or alter the operation of other legitimate programs. A worm is a self-replicating virus that resides in active memory and duplicates itself.
Page 205: Computer Virus Infection And Prevention
Prestige 662H/HW Series User’s Guide For maximum protection, you must keep the pattern file up-to-date. 17.2.1 Computer Virus Infection and Prevention The follow describes a simplistic life cycle of a computer virus. 1 A computer gets a copy of a virus from an unknown source (such as the Internet, e-mail, file sharing or any removable storage media).
Page 206: How The Prestige Virus Scan Works
This is an Internet file transfer service that operates on the Internet and over TCP/IP networks. A system running the FTP server accepts commands from a system running an FTP client. The service allows users to send commands to the server for uploading and downloading files.
Page 207: Anti-Virus Packet Scan Configuration
Prestige 662H/HW Series User’s Guide 17.4 Anti-virus Packet Scan Configuration Note: Before you can use the anti-virus packet scan on the Prestige, you must register for the anti-virus service in the Registration and Virus Information Update screen (see the for more information). Click Anti Virus and Packet Scan to display the configuration screen as shown next.
Page 208: Registration And Online Update
Table 63 Anti Virus: Packet Scan (continued) LABEL DESCRIPTION Default action Select whether to allow passage of (Forward Packet) or silently discard (Block when session Packet) the packets of new connections when the maximum number of opened overflow connections is reached (default is 300 connections at a time). Packet Scan Information Packet Scan This read-only field displays the version of the scanning engine on the Prestige.
Page 209: Figure 87 Anti Virus: Registration And Virus Information Update
Prestige 662H/HW Series User’s Guide Figure 87 Anti Virus: Registration and Virus Information Update The following table describes the labels in this screen. Table 64 Anti Virus: Registration and Virus Information Update LABEL DESCRIPTION Registration You must register for the anti-virus service before you can use the packet scan feature on the Prestige.
Page 210: Updating The Anti Virus Packet Scan
17.5.1 Updating the Anti Virus Packet Scan Follow the steps below to update the virus scan on the Prestige manually. Note: Do not turn off the Prestige while the virus scan update is in progress! 1 In the Registration and Virus Information Update screen, click Update Now. An update progress screen displays as shown.
Page 211 Prestige 662H/HW Series User’s Guide Chapter 17 Anti-Virus Packet Scan...
Page 212: Chapter 18 Introduction To Ipsec
18.1 VPN Overview A VPN (Virtual Private Network) provides secure communications between sites without the expense of leased site-to-site lines. A secure VPN is a combination of tunneling, encryption, authentication, access control and auditing technologies/services used to transport traffic over the Internet or any insecure network that uses the TCP/IP protocol suite for communication.
Page 213: Data Confidentiality
Prestige 662H/HW Series User’s Guide Figure 90 Encryption and Decryption 18.1.3.2 Data Confidentiality The IPSec sender can encrypt packets before transmitting them across a network. 18.1.3.3 Data Integrity The IPSec receiver can validate packets sent by the IPSec sender to ensure that the data has not been altered during transmission.
Page 214: Ipsec Algorithms
Figure 91 IPSec Architecture 18.2.1 IPSec Algorithms The ESP (Encapsulating Security Payload) Protocol (RFC 2406) and AH (Authentication Header) protocol (RFC 2402) describe the packet formats and the default standards for packet structure (including implementation algorithms). The Encryption Algorithm describes the use of encryption techniques such as DES (Data Encryption Standard) and Triple DES algorithms.
Page 215: Transport Mode
Prestige 662H/HW Series User’s Guide Figure 92 Transport and Tunnel Mode IPSec Encapsulation 18.3.1 Transport Mode Transport mode is used to protect upper layer protocols and only affects the data in the IP packet. In Transport mode, the IP packet contains the security protocol (AH or ESP) located after the original IP header and options, but before any upper layer protocols contained in the packet (such as TCP and UDP).
Page 216: Table 65 Vpn And Nat
NAT is incompatible with the AH protocol in both Transport and Tunnel mode. An IPSec VPN using the AH protocol digitally signs the outbound packet, both data payload and headers, with a hash value appended to the packet. When using AH protocol, packet contents (the data payload) are not encrypted.
Page 217 Prestige 662H/HW Series User’s Guide Chapter 18 Introduction to IPSec...
Page 218: Chapter 19 Vpn Screens
This chapter introduces the VPN screens. See the Logs chapter for information on viewing 19.1 VPN/IPSec Overview Use the screens documented in this chapter to configure rules for VPN connections and manage VPN connections. 19.2 IPSec Algorithms The ESP and AH protocols are necessary to create a Security Association (SA), the foundation of an IPSec VPN.
Page 219: My Ip Address
Prestige 662H/HW Series User’s Guide Table 66 AH and ESP DES (default) Data Encryption Standard (DES) is a widely used method of data encryption using a private (secret) key. DES applies a 56-bit key to each 64-bit block of data. 3DES Triple DES (3DES) is a variant of DES, which iterates three times with three separate keys...
Page 220: Secure Gateway Address
19.4 Secure Gateway Address Secure Gateway Address is the WAN IP address or domain name of the remote IPSec router (secure gateway). If the remote secure gateway has a static WAN IP address, enter it in the Secure Gateway Address field. You may alternatively enter the remote secure gateway’s domain name (if it has one) in the Secure Gateway Address field.
Page 221: Figure 94 Vpn Summary
Prestige 662H/HW Series User’s Guide Figure 94 VPN Summary The following table describes the fields in this screen. Table 67 VPN Summary LABEL DESCRIPTION This is the VPN policy index number. Click a number to edit VPN policies. Name This field displays the identification name for this VPN policy. Active This field displays whether the VPN policy is active or not.
Page 222: Keep Alive
Table 67 VPN Summary (continued) LABEL DESCRIPTION Remote This is the IP address(es) of computer(s) on the remote network behind the remote Address IPSec router. This field displays N/A when the Secure Gateway Address field displays 0.0.0.0. In this case only the remote IPSec router can initiate the VPN. The same (static) IP address is displayed twice when the Remote Address Type field in the VPN-IKE (or VPN-Manual Key) screen is configured to Single.
Page 223: Nat Traversal Configuration
Prestige 662H/HW Series User’s Guide Figure 95 NAT Router Between IPSec Routers Normally you cannot set up a VPN connection with a NAT router between the two IPSec routers because the NAT router changes the header of the IPSec packet. In the previous figure, IPSec router A sends an IPSec packet in an attempt to initiate a VPN.
Page 224: Id Type And Content
Figure 96 VPN Host using Intranet DNS Server Example If you do not specify an Intranet DNS server on the remote network, then the VPN host must use IP addresses to access the computers on the remote network. 19.8 ID Type and Content With aggressive negotiation mode (see incoming SAs by ID type and content since this identifying information is not encrypted.
Page 225: Id Type And Content Examples
Prestige 662H/HW Series User’s Guide Table 68 Local ID Type and Content Fields LOCAL ID TYPE= CONTENT= Type the IP address of your computer or leave the field blank to have the Prestige automatically use its own IP address. Type a domain name (up to 31 characters) by which to identify this Prestige. E-mail Type an e-mail address (up to 31 characters) by which to identify this Prestige.
Page 226: Pre-Shared Key
The two Prestiges in this example cannot complete their negotiation because Prestige B’s Local ID type is IP, but Prestige A’s Peer ID type is set to E-mail. An “ID mismatched” message displays in the IPSEC LOG. Table 71 Mismatching ID Type and Content Configuration Example PRESTIGE A Local ID type: IP Local ID content: 1.1.1.10...
Page 227: Figure 97 Vpn Ike
Prestige 662H/HW Series User’s Guide Figure 97 VPN IKE The following table describes the fields in this screen. Chapter 19 VPN Screens...
Page 228: Table 72 Vpn Ike
Table 72 VPN IKE LABEL DESCRIPTION IPSec Setup Active Select this check box to activate this VPN policy. This option determines whether a VPN rule is applied before a packet leaves the firewall. Keep Alive Select either Yes or No from the drop-down list box. Select Yes to have the Prestige automatically reinitiate the SA after the SA lifetime times out, even if there is no traffic.
Page 229 Prestige 662H/HW Series User’s Guide Table 72 VPN IKE (continued) LABEL DESCRIPTION End / Subnet Mask When the Local Address Type field is configured to Single, this field is N/A. When the Local Address Type field is configured to Range, enter the end (static) IP address, in a range of computers on the LAN behind your Prestige.
Page 230 Table 72 VPN IKE (continued) LABEL DESCRIPTION My IP Address Enter the WAN IP address of your Prestige. The VPN tunnel has to be rebuilt if this IP address changes. The following applies if this field is configured as 0.0.0.0: The Prestige uses the current Prestige WAN IP address (static or dynamic) to set up the VPN tunnel.
Page 231: Ike Phases
Prestige 662H/HW Series User’s Guide Table 72 VPN IKE (continued) LABEL DESCRIPTION Pre-Shared Key Type your pre-shared key in this field. A pre-shared key identifies a communicating party during a phase 1 IKE negotiation. It is called "pre-shared" because you have to share it with another party before you can communicate with them over a secure connection.
Page 232: Negotiation Mode
Figure 98 Two Phases to Set Up the IPSec SA In phase 1 you must: • Choose a negotiation mode. • Authenticate the connection by entering a pre-shared key. • Choose an encryption algorithm. • Choose an authentication algorithm. • Choose a Diffie-Hellman public-key cryptography key group (DH1 or DH2). •...
Page 233: Diffie-Hellman (Dh) Key Groups
Prestige 662H/HW Series User’s Guide • Main Mode ensures the highest level of security when the communicating parties are negotiating authentication (phase 1). It uses 6 messages in three round trips: SA negotiation, Diffie-Hellman exchange and an exchange of nonces (a nonce is a random number).
Page 234: Figure 99 Vpn Ike: Advanced Setup
Figure 99 VPN IKE: Advanced Setup The following table describes the fields in this screen. Table 73 VPN IKE: Advanced Setup LABEL DESCRIPTION VPN - IKE Protocol Enter 1 for ICMP, 6 for TCP, 17 for UDP, etc. 0 is the default and signifies any protocol.
Page 235 Prestige 662H/HW Series User’s Guide Table 73 VPN IKE: Advanced Setup (continued) LABEL DESCRIPTION Enter a port number in this field to define a port range. This port number must be greater than that specified in the previous field. If Remote Start Port is left at 0, End will also remain at 0.
Page 236: Manual Key Setup
Table 73 VPN IKE: Advanced Setup (continued) LABEL DESCRIPTION Encryption This field is available when you select ESP in the Active Protocol field. Algorithm Select DES, 3DES, AES or NULL from the drop-down list box. When you use one of these encryption algorithms for data communications, both the sending device and the receiving device must use the same secret key, which can be used to encrypt and decrypt the message or to generate and verify a message authentication code.
Page 237: Configuring Manual Key
Prestige 662H/HW Series User’s Guide 19.14 Configuring Manual Key You only configure VPN Manual Key when you select Manual in the IPSec Key Mode field on the VPN IKE screen. This is the VPN Manual Key screen as shown next. Figure 100 VPN: Manual Key The following table describes the fields in this screen.
Page 238: Table 74 Vpn: Manual Key
Table 74 VPN: Manual Key LABEL DESCRIPTION IPSec Setup Active Select this check box to activate this VPN policy. Name Type up to 32 characters to identify this VPN policy. You may use any character, including spaces, but the Prestige drops trailing spaces. IPSec Key Mode Select IKE or Manual from the drop-down list box.
Page 239 Prestige 662H/HW Series User’s Guide Table 74 VPN: Manual Key (continued) LABEL DESCRIPTION End / Subnet Mask When the Remote Address Type field is configured to Single, this field is N/A. When the Remote Address Type field is configured to Range, enter the end (static) IP address, in a range of computers on the network behind the remote IPSec router.
Page 240: Viewing Sa Monitor
19.15 Viewing SA Monitor Click VPN and Monitor to open the SA Monitor screen as shown. Use this screen to display and manage active VPN connections. A Security Association (SA) is the group of security settings related to a specific VPN tunnel. This screen displays active VPN connections.
Page 241: Configuring Global Setting
Prestige 662H/HW Series User’s Guide Table 75 LABEL DESCRIPTION This is the security association index number. Name This field displays the identification name for this VPN policy. Encapsulation This field displays Tunnel or Transport mode. IPSec Algorithm This field displays the security protocols used for an SA. Both AH and ESP increase Prestige processing requirements and communications latency (delay).
Page 242: Telecommuter Vpn/Ipsec Examples
Table 76 VPN: Global Setting (continued) LABEL Apply Cancel 19.17 Telecommuter VPN/IPSec Examples The following examples show how multiple telecommuters can make VPN connections to a single Prestige at headquarters. The telecommuters use IPSec routers with dynamic WAN IP addresses. The Prestige at headquarters has a static public IP address. 19.17.1 Telecommuters Sharing One VPN Rule Example See the following figure and table for an example configuration that allows multiple telecommuters (A, B and C in the figure) to use one VPN rule to simultaneously access a...
Page 243: Telecommuters Using Unique Vpn Rules Example
Prestige 662H/HW Series User’s Guide Table 77 Telecommuters Sharing One VPN Rule Example FIELDS TELECOMMUTERS My IP Address: 0.0.0.0 (dynamic IP address assigned by the ISP) Secure Gateway IP Public static IP address Address: Local IP Address: Telecommuter A: 192.168.2.12 Telecommuter B: 192.168.3.2 Telecommuter C: 192.168.4.15 Remote IP Address: 192.168.1.10...
Page 244: Figure 104 Telecommuters Using Unique Vpn Rules Example
Figure 104 Telecommuters Using Unique VPN Rules Example Table 78 Telecommuters Using Unique VPN Rules Example TELECOMMUTERS All Telecommuter Rules: My IP Address 0.0.0.0 Secure Gateway Address: bigcompanyhq.com Remote IP Address: 192.168.1.10 Peer ID Type: E-mail Peer ID Content: bob@bigcompanyhq.com Telecommuter A (telecommutera.dydns.org) Local ID Type: IP Local ID Content: 192.168.2.12...
Page 245: Vpn And Remote Management
Prestige 662H/HW Series User’s Guide 19.18 VPN and Remote Management If a VPN tunnel uses Telnet, FTP, WWW, then you should configure remote management (Remote Management) to allow access for that service. Chapter 19 VPN Screens...
Page 246: Remote Management Configuration
20.1 Remote Management Overview Remote management allows you to determine which services/protocols can access which Prestige interface (if any) from which computers. When you configure remote management to allow management from the WAN, you still need to configure a firewall rule to allow access. See the firewall chapters for details on configuring firewall rules.
Page 247: Remote Management And Nat
Prestige 662H/HW Series User’s Guide • A filter in SMT menu 3.1 (LAN) or in menu 11.5 (WAN) is applied to block a Telnet, FTP or Web service. • You have disabled that service in one of the remote management screens. •...
Page 248: Web
20.4 Web You can use the Prestige’s embedded web configurator for configuration and file management. See the online help for details. 20.5 Configuring Remote Management Click Remote Management to open the following screen. Figure 106 Remote Management The following table describes the fields in this screen. Table 79 Remote Management LABEL DESCRIPTION...
Page 249 Prestige 662H/HW Series User’s Guide Chapter 20 Remote Management Configuration...
Page 250: Universal Plug-And-Play (Upnp)
Universal Plug-and-Play (UPnP) 21.1 Introducing Universal Plug and Play Universal Plug and Play (UPnP) is a distributed, open networking standard that uses TCP/IP for simple peer-to-peer network connectivity between devices. A UPnP device can dynamically join a network, obtain an IP address, convey its capabilities and learn about other devices on the network.
Page 251: Upnp And Zyxel
Prestige 662H/HW Series User’s Guide All UPnP-enabled devices may communicate freely with each other without additional configuration. Disable UPnP if this is not your intention. 21.2 UPnP and ZyXEL ZyXEL has achieved UPnP certification from the Universal Plug and Play Forum Creates UPnP™...
Page 252: Installing Upnp In Windows Example
Table 80 Configuring UPnP LABEL Enable the Universal Plug and Play (UPnP) Service Allow users to make configuration changes through UPnP Allow UPnP to pass through Firewall Apply Cancel 21.3 Installing UPnP in Windows Example This section shows how to install UPnP in Windows Me and Windows XP. Installing UPnP in Windows Me Follow the steps below to install the UPnP in Windows Me.
Page 253: Figure 108 Add/Remove Programs: Windows Setup: Communication
Prestige 662H/HW Series User’s Guide Figure 108 Add/Remove Programs: Windows Setup: Communication 3 In the Communications window, select the Universal Plug and Play check box in the Components selection box. Figure 109 Add/Remove Programs: Windows Setup: Communication: Components 4 Click OK to go back to the Add/Remove Programs Properties window and click Next. 5 Restart the computer when prompted.
Page 254: Figure 110 Network Connections
Installing UPnP in Windows XP Follow the steps below to install the UPnP in Windows XP. 1 Click Start and Control Panel. 2 Double-click Network Connections. 3 In the Network Connections window, click Advanced in the main menu and select Optional Networking Components ….
Page 255: Figure 111 Windows Optional Networking Components Wizard
Prestige 662H/HW Series User’s Guide Figure 111 Windows Optional Networking Components Wizard 5 In the Networking Services window, select the Universal Plug and Play check box. Chapter 21 Universal Plug-and-Play (UPnP)
Page 256: Using Upnp In Windows Xp Example
Figure 112 Networking Services 6 Click OK to go back to the Windows Optional Networking Component Wizard window and click Next. 21.4 Using UPnP in Windows XP Example This section shows you how to use the UPnP feature in Windows XP. You must already have UPnP installed in Windows XP and UPnP activated on the Prestige.
Page 257: Figure 113 Network Connections
Prestige 662H/HW Series User’s Guide Figure 113 Network Connections 3 In the Internet Connection Properties window, click Settings to see the port mappings there were automatically created. Chapter 21 Universal Plug-and-Play (UPnP)
Page 258: Figure 114 Internet Connection Properties
Prestige 662H/HW Series User’s Guide Figure 114 Internet Connection Properties 4 You may edit or delete the port mappings or click Add to manually add port mappings. Chapter 21 Universal Plug-and-Play (UPnP)
Page 259: Figure 115 Internet Connection Properties: Advanced Settings
Prestige 662H/HW Series User’s Guide Figure 115 Internet Connection Properties: Advanced Settings Figure 116 Internet Connection Properties: Advanced Settings: Add 5 When the UPnP-enabled device is disconnected from your computer, all port mappings will be deleted automatically. 6 Select Show icon in notification area when connected option and click OK. An icon displays in the system tray.
Page 260: Figure 117 System Tray Icon
Figure 117 System Tray Icon 7 Double-click on the icon to display your current Internet connection status. Figure 118 Internet Connection Status Web Configurator Easy Access With UPnP, you can access the web-based configurator on the Prestige without finding out the IP address of the Prestige first.
Page 261: Figure 119 Network Connections
Prestige 662H/HW Series User’s Guide Figure 119 Network Connections 4 An icon with the description for each UPnP-enabled device displays under Local Network. 5 Right-click on the icon for your Prestige and select Invoke. The web configurator login screen displays. Chapter 21 Universal Plug-and-Play (UPnP)
Page 262: Figure 120 Network Connections: My Network Places
Prestige 662H/HW Series User’s Guide Figure 120 Network Connections: My Network Places 6 Right-click on the icon for your Prestige and select Properties. A properties window displays with basic information about the Prestige. Figure 121 Network Connections: My Network Places: Properties: Example Chapter 21 Universal Plug-and-Play (UPnP)
Page 263 Prestige 662H/HW Series User’s Guide Chapter 21 Universal Plug-and-Play (UPnP)
Page 264: Chapter 22 Logs Screens
This chapter contains information about configuring general log settings and viewing the Prestige’s logs. Refer to the appendix for example log message explanations. 22.1 Logs Overview The web configurator allows you to choose which categories of events and/or alerts to have the Prestige log and then display the logs or have the Prestige send them to an administrator (as e-mail) or to a syslog server.
Page 265: Figure 122 Log Settings
Prestige 662H/HW Series User’s Guide Figure 122 Log Settings The following table describes the fields in this screen. Table 81 Log Settings LABEL DESCRIPTION Address Info Mail Server Enter the server name or the IP address of the mail server for the e-mail addresses specified below.
Page 266: Displaying The Logs
Table 81 Log Settings (continued) LABEL DESCRIPTION Send log to Logs are sent to the e-mail address specified in this field. If this field is left blank, logs will not be sent via e-mail. Send alerts to Alerts are sent to the e-mail address specified in this field. If this field is left blank, alerts will not be sent via e-mail.
Page 267: Smtp Error Messages
Prestige 662H/HW Series User’s Guide Figure 123 View Logs The following table describes the fields in this screen. Table 82 View Logs LABEL DESCRIPTION Display The categories that you select in the Log Settings screen (see section ) display in the drop-down list box.
Page 268: Example E-Mail Log
Table 83 SMTP Error Messages (continued) -4 means HELO fail -5 means MAIL FROM fail -6 means RCPT TO fail -7 means DATA fail -8 means mail data send fail 22.4.1 Example E-mail Log An "End of Log" message displays for each mail in which a complete log has been sent. The following is an example of a log sent by e-mail.
Page 269 Prestige 662H/HW Series User’s Guide Chapter 22 Logs Screens...
Page 270: Media Bandwidth Management Advanced Setup
Media Bandwidth Management This chapter describes the functions and advanced configuration of bandwidth management. 23.1 Bandwidth Management Advanced Setup Overview Bandwidth management allows you to allocate an interface’s outgoing capacity to specific types of traffic. It can also help you make sure that the Prestige forwards certain types of traffic (especially real-time applications) with minimum delay.
Page 271: Proportional Bandwidth Allocation
Prestige 662H/HW Series User’s Guide that you configure child-classes with filters for any classes that you configure without filters. The Prestige leaves the bandwidth budget allocated and unused for a class that does not have a filter itself or child-classes with filters. View your configured bandwidth classes and child- classes in the Class Setup screen (see The total of the configured bandwidth budgets for child-classes cannot exceed the configured bandwidth budget speed of the parent class.
Page 272: Application And Subnet-Based Bandwidth Management Example
Figure 126 Subnet-based Bandwidth Management Example 23.4.3 Application and Subnet-based Bandwidth Management Example The following example uses bandwidth classes based on LAN subnets and applications (specific applications in each subnet are allotted bandwidth). Table 84 Application and Subnet-based Bandwidth Management Example TRAFFIC TYPE VoIP E-mail...
Page 273: Priority-Based Scheduler
Prestige 662H/HW Series User’s Guide 23.5.1 Priority-based Scheduler With the priority-based scheduler, the Prestige forwards traffic from bandwidth classes according to the priorities that you assign to the bandwidth classes. The larger a bandwidth class’s priority number is, the higher the priority. Assign real-time applications (like those using audio or video) a higher priority number to provide smoother operation.
Page 274: Maximize Bandwidth Usage Example
23.6.2 Maximize Bandwidth Usage Example Here is an example of a Prestige that has maximized bandwidth usage enabled on an interface. The first figure shows each bandwidth class’s bandwidth budget and priority. The classes are set up based on subnets. The interface is set to 10 Mbps. Each subnet is allocated 2 Mbps. The unbudgeted 2 Mbps allows traffic not defined in one of the bandwidth filters to go out when you do not select the maximize bandwidth option.
Page 275: Bandwidth Borrowing
Prestige 662H/HW Series User’s Guide Figure 129 Maximize Bandwidth Usage Example 23.7 Bandwidth Borrowing Bandwidth borrowing allows a child-class to borrow unused bandwidth from its parent class, whereas maximize bandwidth usage allows bandwidth classes to borrow any unused or unbudgeted bandwidth on the whole interface. Enable bandwidth borrowing on a child-class to allow the child-class to use its parent class’s unused bandwidth.
Page 276: Figure 130 Bandwidth Borrowing Example
Figure 130 Bandwidth Borrowing Example • The Bill class can borrow unused bandwidth from the Sales USA class because the Bill class has bandwidth borrowing enabled. • The Bill class can also borrow unused bandwidth from the Sales class because the Sales USA class also has bandwidth borrowing enabled.
Page 277: Maximize Bandwidth Usage With Bandwidth Borrowing
Prestige 662H/HW Series User’s Guide 23.7.2 Maximize Bandwidth Usage With Bandwidth Borrowing If you configure both maximize bandwidth usage (on the interface) and bandwidth borrowing (on individual child-classes), the Prestige functions as follows. 1 The Prestige sends traffic according to each bandwidth class’s bandwidth budget. 2 The Prestige assigns a parent class’s unused bandwidth to its child-classes that have more traffic than their budgets and have bandwidth borrowing enabled.
Page 278: Configuring Class Setup
Table 85 Media Bandwidth Management: Summary LABEL DESCRIPTION These read-only labels represent the physical interfaces. Select an interface’s check box WLAN to enable bandwidth management on that interface. Bandwidth management applies to all traffic flowing out of the router through the interface, regardless of the traffic’s source. Traffic redirect or IP alias may cause LAN-to-LAN traffic to pass through the Prestige and be managed by bandwidth management.
Page 279: Media Bandwidth Management Class Configuration
Prestige 662H/HW Series User’s Guide Figure 132 Media Bandwidth Management: Class Setup The following table describes the labels in this screen. Table 86 Media Bandwidth Management: Class Setup LABEL DESCRIPTION Interface Select an interface from the drop-down list box for which you wish to set up classes. Back Click Back to go to the main Media Bandwidth Management screen.
Page 280: Figure 133 Media Bandwidth Management: Class Configuration
Figure 133 Media Bandwidth Management: Class Configuration The following table describes the labels in this screen Table 87 Media Bandwidth Management: Class Configuration LABEL Class Name BW Budget (kbps) Priority Borrow bandwidth from parent class Bandwidth Filter The Prestige uses a bandwidth filter to identify the traffic that belongs to a bandwidth class. Active Chapter 23 Media Bandwidth Management Advanced Setup DESCRIPTION...
Page 281 Prestige 662H/HW Series User’s Guide Table 87 Media Bandwidth Management: Class Configuration (continued) LABEL Service Destination IP Address Destination Subnet Mask Destination Port Source IP Address Source Subnet Mask Source Port Protocol ID Back Apply Cancel Table 88 Services and Port Numbers SERVICES ECHO FTP (File Transfer Protocol)
Page 282: Media Bandwidth Management Statistics
Table 88 Services and Port Numbers SERVICES Finger HTTP (Hyper Text Transfer protocol or WWW, Web) POP3 (Post Office Protocol) NNTP (Network News Transport Protocol) SNMP (Simple Network Management Protocol) SNMP trap PPTP (Point-to-Point Tunneling Protocol) 23.9.2 Media Bandwidth Management Statistics Use the Media Bandwidth Management Statistics screen to view network performance information.
Page 283: Bandwidth Monitor
Prestige 662H/HW Series User’s Guide Table 89 Media Bandwidth Management Statistics LABEL DESCRIPTION Set Interval Click Set Interval to apply the new update period you entered in the Update Period field above. Stop Update Click Stop Update to stop the browser from refreshing bandwidth management statistics.
Page 284: Chapter 24 Maintenance
This chapter displays system information such as ZyNOS firmware, port IP addresses and port 24.1 Maintenance Overview The maintenance screens can help you view system information, upload new firmware, manage configuration and restart your Prestige. 24.2 System Status Screen Click System Status to open the following screen, where you can use to monitor your Prestige.
Page 285: Figure 136 System Status
Prestige 662H/HW Series User’s Guide Figure 136 System Status The following table describes the fields in this screen. Table 91 System Status LABEL DESCRIPTION System Status System Name This is the name of your Prestige. It is for identification purposes. Chapter 24 Maintenance...
Page 286: System Statistics
Table 91 System Status (continued) LABEL DESCRIPTION ZyNOS Firmware This is the ZyNOS firmware version and the date created. ZyNOS is ZyXEL's Version proprietary Network Operating System design. DSL FW Version This is the DSL firmware version associated with your Prestige. Standard This is the standard that your Prestige is using.
Page 287: Figure 137 System Status: Show Statistics
Prestige 662H/HW Series User’s Guide Figure 137 System Status: Show Statistics The following table describes the fields in this screen. Table 92 System Status: Show Statistics LABEL DESCRIPTION System up Time This is the elapsed time the system has been up. CPU Load This field specifies the percentage of CPU utilization.
Page 288: Dhcp Table Screen
Table 92 System Status: Show Statistics (continued) LABEL DESCRIPTION Poll Interval(s) Type the time interval for the browser to refresh system statistics. Set Interval Click this button to apply the new poll interval you entered in the Poll Interval field above. Stop Click this button to halt the refreshing of the system statistics.
Page 289: Any Ip Table Screen
Prestige 662H/HW Series User’s Guide 24.4 Any IP Table Screen Click Maintenance, Any IP. The Any IP table shows current read-only information (including the IP address and the MAC address) of all network devices that use the Any IP feature to communicate with the Prestige. Refer to Figure 139 Any IP Table The following table describes the labels in this screen.
Page 290: Diagnostic Screens
Figure 140 Association List The following table describes the fields in this screen. Table 95 Association List LABEL DESCRIPTION This is the index number of an associated wireless station. MAC Address This field displays the MAC (Media Access Control) address of an associated wireless station.
Page 291: Diagnostic Dsl Line Screen
Prestige 662H/HW Series User’s Guide Figure 141 Diagnostic: General The following table describes the fields in this screen. Table 96 Diagnostic: General LABEL DESCRIPTION TCP/IP Type the IP address of a computer that you want to ping in order to test a connection. Address Ping Click this button to ping the IP address that you entered.
Page 292: Figure 142 Diagnostic: Dsl Line
Figure 142 Diagnostic: DSL Line The following table describes the fields in this screen. Table 97 Diagnostic: DSL Line LABEL Reset ADSL Click this button to reinitialize the ADSL line. The large text box above then displays Line the progress and results of this operation, for example: "Start to reset ADSL Loading ADSL modem F/W...
Page 293: Firmware Screen
Prestige 662H/HW Series User’s Guide 24.7 Firmware Screen Find firmware at www.zyxel.com in a file that (usually) uses the system model name with a "*.bin" extension, e.g., "Prestige.bin". The upload process uses HTTP (Hypertext Transfer Protocol) and may take up to two minutes. After a successful upload, the system will reboot. Chapter 40 Firmware and Configuration File Maintenance SMT for upgrading firmware using FTP/TFTP commands.
Page 294: Figure 144 Network Temporarily Disconnected
Prestige 662H/HW Series User’s Guide After you see the Firmware Upload in Process screen, wait two minutes before logging into the Prestige again. The Prestige automatically restarts in this time causing a temporary network disconnect. In some operating systems, you may see the following icon on your desktop. Figure 144 Network Temporarily Disconnected After two minutes, log in again and check your new firmware version in the System Status screen.
Page 295 Prestige 662H/HW Series User’s Guide Chapter 24 Maintenance...
Page 296: Chapter 25 Introducing The Smt
This chapter explains how to access and navigate the System Management Terminal and gives 25.1 SMT Introduction The Prestige’s SMT (System Management Terminal) is a menu-driven interface that you can access from a terminal emulator over a telnet connection. This chapter shows you how to access the SMT (System Management Terminal) menus via Telnet, how to navigate the SMT and how to configure SMT menus.
Page 297: Prestige Smt Menu Overview
Prestige 662H/HW Series User’s Guide Figure 146 Login Screen Enter Password : **** 25.1.3 Prestige SMT Menu Overview We use the Prestige 662HW-61 SMT menus in this guide as an example. The SMT menus vary slightly for different Prestige models. The following figure gives you an overview of the various SMT menu screens of your Pres- tige.
Page 298: Table 99 Navigating The Smt Interface
Exit the SMT After you enter the password, the SMT displays the main menu, as shown next. Table 100 SMT Main Menu Copyright (c) 1994 - 2004 ZyXEL Communications Corp. Prestige 662HW-61 Main Menu Getting Started 1. General Setup 2.
Page 299: System Management Terminal Interface Summary
Prestige 662H/HW Series User’s Guide 25.2.1 System Management Terminal Interface Summary Table 101 Main Menu Summary MENU TITLE General Setup WAN Backup Setup LAN Setup Internet Access Setup Remote Node Setup Static Routing Setup Dial-in User Setup NAT Setup Filter and Firewall Setup SNMP Configuration System Security System Maintenance...
Page 300: Figure 148 Menu 23.1 Change Password
Figure 148 Menu 23.1 Change Password Menu 23.1 - System Security - Change Password Enter here to CONFIRM or ESC to CANCEL: 4 Type your new system password in the New Password field (up to 30 characters), and press [ENTER]. 5 Re-type your new system password in the Retype to confirm field for confirmation and press [ENTER].
Page 301 Prestige 662H/HW Series User’s Guide Chapter 25 Introducing the SMT...
Page 302: Chapter 26 Menu 1 General Setup
Menu 1 - General Setup contains administrative and system-related information. 26.1 General Setup Menu 1 — General Setup contains administrative and system-related information (shown next). The System Name field is for identification purposes. However, because some ISPs check this name you should enter your computer's "Computer Name". •...
Page 303: Procedure To Configure Dynamic Dns
Prestige 662H/HW Series User’s Guide Figure 149 Menu 1 General Setup Press ENTER to Confirm or ESC to Cancel: Fill in the required fields. Refer to the table shown next for more information about these fields. Table 102 Menu 1 General Setup FIELD System Name Location (optional)
Page 304: Figure 150 Menu 1.1 Configure Dynamic Dns
Figure 150 Menu 1.1 Configure Dynamic DNS Follow the instructions in the next table to configure dynamic DNS parameters. Table 103 Menu 1.1 Configure Dynamic DNS FIELD DESCRIPTION Service Provider This is the name of your dynamic DNS service provider. Active Press [SPACE BAR] to select Yes and then press [ENTER] to make dynamic DNS active.
Page 305 Prestige 662H/HW Series User’s Guide Chapter 26 Menu 1 General Setup...
Page 306: Chapter 27 Menu 2 Wan Backup Setup
Menu 2 WAN Backup Setup This chapter describes how to configure traffic redirect and dial-backup using menu 2 and 2.1. 27.1 Introduction to WAN Backup Setup This chapter explains how to configure the Prestige for traffic redirect and dial backup connections.
Page 307: Traffic Redirect Setup
Prestige 662H/HW Series User’s Guide Table 104 Menu 2 WAN Backup Setup (continued) FIELD KeepAlive Fail Tolerance Recovery Interval(sec) When the Prestige is using a lower priority connection (usually a WAN backup ICMP Timeout Traffic Redirect Dial Backup When you have completed this menu, press [ENTER] at the prompt “ or ESC to Cancel: 27.2.1 Traffic Redirect Setup Configure parameters that determine when the Prestige will forward WAN traffic to the...
Page 308: Configuring Dial Backup Setup
Table 105 Menu 2.1Traffic Redirect Setup (continued) FIELD DESCRIPTION Metric This field sets this route's priority among the routes the Prestige uses. The metric represents the "cost of transmission". A router determines the best route for transmission by choosing a path with the lowest "cost". RIP routing uses hop count as the measurement of cost, with a minimum of "1"...
Page 309: Advanced Dial Backup Setup
Prestige 662H/HW Series User’s Guide Table 106 Menu 2.2 Dial Backup Setup (continued) FIELD DESCRIPTION Edit Advanced To edit the advanced setup for the Dial Backup port, move the cursor to this field; press Setup the [SPACE BAR] to select Yes and then press [ENTER] to go to Menu 2.2.1 Advanced Dial Backup Setup.
Page 310: Figure 154 Menu 2.2.1 Advanced Dial Backup Setup
Figure 154 Menu 2.2.1 Advanced Dial Backup Setup Menu 2.2.1 - Advanced Dial Backup Setup AT Command Strings: Dial= atd Drop= ~~+++~~ath Answer= ata Drop DTR When Hang Up= No AT Response Strings: CLID= NMBR = Called Id= Speed= CONNECT Press ENTER to Confirm or ESC to Cancel: The following table describes fields in this menu.
Page 311 Prestige 662H/HW Series User’s Guide Table 108 Menu 2.2.1 Advanced Dial Backup Setup: Call Control Parameters FIELD Drop Timeout (sec) Call Back Delay (sec) Enter a number of seconds for the Prestige to wait between dropping a callback DESCRIPTION Enter a number of seconds for the Prestige to wait before dropping the DTR signal if it does not receive a positive disconnect confirmation.
Page 312: Chapter 28 Menu 3 Lan Setup
This chapter covers how to configure your wired Local Area Network (LAN) settings. 28.1 LAN Setup This section describes how to configure the Ethernet using Menu 3 — LAN Setup. From the main menu, enter 3 to display menu 3. Figure 155 Menu 3 LAN Setup Menu 3 - LAN Setup 1.
Page 313: Protocol Dependent Ethernet Setup
Prestige 662H/HW Series User’s Guide 28.2 Protocol Dependent Ethernet Setup Depending on the protocols for your applications, you need to configure the respective Ethernet Setup, as outlined below. • For TCP/IP Ethernet setup refer to • For bridging Ethernet setup refer to 28.3 CP/IP Ethernet Setup and DHCP Use menu 3.2 to configure your Prestige for TCP/IP.
Page 314: Figure 157 Menu 3.2 Tcp/Ip And Dhcp Ethernet Setup
Figure 157 Menu 3.2 TCP/IP and DHCP Ethernet Setup Follow the instructions in the following table on how to configure the DHCP fields. Table 109 DHCP Ethernet Setup FIELD DHCP Setup DHCP Client IP Pool Starting Address Size of Client IP Pool Primary DNS Server Secondary DNS Server Remote DHCP Serve...
Page 315 Prestige 662H/HW Series User’s Guide Table 110 TCP/IP Ethernet Setup (continued) FIELD DESCRIPTION IP Subnet Mask Your Prestige will automatically calculate the subnet mask based on the IP address that you assign. Unless you are implementing subnetting, use the subnet mask computed by the Prestige (refer to the RIP Direction Press [...
Page 316: Chapter 29 Wireless Lan Setup
This chapter covers how to configure wireless LAN settings in SMT menu 3.5. 29.1 Wireless LAN Overview Refer to the chapter on the wireless LAN screens for wireless LAN background information. 29.2 Wireless LAN Setup Use menu 3.5 to set up your Prestige as the wireless access point. To edit menu 3.5, enter 3 from the main menu to display Menu 3 –...
Page 317: Wireless Lan Mac Address Filter
Prestige 662H/HW Series User’s Guide Table 111 Menu 3.5 - Wireless LAN Setup (continued) FIELD DESCRIPTION Channel ID Press [SPACE BAR] to select a channel. This allows you to set the operating frequency/ channel depending on your particular region. RTS(Request To Send) threshold (number of bytes) enables RTS/CTS handshake. Data Threshold with its frame size larger than this value will perform the RTS/CTS handshake.
Page 318: Figure 159 Menu 3.5.1 Wlan Mac Address Filtering
Figure 159 Menu 3.5.1 WLAN MAC Address Filtering -------------------------------------------------------------------------- 00:00:00:00:00:00 00:00:00:00:00:00 00:00:00:00:00:00 00:00:00:00:00:00 00:00:00:00:00:00 00:00:00:00:00:00 00:00:00:00:00:00 00:00:00:00:00:00 00:00:00:00:00:00 00:00:00:00:00:00 00:00:00:00:00:00 00:00:00:00:00:00 -------------------------------------------------------------------------- The following table describes the fields in this menu. Table 112 Menu 3.5.1 WLAN MAC Address Filtering FIELD DESCRIPTION Active To enable MAC address filtering, press [SPACE BAR] to select Yes and press [ENTER].
Page 319 Prestige 662H/HW Series User’s Guide Chapter 29 Wireless LAN Setup...
Page 320: Chapter 30 Internet Access
This chapter shows you how to configure the LAN and WAN of your Prestige for Internet 30.1 Internet Access Overview Refer to the chapters on the web configurator’s wizard, LAN and WAN screens for more background information on fields in the SMT screens covered in this chapter. 30.2 IP Policies Traditionally, routing is based on the destination address only and the router takes the shortest path to forward a packet.
Page 321: Ip Alias Setup
Prestige 662H/HW Series User’s Guide Figure 160 IP Alias Network Example Use menu 3.2.1 to configure IP Alias on your Prestige. 30.4 IP Alias Setup Use menu 3.2 to configure the first network. Move the cursor to Edit IP Alias field and press [SPACEBAR] to choose Yes and press [ENTER] to configure the second and third network.
Page 322: Route Ip Setup
Figure 162 Menu 3.2.1 IP Alias Setup Menu 3.2.1 - IP Alias Setup IP Alias 1= No IP Alias 2= No Follow the instructions in the following table to configure IP Alias parameters. Table 113 Menu 3.2.1 IP Alias Setup FIELD DESCRIPTION IP Alias...
Page 323: Internet Access Configuration
Prestige 662H/HW Series User’s Guide Figure 163 Menu 1 General Setup Menu 1 - General Setup Press ENTER to Confirm or ESC to Cancel: 30.6 Internet Access Configuration Menu 4 allows you to enter the Internet Access information in one screen. Menu 4 is actually a simplified setup for one of the remote nodes that you can access in menu 11.
Page 324: Table 114 Menu 4 Internet Access Setup
Menu 4 Internet Access Setup Table 114 FIELD DESCRIPTION ISP’s Name Enter the name of your Internet Service Provider (ISP). This information is for identification purposes only. Encapsulation Press [ Choices are PPPoE, PPPoA, RFC 1483 or ENET ENCAP. Multiplexing Press [ Choices are VC-based or LLC-based.
Page 325 Prestige 662H/HW Series User’s Guide Chapter 30 Internet Access...
Page 326: Remote Node Configuration
Remote Node Configuration 31.1 Remote Node Setup Overview This section describes the protocol-independent parameters for a remote node. A remote node is required for placing calls to a remote gateway. A remote node represents both the remote gateway and the network behind it across a WAN connection. When you use menu 4 to set up Internet access, you are configuring one of the remote nodes.
Page 327: Encapsulation And Multiplexing Scenarios
Prestige 662H/HW Series User’s Guide Figure 165 Menu 11 Remote Node Setup 31.2.2 Encapsulation and Multiplexing Scenarios For Internet access you should use the encapsulation and multiplexing methods used by your ISP. Consult your telephone company for information on encapsulation and multiplexing methods for LAN-to-LAN applications, for example between a branch office and corporate headquarters.
Page 328: Figure 166 Menu 11.1 Remote Node Profile
Figure 166 Menu 11.1 Remote Node Profile Menu 11.1 - Remote Node Profile Rem Node Name= MyISP Active= Yes Encapsulation= RFC 1483 Multiplexing= LLC-based Service Name= N/A Incoming: Rem Login= N/A Rem Password= N/A Outgoing: My Login= N/A My Password= N/A Authen= N/A Press ENTER to Confirm or ESC to Cancel: In Menu 11.1 –...
Page 329: Outgoing Authentication Protocol
Prestige 662H/HW Series User’s Guide Table 115 Menu 11.1 Remote Node Profile (continued) FIELD DESCRIPTION PAP – accept PAP (Password Authentication Protocol) only. Route This field determines the protocol used in routing. Options are IP and None. Bridge When bridging is enabled, your Prestige will forward any packet that it does not route to this remote node;...
Page 330: Remote Node Network Layer Options
31.3 Remote Node Network Layer Options For the TCP/IP parameters, perform the following steps to edit Menu 11.3 – Remote Node Network Layer Options as shown next. 1 In menu 11.1, make sure IP is among the protocols in the Route field. 2 Move the cursor to the Edit IP/Bridge field, press [SPACE BAR] to select Yes, then press [ENTER] to display Menu 11.3 –...
Page 331: My Wan Addr Sample Ip Addresses
Prestige 662H/HW Series User’s Guide Table 116 Menu 11.3 Remote Node Network Layer Options (continued) FIELD DESCRIPTION Address When Full Feature is selected in the NAT field, configure address mapping sets in Mapping Set menu 15.1. Select one of the NAT server sets (2-10) in menu 15.2 (see Network Address Translation (NAT) When SUA Only is selected in the NAT field, the SMT uses NAT server set 1 in menu 15.2 (see...
Page 332: Remote Node Filter
Figure 168 Sample IP Addresses for a TCP/IP LAN-to-LAN Connection 31.4 Remote Node Filter Move the cursor to the Edit Filter Sets field in menu 11.1, then press [SPACE BAR] to select Yes. Press [ENTER] to display Menu 11.5 – Remote Node Filter. Use Menu 11.5 –...
Page 333: Editing Atm Layer Options
Prestige 662H/HW Series User’s Guide Figure 169 Menu 11.5 Remote Node Filter (RFC 1483 or ENET Encapsulation) Menu 11.5 - Remote Node Filter Figure 170 Menu 11.5 Remote Node Filter (PPPoA or PPPoE Encapsulation) 31.5 Editing ATM Layer Options Follow the steps shown next to edit Menu 11.6 – Remote Node ATM Layer Options. In menu 11.1, move the cursor to the Edit ATM Options field and then press [SPACE BAR] to select Yes.
Page 334: Llc-Based Multiplexing Or Ppp Encapsulation
Figure 171 Menu 11.6 for VC-based Multiplexing Menu 11.6 - Remote Node ATM Layer Options VPI/VCI (VC-Multiplexing) VC Options for IP: VPI #= 8 VCI #= 35 ATM QoS Type= UBR Peak Cell Rate (PCR)= 0 Sustain Cell Rate (SCR)= 0 Maximum Burst Size (MBS)= 0 31.5.2 LLC-based Multiplexing or PPP Encapsulation For LLC-based multiplexing or PPP encapsulation, one VC carries multiple protocols with...
Page 335: Figure 173 Menu 11.1 Remote Node Profile
Prestige 662H/HW Series User’s Guide Figure 173 Menu 11.1 Remote Node Profile Rem Node Name= MyISP Active= Yes Encapsulation= PPPoE Multiplexing= LLC-based Service Name= Incoming: Rem Login= Rem Password= ******** Outgoing: My Login= ? My Password= ? Authen= CHAP/PAP Move the cursor to the Edit Advance Options field, press [SPACE BAR] to select Yes, then press [ENTER] to display Menu 11.8 –...
Page 336: Chapter 32 Static Route Setup
32.1 IP Static Route Overview Static routes tell the Prestige routing information that it cannot learn automatically through other means. This can arise in cases where RIP is disabled on the LAN or a remote network is beyond the one that is directly connected to a remote node. Each remote node specifies only the network to which the gateway is directly connected and the Prestige has no knowledge of the networks beyond.
Page 337: Figure 176 Menu 12 Static Route Setup
Prestige 662H/HW Series User’s Guide Figure 176 Menu 12 Static Route Setup From menu 12, select 1 to open Menu 12.1 — IP Static Route Setup (shown next). Figure 177 Menu 12.1 IP Static Route Setup Now, type the route number of a static route you want to configure. Figure 178 Menu12.1.1 Edit IP Static Route Menu 12.1.1 - Edit IP Static Route Press ENTER to Confirm or ESC to Cancel:...
Page 338: Table 118 Menu12.1.1 Edit Ip Static Route
The following table describes the fields for Menu 12.1.1 – Edit IP Static Route Setup. Table 118 Menu12.1.1 Edit IP Static Route FIELD Route # Route Name Active Destination IP Address IP Subnet Mask Gateway IP Address Metric Private When you have completed this menu, press [ENTER] at the prompt “ or ESC to Cancel: Chapter 32 Static Route Setup Prestige 662H/HW Series User’s Guide...
Page 339 Prestige 662H/HW Series User’s Guide Chapter 32 Static Route Setup...
Page 340: Chapter 33 Bridging Setup
This chapter shows you how to configure the bridging parameters of your Prestige. 33.1 Bridging in General Bridging bases the forwarding decision on the MAC (Media Access Control), or hardware address, while routing does it on the network layer (IP) address. Bridging allows the Prestige to transport packets of network layer protocols that it does not route, for example, SNA, from one network to another.
Page 341: Figure 179 Menu 11.1 Remote Node Profile
Prestige 662H/HW Series User’s Guide Figure 179 Menu 11.1 Remote Node Profile Rem Node Name= ? Active= Yes Encapsulation= ENET ENCAP Multiplexing= VC-based Service Name= N/A Incoming: Rem Login= N/A Rem Password= N/A Outgoing: My Login= N/A My Password= N/A Authen= N/A Press ENTER to Confirm or ESC to Cancel: 3 Move the cursor to the Edit IP/Bridge field, then press [SPACE BAR] to set the value to...
Page 342: Bridge Static Route Setup
33.2.2 Bridge Static Route Setup Similar to network layer static routes, a bridging static route tells the Prestige the route to a node before a connection is established. You configure bridge static routes in menu 12.3.1 (go to menu 12, choose option 3, then choose a static route to edit) as shown next. Figure 181 Menu 12.3.1 Edit Bridge Static Route Menu 12.3.1 - Edit Bridge Static Route Route #: 1...
Page 343 Prestige 662H/HW Series User’s Guide Chapter 33 Bridging Setup...
Page 344: Network Address Translation (Nat)
Network Address Translation 34.1 Using NAT You must create a firewall rule in addition to setting up SUA/NAT, to allow traffic from the WAN to be forwarded through the Prestige. 34.1.1 SUA (Single User Account) Versus NAT SUA (Single User Account) is a ZyNOS implementation of a subset of NAT that supports two types of mapping, Many-to-One and Server.
Page 345: Figure 182 Menu 4 Applying Nat For Internet Access
Prestige 662H/HW Series User’s Guide Figure 182 Menu 4 Applying NAT for Internet Access Menu 4 - Internet Access Setup Press ENTER to Confirm or ESC to Cancel: The following figure shows how you apply NAT to the remote node in menu 11.1. 1 Enter 11 from the main menu.
Page 346: Nat Setup
Table 121 Applying NAT in Menus 4 & 11.3 FIELD DESCRIPTION Press [SPACE BAR] and then [ENTER] to select Full Feature if you have multiple public WAN IP addresses for your Prestige. The SMT uses the address mapping set that you configure and enter in the Address Mapping Set field (see Select None to disable NAT.
Page 347: Sua Address Mapping Set
Prestige 662H/HW Series User’s Guide Figure 185 Menu 15.1 Address Mapping Sets Menu 15.1 - Address Mapping Sets Enter Menu Selection Number: 34.3.1.1 SUA Address Mapping Set Enter 255 to display the next screen (see also section 27.1.1). The fields in this menu cannot be changed.
Page 348: User-Defined Address Mapping Sets
Table 122 SUA Address Mapping Rules (continued) FIELD DESCRIPTION Global Start IP This is the starting global IP address (IGA). If you have a dynamic IP, enter 0.0.0.0 as the Global Start IP. Global End IP This is the ending global IP address (IGA). Type These are the mapping types.
Page 349: Ordering Your Rules
Prestige 662H/HW Series User’s Guide 34.3.1.3 Ordering Your Rules Ordering your rules is important because the Prestige applies the rules in the order that you specify. When a rule matches the current packet, the Prestige takes the corresponding action and the remaining rules are ignored. If there are any empty rules before your new configured rule, your configured rule will be pushed up by that number of empty rules.
Page 350: Configuring A Server Behind Nat
Figure 188 Menu 15.1.1.1 Editing/Configuring an Individual Rule in a Set Menu 15.1.1.1 Address Mapping Rule Press ENTER to Confirm or ESC to Cancel: The following table explains the fields in this menu. Menu 15.1.1.1 Editing/Configuring an Individual Rule in a Set Table 124 FIELD DESCRIPTION...
Page 351: Figure 189 Menu 15.2 Nat Server Setup
Prestige 662H/HW Series User’s Guide Figure 189 Menu 15.2 NAT Server Setup Menu 15.2 - NAT Server Sets 3 Enter 1 to go to Menu 15.2.1 NAT Server Setup as follows. Figure 190 Menu 15.2.1 NAT Server Setup Menu 15.2 - NAT Server Setup Rule Start Port No.
Page 352: General Nat Examples
Figure 191 Multiple Servers Behind NAT Example 34.5 General NAT Examples The following are some examples of NAT configuration. 34.5.1 Example 1: Internet Access Only In the following Internet access example, you only need one rule where your ILAs (Inside Local addresses) all map to one dynamic IGA (Inside Global Address) assigned by your ISP.
Page 353: Example 2: Internet Access With An Inside Server
Prestige 662H/HW Series User’s Guide Figure 192 NAT Example 1 Figure 193 Menu 4 Internet Access & NAT Example From menu 4, choose the SUA Only option from the Network Address Translation field. This is the Many-to-One mapping discussed in SUA Only read-only option from the Network Address Translation field in menus 4 and 11.3 is specifically pre-configured to handle this case.
Page 354: Example 3: Multiple Public Ip Addresses With Inside Servers
Figure 194 NAT Example 2 In this case, you do exactly as above (use the convenient pre-configured SUA Only set) and also go to menu 15.2 to specify the Inside Server behind the NAT as shown in the next figure. Figure 195 Menu 15.2.1 Specifying an Inside Server Menu 15.2.1 - NAT Server Setup (Used for SUA Only) Rule...
Page 355: Figure 196 Nat Example 3
Prestige 662H/HW Series User’s Guide You also map your third IGA to the web server and mail server on the LAN. Type Server allows you to specify multiple servers, of different types, to other computers behind NAT on the LAN. The example situation looks somewhat like this: Figure 196 NAT Example 3 In this case you need to configure Address Mapping Set 1 from Menu 15.1 - Address...
Page 356: Figure 197 Example 3: Menu 11.3
Figure 197 Example 3: Menu 11.3 Menu 11.3 - Remote Node Network Layer Options IP Options: IP Address Assignment= Static Rem IP Addr: 0.0.0.0 Rem Subnet Mask= 0.0.0.0 My WAN Addr= 0.0.0.0 NAT= Full Feature Address Mapping Set= 2 Metric= 2 Private= No RIP Direction= Both Version= RIP-2B...
Page 357: Figure 199 Example 3: Final Menu 15.1.1
Prestige 662H/HW Series User’s Guide Figure 199 Example 3: Final Menu 15.1.1 Menu 15.1.1 - Address Mapping Rules Set Name= Example3 Local Start IP Local End IP --------------- --------------- 1. 192.168.1.10 192.168.1.11 3. 0.0.0.0 255.255.255.255 Action= Edit Press ENTER to Confirm or ESC to Cancel: Now configure the IGA3 to map to our web server and mail server on the LAN.
Page 358: Example 4: Nat Unfriendly Application Programs
Figure 200 Example 3: Menu 15.2.1 Rule Start Port No. --------------------------------------------------- Press ENTER to Confirm or ESC to Cancel: 34.5.4 Example 4: NAT Unfriendly Application Programs Some applications do not support NAT Mapping using TCP or UDP port address translation. In this case it is better to use Many-to-Many No Overload mapping as port numbers do not change for Many-to-Many No Overload (and One-to-One) NAT mapping types.
Page 359: Figure 202 Example 4: Menu 15.1.1.1 Address Mapping Rule
Prestige 662H/HW Series User’s Guide Figure 202 Example 4: Menu 15.1.1.1 Address Mapping Rule Menu 15.1.1.1 Address Mapping Rule Press ENTER to Confirm or ESC to Cancel: After you’ve configured your rule, you should be able to check the settings in menu 15.1.1 as shown next.
Page 360: Chapter 35 Enabling The Firewall
35.1 Remote Management and the Firewall When SMT menu 24.11 is configured to allow management (see the Remote Management chapter) and the firewall is enabled: • The firewall blocks remote management from the WAN unless you configure a firewall rule to allow it. •...
Page 361: Figure 204 Menu 21.2 Firewall Setup
Prestige 662H/HW Series User’s Guide Figure 204 Menu 21.2 Firewall Setup Menu 21.2 - Firewall Setup The firewall protects against Denial of Service (DOS) attacks when it is active. The default Policy sets 1. allow all sessions originating from the LAN to the WAN and 2.
Page 362: Chapter 36 Filter Configuration
36.1 About Filtering Your Prestige uses filters to decide whether or not to allow passage of a data packet and/or to make a call. There are two types of filter applications: data filtering and call filtering. Filters are subdivided into device and protocol filters, which are discussed later. Data filtering screens data to determine if the packet should be allowed to pass.
Page 363: The Filter Structure Of The Prestige
Prestige 662H/HW Series User’s Guide Figure 206 Filter Rule Process Fetch Next Filter Set Next Filter Set Available? Drop Packet You can apply up to four filter sets to a particular port to block various types of packets. Because each filter set can have up to six rules, you can have a maximum of 24 rules active for a single port.
Page 364: Configuring A Filter Set For The Prestige
36.2 Configuring a Filter Set for the Prestige To configure a filter set, follow the steps shown next. 1 Enter 21 in the main menu to display Menu 21 – Filter and Firewall Setup. 2 Enter 1 to display Menu 21.1 – Filter Set Configuration as shown next. Figure 207 Menu 21 Filter Set Configuration Menu 21.1 - Filter Set Configuration Filter...
Page 365: Filter Rules Summary Menus
Prestige 662H/HW Series User’s Guide Figure 209 NetBIOS_LAN Filter Rules Summary Menu 21.1.3 - Filter Rules Summary # A Type - - ---- --------------------------------------------------------------- - 1 Y IP Pr=17, SA=0.0.0.0, SP=137, DA=0.0.0.0, DP=53 Enter Filter Rule Number (1-6) to Configure: Figure 210 IGMP Filter Rules Summary Menu 21.1.4 - Filter Rules Summary # A Type...
Page 366: Configuring A Filter Rule
Table 125 Abbreviations Used in the Filter Rules Summary Menu (continued) FIELD DESCRIPTION Action Matched. “F” means to forward the packet immediately and skip checking the remaining rules. “D” means to drop the packet. “N“ means to check the next rule. Action Not Matched.
Page 367: Tcp/Ip Filter Rule
Prestige 662H/HW Series User’s Guide 36.4.1 TCP/IP Filter Rule This section shows you how to configure a TCP/IP filter rule. TCP/IP rules allow you to base the rule on the fields in the IP and the upper layer protocol, for example, UDP and TCP headers.
Page 368 Table 127 Menu 21.1.x.1 TCP/IP Filter Rule (continued) FIELD DESCRIPTION Port # Type the destination port of the packets you want to filter. The field range is 0 to 65535. A 0 field is ignored. Port # Comp Select the comparison to apply to the destination port in the packet against the value given in Destination: Port #.
Page 369: Generic Filter Rule
Prestige 662H/HW Series User’s Guide Figure 212 Executing an IP Filter Packet into IP Filter Filter Active? Apply SrcAddrMask to Src Addr Check Src IP Addr Matched Apply DestAddrMask to Dest Addr Check Dest IP Addr Matched Check IP Protocol Matched Check Src &...
Page 370: Figure 213 Menu 21.1.5.1 Generic Filter Rule
To configure a generic rule select an empty filter set in menu 21, for example 5. Select Generic Filter Rule in the Filter Type field and press [ENTER] to open Menu 21.1.5.1 – Generic Filter Rule, as shown in the following figure. Figure 213 Menu 21.1.5.1 Generic Filter Rule Menu 21.1.5.1 - Generic Filter Rule Filter #: 5,1...
Page 371: Filter Types And Nat
Prestige 662H/HW Series User’s Guide Table 128 Menu 21.1.5.1 Generic Filter Rule (continued) FIELD DESCRIPTION Action Not Select the action for a packet not matching the rule. Choices are Check Next Rule, Matched Forward or Drop. When you have completed this menu, press [ENTER] at the prompt “ or ESC to Cancel: 36.5 Filter Types and NAT There are two classes of filter rules, Generic Filter Device rules and Protocol Filter (TCP/IP)
Page 372: Figure 215 Sample Telnet Filter
Figure 215 Sample Telnet Filter 1 Enter 1 in the menu 21 to display Menu 21.1 — Filter Set Configuration. 2 Enter the index number of the filter set you want to configure (in this case 6) 3 Type a descriptive name or comment in the Edit Comments field (for example, TELNET_WAN) and press [ENTER].
Page 373: Applying Filters And Factory Defaults
Prestige 662H/HW Series User’s Guide 2 Go to the Edit Filter Sets field, press [SPACE BAR] to choose Yes and press [ENTER]. This brings you to menu 11.5. Apply the example filter set (for example, filter set 3) in this menu as shown in the next section.
Page 374: Ethernet Traffic
36.7.1 Ethernet Traffic You seldom need to filter Ethernet traffic; however, the filter sets may be useful to block certain packets, reduce traffic and prevent security breaches. Go to menu 3.1 (shown next) and type the number(s) of the filter set(s) that you want to apply as appropriate. You can choose up to four filter sets (from twelve) by typing their numbers separated by commas, for example, 3, 4, 6, 11.
Page 375 Prestige 662H/HW Series User’s Guide Chapter 36 Filter Configuration...
Page 376: Chapter 37 Snmp Configuration
37.1 About SNMP Simple Network Management Protocol (SNMP) is a protocol used for exchanging management information between network devices. SNMP is a member of the TCP/IP protocol suite. Your Prestige supports SNMP agent functionality, which allows a manager station to manage and monitor the Prestige through the network. The Prestige supports SNMP version one (SNMPv1) and version two c (SNMPv2c).
Page 377: Supported Mibs
Prestige 662H/HW Series User’s Guide The managed devices contain object variables/managed objects that define each piece of information to be collected about a device. Examples of variables include the number of packets received, node port status etc. A Management Information Base (MIB) is a collection of managed objects.
Page 378: Snmp Traps
Figure 221 Menu 22 SNMP Configuration Menu 22 - SNMP Configuration SNMP: Get Community= public Set Community= public Trusted Host= 0.0.0.0 Trap: Press ENTER to Confirm or ESC to Cancel: The following table describes the SNMP configuration parameters. Table 130 Menu 22 SNMP Configuration FIELD SNMP: Get Community...
Page 379: Table 132 Ports And Permanent Virtual Circuits
Prestige 662H/HW Series User’s Guide Table 131 SNMP Traps (continued) TRAP # TRAP NAME authenticationFailure (defined in RFC-1215) whyReboot (defined in ZYXEL-MIB) A trap is sent with the reason of restart before For intentional reboot : The port number is its interface index under the interface group. Table 132 Ports and Permanent Virtual Circuits PORT PVC (PERMANENT VIRTUAL CIRCUIT)
Page 380: Chapter 38 System Security
This chapter describes how to configure the system security on the Prestige. 38.1 System Security You can configure the system password.. 38.1.1 System Password Enter 23 in the main menu to display Menu 23 – System Security. You should change the default password. If you forget your password you have to restore the default configuration file.
Page 381: Figure 224 Menu 23.2 System Security: Radius Server
Prestige 662H/HW Series User’s Guide Figure 224 Menu 23.2 System Security: RADIUS Server Menu 23.2 - System Security - RADIUS Server Press ENTER to Confirm or ESC to Cancel: The following table describes the fields in this menu. Table 133 Menu 23.2 System Security: RADIUS Server FIELD Authentication Server Active...
Page 382: Ieee802.1X
38.1.3 IEEE802.1x The IEEE802.1x standards outline enhanced security methods for both the authentication of wireless stations and encryption key management. Follow the steps below to enable EAP authentication on your Prestige. 1 From the main menu, enter 23 to display Menu23 – System Security. Figure 225 Menu 23 System Security Menu 23 - System Security Enter Menu Selection Number:...
Page 383: Table 134 Menu 23.4 System Security : Ieee802.1X
Prestige 662H/HW Series User’s Guide Table 134 Menu 23.4 System Security : IEEE802.1x FIELD DESCRIPTION Wireless Port Press [SPACE BAR] and select a security mode for the wireless LAN access. Control Select No Authentication Required to allow any wireless stations access to your wired network without entering usernames and passwords.
Page 384: Creating User Accounts On The Prestige
Table 134 Menu 23.4 System Security : IEEE802.1x (continued) FIELD DESCRIPTION Authentication The authentication database contains wireless station login information. The local Databases user database is the built-in database on the Prestige. The RADIUS is an external server. Use this field to decide which database the Prestige should use (first) to authenticate a wireless station.
Page 385: Figure 227 Menu 14 Dial-In User Setup
Prestige 662H/HW Series User’s Guide Figure 227 Menu 14 Dial-in User Setup 1. ________ 2. ________ 3. ________ 4. ________ 5. ________ 6. ________ 7. ________ 8. ________ 2 Type a number and press [ENTER] to edit the user profile. Figure 228 Menu 14.1 Edit Dial-in User Menu 14.1 - Edit Dial-in User Press ENTER to Confirm or ESC to Cancel:...
Page 386: System Information And Diagnosis
System Information and This chapter covers the information and diagnostic tools in SMT menus 24.1 to 24.4. 39.1 Overview These tools include updates on system status, port status, log and trace capabilities and upgrades for the system software. This chapter describes how to use these tools in detail. Type 24 in the main menu to open Menu 24 –...
Page 387: Figure 230 Menu 24.1 System Maintenance : Status
Prestige 662H/HW Series User’s Guide To get to System Status, type 24 to go to Menu 24 — System Maintenance. From this menu, type 1. System Status. There are two commands in Menu 24.1 — System Maintenance — Status. Entering 1 resets the counters; [ESC] takes you back to the previous screen. The following table describes the fields present in Menu 24.1 —...
Page 388: System Information
Table 136 Menu 24.1 System Maintenance : Status (continued) FIELD DESCRIPTION Rx Pkts This is the number of received packets from the LAN. Collision This is the number of collisions. This shows statistics for the WAN. Line Status This shows the current status of the xDSL line, which can be Up or Down. Upstream This shows the upstream transfer rate in kbps.
Page 389: Console Port Speed
Menu 1 – General Setup. Refers to the routing protocol used. Refers to the ZyNOS (ZyXEL Network Operating System) system firmware version. ZyNOS is a registered trademark of ZyXEL Communications Corporation. Displays the vendor of the ADSL chipset and DSL version.
Page 390: Log And Trace
Figure 233 Menu 24.2.2 System Maintenance : Change Console Port Speed Menu 24.2.2 – System Maintenance – Change Console Port Speed Press ENTER to Confirm or ESC to Cancel: Once you change the Prestige console port speed, you must also set the speed parameter for the communication software you are using to connect to the Prestige.
Page 391: Syslog And Accounting
Prestige 662H/HW Series User’s Guide Figure 235 Sample Error and Information Messages 53 Sat Jan 01 00:00:03 2000 PP01 -WARN 54 Sat Jan 01 00:00:03 2000 PP01 55 Sat Jan 01 00:00:03 2000 PP01 56 Sat Jan 01 00:00:03 2000 PP20 57 Sat Jan 01 00:00:03 2000 PP21 58 Sat Jan 01 00:03:06 2000 PP19 59 Sat Jan 01 00:03:06 2000 PP01...
Page 392: Figure 237 Syslog Example
Figure 237 Syslog Example 1 - CDR SdcmdSyslogSend ( SYSLOG_CDR, SYSLOG_INFO, String); String = board xx line xx channel xx, call xx, str board = the hardware board ID line = the WAN ID in a board Channel = channel ID within the WAN call = the call reference number which starts from 1 and increments by 1 for each new call str = C01 Outgoing Call dev xx ch xx (dev:device No.
Page 393: Diagnostic
Prestige 662H/HW Series User’s Guide Figure 237 Syslog Example (continued) prot: Protocol (“TCP”, ”UDP”, ”ICMP”) spo: Source port dpo: Destination port Jul 19 14:43:55 192.168.102.2 ZYXEL: IP [Src=202.132.154.123 Dst=255.255.255.255 UDP spo=0208 dpo=0208]} S03>R01mF Jul 19 14:44:00 192.168.102.2 ZYXEL: IP [Src=192.168.102.20 Dst=202.132.154.1 UDP spo=05d4 dpo=0035]} S03>R01mF Jul 19 14:44:04 192.168.102.2 ZYXEL: IP [Src=192.168.102.20 Dst=202.132.154.1 UDP spo=05d4 dpo=0035]} S03>R01mF...
Page 394: Table 139 Menu 24.4 System Maintenance Menu: Diagnostic
The following table describes the diagnostic tests available in menu 24.4 for and the connections. Table 139 Menu 24.4 System Maintenance Menu: Diagnostic FIELD DESCRIPTION Reset xDSL Re-initialize the xDSL link to the telephone company. Ping Host Ping the host to see if the links and TCP/IP protocol on both systems are working. Reboot System Reboot the Prestige.
Page 395 Prestige 662H/HW Series User’s Guide Chapter 39 System Information and Diagnosis...
Page 396: Firmware And Configuration File Maintenance
Firmware and Configuration File This chapter tells you how to backup and restore your configuration file as well as upload new 40.1 Filename Conventions The configuration file (often called the romfile or rom-0) contains the factory default settings in the menus such as password, DHCP Setup, TCP/IP Setup, etc. It arrives from ZyXEL with a “rom”...
Page 397: Backup Configuration
Prestige 662H/HW Series User’s Guide The following table is a summary. Please note that the internal filename refers to the filename on the Prestige and the external filename refers to the filename not on the Prestige, that is, on your computer, local network or FTP site and so the name (but not the extension) may vary. After uploading new firmware, see the ZyNOS F/W Version field in Menu 24.2.1 –...
Page 398: Using The Ftp Command From The Command Line
Figure 239 Telnet in Menu 24.5 Menu 24.5 - System Maintenance - Backup Configuration To transfer the configuration file to your workstation, follow the procedure below: 1. Launch the FTP client on your workstation. 2. Type "open" and the IP address of your Prestige. Then type "root" and SMT password as requested.
Page 399: Gui-Based Ftp Clients
Prestige 662H/HW Series User’s Guide Figure 240 FTP Session Example 331 Enter PASS command Password: 230 Logged in ftp> bin 200 Type I OK ftp> get rom-0 zyxel.rom 200 Port command okay 150 Opening data connection for STOR ras 226 File received OK ftp: 16384 bytes sent in 1.10Seconds 297.89Kbytes/sec.
Page 400: Backup Configuration Using Tftp
40.2.6 Backup Configuration Using TFTP The Prestige supports the up/downloading of the firmware and the configuration file using TFTP (Trivial File Transfer Protocol) over LAN. Although TFTP should work over WAN as well, it is not recommended. To use TFTP, your computer must have both telnet and TFTP clients. To backup the configuration file, follow the procedure shown next.
Page 401: Backup Via Console Port
Prestige 662H/HW Series User’s Guide Table 142 General Commands for GUI-based TFTP Clients COMMAND DESCRIPTION Host Enter the IP address of the Prestige. 192.168.1.1 is the Prestige’s default IP address when shipped. Send/Fetch Use “Send” to upload the file to the Prestige and “Fetch” to back up the file on your computer.
Page 402: Restore Configuration
Figure 243 Backup Configuration Example 4 After a successful backup you will see the following screen. Press any key to return to the SMT menu. Figure 244 Successful Backup Confirmation Screen ** Backup Configuration completed. OK. ### Hit any key to continue.### 40.3 Restore Configuration This section shows you how to restore a previously saved configuration.
Page 403: Restore Using Ftp Session Example
Prestige 662H/HW Series User’s Guide Figure 245 Telnet into Menu 24.6 Menu 24.6 -- System Maintenance - Restore Configuration To transfer the firmware and configuration file to your workstation, follow the procedure below: 1. Launch the FTP client on your workstation. 2.
Page 404: Restore Via Console Port
40.3.3 Restore Via Console Port Restore configuration via console port by following the HyperTerminal procedure shown next. Procedures using other serial communications programs should be similar. 1 Display menu 24.6 and enter “y” at the following screen. Figure 247 System Maintenance: Restore Configuration Ready to restore Configuration via Xmodem.
Page 405: Uploading Firmware And Configuration Files
Prestige 662H/HW Series User’s Guide Figure 250 Successful Restoration Confirmation Screen Save to ROM Hit any key to start system reboot. 40.4 Uploading Firmware and Configuration Files This section shows you how to upload firmware and configuration files. You can upload configuration files by following the procedure in following the instructions in Menu 24.7.2 –...
Page 406: Ftp File Upload Command From The Dos Prompt Example
Figure 252 Telnet Into Menu 24.7.2 System Maintenance Menu 24.7.2 - System Maintenance - Upload System Configuration File To upload the system configuration file, follow the procedure below: 1. Launch the FTP client on your workstation. 2. Type "open" and the IP address of your system. Then type "root" and SMT password as requested.
Page 407: Ftp Session Example Of Firmware File Upload
Prestige 662H/HW Series User’s Guide 40.4.4 FTP Session Example of Firmware File Upload Figure 253 FTP Session Example of Firmware File Upload 331 Enter PASS command Password: 230 Logged in ftp> bin 200 Type I OK ftp> put firmware.bin ras 200 Port command okay 150 Opening data connection for STOR ras 226 File received OK...
Page 408: Tftp Upload Command Example
40.4.6 TFTP Upload Command Example The following is an example TFTP command: tftp [-i] host put firmware.bin ras where “ ” specifies binary image transfer mode (use this mode when transferring binary files), “ ” is the Prestige’s IP address and “ host –...
Page 409: Example Xmodem Firmware Upload Using Hyperterminal
Prestige 662H/HW Series User’s Guide 40.4.9 Example Xmodem Firmware Upload Using HyperTerminal Click Transfer, then Send File to display the following screen. Figure 255 Example Xmodem Upload After the firmware upload process has completed, the Prestige will automatically restart. 40.4.10 Uploading Configuration File Via Console Port 1 Select 2 from Menu 24.7 –...
Page 410: Example Xmodem Configuration Upload Using Hyperterminal
3 Enter “atgo” to restart the Prestige. 40.4.11 Example Xmodem Configuration Upload Using HyperTerminal Click Transfer, then Send File to display the following screen. Figure 257 Example Xmodem Upload After the configuration upload process has completed, restart the Prestige by entering “atgo”. Chapter 40 Firmware and Configuration File Maintenance Prestige 662H/HW Series User’s Guide...
Page 411 Prestige 662H/HW Series User’s Guide Chapter 40 Firmware and Configuration File Maintenance...
Page 412: Chapter 41 System Maintenance
System Maintenance. A list of valid commands can be found by typing help or ? at the command prompt. Type “ Figure 258 Command Mode in Menu 24 Enter Menu Selection Number: Figure 259 Valid Commands Copyright (c) 1994 - 2003 ZyXEL Communications Corp. ras> ? Valid commands are: exit wlan radius ras>...
Page 413: Call Control Support
Prestige 662H/HW Series User’s Guide 41.2 Call Control Support Call Control Support is only applicable when Encapsulation is set to PPPoE in menu 4 or menu 11.1. The budget management function allows you to set a limit on the total outgoing call time of the Prestige within certain times.
Page 414: Time And Date Setting
Figure 261 Menu 24.9.1 System Maintenance: Budget Management Menu 24.9.1 - System Maintenance - Budget Management Remote Node 1.MyIsp 2.-------- 3.-------- 4.-------- 5.-------- 6.-------- 7.-------- 8.-------- Reset Node (0 to update screen): The total budget is the time limit on the accumulated time for outgoing calls to a remote node. When this limit is reached, the call will be dropped and further outgoing calls to that remote node will be blocked.
Page 415: Figure 262 Menu 24 System Maintenance
Prestige 662H/HW Series User’s Guide Figure 262 Menu 24 System Maintenance Menu 24 - System Maintenance Enter Menu Selection Number: Then enter 10 to go to Menu 24.10 System Maintenance Time and Date Setting to update the time and date settings of your Prestige as shown in the following screen. Figure 263 Menu 24.10 System Maintenance: Time and Date Setting Menu 24.10 - System Maintenance - Time and Date Setting Use Time Server when Bootup= None...
Page 416: Resetting The Time
Table 144 Menu 24.10 System Maintenance: Time and Date Setting (continued) FIELD Current Time New Time Current Date New Date Time Zone Daylight Saving Start Date End Date When you have completed this menu, press [ENTER] at the prompt “ or ESC to Cancel: 41.3.1 Resetting the Time •...
Page 417 Prestige 662H/HW Series User’s Guide Chapter 41 System Maintenance...
Page 418: Remote Management
42.1 Remote Management Overview Remote management allows you to determine which services/protocols can access which Prestige interface (if any) from which computers. When you configure remote management to allow management from the WAN, you still need to configure a firewall rule to allow access. See the firewall chapters for details on configuring firewall rules.
Page 419: Remote Management Limitations
Prestige 662H/HW Series User’s Guide Figure 264 Menu 24.11 Remote Management Control Menu 24.11 - Remote Management Control TELNET Server: Server Port = 23 Secured Client IP = 0.0.0.0 FTP Server: Server Port = 21 Secured Client IP = 0.0.0.0 Web Server: Server Port = 80 Secured Client IP = 0.0.0.0...
Page 420: Remote Management And Nat
42.3 Remote Management and NAT When NAT is enabled: • Use the Prestige’s WAN IP address when configuring from the WAN. • Use the Prestige’s LAN IP address when configuring from the LAN. 42.4 System Timeout There is a default system management idle timeout of five minutes (three hundred seconds). The Prestige automatically logs you out if the management session remains idle for longer than this timeout period.
Page 421 Prestige 662H/HW Series User’s Guide Chapter 42 Remote Management...
Page 422: Chapter 43 Ip Policy Routing
43.1 IP Policy Routing Overview Traditionally, routing is based on the destination address only and the IAD takes the shortest path to forward a packet. IP Routing Policy (IPPR) provides a mechanism to override the default routing behavior and alter the packet forwarding based on the policy defined by the network administrator.
Page 423: Ip Routing Policy Setup
Prestige 662H/HW Series User’s Guide • routing the packet to a different gateway (and hence the outgoing interface). • setting the TOS and precedence fields in the IP header. IPPR follows the existing packet filtering facility of RAS in style and in implementation. The policies are divided into sets, where related policies are grouped together.
Page 424: Figure 266 Menu 25.1 Ip Routing Policy Setup
Figure 266 Menu 25.1 IP Routing Policy Setup Menu 25.1 - IP Routing Policy Setup - - -------------------------------------------------------------------------- 1 Y SA=1.1.1.1-1.1.1.1,DA=2.2.2.2-2.2.2.5 SP=20-25,DP=20-25,P=6,T=NM,PR=0 2 N __________________________________________________________________________ __________________________________________________________________________ 3 N __________________________________________________________________________ __________________________________________________________________________ 4 N __________________________________________________________________________ __________________________________________________________________________ 5 N __________________________________________________________________________ __________________________________________________________________________ 6 N __________________________________________________________________________ __________________________________________________________________________ Enter Policy Rule Number (1-6) to Configure: Table 146 Menu 25.1 IP Routing Policy Setup...
Page 425: Figure 267 Menu 25.1.1 Ip Routing Policy
Prestige 662H/HW Series User’s Guide Figure 267 Menu 25.1.1 IP Routing Policy Menu 25.1.1 - IP Routing Policy Policy Set Name= test Active= No Criteria: IP Protocol Type of Service= Don't Care Precedence Source: addr start= 0.0.0.0 port start= N/A Destination: addr start= 0.0.0.0 port start= N/A...
Page 426: Applying An Ip Policy
Table 147 Menu 25.1.1 IP Routing Policy (continued) FIELD Gateway addr Type of Service Precedence When you have completed this menu, press [ENTER] at the prompt “ or ESC to Cancel: 43.5 Applying an IP Policy This section shows you where to apply the IP policies after you design them. 43.5.1 Ethernet IP Policies From Menu 3 —...
Page 427: Ip Policy Routing Example
Prestige 662H/HW Series User’s Guide Figure 268 Menu 3.2 TCP/IP and DHCP Ethernet Setup Menu 3.2 - TCP/IP and DHCP Setup Press ENTER to Confirm or ESC to Cancel: Go to menu 11.3 (shown next) and type the number(s) of the IP Routing Policy set(s) as appropriate.
Page 428: Figure 270 Example Of Ip Policy Routing
Figure 270 Example of IP Policy Routing To force packets coming from clients with IP addresses of 192.168.1.33 to 192.168.1.64 to be routed to the Internet via the WAN port of the Prestige, follow the steps as shown next. 1 Create a routing policy set in menu 25. 2 Create a rule for this set in Menu 25.1.1 —...
Page 429: Figure 272 Ip Routing Policy Example
Prestige 662H/HW Series User’s Guide 3 Create a rule in menu 25.1 for this set to route packets from any host ( means any host) with protocol TCP and port FTP access through another gateway (192.168.1.100). Figure 272 IP Routing Policy Example Menu 25.1.1 - IP Routing Policy Policy Set Name= set2 Active= Yes...
Page 430: Chapter 44 Call Scheduling
Call scheduling (applicable for PPPoA or PPPoE encapsulation only) allows you to dictate 44.1 Introduction The call scheduling feature allows the Prestige to manage a remote node and dictate when a remote node should be called and for how long. This feature is similar to the scheduler in a videocassette recorder (you can specify a time period for the VCR to record).
Page 431: Figure 275 Menu 26.1 Schedule Set Setup
Prestige 662H/HW Series User’s Guide To setup a schedule set, select the schedule set you want to setup from menu 26 (1-12) and press [ENTER] to see Menu 26.1 — Schedule Set Setup as shown next. Figure 275 Menu 26.1 Schedule Set Setup Menu 26.1 Schedule Set Setup Press ENTER to Confirm or ESC to Cancel: If a connection has been already established, your Prestige will not drop it.
Page 432: Figure 276 Applying Schedule Set(S) To A Remote Node (Pppoe)
Table 148 Menu 26.1 Schedule Set Setup (continued) FIELD DESCRIPTION Action Forced On means that the connection is maintained whether or not there is a demand call on the line and will persist for the time period specified in the Duration field. Forced Down means that the connection is blocked whether or not there is a demand call on the line.
Page 433 Prestige 662H/HW Series User’s Guide Chapter 44 Call Scheduling...
Page 434: Chapter 45 Vpn/Ipsec Setup
45.1 VPN/IPSec Overview The VPN/IPSec main SMT menu has these main submenus: Define VPN policies in menu 27.1 submenus, including security policies, endpoint IP addresses, peer IPSec router IP address and key management. Menu 27.2 - SA Monitor allows you to manage (refresh or disconnect) your SA connections. This is an overview of the VPN menu tree.
Page 435: Ipsec Summary Screen
Prestige 662H/HW Series User’s Guide Figure 278 Menu 27 VPN/IPSec Setup Menu 27 - VPN/IPSec Setup Enter Menu Selection Number: 45.2 IPSec Summary Screen Type 1 in menu 27 and then press [ENTER] to display Menu 27.1 IPSec Summary. This is a summary read-only menu of your IPSec rules (tunnels).
Page 436 Table 149 Menu 27.1 IPSec Summary (continued) FIELD DESCRIPTION Y signifies that this VPN rule is active. Local Addr When the Addr Type field in Menu 27.1.1 IPSec Setup is configured to Single, this is a Start static IP address on the LAN behind your Prestige. When the Addr Type field in Menu 27.1.1 IPSec Setup is configured to Range, this is the beginning (static) IP address, in a range of computers on the LAN behind your Prestige.
Page 437: Ipsec Setup
Prestige 662H/HW Series User’s Guide Table 149 Menu 27.1 IPSec Summary (continued) FIELD DESCRIPTION Secure GW This is the WAN IP address or the domain name (up to the first 15 characters are Addr displayed) of the IPSec router with which you are making the VPN connection. This field displays 0.0.0.0 when you configure the Secure Gateway Address field in SMT 27.1.1 to 0.0.0.0.
Page 438: Figure 280 Menu 27.1.1 Ipsec Setup
Figure 280 Menu 27.1.1 IPSec Setup Menu 27.1.1 – IPSec Setup Index= 1 Active= Yes Local ID type= IP My IP Addr= 0.0.0.0 Peer ID type= IP Secure Gateway Address= zw50test.zyxel.com.tw Protocol= 0 Local: IP Addr Start= 1.1.1.1 Remote: IP Addr Start= 4.4.4.4 Enable Replay Detection = No Key Management= IKE Edit Key Management Setup= No...
Page 439 Prestige 662H/HW Series User’s Guide Table 150 Menu 27.1.1 IPSec Setup (continued) FIELD DESCRIPTION Nat Traversal Press [SPACE BAR] to choose either Yes or No. Choose Yes and press [ENTER] to enable NAT traversal. NAT traversal allows you to set up a VPN connection when there are NAT routers between the two IPSec routers.
Page 440 Table 150 Menu 27.1.1 IPSec Setup (continued) FIELD DESCRIPTION DNS Server If there is a private DNS server that services the VPN, type its IP address here. The Prestige assigns this additional DNS server to the Prestige's DHCP clients that have IP addresses in this IPSec rule's range of local addresses.
Page 441: Ike Setup
Prestige 662H/HW Series User’s Guide Table 150 Menu 27.1.1 IPSec Setup (continued) FIELD DESCRIPTION IP Addr Start When the Addr Type field is configured to Single, enter a static IP address on the network behind the remote IPSec router. When the Addr Type field is configured to Range, enter the beginning (static) IP address, in a range of computers on the network behind the remote IPSec router.
Page 442: Figure 281 Menu 27.1.1.1Ke Setup
Figure 281 Menu 27.1.1.1KE Setup Menu 27.1.1.1 - IKE Setup Press ENTER to Confirm or ESC to Cancel: The following table describes the fields in this menu. Table 151 Menu 27.1.1.1 IKE Setup FIELD DESCRIPTION Phase 1 Negotiation Press [SPACE BAR] to choose from Main or Aggressive and then press [ENTER]. Mode See earlier for a discussion of these modes.
Page 443: Manual Setup
Prestige 662H/HW Series User’s Guide Table 151 Menu 27.1.1.1 IKE Setup (continued) FIELD DESCRIPTION Key Group You must choose a key group for phase 1 IKE setup. DH1 (default) refers to Diffie- Hellman Group 1 a 768 bit random number. DH2 refers to Diffie-Hellman Group 2 a 1024 bit (1Kb) random number.
Page 444: Figure 282 Menu 27.1.1.2 Manual Setup
Figure 282 Menu 27.1.1.2 Manual Setup Menu 27.1.1.2 – Manual Setup Active Protocol= ESP Tunnel ESP Setup SPI (Decimal)= 0 Encryption Algorithm= DES Authentication Algorithm= MD5 AH Setup SPI (Decimal)= N/A Authentication Algorithm= N/A Press ENTER to Confirm or ESC to Cancel: The following table describes the fields in this menu.
Page 445 Prestige 662H/HW Series User’s Guide Table 153 Menu 27.1.1.2 Manual Setup (continued) FIELD DESCRIPTION Authentication Press [SPACE BAR] to choose from MD5 or SHA1 and then press [ENTER]. Algorithm Enter the authentication key to be used by IPSec if applicable. The key must be unique.
Page 446: Chapter 46 Sa Monitor
This chapter teaches you how to manage your SAs by using the SA Monitor in SMT menu 27.2. 46.1 SA Monitor Overview A Security Association (SA) is the group of security settings related to a specific VPN tunnel. This menu (shown next) displays active VPN connections. Note: When there is outbound traffic but no inbound traffic, the SA times out automatically after two minutes.
Page 447: Figure 283 Menu 27.2 Sa Monitor
Prestige 662H/HW Series User’s Guide Figure 283 Menu 27.2 SA Monitor Menu 27.2 - SA Monitor Name -------------------------------- Taiwan : 3.3.3.1 – 3.3.3.3.100 Select Command= Refresh Select Connection= N/A Press ENTER to Confirm or ESC to Cancel: The following table describes the fields in this menu. Table 154 Menu 27.2 SA Monitor FIELD DESCRIPTION...
Page 448 Table 154 Menu 27.2 SA Monitor (continued) FIELD DESCRIPTION Select Press [SPACE BAR] to choose from Refresh, Disconnect, None, Next Page, or Command Previous Page and then press [ENTER]. You must select a connection in the next field when you choose the Disconnect command. Refresh displays current active VPN connections.
Page 449 Prestige 662H/HW Series User’s Guide Chapter 46 SA Monitor...
Page 450: Chapter 47 Internal Sptgen
47.1 Internal SPTGEN Overview Internal SPTGEN (System Parameter Table Generator) is a configuration text file useful for efficient configuration of multiple Prestiges. Internal SPTGEN lets you configure, save and upload multiple menus at the same time using just one configuration text file – eliminating the need to navigate and configure individual SMT menus for each Prestige.
Page 451: Internal Sptgen File Modification - Important Points To Remember
Prestige 662H/HW Series User’s Guide 47.2.1 Internal SPTGEN File Modification - Important Points to Remember Each parameter you enter must be preceded by one “=”sign and one space. Some parameters are dependent on others. For example, if you disable the Configured field in menu 1 (see Figure 284 If you enter a parameter that is invalid in the Input column, the Prestige will not save the...
Page 452: Internal Sptgen Ftp Upload Example
Figure 287 Internal SPTGEN FTP Download Example c:\ftp 192.168.1.1 220 PPP FTP version 1.0 ready at Sat Jan 1 03:22:12 2000 User (192.168.1.1:(none)): 331 Enter PASS command Password: 230 Logged in ftp>bin 200 Type I OK ftp> get rom-t ftp>bye c:\edit rom-t (edit the rom-t text file by a text editor and save it) Note: You can rename your “...
Page 453 Prestige 662H/HW Series User’s Guide Chapter 47 Internal SPTGEN...
Page 454: Chapter 48 Troubleshooting
This chapter covers potential problems and the corresponding remedies. 48.1 Problems Starting Up the Prestige Table 155 Troubleshooting the Start-Up of Your Prestige PROBLEM CORRECTIVE ACTION None of the Make sure that the Prestige’s power adaptor is connected to the Prestige and plugged LEDs turn on in to an appropriate power source.
Page 455: Problems With The Dsl Led
Prestige 662H/HW Series User’s Guide 48.3 Problems with the DSL LED Table 157 Troubleshooting the DSL LED PROBLEM CORRECTIVE ACTION The DSL LED is Check the telephone wire and connections between the Prestige DSL port and the off. wall jack. Make sure that the telephone company has checked your phone line and set it up for DSL service.
Page 456: Problems With Internet Access
48.6 Problems with Internet Access Table 160 Troubleshooting Internet Access PROBLEM CORRECTIVE ACTION I cannot access Make sure the Prestige is turned on and connected to the network. the Internet. If the DSL LED is off, refer to the Verify your WAN settings. Refer to the chapter on WAN setup (web configurator) or the section on Internet Access (SMT).
Page 457: Problems With The Web Configurator
Prestige 662H/HW Series User’s Guide 48.8 Problems with the Web Configurator Table 162 Troubleshooting the Web Configurator PROBLEM CORRECTIVE ACTION I cannot access Refer to the Quick Start Guide for hardware connections. the web Make sure that there is not an SMT console session running. configurator.
Page 458: Appendix A Cable Pin Assignments
In a serial communications connection, generally a computer is DTE (Data Terminal Equipment) and a modem is DCE (Data Circuit-terminating Equipment). The Prestige is DCE when you connect a computer to the console port. The Prestige is DTE when you connect a modem to the dial backup port.
Page 459: Figure 2 Ethernet Cable Pin Assignments
Prestige 662H/HW Series User’s Guide Figure 2 Ethernet Cable Pin Assignments Appendix A Cable Pin Assignments...
Page 460: Splitters And Microfilters
This appendix tells you how to install a POTS splitter or a telephone microfilter. Connecting a POTS Splitter When you use the Full Rate (G.dmt) ADSL standard, you can use a POTS (Plain Old Telephone Service) splitter to separate the telephone and ADSL signals. This allows simultaneous Internet access and telephone service on the same line.
Page 461: Prestige With Isdn
Prestige 662H/HW Series User’s Guide 1 Connect a phone cable from the wall jack to the single jack end of the Y- Connector. 2 Connect a cable from the double jack end of the Y-Connector to the “wall side” of the microfilter.
Page 462: Setting Up Your Computer's Ip Address
Setting up Your Computer’s IP Address All computers must have a 10M or 100M Ethernet adapter card and TCP/IP installed. Windows 95/98/Me/NT/2000/XP, Macintosh OS 7 and later operating systems and all versions of UNIX/LINUX include the software components you need to install and use TCP/IP on your computer.
Page 463: Installing Components
Prestige 662H/HW Series User’s Guide Figure 6 WIndows 95/98/Me: Network: Configuration Installing Components The Network window Configuration tab displays a list of installed components. You need a network adapter, the TCP/IP protocol and Client for Microsoft Networks. If you need the adapter: 1 In the Network window, click Add.
Page 464: Configuring
3 Select Microsoft from the list of manufacturers. 4 Select Client for Microsoft Networks from the list of network clients and then click 5 Restart your computer so the changes you made take effect. Configuring 1 In the Network window Configuration tab, select your network adapter's TCP/IP entry and click Properties 2 Click the IP Address tab.
Page 465: Verifying Settings
Prestige 662H/HW Series User’s Guide Figure 8 Windows 95/98/Me: TCP/IP Properties: DNS Configuration 4 Click the Gateway tab. • • 5 Click OK to save and close the TCP/IP Properties window. 6 Click OK to close the Network window. Insert the Windows CD if prompted. 7 Turn on your Prestige and restart your computer when prompted.
Page 466: Figure 9 Windows Xp: Start Menu
Figure 9 Windows XP: Start Menu 2 For Windows XP, click Network Connections. For Windows 2000/NT, click Network and Dial-up Connections. Figure 10 Windows XP: Control Panel 3 Right-click Local Area Connection and then click Properties. Appendix C Setting up Your Computer’s IP Address Prestige 662H/HW Series User’s Guide...
Page 467: Figure 11 Windows Xp: Control Panel: Network Connections: Properties
Prestige 662H/HW Series User’s Guide Figure 11 Windows XP: Control Panel: Network Connections: Properties 4 Select Internet Protocol (TCP/IP) (under the General tab in Win XP) and click Properties. Figure 12 Windows XP: Local Area Connection Properties 5 The Internet Protocol TCP/IP Properties window opens (the General tab in Windows XP).
Page 468: Figure 13 Windows Xp: Advanced Tcp/Ip Settings
• Figure 13 Windows XP: Advanced TCP/IP Settings 6 If you do not know your gateway's IP address, remove any previously installed gateways in the IP Settings tab and click OK. Do one or more of the following if you want to configure additional IP addresses: •...
Page 469: Verifying Settings
Prestige 662H/HW Series User’s Guide • • Figure 14 Windows XP: Internet Protocol (TCP/IP) Properties 8 Click OK to close the Internet Protocol (TCP/IP) Properties window. 9 Click OK to close the Local Area Connection Properties window. 10Turn on your Prestige and restart your computer (if prompted). Verifying Settings 1 Click Start, All Programs, Accessories and then Command Prompt.
Page 470: Figure 15 Macintosh Os 8/9: Apple Menu
Figure 15 Macintosh OS 8/9: Apple Menu 2 Select Ethernet built-in from the Connect via list. Figure 16 Macintosh OS 8/9: TCP/IP 3 For dynamically assigned settings, select Using DHCP Server from the Configure: list. Appendix C Setting up Your Computer’s IP Address Prestige 662H/HW Series User’s Guide...
Page 471: Verifying Settings
Prestige 662H/HW Series User’s Guide 4 For statically assigned settings, do the following: • • • • 5 Close the TCP/IP Control Panel. 6 Click Save if prompted, to save changes to your configuration. 7 Turn on your Prestige and restart your computer (if prompted). Verifying Settings Check your TCP/IP properties in the TCP/IP Control Panel window.
Page 472: Verifying Settings
Figure 18 Macintosh OS X: Network 4 For statically assigned settings, do the following: • • • • 5 Click Apply Now and close the window. 6 Turn on your Prestige and restart your computer (if prompted). Verifying Settings Check your TCP/IP properties in the Network window. Appendix C Setting up Your Computer’s IP Address Prestige 662H/HW Series User’s Guide From the Configure box, select Manually.
Page 473 Prestige 662H/HW Series User’s Guide Appendix C Setting up Your Computer’s IP Address...
Page 474: Ip Subnetting
IP Addressing Routers “route” based on the network number. The router that delivers the data packet to the correct destination host uses the host ID. IP Classes An IP address is made up of four octets (eight bits), written in dotted decimal notation, for example, 192.168.1.1.
Page 475: Subnet Masks
Prestige 662H/HW Series User’s Guide Since the first octet of a class “A” IP address must contain a “0”, the first octet of a class “A” address can have a value of 0 to 127. Similarly the first octet of a class “B” must begin with “10”, therefore the first octet of a class “B”...
Page 476: Example: Two Subnets
Since the mask is always a continuous number of ones beginning from the left, followed by a continuous number of zeros for the remainder of the 32 bit mask, you can simply specify the number of ones instead of writing the value of each octet. This is usually specified by writing a “/”...
Page 477: Table 7 Subnet 1
Prestige 662H/HW Series User’s Guide Divide the network 192.168.1.0 into two separate subnets by converting one of the host ID bits of the IP address to a network number bit. The “borrowed” host ID bit can be either “0” or “1” thus giving two subnets;...
Page 478: Example: Four Subnets
Example: Four Subnets The above example illustrated using a 25-bit subnet mask to divide a class “C” address space into two subnets. Similarly to divide a class “C” address into four subnets, you need to “borrow” two host ID bits to give four possible combinations of 00, 01, 10 and 11. The subnet mask is 26 bits (11111111.11111111.11111111.11000000) or 255.255.255.192.
Page 479: Example Eight Subnets
Prestige 662H/HW Series User’s Guide Table 12 Subnet 4 IP Address IP Address (Binary) Subnet Mask (Binary) Subnet Address: 192.168.1.192 Broadcast Address: 192.168.1.255 Example Eight Subnets Similarly use a 27-bit mask to create 8 subnets (001, 010, 011, 100, 101, 110). The following table shows class C IP address last octet values for each subnet.
Page 480: Subnetting With Class A And Class B Networks
Subnetting With Class A and Class B Networks. For class “A” and class “B” addresses the subnet mask also determines which bits are part of the network number and which are part of the host ID. A class “B” address has two host ID octets available for subnetting and a class “A” address has three host ID octets (see Table The following table is a summary for class “B”...
Page 481 Prestige 662H/HW Series User’s Guide Appendix D IP Subnetting...
Page 482: Appendix Epppoe
PPPoE in Action An ADSL modem bridges a PPP session over Ethernet (PPP over Ethernet, RFC 2516) from your computer to an ATM PVC (Permanent Virtual Circuit) which connects to a DSL Access Concentrator where the PPP session terminates number of PPP sessions from your LAN. PPPoE provides access control and billing functionality in a manner similar to dial-up services using PPP.
Page 483: How Pppoe Works
Prestige 662H/HW Series User’s Guide Figure 19 Single-Computer per Router Hardware Configuration How PPPoE Works The PPPoE driver makes the Ethernet appear as a serial link to the computer and the computer runs PPP over it, while the modem bridges the Ethernet frames to the Access Concentrator (AC).
Page 484: Virtual Circuit Topology
ATM is a connection-oriented technology, meaning that it sets up virtual circuits over which end systems communicate. The terminology for virtual circuits is as follows: • Virtual Channel Logical connections between ATM switches • Virtual Path A bundle of virtual channels •...
Page 485 Prestige 662H/HW Series User’s Guide Appendix F Virtual Circuit Topology...
Page 486: Wireless Lan And Ieee 802.11
Wireless LAN and IEEE 802.11 A wireless LAN (WLAN) provides a flexible data communications system that you can use to access various services (navigating the Internet, E-mail, printer services, etc.) without the use of a cabled connection. In effect a wireless LAN environment provides you the freedom to stay connected to the network while roaming around in the coverage area.
Page 487: Ad-Hoc Wireless Lan Configuration
Prestige 662H/HW Series User’s Guide Ad-hoc Wireless LAN Configuration The simplest WLAN configuration is an independent (Ad-hoc) WLAN that connects a set of computers with wireless nodes or stations (STA), which is called a Basic Service Set (BSS). In the most basic form, a wireless LAN connects a set of computers with wireless adapters. Any time two or more wireless adapters are within range of each other, they can set up an independent network, which is commonly referred to as an Ad-hoc network or Independent Basic Service Set (IBSS).
Page 488: Figure 23 Ess Provides Campus-Wide Coverage
Prestige 662H/HW Series User’s Guide Figure 23 ESS Provides Campus-Wide Coverage Appendix G Wireless LAN and IEEE 802.11...
Page 489 Prestige 662H/HW Series User’s Guide Appendix G Wireless LAN and IEEE 802.11...
Page 490: Wireless Lan With Ieee 802.1X
Wireless LAN With IEEE 802.1x As wireless networks become popular for both portable computing and corporate networks, security is now a priority. Security Flaws with IEEE 802.11 Wireless networks based on the original IEEE 802.11 have a poor reputation for safety. The IEEE 802.11b wireless access standard, first published in 1999, was based on the MAC address.
Page 491: Radius Server Authentication Sequence
Prestige 662H/HW Series User’s Guide RADIUS Server Authentication Sequence The following figure depicts a typical wireless network with a remote RADIUS server for user authentication using EAPOL (EAP Over LAN). Figure 24 Sequences for EAP MD5–Challenge Authentication Appendix H Wireless LAN With IEEE 802.1x...
Page 492: Types Of Eap Authentication
Types of EAP Authentication This appendix discusses the five popular EAP authentication types: EAP-MD5, EAP-TLS, EAP-TTLS, PEAP and LEAP. The type of authentication you use depends on the RADIUS server or the AP. Consult your network administrator for more information. EAP-MD5 (Message-Digest Algorithm 5) MD5 authentication is the simplest one-way authentication method.
Page 493: Peap (Protected Eap)
Prestige 662H/HW Series User’s Guide PEAP (Protected EAP) Like EAP-TTLS, server-side certificate authentication is used to establish a secure connection, then use simple username and password methods through the secured connection to authenticate the clients, thus hiding client identity. However, PEAP only supports EAP methods, such as EAP-MD5, EAP-MSCHAPv2 and EAP-GTC (EAP-Generic Token Card), for client authentication.
Page 494: Antenna Selection And Positioning Recommendation
Antenna Selection and Positioning An antenna couples RF signals onto air. A transmitter within a wireless device sends an RF signal to the antenna, which propagates the signal through the air. The antenna also operates in reverse by capturing RF signals from the air. Choosing the right antennas and positioning them properly increases the range and coverage area of a wireless LAN.
Page 495: Positioning Antennas
Prestige 662H/HW Series User’s Guide • Omni-directional antennas send the RF signal out in all directions on a horizontal plane. The coverage area is torus-shaped (like a donut) which makes these antennas ideal for a room environment. With a wide coverage area, it is possible to make circular overlapping coverage areas with multiple access points.
Page 496: Appendix K Myzyxel.com
Introduction myZyXEL.com is ZyXEL’s online services center where you can register your ZyXEL device. You can also generate an activation key and service set key that may be needed to use device- specific feature(s). A Note on myZyXEL.com Numbers You need the following (unique) numbers to install and activate device-specific feature(s). Table 17 myZyXEL.com Numbers TYPES Serial Number...
Page 497: Registering Your Zyxel Device
Prestige 662H/HW Series User’s Guide Figure 25 myZyXEL.com Login Screen Note: You are automatically logged out of your myZyXEL.com account after five minutes of inactivity. Simply log back into your myZyXEL.com account if this happens to you. Registering Your ZyXEL Device 1 After you have created a myZyXEL.com account, log in and register your ZyXEL device by clicking the hyperlink as shown in the next screen.
Page 498: Figure 26 Logged Into Myzyxel.com
Figure 26 Logged Into myZyXEL.com 2 Click Add in the next screen. Figure 27 Product Registration Click Add. 3 The Add New Product screen displays. Enter the produce serial number in the Serial Number field. 4 Your device category and model number automatically display in the Category and Model fields respectively.
Page 499: Figure 28 Add New Product
Prestige 662H/HW Series User’s Guide Figure 28 Add New Product Your ZyXEL device MAC address may already be entered here. 8 Specify the purchase information and click Continue. Figure 29 Product Survey 9 Click Continue again. 10After you have registered your ZyXEL device, you can view its registration details in the screen shown next.
Page 500: Activating A Service
Figure 30 Service Management Activating a Service The product is now registered but the related service(s) is not activated. You need to activate the service(s) before you can use it on your ZyXEL device. 1 Display the Service Management screen (see device (click My Product and the link for your ZyXEL device) .
Page 501 Prestige 662H/HW Series User’s Guide Congratulations! You have successfully registered your ZyXEL device and activated a service at myZyXEL.com. Note: You must then activate the service(s) on your ZyXEL device via its web configurator to start using the service(s). Appendix K...
Page 502: Windows 98/Me Requirements For Anti-Virus Packet Scan Message Display
Windows 98/Me Requirements for Anti- Virus Packet Scan Message Display With the anti-virus packet scan, when a virus is detected, an alert message is displayed on Miscrosoft Windows-based operation systems only. For Windows 98/Me, you must open the WinPopup window in order to view real-time alert messages.
Page 503: Figure 34 Windows 98: Task Bar Properties
Prestige 662H/HW Series User’s Guide Figure 34 Windows 98: Task Bar Properties 3 Double-click Programs and click StartUp. Figure 35 Windows 98: StartUp 4 Right-click in the StartUp pane and click New, Shortcut. 5 A Create Shortcut window displays. Enter “winpopup” in the Command line field and click Next.
Page 504: Figure 36 Windows 98: Startup: Create Shortcut
Figure 36 Windows 98: Startup: Create Shortcut 6 Accept the default or specify a name for the shortcut and click Finish. Figure 37 Windows 98: Startup: Select a Title for the Program 7 A shortcut is created in the StartUp pane. Restart the computer when prompted. Appendix L Prestige 662H/HW Series User’s Guide...
Page 505: Figure 38 Windows 98: Startup: Shortcut
Prestige 662H/HW Series User’s Guide Figure 38 Windows 98: Startup: Shortcut Note: The WinPopup window displays after the computer finishes the startup process Appendix L...
Page 506: Example Internal Sptgen Screens
Example Internal SPTGEN Screens This appendix covers Prestige Internal SPTGEN screens. Table 18 Abbreviations Used in the Example Internal SPTGEN Screens Table ABBREVIATION MEANING Field Identification Number (not seen in SMT screens) Field Name Parameter Values Allowed INPUT An example of what you may enter Applies to the Prestige.
Page 507 Prestige 662H/HW Series User’s Guide Table 20 Menu 3 (SMT Menu 1) 30100008 = Input device filters Set 4 30100009 = Output protocol filters Set 1 30100010 = Output protocol filters Set 2 30100011 = Output protocol filters Set 3 30100012 = Output protocol filters Set 4 30100013 =...
Page 508 Table 20 Menu 3 (SMT Menu 1) 30201004 = RIP Direction 30201005 = Version 30201006 = IP Alias #1 Incoming protocol filters Set 1 30201007 = IP Alias #1 Incoming protocol filters Set 2 30201008 = IP Alias #1 Incoming protocol filters Set 3 30201009 = IP Alias #1 Incoming protocol filters...
Page 509 Prestige 662H/HW Series User’s Guide Table 20 Menu 3 (SMT Menu 1) 30201026 = IP Alias #2 Outgoing protocol filters Set 4 */ Menu 3.5 Wireless LAN Setup (SMT Menu 3.5) 30500001 = ESSID 30500002 = Hide ESSID 30500003 = Channel ID 30500004 = RTS Threshold...
Page 510 Table 21 Menu 4 Internet Access Setup (SMT Menu 4) / Menu 4 Internet Access Setup (SMT Menu 4) 40000000 = Configured 40000001 = 40000002 = Active 40000003 = ISP's Name 40000004 = Encapsulation 40000005 = Multiplexing 40000006 = VPI # 40000007 = VCI # 40000008 =...
Page 511: Table 21 Menu 4 Internet Access Setup (Smt Menu 4)
Prestige 662H/HW Series User’s Guide Table 21 Menu 4 Internet Access Setup (SMT Menu 4) 40000027 = ATM QoS Type 40000028 = Peak Cell Rate (PCR) 40000029 = Sustain Cell Rate (SCR) 40000030 = Maximum Burst Size(MBS) 40000031= RIP Direction 40000032= RIP Version 40000033=...
Page 512 Table 22 Menu 12(SMT Menu 12) (continued) 120103002 = IP Static Route set #3, Active 120103003 = IP Static Route set #3, Destination IP address 120103004 = IP Static Route set #3, Destination IP subnetmask 120103005 = IP Static Route set #3, Gateway 120103006 = IP Static Route set #3, Metric 120103007 =...
Page 513 Prestige 662H/HW Series User’s Guide Table 22 Menu 12(SMT Menu 12) (continued) 120107001 = IP Static Route set #7, Name 120107002 = IP Static Route set #7, Active 120107003 = IP Static Route set #7, Destination IP address 120107004 = IP Static Route set #7, Destination IP subnetmask 120107005 =...
Page 514 Table 22 Menu 12(SMT Menu 12) (continued) 120110007 = IP Static Route set #10, Private */ Menu 12.1.11 IP Static Route Setup (SMT Menu 12.1.11) 120111001 = IP Static Route set #11, Name 120111002 = IP Static Route set #11, Active 120111003 = IP Static Route set #11, Destination IP address...
Page 515: Table 23 Menu 15 Sua Server Setup (Smt Menu 15)
Prestige 662H/HW Series User’s Guide Table 22 Menu 12(SMT Menu 12) (continued) 120114004 = IP Static Route set #14, Destination IP subnetmask 120114005 = IP Static Route set #14, Gateway 120114006 = IP Static Route set #14, Metric 120114007 = IP Static Route set #14, Private */ Menu 12.1.15 IP Static Route Setup (SMT Menu 12.1.
Page 516 Table 23 Menu 15 SUA Server Setup (SMT Menu 15) (continued) 150000007 = SUA Server #3 Active 150000008 = SUA Server #3 Protocol 150000009 = SUA Server #3 Port Start 150000010 = SUA Server #3 Port End 150000011 = SUA Server #3 Local IP address 150000012 = SUA Server #4 Active 150000013 =...
Page 517: Table 24 Menu 21.1 Filter Set #1 (Smt Menu 21.1)
Prestige 662H/HW Series User’s Guide Table 23 Menu 15 SUA Server Setup (SMT Menu 15) (continued) 150000041 = SUA Server #9 Local IP address 150000042 = SUA Server #10 Active 150000043 = SUA Server #10 Protocol 150000044 = SUA Server #10 Port Start 150000045 = SUA Server #10 Port End 150000046 =...
Page 518 Table 24 Menu 21.1 Filter Set #1 (SMT Menu 21.1) (continued) 210101011 = IP Filter Set 1,Rule 1 Src Port Comp 210101013 = IP Filter Set 1,Rule 1 Act Match 210101014 = IP Filter Set 1,Rule 1 Act Not Match / Menu 21.1.1.2 set #1, rule #2 (SMT Menu 21.1.1.2) 210102001 = IP Filter Set 1,Rule 2 Type...
Page 519 Prestige 662H/HW Series User’s Guide Table 24 Menu 21.1 Filter Set #1 (SMT Menu 21.1) (continued) 210103007 = IP Filter Set 1,Rule 3 Dest Port Comp 210103008 = IP Filter Set 1,Rule 3 Src IP address 210103009 = IP Filter Set 1,Rule 3 Src Subnet Mask 210103010 = IP Filter Set 1,Rule 3 Src Port 210103011 =...
Page 520 Table 24 Menu 21.1 Filter Set #1 (SMT Menu 21.1) (continued) 210105002 = IP Filter Set 1,Rule 5 Active 210105003 = IP Filter Set 1,Rule 5 Protocol 210105004 = IP Filter Set 1,Rule 5 Dest IP address 210105005 = IP Filter Set 1,Rule 5 Dest Subnet Mask 210105006 = IP Filter Set 1,Rule 5 Dest Port 210105007 =...
Page 521: Table 25 Menu 21.1 Filer Set #2, (Smt Menu 21.1)
Prestige 662H/HW Series User’s Guide Table 24 Menu 21.1 Filter Set #1 (SMT Menu 21.1) (continued) 210106013 = IP Filter Set 1,Rule 6 Act Match 210106014 = IP Filter Set 1,Rule 6 Act Not Match Table 25 Menu 21.1 Filer Set #2, (SMT Menu 21.1) / Menu 21.1 filter set #2, 210200001 = Filter Set 2, Nam...
Page 522 Table 25 Menu 21.1 Filer Set #2, (SMT Menu 21.1) (continued) 210202001 = IP Filter Set 2, Rule 2 Type 210202002 = IP Filter Set 2, Rule 2 Active 210202003 = IP Filter Set 2, Rule 2 Protocol 210202004 = IP Filter Set 2, Rule 2 Dest IP address 210202005 =...
Page 523 Prestige 662H/HW Series User’s Guide Table 25 Menu 21.1 Filer Set #2, (SMT Menu 21.1) (continued) 210203011 = IP Filter Set 2, Rule 3 Src Port Comp 210203013 = IP Filter Set 2, Rule 3 Act Match 210203014 = IP Filter Set 2,Rule 3 Act Not Match / Menu 21.1.2.4 Filter set #2, rule #4 (SMT Menu 21.1.2.4) 210204001 =...
Page 524 Table 25 Menu 21.1 Filer Set #2, (SMT Menu 21.1) (continued) 210205004 = IP Filter Set 2, Rule 5 Dest IP address 210205005 = IP Filter Set 2, Rule 5 Dest Subnet Mask 210205006 = IP Filter Set 2, Rule 5 Dest Port 210205007 = IP Filter Set 2, Rule 5 Dest Port Comp...
Page 525 Prestige 662H/HW Series User’s Guide Table 25 Menu 21.1 Filer Set #2, (SMT Menu 21.1) (continued) 210206013 = IP Filter Set 2,Rule 6 Act Match 210206014 = IP Filter Set 2,Rule 6 Act Not Match */ Menu 23.1 System Password Setup (SMT Menu 23.1) 230000000 = System Password */ Menu 23.2 System security: radius server (SMT Menu 23.2)
Page 526: Command Examples
Table 25 Menu 21.1 Filer Set #2, (SMT Menu 21.1) (continued) 241100005 = FTP Server Access 241100006 = FTP Server Secured IP address 241100007 = WEB Server Port 241100008 = WEB Server Access 241100009 = WEB Server Secured IP address Command Examples The following are example Internal SPTGEN screens associated with the Prestige’s command interpreter commands.
Page 527 Prestige 662H/HW Series User’s Guide Appendix M...
Page 528: Appendix N Command Interpreter
The following describes how to use the command interpreter. Enter 24 in the main menu to bring up the system maintenance menu. Enter 8 to go to Menu 24.8 - Command Interpreter Mode. See the included disk or zyxel.com for more detailed information on these commands. Note: Use of undocumented commands or misconfiguration can damage the unit and possibly render it unusable.
Page 529 Prestige 662H/HW Series User’s Guide Appendix N...
Page 530: Firewall Commands
Sys Firewall Commands The following describes the firewall commands. See command structure. Each of these commands must be preceded by use them. For example, type Table 27 Sys Firewall Command disp active <yes|no> disp clear pktdump dynamicrule display tcprst rst113 display icmp smtp...
Page 531 Prestige 662H/HW Series User’s Guide Appendix O...
Page 532: Netbios Filter Commands
The following describes the NetBIOS packet filter commands. See information on the command structure. Introduction NetBIOS (Network Basic Input/Output System) are TCP or UDP broadcast packets that enable a computer to connect to and communicate with a LAN. For some dial-up services such as PPPoE or PPTP, NetBIOS packets cause unwanted calls. You can configure NetBIOS filters to do the following : •...
Page 533: Netbios Filter Configuration
Prestige 662H/HW Series User’s Guide The filter types and their default settings are as follows. Table 28 NetBIOS Filter Default Settings NAME DESCRIPTION Between LAN This field displays whether NetBIOS packets are blocked or forwarded and WAN between the LAN and the WAN. Between LAN This field displays whether NetBIOS packets are blocked or forwarded and DMZ...
Page 534 sys filter netbios config 3 on sys filter netbios config 4 off Appendix P Prestige 662H/HW Series User’s Guide This command blocks IPSec NetBIOS packets. This command stops NetBIOS commands from initiating calls.
Page 535 Prestige 662H/HW Series User’s Guide Appendix P...
Page 536: Brute-Force Password Guessing Protection
Brute-Force Password Guessing The following describes the commands for enabling, disabling and configuring the brute-force password guessing protection mechanism for the password. See on the command structure. Table 29 Brute-Force Password Guessing Protection Commands COMMAND DESCRIPTION sys pwderrtm This command displays the brute-force guessing password protection settings. sys pwderrtm 0 This command turns off the password’s protection from brute-force guessing.
Page 537 Prestige 662H/HW Series User’s Guide Appendix Q...
Page 538: Boot Commands
The BootModule AT commands execute from within the router’s bootup software, when debug mode is selected before the main router firmware is started. When you start up your Prestige, you are given a choice to go into debug mode by pressing a key at the prompt shown in the following screen.
Page 539: Figure 40 Boot Module Commands
Prestige 662H/HW Series User’s Guide Figure 40 Boot Module Commands just answer OK ATHE print help ATBAx change baudrate. 1:38.4k, 2:19.2k, 3:9.6k 4:57.6k 5:115.2k ATENx,(y) set BootExtension Debug Flag (y=password) ATSE show the seed of password generator ATTI(h,m,s) change system time to hour:min:sec or show current time ATDA(y,m,d) change system date to year/month/day or show...
Page 540: Appendix S Log Descriptions
This appendix provides descriptions of example log messages. Table 30 System Maintenance Logs LOG MESSAGE Time calibration is successful Time calibration failed WAN interface gets IP: %s DHCP client IP expired DHCP server assigns %s Successful SMT login SMT login failed Successful WEB login WEB login failed Successful TELNET login...
Page 541: Table 31 System Error Logs
Prestige 662H/HW Series User’s Guide Table 30 System Maintenance Logs (continued) LOG MESSAGE Configuration Change: PC = 0x%x, Task ID = 0x%x Successful SSH login SSH login failed Successful HTTPS login HTTPS login failed Table 31 System Error Logs LOG MESSAGE %s exceeds the max.
Page 542: Table 33 Tcp Reset Logs
Table 33 TCP Reset Logs LOG MESSAGE Under SYN flood attack, sent TCP RST Exceed TCP MAX incomplete, sent TCP RST Peer TCP state out of order, sent TCP RST Firewall session time out, sent TCP RST Exceed MAX incomplete, sent TCP RST Access block, sent TCP Table 34 Packet Filter Logs...
Page 543: Table 36 Cdr Logs
Prestige 662H/HW Series User’s Guide Table 35 ICMP Logs (continued) LOG MESSAGE Triangle route packet forwarded: ICMP Packet without a NAT table entry blocked: ICMP Unsupported/out-of-order ICMP: ICMP Router reply ICMP packet: ICMP Table 36 CDR Logs LOG MESSAGE board %d line %d channel %d, call %d, %s C01 Outgoing Call dev=%x ch=%x %s board %d line %d channel %d,...
Page 544: Table 38 Upnp Logs
Table 38 UPnP Logs LOG MESSAGE UPnP pass through Firewall Table 39 Content Filtering Logs LOG MESSAGE %s: Keyword blocking %s: Not in trusted web list %s: Forbidden Web site The web site is in the forbidden web site list. %s: Contains ActiveX %s: Contains Java applet...
Page 545: Table 40 Attack Logs
Prestige 662H/HW Series User’s Guide Table 40 Attack Logs LOG MESSAGE attack [ TCP | UDP | IGMP | ESP | GRE | OSPF ] attack ICMP (type:%d, code:%d) land [ TCP | UDP | IGMP | ESP | GRE | OSPF ] land ICMP (type:%d, code:%d) ip spoofing - WAN [ TCP |...
Page 546: Table 41 Ipsec Logs
Table 41 IPSec Logs LOG MESSAGE Discard REPLAY packet Inbound packet authentication failed Receive IPSec packet, but no corresponding tunnel exists Rule <%d> idle time out, disconnect WAN IP changed to <IP> Table 42 IKE Logs LOG MESSAGE Active connection allowed exceeded Start Phase 2: Quick Mode Verifying Remote ID failed:...
Page 547 Prestige 662H/HW Series User’s Guide Table 42 IKE Logs (continued) LOG MESSAGE Cannot resolve Secure Gateway Addr for rule <%d> Peer ID: <peer id> <My remote type> -<My local type> vs. My Remote <My remote> - <My remote> vs. My Local <My local>-<My local>...
Page 548 Table 42 IKE Logs (continued) LOG MESSAGE XAUTH fail! Username: <Username> Rule[%d] Phase 1 negotiation mode mismatch Rule [%d] Phase 1 encryption algorithm mismatch Rule [%d] Phase 1 authentication algorithm mismatch Rule [%d] Phase 1 authentication method mismatch Rule [%d] Phase 1 key group mismatch Rule [%d] Phase 2 protocol mismatch...
Page 549: Table 43 802.1X Logs
Prestige 662H/HW Series User’s Guide Table 42 IKE Logs (continued) LOG MESSAGE Rule [%d] phase 2 mismatch Rule [%d] Phase 2 key length mismatch Table 43 802.1X Logs LOG MESSAGE Local User Database accepts user. Local User Database reports user credential error.
Page 550: Table 44 Acl Setting Notes
Table 44 ACL Setting Notes PACKET DIRECTION (L to W) (W to L) (D to L) (D to W) (W to D) (L to D) (L to L/Prestige) (W to W/Prestige) (D to D/Prestige) Table 45 ICMP Notes TYPE CODE Appendix S DIRECTION DESCRIPTION...
Page 551 Prestige 662H/HW Series User’s Guide Table 45 ICMP Notes (continued) TYPE CODE Table 46 Syslog Logs LOG MESSAGE <Facility*8 + Severity>Mon dd hr:mm:ss hostname src="<srcIP:srcPort>" dst="<dstIP:dstPort>" msg="<msg>" note="<note>" devID="<mac address last three numbers>" cat="<category> The following table shows RFC-2408 ISAKMP payload types that the log displays. Please refer to the RFC for detailed information on each type.
Page 552: Log Commands
Prestige is to record. 2 Use sys logs category to view a list of the log categories. Figure 41 Displaying Log Categories Example Copyright (c) 1994 - 2004 ZyXEL Communications Corp. ras> ? Valid commands are: exit...
Page 553: Displaying Logs
Prestige 662H/HW Series User’s Guide Use 0 to not record logs for that category, 1 to record only logs for that category, 2 to record only alerts for that category, and 3 to record both logs and alerts for that category. Not every parameter is available with every category.
Page 554: Index
Access methods Address Assignment Address mapping Address Resolution Protocol (ARP) ADSL standards ADSL, what is it? AH (Authentication Header) AH Protocol alert message Alternative Subnet Mask Notation Antenna Directional Omni-directional antenna Antenna gain Anti-virus Online update Registration Anti-virus packet scan Configuration anti-virus packet scan 46, 502...
Page 555 Prestige 662H/HW Series User’s Guide BW Budget call back delay Call filtering Call filters Built-in User-defined Call Scheduling Maximum Number of Schedule Sets PPPoE Precedence Precedence Example CBR (Continuous Bit Rate) CDR (Call Detail Record) CE regulations Certificate Authority change password at login Channel Interference Channel ID...
Page 556 DeMilitarized Zone (DMZ) Denial of Service 145, 146, 177, 360 Destination Address Device Filter rules device model number Device rule DHCP 49, 69, 80, 140, 288, 314, 389 DHCP client DHCP relay DHCP server 49, 288, 314 DHCP table diagnostic Diagnostic Tools dial timeout Diffie-Hellman Key Groups...
Page 557 Prestige 662H/HW Series User’s Guide Remote Node Filter Remote Node Filters Sample TCP/IP Filter Rule Filter Log Filter Rule Process Filter Rule Setup Filter Set Class Filtering 362, 366 Filtering Process Outgoing Packets Finger Firewall Access Methods 158, 360 Address Type Alerts Anti-Probing Attack alerts...
Page 558 Internal SPTGEN FTP Upload Example Points to Remember Text File Internal SPTGEN Screens Internal SPTGEN screens Internet Access 45, 51, 320, 323, 324 Internet access 60, 320 Internet Access Setup 344, 455 Internet access wizard setup Internet Assigned Numbers AuthoritySee IANA Internet Control Message Protocol (ICMP) Internet Key Exchange Internet Protocol Security...
Page 559 Prestige 662H/HW Series User’s Guide MAC filter Macro virus Main Menu maintenance management idle timeout period 55, 497 Management Information Base (MIB) Manually Update Virus Information Maximize Bandwidth Usage Maximum Burst Size (MBS) 113, 116 Max-incomplete High Max-incomplete Low MBSSee Maximum Burst Size MD5 (Message Digest 5) MDI/MDI-X Media Access Control...
Page 560 POP3 132, 146, 147 Port Numbers power PPP (Point-to-Point Protocol) PPP Encapsulation PPP Log PPP session over Ethernet (PPP over Ethernet, RFC 2516) PPPoA PPPoE 113, 482 Benefits PPPoE (Point-to-Point Protocol over Ethernet) PPPoE pass-through PPTP Precedence 422, 425 Pre-defined Web Content Categories Pre-Shared Key 226, 383, 442 Format...
Page 561 Prestige 662H/HW Series User’s Guide LAN to WAN Logic Predefined Services Summary 212, 440 SA life time SA lifetime SA Monitor SA monitor Sample IP Addresses Saving the State Scanning engine Schedule Sets Duration Scheduler SCRSee Sustain Cell Rate Secure Gateway Address 220, 439 Security Association 212, 446...
Page 562 System Status System Timeout 247, 420 task bar properties TCP Maximum Incomplete 177, 178 TCP Security TCP/IP 146, 147, 247, 371, 394 Teardrop Telnet 247, 296 Telnet Configuration Temporal Key Integrity Protocol (TKIP) Text File Format TFTP Restrictions TFTP File Transfer TFTP Restrictions 246, 399 The DeMilitarized Zone (DMZ)
Page 563 Prestige 662H/HW Series User’s Guide WEP encryption Wi-Fi Protected Access Wi-Fi Protected Access (WPA) WinPopup window Wireless Client WPA Supplicants Wireless LAN 316, 486 Configuring Wireless LAN MAC Address Filtering Wireless LAN Setup Wireless port control 103, 383 Wireless security Wizard Setup WLAN Interference...

This manual is also suitable for:

Prestige 662hw series P-660h-61 P-662hw

ZyXEL Communications Prestige 662H Series User Manual

Chapter 1 Getting to Know Your Prestige

Chapter 2 Introducing the Web Configurator

Chapter 3 Wizard Setup for Internet Access

Chapter 4 Wizard Setup for Media Bandwidth Management

Chapter 5 Password Setup

Chapter 6 LAN Setup

Chapter 7 DMZ

Chapter 8 Wireless LAN Setup

Chapter 9 WAN Setup

Chapter 10 Network Address Translation (NAT) Screens

Chapter 11 Dynamic DNS Setup

Chapter 12 Time and Date

Chapter 13 Firewalls

Chapter 14 Firewall Configuration

Quick Links

Troubleshooting

Related Manuals for ZyXEL Communications Prestige 662H Series

Summary of Contents for ZyXEL Communications Prestige 662H Series