P-335 Series User’s Guide Federal Communications Commission (FCC) Interference This device complies with Part 15 of FCC rules. Operation is subject to the following two conditions: • This device may not cause harmful interference. • This device must accept any interference received, including interference that may cause undesired operations.
For your safety, be sure to read and follow all warning notices and instructions. • To reduce the risk of fire, use only No. 26 AWG (American Wire Gauge) or larger telecommunication line cord. • Do NOT open the device or unit. Opening or removing covers can expose you to dangerous high voltage points or other risks.
P-335 Series User’s Guide ZyXEL Limited Warranty ZyXEL warrants to the original end user (purchaser) that this product is free from any defects in materials or workmanship for a period of up to two years from the date of purchase. During the warranty period, and upon proof of purchase, should the product have indications of failure due to faulty workmanship and/or materials, ZyXEL will, at its discretion, repair or replace the defective products or components without charge for either parts or labor, and to whatever...
+34 902 195 420 www.zyxel.es +34 913 005 345 +46 31 744 7700 www.zyxel.se +46 31 744 7701 P-335 Series User’s Guide REGULAR MAIL ZyXEL Communications Corp. 6 Innovation Road II Science Park Hsinchu 300 Taiwan ZyXEL Communications Czech s.r.o. Modranská 621 143 01 Praha 4 - Modrany Ceská...
Page 8
“+” is the (prefix) number you enter to make an international telephone call. TELEPHONE WEB SITE FTP SITE +44 (0) 1344 303044 www.zyxel.co.uk 08707 555779 (UK only) +44 (0) 1344 303034 ftp.zyxel.co.uk REGULAR MAIL ZyXEL Communications UK Ltd.,11 The Courtyard, Eastern Road, Bracknell, Berkshire, RG12 2XB, United Kingdom (UK) Customer Support...
2.4.1 Navigation Panel ...52 2.4.2 Summary: Any IP Table ...54 2.4.3 Summary: DHCP Table...55 2.4.4 Summary: Parental Controls Statistics ...55 2.4.5 Summary: Wireless Station Status (P-335WT) ...56 2.4.6 Summary: Bandwidth Management Monitor...57 2.4.7 Summary: Packet Statistics ...57 Table of Contents P-335 Series User’s Guide...
Page 10
3.1 Wizard Setup ...60 3.2 Connection Wizard: System Information ...61 3.2.1 System Name ...61 3.2.2 Domain Name ...61 3.3 Connection Wizard: Wireless LAN (P-335WT) ...62 3.3.1 Basic(WEP) Security ...63 3.3.2 Extend(WPA-PSK) and (WPA2-PSK) Security ...65 3.3.3 OTIST ...65 3.4 Connection Wizard: WAN ...66 3.4.1 Ethernet Connection Type ...67...
Page 11
5.3 Configuring Wireless LAN on the Prestige ...83 5.4 General Wireless LAN Screen ...84 5.4.1 No Security ...85 5.4.2 WEP Encryption ...86 5.4.3 WEP Encryption Screen ...86 5.4.4 Introduction to WPA and WPA2 ...88 5.4.5 WPA(2)-PSK Application Example ...88 5.4.6 WPA-PSK Authentication Screen ...88 5.4.7 Wireless Client WPA Supplicants ...89 5.4.8 WPA(2) with RADIUS Application Example ...90 5.4.9 WPA Authentication Screen ...90...
Page 12
P-335 Series User’s Guide Chapter 7 LAN... 122 7.1 LAN Overview ...122 7.1.1 IP Pool Setup ...122 7.1.2 System DNS Servers ...122 7.2 LAN TCP/IP ...122 7.2.1 Factory LAN Defaults ...122 7.2.2 IP Address and Subnet Mask ...123 7.2.3 RIP Setup ...123 7.2.4 Multicast ...123 7.3 Any IP ...124 7.3.1 How Any IP Works ...125...
Page 13
9.7 Trigger Port Forwarding Screen ...144 Chapter 10 Firewall... 146 10.1 Introduction to Firewall ...146 10.1.1 What is a Firewall? ...146 10.1.2 Stateful Inspection Firewall..146 10.1.3 About the Prestige Firewall ...146 10.1.4 Guidelines For Enhancing Security With Your Firewall ...147 10.2 General Firewall Screen ...147 10.3 Services Screen ...148 Chapter 11...
Page 16
P-335 Series User’s Guide 18.3 UPnP Screen ...229 18.4 Installing UPnP in Windows Example ...230 18.4.1 Installing UPnP in Windows Me ...231 18.4.2 Installing UPnP in Windows XP ...232 18.5 Using UPnP in Windows XP Example ...232 18.5.1 Auto-discover Your UPnP-enabled Network Device ...234 18.5.2 Web Configurator Easy Access ...235 18.5.3 Web Configurator Easy Access ...236 Chapter 19...
Page 17
23.1.2 Entering Password ...260 23.1.3 Prestige SMT Menu Overview ...261 23.2 Navigating the SMT Interface ...262 23.2.1 System Management Terminal Interface Summary ...264 23.3 Changing the System Password ...265 Chapter 24 Menu 1 General Setup ... 266 24.1 General Setup ...266 24.2 Procedure To Configure Menu 1 ...266 24.2.1 Procedure to Configure Dynamic DNS ...268 Chapter 25...
Page 19
Chapter 34 Filter Configuration ... 332 34.1 Introduction to Filters ...332 34.1.1 The Filter Structure of the Prestige ...333 34.2 Configuring a Filter Set ...334 34.2.1 Configuring a Filter Rule ...336 34.2.2 Configuring a TCP/IP Filter Rule ...336 34.2.3 Configuring a Generic Filter Rule ...339 34.3 Example Filter ...341 34.4 Filter Types and NAT ...343 34.5 Firewall Versus Filters ...344...
Page 20
P-335 Series User’s Guide 37.2.1 Backup Configuration ...363 37.2.2 Using the FTP Command from the Command Line ...364 37.2.3 Example of FTP Commands from the Command Line ...365 37.2.4 GUI-based FTP Clients ...365 37.2.5 TFTP and FTP over WAN Management Limitations ...365 37.2.6 Backup Configuration Using TFTP ...366 37.2.7 TFTP Command Example ...366 37.2.8 GUI-based TFTP Clients ...367...
Page 21
41.3 Problems with the WAN ...391 41.4 Problems Accessing the Prestige ...392 41.5 Problems with Restricted Web Pages and Keyword Blocking ...392 41.5.1 Pop-up Windows, JavaScripts and Java Permissions ...393 41.5.1.1 Internet Explorer Pop-up Blockers ...394 41.5.1.2 JavaScripts ...397 41.5.1.3 Java Permissions ...399 41.5.2 ActiveX Controls in Internet Explorer ...401 Appendix A Product Specifications ...
Page 22
P-335 Series User’s Guide Table of Contents...
Page 23
Figure 3 VPN Application ... 45 Figure 4 Internet Access Application Example ... 46 Figure 5 P-335 Front Panel ... 46 Figure 6 P-335WT Front Panel ... 46 Figure 7 Change Password Screen ... 49 Figure 8 Web Configurator Status Screen ... 50 Figure 9 Summary: Any IP Table ...
Page 27
P-335 Series User’s Guide Figure 166 Menu 4 Applying NAT for Internet Access ... 297 Figure 167 Menu 11.3 Applying NAT to the Remote Node ... 298 Figure 168 Menu 15 NAT Setup ... 299 Figure 169 Menu 15.1 Address Mapping Sets ... 299 Figure 170 Menu 15.1.255 SUA Address Mapping Rules ...
Page 28
P-335 Series User’s Guide Figure 209 SNMP Management Model ... 346 Figure 210 Menu 22 SNMP Configuration ... 348 Figure 211 Menu 24 System Maintenance ... 350 Figure 212 Menu 24.1 System Maintenance : Status ... 351 Figure 213 Menu 24.2 System Information and Console Port Speed ... 352 Figure 214 Menu 24.2.1 System Maintenance : Information ...
Page 29
P-335 Series User’s Guide Figure 252 Example Message Exchange between Computer and an ANT ... 410 Figure 253 Network Print Server Setup Wizard ... 413 Figure 254 Network Print Server Setup Wizard : Welcome ... 414 Figure 255 Network Print Server Setup Wizard : Select A Print Server ... 415 Figure 256 Network Print Server Setup Wizard : Change Settings ...
Page 30
P-335 Series User’s Guide Figure 295 Windows XP: Local Area Connection Properties ... 449 Figure 296 Windows XP: Advanced TCP/IP Settings ... 450 Figure 297 Windows XP: Internet Protocol (TCP/IP) Properties ... 451 Figure 298 Macintosh OS 8/9: Apple Menu ... 452 Figure 299 Macintosh OS 8/9: TCP/IP ...
Page 31
P-335 Series User’s Guide List of Tables Table 1 Front Panel LEDs ... 46 Table 2 Status Screen Icon Key ... 50 Table 3 Web Configurator Status Screen ... 51 Table 4 Screens Summary ... 52 Table 5 Summary: Any IP Table ... 54 Table 6 Summary: DHCP Table ...
Page 34
P-335 Series User’s Guide Table 123 Applying NAT in Menus 4 & 11.3 ... 298 Table 124 SUA Address Mapping Rules ... 300 Table 125 Menu 15.1.1 First Set ... 301 Table 126 Menu 15.1.1.1 Editing/Configuring an Individual Rule in a Set ... 302 Table 127 Menu 15.3 Trigger Port Setup ...
Page 35
P-335 Series User’s Guide Table 166 System Error logs ... 442 Table 167 System Maintenance Logs ... 442 Table 168 UPnP Logs ... 443 Table 169 ICMP Type and Code Explanations ... 443 Table 170 IEEE802.11g ... 460 Table 171 Comparison of EAP Authentication Types ... 465 Table 172 Wireless Security Relational Matrix ...
Page 36
P-335 Series User’s Guide List of Tables...
Congratulations on your purchase of the P-335, Firewall Router with Print Server or the P-335WT, 802.11g Wireless Firewall Router with Print Server. This manual is designed to guide you through the configuration of your Prestige for its various applications. Note: Use the web configurator, System Management Terminal (SMT) or command interpreter interface to configure your Prestige.
Help us help you! E-mail all User Guide-related comments, questions or suggestions for improvement to techwriters@zyxel.com.tw or send regular mail to The Technical Writing Team, ZyXEL Communications Corp., 6 Innovation Road II, Science-Based Industrial Park, Hsinchu, 300, Taiwan. Thank you! Syntax Conventions •...
The embedded web configurator is easy to operate. In the Prestige product name, “W” denotes wireless functionality. The P-335WT has an embedded mini-PCI module for 802.11g Wireless LAN connectivity. Note: Only use firmware for your Prestige’s specific model.
P-335 Series User’s Guide 10/100 Mbps Auto-negotiating Ethernet/Fast Ethernet Interface(s) This auto-negotiation feature allows the Prestige to detect the speed of incoming transmissions and adjust appropriately without manual intervention. It allows data transfer of either 10 Mbps or 100 Mbps in either half-duplex or full-duplex mode depending on your Ethernet network. Auto-negotiation allows data transfer of 100 Mbps in full-duplex mode Auto-crossover 10/100 Mbps Ethernet Interface(s) These interfaces automatically adjust to either a crossover or straight-through Ethernet cable.
IPSec VPN Capability Establish a Virtual Private Network (VPN) to connect with business partners and branch offices using data encryption and the Internet to provide secure communications without the expense of leased site-to-site lines. The Prestige VPN is based on the IPSec standard and is fully interoperable with other IPSec-based VPN products.
P-335 Series User’s Guide PPTP Encapsulation Point-to-Point Tunneling Protocol (PPTP) is a network protocol that enables secure transfer of data from a remote client to a private server, creating a Virtual Private Network (VPN) using a TCP/IP-based network. PPTP supports on-demand, multi-protocol and virtual private networking over public networks, such as the Internet.
Port Forwarding Use this feature to forward incoming service requests to a server on your local network. You may enter a single port number or a range of port numbers to be forwarded, and the local IP address of the desired server. DHCP (Dynamic Host Configuration Protocol) DHCP (Dynamic Host Configuration Protocol) allows the individual client computers to obtain the TCP/IP configuration at start-up from a centralized DHCP server.
802.11b standard, meaning that you can have both IEEE 802.11b and IEEE 802.11g wireless clients in the same wireless network. Note: The P-335WT may be prone to RF (Radio Frequency) interference from other 2.4 GHz devices such as microwave ovens, wireless phones, Bluetooth enabled devices, and other wireless LANs.
G-Plus G-plus is an enhancement to the IEEE 802.11g wireless standard. It increases wireless transmission speeds by allowing larger frames to be sent. Wireless List With the Wireless List, you can see the list of the wireless stations that are currently using the Prestige to access your wired network.
Internet without the need (and expense) for leased lines between sites. Figure 3 VPN Application 1.3.4 Wireless LAN Application (P-335WT) Add a wireless LAN to your existing network without expensive network cables. Wireless stations can move freely anywhere in the coverage area and use resources on the wired network.
Figure 4 Internet Access Application Example 1.4 Front Panel LEDs Figure 5 P-335 Front Panel Figure 6 P-335WT Front Panel The following table describes the LEDs. Table 1 Front Panel LEDs COLOR Green None Chapter 1 Getting to Know Your Prestige...
Page 48
P-335 Series User’s Guide Table 1 Front Panel LEDs (continued) COLOR LAN 1-4 Green Amber None Green Amber None WLAN Green None OTIST Green None Green STATUS DESCRIPTION The Prestige has a successful 10Mb Ethernet connection. Blinking The Prestige is sending/receiving data. The Prestige has a successful 100Mb Ethernet connection.
This chapter describes how to access the Prestige web configurator and provides an overview of its screens. 2.1 Web Configurator Overview The web configurator is an HTML-based management interface that allows easy Prestige setup and management via Internet browser. Use Internet Explorer 6.0 and later or Netscape Navigator 7.0 and later versions.
P-335 Series User’s Guide Figure 7 Change Password Screen Note: The management session automatically times out when the time period set in the Administrator Inactivity Timer field expires (default five minutes). Simply log back into the Prestige if this happens to you. 2.3 Resetting the Prestige If you forget your password or cannot access the web configurator, you will need to use the RESET button at the back of the Prestige to reload the factory-default configuration file.
Figure 8 Web Configurator Status Screen The following table describes the icons shown in the Status screen. Table 2 Status Screen Icon Key ICON DESCRIPTION Select a language from the drop-down list box to have the the web configurator display in that language.
P-335 Series User’s Guide The following table describes the labels shown in the Status screen. Table 3 Web Configurator Status Screen LABEL DESCRIPTION Device Information System Name This is the System Name you enter in the Maintenance, System, General screen. It is for identification purposes.
Table 3 Web Configurator Status Screen LABEL DESCRIPTION Summary Any IP Table Use this screen to view a list of IP addresses and MAC addresses of computers, which are not in the same subnet as the Prestige. DHCP Table Use this screen to view current DHCP client information. Parental Control Statistics Use this screen to view a record of attempted entries to web pages or actual entries to web pages from a list of website categories.
Page 54
P-335 Series User’s Guide Table 4 Screens Summary LINK DHCP Server General Static DHCP Client List General Port Forwarding Trigger Port Security Firewall General Services Content Filter Filter Summary Rule Setup SA Monitor Global Setting TMSS General Exception List Virus Protection Parental Control Management Static Route...
Table 4 Screens Summary LINK UPnP General Print Server Print Server Maintenance System General Dynamic DNS Time Setting Logs View Log Log Settings Tools Firmware Configuration Restart 2.4.2 Summary: Any IP Table Click the Any IP Table (Details...) hyperlink in the Status screen. The Any IP table shows current read-only information (including the IP address and the MAC address) of all network devices that use the Any IP feature to communicate with the Prestige.
P-335 Series User’s Guide 2.4.3 Summary: DHCP Table DHCP (Dynamic Host Configuration Protocol, RFC 2131 and RFC 2132) allows individual clients to obtain TCP/IP configuration at start-up from a server. You can configure the Prestige as a DHCP server or disable it. When configured as a server, the Prestige provides the TCP/IP configuration for the clients.
Refresh Click Refresh to renew the statistics screen. 2.4.5 Summary: Wireless Station Status (P-335WT) Click the WLAN Station Status (Details...) hyperlink in the Status screen. View the wireless stations that are currently associated to the Prestige in the Association List screen.
P-335 Series User’s Guide The following table describes the labels in this screen. Table 8 Summary: Wireless Association List LABEL MAC Address Association Time Refresh 2.4.6 Summary: Bandwidth Management Monitor Select the BW MGMT Monitor (Details...) hyperlink in Status screen. View the bandwidth usage of the LAN, WAN and WLAN configured bandwidth rules.
The following table describes the labels in this screen. Table 9 Summary: Packet Statistics LABEL Port Status TxPkts RxPkts Collisions Tx B/s Rx B/s Up Time System Up Time Poll Interval(s) Set Interval Stop 2.4.8 Summary: VPN Monitor Click the VPN Monitor (Details...) hyperlink in the Status screen. Read-only information here includes encapsulation mode and security protocol.
Page 60
P-335 Series User’s Guide Table 10 Summary: VPN Monitor TABLE IPSec Algorithm Poll Interval(s) Set Interval Stop DESCRIPTION This field displays the security protocols used for an SA. Both AH and ESP increase Prestige processing requirements and communications latency (delay). Enter the time interval for refreshing statistics in this field.
This chapter provides information on the Wizard setup screens in the web configurator. 3.1 Wizard Setup The web configurator’s Wizard setup helps you configure your device to access the Internet. Refer to your ISP (Internet Service Provider) checklist in the Quick Start Guide to know what to enter in each field.
P-335 Series User’s Guide Figure 17 Select a Language 6 Read the on-screen information and click Next. Figure 18 Welcome to the Connection Wizard 3.2 Connection Wizard: System Information System Information contains administrative and system-related information. 3.2.1 System Name System Name is for identification purposes. However, because some ISPs check this name you should enter your computer's "Computer Name".
DHCP. The domain name entered by you is given priority over the ISP assigned domain name. Next Click Next to proceed to the next screen. 3.3 Connection Wizard: Wireless LAN (P-335WT) Set up your wireless LAN using the following screen. Chapter 3 Connection Wizard P-335 Series User’s Guide...
P-335 Series User’s Guide Figure 20 Connection Wizard: Wireless LAN The following table describes the labels in this screen. Table 12 Connection Wizard: Wireless LAN LABEL DESCRIPTION Name(SSID) Enter a descriptive name (up to 32 printable 7-bit ASCII characters) for the wireless LAN.
Figure 21 Basic(WEP) Security The following table describes the labels in this screen. Table 13 Basic(WEP) Security LABEL DESCRIPTION Passphrase Type a Passphrase (up to 32 printable characters) and click Generate. The Prestige automatically generates a WEP key. Select 64-bit WEP, 128-bit WEP or 256-bit WEP to allow data encryption. Encryption ASCII Select this option in order to enter ASCII characters as the WEP keys.
P-335 Series User’s Guide 3.3.2 Extend(WPA-PSK) and (WPA2-PSK) Security Choose Extend(WPA-PSK) or Extend(WPA2-PSK) security in the Wireless LAN setup screen to set up a Pre-Shared Key. Figure 22 Extend(WPA2-PSK) and (WPA2-PSK) Security The following table describes the labels in this screen. Table 14 Extend(WPA2-PSK) and (WPA2-PSK) Security LABEL DESCRIPTION...
Figure 23 OTIST The following table describes the labels in this screen. Table 15 OTIST LABEL Do you want to enable OTIST? Setup Key Back Next Refer to the chapter on wireless LAN for more information. 3.4 Connection Wizard: WAN The Prestige offers three Internet connection types.
P-335 Series User’s Guide Figure 24 Connection Wizard: WAN Connection Type. The following table describes the labels in this screen, Table 16 Connection Wizard: WAN Connection Type CONNECTION TYPE Ethernet PPPoE PPTP 3.4.1 Ethernet Connection Type Choose Ethernet when the WAN port is used as a regular Ethernet. Figure 25 Ethernet Connection Type 3.4.2 PPPoE Connection Type Point-to-Point Protocol over Ethernet (PPPoE) functions as a dial-up connection.
Operationally, PPPoE saves significant effort for both the subscriber and the ISP/carrier, as it requires no specific configuration of the broadband modem at the subscriber’s site. By implementing PPPoE directly on the Prestige (rather than individual computers), the computers on the LAN do not need PPPoE software installed, since the Prestige does that part of the task.
P-335 Series User’s Guide Figure 27 PPTP Connection Type The following table describes the fields in this screen Table 18 PPTP Connection Type LABEL DESCRIPTION ISP Parameters for Internet Access User Name Type the user name given to you by your ISP. Password Type the password associated with the User Name above.
Figure 28 Your IP Address The following table describes the labels in this screen Table 19 Your IP Address LABEL Get automatically from Use fixed IP address Back Next 3.4.5 WAN IP Address Assignment Every computer on the Internet must have a unique IP address. If your networks are isolated from the Internet, for instance, only between your two branch offices, you can assign any IP addresses to the hosts without problems.
P-335 Series User’s Guide 3.4.6 IP Address and Subnet Mask Similar to the way houses on a street share a common street name, so too do computers on a LAN share one common network number. Where you obtain your network number depends on your particular situation. If the ISP or your network administrator assigns you a block of registered IP addresses, follow their instructions in selecting the IP addresses and the subnet mask.
Figure 29 IP and DNS Server Address Assignment The following table describes the labels in this screen Table 21 IP and DNS Server Address Assignment LABEL WAN IP Address Assignment My WAN IP Address System DNS Server Address Assignment (if applicable) DNS (Domain Name System) is for mapping a domain name to its corresponding IP address and vice versa.
P-335 Series User’s Guide You can configure the WAN port's MAC address by either using the factory default or cloning the MAC address from a computer on your LAN. Once it is successfully configured, the address will be copied to the "rom" file (ZyNOS configuration file). It will not change unless you change the setting or upload a different "rom"...
P-335 Series User’s Guide Figure 31 Connection Wizard Complete Well done! You have successfully set up your Prestige to operate on your network and access the Internet. Chapter 3 Connection Wizard...
Page 76
P-335 Series User’s Guide Chapter 3 Connection Wizard...
Bandwidth Management Wizard This chapter shows you how to configure basic bandwidth management using the wizard screens. 4.1 Introduction Click the Bandwidth Management wizard option in the wizard language selection screen or click the hyperlink in the final Connection Wizard screen. Bandwidth management allows you to control the amount of bandwidth going out through the Prestige’s WAN port and prioritize the distribution of the bandwidth according to service bandwidth requirements.
P-335 Series User’s Guide Table 24 Media Bandwidth Management Setup: Services (continued) SERVICE DESCRIPTION File Transfer Program enables fast transfer of files, including large files that may not be possible by e-mail. FTP uses port number 21. E-Mail Electronic mail consists of messages sent through a computer network to specific groups or individuals.
4.4 Bandwidth Management Wizard: Services Use the second wizard screen to select the services that you want to apply bandwidth management. Figure 34 Bandwidth Management Wizard: Services The following table describes the labels in this screen. Table 26 Bandwidth Management Wizard: Services LABEL DESCRIPTION Choose...
P-335 Series User’s Guide Figure 35 Bandwidth Management Wizard : Priority The following table describes the fields in this screen. Table 27 Bandwidth Management Wizard : Priority LABELS DESCRIPTION Service These fields display the services selected in the previous screen. Priority Select High, Mid or Low priority for each service to have your Prestige use a priority for traffic that matches that service.
• Use RADIUS authentication if you have a RADIUS server. See the appendices for information on protocols used when a client authenticates with a RADIUS server via the Prestige. Chapter 5 Wireless LAN (P-335WT) P-335 Series User’s Guide H A P T E R...
2 Use the MAC Filter screen to restrict access to your wireless network by MAC address. 3 Configure the RADIUS authentication database settings in the Wireless screen. settings, use the OTIST setup wizard or the advanced Activating OTIST on page Chapter 5 Wireless LAN (P-335WT)
Apply to confirm. You must then change the wireless settings of your computer to match the Prestige’s new settings. Click the Wireless LAN link under Network to open the Wireless screen. Chapter 5 Wireless LAN (P-335WT) P-335 Series User’s Guide...
See the rest of this chapter for information on the other labels in this screen. 5.4.1 No Security Select No Security to allow wireless stations to communicate with the access points without any data encryption. Chapter 5 Wireless LAN (P-335WT)
5.4.3 WEP Encryption Screen In order to configure and enable WEP encryption; click the Wireless LAN link under Network to display the Wireless screen. Select Static WEP from the Security list. Chapter 5 Wireless LAN (P-335WT) P-335 Series User’s Guide...
You must configure at least one key, only one key can be activated at any one time. The default key is key 1. Apply Click Apply to save your changes back to the Prestige. Reset Click Reset to reload the previous configuration for this screen. Chapter 5 Wireless LAN (P-335WT)
Figure 40 WPA(2)-PSK Authentication 5.4.6 WPA-PSK Authentication Screen In order to configure and enable WPA-PSK Authentication; click the Wireless LAN link under Network to display the Wireless screen. Select WPA-PSK from the Security list. Chapter 5 Wireless LAN (P-335WT) P-335 Series User’s Guide...
A wireless client supplicant is the software that runs on an operating system instructing the wireless client how to use WPA. At the time of writing, the most widely available supplicant is the WPA patch for Windows XP, Funk Software's Odyssey client. Chapter 5 Wireless LAN (P-335WT)
Figure 42 WPA(2) with RADIUS Application Example 5.4.9 WPA Authentication Screen In order to configure and enable WPA Authentication; click the Wireless LAN link under Network to display the Wireless screen. Select WPA from the Security list. Chapter 5 Wireless LAN (P-335WT) P-335 Series User’s Guide...
Port Number Enter the port number of the external authentication server. The default port number is 1812. You need not change this value unless your network administrator instructs you to do so with additional information. Chapter 5 Wireless LAN (P-335WT)
In order to configure and enable 802.1x and Dynamic WEP Key Exchange; click the Wireless LAN link under Network to display the Wireless screen. Select 802.1x + Dynamic WEP from the Security list. Chapter 5 Wireless LAN (P-335WT) P-335 Series User’s Guide...
Enter a password (up to 31 alphanumeric characters) as the key to be shared between the external authentication server and the Prestige. The key must be the same on the external authentication server and your Prestige. The key is not sent over the network. Chapter 5 Wireless LAN (P-335WT)
In order to configure and enable 802.1x and Static WEP Key Exchange; click the Wireless LAN link under Network to display the Wireless screen. Select 802.1x + Static WEP from the Security list. Chapter 5 Wireless LAN (P-335WT) P-335 Series User’s Guide...
Select this option in order to enter ASCII characters as the WEP keys. Select this option in order to enter hexadecimal characters as the WEP keys. The preceding "0x", that identifies a hexadecimal key, is entered automatically. Chapter 5 Wireless LAN (P-335WT)
Page 97
The key must be the same on the external accounting server and your Prestige. The key is not sent over the network. Apply Click Apply to save your changes back to the Prestige. Reset Click Reset to reload the previous configuration for this screen. Chapter 5 Wireless LAN (P-335WT) P-335 Series User’s Guide...
Port Number Enter the port number of the external authentication server. The default port number is 1812. You need not change this value unless your network administrator instructs you to do so with additional information. Chapter 5 Wireless LAN (P-335WT)
• Security (WEP or WPA-PSK) Note: This will replace the pre-configured wireless settings on the wireless clients. Click the Wireless LAN link under Network and then the OTIST tab. The following screen displays. Chapter 5 Wireless LAN (P-335WT) P-335 Series User’s Guide...
Prestige set the wireless station to use the same wireless settings as the Prestige. You must also activate and start OTIST on the wireless station at the same time. The process takes three minutes to complete. Chapter 5 Wireless LAN (P-335WT)
00:A0:C5:00:00:02. You need to know the MAC address of the devices to configure this screen. To change your Prestige’s MAC filter settings, click the Wireless LAN link under Network and then the MAC Filter tab. The screen appears as shown. Chapter 5 Wireless LAN (P-335WT) P-335 Series User’s Guide...
5.7 Wireless LAN Advanced Screen See the appendix for background information on roaming. To enable roaming on your Prestige, click the Wireless LAN link under Network and then the Advanced tab. The screen appears as shown. Chapter 5 Wireless LAN (P-335WT)
Prestige to transmit at a higher speed than the 802.11g Only mode. Apply Click Apply to save your changes back to the Prestige. Reset Click Reset to reload the previous configuration for this screen. Chapter 5 Wireless LAN (P-335WT) P-335 Series User’s Guide...
This is typically used for non-critical “background” traffic such as bulk transfers and print jobs that are allowed but that should not affect other applications and users. Use low priority for applications that do not have strict latency and throughput requirements. Chapter 5 Wireless LAN (P-335WT)
IRC(TCP/UDP:6667) MSN Messenger(TCP:1863) MULTICAST(IGMP:0) NEW-ICQ(TCP:5190) NEWS(TCP:144) NFS(UDP:2049) NNTP(TCP:119) Chapter 5 Wireless LAN (P-335WT) DESCRIPTION AOL’s Internet Messenger service, used as a listening port by ICQ. Authentication protocol used by some servers. Border Gateway Protocol. DHCP Client. DHCP Server. A popular videoconferencing solution from White Pines Software.
Its primary function is to allow users to log into remote host systems. Trivial File Transfer Protocol is an Internet file transfer protocol similar to FTP, but uses the UDP (User Datagram Protocol) rather than TCP (Transmission Control Protocol). Another videoconferencing solution. Chapter 5 Wireless LAN (P-335WT)
Name Service Dest Port Priority Chapter 5 Wireless LAN (P-335WT) DESCRIPTION Select the check box to enable WMM QoS on the Prestige. Select Default to have the Prestige automatically give a service a priority level according to the ToS value in the IP header of packets it sends.
Modify an existing application entry or create a application entry in the Application Priority Configuration screen. Click the Remove icon to delete an application entry. Click Apply to save your changes back to the Prestige. DESCRIPTION Type a description of the application priority. Chapter 5 Wireless LAN (P-335WT)
Page 109
Table 43 Application Priority Configuration LABEL Service Dest Port Priority Apply Cancel Chapter 5 DESCRIPTION The following is a description of the applications you can prioritize with WMM QoS. Select a service from the drop-down list box. • File Transfer Program enables fast transfer of files, including large files that may not be possible by e-mail.
This chapter describes how to configure WAN settings. 6.1 WAN Overview See the Connection Wizard 6.2 TCP/IP Priority (Metric) The metric represents the "cost of transmission". A router determines the best route for transmission by choosing a path with the lowest "cost". RIP routing uses hop count as the measurement of cost, with a minimum of "1"...
P-335 Series User’s Guide 6.4 WAN ISP Screen To change your Prestige’s WAN ISP settings, click WAN, then the WAN ISP tab. The screen differs by the encapsulation. 6.4.1 Ethernet Encapsulation The screen shown next is for Ethernet encapsulation. Figure 54 Ethernet Encapsulation The following table describes the labels in this screen.
Table 44 Ethernet Encapsulation LABEL DESCRIPTION WAN MAC Address Spoof WAN MAC The MAC address section allows users to configure the WAN port's MAC address Address by either using the factory default or cloning the MAC address from a computer on your LAN.
P-335 Series User’s Guide Figure 55 PPPoE Encapsulation The following table describes the labels in this screen. Table 45 PPPoE Encapsulation LABEL DESCRIPTION ISP Parameters for Internet Access Encapsulation The PPP over Ethernet choice is for a dial-up connection using PPPoE. The Prestige supports PPPoE (Point-to-Point Protocol over Ethernet).
Table 45 PPPoE Encapsulation LABEL DESCRIPTION Use fixed IP Select this option If the ISP assigned a fixed IP address. address My WAN IP Enter your WAN IP address in this field if you selected Use Fixed IP Address. Address Remote IP Enter the Remote IP Address (if your ISP gave you one) in this field.
P-335 Series User’s Guide Figure 56 PPTP Encapsulation The following table describes the labels in this screen. Table 46 PPTP Encapsulation LABEL ISP Parameters for Internet Access Encapsulation User Name Password Retype to Confirm Nailed-up Connection Idle Timeout DESCRIPTION Point-to-Point Tunneling Protocol (PPTP) is a network protocol that enables secure transfer of data from a remote client to a private server, creating a Virtual Private Network (VPN) using TCP/IP-based networks.
Table 46 PPTP Encapsulation LABEL PPTP Configuration My IP Address My IP Subnet Mask Server IP Address Connection ID/Name WAN IP Address Assignment Get automatically from Use fixed IP address My WAN IP Address Remote IP Address Enter the Remote IP Address (if your ISP gave you one) in this field. Remote IP Subnet Mask Metric (PPPoE and...
P-335 Series User’s Guide Figure 57 Advanced The following table describes the labels in this screen. Table 47 Advanced LABEL DNS Servers First DNS Server Second DNS Server Third DNS Server RIP and Multicast Setup RIP Direction RIP Version DESCRIPTION Select From ISP if your ISP dynamically assigns DNS server information (and the Prestige's WAN IP address).
Table 47 Advanced LABEL Multicast Windows Networking (NetBIOS over TCP/IP): NetBIOS (Network Basic Input/Output System) are TCP or UDP broadcast packets that enable a computer to connect to and communicate with a LAN. For some dial-up services such as PPPoE or PPTP, NetBIOS packets cause unwanted calls. However it may sometimes be necessary to allow NetBIOS packets to pass through to the WAN in order to find a computer on the WAN.
P-335 Series User’s Guide Figure 59 Traffic Redirect LAN Setup 6.7 Traffic Redirect Screen To change your Prestige’s Traffic Redirect settings, click the WAN link under Network and the Traffic Redirect tab. The screen appears as shown. Figure 60 WAN: Traffic Redirect The following table describes the labels in this screen.
Page 121
Table 48 Traffic Redirect LABEL DESCRIPTION Check WAN IP Configuration of this field is optional. If you do not enter an IP address here, the Address Prestige will use the default gateway IP address. Configure this field to test your Prestige's WAN accessibility.
Page 122
P-335 Series User’s Guide Chapter 6 WAN...
This chapter describes how to configure LAN settings. 7.1 LAN Overview Local Area Network (LAN) is a shared communication system to which many computers are attached. The LAN screens can help you configure a LAN DHCP server, manage IP addresses, and partition your physical network into logical networks.
P-335 Series User’s Guide 7.2.2 IP Address and Subnet Mask Refer to the IP Address and Subnet Mask section in the Wizard Setup chapter for this information. 7.2.3 RIP Setup RIP (Routing Information Protocol, RFC 1058 and RFC 1389) allows a router to exchange routing information with other routers.
The Prestige supports both IGMP version 1 (IGMP-v1) and IGMP version 2 (IGMP-v2). At start up, the Prestige queries all directly connected networks to gather group membership. After that, the Prestige periodically updates this information. IP multicasting can be enabled/ disabled on the Prestige LAN and/or WAN interfaces in the web configurator (LAN;...
P-335 Series User’s Guide 7.3.1 How Any IP Works Address Resolution Protocol (ARP) is a protocol for mapping an Internet Protocol address (IP address) to a physical machine address, also known as a Media Access Control or MAC address, on the local area network. IP routing table is defined on IP Ethernet devices (the Prestige) to decide which hop to use, to help forward data along to its specified destination.
Figure 62 LAN IP The following table describes the labels in this screen. Table 49 LAN IP LABEL DESCRIPTION LAN TCP/IP IP Address Type the IP address of your Prestige in dotted decimal notation 192.168.1.1 (factory default). IP Subnet Mask The subnet mask specifies the network number portion of an IP address.
P-335 Series User’s Guide Figure 63 IP Alias The following table describes the labels in this screen. Table 50 IP Alias LABEL DESCRIPTION IP Alias 1,2 Select the check box to configure another LAN network for the Prestige. IP Address Enter the IP address of your Prestige in dotted decimal notation.
7.6 Advanced LAN Screen To change your Prestige’s advanced IP settings, click the LAN link under Network and the Advanced tab. The screen appears as shown. Figure 64 Advanced The following table describes the labels in this screen. Table 51 Advanced LABEL RIP Direction RIP Version...
Page 130
P-335 Series User’s Guide Table 51 Advanced LABEL Active Windows Networking (NetBIOS over TCP/IP): NetBIOS (Network Basic Input/Output System) are TCP or UDP broadcast packets that enable a computer to connect to and communicate with a LAN. For some dial-up services such as PPPoE or PPTP, NetBIOS packets cause unwanted calls. However it may sometimes be necessary to allow NetBIOS packets to pass through to the WAN in order to find a computer on the WAN.
8.1 DHCP DHCP (Dynamic Host Configuration Protocol, RFC 2131 and RFC 2132) allows individual clients to obtain TCP/IP configuration at start-up from a server. You can configure the Prestige as a DHCP server or disable it. When configured as a server, the Prestige provides the TCP/IP configuration for the clients.
P-335 Series User’s Guide Table 52 General LABEL Pool Size DNS Servers Assigned by DHCP Server The Prestige passes a DNS (Domain Name System) server IP address (in the order you specify here) to the DHCP clients. The Prestige only passes this information to the LAN DHCP clients when you select the DHCP Server check box.
Figure 66 Static DHCP The following table describes the labels in this screen. Table 53 Static DHCP LABEL DESCRIPTION This is the index number of the Static IP table entry (row). MAC Address Type the MAC address (with colons) of a computer on your LAN. IP Address Type the LAN IP address of a computer on your LAN.
P-335 Series User’s Guide Figure 67 Client List The following table describes the labels in this screen. Table 54 Client List LABEL IP Address Host Name MAC Address Reserve Refresh DESCRIPTION This is the index number of the host computer. This field displays the IP address relative to the # field listed above.
Network Address Translation This chapter discusses how to configure NAT on the Prestige. 9.1 NAT Overview NAT (Network Address Translation - NAT, RFC 1631) is the translation of the IP address of a host in a packet. For example, the source address of an outgoing packet, used within one network is changed to a different IP address known within another network.
P-335 Series User’s Guide 9.1.2 What NAT Does In the simplest form, NAT changes the source IP address in a packet received from a subscriber (the inside local address) to another (the inside global address) before forwarding the packet to the WAN side. When the response comes back, NAT translates the destination address (the inside global address) back to the inside local address before forwarding it to the original inside host.
Figure 68 How NAT Works 9.1.4 NAT Application The following figure illustrates a possible NAT application, where three inside LANs (logical LANs using IP Alias) behind the Prestige can communicate with three distinct WAN networks. More examples follow at the end of this chapter. Figure 69 NAT Application With IP Alias 9.1.5 NAT Mapping Types NAT supports five types of IP/port mapping.
P-335 Series User’s Guide • One to One: In One-to-One mode, the Prestige maps one local IP address to one global IP address. • Many to One: In Many-to-One mode, the Prestige maps multiple local IP addresses to one global IP address. This is equivalent to SUA (i.e., PAT, port address translation), ZyXEL’s Single User Account feature (the SUA Only option).
9.2.1 SUA (Single User Account) Versus NAT SUA (Single User Account) is a ZyNOS implementation of a subset of NAT that supports two types of mapping, Many-to-One and Server. The Prestige also supports Full Feature NAT to map multiple global IP addresses to multiple private LAN IP addresses of clients or servers using mapping types.
P-335 Series User’s Guide In addition to the servers for specified services, NAT supports a default server. A service request that does not have a server explicitly designated for it is forwarded to the default server. If the default is not defined, the service request is simply discarded. Note: Many residential broadband ISP accounts do not allow you to run any server processes (such as a Web or FTP server) from your location.
Figure 70 Multiple Servers Behind NAT Example 9.4 General NAT Screen Click the NAT link under Network to open the General screen. Figure 71 General The following table describes the labels in this screen. Table 58 General LABEL DESCRIPTION Network Network Address Translation (NAT) allows the translation of an Internet protocol Address address used within one network (for example a private IP address used in a local...
P-335 Series User’s Guide 9.5 Port Forwarding Screen Ordering your rules is important because the Prestige applies the rules in the order that you specify. When a rule matches the current packet, the Prestige takes the corresponding action and the remaining rules are ignored. If there are any empty rules before your new configured rule, your configured rule will be pushed up by that number of empty rules.
Table 59 Port Forwarding (continued) LABEL DESCRIPTION Active This icon is turned on when the port forwarding entry is enabled. Select the edit icon under Modify and select the Active checkbox in the Rule Setup screen to enable the port forwarding entry. Clear the checkbox to disable forwarding of these ports to an inside server without having to delete the entry.
P-335 Series User’s Guide Table 60 Rule Setup LABEL DESCRIPTION End Port Type an end port number. Server IP Address Type the inside IP address of the server. Apply Click Apply to save your changes back to the Prestige. Cancel Click Cancel to return to the previous screen and not save your changes.
2 Port 7070 is a “trigger” port and causes the Prestige to record Jane’s computer IP address. The Prestige associates Jane's computer IP address with the "incoming" port range of 6970-7170. 3 The Real Audio server responds using a port number ranging between 6970-7170. 4 The Prestige forwards the traffic to Jane’s computer IP address.
P-335 Series User’s Guide Figure 75 Trigger Port The following table describes the labels in this screen. Table 61 Trigger Port LABEL DESCRIPTION This is the rule index number (read-only). Name Type a unique name (up to 15 characters) for identification purposes. All characters are permitted - including spaces.
This chapter gives some background information on firewalls and explains how to get started with the Prestige firewall. 10.1 Introduction to Firewall 10.1.1 What is a Firewall? Originally, the term firewall referred to a construction technique designed to prevent the spread of fire from one room to another.
P-335 Series User’s Guide The Prestige has one Ethernet WAN port and four Ethernet LAN ports, which are used to physically separate the network into two areas.The WAN (Wide Area Network) port attaches to the broadband (cable or DSL) modem to the Internet. The LAN (Local Area Network) port attaches to a network of computers, which needs security from the outside world.
Figure 76 General The following table describes the labels in this screen. Table 62 General LABEL DESCRIPTION Enable Firewall Select this check box to activate the firewall. The Prestige performs access control and protects against Denial of Service (DoS) attacks when the firewall is activated. Bypass Triangle Select this check box to have the Prestige firewall ignore the use of triangle route Route...
P-335 Series User’s Guide Figure 77 Services The following table describes the labels in this screen. Table 63 Services LABEL Enable Services Blocking Available Service Blocked Service “Custom Port” Type Port Number Delete Clear All Day to Block: DESCRIPTION Select this check box to enable this feature. This is a list of pre-defined services (ports) you may prohibit your LAN computers from using.
Page 151
Table 63 Services LABEL Time of Day to Block (24-Hour Format) Apply Reset Chapter 10 Firewall DESCRIPTION Select the time of day you want service blocking to take effect. Configure blocking to take effect all day by selecting the All Day check box. You can also configure specific times that by entering the start time in the Start (hr) and Start (min) fields and the end time in the End (hr) and End (min) fields.
Page 152
P-335 Series User’s Guide Chapter 10 Firewall...
This chapter provides a brief overview of content filtering using the embedded WebGUI. 11.1 Introduction to Content Filtering Internet content filtering allows you to create and enforce Internet access policies tailored to their needs. Content filtering is the ability to block certain web features or specific URL keywords and should not be confused with packet filtering via SMT menu 21.1.
P-335 Series User’s Guide Figure 79 Filter The following table describes the labels in this screen. Table 64 Filter LABEL DESCRIPTION Trusted IP Setup To enable this feature, type an IP address of any one of the computers in your network that you want to have as a trusted computer.
Table 64 Filter LABEL DESCRIPTION Keyword List This list displays the keywords already added. Click Add after you have typed a keyword. Repeat this procedure to add other keywords. Up to 64 keywords are allowed. When you try to access a web page containing a keyword, you will get a message telling you that the content filter is blocking this request.
P-335 Series User’s Guide Figure 80 Schedule The following table describes the labels in this screen. Table 65 Schedule LABEL Day to Block Time of Day to Block (24-Hour Format) Apply Reset 11.6 Customizing Keyword Blocking URL Checking You can use commands to set how much of a website’s URL the content filter is to check for keyword blocking.
11.6.2 Full Path URL Checking Full path URL checking has the Prestige check the characters that come before the last slash in the URL. For example, with the URL www.zyxel.com.tw/news/pressroom.php, full path URL checking searches for keywords within www.zyxel.com.tw/news/. Use the ip urlfilter customize actionFlags 6 [disable | enable] command to extend (or not extend) the keyword blocking search to include the URL's full path.
Page 158
P-335 Series User’s Guide Chapter 11 Content Filtering...
This chapter introduces the basics of IPSec VPNs 12.1 VPN Overview A VPN (Virtual Private Network) provides secure communications between sites without the expense of leased site-to-site lines. A secure VPN is a combination of tunneling, encryption, authentication, access control and auditing technologies/services used to transport traffic over the Internet or any insecure network that uses the TCP/IP protocol suite for communication.
P-335 Series User’s Guide Figure 81 Encryption and Decryption 12.1.3.2 Data Confidentiality The IPSec sender can encrypt packets before transmitting them across a network. 12.1.3.3 Data Integrity The IPSec receiver can validate packets sent by the IPSec sender to ensure that the data has not been altered during transmission.
Figure 82 IPSec Architecture 12.2.1 IPSec Algorithms The ESP (Encapsulating Security Payload) Protocol (RFC 2406) and AH (Authentication Header) protocol (RFC 2402) describe the packet formats and the default standards for packet structure (including implementation algorithms). The Encryption Algorithm describes the use of encryption techniques such as DES (Data Encryption Standard) and Triple DES algorithms.
P-335 Series User’s Guide Figure 83 Transport and Tunnel Mode IPSec Encapsulation 12.3.1 Transport Mode Transport mode is used to protect upper layer protocols and only affects the data in the IP packet. In Transport mode, the IP packet contains the security protocol (AH or ESP) located after the original IP header and options, but before any upper layer protocols contained in the packet (such as TCP and UDP).
A NAT device in between the IPSec endpoints will rewrite either the source or destination address with one of its own choosing. The VPN device at the receiving end will verify the integrity of the incoming packet by computing its own hash value, and complain that the hash value appended to the received packet doesn't match.
Page 164
P-335 Series User’s Guide Chapter 12 Introduction to IPSec...
This chapter introduces the VPN Web Configurator. See the viewing logs and the Appendices for IPSec log descriptions. 13.1 VPN/IPSec Overview Use the screens documented in this chapter to configure rules for VPN connections and manage VPN connections. 13.2 IPSec Algorithms The ESP and AH protocols are necessary to create a Security (SA), the foundation of an IPSec VPN.
P-335 Series User’s Guide Table 67 AH and ESP Encryption Authentication 13.3 My IP Address My IP Address is the WAN IP address of the Prestige. If this field is configured as 0.0.0.0, then the Prestige will use the current Prestige WAN IP address (static or dynamic) to set up the VPN tunnel.
You can also enter a remote secure gateway’s domain name in the Secure Gateway Address field if the remote secure gateway has a dynamic WAN IP address and is using DDNS. The Prestige has to rebuild the VPN tunnel each time the remote secure gateway’s WAN IP address changes (there may be a delay until the DDNS servers are updated with the remote gateway’s new WAN IP address).
P-335 Series User’s Guide Figure 85 Summary The following table describes the labels in this screen. Table 68 Summary LABEL DESCRIPTION The VPN policy index number. Active This field displays whether the VPN policy is active or not. The icon is turned on when this VPN policy is active. Click the edit icon under Modify and select the Active checkbox in the Rule Setup screen to activate the VPN policy.
13.6 Keep Alive When you initiate an IPSec tunnel with keep alive enabled, the Prestige automatically renegotiates the tunnel when the IPSec SA lifetime period expires ( section for more on the IPSec SA lifetime). In effect, the IPSec tunnel becomes an “always on”...
P-335 Series User’s Guide In order for IPSec router A (see the figure) to receive an initiating IPSec packet from IPSec router B, set the NAT router to forward UDP port 500 to IPSec router A. 13.7.2 Remote DNS Server In cases where you want to use domain names to access Intranet servers on a remote network that has a DNS server, you must identify that DNS server.
Note: Regardless of the ID type and content configuration, the Prestige does not allow you to save multiple active rules with overlapping local and remote IP addresses. With main mode (see Section Negotiation provide identity protection. In this case the Prestige can only distinguish between up to eight different incoming SAs that connect from remote IPSec routers that have dynamic WAN IP addresses.
P-335 Series User’s Guide The two Prestiges in this example can complete negotiation and establish a VPN tunnel Table 71 Matching ID Type and Content Configuration Example PRESTIGE A Local ID type: E-mail Local ID content: tom@yourcompany.com Peer ID type: IP Peer ID content: 1.1.1.2 The two Prestiges in this example cannot complete their negotiation because Prestige B’s Local ID type is IP, but Prestige A’s Peer ID type is set to E-mail.
Figure 89 Rule Setup The following table describes the labels in this screen. Table 72 Rule Setup LABEL DESCRIPTION Active Select this check box to activate this VPN tunnel. This option determines whether a VPN rule is applied before a packet leaves the firewall. Keep Alive Select this check box to have the Prestige automatically re-initiate the SA after the SA lifetime times out, even if there is no traffic.
Page 174
P-335 Series User’s Guide Table 72 Rule Setup (continued) LABEL DNS Server (for IPSec VPN) Local Address Remote Address Start Remote Address End/Mask My IP Address Local ID Type Local Content Secure Gateway Address DESCRIPTION If there is a private DNS server that services the VPN, type its IP address here. The Prestige assigns this additional DNS server to the Prestige’s DHCP clients that have IP addresses in this IPSec rule's range of local addresses.
Page 175
Table 72 Rule Setup (continued) LABEL DESCRIPTION Peer ID Type Select IP to identify the remote IPSec router by its IP address. Select DNS to identify the remote IPSec router by a domain name. Select E-mail to identify the remote IPSec router by an e-mail address. Peer Content The configuration of the peer content depends on the peer ID type.
P-335 Series User’s Guide Table 72 Rule Setup (continued) LABEL Advanced Apply Reset 13.11 IKE Phases There are two phases to every IKE (Internet Key Exchange) negotiation – phase 1 (Authentication) and phase 2 (Key Exchange). A phase 1 exchange establishes an IKE SA and the second one uses that SA to negotiate SAs for IPSec.
• Choose whether to enable Perfect Forward Secrecy (PFS) using Diffie-Hellman public- key cryptography – see Section Perfect Forward Secrecy (PFS). Select None (the default) to disable PFS. Choose Tunnel mode or Transport mode. Set the IPSec SA lifetime. This field allows you to determine how long the IPSec SA should stay up before it times out.
P-335 Series User’s Guide This may be unnecessary for data that does not require such security, so PFS is disabled (None) by default in the Prestige. Disabling PFS means new authentication and encryption keys are derived from the same root secret (which may have security implications in the long run) but allows faster SA setup (by bypassing the Diffie-Hellman key exchange).
Figure 91 Advanced Rule Setup The following table describes the labels in this screen. Table 73 Advanced Rule Setup LABEL Active Keep Alive Chapter 13 VPN Screens DESCRIPTION Select this check box to activate this VPN policy. Select this check box to turn on the Keep Alive feature for this SA. Turn on Keep Alive to have the Prestige automatically reinitiate the SA after the SA lifetime times out, even if there is no traffic.
Page 180
P-335 Series User’s Guide Table 73 Advanced Rule Setup (continued) LABEL NAT Traversal Key Management Protocol Number Enable Replay Detection DNS Server (for IPSec VPN) Local Address Local Port Start Local Port End Remote Address Start Remote Address End/ Mask DESCRIPTION Select this check box to enable NAT traversal.
Page 181
Table 73 Advanced Rule Setup (continued) LABEL Remote Port Start Remote Port End My IP Address Local ID Type Local Content Secure Gateway Address Peer ID Type Peer Content IKE Phase 1 Negotiation Mode Chapter 13 VPN Screens DESCRIPTION 0 is the default and signifies any port. Type a port number from 0 to 65535. Some of the most common IP ports are: 21, FTP;...
Page 182
P-335 Series User’s Guide Table 73 Advanced Rule Setup (continued) LABEL Encryption Algorithm Authentication Algorithm SA Life Time Key Group Pre-Shared Key IKE Phase 2 Encapsulation Mode IPSec Protocol Encryption Algorithm Authentication Algorithm DESCRIPTION Select DES or 3DES from the drop-down list box. The Prestige's encryption algorithm should be identical to the secure remote gateway.
Table 73 Advanced Rule Setup (continued) LABEL SA Life Time Perfect Forward Secrecy (PFS) Basic Apply Reset 13.13 Manual Key Manual key management is useful if you have problems with IKE key management. 13.13.1 Security Parameter Index (SPI) An SPI is used to distinguish different SAs terminating at the same destination and using the same IPSec protocol.
P-335 Series User’s Guide Figure 92 Rule Setup with Manual Key The following table describes the labels in this screen. Table 74 Rule Setup with Manual Key LABEL Active IPSec Keying Mode Protocol Number Local Address Local Port Start Local Port End DESCRIPTION Select this check box to activate this VPN policy.
Page 185
Table 74 Rule Setup with Manual Key LABEL Remote Address Start Remote Address End/ Mask Remote Port Start Remote Port End DNS Server (for IPSec VPN) My IP Address Secure Gateway IP Address Encapsulation Mode Enable Replay Detection IPSec Protocol Chapter 13 VPN Screens DESCRIPTION Remote IP addresses must be static and correspond to the remote IPSec...
P-335 Series User’s Guide Table 74 Rule Setup with Manual Key LABEL Encryption Algorithm Authentication Algorithm Encryption Key (Only with ESP) Authentication Key Apply Reset 13.15 SA Monitor Screen In the web configurator, click the VPN link under Security and the SA Monitor tab. Use this screen to display and manage active VPN connections.
Figure 93 SA Monitor The following table describes the labels in this screen. Table 75 SA Monitor LABEL DESCRIPTION This is the security index number. Name This field displays the identification name for this VPN policy. Encapsulation This field displays Tunnel or Transport mode. IPSec Algorithm This field displays the security protocols used for an SA.
P-335 Series User’s Guide Figure 94 Global Setting The following table describes the labels in this screen. Table 76 Global Setting LABEL Windows Networking (NetBIOS over TCP/IP) Allow Through IP/Sec Tunnel Apply Reset 13.17 Telecommuter VPN/IPSec Examples The following examples show how multiple telecommuters can make VPN connections to a single Prestige at headquarters from remote IPSec routers that use dynamic WAN IP addresses.
Having everyone use the same pre-shared key may create a vulnerability. If the pre-shared key is compromised, all of the VPN connections using that VPN rule are at risk. A recommended alternative is to use a different VPN rule for each telecommuter and identify them by unique IDs (see the Telecommuters Using Unique VPN Rules Example section Table 77 Telecommuter and Headquarters Configuration Example...
P-335 Series User’s Guide See the following graphic for an example where three telecommuters each use a different VPN rule to initiate a VPN connection to a Prestige located at headquarters. The Prestige at headquarters identifies each by its secure gateway address (a dynamic domain name) and uses the appropriate VPN rule to establish the VPN connection.
Trend Micro Security Services This chapter contains information about configuring Trend Micro Security Services (TMSS). 14.1 Trend Micro Security Services Overview TMSS helps protect computers on a network that access the Internet through the Prestige. TMSS scans computers behind the Prestige for potential vulnerabilities such as spyware, missing security patches, trojans etc.
P-335 Series User’s Guide Figure 98 Download ActiveX to View TMSS Web Page 2 In the TMSS web page, click Service Summary. Figure 99 TMSS Web Page(Dashboard) 3 Click Activate My Services to begin a 3-step process to activate TMSS. Figure 100 TMSS Service Summary 4 Click Next to begin the process as outlined in the screen.
Figure 101 TMSS 3 Steps 5 Fill in the registration form and submit it. Figure 102 TMSS Registration Form 6 After you submit the registration form, you will receive an e-mail with instructions for validating your e-mail address. Follow the instructions. 7 Download TMSS to each computer (behind the Prestige) that you want TMSS to monitor.
P-335 Series User’s Guide Figure 103 Example TMSS Activated Service Summary Screen You need a Parental Control license to activate configure Parental Control categories on the Prestige (see Figure 108 on page Control screen with TMSS activated. Figure 104 Example TMSS Activated Parental Controls Screen After the free trial expires, you can buy the Trend micro Internet Security (TIS) package contains anti-virus software and a license for Parental Control (to forbid access to undesirable web site content based on pre-defined web site categories).
2 Use the Virus Protection screen to configure if and how often updates are checked and to display the status of computers under TMSS monitoring. 3 Use the Parental Controls screen to schedule and block web pages based on pre-defined web site categories such as pornography, gambling etc.
P-335 Series User’s Guide Table 78 General (continued) LABEL Automatically check for update components Check for update components every Scan engine Virus pattern Apply Reset 14.3 Exception List Screen Click the TMSS link under Security and the Exception List tab. Use the Exception List to specify which computers should not to be restricted by Parental Controls.
Figure 106 Exception List The following table describes the labels in this screen. Table 79 Exception List LABEL Exclude computer(s) from displaying Trend Micro Home Network Security Services Computer(s) that will display Trend Micro Home Network Security Services: Computer(s) to exclude: Exception List Enforce Parental...
P-335 Series User’s Guide Table 79 Exception List LABEL Available IP Addresses This box displays the IP addresses of all TMSS clients. Selected IP Addresses This box displays the IP addresses of the computer(s) chosen from the Apply Reset 14.4 Virus Protection Screen Select the Virus Protection tab in the TMSS main screen the following screen.
Table 80 Virus Protection (continued) LABEL Scan Engine Status Apply Reset 14.5 Parental Controls Screen Select the Parental Controls tab from the TMSS main screen. The following screen displays. Figure 108 Parental Controls Chapter 14 Trend Micro Security Services DESCRIPTION This field displays the current TMSS anti-virus scan engine version number of a TMSS client.
P-335 Series User’s Guide The following table describes the labels in this screen. Table 81 Parental Controls LABEL Restrict Web Features ActiveX Java Cookies Web Proxy Enable Parental Controls Blocking Schedule Day to Block Time of Day to Block (24- Hour Format) Select Categories Pornography...
Page 201
Table 81 Parental Controls LABEL Alcohol/Tobacco Gambling Abortion Apply Reset Chapter 14 Trend Micro Security Services DESCRIPTION Selecting this category excludes pages that promote or offer the sale alcohol/tobacco products, or provide the means to create them. It also includes pages that glorify, tout, or otherwise encourage the consumption of alcohol/tobacco.
This chapter shows you how to configure static routes for your Prestige. 15.1 Static Route Overview Each remote node specifies only the network to which the gateway is directly connected, and the Prestige has no knowledge of the networks beyond. For instance, the Prestige knows about network N2 in the following figure through remote node router R1.
P-335 Series User’s Guide Figure 110 IP Static Route The following table describes the labels in this screen. Table 82 IP Static Route LABEL DESCRIPTION Number of an individual static route. Name Name that describes or identifies this route. Active This icon is turned on when this static route is active.
Figure 111 Static Route Setup The following table describes the labels in this screen. Table 83 Static Route Setup LABEL DESCRIPTION Route Name Enter the name of the IP static route. Leave this field blank to delete this static route. Active This field allows you to activate/deactivate this static route.
Bandwidth Management This chapter contains information about configuring bandwidth management, editing rules and viewing the Prestige’s bandwidth management logs. 16.1 Bandwidth Management Overview ZyXEL’s Bandwidth Management allows you to specify bandwidth management rules based on an application and/or subnet. You can allocate specific amounts of bandwidth capacity (bandwidth budgets) to different bandwidth rules.
P-335 Series User’s Guide Figure 112 Application-based Bandwidth Management Example 16.1.2 Subnet-based Bandwidth Management Example The following example uses bandwidth rules based solely on LAN subnets. Each bandwidth rule (Subnet A and Subnet B) is allotted 320 Kbps. Figure 113 Subnet-based Bandwidth Management Example 16.1.3 Application and Subnet-based Bandwidth Management Example The following example uses bandwidth rules based on LAN subnets and applications (specific...
Figure 114 Application and Subnet-based Bandwidth Management Example Table 84 Application and Subnet-based Bandwidth Management Example TRAFFIC TYPE VoIP E-mail Video 16.1.4 Bandwidth Usage Example Here is an example of a Prestige that has bandwidth usage enabled on an interface. The first figure shows each bandwidth rule’s bandwidth budget.
P-335 Series User’s Guide Figure 115 Bandwidth Usage Example The following figure shows the bandwidth usage with the maximize bandwidth usage option enabled. The Prestige divides up the unbudgeted 64 Kbps among the rules that require more bandwidth. If the administration department only uses 32 Kbps of the budgeted 64 Kbps, the Prestige also divides the remaining 32 Kbps among the rules that require more bandwidth.
Figure 116 Maximize Bandwidth Usage Example 16.1.5 Bandwidth Management Priorities The following table describes the priorities that you can apply to traffic that the Prestige forwards out through an interface. Table 85 Bandwidth Management Priorities PRIORITY LEVELS: TRAFFIC WITH A HIGHER PRIORITY GETS THROUGH FASTER WHILE TRAFFIC WITH A LOWER PRIORITY IS DROPPED IF THE NETWORK IS CONGESTED.
P-335 Series User’s Guide VoIP (SIP) Sending voice signals over the Internet is called Voice over IP or VoIP. Session Initiated Protocol (SIP) is an internationally recognized standard for implementing VoIP. SIP is an application-layer control (signaling) protocol that handles the setting up, altering and tearing down of voice and multimedia sessions over the Internet.
P-335 Series User’s Guide Table 86 Commonly Used Services SERVICE TELNET(TCP:23) TFTP(UDP:69) VDOLIVE(TCP:7000) 16.2 Bandwidth Management Configuration Screen Click the Bandwidth MGMT link under Management to open the bandwidth management Configuration screen. Figure 117 Bandwidth Management Configuration The following table describes the labels in this screen. Table 87 Bandwidth Management Configuration LABEL DESCRIPTION...
Table 87 Bandwidth Management Configuration LABEL DESCRIPTION Direction Select To LAN to apply bandwidth management to traffic that the Prestige forwards to the LAN. Select To WAN to apply bandwidth management to traffic that the Prestige forwards to the WAN. Select To WLAN to apply bandwidth management to traffic that the Prestige forwards to the WLAN.
P-335 Series User’s Guide Figure 118 Bandwidth Management Rule and Filter Configuration The following table describes the labels in this screen. Table 88 Bandwidth Management Edit LABEL DESCRIPTION Active Select this check box to have the Prestige apply this bandwidth management rule.
Page 217
Table 88 Bandwidth Management Edit LABEL DESCRIPTION Source Port Enter the port number of the source. See and port numbers. Protocol Enter the protocol (service type) number, for example: 1 for ICMP, 6 for TCP or 17 for UDP. Apply Click Apply to save your customized settings and exit this screen.
Remote Management Screens This chapter provides information on the Remote Management screens. 17.1 Remote Management Overview Remote management allows you to determine which services/protocols can access which Prestige interface (if any) from which computers. Note: When you configure remote management to allow management from the WAN, you still need to configure a firewall rule to allow access.
P-335 Series User’s Guide 3 The IP address in the Secured Client IP field does not match the client IP address. If it does not match, the Prestige will disconnect the session immediately. 4 There is already another remote management session with an equal or higher priority running.
Table 89 WWW Remote Management LABEL DESCRIPTION Secured Client IP A secured client is a “trusted” computer that is allowed to communicate with the Address Prestige using this service. Select All to allow any computer to access the Prestige using this service. Choose Selected to just allow the computer with the IP address that you specify to access the Prestige using this service.
P-335 Series User’s Guide Figure 121 Telnet Remote Management The following table describes the labels in this screen. Table 90 Telnet Remote Management LABEL DESCRIPTION Server Port You may change the server port number for a service if needed, however you must use the same port number in order to use that service for remote management.
Figure 122 FTP Remote Management The following table describes the labels in this screen. Table 91 FTP Remote Management LABEL DESCRIPTION Server Port You may change the server port number for a service if needed, however you must use the same port number in order to use that service for remote management. Server Access Select the interface(s) through which a computer may access the Prestige using this service.
P-335 Series User’s Guide Figure 123 SNMP Management Model An SNMP managed network consists of two main types of component: agents and a manager. An agent is a management software module that resides in a managed device (the Prestige). An agent translates the local management information from the managed device into a form compatible with SNMP.
17.6.1 Supported MIBs The Prestige supports MIB II that is defined in RFC-1213 and RFC-1215. The focus of the MIBs is to let administrators collect statistical data and monitor status and performance. 17.6.2 SNMP Traps The Prestige will send traps to the SNMP manager when any one of the following events occurs: Table 92 SNMP Traps TRAP #...
P-335 Series User’s Guide Figure 124 SNMP Remote Management The following table describes the labels in this screen. Table 93 SNMP Remote Management LABEL SNMP Configuration Get Community Set Community Trap Community Trap Destination SNMP Service Port Service Access Secured Client IP Address Apply Reset...
17.8 DNS Screen Use DNS (Domain Name System) to map a domain name to its corresponding IP address and vice versa. Refer to the chapter on Wizard Setup for background information. To change your Prestige’s DNS settings, click the Remote MGMT link under Management and the DNS tab.
P-335 Series User’s Guide Figure 126 Security Remote Management The following table describes the labels in this screen. Table 95 Security Remote Management LABEL DESCRIPTION ICMP Internet Control Message Protocol is a message control and error-reporting protocol between a host server and a gateway to the Internet. ICMP uses Internet Protocol (IP) datagrams, but the messages are processed by the TCP/IP software and directly apparent to the application user.
This chapter introduces the Universal Plug and Play feature. 18.1 Universal Plug and Play Overview Universal Plug and Play (UPnP) is a distributed, open networking standard that uses TCP/IP for simple peer-to-peer network connectivity between devices. A UPnP device can dynamically join a network, obtain an IP address, convey its capabilities and learn about other devices on the network.
P-335 Series User’s Guide All UPnP-enabled devices may communicate freely with each other without additional configuration. Disable UPnP if this is not your intention. 18.2 UPnP and ZyXEL ZyXEL has achieved UPnP certification from the Universal Plug and Play Forum Creates UPnP™...
Table 96 Configuring UPnP LABEL Allow UPnP to pass through Firewall Apply Reset 18.4 Installing UPnP in Windows Example This section shows how to install UPnP in Windows Me and Windows XP. Chapter 18 UPnP DESCRIPTION UPnP broadcasts are only allowed on the LAN. If you block LAN-to- LAN/Prestige traffic using the firewall, then you need to select this check box to allow UPnP-enabled traffic to pass through the firewall.
P-335 Series User’s Guide 18.4.1 Installing UPnP in Windows Me Follow the steps below to install UPnP in Windows Me. 1 Click Start and Control Panel. Double- click Add/Remove Programs. 2 Click on the Windows Setup tab and select Communication in the Components selection box.
18.4.2 Installing UPnP in Windows XP Follow the steps below to install UPnP in Windows XP. 1 Click Start and Control Panel. 2 Double-click Network Connections. 3 In the Network Connections window, click Advanced in the main menu and select Optional Networking Components ….The Windows Optional Networking Components Wizard window...
Page 234
P-335 Series User’s Guide Make sure the computer is connected to a LAN port of the ZyXEL device. Turn on your computer and the ZyXEL device. Chapter 18 UPnP...
18.5.1 Auto-discover Your UPnP-enabled Network Device 1 Click Start and Control Panel. Double-click Network Connections. An icon displays under Internet Gateway. 2 Right-click the icon and select Properties. 3 In the Internet Connection Properties window, click Settings to see the port mappings that were automatically created.
P-335 Series User’s Guide 5 Select the Show icon in notification area when connected check box and click OK. An icon displays in the system tray 6 Double-click the icon to display your current Internet connection status. 18.5.2 Web Configurator Easy Access With UPnP, you can access the web-based configurator on the ZyXEL device without finding out the IP address of the ZyXEL device first.
1 Click Start and then Control Panel. 2 Double-click Network Connections. 3 Select My Network Places under Other Places. 4 An icon with the description for each UPnP-enabled device displays under Local Network. 5 Right-click the icon for your ZyXEL device and select Invoke.
Page 238
P-335 Series User’s Guide Follow the steps below to access the web configurator. 1 Click Start and then Control Panel. 2 Double-click Network Connections. 3 Select My Network Places under Other Places. 4 An icon with the description for each UPnP-enabled device displays under Local Network.
Page 239
P-335 Series User’s Guide Chapter 18 UPnP...
Page 240
P-335 Series User’s Guide Chapter 18 UPnP...
This chapter discusses how to configure the print server on the Prestige. 19.1 Print Server Overview A print server is a device or software that provides users on a network with shared access to one or more printers. The print server acts as a buffer, holding the information to be printed out in memory until the printer becomes free.
P-335 Series User’s Guide The print server must be set up on each computer in your network that you want to use the print server. Before you set up the print server, make sure the USB printer is connected to the Prestige using the USB cable and that both the Prestige and the USB printer are turned on.
This chapter provides information on the System screens. 20.1 System Overview See the Wizard Setup chapter for more information on the next few screens. 20.2 General Screen Click the System link under Maintenance and the General tab. The following screen displays.
P-335 Series User’s Guide Table 98 General LABEL DESCRIPTION Administrator Type how many minutes a management session (either via the web configurator Inactivity Timer or SMT) can be left idle before the session times out. The default is 5 minutes. After it times out you have to log in with your password again.
Figure 130 Dynamic DNS The following table describes the labels in this screen. Table 99 Dynamic DNS LABEL Enable Dynamic DNS Service Provider Dynamic DNS Type Host Name User Name Password Enable Wildcard Option Select the check box to enable DynDNS Wildcard. Enable off line option IP Address Update Policy: Use WAN IP Address...
P-335 Series User’s Guide 20.5 Time Setting Screen To change your Prestige’s time and date, click the System link under Maintenance and the Time Setting tab. The screen appears as shown. Use this screen to configure the Prestige’s time based on your local time zone. Figure 131 Time Setting The following table describes the labels in this screen.
Page 247
Table 100 Time Setting LABEL New Date (yyyy-mm-dd) Get from Time Server Time Protocol Time Server Address Current Time New Time Current Date New Date Time Zone Setup Enable Daylight Saving Start Date Chapter 20 System DESCRIPTION This field displays the last updated date from the time server or the last date configured manually.
Page 248
P-335 Series User’s Guide Table 100 Time Setting LABEL End Date Apply Reset DESCRIPTION Configure the day and time when Daylight Saving Time ends if you selected Daylight Saving. The o'clock field uses the 24 hour format. Here are a couple of examples: Daylight Saving Time ends in the United States on the last Sunday of October.
This chapter contains information about configuring general log settings and viewing the Prestige’s logs. Refer to the appendices for example log message explanations. 21.1 View Log The web configurator allows you to look at all of the Prestige’s logs in one location. Click the Logs link under Maintenance to open the View Log screen.
P-335 Series User’s Guide Figure 132 View Log The following table describes the labels in this screen. Table 101 View Logs LABEL DESCRIPTION Display The categories that you select in the Log Settings page (see section ) display in the drop-down list box. Select a category of logs to view;...
Page 251
P-335 Series User’s Guide Use the Log Settings screen to configure to where the Prestige is to send logs; the schedule for when the Prestige is to send the logs and which logs and/or immediate alerts the Prestige to send. An alert is a type of log that warrants more serious attention.
P-335 Series User’s Guide Figure 133 Log Settings The following table describes the labels in this screen. Table 102 Log Settings LABEL DESCRIPTION Address Info Mail Server Enter the server name or the IP address of the mail server for the e-mail addresses specified below.
Page 253
Table 102 Log Settings LABEL DESCRIPTION Send Alerts To Alerts are real-time notifications that are sent as soon as an event, such as a DoS attack, system error, or forbidden web access attempt occurs. Enter the E-mail address where the alert messages will be sent. Alerts include system errors, attacks and attempted access to blocked web sites.
Page 254
P-335 Series User’s Guide Chapter 21 Logs...
This chapter shows you how to upload a new firmware, upload or save backup configuration files and restart the Prestige. 22.1 Firmware Upload Screen Find firmware at www.zyxel.com "*.bin" extension, e.g., "Prestige.bin". The upload process uses HTTP (Hypertext Transfer Protocol) and may take up to two minutes. After a successful upload, the system will reboot. See the Firmware and Configuration File Maintenance FTP/TFTP commands.
P-335 Series User’s Guide Figure 135 Upload Warning The Prestige automatically restarts in this time causing a temporary network disconnect. In some operating systems, you may see the following icon on your desktop. Figure 136 Network Temporarily Disconnected After two minutes, log in again and check your new firmware version in the Status screen. If the upload was not successful, the following screen will appear.
Figure 138 Configuration 22.2.1 Backup Configuration Backup configuration allows you to back up (save) the Prestige’s current configuration to a file on your computer. Once your Prestige is configured and functioning properly, it is highly recommended that you back up your configuration file before making configuration changes. The backup configuration file will be useful in case you need to return to your previous settings.
P-335 Series User’s Guide Figure 139 Configuration Restore Successful The Prestige automatically restarts in this time causing a temporary network disconnect. In some operating systems, you may see the following icon on your desktop. Figure 140 Temporarily Disconnected If you uploaded the default configuration file you may need to change the IP address of your computer to be in the same subnet as that of the default Prestige IP address (192.168.1.1).
This chapter explains how to access and navigate the System Management Terminal and gives an overview of its menus. 23.1 SMT Introduction The Prestige’s SMT (System Management Terminal) is a menu-driven interface that you can access from a terminal emulator through the console port or over a telnet connection. This chapter shows you how to access the SMT (System Management Terminal) menus via console port, how to navigate the SMT and how to configure SMT menus.
P-335 Series User’s Guide Figure 143 Login Screen Enter Password : **** 23.1.3 Prestige SMT Menu Overview The following figure gives you an overview of the various SMT menu screens of your Prestige.The following table gives you an overview of your Prestige’s various SMT menus. Table 105 SMT Menus Overview MENUS SUB MENUS...
Table 105 SMT Menus Overview (continued) MENUS SUB MENUS 24 System Maintenance 24.1 System Status 24.2 System Information and Console Port Speed 24.3 Log and Trace 24.4 Diagnostic 24.5 Backup Configuration 24.6 Restore Configuration 24.7 Upload Firmware 24.8 Command Interpreter Mode 24.9 Call Control 24.10 Time and Date Setting 24.11 Remote Management Control...
Page 264
P-335 Series User’s Guide Table 106 Main Menu Commands OPERATION KEYSTROKE Move the cursor [ENTER] or [UP]/ [DOWN] arrow keys. Entering Type in or press information [SPACE BAR], then press [ENTER]. Required fields < N/A fields <N/A> Save your [ENTER] configuration Exit the SMT Type 99, then...
P-335 Series User’s Guide Table 107 Main Menu Summary MENU TITLE VPN/ IPSec Setup Exit 23.3 Changing the System Password Change the Prestige default password by following the steps shown next. 1 Enter 23.1 in the main menu to display Menu 23.1 - System Security - Change Password.
Menu 1 - General Setup contains administrative and system-related information. 24.1 General Setup Menu 1 — General Setup contains administrative and system-related information (shown next). The System Name field is for identification purposes. However, because some ISPs check this name you should enter your computer's "Computer Name". In Windows 95/98 click Start, Settings, Control Panel, Network.
P-335 Series User’s Guide Figure 146 Menu 1 General Setup. Menu 1 - General Setup Press ENTER to Confirm or ESC to Cancel: 2 Fill in the required fields. Refer to the table shown next for more information about these fields.
24.2.1 Procedure to Configure Dynamic DNS Note: If you have a private WAN IP address, then you cannot use Dynamic DNS. To configure Dynamic DNS, go to Menu 1 — General Setup and select Yes in the Edit Dynamic DNS field. Press [ENTER] to display Menu 1.1— Configure Dynamic DNS as shown next.
Page 270
P-335 Series User’s Guide Table 109 Menu 1.1 Configure Dynamic DNS FIELD DESCRIPTION Edit Update IP Address: You can select Yes in either the Use Server Detected IP field (recommended) or the User Specified IP Addr field, but not both. With the Use Server Detected IP and User Specified IP Addr fields both set to No, the DDNS server automatically updates the IP address of the host name(s) with the Prestige’s WAN IP address.
This chapter describes how to configure the WAN using menu 2. 25.1 Introduction to WAN This chapter explains how to configure settings for your WAN port. 25.2 WAN Setup From the main menu, enter 2 to open menu 2. Figure 148 Menu 2 WAN Setu Press ENTER to Confirm or ESC to Cancel: The following table describes the fields in this menu.
Page 272
P-335 Series User’s Guide Chapter 25 Menu 2 WAN Setup...
This chapter covers how to configure your wired Local Area Network (LAN) settings. 26.1 LAN Setup This section describes how to configure the Ethernet using Menu 3 — LAN Setup. From the main menu, enter 3 to display menu 3. Figure 149 Menu 3 LAN Setup Enter Menu Selection Number: 26.1.1 General Ethernet Setup...
P-335 Series User’s Guide 26.2 Protocol Dependent Ethernet Setup Depending on the protocols for your applications, you need to configure the respective Ethernet Setup, as outlined below. • For TCP/IP Ethernet setup refer to the Internet Access Application chapter. • For bridging Ethernet setup refer to the Bridging Setup chapter. 26.3 TCP/IP Ethernet Setup and DHCP Use menu 3.2 to configure your Prestige for TCP/IP.
Table 111 DHCP Ethernet Setup Fields FIELD DESCRIPTION Size of Client IP This field specifies the size, or count of the IP address pool. Pool The Prestige passes a DNS (Domain Name System) server IP address (in the order First DNS Server you specify here) to the DHCP clients.
P-335 Series User’s Guide 26.3.1 IP Alias Setup IP alias allows you to partition a physical network into different logical networks over the same Ethernet interface. The Prestige supports three logical LAN interfaces via its single physical Ethernet interface with the Prestige itself as the gateway for each LAN network. Figure 152 Physical Network &...
Page 277
Table 113 Menu 3.2.1: IP Alias Setup FIELD DESCRIPTION IP Subnet Mask Your Prestige will automatically calculate the subnet mask based on the IP address that you assign. Unless you are implementing subnetting, use the subnet mask computed by the Prestige. RIP Direction Press [SPACE BAR] and then [ENTER] to select the RIP direction.
Page 278
P-335 Series User’s Guide Chapter 26 Menu 3 LAN Setup...
This chapter shows you how to configure your Prestige for Internet access 27.1 Introduction to Internet Access Setup Use information from your ISP along with the instructions in this chapter to set up your Prestige to access the Internet. There are three different menu 4 screens depending on whether you chose Ethernet, PPTP or PPPoE Encapsulation.
P-335 Series User’s Guide Figure 154 Menu 4 Internet Access Setup ISP's Name= MyISP Encapsulation= Ethernet Service Type= Standard My Login= N/A My Password= N/A Retype to Confirm= N/A Login Server= N/A Relogin Every (min)= IP Address Assignment= Dynamic IP Address= N/A IP Subnet Mask= N/A Gateway IP Address= N/A Network Address Translation= SUA Only...
Table 114 Internet Access Setup (Ethernet Gateway IP Address Network Address Translation When you have completed this menu, press [ENTER] at the prompt “Press ENTER to Confirm…” to save your configuration, or press [ESC] at any time to cancel. 27.3 Configuring the PPTP Client Note: The Prestige supports only one PPTP server connection at any given time To configure a PPTP client, you must configure the My Login and Password fields for a PPP connection and the PPTP parameters for a PPTP connection.
P-335 Series User’s Guide Figure 155 Internet Access Setup (PPTP) Menu 4 - Internet Access Setup Press ENTER to Confirm or ESC to Cancel: The following table contains instructions about the new fields when you choose PPTP in the Encapsulation field in menu 4. Table 115 New Fields in Menu 4 (PPTP) Screen FIELD DESCRIPTION...
Figure 156 Internet Access Setup (PPPoE) ISP's Name= MyISP Encapsulation= PPPoE Service Type= N/A My Login= My Password= ******** Retype to Confirm= ******** Idle Timeout= 100 IP Address Assignment= Dynamic IP Address= N/A IP Subnet Mask= N/A Gateway IP Address= N/A Network Address Translation= SUA Only Press ENTER to Confirm or ESC to Cancel: The following table contains instructions about the new fields when you choose PPPoE in the...
Page 284
P-335 Series User’s Guide Chapter 27 Internet Access...
Remote Node Configuration This chapter covers remote node configuration. 28.1 Introduction to Remote Node Setup A remote node is required for placing calls to a remote gateway. A remote node represents both the remote gateway and the network behind it across a WAN connection. Note that when you use menu 4 to set up Internet access, you are actually configuring a remote node.
P-335 Series User’s Guide Figure 157 Menu 11.1 Remote Node Profile for Ethernet Encapsulation Rem Node Name= MyISP Active= Yes Encapsulation= Ethernet Service Type= Standard Service Name= N/A Outgoing: My Login= N/A My Password= N/A Retype to Confirm= N/A Server= N/A Relogin Every (min)= The following table describes the fields in this menu.
Table 117 Menu 11.1 Remote Node Profile for Ethernet Encapsulation FIELD DESCRIPTION Edit IP This field leads to a “hidden” menu. Press [SPACE BAR] to select Yes and press [ENTER] to go to Menu 11.3 - Remote Node Network Layer Options. Session Options Edit Filter Sets This field leads to another “hidden”...
P-335 Series User’s Guide 28.2.2.2 Nailed-Up Connection A nailed-up connection is a dial-up line where the connection is always up regardless of traffic demand. The Prestige does two things when you specify a nailed-up connection. The first is that idle timeout is disabled. The second is that the Prestige will try to bring up the connection when turned on and whenever the connection is down.
Figure 159 Menu 11.1 Remote Node Profile for PPTP Encapsulation Rem Node Name= MyISP Active= Yes Encapsulation= PPTP Service Type= Standard Service Name= N/A Outgoing: My Login= My Password= ******** Retype to Confirm= ******** Authen= CHAP/PAP PPTP: My IP Addr= My IP Mask= Server IP Addr= Connection ID/Name=...
P-335 Series User’s Guide Figure 160 Menu 11.3 Remote Node Network Layer Options for Ethernet Encapsulation Menu 11.3 - Remote Node Network Layer Options Enter here to CONFIRM or ESC to CANCEL: This menu displays the My WAN Addr field for PPPoE and PPTP encapsulations and Gateway IP Addr field for Ethernet encapsulation.
Table 120 Remote Node Network Layer Options FIELD DESCRIPTION Metric Enter a number from 1 to 15 to set this route’s priority among the Prestige’s routes (see the Metric section in the WAN and Dial Backup Setup chapter) The smaller the number, the higher priority the route has.
P-335 Series User’s Guide Figure 161 M enu 11.5: Remote Node Filter (Ethernet Encapsulation) Menu 11.5 - Remote Node Filter Enter here to CONFIRM or ESC to CANCEL: Figure 162 Menu 11.5: Remote Node Filter (PPPoE or PPTP Encapsulation) Menu 11.5 - Remote Node Filter Enter here to CONFIRM or ESC to CANCEL: 28.4.1 Traffic Redirect Setup Configure parameters that determine when the Prestige will forward WAN traffic to the...
Figure 163 Menu 11.6: Traffic Redirect Setup Active= Yes Configuration: Press ENTER to Confirm or ESC to Cancel: The following table describes the fields in this screen. Table 121 Menu 11.6: Traffic Redirect Setup FIELD DESCRIPTION Active Press [SPACE BAR] and select Yes (to enable) or No (to disable) traffic redirect setup.
This chapter shows how to setup IP static routes. 29.1 IP Static Route Setup To configure an IP static route, use Menu 12 – Static Routing Setup (shown next). Figure 164 Menu 12 IP Static Route Setup Menu 12 - IP Static Route Setup Enter selection number: Now, type the route number of a static route you want to configure.
P-335 Series User’s Guide Figure 165 Menu12.1 Edit IP Static Route Menu 12.1 - Edit IP Static Route Press ENTER to Confirm or ESC to Cancel: The following table describes the fields for Menu 12.1 – Edit IP Static Route Setup. Table 122 Menu12.1 Edit IP Static Route FIELD Route #...
Network Address Translation This chapter discusses how to configure NAT on the Prestige. 30.1 Using NAT Note: You must create a firewall rule in addition to setting up SUA/NAT, to allow traffic from the WAN to be forwarded through the Prestige 30.1.1 SUA (Single User Account) Versus NAT SUA (Single User Account) is a ZyNOS implementation of a subset of NAT that supports two types of mapping, Many-to-One and Server.
P-335 Series User’s Guide Figure 166 Menu 4 Applying NAT for Internet Access ISP's Name= MyISP Encapsulation= Ethernet IP Address Assignment= Dynamic Network Address Translation= SUA Only Press ENTER to Confirm or ESC to Cancel: The following figure shows how you apply NAT to the remote node in menu 11.1. 1 Enter 11 from the main menu.
Figure 167 Menu 11.3 Applying NAT to the Remote Node Menu 11.3 - Remote Node Network Layer Options IP Address Assignment= Dynamic IP Address= N/A IP Subnet Mask= N/A Gateway IP Addr= N/A Network Address Translation= SUA Only Metric= 1 Private= N/A RIP Direction= None Version= N/A...
P-335 Series User’s Guide Figure 168 Menu 15 NAT Setup Menu 15 - NAT Setup Enter Menu Selection Number: 30.3.1 Address Mapping Sets Enter 1 to bring up Menu 15.1 — Address Mapping Sets. Figure 169 Menu 15.1 Address Mapping Sets Enter 255 to display the next screen, (see The fields in this menu cannot be changed.
Figure 170 Menu 15.1.255 SUA Address Mapping Rules Set Name= SUA Local Start IP Local End IP -------------- --------------- --------------- --------------- ------ 0.0.0.0 The following table explains the fields in this menu. Table 124 SUA Address Mapping Rules FIELD Set Name Local Start IP Local End IP Global Start IP...
P-335 Series User’s Guide Figure 171 Menu 15.1.1 First Set Menu 15.1.1 - Address Mapping Rules Set Name= NAT_SET Local Start IP --------------- -------------- --------------- --------------- Note: If the Set Name field is left blank, the entire set will be deleted. Note: The Type, Local and Global Start/End IPs are configured in menu 15.1.1.1 (described later) and the values are displayed here.
Note: You must press [ENTER] at the bottom of the screen to save the whole set. You must do this again if you make any changes to the set – including deleting a rule. No changes to the set take place until this action is taken Selecting Edit in the Action field and then selecting a rule brings up the following menu, Menu 15.1.1.1 - Address Mapping Rule in which you can edit an individual rule and configure the Type, Local and Global Start/End IPs.
P-335 Series User’s Guide 30.4 Configuring a Server behind NAT Follow these steps to configure a server behind NAT: 1 Enter 15 in the main menu to go to Menu 15 - NAT Setup. 2 Enter 2 to display Menu 15.2 - NAT Server Setup as shown next. Figure 173 Menu 15.2.1 NAT Server Setup Menu 15.2 - NAT Server Setup...
Figure 174 Multiple Servers Behind NAT Example 30.5 General NAT Examples The following are some examples of NAT configuration. 30.5.1 Example 1: Internet Access Only In the following Internet access example, you only need one rule where the ILAs (Inside Local Addresses) of computers A through D map to one dynamic IGA (Inside Global Address) assigned by your ISP.
P-335 Series User’s Guide Figure 175 NAT Example 1 Figure 176 Menu 4 Internet Access & NAT Example ISP's Name= MyISP Encapsulation= Ethernet Service Type= Standard My Login= N/A My Password= N/A Retype to Confirm= N/A Login Server= N/A Relogin Every (min)= IP Address Assignment= Dynamic IP Address= N/A IP Subnet Mask= N/A...
Figure 177 NAT Example 2 In this case, you do exactly as above (use the convenient pre-configured SUA Only set) and also go to menu 15.2 to specify the Inside Server behind the NAT as shown in the next figure. Figure 178 Menu 15.2.1 Specifying an Inside Server Rule Start Port No.
P-335 Series User’s Guide 4 You also map your third IGA to the web server and mail server on the LAN. Type Server allows you to specify multiple servers, of different types, to other computers behind NAT on the LAN. The example situation looks somewhat like this: Figure 179 NAT Example 3 1 In this case you need to configure Address Mapping Set 1 from Menu 15.1 - Address...
Figure 180 NAT Example 3: Menu 11.3 Menu 11.3 - Remote Node Network Layer Options Enter here to CONFIRM or ESC to CANCEL: The following figures show how to configure the first rule. Chapter 30 Network Address Translation (NAT) IP Address Assignment= Dynamic IP Address= N/A IP Subnet Mask= N/A Gateway IP Addr= N/A...
P-335 Series User’s Guide Figure 181 Example 3: Menu 15.1.1.1 Menu 15.1.1.1 Address Mapping Rule Press ENTER to Confirm or ESC to Cancel: Press Space Bar to Toggle. Figure 182 Example 3: Final Menu 15.1.1 Menu 15.1.1 - Address Mapping Rules Set Name= NAT_SET Local Start IP --------------- -------------- --------------- --------------- ------...
Figure 183 Example 3: Menu 15.2 Menu 15.2 - NAT Server Setup Rule Start Port No. --------------------------------------------------- Press ENTER to Confirm or ESC to Cancel: HTTP:80 FTP:21 Telnet:23 SMTP:25 POP3:110 PPTP:1723 30.5.4 Example 4: NAT Unfriendly Application Programs Some applications do not support NAT Mapping using TCP or UDP port address translation. In this case it is better to use Many-to-Many No Overload mapping as port numbers do not change for Many-to-Many No Overload (and One-to-One) NAT mapping types.
P-335 Series User’s Guide Figure 185 Example 4: Menu 15.1.1.1 Address Mapping Rule. Menu 15.1.1.1 Address Mapping Rule Press ENTER to Confirm or ESC to Cancel: After you’ve configured your rule, you should be able to check the settings in menu 15.1.1 as shown next.
Figure 187 Menu 15.3 Trigger Port Setup Menu 15.3 - Trigger Port Setup Rule Name ---------------------------------------------------------------------- Real Audio The following table describes the fields in this screen. Table 127 Menu 15.3 Trigger Port Setup FIELD DESCRIPTION Rule This is the rule index number. Name Enter a unique name for identification purposes.
This chapter shows you how to get started with the Prestige firewall. 31.1 Remote Management and the Firewall When SMT menu 24.11 is configured to allow management (see the Remote Management chapter) and the firewall is enabled: • The firewall blocks remote management from the WAN unless you configure a firewall rule to allow it.
P-335 Series User’s Guide Figure 188 Menu 21.2 Firewall Setup The firewall protects against Denial of Service (DoS) attacks when it is active. Your network is vulnerable to attacks when the firewall is turned off. Refer to the User's Guide for details about the firewall default policies.
This chapter introduces the VPN SMT menus. 32.1 VPN/IPSec Overview The VPN/IPSec main SMT menu has these main submenus: 1 Define VPN policies in menu 27.1 submenus, including security policies, endpoint IP addresses, peer IPSec router IP address and key management. 2 Menu 27.2 - SA Monitor allows you to manage (refresh or disconnect) your SA connections.
P-335 Series User’s Guide Figure 190 Menu 27 VPN/IPSec Setup Menu 27 - VPN/IPSec Setup 1. IPSec Summary 2. SA Monitor Enter Menu Selection Number: 32.2 IPSec Summary Screen Type 1 in menu 27 and then press [ENTER] to display Menu 27.1 IPSec Summary. This is a summary read-only menu of your IPSec rules (tunnels).
Page 319
Table 128 Menu 27.1 IPSec Summary FIELD Local Addr When the Addr Type field in Menu 27.1.1 IPSec Setup is configured to Single, this is a Start static IP address on the LAN behind your Prestige. When the Addr Type field in Menu 27.1.1 IPSec Setup is configured to Range, this is the beginning (static) IP address, in a range of computers on the LAN behind your Pres- tige.
Page 320
P-335 Series User’s Guide Table 128 Menu 27.1 IPSec Summary FIELD Remote Addr When the Addr Type field in Menu 27.1.1 IPSec Setup is configured to Single, this is the same (static) IP address as in the Remote Addr Start field. When the Addr Type field in Menu 27.1.1 IPSec Setup is configured to Range, this is the end (static) IP address, in a range of computers on the network behind the remote IPSec router.
Figure 192 Menu 27.1.1 IPSec Setup Index= 1 Active= Yes Local ID type My IP Addr= 0.0.0.0 Peer ID type= IP Secure Gateway Address= zw50test.zyxel.com.tw Protocol= 0 Local: Addr Type= SINGLE Local IP Addr= 1.1.1.1 Port Start= 0 Addr Type= SUBNET Remote: IP Addr Start= 4.4.4.4 Port Start= 0...
Page 322
P-335 Series User’s Guide Table 129 Menu 27.1.1 IPSec Setup FIELD DESCRIPTION Content When you select IP in the Local ID Type field, type the IP address of your computer or leave the field blank to have the Prestige automatically use its own IP address. When you select DNS in the Local ID Type field, type a domain name (up to 31 char- acters) by which to identify this Prestige.
Page 323
Table 129 Menu 27.1.1 IPSec Setup FIELD DESCRIPTION Port Start 0 is the default and signifies any port. Type a port number from 0 to 65535. You cannot create a VPN tunnel if you try to connect using a port number that does not match this port number or range of port numbers.
P-335 Series User’s Guide Table 129 Menu 27.1.1 IPSec Setup FIELD DESCRIPTION Enable Replay As a VPN setup is processing intensive, the system is vulnerable to Denial of Service Detection (DoS) attacks The IPSec receiver can detect and reject old or duplicate packets to pro- tect against replay attacks.
Figure 193 Menu 27.1.1.1 IKE Setup Press Space Bar to Toggle. The following table describes the fields in this menu. Table 130 Menu 27.1.1.1 IKE Setup FIELD DESCRIPTION Phase 1 Negotiation Press [SPACE BAR] to choose from Main or Aggressive and then press [ENTER]. Mode See earlier for a discussion of these modes.
P-335 Series User’s Guide Table 130 Menu 27.1.1.1 IKE Setup FIELD DESCRIPTION Authentication MD5 (Message Digest 5) and SHA1 (Secure Hash Algorithm) are hash algorithms Algorithm used to authenticate packet data. The SHA1 algorithm is generally considered stron- ger than MD5, but is slightly slower. Press [SPACE BAR] to choose from SHA1 or MD5 and then press [ENTER].
32.4.1 Active Protocol This field is a combination of mode and security protocols used for the VPN. See the Web Configurator part on VPN for more information on these parameters. Table 131 Active Protocol: Encapsulation and Security Protocol MODE Tunnel Transport 32.4.2 Security Parameter Index (SPI) To edit this menu, move the cursor to the Edit Manual Setup field in Menu 27.1.1 –...
Page 328
P-335 Series User’s Guide Table 132 Menu 27.1.1.2 Manual Setup FIELD DESCRIPTION Encryption Press [SPACE BAR] to choose from NULL, 3DES or DES and then press [ENTER]. Algorithm Fill in the Key1 field below when you choose DES and fill in fields Key1 to Key3 when you choose 3DES.
This chapter teaches you how to manage your SAs by using the SA Monitor in SMT menu 27.2. 33.1 SA Monitor Overview A Security (SA) is the group of security settings related to a specific VPN tunnel. This menu (shown next) displays active VPN connections. Note: When there is outbound traffic but no inbound traffic, the SA times out automatically after two minutes.
P-335 Series User’s Guide Figure 195 Menu 27.2 SA Monitor Name -------------------------------- Taiwan : 3.3.3.1 – 3.3.3.100 Press ENTER to Confirm or ESC to Cancel: The following table describes the fields in this menu. Table 133 Menu 27.2 SA Monitor FIELD DESCRIPTION This is the security index number.
Page 331
Table 133 Menu 27.2 SA Monitor FIELD DESCRIPTION Select Press [SPACE BAR] to choose from Refresh, Disconnect, None, Next Page, or Previ- Command ous Page and then press [ENTER]. You must select a connection in the next field when you choose the Disconnect command. Refresh displays current active VPN connec- tions.
Page 332
P-335 Series User’s Guide Chapter 33 SA Monitor...
This chapter shows you how to create and apply filters. 34.1 Introduction to Filters Your Prestige uses filters to decide whether to allow passage of a data packet and/or to make a call. There are two types of filter applications: data filtering and call filtering. Filters are subdivided into device and protocol filters, which are discussed later.
P-335 Series User’s Guide 34.1.1 The Filter Structure of the Prestige A filter set consists of one or more filter rules. Usually, you would group related rules, e.g., all the rules for NetBIOS, into a single set and give it a descriptive name. The Prestige allows you to configure up to twelve filter sets with six rules in each set, for a total of 72 filter rules in the system.
Figure 197 Filter Rule Process You can apply up to four filter sets to a particular port to block multiple types of packets. With each filter set having up to six rules, you can have a maximum of 24 rules active for a single port.
P-335 Series User’s Guide Figure 198 Menu 21: Filter and Firewall Setup Menu 21 - Filter and Firewall Setup Enter Menu Selection Number: 2 Enter 1 to bring up the following menu. Figure 199 Menu 21.1: Filter Set Configuration Filter Set # ------ -----------------...
Table 134 Abbreviations Used in the Filter Rules Summary Menu FIELD DESCRIPTION Action Matched. “F” means to forward the packet immediately and skip checking the remaining rules. “D” means to drop the packet. “N“ means to check the next rule. Action Not Matched “F”...
P-335 Series User’s Guide To configure TCP/IP rules, select TCP/IP Filter Rule from the Filter Type field and press [ENTER] to open Menu 21.1.1.1 - TCP/IP Filter Rule, as shown next Figure 200 Menu 21.1.1.1 TCP/IP Filter Rule. The following table describes how to configure your TCP/IP filter rule. Table 136 TCP/IP Filter Rule FIELD DESCRIPTION...
Page 339
Table 136 TCP/IP Filter Rule FIELD DESCRIPTION Source IP Address Enter the source IP Address of the packet you wish to filter. This field is ignored if it is 0.0.0.0. IP Mask Enter the IP mask to apply to the Source: IP Addr. Port # Enter the source port of the packets that you wish to filter.
P-335 Series User’s Guide Figure 201 Executing an IP Filter 34.2.3 Configuring a Generic Filter Rule This section shows you how to configure a generic filter rule. The purpose of generic rules is to allow you to filter non-IP packets. For IP, it is generally easier to use the IP rules directly. For generic rules, the Prestige treats a packet as a byte stream as opposed to an IP or IPX packet.
Figure 202 Menu 21.1.4.1 Generic Filter Rule The following table describes the fields in the Generic Filter Rule menu. Table 137 Generic Filter Rule Menu Fields FIELD DESCRIPTION Filter # This is the filter set, filter rule co-ordinates, i.e., 2,3 refers to the second filter set and the third rule of that set.
P-335 Series User’s Guide Table 137 Generic Filter Rule Menu Fields FIELD DESCRIPTION Action Select the action for a packet matching the rule. Matched Action Not Select the action for a packet not matching the rule. Matched Once you have completed filling in Menu 21.4.1.1 - Generic Filter Rule, press [ENTER] at the message “Press ENTER to Confirm”...
Figure 204 Example Filter: Menu 21.1.3.1 Menu 21.1.3.1 - TCP/IP Filter Rule Press ENTER to Confirm or ESC to Cancel: Press Space Bar to Toggle. • Select Yes from the Active field to activate this rule. • 6 is the TCP IP Protocol. •...
P-335 Series User’s Guide Figure 205 Example Filter Rules Summary: Menu 21.1.3 # A Type - - ---- --------------------------------------------------------- - - - 1 Y IP Pr=6, SA=0.0.0.0, DA=0.0.0.0, DP=23 This shows you that you have configured and activated (A = Y) a TCP/IP filter rule (Type = IP, Pr = 6) for destination telnet ports (DP = 23).
Figure 206 Protocol and Device Filter Sets 34.5 Firewall Versus Filters Firewall configuration is discussed in the firewall chapters of this manual. Further comparisons are also made between filtering, NAT and the firewall. 34.6 Applying a Filter This section shows you where to apply the filter(s) after you design it (them). The Prestige already has filters to prevent NetBIOS traffic from triggering calls, and block incoming telnet, FTP and HTTP connections Note: If you do not activate the firewall, it is advisable to apply filters.
P-335 Series User’s Guide Figure 207 Filtering LAN Traffic Menu 3.1 - LAN Port Filter Setup Press ENTER to Confirm or ESC to Cancel: 34.6.2 Applying Remote Node Filters Go to menu 11.5 (shown below – note that call filter sets are only present for PPPoE encapsulation) and enter the number(s) of the filter set(s) as appropriate.
This chapter explains SNMP Configuration menu 22. 35.1 About SNMP Simple Network Management Protocol is a protocol used for exchanging management information between network devices. SNMP is a member of the TCP/IP protocol suite. Your Prestige supports SNMP agent functionality, which allows a manager station to manage and monitor the Prestige through the network.
P-335 Series User’s Guide The managed devices contain object variables/managed objects that define each piece of information to be collected about a device. Examples of variables include the number of packets received, node port status etc. A Management Information Base (MIB) is a collection of managed objects.
Figure 210 Menu 22 SNMP Configuration Menu 22 - SNMP Configuration Press ENTER to Confirm or ESC to Cancel: The following table describes the SNMP configuration parameters. Table 138 Menu 22 SNMP Configuration FIELD DESCRIPTION SNMP: Get Community Type the Get Community, which is the password for the incoming Get- and GetNext requests from the management station.
P-335 Series User’s Guide Table 139 SNMP Traps TRAP # TRAP NAME linkUp (defined in RFC-1215) authenticationFailure (defined in RFC-1215) whyReboot (defined in ZYXEL-MIB) A trap is sent with the reason of restart before For intentional reboot : The port number is its interface index under the interface group. Table 140 Ports and Permanent Virtual Circuits PVC (PERMANENT PORT...
System Information and This chapter covers the information and diagnostic tools in SMT menus 24.1 to 24.4. These tools include updates on system status, port status, log and trace capabilities and upgrades for the system software. This chapter describes how to use these tools in detail. Type 24 in the main menu to open Menu 24 –...
00:A0:C5:01:21:81 00:A0:C5:01:21:80 WLAN 00:A0:C5:01:21:80 System up Time: Name: P-335/P-335WT.zyxel.com.tw Routing: IP ZyNOS F/W Version: V3.60(JO.3) | 08/13/2005 COMMANDS: 1-Drop WAN 9-Reset Counters The following table describes the fields present in Menu 24.1 — System Maintenance — Status. These fields are READ-ONLY and meant for diagnostic purposes. The upper right corner of the screen shows the time and date according to the format you set in menu 24.10.
Table 141 System Maintenance: Status Menu Fields FIELD ZyNOS F/W Version The ZyNOS Firmware version and the date created. You may enter 1 to drop the WAN connection, 9 to reset the counters or [ESC] to return to menu 24. 36.2 System Information To get to the System Information: 1 Enter 24 to display Menu 24 —...
Displays the system name of your Prestige. This information can be changed in Menu 1 – General Setup. Refers to the routing protocol used. Refers to the ZyNOS (ZyXEL Network Operating System) system firmware version. ZyNOS is a registered trademark of ZyXEL Communications Corporation. Chapter 36 System Information and Diagnosis...
Figure 215 Menu 24.2.2 System Maintenance : Change Console Port Speed Menu 24.2.2 – System Maintenance – Change Console Port Speed Console Port Speed: 9600 Press ENTER to Confirm or ESC to Cancel: 36.3 Log and Trace There are two logging facilities in the Prestige. The first is the error logs and trace records that are stored locally.
P-335 Series User’s Guide 36.3.1.1 CDR CDR Message Format SdcmdSyslogSend ( SYSLOG_CDR, SYSLOG_INFO, String); String = board xx line xx channel xx, call xx, str board = the hardware board ID line = the WAN ID in a board Channel = channel ID within the WAN call = the call reference number which starts from 1 and increments by 1 for each new call str = C01 Outgoing Call dev xx ch xx (dev:device No.
Figure 217 Call-Triggering Packet Example IP Frame: ENET0-RECV Size: Frame Type: IP Header: IP Version Header Length Type of Service Total Length Identification Flags Fragment Offset Time to Live Protocol Header Checksum Source IP Destination IP TCP Header: Source Port Destination Port Sequence Number Ack Number...
P-335 Series User’s Guide Figure 218 Menu 24.4 System Maintenance : Diagnostic Menu 24.4 - System Maintenance - Diagnostic 36.4.1 WAN DHCP DHCP functionality can be enabled on the LAN or WAN as shown in LAN & WAN DHCP. LAN DHCP has already been discussed. The Prestige can act either as a WAN DHCP client (IP Address Assignment field in menu 4 or menu 11.3 is Dynamic and the Encapsulation field in menu 4 or menu 11 is Ethernet) or None, (when you have a static IP).
Page 361
Table 144 System Maintenance Menu Diagnostic FIELD WAN DHCP Renewal Internet Setup Test Reboot System Host IP Address= Enter the number of the selection you would like to perform or press [ESC] to cancel. Chapter 36 System Information and Diagnosis DESCRIPTION Enter 3 to renew your WAN DHCP settings.
Page 362
P-335 Series User’s Guide Chapter 36 System Information and Diagnosis...
Firmware and Configuration File This chapter tells you how to backup and restore your configuration file as well as upload new firmware and configuration files. 37.1 Filename Conventions The configuration file (often called the romfile or rom-0) contains the factory default settings in the menus such as password, DHCP Setup, TCP/IP Setup, etc.
P-335 Series User’s Guide The following table is a summary. Please note that the internal filename refers to the filename on the Prestige and the external filename refers to the filename not on the Prestige, that is, on your computer, local network or FTP site and so the name (but not the extension) may vary. After uploading new firmware, see the ZyNOS F/W Version field in Menu 24.2.1 –...
Figure 220 Telnet in Menu 24.5 Menu 24.5 - System Maintenance - Backup Configuration To transfer the configuration file to your workstation, follow the procedure below: 1. Launch the FTP client on your workstation. 2. Type "open" and the IP address of your Prestige. Then type "root" and SMT password as requested.
P-335 Series User’s Guide 37.2.3 Example of FTP Commands from the Command Line Figure 221 FTP Session Example 331 Enter PASS command Password: 230 Logged in ftp> bin 200 Type I OK ftp> get rom-0 zyxel.rom 200 Port command okay 150 Opening data connection for STOR ras 226 File received OK ftp: 16384 bytes sent in 1.10Seconds 297.89Kbytes/sec.
37.2.6 Backup Configuration Using TFTP The Prestige supports the up/downloading of the firmware and the configuration file using TFTP (Trivial File Transfer Protocol) over LAN. Although TFTP should work over WAN as well, it is not recommended. To use TFTP, your computer must have both telnet and TFTP clients. To backup the configuration file, follow the procedure shown next.
P-335 Series User’s Guide 37.2.8 GUI-based TFTP Clients The following table describes some of the fields that you may see in GUI-based TFTP clients. Table 147 General Commands for GUI-based TFTP Clients COMMAND DESCRIPTION Host Enter the IP address of the Prestige. 192.168.1.1 is the Prestige’s default IP address when shipped.
Figure 222 Telnet into Menu 24.6. Menu 24.6 -- System Maintenance - Restore Configuration To transfer the firmware and configuration file to your workstation, follow the procedure below: 1. Launch the FTP client on your workstation. 2. Type "open" and the IP address of your Prestige. Then type "root" and SMT password as requested.
P-335 Series User’s Guide 37.3.2 Restore Using FTP Session Example Figure 223 Restore Using FTP Session Example ftp> put config.rom rom-0 200 Port command okay 150 Opening data connection for STOR rom-0 226 File received OK 221 Goodbye for writing flash ftp: 16384 bytes sent in 0.06Seconds 273.07Kbytes/sec.
Figure 224 Telnet Into Menu 24.7.1 Upload System Firmware Menu 24.7.1 - System Maintenance - Upload System Firmware To upload the system firmware, follow the procedure below: 1. Launch the FTP client on your workstation. 2. Type "open" and the IP address of your system. Then type "root" and SMT password as requested.
P-335 Series User’s Guide 4 Enter your password as requested (the default is “1234”). 5 Enter “bin” to set transfer mode to binary. 6 Use “put” to transfer files from the computer to the Prestige, for example, “put firmware.bin ras” transfers the firmware on your computer (firmware.bin) to the Prestige and renames it “ras”.
3 Enter the command “sys stdio 0” to disable the console timeout, so the TFTP transfer will not be interrupted. Enter “command sys stdio 5” to restore the five-minute console timeout (default) when the file transfer is complete. 4 Launch the TFTP client on your computer and connect to the Prestige. Set the transfer mode to binary before starting data transfer.
Page 374
P-335 Series User’s Guide Chapter 37 Firmware and Configuration File Maintenance...
This chapter leads you through SMT menus 24.8 to 24.10. 38.1 Command Interpreter Mode The Command Interpreter (CI) is a part of the main system firmware. The CI provides much of the same functionality as the SMT, while adding some low-level setup and diagnostic functions.
A list of commands can be found by typing help or ? at the command prompt. Always type the full command. Type exit to return to the SMT main menu when finished. Figure 228 Valid Commands Copyright (c) 1994 - 2005 ZyXEL Communications Corp. P-335/P-335WT> ? Valid commands are: exit...
Figure 230 Budget Management Remote Node 1.MyISP The total budget is the time limit on the accumulated time for outgoing calls to a remote node. When this limit is reached, the call will be dropped and further outgoing calls to that remote node will be blocked.
P-335 Series User’s Guide Figure 231 Menu 24.9.2 - Call History Phone Number The following table describes the fields in this menu. Table 149 Call History Fields FIELD DESCRIPTION Phone Number The PPPoE service names are shown here. This shows whether the call was incoming or outgoing. Rate This is the transfer rate of the call.
Figure 232 Menu 24: System Maintenance Menu 24 - System Maintenance 10. Time and Date Setting 11. Remote Management Setup Enter Menu Selection Number: Enter 10 to go to Menu 24.10 - System Maintenance - Time and Date Setting to update the time and date settings of your Prestige as shown in the following screen.
P-335 Series User’s Guide Figure 233 Menu 24.10 System Maintenance: Time and Date Setting Menu 24.10 - System Maintenance - Time and Date Setting Time Protocol= NTP (RFC-1305) Time Server Address= time-b.nist.gov Current Time: New Time (hh:mm:ss): Current Date: New Date (yyyy-mm-dd): Time Zone= GMT Daylight Saving= No Start Date (mm-dd):...
Table 150 Time and Date Setting Fields FIELD DESCRIPTION End Date Enter the month and day that your daylight-savings time ends on if you selected Yes in the Daylight Saving field. Once you have filled in this menu, press [ENTER] at the message “Press ENTER to Confirm or ESC to Cancel“...
Page 382
P-335 Series User’s Guide Chapter 38 System Maintenance...
39.1 Remote Management Remote management allows you to determine which services/protocols can access which Prestige interface (if any) from which computers. You may manage your Prestige from a remote location via: • Internet (WAN only) • LAN only To disable remote management of a service, select Disable in the corresponding Server Access field.
P-335 Series User’s Guide Figure 234 Menu 24.11 – Remote Management Control Menu 24.11 - Remote Management Control TELNET Server: FTP Server: Web Server: SNMP Service: DNS Service: The following table describes the fields in this screen. Table 151 Menu 24.11 – Remote Management Control FIELD DESCRIPTION Telnet Server...
Page 385
3 The IP address in the Secure Client IP field (menu 24.11) does not match the client IP address. If it does not match, the Prestige will disconnect the session immediately. 4 There is an SMT console session running. 5 There is already another remote management session with an equal or higher priority running.
Page 386
P-335 Series User’s Guide Chapter 39 Remote Management...
Call scheduling (applicable for PPPoA or PPPoE encapsulation only) allows you to dictate when a remote node should be called and for how long. 40.1 Introduction to Call Scheduling The call scheduling feature allows the Prestige to manage a remote node and dictate when a remote node should be called and for how long.
P-335 Series User’s Guide You can design up to 12 schedule sets but you can only apply up to four schedule sets for a remote node. To setup a schedule set, select the schedule set you want to setup from menu 26 (1-12) and press [ENTER] to see Menu 26.1 —...
Table 152 Menu 26.1 Schedule Set Setup FIELD DESCRIPTION Start Time Enter the start time when you wish the schedule set to take effect in hour-minute format. Duration Enter the maximum length of time this connection is allowed in hour-minute format. Action Forced On means that the connection is maintained whether or not there is a demand call on the line and will persist for the time period specified in the Duration field.
Page 390
P-335 Series User’s Guide Chapter 40 Call Scheduling...
This chapter covers potential problems and the corresponding remedies. 41.1 Problems Starting Up the Prestige Table 153 Troubleshooting Starting Up Your Prestige PROBLEM CORRECTIVE ACTION None of the Make sure that the Prestige’s power adaptor is connected to the Prestige and plugged LEDs turn on in to an appropriate power source.
P-335 Series User’s Guide 41.3 Problems with the WAN Table 155 Troubleshooting the WAN PROBLEM CORRECTIVE ACTION The WAN LED is Check the connections between the Prestige WAN port and the cable/DSL modem off. or ethernet jack. Check whether your cable/DSL device requires a crossover or straight-through cable.
41.4 Problems Accessing the Prestige Table 156 Troubleshooting Accessing the Prestige PROBLEM CORRECTIVE ACTION I cannot The username is “admin”. The default password is “1234”. The Password and access the Username fields are case-sensitive. Make sure that you enter the correct password Prestige.
P-335 Series User’s Guide Table 157 Troubleshooting Restricted Web Pages and Keyword Blocking PROBLEM CORRECTIVE ACTION Parental Restart the device to clear the cache. Control is The content filter server may be unavailable. The View Logs screen can display configured content filtering log messages.
• Java permissions (enabled by default). Note: Internet Explorer 6 screens are used here. Screens for other Internet Explorer versions may vary. 41.5.1.1 Internet Explorer Pop-up Blockers You may have to disable pop-up blocking to log into your device. Either disable pop-up blocking (enabled by default in Windows XP SP (Service Pack) 2) or allow pop-up blocking and create an exception for your device’s IP address.
P-335 Series User’s Guide Figure 239 Internet Options 3 Click Apply to save this setting. 41.5.1.1.2 Enable pop-up Blockers with Exceptions Alternatively, if you only want to allow pop-up windows from your device, see the following steps. 1 In Internet Explorer, select Tools, Internet Options and then the Privacy tab. 2 Select Settings…to open the Pop-up Blocker Settings screen.
Figure 240 Internet Options 3 Type the IP address of your device (the web page that you do not want to have blocked) with the prefix “http://”. For example, http://192.168.1.1. 4 Click Add to move the IP address to the list of Allowed sites. Note: If you change the IP address of your device, make sure that the new address matches the address you type in the Pop-up Blocker Settings screen.
P-335 Series User’s Guide Figure 241 Pop-up Blocker Settings 5 Click Close to return to the Privacy screen. 6 Click Apply to save this setting. 41.5.1.2 JavaScripts If pages of the web configurator do not display properly in Internet Explorer, check that JavaScripts are allowed.
P-335 Series User’s Guide Figure 242 Internet Options 2 Click the Custom Level... button. 3 Scroll down to Scripting. 4 Under Active scripting make sure that Enable is selected (the default). 5 Under Scripting of Java applets make sure that Enable is selected (the default). 6 Click OK to close the window.
P-335 Series User’s Guide Figure 243 Security Settings - Java Scripting 41.5.1.3 Java Permissions 1 From Internet Explorer, click Tools, Internet Options and then the Security tab. 2 Click the Custom Level... button. 3 Scroll down to Microsoft VM. 4 Under Java permissions make sure that a safety level is selected. 5 Click OK to close the window.
Figure 244 Security Settings - Java 41.5.1.3.1 JAVA (Sun) 1 From Internet Explorer, click Tools, Internet Options and then the Advanced tab. 2 Make sure that Use Java 2 for <applet> under Java (Sun) is selected. 3 Click OK to close the window. Chapter 41 Troubleshooting P-335 Series User’s Guide...
P-335 Series User’s Guide Figure 245 Java (Sun) 41.5.2 ActiveX Controls in Internet Explorer If ActiveX is disabled, you will not be able to download ActiveX controls or to use Trend Micro Security Serivces. Make sure that ActiveX controls are allowed in Internet Explorer. Screen shots for Internet Explorer 6 are shown.
P-335 Series User’s Guide Figure 246 Internet Options Security 3 Scroll down to ActiveX controls and plug-ins. 4 Under Download signed ActiveX controls select the Prompt radio button. 5 Under Run ActiveX controls and plug-ins make sure the Enable radio button is selected.
255.255.255.0 (24 bits) 1234 192.168.1.32 to 192.168.1.64 P-335: (150 W) x (190 D) x (22 H) mm P-335WT: (190 W) x (133 D) x (32 H) mm P-335: 381g P-335WT: 424g 12VDC 1A Four auto-negotiating, auto MDI/MDI-X 10/100 Mbps RJ-45 Ethernet ports 0º...
Page 406
P-335 Series User’s Guide Table 161 Firmware (continued) Management Wireless (P-335WT only) Firewall NAT/SUA Trend Micro Security Service Content Filtering Static Routes Other Features Embedded Web Configurator Menu-driven SMT (System Management Terminal) management CLI (Command Line Interpreter) Remote Management via Telnet or Web SNMP manageable FTP for firmware downloading, configuration backup and restoration.
PPPoE in Action An ADSL modem bridges a PPP session over Ethernet (PPP over Ethernet, RFC 2516) from your computer to an ATM PVC (Permanent Virtual Circuit) which connects to a DSL Access Concentrator where the PPP session terminates (see the next figure). One PVC can support any number of PPP sessions from your LAN.
P-335 Series User’s Guide Figure 248 Single-Computer per Router Hardware Configuration How PPPoE Works The PPPoE driver makes the Ethernet appear as a serial link to the computer and the computer runs PPP over it, while the modem bridges the Ethernet frames to the Access Concentrator (AC).
What is PPTP? PPTP (Point-to-Point Tunneling Protocol) is a Microsoft proprietary protocol (RFC 2637 for PPTP is informational only) to tunnel PPP frames. How can we transport PPP frames from a computer to a broadband modem over Ethernet? A solution is to build PPTP into the ANT (ADSL Network Termination) where PPTP is used only over the short haul between the computer and the modem over Ethernet.
P-335 Series User’s Guide PPTP Protocol Overview PPTP is very similar to L2TP, since L2TP is based on both PPTP and L2F (Cisco’s Layer 2 Forwarding). Conceptually, there are three parties in PPTP, namely the PNS (PPTP Network Server), the PAC (PPTP Access Concentrator) and the PPTP user. The PNS is the box that hosts both the PPP and the PPTP stacks and forms one end of the PPTP tunnel.
Figure 252 Example Message Exchange between Computer and an ANT PPP Data Connection The PPP frames are tunneled between the PNS and PAC over GRE (General Routing Encapsulation, RFC 1701, 1702). The individual calls within a tunnel are distinguished using the Call ID field in the GRE header.
Page 412
P-335 Series User’s Guide Appendix C PPTP...
This appendix shows you how to set up a print server for the following operating systems: • Windows 95 • Windows 98 • Windows 98 SE (Second Edition) • Windows ME • Windows 2000 • Windows XP • Windows NT 4.0 •...
P-335 Series User’s Guide Installation Requirements To install the print server driver you will need the following requirements • Microsoft Windows 95, Windows 98 SE (Second Edition), Windows ME, Windows NT 4.0, Windows 2000, Windows XP or Macintosh OS X •...
P-335 Series User’s Guide Figure 254 Network Print Server Setup Wizard : Welcome 4 The Select A Print Server screen displays. The wizard automatically detects whether or not a print server is connected to your computer. Make sure that your Prestige is correctly connected and a compatible USB printer is connected to the Prestige.
P-335 Series User’s Guide Figure 255 Network Print Server Setup Wizard : Select A Print Server 5 The Change Settings screen displays. Select the Yes, I want to change settings radio button, type a password and click Next to change your print server settings. Alternatively select No, I don’t want to change settings and click Next to use the current print server settings and continue with the wizard.
P-335 Series User’s Guide Figure 256 Network Print Server Setup Wizard : Change Settings 6 Select the printer which is connected to the Prestige USB port. 7 Click Next to continue. Appendix D Print Server...
P-335 Series User’s Guide Figure 257 Network Print Server Setup Wizard : Select A Printer 8 If your printer is not listed, you can use the pop-up help dialog box to guide you through the add printer process. After you have added a printer, the Select A Printer screen displays again.
P-335 Series User’s Guide Figure 259 Network Print Server Setup Wizard : Summary 10Click Finish to save and close your Network Print Server Setup Wizard. Your print server setup is complete. Figure 260 Network Print Server Setup Wizard : Installation Complete Appendix D Print Server...
P-335 Series User’s Guide Windows 95/98/ME/NT/2000/XP : Print Server Setup Wizard The following Setup Wizard for Windows 98/ME/NT/2000/XP uses a print server protocol called Line Printer Daemon (LPD). You must use this wizard if you want to set up your network print server on the following operating systems: •...
Figure 262 Network Print Monitor Setup : Welcome 4 The Choose Destination Location screen displays. Choose a file location to install your print monitor and click Next to continue. Figure 263 Network Print Monitor Setup : Location 5 The Setup Complete screen displays. Click Finish to save your settings and close the wizard.
P-335 Series User’s Guide Figure 264 Network Print Monitor Setup : Complete Windows 2000/NT/XP : Computer Wizard Use the following wizard if you do not want to use the provided setup wizards.Windows 95, Windows 98, Windows 98 SE (Second Edition) and Windows ME have similar print server setups.
Figure 266 Add Printer Wizard Welcome Screen 4 Select the Local printer radio button. 5 Click Next to continue. Figure 267 Local Printer Screen 6 Select the Create a new port radio button. 7 Choose Standard TCP/IP Port from the Type drop-down list box. 8 Click Next to continue.
P-335 Series User’s Guide Figure 268 Select Printer Port Screen 9 Follow the on-screen instructions and click Next to continue. Figure 269 Add Standard TCP/IP Printer Port Screen 10 Type the IP Address of your Prestige. A default Port Name displays as you type the IP Address.
Figure 270 Add Port Screen 12 Select the Custom radio button and click the Settings… button. Fill in additional print server port information in the following screen. Figure 271 Additional Port Information Screen 13 Select the LPR radio button as the printing Protocol. 14 Type LP1 in the LPR Settings Queue Name field.
P-335 Series User’s Guide Figure 272 Port Settings Screen 16 Make sure that your printer port settings are correct. Click the Finish button to complete printer TCP/IP and port set up and then return to the Add Printer Wizard. Figure 273 Add Standard TCP/IP Printer Port Complete 17 Select the make of the printer that you want to connect to the print server in the Manufacturers list of printers.
Figure 274 Add Printer Screen 21 If the following screen displays, select Keep existing driver radio button if you already have a printer driver installed on your computer and you do not want to change it. 22 Click Next to continue. Figure 275 Use Existing Driver Screen 23 Type a name to identify the printer and then click Next to continue.
P-335 Series User’s Guide Figure 276 Name Your Printer Screen 24 Select the Do not share this printer radio button. 25 Click Next to proceed to the following screen. Figure 277 Printer Sharing Screen 26 These fields are optional. Type where your printer is located in the Location field. Type additional information about the printer in the Comment field.
Figure 278 Location and Comment Screen 28 Select the Yes radio button and then click the Next button if you want to print a test page. A pop-up screen displays to ask if the test page printed correctly. Otherwise select the No radio button and then click Next to continue.
P-335 Series User’s Guide Figure 280 Add Printer Wizard Complete Macintosh OS X Use the following steps to set up a print server on your Macintosh computer. 1 Click the Print Center icon continue. If the Print Center icon is not in the Macintosh Dock proceed to the next step. 2 On your desktop, double-click the Macintosh HD icon to open the Macintosh HD window.
Figure 283 Applications Folder 5 Double-click the Print Center icon. Figure 284 Utilities Folder 6 Click the Add icon at the top of the screen. Figure 285 Printer List Folder 7 Set up your printer in the Printer List configuration screen. Select IP Printing from the drop-down list box.
P-335 Series User’s Guide Figure 286 Printer Configuration 12Click Add to select a printer model, save and close the Printer List configuration screen. Figure 287 Printer Model 13The Name “LP1 on 192.168.1.1” displays in the Printer List field. The default printer Name displays in bold type.
P-335 Series User’s Guide Figure 288 Print Server 14Your Macintosh print server set up is complete. You can now use the Prestige’s print server to print from a Macintosh computer. Refer to the “Print Server” on page 249 information on your Prestige print server configuration screen. Appendix D Print Server...
Page 434
P-335 Series User’s Guide Appendix D Print Server...
This appendix provides details on the print server interface and system requirements. Table 162 Print Server Interface PRINT SERVER INTERFACE Table 163 Print Server Requirements and Specifications PRINT SERVER REQUIREMENTS AND SPECIFICATIONS Network Operating System Support Network Protocol Support DHCP (client) Support Management a.
The following describes the NetBIOS packet filter commands. Introduction NetBIOS (Network Basic Input/Output System) are TCP or UDP broadcast packets that enable a computer to connect to and communicate with a LAN. For some dial-up services such as PPPoE or PPTP, NetBIOS packets cause unwanted calls. You can configure NetBIOS filters to do the following : •...
P-335 Series User’s Guide The filter types and their default settings are as follows. Table 165 NetBIOS Filter Default Settings NAME DESCRIPTION This field displays whether NetBIOS packets are blocked or forwarded Between LAN between the LAN and the WAN. and WAN This field displays whether NetBIOS packets sent through a VPN IPSec...
Configure centralized logs using the embedded web configurator; see online help for details. This appendix provides descriptions of example log messages. Table 166 System Error logs LOG MESSAGE %s exceeds the max. number of session per host! Table 167 System Maintenance Logs LOG MESSAGE Time calibration is successful...
P-335 Series User’s Guide Table 168 UPnP Logs LOG MESSAGE UPnP pass through Firewall Table 169 ICMP Type and Code Explanations TYPE CODE DESCRIPTION UPnP packets can pass through the firewall. DESCRIPTION Echo Reply Echo reply message Destination Unreachable Net unreachable Host unreachable Protocol unreachable Port unreachable...
Setting up Your Computer’s IP Address All computers must have a 10M or 100M Ethernet adapter card and TCP/IP installed. Windows 95/98/Me/NT/2000/XP, Macintosh OS 7 and later operating systems and all versions of UNIX/LINUX include the software components you need to install and use TCP/ IP on your computer.
P-335 Series User’s Guide Figure 289 WIndows 95/98/Me: Network: Configuration Installing Components The Network window Configuration tab displays a list of installed components. You need a network adapter, the TCP/IP protocol and Client for Microsoft Networks. If you need the adapter: 1 In the Network window, click Add.
3 Select Microsoft from the list of manufacturers. 4 Select Client for Microsoft Networks from the list of network clients and then click 5 Restart your computer so the changes you made take effect. Configuring 1 In the Network window Configuration tab, select your network adapter's TCP/IP entry and click Properties 2 Click the IP Address tab.
P-335 Series User’s Guide Figure 291 Windows 95/98/Me: TCP/IP Properties: DNS Configuration 4 Click the Gateway tab. • • 5 Click OK to save and close the TCP/IP Properties window. 6 Click OK to close the Network window. Insert the Windows CD if prompted. 7 Turn on your Prestige and restart your computer when prompted.
Figure 292 Windows XP: Start Menu 2 For Windows XP, click Network Connections. For Windows 2000/NT, click Network and Dial-up Connections. Figure 293 Windows XP: Control Panel 3 Right-click Local Area Connection and then click Properties. Appendix H Setting up Your Computer’s IP Address P-335 Series User’s Guide...
P-335 Series User’s Guide Figure 294 Windows XP: Control Panel: Network Connections: Properties 4 Select Internet Protocol (TCP/IP) (under the General tab in Win XP) and click Properties. Figure 295 Windows XP: Local Area Connection Properties 5 The Internet Protocol TCP/IP Properties window opens (the General tab in Windows XP).
• Figure 296 Windows XP: Advanced TCP/IP Settings 6 If you do not know your gateway's IP address, remove any previously installed gateways in the IP Settings tab and click OK. Do one or more of the following if you want to configure additional IP addresses: •...
P-335 Series User’s Guide 7 In the Internet Protocol TCP/IP Properties window (the General tab in Windows XP): • • Figure 297 Windows XP: Internet Protocol (TCP/IP) Properties 8 Click OK to close the Internet Protocol (TCP/IP) Properties window. 9 Click OK to close the Local Area Connection Properties window. 10Turn on your Prestige and restart your computer (if prompted).
Macintosh OS 8/9 1 Click the Apple menu, Control Panel and double-click TCP/IP to open the TCP/IP Control Panel. Figure 298 Macintosh OS 8/9: Apple Menu 2 Select Ethernet built-in from the Connect via list. Appendix H Setting up Your Computer’s IP Address P-335 Series User’s Guide...
P-335 Series User’s Guide Figure 299 Macintosh OS 8/9: TCP/IP 3 For dynamically assigned settings, select Using DHCP Server from the Configure: list. 4 For statically assigned settings, do the following: • • • • 5 Close the TCP/IP Control Panel. 6 Click Save if prompted, to save changes to your configuration.
• • 3 For dynamically assigned settings, select Using DHCP from the Configure list. Figure 301 Macintosh OS X: Network 4 For statically assigned settings, do the following: • • • • 5 Click Apply Now and close the window. 6 Turn on your Prestige and restart your computer (if prompted).
Page 456
P-335 Series User’s Guide Appendix H Setting up Your Computer’s IP Address...
Wireless LAN Topologies This section discusses ad-hoc and infrastructure wireless LAN topologies. Ad-hoc Wireless LAN Configuration The simplest WLAN configuration is an independent (Ad-hoc) WLAN that connects a set of computers with wireless stations (A, B, C). Any time two or more wireless adapters are within range of each other, they can set up an independent network, which is commonly referred to as an Ad-hoc network or Independent Basic Service Set (IBSS).
P-335 Series User’s Guide Figure 303 Basic Service Set An Extended Service Set (ESS) consists of a series of overlapping BSSs, each containing an access point, with each access point connected together by a wired network. This wired connection between APs is called a Distribution System (DS). This type of wireless LAN topology is called an Infrastructure WLAN.
Figure 304 Infrastructure WLAN Channel A channel is the radio frequency(ies) used by IEEE 802.11a/b/g wireless devices. Channels available depend on your geographical area. You may have a choice of channels (for your region) so you should use a different channel than an adjacent AP (access point) to reduce interference.
P-335 Series User’s Guide Figure 305 RTS/CTS When station A sends data to the AP, it might not know that the station B is already using the channel. If these two stations send data at the same time, collisions may occur when both sets of data arrive at the AP at the same time, resulting in a loss of messages for both stations.
A large Fragmentation Threshold is recommended for networks not prone to interference while you should set a smaller threshold for busy networks or networks that are prone to interference. If the Fragmentation Threshold value is smaller than the RTS/CTS value (see previously) you set then the RTS (Request To Send)/CTS (Clear to Send) handshake will never occur as data frames will be fragmented before they reach RTS/CTS size.
P-335 Series User’s Guide IEEE 802.1x In June 2001, the IEEE 802.1x standard was designed to extend the features of IEEE 802.11 to support extended authentication as well as providing additional accounting and control features. It is supported by Windows XP and a number of network devices. Some advantages of IEEE 802.1x are: •...
• Access-Challenge Sent by a RADIUS server requesting more information in order to allow access. The access point sends a proper response from the user and then sends another Access- Request message. The following types of RADIUS messages are exchanged between the access point and the RADIUS server for user accounting: •...
P-335 Series User’s Guide 3 The wireless station replies with identity information, including username and password. The RADIUS server checks the user information against its user profile database and determines whether or not to authenticate the wireless station. Types of Authentication This appendix discusses some popular authentication types: EAP-MD5, EAP-TLS, EAP- TTLS, PEAP and LEAP.
PEAP (Protected EAP) Like EAP-TTLS, server-side certificate authentication is used to establish a secure connection, then use simple username and password methods through the secured connection to authenticate the clients, thus hiding client identity. However, PEAP only supports EAP methods, such as EAP-MD5, EAP-MSCHAPv2 and EAP-GTC (EAP-Generic Token Card), for client authentication.
P-335 Series User’s Guide Shared key authentication involves a four-message procedure. A wireless station sends a shared key authentication request to the AP, which will then reply with a challenge text message. The wireless station must then use the AP’s default WEP key to encrypt the challenge text and return it to the AP, which attempts to decrypt the message using the AP’s default WEP key.
Page 467
Key differences between WPA(2) and WEP are improved data encryption and user authentication. Encryption Both WPA and WPA2 improve data encryption by using Temporal Key Integrity Protocol (TKIP), Message Integrity Check (MIC) and IEEE 802.1x. In addition to TKIP, WPA2 also uses Advanced Encryption Standard (AES) in the Counter mode with Cipher block chaining Message authentication code Protocol (CCMP) to offer stronger encryption.
P-335 Series User’s Guide Security Parameters Summary Refer to this table to see what other security parameters you should configure for each Authentication Method/ key management protocol type. MAC address filters are not dependent on how you configure these security features. Table 172 Wireless Security Relational Matrix AUTHENTICATION METHOD/ KEY...
Figure 308 Roaming Example The steps below describe the roaming process. 1 As wireless station Y moves from the coverage area of access point P1 to that of access point 2 P2, it scans and uses the signal of access point P2. 3 Access point P2 acknowledges the presence of wireless station Y and relays this information to access point P1 through the wired LAN.
Page 470
P-335 Series User’s Guide Appendix I Wireless LANs...
Antenna Selection and Positioning An antenna couples RF signals onto air. A transmitter within a wireless device sends an RF signal to the antenna, which propagates the signal through the air. The antenna also operates in reverse by capturing RF signals from the air. Choosing the right antennas and positioning them properly increases the range and coverage area of a wireless LAN.
P-335 Series User’s Guide • Omni-directional antennas send the RF signal out in all directions on a horizontal plane. The coverage area is torus-shaped (like a donut) which makes these antennas ideal for a room environment. With a wide coverage area, it is possible to make circular overlapping coverage areas with multiple access points.
Brute-Force Password Guessing The following describes the commands for enabling, disabling and configuring the brute-force password guessing protection mechanism for the password. Table 173 Brute-Force Password Guessing Protection Commands COMMAND DESCRIPTION sys pwderrtm This command displays the brute-force guessing password protection settings. sys pwderrtm 0 This command turns off the password’s protection from brute-force guessing.
Page 474
P-335 Series User’s Guide Appendix K Brute-Force Password Guessing Protection...
The Ideal Setup When the firewall is on, your Prestige acts as a secure gateway between your LAN and the Internet. In an ideal network topology, all incoming and outgoing network traffic passes through the Prestige to protect your LAN against attacks. Figure 309 Ideal Setup The “Triangle Route”...
P-335 Series User’s Guide Figure 310 “Triangle Route” Problem The “Triangle Route” Solutions This section presents you two solutions to the “triangle route” problem. IP Aliasing IP alias allows you to partition your network into logical sections over the same Ethernet interface.
Figure 311 IP Alias Gateways on the WAN Side A second solution to the “triangle route” problem is to put all of your network gateways on the WAN side as the following figure shows. This ensures that all incoming network traffic passes through your Prestige to your LAN.
Page 478
P-335 Series User’s Guide Appendix L Triangle Route...
Page 479
Numerics 110V AC 230V AC 802.1x Abnormal Working Conditions Accessories Active ActiveX 153, 199 Acts of God Address Resolution Protocol (ARP) Airflow Allocated Budget American Wire Gauge Antenna Directional Omni-directional Antenna gain Any IP summary table AP (access point) AT command Authen Authentication Authentication Protocol...
Page 480
P-335 Series User’s Guide Contact Information Contacting Customer Support Content Filtering Days and Times Restrict Web Features Cookies 153, 199 Copyright Correcting Interference Corrosive Liquids Cost Of Transmission Covers CTS (Clear to Send) Customer Support Damage Dampness Danger Dealer Default Defective Denial of Service Denmark, Contact Information...
Page 481
Gas Pipes Gateway Gateway IP Addr Gateway IP Address General Setup General wireless LAN screen Germany, Contact Information Global God, act of Harmful Interference Hidden Menus Hidden node High Voltage Points Hop Count Host HTTP 139, 322 IBSS Idle Timeout IEEE 802.11g 43, 460 IEEE 802.11i...
Page 482
P-335 Series User’s Guide My Password 279, 285 My Server IP Addr Nailed-Up Connection Nailed-up Connection 138, 139, 289, 343 Applying NAT in the SMT Menus Configuring Definitions Examples How NAT Works Mapping Types Non NAT Friendly Application Programs Ordering Rules Server Sets What NAT does Navigation Panel...
Page 483
Registered Registered Trademark Regular Mail Related Documentation Relocate Rem Node Name Re-manufactured Remote Management Firewall Remote Management and NAT Remote Management Limitations 218, 383 Remote Node Filter Removing Reorient Repair 4, 5 Replace Replacement Reproduction Required fields Resetting the Time Restore 5, 256 Restore Configuration...
Page 484
P-335 Series User’s Guide System Maintenance 249, 350, 352, 359, 363, 366, 371, 374, 375, 376, 379 System Name System Timeout Tampering TCP/IP 126, 336, 337, 343 TCP/IP filter rule Telecommunication Line Cord. Telephone Television Interference Television Reception Telnet TFTP File Transfer TFTP Restrictions 218, 365, 383 Thunderstorm...
Page 485
Written Permission www.dyndns.org ZyNOS 2, 352, 363 ZyNOS F/W Version 352, 363 ZyXEL Communications Corporation ZyXEL Home Page ZyXEL Limited Warranty Note ZyXEL Network Operating System Index P-335 Series User’s Guide...
Need help?
Do you have a question about the P-335WT and is the answer not in the manual?
Questions and answers