ZyXEL Communications P-335WT User Manual
ZyXEL Communications P-335WT User Manual

ZyXEL Communications P-335WT User Manual

Firewall router with print server 802.11g wireless firewall router with print server
Hide thumbs Also See for P-335WT:
Table of Contents

Advertisement

P-335
Firewall Router with Print Server
P-335WT
802.11g Wireless Firewall Router with Print Server
User's Guide
Version 3.60
9/2005

Advertisement

Table of Contents
loading
Need help?

Need help?

Do you have a question about the P-335WT and is the answer not in the manual?

Questions and answers

Subscribe to Our Youtube Channel

Summary of Contents for ZyXEL Communications P-335WT

  • Page 1 P-335 Firewall Router with Print Server P-335WT 802.11g Wireless Firewall Router with Print Server User’s Guide Version 3.60 9/2005...
  • Page 3: Copyright

    ZyXEL Communications Corporation. Published by ZyXEL Communications Corporation. All rights reserved.
  • Page 4: Federal Communications Commission (Fcc) Interference Statement

    P-335 Series User’s Guide Federal Communications Commission (FCC) Interference This device complies with Part 15 of FCC rules. Operation is subject to the following two conditions: • This device may not cause harmful interference. • This device must accept any interference received, including interference that may cause undesired operations.
  • Page 5: Safety Warnings

    For your safety, be sure to read and follow all warning notices and instructions. • To reduce the risk of fire, use only No. 26 AWG (American Wire Gauge) or larger telecommunication line cord. • Do NOT open the device or unit. Opening or removing covers can expose you to dangerous high voltage points or other risks.
  • Page 6: Zyxel Limited Warranty

    P-335 Series User’s Guide ZyXEL Limited Warranty ZyXEL warrants to the original end user (purchaser) that this product is free from any defects in materials or workmanship for a period of up to two years from the date of purchase. During the warranty period, and upon proof of purchase, should the product have indications of failure due to faulty workmanship and/or materials, ZyXEL will, at its discretion, repair or replace the defective products or components without charge for either parts or labor, and to whatever...
  • Page 7: Customer Support

    +34 902 195 420 www.zyxel.es +34 913 005 345 +46 31 744 7700 www.zyxel.se +46 31 744 7701 P-335 Series User’s Guide REGULAR MAIL ZyXEL Communications Corp. 6 Innovation Road II Science Park Hsinchu 300 Taiwan ZyXEL Communications Czech s.r.o. Modranská 621 143 01 Praha 4 - Modrany Ceská...
  • Page 8 “+” is the (prefix) number you enter to make an international telephone call. TELEPHONE WEB SITE FTP SITE +44 (0) 1344 303044 www.zyxel.co.uk 08707 555779 (UK only) +44 (0) 1344 303034 ftp.zyxel.co.uk REGULAR MAIL ZyXEL Communications UK Ltd.,11 The Courtyard, Eastern Road, Bracknell, Berkshire, RG12 2XB, United Kingdom (UK) Customer Support...
  • Page 9: Table Of Contents

    2.4.1 Navigation Panel ...52 2.4.2 Summary: Any IP Table ...54 2.4.3 Summary: DHCP Table...55 2.4.4 Summary: Parental Controls Statistics ...55 2.4.5 Summary: Wireless Station Status (P-335WT) ...56 2.4.6 Summary: Bandwidth Management Monitor...57 2.4.7 Summary: Packet Statistics ...57 Table of Contents P-335 Series User’s Guide...
  • Page 10 3.1 Wizard Setup ...60 3.2 Connection Wizard: System Information ...61 3.2.1 System Name ...61 3.2.2 Domain Name ...61 3.3 Connection Wizard: Wireless LAN (P-335WT) ...62 3.3.1 Basic(WEP) Security ...63 3.3.2 Extend(WPA-PSK) and (WPA2-PSK) Security ...65 3.3.3 OTIST ...65 3.4 Connection Wizard: WAN ...66 3.4.1 Ethernet Connection Type ...67...
  • Page 11 5.3 Configuring Wireless LAN on the Prestige ...83 5.4 General Wireless LAN Screen ...84 5.4.1 No Security ...85 5.4.2 WEP Encryption ...86 5.4.3 WEP Encryption Screen ...86 5.4.4 Introduction to WPA and WPA2 ...88 5.4.5 WPA(2)-PSK Application Example ...88 5.4.6 WPA-PSK Authentication Screen ...88 5.4.7 Wireless Client WPA Supplicants ...89 5.4.8 WPA(2) with RADIUS Application Example ...90 5.4.9 WPA Authentication Screen ...90...
  • Page 12 P-335 Series User’s Guide Chapter 7 LAN... 122 7.1 LAN Overview ...122 7.1.1 IP Pool Setup ...122 7.1.2 System DNS Servers ...122 7.2 LAN TCP/IP ...122 7.2.1 Factory LAN Defaults ...122 7.2.2 IP Address and Subnet Mask ...123 7.2.3 RIP Setup ...123 7.2.4 Multicast ...123 7.3 Any IP ...124 7.3.1 How Any IP Works ...125...
  • Page 13 9.7 Trigger Port Forwarding Screen ...144 Chapter 10 Firewall... 146 10.1 Introduction to Firewall ...146 10.1.1 What is a Firewall? ...146 10.1.2 Stateful Inspection Firewall..146 10.1.3 About the Prestige Firewall ...146 10.1.4 Guidelines For Enhancing Security With Your Firewall ...147 10.2 General Firewall Screen ...147 10.3 Services Screen ...148 Chapter 11...
  • Page 14 P-335 Series User’s Guide Chapter 13 VPN Screens... 164 13.1 VPN/IPSec Overview ...164 13.2 IPSec Algorithms ...164 13.2.1 AH (Authentication Header) Protocol ...164 13.2.2 ESP (Encapsulating Security Payload) Protocol ...164 13.3 My IP Address ...165 13.4 Secure Gateway Address ...165 13.4.1 Dynamic Secure Gateway Address ...166 13.5 VPN Summary Screen ...166 13.6 Keep Alive ...168...
  • Page 15 Chapter 15 Static Route Screens ... 202 15.1 Static Route Overview ...202 15.2 IP Static Route Screen ...202 15.2.1 Static Route Setup Screen...203 Chapter 16 Bandwidth Management ... 206 16.1 Bandwidth Management Overview ...206 16.1.1 Application-based Bandwidth Management Example ...206 16.1.2 Subnet-based Bandwidth Management Example ...207 16.1.3 Application and Subnet-based Bandwidth Management Example ...207 16.1.4 Bandwidth Usage Example ...208...
  • Page 16 P-335 Series User’s Guide 18.3 UPnP Screen ...229 18.4 Installing UPnP in Windows Example ...230 18.4.1 Installing UPnP in Windows Me ...231 18.4.2 Installing UPnP in Windows XP ...232 18.5 Using UPnP in Windows XP Example ...232 18.5.1 Auto-discover Your UPnP-enabled Network Device ...234 18.5.2 Web Configurator Easy Access ...235 18.5.3 Web Configurator Easy Access ...236 Chapter 19...
  • Page 17 23.1.2 Entering Password ...260 23.1.3 Prestige SMT Menu Overview ...261 23.2 Navigating the SMT Interface ...262 23.2.1 System Management Terminal Interface Summary ...264 23.3 Changing the System Password ...265 Chapter 24 Menu 1 General Setup ... 266 24.1 General Setup ...266 24.2 Procedure To Configure Menu 1 ...266 24.2.1 Procedure to Configure Dynamic DNS ...268 Chapter 25...
  • Page 18 P-335 Series User’s Guide 28.4 Remote Node Filter ...290 28.4.1 Traffic Redirect Setup ...291 Chapter 29 Static Route Setup ... 294 29.1 IP Static Route Setup ...294 Chapter 30 Network Address Translation (NAT) ... 296 30.1 Using NAT ...296 30.1.1 SUA (Single User Account) Versus NAT ...296 30.2 Applying NAT ...296 30.3 NAT Setup ...298 30.3.1 Address Mapping Sets ...299...
  • Page 19 Chapter 34 Filter Configuration ... 332 34.1 Introduction to Filters ...332 34.1.1 The Filter Structure of the Prestige ...333 34.2 Configuring a Filter Set ...334 34.2.1 Configuring a Filter Rule ...336 34.2.2 Configuring a TCP/IP Filter Rule ...336 34.2.3 Configuring a Generic Filter Rule ...339 34.3 Example Filter ...341 34.4 Filter Types and NAT ...343 34.5 Firewall Versus Filters ...344...
  • Page 20 P-335 Series User’s Guide 37.2.1 Backup Configuration ...363 37.2.2 Using the FTP Command from the Command Line ...364 37.2.3 Example of FTP Commands from the Command Line ...365 37.2.4 GUI-based FTP Clients ...365 37.2.5 TFTP and FTP over WAN Management Limitations ...365 37.2.6 Backup Configuration Using TFTP ...366 37.2.7 TFTP Command Example ...366 37.2.8 GUI-based TFTP Clients ...367...
  • Page 21 41.3 Problems with the WAN ...391 41.4 Problems Accessing the Prestige ...392 41.5 Problems with Restricted Web Pages and Keyword Blocking ...392 41.5.1 Pop-up Windows, JavaScripts and Java Permissions ...393 41.5.1.1 Internet Explorer Pop-up Blockers ...394 41.5.1.2 JavaScripts ...397 41.5.1.3 Java Permissions ...399 41.5.2 ActiveX Controls in Internet Explorer ...401 Appendix A Product Specifications ...
  • Page 22 P-335 Series User’s Guide Table of Contents...
  • Page 23 Figure 3 VPN Application ... 45 Figure 4 Internet Access Application Example ... 46 Figure 5 P-335 Front Panel ... 46 Figure 6 P-335WT Front Panel ... 46 Figure 7 Change Password Screen ... 49 Figure 8 Web Configurator Status Screen ... 50 Figure 9 Summary: Any IP Table ...
  • Page 24 P-335 Series User’s Guide Figure 37 Wireless ... 85 Figure 38 Wireless: No Security ... 86 Figure 39 Wireless: Static WEP Encryption ... 87 Figure 40 WPA(2)-PSK Authentication ... 88 Figure 41 Wireless: WPA-PSK ... 89 Figure 42 WPA(2) with RADIUS Application Example ... 90 Figure 43 Wireless: WPA ...
  • Page 25 P-335 Series User’s Guide Figure 80 Schedule ... 155 Figure 81 Encryption and Decryption ... 159 Figure 82 IPSec Architecture ... 160 Figure 83 Transport and Tunnel Mode IPSec Encapsulation ... 161 Figure 84 IPSec Summary Fields ... 166 Figure 85 Summary ... 167 Figure 86 NAT Router Between IPSec Routers ...
  • Page 26 P-335 Series User’s Guide Figure 123 SNMP Management Model ... 223 Figure 124 SNMP Remote Management ... 225 Figure 125 DNS Remote Management ... 226 Figure 126 Security Remote Management ... 227 Figure 127 Configuring UPnP ... 229 Figure 128 Configuring Print Server ... 241 Figure 129 General ...
  • Page 27 P-335 Series User’s Guide Figure 166 Menu 4 Applying NAT for Internet Access ... 297 Figure 167 Menu 11.3 Applying NAT to the Remote Node ... 298 Figure 168 Menu 15 NAT Setup ... 299 Figure 169 Menu 15.1 Address Mapping Sets ... 299 Figure 170 Menu 15.1.255 SUA Address Mapping Rules ...
  • Page 28 P-335 Series User’s Guide Figure 209 SNMP Management Model ... 346 Figure 210 Menu 22 SNMP Configuration ... 348 Figure 211 Menu 24 System Maintenance ... 350 Figure 212 Menu 24.1 System Maintenance : Status ... 351 Figure 213 Menu 24.2 System Information and Console Port Speed ... 352 Figure 214 Menu 24.2.1 System Maintenance : Information ...
  • Page 29 P-335 Series User’s Guide Figure 252 Example Message Exchange between Computer and an ANT ... 410 Figure 253 Network Print Server Setup Wizard ... 413 Figure 254 Network Print Server Setup Wizard : Welcome ... 414 Figure 255 Network Print Server Setup Wizard : Select A Print Server ... 415 Figure 256 Network Print Server Setup Wizard : Change Settings ...
  • Page 30 P-335 Series User’s Guide Figure 295 Windows XP: Local Area Connection Properties ... 449 Figure 296 Windows XP: Advanced TCP/IP Settings ... 450 Figure 297 Windows XP: Internet Protocol (TCP/IP) Properties ... 451 Figure 298 Macintosh OS 8/9: Apple Menu ... 452 Figure 299 Macintosh OS 8/9: TCP/IP ...
  • Page 31 P-335 Series User’s Guide List of Tables Table 1 Front Panel LEDs ... 46 Table 2 Status Screen Icon Key ... 50 Table 3 Web Configurator Status Screen ... 51 Table 4 Screens Summary ... 52 Table 5 Summary: Any IP Table ... 54 Table 6 Summary: DHCP Table ...
  • Page 32 P-335 Series User’s Guide Table 37 OTIST ... 99 Table 38 MAC Address Filter ... 101 Table 39 Advanced ... 102 Table 40 WMM QoS Priorities ... 103 Table 41 Commonly Used Services ... 104 Table 42 QoS ... 106 Table 43 Application Priority Configuration ...
  • Page 33 P-335 Series User’s Guide Table 80 Virus Protection ... 197 Table 81 Parental Controls ... 199 Table 82 IP Static Route ... 203 Table 83 Static Route Setup ... 204 Table 84 Application and Subnet-based Bandwidth Management Example ... 208 Table 85 Bandwidth Management Priorities ...
  • Page 34 P-335 Series User’s Guide Table 123 Applying NAT in Menus 4 & 11.3 ... 298 Table 124 SUA Address Mapping Rules ... 300 Table 125 Menu 15.1.1 First Set ... 301 Table 126 Menu 15.1.1.1 Editing/Configuring an Individual Rule in a Set ... 302 Table 127 Menu 15.3 Trigger Port Setup ...
  • Page 35 P-335 Series User’s Guide Table 166 System Error logs ... 442 Table 167 System Maintenance Logs ... 442 Table 168 UPnP Logs ... 443 Table 169 ICMP Type and Code Explanations ... 443 Table 170 IEEE802.11g ... 460 Table 171 Comparison of EAP Authentication Types ... 465 Table 172 Wireless Security Relational Matrix ...
  • Page 36 P-335 Series User’s Guide List of Tables...
  • Page 37: Related Documentation

    Congratulations on your purchase of the P-335, Firewall Router with Print Server or the P-335WT, 802.11g Wireless Firewall Router with Print Server. This manual is designed to guide you through the configuration of your Prestige for its various applications. Note: Use the web configurator, System Management Terminal (SMT) or command interpreter interface to configure your Prestige.
  • Page 38: User Guide Feedback

    Help us help you! E-mail all User Guide-related comments, questions or suggestions for improvement to techwriters@zyxel.com.tw or send regular mail to The Technical Writing Team, ZyXEL Communications Corp., 6 Innovation Road II, Science-Based Industrial Park, Hsinchu, 300, Taiwan. Thank you! Syntax Conventions •...
  • Page 39: Getting To Know Your Prestige

    The embedded web configurator is easy to operate. In the Prestige product name, “W” denotes wireless functionality. The P-335WT has an embedded mini-PCI module for 802.11g Wireless LAN connectivity. Note: Only use firmware for your Prestige’s specific model.
  • Page 40: Port Switch

    P-335 Series User’s Guide 10/100 Mbps Auto-negotiating Ethernet/Fast Ethernet Interface(s) This auto-negotiation feature allows the Prestige to detect the speed of incoming transmissions and adjust appropriately without manual intervention. It allows data transfer of either 10 Mbps or 100 Mbps in either half-duplex or full-duplex mode depending on your Ethernet network. Auto-negotiation allows data transfer of 100 Mbps in full-duplex mode Auto-crossover 10/100 Mbps Ethernet Interface(s) These interfaces automatically adjust to either a crossover or straight-through Ethernet cable.
  • Page 41: Ipsec Vpn Capability

    IPSec VPN Capability Establish a Virtual Private Network (VPN) to connect with business partners and branch offices using data encryption and the Internet to provide secure communications without the expense of leased site-to-site lines. The Prestige VPN is based on the IPSec standard and is fully interoperable with other IPSec-based VPN products.
  • Page 42: Pptp Encapsulation

    P-335 Series User’s Guide PPTP Encapsulation Point-to-Point Tunneling Protocol (PPTP) is a network protocol that enables secure transfer of data from a remote client to a private server, creating a Virtual Private Network (VPN) using a TCP/IP-based network. PPTP supports on-demand, multi-protocol and virtual private networking over public networks, such as the Internet.
  • Page 43: Upgrade Prestige Firmware Via Lan

    Port Forwarding Use this feature to forward incoming service requests to a server on your local network. You may enter a single port number or a range of port numbers to be forwarded, and the local IP address of the desired server. DHCP (Dynamic Host Configuration Protocol) DHCP (Dynamic Host Configuration Protocol) allows the individual client computers to obtain the TCP/IP configuration at start-up from a centralized DHCP server.
  • Page 44: Wireless Features (P-335Wt)

    802.11b standard, meaning that you can have both IEEE 802.11b and IEEE 802.11g wireless clients in the same wireless network. Note: The P-335WT may be prone to RF (Radio Frequency) interference from other 2.4 GHz devices such as microwave ovens, wireless phones, Bluetooth enabled devices, and other wireless LANs.
  • Page 45: Applications For The Prestige

    G-Plus G-plus is an enhancement to the IEEE 802.11g wireless standard. It increases wireless transmission speeds by allowing larger frames to be sent. Wireless List With the Wireless List, you can see the list of the wireless stations that are currently using the Prestige to access your wired network.
  • Page 46: Vpn Application

    Internet without the need (and expense) for leased lines between sites. Figure 3 VPN Application 1.3.4 Wireless LAN Application (P-335WT) Add a wireless LAN to your existing network without expensive network cables. Wireless stations can move freely anywhere in the coverage area and use resources on the wired network.
  • Page 47: Front Panel Leds

    Figure 4 Internet Access Application Example 1.4 Front Panel LEDs Figure 5 P-335 Front Panel Figure 6 P-335WT Front Panel The following table describes the LEDs. Table 1 Front Panel LEDs COLOR Green None Chapter 1 Getting to Know Your Prestige...
  • Page 48 P-335 Series User’s Guide Table 1 Front Panel LEDs (continued) COLOR LAN 1-4 Green Amber None Green Amber None WLAN Green None OTIST Green None Green STATUS DESCRIPTION The Prestige has a successful 10Mb Ethernet connection. Blinking The Prestige is sending/receiving data. The Prestige has a successful 100Mb Ethernet connection.
  • Page 49: Introducing The Web Configurator

    This chapter describes how to access the Prestige web configurator and provides an overview of its screens. 2.1 Web Configurator Overview The web configurator is an HTML-based management interface that allows easy Prestige setup and management via Internet browser. Use Internet Explorer 6.0 and later or Netscape Navigator 7.0 and later versions.
  • Page 50: Resetting The Prestige

    P-335 Series User’s Guide Figure 7 Change Password Screen Note: The management session automatically times out when the time period set in the Administrator Inactivity Timer field expires (default five minutes). Simply log back into the Prestige if this happens to you. 2.3 Resetting the Prestige If you forget your password or cannot access the web configurator, you will need to use the RESET button at the back of the Prestige to reload the factory-default configuration file.
  • Page 51: Figure 8 Web Configurator Status Screen

    Figure 8 Web Configurator Status Screen The following table describes the icons shown in the Status screen. Table 2 Status Screen Icon Key ICON DESCRIPTION Select a language from the drop-down list box to have the the web configurator display in that language.
  • Page 52: Table 3 Web Configurator Status Screen

    P-335 Series User’s Guide The following table describes the labels shown in the Status screen. Table 3 Web Configurator Status Screen LABEL DESCRIPTION Device Information System Name This is the System Name you enter in the Maintenance, System, General screen. It is for identification purposes.
  • Page 53: Navigation Panel

    Table 3 Web Configurator Status Screen LABEL DESCRIPTION Summary Any IP Table Use this screen to view a list of IP addresses and MAC addresses of computers, which are not in the same subnet as the Prestige. DHCP Table Use this screen to view current DHCP client information. Parental Control Statistics Use this screen to view a record of attempted entries to web pages or actual entries to web pages from a list of website categories.
  • Page 54 P-335 Series User’s Guide Table 4 Screens Summary LINK DHCP Server General Static DHCP Client List General Port Forwarding Trigger Port Security Firewall General Services Content Filter Filter Summary Rule Setup SA Monitor Global Setting TMSS General Exception List Virus Protection Parental Control Management Static Route...
  • Page 55: Summary: Any Ip Table

    Table 4 Screens Summary LINK UPnP General Print Server Print Server Maintenance System General Dynamic DNS Time Setting Logs View Log Log Settings Tools Firmware Configuration Restart 2.4.2 Summary: Any IP Table Click the Any IP Table (Details...) hyperlink in the Status screen. The Any IP table shows current read-only information (including the IP address and the MAC address) of all network devices that use the Any IP feature to communicate with the Prestige.
  • Page 56: Summary: Dhcp Table

    P-335 Series User’s Guide 2.4.3 Summary: DHCP Table DHCP (Dynamic Host Configuration Protocol, RFC 2131 and RFC 2132) allows individual clients to obtain TCP/IP configuration at start-up from a server. You can configure the Prestige as a DHCP server or disable it. When configured as a server, the Prestige provides the TCP/IP configuration for the clients.
  • Page 57: Summary: Wireless Station Status (P-335Wt)

    Refresh Click Refresh to renew the statistics screen. 2.4.5 Summary: Wireless Station Status (P-335WT) Click the WLAN Station Status (Details...) hyperlink in the Status screen. View the wireless stations that are currently associated to the Prestige in the Association List screen.
  • Page 58: Summary: Bandwidth Management Monitor

    P-335 Series User’s Guide The following table describes the labels in this screen. Table 8 Summary: Wireless Association List LABEL MAC Address Association Time Refresh 2.4.6 Summary: Bandwidth Management Monitor Select the BW MGMT Monitor (Details...) hyperlink in Status screen. View the bandwidth usage of the LAN, WAN and WLAN configured bandwidth rules.
  • Page 59: Summary: Vpn Monitor

    The following table describes the labels in this screen. Table 9 Summary: Packet Statistics LABEL Port Status TxPkts RxPkts Collisions Tx B/s Rx B/s Up Time System Up Time Poll Interval(s) Set Interval Stop 2.4.8 Summary: VPN Monitor Click the VPN Monitor (Details...) hyperlink in the Status screen. Read-only information here includes encapsulation mode and security protocol.
  • Page 60 P-335 Series User’s Guide Table 10 Summary: VPN Monitor TABLE IPSec Algorithm Poll Interval(s) Set Interval Stop DESCRIPTION This field displays the security protocols used for an SA. Both AH and ESP increase Prestige processing requirements and communications latency (delay). Enter the time interval for refreshing statistics in this field.
  • Page 61: Chapter 3 Connection Wizard

    This chapter provides information on the Wizard setup screens in the web configurator. 3.1 Wizard Setup The web configurator’s Wizard setup helps you configure your device to access the Internet. Refer to your ISP (Internet Service Provider) checklist in the Quick Start Guide to know what to enter in each field.
  • Page 62: Connection Wizard: System Information

    P-335 Series User’s Guide Figure 17 Select a Language 6 Read the on-screen information and click Next. Figure 18 Welcome to the Connection Wizard 3.2 Connection Wizard: System Information System Information contains administrative and system-related information. 3.2.1 System Name System Name is for identification purposes. However, because some ISPs check this name you should enter your computer's "Computer Name".
  • Page 63: Connection Wizard: Wireless Lan (P-335Wt)

    DHCP. The domain name entered by you is given priority over the ISP assigned domain name. Next Click Next to proceed to the next screen. 3.3 Connection Wizard: Wireless LAN (P-335WT) Set up your wireless LAN using the following screen. Chapter 3 Connection Wizard P-335 Series User’s Guide...
  • Page 64: Basic(Wep) Security

    P-335 Series User’s Guide Figure 20 Connection Wizard: Wireless LAN The following table describes the labels in this screen. Table 12 Connection Wizard: Wireless LAN LABEL DESCRIPTION Name(SSID) Enter a descriptive name (up to 32 printable 7-bit ASCII characters) for the wireless LAN.
  • Page 65: Figure 21 Basic(Wep) Security

    Figure 21 Basic(WEP) Security The following table describes the labels in this screen. Table 13 Basic(WEP) Security LABEL DESCRIPTION Passphrase Type a Passphrase (up to 32 printable characters) and click Generate. The Prestige automatically generates a WEP key. Select 64-bit WEP, 128-bit WEP or 256-bit WEP to allow data encryption. Encryption ASCII Select this option in order to enter ASCII characters as the WEP keys.
  • Page 66: Extend(Wpa-Psk) And (Wpa2-Psk) Security

    P-335 Series User’s Guide 3.3.2 Extend(WPA-PSK) and (WPA2-PSK) Security Choose Extend(WPA-PSK) or Extend(WPA2-PSK) security in the Wireless LAN setup screen to set up a Pre-Shared Key. Figure 22 Extend(WPA2-PSK) and (WPA2-PSK) Security The following table describes the labels in this screen. Table 14 Extend(WPA2-PSK) and (WPA2-PSK) Security LABEL DESCRIPTION...
  • Page 67: Connection Wizard: Wan

    Figure 23 OTIST The following table describes the labels in this screen. Table 15 OTIST LABEL Do you want to enable OTIST? Setup Key Back Next Refer to the chapter on wireless LAN for more information. 3.4 Connection Wizard: WAN The Prestige offers three Internet connection types.
  • Page 68: Ethernet Connection Type

    P-335 Series User’s Guide Figure 24 Connection Wizard: WAN Connection Type. The following table describes the labels in this screen, Table 16 Connection Wizard: WAN Connection Type CONNECTION TYPE Ethernet PPPoE PPTP 3.4.1 Ethernet Connection Type Choose Ethernet when the WAN port is used as a regular Ethernet. Figure 25 Ethernet Connection Type 3.4.2 PPPoE Connection Type Point-to-Point Protocol over Ethernet (PPPoE) functions as a dial-up connection.
  • Page 69: Pptp Connection Type

    Operationally, PPPoE saves significant effort for both the subscriber and the ISP/carrier, as it requires no specific configuration of the broadband modem at the subscriber’s site. By implementing PPPoE directly on the Prestige (rather than individual computers), the computers on the LAN do not need PPPoE software installed, since the Prestige does that part of the task.
  • Page 70: Your Ip Address

    P-335 Series User’s Guide Figure 27 PPTP Connection Type The following table describes the fields in this screen Table 18 PPTP Connection Type LABEL DESCRIPTION ISP Parameters for Internet Access User Name Type the user name given to you by your ISP. Password Type the password associated with the User Name above.
  • Page 71: Wan Ip Address Assignment

    Figure 28 Your IP Address The following table describes the labels in this screen Table 19 Your IP Address LABEL Get automatically from Use fixed IP address Back Next 3.4.5 WAN IP Address Assignment Every computer on the Internet must have a unique IP address. If your networks are isolated from the Internet, for instance, only between your two branch offices, you can assign any IP addresses to the hosts without problems.
  • Page 72: Ip Address And Subnet Mask

    P-335 Series User’s Guide 3.4.6 IP Address and Subnet Mask Similar to the way houses on a street share a common street name, so too do computers on a LAN share one common network number. Where you obtain your network number depends on your particular situation. If the ISP or your network administrator assigns you a block of registered IP addresses, follow their instructions in selecting the IP addresses and the subnet mask.
  • Page 73: Wan Mac Address

    Figure 29 IP and DNS Server Address Assignment The following table describes the labels in this screen Table 21 IP and DNS Server Address Assignment LABEL WAN IP Address Assignment My WAN IP Address System DNS Server Address Assignment (if applicable) DNS (Domain Name System) is for mapping a domain name to its corresponding IP address and vice versa.
  • Page 74: Connection Wizard Complete

    P-335 Series User’s Guide You can configure the WAN port's MAC address by either using the factory default or cloning the MAC address from a computer on your LAN. Once it is successfully configured, the address will be copied to the "rom" file (ZyNOS configuration file). It will not change unless you change the setting or upload a different "rom"...
  • Page 75: Figure 31 Connection Wizard Complete

    P-335 Series User’s Guide Figure 31 Connection Wizard Complete Well done! You have successfully set up your Prestige to operate on your network and access the Internet. Chapter 3 Connection Wizard...
  • Page 76 P-335 Series User’s Guide Chapter 3 Connection Wizard...
  • Page 77: Bandwidth Management Wizard

    Bandwidth Management Wizard This chapter shows you how to configure basic bandwidth management using the wizard screens. 4.1 Introduction Click the Bandwidth Management wizard option in the wizard language selection screen or click the hyperlink in the final Connection Wizard screen. Bandwidth management allows you to control the amount of bandwidth going out through the Prestige’s WAN port and prioritize the distribution of the bandwidth according to service bandwidth requirements.
  • Page 78: Bandwidth Management Wizard: General

    P-335 Series User’s Guide Table 24 Media Bandwidth Management Setup: Services (continued) SERVICE DESCRIPTION File Transfer Program enables fast transfer of files, including large files that may not be possible by e-mail. FTP uses port number 21. E-Mail Electronic mail consists of messages sent through a computer network to specific groups or individuals.
  • Page 79: Bandwidth Management Wizard: Services

    4.4 Bandwidth Management Wizard: Services Use the second wizard screen to select the services that you want to apply bandwidth management. Figure 34 Bandwidth Management Wizard: Services The following table describes the labels in this screen. Table 26 Bandwidth Management Wizard: Services LABEL DESCRIPTION Choose...
  • Page 80: Bandwidth Management Wizard Complete

    P-335 Series User’s Guide Figure 35 Bandwidth Management Wizard : Priority The following table describes the fields in this screen. Table 27 Bandwidth Management Wizard : Priority LABELS DESCRIPTION Service These fields display the services selected in the previous screen. Priority Select High, Mid or Low priority for each service to have your Prestige use a priority for traffic that matches that service.
  • Page 81 P-335 Series User’s Guide Chapter 4 Bandwidth Management Wizard...
  • Page 82 P-335 Series User’s Guide Chapter 4 Bandwidth Management Wizard...
  • Page 83: Chapter 5 Wireless Lan (P-335Wt)

    • Use RADIUS authentication if you have a RADIUS server. See the appendices for information on protocols used when a client authenticates with a RADIUS server via the Prestige. Chapter 5 Wireless LAN (P-335WT) P-335 Series User’s Guide H A P T E R...
  • Page 84: Restricted Access

    2 Use the MAC Filter screen to restrict access to your wireless network by MAC address. 3 Configure the RADIUS authentication database settings in the Wireless screen. settings, use the OTIST setup wizard or the advanced Activating OTIST on page Chapter 5 Wireless LAN (P-335WT)
  • Page 85: General Wireless Lan Screen

    Apply to confirm. You must then change the wireless settings of your computer to match the Prestige’s new settings. Click the Wireless LAN link under Network to open the Wireless screen. Chapter 5 Wireless LAN (P-335WT) P-335 Series User’s Guide...
  • Page 86: No Security

    See the rest of this chapter for information on the other labels in this screen. 5.4.1 No Security Select No Security to allow wireless stations to communicate with the access points without any data encryption. Chapter 5 Wireless LAN (P-335WT)
  • Page 87: Wep Encryption

    5.4.3 WEP Encryption Screen In order to configure and enable WEP encryption; click the Wireless LAN link under Network to display the Wireless screen. Select Static WEP from the Security list. Chapter 5 Wireless LAN (P-335WT) P-335 Series User’s Guide...
  • Page 88: Figure 39 Wireless: Static Wep Encryption

    You must configure at least one key, only one key can be activated at any one time. The default key is key 1. Apply Click Apply to save your changes back to the Prestige. Reset Click Reset to reload the previous configuration for this screen. Chapter 5 Wireless LAN (P-335WT)
  • Page 89: Introduction To Wpa And Wpa2

    Figure 40 WPA(2)-PSK Authentication 5.4.6 WPA-PSK Authentication Screen In order to configure and enable WPA-PSK Authentication; click the Wireless LAN link under Network to display the Wireless screen. Select WPA-PSK from the Security list. Chapter 5 Wireless LAN (P-335WT) P-335 Series User’s Guide...
  • Page 90: Wireless Client Wpa Supplicants

    A wireless client supplicant is the software that runs on an operating system instructing the wireless client how to use WPA. At the time of writing, the most widely available supplicant is the WPA patch for Windows XP, Funk Software's Odyssey client. Chapter 5 Wireless LAN (P-335WT)
  • Page 91: Wpa(2) With Radius Application Example

    Figure 42 WPA(2) with RADIUS Application Example 5.4.9 WPA Authentication Screen In order to configure and enable WPA Authentication; click the Wireless LAN link under Network to display the Wireless screen. Select WPA from the Security list. Chapter 5 Wireless LAN (P-335WT) P-335 Series User’s Guide...
  • Page 92: Figure 43 Wireless: Wpa

    Port Number Enter the port number of the external authentication server. The default port number is 1812. You need not change this value unless your network administrator instructs you to do so with additional information. Chapter 5 Wireless LAN (P-335WT)
  • Page 93: Overview

    In order to configure and enable 802.1x and Dynamic WEP Key Exchange; click the Wireless LAN link under Network to display the Wireless screen. Select 802.1x + Dynamic WEP from the Security list. Chapter 5 Wireless LAN (P-335WT) P-335 Series User’s Guide...
  • Page 94: Figure 44 Wireless: 802.1X And Dynamic Wep

    Enter a password (up to 31 alphanumeric characters) as the key to be shared between the external authentication server and the Prestige. The key must be the same on the external authentication server and your Prestige. The key is not sent over the network. Chapter 5 Wireless LAN (P-335WT)
  • Page 95: And Static Wep Key Exchange Screen

    In order to configure and enable 802.1x and Static WEP Key Exchange; click the Wireless LAN link under Network to display the Wireless screen. Select 802.1x + Static WEP from the Security list. Chapter 5 Wireless LAN (P-335WT) P-335 Series User’s Guide...
  • Page 96: Figure 45 Wireless: 802.1X And Static Wep

    Select this option in order to enter ASCII characters as the WEP keys. Select this option in order to enter hexadecimal characters as the WEP keys. The preceding "0x", that identifies a hexadecimal key, is entered automatically. Chapter 5 Wireless LAN (P-335WT)
  • Page 97 The key must be the same on the external accounting server and your Prestige. The key is not sent over the network. Apply Click Apply to save your changes back to the Prestige. Reset Click Reset to reload the previous configuration for this screen. Chapter 5 Wireless LAN (P-335WT) P-335 Series User’s Guide...
  • Page 98: Screen

    Port Number Enter the port number of the external authentication server. The default port number is 1812. You need not change this value unless your network administrator instructs you to do so with additional information. Chapter 5 Wireless LAN (P-335WT)
  • Page 99: Otist

    • Security (WEP or WPA-PSK) Note: This will replace the pre-configured wireless settings on the wireless clients. Click the Wireless LAN link under Network and then the OTIST tab. The following screen displays. Chapter 5 Wireless LAN (P-335WT) P-335 Series User’s Guide...
  • Page 100: Activating Otist

    Prestige set the wireless station to use the same wireless settings as the Prestige. You must also activate and start OTIST on the wireless station at the same time. The process takes three minutes to complete. Chapter 5 Wireless LAN (P-335WT)
  • Page 101: Otist Button

    00:A0:C5:00:00:02. You need to know the MAC address of the devices to configure this screen. To change your Prestige’s MAC filter settings, click the Wireless LAN link under Network and then the MAC Filter tab. The screen appears as shown. Chapter 5 Wireless LAN (P-335WT) P-335 Series User’s Guide...
  • Page 102: Wireless Lan Advanced Screen

    5.7 Wireless LAN Advanced Screen See the appendix for background information on roaming. To enable roaming on your Prestige, click the Wireless LAN link under Network and then the Advanced tab. The screen appears as shown. Chapter 5 Wireless LAN (P-335WT)
  • Page 103: Figure 51 Advanced

    Prestige to transmit at a higher speed than the 802.11g Only mode. Apply Click Apply to save your changes back to the Prestige. Reset Click Reset to reload the previous configuration for this screen. Chapter 5 Wireless LAN (P-335WT) P-335 Series User’s Guide...
  • Page 104: Wmm Qos

    This is typically used for non-critical “background” traffic such as bulk transfers and print jobs that are allowed but that should not affect other applications and users. Use low priority for applications that do not have strict latency and throughput requirements. Chapter 5 Wireless LAN (P-335WT)
  • Page 105: Services

    IRC(TCP/UDP:6667) MSN Messenger(TCP:1863) MULTICAST(IGMP:0) NEW-ICQ(TCP:5190) NEWS(TCP:144) NFS(UDP:2049) NNTP(TCP:119) Chapter 5 Wireless LAN (P-335WT) DESCRIPTION AOL’s Internet Messenger service, used as a listening port by ICQ. Authentication protocol used by some servers. Border Gateway Protocol. DHCP Client. DHCP Server. A popular videoconferencing solution from White Pines Software.
  • Page 106: Qos Screen

    Its primary function is to allow users to log into remote host systems. Trivial File Transfer Protocol is an Internet file transfer protocol similar to FTP, but uses the UDP (User Datagram Protocol) rather than TCP (Transmission Control Protocol). Another videoconferencing solution. Chapter 5 Wireless LAN (P-335WT)
  • Page 107: Tos (Type Of Service) And Wmm Qos

    Name Service Dest Port Priority Chapter 5 Wireless LAN (P-335WT) DESCRIPTION Select the check box to enable WMM QoS on the Prestige. Select Default to have the Prestige automatically give a service a priority level according to the ToS value in the IP header of packets it sends.
  • Page 108: Application Priority Configuration Screen

    Modify an existing application entry or create a application entry in the Application Priority Configuration screen. Click the Remove icon to delete an application entry. Click Apply to save your changes back to the Prestige. DESCRIPTION Type a description of the application priority. Chapter 5 Wireless LAN (P-335WT)
  • Page 109 Table 43 Application Priority Configuration LABEL Service Dest Port Priority Apply Cancel Chapter 5 DESCRIPTION The following is a description of the applications you can prioritize with WMM QoS. Select a service from the drop-down list box. • File Transfer Program enables fast transfer of files, including large files that may not be possible by e-mail.
  • Page 110 P-335 Series User’s Guide Chapter 5...
  • Page 111: Chapter 6 Wan

    This chapter describes how to configure WAN settings. 6.1 WAN Overview See the Connection Wizard 6.2 TCP/IP Priority (Metric) The metric represents the "cost of transmission". A router determines the best route for transmission by choosing a path with the lowest "cost". RIP routing uses hop count as the measurement of cost, with a minimum of "1"...
  • Page 112: Wan Isp Screen

    P-335 Series User’s Guide 6.4 WAN ISP Screen To change your Prestige’s WAN ISP settings, click WAN, then the WAN ISP tab. The screen differs by the encapsulation. 6.4.1 Ethernet Encapsulation The screen shown next is for Ethernet encapsulation. Figure 54 Ethernet Encapsulation The following table describes the labels in this screen.
  • Page 113: Pppoe Encapsulation

    Table 44 Ethernet Encapsulation LABEL DESCRIPTION WAN MAC Address Spoof WAN MAC The MAC address section allows users to configure the WAN port's MAC address Address by either using the factory default or cloning the MAC address from a computer on your LAN.
  • Page 114: Figure 55 Pppoe Encapsulation

    P-335 Series User’s Guide Figure 55 PPPoE Encapsulation The following table describes the labels in this screen. Table 45 PPPoE Encapsulation LABEL DESCRIPTION ISP Parameters for Internet Access Encapsulation The PPP over Ethernet choice is for a dial-up connection using PPPoE. The Prestige supports PPPoE (Point-to-Point Protocol over Ethernet).
  • Page 115: Pptp Encapsulation

    Table 45 PPPoE Encapsulation LABEL DESCRIPTION Use fixed IP Select this option If the ISP assigned a fixed IP address. address My WAN IP Enter your WAN IP address in this field if you selected Use Fixed IP Address. Address Remote IP Enter the Remote IP Address (if your ISP gave you one) in this field.
  • Page 116: Figure 56 Pptp Encapsulation

    P-335 Series User’s Guide Figure 56 PPTP Encapsulation The following table describes the labels in this screen. Table 46 PPTP Encapsulation LABEL ISP Parameters for Internet Access Encapsulation User Name Password Retype to Confirm Nailed-up Connection Idle Timeout DESCRIPTION Point-to-Point Tunneling Protocol (PPTP) is a network protocol that enables secure transfer of data from a remote client to a private server, creating a Virtual Private Network (VPN) using TCP/IP-based networks.
  • Page 117: Advanced Wan Screen

    Table 46 PPTP Encapsulation LABEL PPTP Configuration My IP Address My IP Subnet Mask Server IP Address Connection ID/Name WAN IP Address Assignment Get automatically from Use fixed IP address My WAN IP Address Remote IP Address Enter the Remote IP Address (if your ISP gave you one) in this field. Remote IP Subnet Mask Metric (PPPoE and...
  • Page 118: Figure 57 Advanced

    P-335 Series User’s Guide Figure 57 Advanced The following table describes the labels in this screen. Table 47 Advanced LABEL DNS Servers First DNS Server Second DNS Server Third DNS Server RIP and Multicast Setup RIP Direction RIP Version DESCRIPTION Select From ISP if your ISP dynamically assigns DNS server information (and the Prestige's WAN IP address).
  • Page 119: Traffic Redirect

    Table 47 Advanced LABEL Multicast Windows Networking (NetBIOS over TCP/IP): NetBIOS (Network Basic Input/Output System) are TCP or UDP broadcast packets that enable a computer to connect to and communicate with a LAN. For some dial-up services such as PPPoE or PPTP, NetBIOS packets cause unwanted calls. However it may sometimes be necessary to allow NetBIOS packets to pass through to the WAN in order to find a computer on the WAN.
  • Page 120: Traffic Redirect Screen

    P-335 Series User’s Guide Figure 59 Traffic Redirect LAN Setup 6.7 Traffic Redirect Screen To change your Prestige’s Traffic Redirect settings, click the WAN link under Network and the Traffic Redirect tab. The screen appears as shown. Figure 60 WAN: Traffic Redirect The following table describes the labels in this screen.
  • Page 121 Table 48 Traffic Redirect LABEL DESCRIPTION Check WAN IP Configuration of this field is optional. If you do not enter an IP address here, the Address Prestige will use the default gateway IP address. Configure this field to test your Prestige's WAN accessibility.
  • Page 122 P-335 Series User’s Guide Chapter 6 WAN...
  • Page 123: Chapter 7 Lan

    This chapter describes how to configure LAN settings. 7.1 LAN Overview Local Area Network (LAN) is a shared communication system to which many computers are attached. The LAN screens can help you configure a LAN DHCP server, manage IP addresses, and partition your physical network into logical networks.
  • Page 124: Ip Address And Subnet Mask

    P-335 Series User’s Guide 7.2.2 IP Address and Subnet Mask Refer to the IP Address and Subnet Mask section in the Wizard Setup chapter for this information. 7.2.3 RIP Setup RIP (Routing Information Protocol, RFC 1058 and RFC 1389) allows a router to exchange routing information with other routers.
  • Page 125: Any Ip

    The Prestige supports both IGMP version 1 (IGMP-v1) and IGMP version 2 (IGMP-v2). At start up, the Prestige queries all directly connected networks to gather group membership. After that, the Prestige periodically updates this information. IP multicasting can be enabled/ disabled on the Prestige LAN and/or WAN interfaces in the web configurator (LAN;...
  • Page 126: How Any Ip Works

    P-335 Series User’s Guide 7.3.1 How Any IP Works Address Resolution Protocol (ARP) is a protocol for mapping an Internet Protocol address (IP address) to a physical machine address, also known as a Media Access Control or MAC address, on the local area network. IP routing table is defined on IP Ethernet devices (the Prestige) to decide which hop to use, to help forward data along to its specified destination.
  • Page 127: Ip Alias Screen

    Figure 62 LAN IP The following table describes the labels in this screen. Table 49 LAN IP LABEL DESCRIPTION LAN TCP/IP IP Address Type the IP address of your Prestige in dotted decimal notation 192.168.1.1 (factory default). IP Subnet Mask The subnet mask specifies the network number portion of an IP address.
  • Page 128: Figure 63 Ip Alias

    P-335 Series User’s Guide Figure 63 IP Alias The following table describes the labels in this screen. Table 50 IP Alias LABEL DESCRIPTION IP Alias 1,2 Select the check box to configure another LAN network for the Prestige. IP Address Enter the IP address of your Prestige in dotted decimal notation.
  • Page 129: Advanced Lan Screen

    7.6 Advanced LAN Screen To change your Prestige’s advanced IP settings, click the LAN link under Network and the Advanced tab. The screen appears as shown. Figure 64 Advanced The following table describes the labels in this screen. Table 51 Advanced LABEL RIP Direction RIP Version...
  • Page 130 P-335 Series User’s Guide Table 51 Advanced LABEL Active Windows Networking (NetBIOS over TCP/IP): NetBIOS (Network Basic Input/Output System) are TCP or UDP broadcast packets that enable a computer to connect to and communicate with a LAN. For some dial-up services such as PPPoE or PPTP, NetBIOS packets cause unwanted calls. However it may sometimes be necessary to allow NetBIOS packets to pass through to the WAN in order to find a computer on the WAN.
  • Page 131: Chapter 8 Dhcp Server

    8.1 DHCP DHCP (Dynamic Host Configuration Protocol, RFC 2131 and RFC 2132) allows individual clients to obtain TCP/IP configuration at start-up from a server. You can configure the Prestige as a DHCP server or disable it. When configured as a server, the Prestige provides the TCP/IP configuration for the clients.
  • Page 132: Static Dhcp Screen

    P-335 Series User’s Guide Table 52 General LABEL Pool Size DNS Servers Assigned by DHCP Server The Prestige passes a DNS (Domain Name System) server IP address (in the order you specify here) to the DHCP clients. The Prestige only passes this information to the LAN DHCP clients when you select the DHCP Server check box.
  • Page 133: Client List Screen

    Figure 66 Static DHCP The following table describes the labels in this screen. Table 53 Static DHCP LABEL DESCRIPTION This is the index number of the Static IP table entry (row). MAC Address Type the MAC address (with colons) of a computer on your LAN. IP Address Type the LAN IP address of a computer on your LAN.
  • Page 134: Figure 67 Client List

    P-335 Series User’s Guide Figure 67 Client List The following table describes the labels in this screen. Table 54 Client List LABEL IP Address Host Name MAC Address Reserve Refresh DESCRIPTION This is the index number of the host computer. This field displays the IP address relative to the # field listed above.
  • Page 135: Network Address Translation (Nat)

    Network Address Translation This chapter discusses how to configure NAT on the Prestige. 9.1 NAT Overview NAT (Network Address Translation - NAT, RFC 1631) is the translation of the IP address of a host in a packet. For example, the source address of an outgoing packet, used within one network is changed to a different IP address known within another network.
  • Page 136: What Nat Does

    P-335 Series User’s Guide 9.1.2 What NAT Does In the simplest form, NAT changes the source IP address in a packet received from a subscriber (the inside local address) to another (the inside global address) before forwarding the packet to the WAN side. When the response comes back, NAT translates the destination address (the inside global address) back to the inside local address before forwarding it to the original inside host.
  • Page 137: Nat Application

    Figure 68 How NAT Works 9.1.4 NAT Application The following figure illustrates a possible NAT application, where three inside LANs (logical LANs using IP Alias) behind the Prestige can communicate with three distinct WAN networks. More examples follow at the end of this chapter. Figure 69 NAT Application With IP Alias 9.1.5 NAT Mapping Types NAT supports five types of IP/port mapping.
  • Page 138: Using Nat

    P-335 Series User’s Guide • One to One: In One-to-One mode, the Prestige maps one local IP address to one global IP address. • Many to One: In Many-to-One mode, the Prestige maps multiple local IP addresses to one global IP address. This is equivalent to SUA (i.e., PAT, port address translation), ZyXEL’s Single User Account feature (the SUA Only option).
  • Page 139: Sua (Single User Account) Versus Nat

    9.2.1 SUA (Single User Account) Versus NAT SUA (Single User Account) is a ZyNOS implementation of a subset of NAT that supports two types of mapping, Many-to-One and Server. The Prestige also supports Full Feature NAT to map multiple global IP addresses to multiple private LAN IP addresses of clients or servers using mapping types.
  • Page 140: Configuring Servers Behind Sua (Example)

    P-335 Series User’s Guide In addition to the servers for specified services, NAT supports a default server. A service request that does not have a server explicitly designated for it is forwarded to the default server. If the default is not defined, the service request is simply discarded. Note: Many residential broadband ISP accounts do not allow you to run any server processes (such as a Web or FTP server) from your location.
  • Page 141: General Nat Screen

    Figure 70 Multiple Servers Behind NAT Example 9.4 General NAT Screen Click the NAT link under Network to open the General screen. Figure 71 General The following table describes the labels in this screen. Table 58 General LABEL DESCRIPTION Network Network Address Translation (NAT) allows the translation of an Internet protocol Address address used within one network (for example a private IP address used in a local...
  • Page 142: Port Forwarding Screen

    P-335 Series User’s Guide 9.5 Port Forwarding Screen Ordering your rules is important because the Prestige applies the rules in the order that you specify. When a rule matches the current packet, the Prestige takes the corresponding action and the remaining rules are ignored. If there are any empty rules before your new configured rule, your configured rule will be pushed up by that number of empty rules.
  • Page 143: Rule Setup Screen

    Table 59 Port Forwarding (continued) LABEL DESCRIPTION Active This icon is turned on when the port forwarding entry is enabled. Select the edit icon under Modify and select the Active checkbox in the Rule Setup screen to enable the port forwarding entry. Clear the checkbox to disable forwarding of these ports to an inside server without having to delete the entry.
  • Page 144: Trigger Port Forwarding

    P-335 Series User’s Guide Table 60 Rule Setup LABEL DESCRIPTION End Port Type an end port number. Server IP Address Type the inside IP address of the server. Apply Click Apply to save your changes back to the Prestige. Cancel Click Cancel to return to the previous screen and not save your changes.
  • Page 145: Two Points To Remember About Trigger Ports

    2 Port 7070 is a “trigger” port and causes the Prestige to record Jane’s computer IP address. The Prestige associates Jane's computer IP address with the "incoming" port range of 6970-7170. 3 The Real Audio server responds using a port number ranging between 6970-7170. 4 The Prestige forwards the traffic to Jane’s computer IP address.
  • Page 146: Figure 75 Trigger Port

    P-335 Series User’s Guide Figure 75 Trigger Port The following table describes the labels in this screen. Table 61 Trigger Port LABEL DESCRIPTION This is the rule index number (read-only). Name Type a unique name (up to 15 characters) for identification purposes. All characters are permitted - including spaces.
  • Page 147: Chapter 10 Firewall

    This chapter gives some background information on firewalls and explains how to get started with the Prestige firewall. 10.1 Introduction to Firewall 10.1.1 What is a Firewall? Originally, the term firewall referred to a construction technique designed to prevent the spread of fire from one room to another.
  • Page 148: Guidelines For Enhancing Security With Your Firewall

    P-335 Series User’s Guide The Prestige has one Ethernet WAN port and four Ethernet LAN ports, which are used to physically separate the network into two areas.The WAN (Wide Area Network) port attaches to the broadband (cable or DSL) modem to the Internet. The LAN (Local Area Network) port attaches to a network of computers, which needs security from the outside world.
  • Page 149: Services Screen

    Figure 76 General The following table describes the labels in this screen. Table 62 General LABEL DESCRIPTION Enable Firewall Select this check box to activate the firewall. The Prestige performs access control and protects against Denial of Service (DoS) attacks when the firewall is activated. Bypass Triangle Select this check box to have the Prestige firewall ignore the use of triangle route Route...
  • Page 150: Figure 77 Services

    P-335 Series User’s Guide Figure 77 Services The following table describes the labels in this screen. Table 63 Services LABEL Enable Services Blocking Available Service Blocked Service “Custom Port” Type Port Number Delete Clear All Day to Block: DESCRIPTION Select this check box to enable this feature. This is a list of pre-defined services (ports) you may prohibit your LAN computers from using.
  • Page 151 Table 63 Services LABEL Time of Day to Block (24-Hour Format) Apply Reset Chapter 10 Firewall DESCRIPTION Select the time of day you want service blocking to take effect. Configure blocking to take effect all day by selecting the All Day check box. You can also configure specific times that by entering the start time in the Start (hr) and Start (min) fields and the end time in the End (hr) and End (min) fields.
  • Page 152 P-335 Series User’s Guide Chapter 10 Firewall...
  • Page 153: Chapter 11 Content Filtering

    This chapter provides a brief overview of content filtering using the embedded WebGUI. 11.1 Introduction to Content Filtering Internet content filtering allows you to create and enforce Internet access policies tailored to their needs. Content filtering is the ability to block certain web features or specific URL keywords and should not be confused with packet filtering via SMT menu 21.1.
  • Page 154: Figure 79 Filter

    P-335 Series User’s Guide Figure 79 Filter The following table describes the labels in this screen. Table 64 Filter LABEL DESCRIPTION Trusted IP Setup To enable this feature, type an IP address of any one of the computers in your network that you want to have as a trusted computer.
  • Page 155: Schedule

    Table 64 Filter LABEL DESCRIPTION Keyword List This list displays the keywords already added. Click Add after you have typed a keyword. Repeat this procedure to add other keywords. Up to 64 keywords are allowed. When you try to access a web page containing a keyword, you will get a message telling you that the content filter is blocking this request.
  • Page 156: Customizing Keyword Blocking Url Checking

    P-335 Series User’s Guide Figure 80 Schedule The following table describes the labels in this screen. Table 65 Schedule LABEL Day to Block Time of Day to Block (24-Hour Format) Apply Reset 11.6 Customizing Keyword Blocking URL Checking You can use commands to set how much of a website’s URL the content filter is to check for keyword blocking.
  • Page 157: Full Path Url Checking

    11.6.2 Full Path URL Checking Full path URL checking has the Prestige check the characters that come before the last slash in the URL. For example, with the URL www.zyxel.com.tw/news/pressroom.php, full path URL checking searches for keywords within www.zyxel.com.tw/news/. Use the ip urlfilter customize actionFlags 6 [disable | enable] command to extend (or not extend) the keyword blocking search to include the URL's full path.
  • Page 158 P-335 Series User’s Guide Chapter 11 Content Filtering...
  • Page 159: Chapter 12 Introduction To Ipsec

    This chapter introduces the basics of IPSec VPNs 12.1 VPN Overview A VPN (Virtual Private Network) provides secure communications between sites without the expense of leased site-to-site lines. A secure VPN is a combination of tunneling, encryption, authentication, access control and auditing technologies/services used to transport traffic over the Internet or any insecure network that uses the TCP/IP protocol suite for communication.
  • Page 160: Data Confidentiality

    P-335 Series User’s Guide Figure 81 Encryption and Decryption 12.1.3.2 Data Confidentiality The IPSec sender can encrypt packets before transmitting them across a network. 12.1.3.3 Data Integrity The IPSec receiver can validate packets sent by the IPSec sender to ensure that the data has not been altered during transmission.
  • Page 161: Ipsec Algorithms

    Figure 82 IPSec Architecture 12.2.1 IPSec Algorithms The ESP (Encapsulating Security Payload) Protocol (RFC 2406) and AH (Authentication Header) protocol (RFC 2402) describe the packet formats and the default standards for packet structure (including implementation algorithms). The Encryption Algorithm describes the use of encryption techniques such as DES (Data Encryption Standard) and Triple DES algorithms.
  • Page 162: Transport Mode

    P-335 Series User’s Guide Figure 83 Transport and Tunnel Mode IPSec Encapsulation 12.3.1 Transport Mode Transport mode is used to protect upper layer protocols and only affects the data in the IP packet. In Transport mode, the IP packet contains the security protocol (AH or ESP) located after the original IP header and options, but before any upper layer protocols contained in the packet (such as TCP and UDP).
  • Page 163: Table 66 Vpn And Nat

    A NAT device in between the IPSec endpoints will rewrite either the source or destination address with one of its own choosing. The VPN device at the receiving end will verify the integrity of the incoming packet by computing its own hash value, and complain that the hash value appended to the received packet doesn't match.
  • Page 164 P-335 Series User’s Guide Chapter 12 Introduction to IPSec...
  • Page 165: Chapter 13 Vpn Screens

    This chapter introduces the VPN Web Configurator. See the viewing logs and the Appendices for IPSec log descriptions. 13.1 VPN/IPSec Overview Use the screens documented in this chapter to configure rules for VPN connections and manage VPN connections. 13.2 IPSec Algorithms The ESP and AH protocols are necessary to create a Security (SA), the foundation of an IPSec VPN.
  • Page 166: My Ip Address

    P-335 Series User’s Guide Table 67 AH and ESP Encryption Authentication 13.3 My IP Address My IP Address is the WAN IP address of the Prestige. If this field is configured as 0.0.0.0, then the Prestige will use the current Prestige WAN IP address (static or dynamic) to set up the VPN tunnel.
  • Page 167: Dynamic Secure Gateway Address

    You can also enter a remote secure gateway’s domain name in the Secure Gateway Address field if the remote secure gateway has a dynamic WAN IP address and is using DDNS. The Prestige has to rebuild the VPN tunnel each time the remote secure gateway’s WAN IP address changes (there may be a delay until the DDNS servers are updated with the remote gateway’s new WAN IP address).
  • Page 168: Figure 85 Summary

    P-335 Series User’s Guide Figure 85 Summary The following table describes the labels in this screen. Table 68 Summary LABEL DESCRIPTION The VPN policy index number. Active This field displays whether the VPN policy is active or not. The icon is turned on when this VPN policy is active. Click the edit icon under Modify and select the Active checkbox in the Rule Setup screen to activate the VPN policy.
  • Page 169: Keep Alive

    13.6 Keep Alive When you initiate an IPSec tunnel with keep alive enabled, the Prestige automatically renegotiates the tunnel when the IPSec SA lifetime period expires ( section for more on the IPSec SA lifetime). In effect, the IPSec tunnel becomes an “always on”...
  • Page 170: Remote Dns Server

    P-335 Series User’s Guide In order for IPSec router A (see the figure) to receive an initiating IPSec packet from IPSec router B, set the NAT router to forward UDP port 500 to IPSec router A. 13.7.2 Remote DNS Server In cases where you want to use domain names to access Intranet servers on a remote network that has a DNS server, you must identify that DNS server.
  • Page 171: Id Type And Content Examples

    Note: Regardless of the ID type and content configuration, the Prestige does not allow you to save multiple active rules with overlapping local and remote IP addresses. With main mode (see Section Negotiation provide identity protection. In this case the Prestige can only distinguish between up to eight different incoming SAs that connect from remote IPSec routers that have dynamic WAN IP addresses.
  • Page 172: Pre-Shared Key

    P-335 Series User’s Guide The two Prestiges in this example can complete negotiation and establish a VPN tunnel Table 71 Matching ID Type and Content Configuration Example PRESTIGE A Local ID type: E-mail Local ID content: tom@yourcompany.com Peer ID type: IP Peer ID content: 1.1.1.2 The two Prestiges in this example cannot complete their negotiation because Prestige B’s Local ID type is IP, but Prestige A’s Peer ID type is set to E-mail.
  • Page 173: Figure 89 Rule Setup

    Figure 89 Rule Setup The following table describes the labels in this screen. Table 72 Rule Setup LABEL DESCRIPTION Active Select this check box to activate this VPN tunnel. This option determines whether a VPN rule is applied before a packet leaves the firewall. Keep Alive Select this check box to have the Prestige automatically re-initiate the SA after the SA lifetime times out, even if there is no traffic.
  • Page 174 P-335 Series User’s Guide Table 72 Rule Setup (continued) LABEL DNS Server (for IPSec VPN) Local Address Remote Address Start Remote Address End/Mask My IP Address Local ID Type Local Content Secure Gateway Address DESCRIPTION If there is a private DNS server that services the VPN, type its IP address here. The Prestige assigns this additional DNS server to the Prestige’s DHCP clients that have IP addresses in this IPSec rule's range of local addresses.
  • Page 175 Table 72 Rule Setup (continued) LABEL DESCRIPTION Peer ID Type Select IP to identify the remote IPSec router by its IP address. Select DNS to identify the remote IPSec router by a domain name. Select E-mail to identify the remote IPSec router by an e-mail address. Peer Content The configuration of the peer content depends on the peer ID type.
  • Page 176: Ike Phases

    P-335 Series User’s Guide Table 72 Rule Setup (continued) LABEL Advanced Apply Reset 13.11 IKE Phases There are two phases to every IKE (Internet Key Exchange) negotiation – phase 1 (Authentication) and phase 2 (Key Exchange). A phase 1 exchange establishes an IKE SA and the second one uses that SA to negotiate SAs for IPSec.
  • Page 177: Negotiation Mode

    • Choose whether to enable Perfect Forward Secrecy (PFS) using Diffie-Hellman public- key cryptography – see Section Perfect Forward Secrecy (PFS). Select None (the default) to disable PFS. Choose Tunnel mode or Transport mode. Set the IPSec SA lifetime. This field allows you to determine how long the IPSec SA should stay up before it times out.
  • Page 178: Advanced Rule Setup Screen

    P-335 Series User’s Guide This may be unnecessary for data that does not require such security, so PFS is disabled (None) by default in the Prestige. Disabling PFS means new authentication and encryption keys are derived from the same root secret (which may have security implications in the long run) but allows faster SA setup (by bypassing the Diffie-Hellman key exchange).
  • Page 179: Figure 91 Advanced Rule Setup

    Figure 91 Advanced Rule Setup The following table describes the labels in this screen. Table 73 Advanced Rule Setup LABEL Active Keep Alive Chapter 13 VPN Screens DESCRIPTION Select this check box to activate this VPN policy. Select this check box to turn on the Keep Alive feature for this SA. Turn on Keep Alive to have the Prestige automatically reinitiate the SA after the SA lifetime times out, even if there is no traffic.
  • Page 180 P-335 Series User’s Guide Table 73 Advanced Rule Setup (continued) LABEL NAT Traversal Key Management Protocol Number Enable Replay Detection DNS Server (for IPSec VPN) Local Address Local Port Start Local Port End Remote Address Start Remote Address End/ Mask DESCRIPTION Select this check box to enable NAT traversal.
  • Page 181 Table 73 Advanced Rule Setup (continued) LABEL Remote Port Start Remote Port End My IP Address Local ID Type Local Content Secure Gateway Address Peer ID Type Peer Content IKE Phase 1 Negotiation Mode Chapter 13 VPN Screens DESCRIPTION 0 is the default and signifies any port. Type a port number from 0 to 65535. Some of the most common IP ports are: 21, FTP;...
  • Page 182 P-335 Series User’s Guide Table 73 Advanced Rule Setup (continued) LABEL Encryption Algorithm Authentication Algorithm SA Life Time Key Group Pre-Shared Key IKE Phase 2 Encapsulation Mode IPSec Protocol Encryption Algorithm Authentication Algorithm DESCRIPTION Select DES or 3DES from the drop-down list box. The Prestige's encryption algorithm should be identical to the secure remote gateway.
  • Page 183: Manual Key

    Table 73 Advanced Rule Setup (continued) LABEL SA Life Time Perfect Forward Secrecy (PFS) Basic Apply Reset 13.13 Manual Key Manual key management is useful if you have problems with IKE key management. 13.13.1 Security Parameter Index (SPI) An SPI is used to distinguish different SAs terminating at the same destination and using the same IPSec protocol.
  • Page 184: Figure 92 Rule Setup With Manual Key

    P-335 Series User’s Guide Figure 92 Rule Setup with Manual Key The following table describes the labels in this screen. Table 74 Rule Setup with Manual Key LABEL Active IPSec Keying Mode Protocol Number Local Address Local Port Start Local Port End DESCRIPTION Select this check box to activate this VPN policy.
  • Page 185 Table 74 Rule Setup with Manual Key LABEL Remote Address Start Remote Address End/ Mask Remote Port Start Remote Port End DNS Server (for IPSec VPN) My IP Address Secure Gateway IP Address Encapsulation Mode Enable Replay Detection IPSec Protocol Chapter 13 VPN Screens DESCRIPTION Remote IP addresses must be static and correspond to the remote IPSec...
  • Page 186: Sa Monitor Screen

    P-335 Series User’s Guide Table 74 Rule Setup with Manual Key LABEL Encryption Algorithm Authentication Algorithm Encryption Key (Only with ESP) Authentication Key Apply Reset 13.15 SA Monitor Screen In the web configurator, click the VPN link under Security and the SA Monitor tab. Use this screen to display and manage active VPN connections.
  • Page 187: Global Setting Screen

    Figure 93 SA Monitor The following table describes the labels in this screen. Table 75 SA Monitor LABEL DESCRIPTION This is the security index number. Name This field displays the identification name for this VPN policy. Encapsulation This field displays Tunnel or Transport mode. IPSec Algorithm This field displays the security protocols used for an SA.
  • Page 188: Telecommuter Vpn/Ipsec Examples

    P-335 Series User’s Guide Figure 94 Global Setting The following table describes the labels in this screen. Table 76 Global Setting LABEL Windows Networking (NetBIOS over TCP/IP) Allow Through IP/Sec Tunnel Apply Reset 13.17 Telecommuter VPN/IPSec Examples The following examples show how multiple telecommuters can make VPN connections to a single Prestige at headquarters from remote IPSec routers that use dynamic WAN IP addresses.
  • Page 189: Telecommuters Using Unique Vpn Rules Example

    Having everyone use the same pre-shared key may create a vulnerability. If the pre-shared key is compromised, all of the VPN connections using that VPN rule are at risk. A recommended alternative is to use a different VPN rule for each telecommuter and identify them by unique IDs (see the Telecommuters Using Unique VPN Rules Example section Table 77 Telecommuter and Headquarters Configuration Example...
  • Page 190: Vpn And Remote Management

    P-335 Series User’s Guide See the following graphic for an example where three telecommuters each use a different VPN rule to initiate a VPN connection to a Prestige located at headquarters. The Prestige at headquarters identifies each by its secure gateway address (a dynamic domain name) and uses the appropriate VPN rule to establish the VPN connection.
  • Page 191: Trend Micro Security Services

    Trend Micro Security Services This chapter contains information about configuring Trend Micro Security Services (TMSS). 14.1 Trend Micro Security Services Overview TMSS helps protect computers on a network that access the Internet through the Prestige. TMSS scans computers behind the Prestige for potential vulnerabilities such as spyware, missing security patches, trojans etc.
  • Page 192: Figure 98 Download Activex To View Tmss Web Page

    P-335 Series User’s Guide Figure 98 Download ActiveX to View TMSS Web Page 2 In the TMSS web page, click Service Summary. Figure 99 TMSS Web Page(Dashboard) 3 Click Activate My Services to begin a 3-step process to activate TMSS. Figure 100 TMSS Service Summary 4 Click Next to begin the process as outlined in the screen.
  • Page 193: Figure 101 Tmss 3 Steps

    Figure 101 TMSS 3 Steps 5 Fill in the registration form and submit it. Figure 102 TMSS Registration Form 6 After you submit the registration form, you will receive an e-mail with instructions for validating your e-mail address. Follow the instructions. 7 Download TMSS to each computer (behind the Prestige) that you want TMSS to monitor.
  • Page 194: Configuring Tmss On The Prestige

    P-335 Series User’s Guide Figure 103 Example TMSS Activated Service Summary Screen You need a Parental Control license to activate configure Parental Control categories on the Prestige (see Figure 108 on page Control screen with TMSS activated. Figure 104 Example TMSS Activated Parental Controls Screen After the free trial expires, you can buy the Trend micro Internet Security (TIS) package contains anti-virus software and a license for Parental Control (to forbid access to undesirable web site content based on pre-defined web site categories).
  • Page 195: Tmss General Screen

    2 Use the Virus Protection screen to configure if and how often updates are checked and to display the status of computers under TMSS monitoring. 3 Use the Parental Controls screen to schedule and block web pages based on pre-defined web site categories such as pornography, gambling etc.
  • Page 196: Exception List Screen

    P-335 Series User’s Guide Table 78 General (continued) LABEL Automatically check for update components Check for update components every Scan engine Virus pattern Apply Reset 14.3 Exception List Screen Click the TMSS link under Security and the Exception List tab. Use the Exception List to specify which computers should not to be restricted by Parental Controls.
  • Page 197: Figure 106 Exception List

    Figure 106 Exception List The following table describes the labels in this screen. Table 79 Exception List LABEL Exclude computer(s) from displaying Trend Micro Home Network Security Services Computer(s) that will display Trend Micro Home Network Security Services: Computer(s) to exclude: Exception List Enforce Parental...
  • Page 198: Virus Protection Screen

    P-335 Series User’s Guide Table 79 Exception List LABEL Available IP Addresses This box displays the IP addresses of all TMSS clients. Selected IP Addresses This box displays the IP addresses of the computer(s) chosen from the Apply Reset 14.4 Virus Protection Screen Select the Virus Protection tab in the TMSS main screen the following screen.
  • Page 199: Parental Controls Screen

    Table 80 Virus Protection (continued) LABEL Scan Engine Status Apply Reset 14.5 Parental Controls Screen Select the Parental Controls tab from the TMSS main screen. The following screen displays. Figure 108 Parental Controls Chapter 14 Trend Micro Security Services DESCRIPTION This field displays the current TMSS anti-virus scan engine version number of a TMSS client.
  • Page 200: Table 81 Parental Controls

    P-335 Series User’s Guide The following table describes the labels in this screen. Table 81 Parental Controls LABEL Restrict Web Features ActiveX Java Cookies Web Proxy Enable Parental Controls Blocking Schedule Day to Block Time of Day to Block (24- Hour Format) Select Categories Pornography...
  • Page 201 Table 81 Parental Controls LABEL Alcohol/Tobacco Gambling Abortion Apply Reset Chapter 14 Trend Micro Security Services DESCRIPTION Selecting this category excludes pages that promote or offer the sale alcohol/tobacco products, or provide the means to create them. It also includes pages that glorify, tout, or otherwise encourage the consumption of alcohol/tobacco.
  • Page 202 P-335 Series User’s Guide Chapter 14 Trend Micro Security Services...
  • Page 203: Static Route Screens

    This chapter shows you how to configure static routes for your Prestige. 15.1 Static Route Overview Each remote node specifies only the network to which the gateway is directly connected, and the Prestige has no knowledge of the networks beyond. For instance, the Prestige knows about network N2 in the following figure through remote node router R1.
  • Page 204: Static Route Setup Screen

    P-335 Series User’s Guide Figure 110 IP Static Route The following table describes the labels in this screen. Table 82 IP Static Route LABEL DESCRIPTION Number of an individual static route. Name Name that describes or identifies this route. Active This icon is turned on when this static route is active.
  • Page 205: Figure 111 Static Route Setup

    Figure 111 Static Route Setup The following table describes the labels in this screen. Table 83 Static Route Setup LABEL DESCRIPTION Route Name Enter the name of the IP static route. Leave this field blank to delete this static route. Active This field allows you to activate/deactivate this static route.
  • Page 206 P-335 Series User’s Guide Chapter 15 Static Route Screens...
  • Page 207: Chapter 16 Bandwidth Management

    Bandwidth Management This chapter contains information about configuring bandwidth management, editing rules and viewing the Prestige’s bandwidth management logs. 16.1 Bandwidth Management Overview ZyXEL’s Bandwidth Management allows you to specify bandwidth management rules based on an application and/or subnet. You can allocate specific amounts of bandwidth capacity (bandwidth budgets) to different bandwidth rules.
  • Page 208: Subnet-Based Bandwidth Management Example

    P-335 Series User’s Guide Figure 112 Application-based Bandwidth Management Example 16.1.2 Subnet-based Bandwidth Management Example The following example uses bandwidth rules based solely on LAN subnets. Each bandwidth rule (Subnet A and Subnet B) is allotted 320 Kbps. Figure 113 Subnet-based Bandwidth Management Example 16.1.3 Application and Subnet-based Bandwidth Management Example The following example uses bandwidth rules based on LAN subnets and applications (specific...
  • Page 209: Bandwidth Usage Example

    Figure 114 Application and Subnet-based Bandwidth Management Example Table 84 Application and Subnet-based Bandwidth Management Example TRAFFIC TYPE VoIP E-mail Video 16.1.4 Bandwidth Usage Example Here is an example of a Prestige that has bandwidth usage enabled on an interface. The first figure shows each bandwidth rule’s bandwidth budget.
  • Page 210: Figure 115 Bandwidth Usage Example

    P-335 Series User’s Guide Figure 115 Bandwidth Usage Example The following figure shows the bandwidth usage with the maximize bandwidth usage option enabled. The Prestige divides up the unbudgeted 64 Kbps among the rules that require more bandwidth. If the administration department only uses 32 Kbps of the budgeted 64 Kbps, the Prestige also divides the remaining 32 Kbps among the rules that require more bandwidth.
  • Page 211: Bandwidth Management Priorities

    Figure 116 Maximize Bandwidth Usage Example 16.1.5 Bandwidth Management Priorities The following table describes the priorities that you can apply to traffic that the Prestige forwards out through an interface. Table 85 Bandwidth Management Priorities PRIORITY LEVELS: TRAFFIC WITH A HIGHER PRIORITY GETS THROUGH FASTER WHILE TRAFFIC WITH A LOWER PRIORITY IS DROPPED IF THE NETWORK IS CONGESTED.
  • Page 212: Table 86 Commonly Used Services

    P-335 Series User’s Guide VoIP (SIP) Sending voice signals over the Internet is called Voice over IP or VoIP. Session Initiated Protocol (SIP) is an internationally recognized standard for implementing VoIP. SIP is an application-layer control (signaling) protocol that handles the setting up, altering and tearing down of voice and multimedia sessions over the Internet.
  • Page 213 Table 86 Commonly Used Services SERVICE IPSEC_TUNNEL(AH:0) IPSEC_TUNNEL(ESP:0) IRC(TCP/UDP:6667) MSN Messenger(TCP:1863) MULTICAST(IGMP:0) NEW-ICQ(TCP:5190) NEWS(TCP:144) NFS(UDP:2049) NNTP(TCP:119) PING(ICMP:0) POP3(TCP:110) PPTP(TCP:1723) PPTP_TUNNEL(GRE:0) RCMD(TCP:512) REAL_AUDIO(TCP:7070) REXEC(TCP:514) RLOGIN(TCP:513) RTELNET(TCP:107) RTSP(TCP/UDP:554) SFTP(TCP:115) SMTP(TCP:25) SNMP(TCP/UDP:161) SNMP-TRAPS(TCP/UDP:162) SQL-NET(TCP:1521) SSH(TCP/UDP:22) STRM WORKS(UDP:1558) SYSLOG(UDP:514) TACACS(UDP:49) Chapter 16 Bandwidth Management DESCRIPTION The IPSEC AH (Authentication Header) tunneling protocol uses this service.
  • Page 214: Bandwidth Management Configuration Screen

    P-335 Series User’s Guide Table 86 Commonly Used Services SERVICE TELNET(TCP:23) TFTP(UDP:69) VDOLIVE(TCP:7000) 16.2 Bandwidth Management Configuration Screen Click the Bandwidth MGMT link under Management to open the bandwidth management Configuration screen. Figure 117 Bandwidth Management Configuration The following table describes the labels in this screen. Table 87 Bandwidth Management Configuration LABEL DESCRIPTION...
  • Page 215: Bandwidth Management Rule And Filter

    Table 87 Bandwidth Management Configuration LABEL DESCRIPTION Direction Select To LAN to apply bandwidth management to traffic that the Prestige forwards to the LAN. Select To WAN to apply bandwidth management to traffic that the Prestige forwards to the WAN. Select To WLAN to apply bandwidth management to traffic that the Prestige forwards to the WLAN.
  • Page 216: Figure 118 Bandwidth Management Rule And Filter Configuration

    P-335 Series User’s Guide Figure 118 Bandwidth Management Rule and Filter Configuration The following table describes the labels in this screen. Table 88 Bandwidth Management Edit LABEL DESCRIPTION Active Select this check box to have the Prestige apply this bandwidth management rule.
  • Page 217 Table 88 Bandwidth Management Edit LABEL DESCRIPTION Source Port Enter the port number of the source. See and port numbers. Protocol Enter the protocol (service type) number, for example: 1 for ICMP, 6 for TCP or 17 for UDP. Apply Click Apply to save your customized settings and exit this screen.
  • Page 218 P-335 Series User’s Guide Chapter 16...
  • Page 219: Remote Management Screens

    Remote Management Screens This chapter provides information on the Remote Management screens. 17.1 Remote Management Overview Remote management allows you to determine which services/protocols can access which Prestige interface (if any) from which computers. Note: When you configure remote management to allow management from the WAN, you still need to configure a firewall rule to allow access.
  • Page 220: Remote Management And Nat

    P-335 Series User’s Guide 3 The IP address in the Secured Client IP field does not match the client IP address. If it does not match, the Prestige will disconnect the session immediately. 4 There is already another remote management session with an equal or higher priority running.
  • Page 221: Telnet

    Table 89 WWW Remote Management LABEL DESCRIPTION Secured Client IP A secured client is a “trusted” computer that is allowed to communicate with the Address Prestige using this service. Select All to allow any computer to access the Prestige using this service. Choose Selected to just allow the computer with the IP address that you specify to access the Prestige using this service.
  • Page 222: Ftp Screen

    P-335 Series User’s Guide Figure 121 Telnet Remote Management The following table describes the labels in this screen. Table 90 Telnet Remote Management LABEL DESCRIPTION Server Port You may change the server port number for a service if needed, however you must use the same port number in order to use that service for remote management.
  • Page 223: Snmp

    Figure 122 FTP Remote Management The following table describes the labels in this screen. Table 91 FTP Remote Management LABEL DESCRIPTION Server Port You may change the server port number for a service if needed, however you must use the same port number in order to use that service for remote management. Server Access Select the interface(s) through which a computer may access the Prestige using this service.
  • Page 224: Figure 123 Snmp Management Model

    P-335 Series User’s Guide Figure 123 SNMP Management Model An SNMP managed network consists of two main types of component: agents and a manager. An agent is a management software module that resides in a managed device (the Prestige). An agent translates the local management information from the managed device into a form compatible with SNMP.
  • Page 225: Supported Mibs

    17.6.1 Supported MIBs The Prestige supports MIB II that is defined in RFC-1213 and RFC-1215. The focus of the MIBs is to let administrators collect statistical data and monitor status and performance. 17.6.2 SNMP Traps The Prestige will send traps to the SNMP manager when any one of the following events occurs: Table 92 SNMP Traps TRAP #...
  • Page 226: Figure 124 Snmp Remote Management

    P-335 Series User’s Guide Figure 124 SNMP Remote Management The following table describes the labels in this screen. Table 93 SNMP Remote Management LABEL SNMP Configuration Get Community Set Community Trap Community Trap Destination SNMP Service Port Service Access Secured Client IP Address Apply Reset...
  • Page 227: Dns Screen

    17.8 DNS Screen Use DNS (Domain Name System) to map a domain name to its corresponding IP address and vice versa. Refer to the chapter on Wizard Setup for background information. To change your Prestige’s DNS settings, click the Remote MGMT link under Management and the DNS tab.
  • Page 228: Figure 126 Security Remote Management

    P-335 Series User’s Guide Figure 126 Security Remote Management The following table describes the labels in this screen. Table 95 Security Remote Management LABEL DESCRIPTION ICMP Internet Control Message Protocol is a message control and error-reporting protocol between a host server and a gateway to the Internet. ICMP uses Internet Protocol (IP) datagrams, but the messages are processed by the TCP/IP software and directly apparent to the application user.
  • Page 229: Chapter 18 Upnp

    This chapter introduces the Universal Plug and Play feature. 18.1 Universal Plug and Play Overview Universal Plug and Play (UPnP) is a distributed, open networking standard that uses TCP/IP for simple peer-to-peer network connectivity between devices. A UPnP device can dynamically join a network, obtain an IP address, convey its capabilities and learn about other devices on the network.
  • Page 230: Upnp And Zyxel

    P-335 Series User’s Guide All UPnP-enabled devices may communicate freely with each other without additional configuration. Disable UPnP if this is not your intention. 18.2 UPnP and ZyXEL ZyXEL has achieved UPnP certification from the Universal Plug and Play Forum Creates UPnP™...
  • Page 231: Installing Upnp In Windows Example

    Table 96 Configuring UPnP LABEL Allow UPnP to pass through Firewall Apply Reset 18.4 Installing UPnP in Windows Example This section shows how to install UPnP in Windows Me and Windows XP. Chapter 18 UPnP DESCRIPTION UPnP broadcasts are only allowed on the LAN. If you block LAN-to- LAN/Prestige traffic using the firewall, then you need to select this check box to allow UPnP-enabled traffic to pass through the firewall.
  • Page 232: Installing Upnp In Windows Me

    P-335 Series User’s Guide 18.4.1 Installing UPnP in Windows Me Follow the steps below to install UPnP in Windows Me. 1 Click Start and Control Panel. Double- click Add/Remove Programs. 2 Click on the Windows Setup tab and select Communication in the Components selection box.
  • Page 233: Installing Upnp In Windows Xp

    18.4.2 Installing UPnP in Windows XP Follow the steps below to install UPnP in Windows XP. 1 Click Start and Control Panel. 2 Double-click Network Connections. 3 In the Network Connections window, click Advanced in the main menu and select Optional Networking Components ….The Windows Optional Networking Components Wizard window...
  • Page 234 P-335 Series User’s Guide Make sure the computer is connected to a LAN port of the ZyXEL device. Turn on your computer and the ZyXEL device. Chapter 18 UPnP...
  • Page 235: Auto-Discover Your Upnp-Enabled Network Device

    18.5.1 Auto-discover Your UPnP-enabled Network Device 1 Click Start and Control Panel. Double-click Network Connections. An icon displays under Internet Gateway. 2 Right-click the icon and select Properties. 3 In the Internet Connection Properties window, click Settings to see the port mappings that were automatically created.
  • Page 236: Web Configurator Easy Access

    P-335 Series User’s Guide 5 Select the Show icon in notification area when connected check box and click OK. An icon displays in the system tray 6 Double-click the icon to display your current Internet connection status. 18.5.2 Web Configurator Easy Access With UPnP, you can access the web-based configurator on the ZyXEL device without finding out the IP address of the ZyXEL device first.
  • Page 237: Web Configurator Easy Access

    1 Click Start and then Control Panel. 2 Double-click Network Connections. 3 Select My Network Places under Other Places. 4 An icon with the description for each UPnP-enabled device displays under Local Network. 5 Right-click the icon for your ZyXEL device and select Invoke.
  • Page 238 P-335 Series User’s Guide Follow the steps below to access the web configurator. 1 Click Start and then Control Panel. 2 Double-click Network Connections. 3 Select My Network Places under Other Places. 4 An icon with the description for each UPnP-enabled device displays under Local Network.
  • Page 239 P-335 Series User’s Guide Chapter 18 UPnP...
  • Page 240 P-335 Series User’s Guide Chapter 18 UPnP...
  • Page 241: Chapter 19 Print Server

    This chapter discusses how to configure the print server on the Prestige. 19.1 Print Server Overview A print server is a device or software that provides users on a network with shared access to one or more printers. The print server acts as a buffer, holding the information to be printed out in memory until the printer becomes free.
  • Page 242: Prestige Print Server Screen

    P-335 Series User’s Guide The print server must be set up on each computer in your network that you want to use the print server. Before you set up the print server, make sure the USB printer is connected to the Prestige using the USB cable and that both the Prestige and the USB printer are turned on.
  • Page 243: Chapter 20 System

    This chapter provides information on the System screens. 20.1 System Overview See the Wizard Setup chapter for more information on the next few screens. 20.2 General Screen Click the System link under Maintenance and the General tab. The following screen displays.
  • Page 244: Dynamic Dns

    P-335 Series User’s Guide Table 98 General LABEL DESCRIPTION Administrator Type how many minutes a management session (either via the web configurator Inactivity Timer or SMT) can be left idle before the session times out. The default is 5 minutes. After it times out you have to log in with your password again.
  • Page 245: Figure 130 Dynamic Dns

    Figure 130 Dynamic DNS The following table describes the labels in this screen. Table 99 Dynamic DNS LABEL Enable Dynamic DNS Service Provider Dynamic DNS Type Host Name User Name Password Enable Wildcard Option Select the check box to enable DynDNS Wildcard. Enable off line option IP Address Update Policy: Use WAN IP Address...
  • Page 246: Time Setting Screen

    P-335 Series User’s Guide 20.5 Time Setting Screen To change your Prestige’s time and date, click the System link under Maintenance and the Time Setting tab. The screen appears as shown. Use this screen to configure the Prestige’s time based on your local time zone. Figure 131 Time Setting The following table describes the labels in this screen.
  • Page 247 Table 100 Time Setting LABEL New Date (yyyy-mm-dd) Get from Time Server Time Protocol Time Server Address Current Time New Time Current Date New Date Time Zone Setup Enable Daylight Saving Start Date Chapter 20 System DESCRIPTION This field displays the last updated date from the time server or the last date configured manually.
  • Page 248 P-335 Series User’s Guide Table 100 Time Setting LABEL End Date Apply Reset DESCRIPTION Configure the day and time when Daylight Saving Time ends if you selected Daylight Saving. The o'clock field uses the 24 hour format. Here are a couple of examples: Daylight Saving Time ends in the United States on the last Sunday of October.
  • Page 249: Chapter 21 Logs

    This chapter contains information about configuring general log settings and viewing the Prestige’s logs. Refer to the appendices for example log message explanations. 21.1 View Log The web configurator allows you to look at all of the Prestige’s logs in one location. Click the Logs link under Maintenance to open the View Log screen.
  • Page 250: Log Settings

    P-335 Series User’s Guide Figure 132 View Log The following table describes the labels in this screen. Table 101 View Logs LABEL DESCRIPTION Display The categories that you select in the Log Settings page (see section ) display in the drop-down list box. Select a category of logs to view;...
  • Page 251 P-335 Series User’s Guide Use the Log Settings screen to configure to where the Prestige is to send logs; the schedule for when the Prestige is to send the logs and which logs and/or immediate alerts the Prestige to send. An alert is a type of log that warrants more serious attention.
  • Page 252: Figure 133 Log Settings

    P-335 Series User’s Guide Figure 133 Log Settings The following table describes the labels in this screen. Table 102 Log Settings LABEL DESCRIPTION Address Info Mail Server Enter the server name or the IP address of the mail server for the e-mail addresses specified below.
  • Page 253 Table 102 Log Settings LABEL DESCRIPTION Send Alerts To Alerts are real-time notifications that are sent as soon as an event, such as a DoS attack, system error, or forbidden web access attempt occurs. Enter the E-mail address where the alert messages will be sent. Alerts include system errors, attacks and attempted access to blocked web sites.
  • Page 254 P-335 Series User’s Guide Chapter 21 Logs...
  • Page 255: Chapter 22 Tools

    This chapter shows you how to upload a new firmware, upload or save backup configuration files and restart the Prestige. 22.1 Firmware Upload Screen Find firmware at www.zyxel.com "*.bin" extension, e.g., "Prestige.bin". The upload process uses HTTP (Hypertext Transfer Protocol) and may take up to two minutes. After a successful upload, the system will reboot. See the Firmware and Configuration File Maintenance FTP/TFTP commands.
  • Page 256: Configuration Screen

    P-335 Series User’s Guide Figure 135 Upload Warning The Prestige automatically restarts in this time causing a temporary network disconnect. In some operating systems, you may see the following icon on your desktop. Figure 136 Network Temporarily Disconnected After two minutes, log in again and check your new firmware version in the Status screen. If the upload was not successful, the following screen will appear.
  • Page 257: Backup Configuration

    Figure 138 Configuration 22.2.1 Backup Configuration Backup configuration allows you to back up (save) the Prestige’s current configuration to a file on your computer. Once your Prestige is configured and functioning properly, it is highly recommended that you back up your configuration file before making configuration changes. The backup configuration file will be useful in case you need to return to your previous settings.
  • Page 258: Back To Factory Defaults

    P-335 Series User’s Guide Figure 139 Configuration Restore Successful The Prestige automatically restarts in this time causing a temporary network disconnect. In some operating systems, you may see the following icon on your desktop. Figure 140 Temporarily Disconnected If you uploaded the default configuration file you may need to change the IP address of your computer to be in the same subnet as that of the default Prestige IP address (192.168.1.1).
  • Page 259: Figure 142 System Restart

    P-335 Series User’s Guide Figure 142 System Restart Chapter 22 Tools...
  • Page 260 P-335 Series User’s Guide Chapter 22 Tools...
  • Page 261: Chapter 23 Introducing The Smt

    This chapter explains how to access and navigate the System Management Terminal and gives an overview of its menus. 23.1 SMT Introduction The Prestige’s SMT (System Management Terminal) is a menu-driven interface that you can access from a terminal emulator through the console port or over a telnet connection. This chapter shows you how to access the SMT (System Management Terminal) menus via console port, how to navigate the SMT and how to configure SMT menus.
  • Page 262: Prestige Smt Menu Overview

    P-335 Series User’s Guide Figure 143 Login Screen Enter Password : **** 23.1.3 Prestige SMT Menu Overview The following figure gives you an overview of the various SMT menu screens of your Prestige.The following table gives you an overview of your Prestige’s various SMT menus. Table 105 SMT Menus Overview MENUS SUB MENUS...
  • Page 263: Navigating The Smt Interface

    Table 105 SMT Menus Overview (continued) MENUS SUB MENUS 24 System Maintenance 24.1 System Status 24.2 System Information and Console Port Speed 24.3 Log and Trace 24.4 Diagnostic 24.5 Backup Configuration 24.6 Restore Configuration 24.7 Upload Firmware 24.8 Command Interpreter Mode 24.9 Call Control 24.10 Time and Date Setting 24.11 Remote Management Control...
  • Page 264 P-335 Series User’s Guide Table 106 Main Menu Commands OPERATION KEYSTROKE Move the cursor [ENTER] or [UP]/ [DOWN] arrow keys. Entering Type in or press information [SPACE BAR], then press [ENTER]. Required fields < N/A fields <N/A> Save your [ENTER] configuration Exit the SMT Type 99, then...
  • Page 265: System Management Terminal Interface Summary

    Figure 144 SMT Main Menu Copyright (c) 1994 - 2005 ZyXEL Communications Corp. Getting Started 1. General Setup 2. WAN Setup 3. LAN Setup 4. Internet Access Setup Advanced Applications 11. Remote Node Setup 12. Static Routing Setup 15. NAT Setup 23.2.1 System Management Terminal Interface Summary...
  • Page 266: Changing The System Password

    P-335 Series User’s Guide Table 107 Main Menu Summary MENU TITLE VPN/ IPSec Setup Exit 23.3 Changing the System Password Change the Prestige default password by following the steps shown next. 1 Enter 23.1 in the main menu to display Menu 23.1 - System Security - Change Password.
  • Page 267: Chapter 24 Menu 1 General Setup

    Menu 1 - General Setup contains administrative and system-related information. 24.1 General Setup Menu 1 — General Setup contains administrative and system-related information (shown next). The System Name field is for identification purposes. However, because some ISPs check this name you should enter your computer's "Computer Name". In Windows 95/98 click Start, Settings, Control Panel, Network.
  • Page 268: Figure 146 Menu 1 General Setup

    P-335 Series User’s Guide Figure 146 Menu 1 General Setup. Menu 1 - General Setup Press ENTER to Confirm or ESC to Cancel: 2 Fill in the required fields. Refer to the table shown next for more information about these fields.
  • Page 269: Procedure To Configure Dynamic Dns

    24.2.1 Procedure to Configure Dynamic DNS Note: If you have a private WAN IP address, then you cannot use Dynamic DNS. To configure Dynamic DNS, go to Menu 1 — General Setup and select Yes in the Edit Dynamic DNS field. Press [ENTER] to display Menu 1.1— Configure Dynamic DNS as shown next.
  • Page 270 P-335 Series User’s Guide Table 109 Menu 1.1 Configure Dynamic DNS FIELD DESCRIPTION Edit Update IP Address: You can select Yes in either the Use Server Detected IP field (recommended) or the User Specified IP Addr field, but not both. With the Use Server Detected IP and User Specified IP Addr fields both set to No, the DDNS server automatically updates the IP address of the host name(s) with the Prestige’s WAN IP address.
  • Page 271: Chapter 25 Menu 2 Wan Setup

    This chapter describes how to configure the WAN using menu 2. 25.1 Introduction to WAN This chapter explains how to configure settings for your WAN port. 25.2 WAN Setup From the main menu, enter 2 to open menu 2. Figure 148 Menu 2 WAN Setu Press ENTER to Confirm or ESC to Cancel: The following table describes the fields in this menu.
  • Page 272 P-335 Series User’s Guide Chapter 25 Menu 2 WAN Setup...
  • Page 273: Chapter 26 Menu 3 Lan Setup

    This chapter covers how to configure your wired Local Area Network (LAN) settings. 26.1 LAN Setup This section describes how to configure the Ethernet using Menu 3 — LAN Setup. From the main menu, enter 3 to display menu 3. Figure 149 Menu 3 LAN Setup Enter Menu Selection Number: 26.1.1 General Ethernet Setup...
  • Page 274: Protocol Dependent Ethernet Setup

    P-335 Series User’s Guide 26.2 Protocol Dependent Ethernet Setup Depending on the protocols for your applications, you need to configure the respective Ethernet Setup, as outlined below. • For TCP/IP Ethernet setup refer to the Internet Access Application chapter. • For bridging Ethernet setup refer to the Bridging Setup chapter. 26.3 TCP/IP Ethernet Setup and DHCP Use menu 3.2 to configure your Prestige for TCP/IP.
  • Page 275: Table 112 Menu 3.2: Lan Tcp/Ip Setup Fields

    Table 111 DHCP Ethernet Setup Fields FIELD DESCRIPTION Size of Client IP This field specifies the size, or count of the IP address pool. Pool The Prestige passes a DNS (Domain Name System) server IP address (in the order First DNS Server you specify here) to the DHCP clients.
  • Page 276: Ip Alias Setup

    P-335 Series User’s Guide 26.3.1 IP Alias Setup IP alias allows you to partition a physical network into different logical networks over the same Ethernet interface. The Prestige supports three logical LAN interfaces via its single physical Ethernet interface with the Prestige itself as the gateway for each LAN network. Figure 152 Physical Network &...
  • Page 277 Table 113 Menu 3.2.1: IP Alias Setup FIELD DESCRIPTION IP Subnet Mask Your Prestige will automatically calculate the subnet mask based on the IP address that you assign. Unless you are implementing subnetting, use the subnet mask computed by the Prestige. RIP Direction Press [SPACE BAR] and then [ENTER] to select the RIP direction.
  • Page 278 P-335 Series User’s Guide Chapter 26 Menu 3 LAN Setup...
  • Page 279: Chapter 27 Internet Access

    This chapter shows you how to configure your Prestige for Internet access 27.1 Introduction to Internet Access Setup Use information from your ISP along with the instructions in this chapter to set up your Prestige to access the Internet. There are three different menu 4 screens depending on whether you chose Ethernet, PPTP or PPPoE Encapsulation.
  • Page 280: Figure 154 Menu 4 Internet Access Setup

    P-335 Series User’s Guide Figure 154 Menu 4 Internet Access Setup ISP's Name= MyISP Encapsulation= Ethernet Service Type= Standard My Login= N/A My Password= N/A Retype to Confirm= N/A Login Server= N/A Relogin Every (min)= IP Address Assignment= Dynamic IP Address= N/A IP Subnet Mask= N/A Gateway IP Address= N/A Network Address Translation= SUA Only...
  • Page 281: Configuring The Pptp Client

    Table 114 Internet Access Setup (Ethernet Gateway IP Address Network Address Translation When you have completed this menu, press [ENTER] at the prompt “Press ENTER to Confirm…” to save your configuration, or press [ESC] at any time to cancel. 27.3 Configuring the PPTP Client Note: The Prestige supports only one PPTP server connection at any given time To configure a PPTP client, you must configure the My Login and Password fields for a PPP connection and the PPTP parameters for a PPTP connection.
  • Page 282: Configuring The Pppoe Client

    P-335 Series User’s Guide Figure 155 Internet Access Setup (PPTP) Menu 4 - Internet Access Setup Press ENTER to Confirm or ESC to Cancel: The following table contains instructions about the new fields when you choose PPTP in the Encapsulation field in menu 4. Table 115 New Fields in Menu 4 (PPTP) Screen FIELD DESCRIPTION...
  • Page 283: Basic Setup Complete

    Figure 156 Internet Access Setup (PPPoE) ISP's Name= MyISP Encapsulation= PPPoE Service Type= N/A My Login= My Password= ******** Retype to Confirm= ******** Idle Timeout= 100 IP Address Assignment= Dynamic IP Address= N/A IP Subnet Mask= N/A Gateway IP Address= N/A Network Address Translation= SUA Only Press ENTER to Confirm or ESC to Cancel: The following table contains instructions about the new fields when you choose PPPoE in the...
  • Page 284 P-335 Series User’s Guide Chapter 27 Internet Access...
  • Page 285: Remote Node Configuration

    Remote Node Configuration This chapter covers remote node configuration. 28.1 Introduction to Remote Node Setup A remote node is required for placing calls to a remote gateway. A remote node represents both the remote gateway and the network behind it across a WAN connection. Note that when you use menu 4 to set up Internet access, you are actually configuring a remote node.
  • Page 286: Figure 157 Menu 11.1 Remote Node Profile For Ethernet Encapsulation

    P-335 Series User’s Guide Figure 157 Menu 11.1 Remote Node Profile for Ethernet Encapsulation Rem Node Name= MyISP Active= Yes Encapsulation= Ethernet Service Type= Standard Service Name= N/A Outgoing: My Login= N/A My Password= N/A Retype to Confirm= N/A Server= N/A Relogin Every (min)= The following table describes the fields in this menu.
  • Page 287: Pppoe Encapsulation

    Table 117 Menu 11.1 Remote Node Profile for Ethernet Encapsulation FIELD DESCRIPTION Edit IP This field leads to a “hidden” menu. Press [SPACE BAR] to select Yes and press [ENTER] to go to Menu 11.3 - Remote Node Network Layer Options. Session Options Edit Filter Sets This field leads to another “hidden”...
  • Page 288: Nailed-Up Connection

    P-335 Series User’s Guide 28.2.2.2 Nailed-Up Connection A nailed-up connection is a dial-up line where the connection is always up regardless of traffic demand. The Prestige does two things when you specify a nailed-up connection. The first is that idle timeout is disabled. The second is that the Prestige will try to bring up the connection when turned on and whenever the connection is down.
  • Page 289: Edit Ip

    Figure 159 Menu 11.1 Remote Node Profile for PPTP Encapsulation Rem Node Name= MyISP Active= Yes Encapsulation= PPTP Service Type= Standard Service Name= N/A Outgoing: My Login= My Password= ******** Retype to Confirm= ******** Authen= CHAP/PAP PPTP: My IP Addr= My IP Mask= Server IP Addr= Connection ID/Name=...
  • Page 290: Figure 160 Menu 11.3 Remote Node Network Layer Options For Ethernet Encapsulation

    P-335 Series User’s Guide Figure 160 Menu 11.3 Remote Node Network Layer Options for Ethernet Encapsulation Menu 11.3 - Remote Node Network Layer Options Enter here to CONFIRM or ESC to CANCEL: This menu displays the My WAN Addr field for PPPoE and PPTP encapsulations and Gateway IP Addr field for Ethernet encapsulation.
  • Page 291: Remote Node Filter

    Table 120 Remote Node Network Layer Options FIELD DESCRIPTION Metric Enter a number from 1 to 15 to set this route’s priority among the Prestige’s routes (see the Metric section in the WAN and Dial Backup Setup chapter) The smaller the number, the higher priority the route has.
  • Page 292: Traffic Redirect Setup

    P-335 Series User’s Guide Figure 161 M enu 11.5: Remote Node Filter (Ethernet Encapsulation) Menu 11.5 - Remote Node Filter Enter here to CONFIRM or ESC to CANCEL: Figure 162 Menu 11.5: Remote Node Filter (PPPoE or PPTP Encapsulation) Menu 11.5 - Remote Node Filter Enter here to CONFIRM or ESC to CANCEL: 28.4.1 Traffic Redirect Setup Configure parameters that determine when the Prestige will forward WAN traffic to the...
  • Page 293: Figure 163 Menu 11.6: Traffic Redirect Setup

    Figure 163 Menu 11.6: Traffic Redirect Setup Active= Yes Configuration: Press ENTER to Confirm or ESC to Cancel: The following table describes the fields in this screen. Table 121 Menu 11.6: Traffic Redirect Setup FIELD DESCRIPTION Active Press [SPACE BAR] and select Yes (to enable) or No (to disable) traffic redirect setup.
  • Page 294 P-335 Series User’s Guide Chapter 28 Remote Node Configuration...
  • Page 295: Chapter 29 Static Route Setup

    This chapter shows how to setup IP static routes. 29.1 IP Static Route Setup To configure an IP static route, use Menu 12 – Static Routing Setup (shown next). Figure 164 Menu 12 IP Static Route Setup Menu 12 - IP Static Route Setup Enter selection number: Now, type the route number of a static route you want to configure.
  • Page 296: Figure 165 Menu12.1 Edit Ip Static Route

    P-335 Series User’s Guide Figure 165 Menu12.1 Edit IP Static Route Menu 12.1 - Edit IP Static Route Press ENTER to Confirm or ESC to Cancel: The following table describes the fields for Menu 12.1 – Edit IP Static Route Setup. Table 122 Menu12.1 Edit IP Static Route FIELD Route #...
  • Page 297: Network Address Translation (Nat)

    Network Address Translation This chapter discusses how to configure NAT on the Prestige. 30.1 Using NAT Note: You must create a firewall rule in addition to setting up SUA/NAT, to allow traffic from the WAN to be forwarded through the Prestige 30.1.1 SUA (Single User Account) Versus NAT SUA (Single User Account) is a ZyNOS implementation of a subset of NAT that supports two types of mapping, Many-to-One and Server.
  • Page 298: Figure 166 Menu 4 Applying Nat For Internet Access

    P-335 Series User’s Guide Figure 166 Menu 4 Applying NAT for Internet Access ISP's Name= MyISP Encapsulation= Ethernet IP Address Assignment= Dynamic Network Address Translation= SUA Only Press ENTER to Confirm or ESC to Cancel: The following figure shows how you apply NAT to the remote node in menu 11.1. 1 Enter 11 from the main menu.
  • Page 299: Nat Setup

    Figure 167 Menu 11.3 Applying NAT to the Remote Node Menu 11.3 - Remote Node Network Layer Options IP Address Assignment= Dynamic IP Address= N/A IP Subnet Mask= N/A Gateway IP Addr= N/A Network Address Translation= SUA Only Metric= 1 Private= N/A RIP Direction= None Version= N/A...
  • Page 300: Address Mapping Sets

    P-335 Series User’s Guide Figure 168 Menu 15 NAT Setup Menu 15 - NAT Setup Enter Menu Selection Number: 30.3.1 Address Mapping Sets Enter 1 to bring up Menu 15.1 — Address Mapping Sets. Figure 169 Menu 15.1 Address Mapping Sets Enter 255 to display the next screen, (see The fields in this menu cannot be changed.
  • Page 301: User-Defined Address Mapping Sets

    Figure 170 Menu 15.1.255 SUA Address Mapping Rules Set Name= SUA Local Start IP Local End IP -------------- --------------- --------------- --------------- ------ 0.0.0.0 The following table explains the fields in this menu. Table 124 SUA Address Mapping Rules FIELD Set Name Local Start IP Local End IP Global Start IP...
  • Page 302: Ordering Your Rules

    P-335 Series User’s Guide Figure 171 Menu 15.1.1 First Set Menu 15.1.1 - Address Mapping Rules Set Name= NAT_SET Local Start IP --------------- -------------- --------------- --------------- Note: If the Set Name field is left blank, the entire set will be deleted. Note: The Type, Local and Global Start/End IPs are configured in menu 15.1.1.1 (described later) and the values are displayed here.
  • Page 303: Figure 172 Menu 15.1.1.1 Editing/Configuring An Individual Rule In A Set

    Note: You must press [ENTER] at the bottom of the screen to save the whole set. You must do this again if you make any changes to the set – including deleting a rule. No changes to the set take place until this action is taken Selecting Edit in the Action field and then selecting a rule brings up the following menu, Menu 15.1.1.1 - Address Mapping Rule in which you can edit an individual rule and configure the Type, Local and Global Start/End IPs.
  • Page 304: Configuring A Server Behind Nat

    P-335 Series User’s Guide 30.4 Configuring a Server behind NAT Follow these steps to configure a server behind NAT: 1 Enter 15 in the main menu to go to Menu 15 - NAT Setup. 2 Enter 2 to display Menu 15.2 - NAT Server Setup as shown next. Figure 173 Menu 15.2.1 NAT Server Setup Menu 15.2 - NAT Server Setup...
  • Page 305: General Nat Examples

    Figure 174 Multiple Servers Behind NAT Example 30.5 General NAT Examples The following are some examples of NAT configuration. 30.5.1 Example 1: Internet Access Only In the following Internet access example, you only need one rule where the ILAs (Inside Local Addresses) of computers A through D map to one dynamic IGA (Inside Global Address) assigned by your ISP.
  • Page 306: Example 2: Internet Access With An Inside Server

    P-335 Series User’s Guide Figure 175 NAT Example 1 Figure 176 Menu 4 Internet Access & NAT Example ISP's Name= MyISP Encapsulation= Ethernet Service Type= Standard My Login= N/A My Password= N/A Retype to Confirm= N/A Login Server= N/A Relogin Every (min)= IP Address Assignment= Dynamic IP Address= N/A IP Subnet Mask= N/A...
  • Page 307: Example 3: Multiple Public Ip Addresses With Inside Servers

    Figure 177 NAT Example 2 In this case, you do exactly as above (use the convenient pre-configured SUA Only set) and also go to menu 15.2 to specify the Inside Server behind the NAT as shown in the next figure. Figure 178 Menu 15.2.1 Specifying an Inside Server Rule Start Port No.
  • Page 308: Figure 179 Nat Example 3

    P-335 Series User’s Guide 4 You also map your third IGA to the web server and mail server on the LAN. Type Server allows you to specify multiple servers, of different types, to other computers behind NAT on the LAN. The example situation looks somewhat like this: Figure 179 NAT Example 3 1 In this case you need to configure Address Mapping Set 1 from Menu 15.1 - Address...
  • Page 309: Figure 180 Nat Example 3: Menu 11.3

    Figure 180 NAT Example 3: Menu 11.3 Menu 11.3 - Remote Node Network Layer Options Enter here to CONFIRM or ESC to CANCEL: The following figures show how to configure the first rule. Chapter 30 Network Address Translation (NAT) IP Address Assignment= Dynamic IP Address= N/A IP Subnet Mask= N/A Gateway IP Addr= N/A...
  • Page 310: Figure 181 Example 3: Menu 15.1.1.1

    P-335 Series User’s Guide Figure 181 Example 3: Menu 15.1.1.1 Menu 15.1.1.1 Address Mapping Rule Press ENTER to Confirm or ESC to Cancel: Press Space Bar to Toggle. Figure 182 Example 3: Final Menu 15.1.1 Menu 15.1.1 - Address Mapping Rules Set Name= NAT_SET Local Start IP --------------- -------------- --------------- --------------- ------...
  • Page 311: Example 4: Nat Unfriendly Application Programs

    Figure 183 Example 3: Menu 15.2 Menu 15.2 - NAT Server Setup Rule Start Port No. --------------------------------------------------- Press ENTER to Confirm or ESC to Cancel: HTTP:80 FTP:21 Telnet:23 SMTP:25 POP3:110 PPTP:1723 30.5.4 Example 4: NAT Unfriendly Application Programs Some applications do not support NAT Mapping using TCP or UDP port address translation. In this case it is better to use Many-to-Many No Overload mapping as port numbers do not change for Many-to-Many No Overload (and One-to-One) NAT mapping types.
  • Page 312: Configuring Trigger Port Forwarding

    P-335 Series User’s Guide Figure 185 Example 4: Menu 15.1.1.1 Address Mapping Rule. Menu 15.1.1.1 Address Mapping Rule Press ENTER to Confirm or ESC to Cancel: After you’ve configured your rule, you should be able to check the settings in menu 15.1.1 as shown next.
  • Page 313: Figure 187 Menu 15.3 Trigger Port Setup

    Figure 187 Menu 15.3 Trigger Port Setup Menu 15.3 - Trigger Port Setup Rule Name ---------------------------------------------------------------------- Real Audio The following table describes the fields in this screen. Table 127 Menu 15.3 Trigger Port Setup FIELD DESCRIPTION Rule This is the rule index number. Name Enter a unique name for identification purposes.
  • Page 314 P-335 Series User’s Guide Chapter 30 Network Address Translation (NAT)
  • Page 315: Chapter 31 Enabling The Firewall

    This chapter shows you how to get started with the Prestige firewall. 31.1 Remote Management and the Firewall When SMT menu 24.11 is configured to allow management (see the Remote Management chapter) and the firewall is enabled: • The firewall blocks remote management from the WAN unless you configure a firewall rule to allow it.
  • Page 316: Figure 188 Menu 21.2 Firewall Setup

    P-335 Series User’s Guide Figure 188 Menu 21.2 Firewall Setup The firewall protects against Denial of Service (DoS) attacks when it is active. Your network is vulnerable to attacks when the firewall is turned off. Refer to the User's Guide for details about the firewall default policies.
  • Page 317: Chapter 32 Vpn/Ipsec Setup

    This chapter introduces the VPN SMT menus. 32.1 VPN/IPSec Overview The VPN/IPSec main SMT menu has these main submenus: 1 Define VPN policies in menu 27.1 submenus, including security policies, endpoint IP addresses, peer IPSec router IP address and key management. 2 Menu 27.2 - SA Monitor allows you to manage (refresh or disconnect) your SA connections.
  • Page 318: Ipsec Summary Screen

    P-335 Series User’s Guide Figure 190 Menu 27 VPN/IPSec Setup Menu 27 - VPN/IPSec Setup 1. IPSec Summary 2. SA Monitor Enter Menu Selection Number: 32.2 IPSec Summary Screen Type 1 in menu 27 and then press [ENTER] to display Menu 27.1 IPSec Summary. This is a summary read-only menu of your IPSec rules (tunnels).
  • Page 319 Table 128 Menu 27.1 IPSec Summary FIELD Local Addr When the Addr Type field in Menu 27.1.1 IPSec Setup is configured to Single, this is a Start static IP address on the LAN behind your Prestige. When the Addr Type field in Menu 27.1.1 IPSec Setup is configured to Range, this is the beginning (static) IP address, in a range of computers on the LAN behind your Pres- tige.
  • Page 320 P-335 Series User’s Guide Table 128 Menu 27.1 IPSec Summary FIELD Remote Addr When the Addr Type field in Menu 27.1.1 IPSec Setup is configured to Single, this is the same (static) IP address as in the Remote Addr Start field. When the Addr Type field in Menu 27.1.1 IPSec Setup is configured to Range, this is the end (static) IP address, in a range of computers on the network behind the remote IPSec router.
  • Page 321: Figure 192 Menu 27.1.1 Ipsec Setup

    Figure 192 Menu 27.1.1 IPSec Setup Index= 1 Active= Yes Local ID type My IP Addr= 0.0.0.0 Peer ID type= IP Secure Gateway Address= zw50test.zyxel.com.tw Protocol= 0 Local: Addr Type= SINGLE Local IP Addr= 1.1.1.1 Port Start= 0 Addr Type= SUBNET Remote: IP Addr Start= 4.4.4.4 Port Start= 0...
  • Page 322 P-335 Series User’s Guide Table 129 Menu 27.1.1 IPSec Setup FIELD DESCRIPTION Content When you select IP in the Local ID Type field, type the IP address of your computer or leave the field blank to have the Prestige automatically use its own IP address. When you select DNS in the Local ID Type field, type a domain name (up to 31 char- acters) by which to identify this Prestige.
  • Page 323 Table 129 Menu 27.1.1 IPSec Setup FIELD DESCRIPTION Port Start 0 is the default and signifies any port. Type a port number from 0 to 65535. You cannot create a VPN tunnel if you try to connect using a port number that does not match this port number or range of port numbers.
  • Page 324: Ike Setup

    P-335 Series User’s Guide Table 129 Menu 27.1.1 IPSec Setup FIELD DESCRIPTION Enable Replay As a VPN setup is processing intensive, the system is vulnerable to Denial of Service Detection (DoS) attacks The IPSec receiver can detect and reject old or duplicate packets to pro- tect against replay attacks.
  • Page 325: Figure 193 Menu 27.1.1.1 Ike Setup

    Figure 193 Menu 27.1.1.1 IKE Setup Press Space Bar to Toggle. The following table describes the fields in this menu. Table 130 Menu 27.1.1.1 IKE Setup FIELD DESCRIPTION Phase 1 Negotiation Press [SPACE BAR] to choose from Main or Aggressive and then press [ENTER]. Mode See earlier for a discussion of these modes.
  • Page 326: Manual Setup

    P-335 Series User’s Guide Table 130 Menu 27.1.1.1 IKE Setup FIELD DESCRIPTION Authentication MD5 (Message Digest 5) and SHA1 (Secure Hash Algorithm) are hash algorithms Algorithm used to authenticate packet data. The SHA1 algorithm is generally considered stron- ger than MD5, but is slightly slower. Press [SPACE BAR] to choose from SHA1 or MD5 and then press [ENTER].
  • Page 327: Active Protocol

    32.4.1 Active Protocol This field is a combination of mode and security protocols used for the VPN. See the Web Configurator part on VPN for more information on these parameters. Table 131 Active Protocol: Encapsulation and Security Protocol MODE Tunnel Transport 32.4.2 Security Parameter Index (SPI) To edit this menu, move the cursor to the Edit Manual Setup field in Menu 27.1.1 –...
  • Page 328 P-335 Series User’s Guide Table 132 Menu 27.1.1.2 Manual Setup FIELD DESCRIPTION Encryption Press [SPACE BAR] to choose from NULL, 3DES or DES and then press [ENTER]. Algorithm Fill in the Key1 field below when you choose DES and fill in fields Key1 to Key3 when you choose 3DES.
  • Page 329: Chapter 33 Sa Monitor

    This chapter teaches you how to manage your SAs by using the SA Monitor in SMT menu 27.2. 33.1 SA Monitor Overview A Security (SA) is the group of security settings related to a specific VPN tunnel. This menu (shown next) displays active VPN connections. Note: When there is outbound traffic but no inbound traffic, the SA times out automatically after two minutes.
  • Page 330: Figure 195 Menu 27.2 Sa Monitor

    P-335 Series User’s Guide Figure 195 Menu 27.2 SA Monitor Name -------------------------------- Taiwan : 3.3.3.1 – 3.3.3.100 Press ENTER to Confirm or ESC to Cancel: The following table describes the fields in this menu. Table 133 Menu 27.2 SA Monitor FIELD DESCRIPTION This is the security index number.
  • Page 331 Table 133 Menu 27.2 SA Monitor FIELD DESCRIPTION Select Press [SPACE BAR] to choose from Refresh, Disconnect, None, Next Page, or Previ- Command ous Page and then press [ENTER]. You must select a connection in the next field when you choose the Disconnect command. Refresh displays current active VPN connec- tions.
  • Page 332 P-335 Series User’s Guide Chapter 33 SA Monitor...
  • Page 333: Chapter 34 Filter Configuration

    This chapter shows you how to create and apply filters. 34.1 Introduction to Filters Your Prestige uses filters to decide whether to allow passage of a data packet and/or to make a call. There are two types of filter applications: data filtering and call filtering. Filters are subdivided into device and protocol filters, which are discussed later.
  • Page 334: The Filter Structure Of The Prestige

    P-335 Series User’s Guide 34.1.1 The Filter Structure of the Prestige A filter set consists of one or more filter rules. Usually, you would group related rules, e.g., all the rules for NetBIOS, into a single set and give it a descriptive name. The Prestige allows you to configure up to twelve filter sets with six rules in each set, for a total of 72 filter rules in the system.
  • Page 335: Configuring A Filter Set

    Figure 197 Filter Rule Process You can apply up to four filter sets to a particular port to block multiple types of packets. With each filter set having up to six rules, you can have a maximum of 24 rules active for a single port.
  • Page 336: Figure 198 Menu 21: Filter And Firewall Setup

    P-335 Series User’s Guide Figure 198 Menu 21: Filter and Firewall Setup Menu 21 - Filter and Firewall Setup Enter Menu Selection Number: 2 Enter 1 to bring up the following menu. Figure 199 Menu 21.1: Filter Set Configuration Filter Set # ------ -----------------...
  • Page 337: Configuring A Filter Rule

    Table 134 Abbreviations Used in the Filter Rules Summary Menu FIELD DESCRIPTION Action Matched. “F” means to forward the packet immediately and skip checking the remaining rules. “D” means to drop the packet. “N“ means to check the next rule. Action Not Matched “F”...
  • Page 338: Figure 200 Menu 21.1.1.1 Tcp/Ip Filter Rule

    P-335 Series User’s Guide To configure TCP/IP rules, select TCP/IP Filter Rule from the Filter Type field and press [ENTER] to open Menu 21.1.1.1 - TCP/IP Filter Rule, as shown next Figure 200 Menu 21.1.1.1 TCP/IP Filter Rule. The following table describes how to configure your TCP/IP filter rule. Table 136 TCP/IP Filter Rule FIELD DESCRIPTION...
  • Page 339 Table 136 TCP/IP Filter Rule FIELD DESCRIPTION Source IP Address Enter the source IP Address of the packet you wish to filter. This field is ignored if it is 0.0.0.0. IP Mask Enter the IP mask to apply to the Source: IP Addr. Port # Enter the source port of the packets that you wish to filter.
  • Page 340: Configuring A Generic Filter Rule

    P-335 Series User’s Guide Figure 201 Executing an IP Filter 34.2.3 Configuring a Generic Filter Rule This section shows you how to configure a generic filter rule. The purpose of generic rules is to allow you to filter non-IP packets. For IP, it is generally easier to use the IP rules directly. For generic rules, the Prestige treats a packet as a byte stream as opposed to an IP or IPX packet.
  • Page 341: Figure 202 Menu 21.1.4.1 Generic Filter Rule

    Figure 202 Menu 21.1.4.1 Generic Filter Rule The following table describes the fields in the Generic Filter Rule menu. Table 137 Generic Filter Rule Menu Fields FIELD DESCRIPTION Filter # This is the filter set, filter rule co-ordinates, i.e., 2,3 refers to the second filter set and the third rule of that set.
  • Page 342: Example Filter

    P-335 Series User’s Guide Table 137 Generic Filter Rule Menu Fields FIELD DESCRIPTION Action Select the action for a packet matching the rule. Matched Action Not Select the action for a packet not matching the rule. Matched Once you have completed filling in Menu 21.4.1.1 - Generic Filter Rule, press [ENTER] at the message “Press ENTER to Confirm”...
  • Page 343: Figure 204 Example Filter: Menu 21.1.3.1

    Figure 204 Example Filter: Menu 21.1.3.1 Menu 21.1.3.1 - TCP/IP Filter Rule Press ENTER to Confirm or ESC to Cancel: Press Space Bar to Toggle. • Select Yes from the Active field to activate this rule. • 6 is the TCP IP Protocol. •...
  • Page 344: Filter Types And Nat

    P-335 Series User’s Guide Figure 205 Example Filter Rules Summary: Menu 21.1.3 # A Type - - ---- --------------------------------------------------------- - - - 1 Y IP Pr=6, SA=0.0.0.0, DA=0.0.0.0, DP=23 This shows you that you have configured and activated (A = Y) a TCP/IP filter rule (Type = IP, Pr = 6) for destination telnet ports (DP = 23).
  • Page 345: Firewall Versus Filters

    Figure 206 Protocol and Device Filter Sets 34.5 Firewall Versus Filters Firewall configuration is discussed in the firewall chapters of this manual. Further comparisons are also made between filtering, NAT and the firewall. 34.6 Applying a Filter This section shows you where to apply the filter(s) after you design it (them). The Prestige already has filters to prevent NetBIOS traffic from triggering calls, and block incoming telnet, FTP and HTTP connections Note: If you do not activate the firewall, it is advisable to apply filters.
  • Page 346: Applying Remote Node Filters

    P-335 Series User’s Guide Figure 207 Filtering LAN Traffic Menu 3.1 - LAN Port Filter Setup Press ENTER to Confirm or ESC to Cancel: 34.6.2 Applying Remote Node Filters Go to menu 11.5 (shown below – note that call filter sets are only present for PPPoE encapsulation) and enter the number(s) of the filter set(s) as appropriate.
  • Page 347: Chapter 35 Snmp Configuration

    This chapter explains SNMP Configuration menu 22. 35.1 About SNMP Simple Network Management Protocol is a protocol used for exchanging management information between network devices. SNMP is a member of the TCP/IP protocol suite. Your Prestige supports SNMP agent functionality, which allows a manager station to manage and monitor the Prestige through the network.
  • Page 348: Supported Mibs

    P-335 Series User’s Guide The managed devices contain object variables/managed objects that define each piece of information to be collected about a device. Examples of variables include the number of packets received, node port status etc. A Management Information Base (MIB) is a collection of managed objects.
  • Page 349: Snmp Traps

    Figure 210 Menu 22 SNMP Configuration Menu 22 - SNMP Configuration Press ENTER to Confirm or ESC to Cancel: The following table describes the SNMP configuration parameters. Table 138 Menu 22 SNMP Configuration FIELD DESCRIPTION SNMP: Get Community Type the Get Community, which is the password for the incoming Get- and GetNext requests from the management station.
  • Page 350: Table 140 Ports And Permanent Virtual Circuits

    P-335 Series User’s Guide Table 139 SNMP Traps TRAP # TRAP NAME linkUp (defined in RFC-1215) authenticationFailure (defined in RFC-1215) whyReboot (defined in ZYXEL-MIB) A trap is sent with the reason of restart before For intentional reboot : The port number is its interface index under the interface group. Table 140 Ports and Permanent Virtual Circuits PVC (PERMANENT PORT...
  • Page 351: System Information And Diagnosis

    System Information and This chapter covers the information and diagnostic tools in SMT menus 24.1 to 24.4. These tools include updates on system status, port status, log and trace capabilities and upgrades for the system software. This chapter describes how to use these tools in detail. Type 24 in the main menu to open Menu 24 –...
  • Page 352: Figure 212 Menu 24.1 System Maintenance : Status

    00:A0:C5:01:21:81 00:A0:C5:01:21:80 WLAN 00:A0:C5:01:21:80 System up Time: Name: P-335/P-335WT.zyxel.com.tw Routing: IP ZyNOS F/W Version: V3.60(JO.3) | 08/13/2005 COMMANDS: 1-Drop WAN 9-Reset Counters The following table describes the fields present in Menu 24.1 — System Maintenance — Status. These fields are READ-ONLY and meant for diagnostic purposes. The upper right corner of the screen shows the time and date according to the format you set in menu 24.10.
  • Page 353: System Information

    Table 141 System Maintenance: Status Menu Fields FIELD ZyNOS F/W Version The ZyNOS Firmware version and the date created. You may enter 1 to drop the WAN connection, 9 to reset the counters or [ESC] to return to menu 24. 36.2 System Information To get to the System Information: 1 Enter 24 to display Menu 24 —...
  • Page 354: Console Port Speed

    Displays the system name of your Prestige. This information can be changed in Menu 1 – General Setup. Refers to the routing protocol used. Refers to the ZyNOS (ZyXEL Network Operating System) system firmware version. ZyNOS is a registered trademark of ZyXEL Communications Corporation. Chapter 36 System Information and Diagnosis...
  • Page 355: Log And Trace

    Figure 215 Menu 24.2.2 System Maintenance : Change Console Port Speed Menu 24.2.2 – System Maintenance – Change Console Port Speed Console Port Speed: 9600 Press ENTER to Confirm or ESC to Cancel: 36.3 Log and Trace There are two logging facilities in the Prestige. The first is the error logs and trace records that are stored locally.
  • Page 356: Cdr

    P-335 Series User’s Guide 36.3.1.1 CDR CDR Message Format SdcmdSyslogSend ( SYSLOG_CDR, SYSLOG_INFO, String); String = board xx line xx channel xx, call xx, str board = the hardware board ID line = the WAN ID in a board Channel = channel ID within the WAN call = the call reference number which starts from 1 and increments by 1 for each new call str = C01 Outgoing Call dev xx ch xx (dev:device No.
  • Page 357: Filter Log

    36.3.1.3 Filter log Filter log Message Format SdcmdSyslogSend(SYSLOG_FILLOG, SYSLOG_NOTICE, String ); String = IP[Src=xx.xx.xx.xx Dst=xx.xx.xx.xx prot spo=xxxx dpo=xxxx] S04>R01mD IP[…] is the packet header and S04>R01mD means filter set 4 (S) and rule 1 (R), match (m) drop (D). Src: Source Address Dst: Destination Address prot: Protocol (“TCP”,”UDP”,”ICMP”) spo: Source port...
  • Page 358: Firewall Log

    P-335 Series User’s Guide 36.3.1.5 Firewall log Firewall Log Message Format SdcmdSyslogSend(SYSLOG_FIREWALL, SYSLOG_NOTICE, buf); buf = IP[Src=xx.xx.xx.xx : spo=xxxx Dst=xx.xx.xx.xx : dpo=xxxx | prot | rule | action] Src: Source Address spo: Source port (empty means no source port information) Dst: Destination Address dpo: Destination port (empty means no destination port information) prot: Protocol (“TCP”,”UDP”,”ICMP”, ”IGMP”, ”GRE”, ”ESP”)
  • Page 359: Diagnostic

    Figure 217 Call-Triggering Packet Example IP Frame: ENET0-RECV Size: Frame Type: IP Header: IP Version Header Length Type of Service Total Length Identification Flags Fragment Offset Time to Live Protocol Header Checksum Source IP Destination IP TCP Header: Source Port Destination Port Sequence Number Ack Number...
  • Page 360: Wan Dhcp

    P-335 Series User’s Guide Figure 218 Menu 24.4 System Maintenance : Diagnostic Menu 24.4 - System Maintenance - Diagnostic 36.4.1 WAN DHCP DHCP functionality can be enabled on the LAN or WAN as shown in LAN & WAN DHCP. LAN DHCP has already been discussed. The Prestige can act either as a WAN DHCP client (IP Address Assignment field in menu 4 or menu 11.3 is Dynamic and the Encapsulation field in menu 4 or menu 11 is Ethernet) or None, (when you have a static IP).
  • Page 361 Table 144 System Maintenance Menu Diagnostic FIELD WAN DHCP Renewal Internet Setup Test Reboot System Host IP Address= Enter the number of the selection you would like to perform or press [ESC] to cancel. Chapter 36 System Information and Diagnosis DESCRIPTION Enter 3 to renew your WAN DHCP settings.
  • Page 362 P-335 Series User’s Guide Chapter 36 System Information and Diagnosis...
  • Page 363: Firmware And Configuration File Maintenance

    Firmware and Configuration File This chapter tells you how to backup and restore your configuration file as well as upload new firmware and configuration files. 37.1 Filename Conventions The configuration file (often called the romfile or rom-0) contains the factory default settings in the menus such as password, DHCP Setup, TCP/IP Setup, etc.
  • Page 364: Backup Configuration

    P-335 Series User’s Guide The following table is a summary. Please note that the internal filename refers to the filename on the Prestige and the external filename refers to the filename not on the Prestige, that is, on your computer, local network or FTP site and so the name (but not the extension) may vary. After uploading new firmware, see the ZyNOS F/W Version field in Menu 24.2.1 –...
  • Page 365: Using The Ftp Command From The Command Line

    Figure 220 Telnet in Menu 24.5 Menu 24.5 - System Maintenance - Backup Configuration To transfer the configuration file to your workstation, follow the procedure below: 1. Launch the FTP client on your workstation. 2. Type "open" and the IP address of your Prestige. Then type "root" and SMT password as requested.
  • Page 366: Example Of Ftp Commands From The Command Line

    P-335 Series User’s Guide 37.2.3 Example of FTP Commands from the Command Line Figure 221 FTP Session Example 331 Enter PASS command Password: 230 Logged in ftp> bin 200 Type I OK ftp> get rom-0 zyxel.rom 200 Port command okay 150 Opening data connection for STOR ras 226 File received OK ftp: 16384 bytes sent in 1.10Seconds 297.89Kbytes/sec.
  • Page 367: Backup Configuration Using Tftp

    37.2.6 Backup Configuration Using TFTP The Prestige supports the up/downloading of the firmware and the configuration file using TFTP (Trivial File Transfer Protocol) over LAN. Although TFTP should work over WAN as well, it is not recommended. To use TFTP, your computer must have both telnet and TFTP clients. To backup the configuration file, follow the procedure shown next.
  • Page 368: Gui-Based Tftp Clients

    P-335 Series User’s Guide 37.2.8 GUI-based TFTP Clients The following table describes some of the fields that you may see in GUI-based TFTP clients. Table 147 General Commands for GUI-based TFTP Clients COMMAND DESCRIPTION Host Enter the IP address of the Prestige. 192.168.1.1 is the Prestige’s default IP address when shipped.
  • Page 369: Figure 222 Telnet Into Menu 24.6

    Figure 222 Telnet into Menu 24.6. Menu 24.6 -- System Maintenance - Restore Configuration To transfer the firmware and configuration file to your workstation, follow the procedure below: 1. Launch the FTP client on your workstation. 2. Type "open" and the IP address of your Prestige. Then type "root" and SMT password as requested.
  • Page 370: Restore Using Ftp Session Example

    P-335 Series User’s Guide 37.3.2 Restore Using FTP Session Example Figure 223 Restore Using FTP Session Example ftp> put config.rom rom-0 200 Port command okay 150 Opening data connection for STOR rom-0 226 File received OK 221 Goodbye for writing flash ftp: 16384 bytes sent in 0.06Seconds 273.07Kbytes/sec.
  • Page 371: Configuration File Upload

    Figure 224 Telnet Into Menu 24.7.1 Upload System Firmware Menu 24.7.1 - System Maintenance - Upload System Firmware To upload the system firmware, follow the procedure below: 1. Launch the FTP client on your workstation. 2. Type "open" and the IP address of your system. Then type "root" and SMT password as requested.
  • Page 372: Ftp Session Example Of Firmware File Upload

    P-335 Series User’s Guide 4 Enter your password as requested (the default is “1234”). 5 Enter “bin” to set transfer mode to binary. 6 Use “put” to transfer files from the computer to the Prestige, for example, “put firmware.bin ras” transfers the firmware on your computer (firmware.bin) to the Prestige and renames it “ras”.
  • Page 373: Tftp Upload Command Example

    3 Enter the command “sys stdio 0” to disable the console timeout, so the TFTP transfer will not be interrupted. Enter “command sys stdio 5” to restore the five-minute console timeout (default) when the file transfer is complete. 4 Launch the TFTP client on your computer and connect to the Prestige. Set the transfer mode to binary before starting data transfer.
  • Page 374 P-335 Series User’s Guide Chapter 37 Firmware and Configuration File Maintenance...
  • Page 375: Chapter 38 System Maintenance

    This chapter leads you through SMT menus 24.8 to 24.10. 38.1 Command Interpreter Mode The Command Interpreter (CI) is a part of the main system firmware. The CI provides much of the same functionality as the SMT, while adding some low-level setup and diagnostic functions.
  • Page 376: Command Usage

    A list of commands can be found by typing help or ? at the command prompt. Always type the full command. Type exit to return to the SMT main menu when finished. Figure 228 Valid Commands Copyright (c) 1994 - 2005 ZyXEL Communications Corp. P-335/P-335WT> ? Valid commands are: exit...
  • Page 377: Call History

    Figure 230 Budget Management Remote Node 1.MyISP The total budget is the time limit on the accumulated time for outgoing calls to a remote node. When this limit is reached, the call will be dropped and further outgoing calls to that remote node will be blocked.
  • Page 378: Time And Date Setting

    P-335 Series User’s Guide Figure 231 Menu 24.9.2 - Call History Phone Number The following table describes the fields in this menu. Table 149 Call History Fields FIELD DESCRIPTION Phone Number The PPPoE service names are shown here. This shows whether the call was incoming or outgoing. Rate This is the transfer rate of the call.
  • Page 379: Figure 232 Menu 24: System Maintenance

    Figure 232 Menu 24: System Maintenance Menu 24 - System Maintenance 10. Time and Date Setting 11. Remote Management Setup Enter Menu Selection Number: Enter 10 to go to Menu 24.10 - System Maintenance - Time and Date Setting to update the time and date settings of your Prestige as shown in the following screen.
  • Page 380: Figure 233 Menu 24.10 System Maintenance: Time And Date Setting

    P-335 Series User’s Guide Figure 233 Menu 24.10 System Maintenance: Time and Date Setting Menu 24.10 - System Maintenance - Time and Date Setting Time Protocol= NTP (RFC-1305) Time Server Address= time-b.nist.gov Current Time: New Time (hh:mm:ss): Current Date: New Date (yyyy-mm-dd): Time Zone= GMT Daylight Saving= No Start Date (mm-dd):...
  • Page 381: Resetting The Time

    Table 150 Time and Date Setting Fields FIELD DESCRIPTION End Date Enter the month and day that your daylight-savings time ends on if you selected Yes in the Daylight Saving field. Once you have filled in this menu, press [ENTER] at the message “Press ENTER to Confirm or ESC to Cancel“...
  • Page 382 P-335 Series User’s Guide Chapter 38 System Maintenance...
  • Page 383: Chapter 39 Remote Management

    39.1 Remote Management Remote management allows you to determine which services/protocols can access which Prestige interface (if any) from which computers. You may manage your Prestige from a remote location via: • Internet (WAN only) • LAN only To disable remote management of a service, select Disable in the corresponding Server Access field.
  • Page 384: Remote Management Limitations

    P-335 Series User’s Guide Figure 234 Menu 24.11 – Remote Management Control Menu 24.11 - Remote Management Control TELNET Server: FTP Server: Web Server: SNMP Service: DNS Service: The following table describes the fields in this screen. Table 151 Menu 24.11 – Remote Management Control FIELD DESCRIPTION Telnet Server...
  • Page 385 3 The IP address in the Secure Client IP field (menu 24.11) does not match the client IP address. If it does not match, the Prestige will disconnect the session immediately. 4 There is an SMT console session running. 5 There is already another remote management session with an equal or higher priority running.
  • Page 386 P-335 Series User’s Guide Chapter 39 Remote Management...
  • Page 387: Chapter 40 Call Scheduling

    Call scheduling (applicable for PPPoA or PPPoE encapsulation only) allows you to dictate when a remote node should be called and for how long. 40.1 Introduction to Call Scheduling The call scheduling feature allows the Prestige to manage a remote node and dictate when a remote node should be called and for how long.
  • Page 388: Figure 236 Menu 26.1 Schedule Set Setup

    P-335 Series User’s Guide You can design up to 12 schedule sets but you can only apply up to four schedule sets for a remote node. To setup a schedule set, select the schedule set you want to setup from menu 26 (1-12) and press [ENTER] to see Menu 26.1 —...
  • Page 389: Figure 237 Applying Schedule Set(S) To A Remote Node (Pppoe)

    Table 152 Menu 26.1 Schedule Set Setup FIELD DESCRIPTION Start Time Enter the start time when you wish the schedule set to take effect in hour-minute format. Duration Enter the maximum length of time this connection is allowed in hour-minute format. Action Forced On means that the connection is maintained whether or not there is a demand call on the line and will persist for the time period specified in the Duration field.
  • Page 390 P-335 Series User’s Guide Chapter 40 Call Scheduling...
  • Page 391: Chapter 41 Troubleshooting

    This chapter covers potential problems and the corresponding remedies. 41.1 Problems Starting Up the Prestige Table 153 Troubleshooting Starting Up Your Prestige PROBLEM CORRECTIVE ACTION None of the Make sure that the Prestige’s power adaptor is connected to the Prestige and plugged LEDs turn on in to an appropriate power source.
  • Page 392: Problems With The Wan

    P-335 Series User’s Guide 41.3 Problems with the WAN Table 155 Troubleshooting the WAN PROBLEM CORRECTIVE ACTION The WAN LED is Check the connections between the Prestige WAN port and the cable/DSL modem off. or ethernet jack. Check whether your cable/DSL device requires a crossover or straight-through cable.
  • Page 393: Problems Accessing The Prestige

    41.4 Problems Accessing the Prestige Table 156 Troubleshooting Accessing the Prestige PROBLEM CORRECTIVE ACTION I cannot The username is “admin”. The default password is “1234”. The Password and access the Username fields are case-sensitive. Make sure that you enter the correct password Prestige.
  • Page 394: Problems With The Password

    P-335 Series User’s Guide Table 157 Troubleshooting Restricted Web Pages and Keyword Blocking PROBLEM CORRECTIVE ACTION Parental Restart the device to clear the cache. Control is The content filter server may be unavailable. The View Logs screen can display configured content filtering log messages.
  • Page 395: Internet Explorer Pop-Up Blockers

    • Java permissions (enabled by default). Note: Internet Explorer 6 screens are used here. Screens for other Internet Explorer versions may vary. 41.5.1.1 Internet Explorer Pop-up Blockers You may have to disable pop-up blocking to log into your device. Either disable pop-up blocking (enabled by default in Windows XP SP (Service Pack) 2) or allow pop-up blocking and create an exception for your device’s IP address.
  • Page 396: Figure 239 Internet Options

    P-335 Series User’s Guide Figure 239 Internet Options 3 Click Apply to save this setting. 41.5.1.1.2 Enable pop-up Blockers with Exceptions Alternatively, if you only want to allow pop-up windows from your device, see the following steps. 1 In Internet Explorer, select Tools, Internet Options and then the Privacy tab. 2 Select Settings…to open the Pop-up Blocker Settings screen.
  • Page 397: Figure 240 Internet Options

    Figure 240 Internet Options 3 Type the IP address of your device (the web page that you do not want to have blocked) with the prefix “http://”. For example, http://192.168.1.1. 4 Click Add to move the IP address to the list of Allowed sites. Note: If you change the IP address of your device, make sure that the new address matches the address you type in the Pop-up Blocker Settings screen.
  • Page 398: Javascripts

    P-335 Series User’s Guide Figure 241 Pop-up Blocker Settings 5 Click Close to return to the Privacy screen. 6 Click Apply to save this setting. 41.5.1.2 JavaScripts If pages of the web configurator do not display properly in Internet Explorer, check that JavaScripts are allowed.
  • Page 399: Figure 242 Internet Options

    P-335 Series User’s Guide Figure 242 Internet Options 2 Click the Custom Level... button. 3 Scroll down to Scripting. 4 Under Active scripting make sure that Enable is selected (the default). 5 Under Scripting of Java applets make sure that Enable is selected (the default). 6 Click OK to close the window.
  • Page 400: Java Permissions

    P-335 Series User’s Guide Figure 243 Security Settings - Java Scripting 41.5.1.3 Java Permissions 1 From Internet Explorer, click Tools, Internet Options and then the Security tab. 2 Click the Custom Level... button. 3 Scroll down to Microsoft VM. 4 Under Java permissions make sure that a safety level is selected. 5 Click OK to close the window.
  • Page 401: Figure 244 Security Settings - Java

    Figure 244 Security Settings - Java 41.5.1.3.1 JAVA (Sun) 1 From Internet Explorer, click Tools, Internet Options and then the Advanced tab. 2 Make sure that Use Java 2 for <applet> under Java (Sun) is selected. 3 Click OK to close the window. Chapter 41 Troubleshooting P-335 Series User’s Guide...
  • Page 402: Activex Controls In Internet Explorer

    P-335 Series User’s Guide Figure 245 Java (Sun) 41.5.2 ActiveX Controls in Internet Explorer If ActiveX is disabled, you will not be able to download ActiveX controls or to use Trend Micro Security Serivces. Make sure that ActiveX controls are allowed in Internet Explorer. Screen shots for Internet Explorer 6 are shown.
  • Page 403: Figure 246 Internet Options Security

    P-335 Series User’s Guide Figure 246 Internet Options Security 3 Scroll down to ActiveX controls and plug-ins. 4 Under Download signed ActiveX controls select the Prompt radio button. 5 Under Run ActiveX controls and plug-ins make sure the Enable radio button is selected.
  • Page 404: Figure 247 Security Setting Activex Controls

    P-335 Series User’s Guide Figure 247 Security Setting ActiveX Controls Chapter 41 Troubleshooting...
  • Page 405: Appendix A Product Specifications

    255.255.255.0 (24 bits) 1234 192.168.1.32 to 192.168.1.64 P-335: (150 W) x (190 D) x (22 H) mm P-335WT: (190 W) x (133 D) x (32 H) mm P-335: 381g P-335WT: 424g 12VDC 1A Four auto-negotiating, auto MDI/MDI-X 10/100 Mbps RJ-45 Ethernet ports 0º...
  • Page 406 P-335 Series User’s Guide Table 161 Firmware (continued) Management Wireless (P-335WT only) Firewall NAT/SUA Trend Micro Security Service Content Filtering Static Routes Other Features Embedded Web Configurator Menu-driven SMT (System Management Terminal) management CLI (Command Line Interpreter) Remote Management via Telnet or Web SNMP manageable FTP for firmware downloading, configuration backup and restoration.
  • Page 407: Pppoe In Action

    PPPoE in Action An ADSL modem bridges a PPP session over Ethernet (PPP over Ethernet, RFC 2516) from your computer to an ATM PVC (Permanent Virtual Circuit) which connects to a DSL Access Concentrator where the PPP session terminates (see the next figure). One PVC can support any number of PPP sessions from your LAN.
  • Page 408: How Pppoe Works

    P-335 Series User’s Guide Figure 248 Single-Computer per Router Hardware Configuration How PPPoE Works The PPPoE driver makes the Ethernet appear as a serial link to the computer and the computer runs PPP over it, while the modem bridges the Ethernet frames to the Access Concentrator (AC).
  • Page 409: What Is Pptp

    What is PPTP? PPTP (Point-to-Point Tunneling Protocol) is a Microsoft proprietary protocol (RFC 2637 for PPTP is informational only) to tunnel PPP frames. How can we transport PPP frames from a computer to a broadband modem over Ethernet? A solution is to build PPTP into the ANT (ADSL Network Termination) where PPTP is used only over the short haul between the computer and the modem over Ethernet.
  • Page 410: Call Connection

    P-335 Series User’s Guide PPTP Protocol Overview PPTP is very similar to L2TP, since L2TP is based on both PPTP and L2F (Cisco’s Layer 2 Forwarding). Conceptually, there are three parties in PPTP, namely the PNS (PPTP Network Server), the PAC (PPTP Access Concentrator) and the PPTP user. The PNS is the box that hosts both the PPP and the PPTP stacks and forms one end of the PPTP tunnel.
  • Page 411: Ppp Data Connection

    Figure 252 Example Message Exchange between Computer and an ANT PPP Data Connection The PPP frames are tunneled between the PNS and PAC over GRE (General Routing Encapsulation, RFC 1701, 1702). The individual calls within a tunnel are distinguished using the Call ID field in the GRE header.
  • Page 412 P-335 Series User’s Guide Appendix C PPTP...
  • Page 413: Appendix D Print Server

    This appendix shows you how to set up a print server for the following operating systems: • Windows 95 • Windows 98 • Windows 98 SE (Second Edition) • Windows ME • Windows 2000 • Windows XP • Windows NT 4.0 •...
  • Page 414: Installation Requirements

    P-335 Series User’s Guide Installation Requirements To install the print server driver you will need the following requirements • Microsoft Windows 95, Windows 98 SE (Second Edition), Windows ME, Windows NT 4.0, Windows 2000, Windows XP or Macintosh OS X •...
  • Page 415: Figure 254 Network Print Server Setup Wizard : Welcome

    P-335 Series User’s Guide Figure 254 Network Print Server Setup Wizard : Welcome 4 The Select A Print Server screen displays. The wizard automatically detects whether or not a print server is connected to your computer. Make sure that your Prestige is correctly connected and a compatible USB printer is connected to the Prestige.
  • Page 416: Figure 255 Network Print Server Setup Wizard : Select A Print Server

    P-335 Series User’s Guide Figure 255 Network Print Server Setup Wizard : Select A Print Server 5 The Change Settings screen displays. Select the Yes, I want to change settings radio button, type a password and click Next to change your print server settings. Alternatively select No, I don’t want to change settings and click Next to use the current print server settings and continue with the wizard.
  • Page 417: Figure 256 Network Print Server Setup Wizard : Change Settings

    P-335 Series User’s Guide Figure 256 Network Print Server Setup Wizard : Change Settings 6 Select the printer which is connected to the Prestige USB port. 7 Click Next to continue. Appendix D Print Server...
  • Page 418: Figure 257 Network Print Server Setup Wizard : Select A Printer

    P-335 Series User’s Guide Figure 257 Network Print Server Setup Wizard : Select A Printer 8 If your printer is not listed, you can use the pop-up help dialog box to guide you through the add printer process. After you have added a printer, the Select A Printer screen displays again.
  • Page 419: Figure 259 Network Print Server Setup Wizard : Summary

    P-335 Series User’s Guide Figure 259 Network Print Server Setup Wizard : Summary 10Click Finish to save and close your Network Print Server Setup Wizard. Your print server setup is complete. Figure 260 Network Print Server Setup Wizard : Installation Complete Appendix D Print Server...
  • Page 420: Figure 261

    P-335 Series User’s Guide Windows 95/98/ME/NT/2000/XP : Print Server Setup Wizard The following Setup Wizard for Windows 98/ME/NT/2000/XP uses a print server protocol called Line Printer Daemon (LPD). You must use this wizard if you want to set up your network print server on the following operating systems: •...
  • Page 421: Figure 262 Network Print Monitor Setup : Welcome

    Figure 262 Network Print Monitor Setup : Welcome 4 The Choose Destination Location screen displays. Choose a file location to install your print monitor and click Next to continue. Figure 263 Network Print Monitor Setup : Location 5 The Setup Complete screen displays. Click Finish to save your settings and close the wizard.
  • Page 422: Figure 264 Network Print Monitor Setup : Complete

    P-335 Series User’s Guide Figure 264 Network Print Monitor Setup : Complete Windows 2000/NT/XP : Computer Wizard Use the following wizard if you do not want to use the provided setup wizards.Windows 95, Windows 98, Windows 98 SE (Second Edition) and Windows ME have similar print server setups.
  • Page 423: Figure 266 Add Printer Wizard Welcome Screen

    Figure 266 Add Printer Wizard Welcome Screen 4 Select the Local printer radio button. 5 Click Next to continue. Figure 267 Local Printer Screen 6 Select the Create a new port radio button. 7 Choose Standard TCP/IP Port from the Type drop-down list box. 8 Click Next to continue.
  • Page 424: Figure 268 Select Printer Port Screen

    P-335 Series User’s Guide Figure 268 Select Printer Port Screen 9 Follow the on-screen instructions and click Next to continue. Figure 269 Add Standard TCP/IP Printer Port Screen 10 Type the IP Address of your Prestige. A default Port Name displays as you type the IP Address.
  • Page 425: Figure 270 Add Port Screen

    Figure 270 Add Port Screen 12 Select the Custom radio button and click the Settings… button. Fill in additional print server port information in the following screen. Figure 271 Additional Port Information Screen 13 Select the LPR radio button as the printing Protocol. 14 Type LP1 in the LPR Settings Queue Name field.
  • Page 426: Figure 272 Port Settings Screen

    P-335 Series User’s Guide Figure 272 Port Settings Screen 16 Make sure that your printer port settings are correct. Click the Finish button to complete printer TCP/IP and port set up and then return to the Add Printer Wizard. Figure 273 Add Standard TCP/IP Printer Port Complete 17 Select the make of the printer that you want to connect to the print server in the Manufacturers list of printers.
  • Page 427: Figure 274 Add Printer Screen

    Figure 274 Add Printer Screen 21 If the following screen displays, select Keep existing driver radio button if you already have a printer driver installed on your computer and you do not want to change it. 22 Click Next to continue. Figure 275 Use Existing Driver Screen 23 Type a name to identify the printer and then click Next to continue.
  • Page 428: Figure 276 Name Your Printer Screen

    P-335 Series User’s Guide Figure 276 Name Your Printer Screen 24 Select the Do not share this printer radio button. 25 Click Next to proceed to the following screen. Figure 277 Printer Sharing Screen 26 These fields are optional. Type where your printer is located in the Location field. Type additional information about the printer in the Comment field.
  • Page 429: Figure 278 Location And Comment Screen

    Figure 278 Location and Comment Screen 28 Select the Yes radio button and then click the Next button if you want to print a test page. A pop-up screen displays to ask if the test page printed correctly. Otherwise select the No radio button and then click Next to continue.
  • Page 430: Macintosh Os X

    P-335 Series User’s Guide Figure 280 Add Printer Wizard Complete Macintosh OS X Use the following steps to set up a print server on your Macintosh computer. 1 Click the Print Center icon continue. If the Print Center icon is not in the Macintosh Dock proceed to the next step. 2 On your desktop, double-click the Macintosh HD icon to open the Macintosh HD window.
  • Page 431: Figure 283 Applications Folder

    Figure 283 Applications Folder 5 Double-click the Print Center icon. Figure 284 Utilities Folder 6 Click the Add icon at the top of the screen. Figure 285 Printer List Folder 7 Set up your printer in the Printer List configuration screen. Select IP Printing from the drop-down list box.
  • Page 432: Figure 286 Printer Configuration

    P-335 Series User’s Guide Figure 286 Printer Configuration 12Click Add to select a printer model, save and close the Printer List configuration screen. Figure 287 Printer Model 13The Name “LP1 on 192.168.1.1” displays in the Printer List field. The default printer Name displays in bold type.
  • Page 433: Figure 288 Print Server

    P-335 Series User’s Guide Figure 288 Print Server 14Your Macintosh print server set up is complete. You can now use the Prestige’s print server to print from a Macintosh computer. Refer to the “Print Server” on page 249 information on your Prestige print server configuration screen. Appendix D Print Server...
  • Page 434 P-335 Series User’s Guide Appendix D Print Server...
  • Page 435: Print Server Specifications

    This appendix provides details on the print server interface and system requirements. Table 162 Print Server Interface PRINT SERVER INTERFACE Table 163 Print Server Requirements and Specifications PRINT SERVER REQUIREMENTS AND SPECIFICATIONS Network Operating System Support Network Protocol Support DHCP (client) Support Management a.
  • Page 436 P-335 Series User’s Guide Table 164 Compatible USB Printers BRAND MODEL i255 CANON i320 CANON i355 CANON i450 CANON i455 CANON i470D CANON i475D CANON i550 CANON i560 CANON i6100 CANON i6500 CANON i850 CANON i865 CANON i9100 CANON i950 CANON i9950 CANON...
  • Page 437 Table 164 Compatible USB Printers BRAND MODEL Stylus C40 EPSON Stylus C43UX EPSON Stylus C60 EPSON Stylus C63 EPSON Stylus C83 EPSON Stylus Color 1160 EPSON Stylus Color 670 EPSON Stylus Color 800 EPSON Stylus Color 810 EPSON Stylus Photo 915 EPSON Stylus Photo1270 EPSON...
  • Page 438 P-335 Series User’s Guide Table 164 Compatible USB Printers BRAND MODEL DeskJet 930C LaserJet 1200 LaserJet 1220 LaserJet 1300 LaserJet 2200 LaserJet 2200D LaserJet 3330 LaserJet 5000 LaserJet 5000LE Photosmart 7150 Photosmart 2610 LaserJet 1500L PSC 1315 DeskJet 3535 DeskJet 5550 DeskJet 5652 LaserJet 2300 LaserJet 2420...
  • Page 439 Table 164 Compatible USB Printers BRAND MODEL T420 LEXMARK T620 LEXMARK W812 LEXMARK LEXMARK LEXMARK LEXMARK LEXMARK Z705 LEXMARK E230 LEXMARK X6170 LEXMARK Z515 LEXMARK B4350 ML-1710 SAMSUNG ML-1750 SAMSUNG CLP-510 SAMSUNG SCX-4016 SAMSUNG AR-M160 SHARP AR-M205 SHARP Phaser 3310 XEROX DocuPrint 240A XEROX...
  • Page 440 P-335 Series User’s Guide Appendix E Print Server Specifications...
  • Page 441: Display Netbios Filter Settings

    The following describes the NetBIOS packet filter commands. Introduction NetBIOS (Network Basic Input/Output System) are TCP or UDP broadcast packets that enable a computer to connect to and communicate with a LAN. For some dial-up services such as PPPoE or PPTP, NetBIOS packets cause unwanted calls. You can configure NetBIOS filters to do the following : •...
  • Page 442: Netbios Filter Configuration

    P-335 Series User’s Guide The filter types and their default settings are as follows. Table 165 NetBIOS Filter Default Settings NAME DESCRIPTION This field displays whether NetBIOS packets are blocked or forwarded Between LAN between the LAN and the WAN. and WAN This field displays whether NetBIOS packets sent through a VPN IPSec...
  • Page 443: Appendix G Log Descriptions

    Configure centralized logs using the embedded web configurator; see online help for details. This appendix provides descriptions of example log messages. Table 166 System Error logs LOG MESSAGE %s exceeds the max. number of session per host! Table 167 System Maintenance Logs LOG MESSAGE Time calibration is successful...
  • Page 444: Table 168 Upnp Logs

    P-335 Series User’s Guide Table 168 UPnP Logs LOG MESSAGE UPnP pass through Firewall Table 169 ICMP Type and Code Explanations TYPE CODE DESCRIPTION UPnP packets can pass through the firewall. DESCRIPTION Echo Reply Echo reply message Destination Unreachable Net unreachable Host unreachable Protocol unreachable Port unreachable...
  • Page 445: Setting Up Your Computer's Ip Address

    Setting up Your Computer’s IP Address All computers must have a 10M or 100M Ethernet adapter card and TCP/IP installed. Windows 95/98/Me/NT/2000/XP, Macintosh OS 7 and later operating systems and all versions of UNIX/LINUX include the software components you need to install and use TCP/ IP on your computer.
  • Page 446: Installing Components

    P-335 Series User’s Guide Figure 289 WIndows 95/98/Me: Network: Configuration Installing Components The Network window Configuration tab displays a list of installed components. You need a network adapter, the TCP/IP protocol and Client for Microsoft Networks. If you need the adapter: 1 In the Network window, click Add.
  • Page 447: Figure 290 Windows 95/98/Me: Tcp/Ip Properties: Ip Address

    3 Select Microsoft from the list of manufacturers. 4 Select Client for Microsoft Networks from the list of network clients and then click 5 Restart your computer so the changes you made take effect. Configuring 1 In the Network window Configuration tab, select your network adapter's TCP/IP entry and click Properties 2 Click the IP Address tab.
  • Page 448: Verifying Settings

    P-335 Series User’s Guide Figure 291 Windows 95/98/Me: TCP/IP Properties: DNS Configuration 4 Click the Gateway tab. • • 5 Click OK to save and close the TCP/IP Properties window. 6 Click OK to close the Network window. Insert the Windows CD if prompted. 7 Turn on your Prestige and restart your computer when prompted.
  • Page 449: Figure 292 Windows Xp: Start Menu

    Figure 292 Windows XP: Start Menu 2 For Windows XP, click Network Connections. For Windows 2000/NT, click Network and Dial-up Connections. Figure 293 Windows XP: Control Panel 3 Right-click Local Area Connection and then click Properties. Appendix H Setting up Your Computer’s IP Address P-335 Series User’s Guide...
  • Page 450: Figure 294 Windows Xp: Control Panel: Network Connections: Properties

    P-335 Series User’s Guide Figure 294 Windows XP: Control Panel: Network Connections: Properties 4 Select Internet Protocol (TCP/IP) (under the General tab in Win XP) and click Properties. Figure 295 Windows XP: Local Area Connection Properties 5 The Internet Protocol TCP/IP Properties window opens (the General tab in Windows XP).
  • Page 451: Figure 296 Windows Xp: Advanced Tcp/Ip Settings

    • Figure 296 Windows XP: Advanced TCP/IP Settings 6 If you do not know your gateway's IP address, remove any previously installed gateways in the IP Settings tab and click OK. Do one or more of the following if you want to configure additional IP addresses: •...
  • Page 452: Figure 297 Windows Xp: Internet Protocol (Tcp/Ip) Properties

    P-335 Series User’s Guide 7 In the Internet Protocol TCP/IP Properties window (the General tab in Windows XP): • • Figure 297 Windows XP: Internet Protocol (TCP/IP) Properties 8 Click OK to close the Internet Protocol (TCP/IP) Properties window. 9 Click OK to close the Local Area Connection Properties window. 10Turn on your Prestige and restart your computer (if prompted).
  • Page 453: Figure 298 Macintosh Os 8/9: Apple Menu

    Macintosh OS 8/9 1 Click the Apple menu, Control Panel and double-click TCP/IP to open the TCP/IP Control Panel. Figure 298 Macintosh OS 8/9: Apple Menu 2 Select Ethernet built-in from the Connect via list. Appendix H Setting up Your Computer’s IP Address P-335 Series User’s Guide...
  • Page 454: Figure 299 Macintosh Os 8/9: Tcp/Ip

    P-335 Series User’s Guide Figure 299 Macintosh OS 8/9: TCP/IP 3 For dynamically assigned settings, select Using DHCP Server from the Configure: list. 4 For statically assigned settings, do the following: • • • • 5 Close the TCP/IP Control Panel. 6 Click Save if prompted, to save changes to your configuration.
  • Page 455: Figure 301 Macintosh Os X: Network

    • • 3 For dynamically assigned settings, select Using DHCP from the Configure list. Figure 301 Macintosh OS X: Network 4 For statically assigned settings, do the following: • • • • 5 Click Apply Now and close the window. 6 Turn on your Prestige and restart your computer (if prompted).
  • Page 456 P-335 Series User’s Guide Appendix H Setting up Your Computer’s IP Address...
  • Page 457: Wireless Lan Topologies

    Wireless LAN Topologies This section discusses ad-hoc and infrastructure wireless LAN topologies. Ad-hoc Wireless LAN Configuration The simplest WLAN configuration is an independent (Ad-hoc) WLAN that connects a set of computers with wireless stations (A, B, C). Any time two or more wireless adapters are within range of each other, they can set up an independent network, which is commonly referred to as an Ad-hoc network or Independent Basic Service Set (IBSS).
  • Page 458: Figure 303 Basic Service Set

    P-335 Series User’s Guide Figure 303 Basic Service Set An Extended Service Set (ESS) consists of a series of overlapping BSSs, each containing an access point, with each access point connected together by a wired network. This wired connection between APs is called a Distribution System (DS). This type of wireless LAN topology is called an Infrastructure WLAN.
  • Page 459: Figure 304 Infrastructure Wlan

    Figure 304 Infrastructure WLAN Channel A channel is the radio frequency(ies) used by IEEE 802.11a/b/g wireless devices. Channels available depend on your geographical area. You may have a choice of channels (for your region) so you should use a different channel than an adjacent AP (access point) to reduce interference.
  • Page 460: Fragmentation Threshold

    P-335 Series User’s Guide Figure 305 RTS/CTS When station A sends data to the AP, it might not know that the station B is already using the channel. If these two stations send data at the same time, collisions may occur when both sets of data arrive at the AP at the same time, resulting in a loss of messages for both stations.
  • Page 461: Preamble Type

    A large Fragmentation Threshold is recommended for networks not prone to interference while you should set a smaller threshold for busy networks or networks that are prone to interference. If the Fragmentation Threshold value is smaller than the RTS/CTS value (see previously) you set then the RTS (Request To Send)/CTS (Clear to Send) handshake will never occur as data frames will be fragmented before they reach RTS/CTS size.
  • Page 462: Types Of Radius Messages

    P-335 Series User’s Guide IEEE 802.1x In June 2001, the IEEE 802.1x standard was designed to extend the features of IEEE 802.11 to support extended authentication as well as providing additional accounting and control features. It is supported by Windows XP and a number of network devices. Some advantages of IEEE 802.1x are: •...
  • Page 463: Figure 306 Eap Authentication

    • Access-Challenge Sent by a RADIUS server requesting more information in order to allow access. The access point sends a proper response from the user and then sends another Access- Request message. The following types of RADIUS messages are exchanged between the access point and the RADIUS server for user accounting: •...
  • Page 464: Types Of Authentication

    P-335 Series User’s Guide 3 The wireless station replies with identity information, including username and password. The RADIUS server checks the user information against its user profile database and determines whether or not to authenticate the wireless station. Types of Authentication This appendix discusses some popular authentication types: EAP-MD5, EAP-TLS, EAP- TTLS, PEAP and LEAP.
  • Page 465: Figure 307 Wep Authentication Steps

    PEAP (Protected EAP) Like EAP-TTLS, server-side certificate authentication is used to establish a secure connection, then use simple username and password methods through the secured connection to authenticate the clients, thus hiding client identity. However, PEAP only supports EAP methods, such as EAP-MD5, EAP-MSCHAPv2 and EAP-GTC (EAP-Generic Token Card), for client authentication.
  • Page 466: Dynamic Wep Key Exchange

    P-335 Series User’s Guide Shared key authentication involves a four-message procedure. A wireless station sends a shared key authentication request to the AP, which will then reply with a challenge text message. The wireless station must then use the AP’s default WEP key to encrypt the challenge text and return it to the AP, which attempts to decrypt the message using the AP’s default WEP key.
  • Page 467 Key differences between WPA(2) and WEP are improved data encryption and user authentication. Encryption Both WPA and WPA2 improve data encryption by using Temporal Key Integrity Protocol (TKIP), Message Integrity Check (MIC) and IEEE 802.1x. In addition to TKIP, WPA2 also uses Advanced Encryption Standard (AES) in the Counter mode with Cipher block chaining Message authentication code Protocol (CCMP) to offer stronger encryption.
  • Page 468: Security Parameters Summary

    P-335 Series User’s Guide Security Parameters Summary Refer to this table to see what other security parameters you should configure for each Authentication Method/ key management protocol type. MAC address filters are not dependent on how you configure these security features. Table 172 Wireless Security Relational Matrix AUTHENTICATION METHOD/ KEY...
  • Page 469: Requirements For Roaming

    Figure 308 Roaming Example The steps below describe the roaming process. 1 As wireless station Y moves from the coverage area of access point P1 to that of access point 2 P2, it scans and uses the signal of access point P2. 3 Access point P2 acknowledges the presence of wireless station Y and relays this information to access point P1 through the wired LAN.
  • Page 470 P-335 Series User’s Guide Appendix I Wireless LANs...
  • Page 471: Antenna Selection And Positioning Recommendation

    Antenna Selection and Positioning An antenna couples RF signals onto air. A transmitter within a wireless device sends an RF signal to the antenna, which propagates the signal through the air. The antenna also operates in reverse by capturing RF signals from the air. Choosing the right antennas and positioning them properly increases the range and coverage area of a wireless LAN.
  • Page 472: Positioning Antennas

    P-335 Series User’s Guide • Omni-directional antennas send the RF signal out in all directions on a horizontal plane. The coverage area is torus-shaped (like a donut) which makes these antennas ideal for a room environment. With a wide coverage area, it is possible to make circular overlapping coverage areas with multiple access points.
  • Page 473: Brute-Force Password Guessing Protection

    Brute-Force Password Guessing The following describes the commands for enabling, disabling and configuring the brute-force password guessing protection mechanism for the password. Table 173 Brute-Force Password Guessing Protection Commands COMMAND DESCRIPTION sys pwderrtm This command displays the brute-force guessing password protection settings. sys pwderrtm 0 This command turns off the password’s protection from brute-force guessing.
  • Page 474 P-335 Series User’s Guide Appendix K Brute-Force Password Guessing Protection...
  • Page 475: Figure 309 Ideal Setup

    The Ideal Setup When the firewall is on, your Prestige acts as a secure gateway between your LAN and the Internet. In an ideal network topology, all incoming and outgoing network traffic passes through the Prestige to protect your LAN against attacks. Figure 309 Ideal Setup The “Triangle Route”...
  • Page 476: Figure 310 "Triangle Route" Problem

    P-335 Series User’s Guide Figure 310 “Triangle Route” Problem The “Triangle Route” Solutions This section presents you two solutions to the “triangle route” problem. IP Aliasing IP alias allows you to partition your network into logical sections over the same Ethernet interface.
  • Page 477: Figure 311 Ip Alias

    Figure 311 IP Alias Gateways on the WAN Side A second solution to the “triangle route” problem is to put all of your network gateways on the WAN side as the following figure shows. This ensures that all incoming network traffic passes through your Prestige to your LAN.
  • Page 478 P-335 Series User’s Guide Appendix L Triangle Route...
  • Page 479 Numerics 110V AC 230V AC 802.1x Abnormal Working Conditions Accessories Active ActiveX 153, 199 Acts of God Address Resolution Protocol (ARP) Airflow Allocated Budget American Wire Gauge Antenna Directional Omni-directional Antenna gain Any IP summary table AP (access point) AT command Authen Authentication Authentication Protocol...
  • Page 480 P-335 Series User’s Guide Contact Information Contacting Customer Support Content Filtering Days and Times Restrict Web Features Cookies 153, 199 Copyright Correcting Interference Corrosive Liquids Cost Of Transmission Covers CTS (Clear to Send) Customer Support Damage Dampness Danger Dealer Default Defective Denial of Service Denmark, Contact Information...
  • Page 481 Gas Pipes Gateway Gateway IP Addr Gateway IP Address General Setup General wireless LAN screen Germany, Contact Information Global God, act of Harmful Interference Hidden Menus Hidden node High Voltage Points Hop Count Host HTTP 139, 322 IBSS Idle Timeout IEEE 802.11g 43, 460 IEEE 802.11i...
  • Page 482 P-335 Series User’s Guide My Password 279, 285 My Server IP Addr Nailed-Up Connection Nailed-up Connection 138, 139, 289, 343 Applying NAT in the SMT Menus Configuring Definitions Examples How NAT Works Mapping Types Non NAT Friendly Application Programs Ordering Rules Server Sets What NAT does Navigation Panel...
  • Page 483 Registered Registered Trademark Regular Mail Related Documentation Relocate Rem Node Name Re-manufactured Remote Management Firewall Remote Management and NAT Remote Management Limitations 218, 383 Remote Node Filter Removing Reorient Repair 4, 5 Replace Replacement Reproduction Required fields Resetting the Time Restore 5, 256 Restore Configuration...
  • Page 484 P-335 Series User’s Guide System Maintenance 249, 350, 352, 359, 363, 366, 371, 374, 375, 376, 379 System Name System Timeout Tampering TCP/IP 126, 336, 337, 343 TCP/IP filter rule Telecommunication Line Cord. Telephone Television Interference Television Reception Telnet TFTP File Transfer TFTP Restrictions 218, 365, 383 Thunderstorm...
  • Page 485 Written Permission www.dyndns.org ZyNOS 2, 352, 363 ZyNOS F/W Version 352, 363 ZyXEL Communications Corporation ZyXEL Home Page ZyXEL Limited Warranty Note ZyXEL Network Operating System Index P-335 Series User’s Guide...

This manual is also suitable for:

P-335

Table of Contents