ZyXEL Communications PRESTIGE 335 User Manual
  1. Manuals
  2. Brands
  3. ZyXEL Communications Manuals
  4. Network Router
  5. PRESTIGE 335
  6. User manual
ZyXEL Communications PRESTIGE 335 User Manual

ZyXEL Communications PRESTIGE 335 User Manual

Firewall router with print server, 802.11g wireless firewall router with print server
Hide thumbs
1
2
3
4
5
6
7
8
Table Of Contents
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
Table of Contents

Advertisement

Quick Links

Download this manual
P-335
Firewall Router with Print Server
P-335WT
802.11g Wireless Firewall Router with Print Server
User's Guide
Version 3.60
12/2004

Advertisement

Table of Contents
loading
Need help?

Need help?

Do you have a question about the PRESTIGE 335 and is the answer not in the manual?

Questions and answers

Related Manuals for ZyXEL Communications PRESTIGE 335

Summary of Contents for ZyXEL Communications PRESTIGE 335

  • Page 1 P-335 Firewall Router with Print Server P-335WT 802.11g Wireless Firewall Router with Print Server User’s Guide Version 3.60 12/2004...

  • Page 3: Copyright

    Published by ZyXEL Communications Corporation. All rights reserved. Disclaimer ZyXEL does not assume any liability arising out of the application or use of any products, or software described herein. Neither does it convey any license under its patent rights nor the patent rights of others.

  • Page 4: Federal Communications Commission (Fcc) Interference Statement

    Certifications Go to www.zyxel.com 1 Select your product from the drop-down list box on the ZyXEL home page to go to that product's page. 2 Select the certification you wish to view from this page Federal Communications Commission (FCC) Interference Statement...
  • Page 5 P-335 Series User’s Guide Federal Communications Commission (FCC) Interference Statement...

  • Page 6: Safety Warnings

    Any replacement will consist of a new or re-manufactured functionally equivalent product of equal value, and will be solely at the discretion of ZyXEL. This warranty shall not apply if the product is modified, misused, tampered with, damaged by an act of God, or subjected to abnormal working conditions.

  • Page 7: Customer Support

    • Brief description of the problem and the steps you took to solve it. METHOD SUPPORT E-MAIL TELEPHONE WEB SITE REGULAR MAIL SALES E-MAIL FTP SITE LOCATION support@zyxel.com.tw +886-3-578-3942 www.zyxel.com ZyXEL Communications Corp. www.europe.zyxel.com 6 Innovation Road II WORLDWIDE Science Park sales@zyxel.com.tw +886-3-578-2439 ftp.zyxel.com Hsinchu 300 ftp.europe.zyxel.com Taiwan support@zyxel.com...
  • Page 8 P-335 Series User’s Guide a. “+” is the (prefix) number you enter to make an international telephone call. Customer Support...

  • Page 9: Table Of Contents

    P-335 Series User’s Guide Table of Contents Copyright ........................3 Federal Communications Commission (FCC) Interference Statement ....4 ZyXEL Limited Warranty..................6 Customer Support....................7 Preface ........................37 Chapter 1 Getting to Know Your Prestige ................41 1.1 Prestige Internet Security Gateway Overview ............41 1.2 Prestige Features ....................41...
  • Page 10 P-335 Series User’s Guide 1.2.2.15 PPPoE ...................44 1.2.2.16 PPTP Encapsulation ..............45 1.2.2.17 Dynamic DNS Support ..............45 1.2.2.18 IP Multicast ..................45 1.2.2.19 IP Alias ..................45 1.2.2.20 SNMP ....................45 1.2.2.21 Network Address Translation (NAT) ..........45 1.2.2.22 Traffic Redirect ................45 1.2.2.23 Port Forwarding ................46 1.2.2.24 DHCP (Dynamic Host Configuration Protocol) ......46 1.2.2.25 Any IP ....................46 1.2.2.26 Full Network Management ............46...
  • Page 11 P-335 Series User’s Guide 3.5.1 Ethernet ....................63 3.5.2 PPPoE Encapsulation ................64 3.5.3 PPTP Encapsulation .................65 3.6 Wizard Setup : WAN ..................67 3.6.1 WAN IP Address Assignment ..............67 3.6.2 IP Address and Subnet Mask ..............67 3.6.3 DNS Server Address Assignment .............68 3.6.4 WAN MAC Address ..................68 3.7 Wizard Setup : Complete ...................71 Chapter 4...
  • Page 12 P-335 Series User’s Guide 6.7 Configuring IP Alias ....................92 Chapter 7 Wireless Configuration and Roaming ..............95 7.1 Wireless LAN Overview ..................95 7.1.1 IBSS ......................95 7.1.2 BSS ......................95 7.1.3 ESS ......................96 7.2 Wireless LAN Basics ..................97 7.2.1 RTS/CTS ....................97 7.2.2 Fragmentation Threshold ................98 7.3 Configuring Wireless ..................99 7.4 Configuring Roaming ..................101 7.4.1 Requirements for Roaming ..............102...
  • Page 13 P-335 Series User’s Guide 8.15 MAC Filter ......................131 8.16 One-Touch Intelligent Security Technology ............133 8.17 Prestige OTIST Configuration ................133 8.17.1 OTIST button ..................133 8.17.2 Web Configurator ..................133 8.18 Wireless Client OTIST Configuration .............135 8.18.1 Manual ....................135 8.18.2 Automatic ....................136 Chapter 9 WAN Screens......................
  • Page 14 12.1.1 How Do I Know If I'm Using UPnP? ............171 12.1.2 NAT Traversal ..................171 12.1.3 Cautions with UPnP ................171 12.2 UPnP and ZyXEL ...................172 12.3 Configuring UPnP ..................172 12.4 Installing UPnP in Windows Example ............173 12.4.1 Installing UPnP in Windows Me ............174 12.4.2 Installing UPnP in Windows XP ............175...
  • Page 15 P-335 Series User’s Guide 14.3.1 LAN-to-WAN rules ................194 14.3.2 WAN-to-LAN rules ................195 14.4 Services ......................195 Chapter 15 Content Filtering ....................199 15.1 Introduction to Content Filtering ..............199 15.2 Restrict Web Features ...................199 15.3 Days and Times .....................199 15.4 Configure Content Filtering ................199 15.5 Customizing Keyword Blocking URL Checking ..........202 15.5.1 Domain Name or IP Address URL Checking ........202 15.5.2 Full Path URL Checking ...............202...
  • Page 16 P-335 Series User’s Guide 17.2 IPSec Architecture ..................218 17.2.1 IPSec Algorithms ..................219 17.2.2 Key Management ..................219 17.3 Encapsulation ....................219 17.3.1 Transport Mode ..................220 17.3.2 Tunnel Mode ..................220 17.4 IPSec and NAT ....................220 Chapter 18 VPN Screens....................... 223 18.1 VPN/IPSec Overview ..................223 18.2 IPSec Algorithms ....................223 18.2.1 AH (Authentication Header) Protocol ............223 18.2.2 ESP (Encapsulating Security Payload) Protocol ........223...
  • Page 17 P-335 Series User’s Guide Chapter 19 Centralized Logs ....................251 19.1 View Log ......................251 19.2 Log Settings ....................252 Chapter 20 Print Server......................257 20.1 Print Server Overview ..................257 20.2 Prestige Print Server ..................257 20.2.1 Installation Requirements ..............257 20.3 Prestige Print Server Configuration ..............258 Chapter 21 Media Bandwidth Management................
  • Page 18 P-335 Series User’s Guide 22.7 Configuration Screen ..................281 22.7.1 Backup Configuration ................282 22.7.2 Restore Configuration ................283 22.7.3 Back to Factory Defaults ...............284 22.8 Restart Screen ....................284 Chapter 23 Introducing the SMT .................... 287 23.1 SMT Introduction ....................287 23.1.1 Procedure for SMT Configuration via Telnet .........287 23.1.2 Entering Password ................287 23.1.3 Prestige SMT Menu Overview ..............288 23.2 Navigating the SMT Interface .................289...
  • Page 19 P-335 Series User’s Guide 27.4 Configuring the PPPoE Client ................311 27.5 Basic Setup Complete ..................312 Chapter 28 Remote Node Configuration ................313 28.1 Introduction to Remote Node Setup ...............313 28.2 Remote Node Profile Setup ................313 28.2.1 Ethernet Encapsulation .................313 28.2.2 PPPoE Encapsulation ................315 28.2.2.1 Outgoing Authentication Protocol ..........315 28.2.2.2 Nailed-Up Connection ..............316 28.2.3 PPTP Encapsulation ................316...
  • Page 20 P-335 Series User’s Guide Chapter 32 Filter Configuration ....................343 32.1 Introduction to Filters ..................343 32.1.1 The Filter Structure of the Prestige ............344 32.2 Configuring a Filter Set ..................345 32.2.1 Configuring a Filter Rule ...............346 32.2.2 Configuring a TCP/IP Filter Rule ............347 32.2.3 Configuring a Generic Filter Rule ............349 32.3 Example Filter ....................351 32.4 Filter Types and NAT ..................353...
  • Page 21 P-335 Series User’s Guide 35.4 Diagnostic ......................376 35.4.1 WAN DHCP ..................377 Chapter 36 Firmware and Configuration File Maintenance ..........379 36.1 Filename Conventions ...................379 36.2 Backup Configuration ..................380 36.2.1 Backup Configuration ................380 36.2.2 Using the FTP Command from the Command Line ......381 36.2.3 Example of FTP Commands from the Command Line ......382 36.2.4 GUI-based FTP Clients .................382 36.2.5 TFTP and FTP over WAN Management Limitations ......382...
  • Page 22 P-335 Series User’s Guide Chapter 39 Call Scheduling ....................401 39.1 Introduction to Call Scheduling ..............401 Chapter 40 VPN/IPSec Setup ....................405 40.1 VPN/IPSec Overview ..................405 40.2 IPSec Summary Screen .................406 40.3 IKE Setup .......................412 40.4 Manual Setup ....................414 40.4.0.1 Active Protocol ................415 40.4.0.2 Security Parameter Index (SPI) ..........415 Chapter 41 SA Monitor ......................
  • Page 23 P-335 Series User’s Guide Appendix K Types of EAP Authentication ................475 Appendix L Antenna Selection and Positioning Recommendation........477 Appendix M Brute-Force Password Guessing Protection............. 479 Appendix N TMSS ........................481 Appendix O Triangle Route ...................... 485...
  • Page 24 P-335 Series User’s Guide...
  • Page 25 P-335 Series User’s Guide List of Figures Figure 1 Prestige Print Server Application ................47 Figure 2 Secure Internet Access via Cable, DSL or Wireless Modem ........ 48 Figure 3 VPN Application ....................48 Figure 4 Internet Access Application Example ..............49 Figure 5 Change Password Screen ..................
  • Page 26 P-335 Series User’s Guide Figure 37 Roaming ......................103 Figure 38 Prestige Wireless Security Levels ............... 105 Figure 39 Wireless: No Security ..................106 Figure 40 WEP Authentication Steps .................. 108 Figure 41 Wireless: Static WEP Encryption ................ 110 Figure 42 WPA - PSK Authentication .................. 113 Figure 43 Wireless: WPA-PSK ....................
  • Page 27 P-335 Series User’s Guide Figure 80 Firewall: Settings ....................193 Figure 81 Firewall Rule Directions ..................194 Figure 82 Firewall: Service ....................196 Figure 83 Content Filter ...................... 200 Figure 84 Remote Management: WWW ................207 Figure 85 Telnet Configuration on a TCP/IP Network ............208 Figure 86 Remote Management: Telnet ................
  • Page 28 P-335 Series User’s Guide Figure 123 Maintenance Association List ................278 Figure 124 Maintenance Firmware Upload ................. 279 Figure 125 Upload Warning ....................280 Figure 126 Network Temporarily Disconnected ..............280 Figure 127 Upload Error Message ..................281 Figure 128 Maintenance Configuration ................282 Figure 129 Configuration Restore Successful ..............
  • Page 29 P-335 Series User’s Guide Figure 166 Menu 15.1 Address Mapping Sets ..............328 Figure 167 Menu 15.1.255 SUA Address Mapping Rules ..........328 Figure 168 Menu 15.1.1 First Set ..................330 Figure 169 Menu 15.1.1.1 Editing/Configuring an Individual Rule in a Set ......331 Figure 170 Menu 15.2.1 NAT Server Setup ................
  • Page 30 P-335 Series User’s Guide Figure 209 Menu 24.2.1 System Maintenance : Information ..........369 Figure 210 Menu 24.2.2 System Maintenance : Change Console Port Speed ....370 Figure 211 Menu 24.3.2 System Maintenance : Syslog Logging ........370 Figure 212 Syslog Example ....................372 Figure 213 Call-Triggering Packet Example ................
  • Page 31 P-335 Series User’s Guide Figure 252 Network Print Server Setup Wizard : Summary ..........435 Figure 253 Network Print Server Setup Wizard : Installation Complete ......435 Figure 254 .......................... 436 Figure 255 Network Print Monitor Setup : Welcome ............437 Figure 256 Network Print Monitor Setup : Location ............
  • Page 32 P-335 Series User’s Guide Figure 295 Peer-to-Peer Communication in an Ad-hoc Network ........470 Figure 296 ESS Provides Campus-Wide Coverage ............471 Figure 297 Sequences for EAP MD5–Challenge Authentication ........474 Figure 298 Enable TMSS ....................481 Figure 299 TMSS Welcome Screen ..................482 Figure 300 Download ActiveX Control ................
  • Page 33 P-335 Series User’s Guide List of Tables Table 1 IEEE 802.11b ......................44 Table 2 IEEE 802.11g ......................44 Table 3 Screens Summary ....................54 Table 4 Wizard Setup : Wireless LAN ................58 Table 5 Wizard Setup : Wireless LAN Setup : Basic Security ..........60 Table 6 Wizard Setup : Wireless LAN : Extended Security ..........
  • Page 34 P-335 Series User’s Guide Table 37 OTIST ........................134 Table 38 WAN: Route ......................138 Table 39 Ethernet Encapsulation ..................139 Table 40 PPPoE Encapsulation ..................141 Table 41 PPTP Encapsulation .................... 143 Table 42 WAN: IP ....................... 145 Table 43 Traffic Redirect ....................150 Table 44 NAT Definitions ....................
  • Page 35 P-335 Series User’s Guide Table 80 View Logs ......................252 Table 81 Log Settings ......................255 Table 82 Configuring Print Server ..................258 Table 83 Application and Subnet-based Bandwidth Management Example ...... 261 Table 84 Media Mandwidth Management Priorities ............263 Table 85 Commonly Used Services ...................
  • Page 36 P-335 Series User’s Guide Table 123 Generic Filter Rule Menu Fields ................ 350 Table 124 Menu 22 SNMP Configuration ................359 Table 125 SNMP Traps ...................... 359 Table 126 Ports and Permanent Virtual Circuits ..............360 Table 127 Menu 23.2 System Security : RADIUS Server ..........362 Table 128 Menu 23.4 System Security : IEEE802.1x ............

  • Page 37: Preface

    The Compact Guide is designed to help you get up and running right away. They contain connection information and instructions on getting started. • Web Configurator Online Help Embedded web help for descriptions of individual screens and supplementary information. • ZyXEL Glossary and Web Site Preface...
  • Page 38 P-335 Series User’s Guide Please refer to www.zyxel.com for an online glossary of networking terms and additional support documentation. User Guide Feedback Help us help you! E-mail all User Guide-related comments, questions or suggestions for improvement to techwriters@zyxel.com.tw or send regular mail to The Technical Writing Team, ZyXEL Communications Corp., 6 Innovation Road II, Science-Based Industrial Park,...
  • Page 39 P-335 Series User’s Guide Graphics Icons Key Prestige Computer Notebook computer Server DSLAM Firewall Modem Switch Router Wireless Signal Printer Preface...
  • Page 40 P-335 Series User’s Guide Preface...

  • Page 41: Getting To Know Your Prestige

    The Prestige is the ideal secure gateway for all data passing between the Internet and LAN’s. By integrating NAT, firewall, media bandwidth management and VPN capability, ZyXEL’s Prestige is a complete security solution that protects your Intranet and efficiently manages data traffic on your network.

  • Page 42: Auto-Crossover 10/100 Mbps Ethernet Interface(S)

    Prestige’s OTIST feature supports static WEP or WPA-PSK encryption security settings. 1.2.2.3 Media Bandwidth Management ZyXEL’s Media Bandwidth Management allows you to specify bandwidth classes based on an application and/or subnet. You can allocate specific amounts of bandwidth capacity (bandwidth budgets) to different bandwidth classes.

  • Page 43: Ipsec Vpn Capability

    P-335 Series User’s Guide When TMSS is enabled you can configure how often the TMSS Web page displays and select the computers in your network that you want this service to apply. 1.2.2.5 IPSec VPN Capability Establish a Virtual Private Network (VPN) to connect with business partners and branch offices using data encryption and the Internet to provide secure communications without the expense of leased site-to-site lines.

  • Page 44: Wireless Lan Standard (P-335Wt Only)

    P-335 Series User’s Guide The 802.11b data rate and corresponding modulation techniques are as follows. The modulation technique defines how bits are encoded onto radio waves. Table 1 IEEE 802.11b DATA RATE (KBPS) MODULATION DBPSK (Differential Binary Phase Shift Keyed) DQPSK (Differential Quadrature Phase Shift Keying 5.5 / 11 CCK (Complementary Code Keying)

  • Page 45: Pptp Encapsulation

    P-335 Series User’s Guide 1.2.2.16 PPTP Encapsulation Point-to-Point Tunneling Protocol (PPTP) is a network protocol that enables secure transfer of data from a remote client to a private server, creating a Virtual Private Network (VPN) using a TCP/IP-based network. PPTP supports on-demand, multi-protocol and virtual private networking over public networks, such as the Internet.

  • Page 46: Port Forwarding

    P-335 Series User’s Guide 1.2.2.23 Port Forwarding Use this feature to forward incoming service requests to a server on your local network. You may enter a single port number or a range of port numbers to be forwarded, and the local IP address of the desired server.

  • Page 47: Wireless Association List (P-335Wt Only)

    P-335 Series User’s Guide 1.2.2.31 Wireless Association List (P-335WT only) With the Wireless Association List, you can see the list of the wireless stations that are currently using the Prestige to access your wired network. 1.2.2.32 Wireless LAN Channel Usage (P-335WT only) The Wireless Channel Usage displays whether the radio channels are used by other wireless devices within the transmission range of the Prestige.

  • Page 48: Vpn Application

    P-335 Series User’s Guide Figure 2 Secure Internet Access via Cable, DSL or Wireless Modem 1.3.3 VPN Application Prestige VPN is an ideal cost-effective way to connect branch offices and business partners over the Internet without the need (and expense) for leased lines between sites. Figure 3 VPN Application 1.3.4 Wireless LAN Application (P-335WT only)

  • Page 49: Figure 4 Internet Access Application Example

    P-335 Series User’s Guide Figure 4 Internet Access Application Example Chapter 1 Getting to Know Your Prestige...
  • Page 50 P-335 Series User’s Guide Chapter 1 Getting to Know Your Prestige...

  • Page 51: Introducing The Web Configurator

    P-335 Series User’s Guide H A P T E R Introducing the Web Configurator This chapter describes how to access the Prestige web configurator and provides an overview of its screens. 2.1 Web Configurator Overview The embedded web configurator allows you to manage the Prestige from anywhere through a browser such as Microsoft Internet Explorer or Netscape Navigator.

  • Page 52: Resetting The Prestige

    P-335 Series User’s Guide Figure 5 Change Password Screen You should now see the MAIN MENU screen) Note: The management session automatically times out when the time period set in the Administrator Inactivity Timer field expires (default five minutes). Simply log back into the Prestige if this happens to you 2.3 Resetting the Prestige If you forget your password or cannot access the web configurator, you will need to use the...

  • Page 53: Navigation Panel

    P-335 Series User’s Guide • Click to view the web configurator in the language of your choice. • Click LOGOUT at any time to exit the web configurator. • Click MAINTENANCE to view information about your Prestige or upgrade configuration/firmware files. Maintenance includes Status (Statistics), DHCP Table, F/ W (firmware) Upload, Configuration (Backup, Restore, Defaults) and Restart.

  • Page 54: Table 3 Screens Summary

    P-335 Series User’s Guide The following table describes the sub-menus. Table 3 Screens Summary LINK FUNCTION WIZARD SETUP Use these screens for initial configuration including general setup, Wireless LAN setup, ISP parameters for Internet Access and WAN IP/DNS Server/MAC address assignment. BANDWIDTH Use these screens for initial configuration of media bandwidth SETUP...
  • Page 55 P-335 Series User’s Guide Table 3 Screens Summary LINK FUNCTION REMOTE MGMT TELNET Use this screen to configure through which interface(s) and from which IP address(es) users can use Telnet to manage the Prestige. Use this screen to configure through which interface(s) and from which IP address(es) users can use FTP to access the Prestige.
  • Page 56 P-335 Series User’s Guide Table 3 Screens Summary LINK FUNCTION MAINTENANCE Status This screen contains administrative and system-related information. DHCP Table This screen displays DHCP (Dynamic Host Configuration Protocol) related information and is READ-ONLY. Any IP Use this screen to allow a computer to access the Internet without changing the network settings of the computer, when the IP addresses of the computer and the Prestige are not in the same subnet.

  • Page 57: Chapter 3 Wizard Setup

    P-335 Series User’s Guide H A P T E R Wizard Setup This chapter provides information on the Wizard Setup screens in the web configurator. 3.1 Wizard Setup Overview The web configurator’s Wizard Setup helps you configure your device to access the Internet. The second screen has three variations depending on what encapsulation type you use.

  • Page 58: Wizard Setup: Wireless Lan (P-335Wt Only)

    P-335 Series User’s Guide Figure 7 Wizard Setup : General 3.3 Wizard Setup: Wireless LAN (P-335WT only) Set up your wireless LAN using the following screen. Figure 8 Wizard Setup : Wireless LAN The following table describes the labels in this screen. Table 4 Wizard Setup : Wireless LAN LABEL DESCRIPTION...

  • Page 59: Wizard Setup : Wireless Lan : Basic Security

    P-335 Series User’s Guide Table 4 Wizard Setup : Wireless LAN LABEL DESCRIPTION Security The Security can be selected as auto, none, basic or extended. Choose Auto to use WPA-PSK security with a default Pre-Shared Key and proceed to another wireless LAN setup screen where you can enable OTIST. Choose this option only if your wireless clients support WPA-PSK.

  • Page 60: Figure 9 Wizard Setup : Wireless Lan : Basic Security

    P-335 Series User’s Guide Figure 9 Wizard Setup : Wireless LAN : Basic Security The following table describes the labels in this screen. Table 5 Wizard Setup : Wireless LAN Setup : Basic Security LABEL DESCRIPTION Passphrase Enter a Passphrase (up to 32 printable characters) and clicking Generate. The Prestige automatically generates a WEP key.

  • Page 61: Wizard Setup : Wireless Lan : Extended Security

    P-335 Series User’s Guide 3.3.2 Wizard Setup : Wireless LAN : Extended Security Choose Extend(WPA-PSK) security in the Wireless LAN Setup screen to set up a Pre- Shared Key. Figure 10 Wizard Setup : Wireless LAN : Extended Security The following table describes the labels in this screen. Table 6 Wizard Setup : Wireless LAN : Extended Security LABEL DESCRIPTION...

  • Page 62: Figure 11 Wizard Setup : Wireless Lan : Otist

    P-335 Series User’s Guide Figure 11 Wizard Setup : Wireless LAN : OTIST The following table describes the labels in this screen. Table 7 Wizard Setup : Wireless LAN : OTIST LABEL DESCRIPTION Do you want to Select the Yes radio button and click Finish to enable One-Touch Intelligent Security enable One- Technology (OTIST), complete the wizard setup and save your configuration.

  • Page 63: Wizard Setup : Internet Access

    P-335 Series User’s Guide 3.5 Wizard Setup : Internet Access The Prestige offers three choices of encapsulation. They are Ethernet, PPP over Ethernet or PPTP. 3.5.1 Ethernet Choose Ethernet when the WAN port is used as a regular Ethernet. Figure 12 Wizard Setup : Internet Access : Ethernet Encapsulation The following table describes the labels in this screen.

  • Page 64: Pppoe Encapsulation

    P-335 Series User’s Guide 3.5.2 PPPoE Encapsulation Point-to-Point Protocol over Ethernet (PPPoE) functions as a dial-up connection. PPPoE is an IETF (Internet Engineering Task Force) draft standard specifying how a host personal computer interacts with a broadband modem (for example DSL, cable, wireless, etc.) to achieve access to high-speed data networks.

  • Page 65: Pptp Encapsulation

    P-335 Series User’s Guide Figure 13 Wizard Setup : Internet Access : PPPoE Encapsulation The following table describes the labels in this screen. Table 9 Wizard Setup : Internet Access : PPPoE Encapsulation LABEL DESCRIPTION ISP Parameter for Internet Access Encapsulation Choose PPP over Ethernet from the pull-down list box.

  • Page 66: Figure 14 Wizard Setup : Internet Access : Pptp Encapsulation

    P-335 Series User’s Guide Refer to the appendix for more information on PPTP. Note: The PRESTIGE supports one PPTP server connection at any given time. Figure 14 Wizard Setup : Internet Access : PPTP Encapsulation The following table describes the fields in this screen Table 10 Wizard Setup : Internet Access : PPTP Encapsulation LABEL DESCRIPTION...

  • Page 67: Wizard Setup : Wan

    P-335 Series User’s Guide Table 10 Wizard Setup : Internet Access : PPTP Encapsulation LABEL DESCRIPTION Connection ID/ Enter the connection ID or connection name in this field. It must follow the "c:id" Name and "n:name" format. For example, C:12 or N:My ISP. This field is optional and depends on the requirements of your ISP.

  • Page 68: Dns Server Address Assignment

    Use DNS (Domain Name System) to map a domain name to its corresponding IP address and vice versa, for instance, the IP address of www.zyxel.com is 204.217.0.2. The DNS server is extremely important because without it, you must know the IP address of a computer before you can access it.

  • Page 69: Figure 15 Wizard Setup : Wan

    P-335 Series User’s Guide You can configure the WAN port's MAC address by either using the factory default or cloning the MAC address from a computer on your LAN. Once it is successfully configured, the address will be copied to the "rom" file (ZyNOS configuration file). It will not change unless you change the setting or upload a different "rom"...

  • Page 70: Figure 16 Wizard Setup : Wan Ip And Dns Server Address Assignment

    P-335 Series User’s Guide Figure 16 Wizard Setup : WAN IP and DNS Server Address Assignment The following table describes the labels in this screen Table 14 Wizard Setup : WAN IP and DNS Server Address Assignment LABEL DESCRIPTION WAN IP Address Assignment My WAN IP Address Enter the IP address of your Prestige in dotted decimal notation.

  • Page 71: Wizard Setup : Complete

    P-335 Series User’s Guide Table 14 Wizard Setup : WAN IP and DNS Server Address Assignment LABEL DESCRIPTION Back Click Back to return to the previous screen. Next Click Next to continue. Select Get automatically from ISP (Default) in the first WAN wizard setup screen and click Next to view the following WAN MAC Address screen.

  • Page 72: Figure 18 Wizard Setup : Complete

    P-335 Series User’s Guide Figure 18 Wizard Setup : Complete Well done! You have successfully set up your Prestige to operate on your network and access the Internet Chapter 3 Wizard Setup...

  • Page 73: Media Bandwidth Management Setup

    P-335 Series User’s Guide H A P T E R Media Bandwidth Management Setup This chapter provides information on the bandwidth management setup screens in the web configurator. 4.1 Media Bandwidth Management Setup Overview The web configurator’s BW SETUP allows you to specify bandwidth classes based on an application and/or subnet.

  • Page 74: Media Bandwidth Management Setup : Services

    P-335 Series User’s Guide Figure 19 Media Bandwidth Management Setup The following fields describe the label in this screen. Table 16 Media Bandwidth Management Setup LABEL DESCRIPTION Active Select the Active check box to have the Prestige apply bandwidth management to traffic going out through the Prestige’s WAN, LAN or WLAN port.

  • Page 75: Media Bandwidth Management Setup : Service Priority

    P-335 Series User’s Guide Figure 20 Media Bandwidth Management Setup : Services The following table describes the labels in this screen. Table 17 Media Bandwidth Management Setup : Services LABEL DESCRIPTION Choose Create bandwidth management classes by selecting services from the list provided. Channel ID •...

  • Page 76: Media Bandwidth Management Setup Complete

    P-335 Series User’s Guide Figure 21 Media Bandwidth Management Setup : Service Priority The following table describes the fields in this screen. Table 18 Media Bandwidth Management Setup : Service Priority LABELS DESCRIPTION Service These fields display the services selected in the previous screen. Priority Select High, Mid or Low priority for each service to have your Prestige use a priority for traffic that matches that service.

  • Page 77: Chapter 5 System Screens

    P-335 Series User’s Guide H A P T E R System Screens This chapter provides information on the System screens. 5.1 System Overview See the Wizard Setup chapter for more information on the next few screens. 5.2 Configuring General Setup Click SYSTEM to open the General screen.

  • Page 78: Figure 23 System General Setup

    P-335 Series User’s Guide Figure 23 System General Setup The following table describes the labels in this screen. Table 19 System General Setup LABEL DESCRIPTION System Name System Name is a unique name to identify the Prestige in an Ethernet network.. It is recommended you enter your computer’s “Computer name”...

  • Page 79: Dynamic Dns

    P-335 Series User’s Guide Table 19 System General Setup LABEL DESCRIPTION First DNS Server Select From ISP if your ISP dynamically assigns DNS server information (and the Prestige's WAN IP address). The field below displays the (read-only) DNS server Second DNS Server IP address that the ISP assigns.

  • Page 80: Figure 24 Ddns

    P-335 Series User’s Guide Figure 24 DDNS The following table describes the labels in this screen. Table 20 DDNS LABEL DESCRIPTION Enable DDNS Select this check box to use dynamic DNS. Service Provider Select the name of your Dynamic DNS service provider. DDNS Type Select the type of service that you are registered for from your Dynamic DNS service provider.

  • Page 81: Configuring Password

    P-335 Series User’s Guide Table 20 DDNS LABEL DESCRIPTION Use specified IP Type the IP address of the host name(s). Use this if you have a static IP Address address. Apply Click Apply to save your changes back to the Prestige. Reset Click Reset to begin configuring this screen afresh.

  • Page 82: Figure 26 Time Setting

    P-335 Series User’s Guide Figure 26 Time Setting The following table describes the labels in this screen. Table 22 Time Setting LABEL DESCRIPTION Time Protocol Select the time service protocol that your time server sends when you turn on the Prestige. Not all time servers support all protocols, so you may have to check with your ISP/network administrator or use trial and error to find a protocol that works.
  • Page 83 P-335 Series User’s Guide Table 22 Time Setting LABEL DESCRIPTION Current Date This field displays the date of your Prestige. Each time you reload this page, the Prestige synchronizes the time with the time server. New Date This field displays the last updated date from the time server. When you select None in the Time Protocol field, enter the new date in this field and then click Apply.
  • Page 84 P-335 Series User’s Guide Chapter 5 System Screens...

  • Page 85: Chapter 6 Lan Screens

    P-335 Series User’s Guide H A P T E R LAN Screens This chapter describes how to configure LAN settings. 6.1 LAN Overview Local Area Network (LAN) is a shared communication system to which many computers are attached. The LAN screens can help you configure a LAN DHCP server, manage IP addresses, and partition your physical network into logical networks.

  • Page 86: Ip Address And Subnet Mask

    P-335 Series User’s Guide • IP address of 192.168.1.1 with subnet mask of 255.255.255.0 (24 bits) • DHCP server enabled with 32 client IP addresses starting from 192.168.1.33. These parameters should work for the majority of installations. If your ISP gives you explicit DNS server address(es), read the embedded web configurator help regarding what fields need to be configured.

  • Page 87: Any Ip

    P-335 Series User’s Guide 224.0.0.0 is not assigned to any group and is used by IP multicast computers. The address 224.0.0.1 is used for query messages and is assigned to the permanent group of all IP hosts (including gateways). All hosts must join the 224.0.0.1 group in order to participate in IGMP. The address 224.0.0.2 is assigned to the multicast routers group.

  • Page 88: How Any Ip Works

    P-335 Series User’s Guide The Any IP feature does not apply to a computer using either a dynamic IP address or a static IP address that is in the same subnet as the Prestige’s IP address. Note: You must enable NAT to use the Any IP feature on the Prestige 6.4.1 How Any IP Works Address Resolution Protocol (ARP) is a protocol for mapping an Internet Protocol address (IP...

  • Page 89: Figure 28 Lan Ip

    P-335 Series User’s Guide Figure 28 LAN IP The following table describes the labels in this screen. Table 23 LAN IP LABEL DESCRIPTION DHCP Server DHCP (Dynamic Host Configuration Protocol, RFC 2131 and RFC 2132) allows individual clients (computers) to obtain TCP/IP configuration at startup from a server.
  • Page 90 P-335 Series User’s Guide Table 23 LAN IP LABEL DESCRIPTION DNS Servers Assigned by DHCP Server The Prestige passes a DNS (Domain Name System) server IP address (in the order you specify here) to the DHCP clients. The Prestige only passes this information to the LAN DHCP clients when you select the DHCP Server check box.

  • Page 91: Configuring Static Dhcp

    P-335 Series User’s Guide Table 23 LAN IP LABEL DESCRIPTION Any IP Setup Active Select this option to activate the Any-IP feature. This allows a computer to access the Internet without changing the network settings (such as IP address and sub- net mask) of the computer, even when the IP addresses of the computer and the Prestige are not in the same subnet.

  • Page 92: Configuring Ip Alias

    P-335 Series User’s Guide Figure 29 Static DHCP The following table describes the labels in this screen. Table 24 Static DHCP LABEL DESCRIPTION This is the index number of the Static IP table entry (row). MAC Address Type the MAC address (with colons) of a computer on your LAN. IP Address This field specifies the size, or count of the IP address pool.

  • Page 93: Figure 30 Ip Alias

    P-335 Series User’s Guide Figure 30 IP Alias The following table describes the labels in this screen. Table 25 IP Alias LABEL DESCRIPTION IP Alias 1,2 Select the check box to configure another LAN network for the Prestige. IP Address Enter the IP address of your Prestige in dotted decimal notation.
  • Page 94 P-335 Series User’s Guide Chapter 6 LAN Screens...

  • Page 95: Wireless Configuration And Roaming

    P-335 Series User’s Guide H A P T E R Wireless Configuration and Roaming This chapter discusses how to configure the Wireless and Roaming screens on the Prestige. This chapter applies to the P-335WT only. 7.1 Wireless LAN Overview This section introduces the wireless LAN(WLAN) and some basic scenarios. 7.1.1 IBSS An Independent Basic Service Set (IBSS), also called an Ad-hoc network, is the simplest WLAN configuration.

  • Page 96: Ess

    P-335 Series User’s Guide Figure 32 Basic Service set 7.1.3 ESS An Extended Service Set (ESS) consists of a series of overlapping BSSs, each containing an access point, with each access point connected together by a wired network. This wired connection between APs is called a Distribution System (DS).

  • Page 97: Wireless Lan Basics

    P-335 Series User’s Guide Figure 33 Extended Service Set 7.2 Wireless LAN Basics Refer also to the Wizard Setup chapter for more background information on Wireless LAN features, such as channels. 7.2.1 RTS/CTS A hidden node occurs when two stations are within range of the same access point, but are not within range of each other.

  • Page 98: Fragmentation Threshold

    P-335 Series User’s Guide Figure 34 RTS/CTS When station A sends data to the Prestige, it might not know that station B is already using the channel. If these two stations send data at the same time, collisions may occur when both sets of data arrive at the AP at the same time, resulting in a loss of messages for both stations.

  • Page 99: Configuring Wireless

    P-335 Series User’s Guide A large Fragmentation Threshold is recommended for networks not prone to interference while you should set a smaller threshold for busy networks or networks that are prone to interference. If the Fragmentation Threshold value is smaller than the RTS/CTS value (see previously) you set, then the RTS (Request To Send)/CTS (Clear to Send) handshake will never occur as data frames will be fragmented before they reach RTS/CTS size.

  • Page 100: Figure 35 Wireless

    P-335 Series User’s Guide Figure 35 Wireless The following table describes the general wireless LAN labels in this screen. Table 26 Wireless LABEL DESCRIPTION Enable Click the check box to activate wireless LAN. Wireless LAN Name(SSID) (Service Set IDentity) The SSID identifies the Service Set with which a wireless station is associated.

  • Page 101: Configuring Roaming

    P-335 Series User’s Guide Table 26 Wireless LABEL DESCRIPTION Hide Select this check box to hide the SSID in the outgoing beacon frame so a station Name(SSID) cannot obtain the SSID through passive scanning using a site survey tool. Choose Set the operating frequency/channel depending on your particular region.

  • Page 102: Requirements For Roaming

    P-335 Series User’s Guide Figure 36 Roaming Example The steps below describe the roaming process. 1 As wireless station Y moves from the coverage area of access point P1 to that of access point 2 P2, it scans and uses the signal of access point P2. 3 Access point P2 acknowledges the presence of wireless station Y and relays this information to access point P1 through the wired LAN.

  • Page 103: Figure 37 Roaming

    P-335 Series User’s Guide To enable roaming on your Prestige, click the WIRELESS link under ADVANCED and then the Roaming tab. The screen appears as shown. Figure 37 Roaming The following table describes the labels in this screen. Table 27 Roaming LABEL DESCRIPTION Select Yes from the drop-down list box to enable roaming on the Prestige if you have...
  • Page 104 P-335 Series User’s Guide Chapter 7 Wireless Configuration and Roaming...

  • Page 105: Wireless Security

    P-335 Series User’s Guide H A P T E R Wireless Security This chapter describes how to use the MAC Filter, Roaming and OTIST to configure wireless security on your Prestige. This chapter applies to the P-335WT only. 8.1 Wireless Security Overview Wireless security is vital to your network to protect wireless communication between wireless stations, access points and the wired network.

  • Page 106: Figure 39 Wireless: No Security

    P-335 Series User’s Guide Figure 39 Wireless: No Security The following table describes the labels in this screen. Table 28 Wireless No Security LABEL DESCRIPTION Security Choose No Security from the drop-down list box. Preamble Select a preamble type from the drop-down list menu. Choices are Long, Short and Dynamic.

  • Page 107: Security Parameters Summary

    Prestige. The transmission rate of your Prestige might be reduced. G+ Enhanced Select G+ Enhanced checkbox to allow any ZyXEL WLAN devices that support this feature to associate with the Prestige. This permits the Prestige to transmit at a higher speed than the 802.11g Only mode.

  • Page 108: Wep Overview

    P-335 Series User’s Guide 8.3 WEP Overview WEP (Wired Equivalent Privacy) as specified in the IEEE 802.11 standard provides methods for both data encryption and wireless station authentication. 8.3.1 Data Encryption WEP provides a mechanism for encrypting data using encryption keys. Both the AP and the wireless stations must use the same WEP key to encrypt and decrypt data.

  • Page 109: Preamble Type

    P-335 Series User’s Guide Shared key authentication involves a four-message procedure. A wireless station sends a shared key authentication request to the AP, which will then reply with a challenge text message. The wireless station must then use the AP’s default WEP key to encrypt the challenge text and return it to the AP, which attempts to decrypt the message using the AP’s default WEP key.

  • Page 110: Figure 41 Wireless: Static Wep Encryption

    P-335 Series User’s Guide Figure 41 Wireless: Static WEP Encryption The following table describes the wireless LAN security labels in this screen. Table 30 Wireless: Static WEP Encryption LABEL DESCRIPTION Passphrase Enter a Passphrase (up to 32 printable characters) and clicking Generate. The Prestige automatically generates a WEP key.

  • Page 111: Introduction To Wpa

    Prestige. The transmission rate of your Prestige might be reduced. G+ Enhanced Select G+ Enhanced checkbox to allow any ZyXEL WLAN devices that support this feature to associate with the Prestige. This permits the Prestige to transmit at a higher speed than the 802.11g Only mode.

  • Page 112: Encryption

    P-335 Series User’s Guide Therefore, if you don’t have an external RADIUS server you should use WPA-PSK (WPA - Pre-Shared Key) that only requires a single (identical) password entered into each access point, wireless gateway and wireless client. As long as the passwords match, a client will be granted access to a WLAN.

  • Page 113: Configuring Wpa-Psk Authentication

    P-335 Series User’s Guide 4 The AP and wireless clients use the TKIP encryption process to encrypt data exchanged between them. Figure 42 WPA - PSK Authentication 8.6 Configuring WPA-PSK Authentication In order to configure and enable WPA-PSK Authentication; click the WIRELESS link under ADVANCED to display the Wireless screen.

  • Page 114: Figure 43 Wireless: Wpa-Psk

    P-335 Series User’s Guide Figure 43 Wireless: WPA-PSK The following table describes the labels in this screen. Table 31 Wireless: WPA-PSK LABEL DESCRIPTION Pre-Shared Key The encryption mechanisms used for WPA and WPA-PSK are the same. The only difference between the two is that WPA-PSK uses a simple common password, instead of user-specific credentials.

  • Page 115: Wireless Client Wpa Supplicants

    Prestige. The transmission rate of your Prestige might be reduced. G+ Enhanced Select G+ Enhanced checkbox to allow any ZyXEL WLAN devices that support this feature to associate with the Prestige. This permits the Prestige to transmit at a higher speed than the 802.11g Only mode.

  • Page 116: Types Of Radius Messages

    P-335 Series User’s Guide • Accounting Keeps track of the client’s network activity. RADIUS user is a simple package exchange in which your Prestige acts as a message relay between the wireless station and the network RADIUS server. 8.8.1 Types of RADIUS Messages The following types of RADIUS messages are exchanged between the access point and the RADIUS server for user authentication: •...

  • Page 117: Wpa With Radius Application Example

    P-335 Series User’s Guide The type of authentication you use depends on the RADIUS server or the AP. The Prestige supports EAP-TLS, EAP-TTLS and PEAP with RADIUS. Refer to the Types of EAP Authentication appendix for descriptions on the four common types. Your Prestige supports EAP-MD5 (Message-Digest Algorithm 5) with RADIUS.

  • Page 118: Configuring Wpa Authentication

    P-335 Series User’s Guide Figure 45 WPA with RADIUS Application Example 8.9 Configuring WPA Authentication In order to configure and enable WPA Authentication; click the WIRELESS link under ADVANCED to display the Wireless screen. Select WPA from the Security list. Chapter 8 Wireless Security...

  • Page 119: Figure 46 Wireless: Wpa

    P-335 Series User’s Guide Figure 46 Wireless: WPA Chapter 8 Wireless Security...

  • Page 120: Table 32 Wireless: Wpa

    P-335 Series User’s Guide The following table describes the labels in this screen. Table 32 Wireless: WPA LABEL DESCRIPTION ReAuthentication Specify how often wireless stations have to reenter usernames and passwords in Timer (in seconds) order to stay connected. Enter a time interval between 10 and 9999 seconds. The default time interval is 1800 seconds (30 minutes).

  • Page 121: Overview

    Prestige. The transmission rate of your Prestige might be reduced. G+ Enhanced Select G+ Enhanced checkbox to allow any ZyXEL WLAN devices that support this feature to associate with the Prestige. This permits the Prestige to transmit at a higher speed than the 802.11g Only mode.

  • Page 122: Configuring 802.1X And Dynamic Wep Key Exchange

    P-335 Series User’s Guide 8.12 Configuring 802.1x and Dynamic WEP Key Exchange In order to configure and enable 802.1x and Dynamic WEP Key Exchange; click the WIRELESS link under ADVANCED to display the Wireless screen. Select 802.1x + Dynamic WEP from the Security list. Chapter 8 Wireless Security...

  • Page 123: Figure 47 Wireless: 802.1X And Dynamic Wep

    P-335 Series User’s Guide Figure 47 Wireless: 802.1x and Dynamic WEP Chapter 8 Wireless Security...

  • Page 124: Table 33 Wireless: 802.1X And Dynamic Wep

    P-335 Series User’s Guide The following table describes the labels in this screen. Table 33 Wireless: 802.1x and Dynamic WEP LABEL DESCRIPTION ReAuthentication Specify how often wireless stations have to reenter usernames and passwords in Timer (in seconds) order to stay connected. Enter a time interval between 10 and 9999 seconds. The default time interval is 1800 seconds (30 minutes).

  • Page 125: Configuring 802.1X And Static Wep Key Exchange

    Prestige. The transmission rate of your Prestige might be reduced. G+ Enhanced Select G+ Enhanced checkbox to allow any ZyXEL WLAN devices that support this feature to associate with the Prestige. This permits the Prestige to transmit at a higher speed than the 802.11g Only mode.

  • Page 126: Figure 48 Wireless: 802.1X And Static Wep

    P-335 Series User’s Guide Figure 48 Wireless: 802.1x and Static WEP Chapter 8 Wireless Security...

  • Page 127: Table 34 Wireless: 802.1X And Static Wep

    P-335 Series User’s Guide The following table describes the labels in this screen. Table 34 Wireless: 802.1x and Static WEP LABEL DESCRIPTION Passphrase Enter a Passphrase (up to 32 printable characters) and clicking Generate. The Prestige automatically generates a WEP key. WEP Encryption Select 64-bit WEP, 128-bit WEP or 256-bit WEP to enable data encryption.

  • Page 128: Configuring 802.1X

    Prestige. The transmission rate of your Prestige might be reduced. G+ Enhanced Select G+ Enhanced checkbox to allow any ZyXEL WLAN devices that support this feature to associate with the Prestige. This permits the Prestige to transmit at a higher speed than the 802.11g Only mode.

  • Page 129: Figure 49 Wireless: 802.1X

    P-335 Series User’s Guide Figure 49 Wireless: 802.1x Chapter 8 Wireless Security...

  • Page 130: Table 35 Wireless: 802.1X And No Wep

    P-335 Series User’s Guide The following table describes the labels in this screen. Table 35 Wireless: 802.1x and No WEP LABEL DESCRIPTION ReAuthentication Specify how often wireless stations have to reenter usernames and passwords in Timer (in seconds) order to stay connected. Enter a time interval between 10 and 9999 seconds. The default time interval is 1800 seconds (30 minutes).

  • Page 131: Mac Filter

    Table 35 Wireless: 802.1x and No WEP LABEL DESCRIPTION G+ Enhanced Select G+ Enhanced checkbox to allow any ZyXEL WLAN devices that support this feature to associate with the Prestige. This permits the Prestige to transmit at a higher speed than the 802.11g Only mode. Apply Click Apply to save your changes back to the Prestige.

  • Page 132: Figure 50 Mac Address Filter

    P-335 Series User’s Guide Figure 50 MAC Address Filter The following table describes the labels in this menu. Table 36 MAC Address Filter LABEL DESCRIPTION Active Select Yes from the drop down list box to enable MAC address filtering. Define the filter action for the list of MAC addresses in the MAC Address table. Filter Action Select Deny Association to block access to the Prestige, MAC addresses not listed will be allowed to access the Prestige...

  • Page 133: One-Touch Intelligent Security Technology

    P-335 Series User’s Guide Table 36 MAC Address Filter LABEL DESCRIPTION MAC Address Enter the MAC addresses of the wireless station that are allowed or denied access to the Prestige in these address fields. Enter the MAC addresses in a valid MAC address format, that is, six hexadecimal character pairs, for example, 12:34:56:78:9a:bc.

  • Page 134: Figure 51 Otist

    P-335 Series User’s Guide 1 To activate OTIST on the Prestige using the web configurator, click the WIRELESS link under ADVANCED and then the OTIST tab. The screen appears as shown next. Figure 51 OTIST The following table describes the labels in this screen. Table 37 OTIST LABEL DESCRIPTION...

  • Page 135: Wireless Client Otist Configuration

    8.18 Wireless Client OTIST Configuration The following methods show how to configure the wireless client for OTIST. Note: The wireless client must be a ZyXEL wireless client, support OTIST and use the same setup key that is configured in the Prestige OTIST configuration screen. An example of a wireless client that supports OTIST is the ZyAIR G-220.

  • Page 136: Automatic

    P-335 Series User’s Guide 8.18.2 Automatic If the wireless network link is down for more than ten seconds, the wireless client scans the wireless channels for OTIST-enabled access point(s) or wireless router(s). 1 If no OTIST-enabled access point or router is found, the wireless client disconnects from the wireless network.

  • Page 137: Chapter 9 Wan Screens

    P-335 Series User’s Guide H A P T E R WAN Screens This chapter describes how to configure WAN settings. 9.1 WAN Overview See the Wizard Setup chapter for more information on the fields in the WAN screens. 9.2 TCP/IP Priority (Metric) The metric represents the "cost of transmission".

  • Page 138: Configuring Wan Isp

    P-335 Series User’s Guide Figure 54 WAN: Route The following table describes the labels in this screen. Table 38 WAN: Route LABEL DESCRIPTION WAN Traffic The metric represents the "cost of transmission". A router determines the best route Redirect for transmission by choosing a path with the lowest "cost". RIP routing uses hop count as the measurement of cost, with a minimum of "1"...

  • Page 139: Pppoe Encapsulation

    P-335 Series User’s Guide Figure 55 Ethernet Encapsulation The following table describes the labels in this screen. Table 39 Ethernet Encapsulation LABEL DESCRIPTION Encapsulation You must choose the Ethernet option when the WAN port is used as a regular Ethernet. Service Type Choose from Standard, Telstra (RoadRunner Telstra authentication method), RR-Manager (Roadrunner Manager authentication method), RR-Toshiba...
  • Page 140 P-335 Series User’s Guide For the service provider, PPPoE offers an access and authentication method that works with existing access control systems (for example Radius). PPPoE provides a login and authentication method that the existing Microsoft Dial-Up Networking software can activate, and therefore requires no new learning or procedures for Windows users.

  • Page 141: Figure 56 Pppoe Encapsulation

    P-335 Series User’s Guide Figure 56 PPPoE Encapsulation The following table describes the labels in this screen. Table 40 PPPoE Encapsulation LABEL DESCRIPTION ISP Parameters for Internet Access Encapsulation The PPP over Ethernet choice is for a dial-up connection using PPPoE. The Prestige supports PPPoE (Point-to-Point Protocol over Ethernet).

  • Page 142: Pptp Encapsulation

    P-335 Series User’s Guide 9.4.3 PPTP Encapsulation Point-to-Point Tunneling Protocol (PPTP) is a network protocol that enables secure transfer of data from a remote client to a private server, creating a Virtual Private Network (VPN) using TCP/IP-based networks. PPTP supports on-demand, multi-protocol and virtual private networking over public networks, such as the Internet.

  • Page 143: Figure 57 Pptp Encapsulation

    P-335 Series User’s Guide Figure 57 PPTP Encapsulation The following table describes the labels in this screen. Table 41 PPTP Encapsulation LABEL DESCRIPTION ISP Parameters for Internet Access Encapsulation Point-to-Point Tunneling Protocol (PPTP) is a network protocol that enables secure transfer of data from a remote client to a private server, creating a Virtual Private Network (VPN) using TCP/IP-based networks.

  • Page 144: Configuring Wan Ip

    P-335 Series User’s Guide Table 41 PPTP Encapsulation LABEL DESCRIPTION My IP Subnet Mask Your Prestige will automatically calculate the subnet mask based on the IP address that you assign. Unless you are implementing subnetting, use the subnet mask computed by the Prestige. Server IP Address Type the IP address of the PPTP server.

  • Page 145: Figure 58 Wan: Ip

    P-335 Series User’s Guide Figure 58 WAN: IP The following table describes the labels in this screen. Table 42 WAN: IP LABEL DESCRIPTION WAN IP Address Assignment Get automatically from Select this option If your ISP did not assign you a fixed IP address. This is the default selection.
  • Page 146 P-335 Series User’s Guide Table 42 WAN: IP LABEL DESCRIPTION Network Address Network Address Translation (NAT) allows the translation of an Internet Translation protocol address used within one network (for example a private IP address used in a local network) to a different IP address known within another network (for example a public IP address used on the Internet).

  • Page 147: Configuring Wan Mac

    P-335 Series User’s Guide Table 42 WAN: IP LABEL DESCRIPTION Multicast Choose None (default), IGMP-V1 or IGMP-V2. IGMP (Internet Group Multicast Protocol) is a network-layer protocol used to establish membership in a Multicast group - it is not used to carry user data. IGMP version 2 (RFC 2236) is an improvement over version 1 (RFC 1112) but IGMP version 1 is still in wide use.

  • Page 148: Traffic Redirect

    P-335 Series User’s Guide Otherwise, click Spoof this computer's MAC address - IP Address and enter the IP address of the computer on the LAN whose MAC you are cloning. Once it is successfully configured, the address will be copied to the rom file (ZyNOS configuration file). It will not change unless you change the setting or upload a different ROM file.

  • Page 149: Configuring Traffic Redirect

    P-335 Series User’s Guide Figure 61 Traffic Redirect LAN Setup 9.8 Configuring Traffic Redirect To change your Prestige’s Traffic Redirect settings, click WAN, then the Traffic Redirect tab. The screen appears as shown. Chapter 9 WAN Screens...

  • Page 150: Figure 62 Wan: Traffic Redirect

    P-335 Series User’s Guide Figure 62 WAN: Traffic Redirect The following table describes the labels in this screen. Table 43 Traffic Redirect LABEL DESCRIPTION Active Select this check box to have the Prestige use traffic redirect if the normal WAN connection goes down.
  • Page 151 P-335 Series User’s Guide Table 43 Traffic Redirect LABEL DESCRIPTION Apply Click Apply to save your changes back to the Prestige. Reset Click Reset to begin configuring this screen afresh. Chapter 9 WAN Screens...
  • Page 152 P-335 Series User’s Guide Chapter 9 WAN Screens...

  • Page 153: Network Address Translation (Nat) Screens

    P-335 Series User’s Guide H A P T E R Network Address Translation (NAT) Screens This chapter discusses how to configure NAT on the Prestige. 10.1 NAT Overview NAT (Network Address Translation - NAT, RFC 1631) is the translation of the IP address of a host in a packet.

  • Page 154: What Nat Does

    P-335 Series User’s Guide Note: NAT never changes the IP address (either local or global) of an outside host. 10.1.2 What NAT Does In the simplest form, NAT changes the source IP address in a packet received from a subscriber (the inside local address) to another (the inside global address) before forwarding the packet to the WAN side.

  • Page 155: Nat Application

    P-335 Series User’s Guide Figure 63 How NAT Works 10.1.4 NAT Application The following figure illustrates a possible NAT application, where three inside LANs (logical LANs using IP Alias) behind the Prestige can communicate with three distinct WAN networks. More examples follow at the end of this chapter. Figure 64 NAT Application With IP Alias 10.1.5 NAT Mapping Types NAT supports five types of IP/port mapping.

  • Page 156: Table 45 Nat Mapping Types

    • Many to One: In Many-to-One mode, the Prestige maps multiple local IP addresses to one global IP address. This is equivalent to SUA (i.e., PAT, port address translation), ZyXEL’s Single User Account feature (the SUA Only option). • Many-to-Many Overload: In Many-to-Many Overload mode, the Prestige maps the multiple local IP addresses to shared global IP addresses.

  • Page 157: Using Nat

    P-335 Series User’s Guide 10.2 Using NAT Note: You must create a firewall rule in addition to setting up SUA/NAT, to allow traffic from the WAN to be forwarded through the Prestige. 10.2.1 SUA (Single User Account) Versus NAT SUA (Single User Account) is a ZyNOS implementation of a subset of NAT that supports two types of mapping, Many-to-One and Server.

  • Page 158: Port Forwarding: Services And Port Numbers

    P-335 Series User’s Guide 10.3.2 Port Forwarding: Services and Port Numbers A NAT server set is a list of inside (behind NAT on the LAN) servers, for example, web or FTP, that you can make accessible to the outside world even though NAT makes your whole inside network appear as a single machine to the outside world.

  • Page 159: Configuring Servers Behind Sua (Example)

    P-335 Series User’s Guide 10.3.3 Configuring Servers Behind SUA (Example) Let's say you want to assign ports 21-25 to one FTP, Telnet and SMTP server (A in the example), port 80 to another (B in the example) and assign a default server IP address of 192.168.1.35 to a third (C in the example).

  • Page 160: Figure 66 Sua/Nat Setup

    P-335 Series User’s Guide Figure 66 SUA/NAT Setup The following table describes the labels in this screen. Table 47 SUA/NAT Setup LABEL DESCRIPTION Default Server In addition to the servers for specified services, NAT supports a default server. A default server receives packets from ports that are not specified in this screen. If you do not assign a Default Server IP Address, the Prestige discards all packets received for ports that are not specified in this screen or remote management.

  • Page 161: Configuring Address Mapping

    P-335 Series User’s Guide 10.5 Configuring Address Mapping Ordering your rules is important because the Prestige applies the rules in the order that you specify. When a rule matches the current packet, the Prestige takes the corresponding action and the remaining rules are ignored. If there are any empty rules before your new configured rule, your configured rule will be pushed up by that number of empty rules.

  • Page 162: Configuring Address Mapping

    One-to-one NAT mapping type. 2. Many-to-One mode maps multiple local IP addresses to one global IP address. This is equivalent to SUA (i.e., PAT, port address translation), ZyXEL's Single User Account feature that previous ZyXEL routers supported only.

  • Page 163: Figure 68 Address Mapping Rule

    2. Many-to-One: Many-to-One mode maps multiple local IP addresses to one global IP address. This is equivalent to SUA (i.e., PAT, port address translation), ZyXEL's Single User Account feature. 3. Many-to-Many Overload: Many-to-Many Overload mode maps multiple local IP addresses to shared global IP addresses.

  • Page 164: Trigger Port Forwarding

    P-335 Series User’s Guide 10.6 Trigger Port Forwarding Some services use a dedicated range of ports on the client side and a dedicated range of ports on the server side. With regular port forwarding you set a forwarding port in NAT to forward a service (coming in from the server on the WAN) to the IP address of a computer on the client side (LAN).

  • Page 165: Two Points To Remember About Trigger Ports

    P-335 Series User’s Guide 10.6.2 Two Points To Remember About Trigger Ports 1 Trigger events only happen on data that is going coming from inside the Prestige and going to the outside. 2 If an application needs a continuous data stream, that port (range) will be tied up so that another computer on the LAN can’t trigger it.

  • Page 166: Figure 70 Trigger Port

    P-335 Series User’s Guide Figure 70 Trigger Port The following table describes the labels in this screen. Table 50 Trigger Port LABEL DESCRIPTION This is the rule index number (read-only). Name Type a unique name (up to 15 characters) for identification purposes. All characters are permitted - including spaces.

  • Page 167: Chapter 11 Static Route Screens

    P-335 Series User’s Guide H A P T E R Static Route Screens This chapter shows you how to configure static routes for your Prestige. 11.1 Static Route Overview Each remote node specifies only the network to which the gateway is directly connected, and the Prestige has no knowledge of the networks beyond.

  • Page 168: Configuring Route Entry

    P-335 Series User’s Guide Figure 72 Static Route The following table describes the labels in this screen. Table 51 Static Route LABEL DESCRIPTION Number of an individual static route. Name Name that describes or identifies this route. Active This field shows whether this static route is active (Yes) or not (No). Destination This parameter specifies the IP network address of the final destination.

  • Page 169: Figure 73 Static Route: Edit

    P-335 Series User’s Guide Figure 73 Static Route: Edit The following table describes the labels in this screen. Table 52 Static Route: Edit LABEL DESCRIPTION Route Name Enter the name of the IP static route. Leave this field blank to delete this static route. Active This field allows you to activate/deactivate this static route.
  • Page 170 P-335 Series User’s Guide Chapter 11 Static Route Screens...

  • Page 171: Chapter 12 Upnp

    P-335 Series User’s Guide H A P T E R UP N P This chapter introduces the Universal Plug and Play feature. 12.1 Universal Plug and Play Overview Universal Plug and Play (UPnP) is a distributed, open networking standard that uses TCP/IP for simple peer-to-peer network connectivity between devices.

  • Page 172: Upnp And Zyxel

    Disable UPnP if this is not your intention. 12.2 UPnP and ZyXEL ZyXEL has achieved UPnP certification from the Universal Plug and Play Forum Creates UPnP™ Implementers Corp. (UIC). ZyXEL's UPnP implementation supports IGD 1.0 (Internet Gateway Device). At the time of writing ZyXEL's UPnP implementation supports Windows Messenger 4.6 and 4.7 while Windows Messenger 5.0 and Xbox are still being...

  • Page 173: Installing Upnp In Windows Example

    P-335 Series User’s Guide Figure 74 Configuring UPnP The following table describes the labels in this screen. Table 53 Configuring UPnP LABEL DESCRIPTION Enable the Universal Plug Select this checkbox to activate UPnP. Be aware that anyone could use and Play (UPnP) feature a UPnP application to open the web configurator's login screen without entering the Prestige's IP address (although you must still enter the password to access the web configurator).

  • Page 174: Installing Upnp In Windows Me

    P-335 Series User’s Guide 12.4.1 Installing UPnP in Windows Me Follow the steps below to install UPnP in Windows Me. 1 Click Start and Control Panel. Double- click Add/Remove Programs. 2 Click on the Windows Setup tab and select Communication in the Components selection box.

  • Page 175: Installing Upnp In Windows Xp

    P-335 Series User’s Guide 12.4.2 Installing UPnP in Windows XP Follow the steps below to install UPnP in Windows XP. 1 Click Start and Control Panel. 2 Double-click Network Connections. 3 In the Network Connections window, click Advanced in the main menu and select Optional Networking Components ….The Windows Optional Networking...

  • Page 176: Using Upnp In Windows Xp Example

    This section shows you how to use the UPnP feature in Windows XP. You must already have UPnP installed in Windows XP and UPnP activated on the ZyXEL device. Make sure the computer is connected to a LAN port of the ZyXEL device. Turn on your computer and the ZyXEL device.

  • Page 177: Auto-Discover Your Upnp-Enabled Network Device

    P-335 Series User’s Guide 12.5.1 Auto-discover Your UPnP-enabled Network Device 1 Click Start and Control Panel. Double-click Network Connections. An icon displays under Internet Gateway. 2 Right-click the icon and select Properties. 3 In the Internet Connection Properties 4 You may edit or delete the port window, click Settings to see the port mappings or click Add to mappings that were automatically created.

  • Page 178: Web Configurator Easy Access

    12.5.2 Web Configurator Easy Access With UPnP, you can access the web-based configurator on the ZyXEL device without finding out the IP address of the ZyXEL device first. This is helpful if you do not know the IP address of the ZyXEL device.

  • Page 179: Web Configurator Easy Access

    12.5.3 Web Configurator Easy Access With UPnP, you can access the web-based configurator on the ZyXEL device without finding out the IP address of the ZyXEL device first. This is helpful if you do not know the IP address of the ZyXEL device.
  • Page 180 Other Places. 4 An icon with the description for each UPnP-enabled device displays under Local Network. 5 Right-click the icon for your ZyXEL device and select Invoke. The web configurator login screen displays. 6 Right-click the icon for your ZyXEL device and select Properties.

  • Page 181: Trend Micro Security Services

    P-335 Series User’s Guide H A P T E R Trend Micro Security Services This chapter contains information about configuring Trend Micro Security Services settings, virus protection, parental controls and customization. 13.1 Trend Micro Security Service Overview Trend Micro Security Services (TMSS) are a range of services including virus protection and parental controls designed to address the security needs of computers on a network that access the Internet via broadband routers.

  • Page 182: Figure 75 Service Settings

    P-335 Series User’s Guide Figure 75 Service Settings The following table describes the labels in this screen. Table 54 Service Settings LABEL DESCRIPTION Enable Trend Micro Select the checkbox to enable Trend Micro Security Services on your Security Services Prestige. Note: Make sure that you have not restricted access to ActiveX, Cookies or Web Proxy features in the Advanced Filter screen.

  • Page 183: Virus Protection

    P-335 Series User’s Guide Table 54 Service Settings LABEL DESCRIPTION Computer(s) that will This box displays the IP addresses of the computers that are enabled with display Trend Micro TMSS on your network. The client issues an http request through the Home Network Security Prestige to have the IP address of their computer displayed in this box.

  • Page 184: Figure 76 Virus Protection

    P-335 Series User’s Guide Figure 76 Virus Protection The following table describes the labels in this screen. Table 55 Virus Protection LABEL DESCRIPTION Check for Trend Micro Internet Security Automatically check for Select the checkbox to have the Prestige download the latest scan engine update components version and virus pattern version from the Trend Micro website.

  • Page 185: Parental Controls

    P-335 Series User’s Guide Table 55 Virus Protection LABEL DESCRIPTION Virus Pattern This field displays the current version number of the pattern file on a client computer. Scan Engine This field displays the current virus scan program of the client computer. Status This field displays the Trend Micro antivirus version status on a client’s computer.

  • Page 186: Figure 77 Parental Controls License Status

    P-335 Series User’s Guide Figure 77 Parental Controls License Status If you have registered with TMSS and your license is valid, you can configure the Parental Controls configuration screen. Chapter 13 Trend Micro Security Services...

  • Page 187: Figure 78 Parental Controls

    P-335 Series User’s Guide Figure 78 Parental Controls The following table describes the labels in this screen. Table 56 Parental Controls LABEL DESCRIPTION Enable Parental Controls Select the check box to enable this feature on your Prestige. Note: The Prestige automatically checks the status of your Trend Micro license.
  • Page 188 P-335 Series User’s Guide Table 56 Parental Controls LABEL DESCRIPTION Day to Block Select everyday or the day(s) of the week to activate web page blocking Time of Day to Block (24- Select the time of day you want web page blocking to take effect. Hour Format) Configure blocking to take effect all day by selecting the All Day check box.

  • Page 189: Parental Controls Statistics

    P-335 Series User’s Guide Table 56 Parental Controls LABEL DESCRIPTION Exclude specified address Select the radio button to apply Parental Controls to all of the computers in ranges from the Parental the network except those displayed in the Selected IP Addresses box. Control enforcement.

  • Page 190: Figure 79 Parental Controls Statistics

    P-335 Series User’s Guide Figure 79 Parental Controls Statistics If a category has been selected in the previous screen a blocked attempt is displayed. If a category has not been selected in the previous screen, attempts a a nd accesses to Web pages within those categories are displayed.

  • Page 191: Chapter 14 Firewall

    P-335 Series User’s Guide H A P T E R Firewall This chapter gives some background information on firewalls and explains how to get started with the Prestige firewall. 14.1 Introduction 14.1.1 What is a Firewall? Originally, the term firewall referred to a construction technique designed to prevent the spread of fire from one room to another.

  • Page 192: Guidelines For Enhancing Security With Your Firewall

    P-335 Series User’s Guide The Prestige has one Ethernet WAN port and four Ethernet LAN ports, which are used to physically separate the network into two areas.The WAN (Wide Area Network) port attaches to the broadband (cable or DSL) modem to the Internet. The LAN (Local Area Network) port attaches to a network of computers, which needs security from the outside world.

  • Page 193: Figure 80 Firewall: Settings

    P-335 Series User’s Guide Figure 80 Firewall: Settings The following table describes the labels in this screen. Table 58 Firewall: Settings LABEL DESCRIPTION Enable Firewall Select this check box to activate the firewall. The Prestige performs access control and protects against Denial of Service (DoS) attacks when the firewall is activated. Bypass Triangle Select this check box to have the Prestige firewall ignore the use of triangle route Route...

  • Page 194: The Firewall, Nat And Remote Management

    P-335 Series User’s Guide Table 58 Firewall: Settings LABEL DESCRIPTION Packets to Log Choose what WAN to LAN and WAN to WAN/Prestige packets to log. Choose from: No Log Log Forwarded (see how to forward WAN to LAN traffic in the next section) Log All (log all WAN to LAN packets).

  • Page 195: Wan-To-Lan Rules

    P-335 Series User’s Guide 14.3.2 WAN-to-LAN rules WAN-to-LAN rules are Internet to your local network firewall rules. The default is to block all traffic from the Internet to your local network. How can you forward certain WAN to LAN traffic? You may allow traffic originating from the WAN to be forwarded to the LAN by: •...

  • Page 196: Figure 82 Firewall: Service

    P-335 Series User’s Guide Figure 82 Firewall: Service The following table describes the labels in this screen. Table 59 Firewall: Service LABEL DESCRIPTION Enable Services Select this check box to enable this feature. Blocking Available Service This is a list of pre-defined services (ports) you may prohibit your LAN computers from using.
  • Page 197 P-335 Series User’s Guide Table 59 Firewall: Service LABEL DESCRIPTION Port Number Enter the port number range that defines the service. For example, suppose you want to define the Gnutella service. Select TCP type and enter a port range from 6345-6349.
  • Page 198 P-335 Series User’s Guide Chapter 14 Firewall...

  • Page 199: Chapter 15 Content Filtering

    P-335 Series User’s Guide H A P T E R Content Filtering This chapter provides a brief overview of content filtering using the embedded WebGUI. 15.1 Introduction to Content Filtering Internet content filtering allows you to create and enforce Internet access policies tailored to their needs.

  • Page 200: Figure 83 Content Filter

    P-335 Series User’s Guide Figure 83 Content Filter Chapter 15 Content Filtering...

  • Page 201: Table 60 Content Filter

    P-335 Series User’s Guide The following table describes the labels in this screen. Table 60 Content Filter LABEL DESCRIPTION Trusted Computer To enable this feature, type an IP address of any one of the computers in your IP Address network (displayed in Parental Controls) that you want to have as a trusted computer.

  • Page 202: Customizing Keyword Blocking Url Checking

    Full path URL checking has the Prestige check the characters that come before the last slash in the URL. For example, with the URL www.zyxel.com.tw/news/pressroom.php, full path URL checking searches for keywords within www.zyxel.com.tw/news/. Use the ip urlfilter customize actionFlags 6 [disable | enable] command to extend (or not extend) the keyword blocking search to include the URL's full path.
  • Page 203 P-335 Series User’s Guide For example, filename URL checking searches for keywords within the URL www.zyxel.com.tw/news/pressroom.php. Use the ip urlfilter customize actionFlags 8 [disable | enable] command to extend (or not extend) the keyword blocking search to include the URL's complete filename.Prestige...
  • Page 204 P-335 Series User’s Guide Chapter 15 Content Filtering...

  • Page 205: Remote Management Screens

    P-335 Series User’s Guide H A P T E R Remote Management Screens This chapter provides information on the Remote Management screens. 16.1 Remote Management Overview Remote management allows you to determine which services/protocols can access which Prestige interface (if any) from which computers. Note: When you configure remote management to allow management from the WAN, you still need to configure a firewall rule to allow access.

  • Page 206: Remote Management And Nat

    P-335 Series User’s Guide 2 You have disabled that service in one of the remote management screens. 3 The IP address in the Secured Client IP field does not match the client IP address. If it does not match, the Prestige will disconnect the session immediately. 4 There is already another remote management session with an equal or higher priority running.

  • Page 207: Configuring Telnet

    P-335 Series User’s Guide Figure 84 Remote Management: WWW The following table describes the labels in this screen. Table 61 Remote Management: WWW LABEL DESCRIPTION Server Port You may change the server port number for a service if needed, however you must use the same port number in order to use that service for remote management.

  • Page 208: Configuring Telnet

    P-335 Series User’s Guide Figure 85 Telnet Configuration on a TCP/IP Network 16.4 Configuring TELNET Click REMOTE MGMT and the TELNET tab to display the screen as shown. Figure 86 Remote Management: Telnet The following table describes the labels in this screen. Table 62 Remote Management: Telnet LABEL DESCRIPTION...

  • Page 209: Configuring Ftp

    P-335 Series User’s Guide Table 62 Remote Management: Telnet LABEL DESCRIPTION Apply Click Apply to save your customized settings and exit this screen. Reset Click Reset to begin configuring this screen afresh. 16.5 Configuring FTP You can upload and download the Prestige’s firmware and configuration files using FTP, please see the chapter on firmware and configuration file maintenance for details.

  • Page 210: Snmp

    P-335 Series User’s Guide 16.6 SNMP Simple Network Management Protocol (SNMP) is a protocol used for exchanging management information between network devices. SNMP is a member of the TCP/IP protocol suite. Your Prestige supports SNMP agent functionality, which allows a manager station to manage and monitor the Prestige through the network.

  • Page 211: Supported Mibs

    A trap is sent to the manager when receiving any RFC-1215) SNMP get or set requirements with the wrong community (password). whyReboot (defined in ZYXEL- A trap is sent with the reason of restart before MIB) rebooting when the system is going to restart (warm start).

  • Page 212: Figure 89 Remote Management: Snmp

    P-335 Series User’s Guide Figure 89 Remote Management: SNMP The following table describes the labels in this screen. Table 65 Remote Management: SNMP LABEL DESCRIPTION SNMP Configuration Get Community Enter the Get Community, which is the password for the incoming Get and GetNext requests from the management station.

  • Page 213: Configuring Dns

    P-335 Series User’s Guide Table 65 Remote Management: SNMP LABEL DESCRIPTION Apply Click Apply to save your customized settings and exit this screen. Reset Click Reset to begin configuring this screen afresh. 16.7 Configuring DNS Use DNS (Domain Name System) to map a domain name to its corresponding IP address and vice versa.

  • Page 214: Configuring Security

    P-335 Series User’s Guide 16.8 Configuring Security To change your Prestige’s security settings, click REMOTE MGMT, then the Security tab. The screen appears as shown. If an outside user attempts to probe an unsupported port on your Prestige, an ICMP response packet is automatically returned.
  • Page 215 P-335 Series User’s Guide Table 67 Security LABEL DESCRIPTION Apply Click Apply to save your customized settings and exit this screen. Reset Click Reset to begin configuring this screen afresh. Chapter 16 Remote Management Screens...
  • Page 216 P-335 Series User’s Guide Chapter 16 Remote Management Screens...

  • Page 217: Chapter 17 Introduction To Ipsec

    P-335 Series User’s Guide H A P T E R Introduction to IPSec This chapter introduces the basics of IPSec VPNs 17.1 VPN Overview A VPN (Virtual Private Network) provides secure communications between sites without the expense of leased site-to-site lines. A secure VPN is a combination of tunneling, encryption, authentication, access control and auditing technologies/services used to transport traffic over the Internet or any insecure network that uses the TCP/IP protocol suite for communication.

  • Page 218: Data Confidentiality

    P-335 Series User’s Guide Figure 92 Encryption and Decryption 17.1.3.2 Data Confidentiality The IPSec sender can encrypt packets before transmitting them across a network. 17.1.3.3 Data Integrity The IPSec receiver can validate packets sent by the IPSec sender to ensure that the data has not been altered during transmission.

  • Page 219: Ipsec Algorithms

    P-335 Series User’s Guide Figure 93 IPSec Architecture 17.2.1 IPSec Algorithms The ESP (Encapsulating Security Payload) Protocol (RFC 2406) and AH (Authentication Header) protocol (RFC 2402) describe the packet formats and the default standards for packet structure (including implementation algorithms). The Encryption Algorithm describes the use of encryption techniques such as DES (Data Encryption Standard) and Triple DES algorithms.

  • Page 220: Transport Mode

    P-335 Series User’s Guide Figure 94 Transport and Tunnel Mode IPSec Encapsulation 17.3.1 Transport Mode Transport mode is used to protect upper layer protocols and only affects the data in the IP packet. In Transport mode, the IP packet contains the security protocol (AH or ESP) located after the original IP header and options, but before any upper layer protocols contained in the packet (such as TCP and UDP).

  • Page 221: Table 68 Vpn And Nat

    P-335 Series User’s Guide NAT is incompatible with the AH protocol in both Transport and Tunnel mode. An IPSec VPN using the AH protocol digitally signs the outbound packet, both data payload and headers, with a hash value appended to the packet. When using AH protocol, packet contents (the data payload) are not encrypted.
  • Page 222 P-335 Series User’s Guide Chapter 17 Introduction to IPSec...

  • Page 223: Chapter 18 Vpn Screens

    P-335 Series User’s Guide H A P T E R VPN Screens This chapter introduces the VPN Web Configurator. See the Logs chapter for information on viewing logs and the Appendices for IPSec log descriptions. 18.1 VPN/IPSec Overview Use the screens documented in this chapter to configure rules for VPN connections and manage VPN connections.

  • Page 224: My Ip Address

    P-335 Series User’s Guide Table 69 AH and ESP Encryption DES (default) Data Encryption Standard (DES) is a widely used method of data encryption using a secret key. DES applies a 56-bit key to each 64-bit block of data. 3DES Triple DES (3DES) is a variant of DES, which iterates three times with three separate keys (3 x 56 = 168 bits),...

  • Page 225: Dynamic Secure Gateway Address

    P-335 Series User’s Guide You can also enter a remote secure gateway’s domain name in the Secure Gateway Address field if the remote secure gateway has a dynamic WAN IP address and is using DDNS. The Prestige has to rebuild the VPN tunnel each time the remote secure gateway’s WAN IP address changes (there may be a delay until the DDNS servers are updated with the remote gateway’s new WAN IP address).

  • Page 226: Figure 96 Vpn: Summary

    P-335 Series User’s Guide Figure 96 VPN: Summary The following table describes the labels in this screen. Table 70 VPN: Summary LABEL DESCRIPTION The VPN policy index number. Active This field displays whether the VPN policy is active or not. A Y signifies that this VPN policy is active.

  • Page 227: Keep Alive

    P-335 Series User’s Guide 18.6 Keep Alive When you initiate an IPSec tunnel with keep alive enabled, the Prestige automatically renegotiates the tunnel when the IPSec SA lifetime period expires ( the IPSec Algorithms section for more on the IPSec SA lifetime). In effect, the IPSec tunnel becomes an “always on”...

  • Page 228: Remote Dns Server

    P-335 Series User’s Guide • Use IKE keying mode. • Enable NAT traversal on both IPSec endpoints. In order for IPSec router A (see the figure) to receive an initiating IPSec packet from IPSec router B, set the NAT router to forward UDP port 500 to IPSec router A. 18.7.2 Remote DNS Server In cases where you want to use domain names to access Intranet servers on a remote network that has a DNS server, you must identify that DNS server.

  • Page 229: Id Type And Content

    P-335 Series User’s Guide 18.8 ID Type and Content With aggressive negotiation mode (see Section Negotiation Mode), the Prestige identifies incoming SAs by ID type and content since this identifying information is not encrypted. This enables the Prestige to distinguish between multiple rules for SAs that connect from remote IPSec routers that have dynamic WAN IP addresses.

  • Page 230: Id Type And Content Examples

    P-335 Series User’s Guide Table 72 Peer ID Type and Content Fields PEER ID TYPE CONTENT E-mail Type an e-mail address (up to 31 characters) by which to identify the remote IPSec router. The domain name or e-mail address that you use in the Content field is used for identification purposes only and does not need to be a real domain name or e-mail address.

  • Page 231: Editing Vpn Rules

    P-335 Series User’s Guide 18.10 Editing VPN Rules Click Edit on the Summary screen or click the Rule Setup tab to edit VPN rules. Figure 100 VPN: Rule Setup (Basic) The following table describes the labels in this screen. Table 74 VPN: Rule Setup (Basic) LABEL DESCRIPTION Active...
  • Page 232 P-335 Series User’s Guide Table 74 VPN: Rule Setup (Basic) LABEL DESCRIPTION NAT Traversal Select this check box to enable NAT traversal. NAT traversal allows you to set up a VPN connection when there are NAT routers between the two IPSec routers. The remote IPSec router must also have NAT traversal enabled.
  • Page 233 P-335 Series User’s Guide Table 74 VPN: Rule Setup (Basic) LABEL DESCRIPTION Local Content When you select IP in the Local ID Type field, type the IP address of your computer in the local Content field. The Prestige automatically uses the IP address in the My IP Address field (refer to the My IP Address field description) if you configure the local Content field to 0.0.0.0 or leave it blank.

  • Page 234: Ike Phases

    P-335 Series User’s Guide Table 74 VPN: Rule Setup (Basic) LABEL DESCRIPTION Pre-Shared Key Type your pre-shared key in this field. A pre-shared key identifies a communicating party during a phase 1 IKE negotiation. It is called "pre-shared" because you have to share it with another party before you can communicate with them over a secure connection.

  • Page 235: Negotiation Mode

    P-335 Series User’s Guide Figure 101 Two Phases to Set Up the IPSec SA In phase 1 you must: • Choose a negotiation mode. • Authenticate the connection by entering a pre-shared key. • Choose an encryption algorithm. • Choose an authentication algorithm. •...

  • Page 236: Diffie-Hellman (Dh) Key Groups

    P-335 Series User’s Guide • Main Mode ensures the highest level of security when the communicating parties are negotiating authentication (phase 1). It uses 6 messages in three round trips: SA negotiation, Diffie-Hellman exchange and an exchange of nonces (a nonce is a random number).

  • Page 237: Figure 102 Vpn Ike: Advanced

    P-335 Series User’s Guide Figure 102 VPN IKE: Advanced Chapter 18 VPN Screens...

  • Page 238: Table 75 Vpn Ike: Advanced

    P-335 Series User’s Guide The following table describes the labels in this screen. Table 75 VPN IKE: Advanced LABEL DESCRIPTION Active Select this check box to activate this VPN policy. Keep Alive Select this check box to turn on the Keep Alive feature for this SA. Turn on Keep Alive to have the Prestige automatically reinitiate the SA after the SA lifetime times out, even if there is no traffic.
  • Page 239 P-335 Series User’s Guide Table 75 VPN IKE: Advanced LABEL DESCRIPTION Remote Address End/ When the remote IP address is a single address, type it a second time here. Mask When the remote IP address is a range, enter the end (static) IP address, in a range of computers on the network behind the remote IPSec router.
  • Page 240 P-335 Series User’s Guide Table 75 VPN IKE: Advanced LABEL DESCRIPTION Peer Content The configuration of the peer content depends on the peer ID type. • For IP, type the IP address of the computer with which you will make the VPN connection.

  • Page 241: Manual Key Setup

    P-335 Series User’s Guide Table 75 VPN IKE: Advanced LABEL DESCRIPTION IPSec Protocol Select ESP or AH from the drop-down list box. The Prestige's IPSec Protocol should be identical to the secure remote gateway. The ESP (Encapsulation Security Payload) protocol (RFC 2406) provides encryption as well as the authentication offered by AH.

  • Page 242: Security Parameter Index (Spi)

    VPN gateway. The local VPN gateway then uses the network, encryption and key values that the administrator associated with the SPI to establish the tunnel. Note: Current ZyXEL implementation assumes identical outgoing and incoming SPIs 18.14 Configuring Manual Key You only configure VPN Manual Key when you select Manual in the IPSec Keying Mode field on the Rule Setup IKE screen.

  • Page 243: Figure 103 Setup: Manual

    P-335 Series User’s Guide Figure 103 Setup: Manual The following table describes the labels in this screen. Table 76 Rule Setup: Manual LABEL DESCRIPTION Active Select this check box to activate this VPN policy. IPSec Keying Mode Select IKE or Manual from the drop-down list box. Manual is a useful option for troubleshooting if you have problems using IKE key management.
  • Page 244 P-335 Series User’s Guide Table 76 Rule Setup: Manual LABEL DESCRIPTION Local Address The Local IP address must be static and correspond to the remote IPSec router's configured remote IP addresses. Two active SAs can have the same local or remote IP address, but not both. You can configure multiple SAs between the same local and remote IP addresses, as long as only one is active at any time.

  • Page 245: Viewing Sa Monitor

    P-335 Series User’s Guide Table 76 Rule Setup: Manual LABEL DESCRIPTION IPSec Protocol Select ESP if you want to use ESP (Encapsulation Security Payload). The ESP protocol (RFC 2406) provides encryption as well as some of the services offered by AH. If you select ESP here, you must select options from the Encryption Algorithm and Authentication Algorithm fields (described next).

  • Page 246: Configuring Global Setting

    P-335 Series User’s Guide Figure 104 SA Monitor The following table describes the labels in this screen. Table 77 SA Monitor LABEL DESCRIPTION This is the security association index number. Name This field displays the identification name for this VPN policy. Encapsulation This field displays Tunnel or Transport mode.

  • Page 247: Telecommuter Vpn/Ipsec Examples

    P-335 Series User’s Guide Figure 105 VPN: Global Setting The following table describes the labels in this screen. Table 78 VPN: Global Setting LABEL DESCRIPTION Windows Networking NetBIOS (Network Basic Input/Output System) are TCP or UDP broadcast (NetBIOS over TCP/IP) packets that enable a computer to find other computers.

  • Page 248: Telecommuters Using Unique Vpn Rules Example

    P-335 Series User’s Guide Having everyone use the same pre-shared key may create a vulnerability. If the pre-shared key is compromised, all of the VPN connections using that VPN rule are at risk. A recommended alternative is to use a different VPN rule for each telecommuter and identify them by unique IDs (see the Telecommuters Using Unique VPN Rules Example section Table 79 Telecommuter and Headquarters Configuration Example...

  • Page 249: Vpn And Remote Management

    P-335 Series User’s Guide See the following graphic for an example where three telecommuters each use a different VPN rule to initiate a VPN connection to a Prestige located at headquarters. The Prestige at headquarters identifies each by its secure gateway address (a dynamic domain name) and uses the appropriate VPN rule to establish the VPN connection.
  • Page 250 P-335 Series User’s Guide Chapter 18 VPN Screens...

  • Page 251: Chapter 19 Centralized Logs

    P-335 Series User’s Guide H A P T E R Centralized Logs This chapter contains information about configuring general log settings and viewing the Prestige’s logs. Refer to the appendices for example log message explanations. 19.1 View Log The web configurator allows you to look at all of the Prestige’s logs in one location. Click the LOGS in the navigation panel to open the View Log screen.

  • Page 252: Log Settings

    P-335 Series User’s Guide Figure 108 View Logs The following table describes the labels in this screen. Table 80 View Logs LABEL DESCRIPTION Display The categories that you select in the Log Settings page (see section ) display in the drop-down list box. Select a category of logs to view;...
  • Page 253 P-335 Series User’s Guide Use the Log Settings screen to configure to where the Prestige is to send logs; the schedule for when the Prestige is to send the logs and which logs and/or immediate alerts the Prestige to send. An alert is a type of log that warrants more serious attention.

  • Page 254: Figure 109 Log Settings

    P-335 Series User’s Guide Figure 109 Log Settings Chapter 19 Centralized Logs...

  • Page 255: Table 81 Log Settings

    P-335 Series User’s Guide The following table describes the labels in this screen. Table 81 Log Settings LABEL DESCRIPTION Address Info Mail Server Enter the server name or the IP address of the mail server for the e-mail addresses specified below. If this field is left blank, logs and alert messages will not be sent via E-mail.
  • Page 256 P-335 Series User’s Guide Chapter 19 Centralized Logs...

  • Page 257: Chapter 20 Print Server

    P-335 Series User’s Guide H A P T E R Print Server This chapter discusses how to configure the print server on the Prestige. 20.1 Print Server Overview A print server is a device or software that provides users on a network with shared access to one or more printers.

  • Page 258: Prestige Print Server Configuration

    P-335 Series User’s Guide The print server must be set up on each computer in your network that you want to use the print server. Before you set up the print server, make sure the USB printer is connected to the Prestige using the USB cable and that both the Prestige and the USB printer are turned on.

  • Page 259: Media Bandwidth Management

    Prestige’s media bandwidth management logs. 21.1 Bandwidth Management Overview ZyXEL’s Media Bandwidth Management allows you to specify bandwidth management rules based on an application and/or subnet. You can allocate specific amounts of bandwidth capacity (bandwidth budgets) to different bandwidth rules.

  • Page 260: Subnet-Based Bandwidth Management Example

    P-335 Series User’s Guide Figure 111 Application-based Bandwidth Management Example 21.1.2 Subnet-based Bandwidth Management Example The following example uses bandwidth rules based solely on LAN subnets. Each bandwidth rule (Subnet A and Subnet B) is allotted 320 Kbps. Figure 112 Subnet-based Bandwidth Management Example 21.1.3 Application and Subnet-based Bandwidth Management Example The following example uses bandwidth rules based on LAN subnets and applications (specific...

  • Page 261: Bandwidth Usage Example

    P-335 Series User’s Guide Figure 113 Application and Subnet-based Bandwidth Management Example Table 83 Application and Subnet-based Bandwidth Management Example TRAFFIC TYPE FROM SUBNET A FROM SUBNET B VoIP 64 Kbps 64 Kbps 64 Kbps 64 Kbps 64 Kbps 64 Kbps E-mail 64 Kbps 64 Kbps...

  • Page 262: Figure 114 Bandwidth Usage Example

    P-335 Series User’s Guide Figure 114 Bandwidth Usage Example The following figure shows the bandwidth usage with the maximize bandwidth usage option enabled. The Prestige divides up the unbudgeted 64 Kbps among the rules that require more bandwidth. If the administration department only uses 32 Kbps of the budgeted 64 Kbps, the Prestige also divides the remaining 32 Kbps among the rules that require more bandwidth.

  • Page 263: Bandwidth Management Priorities

    P-335 Series User’s Guide Figure 115 Maximize Bandwidth Usage Example 21.1.5 Bandwidth Management Priorities The following is a table describing the priorities that you can apply to traffic that the Prestige forwards out through an interface. Table 84 Media Mandwidth Management Priorities PRIORITY LEVELS: TRAFFIC WITH A HIGHER PRIORITY GETS THROUGH FASTER WHILE TRAFFIC WITH A LOWER PRIORITY IS DROPPED IF THE NETWORK IS CONGESTED.

  • Page 264: Voip (Sip)

    P-335 Series User’s Guide 21.1.6.2 VoIP (SIP) Sending voice signals over the Internet is called Voice over IP or VoIP. Session Initiated Protocol (SIP) is an internationally recognized standard for implementing VoIP. SIP is an application-layer control (signaling) protocol that handles the setting up, altering and tearing down of voice and multimedia sessions over the Internet.

  • Page 265: Services

    A popular videoconferencing solution from White Pines Software. 24032) DNS(UDP/TCP:53) Domain Name Server, a service that matches web names (e.g. www.zyxel.com) to IP numbers. FINGER(TCP:79) Finger is a UNIX or Internet related command that can be used to find out if a user is logged on.

  • Page 266: Configuration Screen

    P-335 Series User’s Guide Table 85 Commonly Used Services SERVICE DESCRIPTION PING(ICMP:0) Packet INternet Groper is a protocol that sends out ICMP echo requests to test whether or not a remote host is reachable. POP3(TCP:110) Post Office Protocol version 3 lets a client computer get e-mail from a POP3 server through a temporary connection (TCP/IP or other).

  • Page 267: Figure 116 Bandwidth Management Configuration

    P-335 Series User’s Guide Figure 116 Bandwidth Management Configuration Chapter 21 Media Bandwidth Management...

  • Page 268: Editing Bandwidth Management Rules

    P-335 Series User’s Guide The following table describes the labels in this screen. Table 86 Bandwidth Management Configuration LABEL DESCRIPTION Active Select this check box to have the Prestige apply bandwidth management. Enable bandwidth management to give traffic that matches a bandwidth rule priority over traffic that does not match a bandwidth rule.

  • Page 269: Configuring Bandwidth Management Rules And Services

    P-335 Series User’s Guide 21.4 Configuring Bandwidth Management Rules and Services Select a radio button for a rule and then click Edit to open the Bandwidth Management Configuration Edit screen. Figure 117 Bandwidth Management Edit The following table describes the labels in this screen. Table 87 Bandwidth Management Edit LABEL DESCRIPTION...

  • Page 270: Monitor Screen

    P-335 Series User’s Guide Table 87 Bandwidth Management Edit LABEL DESCRIPTION Use All Managed Select this option to allow a rule to borrow unused bandwidth on the interface. Bandwidth Bandwidth borrowing is governed by the priority of the rules. That is, a rule with the highest priority is the first to borrow bandwidth.

  • Page 271: Figure 118 Bandwidth Management Monitor

    P-335 Series User’s Guide Figure 118 Bandwidth Management Monitor Chapter 21 Media Bandwidth Management...
  • Page 272 P-335 Series User’s Guide Chapter 21 Media Bandwidth Management...

  • Page 273: Chapter 22 Maintenance

    P-335 Series User’s Guide H A P T E R Maintenance This chapter displays system information such as ZyNOS firmware, port IP addresses and port traffic statistics. 22.1 Maintenance Overview The maintenance screens can help you view system information, upload new firmware, manage configuration and restart your Prestige.

  • Page 274: Figure 119 Maintenance Status

    Prestige. If you are uploading firmware, be sure to upload firmware for this exact model name. This field is not available on all models. ZyNOS Firmware This is the ZyNOS Firmware version and the date created. ZyNOS is ZyXEL's Version proprietary Network Operating System design.

  • Page 275: System Statistics

    P-335 Series User’s Guide 22.2.1 System Statistics Read-only information here includes port status and packet specific statistics. Also provided are "system up time" and "poll interval(s)". The Poll Interval(s) field is configurable. Figure 120 Maintenance System Statistics The following table describes the labels in this screen. Table 89 Maintenance System Statistics LABEL DESCRIPTION...

  • Page 276: Any Ip Table

    P-335 Series User’s Guide Click MAINTENANCE, and then the DHCP Table tab. Read-only information here relates to your DHCP status. The DHCP table shows current DHCP Client information (including IP Address, Host Name and MAC Address) of all network clients using the DHCP server. Figure 121 Maintenance DHCP Table The following table describes the labels in this screen.

  • Page 277: Association List

    P-335 Series User’s Guide Figure 122 Maintenance Any IP The following table describes the labels in this screen. Table 91 Maintenance Any IP LABEL DESCRIPTION This field displays the index number. IP Address This field displays the IP address of the network device. MAC Address This field displays the MAC (Media Access Control) address of the computer with the displayed IP address.

  • Page 278: F/W Upload Screen

    Click Refresh to redisplay the current screen. 22.6 F/W Upload Screen Find firmware at www.zyxel.com in a file that (usually) uses the system model name with a "*.bin" extension, e.g., "Prestige.bin". The upload process uses HTTP (Hypertext Transfer Protocol) and may take up to two minutes. After a successful upload, the system will reboot.

  • Page 279: Figure 124 Maintenance Firmware Upload

    P-335 Series User’s Guide Figure 124 Maintenance Firmware Upload The following table describes the labels in this screen. Table 93 Maintenance Firmware Upload LABEL DESCRIPTION File Path Type in the location of the file you want to upload in this field or click Browse ... to find it. Browse...

  • Page 280: Figure 125 Upload Warning

    P-335 Series User’s Guide Figure 125 Upload Warning The Prestige automatically restarts in this time causing a temporary network disconnect. In some operating systems, you may see the following icon on your desktop. Figure 126 Network Temporarily Disconnected After two minutes, log in again and check your new firmware version in the System Status screen.

  • Page 281: Configuration Screen

    P-335 Series User’s Guide Figure 127 Upload Error Message 22.7 Configuration Screen See the Firmware and Configuration File Maintenance chapter for transferring configuration files using FTP/TFTP commands. Click MAINTENANCE, and then the Configuration tab. Information related to factory defaults, backup configuration, and restoring configuration appears as shown next. Chapter 22 Maintenance...

  • Page 282: Backup Configuration

    P-335 Series User’s Guide Figure 128 Maintenance Configuration 22.7.1 Backup Configuration Backup configuration allows you to back up (save) the Prestige’s current configuration to a file on your computer. Once your Prestige is configured and functioning properly, it is highly recommended that you back up your configuration file before making configuration changes.

  • Page 283: Restore Configuration

    P-335 Series User’s Guide 22.7.2 Restore Configuration Restore configuration allows you to upload a new or previously saved configuration file from your computer to your Prestige. Table 94 Maintenance Restore Configuration LABEL DESCRIPTION File Path Type in the location of the file you want to upload in this field or click Browse ... to find it. Browse...

  • Page 284: Back To Factory Defaults

    P-335 Series User’s Guide Figure 130 Temporarily Disconnected If you uploaded the default configuration file you may need to change the IP address of your computer to be in the same subnet as that of the default Prestige IP address (192.168.1.1). See your Quick Start Guide for details on how to set up your computer’s IP address.

  • Page 285: Figure 132 System Restart

    P-335 Series User’s Guide Figure 132 System Restart Chapter 22 Maintenance...
  • Page 286 P-335 Series User’s Guide Chapter 22 Maintenance...

  • Page 287: Chapter 23 Introducing The Smt

    P-335 Series User’s Guide H A P T E R Introducing the SMT This chapter explains how to access and navigate the System Management Terminal and gives an overview of its menus. 23.1 SMT Introduction The Prestige’s SMT (System Management Terminal) is a menu-driven interface that you can access over a telnet connection.

  • Page 288: Prestige Smt Menu Overview

    P-335 Series User’s Guide Figure 133 Login Screen Enter Password : **** 23.1.3 Prestige SMT Menu Overview The following figure gives you an overview of the various SMT menu screens of your Prestige. Figure 134 SMT Menu Overview Chapter 23 Introducing the SMT...

  • Page 289: Navigating The Smt Interface

    P-335 Series User’s Guide 23.2 Navigating the SMT Interface The SMT(System Management Terminal) is the interface that you use to configure your Prestige. Several operations that you should be familiar with before you attempt to modify the configuration are listed in the table below. Table 95 Main Menu Commands OPERATION KEYSTROKE...

  • Page 290: System Management Terminal Interface Summary

    P-335 Series User’s Guide Figure 135 SMT Main Menu Copyright (c) 1994 - 2004 ZyXEL Communications Corp. P-335/P-335WT Main Menu Getting Started Advanced Management 1. General Setup 21. Filter and Firewall Setup 2. WAN Setup 22. SNMP Configuration 3. LAN Setup 23.

  • Page 291: Changing The System Password

    P-335 Series User’s Guide 23.3 Changing the System Password Change the Prestige default password by following the steps shown next. 1 Enter 23 in the main menu to display Menu 23 - System Security as shown next. Figure 136 Menu 23: System Security Menu 23 - System Security Change Password RADIUS Server...
  • Page 292 P-335 Series User’s Guide Chapter 23 Introducing the SMT...

  • Page 293: Chapter 24 Menu 1 General Setup

    P-335 Series User’s Guide H A P T E R Menu 1 General Setup Menu 1 - General Setup contains administrative and system-related information. 24.1 General Setup Menu 1 — General Setup contains administrative and system-related information (shown next). The System Name field is for identification purposes. However, because some ISPs check this name you should enter your computer's "Computer Name".

  • Page 294: Figure 138 Menu 1 General Setup

    P-335 Series User’s Guide Figure 138 Menu 1 General Setup. Menu 1 - General Setup System Name= P-335/P-335WT Domain Name= First System DNS Server= From ISP IP Address= N/A Second System DNS Server= From ISP IP Address= N/A Third System DNS Server= From ISP IP Address= N/A Edit Dynamic DNS= No Press ENTER to Confirm or ESC to Cancel:...

  • Page 295: Procedure To Configure Dynamic Dns

    P-335 Series User’s Guide 24.2.1 Procedure to Configure Dynamic DNS Note: If you have a private WAN IP address, then you cannot use Dynamic DNS To configure Dynamic DNS, go to Menu 1 — General Setup and select Yes in the Edit Dynamic DNS field.
  • Page 296 P-335 Series User’s Guide Table 98 Menu 1.1 Configure Dynamic DNS FIELD DESCRIPTION Offline This field is only available when CustomDNS is selected in the DDNS Type field. http:/ Press [SPACE BAR] and then [ENTER] to select Yes. When Yes is selected, /www.dyndns.org/ traffic is redirected to a URL that you have previously specified (see...

  • Page 297: Chapter 25 Menu 2 Wan Setup

    P-335 Series User’s Guide H A P T E R Menu 2 WAN Setup This chapter describes how to configure the WAN using menu 2. 25.1 Introduction to WAN This chapter explains how to configure settings for your WAN port. 25.2 WAN Setup From the main menu, enter 2 to open menu 2.
  • Page 298 P-335 Series User’s Guide Chapter 25 Menu 2 WAN Setup...

  • Page 299: Chapter 26 Menu 3 Lan Setup

    P-335 Series User’s Guide H A P T E R Menu 3 LAN Setup This chapter covers how to configure your wired Local Area Network (LAN) settings. 26.1 LAN Setup This section describes how to configure the Ethernet using Menu 3 — LAN Setup. From the main menu, enter 3 to display menu 3.

  • Page 300: Protocol Dependent Ethernet Setup

    P-335 Series User’s Guide 26.2 Protocol Dependent Ethernet Setup Depending on the protocols for your applications, you need to configure the respective Ethernet Setup, as outlined below. • For TCP/IP Ethernet setup refer to the Internet Access Application chapter. • For bridging Ethernet setup refer to the Bridging Setup chapter. 26.3 TCP/IP Ethernet Setup and DHCP Use menu 3.2 to configure your Prestige for TCP/IP.

  • Page 301: Table 101 Menu 3.2: Lan Tcp/Ip Setup Fields

    P-335 Series User’s Guide Table 100 DHCP Ethernet Setup Fields FIELD DESCRIPTION Size of Client IP This field specifies the size, or count of the IP address pool. Pool The Prestige passes a DNS (Domain Name System) server IP address (in the order First DNS Server you specify here) to the DHCP clients.

  • Page 302: Ip Alias Setup

    P-335 Series User’s Guide 26.3.1 IP Alias Setup IP alias allows you to partition a physical network into different logical networks over the same Ethernet interface. The Prestige supports three logical LAN interfaces via its single physical Ethernet interface with the Prestige itself as the gateway for each LAN network. Figure 144 Physical Network &...

  • Page 303: Wireless Lan Setup (P-335Wt Only)

    P-335 Series User’s Guide Table 102 Menu 3.2.1: IP Alias Setup FIELD DESCRIPTION IP Subnet Mask Your Prestige will automatically calculate the subnet mask based on the IP address that you assign. Unless you are implementing subnetting, use the subnet mask computed by the Prestige.

  • Page 304: Figure 146 Menu 3.5 Wireless Lan Setup

    P-335 Series User’s Guide Figure 146 Menu 3.5 Wireless LAN Setup Menu 3.5 - Wireless LAN Setup ESSID= Wireless Hide ESSID= No Channel ID= CH06 2437MHz RTS Threshold= 2432 Frag. Threshold= 2432 WEP Encryption= Disable Default Key= N/A Key1= N/A Key2= N/A Key3= N/A Key4= N/A...

  • Page 305: Configuring Mac Address Filter

    P-335 Series User’s Guide Table 103 Menu 3.5 Wireless LAN Setup FIELD DESCRIPTION Key 1 to Key 4 The WEP keys are used to encrypt data. Both the Prestige and the wireless stations must use the same WEP key for data transmission. If you chose 64-bit WEP in the WEP Encryption field, then enter any 5 ASCII char- acters or 10 hexadecimal characters ("0-9", "A-F").

  • Page 306: Figure 147 Menu 3.5 Wireless Lan Setup

    P-335 Series User’s Guide Figure 147 Menu 3.5 Wireless LAN Setup Menu 3.5 - Wireless LAN Setup ESSID= ZyXEL Hide ESSID= No Channel ID= CH06 2437MHz Edit MAC Address Filter= No RTS Threshold= 4096 Edit Roaming Configuration= No Frag. Threshold= 4096...

  • Page 307: Configuring Roaming On The Prestige

    P-335 Series User’s Guide Figure 148 Menu 3.5.1 WLAN MAC Address Filter Menu 3.5.1 - WLAN MAC Address Filter Active= No Filter Action= Allowed Association --------------------------------------------------------------------------- 00:00:00:00:00:00 00:00:00:00:00:00 00:00:00:00:00:00 00:00:00:00:00:00 00:00:00:00:00:00 00:00:00:00:00:00 00:00:00:00:00:00 00:00:00:00:00:00 00:00:00:00:00:00 00:00:00:00:00:00 00:00:00:00:00:00 00:00:00:00:00:00 00:00:00:00:00:00 00:00:00:00:00:00 00:00:00:00:00:00 00:00:00:00:00:00 00:00:00:00:00:00...

  • Page 308: Figure 149 Menu 3.5 Wireless Lan Setup

    P-335 Series User’s Guide Figure 149 Menu 3.5 Wireless LAN Setup Menu 3.5 - Wireless LAN Setup ESSID= Wireless Hide ESSID= No Channel ID= CH06 2437MHz RTS Threshold= 2432 Frag. Threshold= 2432 WEP Encryption= Disable Default Key= N/A Key1= N/A Key2= N/A Key3= N/A Key4= N/A...

  • Page 309: Chapter 27 Internet Access

    P-335 Series User’s Guide H A P T E R Internet Access This chapter shows you how to configure your Prestige for Internet access 27.1 Introduction to Internet Access Setup Use information from your ISP along with the instructions in this chapter to set up your Prestige to access the Internet.
  • Page 310 P-335 Series User’s Guide Table 106 Internet Access Setup (Ethernet (continued) Encapsulation Press [SPACE BAR] and then press [ENTER] to choose Ethernet. The encapsulation method influences your choices for the IP Address field. Service Type Press [SPACE BAR] and then [ENTER] to select Standard, RR-Toshiba (RoadRunner Toshiba authentication method), RR-Manager (RoadRunner Manager authentication method), RR-Telstra or Telia Login.

  • Page 311: Configuring The Pptp Client

    P-335 Series User’s Guide 27.3 Configuring the PPTP Client Note: The Prestige supports only one PPTP server connection at any given time To configure a PPTP client, you must configure the My Login and Password fields for a PPP connection and the PPTP parameters for a PPTP connection. After configuring My Login and Password for PPP connection, press [SPACE BAR] and then [ENTER] in the Encapsulation field in Menu 4 -Internet Access Setup to choose PPTP as your encapsulation option.

  • Page 312: Basic Setup Complete

    P-335 Series User’s Guide Figure 153 Internet Access Setup (PPPoE) Menu 4 - Internet Access Setup ISP's Name= MyISP Encapsulation= PPPoE Service Type= N/A My Login= My Password= ******** Retype to Confirm= ******** Idle Timeout= 100 IP Address Assignment= Dynamic IP Address= N/A IP Subnet Mask= N/A Gateway IP Address= N/A...

  • Page 313: Remote Node Configuration

    P-335 Series User’s Guide H A P T E R Remote Node Configuration This chapter covers remote node configuration. 28.1 Introduction to Remote Node Setup A remote node is required for placing calls to a remote gateway. A remote node represents both the remote gateway and the network behind it across a WAN connection.

  • Page 314: Figure 154 Menu 11.1 Remote Node Profile For Ethernet Encapsulation

    P-335 Series User’s Guide Figure 154 Menu 11.1 Remote Node Profile for Ethernet Encapsulation Menu 11.1 - Remote Node Profile Rem Node Name= MyISP Route= IP Active= Yes Encapsulation= Ethernet Edit IP= No Service Type= Standard Session Options: Service Name= N/A Edit Filter Sets= No Outgoing: My Login= N/A...

  • Page 315: Pppoe Encapsulation

    P-335 Series User’s Guide Table 109 Menu 11.1 Remote Node Profile for Ethernet Encapsulation FIELD DESCRIPTION Session Options Edit Filter Sets This field leads to another “hidden” menu. Use [SPACE BAR] to select Yes and press [ENTER] to open menu 11.5 to edit the filter sets. See the Remote Node Filter section for more details.

  • Page 316: Nailed-Up Connection

    P-335 Series User’s Guide 28.2.2.2 Nailed-Up Connection A nailed-up connection is a dial-up line where the connection is always up regardless of traffic demand. The Prestige does two things when you specify a nailed-up connection. The first is that idle timeout is disabled. The second is that the Prestige will try to bring up the connection when turned on and whenever the connection is down.

  • Page 317: Edit Ip

    P-335 Series User’s Guide Figure 156 Menu 11.1 Remote Node Profile for PPTP Encapsulation Menu 11.1 - Remote Node Profile Rem Node Name= MyISP Route= IP Active= Yes Encapsulation= PPTP Edit IP= No Service Type= Standard Telco Option: Service Name= N/A Allocated Budget(min)= 0 Outgoing: Period(hr)= 0...

  • Page 318: Figure 157 Menu 11.3 Remote Node Network Layer Options For Ethernet Encapsulation

    P-335 Series User’s Guide Figure 157 Menu 11.3 Remote Node Network Layer Options for Ethernet Encapsulation Menu 11.3 - Remote Node Network Layer Options IP Address Assignment= Dynamic IP Address= N/A IP Subnet Mask= N/A Gateway IP Addr= N/A Network Address Translation= SUA Only Metric= 1 Private= N/A RIP Direction= None...

  • Page 319: Remote Node Filter

    P-335 Series User’s Guide Table 112 Remote Node Network Layer Options FIELD DESCRIPTION Private This field is valid only for PPTP/PPPoE encapsulation. This parameter determines if the Prestige will include the route to this remote node in its RIP broadcasts. If set to Yes, this route is kept private and not included in RIP broadcast.

  • Page 320: Traffic Redirect Setup

    P-335 Series User’s Guide Figure 158 Menu 11.5: Remote Node Filter (Ethernet Encapsulation) Menu 11.5 - Remote Node Filter Input Filter Sets: protocol filters= device filters= Output Filter Sets: protocol filters= device filters= Enter here to CONFIRM or ESC to CANCEL: Figure 159 Menu 11.5: Remote Node Filter (PPPoE or PPTP Encapsulation) Menu 11.5 - Remote Node Filter Input Filter Sets:...

  • Page 321: Figure 160 Menu 11.6: Traffic Redirect Setup

    P-335 Series User’s Guide Figure 160 Menu 11.6: Traffic Redirect Setup Menu 11.6 - Traffic Redirect Setup Active= Yes Configuration: Backup Gateway IP Address= 0.0.0.0 Metric= 15 Check WAN IP Address= 0.0.0.0 Fail Tolerance= 2 Period(sec)= 5 Timeout(sec)= 3 Press ENTER to Confirm or ESC to Cancel: The following table describes the fields in this screen.
  • Page 322 P-335 Series User’s Guide Chapter 28 Remote Node Configuration...

  • Page 323: Chapter 29 Static Route Setup

    P-335 Series User’s Guide H A P T E R Static Route Setup This chapter shows how to setup IP static routes. 29.1 IP Static Route Setup To configure an IP static route, use Menu 12 – Static Routing Setup (shown next). Figure 161 Menu 12 IP Static Route Setup Menu 12 - IP Static Route Setup 1.
  • Page 324 P-335 Series User’s Guide Table 114 Menu12.1 Edit IP Static Route FIELD DESCRIPTION Active This field allows you to activate/deactivate this static route. Destination IP Address This parameter specifies the IP network address of the final destination. Routing is always based on network number. If you need to specify a route to a single host, use a subnet mask of 255.255.255.255 in the subnet mask field to force the network number to be identical to the host ID.

  • Page 325: Network Address Translation (Nat)

    P-335 Series User’s Guide H A P T E R Network Address Translation (NAT) This chapter discusses how to configure NAT on the Prestige. 30.1 Using NAT Note: You must create a firewall rule in addition to setting up SUA/NAT, to allow traffic from the WAN to be forwarded through the Prestige 30.1.1 SUA (Single User Account) Versus NAT SUA (Single User Account) is a ZyNOS implementation of a subset of NAT that supports two...

  • Page 326: Figure 163 Menu 4 Applying Nat For Internet Access

    P-335 Series User’s Guide Figure 163 Menu 4 Applying NAT for Internet Access Menu 4 - Internet Access Setup ISP's Name= MyISP Encapsulation= Ethernet Service Type= Standard My Login= N/A My Password= N/A Retype to Confirm= N/A Login Server= N/A Relogin Every (min)= IP Address Assignment= Dynamic IP Address= N/A...

  • Page 327: Nat Setup

    P-335 Series User’s Guide Figure 164 Menu 11.3 Applying NAT to the Remote Node Menu 11.3 - Remote Node Network Layer Options IP Address Assignment= Dynamic IP Address= N/A IP Subnet Mask= N/A Gateway IP Addr= N/A Network Address Translation= SUA Only Metric= 1 Private= N/A RIP Direction= None...

  • Page 328: Address Mapping Sets

    P-335 Series User’s Guide Figure 165 Menu 15 NAT Setup Menu 15 - NAT Setup 1. Address Mapping Sets 2. Port Forwarding Setup 3. Trigger Port Setup Enter Menu Selection Number: 30.3.1 Address Mapping Sets Enter 1 to bring up Menu 15.1 — Address Mapping Sets. Figure 166 Menu 15.1 Address Mapping Sets Menu 15.1 - Address Mapping Sets 1.

  • Page 329: User-Defined Address Mapping Sets

    P-335 Series User’s Guide Table 116 SUA Address Mapping Rules FIELD DESCRIPTION Local End IP Local End IP is the ending local IP address (ILA). If the rule is for all local IPs, then the Start IP is 0.0.0.0 and the End IP is 255.255.255.255. Global Start IP This is the starting global IP address (IGA).

  • Page 330: Ordering Your Rules

    P-335 Series User’s Guide Figure 168 Menu 15.1.1 First Set Menu 15.1.1 - Address Mapping Rules Set Name= NAT_SET Local Start IP Local End IP Global Start IP Global End IP Type --------------- -------------- --------------- --------------- ------ Action= Edit Select Rule= Press ENTER to Confirm or ESC to Cancel: Note: If the Set Name field is left blank, the entire set will be deleted.

  • Page 331: Figure 169 Menu 15.1.1.1 Editing/Configuring An Individual Rule In A Set

    P-335 Series User’s Guide Note: You must press [ENTER] at the bottom of the screen to save the whole set. You must do this again if you make any changes to the set – including deleting a rule. No changes to the set take place until this action is taken Selecting Edit in the Action field and then selecting a rule brings up the following menu, Menu 15.1.1.1 - Address Mapping Rule in which you can edit an individual rule and...

  • Page 332: Configuring A Server Behind Nat

    P-335 Series User’s Guide 30.4 Configuring a Server behind NAT Follow these steps to configure a server behind NAT: 1 Enter 15 in the main menu to go to Menu 15 - NAT Setup. 2 Enter 2 to display Menu 15.2 - NAT Server Setup as shown next. Figure 170 Menu 15.2.1 NAT Server Setup Menu 15.2 - NAT Server Setup Rule...

  • Page 333: General Nat Examples

    P-335 Series User’s Guide Figure 171 Multiple Servers Behind NAT Example 30.5 General NAT Examples The following are some examples of NAT configuration. 30.5.1 Example 1: Internet Access Only In the following Internet access example, you only need one rule where the ILAs (Inside Local Addresses) of computers A through D map to one dynamic IGA (Inside Global Address) assigned by your ISP.

  • Page 334: Example 2: Internet Access With An Inside Server

    P-335 Series User’s Guide Figure 173 Menu 4 Internet Access & NAT Example Menu 4 - Internet Access Setup ISP's Name= MyISP Encapsulation= Ethernet Service Type= Standard My Login= N/A My Password= N/A Retype to Confirm= N/A Login Server= N/A Relogin Every (min)= IP Address Assignment= Dynamic IP Address= N/A...

  • Page 335: Example 3: Multiple Public Ip Addresses With Inside Servers

    P-335 Series User’s Guide Figure 175 Menu 15.2.1 Specifying an Inside Server Menu 15.2.1 - NAT Server Setup Rule Start Port No. End Port No. IP Address --------------------------------------------------- Default Default 192.168.1.10 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 Press ENTER to Confirm or ESC to Cancel:...

  • Page 336: Figure 176 Nat Example 3

    P-335 Series User’s Guide Figure 176 NAT Example 3 1 In this case you need to configure Address Mapping Set 1 from Menu 15.1 - Address Mapping Sets. Therefore you must choose the Full Feature option from the Network Address Translation field (in menu 4 or menu 11.3) see Figure 157.

  • Page 337: Figure 178 Example 3: Menu 15.1.1.1

    P-335 Series User’s Guide Figure 178 Example 3: Menu 15.1.1.1 Menu 15.1.1.1 Address Mapping Rule Type= One-to-One Local IP: Start= 192.168.1.10 = N/A Global IP: Start= 10.132.50.1 = N/A Press ENTER to Confirm or ESC to Cancel: Press Space Bar to Toggle. Figure 179 Example 3: Final Menu 15.1.1 Menu 15.1.1 - Address Mapping Rules Set Name=...

  • Page 338: Example 4: Nat Unfriendly Application Programs

    P-335 Series User’s Guide Figure 180 Example 3: Menu 15.2 Menu 15.2 - NAT Server Setup Rule Start Port No. End Port No. IP Address --------------------------------------------------- Default Default 0.0.0.0 192.168.1.21 192.168.1.20 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 Press ENTER to Confirm or ESC to Cancel: HTTP:80 FTP:21 Telnet:23 SMTP:25 POP3:110 PPTP:1723 30.5.4 Example 4: NAT Unfriendly Application Programs...

  • Page 339: Configuring Trigger Port Forwarding

    P-335 Series User’s Guide Figure 182 Example 4: Menu 15.1.1.1 Address Mapping Rule. Menu 15.1.1.1 Address Mapping Rule Type= Many-One-to-One Local IP: Start= 192.168.1.10 = 192.168.1.12 Global IP: Start= 10.132.50.1 = 10.132.50.3 Press ENTER to Confirm or ESC to Cancel: After you’ve configured your rule, you should be able to check the settings in menu 15.1.1 as shown next.

  • Page 340: Figure 184 Menu 15.3 Trigger Port Setup

    P-335 Series User’s Guide Figure 184 Menu 15.3 Trigger Port Setup Menu 15.3 - Trigger Port Setup Incoming Trigger Rule Name Start Port End Port Start Port End Port ---------------------------------------------------------------------- Real Audio 6970 7170 7070 7070 Press ENTER to Confirm or ESC to Cancel: The following table describes the fields in this screen.

  • Page 341: Chapter 31 Enabling The Firewall

    P-335 Series User’s Guide H A P T E R Enabling the Firewall This chapter shows you how to get started with the Prestige firewall. 31.1 Remote Management and the Firewall When SMT menu 24.11 is configured to allow management (see the Remote Management chapter) and the firewall is enabled: •...

  • Page 342: Figure 185 Menu 21.2 Firewall Setup

    P-335 Series User’s Guide Figure 185 Menu 21.2 Firewall Setup Menu 21.2 - Firewall Setup The firewall protects against Denial of Service (DoS) attacks when it is active. Your network is vulnerable to attacks when the firewall is turned off. Refer to the User's Guide for details about the firewall default policies.

  • Page 343: Chapter 32 Filter Configuration

    P-335 Series User’s Guide H A P T E R Filter Configuration This chapter shows you how to create and apply filters. 32.1 Introduction to Filters Your Prestige uses filters to decide whether to allow passage of a data packet and/or to make a call.

  • Page 344: The Filter Structure Of The Prestige

    P-335 Series User’s Guide 32.1.1 The Filter Structure of the Prestige A filter set consists of one or more filter rules. Usually, you would group related rules, e.g., all the rules for NetBIOS, into a single set and give it a descriptive name. The Prestige allows you to configure up to twelve filter sets with six rules in each set, for a total of 72 filter rules in the system.

  • Page 345: Configuring A Filter Set

    P-335 Series User’s Guide 32.2 Configuring a Filter Set The Prestige includes filtering for NetBIOS over TCP/IP packets by default. To configure another filter set, follow the procedure below. 1 Enter 21 in the main menu to open menu 21. Figure 188 Menu 21: Filter and Firewall Setup Menu 21 - Filter and Firewall Setup 1.

  • Page 346: Configuring A Filter Rule

    P-335 Series User’s Guide Table 120 Abbreviations Used in the Filter Rules Summary Menu FIELD DESCRIPTION Filter Rules These parameters are displayed here. More. “Y” means there are more rules to check which form a rule chain with the present rule. An action cannot be taken until the rule chain is complete.

  • Page 347: Configuring A Tcp/Ip Filter Rule

    P-335 Series User’s Guide 32.2.2 Configuring a TCP/IP Filter Rule This section shows you how to configure a TCP/IP filter rule. TCP/IP rules allow you to base the rule on the fields in the IP and the upper layer protocol, for example, UDP and TCP headers.
  • Page 348 P-335 Series User’s Guide Table 122 TCP/IP Filter Rule FIELD DESCRIPTION OPTIONS Port # Comp Press [SPACE BAR] and then [ENTER] to select the comparison None to apply to the destination port in the packet against the value Less given in Destination: Port #. Greater Equal Not Equal...

  • Page 349: Configuring A Generic Filter Rule

    P-335 Series User’s Guide Figure 191 Executing an IP Filter 32.2.3 Configuring a Generic Filter Rule This section shows you how to configure a generic filter rule. The purpose of generic rules is to allow you to filter non-IP packets. For IP, it is generally easier to use the IP rules directly. For generic rules, the Prestige treats a packet as a byte stream as opposed to an IP or IPX packet.

  • Page 350: Figure 192 Menu 21.1.4.1 Generic Filter Rule

    P-335 Series User’s Guide Figure 192 Menu 21.1.4.1 Generic Filter Rule Menu 21.1.4.1 - Generic Filter Rule Filter #: 4,1 Filter Type= Generic Filter Rule Active= No Offset= 0 Length= 0 Mask= N/A Value= N/A More= No Log= None Action Matched= Check Next Rule Action Not Matched= Check Next Rule Press ENTER to Confirm or ESC to Cancel: The following table describes the fields in the Generic Filter Rule menu.

  • Page 351: Example Filter

    P-335 Series User’s Guide Table 123 Generic Filter Rule Menu Fields FIELD DESCRIPTION OPTIONS Action Not Select the action for a packet not matching the rule. Check Next Rule Matched Forward Drop Once you have completed filling in Menu 21.4.1.1 - Generic Filter Rule, press [ENTER] at the message “Press ENTER to Confirm”...

  • Page 352: Figure 194 Example Filter: Menu 21.1.3.1

    P-335 Series User’s Guide Figure 194 Example Filter: Menu 21.1.3.1 Menu 21.1.3.1 - TCP/IP Filter Rule Filter #: 3,1 Filter Type= TCP/IP Filter Rule Active= Yes IP Protocol= 6 IP Source Route= No Destination: IP Addr= 0.0.0.0 IP Mask= 0.0.0.0 Port #= 23 Port # Comp= Equal Source: IP Addr= 0.0.0.0...

  • Page 353: Filter Types And Nat

    P-335 Series User’s Guide Figure 195 Example Filter Rules Summary: Menu 21.1.3 Menu 21.1.3 - Filter Rules Summary # A Type Filter Rules M m n - - ---- --------------------------------------------------------- - - - 1 Y IP Pr=6, SA=0.0.0.0, DA=0.0.0.0, DP=23 N D F Enter Filter Rule Number (1-6) to Configure: This shows you that you have configured and activated (A = Y) a TCP/IP filter rule (Type =...

  • Page 354: Firewall Versus Filters

    P-335 Series User’s Guide Figure 196 Protocol and Device Filter Sets 32.5 Firewall Versus Filters Firewall configuration is discussed in the firewall chapters of this manual. Further comparisons are also made between filtering, NAT and the firewall. 32.6 Applying a Filter This section shows you where to apply the filter(s) after you design it (them).

  • Page 355: Applying Remote Node Filters

    P-335 Series User’s Guide Figure 197 Filtering LAN Traffic Menu 3.1 - LAN Port Filter Setup Input Filter Sets: protocol filters= device filters= Output Filter Sets: protocol filters= device filters= Press ENTER to Confirm or ESC to Cancel: 32.6.2 Applying Remote Node Filters Go to menu 11.5 (shown below –...
  • Page 356 P-335 Series User’s Guide Chapter 32 Filter Configuration...

  • Page 357: Chapter 33 Snmp Configuration

    P-335 Series User’s Guide H A P T E R SNMP Configuration This chapter explains SNMP Configuration menu 22. 33.1 About SNMP Simple Network Management Protocol is a protocol used for exchanging management information between network devices. SNMP is a member of the TCP/IP protocol suite. Your Prestige supports SNMP agent functionality, which allows a manager station to manage and monitor the Prestige through the network.

  • Page 358: Supported Mibs

    4 Trap - Used by the agent to inform the manager of some events. 33.2 Supported MIBs The Prestige supports RFC-1215 and MIB II as defined in RFC-1213 as well as ZyXEL private MIBs. The focus of the MIBs is to let administrators collect statistic data and monitor status and performance.

  • Page 359: Snmp Traps

    P-335 Series User’s Guide Figure 200 Menu 22 SNMP Configuration Menu 22 - SNMP Configuration SNMP: Get Community= public Set Community= public Trusted Host= 0.0.0.0 Trap: Community= public Destination= 0.0.0.0 Press ENTER to Confirm or ESC to Cancel: The following table describes the SNMP configuration parameters. Table 124 Menu 22 SNMP Configuration FIELD DESCRIPTION...

  • Page 360: Table 126 Ports And Permanent Virtual Circuits

    A trap is sent to the manager when receiving any RFC-1215) SNMP gets or sets requirements with wrong community (password). whyReboot (defined in ZYXEL-MIB) A trap is sent with the reason of restart before rebooting when the system is going to restart (warm start). For intentional reboot : A trap is sent with the message "System reboot by...

  • Page 361: Chapter 34 System Security

    P-335 Series User’s Guide H A P T E R System Security This chapter describes how to configure the system security on the Prestige. 34.1 System Security You can configure the system password, an external RADIUS server and 802.1x in this menu. 34.1.1 System Password Figure 201 Menu 23 System Security Menu 23 - System Security...

  • Page 362: Figure 203 Menu 23.2 System Security : Radius Server

    P-335 Series User’s Guide Figure 203 Menu 23.2 System Security : RADIUS Server Menu 23.2 - System Security - RADIUS Server Authentication Server: Active= No Server Address= 10.11.12.13 Port #= 1812 Shared Secret= ******** Accounting Server: Active= No Server Address= 10.11.12.13 Port #= 1813 Shared Secret= ******** Press ENTER to Confirm or ESC to Cancel:...

  • Page 363: 363

    P-335 Series User’s Guide 34.1.3 802.1x The IEEE802.1x standards outline enhanced security methods for both the authentication of wireless stations and encryption key management. Follow the steps below to enable EAP authentication on your Prestige. 1 From the main menu, enter 23 to display Menu23 – System Security. Figure 204 Menu 23 System Security Menu 23 - System Security 1.

  • Page 364: Figure 205 Menu 23.4 System Security : Ieee802.1X

    P-335 Series User’s Guide Figure 205 Menu 23.4 System Security : IEEE802.1x Menu 23.4 - System Security - IEEE802.1x Wireless Port Control= No Authentication Required ReAuthentication Timer (in second)= 1800 Idle Timeout (in second)= 3600 Key Management Protocol= WPA-PSK Dynamic WEP Key Exchange= 64-bit WEP PSK = N/A WPA Mixed Mode= N/A Data Privacy for Broadcast/Multicast packets= N/A...
  • Page 365 P-335 Series User’s Guide Table 128 Menu 23.4 System Security : IEEE802.1x FIELD DESCRIPTION Dynamic WEP This field is activated only when you select Authentication Required in the Wire- Key Exchange less Port Control field. Also set the Authentication Databases field to RADIUS Only.
  • Page 366 P-335 Series User’s Guide Chapter 34 System Security...

  • Page 367: System Information And Diagnosis

    P-335 Series User’s Guide H A P T E R System Information and Diagnosis This chapter covers the information and diagnostic tools in SMT menus 24.1 to 24.4. These tools include updates on system status, port status, log and trace capabilities and upgrades for the system software.

  • Page 368: Figure 207 Menu 24.1 System Maintenance : Status

    P-335 Series User’s Guide Figure 207 Menu 24.1 System Maintenance : Status Menu 24.1 - System Maintenance - Status 07:33:32 Wed. Dec. 24, 2003 Port Status TxPkts RxPkts Cols Tx B/s Rx B/s Up Time 100M/Full 15982 938667 2520 2:07:57 100M/Full 22381 21235...

  • Page 369: System Information

    Routing Refers to the routing protocol used. ZyNOS F/W Version Refers to the ZyNOS (ZyXEL Network Operating System) system firmware version. ZyNOS is a registered trademark of ZyXEL Communications Corporation. Ethernet Address Refers to the Ethernet MAC (Media Access Control) of your Prestige.

  • Page 370: Console Port Speed

    P-335 Series User’s Guide 35.2.2 Console Port Speed You can set up different port speeds for the console port through Menu 24.2.2 – System Maintenance – Console Port Speed. Your Prestige supports 9600 (default), 19200, 38400, 57600 and 115200 bps. Press [SPACE BAR] and then [ENTER] to select the desired speed in menu 24.2.2, as shown in the following figure.
  • Page 371 P-335 Series User’s Guide Table 131 Menu 24.3.2 System Maintenance : Syslog and Accounting PARAMETER DESCRIPTION Log Facility Press [SPACE BAR] and then [ENTER] to select a Local option. The log facility allows you to log the message to different files in the server. Please refer to the documentation of your syslog program for more details.

  • Page 372: Cdr

    L02 Call Terminated C02 Call Terminated Jul 19 11:19:27 192.168.102.2 ZYXEL: board 0 line 0 channel 0, call 1, C01 Outgoing Call dev=2 ch=0 40002 Jul 19 11:19:32 192.168.102.2 ZYXEL: board 0 line 0 channel 0, call 1, C02 OutCall Connected 64000 40002 Jul 19 11:20:06 192.168.102.2 ZYXEL: board 0 line 0 channel 0, call 1, C02 Call...
  • Page 373 P-335 Series User’s Guide prot: Protocol (“TCP”, ”UDP”, ”ICMP”) spo: Source port dpo: Destination port Jul 19 14:43:55 192.168.102.2 ZYXEL: IP [Src=202.132.154.123 Dst=255.255.255.255 UDP spo=0208 dpo=0208]} S03>R01mF Jul 19 14:44:00 192.168.102.2 ZYXEL: IP [Src=192.168.102.20 Dst=202.132.154.1 UDP spo=05d4 dpo=0035]} S03>R01mF Jul 19 14:44:04 192.168.102.2 ZYXEL: IP [Src=192.168.102.20 Dst=202.132.154.1 UDP spo=05d4 dpo=0035]} S03>R01mF...

  • Page 374: Packet Triggered

    Sring = Packet trigger: Protocol=xx Data=xxxxxxxxxx…..x Protocol: (1:IP 2:IPX 3:IPXHC 4:BPDU 5:ATALK 6:IPNG) Data: We will send forty-eight Hex characters to the server Jul 19 11:28:39 192.168.102.2 ZyXEL: Packet Trigger: Protocol=1, Data=4500003c100100001f010004c0a86614ca849a7b08004a5c020001006162636465666768696a6b6c 6d6e6f7071727374 Jul 19 11:28:56 192.168.102.2 ZyXEL: Packet Trigger: Protocol=1,...

  • Page 375: Firewall Log

    P-335 Series User’s Guide 35.3.1.5 Firewall log Firewall Log Message Format SdcmdSyslogSend(SYSLOG_FIREWALL, SYSLOG_NOTICE, buf); buf = IP[Src=xx.xx.xx.xx : spo=xxxx Dst=xx.xx.xx.xx : dpo=xxxx | prot | rule | action] Src: Source Address spo: Source port (empty means no source port information) Dst: Destination Address dpo: Destination port (empty means no destination port information) prot: Protocol (“TCP”,”UDP”,”ICMP”, ”IGMP”, ”GRE”, ”ESP”)

  • Page 376: Diagnostic

    P-335 Series User’s Guide Figure 213 Call-Triggering Packet Example IP Frame: ENET0-RECV Size: Time: 17:02:44.262 Frame Type: IP Header: IP Version Header Length = 20 Type of Service = 0x00 (0) Total Length = 0x002C (44) Identification = 0x0002 (2) Flags = 0x00 Fragment Offset...

  • Page 377: Wan Dhcp

    P-335 Series User’s Guide Figure 214 Menu 24.4 System Maintenance : Diagnostic Menu 24.4 - System Maintenance - Diagnostic TCP/IP 1. Ping Host 2. WAN DHCP Release 3. WAN DHCP Renewal 4. Internet Setup Test System 11. Reboot System Enter Menu Selection Number: Host IP Address= N/A 35.4.1 WAN DHCP DHCP functionality can be enabled on the LAN or WAN as shown in LAN &...
  • Page 378 P-335 Series User’s Guide Table 132 System Maintenance Menu Diagnostic FIELD DESCRIPTION Reboot System Enter 11 to reboot the Prestige. Host IP Address= If you entered 1 in Ping Host, then enter the IP address of the computer you want to ping in this field. Enter the number of the selection you would like to perform or press [ESC] to cancel.

  • Page 379: Firmware And Configuration File Maintenance

    The configuration file (often called the romfile or rom-0) contains the factory default settings in the menus such as password, DHCP Setup, TCP/IP Setup, etc. It arrives from ZyXEL with a “rom” filename extension. Once you have customized the Prestige's settings, they can be saved back to your computer under a filename of your choosing.

  • Page 380: Backup Configuration

    P-335 Series User’s Guide The following table is a summary. Please note that the internal filename refers to the filename on the Prestige and the external filename refers to the filename not on the Prestige, that is, on your computer, local network or FTP site and so the name (but not the extension) may vary. After uploading new firmware, see the ZyNOS F/W Version field in Menu 24.2.1 –...

  • Page 381: Using The Ftp Command From The Command Line

    P-335 Series User’s Guide Figure 216 Telnet in Menu 24.5 Menu 24.5 - System Maintenance - Backup Configuration To transfer the configuration file to your workstation, follow the procedure below: 1. Launch the FTP client on your workstation. 2. Type "open" and the IP address of your Prestige. Then type "root" and SMT password as requested.

  • Page 382: Example Of Ftp Commands From The Command Line

    331 Enter PASS command Password: 230 Logged in ftp> bin 200 Type I OK ftp> get rom-0 zyxel.rom 200 Port command okay 150 Opening data connection for STOR ras 226 File received OK ftp: 16384 bytes sent in 1.10Seconds 297.89Kbytes/sec.

  • Page 383: Backup Configuration Using Tftp

    P-335 Series User’s Guide 36.2.6 Backup Configuration Using TFTP The Prestige supports the up/downloading of the firmware and the configuration file using TFTP (Trivial File Transfer Protocol) over LAN. Although TFTP should work over WAN as well, it is not recommended. To use TFTP, your computer must have both telnet and TFTP clients.

  • Page 384: Gui-Based Tftp Clients

    P-335 Series User’s Guide 36.2.8 GUI-based TFTP Clients The following table describes some of the fields that you may see in GUI-based TFTP clients. Table 135 General Commands for GUI-based TFTP Clients COMMAND DESCRIPTION Host Enter the IP address of the Prestige. 192.168.1.1 is the Prestige’s default IP address when shipped.

  • Page 385: Figure 218 Telnet Into Menu 24.6

    P-335 Series User’s Guide Figure 218 Telnet into Menu 24.6. Menu 24.6 -- System Maintenance - Restore Configuration To transfer the firmware and configuration file to your workstation, follow the procedure below: 1. Launch the FTP client on your workstation. 2.

  • Page 386: Restore Using Ftp Session Example

    P-335 Series User’s Guide 36.3.2 Restore Using FTP Session Example Figure 219 Restore Using FTP Session Example ftp> put config.rom rom-0 200 Port command okay 150 Opening data connection for STOR rom-0 226 File received OK 221 Goodbye for writing flash ftp: 16384 bytes sent in 0.06Seconds 273.07Kbytes/sec.

  • Page 387: Configuration File Upload

    P-335 Series User’s Guide Figure 220 Telnet Into Menu 24.7.1 Upload System Firmware Menu 24.7.1 - System Maintenance - Upload System Firmware To upload the system firmware, follow the procedure below: 1. Launch the FTP client on your workstation. 2. Type "open" and the IP address of your system. Then type "root" and SMT password as requested.

  • Page 388: Ftp Session Example Of Firmware File Upload

    P-335 Series User’s Guide 6 Use “put” to transfer files from the computer to the Prestige, for example, “put firmware.bin ras” transfers the firmware on your computer (firmware.bin) to the Prestige and renames it “ras”. Similarly, “put config.rom rom-0” transfers the configuration file on your computer (config.rom) to the Prestige and renames it “rom-0”.

  • Page 389: Tftp Upload Command Example

    P-335 Series User’s Guide 4 Launch the TFTP client on your computer and connect to the Prestige. Set the transfer mode to binary before starting data transfer. 5 Use the TFTP client (see the example below) to transfer files between the Prestige and the computer.
  • Page 390 P-335 Series User’s Guide Chapter 36 Firmware and Configuration File Maintenance...

  • Page 391: Chapter 37 System Maintenance

    Enter the CI from the SMT by selecting menu 24.8. See the included disk or the zyxel.com web site for more detailed information on CI commands. Enter 8 from Menu 24 — System Maintenance. A list of valid commands can be found by typing help or ? at the command prompt.

  • Page 392: Command Usage

    A list of commands can be found by typing help or ? at the command prompt. Always type the full command. Type exit to return to the SMT main menu when finished. Figure 224 Valid Commands Copyright (c) 1994 - 2003 ZyXEL Communications Corp. ras> ? Valid commands are:...

  • Page 393: Call History

    P-335 Series User’s Guide Figure 226 Budget Management Menu 24.9.1 - Budget Management Remote Node Connection Time/Total Budget Elapsed Time/Total Period 1. MyISP No Budget No Budget Reset Node (0 to update screen): The total budget is the time limit on the accumulated time for outgoing calls to a remote node. When this limit is reached, the call will be dropped and further outgoing calls to that remote node will be blocked.

  • Page 394: Time And Date Setting

    P-335 Series User’s Guide The following table describes the fields in this menu. Table 137 Call History Fields FIELD DESCRIPTION Phone Number The PPPoE service names are shown here. This shows whether the call was incoming or outgoing. Rate This is the transfer rate of the call. #call This is the number of calls made to or received from that telephone number.

  • Page 395: Figure 229 Menu 24.10 System Maintenance: Time And Date Setting

    P-335 Series User’s Guide Figure 229 Menu 24.10 System Maintenance: Time and Date Setting Menu 24.10 - System Maintenance - Time and Date Setting Time Protocol= NTP (RFC-1305) Time Server Address= time-b.nist.gov Current Time: 08 : 07 : 14 New Time (hh:mm:ss): 08 : 06 : 48 Current Date: 2003 - 12 - 24...

  • Page 396: Resetting The Time

    P-335 Series User’s Guide 37.3.1 Resetting the Time The Prestige resets the time in three instances: 1 On leaving menu 24.10 after making changes. 2 When the Prestige starts up, if there is a timeserver configured in menu 24.10. 3 24-hour intervals after starting. Chapter 37 System Maintenance...

  • Page 397: Chapter 38 Remote Management

    P-335 Series User’s Guide H A P T E R Remote Management This chapter covers remote management (SMT menu 24.11). 38.1 Remote Management Remote management allows you to determine which services/protocols can access which Prestige interface (if any) from which computers. You may manage your Prestige from a remote location via: •...

  • Page 398: Remote Management Limitations

    P-335 Series User’s Guide Figure 230 Menu 24.11 – Remote Management Control Menu 24.11 - Remote Management Control TELNET Server: Port = 23 Access = ALL Secure Client IP = 0.0.0.0 FTP Server: Port = 21 Access = ALL Secure Client IP = 0.0.0.0 Web Server: Port = 80 Access = ALL...
  • Page 399 P-335 Series User’s Guide 2 There is already another remote management session with an equal or higher priority running. You may only have one remote management session running at one time. 3 There is a firewall rule that blocks it. Chapter 38 Remote Management...
  • Page 400 P-335 Series User’s Guide Chapter 38 Remote Management...

  • Page 401: Chapter 39 Call Scheduling

    P-335 Series User’s Guide H A P T E R Call Scheduling Call scheduling (applicable for PPPoA or PPPoE encapsulation only) allows you to dictate when a remote node should be called and for how long. 39.1 Introduction to Call Scheduling The call scheduling feature allows the Prestige to manage a remote node and dictate when a remote node should be called and for how long.

  • Page 402: Figure 232 Menu 26.1 Schedule Set Setup

    P-335 Series User’s Guide You can design up to 12 schedule sets but you can only apply up to four schedule sets for a remote node. Note: To delete a schedule set, enter the set number and press [SPACE BAR] and then [ENTER] (or delete) in the Edit Name field. To setup a schedule set, select the schedule set you want to setup from menu 26 (1-12) and press [ENTER] to see Menu 26.1 —...

  • Page 403: Figure 233 Applying Schedule Set(S) To A Remote Node (Pppoe)

    P-335 Series User’s Guide Table 140 Menu 26.1 Schedule Set Setup FIELD DESCRIPTION Start Time Enter the start time when you wish the schedule set to take effect in hour-minute format. Duration Enter the maximum length of time this connection is allowed in hour-minute format. Action Forced On means that the connection is maintained whether or not there is a demand call on the line and will persist for the time period specified in the Duration field.
  • Page 404 P-335 Series User’s Guide Chapter 39 Call Scheduling...

  • Page 405: Chapter 40 Vpn/Ipsec Setup

    P-335 Series User’s Guide H A P T E R VPN/IPSec Setup This chapter introduces the VPN SMT menus. 40.1 VPN/IPSec Overview The VPN/IPSec main SMT menu has these main submenus: 1 Define VPN policies in menu 27.1 submenus, including security policies, endpoint IP addresses, peer IPSec router IP address and key management.

  • Page 406: Ipsec Summary Screen

    192.168.1.38 Tunnel 193.81.13.2 zw50 4.4.4.4 172.16.2.46 Tunnel AH SHA1 192.168.1.40 1.1.1.1 Tunnel zw50test.zyxel. China 255.255.0.0 ESP DES MD5 192.168.1.42 0.0.0.0 Select Command= NoneSelect Rule= N/A Press ENTER to Confirm or ESC to Cancel: Table 141 Menu 27.1 IPSec Summary FIELD DESCRIPTION This is the VPN policy index number.
  • Page 407 P-335 Series User’s Guide Table 141 Menu 27.1 IPSec Summary FIELD DESCRIPTION Local Addr When the Addr Type field in Menu 27.1.1 IPSec Setup is configured to Single, this is a Start static IP address on the LAN behind your Prestige. When the Addr Type field in Menu 27.1.1 IPSec Setup is configured to Range, this is the beginning (static) IP address, in a range of computers on the LAN behind your Pres- tige.
  • Page 408 P-335 Series User’s Guide Table 141 Menu 27.1 IPSec Summary FIELD DESCRIPTION Remote Addr When the Addr Type field in Menu 27.1.1 IPSec Setup is configured to Single, this is the same (static) IP address as in the Remote Addr Start field. When the Addr Type field in Menu 27.1.1 IPSec Setup is configured to Range, this is the end (static) IP address, in a range of computers on the network behind the remote IPSec router.

  • Page 409: Figure 237 Menu 27.1.1 Ipsec Setup

    Keep Alive= No Nat Traversal= No Local ID type Content= My IP Addr= 0.0.0.0 Peer ID type= IP Content= Secure Gateway Address= zw50test.zyxel.com.tw Protocol= 0 DNS Server= 0.0.0.0 Local: Addr Type= SINGLE End= N/A Local IP Addr= 1.1.1.1 End/Subnet Mask= 255.255.0.0...
  • Page 410 P-335 Series User’s Guide Table 142 Menu 27.1.1 IPSec Setup FIELD DESCRIPTION Content When you select IP in the Local ID Type field, type the IP address of your computer or leave the field blank to have the Prestige automatically use its own IP address. When you select DNS in the Local ID Type field, type a domain name (up to 31 char- acters) by which to identify this Prestige.
  • Page 411 P-335 Series User’s Guide Table 142 Menu 27.1.1 IPSec Setup FIELD DESCRIPTION Port Start 0 is the default and signifies any port. Type a port number from 0 to 65535. You cannot create a VPN tunnel if you try to connect using a port number that does not match this port number or range of port numbers.

  • Page 412: Ike Setup

    P-335 Series User’s Guide Table 142 Menu 27.1.1 IPSec Setup FIELD DESCRIPTION Enable Replay As a VPN setup is processing intensive, the system is vulnerable to Denial of Service Detection (DoS) attacks The IPSec receiver can detect and reject old or duplicate packets to pro- tect against replay attacks.

  • Page 413: Figure 238 Menu 27.1.1.1 Ike Setup

    P-335 Series User’s Guide Figure 238 Menu 27.1.1.1 IKE Setup Menu 27.1.1.1 - IKE Setup Phase 1 Negotiation Mode= Main PSK= qwer1234 Encryption Algorithm= DES Authentication Algorithm= MD5 SA Life Time (Seconds)= 28800 Key Group= DH1 Phase 2 Active Protocol= ESP Encryption Algorithm= DES Authentication Algorithm= SHA1 SA Life Time (Seconds)= 28800...

  • Page 414: Manual Setup

    P-335 Series User’s Guide Table 143 Menu 27.1.1.1 IKE Setup FIELD DESCRIPTION SA Life Time Define the length of time before an IKE Security Association automatically renegoti- (Seconds) ates in this field. It may range from 60 to 3,000,000 seconds (almost 35 days). A short SA Life Time increases security by forcing the two VPN gateways to update the encryption and authentication keys.

  • Page 415: Active Protocol

    P-335 Series User’s Guide 40.4.0.1 Active Protocol This field is a combination of mode and security protocols used for the VPN. See the Web Configurator part on VPN for more information on these parameters. Table 144 Active Protocol: Encapsulation and Security Protocol MODE SECURITY PROTOCOL Tunnel...
  • Page 416 P-335 Series User’s Guide Table 145 Menu 27.1.1.2 Manual Setup FIELD DESCRIPTION Encryption Press [SPACE BAR] to choose from NULL, 3DES or DES and then press [ENTER]. Algorithm Fill in the Key1 field below when you choose DES and fill in fields Key1 to Key3 when you choose 3DES.

  • Page 417: Chapter 41 Sa Monitor

    P-335 Series User’s Guide H A P T E R SA Monitor This chapter teaches you how to manage your SAs by using the SA Monitor in SMT menu 27.2. 41.1 SA Monitor Overview A Security Association (SA) is the group of security settings related to a specific VPN tunnel. This menu (shown next) displays active VPN connections.

  • Page 418: Figure 240 Menu 27.2 Sa Monitor

    P-335 Series User’s Guide Figure 240 Menu 27.2 SA Monitor Menu 27.2 - SA Monitor Name Encap. IPSec ALgorithm -------------------------------- --------- ---------------- Taiwan : 3.3.3.1 – 3.3.3.3.100 Tunnel ESP DES MD5 Select Command= Refresh Select Connection= N/A Press ENTER to Confirm or ESC to Cancel: The following table describes the fields in this menu.
  • Page 419 P-335 Series User’s Guide Table 146 Menu 27.2 SA Monitor FIELD DESCRIPTION Select Press [SPACE BAR] to choose from Refresh, Disconnect, None, Next Page, or Previ- Command ous Page and then press [ENTER]. You must select a connection in the next field when you choose the Disconnect command.
  • Page 420 P-335 Series User’s Guide Chapter 41 SA Monitor...

  • Page 421: Appendix A Troubleshooting

    P-335 Series User’s Guide Appendix A Troubleshooting This chapter covers potential problems and possible remedies. After each problem description, some instructions are provided to help you to diagnose and to solve the problem. Please see our included disk for further information. Table 147 Troubleshooting PROBLEM CORRECTIVE ACTION...

  • Page 422: Table 148 Troubleshooting The Password

    P-335 Series User’s Guide Table 147 Troubleshooting PROBLEM CORRECTIVE ACTION Access to a web page with Make sure that you select the Keyword Blocking check box in the Content a URL containing a Filtering screen. Make sure that the keywords that you type are listed in forbidden keyword is not the Keyword List.

  • Page 423: Appendix Bpppoe

    P-335 Series User’s Guide Appendix B PPPoE PPPoE in Action An ADSL modem bridges a PPP session over Ethernet (PPP over Ethernet, RFC 2516) from your computer to an ATM PVC (Permanent Virtual Circuit) which connects to a DSL Access Concentrator where the PPP session terminates (see the next figure).

  • Page 424: Figure 241 Single-Computer Per Router Hardware Configuration

    P-335 Series User’s Guide Figure 241 Single-Computer per Router Hardware Configuration How PPPoE Works The PPPoE driver makes the Ethernet appear as a serial link to the computer and the computer runs PPP over it, while the modem bridges the Ethernet frames to the Access Concentrator (AC).

  • Page 425: Appendix Cpptp

    P-335 Series User’s Guide Appendix C PPTP What is PPTP? PPTP (Point-to-Point Tunneling Protocol) is a Microsoft proprietary protocol (RFC 2637 for PPTP is informational only) to tunnel PPP frames. How can we transport PPP frames from a computer to a broadband modem over Ethernet? A solution is to build PPTP into the ANT (ADSL Network Termination) where PPTP is used only over the short haul between the computer and the modem over Ethernet.

  • Page 426: Figure 244 Pptp Protocol Overview

    P-335 Series User’s Guide PPTP Protocol Overview PPTP is very similar to L2TP, since L2TP is based on both PPTP and L2F (Cisco’s Layer 2 Forwarding). Conceptually, there are three parties in PPTP, namely the PNS (PPTP Network Server), the PAC (PPTP Access Concentrator) and the PPTP user. The PNS is the box that hosts both the PPP and the PPTP stacks and forms one end of the PPTP tunnel.

  • Page 427: Figure 245 Example Message Exchange Between Computer And An Ant

    P-335 Series User’s Guide Figure 245 Example Message Exchange between Computer and an ANT PPP Data Connection The PPP frames are tunneled between the PNS and PAC over GRE (General Routing Encapsulation, RFC 1701, 1702). The individual calls within a tunnel are distinguished using the Call ID field in the GRE header.
  • Page 428 P-335 Series User’s Guide Appendix C...

  • Page 429: Appendix D Print Server

    P-335 Series User’s Guide Appendix D Print Server This appendix shows you how to set up a print server for the following operating systems: • Windows 95 • Windows 98 • Windows 98 SE (Second Edition) • Windows ME • Windows 2000 •...

  • Page 430: Figure 246 Network Print Server Setup Wizard

    P-335 Series User’s Guide Installation Requirements To install the print server driver you will need the following requirements • Microsoft Windows 95, Windows 98 SE (Second Edition), Windows ME, Windows NT 4.0, Windows 2000, Windows XP or Macintosh OS X •...

  • Page 431: Figure 247 Network Print Server Setup Wizard : Welcome

    P-335 Series User’s Guide Figure 247 Network Print Server Setup Wizard : Welcome 4 The Select A Print Server screen displays. The wizard automatically detects whether or not a print server is connected to your computer. Make sure that your Prestige is correctly connected and a compatible USB printer is connected to the Prestige.

  • Page 432: Figure 248 Network Print Server Setup Wizard : Select A Print Server

    P-335 Series User’s Guide Figure 248 Network Print Server Setup Wizard : Select A Print Server 5 The Change Settings screen displays. Select the Yes, I want to change settings radio button, type a password and click Next to change your print server settings. Alternatively select No, I don’t want to change settings and click Next to use the current print server settings and continue with the wizard.

  • Page 433: Figure 249 Network Print Server Setup Wizard : Change Settings

    P-335 Series User’s Guide Figure 249 Network Print Server Setup Wizard : Change Settings 6 Select the printer which is connected to the Prestige USB port. 7 Click Next to continue. Appendix D...

  • Page 434: Figure 250 Network Print Server Setup Wizard : Select A Printer

    P-335 Series User’s Guide Figure 250 Network Print Server Setup Wizard : Select A Printer 8 If your printer is not listed, you can use the pop-up help dialog box to guide you through the add printer process. After you have added a printer, the Select A Printer screen displays again.

  • Page 435: Figure 252 Network Print Server Setup Wizard : Summary

    P-335 Series User’s Guide Figure 252 Network Print Server Setup Wizard : Summary 10Click Finish to save and close your Network Print Server Setup Wizard. Your print server setup is complete. Figure 253 Network Print Server Setup Wizard : Installation Complete Appendix D...

  • Page 436: Figure 254

    P-335 Series User’s Guide Windows 95/98/ME/NT/2000/XP : Print Server Setup Wizard The following Setup Wizard for Windows 98/ME/NT/2000/XP uses a print server protocol called Line Printer Daemon (LPD). You must use this wizard if you want to set up your network print server on the following operating systems: •...

  • Page 437: Figure 255 Network Print Monitor Setup : Welcome

    P-335 Series User’s Guide Figure 255 Network Print Monitor Setup : Welcome 4 The Choose Destination Location screen displays. Choose a file location to install your print monitor and click Next to continue. Figure 256 Network Print Monitor Setup : Location 5 The Setup Complete screen displays.

  • Page 438: Figure 257 Network Print Monitor Setup : Complete

    P-335 Series User’s Guide Figure 257 Network Print Monitor Setup : Complete Windows 2000/NT/XP : Computer Wizard Use the following wizard if you do not want to use the provided setup wizards.Windows 95, Windows 98, Windows 98 SE (Second Edition) and Windows ME have similar print server setups.

  • Page 439: Figure 259 Add Printer Wizard Welcome Screen

    P-335 Series User’s Guide Figure 259 Add Printer Wizard Welcome Screen 4 Select the Local printer radio button. 5 Click Next to continue. Figure 260 Local Printer Screen 6 Select the Create a new port radio button. 7 Choose Standard TCP/IP Port from the Type drop-down list box. 8 Click Next to continue.

  • Page 440: Figure 261 Select Printer Port Screen

    P-335 Series User’s Guide Figure 261 Select Printer Port Screen 9 Follow the on-screen instructions and click Next to continue. Figure 262 Add Standard TCP/IP Printer Port Screen 10 Type the IP Address of your Prestige. A default Port Name displays as you type the IP Address.

  • Page 441: Figure 263 Add Port Screen

    P-335 Series User’s Guide Figure 263 Add Port Screen 12 Select the Custom radio button and click the Settings… button. Fill in additional print server port information in the following screen. Figure 264 Additional Port Information Screen 13 Select the LPR radio button as the printing Protocol. 14 Type LP1 in the LPR Settings Queue Name field.

  • Page 442: Figure 265 Port Settings Screen

    P-335 Series User’s Guide Figure 265 Port Settings Screen 16 Make sure that your printer port settings are correct. Click the Finish button to complete printer TCP/IP and port set up and then return to the Add Pinter Wizard. Figure 266 Add Standard TCP/IP Printer Port Complete 17 Select the make of the printer that you want to connect to the print server in the Manufacturers list of printers.

  • Page 443: Figure 267 Add Printer Screen

    P-335 Series User’s Guide Figure 267 Add Printer Screen 21 If the following screen displays, select Keep existing driver radio button if you already have a printer driver installed on your computer and you do not want to change it. 22 Click Next to continue.

  • Page 444: Figure 269 Name Your Printer Screen

    P-335 Series User’s Guide Figure 269 Name Your Printer Screen 24 Select the Do not share this printer radio button. 25 Click Next to proceed to the following screen. Figure 270 Printer Sharing Screen 26 These fields are optional. Type where your printer is located in the Location field. Type additional information about the printer in the Comment field.

  • Page 445: Figure 271 Location And Comment Screen

    P-335 Series User’s Guide Figure 271 Location and Comment Screen 28 Select the Yes radio button and then click the Next button if you want to print a test page. A pop-up screen displays to ask if the test page printed correctly. Otherwise select the No radio button and then click Next to continue.

  • Page 446: Figure 273 Add Printer Wizard Complete

    P-335 Series User’s Guide Figure 273 Add Printer Wizard Complete Macintosh OS X Use the following steps to set up a print server on your Macintosh computer. 1 Click the Print Center icon located in the Macintosh Dock. Proceed to step 6 to continue.

  • Page 447: Figure 276 Applications Folder

    P-335 Series User’s Guide Figure 276 Applications Folder 5 Double-click the Print Center icon. Figure 277 Utilities Folder 6 Click the Add icon at the top of the screen. Figure 278 Printer List Folder 7 Set up your printer in the Printer List configuration screen. Select IP Printing from the drop-down list box.

  • Page 448: Figure 279 Printer Configuration

    P-335 Series User’s Guide Figure 279 Printer Configuration 12Click Add to select a printer model, save and close the Printer List configuration screen. Figure 280 Printer Model 13The Name “LP1 on 192.168.1.1” displays in the Printer List field. The default printer Name displays in bold type.

  • Page 449: Figure 281 Print Server

    P-335 Series User’s Guide Figure 281 Print Server 14Your Macintosh print server set up is complete. You can now use the Prestige’s print server to print from a Macintosh computer. Refer to the Print Server chapter on page 257 for information on your Prestige print server configuration screen. Appendix D...
  • Page 450 P-335 Series User’s Guide Appendix D...

  • Page 451: Appendix E

    P-335 Series User’s Guide Appendix E Print Server Specifications This appendix provides details on the print server interface and system requirements. Table 150 Print Server Interface PRINT SERVER INTERFACE USB 1.1 (full speed) - compliant port, 1.5Mbps (low speed) and 12Mbps (full speed) data transmission rates.

  • Page 452: Table 152 Compatible Usb Printers

    P-335 Series User’s Guide Table 152 Compatible USB Printers PRINTER MODEL TYPE HP DeskJet 810c Inkjet HP DeskJet 845c Inkjet HP DeskJet 5550 Inkjet HP DeskJet 1125c Inkjet HP DeskJet 1180 Inkjet HP DeskJet 1220c Inkjet HP DeskJet 3535 Inkjet HP DeskJet 5652 Inkjet HP Photosmart 7150...

  • Page 453: Appendix F

    P-335 Series User’s Guide Appendix F NetBIOS Filter Commands The following describes the NetBIOS packet filter commands. Introduction NetBIOS (Network Basic Input/Output System) are TCP or UDP broadcast packets that enable a computer to connect to and communicate with a LAN. For some dial-up services such as PPPoE or PPTP, NetBIOS packets cause unwanted calls.

  • Page 454: Table 153 Netbios Filter Default Settings

    P-335 Series User’s Guide The filter types and their default settings are as follows. Table 153 NetBIOS Filter Default Settings NAME DESCRIPTION EXAMPLE This field displays whether NetBIOS packets are blocked or forwarded Between LAN Block between the LAN and the WAN. and WAN This field displays whether NetBIOS packets sent through a VPN IPSec...

  • Page 455: Appendix G Log Descriptions

    P-335 Series User’s Guide Appendix G Log Descriptions Configure centralized logs using the embedded web configurator; see online help for details. This appendix provides descriptions of example log messages. Table 154 System Error logs LOG MESSAGE DESCRIPTION This attempt to create a NAT session exceeds the maximum %s exceeds the max.

  • Page 456: Table 156 Upnp Logs

    P-335 Series User’s Guide Table 156 UPnP Logs LOG MESSAGE DESCRIPTION UPnP packets can pass through the firewall. UPnP pass through Firewall Table 157 ICMP Type and Code Explanations TYPE CODE DESCRIPTION Echo Reply Echo reply message Destination Unreachable Net unreachable Host unreachable Protocol unreachable Port unreachable...

  • Page 457: Appendix H

    P-335 Series User’s Guide Appendix H Setting up Your Computer’s IP Address All computers must have a 10M or 100M Ethernet adapter card and TCP/IP installed. Windows 95/98/Me/NT/2000/XP, Macintosh OS 7 and later operating systems and all versions of UNIX/LINUX include the software components you need to install and use TCP/IP on your computer.

  • Page 458: Figure 282 Windows 95/98/Me: Network: Configuration

    P-335 Series User’s Guide Figure 282 WIndows 95/98/Me: Network: Configuration Installing Components The Network window Configuration tab displays a list of installed components. You need a network adapter, the TCP/IP protocol and Client for Microsoft Networks. If you need the adapter: 1 In the Network window, click Add.

  • Page 459: Figure 283 Windows 95/98/Me: Tcp/Ip Properties: Ip Address

    P-335 Series User’s Guide 3 Select Microsoft from the list of manufacturers. 4 Select Client for Microsoft Networks from the list of network clients and then click 5 Restart your computer so the changes you made take effect. Configuring 1 In the Network window Configuration tab, select your network adapter's TCP/IP entry and click Properties 2 Click the IP Address tab.

  • Page 460: Figure 284 Windows 95/98/Me: Tcp/Ip Properties: Dns Configuration

    P-335 Series User’s Guide Figure 284 Windows 95/98/Me: TCP/IP Properties: DNS Configuration 4 Click the Gateway tab. • If you do not know your gateway’s IP address, remove previously installed gateways. • If you have a gateway IP address, type it in the New gateway field and click Add.

  • Page 461: Figure 285 Windows Xp: Start Menu

    P-335 Series User’s Guide Figure 285 Windows XP: Start Menu 2 For Windows XP, click Network Connections. For Windows 2000/NT, click Network and Dial-up Connections. Figure 286 Windows XP: Control Panel 3 Right-click Local Area Connection and then click Properties. Appendix H...

  • Page 462: Figure 287 Windows Xp: Control Panel: Network Connections: Properties

    P-335 Series User’s Guide Figure 287 Windows XP: Control Panel: Network Connections: Properties 4 Select Internet Protocol (TCP/IP) (under the General tab in Win XP) and click Properties. Figure 288 Windows XP: Local Area Connection Properties 5 The Internet Protocol TCP/IP Properties window opens (the General tab in Windows XP).

  • Page 463: Figure 289 Windows Xp: Advanced Tcp/Ip Settings

    P-335 Series User’s Guide • If you have a static IP address click Use the following IP Address and fill in the IP address, Subnet mask, and Default gateway fields. Click Advanced. Figure 289 Windows XP: Advanced TCP/IP Settings 6 If you do not know your gateway's IP address, remove any previously installed gateways in the IP Settings tab and click OK.

  • Page 464: Figure 290 Windows Xp: Internet Protocol (Tcp/Ip) Properties

    P-335 Series User’s Guide 7 In the Internet Protocol TCP/IP Properties window (the General tab in Windows XP): • Click Obtain DNS server address automatically if you do not know your DNS server IP address(es). • If you know your DNS server IP address(es), click Use the following DNS server addresses, and type them in the Preferred DNS server and Alternate DNS server fields.

  • Page 465: Figure 291 Macintosh Os 8/9: Apple Menu

    P-335 Series User’s Guide Macintosh OS 8/9 1 Click the Apple menu, Control Panel and double-click TCP/IP to open the TCP/IP Control Panel. Figure 291 Macintosh OS 8/9: Apple Menu 2 Select Ethernet built-in from the Connect via list. Appendix H...

  • Page 466: Figure 292 Macintosh Os 8/9: Tcp/Ip

    P-335 Series User’s Guide Figure 292 Macintosh OS 8/9: TCP/IP 3 For dynamically assigned settings, select Using DHCP Server from the Configure: list. 4 For statically assigned settings, do the following: • From the Configure box, select Manually. • Type your IP address in the IP Address box. •...

  • Page 467: Figure 294 Macintosh Os X: Network

    P-335 Series User’s Guide • Select Built-in Ethernet from the Show list. • Click the TCP/IP tab. 3 For dynamically assigned settings, select Using DHCP from the Configure list. Figure 294 Macintosh OS X: Network 4 For statically assigned settings, do the following: •...
  • Page 468 P-335 Series User’s Guide Appendix H...

  • Page 469: Wireless Lan And Ieee 802.11

    P-335 Series User’s Guide Appendix I Wireless LAN and IEEE 802.11 A wireless LAN (WLAN) provides a flexible data communications system that you can use to access various services (navigating the Internet, email, printer services, etc.) without the use of a cabled connection.

  • Page 470: Figure 295 Peer-To-Peer Communication In An Ad-Hoc Network

    P-335 Series User’s Guide Ad-hoc Wireless LAN Configuration The simplest WLAN configuration is an independent (Ad-hoc) WLAN that connects a set of computers with wireless nodes or stations (STA), which is called a Basic Service Set (BSS). In the most basic form, a wireless LAN connects a set of computers with wireless adapters. Any time two or more wireless adapters are within range of each other, they can set up an independent network, which is commonly referred to as an Ad-hoc network or Independent Basic Service Set (IBSS).

  • Page 471: Figure 296 Ess Provides Campus-Wide Coverage

    P-335 Series User’s Guide Figure 296 ESS Provides Campus-Wide Coverage Appendix I...
  • Page 472 P-335 Series User’s Guide Appendix I...

  • Page 473: Appendix J

    P-335 Series User’s Guide Appendix J Wireless LAN With IEEE 802.1x As wireless networks become popular for both portable computing and corporate networks, security is now a priority. Security Flaws with IEEE 802.11 Wireless networks based on the original IEEE 802.11 have a poor reputation for safety. The IEEE 802.11b wireless access standard, first published in 1999, was based on the MAC address.

  • Page 474: Figure 297 Sequences For Eap Md5-Challenge Authentication

    P-335 Series User’s Guide RADIUS Server Authentication Sequence The following figure depicts a typical wireless network with a remote RADIUS server for user authentication using EAPOL (EAP Over LAN). Figure 297 Sequences for EAP MD5–Challenge Authentication Appendix J...

  • Page 475: Appendix K

    P-335 Series User’s Guide Appendix K Types of EAP Authentication This appendix discusses the five popular EAP authentication types: EAP-MD5, EAP-TLS, EAP-TTLS, PEAP and LEAP. The type of authentication you use depends on the RADIUS server or the AP. Consult your network administrator for more information.

  • Page 476: Table 158 Comparison Of Eap Authentication Types

    P-335 Series User’s Guide PEAP (Protected EAP) Like EAP-TTLS, server-side certificate authentication is used to establish a secure connection, then use simple username and password methods through the secured connection to authenticate the clients, thus hiding client identity. However, PEAP only supports EAP methods, such as EAP-MD5, EAP-MSCHAPv2 and EAP-GTC (EAP-Generic Token Card), for client authentication.

  • Page 477: Antenna Selection And Positioning Recommendation

    P-335 Series User’s Guide Appendix L Antenna Selection and Positioning Recommendation An antenna couples RF signals onto air. A transmitter within a wireless device sends an RF signal to the antenna, which propagates the signal through the air. The antenna also operates in reverse by capturing RF signals from the air.
  • Page 478 P-335 Series User’s Guide • Omni-directional antennas send the RF signal out in all directions on a horizontal plane. The coverage area is torus-shaped (like a donut) which makes these antennas ideal for a room environment. With a wide coverage area, it is possible to make circular overlapping coverage areas with multiple access points.

  • Page 479: Brute-Force Password Guessing Protection

    P-335 Series User’s Guide Appendix M Brute-Force Password Guessing Protection The following describes the commands for enabling, disabling and configuring the brute-force password guessing protection mechanism for the password. Table 159 Brute-Force Password Guessing Protection Commands COMMAND DESCRIPTION sys pwderrtm This command displays the brute-force guessing password protection settings.
  • Page 480 P-335 Series User’s Guide Appendix M...

  • Page 481: Appendix Ntmss

    P-335 Series User’s Guide Appendix N TMSS This appendix discusses Trend Micro Security Services setup and access. Please see your TMSS User’s Guide for more information. Note: Make sure that you have not restricted access to ActiveX, Cookies or Web Proxy features in the Advanced Firewall Filter screen.

  • Page 482: Figure 299 Tmss Welcome Screen

    P-335 Series User’s Guide Figure 299 TMSS Welcome Screen 7 Click Continue>> to proceed to download ActiveX control. Figure 300 Download ActiveX Control 8 Select Yes to install and run ActiveX control. 9 Once the installation is complete the Home Network Security Services dashboard appears.

  • Page 483: Figure 301 Home Network Security Services Dashboard

    P-335 Series User’s Guide Figure 301 Home Network Security Services Dashboard 10 See the Trend Micro User’s Guide for information on TMSS. Appendix N...
  • Page 484 P-335 Series User’s Guide Appendix N...

  • Page 485: Appendix O Triangle Route

    P-335 Series User’s Guide Appendix O Triangle Route The Ideal Setup When the firewall is on, your Prestige acts as a secure gateway between your LAN and the Internet. In an ideal network topology, all incoming and outgoing network traffic passes through the Prestige to protect your LAN against attacks.

  • Page 486: Figure 303 "Triangle Route" Problem

    P-335 Series User’s Guide Figure 303 “Triangle Route” Problem The “Triangle Route” Solutions This section presents you two solutions to the “triangle route” problem. IP Aliasing IP alias allows you to partition your network into logical sections over the same Ethernet interface.

  • Page 487: Figure 304 Ip Alias

    P-335 Series User’s Guide Figure 304 IP Alias Gateways on the WAN Side A second solution to the “triangle route” problem is to put all of your network gateways on the WAN side as the following figure shows. This ensures that all incoming network traffic passes through your Prestige to your LAN.
  • Page 488 P-335 Series User’s Guide Appendix O...
  • Page 489 P-335 Series User’s Guide Index Numerics Precedence Precedence Example Call-Trigerring Packet 802.1x CDR (Call Detail Record) Certificate Authority Channel ID Command Interpreter Mode Community Active Computer Name ActiveX Conditions that prevent TFTP and FTP from working Address Resolution Protocol (ARP) over WAN Allocated Budget Configuration...
  • Page 490 P-335 Series User’s Guide Gateway IP Addr Gateway IP Address General Setup EAP Authentication 116, 475 Global ECHO Edit IP eDonkey E-Mail eMule Encapsulation 314, 317 Hidden Menus Encryption Hop Count 96, 470 Host Ethernet Encapsulation 158, 313, 314 HTTP 158, 411 Extended Service Set 96, 470...
  • Page 491 P-335 Series User’s Guide Log Facility Login Name Packet Triggered Password 81, 287, 291, 310, 358 Period(hr) Ping Point-to-Point Tunneling Protocol 142, 158 MAC Address POP3 MAC Address Filter Action Port Numbers MAC Address Filtering 131, 305 PPP Log MAC Filter PPPoE Management Information Base (MIB) 210, 358...
  • Page 492 P-335 Series User’s Guide Schedule Sets TCP/IP filter rule Duration Telnet Schedules TFTP File Transfer Security Association TFTP Restrictions 205, 382, 398 Security Parameters Time and Date Setting 394, 395 Server 82, 156, 310, 314, 327, 329, 331, 332, 334, 335, Time Zone 81, 395 Timeout...
  • Page 493 P-335 Series User’s Guide www.dyndns.org ZyNOS 368, 380 ZyNOS F/W Version 368, 380 Index...

This manual is also suitable for:

P-335P-335wt

Table of Contents