ZyXEL Communications Prestige 652H series User Manual
  1. Manuals
  2. Brands
  3. ZyXEL Communications Manuals
  4. Wireless Router
  5. Prestige 652H series
  6. User manual
ZyXEL Communications Prestige 652H series User Manual

ZyXEL Communications Prestige 652H series User Manual

Adsl security/wireless lan router
Hide thumbs Also See for Prestige 652H series:
1
2
3
4
5
6
Table Of Contents
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
Table of Contents

Advertisement

Quick Links

Download this manual
Prestige 652H/HW Series
ADSL Security/Wireless LAN Router
User's Guide
Version 3.40
March 2004

Advertisement

Table of Contents
loading

Related Manuals for ZyXEL Communications Prestige 652H series

Summary of Contents for ZyXEL Communications Prestige 652H series

  • Page 1 Prestige 652H/HW Series ADSL Security/Wireless LAN Router User's Guide Version 3.40 March 2004...

  • Page 2: Copyright

    Trademarks ZyNOS (ZyXEL Network Operating System) is a registered trademark of ZyXEL Communications, Inc. Other trademarks mentioned in this publication are used for identification purposes only and may be properties of their respective owners.

  • Page 3: Federal Communications Commission

    Prestige 652H/HW Series User’s Guide Federal Communications Commission (FCC) Interference Statement This device complies with Part 15 of FCC rules. Operation is subject to the following two conditions: • This device may not cause harmful interference. • This device must accept any interference received, including interference that may cause undesired operations.

  • Page 4: Zyxel Limited Warranty

    Prestige 652H/HW Series User’s Guide ZyXEL Limited Warranty ZyXEL warrants to the original end user (purchaser) that this product is free from any defects in materials or workmanship for a period of up to two years from the date of purchase. During the warranty period, and upon proof of purchase, should the product have indications of failure due to faulty workmanship and/or materials, ZyXEL will, at its discretion, repair or replace the defective products or components without charge for either parts or labor, and to whatever extent it shall deem necessary to restore the product or...

  • Page 5: Customer Support

    Brief description of the problem and the steps you took to solve it. METHOD SUPPORT E-MAIL TELEPHONE WEB SITE REGULAR MAIL SALES E-MAIL FTP SITE LOCATION WORLDWIDE support@zyxel.com.tw +886-3-578-3942 www.zyxel.com ZyXEL Communications Corp. 6 Innovation Road II www.europe.zyxel.com Science Park Hsinchu 300 sales@zyxel.com.tw +886-3-578-2439 ftp.zyxel.com Taiwan ftp.europe.zyxel.com NORTH support@zyxel.com +1-800-255-4101 www.us.zyxel.com...
  • Page 6 SUPPORT E-MAIL TELEPHONE WEB SITE REGULAR MAIL SALES E-MAIL FTP SITE LOCATION SWEDEN support@zyxel.se +46 31 744 7700 www.zyxel.se ZyXEL Communications A/S Sjöporten 4, 41764 Göteborg sales@zyxel.se +46 31 744 7701 Sweden FINLAND support@zyxel.fi +358-9-4780-8411 www.zyxel.fi ZyXEL Communications Oy Malminkaari 10 sales@zyxel.fi...

  • Page 7: Table Of Contents

    Prestige 652H/HW Series User’s Guide Table of Contents Copyright .................................ii Federal Communications Commission (FCC) Interference Statement .............iii ZyXEL Limited Warranty..........................iv Customer Support............................v List of Figures..............................xv List of Tables..............................xxii List of Charts..............................xxvi Preface................................xxvii Introduction to DSL............................xxx Getting Started ..............................I Chapter 1 Getting To Know Your Prestige....................1-1 Introducing the Prestige 652H/HW Series .................1-1 Features of the Prestige ......................1-1 Applications for the Prestige ......................1-7...
  • Page 8 Prestige 652H/HW Series User’s Guide Chapter 5 LAN Setup ..........................5-1 LAN Overview ..........................5-1 DNS Server Address ........................5-1 DNS Server Address Assignment ....................5-2 LAN TCP/IP ..........................5-2 Configuring LAN........................5-4 Chapter 6 DMZ Screens..........................6-7 DMZ Overview..........................6-7 Configuring DMZ ........................6-7 Chapter 7 Wireless LAN Setup........................7-1 Wireless LAN Overview......................7-1 Levels of Security ........................7-3 Data Encryption with WEP......................7-4...
  • Page 9 Prestige 652H/HW Series User’s Guide Chapter 9 Network Address Translation (NAT) Screens................9-1 NAT Overview...........................9-1 SUA (Single User Account) Versus NAT..................9-4 SUA Server ..........................9-5 Selecting the NAT Mode......................9-7 Configuring SUA Server......................9-8 Configuring Address Mapping....................9-9 Editing an Address Mapping Rule ...................9-11 Chapter 10 Dynamic DNS Setup.......................10-1 10.1 Dynamic DNS ..........................10-1 10.2 Configuring Dynamic DNS......................10-1 Chapter 11 Time and Date.........................11-1...
  • Page 10 Prestige 652H/HW Series User’s Guide 15.2 IPSec Architecture ........................15-3 15.3 Encapsulation...........................15-3 15.4 IPSec and NAT ........................15-4 Chapter 16 VPN Screens ...........................16-1 16.1 VPN/IPSec Overview ......................16-1 16.2 IPSec Algorithms ........................16-1 16.3 My IP Address .........................16-2 16.4 Secure Gateway Address ......................16-2 16.5 VPN Summary Screen ......................16-3 16.6 Keep Alive ..........................16-5 16.7 NAT Traversal .........................16-6 16.8 ID Type and Content........................16-7...
  • Page 11 Prestige 652H/HW Series User’s Guide 20.1 Bandwidth Management Overview..................20-1 20.2 Bandwidth Classes and Filters ....................20-1 20.3 Proportional Bandwidth Allocation..................20-2 20.4 Bandwidth Management Usage Examples................20-2 20.5 Scheduler..........................20-4 20.6 Maximize Bandwidth Usage ....................20-4 20.7 Bandwidth Borrowing ......................20-6 20.8 Configuring Summary......................20-8 20.9 Introduction to DiffServ ......................20-10 20.10 Configuring Class Setup......................20-11 20.11 Configuring Monitor ......................20-18 Maintenance ..............................
  • Page 12 Prestige 652H/HW Series User’s Guide 25.2 Protocol Dependent Ethernet Setup ..................25-2 25.3 TCP/IP Ethernet Setup and DHCP...................25-2 25.4 Introduction to VLANs ......................25-4 25.5 Introduction to Port-based VLANs ..................25-5 25.6 Port Based VLAN Setup......................25-5 Chapter 26 Wireless LAN Setup.......................26-1 26.1 Wireless LAN Overview......................26-1 26.2 Inserting a PCMCIA Wireless LAN Card ................26-1 26.3 Wireless LAN Setup ........................26-1 Chapter 27 Internet Access ........................27-1...
  • Page 13 Prestige 652H/HW Series User’s Guide 33.3 Enabling the Firewall .......................33-1 SMT Advanced Management........................X Chapter 34 Filter Configuration .......................34-1 34.1 About Filtering .........................34-1 34.2 Configuring a Filter Set for the Prestige ..................34-4 34.3 Filter Rules Summary Menus....................34-6 34.4 Configuring a Filter Rule ......................34-7 34.5 Filter Types and NAT ......................34-14 34.6 Example Filter........................34-14 34.7 Applying Filtersand Factory Defaults ..................34-17...
  • Page 14 Prestige 652H/HW Series User’s Guide 41.4 IP Routing Policy Setup......................41-2 41.5 Applying an IP Policy......................41-5 41.6 IP Policy Routing Example......................41-7 Chapter 42 Call Scheduling ........................42-1 42.1 Introduction..........................42-1 SMT VPN/IPSec and Internal SPTGEN.....................XI Chapter 43 VPN/IPSec Setup........................43-1 43.1 VPN/IPSec Overview ......................43-1 43.2 IPSec Summary Screen......................43-2 43.3 IPSec Setup ..........................43-5 43.4 IKE Setup..........................43-11...

  • Page 15: List Of Figures

    Prestige 652H/HW Series User’s Guide List of Figures Figure 1-1 Prestige Internet Access Application .................... 1-7 Figure 1-2 Firewall Application ........................1-8 Figure 1-3 VPN Application .......................... 1-9 Figure 1-4 Prestige LAN-to-LAN Application .................... 1-10 Figure 2-1 Password Screen........................... 2-1 Figure 2-2 Example Xmodem Upload ......................
  • Page 16 Prestige 652H/HW Series User’s Guide ..........................8-9 Figure 8-5 WAN Backup Figure 8-6 Advanced WAN Backup......................8-12 ........................8-17 Figure 8-7 Advanced Modem Setup Figure 9-1 How NAT Works...........................9-2 Figure 9-2 NAT Application With IP Alias .....................9-3 Figure 9-3 Multiple Servers Behind NAT Example..................9-6 Figure 9-4 NAT Mode.............................9-7 Figure 9-5 Edit SUA/NAT Server Set......................9-8 Figure 9-6 Address Mapping Rules ......................9-10...
  • Page 17 Prestige 652H/HW Series User’s Guide Figure 16-6 Two Phases to Set Up the IPSec SA..................16-17 Figure 16-7 VPN IKE: Advanced Setup ....................16-19 Figure 16-8 Manual Setup.......................... 16-23 Figure 16-9 SA Monitor..........................16-27 Figure 16-10 Global Setting........................16-28 Figure 16-11 Telecommuters Sharing One VPN Rule Example ..............16-29 Figure 16-12 Telecommuters Using Unique VPN Rules Example ............
  • Page 18 Prestige 652H/HW Series User’s Guide Figure 24-6 Menu 11.2 Remote Node PPP Options ...................24-10 Figure 24-7 Menu 11.2 Remote Node PPP Options ...................24-11 Figure 24-8 Menu 11.3 Remote Node Network Layer Options..............24-11 Figure 24-9 Menu 11.4 Remote Node Setup Script ..................24-14 Figure 24-10 Menu 11.1 Remote Node Profile (Backup ISP) ..............24-15 Figure 24-11 Menu 11.5 Dial Backup Remote Node Filter ................24-15 Figure 25-1 Menu 3 LAN Setup ........................25-1...
  • Page 19 Prestige 652H/HW Series User’s Guide Figure 32-2 Menu 11.3 Applying NAT to the Remote Node ............... 32-3 Figure 32-3 Menu 15 NAT Setup......................... 32-4 Figure 32-4 Menu 15.1 Address Mapping Sets.................... 32-4 Figure 32-5 Menu 15.1.255 SUA Address Mapping Rules................32-5 Figure 32-6 Menu 15.1.1 First Set .......................
  • Page 20 Prestige 652H/HW Series User’s Guide Figure 36-4 Menu 23 System Security ......................36-3 Figure 36-5 Menu 23.4 System Security : IEEE802.1x................36-4 Figure 36-6 Menu 14 Dial-in User Setup......................36-7 Figure 36-7 Menu 14.1 Edit Dial-in User .....................36-7 Figure 37-1 Menu 24 System Maintenance ....................37-1 Figure 37-2 Menu 24.1 System Maintenance : Status ..................37-2 Figure 37-3 Menu 24.2 System Information and Console Port Speed............37-3 Figure 37-4 Menu 24.2.1 System Maintenance : Information ..............37-4...
  • Page 21 Prestige 652H/HW Series User’s Guide Figure 41-3 Menu 25.1.1 IP Routing Policy ....................41-4 Figure 41-4 Menu 3.2 TCP/IP and DHCP Ethernet Setup ................41-6 Figure 41-5 Menu 11.3 Remote Node Network Layer Options ..............41-6 Figure 41-6 Example of IP Policy Routing ....................41-7 Figure 41-7 IP Routing Policy Example ......................
  • Page 22 Prestige 652H/HW Series User’s Guide List of Tables Table 2-1 Web Configurator Screens Summary....................2-5 Table 3-1 Wizard Screen 1..........................3-3 Table 3-2 Internet Connection with PPPoE ....................3-7 Table 3-3 Internet Connection with RFC 1483 ....................3-8 Table 3-4 Internet Connection with ENET ENCAP ..................3-9 Table 3-5 Internet Connection with PPPoA....................3-10 Table 3-6 Wizard : LAN Configuration ......................3-13 Table 4-1 Password............................4-1...
  • Page 23 Prestige 652H/HW Series User’s Guide Table 13-2 Rule Summary ........................... 13-8 Table 13-3 Insert/Append A Firewall Rule....................13-12 Table 13-4 Add/Edit A Custom Port......................13-14 Table 13-5 Predefined Services........................13-20 Table 13-6 Anti-Probing..........................13-23 Table 13-7 Firewall Threshold ........................13-26 Table 14-1 Content Filter: Keyword ......................
  • Page 24 Prestige 652H/HW Series User’s Guide Table 20-14 Bandwidth Manager: Class Configuration................20-13 Table 20-15 Bandwidth Manager: Class Configuration................20-14 Table 20-16 Services and Port Numbers.....................20-16 Table 20-17 Bandwidth Management Statistics..................20-17 Table 20-18 Bandwidth Management Statistics..................20-17 Table 20-19 Bandwidth Manager Monitor....................20-18 Table 20-20 Bandwidth Manager Monitor....................20-18 Table 21-1 System Status..........................21-3 Table 21-2 System Status: Show Statistics ....................21-5 Table 21-3 DHCP Table ..........................21-6...
  • Page 25 Prestige 652H/HW Series User’s Guide Table 32-1 Applying NAT in Menus 4 & 11.3 ..................... 32-3 Table 32-2 SUA Address Mapping Rules ....................32-5 Table 32-3 Menu 15.1.1 First Set......................... 32-7 Table 32-4 Menu 15.1.1.1 Editing/Configuring an Individual Rule in a Set..........32-8 Table 34-1 Abbreviations Used in the Filter Rules Summary Menu............
  • Page 26 Prestige 652H/HW Series User’s Guide List of Charts Chart A-1 Troubleshooting the Start-Up of Your Prestige ................A-1 Chart A-2 Troubleshooting the LAN LED.....................A-1 Chart A-3 Troubleshooting the DSL LED .....................A-2 Chart A-4 Troubleshooting the LAN Interface ....................A-2 Chart A-5 Troubleshooting the WAN Interface .....................A-3 Chart A-6 Troubleshooting Internet Access ....................A-3 Chart A-7 Troubleshooting the Password ......................A-4 Chart A-8 Troubleshooting the Web Configurator..................A-4...

  • Page 27: Preface

    Prestige 652H/HW Series User’s Guide Preface Congratulations on your purchase of the Prestige 652H ADSL Security Router or the 652HW ADSL Security/Wireless LAN Router. Register your product online to receive e-mail notices of firmware upgrades and information at www.zyxel.com for global products, or at www.us.zyxel.com North American products.

  • Page 28: Syntax Conventions

    Help us help you! E-mail all User Guide-related comments, questions or suggestions for improvement to techwriters@zyxel.com.tw or send regular mail to The Technical Writing Team, ZyXEL Communications Corp., 6 Innovation Road II, Science-Based Industrial Park, Hsinchu, 300, Taiwan. Thank you! Syntax Conventions •...
  • Page 29 Prestige 652H/HW Series User’s Guide Graphics Icons Key Prestige Notebook computer Computer Modem Firewall Server Switch Router Telephone Wireless Access Point Wireless Signal DSLAM The following section offers some background information on DSL. Skip to Chapter 1 if you wish to begin working with your router right away. Preface xxix...

  • Page 30: Introduction To Dsl

    Prestige 652H/HW Series User’s Guide Introduction to DSL DSL (Digital Subscriber Line) technology enhances the data capacity of the existing twisted-pair wire that runs between the local telephone company switching offices and most homes and offices. While the wire itself can handle higher frequencies, the telephone switching equipment is designed to cut off signals above 4,000 Hz to filter noise off the voice line, but now everybody is searching for ways to get more bandwidth to improve access to the Web - hence DSL technologies.

  • Page 31: Getting Started

    Getting Started Part I: Getting Started This part is structured as a step-by-step guide to help you access your Prestige. It covers key features and applications, accessing the web configurator and configuring the wizard screens for initial setup.

  • Page 33: Chapter 1 Getting To Know Your Prestige

    Prestige 652H/HW Series User’s Guide Chapter 1 Getting To Know Your Prestige This chapter describes the key features and applications of your Prestige Introducing the Prestige 652H/HW Series Your Prestige integrates high-speed 10/100Mbps auto-negotiating LAN interface(s) and a high-speed ADSL port into a single package.

  • Page 34: Wireless Lan Mac Address Filtering

    Prestige 652H/HW Series User’s Guide LAN. The Prestige firewall supports TCP/UDP inspection, DoS detection and prevention, real time alerts, reports and logs. You can configure most features of the Prestige via SMT but we recommend you configure the firewall and content filters using the web configurator. Content Filtering Content filtering allows you to block access to forbidden Internet web sites, schedule when the Prestige should perform the filtering and give trusted LAN IP addresses unfiltered Internet access.

  • Page 35: Traffic Redirect

    Prestige 652H/HW Series User’s Guide Traffic Redirect Traffic redirect forwards WAN traffic to a backup gateway when the Prestige cannot connect to the Internet, thus acting as an auxiliary if your regular WAN connection fails. Auxiliary Port The auxiliary port can be used in reserve as a traditional dial-up connection when/if ever the broadband connection to the WAN port fails.

  • Page 36: Dynamic Dns Support

    Prestige 652H/HW Series User’s Guide LAN/DMZ Interface The Prestige provides a LAN port that can function as a virtual DeMilitarized Zone (DMZ) port. Public servers (Web, FTP, etc.) attached to the DMZ port are visible to the outside world (while still being protected from DoS (Denial of Service) attacks such as SYN flooding and Ping of Death) and can also be accessed from the secure LAN.

  • Page 37: Networking Compatibility

    Prestige 652H/HW Series User’s Guide DHCP (Dynamic Host Configuration Protocol) allows the individual clients (computers) to obtain the TCP/IP configuration at start-up from a centralized DHCP server. The Prestige has built-in DHCP server capability enabled by default. It can assign IP addresses, an IP default gateway and DNS servers to DHCP clients.

  • Page 38: Diagnostics Capabilities

    Prestige 652H/HW Series User’s Guide ♦ CLI (Command Line Interpreter) ♦ Remote Management via Telnet or Web. ♦ SNMP manageable ♦ DHCP Server/Client/Relay ♦ Built-in Diagnostic Tools ♦ Syslog ♦ Telnet Support (Password-protected telnet access to internal configuration manager) ♦ TFTP/FTP server, firmware upgrade and configuration backup/support supported ♦...

  • Page 39: Applications For The Prestige

    Prestige 652H/HW Series User’s Guide Applications for the Prestige Here are some example uses for which the Prestige is well suited. 1.3.1 Internet Access The Prestige is the ideal high-speed Internet access solution. Your Prestige supports the TCP/IP protocol, which the Internet uses exclusively. It is compatible with all major ADSL DSLAM (Digital Subscriber Line Access Multiplexer) providers.

  • Page 40: Figure 1-2 Firewall Application

    Prestige 652H/HW Series User’s Guide Figure 1-2 Firewall Application 1.3.3 VPN Application The Prestige’s VPN feature makes it an ideal cost-effective way to connect branch offices and business partners over the Internet without the need (and expense) for leased lines between sites. VPN ensures the privacy and integrity of your data transmissions.

  • Page 41: Figure 1-3 Vpn Application

    Prestige 652H/HW Series User’s Guide Figure 1-3 VPN Application 1.3.4 LAN to LAN Application You can use the Prestige to connect two geogr ly dispersed networks over the ADSL line. A typical aphical LAN-to-LAN application for your Prestige is shown as follows. Getting To Know Your Prestige...

  • Page 42: Figure 1-4 Prestige Lan-To-Lan Application

    Prestige 652H/HW Series User’s Guide Figure 1-4 Prestige LAN-to-LAN Application 1-10 Getting To Know Your Prestige...

  • Page 43: Chapter 2 Introducing The Web Configurator

    Prestige 652H/HW Series User’s Guide Chapter 2 Introducing the Web Configurator This chapter describes how to access and navigate the web configurator. Web Configurator Overview The embedded web configurator allows you to manage the Prestige from anywhere through a browser such as Microsoft Internet Explorer or Netscape Navigator.

  • Page 44: Resetting The Prestige

    Prestige 652H/HW Series User’s Guide Step 6. You should now see the SITE MAP screen. The Prestige automatically times out after five minutes of inactivity. Simply log back into the Prestige if this happens to you. Resetting the Prestige If you forget your password or cannot access the SMT menu, you will need to reload the factory-default configuration file or use the RESET button the back of the Prestige.

  • Page 45: Figure 2-2 Example Xmodem Upload

    Prestige 652H/HW Series User’s Guide Type the configuration file’s location, or click Browse to search for it. Choose the Xmodem protocol. Then click Send. Figure 2-2 Example Xmodem Upload Step 5. After successful firmware upload, enter "atgo" to restart the router. Introducing the Web Configurator...

  • Page 46: Navigating The Prestige Web Configurator

    Prestige 652H/HW Series User’s Guide Navigating the Prestige Web Configurator The following summarizes how to navigate the web configurator from the SITE MAP screen. Screens vary slightly for different Prestige models. Select a language from the Language drop-down list box. Click Wizard Setup to begin a series of screens to configure your Prestige for the first time.

  • Page 47: Table 2-1 Web Configurator Screens Summary

    Prestige 652H/HW Series User’s Guide Table 2-1 Web Configurator Screens Summary LINK SUB-LINK FUNCTION Wizard Setup Use these screens for initial configuration including general setup, ISP parameters for Internet Access and WAN IP/DNS Server/MAC address assignment. Advanced Setup Password Use this screen to change your password. Use this screen to configure LAN DHCP and TCP/IP settings.
  • Page 48 Prestige 652H/HW Series User’s Guide Table 2-1 Web Configurator Screens Summary LINK SUB-LINK FUNCTION Content Filter Keyword Use this screen to block sites containing certain keywords in the URL. Schedule Use this screen to set the days and times for the Prestige to perform content filtering.
  • Page 49 Prestige 652H/HW Series User’s Guide Table 2-1 Web Configurator Screens Summary LINK SUB-LINK FUNCTION DSL Line These screens display information to help you identify problems with the DSL line. Firmware Use this screen to upload firmware to your Prestige Configuration Use this screen to backup and restore the configuration or reset the factory defaults to your Prestige.

  • Page 51: Chapter 3 Wizard Setup

    Prestige 652H/HW Series User’s Guide Chapter 3 Wizard Setup This chapter provides information on the Wizard Setup screens in the web configurator. Wizard Setup Introduction Use the Wizard Setup screens to configure your system for Internet access settings and fill in the fields with the information in the Internet Account Information table of the Compact Guide.

  • Page 52: Multiplexing

    Prestige 652H/HW Series User’s Guide 3.2.4 RFC 1483 RFC 1483 describes two methods for Multiprotocol Encapsulation over ATM Adaptation Layer 5 (AAL5). The first method allows multiplexing of multiple protocols over a single ATM virtual circuit (LLC-based multiplexing) and the second method assumes that each protocol is carried over a separate ATM virtual circuit (VC-based multiplexing).

  • Page 53: Figure 3-1 Wizard Screen 1

    Prestige 652H/HW Series User’s Guide Figure 3-1 Wizard Screen 1 The following table describes the fields in this screen. Table 3-1 Wizard Screen 1 LABEL DESCRIPTION Mode From the Mode drop-down list box, select Routing (default) if your ISP allows multiple computers to share an Internet account.

  • Page 54: Ip Address And Subnet Mask

    Prestige 652H/HW Series User’s Guide Table 3-1 Wizard Screen 1 LABEL DESCRIPTION Next Click this button to go to the next wizard screen. The next wizard screen you see depends on what protocol you chose above. Click on the protocol link to see the next wizard screen for that protocol.

  • Page 55: Ip Assignment With Pppoa Or Pppoe Encapsulation

    Prestige 652H/HW Series User’s Guide 3.7.1 IP Assignment with PPPoA or PPPoE Encapsulation If you have a dynamic IP, then the IP Address and ENET ENCAP Gateway fields are not applicable (N/A). If you have a static IP, then you only need to fill in the IP Address field and not the ENET ENCAP Gateway field.

  • Page 56: Nailed-Up Connection (Ppp)

    Prestige 652H/HW Series User’s Guide Nailed-Up Connection (PPP) A nailed-up connection is a dial-up line where the connection is always up regardless of traffic demand. The Prestige does two things when you specify a nailed-up connection. The first is that idle timeout is disabled. The second is that the Prestige will try to bring up the connection when turned on and whenever the connection is down.

  • Page 57: Table 3-2 Internet Connection With Pppoe

    Prestige 652H/HW Series User’s Guide The following table describes the fields in this screen. Table 3-2 Internet Connection with PPPoE LABEL DESCRIPTION Service Name Type the name of your PPPoE service here. User Name Enter the user name exactly as your ISP assigned. If assigned a name in the form user@domain where domain identifies a service name, then enter both components exactly as given.

  • Page 58: Figure 3-3 Internet Connection With Rfc 1483

    Prestige 652H/HW Series User’s Guide Figure 3-3 Internet Connection with RFC 1483 The following table describes the fields in this screen. Table 3-3 Internet Connection with RFC 1483 LABEL DESCRIPTION IP Address This field is available if you select Routing in the Mode field. Type your ISP assigned IP address in this field.

  • Page 59: Figure 3-4 Internet Connection With Enet Encap

    Prestige 652H/HW Series User’s Guide Figure 3-4 Internet Connection with ENET ENCAP The following table describes the fields in this screen. Table 3-4 Internet Connection with ENET ENCAP LABEL DESCRIPTION IP Address A static IP address is a fixed IP that your ISP gives you. A dynamic IP address is not fixed;...

  • Page 60: Figure 3-5 Internet Connection With Pppoa

    Prestige 652H/HW Series User’s Guide Table 3-4 Internet Connection with ENET ENCAP LABEL DESCRIPTION Back Click Back to go back to the first wizard screen. Next Click Next to continue to the next wizard screen. Figure 3-5 Internet Connection with PPPoA The following table describes the fields in this screen.

  • Page 61: Dhcp Setup

    Prestige 652H/HW Series User’s Guide Table 3-5 Internet Connection with PPPoA LABEL DESCRIPTION Password Enter the password associated with the user name above. IP Address This option is available if you select Routing in the Mode field. A static IP address is a fixed IP that your ISP gives you. A dynamic IP address is not fixed; the ISP assigns you a different one each time you connect to the Internet.

  • Page 62: Wizard Setup Configuration: Third Screen

    Prestige 652H/HW Series User’s Guide 3.11.1 IP Pool Setup The Prestige is pre-configured with a pool of 32 IP addresses starting from 192.168.1.33 to 192.168.1.64 for the client machines. This leaves 31 IP addresses, 192.168.1.2 to 192.168.1.32 (excluding the Prestige itself which has a default IP of 192.168.1.1) for other server machines, for example, server for mail, FTP, telnet, web, etc., that you may have.

  • Page 63: Figure 3-7 Wizard : Lan Configuration

    Prestige 652H/HW Series User’s Guide Figure 3-7 Wizard : LAN Configuration The following table describes the fields in this screen. Table 3-6 Wizard : LAN Configuration LABEL DESCRIPTION LAN IP Address Enter the IP address of your Prestige in dotted decimal notation, for example, 192.168.1.1 (factory default).

  • Page 64: Wizard Setup Configuration: Connection Tests

    Prestige 652H/HW Series User’s Guide Table 3-6 Wizard : LAN Configuration LABEL DESCRIPTION Client IP Pool Starting This field specifies the first of the contiguous addresses in the IP address pool. Address Size of Client IP Pool This field specifies the size or count of the IP address pool. Primary DNS Server Enter the IP addresses of the DNS servers.

  • Page 65: Test Your Internet Connection

    Prestige 652H/HW Series User’s Guide 3.14 Test Your Internet Connection Launch your web browser and navigate to www.zyxel.com. Internet access is just the beginning. Refer to the rest of this User’s Guide for more detailed information on the complete range of Prestige features. If you cannot access the Internet, open the web configurator again to confirm that the Internet settings you configured in the Wizard Setup are correct.

  • Page 67: Password, Lan, Dmz, Wireless Lan And Wan

    Password, LAN, DMZ, Wireless LAN and WAN Part II: Password, LAN, DMZ, Wireless LAN and WAN This part covers the password, LAN (Local Area Network), DMZ, wireless LAN and WAN setup.

  • Page 69: Chapter 4 Password Setup

    Prestige 652H/HW Series User’s Guide Chapter 4 Password Setup This chapter provides information on the Password screen. Password Overview It is highly recommended that you change the password for accessing the Prestige. Configuring Password To change your Prestige’s password (recommended), click Password. The screen appears as shown. Figure 4-1 Password The following table describes the fields in this screen.
  • Page 70 Prestige 652H/HW Series User’s Guide Table 4-1 Password LABEL DESCRIPTION Retype to Confirm Type the new password again in this field. Click Apply to save your changes back to the Prestige. Apply Cancel Click Cancel to begin configuring this screen afresh. Password Setup...

  • Page 71: Chapter 5 Lan Setup

    Prestige 652H/HW Series User’s Guide Chapter 5 LAN Setup This chapter describes how to configure LAN settings. LAN Overview A Local Area Network (LAN) is a shared communication system to which many computers are attached. A LAN is a computer network limited to the immediate area, usually the same building or floor of a building. The LAN screens can help you configure a LAN DHCP server and manage IP addresses.

  • Page 72: Dns Server Address Assignment

    Prestige 652H/HW Series User’s Guide There are two ways that an ISP disseminates the DNS server addresses. The first is for an ISP to tell a customer the DNS server addresses, usually in the form of an information sheet, when s/he signs up. If your ISP gives you the DNS server addresses, enter them in the DNS Server fields in the LAN Setup screen, otherwise, leave them blank.

  • Page 73: Rip Setup

    Prestige 652H/HW Series User’s Guide These parameters should work for the majority of installations. If your ISP gives you explicit DNS server address(es), read the embedded web configurator help regarding what fields need to be configured. 5.4.2 IP Address and Subnet Mask Refer to the IP Address and Subnet Mask section in the Wizard Setup chapter for this information.

  • Page 74: Configuring Lan

    Prestige 652H/HW Series User’s Guide Configuring LAN Click LAN to open the following screen. Figure 5-2 LAN The following table describes the fields in this screen. Table 5-1 LAN LABEL DESCRIPTION DHCP If set to Server, your Prestige can assign IP addresses, an IP default gateway and DNS servers to Windows 95, Windows NT and other systems that support the DHCP client.
  • Page 75 Prestige 652H/HW Series User’s Guide Table 5-1 LAN LABEL DESCRIPTION Client IP Pool This field specifies the first of the contiguous addresses in the IP address pool. Starting Address Size of Client IP This field specifies the size or count of the IP address pool. Pool Primary DNS Enter the IP addresses of the DNS servers.

  • Page 77: Chapter 6 Dmz Screens

    Prestige 652H/HW Series User’s Guide Chapter 6 DMZ Screens This chapter describes how to configure the Prestige’s DMZ. DMZ Overview The DeMilitarized Zone (DMZ) auto-negotiating 10/100 Mbps Ethernet port provides a way for public servers (Web, e-mail, FTP, etc.) to be visible to the outside world (while still being protected from DoS (Denial of Service) attacks such as SYN flooding and Ping of Death).
  • Page 78 Prestige 652H/HW Series User’s Guide Figure 6-1 DMZ The following table describes the labels in this screen. Table 6-1 DMZ LABEL DESCRIPTION DMZ TCP/IP IP Address Type the IP address of your Prestige’s DMZ port in dotted decimal notation. Make sure the IP address is on a separate subnet from the LAN port.

  • Page 79: Table 6-1 Dmz

    Prestige 652H/HW Series User’s Guide Table 6-1 DMZ LABEL DESCRIPTION RIP Direction RIP (Routing Information Protocol, RFC1058 and RFC 1389) allows a router to exchange routing information with other routers. The RIP Direction field controls the sending and receiving of RIP packets. Select the RIP direction from Both/In Only/Out Only/None.

  • Page 81: Chapter 7 Wireless Lan Setup

    Prestige 652H/HW Series User’s Guide Chapter 7 Wireless LAN Setup This chapter discusses how to configure Wireless LAN on the Prestige. Wireless LAN Overview This section introduces the wireless LAN and some basic configurations. Wireless LANs can be as simple as two computers with wireless LAN cards communicating in a peer-to-peer network or as complex as a number of computers with wireless LAN cards communicating through access points which bridge network traffic to the wired LAN.

  • Page 82: Figure 7-1 Rts/Cts

    Prestige 652H/HW Series User’s Guide 7.1.4 RTS/CTS A hidden node occurs when two stations are within range of the same access point, but are not within range of each other. The following figure illustrates a hidden node. Both stations (STA) are within range of the access point (AP) or wireless gateway, but out-of-range of each other, so they cannot “hear”...

  • Page 83: Levels Of Security

    Prestige 652H/HW Series User’s Guide Enabling the RTS Threshold causes redundant network overhead that could negatively affect the throughput performance instead of providing a remedy. 7.1.5 Fragmentation Threshold A Fragmentation Threshold is the maximum data fragment size (between 256 and 2432 bytes) that can be sent in the wireless network before the Prestige will fragment the packet into smaller data frames.

  • Page 84: Data Encryption With Wep

    Prestige 652H/HW Series User’s Guide Use the Prestige web configurator to configurator to set up your wireless LAN security settings. Refer to the chapter on using the Prestige web configurator to see how to access the web configurator. Data Encryption with WEP WEP encryption scrambles the data transmitted between the wireless stations and the access points to keep network communications private.
  • Page 85 Prestige 652H/HW Series User’s Guide Figure 7-3 Wireless The following table describes the fields in this screen. Table 7-1 Wireless LABEL DESCRIPTION Enable Wireless The wireless LAN is turned off by default, before you enable the wireless LAN you should configure some security by setting MAC filters and/or 802.1x security; otherwise your wireless LAN will be vulnerable upon enabling it.

  • Page 86: Table 7-1 Wireless

    Prestige 652H/HW Series User’s Guide Table 7-1 Wireless LABEL DESCRIPTION Hide ESSID Select Yes to hide the ESSID in so a station cannot obtain the ESSID through passive scanning. Select No to make the ESSID visible so a station can obtain the ESSID through passive scanning.

  • Page 87: Configuring Mac Filter

    Prestige 652H/HW Series User’s Guide Table 7-1 Wireless LABEL DESCRIPTION Cancel Click Cancel to begin configuring this screen afresh. Configuring MAC Filter The MAC filter screen allows you to configure the Prestige to give exclusive access to up to 32 devices (Allow Association) or exclude up to 32 devices from accessing the Prestige (Deny Association).

  • Page 88: Figure 7-4 Mac Address Filter

    Prestige 652H/HW Series User’s Guide Figure 7-4 MAC Address Filter The following table describes the fields in this menu. Wireless LAN Setup...

  • Page 89: Network Authentication

    Prestige 652H/HW Series User’s Guide Table 7-2 MAC Address Filter LABEL DESCRIPTION Active Select Yes from the drop down list box to enable MAC address filtering Action Define the filter action for the list of MAC addresses in the MAC address filter table. Select Deny Association to block access to the router, MAC addresses not listed will be allowed to access the router.

  • Page 90: Types Of Radius Messages

    Prestige 652H/HW Series User’s Guide • Accounting Keeps track of the client’s network activity. RADIUS is a simple package exchange in which your Prestige acts as a message relay between the wireless station and the network RADIUS server. Types of RADIUS Messages The following types of RADIUS messages are exchanged between the access point and the RADIUS server for user authentication: •...

  • Page 91: Introduction To Wpa

    Prestige 652H/HW Series User’s Guide an EAP-compatible RADIUS server, the access point helps a wireless station and a RADIUS server perform authentication. Figure 7-5 EAP Authentication The details below provide a general description of how IEEE 802.1x EAP authentication works. For an example list of EAP-MD5 authentication steps, see the appendix about IEEE 802.1x.

  • Page 92: Wpa-Psk Application Example

    Prestige 652H/HW Series User’s Guide TKIP regularly changes and rotates the encryption keys so that the same encryption key is never used twice. The RADIUS server distributes a Pairwise Master Key (PMK) key to the AP that then sets up a key hierarchy and management system, using the pair-wise key to dynamically generate unique data encryption keys to encrypt every data packet that is wirelessly communicated between the AP and the wireless clients.

  • Page 93: Wpa With Radius Application Example

    Prestige 652H/HW Series User’s Guide Figure 7-6 WPA - PSK Authentication 7.10 WPA with RADIUS Application Example You need the IP address of the RADIUS server, its port number (default is 1812), and the RADIUS shared secret. A WPA application example with an external RADIUS server looks as follows. “A” is the RADIUS server.

  • Page 94: Security Parameters Summary

    Prestige 652H/HW Series User’s Guide Figure 7-7 WPA with RADIUS Application Example 7.11 Security Parameters Summary Refer to this table to see what other security parameters you should configure for each Authentication Method/ key management protocol type. You enter manual keys by first selecting 64-bit WEP or 128-bit WEP from the WEP Encryption field and then typing the keys (in ASCII or hexadecimal format) in the key text boxes.

  • Page 95: Wireless Client Wpa Supplicants

    Prestige 652H/HW Series User’s Guide Table 7-3 Wireless Security Relational Matrix AUTHENTICATION ENCRYPTION ENTER MANUAL ENABLE IEEE 802.1X METHOD/ KEY METHOD MANAGEMENT PROTOCOL Open None Open Enable with Dynamic WEP Key Enable without Dynamic WEP Key Disable Shared Enable with Dynamic WEP Key Enable without Dynamic WEP Key Disable TKIP...

  • Page 96: Figure 7-8 Wireless Lan: 802.1X/Wpa

    Prestige 652H/HW Series User’s Guide Figure 7-8 Wireless LAN: 802.1x/WPA The following table describes the label in this screen. Table 7-4 Wireless LAN: 802.1x/WPA LABEL DESCRIPTION Wireless Port To control wireless stations access to the wired network, select a control method from the drop-down list box.

  • Page 97: Figure 7-9 Wireless Lan: 802.1X/Wpa For 802.1X Protocol

    Prestige 652H/HW Series User’s Guide Figure 7-9 Wireless LAN: 802.1x/WPA for 802.1x Protocol The following table describes the labels in this screen. Table 7-5 Wireless LAN: 802.1x/WPA for 802.1x Protocol LABEL DESCRIPTION Wireless Port To control wireless stations access to the wired network, select a control method from Control the drop-down list box.
  • Page 98 Prestige 652H/HW Series User’s Guide Table 7-5 Wireless LAN: 802.1x/WPA for 802.1x Protocol LABEL DESCRIPTION Key Management Choose 802.1x from the drop-down list. Protocol Dynamic WEP This field is activated only when you select Authentication Required in the Wireless Key Exchange Port Control field.

  • Page 99: Figure 7-10 Wireless Lan: 802.1X/Wpa For Wpa Protocol

    Prestige 652H/HW Series User’s Guide Once you enable user authentication, you need to specify an external RADIUS server or create local user accounts on the Prestige for authentication. Authentication Required: WPA Select Authentication Required in the Wireless Port Control field and WPA in the Key Management Protocol field to display the next screen.
  • Page 100 Prestige 652H/HW Series User’s Guide Table 7-6 Wireless LAN: 802.1x/WPA for WPA Protocol LABEL DESCRIPTION WPA Mixed Mode The Prestige can operate in WPA Mixed Mode, which supports both clients running WPA and clients running dynamic WEP key exchange with 802.1x in the same Wi-Fi network.

  • Page 101: Figure 7-11 Wireless Lan: 802.1X/Wpa For Wpa-Psk Protocol

    Prestige 652H/HW Series User’s Guide Figure 7-11 Wireless LAN: 802.1x/WPA for WPA-PSK Protocol The following table describes the labels not previously discussed Table 7-7 Wireless LAN: 802.1x/WPA for WPA-PSK Protocol LABEL DESCRIPTION Choose WPA-PSK in this field. Key Management Protocol Pre-Shared Key The encryption mechanisms used for WPA and WPA-PSK are the same.

  • Page 102: Configuring Local User Authentication

    Prestige 652H/HW Series User’s Guide Table 7-7 Wireless LAN: 802.1x/WPA for WPA-PSK Protocol LABEL DESCRIPTION Group Data Group Data Privacy allows you to choose TKIP (recommended) or WEP for Privacy broadcast and multicast (“group”) traffic if the Key Management Protocol is WPA and WPA Mixed Mode is disabled.

  • Page 103: Figure 7-12 Local User Database

    Prestige 652H/HW Series User’s Guide Figure 7-12 Local User Database The following table describes the fields in this screen. Wireless LAN Setup 7-23...

  • Page 104: Configuring Radius

    Prestige 652H/HW Series User’s Guide Table 7-8 Local User Database LABEL DESCRIPTION This is the index number of a local user account. Active Select this check box to enable the user profile. User Name Enter the user name of the user profile. Password Enter a password up to 31 characters long for this user profile.

  • Page 105: Configuring Roaming

    Prestige 652H/HW Series User’s Guide The following table describes the fields in this screen. Table 7-9 RADIUS LABEL DESCRIPTION Authentication Server Active Select Yes from the drop-down list box to enable user authentication through an external authentication server. Server IP Address Enter the IP address of the external authentication server in dotted decimal notation.

  • Page 106: Figure 7-14 Roaming Example

    Prestige 652H/HW Series User’s Guide wireless station can associate with a particular access point only if it is within the access point’s coverage area. In a network environment with multiple access points, wireless stations are able to switch from one access point to another as they move between the coverage areas.

  • Page 107: Figure 7-15 Roaming

    Prestige 652H/HW Series User’s Guide The steps below describe the roaming process. Step 1. As wireless station Y moves from the coverage area of access point AP 1 to that of access point AP 2, it scans and uses the signal of access point AP 2. Step 2.

  • Page 108: Table 7-10 Roaming

    Prestige 652H/HW Series User’s Guide Table 7-10 Roaming LABEL DESCRIPTION Active Select the check box to enable roaming on the Prestige if you have two or more Prestiges on the same subnet. All APs on the same subnet and the wireless stations must have the same ESSID to allow roaming.

  • Page 109: Chapter 8 Wan Setup

    Prestige 652H/HW Series User’s Guide Chapter 8 WAN Setup This chapter describes how to configure WAN settings. WAN Overview A WAN (Wide Area Network) is an outside connection to another network or the Internet. See the Wizard Setup chapter for more information on the fields in the WAN screens. Metric The metric represents the "cost of transmission".

  • Page 110: Traffic Shaping

    Prestige 652H/HW Series User’s Guide For the service provider, PPPoE offers an access and authentication method that works with existing access control systems (for example Radius). PPPoE provides a login and authentication method that the existing Microsoft Dial-Up Networking software can activate, and therefore requires no new learning or procedures for Windows users.

  • Page 111: Configuring Wan Setup

    Prestige 652H/HW Series User’s Guide Figure 8-1 Example of Traffic Shaping Configuring WAN Setup To change your Prestige’s WAN remote node settings, click WAN, WAN Setup. The screen differs by the encapsulation. WAN Setup...

  • Page 112: Figure 8-2 Wan Setup

    Prestige 652H/HW Series User’s Guide Figure 8-2 WAN Setup The following table describes the fields in this screen. WAN Setup...

  • Page 113: Table 8-1 Wan Setup

    Prestige 652H/HW Series User’s Guide Table 8-1 WAN Setup LABEL DESCRIPTION Name Enter the name of your Internet Service Provider, e.g., MyISP. This information is for identification purposes only. Mode Select Routing (default) from the drop-down list box if your ISP allows multiple computers to share an Internet account.
  • Page 114 Prestige 652H/HW Series User’s Guide Table 8-1 WAN Setup LABEL DESCRIPTION Maximum Burst Size Maximum Burst Size (MBS) refers to the maximum number of cells that can be sent at the peak rate. Type the MBS, which is less than 65535. Login Information (PPPoA and PPPoE encapsulation only) Service Name...

  • Page 115: Wan Backup

    Prestige 652H/HW Series User’s Guide Table 8-1 WAN Setup LABEL DESCRIPTION PPPoE + In addition to the Prestige's built-in PPPoE client, you can enable PPPoE pass through PPPoE_Client_PC to allow up to ten hosts on the LAN to use PPPoE client software on their computers to connect to the ISP via the Prestige.

  • Page 116: Configuring Wan Backup

    Prestige 652H/HW Series User’s Guide Figure 8-3 Traffic Redirect Example The following network topology allows you to avoid triangle route security issues when the backup gateway is connected to the LAN or DMZ. Use IP alias to configure the LAN into two or three logical networks with the Prestige itself as the gateway for each LAN network.

  • Page 117: Figure 8-5 Wan Backup

    Prestige 652H/HW Series User’s Guide Figure 8-5 WAN Backup The following table describes the fields in this screen. WAN Setup...

  • Page 118: Table 8-2 Wan Backup

    Prestige 652H/HW Series User’s Guide Table 8-2 WAN Backup LABEL DESCRIPTION Backup Type Select the method that the Prestige uses to check the DSL connection. Select DSL Link to have the Prestige check the DSL connection’s physical layer. Select ICMP to have the Prestige periodically ping the IP addresses configured in the Check WAN IP Address fields.

  • Page 119: Configuring Advanced Wan Backup

    Prestige 652H/HW Series User’s Guide Table 8-2 WAN Backup LABEL DESCRIPTION Dial Backup Active Select this check box to turn on dial backup. Metric This field sets this route's priority among the three routes the Prestige uses (normal, traffic redirect and dial backup). Type a number (1 to 15) to set the priority of the dial backup route for data transmission.

  • Page 120: Figure 8-6 Advanced Wan Backup

    Prestige 652H/HW Series User’s Guide Figure 8-6 Advanced WAN Backup 8-12 WAN Setup...

  • Page 121: Table 8-3 Advanced Wan Backup

    Prestige 652H/HW Series User’s Guide The following table describes the fields in this screen. Advanced WAN Backup Table 8-3 LABEL DESCRIPTION Basic Login Name Type the login name assigned by your ISP. Password Type the password assigned by your ISP. Retype to Confirm Type your password again to make sure that you have entered is correctly.
  • Page 122 Prestige 652H/HW Series User’s Guide Advanced WAN Backup Table 8-3 LABEL DESCRIPTION Enable SUA Network Address Translation (NAT) allows the translation of an Internet protocol address used within one network to a different IP address known within another network. SUA (Single User Account) is a subset of NAT that supports two types of mapping: Many-to-One and Server.

  • Page 123: At Command Strings

    Prestige 652H/HW Series User’s Guide Advanced WAN Backup Table 8-3 LABEL DESCRIPTION Select CISCO PPP from the drop-down list box if your backup WAN device uses Encapsulation Cisco PPP encapsulation; otherwise select Standard PPP. Compression Select this check box to enable stac compression. Connection Nailed-Up Select Nailed-Up Connection when you want your connection up all the time.

  • Page 124: Dtr Signal

    Prestige 652H/HW Series User’s Guide 8.11 DTR Signal The majority of WAN devices default to hanging up the current call when the DTR (Data Terminal Ready) signal is dropped by the DTE. When the “Drop DTR When Hang Up” check box is selected, the Prestige uses this hardware signal to force the WAN device to hang up, in addition to issuing the drop command “ATH”.

  • Page 125: Figure 8-7 Advanced Modem Setup

    Prestige 652H/HW Series User’s Guide Figure 8-7 Advanced Modem Setup The following table describes the fields in this screen. Table 8-4 Advanced Modem Setup LABEL DESCRIPTION AT Command Strings Dial Type the AT Command string to make a call. Example: atdt Drop Type the AT Command string to drop a call.
  • Page 126 Prestige 652H/HW Series User’s Guide Table 8-4 Advanced Modem Setup LABEL DESCRIPTION AT Response Strings CLID Type the keyword that precedes the CLID (Calling Line Identification) in the AT response string. This lets the Prestige capture the CLID in the AT response string that comes from the WAN device.

  • Page 127: Nat, Dynamic Dns And Time And Date

    NAT, Dynamic DNS and Time and Date Part III: NAT, Dynamic DNS and Time and Date This part covers NAT (Network Address Translation), dynamic DNS (Domain Name Sever) and Time and Date setup.

  • Page 129: Nat Overview

    Prestige 652H/HW Series User’s Guide Chapter 9 Network Address Translation (NAT) Screens This chapter discusses how to configure NAT on the Prestige. NAT Overview NAT (Network Address Translation - NAT, RFC 1631) is the translation of the IP address of a host in a packet, for example, the source address of an outgoing packet, used within one network to a different IP address known within another network.

  • Page 130: Figure 9-1 How Nat Works

    Prestige 652H/HW Series User’s Guide NAT never changes the IP address (either local or global) of an outside host. 9.1.2 What NAT Does In the simplest form, NAT changes the source IP address in a packet received from a subscriber (the inside local address) to another (the inside global address) before forwarding the packet to the WAN side.

  • Page 131: Figure 9-2 Nat Application With Ip Alias

    Prestige 652H/HW Series User’s Guide 9.1.4 NAT Application The following figure illustrates a possible NAT application, where three inside LANs (logical LANs using IP Alias) behind the Prestige can communicate with three distinct WAN networks. More examples follow at the end of this chapter.

  • Page 132: Sua (Single User Account) Versus Nat

    Prestige 652H/HW Series User’s Guide 3. Many to Many Overload: In Many-to-Many Overload mode, the Prestige maps the multiple local IP addresses to shared global IP addresses. 4. Many-to-Many No Overload: In Many-to-Many No Overload mode, the Prestige maps each local IP address to a unique global IP address.

  • Page 133: Sua Server

    Prestige 652H/HW Series User’s Guide IP addresses to multiple private LAN IP addresses of clients or servers using mapping types as outlined in Table 9-2. 1. Choose SUA Only if you have just one public WAN IP address for your Prestige. 2.

  • Page 134: Figure 9-3 Multiple Servers Behind Nat Example

    Prestige 652H/HW Series User’s Guide Table 9-3 Services and Port Numbers SERVICES PORT NUMBER Finger HTTP (Hyper Text Transfer protocol or WWW, Web) POP3 (Post Office Protocol) NNTP (Network News Transport Protocol) SNMP (Simple Network Management Protocol) SNMP trap PPTP (Point-to-Point Tunneling Protocol) 1723 9.3.2 Configuring Servers Behind SUA (Example) Let's say you want to assign ports 21-25 to one FTP, Telnet and SMTP server (A in the example), port 80 to...

  • Page 135: Selecting The Nat Mode

    Prestige 652H/HW Series User’s Guide Selecting the NAT Mode You must create a firewall rule in addition to setting up SUA/NAT, to allow traffic from the WAN to be forwarded through the Prestige. Click NAT to open the following screen. Figure 9-4 NAT Mode The following table describes the labels in this screen.

  • Page 136: Configuring Sua Server

    Prestige 652H/HW Series User’s Guide Configuring SUA Server If you do not assign an IP address in Server Set 1 (default server), the Prestige discards all packets received for ports that are not specified here or in the remote management setup. Click NAT, select SUA Only and click Edit Details to open the following screen.

  • Page 137: Configuring Address Mapping

    Prestige 652H/HW Series User’s Guide Table 9-5 Edit SUA/NAT Server Set LABEL DESCRIPTION Start Port No. Enter a port number in this field. To forward only one port, enter the port number again in the End Port No. field. To forward a series of ports, enter the start port number here and the end port number in the End Port No.

  • Page 138: Figure 9-6 Address Mapping Rules

    Prestige 652H/HW Series User’s Guide Figure 9-6 Address Mapping Rules The following table describes the fields in this screen. Table 9-6 Address Mapping Rules LABEL DESCRIPTION Local Start IP This is the starting Inside Local IP Address (ILA). Local IP addresses are N/A for Server port mapping.

  • Page 139: Editing An Address Mapping Rule

    Prestige 652H/HW Series User’s Guide Table 9-6 Address Mapping Rules LABEL DESCRIPTION Type 1-1: One-to-one mode maps one local IP address to one global IP address. Note that port numbers do not change for the One-to-one NAT mapping type. M-1: Many-to-One mode maps multiple local IP addresses to one global IP address. This is equivalent to SUA (i.e., PAT, port address translation), ZyXEL's Single User Account feature that previous ZyXEL routers supported only.

  • Page 140: Table 9-7 Address Mapping Rule Edit

    Prestige 652H/HW Series User’s Guide Table 9-7 Address Mapping Rule Edit LABEL DESCRIPTION Type Choose the port mapping type from one of the following. 1. One-to-One: One-to-One mode maps one local IP address to one global IP address. Note that port numbers do not change for One-to-one NAT mapping type. 2.

  • Page 141: Chapter 10 Dynamic Dns Setup

    Prestige 652H/HW Series User’s Guide Chapter 10 Dynamic DNS Setup This chapter discusses how to configure your Prestige to use Dynamic DNS. 10.1 Dynamic DNS Dynamic DNS allows you to update your current dynamic IP address with one or many dynamic DNS services so that anyone can contact you (in NetMeeting, CU-SeeMe, etc.).

  • Page 142: Figure 10-1 Ddns

    Prestige 652H/HW Series User’s Guide Figure 10-1 DDNS The following table describes the fields in this screen. Table 10-1 DDNS LABEL DESCRIPTION Active Select this check box to use dynamic DNS. Service Provider This is the name of your Dynamic DNS service provider. Host Names Type the domain name assigned to your Prestige by your Dynamic DNS provider.

  • Page 143: Chapter 11 Time And Date

    Prestige 652H/HW Series User’s Guide Chapter 11 Time and Date This screen is not available on all models. Use this screen to configure the Prestige’s time and date settings. 11.1 Configuring Time and Date To change your Prestige’s time and date, click Time And Date. The screen appears as shown. Use this screen to configure the Prestige’s time based on your local time zone.

  • Page 144: Table 11-1 Time And Date

    Prestige 652H/HW Series User’s Guide The following table describes the fields in this screen. Table 11-1 Time and Date LABEL DESCRIPTION Time Server Use Protocol when Select the time service protocol that your time server sends when you turn on the Bootup Prestige.
  • Page 145 Prestige 652H/HW Series User’s Guide Table 11-1 Time and Date LABEL DESCRIPTION New Date (yyyy- This field displays the last updated date from the time server. mm-dd) When you select None in the Use Protocol when Bootup field, enter the new date in this field and then click Apply.

  • Page 147: Firewalls And Content Filters

    Firewalls and Content Filters Part IV: Firewalls and Content Filters This part introduces firewalls in general and the Prestige firewall. It also explains customized services and logs and gives example firewall rules and an overview of content filtering.

  • Page 149: Chapter 12 Firewalls

    Prestige 652H/HW Series User’s Guide Chapter 12 Firewalls This chapter gives some background information on firewalls and introduces the Prestige firewall. 12.1 Firewall Overview Originally, the term firewall referred to a construction technique designed to prevent the spread of fire from one room to another.

  • Page 150: Introduction To Zyxel's Firewall

    Prestige 652H/HW Series User’s Guide Information hiding prevents the names of internal systems from being made known via DNS to outside systems, since the application gateway is the only host whose name must be made known to outside systems. Robust authentication and logging pre-authenticates application traffic before it reaches internal hosts and causes it to be logged more effectively than if it were logged with standard host logging.

  • Page 151: Denial Of Service

    Prestige 652H/HW Series User’s Guide Figure 12-1 Prestige Firewall Application 12.4 Denial of Service Denials of Service (DoS) attacks are aimed at devices and networks with a connection to the Internet. Their goal is not to steal information, but to disable a device or network so users no longer have access to network resources.

  • Page 152: Types Of Dos Attacks

    Prestige 652H/HW Series User’s Guide Telnet HTTP SMTP POP3 12.4.2 Types of DoS Attacks There are four types of DoS attacks: 1. Those that exploit bugs in a TCP/IP implementation. 2. Those that exploit weaknesses in the TCP/IP specification. 3. Brute-force attacks that flood a network with useless data. 4.

  • Page 153: Figure 12-2 Three-Way Handshake

    Prestige 652H/HW Series User’s Guide Figure 12-2 Three-Way Handshake Under normal circumstances, the application that initiates a session sends a SYN (synchronize) packet to the receiving server. The receiver sends back an ACK (acknowledgment) packet and its own SYN, and then the initiator responds with an ACK (acknowledgment).

  • Page 154: Figure 12-4 Smurf Attack

    Prestige 652H/HW Series User’s Guide 2-b In a LAND Attack, hackers flood SYN packets into the network with a spoofed source IP address of the targeted system. This makes it appear as if the host computer sent the packets to itself, making the system unavailable while the target system tries to respond to itself.

  • Page 155: Stateful Inspection

    Prestige 652H/HW Series User’s Guide Table 12-3 Legal NetBIOS Commands MESSAGE: REQUEST: POSITIVE: NEGATIVE: RETARGET: KEEPALIVE: All SMTP commands are illegal except for those displayed in the following tables. Table 12-4 Legal SMTP Commands AUTH DATA EHLO ETRN EXPN HELO HELP MAIL NOOP...

  • Page 156: Figure 12-5 Stateful Inspection

    Prestige 652H/HW Series User’s Guide Denies all sessions originating from the WAN to the LAN. Figure 12-5 Stateful Inspection The previous figure shows the Prestige’s default firewall rules in action as well as demonstrates how stateful inspection works. User A can initiate a Telnet session from within the LAN and responses to this request are allowed.

  • Page 157: Stateful Inspection And The Prestige

    Prestige 652H/HW Series User’s Guide 5. The outbound packet is forwarded out through the interface. 6. Later, an inbound packet reaches the interface. This packet is part of the connection previously established with the outbound packet. The inbound packet is evaluated against the inbound access list, and is permitted because of the temporary access list entry previously created.

  • Page 158: Tcp Security

    Prestige 652H/HW Series User’s Guide 12.5.3 TCP Security The Prestige uses state information embedded in TCP packets. The first packet of any new connection has its SYN flag set and its ACK flag cleared; these are "initiation" packets. All packets that do not have this flag structure are called "subsequent"...

  • Page 159: Guidelines For Enhancing Security With Your Firewall

    Prestige 652H/HW Series User’s Guide work properly, this connection must be allowed to pass through even though a connection from the Internet would normally be rejected. In order to achieve this, the Prestige inspects the application-level FTP data. Specifically, it searches for outgoing "PORT"...

  • Page 160: Packet Filtering Vs Firewall

    Prestige 652H/HW Series User’s Guide 3. Never give out a password or any sensitive information to an unsolicited telephone call or e-mail. 4. Never e-mail sensitive information such as passwords, credit card information, etc., without encrypting the information first. 5. Never submit sensitive information via a web page unless the web site uses secure connections. You can identify a secure connection by looking for a small “key”...

  • Page 161: When To Use The Firewall

    Prestige 652H/HW Series User’s Guide 3. To block/allow both inbound (WAN to LAN) and outbound (LAN to WAN) traffic between the specific inside host/network "A" and outside host/network "B". If the filter blocks the traffic from A to B, it also blocks the traffic from B to A.

  • Page 163: Chapter 13 Firewall Screens

    Prestige 652H/HW Series User’s Guide Chapter 13 Firewall Screens This chapter shows you how to configure your Prestige’s firewall. 13.1 Access Methods The web configurator is, by far, the most comprehensive firewall configuration tool your Prestige has to offer. For this reason, it is recommended that you configure your firewall using the web configurator. SMT screens allow you to activate the firewall.

  • Page 164: Rule Logic Overview

    Prestige 652H/HW Series User’s Guide • DMZ to DMZ/ Router This prevents computers on the DMZ from communicating between networks or subnets connected to the DMZ interface and/or managing the Prestige. You may define additional rules and sets or modify existing ones but please exercise extreme caution in doing so.

  • Page 165: Security Ramifications

    Prestige 652H/HW Series User’s Guide 6. What computers on the Internet will be affected? The more specific, the better. For example, if traffic is being allowed from the Internet to the LAN, it is better to allow only certain machines on the Internet to access the LAN.

  • Page 166: Connection Direction Examples

    Prestige 652H/HW Series User’s Guide Destination Address What is the connection’s destination address; is it on the LAN, DMZ or WAN? Is it a single IP, a range of IPs or a subnet? 13.4 Connection Direction Examples This section describes examples for firewall rules for connections going from LAN to WAN and from WAN to LAN.

  • Page 167: Configuring Firewall

    Prestige 652H/HW Series User’s Guide By default all outgoing connections (LAN to WAN) are allowed unless you create rules blocking certain LAN users. 13.4.2 WAN to LAN Rules The default rule for WAN to LAN traffic blocks all incoming connections (WAN to LAN). If you wish to allow certain WAN users to have access to your LAN, you will need to create custom rules to allow it.

  • Page 168: Figure 13-3 Default Policy

    Prestige 652H/HW Series User’s Guide Figure 13-3 Default Policy The following table describes the labels in this screen. Table 13-1 Default Policy LABEL DESCRIPTION Firewall Enabled Select this check box to activate the firewall. The Prestige performs access control and protects against Denial of Service (DoS) attacks when the firewall is activated.

  • Page 169: Rule Summary

    Prestige 652H/HW Series User’s Guide Table 13-1 Default Policy LABEL DESCRIPTION Packet Direction This is the direction of travel of packets (LAN to LAN/Router, LAN to WAN, LAN to DMZ, WAN to WAN/Router, WAN to LAN, WAN to DMZ, DMZ to DMZ/Router, DMZ to LAN or DMZ to WAN).

  • Page 170: Figure 13-4 Rule Summary

    Prestige 652H/HW Series User’s Guide Figure 13-4 Rule Summary The following table describes the labels in this screen. Table 13-2 Rule Summary LABEL DESCRIPTION Firewall Rules This read-only bar shows how much of the Prestige's memory for recording firewall Storage Space in rules it is currently using.
  • Page 171 Prestige 652H/HW Series User’s Guide Table 13-2 Rule Summary LABEL DESCRIPTION The following read-only fields summarize the rules you have created that apply to traffic traveling in the selected packet direction. The firewall rules that you configure (summarized below) take priority over the general firewall action settings above.

  • Page 172: Configuring Firewall Rules

    Prestige 652H/HW Series User’s Guide Table 13-2 Rule Summary LABEL DESCRIPTION Apply Click Apply to save your changes back to the Prestige. Click Cancel to begin configuring this screen afresh. Cancel 13.5.2 Configuring Firewall Rules Follow these directions to create a new rule. Step 1.

  • Page 173: Figure 13-5 Insert/Append A Firewall Rule

    Prestige 652H/HW Series User’s Guide Figure 13-5 Insert/Append A Firewall Rule Firewall Screens 13-11...

  • Page 174: Table 13-3 Insert/Append A Firewall Rule

    Prestige 652H/HW Series User’s Guide The following table describes the labels in this screen. Table 13-3 Insert/Append A Firewall Rule LABEL DESCRIPTION Active Check the Active check box to have the Prestige use this rule. Leave it unchecked if you do not want the Prestige to use the rule after you apply it. Use the radio button to select whether to discard (Block) or allow the passage of Action for Matched Packets...
  • Page 175 Prestige 652H/HW Series User’s Guide Table 13-3 Insert/Append A Firewall Rule LABEL DESCRIPTION Schedule Day to Apply Select everyday or the day(s) of the week to apply the rule. Time of Day to Apply Select All Day or enter the start and end times in the hour-minute format to apply (24-Hour Format) the rule.

  • Page 176: Example Firewall Rule

    Prestige 652H/HW Series User’s Guide Figure 13-6 Add/Edit A Custom Port The following table describes the labels in this screen. Table 13-4 Add/Edit A Custom Port LABEL DESCRIPTION Service Name Enter a unique name for your custom port. Service Type Choose the IP port (TCP, UDP or Both) that defines your customized port from the drop down list box.

  • Page 177: Figure 13-7 Rule Summary

    Prestige 652H/HW Series User’s Guide Step 1. Click the Firewall link and then the Rule Summary tab. Select WAN to LAN from the drop-down list box. Figure 13-7 Rule Summary Step 2. In the Rule Summary screen, type the index number for where you want to put the rule. For example, if you type “6”, your new rule becomes number 6 and the previous rule 6 (if there is one) becomes rule 7.

  • Page 178: Figure 13-8 Rule Edit Example

    Prestige 652H/HW Series User’s Guide Figure 13-8 Rule Edit Example 13-16 Firewall Screens...

  • Page 179: Figure 13-9 Edit Custom Port Example

    Prestige 652H/HW Series User’s Guide Step 6. In the Rule Summary screen, click Add under Custom Port to open the Edit Custom Port screen. Configure it as follows and click Apply. Figure 13-9 Edit Custom Port Example Step 8. The Rule Summary screen displays, use the arrows between Available Services and Selected Services to configure it as follows.

  • Page 180: Figure 13-10 My Service Rule Configuration

    Prestige 652H/HW Series User’s Guide This is the address range of the “My Service” servers. This is your “My Service” custom port. Click Apply when finished. Figure 13-10 My Service Rule Configuration 13-18 Firewall Screens...

  • Page 181: Predefined Services

    Prestige 652H/HW Series User’s Guide On completing the configuration procedure for this Internet firewall rule, the Rule Summary screen should look like the following. Rule 1: Allows a “My Service” connection from the WAN to IP addresses 10.0.0.10 through 10.0.0.15 on the LAN. Figure 13-11 My Service Example Rule Summary 13.7 Predefined Services The Available Services list box in the Edit Rule screen (see Figure 13-5) displays all predefined services...

  • Page 182: Table 13-5 Predefined Services

    Prestige 652H/HW Series User’s Guide Table 13-5 Predefined Services SERVICE DESCRIPTION AIM/New-ICQ(TCP:5190) AOL’s Internet Messenger service, used as a listening port by ICQ. AUTH(TCP:113) Authentication protocol used by some servers. BGP(TCP:179) Border Gateway Protocol. BOOTP_CLIENT(UDP:68) DHCP Client. BOOTP_SERVER(UDP:67) DHCP Server. CU-SEEME (TCP/UDP:7648, A popular videoconferencing solution from White Pines Software.
  • Page 183 Prestige 652H/HW Series User’s Guide Table 13-5 Predefined Services SERVICE DESCRIPTION NFS(UDP:2049) Network File System – NFS is a client/server distributed file service that provides transparent file sharing for network environments. NNTP(TCP:119) Network News Transport Protocol is the delivery mechanism for the USENET newsgroup service.

  • Page 184: Anti-Probing

    Prestige 652H/HW Series User’s Guide Table 13-5 Predefined Services SERVICE DESCRIPTION SSDP(UDP:1900) Simple Service Discovery Protocol (SSDP) is a discovery service searching for Universal Plug and Play devices on your home network or upstream Internet gateways using UDP port 1900. SSH(TCP/UDP:22) Secure Shell Remote Login Program.

  • Page 185: Figure 13-12 Anti-Probing

    Prestige 652H/HW Series User’s Guide Figure 13-12 Anti-Probing The following table describes the labels in this screen. Table 13-6 Anti-Probing LABEL DESCRIPTION Respond to PING The Prestige does not respond to any incoming Ping requests when Disable is selected. Select LAN to reply to incoming LAN Ping requests. Select WAN to reply to incoming WAN Ping requests.

  • Page 186: Alerts

    Prestige 652H/HW Series User’s Guide 13.9 Alerts Alerts are reports on events, such as attacks, that you may want to know about right away. You can choose to generate an alert when a rule is matched in the Edit Rule screen (see Figure 13-5) Configure the Log Settings screen to have the Prestige send an immediate e-mail message to you when an event generates an alert.

  • Page 187: Tcp Maximum Incomplete And Blocking Time

    Prestige 652H/HW Series User’s Guide The Prestige measures both the total number of existing half-open sessions and the rate of session establishment attempts. Both TCP and UDP half-open sessions are counted in the total number and rate measurements. Measurements are made once a minute. When the number of existing half-open sessions rises above a threshold (max-incomplete high), the Prestige starts deleting half-open sessions as required to accommodate new connection requests.

  • Page 188: Figure 13-13 Firewall Threshold

    Prestige 652H/HW Series User’s Guide Figure 13-13 Firewall Threshold The following table describes the labels in this screen. Table 13-7 Firewall Threshold LABEL DESCRIPTION DEFAULT VALUES Denial of Service Thresholds One Minute Low This is the rate of new half-open sessions that 80 existing half-open sessions.
  • Page 189 Prestige 652H/HW Series User’s Guide Table 13-7 Firewall Threshold LABEL DESCRIPTION DEFAULT VALUES One Minute High This is the rate of new half-open sessions that 100 half-open sessions per causes the firewall to start deleting half-open minute. The above numbers sessions.
  • Page 190 Prestige 652H/HW Series User’s Guide Table 13-7 Firewall Threshold LABEL DESCRIPTION DEFAULT VALUES Delete the Oldest Select this radio button to clear the oldest half Half Open Session open session when a new connection request When New comes. Connection Request Comes Deny New Select this radio button and specify for how Connection...

  • Page 191: Chapter 14 Content Filtering

    Prestige 652H/HW Series User’s Guide Chapter 14 Content Filtering This chapter covers how to configure content filtering. 14.1 Content Filtering Overview Internet content filtering allows you to create and enforce Internet access policies tailored to your needs. Content filtering gives you the ability to block web sites that contain key words (that you specify) in the URL.

  • Page 192: Figure 14-1 Content Filter: Keyword

    Prestige 652H/HW Series User’s Guide Figure 14-1 Content Filter: Keyword The following table describes the fields in this screen. Table 14-1 Content Filter: Keyword LABEL DESCRIPTION Enable Keyword Blocking Select this check box to enable this feature. Block Websites that This box contains the list of all the keywords that you have configured the Prestige contain these keywords in to block.

  • Page 193: Configuring The Schedule

    Prestige 652H/HW Series User’s Guide Table 14-1 Content Filter: Keyword LABEL DESCRIPTION Add Keyword Click Add Keyword after you have typed a keyword. Repeat this procedure to add other keywords. Up to 64 keywords are allowed. When you try to access a web page containing a keyword, you will get a message telling you that the content filter is blocking this request.

  • Page 194: Configuring Trusted Computers

    Prestige 652H/HW Series User’s Guide Table 14-2 Content Filter: Schedule LABEL DESCRIPTION Days to Block: Select a check box to configure which days of the week (or everyday) you want the content filtering to be active. Time of Day to Use the 24-hour format to configure which time of the day (or select the All day check box) Block: you want the content filtering to be active.
  • Page 195 Prestige 652H/HW Series User’s Guide Table 14-3 Content Filter: Trusted LABEL DESCRIPTION Type the ending IP address of a specific range of users on your LAN that you want to exclude from content filtering. Leave this field blank if you want to exclude an individual computer.

  • Page 197: Vpn/Ipsec

    VPN/IPSec Part V: VPN/IPSec This part provides information about configuring VPN/IPSec for secure communications.

  • Page 199: Chapter 15 Introduction To Ipsec

    Prestige 652H/HW Series User’s Guide Chapter 15 Introduction to IPSec This chapter introduces the basics of IPSec VPNs. 15.1 VPN Overview A VPN (Virtual Private Network) provides secure communications between sites without the expense of leased site-to-site lines. A secure VPN is a combination of tunneling, encryption, authentication, access control and auditing technologies/services used to transport traffic over the Internet or any insecure network that uses the TCP/IP protocol suite for communication.

  • Page 200: Figure 15-1 Encryption And Decryption

    Prestige 652H/HW Series User’s Guide Figure 15-1 Encryption and Decryption Data Confidentiality The IPSec sender can encrypt packets before transmitting them across a network. Data Integrity The IPSec receiver can validate packets sent by the IPSec sender to ensure that the data has not been altered during transmission.

  • Page 201: Ipsec Architecture

    Prestige 652H/HW Series User’s Guide 15.2 IPSec Architecture The overall IPSec architecture is shown as follows. Figure 15-2 IPSec Architecture 15.2.1 IPSec Algorithms The ESP (Encapsulating Security Payload) Protocol (RFC 2406) and AH (Authentication Header) protocol (RFC 2402) describe the packet formats and the default standards for packet structure (including implementation algorithms).

  • Page 202: Ipsec And Nat

    Prestige 652H/HW Series User’s Guide Figure 15-3 Transport and Tunnel Mode IPSec Encapsulation 15.3.1 Transport Mode Transport mode is used to protect upper layer protocols and only affects the data in the IP packet. In Transport mode, the IP packet contains the security protocol (AH or ESP) located after the original IP header and options, but before any upper layer protocols contained in the packet (such as TCP and UDP).

  • Page 203: Table 15-1 Vpn And Nat

    Prestige 652H/HW Series User’s Guide match. The VPN device at the receiving end doesn't know about the NAT in the middle, so it assumes that the data has been maliciously altered. IPSec using ESP in Tunnel mode encapsulates the entire original packet (including headers) in a new IP packet.

  • Page 205: Chapter 16 Vpn Screens

    Prestige 652H/HW Series User’s Guide Chapter 16 VPN Screens This chapter introduces the VPN screens. See the Logs chapter for information on viewing logs and the appendix for IPSec log descriptions. 16.1 VPN/IPSec Overview Use the screens documented in this chapter to configure rules for VPN connections and manage VPN connections.

  • Page 206: My Ip Address

    Prestige 652H/HW Series User’s Guide Table 16-1 AH and ESP DES (default) MD5 (default) Data Encryption Standard (DES) is a widely used method MD5 (Message Digest 5) produces a 128-bit of data encryption using a private (secret) key. DES digest to authenticate packet data. applies a 56-bit key to each 64-bit block of data.

  • Page 207: Vpn Summary Screen

    Prestige 652H/HW Series User’s Guide VPN tunnel each time the remote secure gateway’s WAN IP address changes (there may be a delay until the DDNS servers are updated with the remote gateway’s new WAN IP address). 16.4.1 Dynamic Secure Gateway Address If the remote secure gateway has a dynamic WAN IP address and does not use DDNS, enter 0.0.0.0 as the secure gateway’s address.

  • Page 208: Figure 16-2 Vpn Summary

    Prestige 652H/HW Series User’s Guide Figure 16-2 VPN Summary The following table describes the fields in this screen. Table 16-2 VPN Summary LABEL DESCRIPTION This is the VPN policy index number. Click a number to edit VPN policies. Name This field displays the identification name for this VPN policy. Active This field displays whether the VPN policy is active or not.

  • Page 209: Keep Alive

    Prestige 652H/HW Series User’s Guide Table 16-2 VPN Summary LABEL DESCRIPTION Local Address This is the IP address(es) of computer(s) on your local network behind your Prestige. The same (static) IP address is displayed twice when the Local Address Type field in the VPN-IKE (or VPN-Manual Key) screen is configured to Single.

  • Page 210: Nat Traversal

    Prestige 652H/HW Series User’s Guide If the Prestige has its maximum number of simultaneous IPSec tunnels connected to it and they all have keep alive enabled, then no other tunnels can take a turn connecting to the Prestige because the Prestige never drops the tunnels that are already connected.

  • Page 211: Id Type And Content

    Prestige 652H/HW Series User’s Guide 16.7.2 Remote DNS Server In cases where you want to use domain names to access Intranet servers on a remote network that has a DNS server, you must identify that DNS server. You cannot use DNS servers on the LAN or from the ISP since these DNS servers cannot resolve domain names to private IP addresses on the remote network The following figure depicts an example where three VPN tunnels are created from Prestige A;...

  • Page 212: Table 16-3 Local Id Type And Content Fields

    Prestige 652H/HW Series User’s Guide Regardless of the ID type and content configuration, the Prestige does not allow you to save multiple active rules with overlapping local and remote IP addresses. With main mode (see section 16.11.1), the ID type and content are encrypted to provide identity protection. In this case the Prestige can only distinguish between up to 12 different incoming SAs that connect from remote IPSec routers that have dynamic WAN IP addresses.

  • Page 213: Pre-Shared Key

    Prestige 652H/HW Series User’s Guide The two Prestiges in this example can complete negotiation and establish a VPN tunnel. Table 16-5 Matching ID Type and Content Configuration Example PRESTIGE A PRESTIGE B Local ID type: E-mail Local ID type: IP Local ID content: tom@yourcompany.com Local ID content: 1.1.1.2 Peer ID type: IP...

  • Page 214: Figure 16-5 Vpn Ike

    Prestige 652H/HW Series User’s Guide Figure 16-5 VPN IKE 16-10 VPN Screens...

  • Page 215: Table 16-7 Vpn Ike

    Prestige 652H/HW Series User’s Guide The following table describes the fields in this screen. Table 16-7 VPN IKE LABEL DESCRIPTION IPSec Setup Active Select this check box to activate this VPN policy. This option determines whether a VPN rule is applied before a packet leaves the firewall. Select either Yes or No from the drop-down list box.
  • Page 216 Prestige 652H/HW Series User’s Guide Table 16-7 VPN IKE LABEL DESCRIPTION Local Local IP addresses must be static and correspond to the remote IPSec router's configured remote IP addresses. Two active SAs can have the same configured local or remote IP address, but not both.
  • Page 217 Prestige 652H/HW Series User’s Guide Table 16-7 VPN IKE LABEL DESCRIPTION IP Address Start When the Remote Address Type field is configured to Single, enter a (static) IP address on the network behind the remote IPSec router. When the Remote Address Type field is configured to Range, enter the beginning (static) IP address, in a range of computers on the network behind the remote IPSec router.
  • Page 218 Prestige 652H/HW Series User’s Guide Table 16-7 VPN IKE LABEL DESCRIPTION My IP Address Enter the WAN IP address of your Prestige. The VPN tunnel has to be rebuilt if this IP address changes. The following applies if this field is configured as 0.0.0.0: The Prestige uses the current Prestige WAN IP address (static or dynamic) to set up the VPN tunnel.
  • Page 219 Prestige 652H/HW Series User’s Guide Table 16-7 VPN IKE LABEL DESCRIPTION Secure Gateway Type the WAN IP address or the URL (up to 31 characters) of the IPSec router Address with which you're making the VPN connection. Set this field to 0.0.0.0 if the remote IPSec router has a dynamic WAN IP address (the Key Management field must be set to IKE).

  • Page 220: Ike Phases

    Prestige 652H/HW Series User’s Guide Table 16-7 VPN IKE LABEL DESCRIPTION Encryption Algorithm Select DES, 3DES, AES or NULL from the drop-down list box. When you use one of these encryption algorithms for data communications, both the sending device and the receiving device must use the same secret key, which can be used to encrypt and decrypt the message or to generate and verify a message authentication code.

  • Page 221: Figure 16-6 Two Phases To Set Up The Ipsec Sa

    Prestige 652H/HW Series User’s Guide Figure 16-6 Two Phases to Set Up the IPSec SA In phase 1 you must: Choose a negotiation mode. Authenticate the connection by entering a pre-shared key. Choose an encryption algorithm. Choose an authentication algorithm. Choose a Diffie-Hellman public-key cryptography key group (DH1 or DH2).

  • Page 222: Configuring Advanced Ike Settings

    Prestige 652H/HW Series User’s Guide Main Mode ensures the highest level of security when the communicating parties are negotiating authentication (phase 1). It uses 6 messages in three round trips: SA negotiation, Diffie-Hellman exchange and an exchange of nonces (a nonce is a random number). This mode features identity protection (your identity is not revealed in the negotiation).

  • Page 223: Figure 16-7 Vpn Ike: Advanced Setup

    Prestige 652H/HW Series User’s Guide Figure 16-7 VPN IKE: Advanced Setup The following table describes the fields in this screen. Table 16-8 VPN IKE: Advanced Setup LABEL DESCRIPTION VPN - IKE Protocol Enter 1 for ICMP, 6 for TCP, 17 for UDP, etc. 0 is the default and signifies any protocol.
  • Page 224 Prestige 652H/HW Series User’s Guide Table 16-8 VPN IKE: Advanced Setup LABEL DESCRIPTION Enable Replay As a VPN setup is processing intensive, the system is vulnerable to Denial of Service Protection (DoS) attacks The IPSec receiver can detect and reject old or duplicate packets to protect against replay attacks.
  • Page 225 Prestige 652H/HW Series User’s Guide Table 16-8 VPN IKE: Advanced Setup LABEL DESCRIPTION Encryption Select DES, 3DES or AES from the drop-down list box. Algorithm When you use one of these encryption algorithms for data communications, both the sending device and the receiving device must use the same secret key, which can be used to encrypt and decrypt the message or to generate and verify a message authentication code.

  • Page 226: Manual Key Setup

    Prestige 652H/HW Series User’s Guide Table 16-8 VPN IKE: Advanced Setup LABEL DESCRIPTION Authentication Select SHA1 or MD5 from the drop-down list box. MD5 (Message Digest 5) and Algorithm SHA1 (Secure Hash Algorithm) are hash algorithms used to authenticate packet data.

  • Page 227: Figure 16-8 Manual Setup

    Prestige 652H/HW Series User’s Guide Figure 16-8 Manual Setup VPN Screens 16-23...

  • Page 228: Table 16-9 Vpn Manual Setup

    Prestige 652H/HW Series User’s Guide The following table describes the fields in this screen. Table 16-9 VPN Manual Setup LABEL DESCRIPTION IPSec Setup Active Select this check box to activate this VPN policy. Name Type up to 32 characters to identify this VPN policy. You may use any character, including spaces, but the Prestige drops trailing spaces.
  • Page 229 Prestige 652H/HW Series User’s Guide Table 16-9 VPN Manual Setup LABEL DESCRIPTION Remote Remote IP addresses must be static and correspond to the remote IPSec router's configured local IP addresses. Two active SAs cannot have the local and remote IP address(es) both the same. Two active SAs can have the same local or remote IP address, but not both.

  • Page 230: Viewing Sa Monitor

    Prestige 652H/HW Series User’s Guide Table 16-9 VPN Manual Setup LABEL DESCRIPTION IPSec Protocol Select ESP if you want to use ESP (Encapsulation Security Payload). The ESP protocol (RFC 2406) provides encryption as well as some of the services offered by AH.

  • Page 231: Figure 16-9 Sa Monitor

    Prestige 652H/HW Series User’s Guide When there is outbound traffic but no inbound traffic, the SA times out automatically after two minutes. A tunnel with no outbound or inbound traffic is "idle" and does not timeout until the SA lifetime period expires. See section 16.6 on keep alive to have the Prestige renegotiate an IPSec SA when the SA lifetime expires, even if there is no traffic.

  • Page 232: Configuring Global Setting

    Prestige 652H/HW Series User’s Guide The following table describes the fields in this screen. Table 16-10 SA Monitor LABEL DESCRIPTION This is the security association index number. Name This field displays the identification name for this VPN policy. Encapsulation This field displays Tunnel or Transport mode. IPSec Algorithm This field displays the security protocols used for an SA.

  • Page 233: Telecommuter Vpn/Ipsec Examples

    Prestige 652H/HW Series User’s Guide Table 16-11 Global Setting LABEL DESCRIPTION Windows Networking NetBIOS (Network Basic Input/Output System) are TCP or UDP broadcast (NetBIOS over TCP/IP) packets that enable a computer to find other computers. It may sometimes be necessary to allow NetBIOS packets to pass through VPN tunnels in order to allow local computers to find computers on the remote network and vice versa.

  • Page 234: Table 16-12 Telecommuters Sharing One Vpn Rule Example

    Prestige 652H/HW Series User’s Guide Table 16-12 Telecommuters Sharing One VPN Rule Example FIELDS TELECOMMUTERS HEADQUARTERS My IP Address: 0.0.0.0 (dynamic IP address Public static IP address assigned by the ISP) Secure Gateway Public static IP address 0.0.0.0 With this IP address only the IP Address: telecommuter can initiate the IPSec tunnel.

  • Page 235: Figure 16-12 Telecommuters Using Unique Vpn Rules Example

    Prestige 652H/HW Series User’s Guide Figure 16-12 Telecommuters Using Unique VPN Rules Example Table 16-13 Telecommuters Using Unique VPN Rules Example TELECOMMUTERS HEADQUARTERS All Telecommuter Rules: All Headquarters Rules: My IP Address 0.0.0.0 My IP Address: bigcompanyhq.com Secure Gateway Address: bigcompanyhq.com Local IP Address: 192.168.1.10 Remote IP Address: 192.168.1.10 Local ID Type: E-mail...

  • Page 236: Vpn And Remote Management

    Prestige 652H/HW Series User’s Guide Table 16-13 Telecommuters Using Unique VPN Rules Example TELECOMMUTERS HEADQUARTERS Local IP Address: 192.168.3.2 Secure Gateway Address: telecommuterb.com Remote Address 192.168.3.2 Telecommuter C (telecommuterc.dydns.org) Headquarters Prestige Rule 3: Local ID Type: E-mail Peer ID Type: E-mail Local ID Content: myVPN@myplace.com Peer ID Content: myVPN@myplace.com Local IP Address: 192.168.4.15...

  • Page 237: Remote Management, Upnp And Logs

    Remote Management, UPnP and Logs Part VI: Remote Management, UPnP and Logs This part contains information on how to configure the Prestige for remote management, setting up Universal Plug and Play (UPnP) and setting up and displaying logs.

  • Page 239: Chapter 17 Remote Management Configuration

    Prestige 652H/HW Series User’s Guide Chapter 17 Remote Management Configuration This chapter provides information on configuring remote management. 17.1 Remote Management Overview Remote management allows you to determine which services/protocols can access which Prestige interface (if any) from which computers. When you configure remote management to allow management from the WAN, you still need to configure a firewall rule to allow access.

  • Page 240: Telnet

    Prestige 652H/HW Series User’s Guide 2. You have disabled that service in one of the remote management screens. 3. The IP address in the Secured Client IP field does not match the client IP address. If it does not match, the Prestige will disconnect the session immediately. 4.

  • Page 241: Ftp

    Prestige 652H/HW Series User’s Guide 17.3 FTP You can upload and download Prestige firmware and configuration files using FTP. To use this feature, your computer must have an FTP client. 17.4 Web You can use the Prestige’s embedded web configurator for configuration and file management. See the online help for details.
  • Page 242 Prestige 652H/HW Series User’s Guide Table 17-1 Remote Management LABEL DESCRIPTION Secured Client IP The default 0.0.0.0 allows any client to use this service to remotely manage the Prestige. Type an IP address to restrict access to a client with a matching IP address. Apply Click Apply to save your settings back to the Prestige.

  • Page 243: Chapter 18 Universal Plug-And-Play (Upnp)

    Prestige 652H/HW Series User’s Guide Chapter 18 Universal Plug-and-Play (UPnP) This chapter introduces the UPnP feature in the web configurator. 18.1 Introducing Universal Plug and Play Universal Plug and Play (UPnP) is a distributed, open networking standard that uses TCP/IP for simple peer- to-peer network connectivity between devices.

  • Page 244: Upnp And Zyxel

    Prestige 652H/HW Series User’s Guide All UPnP-enabled devices may communicate freely with each other without additional configuration. Disable UPnP if this is not your intention. 18.2 UPnP and ZyXEL ZyXEL has achieved UPnP certification from the Universal Plug and Play Forum Creates UPnP™ Implementers Corp.

  • Page 245: Installing Upnp In Windows Example

    Prestige 652H/HW Series User’s Guide Table 18-1 Configuring UPnP LABEL DESCRIPTION Allow users to make Select this check box to allow UPnP-enabled applications to automatically configuration changes configure the Prestige so that they can communicate through the Prestige, for through UPnP example by using NAT traversal, UPnP applications automatically reserve a NAT forwarding port in order to communicate with another UPnP enabled device;...
  • Page 246 Prestige 652H/HW Series User’s Guide Step 3. In the Communications window, select the Universal Plug and Play check box in the Components selection box. Step 4. Click OK to go back to the Add/Remove Programs Properties window and click Next. Step 5.

  • Page 247: Using Upnp In Windows Xp Example

    Prestige 652H/HW Series User’s Guide Step 5. In the Networking Services window, select the Universal Plug and Play check box. Step 6. Click OK to go back to the Windows Optional Networking Component Wizard window and click Next. 18.4 Using UPnP in Windows XP Example This section shows you how to use the UPnP feature in Windows XP.
  • Page 248 Prestige 652H/HW Series User’s Guide Step 3. In the Internet Connection Properties Step 4. You may edit or delete the port window, click Settings to see the port mappings or click Add to mappings there were automatically created. manually add port mappings. When the UPnP-enabled device is disconnected from your computer, all port mappings will be deleted automatically.
  • Page 249 Prestige 652H/HW Series User’s Guide Step 6. Double-click on the icon to display your current Internet connection status. Web Configurator Easy Access With UPnP, you can access the web-based configurator on the Prestige without finding out the IP address of the Prestige first.
  • Page 250 Prestige 652H/HW Series User’s Guide Step 4. An icon with the description for each UPnP-enabled device displays under Local Network. Step 5. Right-click on the icon for your Prestige and select Invoke. The web configurator login screen displays. Step 6. Right-click on the icon for your Prestige and select Properties.

  • Page 251: Chapter 19 Logs Screens

    Prestige 652 Series User’s Guide Chapter 19 Logs Screens This chapter contains information about configuring general log settings and viewing the Prestige’s logs. Refer to the appendix for example log message explanations. 19.1 Logs Overview The web configurator allows you to choose which categories of events and/or alerts to have the Prestige log and then display the logs or have the Prestige send them to an administrator (as e-mail) or to a syslog server.

  • Page 252: Figure 19-1 Log Settings

    Prestige 652H/HW Series User’s Guide Figure 19-1 Log Settings The following table describes the fields in this screen. 19-2 Logs Screens...

  • Page 253: Table 19-1 Log Settings

    Prestige 652 Series User’s Guide Table 19-1 Log Settings LABEL DESCRIPTION Address Info Mail Server Enter the server name or the IP address of the mail server for the e-mail addresses specified below. If this field is left blank, logs and alert messages will not be sent via e-mail.

  • Page 254: Displaying The Logs

    Prestige 652H/HW Series User’s Guide Table 19-1 Log Settings LABEL DESCRIPTION Select the categories of logs that you want to record. Logs include alerts. Send Immediate Alert Select the categories of alerts for which you want the Prestige to instantly e-mail alerts to the e-mail address specified in the Send Alerts To field.

  • Page 255: Smtp Error Messages

    Prestige 652 Series User’s Guide Table 19-2 View Logs LABEL DESCRIPTION Display The categories that you select in the Log Settings screen (see section 19.2) display in the drop-down list box. Select a category of logs to view; select All Logs to view logs from all of the log categories that you selected in the Log Settings page.

  • Page 256: Figure 19-3 E-Mail Log Example

    Prestige 652H/HW Series User’s Guide Table 19-3 SMTP Error Messages -7 means DATA fail -8 means mail data send fail 19.4.1 Example E-mail Log An "End of Log" message displays for each mail in which a complete log has been sent. The following is an example of a log sent by e-mail.

  • Page 257: Bandwidth Management

    Bandwidth Management Part VII: Bandwidth Management This part provides information on the functions and configuration of Bandwidth Management.

  • Page 259: Chapter 20 Bandwidth Management

    Prestige 652H/HW Series User’s Guide Chapter 20 Bandwidth Management This chapter describes the functions and configuration of bandwidth management. 20.1 Bandwidth Management Overview Bandwidth management allows you to allocate an interface’s outgoing capacity to specific types of traffic. It can also help you make sure that the Prestige forwards certain types of traffic (especially real-time applications) with minimum delay.

  • Page 260: Proportional Bandwidth Allocation

    Prestige 652H/HW Series User’s Guide The total of the configured bandwidth budgets for child-classes cannot exceed the configured bandwidth budget speed of the parent class. 20.3 Proportional Bandwidth Allocation Bandwidth management allows you to define how much bandwidth each class gets; however, the actual bandwidth allotted to each class decreases or increases in proportion to actual available bandwidth.

  • Page 261: Table 20-2 Subnet-Based Bandwidth Management Example

    Prestige 652H/HW Series User’s Guide Table 20-2 Subnet-based Bandwidth Management Example 20.4.3 Application and Subnet-based Bandwidth Management Example The following example uses bandwidth classes based on LAN subnets and applications (specific applications in each subnet are allotted bandwidth). Table 20-3 Application and Subnet-based Bandwidth Management Example TRAFFIC TYPE FROM SUBNET A FROM SUBNET B...

  • Page 262: Scheduler

    Prestige 652H/HW Series User’s Guide 20.5 Scheduler The scheduler divides up an interface’s bandwidth among the bandwidth classes. The Prestige has two types of scheduler: fairness-based and priority-based. 20.5.1 Priority-based Scheduler With the priority-based scheduler, the Prestige forwards traffic from bandwidth classes according to the priorities that you assign to the bandwidth classes.

  • Page 263: Table 20-5 Bandwidth Allotment Example

    Prestige 652H/HW Series User’s Guide 20.6.2 Maximize Bandwidth Usage Example Here is an example of a Prestige that has maximized bandwidth usage enabled on an interface. The first figure shows each bandwidth class’s bandwidth budget and priority. The classes are set up based on subnets. The interface is set to 10 Mbps.

  • Page 264: Bandwidth Borrowing

    Prestige 652H/HW Series User’s Guide The Prestige does not send any traffic that is not defined in the bandwidth filters because all of the unbudgeted bandwidth goes to the classes that need it. Table 20-6 Maximize Bandwidth Usage Example 20.7 Bandwidth Borrowing Bandwidth borrowing allows a child-class to borrow unused bandwidth from its parent class, whereas maximize bandwidth usage allows bandwidth classes to borrow any unused or unbudgeted bandwidth on the whole interface.

  • Page 265: Table 20-7 Bandwidth Borrowing Example

    Prestige 652H/HW Series User’s Guide Table 20-7 Bandwidth Borrowing Example The Bill class can borrow unused bandwidth from the Sales USA class because the Bill class has bandwidth borrowing enabled. The Bill class can also borrow unused bandwidth from the Sales class because the Sales USA class also has bandwidth borrowing enabled.

  • Page 266: Configuring Summary

    Prestige 652H/HW Series User’s Guide The Bill class cannot borrow unused bandwidth from the Root class because the Sales class has bandwidth borrowing disabled. The Amy class cannot borrow unused bandwidth from the Sales USA class because the Amy class has bandwidth borrowing disabled.

  • Page 267: Table 20-8 Bandwidth Manager: Summary

    Prestige 652H/HW Series User’s Guide Table 20-8 Bandwidth Manager: Summary The following table describes the labels in this screen. Table 20-9 Bandwidth Manager: Summary LABEL DESCRIPTION These read-only labels represent the physical interfaces. Select an interface’s check WLAN box to enable bandwidth management on that interface. Bandwidth management applies to all traffic flowing out of the router through the interface, regardless of the traffic’s source.

  • Page 268: Introduction To Diffserv

    Prestige 652H/HW Series User’s Guide Table 20-9 Bandwidth Manager: Summary LABEL DESCRIPTION Scheduler Select either Priority-Based or Fairness-Based from the drop-down menu to control the traffic flow. Select Priority-Based to give preference to bandwidth classes with higher priorities. Select Fairness-Based to treat all bandwidth classes equally. See section 20.5. Maximize Select this check box to have the Prestige divide up all of the interface’s unallocated Bandwidth...

  • Page 269: Configuring Class Setup

    Prestige 652H/HW Series User’s Guide DSCP Unused (6-bit) (2-bit) Table 20-10 DiffServ: Differentiated Service Field The DSCP value determines the forwarding behavior, the PHB (Per-Hop Behavior), that each packet gets across the DiffServ network. Based on the marking rule, different kinds of traffic can be marked for different kinds of forwarding.

  • Page 270: Table 20-12 Bandwidth Manager: Class Setup

    Prestige 652H/HW Series User’s Guide Table 20-12 Bandwidth Manager: Class Setup The following table describes the labels in this screen. Table 20-13 Bandwidth Manager: Class Setup LABEL DESCRIPTION Interface Select an interface from the drop-down list box for which you wish to set up classes. Back Click Back to go to the main BW Manager screen.

  • Page 271: Table 20-14 Bandwidth Manager: Class Configuration

    Prestige 652H/HW Series User’s Guide 20.10.1 Bandwidth Manager Class Configuration Configure a bandwidth management class in the Class Configuration screen. You must use the Bandwidth Manager - Summary screen to enable bandwidth management on an interface before you can configure classes for that interface.

  • Page 272: Table 20-15 Bandwidth Manager: Class Configuration

    Prestige 652H/HW Series User’s Guide The following table describes the labels in this screen. Table 20-15 Bandwidth Manager: Class Configuration LABEL DESCRIPTION Class Name Use the auto-generated name or enter a descriptive name of up to 20 alphanumeric characters, including spaces. BW Budget (kbps) Specify the maximum bandwidth allowed for the class in kbps.
  • Page 273 Prestige 652H/HW Series User’s Guide Table 20-15 Bandwidth Manager: Class Configuration LABEL DESCRIPTION Service You can select a predefined service instead of configuring the Destination Port, Source Port and Protocol ID fields. SIP (Session Initiation Protocol) is a signaling protocol used in Internet telephony, instant messaging and other VoIP (Voice over IP) applications.

  • Page 274: Table 20-16 Services And Port Numbers

    Prestige 652H/HW Series User’s Guide Table 20-15 Bandwidth Manager: Class Configuration LABEL DESCRIPTION Cancel Click Cancel to begin configuring this screen afresh. Table 20-16 Services and Port Numbers SERVICES PORT NUMBER ECHO FTP (File Transfer Protocol) SMTP (Simple Mail Transfer Protocol) DNS (Domain Name System) Finger HTTP (Hyper Text Transfer protocol or WWW, Web)

  • Page 275: Table 20-17 Bandwidth Management Statistics

    Prestige 652H/HW Series User’s Guide Table 20-17 Bandwidth Management Statistics The following table describes the labels in this screen. Table 20-18 Bandwidth Management Statistics LABEL DESCRIPTION Class Name This field displays the name of the class the statistics page is showing. Budget (kbps) This field displays the amount of bandwidth allocated to the class.

  • Page 276: Configuring Monitor

    Prestige 652H/HW Series User’s Guide Table 20-18 Bandwidth Management Statistics LABEL DESCRIPTION Clear Counter Click Clear Counter to clear all of the bandwidth management statistics. 20.11 Configuring Monitor To view the Prestige’s bandwidth usage and allotments, click BW Manager, then Monitor. The screen appears as shown.

  • Page 277: Maintenance

    Maintenance Part VIII: Maintenance This part covers the maintenance screens. VIII...

  • Page 279: Chapter 21 Maintenance

    Prestige 652H/HW Series User’s Guide Chapter 21 Maintenance This chapter displays system information such as ZyNOS firmware, port IP addresses and port traffic statistics. 21.1 Maintenance Overview The maintenance screens can help you view system information, upload new firmware, manage configuration and restart your Prestige.

  • Page 280: Figure 21-1 System Status

    Prestige 652H/HW Series User’s Guide Figure 21-1 System Status The following table describes the fields in this screen. 21-2 Maintenance...

  • Page 281: Table 21-1 System Status

    Prestige 652H/HW Series User’s Guide Table 21-1 System Status LABEL DESCRIPTION System Status System Name This is the name of your Prestige. It is for identification purposes. This is the ZyNOS firmware version and the date created. ZyNOS is ZyXEL's ZyNOS Firmware Version proprietary Network Operating System design.

  • Page 282: Figure 21-2 System Status: Show Statistics

    Prestige 652H/HW Series User’s Guide Table 21-1 System Status LABEL DESCRIPTION ESSID This is the descriptive name used to identify the Prestige in the wireless LAN. Channel This is the channel number used by the Prestige now. WEP This displays the status of WEP data encryption. Show Statistics Click Show Statistics to see the performance statistics such as number of packets sent and number of packets received for each port.

  • Page 283: Table 21-2 System Status: Show Statistics

    Prestige 652H/HW Series User’s Guide Table 21-2 System Status: Show Statistics LABEL DESCRIPTION System up Time This is the elapsed time the system has been up. CPU Load This field specifies the percentage of CPU utilization. LAN or WAN Port This is the WAN or LAN port.

  • Page 284: Dhcp Table Screen

    Prestige 652H/HW Series User’s Guide Table 21-2 System Status: Show Statistics LABEL DESCRIPTION Set Interval Click this button to apply the new poll interval you entered in the Poll Interval field above. Stop Click this button to halt the refreshing of the system statistics. 21.3 DHCP Table Screen DHCP (Dynamic Host Configuration Protocol, RFC 2131 and RFC 2132) allows individual clients to obtain TCP/IP configuration at start-up from a server.

  • Page 285: Wireless Screens

    Prestige 652H/HW Series User’s Guide Table 21-3 DHCP Table LABEL DESCRIPTION MAC Address This field displays the MAC (Media Access Control) address of the computer with the displayed host name. Every Ethernet device has a unique MAC address. The MAC address is assigned at the factory and consists of six pairs of hexadecimal characters, for example, 00:A0:C5:00:00:02.

  • Page 286: Figure 21-5 Channel Usage Table

    Prestige 652H/HW Series User’s Guide Table 21-4 Association List LABEL DESCRIPTION Back Click Back to return to the previous screen. Refresh Click Refresh to renew the information in the table. 21.4.2 Channel Usage Table This screen displays the state of the channels within the Prestige’s transmission range. Click Wireless LAN under Maintenance and then Channel Usage Table to open the screen shown next.

  • Page 287: Diagnostic Screens

    Prestige 652H/HW Series User’s Guide Table 21-5 Channel Usage Table LABEL DESCRIPTION Activity This field displays Yes if another AP or Ad-hoc network is using the channel within the Prestige’s transmission range. Back Click Back to return to the previous screen. Refresh Click Refresh to renew the information in the table.

  • Page 288: Figure 21-7 Diagnostic Dsl Line

    Prestige 652H/HW Series User’s Guide The following table describes the fields in this screen. Table 21-6 Diagnostic General LABEL DESCRIPTION TCP/IP Type the IP address of a computer that you want to ping in order to test a connection. Address Ping Click this button to ping the IP address that you entered.

  • Page 289: Firmware Screen

    Prestige 652H/HW Series User’s Guide The following table describes the fields in this screen. Table 21-7 Diagnostic DSL Line LABEL DESCRIPTION Reset ADSL Click this button to reinitialize the ADSL line. The large text box above then displays the Line progress and results of this operation, for example: "Start to reset ADSL Loading ADSL modem F/W...

  • Page 290: Figure 21-8 Firmware Upgrade

    Prestige 652H/HW Series User’s Guide Figure 21-8 Firmware Upgrade The following table describes the fields in this screen. Table 21-8 Firmware Upgrade LABEL DESCRIPTION File Path Type in the location of the file you want to upload in this field or click Browse ... to find it. Click Browse...

  • Page 291: Configuration Screen

    Prestige 652H/HW Series User’s Guide If the upload was not successful, the following screen will appear. Click Back to go back to the Firmware screen. Figure 21-10 Error Message 21.7 Configuration Screen See the Firmware and Configuration File Maintenance chapter for transferring configuration files using FTP/TFTP commands.

  • Page 292: Figure 21-12 Restore Configuration

    Prestige 652H/HW Series User’s Guide Figure 21-11 Backup Configuration 21.7.2 Restore Configuration Restore configuration replaces your Prestige 's current configuration (firewall settings, etc.) with a new or previously saved configuration. Restore files (usually) have a .ROM extension, e.g., "prestige.rom". The system reboots automatically after the file transfer is complete and uses the configured values in the file.

  • Page 293: Figure 21-13 Configuration Upload Successful

    Prestige 652H/HW Series User’s Guide Table 21-9 Restore Configuration LABEL DESCRIPTION File Path Type in the location of the file you want to upload in this field or click Browse ... to find it. Click Browse... to find the file you want to upload. Remember that you must decompress Browse...

  • Page 294: Figure 21-15 Configuration Upload Error

    Prestige 652H/HW Series User’s Guide If the upload was not successful, the following screen will appear. Click Back to return to the main Configuration screen. Figure 21-15 Configuration Upload Error 21.7.3 Back to Factory Defaults Clicking the Reset button in this section clears all user-entered configuration information and returns the Prestige to its factory defaults as shown on the screen.

  • Page 295: Figure 21-17 Reset Warning Message

    Prestige 652H/HW Series User’s Guide Figure 21-17 Reset Warning Message You can also press the RESET button on the side panel to reset the factory defaults of your Prestige. Refer to the Resetting the Prestige section for more information on the RESET button. Maintenance 21-17...

  • Page 297: Smt General Configuration

    SMT General Configuration Part IX: SMT General Configuration This part covers System Management Terminal configuration for general setup, WAN backup, LAN setup, wireless LAN setup, Internet access, remote node, static route, NAT and enabling the firewall. See the web configurator parts of this guide for background information on features configurable by web configurator and SMT.

  • Page 299: Chapter 22 Introducing The Smt

    Prestige 652H/HW Series User’s Guide Chapter 22 Introducing the SMT This chapter explains how to access and navigate the System Management Terminal and gives an overview of its menus. 22.1 SMT Introduction The Prestige’s SMT (System Management Terminal) is a menu-driven interface that you can access from a terminal emulator through the console port or over a telnet connection.

  • Page 300: Figure 22-1 Login Screen

    Prestige 652H/HW Series User’s Guide Please note that if there is no activity for longer than five minutes after you log in, your Prestige will automatically log you out. Enter Password : **** Figure 22-1 Login Screen 22.1.4 Prestige SMT Menu Overview We use the Prestige 652H/HW-31 SMT menus in this guide as an example.

  • Page 301: Figure 6-1 Dmz

    Prestige 652H/HW Series User’s Guide Prestige 652HW Main Menu Menu 2 Menu 3 Menu 4 Menu 5 Menu 12 Menu 1 Menu 11 WAN Backup Setup LAN Setup DMZ Setup General Setup Internet Access Static Routing Setup Remote Node Setup Setup Menu 3.1 Menu 5.1...

  • Page 302: Navigating The Smt Interface

    Prestige 652H/HW Series User’s Guide 22.2 Navigating the SMT Interface The SMT (System Management Terminal) is the interface that you use to configure your Prestige. Several operations that you should be familiar with before you attempt to modify the configuration are listed in the table below.

  • Page 303: Figure 22-3 Smt Main Menu

    Prestige 652H/HW Series User’s Guide Copyright (c) 1994 - 2003 ZyXEL Communications Corp. Prestige 652H/HW-31 Main Menu Getting Started Advanced Management 1. General Setup 21. Filter and Firewall Setup 2. WAN Backup Setup 22. SNMP Configuration 3. LAN Setup 23. System Security 4.

  • Page 304: Changing The System Password

    Prestige 652H/HW Series User’s Guide Table 22-2 Main Menu Summary MENU TITLE DESCRIPTION System Security Use this menu to set up wireless security and change your password. System Maintenance This menu provides system status, diagnostics, software upload, etc. IP Routing Policy Setup Use this menu to configure your IP routing policy.

  • Page 305: Chapter 23 Menu 1 General Setup

    Prestige 652H/HW Series User’s Guide Chapter 23 Menu 1 General Setup Menu 1 - General Setup contains administrative and system-related information. 23.1 General Setup Menu 1 — General Setup contains administrative and system-related information (shown next). The System Name field is for identification purposes. However, because some ISPs check this name you should enter your computer's "Computer Name".

  • Page 306: Figure 23-1 Menu 1 General Setup

    Prestige 652H/HW Series User’s Guide Menu 1 - General Setup System Name= P652HW Location= Contact Person's Name= Domain Name= Edit Dynamic DNS= No Route IP= Yes Bridge= No Press ENTER to Confirm or ESC to Cancel: Figure 23-1 Menu 1 General Setup Step 2.

  • Page 307: Figure 23-2 Menu 1.1 Configure Dynamic Dns

    Prestige 652H/HW Series User’s Guide 23.2.1 Procedure to Configure Dynamic DNS If you have a private WAN IP address, then you cannot use Dynamic DNS. Step 1. To configure Dynamic DNS, go to Menu 1 — General Setup and select Yes in the Edit Dynamic DNS field.

  • Page 309: Chapter 24 Menu 2 Wan Backup Setup

    Prestige 652H/HW Series User’s Guide Chapter 24 Menu 2 WAN Backup Setup This chapter describes how to configure traffic redirect and dial-backup using menu 2, 2.1, 2.2 and 2.2.1. 24.1 Introduction to WAN Backup Setup This chapter explains how to configure the Prestige for traffic redirect and dial backup connections. 24.2 Dial Backup To set up the auxiliary port for use in the event that the regular WAN connection is dropped, first make sure you have set up the port connection (and the CON/AUX switch to AUX on the Prestige) and then configure:...

  • Page 310: Figure 24-1 Menu 2 Wan Backup Setup

    Prestige 652H/HW Series User’s Guide Menu 2 - Wan Backup Setup Check Mechanism = DSL Link Check WAN IP Address1 = 0.0.0.0 Check WAN IP Address2 = 0.0.0.0 Check WAN IP Address3 = 0.0.0.0 KeepAlive Fail Tolerance = 0 Recovery Interval(sec) = 0 ICMP Timeout(sec) = 0 Traffic Redirect = No Dial Backup = No...

  • Page 311: Figure 24-2 Menu 2.1Traffic Redirect Setup

    Prestige 652H/HW Series User’s Guide Table 24-1 Menu 2 WAN Backup Setup FIELD DESCRIPTION Recovery When the Prestige is using a lower priority connection (usually a WAN backup Interval(sec) connection), it periodically checks to whether or not it can use a higher priority connection.

  • Page 312: Configuring Dial Backup Setup

    Prestige 652H/HW Series User’s Guide The following table describes the fields in this menu. Table 24-2 Menu 2.1Traffic Redirect Setup FIELD DESCRIPTION Active Press [SPACE BAR] and select Yes (to enable) or No (to disable) traffic redirect setup. The default is No. Configuration: Backup Enter the IP address of your backup gateway in dotted decimal notation.

  • Page 313: Figure 24-3 Menu 2.2 Dial Backup Setup

    Prestige 652H/HW Series User’s Guide Menu 2.2 - Dial Backup Setup Dial-Backup: Active= No Port Speed= 115200 AT Command String: Init= at&fs0=0 Edit Advanced Setup= No Press ENTER to Confirm or ESC to Cancel: Press Space Bar to Toggle Figure 24-3 Menu 2.2 Dial Backup Setup The following table describes the fields in this menu.

  • Page 314: Advanced Dial Backup Setup

    Prestige 652H/HW Series User’s Guide 24.5 Advanced Dial Backup Setup Consult the manual of your WAN device connected to your Dial Backup port for specific AT commands. To edit the advanced setup for the dial backup port, move the cursor to the Edit Advanced Setup field in Menu 2.2 Dial Backup Setup, press the [SPACE BAR] to select Yes and then press [ENTER].

  • Page 315: Remote Node Profile (Backup Isp)

    Prestige 652H/HW Series User’s Guide Table 24-4 Menu 2.2.1 Advanced Dial Backup Setup: AT Commands Fields FIELD DESCRIPTION EXAMPLE CLID (Calling Line Enter the keyword that precedes the CLID (Calling Line Identification) in NMBR = Identification) the AT response string. This lets the Prestige capture the CLID in the AT response string that comes from the WAN device.

  • Page 316: Figure 24-5 Menu 11.1 Remote Node Profile (Backup Isp)

    Prestige 652H/HW Series User’s Guide Enter 8 in Menu 11 Remote Node Setup to open Menu 11.1 Remote Node Profile (Backup ISP) (shown below) and configure the setup for your dial backup port connection. Menu 11.1 - Remote Node Profile (Backup ISP) Rem Node Name= ? Edit PPP Options= No Active= Yes...
  • Page 317 Prestige 652H/HW Series User’s Guide Table 24-6 Menu 11.1 Remote Node Profile (Backup ISP) FIELD DESCRIPTION EXAMPLE Authen This field sets the authentication protocol used for outgoing calls. CHAP/PAP Options for this field are: CHAP/PAP - Your Prestige will accept either CHAP or PAP when requested by this remote node.

  • Page 318: Editing Ppp Options

    Prestige 652H/HW Series User’s Guide Table 24-6 Menu 11.1 Remote Node Profile (Backup ISP) FIELD DESCRIPTION EXAMPLE Nailed-Up Press [SPACE BAR] to select Yes to set this connection to always be Connection on, regardless of whether or not there is any traffic. Select No to have (default) this connection act as a dial-up connection.

  • Page 319: Editing Tcp/Ip Options

    Prestige 652H/HW Series User’s Guide Figure 24-7 Menu 11.2 Remote Node PPP Options FIELD DESCRIPTION EXAMPLE Encapsulation Press [SPACE BAR] and then [ENTER] to select CISCO PPP if your Standard PPP Dial Backup WAN device uses Cisco PPP encapsulation, otherwise (default) select Standard PPP.

  • Page 320: Editing Login Script

    Prestige 652H/HW Series User’s Guide Table 24-7 Menu 11.3 Remote Node Network Layer Options FIELD DESCRIPTION EXAMPLE My WAN Leave the field set to 0.0.0.0 to have the ISP or other remote router 0.0.0.0 Addr dynamically (automatically) assign your WAN IP address if you do not (default) know it.
  • Page 321 Prestige 652H/HW Series User’s Guide Welcome to Acme, Inc. Login: myLogin Password: To handle the first prompt, you specify “ogin: ” as the ‘Expect’ string and “myLogin” as the ‘Send’ string in set 1. The reason for leaving out the leading “L” is to avoid having to know exactly whether it is upper or lower case.

  • Page 322: Remote Node Filter

    Prestige 652H/HW Series User’s Guide Menu 11.4 - Remote Node Script Active= No Set 1: Set 5: Expect= Expect= Send= Send= Set 2: Set 6: Expect= Expect= Send= Send= Set 3: Expect= Send= Set 4: Expect= Send= Enter here to CONFIRM or ESC to CANCEL: Figure 24-9 Menu 11.4 Remote Node Setup Script The following table describes the fields in this menu.

  • Page 323: Figure 24-10 Menu 11.1 Remote Node Profile (Backup Isp)

    Prestige 652H/HW Series User’s Guide Menu 11.1 - Remote Node Profile (Backup ISP) Rem Node Name= ? Edit PPP Options= No Active= Yes Rem IP Addr= ? Edit IP= No Outgoing: Edit Script Options= No My Login= My Password= ******** Telco Option: Authen= CHAP/PAP Allocated Budget(min)= 0...

  • Page 325: Chapter 25 Menu 3 Lan Setup

    Prestige 652H/HW Series User’s Guide Chapter 25 Menu 3 LAN Setup This chapter covers how to configure your wired Local Area Network (LAN) settings. 25.1 LAN Setup This section describes how to configure the Ethernet using Menu 3 — LAN Setup. From the main menu, enter 3 to display menu 3.

  • Page 326: Protocol Dependent Ethernet Setup

    Prestige 652H/HW Series User’s Guide Menu 3.1 - LAN Port Filter Setup Input Filter Sets: protocol filters= device filters= Output Filter Sets: protocol filters= device filters= Press ENTER to Confirm or ESC to Cancel: Figure 25-2 Menu 3.1 LAN Port Filter Setup If you need to define filters, please read the Filter Set Configuration chapter first, then return to this menu to define the filter sets.

  • Page 327: Figure 25-3 Menu 3.2 Tcp/Ip And Dhcp Ethernet Setup

    Prestige 652H/HW Series User’s Guide Menu 3.2 - TCP/IP and DHCP Ethernet Setup First address in DHCP Setup: the IP pool DHCP= Server Client IP Pool Starting Address= 192.168.1.33 Size of Client IP Pool= 32 Primary DNS Server= 0.0.0.0 Size of the IP Secondary DNS Server= 0.0.0.0 Remote DHCP Server= N/A Pool...

  • Page 328: Introduction To Vlans

    Prestige 652H/HW Series User’s Guide Table 25-1 DHCP Ethernet Setup FIELD DESCRIPTION EXAMPLE Remote DHCP Server If Relay is selected in the DHCP field above then enter the IP address of the actual remote DHCP server here. Follow the instructions in the following table to configure TCP/IP parameters for the Ethernet port. Table 25-2 TCP/IP Ethernet Setup FIELD DESCRIPTION...

  • Page 329: Introduction To Port-Based Vlans

    Prestige 652H/HW Series User’s Guide VLAN increases network performance by limiting broadcasts to a smaller and more manageable logical broadcast domain. With VLAN, all broadcasts are confined to a specific broadcast domain. 25.5 Introduction to Port-based VLANs Port-based VLANs are VLANs where the packet forwarding decision is based on its associated port. If you wish to allow the ports to communicate, you must enable VLAN for the two ports.

  • Page 331: Chapter 26 Wireless Lan Setup

    Prestige 652H/HW Series User’s Guide Chapter 26 Wireless LAN Setup This chapter covers how to configure wireless LAN settings in SMT menu 3.5. 26.1 Wireless LAN Overview Refer to the chapter on the wireless LAN screens for wireless LAN background information. 26.2 Inserting a PCMCIA Wireless LAN Card Use a ZyAIR series wireless LAN PCMCIA card to add optional wireless LAN capabilities.

  • Page 332: Figure 26-1 Menu 3.5 - Wireless Lan Setup

    Prestige 652H/HW Series User’s Guide Menu 3.5- Wireless LAN Setup ESSID= Wireless Hide ESSIS = No Channel ID= CH01 2412MHz RTS Threshold= 2432 Frag. Threshold= 2432 WEP= Disable Default Key= N/A Key1= N/A Key2= N/A Key3= N/A Key4= N/A Edit MAC Address Filter= No Edit Roaming Configuration= No Press ENTER to Confirm or ESC to Cancel: Figure 26-1 Menu 3.5 - Wireless LAN Setup...

  • Page 333: Wireless Lan Mac Address Filter

    Prestige 652H/HW Series User’s Guide Table 26-1 Menu 3.5 - Wireless LAN Setup FIELD DESCRIPTION EXAMPLE Frag. The threshold (number of bytes) for the fragmentation boundary for 2432 Threshold directed messages. It is the maximum data fragment size that can be sent. Enter a value between 256 and 2432.

  • Page 334: Figure 26-2 Menu 3.5.1 Wlan Mac Address Filtering

    Prestige 652H/HW Series User’s Guide Menu 3.5.1 - WLAN MAC Address Filter Active= No Filter Action= Allowed Association ------------------------------------------------------------------------------ 00:00:00:00:00:00 00:00:00:00:00:00 00:00:00:00:00:00 00:00:00:00:00:00 00:00:00:00:00:00 00:00:00:00:00:00 00:00:00:00:00:00 00:00:00:00:00:00 00:00:00:00:00:00 00:00:00:00:00:00 00:00:00:00:00:00 00:00:00:00:00:00 00:00:00:00:00:00 00:00:00:00:00:00 00:00:00:00:00:00 00:00:00:00:00:00 00:00:00:00:00:00 00:00:00:00:00:00 00:00:00:00:00:00 00:00:00:00:00:00 00:00:00:00:00:00 00:00:00:00:00:00 00:00:00:00:00:00 00:00:00:00:00:00...

  • Page 335: Figure 26-3 Menu 3.5 Wireless Lan Setup

    Prestige 652H/HW Series User’s Guide 26.3.2 Configuring Roaming Enable the roaming feature if you have two or more Prestiges on the same subnet. Follow the steps below to allow roaming on your Prestige. Step 1. From the main menu, enter 3 to display Menu 3 – LAN Setup. Step 2.

  • Page 336: Table 26-3 Menu 3.5.2 Roaming Configuration

    Prestige 652H/HW Series User’s Guide Table 26-3 Menu 3.5.2 Roaming Configuration FIELD DESCRIPTION Active Press [SPACE BAR] and then [ENTER] to select Yes to enable roaming on the Prestige if you have two or more Prestiges on the same subnet. Port # Type the port number to communicate roaming information between access points.

  • Page 337: Chapter 27 Internet Access

    Prestige 652H/HW Series User’s Guide Chapter 27 Internet Access This chapter shows you how to configure the LAN and WAN of your Prestige for Internet access 27.1 Internet Access Overview Refer to the chapters on the web configurator’s wizard, LAN and WAN screens for more background information on fields in the SMT screens covered in this chapter.

  • Page 338: Ip Alias Setup

    Prestige 652H/HW Series User’s Guide Figure 27-1 Physical Network Figure 27-2 Partitioned Logical Networks Use menu 3.2.1 to configure IP Alias on your Prestige. 27.4 IP Alias Setup Use menu 3.2 to configure the first network. Move the cursor to Edit IP Alias field and press [SPACEBAR] to choose Yes and press [ENTER] to configure the second and third network.

  • Page 339: Figure 27-4 Menu 3.2.1 Ip Alias Setup

    Prestige 652H/HW Series User’s Guide Menu 3.2.1 - IP Alias Setup IP Alias 1= No IP Address= N/A IP Subnet Mask= N/A RIP Direction= N/A Version= N/A Incoming protocol filters= N/A Outgoing protocol filters= N/A IP Alias 2= No IP Address= N/A IP Subnet Mask= N/A RIP Direction= N/A Version= N/A...

  • Page 340: Route Ip Setup

    Prestige 652H/HW Series User’s Guide 27.5 Route IP Setup The first step is to enable the IP routing in Menu 1 — General Setup. To edit menu 1, type 1 in the main menu and press [ENTER]. Set the Route IP field to Yes by pressing [SPACE BAR].

  • Page 341: Figure 27-6 Menu 4 Internet Access Setup

    Prestige 652H/HW Series User’s Guide Menu 4 - Internet Access Setup ISP's Name= ChangeMe Encapsulation= ENET ENCAP Multiplexing= LLC-based VPI #= 8 VCI #= 35 ATM QoS Type= UBR Peak Cell Rate (PCR)= 0 Sustain Cell Rate (SCR)= 0 Maximum Burst Size (MBS)= 0 My Login= N/A My Password= N/A ENET ENCAP Gateway= N/A...
  • Page 342 Prestige 652H/HW Series User’s Guide Table 27-2 Menu 4 Internet Access Setup FIELD DESCRIPTION EXAMPLE Sustain Cell Sustained Cell Rate is the mean cell rate of a bursty, on-off traffic Rate (SCR)= 0 source that can be sent at the peak rate, and a parameter for burst- traffic.

  • Page 343: Chapter 28 Dmz Setup

    Prestige 652H/HW Series User’s Guide Chapter 28 DMZ Setup This chapter describes how to configure the Prestige’s DMZ using Menu 5 DMZ Setup. 28.1 Configuring DMZ Setup From the main menu, enter 5 to open Menu 5 – DMZ Setup. Menu 5 - DMZ Setup 1.

  • Page 344: Tcp/Ip Setup

    Prestige 652H/HW Series User’s Guide 28.3 TCP/IP Setup For more detailed information about RIP setup, IP Multicast and IP alias, please refer to the LAN chapter. 28.3.1 IP Address From the main menu, enter 5 to open Menu 5 - DMZ Setup to configure TCP/IP (RFC 1155). Menu 5 - DMZ Setup 1.

  • Page 345: Chapter 29 Remote Node Configuration

    Prestige 652 Series User’s Guide Chapter 29 Remote Node Configuration This chapter covers remote node configuration. 29.1 Remote Node Setup Overview This section describes the protocol-independent parameters for a remote node. A remote node is required for placing calls to a remote gateway. A remote node represents both the remote gateway and the network behind it across a WAN connection.

  • Page 346: Figure 29-1 Menu 11 Remote Node Setup

    Prestige 652H/HW Series User’s Guide Menu 11 - Remote Node Setup 1. My ISP (ISP, SUA) 2. ________ 3. ________ 4. ________ 5. ________ 6. ________ 7. ________ 8. ________ Enter Node # to Edit: Figure 29-1 Menu 11 Remote Node Setup 29.2.2 Encapsulation and Multiplexing Scenarios For Internet access you should use the encapsulation and multiplexing methods used by your ISP.

  • Page 347: Figure 29-2 Menu 11.1 Remote Node Profile

    Prestige 652 Series User’s Guide Menu 11.1 - Remote Node Profile Edit IP/Bridge Options Rem Node Name= ChangeMe Route= IP in menu 11.3. Active= Yes Bridge= No Encapsulation= ENET ENCAP Edit IP/Bridge= No Multiplexing= LLC-based Edit ATM Options= No Edit ATM Options in Service Name= N/A Edit Advance Options= N/A Incoming:...
  • Page 348 Prestige 652H/HW Series User’s Guide Table 29-1 Menu 11.1 Remote Node Profile FIELD DESCRIPTION EXAMPLE Rem Login Type the login name that this remote node will use to call your Prestige. The login name and the Rem Password will be used to authenticate this node.

  • Page 349: Outgoing Authentication Protocol

    Prestige 652 Series User’s Guide Table 29-1 Menu 11.1 Remote Node Profile FIELD DESCRIPTION EXAMPLE Allocated Budget This sets a ceiling for outgoing call time for this remote node. The (min) default for this field is 0 meaning no budget control. Period (hr) This field is the time period that the budget should be reset.

  • Page 350: Remote Node Network Layer Options

    Prestige 652H/HW Series User’s Guide 29.3 Remote Node Network Layer Options For the TCP/IP parameters, perform the following steps to edit Menu 11.3 – Remote Node Network Layer Options as shown next. Step 1. In menu 11.1, make sure IP is among the protocols in the Route field. Step 2.
  • Page 351 Prestige 652 Series User’s Guide Table 29-2 Menu 11.3 Remote Node Network Layer Options FIELD DESCRIPTION EXAMPLE My WAN Some implementations, especially UNIX derivatives, require separate IP Addr network numbers for the WAN and LAN links and each end to have a unique address within the WAN network number.

  • Page 352: Remote Node Filter

    Prestige 652H/HW Series User’s Guide Table 29-2 Menu 11.3 Remote Node Network Layer Options FIELD DESCRIPTION EXAMPLE When you have completed this menu, press [ENTER] at the prompt “Press ENTER to confirm or ESC to cancel” to save your configuration or press [ESC] to cancel and go back to the previous screen. 29.3.1 My WAN Addr Sample IP Addresses The following figure uses sample IP addresses to help you understand the field of My WAN Addr in menu 11.3.

  • Page 353: Editing Atm Layer Options

    Prestige 652 Series User’s Guide Use Menu 11.5 – Remote Node Filter to specify the filter set(s) to apply to the incoming and outgoing traffic between this remote node and the Prestige and also to prevent certain packets from triggering calls. You can specify up to 4 filter sets separated by comma, for example, 1, 5, 9, 12, in each filter field.

  • Page 354: Figure 29-7 Menu 11.6 For Vc-Based Multiplexing

    Prestige 652H/HW Series User’s Guide There are two versions of menu 11.6 for the Prestige, depending on whether you chose VC-based/LLC- based multiplexing and PPP encapsulation in menu 11.1. 29.5.1 VC-based Multiplexing (non-PPP Encapsulation) For VC-based multiplexing, by prior agreement, a protocol is assigned a specific virtual circuit, for example, VC1 will carry IP.

  • Page 355: Figure 29-9 Menu 11.1 Remote Node Profile

    Prestige 652 Series User’s Guide In this case, only one set of VPI and VCI numbers need be specified for all protocols. The valid range for the VPI is 0 to 255 and for the VCI is 32 to 65535 (1 to 31 is reserved for local management of ATM traffic). 29.5.3 Advance Setup Options In menu 11.1, select PPPoE in the Encapsulation field.

  • Page 356: Table 29-3 Menu 11.8 Advance Setup Options

    Prestige 652H/HW Series User’s Guide Table 29-3 Menu 11.8 Advance Setup Options FIELD DESCRIPTION PPPoE+ Press [SPACE BAR] to select Yes and press [ENTER] to enable PPPoE pass PPPoE_Client_PC through. In addition to the Prestige's built-in PPPoE client, you can enable PPPoE pass through to allow up to ten hosts on the LAN to use PPPoE client software on their computers to connect to the ISP via the Prestige.

  • Page 357: Chapter 30 Static Route Setup

    Prestige 652 Series User’s Guide Chapter 30 Static Route Setup This chapter shows how to setup IP static routes. 30.1 IP Static Route Overview Static routes tell the Prestige routing information that it cannot learn automatically through other means. This can arise in cases where RIP is disabled on the LAN or a remote network is beyond the one that is directly connected to a remote node.

  • Page 358: Configuration

    Prestige 652H/HW Series User’s Guide 30.2 Configuration Step 1. To configure an IP static route, use Menu 12 – Static Route Setup (shown next). Menu 12 - Static Route Setup 1. IP Static Route 3. Bridge Static Route Please enter selection: Figure 30-2 Menu 12 Static Route Setup Step 2.

  • Page 359: Figure 30-4 Menu12.1.1 Edit Ip Static Route

    Prestige 652 Series User’s Guide Menu 12.1.1 - Edit IP Static Route Route #: 1 Route Name= ? Active= No Destination IP Address= ? IP Subnet Mask= ? Gateway IP Address= ? Metric= 2 Private= No Press ENTER to Confirm or ESC to Cancel: Figure 30-4 Menu12.1.1 Edit IP Static Route The following table describes the fields for Menu 12.1.1 –...
  • Page 360 Prestige 652H/HW Series User’s Guide Table 30-1 Menu12.1.1 Edit IP Static Route FIELD DESCRIPTION Private This parameter determines if the Prestige will include the route to this remote node in its RIP broadcasts. If set to Yes, this route is kept private and is not included in RIP broadcasts.

  • Page 361: Chapter 31 Bridging Setup

    Prestige 652 Series User’s Guide Chapter 31 Bridging Setup This chapter shows you how to configure the bridging parameters of your Prestige. 31.1 Bridging in General Bridging bases the forwarding decision on the MAC (Media Access Control), or hardware address, while routing does it on the network layer (IP) address.

  • Page 362: Figure 31-1 Menu 11.1 Remote Node Profile

    Prestige 652H/HW Series User’s Guide Menu 11.1 - Remote Node Profile Rem Node Name= ? Route= IP Bridge= Yes Active= Yes Edit IP/Bridge= No Encapsulation= ENET ENCAP Multiplexing= VC-based Edit ATM Options= No Service Name= N/A Edit Advance Options= N/A Incoming: Telco Option: Rem Login= N/A...

  • Page 363: Figure 31-3 Menu 12.3.1 Edit Bridge Static Route

    Prestige 652 Series User’s Guide Table 31-1 Remote Node Network Layer Options : Bridge Fields FIELD DESCRIPTION Bridge (menu 11.1) Make sure this field is set to Yes. Edit IP/Bridge (menu Press [SPACE BAR] to select Yes and press [ENTER] to display menu 11.3. 11.1) Ethernet Addr Timeout Type the time (in minutes) for the Prestige to retain the Ethernet Address...

  • Page 364: Bridging Setup

    Prestige 652H/HW Series User’s Guide FIELD DESCRIPTION Route Name Type a name for the bridge static route for identification purposes. Active Indicates whether the static route is active (Yes) or not (No). Ether Address Type the MAC address of the destination computer that you want to bridge the packets to.

  • Page 365: Chapter 32 Network Address Translation (Nat)

    Prestige 652 Series User’s Guide Chapter 32 Network Address Translation (NAT) This chapter discusses how to configure NAT on the Prestige. 32.1 Using NAT You must create a firewall rule in addition to setting up SUA/NAT, to allow traffic from the WAN to be forwarded through the Prestige. 32.1.1 SUA (Single User Account) Versus NAT SUA (Single User Account) is a ZyNOS implementation of a subset of NAT that supports two types of mapping, Many-to-One and Server.

  • Page 366: Figure 32-1 Menu 4 Applying Nat For Internet Access

    Prestige 652H/HW Series User’s Guide Menu 4 - Internet Access Setup ISP's Name= MyISP Encapsulation= RFC 1483 Multiplexing= LLC-based VPI #= 8 VCI #= 35 ATM QoS Type= UBR Peak Cell Rate (PCR)= 0 Sustain Cell Rate (SCR)= 0 Maximum Burst Size (MBS)= 0 My Login= N/A My Password= N/A ENET ENCAP Gateway= N/A...

  • Page 367: Nat Setup

    Prestige 652 Series User’s Guide Menu 11.3 - Remote Node Network Layer Options IP Options: Bridge Options: IP Address Assignment = Dynamic Ethernet Addr Timeout(min)= N/A Rem IP Addr = 0.0.0.0 Rem Subnet Mask= 0.0.0.0 My WAN Addr= N/A NAT= SUA Only Address Mapping Set= N/A Metric= 2 Private= No...

  • Page 368: Figure 32-3 Menu 15 Nat Setup

    Prestige 652H/HW Series User’s Guide NAT web configurator screens for further information on these menus. To configure NAT, enter 15 from the main menu to bring up the following screen. Menu 15 — NAT Setup Address Mapping Sets NAT Server Sets Enter Menu Selection Number: Figure 32-3 Menu 15 NAT Setup 32.3.1 Address Mapping Sets...

  • Page 369: Figure 32-5 Menu 15.1.255 Sua Address Mapping Rules

    Prestige 652 Series User’s Guide Menu 15.1.255 - Address Mapping Rules Set Name= Local Start IP Local End IP Global Start IP Global End IP Type --------------- --------------- --------------- --------------- ------ 0.0.0.0 255.255.255.255 0.0.0.0 0.0.0.0 Server Press ENTER to Confirm or ESC to Cancel: Figure 32-5 Menu 15.1.255 SUA Address Mapping Rules The following table explains the fields in this menu.

  • Page 370: Figure 32-6 Menu 15.1.1 First Set

    Prestige 652H/HW Series User’s Guide Table 32-2 SUA Address Mapping Rules FIELD DESCRIPTION EXAMPLE When you have completed this menu, press [ENTER] at the prompt “Press ENTER to confirm or ESC to cancel” to save your configuration or press [ESC] to cancel and go back to the previous screen. User-Defined Address Mapping Sets Now let’s look at option 1 in menu 15.1.

  • Page 371: Table 32-3 Menu 15.1.1 First Set

    Prestige 652 Series User’s Guide ignored. If there are any empty rules before your new configured rule, your configured rule will be pushed up by that number of empty rules. For example, if you have already configured rules 1 to 6 in your current set and now you configure rule number 9.

  • Page 372: Figure 32-7 Menu 15.1.1.1 Editing/Configuring An Individual Rule In A Set

    Prestige 652H/HW Series User’s Guide Menu 15.1.1.1 Address Mapping Rule Type= One-to-One Local IP: Start= = N/A Global IP: Start= = N/A Server Mapping Set= N/A Press ENTER to Confirm or ESC to Cancel: Press Space Bar to Toggle. Figure 32-7 Menu 15.1.1.1 Editing/Configuring an Individual Rule in a Set The following table explains the fields in this menu.

  • Page 373: Configuring A Server Behind Nat

    Prestige 652 Series User’s Guide Table 32-4 Menu 15.1.1.1 Editing/Configuring an Individual Rule in a Set FIELD DESCRIPTION EXAMPLE Server Only available when Type is set to Server. Type a number from 1 to 10 to Mapping choose a server set from menu 15.2. When you have completed this menu, press [ENTER] at the prompt “Press ENTER to confirm or ESC to cancel”...

  • Page 374: Figure 32-9 Menu 15.2.1 Nat Server Setup

    Prestige 652H/HW Series User’s Guide Menu 15.2.1 - NAT Server Setup Rule Start Port No. End Port No. IP Address --------------------------------------------------- Default Default 0.0.0.0 192.168.1.33 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 Press ENTER to Confirm or ESC to Cancel: Figure 32-9 Menu 15.2.1 NAT Server Setup Step 7.

  • Page 375: General Nat Examples

    Prestige 652 Series User’s Guide Figure 32-10 Multiple Servers Behind NAT Example 32.5 General NAT Examples The following are some examples of NAT configuration. 32.5.1 Example 1: Internet Access Only In the following Internet access example, you only need one rule where your ILAs (Inside Local addresses) all map to one dynamic IGA (Inside Global Address) assigned by your ISP.

  • Page 376: Figure 32-12 Menu 4 Internet Access & Nat Example

    Prestige 652H/HW Series User’s Guide Menu 4 - Internet Access Setup ISP's Name= MyISP Encapsulation= RFC 1483 Multiplexing= LLC-based VPI #= 8 VCI #= 35 ATM QoS Type= UBR Peak Cell Rate (PCR)= 0 Sustain Cell Rate (SCR)= 0 Maximum Burst Size (MBS)= 0 My Login= N/A My Password= N/A ENET ENCAP Gateway= N/A...

  • Page 377: Figure 32-14 Menu 15.2.1 Specifying An Inside Server

    Prestige 652 Series User’s Guide Menu 15.2.1 - NAT Server Setup (Used for SUA Only) Rule Start Port No. End Port No. IP Address --------------------------------------------------- Default Default 192.168.1.10 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 Press ENTER to Confirm or ESC to Cancel: Figure 32-14 Menu 15.2.1 Specifying an Inside Server 32.5.3 Example 3: Multiple Public IP Addresses With Inside Servers In this example, there are 3 IGAs from our ISP.

  • Page 378: Figure 32-15 Nat Example 3

    Prestige 652H/HW Series User’s Guide Figure 32-15 NAT Example 3 Step 1. In this case you need to configure Address Mapping Set 1 from Menu 15.1 - Address Mapping Sets. Therefore you must choose the Full Feature option from the Network Address Translation field (in menu 4 or menu 11.3) in Figure 32-16.

  • Page 379: Figure 32-16 Example 3: Menu 11.3

    Prestige 652 Series User’s Guide Menu 11.3 - Remote Node Network Layer Options IP Options: Bridge Options: IP Address Assignment= Static Ethernet Addr Timeout (min)= 0 Rem IP Addr: 0.0.0.0 Rem Subnet Mask= 0.0.0.0 My WAN Addr= 0.0.0.0 NAT= Full Feature Address Mapping Set= 2 Metric= 2 Private= No...

  • Page 380: Figure 32-18 Example 3: Final Menu 15.1.1

    Prestige 652H/HW Series User’s Guide Menu 15.1.1 - Address Mapping Rules Set Name= Example3 Local Start IP Local End IP Global Start IP Global End IP Type --------------- --------------- --------------- --------------- ------ 1. 192.168.1.10 10.132.50.1 192.168.1.11 10.132.50.2 3. 0.0.0.0 255.255.255.255 10.132.50.3 10.132.50.3 Server...

  • Page 381: Figure 32-19 Nat Example 4

    Prestige 652 Series User’s Guide Menu 15.2.1 - NAT Server Setup Rule Start Port No. End Port No. IP Address --------------------------------------------------- Default Default 0.0.0.0 192.168.1.21 192.168.1.20 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 Press ENTER to Confirm or ESC to Cancel: Example 3: Menu 15.2.1 32.5.4 Example 4: NAT Unfriendly Application Programs Some applications do not support NAT Mapping using TCP or UDP port address translation.

  • Page 382: Figure 32-20 Example 4: Menu 15.1.1.1 Address Mapping Rule

    Prestige 652H/HW Series User’s Guide Other applications such as some gaming programs are NAT unfriendly because they embed addressing information in the data stream. These applications won’t work through NAT even when using One-to-One and Many-to-Many No Overload mapping types. Follow the steps outlined in example 3 to configure these two menus as follows.

  • Page 383: Chapter 33 Enabling The Firewall

    Prestige 652 Series User’s Guide Chapter 33 Enabling the Firewall This chapter shows you how to get started with the Prestige firewall. 33.1 Remote Management and the Firewall When SMT menu 24.11 is configured to allow management (see the Remote Management chapter) and the firewall is enabled: •...

  • Page 384: Figure 33-1 Menu 21.2 Firewall Setup

    Prestige 652H/HW Series User’s Guide Menu 21.2 - Firewall Setup The firewall protects against Denial of Service (DOS) attacks when it is active. The default Policy sets 1. allow all sessions originating from the LAN to the WAN and 2. deny all sessions originating from the WAN to the LAN You may define additional Policy rules or modify existing ones but please exercise extreme caution in doing so Active: Yes...

  • Page 385: Smt Advanced Management

    SMT Advanced Management Part X: SMT Advanced Management This part discusses filtering setup, SNMP, system security, system information and diagnosis, firmware and configuration file maintenance, system maintenance, remote management, IP Policy Routing and call scheduling. See the web configurator parts of this guide for background information on features configurable by web configurator and SMT.

  • Page 387: Chapter 34 Filter Configuration

    Prestige 652H/HW Series User’s Guide Chapter 34 Filter Configuration This chapter shows you how to create and apply filters. 34.1 About Filtering Your Prestige uses filters to decide whether or not to allow passage of a data packet and/or to make a call. There are two types of filter applications: data filtering and call filtering.

  • Page 388: Figure 34-1 Outgoing Packet Filtering Process

    Prestige 652H/HW Series User’s Guide Call Filtering Active Data match Built-in User-defined match match Outgoing Initiate call default Call Filters Data Packet if line not up Call Filters (if applicable) Send packet and reset Idle Timer Match Match Match Drop Drop packet Drop packet packet...

  • Page 389: Figure 34-2 Filter Rule Process

    Prestige 652H/HW Series User’s Guide Start Packet intoFilter Fetch First Filter Set Filter Set Fetch Next Fetch First Filter Set Filter Rule Fetch Next Filter Rule Next filter Next Filter Set Rule Active? Available? Available? Execute Filter Rule Check Next Rule Forward Drop...

  • Page 390: Configuring A Filter Set For The Prestige

    Prestige 652H/HW Series User’s Guide For incoming packets, your Prestige applies data filters only. Packets are processed depending on whether a match is found. The following sections describe how to configure filter sets. The Filter Structure of the Prestige A filter set consists of one or more filter rules. Usually, you would group related rules, for example, all the rules for NetBIOS, into a single set and give it a descriptive name.

  • Page 391: Figure 34-4 Netbios_Wan Filter Rules Summary

    Prestige 652H/HW Series User’s Guide Menu 21.1.2 - Filter Rules Summary # A Type Filter Rules M m n - - ---- --------------------------------------------------------------- - - - 1 Y IP Pr=6, SA=0.0.0.0, DA=0.0.0.0, DP=137 N D N 2 Y IP Pr=6, SA=0.0.0.0, DA=0.0.0.0, DP=138 N D N 3 Y IP Pr=6, SA=0.0.0.0, DA=0.0.0.0, DP=139...

  • Page 392: Filter Rules Summary Menus

    Prestige 652H/HW Series User’s Guide 34.3 Filter Rules Summary Menus The following tables briefly describe the abbreviations used in menus 21.1.1 and 21.1.2. Table 34-1 Abbreviations Used in the Filter Rules Summary Menu FIELD DESCRIPTION The filter rule number: 1 to 6. Active: “Y”...

  • Page 393: Configuring A Filter Rule

    Prestige 652H/HW Series User’s Guide Table 34-2 Rule Abbreviations Used FILTER TYPE DESCRIPTION Destination Port Number Offset Length 34.4 Configuring a Filter Rule To configure a filter rule, type its number in Menu 21.1.x – Filter Rules Summary and press [ENTER] to open menu 21.1.x.1 for the rule.

  • Page 394: Figure 34-7 Menu 21.1.X.1 Tcp/Ip Filter Rule

    Prestige 652H/HW Series User’s Guide Menu 21.1.1.1 - TCP/IP Filter Rule Filter #: 1,1 Filter Type= TCP/IP Filter Rule Active= No IP Protocol= 0 IP Source Route= No Destination: IP Addr= IP Mask= Port #= Port # Comp= None Source: IP Addr= IP Mask= Port #= Port # Comp= None...
  • Page 395 Prestige 652H/HW Series User’s Guide Table 34-3 Menu 21.1.x.1 TCP/IP Filter Rule FIELD DESCRIPTION EXAMPLE IP Addr Type the destination IP address of the packet you want to IP address filter. This field is ignored if it is 0.0.0.0. IP Mask Type the IP mask to apply to the Destination: IP Addr field.
  • Page 396 Prestige 652H/HW Series User’s Guide Table 34-3 Menu 21.1.x.1 TCP/IP Filter Rule FIELD DESCRIPTION EXAMPLE Action Matched Select the action for a matching packet. Choices are Check Check Next Rule Next Rule, Forward or Drop. (default) Action Not Matched Select the action for a packet not matching the rule. Choices Check Next Rule are Check Next Rule, Forward or Drop.

  • Page 397: Figure 34-8 Executing An Ip Filter

    Prestige 652H/HW Series User’s Guide Packet into IP Filter Filter Active? Apply SrcAddrMask to Src Addr Check Src Not Matched IP Addr Matched Apply DestAddrMask to Dest Addr Check Dest Not Matched IP Addr Matched Check Not Matched IP Protocol Matched Check Src &...

  • Page 398: Figure 34-9 Menu 21.1.5.1 Generic Filter Rule

    Prestige 652H/HW Series User’s Guide 34.4.2 Generic Filter Rule This section shows you how to configure a generic filter rule. The purpose of generic rules is to allow you to filter non-IP packets. For IP, it is generally easier to use the IP rules directly. For generic rules, the Prestige treats a packet as a byte stream as opposed to an IP packet.

  • Page 399: Table 34-4 Menu 21.1.5.1 Generic Filter Rule

    Prestige 652H/HW Series User’s Guide Table 34-4 Menu 21.1.5.1 Generic Filter Rule FIELD DESCRIPTION EXAMPLE Filter # This is the filter set, filter rule coordinates, for instance, 2, 3 refers to the second filter set and the third rule of that set. Filter Type Press [SPACE BAR] and then [ENTER] to select a type of rule.

  • Page 400: Filter Types And Nat

    Prestige 652H/HW Series User’s Guide 34.5 Filter Types and NAT There are two classes of filter rules, Generic Filter Device rules and Protocol Filter (TCP/IP) rules. Generic Filter rules act on the raw data from/to LAN and WAN. Protocol Filter rules act on IP packets. When NAT (Network Address Translation) is enabled, the inside IP address and port number are replaced on a connection-by-connection basis, which makes it impossible to know the exact address and port on the wire.

  • Page 401: Figure 34-11 Sample Telnet Filter

    Prestige 652H/HW Series User’s Guide Figure 34-11 Sample Telnet Filter Step 1. Enter 1 in the menu 21 to display Menu 21.1 — Filter Set Configuration. Step 2. Enter the index number of the filter set you want to configure (in this case 6) Step 3.

  • Page 402: Figure 34-12 Menu 21.1.6.1 Sample Filter

    Prestige 652H/HW Series User’s Guide Step 4. Press [ENTER] at the message Press [ENTER] to confirm or [ESC] to cancel” to open Menu “ 21.1.6 — Filter Rules Summary. Step 5. Type 1 to configure the first filter rule. Make the entries in this menu as shown next. When you press [ENTER] to confirm, the following screen appears.

  • Page 403: Applying Filtersand Factory Defaults

    Prestige 652H/HW Series User’s Guide Menu 21.1.6 - Filter Rules Summary # A Type Filter Rules M m n - - ---- --------------------------------------------------------------- - - - 1 Y IP Pr=6, SA=0.0.0.0, DA=0.0.0.0, DP=23 N D F Enter Filter Rule Number (1-6) to Configure: 1 This shows you that you have M = N means an action can be taken immediately.

  • Page 404: Figure 34-14 Filtering Ethernet Traffic

    Prestige 652H/HW Series User’s Guide Table 34-5 Filter Sets Table FILTER SETS DESCRIPTION Input Filter Sets: Apply filters for incoming traffic. You may apply protocol or device filter rules. See earlier in this chapter for information on filters. Output Filter Sets: Apply filters for traffic leaving the Prestige.

  • Page 405: Figure 34-15 Filtering Remote Node Traffic

    Prestige 652H/HW Series User’s Guide Apply filter 6 to block Menu 11.5 - Remote Node Filter Tel, FTP and Web Input Filter Sets: protocol filters= 6 traffic from the WAN. device filters= Output Filter Sets: protocol filters= 2 device filters= Call Filter Sets: Apply filter 2 to block Protocol filters=...

  • Page 407: Chapter 35 Snmp Configuration

    Prestige 652H/HW Series User’s Guide Chapter 35 SNMP Configuration This chapter explains SNMP Configuration menu 22. 35.1 About SNMP Simple Network Management Protocol is a protocol used for exchanging management information between network devices. SNMP is a member of the TCP/IP protocol suite. Your Prestige supports SNMP agent functionality, which allows a manager station to manage and monitor the Prestige through the network.

  • Page 408: Supported Mibs

    Prestige 652H/HW Series User’s Guide An agent is a management software module that resides in a managed device (the Prestige). An agent translates the local management information from the managed device into a form compatible with SNMP. The manager is the console through which network administrators perform network management functions. It executes applications that control and monitor managed devices.

  • Page 409: Figure 35-2 Menu 22 Snmp Configuration

    Prestige 652H/HW Series User’s Guide Menu 22 - SNMP Configuration SNMP: Get Community= public Set Community= public Trusted Host= 0.0.0.0 Trap: Community= public Destination= 0.0.0.0 Press ENTER to Confirm or ESC to Cancel: Figure 35-2 Menu 22 SNMP Configuration The following table describes the SNMP configuration parameters. Table 35-1 Menu 22 SNMP Configuration FIELD DESCRIPTION...

  • Page 410: Snmp Traps

    Prestige 652H/HW Series User’s Guide 35.4 SNMP Traps The Prestige will send traps to the SNMP manager when any one of the following events occurs: Table 35-2 SNMP Traps TRAP # TRAP NAME DESCRIPTION coldStart (defined in RFC-1215) A trap is sent after booting (power on). warmStart (defined in RFC-1215) A trap is sent after booting (software reboot).

  • Page 411: Chapter 36 System Security

    Prestige 652H/HW Series User’s Guide Chapter 36 System Security This chapter describes how to configure the system security on the Prestige. 36.1 System Security You can configure the system password, an external RADIUS server and IEEE802.1x in menu 23. 36.1.1 System Password Enter 23 in the main menu to display Menu 23 –...

  • Page 412: Figure 36-3 Menu 23.2 System Security : Radius Server

    Prestige 652H/HW Series User’s Guide Menu 23.2 - System Security - RADIUS Server Authentication Server: Active= No Server Address= 10.11.12.13 Port #= 1812 Shared Secret= ******** Accounting Server: Active= No Server Address= 10.11.12.13 Port #= 1813 Shared Secret= ******** Press ENTER to Confirm or ESC to Cancel: Figure 36-3 Menu 23.2 System Security : RADIUS Server The following table describes the fields in this menu.

  • Page 413: Figure 36-4 Menu 23 System Security

    Prestige 652H/HW Series User’s Guide Table 36-1 Menu 23.2 System Security : RADIUS Server FIELD DESCRIPTION EXAMPLE Port The default port of the RADIUS server for accounting is 1813. 1813 You need not change this value unless your network administrator instructs you to do so with additional information. Shared Secret Specify a password (up to 31 alphanumeric characters) as the key to be shared between the external accounting server and the...

  • Page 414: Figure 36-5 Menu 23.4 System Security : Ieee802.1X

    Prestige 652H/HW Series User’s Guide Menu 23.4 - System Security - IEEE802.1x Wireless Port Control= Authentication Required ReAuthentication Timer (in second)= 1800 Idle Timeout (in second)= 3600 Key Management Protocol= WPA Dynamic WEP Key Exchange= N/A PSK= N/A WPA Mixed Mode= Disable Data Privacy for Broadcast/Multicast packets= TKIP WPA Broadcast/Multicast Key Update Timer= 1800 Authentication Databases= Local User Database Only...
  • Page 415 Prestige 652H/HW Series User’s Guide Table 36-2 Menu 23.4 System Security : IEEE802.1x FIELD DESCRIPTION Idle Timeout The Prestige automatically disconnects a client from the wired network after a period of (in second) inactivity. The client needs to enter the username and password again before access to the wired network is allowed.

  • Page 416: Creating User Accounts On The Prestige

    Prestige 652H/HW Series User’s Guide Table 36-2 Menu 23.4 System Security : IEEE802.1x FIELD DESCRIPTION Authentication The authentication database contains wireless station login information. The local user Databases database is the built-in database on the Prestige. The RADIUS is an external server. Use this field to decide which database the Prestige should use (first) to authenticate a wireless station.

  • Page 417: Figure 36-6 Menu 14 Dial-In User Setup

    Prestige 652H/HW Series User’s Guide Menu 14 - Dial-in User Setup 1. ________ ________ 17. ________ 25. ________ 2. ________ 10. ________ 18. ________ 26. ________ 3. ________ 11. ________ 19. ________ 27. ________ 4. ________ 12. ________ 20. ________ 28.

  • Page 419: Chapter 37 System Information And Diagnosis

    Prestige 652H/HW Series User’s Guide Chapter 37 System Information and Diagnosis This chapter covers the information and diagnostic tools in SMT menus 24.1 to 24.4. These tools include updates on system status, port status, log and trace capabilities and upgrades for the system software.

  • Page 420: Figure 37-2 Menu 24.1 System Maintenance : Status

    Prestige 652H/HW Series User’s Guide Menu 24.1 - System Maintenance - Status 02:07:37 Sat. Jan. 01, 2000 Node-Lnk Status TxPkts RxPkts Errors Tx B/s Rx B/s Up Time 1-PPPoE Idle 0:00:00 0:00:00 0:00:00 0:00:00 0:00:00 0:00:00 0:00:00 My WAN IP (from ISP): 0.0.0.0 Ethernet: WAN: Status:...

  • Page 421: System Information

    Prestige 652H/HW Series User’s Guide Table 37-1 Menu 24.1 System Maintenance : Status FIELD DESCRIPTION Tx Pkts This is the number of transmitted packets to the LAN. Rx Pkts This is the number of received packets from the LAN. Collision This is the number of collisions.

  • Page 422: Figure 37-4 Menu 24.2.1 System Maintenance : Information

    Refers to the routing protocol used. ZyNOS F/W Version Refers to the ZyNOS (ZyXEL Network Operating System) system firmware version. ZyNOS is a registered trademark of ZyXEL Communications Corporation. ADSL Chipset Vendor Displays the vendor of the ADSL chipset and DSL version.

  • Page 423: Log And Trace

    Prestige 652H/HW Series User’s Guide 37.2.2 Console Port Speed You can set up different port speeds for the console port through Menu 24.2.2 – System Maintenance – Console Port Speed. Your Prestige supports 9600 (default), 19200, 38400, 57600 and 115200 bps. Press [SPACE BAR] and then [ENTER] to select the desired speed in menu 24.2.2, as shown in the following figure.

  • Page 424: Figure 37-7 Sample Error And Information Messages

    Prestige 652H/HW Series User’s Guide Step 3. Enter 1 from Menu 24.3 — System Maintenance — Log and Trace to display the error log in the system. After the Prestige finishes displaying the error log, you will have the option to clear it. Samples of typical error and information messages are presented in the next figure.

  • Page 425: Table 37-3 Menu 24.3.2 System Maintenance : Syslog And Accounting

    Prestige 652H/HW Series User’s Guide You need to configure the UNIX syslog parameters described in the following table to activate syslog then choose what you want to log. Table 37-3 Menu 24.3.2 System Maintenance : Syslog and Accounting PARAMETER DESCRIPTION UNIX Syslog: Active Use [SPACE BAR] and then [ENTER] to turn syslog on or off.

  • Page 426: Diagnostic

    Prestige 652H/HW Series User’s Guide Src: Source Address Dst: Destination Address prot: Protocol (“TCP”, ”UDP”, ”ICMP”) spo: Source port dpo: Destination port Jul 19 14:43:55 192.168.102.2 ZYXEL: IP [Src=202.132.154.123 Dst=255.255.255.255 UDP spo=0208 dpo=0208]} S03>R01mF Jul 19 14:44:00 192.168.102.2 ZYXEL: IP [Src=192.168.102.20 Dst=202.132.154.1 UDP spo=05d4 dpo=0035]} S03>R01mF Jul 19 14:44:04 192.168.102.2 ZYXEL: IP [Src=192.168.102.20 Dst=202.132.154.1 UDP spo=05d4 dpo=0035]} S03>R01mF...
  • Page 427 Prestige 652H/HW Series User’s Guide Table 37-4 Menu 24.4 System Maintenance Menu : Diagnostic FIELD DESCRIPTION Ping Host Ping the host to see if the links and TCP/IP protocol on both systems are working. Reboot System Reboot the Prestige. Command Mode Type the mode to test and diagnose your Prestige using specified commands.

  • Page 429: Chapter 38 Firmware And Configuration File Maintenance

    Prestige 652H/HW Series User’s Guide Chapter 38 Firmware and Configuration File Maintenance This chapter tells you how to backup and restore your configuration file as well as upload new firmware and configuration files. 38.1 Filename Conventions The configuration file (often called the romfile or rom-0) contains the factory default settings in the menus such as password, DHCP Setup, TCP/IP Setup, etc.

  • Page 430: Backup Configuration

    Prestige 652H/HW Series User’s Guide Table 38-1 Filename Conventions FILE TYPE INTERNAL NAME EXTERNAL NAME DESCRIPTION Configuration Rom-0 This is the configuration filename on the Prestige. *.rom File Uploading the rom-0 file replaces the entire ROM file system, including your Prestige configurations, system-related data (including the default password), the error log and the trace log.

  • Page 431: Figure 38-1 Telnet In Menu 24.5

    Prestige 652H/HW Series User’s Guide 38.2.1 Backup Configuration Follow the instructions as shown in the next screen. Menu 24.5 - System Maintenance - Backup Configuration To transfer the configuration file to your workstation, follow the procedure below: 1. Launch the FTP client on your workstation. 2.

  • Page 432: Figure 38-2 Ftp Session Example

    Prestige 652H/HW Series User’s Guide 331 Enter PASS command Password: 230 Logged in ftp> bin 200 Type I OK ftp> get rom-0 zyxel.rom 200 Port command okay 150 Opening data connection for STOR ras 226 File received OK ftp: 16384 bytes sent in 1.10Seconds 297.89Kbytes/sec. ftp>...

  • Page 433: Backup Configuration Using Tftp

    Prestige 652H/HW Series User’s Guide 3. The IP address in the Secured Client IP field in menu 24.11 does not match the client IP. If it does not match, the Prestige will disconnect the Telnet session immediately. 4. You have an SMT console session running. 38.2.6 Backup Configuration Using TFTP The Prestige supports the up/downloading of the firmware and the configuration file using TFTP (Trivial File Transfer Protocol) over LAN.

  • Page 434: Figure 38-3 Menu 24.5 System Maintenance : Backup Configuration

    Prestige 652H/HW Series User’s Guide 38.2.8 GUI-based TFTP Clients The following table describes some of the fields that you may see in GUI-based TFTP clients. Table 38-3 General Commands for GUI-based TFTP Clients COMMAND DESCRIPTION Host Enter the IP address of the Prestige. 192.168.1.1 is the Prestige’s default IP address when shipped.

  • Page 435: Restore Configuration

    Prestige 652H/HW Series User’s Guide Step 3. Run the HyperTerminal program by clicking Transfer, then Receive File as shown in the following screen. Type a location for storing the configuration file or click Browse to look for one. Choose the Xmodem protocol. Then click Receive.

  • Page 436: Figure 38-7 Telnet Into Menu 24.6

    Prestige 652H/HW Series User’s Guide WARNING! DO NOT INTERRUPT THE FILE TRANSFER PROCESS AS THIS MAY PERMANENTLY DAMAGE YOUR PRESTIGE. 38.3.1 Restore Using FTP For details about backup using (T)FTP please refer to earlier sections on FTP and TFTP file upload in this chapter.

  • Page 437: Figure 38-8 Restore Using Ftp Session Example

    Prestige 652H/HW Series User’s Guide 38.3.2 Restore Using FTP Session Example ftp> put config.rom rom-0 200 Port command okay 150 Opening data connection for STOR rom-0 226 File received OK 221 Goodbye for writing flash ftp: 16384 bytes sent in 0.06Seconds 273.07Kbytes/sec. ftp>quit Figure 38-8 Restore Using FTP Session Example Refer to section 38.2.5 to read about configurations that disallow TFTP and FTP over WAN.

  • Page 438: Uploading Firmware And Configuration Files

    Prestige 652H/HW Series User’s Guide Type the configuration file’s location, or click Browse to search for it. Choose the Xmodem protocol. Then click Send. Figure 38-11 Restore Configuration Example Step 4. After a successful restoration you will see the following screen. Press any key to restart the Prestige and return to the SMT menu.

  • Page 439: Figure 38-13 Telnet Into Menu 24.7.1 Upload System Firmware

    Prestige 652H/HW Series User’s Guide Menu 24.7.1 - System Maintenance - Upload System Firmware To upload the system firmware, follow the procedure below: 1. Launch the FTP client on your workstation. 2. Type "open" and the IP address of your system. Then type "root" and SMT password as requested.

  • Page 440: Figure 38-15 Ftp Session Example Of Firmware File Upload

    Prestige 652H/HW Series User’s Guide 38.4.3 FTP File Upload Command from the DOS Prompt Example Step 1. Launch the FTP client on your computer. Step 2. Enter “open”, followed by a space and the IP address of your Prestige. Step 3. Press [ENTER] when prompted for a username.

  • Page 441: Tftp Upload Command Example

    Prestige 652H/HW Series User’s Guide To use TFTP, your computer must have both telnet and TFTP clients. To transfer the firmware and the configuration file, follow the procedure shown next. Step 1. Use telnet from your computer to connect to the Prestige and log in. Because TFTP does not have any security checks, the Prestige records the IP address of the telnet client and accepts TFTP requests only from this address.

  • Page 442: Figure 38-16 Menu 24.7.1 As Seen Using The Console Port

    Prestige 652H/HW Series User’s Guide 38.4.8 Uploading Firmware File Via Console Port Step 1. Select 1 from Menu 24.7 – System Maintenance – Upload Firmware to display Menu 24.7.1 – System Maintenance – Upload System Firmware, then follow the instructions as shown in the following screen.

  • Page 443: Figure 38-18 Menu 24.7.2 As Seen Using The Console Port

    Prestige 652H/HW Series User’s Guide 38.4.10 Uploading Configuration File Via Console Port Step 1. Select 2 from Menu 24.7 – System Maintenance – Upload Firmware to display Menu 24.7.2 – System Maintenance – Upload System Configuration File. Follow the instructions as shown in the next screen.

  • Page 444: Figure 38-19 Example Xmodem Upload

    Prestige 652H/HW Series User’s Guide Type the configuration file’s location, or click Browse to search for it. Choose the Xmodem protocol. Then click Send. Figure 38-19 Example Xmodem Upload After the configuration upload process has completed, restart the Prestige by entering “atgo”. 38-16 Firmware and Configuration File Maintenance...

  • Page 445: Chapter 39 System Maintenance

    Prestige 652H/HW Series User’s Guide Chapter 39 System Maintenance This chapter leads you through SMT menus 24.8 to 24.10. 39.1 Command Interpreter Mode The Command Interpreter (CI) is a part of the main system firmware. The CI provides much of the same functionality as the SMT, while adding some low-level setup and diagnostic functions.

  • Page 446: Call Control Support

    Prestige 652H/HW Series User’s Guide Copyright (c) 1994 - 2003 ZyXEL Communications Corp. P652HW> ? Valid commands are: exit device ether config wlan ipsec bridge hdap radius 8021x P652HW> Figure 39-2 Valid Commands 39.2 Call Control Support Call Control Support is only applicable when Encapsulation is set to PPPoE in menu 4 or menu 11.1.

  • Page 447: Figure 39-4 Menu 24.9.1 System Maintenance : Budget Management

    Prestige 652H/HW Series User’s Guide Menu 24.9.1 - System Maintenance - Budget Management Remote Node Connection Time/Total Budget Elapsed Time/Total Period 1. MyISP No Budget No Budget 2.-------- 3.-------- 4.-------- 5.-------- 6.-------- 7.-------- 8.-------- Reset Node (0 to update screen): Figure 39-4 Menu 24.9.1 System Maintenance : Budget Management The total budget is the time limit on the accumulated time for outgoing calls to a remote node.

  • Page 448: Time And Date Setting

    Prestige 652H/HW Series User’s Guide 39.3 Time and Date Setting The Prestige keeps track of the time and date. There is also a software mechanism to set the time manually or get the current time and date from an external server when you turn on your Prestige. Menu 24.10 allows you to update the time and date settings of your Prestige.

  • Page 449: Table 39-2 Menu 24.10 System Maintenance: Time And Date Setting

    Prestige 652H/HW Series User’s Guide Table 39-2 Menu 24.10 System Maintenance: Time and Date Setting FIELD DESCRIPTION Use Time Server Enter the time service protocol that your time server sends when you turn on the when Bootup Prestige. Not all time servers support all protocols, so you may have to check with your ISP/network administrator or use trial and error to find a protocol that works.

  • Page 451: Chapter 40 Remote Management

    Prestige 652H/HW Series User’s Guide Chapter 40 Remote Management This chapter covers remote management (SMT menu 24.11). 40.1 Remote Management Overview Remote management allows you to determine which services/protocols can access which Prestige interface (if any) from which computers. When you configure remote management to allow management from the WAN, you still need to configure a firewall rule to allow access.

  • Page 452: Figure 40-1 Menu 24.11 Remote Management Control

    Prestige 652H/HW Series User’s Guide Enter 11, from menu 24, to display Menu 24.11 — Remote Management Control (shown next). Menu 24.11 - Remote Management Control TELNET Server: Server Port = 23 Server Access = LAN only Secured Client IP = 0.0.0.0 FTP Server: Server Port = 21 Server Access = LAN only...

  • Page 453: Remote Management And Nat

    Prestige 652H/HW Series User’s Guide 40.2.2 Remote Management Limitations Remote management over LAN or WAN will not work when: 1. A filter in menu 3.1 (LAN) or in menu 11.5 (WAN) is applied to block a Telnet, FTP or Web service.

  • Page 455: Chapter 41 Ip Policy Routing

    Prestige 652H/HW Series User’s Guide Chapter 41 IP Policy Routing This chapter covers setting and applying policies used for IP routing. 41.1 IP Policy Routing Overview Traditionally, routing is based on the destination address only and the IAD takes the shortest path to forward a packet.

  • Page 456: Ip Routing Policy Setup

    Prestige 652H/HW Series User’s Guide IPPR follows the existing packet filtering facility of RAS in style and in implementation. The policies are divided into sets, where related policies are grouped together. A user defines the policies before applying them to an interface or a remote node, in the same fashion as the filters. There are 12 policy sets with six policies in each set.

  • Page 457: Figure 41-2 Menu 25.1 Ip Routing Policy Setup

    Prestige 652H/HW Series User’s Guide Menu 25.1 - IP Routing Policy Setup Criteria/Action - - -------------------------------------------------------------------------- 1 Y SA=1.1.1.1-1.1.1.1,DA=2.2.2.2-2.2.2.5 SP=20-25,DP=20-25,P=6,T=NM,PR=0 |GW=192.168.1.1,T=MT,PR=0 2 N __________________________________________________________________________ __________________________________________________________________________ 3 N __________________________________________________________________________ __________________________________________________________________________ 4 N __________________________________________________________________________ __________________________________________________________________________ 5 N __________________________________________________________________________ __________________________________________________________________________ 6 N __________________________________________________________________________ __________________________________________________________________________ Enter Policy Rule Number (1-6) to Configure: Figure 41-2 Menu 25.1 IP Routing Policy Setup...

  • Page 458: Figure 41-3 Menu 25.1.1 Ip Routing Policy

    Prestige 652H/HW Series User’s Guide Table 41-1 Menu 25.1 IP Routing Policy Setup ABBREVIATION MEANING Minimum Cost Type a number from 1 to 6 to display Menu 25.1.1 – IP Routing Policy (see the next figure). This menu allows you to configure a policy rule. Menu 25.1.1 - IP Routing Policy Policy Set Name= test Active= Yes...

  • Page 459: Applying An Ip Policy

    Prestige 652H/HW Series User’s Guide Table 41-2 Menu 25.1.1 IP Routing Policy FIELD DESCRIPTION Precedence Precedence value of the incoming packet. Press [SPACE BAR] and then [ENTER] to select a value from 0 to 7 or Don’t Care. Packet Length Type the length of incoming packets (in bytes).

  • Page 460: Figure 41-4 Menu 3.2 Tcp/Ip And Dhcp Ethernet Setup

    Prestige 652H/HW Series User’s Guide You can choose up to four IP policy sets (from 12) by typing their numbers separated by commas, for example, 2, 4, 7, 9. Menu 3.2 - TCP/IP and DHCP Ethernet Setup DHCP Setup: DHCP= None Client IP Pool Starting Address= N/A Size of Client IP Pool= N/A Primary DNS Server= N/A...

  • Page 461: Ip Policy Routing Example

    Prestige 652H/HW Series User’s Guide 41.6 IP Policy Routing Example If a network has both Internet and remote node connections, you can route Web packets to the Internet using one policy and route FTP packets to a remote network using another policy. See the next figure. Route 1 represents the default IP route and route 2 represents the configured IP route.

  • Page 462: Figure 41-7 Ip Routing Policy Example

    Prestige 652H/HW Series User’s Guide Menu 25.1.1 - IP Routing Policy Policy Set Name= set1 Active= Yes Criteria: IP Protocol Type of Service= Don't Care Packet length= 10 Precedence = Don't Care Len Comp= N/A Source: addr start= 192.168.1.33 end= 192.168.1.64 port start= 0 end= N/A Destination:...

  • Page 463: Figure 41-8 Ip Routing Policy Example

    Prestige 652H/HW Series User’s Guide Menu 25.1.1 - IP Routing Policy Policy Set Name= set2 Active= Yes Criteria: IP Protocol Type of Service= Don't Care Packet length= 10 Precedence = Don't Care Len Comp= N/A Source: addr start= 0.0.0.0 end= N/A port start= 0 end= N/A Destination:...

  • Page 465: Chapter 42 Call Scheduling

    Prestige 652H/HW Series User’s Guide Chapter 42 Call Scheduling Call scheduling (applicable for PPPoA or PPPoE encapsulation only) allows you to dictate when a remote node should be called and for how long. 42.1 Introduction The call scheduling feature allows the Prestige to manage a remote node and dictate when a remote node should be called and for how long.

  • Page 466: Figure 42-2 Menu 26.1 Schedule Set Setup

    Prestige 652H/HW Series User’s Guide To delete a schedule set, enter the set number and press [SPACE BAR] and then [ENTER] (or delete) in the Edit Name field. To setup a schedule set, select the schedule set you want to setup from menu 26 (1-12) and press [ENTER] to see Menu 26.1 —...
  • Page 467 Prestige 652H/HW Series User’s Guide Table 42-1 Menu 26.1 Schedule Set Setup FIELD DESCRIPTION EXAMPLE Once: If you selected Once in the How Often field above, then enter the date 2000-01-01 Date the set should activate here in year-month-date format. Weekday: If you selected Weekly in the How Often field above, then select the day(s) when the set should activate (and recur) by going to that day(s)

  • Page 468: Figure 42-3 Applying Schedule Set(S) To A Remote Node (Pppoe)

    Prestige 652H/HW Series User’s Guide Menu 11.1 - Remote Node Profile Rem Node Name= MyISP Route= IP Active= Yes Bridge= No Encapsulation= PPPoE Edit IP/Bridge= No Multiplexing= LLC-based Edit ATM Options= No Service Name= Edit Advance Options= No Incoming: Telco Option: Rem Login= Allocated Budget(min)= 0 Apply your schedule...

  • Page 469: Smt Vpn/Ipsec And Internal Sptgen

    SMT VPN/IPSec and Internal SPTGEN Part XI: SMT VPN/IPSec and Internal SPTGEN This part provides information about configuring VPN/IPSec for secure communications and Internal SPTGEN for configuration of multiple Prestiges. See the web configurator parts of this guide for background information on features configurable by web configurator and SMT.

  • Page 471: Chapter 43 Vpn/Ipsec Setup

    Prestige 652H/HW Series User’s Guide Chapter 43 VPN/IPSec Setup This chapter introduces the VPN SMT menus. 43.1 VPN/IPSec Overview The VPN/IPSec main SMT menu has these main submenus: 1. Define VPN policies in menu 27.1 submenus, including security policies, endpoint IP addresses, peer IPSec router IP address and key management.

  • Page 472: Ipsec Summary Screen

    Prestige 652H/HW Series User’s Guide Menu 27 - VPN/IPSec Setup 1. IPSec Summary 2. SA Monitor Enter Menu Selection Number: Figure 43-2 Menu 27 VPN/IPSec Setup 43.2 IPSec Summary Screen Type 1 in menu 27 and then press [ENTER] to display Menu 27.1 IPSec Summary. This is a summary read-only menu of your IPSec rules (tunnels).
  • Page 473 Prestige 652H/HW Series User’s Guide Table 43-1 Menu 27.1 IPSec Summary FIELD DESCRIPTION EXAMPLE Name This field displays the unique identification name for this VPN rule. The Taiwan name may be up to 32 characters long but only 10 characters will be displayed here.
  • Page 474 Prestige 652H/HW Series User’s Guide Table 43-1 Menu 27.1 IPSec Summary FIELD DESCRIPTION EXAMPLE Key Mgt This field displays the SA’s type of key management, (IKE or Manual). Remote When the Addr Type field in Menu 27.1.1 IPSec Setup is configured to 172.16.2.40 Addr Start Single, this is a static IP address on the network behind the remote IPSec...

  • Page 475: Ipsec Setup

    Prestige 652H/HW Series User’s Guide Table 43-1 Menu 27.1 IPSec Summary FIELD DESCRIPTION EXAMPLE Select Press [SPACE BAR] to choose from None, Edit, Delete, Go To Rule, None Command Next Page or Previous Page and then press [ENTER]. You must select a rule in the next field when you choose the Edit, Delete or Go To commands.

  • Page 476: Figure 43-4 Menu 27.1.1 Ipsec Setup

    Prestige 652H/HW Series User’s Guide Menu 27.1.1 – IPSec Setup Index= 1 Name= Taiwan Active= Yes Keep Alive= No Nat Traversal= No Local ID type= IP Content: My IP Addr= 0.0.0.0 Peer ID type= IP Content: Secure Gateway Address= zw50test.zyxel.com.tw Protocol= 0 DNS Server= 0.0.0.0 Local:...
  • Page 477 Prestige 652H/HW Series User’s Guide Table 43-2 Menu 27.1.1 IPSec Setup FIELD DESCRIPTION EXAMPLE Nat Traversal Press [SPACE BAR] to choose either Yes or No. Choose Yes and press [ENTER] to enable NAT traversal. NAT traversal allows you to set up a VPN connection when there are NAT routers between the two IPSec routers.
  • Page 478 Prestige 652H/HW Series User’s Guide Table 43-2 Menu 27.1.1 IPSec Setup FIELD DESCRIPTION EXAMPLE Content When you select IP in the Peer ID Type field, type the IP address of the computer with which you will make the VPN connection or leave the field blank to have the Prestige automatically use the address in the Secure Gateway Address field.
  • Page 479 Prestige 652H/HW Series User’s Guide Table 43-2 Menu 27.1.1 IPSec Setup FIELD DESCRIPTION EXAMPLE IP Addr Start When the Addr Type field is configured to Single, enter a static IP 192.168.1.35 address on the LAN behind your Prestige. When the Addr Type field is configured to Range, enter the beginning (static) IP address, in a range of computers on your LAN behind your Prestige.
  • Page 480 Prestige 652H/HW Series User’s Guide Table 43-2 Menu 27.1.1 IPSec Setup FIELD DESCRIPTION EXAMPLE IP Addr Start When the Addr Type field is configured to Single, enter a static IP 4.4.4.4 address on the network behind the remote IPSec router. When the Addr Type field is configured to Range, enter the beginning (static) IP address, in a range of computers on the network behind the remote IPSec router.

  • Page 481: Ike Setup

    Prestige 652H/HW Series User’s Guide Table 43-2 Menu 27.1.1 IPSec Setup FIELD DESCRIPTION EXAMPLE Press [SPACE BAR] to choose either IKE or Manual and then press Management [ENTER]. Manual is useful for troubleshooting if you have problems using IKE key management. Press [SPACE BAR] to change the default No to Yes and then press Edit Key Management...

  • Page 482: Table 43-3 Menu 27.1.1.1 Ike Setup

    Prestige 652H/HW Series User’s Guide Table 43-3 Menu 27.1.1.1 IKE Setup FIELD DESCRIPTION EXAMPLE Phase 1 Negotiation Press [SPACE BAR] to choose from Main or Aggressive and then press Main Mode [ENTER]. See earlier for a discussion of these modes. Multiple SAs connecting through a secure gateway must have the same negotiation mode.

  • Page 483: Manual Setup

    Prestige 652H/HW Series User’s Guide Table 43-3 Menu 27.1.1.1 IKE Setup FIELD DESCRIPTION EXAMPLE Phase 2 Active Protocol Press [SPACE BAR] to choose from ESP or AH and then press [ENTER]. See earlier for a discussion of these protocols. Encryption Press [SPACE BAR] to choose from NULL, DES, 3DES or AES and then Algorithm press [ENTER].

  • Page 484: Figure 43-6 Menu 27.1.1.2 Manual Setup

    Prestige 652H/HW Series User’s Guide 43.5.2 Security Parameter Index (SPI) To edit this menu, move the cursor to the Edit Manual Setup field in Menu 27.1.1 – IPSec Setup press [SPACE BAR] to select Yes and then press [ENTER] to go to Menu 27.1.1.2 – Manual Setup. Menu 27.1.1.2 –...
  • Page 485 Prestige 652H/HW Series User’s Guide Table 43-5 Menu 27.1.1.2 Manual Setup FIELD DESCRIPTION EXAMPLE Key2 Enter a unique eight-character key. It can be comprised of any character including spaces (but trailing spaces are truncated). Key3 Enter a unique eight-character key. It can be comprised of any character including spaces (but trailing spaces are truncated).

  • Page 487: Chapter 44 Sa Monitor

    Prestige 652H/HW Series User’s Guide Chapter 44 SA Monitor This chapter teaches you how to manage your SAs by using the SA Monitor in SMT menu 27.2. 44.1 SA Monitor Overview A Security Association (SA) is the group of security settings related to a specific VPN tunnel. This menu (shown next) displays active VPN connections.

  • Page 488: Table 44-1 Menu 27.2 Sa Monitor

    Prestige 652H/HW Series User’s Guide Table 44-1 Menu 27.2 SA Monitor FIELD DESCRIPTION EXAMPLE This is the security association index number. Name This field displays the identification name for this VPN policy. This name is Taiwan unique for each connection where the secure gateway IP address is a public static IP address.

  • Page 489: Chapter 45 Internal Sptgen

    Prestige 652H/HW Series User’s Guide Chapter 45 Internal SPTGEN 45.1 Internal SPTGEN Overview Internal SPTGEN (System Parameter Table Generator) is a configuration text file useful for efficient configuration of multiple Prestiges. Internal SPTGEN lets you configure, save and upload multiple menus at the same time using just one configuration text file –...

  • Page 490: Figure 45-1 Configuration Text File Format: Column Descriptions

    Prestige 652H/HW Series User’s Guide This is the name of This is the Field Name column. One “=” sign, followed by one the menu. This is the name of the field as seen in space, must precede the corresponding SMT screen. everything you input.

  • Page 491: Internal Sptgen Ftp Download Example

    Prestige 652H/HW Series User’s Guide field value is not legal error:-1 ROM-t is not saved, error Line ID:10000000 reboot to get the original configuration Bootbase Version: V2.02 | 2/22/2001 13:33:11 RAM: Size = 8192 Kbytes FLASH: Intel 8M *2 Figure 45-2 Invalid Parameter Entered: Command Line Example The Prestige will display the following if you enter parameter(s) that are valid.

  • Page 492: Internal Sptgen Ftp Upload Example

    Prestige 652H/HW Series User’s Guide 45.4 Internal SPTGEN FTP Upload Example c:\ftp 192.168.1.1 220 PPP FTP version 1.0 ready at Sat Jan 1 03:22:12 1. Launch your FTP application. 2000 User (192.168.1.1:(none)): 331 Enter PASS command 2. Enter "bin". The command “bin” sets Password: the transfer mode to binary.

  • Page 493: Appendices And Index

    Part XII: Appendices and Index This part contains additional background information and an index or key terms.

  • Page 495: Appendix A Troubleshooting

    Prestige 652H/HW Series User’s Guide Appendix A Troubleshooting This chapter covers potential problems and the corresponding remedies. Problems Starting Up the Prestige Chart A-1 Troubleshooting the Start-Up of Your Prestige PROBLEM CORRECTIVE ACTION None of the Make sure that the Prestige’s power adaptor is connected to the Prestige and plugged in to LEDs turn on an appropriate power source.

  • Page 496: Chart A-3 Troubleshooting The Dsl Led

    Prestige 652H/HW Series User’s Guide Problems with the DSL LED Chart A-3 Troubleshooting the DSL LED PROBLEM CORRECTIVE ACTION The xDSL LED is off. Check the telephone wire and connections between the Prestige DSL port and the wall jack. Make sure that the telephone company has checked your phone line and set it up for DSL service.

  • Page 497: Chart A-5 Troubleshooting The Wan Interface

    Prestige 652H/HW Series User’s Guide Problems with the WAN Interface Chart A-5 Troubleshooting the WAN Interface PROBLEM CORRECTIVE ACTION I cannot get a WAN The ISP provides the WAN IP address after authenticating you. Authentication may IP address from the be through the user name and password, the MAC address or the host name.

  • Page 498: Chart A-7 Troubleshooting The Password

    Prestige 652H/HW Series User’s Guide Problems with the Password Chart A-7 Troubleshooting the Password PROBLEM CORRECTIVE ACTION I cannot access the The username is “admin”. The default password is “1234”. The Password and Prestige. Username fields are case-sensitive. Make sure that you enter the correct password and username using the proper casing.

  • Page 499: Chart A-9 Troubleshooting Remote Management

    Prestige 652H/HW Series User’s Guide Problems with Remote Management Chart A-9 Troubleshooting Remote Management PROBLEM CORRECTIVE ACTION I cannot remotely Refer to the Remote Management Limitations section in the Firmware and manage the Configuration File Management chapter (SMT) for scenarios when remote Prestige from the management may not be possible.

  • Page 501: Chart B-1 Classes Of Ip Addresses

    Prestige 652H/HW Series User’s Guide Appendix B IP Subnetting IP Addressing Routers “route” based on the network number. The router that delivers the data packet to the correct destination host uses the host ID. IP Classes An IP address is made up of four octets (eight bits), written in dotted decimal notation, for example, 192.168.1.1.

  • Page 502: Appendix B Ip Subnetting

    Prestige 652H/HW Series User’s Guide A class “A” address (24 host bits) can have 2 –2 hosts (approximately 16 million hosts). Since the first octet of a class “A” IP address must contain a “0”, the first octet of a class “A” address can have a value of 0 to 127.

  • Page 503: Chart B-4 Alternative Subnet Mask Notation

    Prestige 652H/HW Series User’s Guide of ones beginning from the left most bit of the mask, followed by a continuous sequence of zeros, for a total number of 32 bits. Since the mask is always a continuous number of ones beginning from the left, followed by a continuous number of zeros for the remainder of the 32 bit mask, you can simply specify the number of ones instead of writing the value of each octet.

  • Page 504: Chart B-5 Subnet 1

    Prestige 652H/HW Series User’s Guide Divide the network 192.168.1.0 into two separate subnets by converting one of the host ID bits of the IP address to a network number bit. The “borrowed” host ID bit can be either “0” or “1” thus giving two subnets;...

  • Page 505: Chart B-7 Subnet 1

    Prestige 652H/HW Series User’s Guide actual host for the first subnet is 192.168.1.1 and the highest is 192.168.1.126. Similarly the host ID range for the second subnet is 192.168.1.129 to 192.168.1.254. Example: Four Subnets The above example illustrated using a 25-bit subnet mask to divide a class “C” address space into two subnets.

  • Page 506: Chart B-10 Subnet 4

    Prestige 652H/HW Series User’s Guide Chart B-10 Subnet 4 NETWORK NUMBER LAST OCTET BIT VALUE IP Address 192.168.1. IP Address (Binary) 11000000.10101000.00000001. 11000000 Subnet Mask (Binary) 11111111.11111111.11111111. 11000000 Subnet Address: 192.168.1.192 Lowest Host ID: 192.168.1.193 Broadcast Address: 192.168.1.255 Highest Host ID: 192.168.1.254 Example Eight Subnets Similarly use a 27-bit mask to create 8 subnets (001, 010, 011, 100, 101, 110).

  • Page 507: Chart B-12 Class C Subnet Planning

    Prestige 652H/HW Series User’s Guide Chart B-12 Class C Subnet Planning NO. “BORROWED” HOST BITS SUBNET MASK NO. SUBNETS NO. HOSTS PER SUBNET 255.255.255.128 (/25) 255.255.255.192 (/26) 255.255.255.224 (/27) 255.255.255.240 (/28) 255.255.255.248 (/29) 255.255.255.252 (/30) 255.255.255.254 (/31) Subnetting With Class A and Class B Networks. For class “A”...
  • Page 508 Prestige 652H/HW Series User’s Guide Chart B-13 Class B Subnet Planning NO. “BORROWED” HOST BITS SUBNET MASK NO. SUBNETS NO. HOSTS PER SUBNET (/25) 255.255.255.192 1024 (/26) 255.255.255.224 2048 (/27) 255.255.255.240 4096 (/28) 255.255.255.248 8192 (/29) 255.255.255.252 16384 (/30) 255.255.255.254 32768 (/31) IP Subnetting...
  • Page 509 Prestige 652H/HW Series User’s Guide Appendix C Wireless LAN and IEEE 802.11 A wireless LAN (WLAN) provides a flexible data communications system that you can use to access various services (navigating the Internet, email, printer services, etc.) without the any expensive network-cabling infrastructure.

  • Page 510: Infrastructure Wireless Lan Configuration

    Prestige 652H/HW Series User’s Guide Ad-hoc Wireless LAN Configuration The simplest WLAN configuration is an independent (Ad-hoc) WLAN that connects a set of computers with wireless nodes or stations (STA), which is called a Basic Service Set (BSS). In the most basic form, a wireless LAN connects a set of computers with wireless adapters.
  • Page 511 Prestige 652H/HW Series User’s Guide Diagram C-2 ESS Provides Campus-Wide Coverage Wireless LAN and IEEE 802.11...

  • Page 513: Appendix Dpppoe

    Prestige 652H/HW Series User’s Guide Appendix D PPPoE PPPoE in Action An ADSL modem bridges a PPP session over Ethernet (PPP over Ethernet, RFC 2516) from your PC to an ATM PVC (Permanent Virtual Circuit) that connects to a xDSL Access Concentrator where the PPP session terminates (see the next figure).
  • Page 514 Prestige 652H/HW Series User’s Guide How PPPoE Works The PPPoE driver makes the Ethernet appear as a serial link to the PC and the PC runs PPP over it, while the modem bridges the Ethernet frames to the Access Concentrator (AC). Between the AC and an ISP, the AC is acting as a L2TP (Layer 2 Tunneling Protocol) LAC (L2TP Access Concentrator) and tunnels the PPP frames to the ISP.

  • Page 515: Appendix E Virtual Circuit Topology

    Prestige 652H/HW Series User’s Guide Appendix E Virtual Circuit Topology ATM is a connection-oriented technology, meaning that it sets up virtual circuits over which end systems communicate. The terminology for virtual circuits is as follows: • Virtual Channel Logical connections between ATM switches •...

  • Page 517: Appendix F Triangle Route

    Prestige 652H/HW Series User’s Guide Appendix F Triangle Route The Ideal Setup When the firewall is on, your Prestige acts as a secure gateway between your LAN and the Internet. In an ideal network topology, all incoming and outgoing network traffic passes through the Prestige to protect your LAN against attacks.
  • Page 518 Prestige 652H/HW Series User’s Guide Diagram F-2 “Triangle Route” Problem The “Triangle Route” Solutions This section presents you two solutions to the “triangle route” problem. IP Aliasing IP alias allows you to partition your network into logical sections over the same Ethernet interface. Your Prestige supports up to three logical LAN interfaces with the Prestige being the gateway for each logical network.
  • Page 519 Prestige 652H/HW Series User’s Guide Diagram F-3 IP Alias Gateways on the WAN Side A second solution to the “triangle route” problem is to put all of your network gateways on the WAN side as the following figure shows. This ensures that all incoming network traffic passes through your Prestige to your LAN.

  • Page 521: Appendix G Power Adaptor Specifications

    Prestige 652H/HW Series User’s Guide Appendix G Power Adaptor Specifications Prestige 652R-11; Prestige 652R-13 NORTH AMERICAN PLUG STANDARDS AC Power Adapter Model DV-1215A Input Power AC120Volts/60Hz/30W Output Power AC12Volts/1.25A Power Consumption 11 W Safety Standards UL, CUL, CSA (UL 1310, CSA C22.2 No.223) NORTH AMERICAN PLUG STANDARDS AC Power Adapter Model AA-121A25...
  • Page 522 Prestige 652H/HW Series User’s Guide Prestige 652H-31/-33/-37; Prestige 652H/HW-31/-33/-37 NORTH AMERICAN PLUG STANDARDS AC Power Adapter Model DV-1215A Input Power AC120Volts/60Hz/30W Output Power AC12Volts/1.25A Power Consumption 14 W Safety Standards UL, CUL, CSA (UL 1310, CSA C22.2 No.223) NORTH AMERICAN PLUG STANDARDS AC Power Adapter Model AA-121A25 Input Power...

  • Page 523: Appendix H Example Internal Sptgen Screens

    Prestige 652H/HW Series User’s Guide Appendix H Example Internal SPTGEN Screens This appendix covers Prestige Internal SPTGEN screens. Abbreviations Used in the Example Internal SPTGEN Screens Table ABBREVIATION MEANING Field Identification Number (not seen in SMT screens) Field Name Parameter Values Allowed INPUT An example of what you may enter Applies to the P652H/HW.
  • Page 524 Prestige 652H/HW Series User’s Guide / MENU 3.1 GENERAL ETHERNET SETUP (SMT MENU 3.1) INPUT 30100001 = Input Protocol filters Set 1 30100002 = Input Protocol filters Set 2 = 256 30100003 = Input Protocol filters Set 3 = 256 The valid 30100004 = Input Protocol filters Set 4...
  • Page 525 Prestige 652H/HW Series User’s Guide 30200008 = IP Address = 172.21.2.200 30200009 = IP Subnet Mask = 16 This 30200010 = RIP Direction <0(None) | 1(Both) | value 2(In Only) | 3(Out must be Only)> between 0-32. 30200011 = Version <0(Rip-1) | 1(Rip-2B) |2(Rip-2M)>...
  • Page 526 Prestige 652H/HW Series User’s Guide 30201010 = IP Alias #1 Outgoing protocol filters = 256 Set 1 30201011 = IP Alias #1 Outgoing protocol filters = 256 Set 2 30201012 = IP Alias #1 Outgoing protocol filters = 256 Set 3 30201013 = IP Alias #1 Outgoing protocol filters = 256...
  • Page 527 Prestige 652H/HW Series User’s Guide 30500002 = Hide ESSID <0(No) | 1(Yes)> 30500003 = Channel ID <1|2|3|4|5|6|7|8|9|10| 11|12|13> 30500004 = RTS Threshold <0 ~ 2432> = 2432 30500005 = FRAG. Threshold <256 ~ 2432> = 2432 30500006 = <0(DISABLE) | 1(64- bit WEP) | 2(128-bit WEP)>...
  • Page 528 Prestige 652H/HW Series User’s Guide 40000005 = Multiplexing <1(LLC-based) | This 2(VC-based) value 40000006 = VPI # must be between 40000007 = VCI # = 35 0-32. 40000008 = Service Name <Str> = any This value 40000009 = My Login <Str>...
  • Page 529 Prestige 652H/HW Series User’s Guide 40000031= RIP Direction <0(None) | 1(Both) | 2(In Only) | 3(Out Only)> 40000032= RIP Version <0(Rip-1) | 1(Rip-2B) |2(Rip-2M)> 40000033= Nailed-up Connection <0(No) |1(Yes)> / MENU 12.1.1 IP STATIC ROUTE SETUP (SMT MENU 12.1.1) INPUT 120101001 = IP Static Route set #1, Name <Str>...
  • Page 530 Prestige 652H/HW Series User’s Guide 120103002 = IP Static Route set #3, Active <0(No) |1(Yes)> 120103003 = IP Static Route set #3, Destination IP = 0.0.0.0 address 120103004 = IP Static Route set #3, Destination IP subnetmask 120103005 = IP Static Route set #3, Gateway = 0.0.0.0 120103006 = IP Static Route set #3, Metric...
  • Page 531 Prestige 652H/HW Series User’s Guide / MENU 12.1.6 IP STATIC ROUTE SETUP (SMT MENU 12.1.6) INPUT 120106001 = IP Static Route set #6, Name <Str> 120106002 = IP Static Route set #6, Active <0(No) |1(Yes)> 120106003 = IP Static Route set #6, Destination IP = 0.0.0.0 address 120106004 =...
  • Page 532 Prestige 652H/HW Series User’s Guide 120108005 = IP Static Route set #8, Gateway = 0.0.0.0 120108006 = IP Static Route set #8, Metric 120108007 = IP Static Route set #8, Private <0(No) |1(Yes)> */ MENU 12.1.9 IP STATIC ROUTE SETUP (SMT MENU 12.1.9) INPUT 120109001 = IP Static Route set #9, Name...
  • Page 533 Prestige 652H/HW Series User’s Guide 120111003 = IP Static Route set #11, Destination = 0.0.0.0 IP address 120111004 = IP Static Route set #11, Destination IP subnetmask 120111005 = IP Static Route set #11, Gateway = 0.0.0.0 120111006 = IP Static Route set #11, Metric 120111007 = IP Static Route set #11, Private <0(No) |1(Yes)>...
  • Page 534 Prestige 652H/HW Series User’s Guide INPUT 120114001 = IP Static Route set #14, Name <Str> 120114002 = IP Static Route set #14, Active <0(No) |1(Yes)> 120114003 = IP Static Route set #14, Destination = 0.0.0.0 IP address 120114004 = IP Static Route set #14, Destination IP subnetmask 120114005 = IP Static Route set #14, Gateway...
  • Page 535 Prestige 652H/HW Series User’s Guide 120116006 = IP Static Route set #16, Metric 120116007 = IP Static Route set #16, Private <0(No) |1(Yes)> / MENU 15 SUA SERVER SETUP (SMT MENU 15) INPUT 150000001 = SUA Server IP address for default = 0.0.0.0 port 150000002 =...
  • Page 536 Prestige 652H/HW Series User’s Guide 150000021 = SUA Server #5 Local IP address = 0.0.0.0 150000022 = SUA Server #6 Active <0(No) | 1(Yes)> = 0 150000023 = SUA Server #6 Protocol <0(All)|6(TCP)|17(U DP)> 150000024 = SUA Server #6 Port Start 150000025 = SUA Server #6 Port End 150000026 =...
  • Page 537 Prestige 652H/HW Series User’s Guide 150000046 = SUA Server #10 Local IP address = 0.0.0.0 150000047 = SUA Server #11 Active <0(No) | 1(Yes)> 150000048 = SUA Server #11 Protocol <0(All)|6(TCP)|17(U DP)> 150000049 = SUA Server #11 Port Start 150000050 = SUA Server #11 Port End 150000051 = SUA Server #11 Local IP address...
  • Page 538 Prestige 652H/HW Series User’s Guide 210101009 = IP Filter Set 1,Rule 1 Src Subnet Mask 210101010 = IP Filter Set 1,Rule 1 Src Port 210101011 = IP Filter Set 1,Rule 1 Src Port Comp <0(none)|1(equal)|2( equal)|3(less)|4(great er)> 210101013 = IP Filter Set 1,Rule 1 Act Match <1(check next)|2(forward)|3(dr op)>...
  • Page 539 Prestige 652H/HW Series User’s Guide 210102013 = IP Filter Set 1,Rule 2 Act Match <1(check next)|2(forward)|3(dr op)> 210102014 = IP Filter Set 1,Rule 2 Act Not Match <1(check next)|2(forward)|3(dr op)> / MENU 21.1.1.3 SET #1, RULE #3 (SMT MENU 21.1.1.3) INPUT 210103001 = IP Filter Set 1,Rule 3 Type...
  • Page 540 Prestige 652H/HW Series User’s Guide INPUT 210104001 = IP Filter Set 1,Rule 4 Type <2(TCP/IP)> 210104002 = IP Filter Set 1,Rule 4 Active <0(No)|1(Yes)> 210104003 = IP Filter Set 1,Rule 4 Protocol = 17 210104004 = IP Filter Set 1,Rule 4 Dest IP address = 0.0.0.0 210104005 = IP Filter Set 1,Rule 4 Dest Subnet...
  • Page 541 Prestige 652H/HW Series User’s Guide 210105006 = IP Filter Set 1,Rule 5 Dest Port = 138 210105007 = IP Filter Set 1,Rule 5 Dest Port Comp <0(none)|1(equal)|2( equal)|3(less)|4(great er)> 210105008 = IP Filter Set 1,Rule 5 Src IP Address = 0.0.0.0 210105009 = IP Filter Set 1,Rule 5 Src Subnet Mask...
  • Page 542 Prestige 652H/HW Series User’s Guide 210106010 = IP Filter Set 1,Rule 6 Src Port 210106011 = IP Filter Set 1,Rule 6 Src Port Comp <0(none)|1(equal)|2( equal)|3(less)|4(great er)> 210106013 = IP Filter Set 1,Rule 6 Act Match <1(check next)|2(forward)|3(dr op)> 210106014 = IP Filter Set 1,Rule 6 Act Not Match <1(check next)|2(forward)|3(dr...
  • Page 543 Prestige 652H/HW Series User’s Guide 210201011 = IP Filter Set 2, Rule 1 Src Port Comp <0(none)|1(equal)|2( equal)|3(less)|4(great er)> 210201013 = IP Filter Set 2, Rule 1 Act Match <1(check next)|2(forward)|3(dr op)> 210201014 = IP Filter Set 2, Rule 1 Act Not Match <1(check next)|2(forward)|3(dr op)>...
  • Page 544 Prestige 652H/HW Series User’s Guide 210202014 = IP Filter Set 2, Rule 2 Act Not Match <1(check next)|2(forward)|3(dr op)> / MENU 21.1.2.3 FILTER SET #2, RULE #3 (SMT MENU 21.1.2.3) INPUT 210203001 = IP Filter Set 2, Rule 3 Type <0(none)|2(TCP/IP)>...
  • Page 545 Prestige 652H/HW Series User’s Guide 210204002 = IP Filter Set 2, Rule 4 Active <0(No)|1(Yes)> = 1 210204003 = IP Filter Set 2, Rule 4 Protocol = 17 210204004 = IP Filter Set 2, Rule 4 Dest IP = 0.0.0.0 address 210204005 = IP Filter Set 2, Rule 4 Dest Subnet...
  • Page 546 Prestige 652H/HW Series User’s Guide 210205006 = IP Filter Set 2, Rule 5 Dest Port = 138 210205007 = IP Filter Set 2, Rule 5 Dest Port <0(none)|1(equal)|2( Comp equal)|3(less)|4(great er)> 210205008 = IP Filter Set 2, Rule 5 Src IP address = 0.0.0.0 210205009 = IP Filter Set 2, Rule 5 Src Subnet...
  • Page 547 Prestige 652H/HW Series User’s Guide 210206009 = IP Filter Set 2, Rule 6 Src Subnet Mask 210206010 = IP Filter Set 2, Rule 6 Src Port 210206011 = IP Filter Set 2, Rule 6 Src Port Comp <0(none)|1(equal)|2( equal)|3(less)|4(great er)> 210206013 = IP Filter Set 2,Rule 6 Act Match <1(check...

  • Page 548: Command Examples

    Prestige 652H/HW Series User’s Guide 230400003 = Idle Timeout (in second) = 999 230400004 = Authentication Databases <0(Local User Database Only) |1(RADIUS Only) |2(Local,RADIUS) |3(RADIUS,Local)> / MENU 24.11 REMOTE MANAGEMENT CONTROL (SMT MENU 24.11) INPUT These 241100001 = TELNET Server Port = 23 values must be...

  • Page 549: Appendix I Setting Up Your Computer's Ip Address

    Prestige 652H/HW Series User’s Guide Appendix I Setting up Your Computer’s IP Address All computers must have a 10M or 100M Ethernet adapter card and TCP/IP installed. Windows 95/98/Me/NT/2000/XP, Macintosh OS 7 and later operating systems and all versions of UNIX/LINUX include the software components you need to install and use TCP/IP on your computer.

  • Page 550: Installing Components

    Prestige 652H/HW Series User’s Guide Installing Components The Network window Configuration tab displays a list of installed components. You need a network adapter, the TCP/IP protocol and Client for Microsoft Networks. If you need the adapter: In the Network window, click Add. Select Adapter and then click Add.
  • Page 551 Prestige 652H/HW Series User’s Guide Click the IP Address tab. -If your IP address is dynamic, select Obtain an IP address automatically. -If you have a static IP address, select Specify an IP address and type your information into the IP Address and Subnet Mask fields. Click the DNS Configuration tab.

  • Page 552: Verifying Settings

    Prestige 652H/HW Series User’s Guide Click the Gateway tab. -If you do not know your gateway’s IP address, remove previously installed gateways. -If you have a gateway IP address, type it in the New gateway field and click Add. Click OK to save and close the TCP/IP Properties window. Click OK to close the Network window.
  • Page 553 Prestige 652H/HW Series User’s Guide Windows 2000/NT/XP For Windows XP, click start, Control Panel. In Windows 2000/NT, click Start, Settings, Control Panel. For Windows XP, click Network Right-click Local Area Connection and Connections. For Windows 2000/NT, click then click Properties. Network and Dial-up Connections.
  • Page 554 Prestige 652H/HW Series User’s Guide Select Internet Protocol (TCP/IP) (under the General tab in Win XP) and click Properties. The Internet Protocol TCP/IP Properties window opens (the General tab in Windows XP). -If you have a dynamic IP address click Obtain an IP address automatically.
  • Page 555 Prestige 652H/HW Series User’s Guide -If you do not know your gateway's IP address, remove any previously installed gateways in the IP Settings tab and click OK. Do one or more of the following if you want to configure additional IP addresses: -In the IP Settings tab, in IP addresses, click Add.
  • Page 556 Prestige 652H/HW Series User’s Guide In the Internet Protocol TCP/IP Properties window (the General tab in Windows XP): -Click Obtain DNS server address automatically if you do not know your DNS server IP address(es). -If you know your DNS server IP address(es), click Use the following DNS server addresses, and type them in the Preferred DNS server and Alternate DNS server fields.
  • Page 557 Prestige 652H/HW Series User’s Guide Macintosh OS 8/9 Click the Apple menu, Control Panel and double-click TCP/IP to open the TCP/IP Control Panel. Select Ethernet built-in from the Connect via list. Setting up Your Computer’s IP Address...
  • Page 558 Prestige 652H/HW Series User’s Guide For dynamically assigned settings, select Using DHCP Server from the Configure: list. For statically assigned settings, do the following: -From the Configure box, select Manually. -Type your IP address in the IP Address box. -Type your subnet mask in the Subnet mask box. -Type the IP address of your Prestige in the Router address box.
  • Page 559 Prestige 652H/HW Series User’s Guide Click Network in the icon bar. - Select Automatic from the Location list. - Select Built-in Ethernet from the Show list. - Click the TCP/IP tab. For dynamically assigned settings, select Using DHCP from the Configure list. For statically assigned settings, do the following: -From the Configure box, select Manually.

  • Page 561: Appendix J Splitters And Microfilters

    Prestige 652H/HW Series User’s Guide Appendix J Splitters and Microfilters This appendix tells you how to install a POTS splitter or a telephone microfilter. Connecting a POTS Splitter When you use the Full Rate (G.dmt) ADSL standard, you can use a POTS (Plain Old Telephone Service) splitter to separate the telephone and ADSL signals.
  • Page 562 Prestige 652H/HW Series User’s Guide Step 2. Connect a cable from the double jack end of the Y-Connector to the “wall side” of the microfilter. Step 3. Connect another cable from the double jack end of the Y-Connector to the Prestige. Step 4.

  • Page 563: Appendix K Log Descriptions

    Prestige 652H/HW Series User’s Guide Appendix K Log Descriptions This appendix provides descriptions of example log messages Chart K-1 System Maintenance Logs LOG MESSAGE DESCRIPTION Time calibration is The router has adjusted its time based on information from the time server.

  • Page 564: Chart K-2 Upnp Logs

    Prestige 652H/HW Series User’s Guide Chart K-2 UPnP Logs LOG MESSAGE DESCRIPTION UPnP pass through UPnP packets can pass through the firewall. Firewall For the content filtering logs “(Destination)” means the destination IP address or domain name. Chart K-3 Content Filtering Logs MESSAGE NOTE DESCRIPTION...

  • Page 565: Chart K-4 Attack Logs

    Prestige 652H/HW Series User’s Guide Chart K-4 Attack Logs LOG MESSAGE DESCRIPTION attack (Protocol) The firewall detected an attack. The log may also display the protocol (for example TCP or UDP). land Protocol) The firewall detected a land attack. The log may also display the protocol (for example TCP or UDP).

  • Page 566: Chart K-5 Access Logs

    Prestige 652H/HW Series User’s Guide Chart K-5 Access Logs LOG MESSAGE DESCRIPTION Firewall default Access matched the default policy and the Prestige blocked or forwarded it according to the configuration of the default firewall policy (Protocol, policy. Direction) Firewall rule match Access matched a firewall rule and the Prestige blocked or forwarded it according to the rule’s configuration.

  • Page 567: Chart K-6 Tcp Reset Logs

    Prestige 652H/HW Series User’s Guide Chart K-5 Access Logs LOG MESSAGE DESCRIPTION Out of order TCP The router blocked a TCP handshake packet that came out of the proper order handshake packet blocked (Protocol) Unsupported/out-of- The Prestige generates this log after it drops an ICMP packet due to one of the following two reasons: order ICMP (Protocol) 1.

  • Page 568: Chart K-7 Icmp Notes

    Prestige 652H/HW Series User’s Guide Chart K-7 ICMP Notes TYPE CODE DESCRIPTION A packet that needed fragmentation was dropped because it was set to Don't Fragment (DF) Source route failed Source Quench A gateway may discard internet datagrams if it does not have the buffer space needed to queue the datagrams for output to the next network on the route to the destination network.
  • Page 569 Prestige 652H/HW Series User’s Guide Chart K-7 ICMP Notes TYPE CODE DESCRIPTION Information reply message VPN/IPSec logs To view the IPSec and IKE connection log, type 3 in menu 27 and press [ENTER] to display the IPSec log as shown next. The following figure shows a typical log from the initiator of a VPN connection. Index: Date/Time: Log:...

  • Page 570: Chart K-8 Sample Ike Key Exchange Logs

    Prestige 652H/HW Series User’s Guide Index: Date/Time: Log: ------------------------------------------------------------ 01 Jan 08:08:07 Recv Main Mode request from <192.168.100.100> 01 Jan 08:08:07 Recv:<SA> 01 Jan 08:08:08 Send:<SA> 01 Jan 08:08:08 Recv:<KE><NONCE> 01 Jan 08:08:10 Send:<KE><NONCE> 01 Jan 08:08:10 Recv:<ID><HASH> 01 Jan 08:08:10 Send:<ID><HASH>...
  • Page 571 Prestige 652H/HW Series User’s Guide Chart K-8 Sample IKE Key Exchange Logs LOG MESSAGE DESCRIPTION Start Phase 2: Quick Mode Phase 2 negotiation is begins by using Quick Mode. !! IKE Negotiation is in process The Prestige has begun negotiation with the peer for the connection already, but the IKE key exchange has not finished yet.

  • Page 572: Chart K-9 Sample Ipsec Logs During Packet Transmission

    Prestige 652H/HW Series User’s Guide Chart K-8 Sample IKE Key Exchange Logs LOG MESSAGE DESCRIPTION !! Too many errors! Deleting SA The Prestige deletes an SA when too many errors occur. !! ID type mismatch The ID type of an incoming packet does not match the local's peer ID type.

  • Page 573: Chart K-10 Rfc-2408 Isakmp Payload Types

    Prestige 652H/HW Series User’s Guide Chart K-9 Sample IPSec Logs During Packet Transmission LOG MESSAGE DESCRIPTION !! Discard REPLAY packet If the Prestige receives a packet with the wrong sequence number it will discard it. !! Inbound packet The authentication configuration settings are incorrect. Please authentication failed check them.
  • Page 575 Prestige 652H/HW Series User’s Guide Appendix L Index Bandwidth Manager Class Configuration..20-13 Bandwidth Manager Class Setup ....20-11 Bandwidth Manager Monitor....... 20-18 Accounting............. 7-10 Bandwidth Manager Summary ...... 20-8 Action for Matched Packets ......13-12 Basic Service Set ..........C-2 Active..........
  • Page 576 Prestige 652H/HW Series User’s Guide Classes of IP Addresses ........B-1 Diffie-Hellman Key Groups ......16-18 Collision............37-3 Digital Subscriber Line Access Multiplexer..1-7 Command Interpreter Mode......39-1 Direct Sequence Spread Spectrum ....C-1 Community ............ 35-2 Distribution System ......... C-2 Compact Guide ..........2-1 DMZ ..............6-7 Computer Name..........
  • Page 577 Prestige 652H/HW Series User’s Guide PPP over Ethernet ........3-1 Sample ............. 34-17 PPPoA............3-1 Filter Set RFC 1483............. 3-2 Class ............34-7 Encapsulation Security Payload..... 16-1 Filter Set Configuration ......... 34-4 Encryption..........7-11, 15-1 Filtering ..........34-1, 34-7 Error Log............37-5 Filtering Process Error/Information Messages Outgoing Packets........
  • Page 578 Prestige 652H/HW Series User’s Guide Full Rate ............J-1 Internet access ..........27-1 Internet Access ..1-1, 1-7, 25-2, 27-1, 27-4, 27-5 Internet Access Setup ......A-3, 32-1 Internet Assigned Numbers Authority...See IANA Gateway ............30-3 Internet Control Message Protocol ....13-22 Gateway Node ..........31-4 Internet Control Message Protocol (ICMP)..12-6 General Setup ..........
  • Page 579 Prestige 652H/HW Series User’s Guide IP Subnet Mask ..........24-11 Maximum Incomplete Low ......13-27 Remote............. 24-11 Max-incomplete High ........13-25 IPSec .............. 15-1 Max-incomplete Low......13-25, 13-27 IPSec Algorithms ........15-3, 16-1 MBS......See Maximum Burst Size IPSec and NAT ..........15-4 Media Access Control........
  • Page 580 Prestige 652H/HW Series User’s Guide Priority-based Scheduler ........20-4 Private........24-12, 29-7, 30-4 One Minute High ......... 13-27 Proportional Bandwidth Allocation....20-2 One Minute Low.......... 13-26 Protocol ............34-8 One-Minute High......... 13-25 Protocol Filter Rules........34-14 Outside Header ..........15-4 Public Servers...........6-7 Packet Quality of Service...........41-1 Error ............
  • Page 581 Prestige 652H/HW Series User’s Guide RF signals............C-1 Server. , 32-3, 32-4, 32-5, 32-8, 32-9, 32-10, 32- RFC-1483............29-2 12, 32-13, 39-5 RFC-2364..........29-2, 29-3 Service ............iv, 13-3 RIP ... 24-12, 25-4, 29-7. See Routing Information Service Type ........A-3, 13-14 Protocol Services.............
  • Page 582 Prestige 652H/HW Series User’s Guide Sustained Cell Rate.......... 8-2 Threshold Values..........13-24 SYN Flood..........12-4, 12-5 Time and Date ..........11-1 SYN-ACK ............. 12-5 Time and Date Setting ......39-4, 39-5 Syntax Conventions ........xxviii Time Zone ............39-5 Syslog ..........13-14, 37-6 Timeout ..........
  • Page 583 Prestige 652H/HW Series User’s Guide VPN ............... 15-1 wireless station..........7-25 VPN Applications .......... 15-2 Wizard Setup ........... 3-1 WLAN ........See Wireless LAN WPA .............. 7-11 WPA with RADIUS Application....7-13 WAN Backup........... 8-7 WPA-PSK Application ........7-12 WAN Setup............ 24-2 WAN to LAN Rules........

This manual is also suitable for:

Prestige 652hw series

Table of Contents