ZyXEL Communications Prestige 653HWI series User Manual
  1. Manuals
  2. Brands
  3. ZyXEL Communications Manuals
  4. Gateway
  5. Prestige 653HWI series
  6. User manual
ZyXEL Communications Prestige 653HWI series User Manual

ZyXEL Communications Prestige 653HWI series User Manual

Adsl security gateway with ieee802.11g and isdn backup
Hide thumbs Also See for Prestige 653HWI series:
1
2
3
4
5
Table Of Contents
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
Table of Contents

Advertisement

Quick Links

Download this manual
Prestige 653HWI Series
ADSL Security Gateway with IEEE802.11g and ISDN Backup
User's Guide
Version 3.40
December 2003

Advertisement

Table of Contents
loading
Need help?

Need help?

Do you have a question about the Prestige 653HWI series and is the answer not in the manual?

Questions and answers

Subscribe to Our Youtube Channel

Related Manuals for ZyXEL Communications Prestige 653HWI series

Summary of Contents for ZyXEL Communications Prestige 653HWI series

  • Page 1 Prestige 653HWI Series ADSL Security Gateway with IEEE802.11g and ISDN Backup User's Guide Version 3.40 December 2003...

  • Page 2: Copyright

    Trademarks ZyNOS (ZyXEL Network Operating System) is a registered trademark of ZyXEL Communications, Inc. Other trademarks mentioned in this publication are used for identification purposes only and may be properties of their respective owners.
  • Page 3 Prestige 653HWI Series User’s Guide Federal Communications Commission (FCC) Interference Statement This device complies with Part 15 of FCC rules. Operation is subject to the following two conditions: • This device may not cause harmful interference. • This device must accept any interference received, including interference that may cause undesired operations.

  • Page 4: Zyxel Limited Warranty

    Prestige 653HWI Series User’s Guide ZyXEL Limited Warranty ZyXEL warrants to the original end user (purchaser) that this product is free from any defects in materials or workmanship for a period of up to two years from the date of purchase. During the warranty period, and...

  • Page 5: Customer Support

    Prestige 653HWI Series User’s Guide Customer Support Please have the following information ready when you contact customer support. • Product model and serial number. • Warranty Information. • Date that you received your device. • Brief description of the problem and the steps you took to solve it.

  • Page 6: Table Of Contents

    Prestige 653HWI Series User’s Guide Table of Contents Copyright................................. ii Federal Communications Commission (FCC) Interference Statement.............iii ZyXEL Limited Warranty ..........................iv Customer Support............................v List of Figures .............................. xiv List of Tables ..............................xxi List of Charts .............................. xxv Preface ................................ xxvi Introduction to DSL..........................xxviii...
  • Page 7 Prestige 653HWI Series User’s Guide Chapter 5 LAN Setup ..........................5-1 LAN Overview...........................5-1 DNS Server Address ........................5-1 DNS Server Address Assignment ....................5-2 LAN TCP/IP ..........................5-2 Configuring LAN ........................5-4 Chapter 6 Wireless LAN Setup ........................6-1 Wireless LAN Overview......................6-1 Levels of Security ........................6-3 Data Encryption with WEP ......................6-4...
  • Page 8 Prestige 653HWI Series User’s Guide Dynamic DNS..........................9-1 Configuring Dynamic DNS .......................9-1 Chapter 10 Time Zone..........................10-1 10.1 Configuring Time Zone ......................10-1 Firewall and Content Filters ........................IV Chapter 11 Firewalls..........................11-1 11.1 Firewall Overview ........................11-1 11.2 Types of Firewalls........................11-1 11.3 Introduction to ZyXEL’s Firewall ...................11-2 11.4 Denial of Service ........................11-3...
  • Page 9 Prestige 653HWI Series User’s Guide Chapter 17 VPN Screens ...........................17-1 17.1 VPN/IPSec Overview.......................17-1 17.2 IPSec Algorithms ........................17-1 17.3 My IP Address..........................17-2 17.4 Secure Gateway Address......................17-2 17.5 VPN Summary Screen ......................17-3 17.6 Keep Alive ..........................17-5 17.7 ID Type and Content........................17-5 17.8 Pre-Shared Key ........................17-7 17.9 Editing VPN Policies .......................17-7...
  • Page 10 Prestige 653HWI Series User’s Guide 21.5 Scheduler ..........................21-4 21.6 Maximize Bandwidth Usage....................21-4 21.7 Bandwidth Borrowing......................21-7 21.8 Configuring Summary ......................21-9 21.9 Configuring Class Setup ......................21-11 21.10 Configuring Monitor......................21-18 Maintenance ...............................VIII Chapter 22 Maintenance ...........................22-1 22.1 Maintenance Overview ......................22-1 22.2 System Status Screen .......................22-1 22.3 DHCP Table Screen.........................22-6...
  • Page 11 Prestige 653HWI Series User’s Guide Chapter 28 Internet Access ........................28-1 28.1 Internet Access Overview ......................28-1 28.2 IP Policies ..........................28-1 28.3 IP Alias.............................28-1 28.4 IP Alias Setup...........................28-2 28.5 Route IP Setup..........................28-4 28.6 Internet Access Configuration....................28-5 Chapter 29 Remote Node Configuration....................29-1 29.1 Remote Node Setup Overview ....................29-1 29.2 Remote Node Setup........................29-1...
  • Page 12 Prestige 653HWI Series User’s Guide 35.2 Supported MIBs ........................35-2 35.3 SNMP Configuration .......................35-2 35.4 SNMP Traps ..........................35-4 Chapter 36 System Security........................36-1 36.1 System Security ........................36-1 36.2 Creating User Accounts on the Prestige...................36-5 Chapter 37 System Information and Diagnosis..................37-1 37.1 System Status...........................37-1 37.2 System Information........................37-3...
  • Page 13 Prestige 653HWI Series User’s Guide Chapter 44 SA Monitor ..........................44-1 44.1 SA Monitor Overview......................44-1 44.2 Using SA Monitor ........................44-1 Chapter 45 Internal SPTGEN........................45-1 45.1 Internal SPTGEN Overview.....................45-1 45.2 The Configuration Text File Format ..................45-1 45.3 Internal SPTGEN FTP Download Example................45-3 45.4 Internal SPTGEN FTP Upload Example..................45-4...

  • Page 14: List Of Figures

    Prestige 653HWI Series User’s Guide List of Figures Figure 1-1 Prestige Internet Access Application.....................1-9 Figure 1-2 Firewall Application........................1-10 Figure 1-3 VPN Application .........................1-11 Figure 1-4 Prestige LAN-to-LAN Application .....................1-12 Figure 2-1 Password Screen ...........................2-1 Figure 2-2 Web Configurator SITE MAP Screen ...................2-2 Figure 2-3 Example Xmodem Upload......................2-4...
  • Page 15 Prestige 653HWI Series User’s Guide Figure 8-2 NAT Application With IP Alias ....................8-4 Figure 8-3 Multiple Servers Behind NAT Example ..................8-8 Figure 8-4 NAT Mode............................ 8-8 Figure 8-5 Edit SUA/NAT Server Set ......................8-10 Figure 8-6 Address Mapping Rules.......................8-11 Figure 8-7 Address Mapping Rule Edit......................
  • Page 16 Prestige 653HWI Series User’s Guide Figure 17-9 Telecommuters Sharing One VPN Rule Example..............17-26 Figure 17-10 Telecommuters Using Unique VPN Rules Example .............17-27 Figure 18-1 Telnet Configuration on a TCP/IP Network ................18-2 Figure 18-2 Remote Management ........................18-3 Figure 19-1 Configuring UPnP........................19-2 Figure 20-1 Log Settings ..........................20-2...
  • Page 17 Prestige 653HWI Series User’s Guide Figure 25-6 Loopback Test .......................... 25-8 Figure 25-7 Menu 2.2.2 NetCAPI Setup...................... 25-9 Figure 25-8 Menu 11.1 ISDN Remote Node Profile.................. 25-10 Figure 25-9 Menu 11.2 Remote Node PPP Options................... 25-13 Figure 25-10 Menu 11.3 Remote Node Network Layer Options ............... 25-14 Figure 25-11 Menu 11.4 Remote Node Setup Script .................
  • Page 18 Prestige 653HWI Series User’s Guide Figure 32-6 Menu 15.1.1 First Set ........................32-6 Figure 32-7 Menu 15.1.1.1 Editing/Configuring an Individual Rule in a Set..........32-8 Figure 32-8 Menu 15.2 NAT Server Setup ....................32-9 Figure 32-9 Menu 15.2.1 NAT Server Setup ....................32-10 Figure 32-10 Multiple Servers Behind NAT Example................32-11 Figure 32-11 NAT Example 1 ........................32-12...
  • Page 19 Prestige 653HWI Series User’s Guide Figure 36-5 Menu 23.4 System Security : IEEE802.1x ................36-4 Figure 36-6 Menu 14 Dial-in User Setup..................... 36-6 Figure 36-7 Menu 14.1 Edit Dial-in User ....................36-6 Figure 37-1 Menu 24 System Maintenance ....................37-1 Figure 37-2 Menu 24.1 System Maintenance: Status...................
  • Page 20 Prestige 653HWI Series User’s Guide Figure 41-4 Menu 3.2 TCP/IP and DHCP Ethernet Setup ................41-6 Figure 41-5 Menu 11.3 Remote Node Network Layer Options..............41-6 Figure 41-6 Example of IP Policy Routing....................41-7 Figure 41-7 IP Routing Policy Example .......................41-8 Figure 41-8 IP Routing Policy Example .......................41-9 Figure 41-9 Applying IP Policies Example....................41-9...
  • Page 21 Prestige 653HWI Series User’s Guide List of Tables Table 3-1 Wizard Screen 1 ..........................3-3 Table 3-2 Internet Connection with PPPoE....................3-7 Table 3-3 Internet Connection with RFC 1483 ....................3-8 Table 3-4 Internet Connection with ENET ENCAP..................3-9 Table 3-5 Internet Connection with PPPoA ....................3-11 Table 3-6 Wizard: LAN Configuration ......................
  • Page 22 Prestige 653HWI Series User’s Guide Table 14-1 Customized Services........................14-2 Table 14-2 Creating/Editing A Customized Service ..................14-3 Table 15-1 Content Filter: Keyword ......................15-2 Table 15-2 Content Filter: Schedule ......................15-4 Table 15-3 Content Filter: Trusted........................15-4 Table 16-1 VPN and NAT..........................16-5 Table 17-1 AH and ESP ..........................17-2 Table 17-2 VPN Summary..........................17-4...
  • Page 23 Prestige 653HWI Series User’s Guide Table 24-1 Menu 1 General Setup........................ 24-2 Table 24-2 Menu 1.1 Configure Dynamic DNS................... 24-3 Table 25-1 Menu 2 WAN Backup Setup ...................... 25-2 Table 25-2 Menu 2.1Traffic Redirect Setup....................25-4 Table 25-3 Menu 2 ISDN Dial Backup Setup....................25-5 Table 25-4 Menu 2.2.2 NetCAPI Setup .......................
  • Page 24 Prestige 653HWI Series User’s Guide Table 38-2 General Commands for GUI-based FTP Clients ................38-4 Table 38-3 General Commands for GUI-based TFTP Clients ..............38-6 Table 39-1 Menu 24.9.1 System Maintenance : Budget Management ............39-3 Table 39-2 Menu 24.10 System Maintenance: Time and Date Setting ............39-5 Table 40-1 Menu 24.11 Remote Management Control.................40-2...
  • Page 25 Prestige 653HWI Series User’s Guide List of Charts Chart A-1 Troubleshooting the Start-Up of Your Prestige ................A-1 Chart A-2 Troubleshooting the LAN LED.....................A-1 Chart A-3 Troubleshooting the DSL LED......................A-2 Chart A-4 Troubleshooting the LAN Interface....................A-2 Chart A-5 Troubleshooting the WAN Interface....................A-3 Chart A-6 Troubleshooting Internet Access ....................A-3...

  • Page 26: Preface

    Prestige 653HWI Series User’s Guide Preface Congratulations on your purchase of the Prestige 653HWI Series Router. Don’t forget to register your Prestige online at www.zyxel.com for free future product updates and information. The Prestige 653 HWI Series consists of two models: Wireless Ready, with no external antennae.

  • Page 27: Syntax Conventions

    Help us help you! E-mail all User Guide-related comments, questions or suggestions for improvement to techwriters@zyxel.com.tw or send regular mail to The Technical Writing Team, ZyXEL Communications Corp., 6 Innovation Road II, Science-Based Industrial Park, Hsinchu, 300, Taiwan. Thank you! Syntax Conventions •...

  • Page 28: Introduction To Dsl

    Prestige 653HWI Series User’s Guide Introduction to DSL DSL (Digital Subscriber Line) technology enhances the data capacity of the existing twisted-pair wire that runs between the local telephone company switching offices and most homes and offices. While the wire itself can handle higher frequencies, the telephone switching equipment is designed to cut off signals above 4,000 Hz to filter noise off the voice line, but now everybody is searching for ways to get more bandwidth to improve access to the Web - hence DSL technologies.

  • Page 29: Getting Started

    Getting Started Part I: Getting Started This part is structured as a step-by-step guide to help you access your Prestige. It covers key features and applications, accessing the web configurator and configuring the wizard screens for initial setup.

  • Page 31: Chapter 1 Getting To Know Your Prestige

    Prestige 653HWI Series User’s Guide Chapter 1 Getting To Know Your Prestige This chapter describes the key features and applications of your Prestige Introducing the Prestige 653HWI Your Prestige integrates high-speed 10/100Mbps auto-negotiating LAN interface(s), a high-speed ADSL port and an ISDN Interface into a single package. The Prestige is ideal for high-speed Internet browsing and making LAN-to-LAN connections to remote networks.

  • Page 32: Features Of The Prestige

    Prestige 653HWI Series User’s Guide Features of the Prestige Your Prestige is packed with a number of features that give it the flexibility to provide a complete networking solution for almost any user. These include Wireless LAN, four-port LAN switch and bandwidth management.

  • Page 33: Wep Encryption

    Prestige 653HWI Series User’s Guide IEEE 802.11 Data Rate (Mbps) Data Rate (Mbps) 1 ~ 54 1 ~ 54 The Prestige may be prone to RF (Radio Frequency) interference from other 2.4 GHz devices such as microwave ovens, wireless phones, Bluetooth enabled devices, and other wireless LANs.
  • Page 34 Prestige 653HWI Series User’s Guide ♦ PPP Multilink The router can bundle multiple links in a single connection using PPP Multilink Protocol (MP). The number of links can be either statically configured or dynamically managed based on traffic demand. ♦...

  • Page 35: Dynamic Dns Support

    Prestige 653HWI Series User’s Guide Universal Plug and Play (UPnP) Using the standard TCP/IP protocol, the Prestige and other UPnP enabled devices can dynamically join a network, obtain an IP address and convey its capabilities to other devices on the network.

  • Page 36: Protocol Support

    Prestige 653HWI Series User’s Guide ADSL Transmission Rate Standards ♦ Full-Rate (ANSI T1.413, Issue 2; G.dmt (G.992.1) with line rate support of up to 8 Mbps downstream and 832 Kbps upstream. ♦ G.lite (G.992.2) with line rate support of up to 1.5Mbps downstream and 512Kbps upstream.

  • Page 37: Network Management

    Prestige 653HWI Series User’s Guide ♦ Transparent bridging for unsupported network layer protocols. ♦ RIP I/RIP II ♦ IGMP Proxy ♦ ICMP support ♦ ATM QoS support ♦ MIB II support (RFC 1213) Networking Compatibility Your Prestige is compatible with the major ADSL DSLAM (Digital Subscriber Line Access Multiplexer) providers, making configuration as simple as possible for you.

  • Page 38: Applications For The Prestige

    Prestige 653HWI Series User’s Guide • Other PPPoE Features ♦ PPPoE idle time out ♦ PPPoE Dial on Demand • Diagnostics Capabilities The Prestige can perform self-diagnostic tests. These tests check the integrity of the following circuitry: ♦ FLASH memory ♦...

  • Page 39: Figure 1-1 Prestige Internet Access Application

    Prestige 653HWI Series User’s Guide Figure 1-1 Prestige Internet Access Application Internet Single User Account For a SOHO (Small Office/Home Office) environment, your Prestige offers the Single User Account (SUA) feature that allows multiple users on the LAN (Local Area Network) to access the Internet concurrently for the cost of a single IP address.

  • Page 40: Figure 1-2 Firewall Application

    Prestige 653HWI Series User’s Guide Figure 1-2 Firewall Application 1.3.3 VPN Application The Prestige’s VPN feature makes it an ideal cost-effective way to connect branch offices and business partners over the Internet without the need (and expense) for leased lines between sites. VPN ensures the privacy and integrity of your data transmissions.

  • Page 41: Figure 1-3 Vpn Application

    Prestige 653HWI Series User’s Guide Figure 1-3 VPN Application 1.3.4 LAN to LAN Application You can use the Prestige to connect two geogr ly dispersed networks over the ADSL line. A typical aphical LAN-to-LAN application for your Prestige is shown as follows.

  • Page 42: Figure 1-4 Prestige Lan-To-Lan Application

    Prestige 653HWI Series User’s Guide Figure 1-4 Prestige LAN-to-LAN Application 1-12 Getting To Know Your Prestige...

  • Page 43: Chapter 2 Introducing The Web Configurator

    Prestige 653HWI Series User’s Guide Chapter 2 Introducing the Web Configurator This chapter describes how to access and navigate the web configurator. Web Configurator Overview The embedded web configurator allows you to manage the Prestige from anywhere through a browser such as Microsoft Internet Explorer or Netscape Navigator.

  • Page 44: Navigating The Prestige Web Configurator

    Prestige 653HWI Series User’s Guide Step 6. You should now see the SITE MAP screen. The management session automatically times out when the time period set in the Administrator Inactivity Timer field expires (default five minutes). Simply log back into the Prestige if this happens to you.

  • Page 45: Resetting The Prestige

    Prestige 653HWI Series User’s Guide Click the icon (located in the top right corner of most screens) to view embedded help. Resetting the Prestige If you forget your password or cannot access the SMT menu, you will need to reload the factory-default configuration file or use the RESET button the back of the Prestige.

  • Page 46: Figure 2-3 Example Xmodem Upload

    Prestige 653HWI Series User’s Guide Type the configuration file’s location, or click Browse to search for it. Choose the Xmodem protocol. Then click Send. Figure 2-3 Example Xmodem Upload Step 5. After successful firmware upload, enter "atgo" to restart the router.

  • Page 47: Chapter 3 Wizard Setup

    Prestige 653HWI Series User’s Guide Chapter 3 Wizard Setup This chapter provides information on the Wizard Setup screens in the web configurator. Wizard Setup Introduction Use the Wizard Setup screens to configure your system for Internet access settings and fill in the fields with the information in the Internet Account Information table of the Compact Guide or Read Me First.

  • Page 48: Multiplexing

    Prestige 653HWI Series User’s Guide 3.2.4 RFC 1483 RFC 1483 describes two methods for Multiprotocol Encapsulation over ATM Adaptation Layer 5 (AAL5). The first method allows multiplexing of multiple protocols over a single ATM virtual circuit (LLC-based multiplexing) and the second method assumes that each protocol is carried over a separate ATM virtual circuit (VC-based multiplexing).

  • Page 49: Figure 3-1 Wizard Screen 1

    Prestige 653HWI Series User’s Guide Figure 3-1 Wizard Screen 1 The following table describes the fields in this screen. Table 3-1 Wizard Screen 1 LABEL DESCRIPTION Mode From the Mode drop-down list box, select Routing (default) if your ISP allows multiple computers to share an Internet account.

  • Page 50: Ip Address And Subnet Mask

    Prestige 653HWI Series User’s Guide Table 3-1 Wizard Screen 1 LABEL DESCRIPTION Next Click this button to go to the next wizard screen. The next wizard screen you see depends on what protocol you chose above. Click on the protocol link to see the next wizard screen for that protocol.

  • Page 51: Ip Assignment With Pppoa Or Pppoe Encapsulation

    Prestige 653HWI Series User’s Guide 3.7.1 IP Assignment with PPPoA or PPPoE Encapsulation If you have a dynamic IP, then the IP Address and ENET ENCAP Gateway fields are not applicable (N/A). If you have a static IP, then you only need to fill in the IP Address field and not the ENET ENCAP Gateway field.

  • Page 52: Nailed-Up Connection (Ppp)

    Prestige 653HWI Series User’s Guide Nailed-Up Connection (PPP) A nailed-up connection is a dial-up line where the connection is always up regardless of traffic demand. The Prestige does two things when you specify a nailed-up connection. The first is that idle timeout is disabled.

  • Page 53: Table 3-2 Internet Connection With Pppoe

    Prestige 653HWI Series User’s Guide The following table describes the fields in this screen. Table 3-2 Internet Connection with PPPoE LABEL DESCRIPTION Service Name Type the name of your PPPoE service here. User Name Enter the user name exactly as your ISP assigned. If assigned a name in the form...

  • Page 54: Figure 3-3 Internet Connection With Rfc 1483

    Prestige 653HWI Series User’s Guide Figure 3-3 Internet Connection with RFC 1483 The following table describes the fields in this screen. Table 3-3 Internet Connection with RFC 1483 LABEL DESCRIPTION IP Address This field is available if you select Routing in the Mode field.

  • Page 55: Figure 3-4 Internet Connection With Enet Encap

    Prestige 653HWI Series User’s Guide Figure 3-4 Internet Connection with ENET ENCAP The following table describes the fields in this screen. Table 3-4 Internet Connection with ENET ENCAP LABEL DESCRIPTION IP Address A static IP address is a fixed IP that your ISP gives you. A dynamic IP address is not fixed;...

  • Page 56: Figure 3-5 Internet Connection With Pppoa

    Prestige 653HWI Series User’s Guide Table 3-4 Internet Connection with ENET ENCAP LABEL DESCRIPTION Network Address Select None, SUA Only or Full Feature from the drop-sown list box. Refer to the NAT Translation chapter for more details. Back Click Back to go back to the first wizard screen.

  • Page 57: Dhcp Setup

    Prestige 653HWI Series User’s Guide Table 3-5 Internet Connection with PPPoA LABEL DESCRIPTION User Name Enter the login name that your ISP gives you. Password Enter the password associated with the user name above. This option is available if you select Routing in the Mode field.

  • Page 58: Wizard Setup Configuration: Third Screen

    Prestige 653HWI Series User’s Guide 3.11.1 IP Pool Setup The Prestige is pre-configured with a pool of 32 IP addresses starting from 192.168.1.33 to 192.168.1.64 for the client machines. This leaves 31 IP addresses, 192.168.1.2 to 192.168.1.32 (excluding the Prestige itself which has a default IP of 192.168.1.1) for other server machines, for example, server for mail, FTP, telnet,...

  • Page 59: Figure 3-7 Wizard: Lan Configuration

    Prestige 653HWI Series User’s Guide Figure 3-7 Wizard: LAN Configuration The following table describes the fields in this screen. Table 3-6 Wizard: LAN Configuration LABEL DESCRIPTION LAN IP Address Enter the IP address of your Prestige in dotted decimal notation, for example, 192.168.1.1 (factory default).

  • Page 60: Wizard Setup Configuration: Connection Tests

    Prestige 653HWI Series User’s Guide Table 3-6 Wizard: LAN Configuration LABEL DESCRIPTION Client IP Pool Starting This field specifies the first of the contiguous addresses in the IP address pool. Address Size of Client IP Pool This field specifies the size or count of the IP address pool.

  • Page 61: Test Your Internet Connection

    Prestige 653HWI Series User’s Guide 3.14 Test Your Internet Connection Launch your web browser and navigate to www.zyxel.com. Internet access is just the beginning. Refer to the rest of this User’s Guide for more detailed information on the complete range of Prestige features. If you cannot access the Internet, open the web configurator again to confirm that the Internet settings you configured in the Wizard Setup are correct.

  • Page 63: Password, Lan, Wireless Lan And Wan

    Password, LAN, Wireless LAN and WAN Part II: Password, LAN, Wireless LAN and WAN This part covers the password, LAN (Local Area Network), wireless LAN and WAN setup.

  • Page 65: Chapter 4 Password Setup

    Prestige 653HWI Series User’s Guide Chapter 4 Password Setup This chapter provides information on the Password screen. Password Overview It is highly recommended that you change the password for accessing the Prestige. Configuring Password To change your Prestige’s password (recommended), click Password. The screen appears as shown.
  • Page 66 Prestige 653HWI Series User’s Guide Table 4-1 Password LABEL DESCRIPTION Retype to Confirm Type the new password again in this field. Click Apply to save your changes back to the Prestige. Apply Cancel Click Cancel to begin configuring this screen afresh.

  • Page 67: Chapter 5 Lan Setup

    Prestige 653HWI Series User’s Guide Chapter 5 LAN Setup This chapter describes how to configure LAN settings. LAN Overview A Local Area Network (LAN) is a shared communication system to which many computers are attached. A LAN is a computer network limited to the immediate area, usually the same building or floor of a building.

  • Page 68: Dns Server Address Assignment

    Prestige 653HWI Series User’s Guide addresses that you enter in the DHCP setup are passed to the client machines along with the assigned IP address and subnet mask. There are two ways that an ISP disseminates the DNS server addresses. The first is for an ISP to tell a customer the DNS server addresses, usually in the form of an information sheet, when s/he signs up.

  • Page 69: Rip Setup

    Prestige 653HWI Series User’s Guide DHCP server enabled with 32 client IP addresses starting from 192.168.1.33. These parameters should work for the majority of installations. If your ISP gives you explicit DNS server address(es), read the embedded web configurator help regarding what fields need to be configured.

  • Page 70: Configuring Lan

    Prestige 653HWI Series User’s Guide WAN interfaces in the web configurator (LAN; WAN). Select None to disable IP multicasting on these interfaces. Configuring LAN Click LAN to open the following screen. Figure 5-2 LAN The following table describes the fields in this screen.

  • Page 71: Table 5-1 Lan

    Prestige 653HWI Series User’s Guide Table 5-1 LAN LABEL DESCRIPTION DHCP If set to Server, your Prestige can assign IP addresses, an IP default gateway and DNS servers to Windows 95, Windows NT and other systems that support the DHCP client.
  • Page 72 Prestige 653HWI Series User’s Guide Table 5-1 LAN LABEL DESCRIPTION Apply Click this button to save these settings back to the Prestige. Cancel Click this button to reset the fields in this screen. LAN Setup...

  • Page 73: Chapter 6 Wireless Lan Setup

    Prestige 653HWI Series User’s Guide Chapter 6 Wireless LAN Setup This chapter discusses how to configure Wireless LAN on the Prestige. Wireless LAN Overview This section introduces the wireless LAN and some basic configurations. Wireless LANs can be as simple as...

  • Page 74: Figure 6-1 Rts Threshold

    Prestige 653HWI Series User’s Guide 6.1.4 RTS/CTS A hidden node occurs when two stations are within range of the same access point, but are not within range of each other. The following figure illustrates a hidden node. Both stations (STA) are within range of the access point (AP) or wireless gateway, but out-of-range of each other, so they cannot “hear”...

  • Page 75: Levels Of Security

    Prestige 653HWI Series User’s Guide Enabling the RTS Threshold causes redundant network overhead that could negatively affect the throughput performance instead of providing a remedy. 6.1.5 Fragmentation Threshold A Fragmentation Threshold is the maximum data fragment size (between 256 and 2432 bytes) that can be sent in the wireless network before the Prestige will fragment the packet into smaller data frames.

  • Page 76: Data Encryption With Wep

    Prestige 653HWI Series User’s Guide Data Encryption with WEP WEP encryption scrambles the data transmitted between the wireless stations and the access points to keep network communications private. It encrypts unicast and multicast communications in a network. Both the wireless stations and the access points must use the same WEP key for data encryption and decryption.

  • Page 77: Table 6-1 Wireless

    Prestige 653HWI Series User’s Guide Table 6-1 Wireless LABEL DESCRIPTION The ESSID (Extended Service Set Identification) is a unique name to identify the Prestige in the wireless LAN. Wireless stations associating to the Prestige must have the same ESSID. ESSID Enter a descriptive name (up to 32 characters).

  • Page 78: Configuring Mac Filter

    Prestige 653HWI Series User’s Guide Table 6-1 Wireless LABEL DESCRIPTION Apply Click Apply to save your changes back to the Prestige. Cancel Click Cancel to begin configuring this screen afresh. Configuring MAC Filter The MAC filter screen allows you to configure the Prestige to give exclusive access to up to 32 devices (Allow Association) or exclude up to 32 devices from accessing the Prestige (Deny Association).

  • Page 79: Figure 6-4 Mac Address Filter

    Prestige 653HWI Series User’s Guide Figure 6-4 MAC Address Filter The following table describes the fields in this menu. Wireless LAN Setup...

  • Page 80: Network Authentication

    Prestige 653HWI Series User’s Guide Table 6-2 MAC Address Filter LABEL DESCRIPTION Active Select Yes from the drop down list box to enable MAC address filtering Action Define the filter action for the list of MAC addresses in the MAC address filter table.

  • Page 81: Types Of Radius Messages

    Prestige 653HWI Series User’s Guide • Accounting Keeps track of the client’s network activity. RADIUS is a simple package exchange in which your Prestige acts as a message relay between the wireless station and the network RADIUS server. Types of RADIUS Messages...

  • Page 82: Configuring 802.1X

    Prestige 653HWI Series User’s Guide an EAP-compatible RADIUS server, the access point helps a wireless station and a RADIUS server perform authentication. Figure 6-5 EAP Authentication The details below provide a general description of how IEEE 802.1x EAP authentication works. For an example list of EAP-MD5 authentication steps, see the IEEE 802.1x appendix.

  • Page 83: Table 6-3 802.1X

    Prestige 653HWI Series User’s Guide Table 6-3 802.1x LABEL DESCRIPTION To control wireless stations access to the wired network, select a control method from the drop-down list box. Choose from No Authentication Required, Authentication Required and No Access Allowed. No Authentication Required allows all wireless stations access to the wired network Wireless Port without entering user names and passwords.

  • Page 84: Configuring Local User Authentication

    Prestige 653HWI Series User’s Guide Table 6-3 802.1x LABEL DESCRIPTION This field is activated only when you select Authentication Required in the Wireless Port Control field. The authentication database contains wireless station login information. The local user database is the built-in database on the Prestige. The RADIUS is an external server.

  • Page 85: Figure 6-7 Local User Database

    Prestige 653HWI Series User’s Guide Figure 6-7 Local User Database The following table describes the fields in this screen. Wireless LAN Setup 6-13...

  • Page 86: Configuring Radius

    Prestige 653HWI Series User’s Guide Table 6-4 Local User Database LABEL DESCRIPTION This is the index number of a local user account. Active Select this check box to enable the user profile. User Name Enter the user name of the user profile.

  • Page 87: Table 6-5 Radius

    Prestige 653HWI Series User’s Guide The following table describes the fields in this screen. Table 6-5 RADIUS LABEL DESCRIPTION Authentication Server Active Select Yes from the drop-down list box to enable user authentication through an external authentication server. Server IP Address Enter the IP address of the external authentication server in dotted decimal notation.

  • Page 89: Chapter 7 Wan Setup

    Prestige 653HWI Series User’s Guide Chapter 7 WAN Setup This chapter describes how to configure WAN settings. WAN Overview A WAN (Wide Area Network) is an outside connection to another network or the Internet. See the Wizard Setup chapter for more information on the fields in the WAN screens.

  • Page 90: Metric

    Prestige 653HWI Series User’s Guide Using ISDN-DCP, the Prestige acts as a DCP server. By default, the Prestige listens for DCP messages on TCP port number 2578 (the Internet-assigned number for RVS-COM DCP). When the Prestige receives a DCP message from a DCP client i.e., a workstation, the Prestige processes the message and acts on it. Your Prestige supports all the DCP messages specified in the ISDN-DCP specification.

  • Page 91: Traffic Shaping

    Prestige 653HWI Series User’s Guide Operationally, PPPoE saves significant effort for both you and the ISP or carrier, as it requires no specific configuration of the broadband modem at the customer site. By implementing PPPoE directly on the Prestige (rather than individual computers), the computers on the LAN do not need PPPoE software installed, since the Prestige does that part of the task.

  • Page 92: Configuring Wan Functions

    Prestige 653HWI Series User’s Guide Figure 7-1 Example of Traffic Shaping Configuring WAN Functions To change your Prestige’s WAN remote node settings, click WAN to access the WAN Functions screen. Figure 7-2 WAN Functions The following table describes the fields in this screen.

  • Page 93: Table 7-1 Wan Functions

    Prestige 653HWI Series User’s Guide Table 7-1 WAN Functions LABEL DESCRIPTION DSL setup The screen differs by the To edit your DSL settings, click WAN DSL Setup. encapsulation. ISDN Connection Setup You can use the ISDN interface as a backup in the event that the regular WAN connection is dropped.

  • Page 94: Configuring Wan Dsl Setup

    Prestige 653HWI Series User’s Guide Configuring WAN DSL Setup To edit your DSL settings, click WAN DSL Setup. The screen differs by the encapsulation. Figure 7-3 WAN DSL Setup WAN Setup...

  • Page 95: Table 7-2 Wan Dsl Setup

    Prestige 653HWI Series User’s Guide The following table describes the fields in this screen. Table 7-2 WAN DSL Setup LABEL DESCRIPTION Name Enter the name of your Internet Service Provider, e.g., MyISP. This information is for identification purposes only. Mode Select Routing (default) from the drop-down list box if your ISP allows multiple computers to share an Internet account.
  • Page 96 Prestige 653HWI Series User’s Guide Table 7-2 WAN DSL Setup LABEL DESCRIPTION Sustain Cell Rate The Sustain Cell Rate (SCR) sets the average cell rate (long-term) that can be transmitted. Type the SCR, which must be less than the PCR. Note that system default is 0 cells/sec.
  • Page 97 Prestige 653HWI Series User’s Guide Table 7-2 WAN DSL Setup LABEL DESCRIPTION Subnet Mask Enter a subnet mask in dotted decimal notation. (ENET ENCAP Refer to the Subnetting appendix in the to calculate a subnet mask If you are encapsulation only) implementing subnetting.

  • Page 98: Isdn Connection Setup

    Prestige 653HWI Series User’s Guide ISDN Connection Setup To edit your Prestige’s advanced WAN backup settings, click WAN, ISDN Connection Setup. The screen appears as shown. Figure 7-4 ISDN Connection Setup 7-10 WAN Setup...

  • Page 99: Table 7-3 Isdn Connection Setup

    Prestige 653HWI Series User’s Guide The following table describes the fields in this screen. ISDN Connection Setup Table 7-3 LABEL DESCRIPTION Basic ISDN Phone Number The number of your ISDN line. Outside Line Prefix A PABX (Private Automatic Branch eXchange) generally requires you to dial a number (a single digit in most cases) when you need an outside line.
  • Page 100 Prestige 653HWI Series User’s Guide ISDN Connection Setup Table 7-3 LABEL DESCRIPTION Nailed-Up Select Nailed-Up Connection when you want your connection up all the time. The Connection Prestige will try to bring up the connection automatically if it is disconnected.

  • Page 101: Isdn Dial In Setup

    Prestige 653HWI Series User’s Guide 7.10 ISDN Dial In Setup To edit your Prestige’s Dial In Setup, click WAN ISDN Dial In Setup. The screen appears as shown. Figure 7-5 ISDN Dial In Setup The following table describes the fields in this screen.
  • Page 102 Prestige 653HWI Series User’s Guide Table 7-4 ISDN Dial In Setup LABEL DESCRIPTION Incoming Rem Login Name Type the remote node login name that the remote node must use to access the Prestige. Rem Password Type the remote node password corresponding to the remote node login name.

  • Page 103: Configuring Netcapi

    Prestige 653HWI Series User’s Guide 7.11 Configuring NetCAPI To edit your Prestige’s NetCAPI settings, click WAN, NetCAPI Setup. The screen appears as shown. Figure 7-6 Configuring NetCAPI The following table describes the fields in this screen. WAN Setup 7-15...

  • Page 104: Table 7-5 Configuring Netcapi

    Prestige 653HWI Series User’s Guide Table 7-5 Configuring NetCAPI LABEL DESCRIPTION Active Select this check box to enable NetCAPI. When you want to use NetCAPI to place outgoing calls or to listen to incoming calls, Max Number of you must start RVSCOM on your computer, and RVSCOM registers itself to the Registered Prestige.

  • Page 105: Figure 7-7 Configuration Example

    Prestige 653HWI Series User’s Guide Figure 7-7 Configuration Example Before entering any configurations, you must install the CAPI driver (RVS-CE) and communication program such as RVS-COM Lite on your computer. 7.11.2 RVS-COM RVS-COM includes an ISDN CAPI driver with its communication program. RVS-CE (Core Engine) is an ISDN-CAPI 2.0 driver for Windows 95/98/NT that can be used by different ISDN communication programs...

  • Page 106: Wan Backup

    Prestige 653HWI Series User’s Guide 7.12 WAN Backup Should the DSL connection fail, traffic redirect can transfer data to a backup gateway. You can also use the ISDN port for a dial-up connection should the DSL connection fail. To set up the ISDN port for backup usage, first make sure you have set up the port connection (see the Compact Guide).

  • Page 107: Figure 7-9 Traffic Redirect Wan Setup

    Prestige 653HWI Series User’s Guide Figure 7-9 Traffic Redirect WAN Setup The following network topology allows you to avoid triangle route security issues when the backup gateway is connected to the LAN or DMZ. Use IP alias to configure the LAN into two or three logical networks with the Prestige itself as the gateway for each LAN network.

  • Page 108: Figure 7-10 Traffic Redirect Lan Setup

    Prestige 653HWI Series User’s Guide Figure 7-10 Traffic Redirect LAN Setup 7-20 WAN Setup...

  • Page 109: Configuring Wan Backup

    Prestige 653HWI Series User’s Guide 7.15 Configuring WAN Backup To change your Prestige’s WAN backup settings, click WAN, then WAN Backup. The screen appears as shown. Figure 7-11 WAN Backup Setup The following table describes the fields in this screen.

  • Page 110: Table 7-6 Wan Backup Setup

    Prestige 653HWI Series User’s Guide Table 7-6 WAN Backup Setup LABEL DESCRIPTION Backup Type Select the method that the Prestige uses to check the DSL connection. Select DSL Link to have the Prestige check the DSL connection’s physical layer. Select ICMP to have the Prestige periodically ping the IP addresses configured in the Check WAN IP Address fields.
  • Page 111 Prestige 653HWI Series User’s Guide Table 7-6 WAN Backup Setup LABEL DESCRIPTION Backup Gateway Type the IP address of your backup gateway in dotted decimal notation. The Prestige automatically forwards traffic to this IP address if the Prestige's Internet connection terminates.

  • Page 113: Nat, Dynamic Dns And Time Zone

    NAT, Dynamic DNS and Time Zone Part III: NAT, Dynamic DNS and Time Zone This part covers NAT (Network Address Translation), dynamic DNS (Domain Name Sever) and Time Zone setup.

  • Page 115: Nat Overview

    Prestige 653HWI Series User’s Guide Chapter 8 Network Address Translation (NAT) Screens This chapter discusses how to configure NAT on the Prestige. NAT Overview NAT (Network Address Translation - NAT, RFC 1631) is the translation of the IP address of a host in a packet, for example, the source address of an outgoing packet, used within one network to a different IP address known within another network.

  • Page 116: What Nat Does

    Prestige 653HWI Series User’s Guide NAT never changes the IP address (either local or global) of an outside host. 8.1.2 What NAT Does In the simplest form, NAT changes the source IP address in a packet received from a subscriber (the inside local address) to another (the inside global address) before forwarding the packet to the WAN side.

  • Page 117: Figure 8-1 How Nat Works

    Prestige 653HWI Series User’s Guide Figure 8-1 How NAT Works 8.1.4 NAT Application The following figure illustrates a possible NAT application, where three inside LANs (logical LANs using IP Alias) behind the Prestige can communicate with three distinct WAN networks. More examples follow at the...

  • Page 118: Figure 8-2 Nat Application With Ip Alias

    Prestige 653HWI Series User’s Guide Figure 8-2 NAT Application With IP Alias 8.1.5 NAT Mapping Types NAT supports five types of IP/port mapping. They are: 1. One to One: In One-to-One mode, the Prestige maps one local IP address to one global IP address.

  • Page 119: Sua (Single User Account) Versus Nat

    Prestige 653HWI Series User’s Guide 5. Server: This type allows you to specify inside servers of different services behind the NAT to be accessible to the outside world although, it is highly recommended that you use the DMZ port for these servers instead.

  • Page 120: Sua Server

    Prestige 653HWI Series User’s Guide 1. Choose SUA Only if you have just one public WAN IP address for your Prestige. 2. Choose Full Feature if you have multiple public WAN IP addresses for your Prestige. SUA Server A SUA server set is a list of inside (behind NAT on the LAN) servers, for example, web or FTP, that you can make visible to the outside world even though SUA makes your whole inside network appear as a single computer to the outside world.

  • Page 121: Table 8-3 Services And Port Numbers

    Prestige 653HWI Series User’s Guide Many residential broadband ISP accounts do not allow you to run any server processes (such as a Web or FTP server) from your location. Your ISP may periodically check for servers and may suspend your account if it discovers any active services at your location.

  • Page 122: Selecting The Nat Mode

    Prestige 653HWI Series User’s Guide IP address assigned by ISP. Figure 8-3 Multiple Servers Behind NAT Example Selecting the NAT Mode You must create a firewall rule in addition to setting up SUA/NAT, to allow traffic from the WAN to be forwarded through the Prestige.

  • Page 123: Configuring Sua Server

    Prestige 653HWI Series User’s Guide Table 8-4 NAT Mode LABEL DESCRIPTION None Select this radio button to disable NAT. Select this radio button if you have just one public WAN IP address for your Prestige. The SUA Only Prestige uses Address Mapping Set 1 in the NAT - Edit SUA NAT Server Set screen.

  • Page 124: Figure 8-5 Edit Sua/Nat Server Set

    Prestige 653HWI Series User’s Guide Figure 8-5 Edit SUA/NAT Server Set The following table describes the fields in this screen. Table 8-5 Edit SUA/NAT Server Set LABEL DESCRIPTION Start Port No. Enter a port number in this field. To forward only one port, enter the port number again in the End Port No. field.

  • Page 125: Configuring Address Mapping

    Prestige 653HWI Series User’s Guide Table 8-5 Edit SUA/NAT Server Set LABEL DESCRIPTION Server IP Enter your server IP address in this field. Address Save Click Save to save your changes back to the Prestige. Cancel Click Cancel to return to the previous configuration.

  • Page 126: Editing An Address Mapping Rule

    Prestige 653HWI Series User’s Guide The following table describes the fields in this screen. Table 8-6 Address Mapping Rules LABEL DESCRIPTION Local Start IP This is the starting Inside Local IP Address (ILA). Local IP addresses are N/A for Server port mapping.

  • Page 127: Figure 8-7 Address Mapping Rule Edit

    Prestige 653HWI Series User’s Guide Figure 8-7 Address Mapping Rule Edit The following table describes the fields in this screen. Table 8-7 Address Mapping Rule Edit LABEL DESCRIPTION Type Choose the port mapping type from one of the following. 1. One-to-One: One-to-One mode maps one local IP address to one global IP address.
  • Page 128 Prestige 653HWI Series User’s Guide Global Start IP This is the starting global IP address (IGA). Enter 0.0.0.0 here if you have a dynamic IP address from your ISP. Global End IP This is the ending global IP address (IGA). This field is N/A for One-to-One, Many- to-One and Server mapping types.

  • Page 129: Chapter 9 Dynamic Dns Setup

    Prestige 653HWI Series User’s Guide Chapter 9 Dynamic DNS Setup This chapter discusses how to configure your Prestige to use Dynamic DNS. Dynamic DNS Dynamic DNS allows you to update your current dynamic IP address with one or many dynamic DNS services so that anyone can contact you (in NetMeeting, CU-SeeMe, etc.).

  • Page 130: Figure 9-1 Ddns

    Prestige 653HWI Series User’s Guide Figure 9-1 DDNS The following table describes the fields in this screen. Table 9-1 DDNS LABEL DESCRIPTION Active Select this check box to use dynamic DNS. Service Provider Select the name of your Dynamic DNS service provider.

  • Page 131: Chapter 10 Time Zone

    Prestige 653HWI Series User’s Guide Chapter 10 Time Zone Use this screen to configure the Prestige’s time and date settings. 10.1 Configuring Time Zone To change your Prestige’s time and date, click Time Zone. The screen appears as shown. Use this screen to configure the Prestige’s time based on your local time zone.

  • Page 132: Table 10-1 Time/Date

    Prestige 653HWI Series User’s Guide The following table describes the fields in this screen. Table 10-1 Time/Date LABEL DESCRIPTION Time Server Use Time Server Select the time service protocol that your time server sends when you turn on the when Bootup Prestige.
  • Page 133 Prestige 653HWI Series User’s Guide Table 10-1 Time/Date LABEL DESCRIPTION New Date This field displays the last updated date from the time server. When you select None in the Use Time Server when Bootup field, enter the new date in this field and then click Apply.

  • Page 135: Firewall And Content Filters

    Firewall and Content Filters Part IV: Firewall and Content Filters This part introduces firewalls in general and the Prestige firewall. It also explains customized services and logs and gives example firewall rules and an overview of content filtering.

  • Page 137: Chapter 11 Firewalls

    Prestige 653HWI Series User’s Guide Chapter 11 Firewalls This chapter gives some background information on firewalls and introduces the Prestige firewall. 11.1 Firewall Overview Originally, the term firewall referred to a construction technique designed to prevent the spread of fire from one room to another.

  • Page 138: Introduction To Zyxel's Firewall

    Prestige 653HWI Series User’s Guide Information hiding prevents the names of internal systems from being made known via DNS to outside systems, since the application gateway is the only host whose name must be made known to outside systems. Robust authentication and logging pre-authenticates application traffic before it reaches internal hosts and causes it to be logged more effectively than if it were logged with standard host logging.

  • Page 139: Denial Of Service

    Prestige 653HWI Series User’s Guide Figure 11-1 Prestige Firewall Application 11.4 Denial of Service Denials of Service (DoS) attacks are aimed at devices and networks with a connection to the Internet. Their goal is not to steal information, but to disable a device or network so users no longer have access to network resources.

  • Page 140: Table 11-1 Common Ip Ports

    Prestige 653HWI Series User’s Guide Table 11-1 Common IP Ports Telnet HTTP SMTP POP3 11.4.2 Types of DoS Attacks There are four types of DoS attacks: 1. Those that exploit bugs in a TCP/IP implementation. 2. Those that exploit weaknesses in the TCP/IP specification.

  • Page 141: Figure 11-2 Three-Way Handshake

    Prestige 653HWI Series User’s Guide Figure 11-2 Three-Way Handshake Under normal circumstances, the application that initiates a session sends a SYN (synchronize) packet to the receiving server. The receiver sends back an ACK (acknowledgment) packet and its own SYN, and then the initiator responds with an ACK (acknowledgment).

  • Page 142: Figure 11-4 Smurf Attack

    Prestige 653HWI Series User’s Guide 2-b In a LAND Attack, hackers flood SYN packets into the network with a spoofed source IP address of the targeted system. This makes it appear as if the host computer sent the packets to itself, making the system unavailable while the target system tries to respond to itself.

  • Page 143: Stateful Inspection

    Prestige 653HWI Series User’s Guide Table 11-3 Legal NetBIOS Commands MESSAGE: REQUEST: POSITIVE: NEGATIVE: RETARGET: KEEPALIVE: All SMTP commands are illegal except for those displayed in the following tables. Table 11-4 Legal SMTP Commands AUTH DATA EHLO ETRN EXPN HELO...

  • Page 144: Figure 11-5 Stateful Inspection

    Prestige 653HWI Series User’s Guide Denies all sessions originating from the WAN to the LAN. User A initiates a telnet session. Return traffic for User A’s telnet session is permitted. Other Telnet traffic is blocked. Figure 11-5 Stateful Inspection The previous figure shows the Prestige’s default firewall rules in action as well as demonstrates how stateful inspection works.

  • Page 145: Stateful Inspection And The Prestige

    Prestige 653HWI Series User’s Guide 4. Based on the obtained state information, a firewall rule creates a temporary access list entry that is inserted at the beginning of the WAN interface's inbound extended access list. This temporary access list entry is designed to permit inbound packets of the same connection as the outbound packet just inspected.

  • Page 146: Tcp Security

    Prestige 653HWI Series User’s Guide Below is a brief technical description of how these connections are tracked. Connections may either be defined by the upper protocols (for instance, TCP), or by the Prestige itself (as with the "virtual connections" created for UDP and ICMP).

  • Page 147: Guidelines For Enhancing Security With Your Firewall

    Prestige 653HWI Series User’s Guide 11.5.5 Upper Layer Protocols Some higher layer protocols (such as FTP and RealAudio) utilize multiple network connections simultaneously. In general terms, they usually have a "control connection" which is used for sending commands between endpoints, and then "data connections" which are used for transmitting bulk information.

  • Page 148: Packet Filtering Vs Firewall

    Prestige 653HWI Series User’s Guide 1. Encourage your company or organization to develop a comprehensive security plan. Good network administration takes into account what hackers can do and prepares against attacks. The best defense against hackers is information. Educate all employees about the importance of security and how to minimize risk.

  • Page 149: When To Use Filtering

    Prestige 653HWI Series User’s Guide Packet filtering only checks the header portion of an IP packet. When To Use Filtering 1. To block/allow LAN packets by their MAC addresses. 2. To block/allow special IP packets which are neither TCP nor UDP, nor ICMP packets.
  • Page 150 Prestige 653HWI Series User’s Guide 6. The firewall can block specific URL traffic that might occur in the future. The URL can be saved in an Access Control List (ACL) database. 11-14 Firewalls...

  • Page 151: Chapter 12 Firewall Configuration

    Prestige 653HWI Series User’s Guide Chapter 12 Firewall Configuration This chapter shows you how to enable and configure the Prestige firewall. 12.1 Remote Management and the Firewall When remote management is configured to allow management (see the Remote Management chapter) and the firewall is enabled: •...

  • Page 152: Attack Alert

    Prestige 653HWI Series User’s Guide 12.3 Attack Alert Attack alerts are real-time reports of DoS attacks. In the Attack Alert screen, shown later, you may choose to generate an alert whenever an attack is detected. For DoS attacks, the Prestige uses thresholds to determine when to drop sessions that do not become fully established.

  • Page 153: Tcp Maximum Incomplete And Blocking Time

    Prestige 653HWI Series User’s Guide The Prestige measures both the total number of existing half-open sessions and the rate of session establishment attempts. Both TCP and UDP half-open sessions are counted in the total number and rate measurements. Measurements are made once a minute.

  • Page 154: Figure 12-2 Attack Alert

    Prestige 653HWI Series User’s Guide Figure 12-2 Attack Alert The following table describes the fields in this screen. Table 12-1 Attack Alert LABEL DESCRIPTION Generate alert Select this check box to generate an alert whenever an attack is detected. when attack...
  • Page 155 Prestige 653HWI Series User’s Guide Table 12-1 Attack Alert LABEL DESCRIPTION Maximum This is the number of existing half-open sessions (default "80") that causes the Incomplete Low firewall to stop deleting half-open sessions. The Prestige continues to delete half-open requests as necessary, until the number of existing half-open sessions drops below this number.

  • Page 157: Chapter 13 Creating Custom Rules

    Prestige 653HWI Series User’s Guide Chapter 13 Creating Custom Rules This chapter contains instructions for defining both Local Network and Internet rules. 13.1 Rules Overview Firewall rules are subdivided into “Local Network” and “Internet”. By default, the Prestige’s stateful packet inspection allows all communications to the Internet that originate from the local network, and blocks all traffic to the LAN that originates from the Internet.

  • Page 158: Security Ramifications

    Prestige 653HWI Series User’s Guide 3. What is the direction connection: from the LAN to the Internet, or from the Internet to the LAN? 4. What IP services will be affected? 5. What computers on the LAN are to be affected (if any)? 6.

  • Page 159: Connection Direction

    Prestige 653HWI Series User’s Guide Source Address What is the connection’s source address; is it on the LAN or WAN? Is it a single IP, a range of IPs or a subnet? Destination Address What is the connection’s destination address; is it on the LAN or WAN? Is it a single IP, a range of IPs or a subnet? 13.3 Connection Direction...

  • Page 160: Figure 13-1 Lan To Wan Traffic

    Prestige 653HWI Series User’s Guide Figure 13-1 LAN to WAN Traffic 13.3.2 WAN to LAN Rules The default rule for WAN to LAN traffic blocks all incoming connections (WAN to LAN). If you wish to allow certain WAN users to have access to your LAN, you will need to create custom rules to allow it.

  • Page 161: Logs

    Prestige 653HWI Series User’s Guide Figure 13-2 WAN to LAN Traffic 13.4 Logs A log is a detailed record that you create for packets that either match a rule, don’t match a rule or both when you are creating/editing a firewall rule (see Figure 13-4). You can also choose not to create a log for a rule in this screen.

  • Page 162: Figure 13-3 Firewall Rules Summary: First Screen

    Prestige 653HWI Series User’s Guide Figure 13-3 Firewall Rules Summary: First Screen The following table describes the fields in this screen. Table 13-1 Firewall Rules Summary: First Screen LABEL DESCRIPTION The default action for Use the drop-down list box to select whether to Block (silently discard) or packets not matching Forward (allow the passage of) packets that do not match the following rules.

  • Page 163: Predefined Services

    Prestige 653HWI Series User’s Guide Table 13-1 Firewall Rules Summary: First Screen LABEL DESCRIPTION This is your firewall rule number. The ordering of your rules is important as rules are applied in turn. The Move field below allows you to reorder your rules.

  • Page 164: Table 13-2 Predefined Services

    Prestige 653HWI Series User’s Guide Table 13-2 Predefined Services SERVICE DESCRIPTION AIM(TCP:5190) AOL’s Internet Messenger service, used as a listening port by ICQ. BGP(TCP:179) Border Gateway Protocol. BOOTP_CLIENT(UDP:68) DHCP Client. BOOTP_SERVER(UDP:67) DHCP Server. CU-SEEME(TCP/UDP:7648, A popular videoconferencing solution from White Pines Software.
  • Page 165 Prestige 653HWI Series User’s Guide Table 13-2 Predefined Services SERVICE DESCRIPTION NNTP(TCP:119) Network News Transport Protocol is the delivery mechanism for the USENET newsgroup service. PING(ICMP:0) Packet INternet Groper is a protocol that sends out ICMP echo requests to test whether or not a remote host is reachable.

  • Page 166: Creating/Editing Firewall Rules

    Prestige 653HWI Series User’s Guide Table 13-2 Predefined Services SERVICE DESCRIPTION TACACS(UDP:49) Login Host Protocol used for (Terminal Access Controller Access Control System). TELNET(TCP:23) Telnet is the login and terminal emulation protocol common on the Internet and in UNIX environments. It operates over TCP/IP networks.

  • Page 167: Figure 13-4 Creating/Editing A Firewall Rule

    Prestige 653HWI Series User’s Guide Figure 13-4 Creating/Editing A Firewall Rule The following table describes the fields in this screen. Table 13-3 Creating/Editing A Firewall Rule LABEL DESCRIPTION Source Address Click SrcAdd to add a new address, SrcEdit to edit an existing one or SrcDelete to delete one.

  • Page 168: Source And Destination Addresses

    Prestige 653HWI Series User’s Guide Table 13-3 Creating/Editing A Firewall Rule LABEL DESCRIPTION Destination Click DestAdd to add a new address, DestEdit to edit an existing one or Address DestDelete to delete one. Services Select a service in the Available Services box on the left, then click >> to select.

  • Page 169: Timeout

    Prestige 653HWI Series User’s Guide Figure 13-5 Adding/Editing Source and Destination Addresses The following table describes the fields in this screen. Table 13-4 Adding/Editing Source and Destination Addresses LABEL DESCRIPTION Address Type Do you want your rule to apply to packets with a particular (single) IP address, a range of IP addresses (e.g., 192.168.1.10 to 192.169.1.50), a subnet or any IP...

  • Page 170: Figure 13-6 Timeout

    Prestige 653HWI Series User’s Guide 13.8.1 Factors Influencing Choices for Timeout Values The factors influencing choices for timeout values are the same as the factors influencing choices for threshold values – see section 12.3.2. Click Timeout for either Local Network or Internet.
  • Page 171 Prestige 653HWI Series User’s Guide Table 13-5 Timeout LABEL DESCRIPTION Back Click Back to return to the previous screen. Apply Click Apply to save your customized settings and exit this screen. Cancel Click Cancel to return to the previous configuration.

  • Page 173: Chapter 14 Customized Services

    Prestige 653HWI Series User’s Guide Chapter 14 Customized Services This chapter covers creating, viewing and editing custom services. 14.1 Introduction to Customized Services Configure customized services and port numbers not predefined by the Prestige (see Figure 13-4). For a comprehensive list of port numbers and services, visit the IANA (Internet Assigned Number Authority) website.

  • Page 174: Creating/Editing A Customized Service

    Prestige 653HWI Series User’s Guide Table 14-1 Customized Services LABEL DESCRIPTION Customized Services This is the number of your customized port. Click a rule’s number of a service to go to the Firewall Customized Services Config screen to configure or edit a customized service.

  • Page 175: Example Custom Service Firewall Rule

    Prestige 653HWI Series User’s Guide Table 14-2 Creating/Editing A Customized Service LABEL DESCRIPTION Service Name Type a unique name for your custom port. Service Type Choose the IP port (TCP, UDP or TCP/UDP) that defines your customized port from the drop down list box.

  • Page 176: Figure 14-3 Configure Source Ip Example

    Prestige 653HWI Series User’s Guide Figure 14-3 Configure Source IP Example Step 5. Click Edit Available Service in the Edit rule screen and then click a rule number to bring up the Firewall Customized Services Config screen. Configure as follows.

  • Page 177: Figure 14-5 Syslog Rule Configuration Example

    Prestige 653HWI Series User’s Guide Step 6. Follow the procedures outlined earlier in this chapter to configure all your rules. Configure the rule configuration screen like the one below and apply it. This is the address range of the MyService computers.

  • Page 178: Figure 14-6 Rule Summary Example

    Prestige 653HWI Series User’s Guide Step 7. On completing the configuration procedure for these Internet firewall rules, the Rule Summary screen should look like the following. Don’t forget to click Apply when you have finished configuring your rule(s) to save your settings back to the Prestige.

  • Page 179: Chapter 15 Content Filtering Screens

    Prestige 653HWI Series User’s Guide Chapter 15 Content Filtering Screens This chapter covers how to configure content filtering. 15.1 Content Filtering Overview Internet content filtering allows you to create and enforce Internet access policies tailored to your needs. Content filtering gives you the ability to block web sites that contain key words (that you specify) in the URL.

  • Page 180: Figure 15-1 Content Filter: Keyword

    Prestige 653HWI Series User’s Guide Figure 15-1 Content Filter: Keyword The following table describes the fields in this screen. Table 15-1 Content Filter: Keyword LABEL DESCRIPTION Enable Keyword Blocking Select this check box to enable this feature. Block Websites that...

  • Page 181: Configuring The Schedule

    Prestige 653HWI Series User’s Guide Table 15-1 Content Filter: Keyword LABEL DESCRIPTION Add Keyword Click Add Keyword after you have typed a keyword. Repeat this procedure to add other keywords. Up to 64 keywords are allowed. When you try to access a web page containing a keyword, you will get a message telling you that the content filter is blocking this request.

  • Page 182: Configuring Trusted Computers

    Prestige 653HWI Series User’s Guide Table 15-2 Content Filter: Schedule LABEL DESCRIPTION Days to Block: Select a check box to configure which days of the week (or everyday) you want the content filtering to be active. Time of Day to...
  • Page 183 Prestige 653HWI Series User’s Guide Table 15-3 Content Filter: Trusted LABEL DESCRIPTION Type the ending IP address of a specific range of users on your LAN that you want to exclude from content filtering. Leave this field blank if you want to exclude an individual computer.

  • Page 185: Vpn/Ipsec

    VPN/IPSec Part V: VPN/IPSec This part provides information about configuring VPN/IPSec for secure communications.

  • Page 187: Chapter 16 Introduction To Ipsec

    Prestige 653HWI Series User’s Guide Chapter 16 Introduction to IPSec This chapter introduces the basics of IPSec VPNs. 16.1 VPN Overview A VPN (Virtual Private Network) provides secure communications between sites without the expense of leased site-to-site lines. A secure VPN is a combination of tunneling, encryption, authentication, access control and auditing technologies/services used to transport traffic over the Internet or any insecure network that uses the TCP/IP protocol suite for communication.

  • Page 188: Figure 16-1 Encryption And Decryption

    Prestige 653HWI Series User’s Guide Figure 16-1 Encryption and Decryption Data Confidentiality The IPSec sender can encrypt packets before transmitting them across a network. Data Integrity The IPSec receiver can validate packets sent by the IPSec sender to ensure that the data has not been altered during transmission.

  • Page 189: Ipsec Architecture

    Prestige 653HWI Series User’s Guide 16.2 IPSec Architecture The overall IPSec architecture is shown as follows. Figure 16-2 IPSec Architecture 16.2.1 IPSec Algorithms The ESP (Encapsulating Security Payload) Protocol (RFC 2406) and AH (Authentication Header) protocol (RFC 2402) describe the packet formats and the default standards for packet structure (including implementation algorithms).

  • Page 190: Encapsulation

    Prestige 653HWI Series User’s Guide 16.3 Encapsulation The two modes of operation for IPSec VPNs are Transport mode and Tunnel mode. Figure 16-3 Transport and Tunnel Mode IPSec Encapsulation 16.3.1 Transport Mode Transport mode is used to protect upper layer protocols and only affects the data in the IP packet. In Transport mode, the IP packet contains the security protocol (AH or ESP) located after the original IP header and options, but before any upper layer protocols contained in the packet (such as TCP and UDP).

  • Page 191: Table 16-1 Vpn And Nat

    Prestige 653HWI Series User’s Guide A NAT device in between the IPSec endpoints will rewrite either the source or destination address with one of its own choosing. The VPN device at the receiving end will verify the integrity of the incoming packet by computing its own hash value, and complain that the hash value appended to the received packet doesn't match.

  • Page 193: Chapter 17 Vpn Screens

    Prestige 653HWI Series User’s Guide Chapter 17 VPN Screens This chapter introduces the VPN screens. See the Logs chapter for information on viewing logs and the appendices for IPSec log descriptions. 17.1 VPN/IPSec Overview Use the screens documented in this chapter to configure rules for VPN connections and manage VPN connections.

  • Page 194: My Ip Address

    Prestige 653HWI Series User’s Guide Table 17-1 AH and ESP Select DES for minimal security and 3DES for maximum. Select MD5 for minimal security and SHA-1 for Select NULL to set up a tunnel without encryption. maximum security. DES (default)

  • Page 195: Vpn Summary Screen

    Prestige 653HWI Series User’s Guide for telecommuters initiating a VPN tunnel to the company network. See section 17.16 for configuration examples. The Secure Gateway IP Address may be configured as 0.0.0.0 only when using IKE key management and not Manual key management.

  • Page 196: Figure 17-2 Vpn Summary

    Prestige 653HWI Series User’s Guide Figure 17-2 VPN Summary The following table describes the fields in this screen. Table 17-2 VPN Summary LABEL DESCRIPTION This is the VPN policy index number. Click a number to edit VPN policies. Name This field displays the identification name for this VPN policy.

  • Page 197: Keep Alive

    Prestige 653HWI Series User’s Guide Table 17-2 VPN Summary LABEL DESCRIPTION Secure Gateway This is the IP address of the remote IPSec router. This must be a fixed, public IP address for traffic going through the Internet. Back Click Back to return to the previous screen.

  • Page 198: Table 17-3 Local Id Type And Content Fields

    Prestige 653HWI Series User’s Guide Table 17-3 Local ID Type and Content Fields LOCAL ID TYPE= CONTENT= Type the IP address of your computer or leave the field blank to have the Prestige automatically use its own IP address. Type a domain name (up to 31 characters) by which to identify this Prestige.

  • Page 199: Pre-Shared Key

    Prestige 653HWI Series User’s Guide The two Prestiges in this example cannot complete their negotiation because Prestige B’s Local ID type is IP, but Prestige A’s Peer ID type is set to E-mail. An “ID mismatched” message displays in the IPSEC LOG.

  • Page 200: Figure 17-3 Vpn Ike

    Prestige 653HWI Series User’s Guide Figure 17-3 VPN IKE 17-8 VPN Screens...

  • Page 201: Table 17-7 Vpn Ike

    Prestige 653HWI Series User’s Guide The following table describes the fields in this screen. Table 17-7 VPN IKE LABEL DESCRIPTION IPSec Setup Active Select this check box to activate this VPN policy. Select either Yes or No from the drop-down list box.
  • Page 202 Prestige 653HWI Series User’s Guide Table 17-7 VPN IKE LABEL DESCRIPTION When the Local Address Type field is configured to Single, enter the IP address in the IP Address Start field again here. When the Local Address Type field is...
  • Page 203 Prestige 653HWI Series User’s Guide Table 17-7 VPN IKE LABEL DESCRIPTION When you select IP in the Local ID Type field, type the IP address of your computer or leave the field blank to have the Prestige automatically use its own IP address.
  • Page 204 Prestige 653HWI Series User’s Guide Table 17-7 VPN IKE LABEL DESCRIPTION Security Protocol Select ESP if you want to use ESP (Encapsulation Security Payload). The ESP protocol (RFC 2406) provides encryption as well as some of the services offered VPN Protocol by AH.

  • Page 205: Ike Phases

    Prestige 653HWI Series User’s Guide 17.10 IKE Phases There are two phases to every IKE (Internet Key Exchange) negotiation – phase 1 (Authentication) and phase 2 (Key Exchange). A phase 1 exchange establishes an IKE SA and the second one uses that SA to negotiate SAs for IPSec.

  • Page 206: Configuring Advanced Ike Settings

    Prestige 653HWI Series User’s Guide 17.10.1 Negotiation Mode The phase 1 Negotiation Mode you select determines how the Security Association (SA) will be established for each connection through IKE negotiations. Main Mode ensures the highest level of security when the communicating parties are negotiating authentication (phase 1).

  • Page 207: Figure 17-5 Vpn Ike: Advanced

    Prestige 653HWI Series User’s Guide Figure 17-5 VPN IKE: Advanced The following table describes the fields in this screen. Table 17-8 VPN IKE: Advanced LABEL DESCRIPTION VPN - IKE Enter 1 for ICMP, 6 for TCP, 17 for UDP, etc. 0 is the default and signifies any Protocol protocol.
  • Page 208 Prestige 653HWI Series User’s Guide Table 17-8 VPN IKE: Advanced LABEL DESCRIPTION As a VPN setup is processing intensive, the system is vulnerable to Denial of Enable Replay Service (DoS) attacks The IPSec receiver can detect and reject old or duplicate packets to protect against replay attacks.
  • Page 209 Prestige 653HWI Series User’s Guide Table 17-8 VPN IKE: Advanced LABEL DESCRIPTION Select DES or 3DES from the drop-down list box. When DES is used for data communications, both sender and receiver must know the same secret key, which can be used to encrypt and decrypt the message or to Encryption Algorithm generate and verify a message authentication code.

  • Page 210: Manual Key Setup

    Prestige 653HWI Series User’s Guide Table 17-8 VPN IKE: Advanced LABEL DESCRIPTION Select SHA1 or MD5 from the drop-down list box. MD5 (Message Digest 5) and Authentication SHA1 (Secure Hash Algorithm) are hash algorithms used to authenticate packet Algorithm data. The SHA1 algorithm is generally considered stronger than MD5, but is slower.

  • Page 211: Configuring Manual Key

    Prestige 653HWI Series User’s Guide Current ZyXEL implementation assumes identical outgoing and incoming SPIs. 17.13 Configuring Manual Key You only configure VPN Manual Key when you select Manual in the Key Management field on the VPN IKE screen. This is the VPN Manual Key screen as shown next.

  • Page 212: Table 17-9 Vpn Manual Setup

    Prestige 653HWI Series User’s Guide Table 17-9 VPN Manual Setup LABEL DESCRIPTION Active Select this check box to activate this VPN policy. Type up to 32 characters to identify this VPN policy. You may use any character, Name including spaces, but the Prestige drops trailing spaces.
  • Page 213 Prestige 653HWI Series User’s Guide Table 17-9 VPN Manual Setup LABEL DESCRIPTION Use the drop-down menu to choose Single, Range, or Subnet. Select Single with a Remote Address single IP address. Select Range for a specific range of IP addresses. Select Subnet to Type specify IP addresses on a network by their subnet mask.

  • Page 214: Viewing Sa Monitor

    Prestige 653HWI Series User’s Guide Table 17-9 VPN Manual Setup LABEL DESCRIPTION Select DES, 3DES or NULL from the drop-down list box. When DES is used for data communications, both sender and receiver must know the same secret key, which can be used to encrypt and decrypt the message or to Encapsulation generate and verify a message authentication code.

  • Page 215: Figure 17-7 Sa Monitor

    Prestige 653HWI Series User’s Guide When there is outbound traffic but no inbound traffic, the SA times out automatically after two minutes. A tunnel with no outbound or inbound traffic is "idle" and does not timeout until the SA lifetime period expires. See section 17.6 on keep alive to have the Prestige renegotiate an IPSec SA when the SA lifetime expires, even if there is no traffic.

  • Page 216: Configuring Global Setting

    Prestige 653HWI Series User’s Guide Table 17-10 SA Monitor LABEL DESCRIPTION Refresh Click Refresh to display the current active VPN connection(s). 17.15 Configuring Global Setting To change your Prestige’s global settings, click VPN and then Global Setting. The screen appears as shown.

  • Page 217: Telecommuter Vpn/Ipsec Examples

    Prestige 653HWI Series User’s Guide 17.16 Telecommuter VPN/IPSec Examples The following examples show how multiple telecommuters can make VPN connections to a single Prestige at headquarters from remote IPSec routers that use dynamic WAN IP addresses. 17.16.1 Telecommuters Sharing One VPN Rule Example Multiple telecommuters can use one VPN rule to simultaneously access a Prestige at headquarters.

  • Page 218: Figure 17-9 Telecommuters Sharing One Vpn Rule Example

    Prestige 653HWI Series User’s Guide Figure 17-9 Telecommuters Sharing One VPN Rule Example 17.16.2 Telecommuters Using Unique VPN Rules Example With aggressive negotiation mode (see section 17.10.1), the Prestige can use the ID types and contents to distinguish between VPN rules. Telecommuters can each use a separate VPN rule to simultaneously access a Prestige at headquarters.

  • Page 219: Vpn And Remote Management

    Prestige 653HWI Series User’s Guide Figure 17-10 Telecommuters Using Unique VPN Rules Example 17.17 VPN and Remote Management If a VPN tunnel uses a remote management service port (Telnet, FTP, WWW SNMP, DNS or ICMP) and terminates at the Prestige’s LAN or WAN port, configure remote management to allow access for that service.
  • Page 220 Prestige 653HWI Series User’s Guide If the VPN tunnel terminates at the Prestige’s WAN IP address, configure remote management for WAN server access (or LAN & WAN or LAN & WAN & DMZ). 17-28 VPN Screens...

  • Page 221: Remote Management, Upnp And Logs

    Remote Management, UPnP and Logs Part VI: Remote Management, UPnP and Logs This part contains information on how to configure the Prestige for remote management, setting up Universal Plug and Play (UPnP) and setting up and displaying logs.

  • Page 223: Chapter 18 Remote Management Configuration

    Prestige 653HWI Series User’s Guide Chapter 18 Remote Management Configuration This chapter provides information on configuring remote management. 18.1 Remote Management Overview Remote management allows you to determine which services/protocols can access which Prestige interface (if any) from which computers.

  • Page 224: Telnet

    Prestige 653HWI Series User’s Guide 6. There is a web remote management session running with a Telnet session. A web session will be disconnected if you begin a Telnet session; it will not begin if there already is a Telnet session.

  • Page 225: Ftp

    Prestige 653HWI Series User’s Guide 18.3 FTP You can upload and download Prestige firmware and configuration files using FTP. To use this feature, your computer must have an FTP client. 18.4 Web You can use the Prestige’s embedded web configurator for configuration and file management. See the online help for details.
  • Page 226 Prestige 653HWI Series User’s Guide Table 18-1 Remote Management LABEL DESCRIPTION Secured The default 0.0.0.0 allows any client to use this service to remotely manage the Prestige. Type Client IP an IP address to restrict access to a client with a matching IP address.

  • Page 227: Chapter 19 Universal Plug-And-Play (Upnp)

    Prestige 653HWI Series User’s Guide Chapter 19 Universal Plug-and-Play (UPnP) This chapter introduces the UPnP feature in the web configurator. 19.1 Introducing Universal Plug and Play Universal Plug and Play (UPnP) is a distributed, open networking standard that uses TCP/IP for simple peer- to-peer network connectivity between devices.

  • Page 228: Upnp And Zyxel

    Prestige 653HWI Series User’s Guide All UPnP-enabled devices may communicate freely with each other without additional configuration. Disable UPnP if this is not your intention. 19.2 UPnP and ZyXEL ZyXEL has achieved UPnP certification from the Universal Plug and Play Forum Creates UPnP™...

  • Page 229: Installing Upnp In Windows Example

    Prestige 653HWI Series User’s Guide Table 19-1 Configuring UPnP LABEL DESCRIPTION Allow users to make Select this check box to allow UPnP-enabled applications to automatically configuration changes configure the Prestige so that they can communicate through the Prestige, for through UPnP...
  • Page 230 Prestige 653HWI Series User’s Guide Step 3. In the Communications window, select the Universal Plug and Play check box in the Components selection box. Step 4. Click OK to go back to the Add/Remove Programs Properties window and click Next.

  • Page 231: Using Upnp In Windows Xp Example

    Prestige 653HWI Series User’s Guide Step 5. In the Networking Services window, select the Universal Plug and Play check box. Step 6. Click OK to go back to the Windows Optional Networking Component Wizard window and click Next. 19.4 Using UPnP in Windows XP Example This section shows you how to use the UPnP feature in Windows XP.
  • Page 232 Prestige 653HWI Series User’s Guide Step 3. In the Internet Connection Properties Step 4. You may edit or delete the port window, click Settings to see the port mappings or click Add to mappings there were automatically created. manually add port mappings.
  • Page 233 Prestige 653HWI Series User’s Guide Step 6. Double-click on the icon to display your current Internet connection status. Web Configurator Easy Access With UPnP, you can access the web-based configurator on the Prestige without finding out the IP address of the Prestige first.
  • Page 234 Prestige 653HWI Series User’s Guide Step 4. An icon with the description for each UPnP-enabled device displays under Local Network. Step 5. Right-click on the icon for your Prestige and select Invoke. The web configurator login screen displays. Step 6.

  • Page 235: Chapter 20 Logs Screens

    Prestige 653 HWI User’s Guide Chapter 20 Logs Screens This chapter contains information about configuring general log settings and viewing the Prestige’s logs. Refer to the appendices for example log message explanations. 20.1 Logs Overview The web configurator allows you to choose which categories of events and/or alerts to have the Prestige log and then display the logs or have the Prestige send them to an administrator (as e-mail) or to a syslog server.

  • Page 236: Figure 20-1 Log Settings

    Prestige 653HWI Series User’s Guide Figure 20-1 Log Settings The following table describes the fields in this screen. 20-2 Logs Screens...

  • Page 237: Table 20-1 Log Settings

    Prestige 653 HWI User’s Guide Table 20-1 Log Settings LABEL DESCRIPTION Address Info Mail Server Enter the server name or the IP address of the mail server for the e-mail addresses specified below. If this field is left blank, logs and alert messages will not be sent via e-mail.

  • Page 238: Displaying The Logs

    Prestige 653HWI Series User’s Guide Table 20-1 Log Settings LABEL DESCRIPTION Select the categories of logs that you want to record. Logs include alerts. Send Immediate Alert Select the categories of alerts for which you want the Prestige to instantly e-mail alerts to the e-mail address specified in the Send Alerts To field.

  • Page 239: Smtp Error Messages

    Prestige 653 HWI User’s Guide Table 20-2 View Logs LABEL DESCRIPTION Message This field states the reason for the log. Source This field lists the source IP address and the port number of the incoming packet. Destination This field lists the destination IP address and the port number of the incoming packet. Notes This field displays additional information about the log entry.

  • Page 240: Figure 20-3 E-Mail Log Example

    Prestige 653HWI Series User’s Guide 20.4.1 Example E-mail Log An "End of Log" message displays for each mail in which a complete log has been sent. The following is an example of a log sent by e-mail. Subject: You may edit the...

  • Page 241: Bandwidth Management

    Bandwidth Management Part VII: Bandwidth Management This part provides information on the functions and configuration of Bandwidth Management.

  • Page 243: Chapter 21 Bandwidth Management

    Prestige 653HWI Series User’s Guide Chapter 21 Bandwidth Management This chapter describes the functions and configuration of bandwidth management. 21.1 Bandwidth Management Overview Bandwidth management allows you to allocate an interface’s outgoing capacity to specific types of traffic. It can also help you make sure that the Prestige forwards certain types of traffic (especially real-time applications) with minimum delay.

  • Page 244: Proportional Bandwidth Allocation

    Prestige 653HWI Series User’s Guide The total of the configured bandwidth budgets for child-classes cannot exceed the configured bandwidth budget speed of the parent class. 21.3 Proportional Bandwidth Allocation Bandwidth management allows you to define how much bandwidth each class gets; however, the actual bandwidth allotted to each class decreases or increases in proportion to actual available bandwidth.

  • Page 245: Figure 21-2 Subnet-Based Bandwidth Management Example

    Prestige 653HWI Series User’s Guide Figure 21-2 Subnet-based Bandwidth Management Example 21.4.3 Application and Subnet-based Bandwidth Management Example The following example uses bandwidth classes based on LAN subnets and applications (specific applications in each subnet are allotted bandwidth). Table 21-1 Application and Subnet-based Bandwidth Management Example...

  • Page 246: Scheduler

    Prestige 653HWI Series User’s Guide Figure 21-3 Application and Subnet-based Bandwidth Management Example 21.5 Scheduler The scheduler divides up an interface’s bandwidth among the bandwidth classes. The Prestige has two types of scheduler: fairness-based and priority-based. 21.5.1 Priority-based Scheduler With the priority-based scheduler, the Prestige forwards traffic from bandwidth classes according to the priorities that you assign to the bandwidth classes.

  • Page 247: Maximize Bandwidth Usage Example

    Prestige 653HWI Series User’s Guide When you enable maximize bandwidth usage, the Prestige first makes sure that each bandwidth class gets up to its bandwidth allotment. Next, the Prestige divides up an interface’s available bandwidth (bandwidth that is unbudgeted or unused by the classes) depending on how many bandwidth classes require more bandwidth and on their priority levels.

  • Page 248: Figure 21-4 Bandwidth Allotment Example

    Prestige 653HWI Series User’s Guide Figure 21-4 Bandwidth Allotment Example The following figure shows the bandwidth usage with the maximize bandwidth usage option enabled. The Prestige divides up the unbudgeted 2 Mbps among the classes that require more bandwidth. If the administration department only uses 1 Mbps of the budgeted 2 Mbps, the Prestige also divides the remaining 1 Mbps among the classes that require more bandwidth.

  • Page 249: Bandwidth Borrowing

    Prestige 653HWI Series User’s Guide 21.7 Bandwidth Borrowing Bandwidth borrowing allows a child-class to borrow unused bandwidth from its parent class, whereas maximize bandwidth usage allows bandwidth classes to borrow any unused or unbudgeted bandwidth on the whole interface. Enable bandwidth borrowing on a child-class to allow the child-class to use its parent class’s unused bandwidth.

  • Page 250: Figure 21-6 Bandwidth Borrowing Example

    Prestige 653HWI Series User’s Guide Figure 21-6 Bandwidth Borrowing Example The Bill class can borrow unused bandwidth from the Sales USA class because the Bill class has bandwidth borrowing enabled. The Bill class can also borrow unused bandwidth from the Sales class because the Sales USA class also has bandwidth borrowing enabled.

  • Page 251: Configuring Summary

    Prestige 653HWI Series User’s Guide The Bill class cannot borrow unused bandwidth from the Root class because the Sales class has bandwidth borrowing disabled. The Amy class cannot borrow unused bandwidth from the Sales USA class because the Amy class has bandwidth borrowing disabled.

  • Page 252: Figure 21-7 Bandwidth Manager: Summary

    Prestige 653HWI Series User’s Guide Figure 21-7 Bandwidth Manager: Summary The following table describes the labels in this screen. Table 21-2 Bandwidth Manager: Summary LABEL DESCRIPTION These read-only labels represent the physical interfaces. WLAN Active Select an interface’s check box to enable bandwidth management on that interface.

  • Page 253: Configuring Class Setup

    Prestige 653HWI Series User’s Guide Table 21-2 Bandwidth Manager: Summary LABEL DESCRIPTION Scheduler Select either Priority-Based or Fairness-Based from the drop-down menu to control the traffic flow. Select Priority-Based to give preference to bandwidth classes with higher priorities. Select Fairness-Based to treat all bandwidth classes equally. See section 21.5.

  • Page 254: Figure 21-8 Bandwidth Manager: Class Setup

    Prestige 653HWI Series User’s Guide Figure 21-8 Bandwidth Manager: Class Setup The following table describes the labels in this screen. Table 21-3 Bandwidth Manager: Class Setup LABEL DESCRIPTION Interface Select an interface from the drop-down list box for which you wish to set up classes.
  • Page 255 Prestige 653HWI Series User’s Guide Table 21-3 Bandwidth Manager: Class Setup LABEL DESCRIPTION Statistics Click Statistics to display the status of the selected class. 21.9.1 Bandwidth Manager Class Configuration Configure a bandwidth management class in the Class Configuration screen. You must use the Bandwidth Manager - Summary screen to enable bandwidth management on an interface before you can configure classes for that interface.

  • Page 256: Figure 21-9 Bandwidth Manager: Class Configuration

    Prestige 653HWI Series User’s Guide Figure 21-9 Bandwidth Manager: Class Configuration The following table describes the labels in this screen. Table 21-4 Bandwidth Manager: Class Configuration LABEL DESCRIPTION Class Name Use the auto-generated name or enter a descriptive name of up to 20 alphanumeric characters, including spaces.
  • Page 257 Prestige 653HWI Series User’s Guide Table 21-4 Bandwidth Manager: Class Configuration LABEL DESCRIPTION BW Budget (kbps) Specify the maximum bandwidth allowed for the class in kbps. The recommendation is a setting between 20 kbps and 20000 kbps for an individual class.

  • Page 258: Table 21-5 Services And Port Numbers

    Prestige 653HWI Series User’s Guide Table 21-4 Bandwidth Manager: Class Configuration LABEL DESCRIPTION Source IP Address Enter the source IP address. A blank source IP address means any source IP address. Source Subnet Mask Enter the source subnet mask. This field is N/A if you do not specify a Source IP Address.

  • Page 259: Figure 21-10 Bandwidth Management Statistics

    Prestige 653HWI Series User’s Guide 21.9.2 Bandwidth Management Statistics Use the Bandwidth Management Statistics screen to view network performance information. Click the Statistics button in the Class Setup screen to open the Statistics screen. Figure 21-10 Bandwidth Management Statistics The following table describes the labels in this screen.

  • Page 260: Configuring Monitor

    Prestige 653HWI Series User’s Guide Table 21-6 Bandwidth Management Statistics LABEL DESCRIPTION Set Interval Click Set Interval to apply the new update period you entered in the Update Period field above. Stop Update Click Stop Update to stop the browser from refreshing bandwidth management statistics.
  • Page 261 Prestige 653HWI Series User’s Guide Table 21-7 Bandwidth Manager Monitor LABEL DESCRIPTION Back Click Back to go to the main BW Manager screen. Refresh Click Refresh to update the page. Bandwidth Management 21-19...

  • Page 263: Maintenance

    Maintenance Part VIII: Maintenance This part covers the maintenance screens. VIII...

  • Page 265: Chapter 22 Maintenance

    Prestige 653HWI Series User’s Guide Chapter 22 Maintenance This chapter displays system information such as ZyNOS firmware, port IP addresses and port traffic statistics. 22.1 Maintenance Overview The maintenance screens can help you view system information, upload new firmware, manage configuration and restart your Prestige.

  • Page 266: Figure 22-1 System Status

    Prestige 653HWI Series User’s Guide Figure 22-1 System Status 22-2 Maintenance...

  • Page 267: Table 22-1 System Status

    Prestige 653HWI Series User’s Guide The following table describes the fields in this screen. Table 22-1 System Status LABEL DESCRIPTION System Status System Name This is the name of your Prestige. It is for identification purposes. ZyNOS Firmware This is the ZyNOS firmware version and the date created. ZyNOS is ZyXEL's Version proprietary Network Operating System design.

  • Page 268: Figure 22-2 System Status: Show Statistics

    Prestige 653HWI Series User’s Guide Table 22-1 System Status LABEL DESCRIPTION Show Statistics Click Show Statistics to see router performance statistics such as number of packets sent and number of packets received for each port. 22.2.1 System Statistics Click Show Statistics in the System Status screen to open the following screen. Read-only information here includes port status and packet specific statistics.

  • Page 269: Table 22-2 System Status: Show Statistics

    Prestige 653HWI Series User’s Guide The following table describes the fields in this screen. Table 22-2 System Status: Show Statistics LABEL DESCRIPTION System up Time This is the elapsed time the system has been up. CPU Load This field specifies the percentage of CPU utilization.

  • Page 270: Dhcp Table Screen

    Prestige 653HWI Series User’s Guide Table 22-2 System Status: Show Statistics LABEL DESCRIPTION Set Interval Click this button to apply the new poll interval you entered in the Poll Interval field above. Stop Click this button to halt the refreshing of the system statistics.

  • Page 271: Wireless Screens

    Prestige 653HWI Series User’s Guide Table 22-3 DHCP Table LABEL DESCRIPTION This field displays the MAC (Media Access Control) address of the computer with the displayed Address host name. Every Ethernet device has a unique MAC address. The MAC address is assigned at the factory and consists of six pairs of hexadecimal characters, for example, 00:A0:C5:00:00:02.

  • Page 272: Figure 22-5 Channel Usage Table

    Prestige 653HWI Series User’s Guide Table 22-4 Association List LABEL DESCRIPTION Association This field displays how long a wireless client has been associated to the Prestige. Time Back Click Back to return to the previous screen. Refresh Click Refresh to renew the information in the table.

  • Page 273: Diagnostic Screens

    Prestige 653HWI Series User’s Guide Table 22-5 Channel Usage Table LABEL DESCRIPTION Channel This is the index number of the channel. Activity This field displays Yes if another AP or Ad-hoc network is using the channel within the Prestige’s transmission range.

  • Page 274: Figure 22-6 Diagnostic General

    Prestige 653HWI Series User’s Guide Figure 22-6 Diagnostic General The following table describes the fields in this screen. Table 22-6 Diagnostic General LABEL DESCRIPTION TCP/IP Type the IP address of a computer that you want to ping in order to test a connection.

  • Page 275: Figure 22-7 Diagnostic Dsl Line

    Prestige 653HWI Series User’s Guide 22.5.2 Diagnostic DSL Line Screen Click Diagnostic and then DSL Line to open the screen shown next. Figure 22-7 Diagnostic DSL Line The following table describes the fields in this screen. Table 22-7 Diagnostic DSL Line...
  • Page 276 Prestige 653HWI Series User’s Guide Table 22-7 Diagnostic DSL Line LABEL DESCRIPTION ATM Loopback Click this button to start the ATM loopback test. Make sure you have configured at least Test one PVC with proper VPIs/VCIs before you begin this test. The Prestige sends an OAM F5 packet to the DSLAM/ATM switch and then returns it (loops it back) to the Prestige.

  • Page 277: Figure 22-8 Diagnostic Isdn Line

    Prestige 653HWI Series User’s Guide Figure 22-8 Diagnostic ISDN Line The following table describes the fields in this screen. Table 22-8 Diagnostic ISDN Line LABEL DESCRIPTION Reset IDSN This command re-initializes the ISDN link to the telephone company. Line Maintenance...

  • Page 278: Firmware Screen

    Prestige 653HWI Series User’s Guide Table 22-8 Diagnostic ISDN Line LABEL DESCRIPTION You can test to see if your ISDN line is working properly by using this option. This ISDN command triggers the Prestige to perform a loop-back test to check the functionality of the Connection Test ISDN line.

  • Page 279: Figure 22-9 Firmware Upgrade

    Prestige 653HWI Series User’s Guide Figure 22-9 Firmware Upgrade The following table describes the fields in this screen. Table 22-9 Firmware Upgrade LABEL DESCRIPTION File Path Type in the location of the file you want to upload in this field or click Browse ... to find it.

  • Page 280: Figure 22-10 Network Temporarily Disconnected

    Prestige 653HWI Series User’s Guide Figure 22-10 Network Temporarily Disconnected After two minutes, log in again and check your new firmware version in the System Status screen. If the upload was not successful, the following screen will appear. Click Back to go back to the Firmware screen.

  • Page 281: Smt General Configuration

    SMT General Configuration Part IX: SMT General Configuration This part covers System Management Terminal configuration for general setup, WAN backup, LAN setup, wireless LAN setup, Internet access, remote node, static route, NAT and enabling the firewall. See the web configurator parts of this guide for background information on features configurable by web configurator and SMT.

  • Page 283: Chapter 23 Introducing The Smt

    Prestige 653HWI Series User’s Guide Chapter 23 Introducing the SMT This chapter explains how to access and navigate the System Management Terminal and gives an overview of its menus. 23.1 SMT Introduction The Prestige’s SMT (System Management Terminal) is a menu-driven interface that you can access from a terminal emulator through the console port or over a telnet connection.

  • Page 284: Figure 23-1 Login Screen

    Prestige 653HWI Series User’s Guide Please note that if there is no activity for longer than five minutes after you log in, your Prestige will automatically log you out. Enter Password : **** Figure 23-1 Login Screen 23.1.4 Prestige SMT Menu Overview The following figure gives you an overview of the various SMT menu screens of your Prestige.

  • Page 285: Navigating The Smt Interface

    Prestige 653HWI Series User’s Guide Figure 23-2 Prestige 653 SMT Menu Overview 23.2 Navigating the SMT Interface The SMT (System Management Terminal) is the interface that you use to configure your Prestige. Several operations that you should be familiar with before you attempt to modify the configuration are listed in the table below.

  • Page 286: Table 23-1 Main Menu Commands

    Prestige 653HWI Series User’s Guide Table 23-1 Main Menu Commands OPERATION KEYSTROKE DESCRIPTION Move down to [ENTER] To move forward to a submenu, type in the number of the desired another menu submenu and press [ENTER]. Move up to a [ESC] Press [ESC] to move back to the previous menu.

  • Page 287: Figure 23-3 Smt Main Menu

    Prestige 653HWI Series User’s Guide After you enter the password, the SMT displays the main menu, as shown next. Copyright (c) 1994 - 2003 ZyXEL Communications Corp. Prestige 653HWI Main Menu Getting Started Advanced Management 1. General Setup 21. Filter and Firewall Setup 2, WAN Backup Setup 22.

  • Page 288: Changing The System Password

    Prestige 653HWI Series User’s Guide Table 23-2 Main Menu Summary MENU TITLE DESCRIPTION System Maintenance This menu provides system status, diagnostics, software upload, etc. IP Routing Policy Setup Use this menu to configure your IP routing policy. Schedule Setup Use this menu to schedule outgoing calls.

  • Page 289: Chapter 24 Menu 1 General Setup

    Prestige 653HWI Series User’s Guide Chapter 24 Menu 1 General Setup Menu 1 - General Setup contains administrative and system-related information. 24.1 General Setup Menu 1 — General Setup contains administrative and system-related information (shown next). The System Name field is for identification purposes. However, because some ISPs check this name you should enter your computer's "Computer Name".

  • Page 290: Figure 24-1 Menu 1 General Setup

    Prestige 653HWI Series User’s Guide Menu 1 - General Setup System Name= ? Location= Contact Person's Name= Domain Name= Edit Dynamic DNS= No Route IP= Yes Bridge= No Press ENTER to Confirm or ESC to Cancel: Figure 24-1 Menu 1 General Setup Step 2.

  • Page 291: Figure 24-2 Menu 1.1 Configure Dynamic Dns

    Prestige 653HWI Series User’s Guide 24.2.1 Procedure to Configure Dynamic DNS If you have a private WAN IP address, then you cannot use Dynamic DNS. Step 1. To configure Dynamic DNS, go to Menu 1 — General Setup and select Yes in the Edit Dynamic DNS field.

  • Page 293: Chapter 25 Menu 2 Wan Backup Setup

    Prestige 653HWI Series User’s Guide Chapter 25 Menu 2 WAN Backup Setup This chapter describes how to configure traffic redirect and ISDN dial-backup using menu 2, 2.2, 2.2.1, 2.2.2 and 11.1. 25.1 Introduction to WAN Backup Setup This chapter explains how to configure the Prestige for traffic redirect and dial backup connections.

  • Page 294: Figure 25-1 Menu 2 Wan Backup Setup

    Prestige 653HWI Series User’s Guide Menu 2 - Wan Backup Setup Check Mechanism = DSL Link Check WAN IP Address1 = 0.0.0.0 Check WAN IP Address2 = 0.0.0.0 Check WAN IP Address3 = 0.0.0.0 KeepAlive Fail Tolerance = 0 Recovery Interval(sec) = 0...

  • Page 295: Figure 25-2 Menu 2.1Traffic Redirect Setup

    Prestige 653HWI Series User’s Guide Table 25-1 Menu 2 WAN Backup Setup FIELD DESCRIPTION Recovery When the Prestige is using a lower priority connection (usually a WAN backup Interval(sec) connection), it periodically checks to whether or not it can use a higher priority connection.

  • Page 296: Configuring Isdn Dial Backup Setup

    Prestige 653HWI Series User’s Guide Table 25-2 Menu 2.1Traffic Redirect Setup FIELD DESCRIPTION Active Press [SPACE BAR] and select Yes (to enable) or No (to disable) traffic redirect setup. The default is No. Configuration: Backup Enter the IP address of your backup gateway in dotted decimal notation.

  • Page 297: Isdn Advanced Setup Menus

    Prestige 653HWI Series User’s Guide The following table describes the fields in this menu. Table 25-3 Menu 2 ISDN Dial Backup Setup FIELD DESCRIPTION Active Press [SPACE BAR] and select Yes (to enable) or No (to disable) dial-backup. The default is No.
  • Page 298 Prestige 653HWI Series User’s Guide Calling Line Indication The Calling Line Indication, or caller ID, determines whether the other party can see your number when you call. If set to Enable, the router sends the caller ID and the party you call can see your number; if it is set to Disable, the caller ID is blocked.

  • Page 299: Figure 25-4 Router Behind A Pabx

    Prestige 653HWI Series User’s Guide Figure 25-4 Router Behind a PABX Data Link Connection There are two types of ISDN Data Link Connection namely: point-to-multipoint and point-to-point. When you select point-to-multipoint, the TE1 value will be assigned by negotiation with the switch. When you select point-to-point, the TE1 value will be assigned a unique value of 0.

  • Page 300: Netcapi Setup Menu

    Prestige 653HWI Series User’s Guide Menu 2.2.1 - ISDN Advanced Setup Calling Line Indication= Enable PABX Outside Line Prefix= PABX Number (Include S/T Bus Number) for Loopback= Outgoing Calling Party Number: ISDN Data = 80010029 Data Link Connection= point-to-multipoint Press ENTER to Confirm or ESC to Cancel: Figure 25-5 Menu 2 ISDN Setup for DSS1 When you are finished, press [ENTER] at the message: ‘Press ENTER to confirm’, the router uses the...

  • Page 301: Figure 25-7 Menu 2.2.2 Netcapi Setup

    Prestige 653HWI Series User’s Guide Menu 2.2.2 - NetCAPI Setup Active= No Max Number of Registered Users= 1 Incoming Data Call Number Matching= Multiple Subscriber Number (MSN) Access List: Start IP End IP Operation 0.0.0.0 0.0.0.0 None 0.0.0.0 0.0.0.0 None 0.0.0.0...

  • Page 302: Isdn Remote Node Profile

    Prestige 653HWI Series User’s Guide Table 25-4 Menu 2.2.2 NetCAPI Setup FIELD DESCRIPTION Start IP Refers to the first IP address of a group of NetCAPI clients. Each group contains contiguous IP addresses. End IP Refers to the last IP address in a NetCAPI client group.
  • Page 303 Prestige 653HWI Series User’s Guide FIELD DESCRIPTION EXAMPLE Rem Node Enter a descriptive name for the remote node. This field can be up to eight BackupISP Name characters. Active Press [SPACE BAR] and then [ENTER] to select Yes to activate or No to deactivate this node.

  • Page 304: Editing Ppp Options

    Prestige 653HWI Series User’s Guide Table 25-5 Menu 11.1 ISDN Remote Node Profile FIELD DESCRIPTION EXAMPLE Rem IP Leave the field set to 0.0.0.0 (default) if the remote gateway has a dynamic 0.0.0.0 Addr IP address. Enter the remote gateway’s IP address here if it is static.

  • Page 305: Figure 25-9 Menu 11.2 Remote Node Ppp Options

    Prestige 653HWI Series User’s Guide The Prestige’s dial back-up feature uses PPP. To edit the remote node PPP Options, move the cursor to the Edit PPP Options field in Menu 11.1 - Remote Node Profile (Backup ISP), and use the space bar to select [Yes].

  • Page 306: Editing Tcp/Ip Options

    Prestige 653HWI Series User’s Guide Table 25-6 Menu 11.2 Remote Node PPP Options Base Trans Select the base data transfer rate for this remote node in kilobits Rate(Kbps) per second. There are two choices for this field: 64 where only one channel is used or, 128 where two channels are used as soon as a packet triggers a call.

  • Page 307: Table 25-7 Menu 11.2 Remote Node Ppp Options

    Prestige 653HWI Series User’s Guide Table 25-7 Menu 11.2 Remote Node PPP Options FIELD DESCRIPTION EXAMPLE IP Address Press [SPACE BAR] and then [ENTER] to select Dynamic if the remote Dynamic node is using a dynamically assigned IP address or Static if it is using a Assignment static (fixed) IP address.

  • Page 308: Editing Login Script

    Prestige 653HWI Series User’s Guide Table 25-7 Menu 11.2 Remote Node PPP Options None Press [SPACE BAR] and then [ENTER] to select the RIP Direction. Direction Options are Both, In Only, Out Only or None. RIP-1 Version Press [SPACE BAR] and then [ENTER] to select the RIP version.

  • Page 309: Figure 25-11 Menu 11.4 Remote Node Setup Script

    Prestige 653HWI Series User’s Guide ‘Expect’ and the ‘Send’ fields of the current set are empty, the Prestige will terminate the script processing and start PPP negotiation. This implies two things: first, the sets must be contiguous; the sets after an empty one are ignored.

  • Page 310: Remote Node Filter

    Prestige 653HWI Series User’s Guide Table 25-8 Menu 11.4 Remote Node Setup Script Set 1-6: Enter an Expect string to match. After matching the Expect string, the Expect Prestige returns the string in the Send field. Set 1-6: Enter a string to send out after the Expect string is matched.

  • Page 311: Figure 25-13 Menu 11.5 Dial Backup Remote Node Filter

    Prestige 653HWI Series User’s Guide Menu 11.5 - Remote Node Filter Input Filter Sets: protocol filters= device filters= Output Filter Sets: protocol filters= device filters= Call Filter Sets: protocol filters= device filters= Enter here to CONFIRM or ESC to CANCEL: Figure 25-13 Menu 11.5 Dial Backup Remote Node Filter...

  • Page 313: Chapter 26 Menu 3 Lan Setup

    Prestige 653HWI Series User’s Guide Chapter 26 Menu 3 LAN Setup This chapter covers how to configure your wired Local Area Network (LAN) settings. 26.1 LAN Setup This section describes how to configure the Ethernet using Menu 3 — LAN Setup. From the main menu, enter 3 to display menu 3.

  • Page 314: Protocol Dependent Ethernet Setup

    Prestige 653HWI Series User’s Guide 26.2 Protocol Dependent Ethernet Setup Depending on the protocols for your applications, you need to configure the respective Ethernet Setup, as outlined below. For TCP/IP Ethernet setup refer to the Internet Access Application chapter. For bridging Ethernet setup refer to the Bridging Setup chapter.

  • Page 315: Table 26-1 Dhcp Ethernet Setup Menu Fields

    Prestige 653HWI Series User’s Guide Table 26-1 DHCP Ethernet Setup Menu Fields FIELD DESCRIPTION EXAMPLE DHCP Setup DHCP If set to Server, your Prestige can assign IP addresses, an IP default gateway and DNS servers to Windows 95, Windows NT and Server other systems that support the DHCP client.
  • Page 316 Prestige 653HWI Series User’s Guide Table 26-2 TCP/IP Ethernet Setup Menu Fields FIELD DESCRIPTION EXAMPLE Multicast IGMP (Internet Group Multicast Protocol) is a network-layer protocol None used to establish membership in a Multicast group. The Prestige (default) supports both IGMP version 1 (IGMP-v1) and version 2 (IGMP-v2).

  • Page 317: Chapter 27 Wireless Lan Setup

    Prestige 653HWI Series User’s Guide Chapter 27 Wireless LAN Setup This chapter covers how to configure wireless LAN settings in SMT menu 3.5 27.1 Wireless LAN Overview Refer to the chapter on the wireless LAN screens for wireless LAN background information. For PCMCIA Wireless LAN Card installation, refer to the Compact Guide.

  • Page 318: Table 27-1 Menu 3.5 - Wireless Lan Setup

    Prestige 653HWI Series User’s Guide Table 27-1 Menu 3.5 - Wireless LAN Setup FIELD DESCRIPTION EXAMPLE The ESSID (Extended Service Set IDentifier) identifies the service set the Wireless wireless station is to connect to. Wireless stations associating to the Access ESSID Point must have the same ESSID.

  • Page 319: Figure 27-2 Menu 3.5.1 Wlan Mac Address Filtering

    Prestige 653HWI Series User’s Guide Table 27-1 Menu 3.5 - Wireless LAN Setup FIELD DESCRIPTION EXAMPLE When you have completed this menu, press [ENTER] at the prompt “Press ENTER to confirm or ESC to cancel” to save your configuration or press [ESC] to cancel and go back to the previous screen.
  • Page 320 Prestige 653HWI Series User’s Guide Table 27-2 Menu 3.5.1 WLAN MAC Address Filtering FIELD DESCRIPTION Define the filter action for the list of MAC addresses in the MAC address filter table. To deny access to the Prestige, press [SPACE BAR] to select Deny Association and press [ENTER].

  • Page 321: Chapter 28 Internet Access

    Prestige 653HWI Series User’s Guide Chapter 28 Internet Access This chapter shows you how to configure the LAN and WAN of your Prestige for Internet access 28.1 Internet Access Overview Refer to the chapters on the web configurator’s wizard, LAN and WAN screens for more background information on fields in the SMT screens covered in this chapter.

  • Page 322: Ip Alias Setup

    Prestige 653HWI Series User’s Guide Figure 28-1 Physical Network Figure 28-2 Partitioned Logical Networks Use menu 3.2.1 to configure IP Alias on your Prestige. 28.4 IP Alias Setup Use menu 3.2 to configure the first network. Move the cursor to Edit IP Alias field and press [SPACEBAR] to choose Yes and press [ENTER] to configure the second and third network.

  • Page 323: Figure 28-3 Menu 3.2 Tcp/Ip And Dhcp Setup

    Prestige 653HWI Series User’s Guide Menu 3.2 - TCP/IP and DHCP Setup DHCP Setup: DHCP= Server Client IP Pool Starting Addres= 192.168.1.33 Size of Client IP Pool= 32 Primary DNS Server= 0.0.0.0 Secondary DNS Server= 0.0.0.0 Remote DHCP Server= N/A TCP/IP Setup: IP Address= 192.168.1.1...

  • Page 324: Route Ip Setup

    Prestige 653HWI Series User’s Guide Table 28-1 Menu 3.2.1 IP Alias Setup FIELD DESCRIPTION EXAMPLE IP Alias Choose Yes to configure the LAN network for the Prestige. IP Address Enter the IP address of your Prestige in dotted decimal notation 192.168.2.1...

  • Page 325: Internet Access Configuration

    Prestige 653HWI Series User’s Guide 28.6 Internet Access Configuration Menu 4 allows you to enter the Internet Access information in one screen. Menu 4 is actually a simplified setup for one of the remote nodes that you can access in menu 11. Before you configure your Prestige for Internet access, you need to collect your Internet account information.
  • Page 326 Prestige 653HWI Series User’s Guide Table 28-2 Menu 4 Internet Access Setup FIELD DESCRIPTION EXAMPLE Multiplexing SPACE BAR LLC-based Press [ ] to select the method of multiplexing used by your ISP. Choices are VC-based or LLC-based. VPI # Enter the Virtual Path Identifier (VPI) assigned to you.

  • Page 327: Chapter 29 Remote Node Configuration

    Prestige 653HWI Series User’s Guide Chapter 29 Remote Node Configuration This chapter covers remote node configuration. 29.1 Remote Node Setup Overview This section describes the protocol-independent parameters for a remote node. A remote node is required for placing calls to a remote gateway. A remote node represents both the remote gateway and the network behind it across a WAN connection.

  • Page 328: Figure 29-1 Menu 11 Remote Node Setup

    Prestige 653HWI Series User’s Guide Menu 11 - Remote Node Setup 1. My ISP (ISP, SUA) 2. ________ 3. ________ 4. ________ 5. ________ 6. ________ 7. ________ 8. ________ 9. (ISDN_DIALBACKUP) 10. (ISDN_DIALIN) Figure 29-1 Menu 11 Remote Node Setup 29.2.2 Encapsulation and Multiplexing Scenarios...

  • Page 329: Figure 29-2 Menu 11.1 Remote Node Profile

    Prestige 653HWI Series User’s Guide Menu 11.1 - Remote Node Profile Edit IP/Bridge Options Rem Node Name= ChangeMe Route= IP in menu 11.3. Active= Yes Bridge= No Encapsulation= ENET ENCAP Edit IP/Bridge= No Multiplexing= LLC-based Edit ATM Options= No Edit ATM Options in...
  • Page 330 Prestige 653HWI Series User’s Guide Table 29-1 Menu 11.1 Remote Node Profile FIELD DESCRIPTION EXAMPLE Rem Login Type the login name that this remote node will use to call your Prestige. The login name and the Rem Password will be used to authenticate this node.

  • Page 331: Remote Node Network Layer Options

    Prestige 653HWI Series User’s Guide Table 29-1 Menu 11.1 Remote Node Profile FIELD DESCRIPTION EXAMPLE Schedule Sets This field is only applicable for PPPoE and PPPoA encapsulation. You can apply up to four schedule sets here. For more details please refer to the Call Schedule Setup chapter.

  • Page 332: Figure 29-3 Menu 11.3 Remote Node Network Layer Options

    Prestige 653HWI Series User’s Guide Step 2. Move the cursor to the Edit IP/Bridge field, press [SPACE BAR] to select Yes, then press [ENTER] to display Menu 11.3 – Remote Node Network Layer Options. Menu 11.3 - Remote Node Network Layer Options...
  • Page 333 Prestige 653HWI Series User’s Guide Table 29-2 Menu 11.3 Remote Node Network Layer Options FIELD DESCRIPTION EXAMPLE Press [SPACE BAR] and then [ENTER] to select Full Feature if you have SUA Only multiple public WAN IP addresses for your Prestige.

  • Page 334: Remote Node Filter

    Prestige 653HWI Series User’s Guide 29.3.1 My WAN Addr Sample IP Addresses The following figure uses sample IP addresses to help you understand the field of My Wan Addr in menu 11.3. Refer to the previous LAN and WAN IP Addresses figure in the web configurator chapter on LAN setup for a brief review of what a WAN IP is.

  • Page 335: Editing Atm Layer Options

    Prestige 653HWI Series User’s Guide Note that spaces are accepted in this field. The Prestige has a prepackaged filter set, NetBIOS_WAN, that blocks NetBIOS packets. Include this in the call filter sets if you want to prevent NetBIOS packets from triggering calls to a remote node.

  • Page 336: Figure 29-7 Menu 11.6 For Vc-Based Multiplexing

    Prestige 653HWI Series User’s Guide 29.5.1 VC-based Multiplexing (non-PPP Encapsulation) For VC-based multiplexing, by prior agreement, a protocol is assigned a specific virtual circuit, for example, VC1 will carry IP. Separate VPI and VCI numbers must be specified for each protocol.

  • Page 337: Figure 29-9 Menu 11.1 Remote Node Profile(Isdn Dial Backup)

    Prestige 653HWI Series User’s Guide 29.5.3 Remote Node Profile(ISDN Dial Backup) In menu 11, enter 9 to configure the built-in profile - ISDN_DIALBACKUP. Menu 11.1 - Remote Node Profile Rem Node Name= ? Edit PPP Options= No Active= Yes Rem IP Addr= ?

  • Page 339: Chapter 30 Static Route Setup

    Prestige 653HWI Series User’s Guide Chapter 30 Static Route Setup This chapter shows how to setup IP static routes. 30.1 IP Static Route Overview Static routes tell the Prestige routing information that it cannot learn automatically through other means. This can arise in cases where RIP is disabled on the LAN or a remote network is beyond the one that is directly connected to a remote node.

  • Page 340: Configuration

    Prestige 653HWI Series User’s Guide 30.2 Configuration Step 1. To configure an IP static route, use Menu 12 – Static Route Setup (shown next). Menu 12 - Static Route Setup 1. IP Static Route 3. Bridge Static Route Please enter selection: Figure 30-2 Menu 12 Static Route Setup Step 2.

  • Page 341: Figure 30-4 Menu12.1.1 Edit Ip Static Route

    Prestige 653HWI Series User’s Guide Menu 12.1.1 - Edit IP Static Route Route #: 1 Route Name= ? Active= No Destination IP Address= ? IP Subnet Mask= ? Gateway IP Address= ? Metric= 2 Private= No Press ENTER to Confirm or ESC to Cancel: Figure 30-4 Menu12.1.1 Edit IP Static Route...
  • Page 342 Prestige 653HWI Series User’s Guide Table 30-1 Menu12.1.1 Edit IP Static Route FIELD DESCRIPTION Private This parameter determines if the Prestige will include the route to this remote node in its RIP broadcasts. If set to Yes, this route is kept private and is not included in RIP broadcasts.

  • Page 343: Chapter 31 Bridging Setup

    Prestige 653HWI Series User’s Guide Chapter 31 Bridging Setup This chapter shows you how to configure the bridging parameters of your Prestige. 31.1 Bridging in General Bridging bases the forwarding decision on the MAC (Media Access Control), or hardware address, while routing does it on the network layer (IP) address.

  • Page 344: Figure 31-1 Menu 11.1 Remote Node Profile

    Prestige 653HWI Series User’s Guide Menu 11.1 - Remote Node Profile Rem Node Name= ? Route= IP Bridge= Yes Active= Yes Edit IP/Bridge= No Encapsulation= ENET ENCAP Multiplexing= VC-based Edit ATM Options= No Service Name= N/A Incoming: Telco Option: Rem Login= N/A...

  • Page 345: Figure 31-3 Menu 12.3.1 Edit Bridge Static Route

    Prestige 653HWI Series User’s Guide Table 31-1 Remote Node Network Layer Options : Bridge Fields FIELD DESCRIPTION Bridge (menu 11.1) Make sure this field is set to Yes. Edit IP/Bridge (menu Press [SPACE BAR] to select Yes and press [ENTER] to display menu 11.3.
  • Page 346 Prestige 653HWI Series User’s Guide FIELD DESCRIPTION Active Indicates whether the static route is active (Yes) or not (No). Ether Address Type the MAC address of the destination computer that you want to bridge the packets to. IP Address If available, type the IP address of the destination computer that you want to bridge the packets to.

  • Page 347: Chapter 32 Network Address Translation (Nat)

    Prestige 653HWI Series User’s Guide Chapter 32 Network Address Translation (NAT) This chapter discusses how to configure NAT on the Prestige. 32.1 Using NAT You must create a firewall rule in addition to setting up SUA/NAT, to allow traffic from the WAN to be forwarded through the Prestige.

  • Page 348: Figure 32-1 Menu 4 Applying Nat For Internet Access

    Prestige 653HWI Series User’s Guide Menu 4 - Internet Access Setup ISP's Name= MyISP Encapsulation= RFC 1483 Multiplexing= LLC-based VPI #= 8 VCI #= 35 Service Name= N/A My Login= N/A My Password= N/A NAT= SUA Only Address Mapping Set= N/A IP Address Assignment= Static IP Address= 0.0.0.0...

  • Page 349: Nat Setup

    Prestige 653HWI Series User’s Guide Menu 11.3 - Remote Node Network Layer Options IP Options: Bridge Options: IP Address Assignment = Dynamic Ethernet Addr Timeout(min)= N/A Rem IP Addr = 0.0.0.0 Rem Subnet Mask= 0.0.0.0 My WAN Addr= N/A NAT= SUA Only...

  • Page 350: Figure 32-3 Menu 15 Nat Setup

    Prestige 653HWI Series User’s Guide on NAT web configurator screens for further information on these menus. To configure NAT, enter 15 from the main menu to bring up the following screen. Menu 15 — NAT Setup Address Mapping Sets NAT Server Sets...

  • Page 351: Figure 32-5 Menu 15.1.255 Sua Address Mapping Rules

    Prestige 653HWI Series User’s Guide Menu 15.1.255 - Address Mapping Rules Set Name= Local Start IP Local End IP Global Start IP Global End IP Type --------------- --------------- --------------- --------------- ------ 0.0.0.0 255.255.255.255 0.0.0.0 0.0.0.0 Server Press ENTER to Confirm or ESC to Cancel: Figure 32-5 Menu 15.1.255 SUA Address Mapping Rules...

  • Page 352: Figure 32-6 Menu 15.1.1 First Set

    Prestige 653HWI Series User’s Guide User-Defined Address Mapping Sets Now let’s look at option 1 in menu 15.1. Enter 1 to bring up this menu. We’ll just look at the differences from the previous menu. Note the extra Action and Select Rule fields mean you can configure rules in this screen.

  • Page 353: Table 32-3 Menu 15.1.1 First Set

    Prestige 653HWI Series User’s Guide Now if you delete rule 4, rules 5 to 7 will be pushed up by 1 rule, so as old rule 5 becomes rule 4, old rule 6 becomes rule 5 and old rule 7 becomes rule 6.

  • Page 354: Figure 32-7 Menu 15.1.1.1 Editing/Configuring An Individual Rule In A Set

    Prestige 653HWI Series User’s Guide Figure 32-7 Menu 15.1.1.1 Editing/Configuring an Individual Rule in a Set Menu 15.1.1.1 Address Mapping Rule Type= One-to-One Local IP: Start= = N/A Global IP: Start= = N/A Server Mapping Set= N/A Press ENTER to Confirm or ESC to Cancel: Press Space Bar to Toggle.

  • Page 355: Configuring A Server Behind Nat

    Prestige 653HWI Series User’s Guide Table 32-4 Menu 15.1.1.1 Editing/Configuring an Individual Rule in a Set When you have completed this menu, press [ENTER] at the prompt “Press ENTER to confirm or ESC to cancel” to save your configuration or press [ESC] to cancel and go back to the previous screen.

  • Page 356: Figure 32-9 Menu 15.2.1 Nat Server Setup

    Prestige 653HWI Series User’s Guide Menu 15.2.1 - NAT Server Setup Rule Start Port No. End Port No. IP Address --------------------------------------------------- Default Default 0.0.0.0 192.168.1.33 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 Press ENTER to Confirm or ESC to Cancel: Figure 32-9 Menu 15.2.1 NAT Server Setup...

  • Page 357: General Nat Examples

    Prestige 653HWI Series User’s Guide You assign the private network IP addresses. The NAT network appears as a single host on the Internet. Figure 32-10 Multiple Servers Behind NAT Example 32.5 General NAT Examples The following are some examples of NAT configuration.

  • Page 358: Figure 32-11 Nat Example 1

    Prestige 653HWI Series User’s Guide Figure 32-11 NAT Example 1 Menu 4 - Internet Access Setup ISP's Name= MyISP Encapsulation= RFC 1483 Multiplexing= LLC-based VPI #= 8 VCI #= 35 Service Name= N/A My Login= N/A My Password= N/A NAT= SUA Only...

  • Page 359: Figure 32-13 Nat Example 2

    Prestige 653HWI Series User’s Guide 32.5.2 Example 2: Internet Access with an Inside Server The dynamic Inside Global Address is assigned by the ISP. Figure 32-13 NAT Example 2 In this case, you do exactly as above (use the convenient pre-configured SUA Only set) and also go to menu 15.2 to specify the Inside Server behind the NAT as shown in the next figure.

  • Page 360: Figure 32-15 Nat Example 3

    Prestige 653HWI Series User’s Guide 32.5.3 Example 3: Multiple Public IP Addresses With Inside Servers In this example, there are 3 IGAs from our ISP. There are many departments but two have their own FTP server. All departments share the same router. The example will reserve one IGA for each department with an FTP server and all departments use the other IGA.

  • Page 361: Figure 32-16 Example 3: Menu 11.3

    Prestige 653HWI Series User’s Guide Step 1. In this case you need to configure Address Mapping Set 1 from Menu 15.1 - Address Mapping Sets. Therefore you must choose the Full Feature option from the Network Address Translation field (in menu 4 or menu 11.3) in Figure 32-16.

  • Page 362: Figure 32-17 Example 3: Menu 15.1.1.1

    Prestige 653HWI Series User’s Guide Menu 15.1.1.1 Address Mapping Rule Type= One-to-One Local IP: Start= 192.168.1.10 = N/A Global IP: Start= 10.132.50.1 = N/A Server Mapping Set= N/A Press ENTER to Confirm or ESC to Cancel: Press Space Bar to Toggle.

  • Page 363: Figure 32-19 Nat Example 4

    Prestige 653HWI Series User’s Guide Menu 15.2.1 - NAT Server Setup Rule Start Port No. End Port No. IP Address --------------------------------------------------- Default Default 0.0.0.0 192.168.1.21 192.168.1.20 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 Press ENTER to Confirm or ESC to Cancel: Example 3: Menu 15.2.1...

  • Page 364: Figure 32-20 Example 4: Menu 15.1.1.1 Address Mapping Rule

    Prestige 653HWI Series User’s Guide Other applications such as some gaming programs are NAT unfriendly because they embed addressing information in the data stream. These applications won’t work through NAT even when using One-to-One and Many-to-Many No Overload mapping types.

  • Page 365: Chapter 33 Enabling The Firewall

    Prestige 653HWI Series User’s Guide Chapter 33 Enabling the Firewall This chapter shows you how to get started with the Prestige firewall. 33.1 Remote Management and the Firewall When SMT menu 24.11 is configured to allow management (see the Remote Management chapter) and the firewall is enabled: •...

  • Page 366: Figure 33-1 Menu 21.2 Firewall Setup

    Prestige 653HWI Series User’s Guide Menu 21.2 - Firewall Setup The firewall protects against Denial of Service (DOS) attacks when it is active. The default Policy sets 1. allow all sessions originating from the LAN to the WAN and 2. deny all sessions originating from the WAN to the LAN...

  • Page 367: Smt Advanced Management

    SMT Advanced Management Part X: SMT Advanced Management This part discusses filtering setup, SNMP, system security, system information and diagnosis, firmware and configuration file maintenance, system maintenance, remote management, IP Policy Routing and call scheduling. See the web configurator parts of this guide for background information on features configurable by web configurator and SMT.

  • Page 369: Chapter 34 Filter Configuration

    Prestige 653HWI Series User’s Guide Chapter 34 Filter Configuration This chapter shows you how to create and apply filters. 34.1 About Filtering Your Prestige uses filters to decide whether or not to allow passage of a data packet and/or to make a call.

  • Page 370: Figure 34-1 Outgoing Packet Filtering Process

    Prestige 653HWI Series User’s Guide Call Filtering Active Data match Built-in User-defined match match Outgoing Initiate call default Call Filters Data Packet if line not up Call Filters (if applicable) Send packet and reset Idle Timer Match Match Match Drop...

  • Page 371: Figure 34-2 Filter Rule Process

    Prestige 653HWI Series User’s Guide Start Packet intoFilter Fetch First Filter Set Filter Set Fetch Next Fetch First Filter Set Filter Rule Fetch Next Filter Rule Next filter Next Filter Set Rule Active? Available? Available? Execute Filter Rule Check Next...

  • Page 372: Configuring A Filter Set For The Prestige

    Prestige 653HWI Series User’s Guide For incoming packets, your Prestige applies data filters only. Packets are processed depending on whether a match is found. The following sections describe how to configure filter sets. The Filter Structure of the Prestige A filter set consists of one or more filter rules. Usually, you would group related rules, for example, all the rules for NetBIOS, into a single set and give it a descriptive name.

  • Page 373: Figure 34-4 Netbios_Wan Filter Rules Summary

    Prestige 653HWI Series User’s Guide Menu 21.1.2 - Filter Rules Summary # A Type Filter Rules M m n - - ---- --------------------------------------------------------------- - - - 1 Y IP Pr=6, SA=0.0.0.0, DA=0.0.0.0, DP=137 N D N 2 Y IP Pr=6, SA=0.0.0.0, DA=0.0.0.0, DP=138...

  • Page 374: Figure 34-7 Menu 21 Filter Set Configuration

    Prestige 653HWI Series User’s Guide 34.3 Configuring a Filter Set for the Prestige To configure a filter set, follow the steps shown next. Step 1. Enter 21 in the main menu to display Menu 21 – Filter and Firewall Setup.

  • Page 375: Filter Rules Summary Menus

    Prestige 653HWI Series User’s Guide Menu 21.1.4 - Filter Rules Summary # A Type Filter Rules M m n - - ---- --------------------------------------------------------------- - - - 1 Y Gen Off=12, Len=2, Mask=ffff, Value=8863 N F N 2 Y Gen Off=12, Len=2, Mask=ffff, Value=8864...

  • Page 376: Configuring A Filter Rule

    Prestige 653HWI Series User’s Guide Table 34-1 Abbreviations Used in the Filter Rules Summary Menu FIELD DESCRIPTION More. “Y” means there are more rules to check which form a rule chain with the present rule. An action cannot be taken until the rule chain is complete.

  • Page 377: Figure 34-10 Menu 21.1.X.1 Tcp/Ip Filter Rule

    Prestige 653HWI Series User’s Guide There are two types of filter rules: TCP/IP and Generic. Depending on the type of rule, the parameters for each type will be different. Use [SPACE BAR] to select the type of rule that you want to create in the Filter Type field and press [ENTER] to open the respective menu.

  • Page 378: Table 34-3 Menu 21.1.X.1 Tcp/Ip Filter Rule

    Prestige 653HWI Series User’s Guide Table 34-3 Menu 21.1.x.1 TCP/IP Filter Rule FIELD DESCRIPTION EXAMPLE Filter # This is the filter set, filter rule coordinates, for instance, 2, 3 refers to the second filter set and the third filter rule of that set.
  • Page 379 Prestige 653HWI Series User’s Guide Table 34-3 Menu 21.1.x.1 TCP/IP Filter Rule FIELD DESCRIPTION EXAMPLE TCP Estab This applies only when the IP Protocol field is 6, TCP. If Yes, the rule matches packets that want to establish TCP (default) connection(s) (SYN=1 and ACK=0);...

  • Page 380: Figure 34-11 Executing An Ip Filter

    Prestige 653HWI Series User’s Guide Packet into IP Filter Filter Active? Apply SrcAddrMask to Src Addr Check Src Not Matched IP Addr Matched Apply DestAddrMask to Dest Addr Check Dest Not Matched IP Addr Matched Check Not Matched IP Protocol Matched Check Src &...

  • Page 381: Figure 34-12 Menu 21.1.5.1 Generic Filter Rule

    Prestige 653HWI Series User’s Guide 34.5.2 Generic Filter Rule This section shows you how to configure a generic filter rule. The purpose of generic rules is to allow you to filter non-IP packets. For IP, it is generally easier to use the IP rules directly.

  • Page 382: Table 34-4 Menu 21.1.5.1 Generic Filter Rule

    Prestige 653HWI Series User’s Guide Table 34-4 Menu 21.1.5.1 Generic Filter Rule FIELD DESCRIPTION EXAMPLE Filter # This is the filter set, filter rule coordinates, for instance, 2, 3 refers to the second filter set and the third rule of that set.

  • Page 383: Filter Types And Nat

    Prestige 653HWI Series User’s Guide 34.6 Filter Types and NAT There are two classes of filter rules, Generic Filter Device rules and Protocol Filter (TCP/IP) rules. Generic Filter rules act on the raw data from/to LAN and WAN. Protocol Filter rules act on IP packets.

  • Page 384: Figure 34-14 Sample Telnet Filter

    Prestige 653HWI Series User’s Guide Figure 34-14 Sample Telnet Filter Step 1. Enter 1 in the menu 21 to display Menu 21.1 — Filter Set Configuration. Step 2. Enter the index number of the filter set you want to configure (in this case 6) Step 3.

  • Page 385: Figure 34-15 Menu 21.1.6.1 Sample Filter

    Prestige 653HWI Series User’s Guide Step 4. Press [ENTER] at the message Press [ENTER] to confirm or [ESC] to cancel” to open Menu “ 21.1.6 — Filter Rules Summary. Step 5. Type 1 to configure the first filter rule. Make the entries in this menu as shown next.

  • Page 386: Applying Filters And Factory Defaults

    Prestige 653HWI Series User’s Guide Menu 21.1.6 - Filter Rules Summary # A Type Filter Rules M m n - - ---- --------------------------------------------------------------- - - - 1 Y IP Pr=6, SA=0.0.0.0, DA=0.0.0.0, DP=23 N D F Enter Filter Rule Number (1-6) to Configure: 1 This shows you that you have M = N means an action can be taken immediately.

  • Page 387: Figure 34-17 Filtering Ethernet Traffic

    Prestige 653HWI Series User’s Guide Table 34-5 Filter Sets Table FILTER SETS DESCRIPTION Input Filter Sets: Apply filters for incoming traffic. You may apply protocol or device filter rules. See earlier in this chapter for information on filters. Output Filter Sets: Apply filters for traffic leaving the Prestige.

  • Page 388: Figure 34-18 Filtering Remote Node Traffic

    Prestige 653HWI Series User’s Guide Apply filter 6 to block Menu 11.5 - Remote Node Filter Tel, FTP and Web Input Filter Sets: protocol filters= 6 traffic from the WAN. device filters= Output Filter Sets: protocol filters= 2 device filters=...

  • Page 389: Chapter 35 Snmp Configuration

    Prestige 653HWI Series User’s Guide Chapter 35 SNMP Configuration This chapter explains SNMP Configuration menu 22. 35.1 About SNMP Simple Network Management Protocol is a protocol used for exchanging management information between network devices. SNMP is a member of the TCP/IP protocol suite. Your Prestige supports SNMP agent functionality, which allows a manager station to manage and monitor the Prestige through the network.

  • Page 390: Supported Mibs

    Prestige 653HWI Series User’s Guide An agent is a management software module that resides in a managed device (the Prestige). An agent translates the local management information from the managed device into a form compatible with SNMP. The manager is the console through which network administrators perform network management functions.

  • Page 391: Figure 35-2 Menu 22 Snmp Configuration

    Prestige 653HWI Series User’s Guide Menu 22 - SNMP Configuration SNMP: Get Community= public Set Community= public Trusted Host= 0.0.0.0 Trap: Community= public Destination= 0.0.0.0 Press ENTER to Confirm or ESC to Cancel: Figure 35-2 Menu 22 SNMP Configuration The following table describes the SNMP configuration parameters.

  • Page 392: Snmp Traps

    Prestige 653HWI Series User’s Guide 35.4 SNMP Traps The Prestige will send traps to the SNMP manager when any one of the following events occurs: Table 35-2 SNMP Traps TRAP # TRAP NAME DESCRIPTION coldStart (defined in RFC-1215) A trap is sent after booting (power on).

  • Page 393: Chapter 36 System Security

    Prestige 653HWI Series User’s Guide Chapter 36 System Security This chapter describes how to configure the system security on the Prestige. 36.1 System Security You can configure the system password, an external RADIUS server and IEEE802.1x in menu 23. 36.1.1 System Password Enter 23 in the main menu to display Menu 23 –...

  • Page 394: Figure 36-3 Menu 23.2 System Security : Radius Server

    Prestige 653HWI Series User’s Guide Menu 23.2 - System Security - RADIUS Server Authentication Server: Active= No Server Address= 10.11.12.13 Port #= 1812 Shared Secret= ******** Accounting Server: Active= No Server Address= 10.11.12.13 Port #= 1813 Shared Secret= ******** Press ENTER to Confirm or ESC to Cancel: Figure 36-3 Menu 23.2 System Security : RADIUS Server...

  • Page 395: Figure 36-4 Menu 23 System Security

    Prestige 653HWI Series User’s Guide Table 36-1 Menu 23.2 System Security : RADIUS Server FIELD DESCRIPTION EXAMPLE Port The default port of the RADIUS server for accounting is 1813. 1813 You need not change this value unless your network administrator instructs you to do so with additional information.

  • Page 396: Figure 36-5 Menu 23.4 System Security : Ieee802.1X

    Prestige 653HWI Series User’s Guide Menu 23.4 - System Security - IEEE802.1x Wireless Port Control= Authentication Required ReAuthentication Timer (in second)= 1800 Idle Timeout (in second)= 3600 Authentication Databases= Local User Database Only Press ENTER to Confirm or ESC to Cancel: Figure 36-5 Menu 23.4 System Security : IEEE802.1x...

  • Page 397: Creating User Accounts On The Prestige

    Prestige 653HWI Series User’s Guide Table 36-2 Menu 23.4 System Security : IEEE802.1x FIELD DESCRIPTION Authentication This field is activated only when you select Authentication Required in the Wireless Port Control field. Databases The authentication database contains wireless station login information. The local user database is the built-in database on the Prestige.

  • Page 398: Figure 36-6 Menu 14 Dial-In User Setup

    Prestige 653HWI Series User’s Guide Menu 14 - Dial-in User Setup 1. ________ ________ 17. ________ 25. ________ 2. ________ 10. ________ 18. ________ 26. ________ 3. ________ 11. ________ 19. ________ 27. ________ 4. ________ 12. ________ 20. ________ 28.

  • Page 399: Chapter 37 System Information And Diagnosis

    Prestige 653HWI Series User’s Guide Chapter 37 System Information and Diagnosis This chapter covers the information and diagnostic tools in SMT menus 24.1 to 24.4. These tools include updates on system status, port status, log and trace capabilities and upgrades for the system software.

  • Page 400: Figure 37-2 Menu 24.1 System Maintenance: Status

    Prestige 653HWI Series User’s Guide Menu 24.1 - System Maintenance – Status hh:mm:ss Sat. Jan. 01, 2000 Up Time Node-Lnk Status TxPkts RxPkts Errors Tx B/s Rx B/s 1-1483 0:26:20 0:00:00 0:00:00 0:00:00 0:00:00 0:00:00 0:00:00 0:00:00 ISDN-B1 Idle 0:00:00...

  • Page 401: System Information

    Prestige 653HWI Series User’s Guide Table 37-1 Menu 24.1 System Maintenance: Status FIELD DESCRIPTION My WAN IP This is the IP address of the ISP remote node. (from ISP) Ethernet This shows statistics for the LAN. Status This shows the current status of the LAN.

  • Page 402: Figure 37-4 Menu 24.2.1 System Maintenance : Information

    Refers to the routing protocol used. ZyNOS F/W Version Refers to the ZyNOS (ZyXEL Network Operating System) system firmware version. ZyNOS is a registered trademark of ZyXEL Communications Corporation. ADSL Chipset Vendor Displays the vendor of the ADSL chipset and DSL version.

  • Page 403: Log And Trace

    Prestige 653HWI Series User’s Guide Table 37-2 Menu 24.2.1 System Maintenance : Information FIELD DESCRIPTION DHCP This field shows the DHCP setting (None, Relay or Server) of the Prestige. 37.2.2 Console Port Speed You can set up different port speeds for the console port through Menu 24.2.2 – System Maintenance –...

  • Page 404: Figure 37-6 Menu 24.3 System Maintenance: Log And Trace

    Prestige 653HWI Series User’s Guide Menu 24.3 - System Maintenance - Log and Trace 1. View Error Log 2. UNIX Syslog 3. Accounting Server Please enter selection Figure 37-6 Menu 24.3 System Maintenance: Log and Trace Step 3. Enter 1 from Menu 24.3 — System Maintenance — Log and Trace to display the error log in the system.

  • Page 405: Figure 37-8 Menu 24.3.2 System Maintenance : Syslog And Accounting

    Prestige 653HWI Series User’s Guide Menu 24.3.2 - System Maintenance - UNIX Syslog UNIX Syslog: Active= No Syslog IP Address= ? Log Facility= Local 1 Types: CDR= No Packet triggered= No Filter Log= No PPP Log= No Press ENTER to Confirm or ESC to Cancel: Press Space Bar to Toggle.

  • Page 406: Diagnostic

    Prestige 653HWI Series User’s Guide Channel = channel ID within the WAN call = the call reference number which starts from 1 and increments by 1 for each new call str = C01 Outgoing Call dev xx ch xx (dev:device No. ch:channel No.)

  • Page 407: Figure 37-9 Menu 24.4 System Maintenance : Diagnostic

    Prestige 653HWI Series User’s Guide Follow the procedure next to get to Diagnostic: Step 1. From the main menu, type 24 to open Menu 24 – System Maintenance. Step 2. From this menu, type 4. Diagnostic to open Menu 24.4 – System Maintenance – Diagnostic.

  • Page 409: Chapter 38 Firmware And Configuration File Maintenance

    Prestige 653HWI Series User’s Guide Chapter 38 Firmware and Configuration File Maintenance This chapter tells you how to backup and restore your configuration file as well as upload new firmware and configuration files. 38.1 Filename Conventions The configuration file (often called the romfile or rom-0) contains the factory default settings in the menus such as password, DHCP Setup, TCP/IP Setup, etc.

  • Page 410: Backup Configuration

    Prestige 653HWI Series User’s Guide Table 38-1 Filename Conventions FILE TYPE INTERNAL NAME EXTERNAL NAME DESCRIPTION Configuration Rom-0 This is the configuration filename on the *.rom File Prestige. Uploading the rom-0 file replaces the entire ROM file system, including your...

  • Page 411: Figure 38-1 Telnet In Menu 24.5

    Prestige 653HWI Series User’s Guide 38.2.1 Backup Configuration Follow the instructions as shown in the next screen. Menu 24.5 - System Maintenance - Backup Configuration To transfer the configuration file to your workstation, follow the procedure below: 1. Launch the FTP client on your workstation.

  • Page 412: Figure 38-2 Ftp Session Example

    Prestige 653HWI Series User’s Guide 331 Enter PASS command Password: 230 Logged in ftp> bin 200 Type I OK ftp> get rom-0 zyxel.rom 200 Port command okay 150 Opening data connection for STOR ras 226 File received OK ftp: 16384 bytes sent in 1.10Seconds 297.89Kbytes/sec.

  • Page 413: Backup Configuration Using Tftp

    Prestige 653HWI Series User’s Guide 2. You have applied a filter in menu 3.1 (LAN) or in menu 11.5 (WAN) to block Telnet service. 3. The IP address in the Secured Client IP field in menu 24.11 does not match the client IP. If it does not match, the Prestige will disconnect the Telnet session immediately.

  • Page 414: Figure 38-3 Menu 24.5 System Maintenance : Backup Configuration

    Prestige 653HWI Series User’s Guide 38.2.8 GUI-based TFTP Clients The following table describes some of the fields that you may see in GUI-based TFTP clients. Table 38-3 General Commands for GUI-based TFTP Clients COMMAND DESCRIPTION Host Enter the IP address of the Prestige. 192.168.1.1 is the Prestige’s default IP address when shipped.

  • Page 415: Restore Configuration

    Prestige 653HWI Series User’s Guide Step 3. Run the HyperTerminal program by clicking Transfer, then Receive File as shown in the following screen. Type a location for storing the configuration file or click Browse to look for one. Choose the Xmodem protocol.

  • Page 416: Figure 38-7 Telnet Into Menu 24.6

    Prestige 653HWI Series User’s Guide WARNING! DO NOT INTERRUPT THE FILE TRANSFER PROCESS AS THIS MAY PERMANENTLY DAMAGE YOUR PRESTIGE. 38.3.1 Restore Using FTP For details about backup using (T)FTP please refer to earlier sections on FTP and TFTP file upload in this chapter.

  • Page 417: Figure 38-8 Restore Using Ftp Session Example

    Prestige 653HWI Series User’s Guide 38.3.2 Restore Using FTP Session Example ftp> put config.rom rom-0 200 Port command okay 150 Opening data connection for STOR rom-0 226 File received OK 221 Goodbye for writing flash ftp: 16384 bytes sent in 0.06Seconds 273.07Kbytes/sec.

  • Page 418: Uploading Firmware And Configuration Files

    Prestige 653HWI Series User’s Guide Type the configuration file’s location, or click Browse to search for it. Choose the Xmodem protocol. Then click Send. Figure 38-11 Restore Configuration Example Step 4. After a successful restoration you will see the following screen. Press any key to restart the Prestige and return to the SMT menu.

  • Page 419: Figure 38-13 Telnet Into Menu 24.7.1 Upload System Firmware

    Prestige 653HWI Series User’s Guide Menu 24.7.1 - System Maintenance - Upload System Firmware To upload the system firmware, follow the procedure below: 1. Launch the FTP client on your workstation. 2. Type "open" and the IP address of your system. Then type "root" and SMT password as requested.

  • Page 420: Figure 38-15 Ftp Session Example Of Firmware File Upload

    Prestige 653HWI Series User’s Guide 38.4.3 FTP File Upload Command from the DOS Prompt Example Step 1. Launch the FTP client on your computer. Step 2. Enter “open”, followed by a space and the IP address of your Prestige. Step 3.

  • Page 421: Tftp Upload Command Example

    Prestige 653HWI Series User’s Guide To use TFTP, your computer must have both telnet and TFTP clients. To transfer the firmware and the configuration file, follow the procedure shown next. Step 1. Use telnet from your computer to connect to the Prestige and log in. Because TFTP does not have any security checks, the Prestige records the IP address of the telnet client and accepts TFTP requests only from this address.

  • Page 422: Figure 38-16 Menu 24.7.1 As Seen Using The Console Port

    Prestige 653HWI Series User’s Guide 38.4.8 Uploading Firmware File Via Console Port Step 1. Select 1 from Menu 24.7 – System Maintenance – Upload Firmware to display Menu 24.7.1 – System Maintenance – Upload System Firmware, then follow the instructions as shown in the following screen.

  • Page 423: Figure 38-18 Menu 24.7.2 As Seen Using The Console Port

    Prestige 653HWI Series User’s Guide 38.4.10 Uploading Configuration File Via Console Port Step 1. Select 2 from Menu 24.7 – System Maintenance – Upload Firmware to display Menu 24.7.2 – System Maintenance – Upload System Configuration File. Follow the instructions as shown in the next screen.

  • Page 424: Figure 38-19 Example Xmodem Upload

    Prestige 653HWI Series User’s Guide Type the configuration file’s location, or click Browse to search for it. Choose the Xmodem protocol. Then click Send. Figure 38-19 Example Xmodem Upload After the configuration upload process has completed, restart the Prestige by entering “atgo”.

  • Page 425: Chapter 39 System Maintenance

    Prestige 653HWI Series User’s Guide Chapter 39 System Maintenance This chapter leads you through SMT menus 24.8 to 24.10. 39.1 Command Interpreter Mode The Command Interpreter (CI) is a part of the main system firmware. The CI provides much of the same functionality as the SMT, while adding some low-level setup and diagnostic functions.

  • Page 426: Call Control Support

    Prestige 653HWI Series User’s Guide Copyright (c) 1994 - 2003 ZyXEL Communications Corp. 653HWI> ? Valid commands are: exit device ether wlan isdn ipsec bridge hdap radius 8021x Figure 39-2 Valid Commands 39.2 Call Control Support Call Control Support is only applicable when Encapsulation is set to PPPoE in menu 4 or menu 11.1.

  • Page 427: Figure 39-4 Menu 24.9.1 System Maintenance : Budget Management

    Prestige 653HWI Series User’s Guide Menu 24.9.1 - System Maintenance - Budget Management Remote Node Connection Time/Total Budget Elapsed Time/Total Period 1.ChangeMe No Budget No Budget 2.-------- 3.-------- 4.-------- 5.-------- 6.-------- 7.-------- 8.-------- Reset Node (0 to update screen): Figure 39-4 Menu 24.9.1 System Maintenance : Budget Management The total budget is the time limit on the accumulated time for outgoing calls to a remote node.

  • Page 428: Time And Date Setting

    Prestige 653HWI Series User’s Guide 39.3 Time and Date Setting The Prestige keeps track of the time and date. There is also a software mechanism to set the time manually or get the current time and date from an external server when you turn on your Prestige. Menu 24.10 allows you to update the time and date settings of your Prestige.

  • Page 429: Table 39-2 Menu 24.10 System Maintenance: Time And Date Setting

    Prestige 653HWI Series User’s Guide Table 39-2 Menu 24.10 System Maintenance: Time and Date Setting FIELD DESCRIPTION Use Time Server Enter the time service protocol that your time server sends when you turn on the when Bootup Prestige. Not all time servers support all protocols, so you may have to check with your ISP/network administrator or use trial and error to find a protocol that works.

  • Page 431: Chapter 40 Remote Management

    Prestige 653HWI Series User’s Guide Chapter 40 Remote Management This chapter covers remote management (SMT menu 24.11). 40.1 Remote Management Overview Remote management allows you to determine which services/protocols can access which Prestige interface (if any) from which computers. When you configure remote management to allow management from the WAN, you still need to configure a firewall rule to allow access.

  • Page 432: Figure 5-2 Lan

    Prestige 653HWI Series User’s Guide Menu 24.11 - Remote Management Control TELNET Server: Server Port = 23 Server Access = LAN only Secured Client IP = 0.0.0.0 FTP Server: Server Port = 21 Server Access = LAN only Secured Client IP = 0.0.0.0...

  • Page 433: Remote Management And Nat

    Prestige 653HWI Series User’s Guide 1. A filter in menu 3.1 (LAN) or in menu 11.5 (WAN) is applied to block a Telnet, FTP or Web service. 2. You have disabled that service in menu 24.11. 3. The IP address in the Secured Client IP field (menu 24.11) does not match the client IP address.

  • Page 435: Chapter 41 Ip Policy Routing

    Prestige 653HWI Series User’s Guide Chapter 41 IP Policy Routing This chapter covers setting and applying policies used for IP routing. 41.1 IP Policy Routing Overview Traditionally, routing is based on the destination address only and the IAD takes the shortest path to forward a packet.

  • Page 436: Ip Routing Policy Setup

    Prestige 653HWI Series User’s Guide IPPR follows the existing packet filtering facility of RAS in style and in implementation. The policies are divided into sets, where related policies are grouped together. A user defines the policies before applying them to an interface or a remote node, in the same fashion as the filters. There are 12 policy sets with six policies in each set.

  • Page 437: Figure 41-2 Menu 25.1 Ip Routing Policy Setup

    Prestige 653HWI Series User’s Guide Menu 25.1 - IP Routing Policy Setup Criteria/Action - - -------------------------------------------------------------------------- 1 Y SA=1.1.1.1-1.1.1.1,DA=2.2.2.2-2.2.2.5 SP=20-25,DP=20-25,P=6,T=NM,PR=0 |GW=192.168.1.1,T=MT,PR=0 2 N __________________________________________________________________________ __________________________________________________________________________ 3 N __________________________________________________________________________ __________________________________________________________________________ 4 N __________________________________________________________________________ __________________________________________________________________________ 5 N __________________________________________________________________________ __________________________________________________________________________ 6 N __________________________________________________________________________...

  • Page 438: Figure 41-3 Menu 25.1.1 Ip Routing Policy

    Prestige 653HWI Series User’s Guide Type a number from 1 to 6 to display Menu 25.1.1 – IP Routing Policy (see the next figure). This menu allows you to configure a policy rule. Menu 25.1.1 - IP Routing Policy Policy Set Name= test...

  • Page 439: Applying An Ip Policy

    Prestige 653HWI Series User’s Guide Table 41-2 Menu 25.1.1 IP Routing Policy FIELD DESCRIPTION Len Comp Press [SPACE BAR] and then [ENTER] to choose from Equal, Not Equal, Less, Greater, Less or Equal or Greater or Equal. Source: addr start / end Source IP address range from start to end.

  • Page 440: Figure 41-4 Menu 3.2 Tcp/Ip And Dhcp Ethernet Setup

    Prestige 653HWI Series User’s Guide Menu 3.2 - TCP/IP and DHCP Ethernet Setup DHCP Setup: DHCP= None Client IP Pool Starting Address= N/A Size of Client IP Pool= N/A Primary DNS Server= N/A Secondary DNS Server= N/A Remote DHCP Server= N/A...

  • Page 441: Ip Policy Routing Example

    Prestige 653HWI Series User’s Guide 41.6 IP Policy Routing Example If a network has both Internet and remote node connections, you can route Web packets to the Internet using one policy and route FTP packets to a remote network using another policy. See the next figure.

  • Page 442: Figure 41-7 Ip Routing Policy Example

    Prestige 653HWI Series User’s Guide Menu 25.1.1 - IP Routing Policy Policy Set Name= set1 Active= Yes Criteria: IP Protocol Type of Service= Don't Care Packet length= 10 Precedence = Don't Care Len Comp= N/A Source: addr start= 192.168.1.2 end= 192.168.1.64...

  • Page 443: Figure 41-8 Ip Routing Policy Example

    Prestige 653HWI Series User’s Guide Menu 25.1.1 - IP Routing Policy Policy Set Name= set2 Active= Yes Criteria: IP Protocol Type of Service= Don't Care Packet length= 10 Precedence = Don't Care Len Comp= N/A Source: addr start= 0.0.0.0 end= N/A...

  • Page 445: Chapter 42 Call Scheduling

    Prestige 653HWI Series User’s Guide Chapter 42 Call Scheduling Call scheduling (applicable for PPPoA or PPPoE encapsulation only) allows you to dictate when a remote node should be called and for how long. 42.1 Introduction The call scheduling feature allows the Prestige to manage a remote node and dictate when a remote node should be called and for how long.

  • Page 446: Figure 42-2 Menu 26.1 Schedule Set Setup

    Prestige 653HWI Series User’s Guide To delete a schedule set, enter the set number and press [SPACE BAR] and then [ENTER] (or delete) in the Edit Name field. To setup a schedule set, select the schedule set you want to setup from menu 26 (1-12) and press [ENTER] to see Menu 26.1 —...
  • Page 447 Prestige 653HWI Series User’s Guide Table 42-1 Menu 26.1 Schedule Set Setup FIELD DESCRIPTION EXAMPLE Should this schedule set recur weekly or be used just once Once Often only? Press the [SPACE BAR] and then [ENTER] to select Once or Weekly. Both these options are mutually exclusive.

  • Page 448: Figure 42-3 Applying Schedule Set(S) To A Remote Node (Pppoe)

    Prestige 653HWI Series User’s Guide Menu 11.1 - Remote Node Profile Rem Node Name= ChangeMe Route= IP Active= Yes Bridge= No Encapsulation= PPPoE Edit IP/Bridge= No Multiplexing=VC-based Edit ATM Options= No Service Name= Telco Option: Incoming Allocated Budget(min)= 0 Rem Login=...

  • Page 449: Smt Vpn/Ipsec And Internal Sptgen

    SMT VPN/IPSec and Internal SPTGEN Part XI: SMT VPN/IPSec and Internal SPTGEN This part provides information about configuring VPN/IPSec for secure communications and Internal SPTGEN for configuration of multiple Prestiges. See the web configurator parts of this guide for background information on features configurable by web configurator and SMT.

  • Page 451: Chapter 43 Vpn/Ipsec Setup

    Prestige 653HWI Series User’s Guide Chapter 43 VPN/IPSec Setup This chapter introduces the VPN SMT menus. 43.1 VPN/IPSec Overview The VPN/IPSec main SMT menu has these main submenus: 1. Define VPN policies in menu 27.1 submenus, including security policies, endpoint IP addresses, peer IPSec router IP address and key management.

  • Page 452: Ipsec Summary Screen

    Prestige 653HWI Series User’s Guide Menu 27 - VPN/IPSec Setup 1. IPSec Summary 2. SA Monitor Enter Menu Selection Number: Figure 43-2 Menu 27 VPN/IPSec Setup 43.2 IPSec Summary Screen Type 1 in menu 27 and then press [ENTER] to display Menu 27.1 IPSec Summary. This is a summary read-only menu of your IPSec rules (tunnels).
  • Page 453 Prestige 653HWI Series User’s Guide Table 43-1 Menu 27.1 IPSec Summary FIELD DESCRIPTION EXAMPLE Name This field displays the unique identification name for this VPN rule. The Taiwan name may be up to 32 characters long but only 10 characters will be displayed here.
  • Page 454 Prestige 653HWI Series User’s Guide Table 43-1 Menu 27.1 IPSec Summary FIELD DESCRIPTION EXAMPLE Key Mgt This field displays the SA’s type of key management, (IKE or Manual). Remote When the Addr Type field in Menu 27.1.1 IPSec Setup is configured to 172.16.2.40...

  • Page 455: Ipsec Setup

    Prestige 653HWI Series User’s Guide Table 43-1 Menu 27.1 IPSec Summary FIELD DESCRIPTION EXAMPLE Select Press [SPACE BAR] to choose from None, Edit, Delete, Go To Rule, None Command Next Page or Previous Page and then press [ENTER]. You must select a rule in the next field when you choose the Edit, Delete or Go To commands.

  • Page 456: Figure 43-4 Menu 27.1.1 Ipsec Setup

    Prestige 653HWI Series User’s Guide Menu 27.1.1 – IPSec Setup Index= 1 Name= Taiwan Active= Yes Keep Alive= No Local ID type Content: My IP Addr= 0.0.0.0 Peer ID type Content: Secure Gateway Address= zw50test.zyxel.com.tw Protocol= 0 Local: Addr Type= SINGLE IP Addr Start= 1.1.1.1...
  • Page 457 Prestige 653HWI Series User’s Guide Table 43-2 Menu 27.1.1 IPSec Setup FIELD DESCRIPTION EXAMPLE Content When you select IP in the Local ID Type field, type the IP address of your computer or leave the field blank to have the Prestige automatically use its own IP address.
  • Page 458 Prestige 653HWI Series User’s Guide Table 43-2 Menu 27.1.1 IPSec Setup FIELD DESCRIPTION EXAMPLE Secure Type the IP address or the domain name (up to 31 characters) of the Zw50test.com. Gateway IPSec router with which you’re making the VPN connection.
  • Page 459 Prestige 653HWI Series User’s Guide Table 43-2 Menu 27.1.1 IPSec Setup FIELD DESCRIPTION EXAMPLE End Enter a port number in this field to define a port range. This port number must be greater than that specified in the previous field. This field is N/A when 0 is configured in the Port Start field.

  • Page 460: Ike Setup

    Prestige 653HWI Series User’s Guide Table 43-2 Menu 27.1.1 IPSec Setup FIELD DESCRIPTION EXAMPLE Port Start 0 is the default and signifies any port. Type a port number from 0 to 65535. Someone behind the remote IPSec router cannot create a VPN tunnel when attempting to connect using a port number that does not match this port number or range of port numbers.

  • Page 461: Ike Setup

    Prestige 653HWI Series User’s Guide Menu 27.1.1.1 - IKE Setup Phase 1 Negotiation Mode= Main Pre-Shared Key= Encryption Algorithm = DES Authentication Algorithm = SHA1 SA Life Time (Seconds)= 28800 Key Group= DH1 Phase 2 Active Protocol = ESP Encryption Algorithm...

  • Page 462: Table 43-3 Menu 27.1.1.1 Ike Setup

    Prestige 653HWI Series User’s Guide Table 43-3 Menu 27.1.1.1 IKE Setup FIELD DESCRIPTION EXAMPLE Encryption When DES is used for data communications, both sender and receiver must Algorithm know the same secret key, which can be used to encrypt and decrypt the message or to generate and verify a message authentication code.

  • Page 463: Manual Setup

    Prestige 653HWI Series User’s Guide Table 43-3 Menu 27.1.1.1 IKE Setup FIELD DESCRIPTION EXAMPLE Perfect Perfect Forward Secrecy (PFS) is disabled (None) by default in phase 2 None Forward IPSec SA setup. This allows faster IPSec setup, but is not so secure. Press Secrecy (PFS) [SPACE BAR] and choose from DH1 or DH2 to enable PFS.

  • Page 464: Figure 43-6 Menu 27.1.1.2 Manual Setup

    Prestige 653HWI Series User’s Guide Menu 27.1.1.2 – Manual Setup Active Protocol= ESP Tunnel ESP Setup SPI= Encryption Algorithm= DES Key1= Key2= N/A Key3= N/A Authentication Algorithm= MD5 Key= N/A AH Setup SPI (Decimal)= N/A Authentication Algorithm= N/A Key= Press ENTER to Confirm or ESC to Cancel: Figure 43-6 Menu 27.1.1.2 Manual Setup...
  • Page 465 Prestige 653HWI Series User’s Guide Table 43-5 Menu 27.1.1.2 Manual Setup FIELD DESCRIPTION EXAMPLE Key3 Enter a unique eight-character key. It can be comprised of any character including spaces (but trailing spaces are truncated). Authentication Press [SPACE BAR] to choose from MD5 or SHA1 and then press [ENTER].

  • Page 467: Chapter 44 Sa Monitor

    Prestige 653HWI Series User’s Guide Chapter 44 SA Monitor This chapter teaches you how to manage your SAs by using the SA Monitor in SMT menu 27.2. 44.1 SA Monitor Overview A Security Association (SA) is the group of security settings related to a specific VPN tunnel. This menu (shown next) displays active VPN connections.

  • Page 468: Table 44-1 Menu 27.2 Sa Monitor

    Prestige 653HWI Series User’s Guide The following table describes the fields in this menu. Table 44-1 Menu 27.2 SA Monitor FIELD DESCRIPTION EXAMPLE This is the security association index number. Name This field displays the identification name for this VPN policy. This name is...

  • Page 469: Chapter 45 Internal Sptgen

    Prestige 653HWI Series User’s Guide Chapter 45 Internal SPTGEN 45.1 Internal SPTGEN Overview Internal SPTGEN (System Parameter Table Generator) is a configuration text file useful for efficient configuration of multiple Prestiges. Internal SPTGEN lets you configure, save and upload multiple menus at the same time using just one configuration text file –...

  • Page 470: Figure 45-1 Configuration Text File Format: Column Descriptions

    Prestige 653HWI Series User’s Guide This is the name of This is the Field Name column. One “=” sign, followed by one the menu. This is the name of the field as seen in space, must precede the corresponding SMT screen.

  • Page 471: Internal Sptgen Ftp Download Example

    Prestige 653HWI Series User’s Guide field value is not legal error:-1 ROM-t is not saved, error Line ID:10000000 reboot to get the original configuration Bootbase Version: V2.02 | 2/22/2001 13:33:11 RAM: Size = 8192 Kbytes FLASH: Intel 8M *2 Figure 45-2 Invalid Parameter Entered: Command Line Example The Prestige will display the following if you enter parameter(s) that are valid.

  • Page 472: Internal Sptgen Ftp Upload Example

    Prestige 653HWI Series User’s Guide You can rename your “rom-t” file when you save it to your computer but it must be named “rom-t” when you upload it to your Prestige. 45.4 Internal SPTGEN FTP Upload Example c:\ftp 192.168.1.1 220 PPP FTP version 1.0 ready at Sat Jan 1 03:22:12 1.

  • Page 473: Appendices And Index

    Appendices and Index Part XII: Appendices and Index This part contains additional background information and an index or key terms.

  • Page 475: Appendix A Troubleshooting

    Prestige 653HWI Series User’s Guide Appendix A Troubleshooting This chapter covers potential problems and the corresponding remedies. Problems Starting Up the Prestige Chart A-1 Troubleshooting the Start-Up of Your Prestige PROBLEM CORRECTIVE ACTION None of the Make sure that the Prestige’s power adaptor is connected to the Prestige and plugged in to LEDs turn on an appropriate power source.

  • Page 476: Chart A-3 Troubleshooting The Dsl Led

    Prestige 653HWI Series User’s Guide Chart A-3 Troubleshooting the DSL LED PROBLEM CORRECTIVE ACTION The xDSL LED is off. Check the telephone wire and connections between the Prestige DSL port and the wall jack. Make sure that the telephone company has checked your phone line and set it up for DSL service.

  • Page 477: Chart A-5 Troubleshooting The Wan Interface

    Prestige 653HWI Series User’s Guide Problems with the WAN Interface Chart A-5 Troubleshooting the WAN Interface PROBLEM CORRECTIVE ACTION I cannot get a WAN The ISP provides the WAN IP address after authenticating you. Authentication may IP address from the be through the user name and password, the MAC address or the host name.

  • Page 478: Chart A-7 Troubleshooting The Password

    Prestige 653HWI Series User’s Guide Problems with the Password Chart A-7 Troubleshooting the Password PROBLEM CORRECTIVE ACTION I cannot access the The username is “admin”. The default password is “1234”. The Password and Prestige. Username fields are case-sensitive. Make sure that you enter the correct password and username using the proper casing.

  • Page 479: Chart A-9 Troubleshooting Remote Management

    Prestige 653HWI Series User’s Guide Problems with Remote Management Chart A-9 Troubleshooting Remote Management PROBLEM CORRECTIVE ACTION I cannot remotely Refer to the Remote Management Limitations section in the Firmware and manage the Configuration File Management chapter (SMT) for scenarios when remote Prestige from the management may not be possible.

  • Page 481: Chart B-1 Classes Of Ip Addresses

    Prestige 653HWI Series User’s Guide Appendix B IP Subnetting IP Addressing Routers “route” based on the network number. The router that delivers the data packet to the correct destination host uses the host ID. IP Classes An IP address is made up of four octets (eight bits), written in dotted decimal notation, for example, 192.168.1.1.

  • Page 482: Appendix B Ip Subnetting

    Prestige 653HWI Series User’s Guide Since the first octet of a class “A” IP address must contain a “0”, the first octet of a class “A” address can have a value of 0 to 127. Similarly the first octet of a class “B” must begin with “10”, therefore the first octet of a class “B” address has a valid range of 128 to 191.

  • Page 483: Chart B-4 Alternative Subnet Mask Notation

    Prestige 653HWI Series User’s Guide Since the mask is always a continuous number of ones beginning from the left, followed by a continuous number of zeros for the remainder of the 32 bit mask, you can simply specify the number of ones instead of writing the value of each octet.

  • Page 484: Chart B-5 Subnet 1

    Prestige 653HWI Series User’s Guide In the following charts, shaded/bolded last octet bit values indicate host ID bits “borrowed” to form network ID bits. The number of “borrowed” host ID bits determines the number of subnets you can have. The remaining number of host ID bits (after “borrowing”) determines the number of hosts you can have on each...

  • Page 485: Chart B-7 Subnet 1

    Prestige 653HWI Series User’s Guide The above example illustrated using a 25-bit subnet mask to divide a class “C” address space into two subnets. Similarly to divide a class “C” address into four subnets, you need to “borrow” two host ID bits to give four possible combinations of 00, 01, 10 and 11.

  • Page 486: Chart B-11 Eight Subnets

    Prestige 653HWI Series User’s Guide IP Address 192.168.1. IP Address (Binary) 11000000.10101000.00000001. 11000000 Subnet Mask (Binary) 11111111.11111111.11111111. 11000000 Subnet Address: 192.168.1.192 Lowest Host ID: 192.168.1.193 Broadcast Address: 192.168.1.255 Highest Host ID: 192.168.1.254 Example Eight Subnets Similarly use a 27-bit mask to create 8 subnets (001, 010, 011, 100, 101, 110).

  • Page 487: Chart B-13 Class B Subnet Planning

    Prestige 653HWI Series User’s Guide 255.255.255.252 (/30) 255.255.255.254 (/31) Subnetting With Class A and Class B Networks. For class “A” and class “B” addresses the subnet mask also determines which bits are part of the network number and which are part of the host ID.
  • Page 488 Prestige 653HWI Series User’s Guide Chart B-13 Class B Subnet Planning NO. “BORROWED” HOST BITS SUBNET MASK NO. SUBNETS NO. HOSTS PER SUBNET 255.255.255.252 16384 (/30) 255.255.255.254 32768 (/31) IP Subnetting...
  • Page 489 Prestige 653HWI Series User’s Guide Appendix C Wireless LAN and IEEE 802.11 A wireless LAN (WLAN) provides a flexible data communications system that you can use to access various services (navigating the Internet, email, printer services, etc.) without the any expensive network-cabling infrastructure.

  • Page 490: Infrastructure Wireless Lan Configuration

    Prestige 653HWI Series User’s Guide Ad-hoc Wireless LAN Configuration The simplest WLAN configuration is an independent (Ad-hoc) WLAN that connects a set of computers with wireless nodes or stations (STA), which is called a Basic Service Set (BSS). In the most basic form, a wireless LAN connects a set of computers with wireless adapters.
  • Page 491 Prestige 653HWI Series User’s Guide Diagram C-2 ESS Provides Campus-Wide Coverage Wireless LAN and IEEE 802.11...

  • Page 493: Appendix D Antenna Selection And Positioning Recommendation

    Prestige 653HWI Series User’s Guide Appendix D Antenna Selection and Positioning Recommendation An antenna couples RF signals onto air. A transmitter within a wireless device sends an RF signal to the antenna, which propagates the signal through the air. The antenna also operates in reverse by capturing RF signals from the air.

  • Page 494: Positioning Antennas

    Prestige 653HWI Series User’s Guide • Directional antennas concentrate the RF signal in a beam, like a flashlight. The angle of the beam width determines the direction of the coverage pattern; typically ranges from 20 degrees (less directional) to 90 degrees (very directional). The directional antennas are ideal for hallways and outdoor point-to-point applications.

  • Page 495: Appendix Epppoe

    Prestige 653HWI Series User’s Guide Appendix E PPPoE PPPoE in Action An ADSL modem bridges a PPP session over Ethernet (PPP over Ethernet, RFC 2516) from your PC to an ATM PVC (Permanent Virtual Circuit) that connects to a xDSL Access Concentrator where the PPP session terminates (see the next figure).
  • Page 496 Prestige 653HWI Series User’s Guide Diagram E-1 Single-PC per Router Hardware Configuration How PPPoE Works The PPPoE driver makes the Ethernet appear as a serial link to the PC and the PC runs PPP over it, while the modem bridges the Ethernet frames to the Access Concentrator (AC). Between the AC and an ISP, the AC is acting as a L2TP (Layer 2 Tunneling Protocol) LAC (L2TP Access Concentrator) and tunnels the PPP frames to the ISP.
  • Page 497 Prestige 653HWI Series User’s Guide Diagram E-2 Prestige as a PPPoE Client PPPoE...

  • Page 499: Appendix F Virtual Circuit Topology

    Prestige 653HWI Series User’s Guide Appendix F Virtual Circuit Topology ATM is a connection-oriented technology, meaning that it sets up virtual circuits over which end systems communicate. The terminology for virtual circuits is as follows: • Virtual Channel Logical connections between ATM switches •...

  • Page 501: Appendix G Power Adaptor Specifications

    Prestige 653HWI Series User’s Guide Appendix G Power Adaptor Specifications Prestige 653 HWI NORTH AMERICAN PLUG STANDARDS AC Power Adapter Model DV-1215A Input Power AC120Volts/60Hz/30W Output Power AC16Volts/1.25A Power Consumption 14 W Safety Standards UL, CUL, CSA (UL 1310, CSA C22.2 No.223)
  • Page 502 Prestige 653HWI Series User’s Guide Power Consumption Safety Standards ITS-GS, CE (EN 60950) Power Adaptor Specifications...

  • Page 503: Appendix H Example Internal Sptgen Screens

    Prestige 653HWI Series User’s Guide Appendix H Example Internal SPTGEN Screens This appendix covers Prestige Internal SPTGEN screens. Abbreviations Used in the Example Internal SPTGEN Screens Table ABBREVIATION MEANING Field Identification Number (not seen in SMT screens) Field Name Parameter Values Allowed...
  • Page 504 Prestige 653HWI Series User’s Guide / MENU 3.1 GENERAL ETHERNET SETUP (SMT MENU 3.1) INPUT 30100001 = Input Protocol filters Set 1 30100002 = Input Protocol filters Set 2 = 256 30100003 = Input Protocol filters Set 3 = 256...
  • Page 505 Prestige 653HWI Series User’s Guide 30200008 = IP Address = 172.21.2.200 30200009 = IP Subnet Mask = 16 This 30200010 = RIP Direction <0(None) | 1(Both) | value 2(In Only) | 3(Out must be Only)> between 0-32. 30200011 = Version <0(Rip-1) | 1(Rip-2B)
  • Page 506 Prestige 653HWI Series User’s Guide 30201010 = IP Alias #1 Outgoing protocol filters = 256 Set 1 30201011 = IP Alias #1 Outgoing protocol filters = 256 Set 2 30201012 = IP Alias #1 Outgoing protocol filters = 256 Set 3...
  • Page 507 Prestige 653HWI Series User’s Guide 30500002 = Hide ESSID <0(No) | 1(Yes)> 30500003 = Channel ID <1|2|3|4|5|6|7|8|9|10| 11|12|13> 30500004 = RTS Threshold <0 ~ 2432> = 2432 30500005 = FRAG. Threshold <256 ~ 2432> = 2432 30500006 = <0(DISABLE) | 1(64- bit WEP) | 2(128-bit WEP)>...
  • Page 508 Prestige 653HWI Series User’s Guide 40000005 = Multiplexing <1(LLC-based) | This 2(VC-based) value 40000006 = VPI # must be between 40000007 = VCI # = 35 0-32. 40000008 = Service Name <Str> = any This value 40000009 = My Login <Str>...
  • Page 509 Prestige 653HWI Series User’s Guide 40000031= RIP Direction <0(None) | 1(Both) | 2(In Only) | 3(Out Only)> 40000032= RIP Version <0(Rip-1) | 1(Rip-2B) |2(Rip-2M)> 40000033= Nailed-up Connection <0(No) |1(Yes)> / MENU 12.1.1 IP STATIC ROUTE SETUP (SMT MENU 12.1.1) INPUT...
  • Page 510 Prestige 653HWI Series User’s Guide 120103002 = IP Static Route set #3, Active <0(No) |1(Yes)> 120103003 = IP Static Route set #3, Destination IP = 0.0.0.0 address 120103004 = IP Static Route set #3, Destination IP subnetmask 120103005 = IP Static Route set #3, Gateway = 0.0.0.0...
  • Page 511 Prestige 653HWI Series User’s Guide / MENU 12.1.6 IP STATIC ROUTE SETUP (SMT MENU 12.1.6) INPUT 120106001 = IP Static Route set #6, Name <Str> 120106002 = IP Static Route set #6, Active <0(No) |1(Yes)> 120106003 = IP Static Route set #6, Destination IP = 0.0.0.0...
  • Page 512 Prestige 653HWI Series User’s Guide 120108005 = IP Static Route set #8, Gateway = 0.0.0.0 120108006 = IP Static Route set #8, Metric 120108007 = IP Static Route set #8, Private <0(No) |1(Yes)> / MENU 12.1.9 IP STATIC ROUTE SETUP (SMT MENU 12.1.9)
  • Page 513 Prestige 653HWI Series User’s Guide 120111003 = IP Static Route set #11, Destination = 0.0.0.0 IP address 120111004 = IP Static Route set #11, Destination IP subnetmask 120111005 = IP Static Route set #11, Gateway = 0.0.0.0 120111006 = IP Static Route set #11, Metric...
  • Page 514 Prestige 653HWI Series User’s Guide INPUT 120114001 = IP Static Route set #14, Name <Str> 120114002 = IP Static Route set #14, Active <0(No) |1(Yes)> 120114003 = IP Static Route set #14, Destination = 0.0.0.0 IP address 120114004 = IP Static Route set #14, Destination...
  • Page 515 Prestige 653HWI Series User’s Guide 120116006 = IP Static Route set #16, Metric 120116007 = IP Static Route set #16, Private <0(No) |1(Yes)> / MENU 15 SUA SERVER SETUP (SMT MENU 15) INPUT 150000001 = SUA Server IP address for default = 0.0.0.0...
  • Page 516 Prestige 653HWI Series User’s Guide 150000021 = SUA Server #5 Local IP address = 0.0.0.0 150000022 = SUA Server #6 Active <0(No) | 1(Yes)> = 0 150000023 = SUA Server #6 Protocol <0(All)|6(TCP)|17(U DP)> 150000024 = SUA Server #6 Port Start...
  • Page 517 Prestige 653HWI Series User’s Guide 150000046 = SUA Server #10 Local IP address = 0.0.0.0 150000047 = SUA Server #11 Active <0(No) | 1(Yes)> 150000048 = SUA Server #11 Protocol <0(All)|6(TCP)|17(U DP)> 150000049 = SUA Server #11 Port Start 150000050 =...
  • Page 518 Prestige 653HWI Series User’s Guide 210101009 = IP Filter Set 1,Rule 1 Src Subnet Mask 210101010 = IP Filter Set 1,Rule 1 Src Port 210101011 = IP Filter Set 1,Rule 1 Src Port Comp <0(none)|1(equal)|2( equal)|3(less)|4(great er)> 210101013 = IP Filter Set 1,Rule 1 Act Match <1(check...
  • Page 519 Prestige 653HWI Series User’s Guide 210102013 = IP Filter Set 1,Rule 2 Act Match <1(check next)|2(forward)|3(dr op)> 210102014 = IP Filter Set 1,Rule 2 Act Not Match <1(check next)|2(forward)|3(dr op)> / MENU 21.1.1.3 SET #1, RULE #3 (SMT MENU 21.1.1.3)
  • Page 520 Prestige 653HWI Series User’s Guide INPUT 210104001 = IP Filter Set 1,Rule 4 Type <2(TCP/IP)> 210104002 = IP Filter Set 1,Rule 4 Active <0(No)|1(Yes)> 210104003 = IP Filter Set 1,Rule 4 Protocol = 17 210104004 = IP Filter Set 1,Rule 4 Dest IP address = 0.0.0.0...
  • Page 521 Prestige 653HWI Series User’s Guide 210105006 = IP Filter Set 1,Rule 5 Dest Port = 138 210105007 = IP Filter Set 1,Rule 5 Dest Port Comp <0(none)|1(equal)|2( equal)|3(less)|4(great er)> 210105008 = IP Filter Set 1,Rule 5 Src IP Address = 0.0.0.0...
  • Page 522 Prestige 653HWI Series User’s Guide 210106010 = IP Filter Set 1,Rule 6 Src Port 210106011 = IP Filter Set 1,Rule 6 Src Port Comp <0(none)|1(equal)|2( equal)|3(less)|4(great er)> 210106013 = IP Filter Set 1,Rule 6 Act Match <1(check next)|2(forward)|3(dr op)> 210106014 = IP Filter Set 1,Rule 6 Act Not Match <1(check...
  • Page 523 Prestige 653HWI Series User’s Guide 210201011 = IP Filter Set 2, Rule 1 Src Port Comp <0(none)|1(equal)|2( equal)|3(less)|4(great er)> 210201013 = IP Filter Set 2, Rule 1 Act Match <1(check next)|2(forward)|3(dr op)> 210201014 = IP Filter Set 2, Rule 1 Act Not Match <1(check...
  • Page 524 Prestige 653HWI Series User’s Guide 210202014 = IP Filter Set 2, Rule 2 Act Not Match <1(check next)|2(forward)|3(dr op)> / MENU 21.1.2.3 FILTER SET #2, RULE #3 (SMT MENU 21.1.2.3) INPUT 210203001 = IP Filter Set 2, Rule 3 Type <0(none)|2(TCP/IP)>...
  • Page 525 Prestige 653HWI Series User’s Guide 210204002 = IP Filter Set 2, Rule 4 Active <0(No)|1(Yes)> = 1 210204003 = IP Filter Set 2, Rule 4 Protocol = 17 210204004 = IP Filter Set 2, Rule 4 Dest IP = 0.0.0.0...
  • Page 526 Prestige 653HWI Series User’s Guide 210205006 = IP Filter Set 2, Rule 5 Dest Port = 138 210205007 = IP Filter Set 2, Rule 5 Dest Port <0(none)|1(equal)|2( Comp equal)|3(less)|4(great er)> 210205008 = IP Filter Set 2, Rule 5 Src IP address = 0.0.0.0...
  • Page 527 Prestige 653HWI Series User’s Guide 210206009 = IP Filter Set 2, Rule 6 Src Subnet Mask 210206010 = IP Filter Set 2, Rule 6 Src Port 210206011 = IP Filter Set 2, Rule 6 Src Port Comp <0(none)|1(equal)|2( equal)|3(less)|4(great er)>...

  • Page 528: Command Examples

    Prestige 653HWI Series User’s Guide 230400003 = Idle Timeout (in second) = 999 230400004 = Authentication Databases <0(Local User Database Only) |1(RADIUS Only) |2(Local,RADIUS) |3(RADIUS,Local)> / MENU 24.11 REMOTE MANAGEMENT CONTROL (SMT MENU 24.11) INPUT These 241100001 = TELNET Server Port...

  • Page 529: Appendix I Setting Up Your Computer's Ip Address

    Prestige 653HWI Series User’s Guide Appendix I Setting up Your Computer’s IP Address All computers must have a 10M or 100M Ethernet adapter card and TCP/IP installed. Windows 95/98/Me/NT/2000/XP, Macintosh OS 7 and later operating systems and all versions of UNIX/LINUX include the software components you need to install and use TCP/IP on your computer.

  • Page 530: Installing Components

    Prestige 653HWI Series User’s Guide Installing Components The Network window Configuration tab displays a list of installed components. You need a network adapter, the TCP/IP protocol and Client for Microsoft Networks. If you need the adapter: In the Network window, click Add.
  • Page 531 Prestige 653HWI Series User’s Guide Click the IP Address tab. -If your IP address is dynamic, select Obtain an IP address automatically. -If you have a static IP address, select Specify an IP address and type your information into the IP Address and Subnet Mask fields.

  • Page 532: Verifying Settings

    Prestige 653HWI Series User’s Guide Click the Gateway tab. -If you do not know your gateway’s IP address, remove previously installed gateways. -If you have a gateway IP address, type it in the New gateway field and click Add. Click OK to save and close the TCP/IP Properties window.
  • Page 533 Prestige 653HWI Series User’s Guide Windows 2000/NT/XP For Windows XP, click start, Control Panel. In Windows 2000/NT, click Start, Settings, Control Panel. For Windows XP, click Network Right-click Local Area Connection and Connections. For Windows 2000/NT, click then click Properties.
  • Page 534 Prestige 653HWI Series User’s Guide Select Internet Protocol (TCP/IP) (under the General tab in Win XP) and click Properties. The Internet Protocol TCP/IP Properties window opens (the General tab in Windows XP). -If you have a dynamic IP address click Obtain an IP address automatically.
  • Page 535 Prestige 653HWI Series User’s Guide -If you do not know your gateway's IP address, remove any previously installed gateways in the IP Settings tab and click OK. Do one or more of the following if you want to configure additional IP addresses: -In the IP Settings tab, in IP addresses, click Add.
  • Page 536 Prestige 653HWI Series User’s Guide In the Internet Protocol TCP/IP Properties window (the General tab in Windows XP): -Click Obtain DNS server address automatically if you do not know your DNS server IP address(es). -If you know your DNS server IP address(es),...
  • Page 537 Prestige 653HWI Series User’s Guide Macintosh OS 8/9 Click the Apple menu, Control Panel and double-click TCP/IP to open the TCP/IP Control Panel. Select Ethernet built-in from the Connect via list. Setting up Your Computer’s IP Address...
  • Page 538 Prestige 653HWI Series User’s Guide For dynamically assigned settings, select Using DHCP Server from the Configure: list. For statically assigned settings, do the following: -From the Configure box, select Manually. -Type your IP address in the IP Address box. -Type your subnet mask in the Subnet mask box.
  • Page 539 Prestige 653HWI Series User’s Guide Click Network in the icon bar. - Select Automatic from the Location list. - Select Built-in Ethernet from the Show list. - Click the TCP/IP tab. For dynamically assigned settings, select Using DHCP from the Configure list.

  • Page 541: Appendix J Splitters And Microfilters

    Prestige 653HWI Series User’s Guide Appendix J Splitters and Microfilters This appendix tells you how to install a POTS splitter or a telephone microfilter. Connecting a POTS Splitter When you use the Full Rate (G.dmt) ADSL standard, you can use a POTS (Plain Old Telephone Service) splitter to separate the telephone and ADSL signals.
  • Page 542 Prestige 653HWI Series User’s Guide Step 1. Connect a phone cable from the wall jack to the single jack end of the Y- Connector. Step 2. Connect a cable from the double jack end of the Y-Connector to the “wall side” of the microfilter.

  • Page 543: Appendix K Log Descriptions

    Prestige 653HWI Series User’s Guide Appendix K Log Descriptions This appendix provides descriptions of example log messages Chart K-1 System Maintenance Logs LOG MESSAGE DESCRIPTION Time calibration is The router has adjusted its time based on information from the time server.

  • Page 544: Chart K-2 Upnp Logs

    Prestige 653HWI Series User’s Guide Chart K-2 UPnP Logs LOG MESSAGE DESCRIPTION UPnP pass through UPnP packets can pass through the firewall. Firewall For the content filtering logs “(Destination)” means the destination IP address or domain name. Chart K-3 Content Filtering Logs...

  • Page 545: Chart K-4 Attack Logs

    Prestige 653HWI Series User’s Guide Chart K-4 Attack Logs LOG MESSAGE DESCRIPTION attack (Protocol) The firewall detected an attack. The log may also display the protocol (for example TCP or UDP). land Protocol) The firewall detected a land attack. The log may also display the protocol (for example TCP or UDP).

  • Page 546: Chart K-5 Access Logs

    Prestige 653HWI Series User’s Guide Chart K-5 Access Logs LOG MESSAGE DESCRIPTION Firewall default Access matched the default policy and the Prestige blocked or forwarded it according to the configuration of the default firewall policy (Protocol, policy. Direction) Firewall rule match Access matched a firewall rule and the Prestige blocked or forwarded it according to the rule’s configuration.

  • Page 547: Chart K-6 Tcp Reset Logs

    Prestige 653HWI Series User’s Guide Chart K-5 Access Logs LOG MESSAGE DESCRIPTION Out of order TCP The router blocked a TCP handshake packet that came out of the proper order handshake packet blocked (Protocol) Unsupported/out-of- The Prestige generates this log after it drops an ICMP packet due to...
  • Page 548 Prestige 653HWI Series User’s Guide Chart K-7 ICMP Notes TYPE CODE DESCRIPTION A packet that needed fragmentation was dropped because it was set to Don't Fragment (DF) Source route failed Source Quench A gateway may discard internet datagrams if it does not have the buffer space needed to queue the datagrams for output to the next network on the route to the destination network.
  • Page 549 Prestige 653HWI Series User’s Guide Chart K-7 ICMP Notes TYPE CODE DESCRIPTION Information reply message VPN/IPSec logs To view the IPSec and IKE connection log, type 3 in menu 27 and press [ENTER] to display the IPSec log as shown next. The following figure shows a typical log from the initiator of a VPN connection.

  • Page 550: Chart K-8 Sample Ike Key Exchange Logs

    Prestige 653HWI Series User’s Guide Index: Date/Time: Log: ------------------------------------------------------------ 01 Jan 08:08:07 Recv Main Mode request from <192.168.100.100> 01 Jan 08:08:07 Recv:<SA> 01 Jan 08:08:08 Send:<SA> 01 Jan 08:08:08 Recv:<KE><NONCE> 01 Jan 08:08:10 Send:<KE><NONCE> 01 Jan 08:08:10 Recv:<ID><HASH> 01 Jan 08:08:10 Send:<ID><HASH>...
  • Page 551 Prestige 653HWI Series User’s Guide Chart K-8 Sample IKE Key Exchange Logs LOG MESSAGE DESCRIPTION Start Phase 2: Quick Mode Phase 2 negotiation is begins by using Quick Mode. !! IKE Negotiation is in process The Prestige has begun negotiation with the peer for the connection already, but the IKE key exchange has not finished yet.

  • Page 552: Chart K-9 Sample Ipsec Logs During Packet Transmission

    Prestige 653HWI Series User’s Guide Chart K-8 Sample IKE Key Exchange Logs LOG MESSAGE DESCRIPTION !! Too many errors! Deleting SA The Prestige deletes an SA when too many errors occur. !! ID type mismatch The ID type of an incoming packet does not match the local's peer ID type.

  • Page 553: Chart K-10 Rfc-2408 Isakmp Payload Types

    Prestige 653HWI Series User’s Guide Chart K-9 Sample IPSec Logs During Packet Transmission LOG MESSAGE DESCRIPTION !! Discard REPLAY packet If the Prestige receives a packet with the wrong sequence number it will discard it. !! Inbound packet The authentication configuration settings are incorrect. Please authentication failed check them.

  • Page 555: Appendix L Index

    Prestige 653HWI Series User’s Guide Appendix L Index 802.1x Configuration ........6-10 Backup ............38-2 Bandwidth Borrowing ........21-7 Bandwidth Class ..........21-1 Bandwidth Filter ......... 21-1, 21-15 Action for Matched Packets ......13-12 Bandwidth Management ......1-4, 21-1 Active..........25-11, 25-13 Bandwidth Management Statistics....
  • Page 556 Prestige 653HWI Series User’s Guide PPPoE............42-3 Precedence..........42-1 data compression ..........1-3 Precedence Example....See precedence Data decryption ..........6-4 caller ID ............25-6 Data encryption ..........6-4 Calling Line Indication ........25-6 Data Filtering..........34-1 CDR............... 37-7 Data Link Connection........25-7 CDR (Call Detail Record)......37-6 Default Policy Log .........13-6...
  • Page 557 Prestige 653HWI Series User’s Guide Sample ............. 34-17 SUA............34-15 EAP..............6-8 TCP/IP Filter Rule........34-9 EAP Authentication Sequence ......6-9 Filter Configuration ........34-1 ECHO............... 8-7 Filter Log ..........37-7, 37-8 Edit IP ............25-12 Filter Rule ............ 34-10 E-mail Filter Rule Process.........
  • Page 558 Prestige 653HWI Series User’s Guide SMT Menus..........33-1 IEEE 802.11 ............ C-1 Types ............11-1 IGMP..............5-3 When To Use........... 11-13 IGMP support ........25-16, 29-7 Firewalls ............11-1 IKE ..............13-8 Firmware File IKE Setup .............43-11 Maintenance ..........22-14 Incoming Call Support ........1-4 Fragment Threshold........
  • Page 559 Prestige 653HWI Series User’s Guide IP Policies ............41-5 IP Policy Routing (IPPR)......1-6, 28-1 LAN............... 37-3 Applying an IP Policy........ 41-5 LAN Configuration.......... 5-4 Ethernet IP Policies........41-5 LAN Interface Gateway ............. 41-5 Troubleshooting...........A-2 IP Pool Setup..........3-12 LAN Setup..........5-1, 26-1 IP Ports..........
  • Page 560 Prestige 653HWI Series User’s Guide Microfilters ............J-1 Networking Compatibility........1-6 MSN .............. 13-8 NEWS.............13-8 Multicast .......5-3, 5-5, 25-16, 29-7 NFS..............13-8 MULTICAST ..........13-8 NNTP ............. 8-7, 13-9 Multilink ..........1-3, 7-6, 7-9 Multiple PVC........... 1-5 Multiplexing One-Minute High ...........12-3 LLC-based ........... 3-2 Outgoing Calling Party Number.....25-6...
  • Page 561 Prestige 653HWI Series User’s Guide PPP Multilink........... 1-3 Remote Management Setup ......40-1 PPPoA............29-2 Remote Node ........29-1, 37-2 PPPoE ..............E-1 Network Layer........... 29-5 PPPoE Support (RFC2516)......1-4 Remote Node Profile ......... 29-3 PPTP ............8-7, 13-9 Remote Node Setup......29-1, 29-2 PPTP TUNNEL ..........
  • Page 562 Prestige 653HWI Series User’s Guide SPTGEN Screens ..........H-1 SQL-NET ............13-9 SA Monitor ............ 44-1 SSH..............13-9 Sample IP Addresses ........29-8 Stac data compression ........1-3 Saving the State ..........11-7 Start-Up Schedule Sets Troubleshooting ..........A-1 Duration............. 42-2 Stateful Inspection ..1-2, 11-1, 11-2, 11-7, 11-8 Scheduler ..........
  • Page 563 Prestige 653HWI Series User’s Guide System Parameter Table Generator....45-1 System Status ..........37-2 UDP/ICMP Security ........11-10 System Timeout ........18-2, 40-3 Universal Plug and Play......... 19-1 Application ..........19-1 Security issues ........... 19-1 TACACS............13-10 Universal Plug and Play (UPnP)...... 1-4 TCP Maximum Incomplete......
  • Page 564 Prestige 653HWI Series User’s Guide WAN Backup Configuration ......7-16 Wireless LAN Setup........27-1 WAN Functions Configuration......7-4 Wireless Port Control ........6-11 WAN Interface Wireless Security..........6-3 Troubleshooting...........A-3 Wizard Setup ..........3-1, 3-2 WAN Setup..........7-1, 25-2 WLAN........See Wireless LAN WAN to LAN Rules ........13-4 Web Configurator ..

Table of Contents