Page 1 Prestige 2602HW Series ADSL VoIP IAD with 802.11g Wireless User’s Guide Version 3.40 August 2004...
Page 4: Federal Communications Commission (Fcc) Interference Statement
Prestige 2602HW Series User’s Guide Federal Communications Commission (FCC) Interference Statement This device complies with Part 15 of FCC rules. Operation is subject to the following two conditions: • This device may not cause harmful interference. • This device must accept any interference received, including interference that may cause undesired operations.
Page 5: Zyxel Limited Warranty
Prestige 2602HW Series User’s Guide ZyXEL Limited Warranty ZyXEL warrants to the original end user (purchaser) that this product is free from any defects in materials or workmanship for a period of up to two years from the date of purchase. During...
Page 6: Customer Support
Prestige 2602HW Series User’s Guide Customer Support Please have the following information ready when you contact customer support. • Product model and serial number. • Warranty Information. • Date that you received your device. • Brief description of the problem and the steps you took to solve it.
Page 7: Table Of Contents
Prestige 2602HW Series User’s Guide Table of Contents Copyright ........................3 Federal Communications Commission (FCC) Interference Statement ....4 ZyXEL Limited Warranty..................5 Customer Support....................6 Table of Contents ..................... 7 List of Figures ......................23 List of Tables ......................31 Preface ........................
Page 8 Prestige 2602HW Series User’s Guide Chapter 3 Wizard Setup ......................57 3.1 Wizard Setup Introduction ..................57 3.1.1 Encapsulation ...................57 3.1.1.1 ENET ENCAP .................57 3.1.1.2 PPP over Ethernet ................57 3.1.1.3 PPPoA .....................57 3.1.1.4 RFC 1483 ..................58 3.1.2 Multiplexing ....................58 3.1.2.1 VC-based Multiplexing ..............58 3.1.2.2 LLC-based Multiplexing ..............58...
Page 9 Prestige 2602HW Series User’s Guide 5.4 LAN TCP/IP ......................75 5.4.1 Factory LAN Defaults ................75 5.4.2 IP Address and Subnet Mask ..............75 5.4.3 RIP Setup ....................75 5.4.4 Multicast ....................76 5.5 Any IP .........................76 5.5.1 How Any IP Works ..................77 5.6 Configuring LAN ....................78 5.7 Configuring Static DHCP ..................80...
Page 10 Prestige 2602HW Series User’s Guide Chapter 7 WAN Setup......................103 7.1 WAN Overview ....................103 7.2 Metric ......................103 7.3 PPPoE Encapsulation ..................104 7.4 Traffic Shaping ....................104 7.5 Zero Configuration Internet Access ..............105 7.6 Configuring WAN Setup ...................105 7.7 Traffic Redirect ....................108 7.8 Configuring WAN Backup .................109...
Page 11 Prestige 2602HW Series User’s Guide 9.3 SIP ALG ......................128 9.4 Pulse Code Modulation ..................128 9.5 Voice Coding ....................129 9.5.1 G.711 .......................129 9.5.2 G.729 ......................129 9.6 PSTN Call Setup Signaling ................129 Chapter 10 Voice Screens ....................... 131 10.1 Voice Screens Introduction ................131 10.2 SIP Settings Configuration ................131...
Page 12 Prestige 2602HW Series User’s Guide 13.2 Types of Firewalls ..................149 13.2.1 Packet Filtering Firewalls ..............149 13.2.2 Application-level Firewalls ..............149 13.2.3 Stateful Inspection Firewalls ..............150 13.3 Introduction to ZyXEL’s Firewall ..............150 13.3.1 Denial of Service Attacks ..............151 13.4 Denial of Service ....................151 13.4.1 Basics ....................151...
Page 13 Prestige 2602HW Series User’s Guide 14.6 Rule Summary ....................168 14.6.1 Configuring Firewall Rules ..............170 14.7 Customized Services ..................173 14.8 Creating/Editing A Customized Service ............173 14.9 Example Firewall Rule ...................174 14.10 Predefined Services ..................178 14.11 Anti-Probing ....................180 14.12 Configuring Attack Alert ................181 14.12.1 Threshold Values ................182...
Page 14 Prestige 2602HW Series User’s Guide Chapter 18 Logs Screens......................207 18.1 Logs Overview ....................207 18.1.1 Alerts and Logs ..................207 18.2 Configuring Log Settings ................207 18.3 Displaying the Logs ..................209 18.4 SMTP Error Messages ...................210 18.4.1 Example E-mail Log ................211 Chapter 19 Maintenance ......................
Page 15 Prestige 2602HW Series User’s Guide Chapter 22 Menu 2 WAN Backup Setup ................237 22.1 Introduction to WAN Backup Setup ..............237 22.2 Configuring WAN Backup in Menu 2 ..............237 22.2.1 Traffic Redirect Setup ................238 Chapter 23 Menu 3 LAN Setup ....................241 23.1 LAN Setup ......................241...
Page 16 Prestige 2602HW Series User’s Guide 26.5.2 LLC-based Multiplexing or PPP Encapsulation ........263 26.5.3 Advance Setup Options ................263 Chapter 27 Static Route Setup ....................265 27.1 IP Static Route Overview ................265 27.2 Configuration ....................265 Chapter 28 Bridging Setup ..................... 269 28.1 Bridging in General ..................269 28.2 Bridge Ethernet Setup ..................269...
Page 17 Prestige 2602HW Series User’s Guide 31.3 Filter Rules Summary Menus .................294 31.4 Configuring a Filter Rule ................295 31.4.1 TCP/IP Filter Rule .................296 31.4.2 Generic Filter Rule ................298 31.5 Filter Types and NAT ..................300 31.6 Example Filter ....................300 31.7 Applying Filters and Factory Defaults ............302 31.7.1 Ethernet Traffic ..................303...
Page 18 Prestige 2602HW Series User’s Guide 35.2.3 Example of FTP Commands from the Command Line ......327 35.2.4 GUI-based FTP Clients .................328 35.2.5 TFTP and FTP over WAN Management Limitations ......328 35.2.6 Backup Configuration Using TFTP ............329 35.2.7 TFTP Command Example ..............329 35.2.8 GUI-based TFTP Clients ..............329...
Page 19 41.8 Problems with the Web Configurator .............370 41.9 Problems with Remote Management .............370 41.10 Telephone Problems ..................371 Appendix A Hardware Specifications ..................373 Prestige 2602HW Series Power Adaptor Specifications........375 Appendix B Setting up Your Computer’s IP Address............377 Windows 95/98/Me....................377...
Page 20 Prestige 2602HW Series User’s Guide Configuring ...................... 379 Verifying Settings ..................... 380 Windows 2000/NT/XP .................... 380 Verifying Settings ..................... 384 Macintosh OS 8/9....................385 Verifying Settings ..................... 386 Macintosh OS X ..................... 386 Verifying Settings ..................... 388 Appendix C IP Subnetting ......................389 IP Addressing......................
Page 21 Prestige 2602HW Series User’s Guide Appendix G Types of EAP Authentication ................405 EAP-MD5 (Message-Digest Algorithm 5)............... 405 EAP-TLS (Transport Layer Security) ..............405 EAP-TTLS (Tunneled Transport Layer Service) ........... 405 LEAP ........................406 Appendix H Triangle Route ...................... 407 The Ideal Setup......................
Page 22 Prestige 2602HW Series User’s Guide...
Page 23: List Of Figures
Prestige 2602HW Series User’s Guide List of Figures Figure 1 Prestige Internet Access Application ..............50 Figure 2 Internet Telephony Service Provider Application ..........50 Figure 3 IP-PBX Application ....................51 Figure 4 Firewall Application ....................51 Figure 5 Prestige LAN-to-LAN Application ................52 Figure 6 Password Screen ....................
Page 24 Prestige 2602HW Series User’s Guide Figure 37 WAN Setup (PPPoE) ..................106 Figure 38 Traffic Redirect Example ..................109 Figure 39 Traffic Redirect LAN Setup ................. 109 Figure 40 WAN Backup ....................... 110 Figure 41 How NAT Works ....................115 Figure 42 NAT Application With IP Alias ................
Page 25 Prestige 2602HW Series User’s Guide Figure 80 Content Filter: Schedule ..................187 Figure 81 Content Filter: Trusted ..................188 Figure 82 Telnet Configuration on a TCP/IP Network ............190 Figure 83 Remote Management ..................191 Figure 84 Configuring UPnP ....................194 Figure 85 Add/Remove Programs: Windows Setup: Communication .........
Page 26 Prestige 2602HW Series User’s Guide Figure 123 Menu 3.2 TCP/IP and DHCP Ethernet Setup ........... 242 Figure 124 Menu 3.5 - Wireless LAN Setup ............... 245 Figure 125 Menu 3.5.1 WLAN MAC Address Filtering ............247 Figure 126 IP Alias Network Example ................. 250 Figure 127 Menu 3.2 TCP/IP and DHCP Setup ..............
Page 27 Prestige 2602HW Series User’s Guide Figure 166 Example 3: Menu 15.2.1 ................... 286 Figure 167 NAT Example 4 ....................286 Figure 168 Example 4: Menu 15.1.1.1 Address Mapping Rule ........... 287 Figure 169 Example 4: Menu 15.1.1 Address Mapping Rules ..........287 Figure 170 Menu 21.2 Firewall Setup .................
Page 28 Prestige 2602HW Series User’s Guide Figure 209 Backup Configuration Example ................. 331 Figure 210 Successful Backup Confirmation Screen ............331 Figure 211 Telnet into Menu 24.6 ..................332 Figure 212 Restore Using FTP Session Example ............... 332 Figure 213 System Maintenance: Restore Configuration ........... 333 Figure 214 System Maintenance: Starting Xmodem Download Screen ......
Page 29 Prestige 2602HW Series User’s Guide Figure 252 Windows 95/98/Me: TCP/IP Properties: DNS Configuration ......380 Figure 253 Windows XP: Start Menu .................. 381 Figure 254 Windows XP: Control Panel ................381 Figure 255 Windows XP: Control Panel: Network Connections: Properties ....... 382 Figure 256 Windows XP: Local Area Connection Properties ..........
Page 30 Prestige 2602HW Series User’s Guide...
Page 31: List Of Tables
Prestige 2602HW Series User’s Guide List of Tables Table 1 ADSL Standards ....................41 Table 2 IEEE 802.11g ......................45 Table 3 Web Configurator Screens Summary ..............55 Table 4 Internet Access Wizard Setup: First Screen ............59 Table 5 Internet Connection with PPPoE ................62 Table 6 Internet Connection with RFC 1483 ..............
Page 32 Prestige 2602HW Series User’s Guide Table 37 Speed Dial ......................139 Table 38 Lifeline ......................... 141 Table 39 Dynamic DNS ...................... 144 Table 40 Pre-defined NTP Time Servers ................145 Table 41 Time and Date ..................... 146 Table 42 Common IP Ports ....................152 Table 43 ICMP Commands That Trigger Alerts ..............
Page 33 Prestige 2602HW Series User’s Guide Table 80 Menu 3.5.1 WLAN MAC Address Filtering ............247 Table 81 Menu 3.2.1 IP Alias Setup ................... 251 Table 82 Menu 4 Internet Access Setup ................253 Table 83 Menu 11.1 Remote Node Profile ................. 257 Table 84 Menu 11.3 Remote Node Network Layer Options ..........
Page 34 Table 125 Troubleshooting Remote Management ............. 370 Table 126 Troubleshooting Telephone ................371 Table 127 Prestige 2602HW Series Power Adaptor Specifications ........375 Table 128 Classes of IP Addresses ................... 389 Table 129 Allowed IP Address Range By Class ..............390 Table 130 “Natural”...
Page 35 Prestige 2602HW Series User’s Guide Table 166 802.1X Logs ...................... 444 Table 167 ACL Setting Notes ..................... 445 Table 168 ICMP Notes ....................... 445 Table 169 Syslog Logs ....................... 446 Table 170 SIP Logs ......................446 Table 171 RTP Logs ......................447 Table 172 FSM Logs: Caller Side ..................
Page 36 Prestige 2602HW Series User’s Guide...
Page 37: Preface
Prestige 2602HW Series User’s Guide Preface Congratulations on your purchase of the Prestige 2602HW Series ADSL VoIP IAD with 802.11g Wireless. Note: Register your product online to receive e-mail notices of firmware upgrades and information at www.zyxel.com for global products, or at www.us.zyxel.com...
Page 38: Syntax Conventions
• For brevity’s sake, we will use “e.g.,” as a shorthand for “for instance”, and “i.e.,” for “that is” or “in other words” throughout this manual. • The Prestige 2602HW series may be referred to as the Prestige in this user’s guide. This refers to both models (ADSL over POTS and ADSL over ISDN) unless specifically identified.
Page 39: Introduction To Dsl
Prestige 2602HW Series User’s Guide Introduction to DSL DSL (Digital Subscriber Line) technology enhances the data capacity of the existing twisted- pair wire that runs between the local telephone company switching offices and most homes and offices. While the wire itself can handle higher frequencies, the telephone switching...
Page 40 Prestige 2602HW Series User’s Guide Introduction to DSL...
Page 41: Getting To Know Your Prestige
Prestige 2602HW Series User’s Guide H A P T E R Getting To Know Your Prestige Prestige. This chapter describes the key features and applications of your Introducing the Prestige The Prestige P2602HW ADSL VoIP IAD (Integrated Access Device) combines high-speed ADSL Internet access, a 4-port Ethernet switch, IEEE 802.11g wireless access, and Voice...
Page 42: Prestige 2602Hwl With Lifeline
Prestige 2602HW Series User’s Guide Three Prestige models are included in this user’s guide at the time of writing. In the Prestige product name, “H” denotes an integrated 4-port switch (hub) and “W” denotes an internal wireless card. The Prestige 2602HW provides 802.11g wireless LAN connectivity allowing users to enjoy the convenience and mobility of working anywhere within the coverage area.
Page 43: Multiple Sip Accounts
Prestige 2602HW Series User’s Guide • SDP (RFC 2327) • RTP (RFC 1889) • RTCP (RFC 1890) Multiple SIP Accounts The Prestige allows you to simultaneously use multiple voice (SIP) accounts and assign them to one or both telephone ports.
Page 44: High Speed Internet Access
Prestige 2602HW Series User’s Guide High Speed Internet Access Your Prestige ADSL/ADSL2/ADSL2+ router can support downstream transmission rates of up to 24Mbps and upstream transmission rates of 3.5Mbps. Actual speeds attained depend on ISP DSLAM environment. Zero Configuration Internet Access...
Page 45: Table 2 Ieee 802.11G
Prestige 2602HW Series User’s Guide IEEE 802.11g Wireless LAN IEEE 802.11g is fully compatible with the IEEE 802.11b standard. This means an IEEE 802.11b radio card can interface directly with an IEEE 802.11g access point (and vice versa) at 11 Mbps or lower depending on range. IEEE 802.11g has several intermediate rate steps between the maximum and minimum data rates.
Page 46: Dynamic Dns Support
Prestige 2602HW Series User’s Guide Traffic Redirect Traffic redirect forwards WAN traffic to a backup gateway when the Prestige cannot connect to the Internet, thus acting as an auxiliary if your regular WAN connection fails. Universal Plug and Play (UPnP)
Page 47: Adsl Standards
Prestige 2602HW Series User’s Guide ADSL Standards • Full-Rate (ANSI T1.413, Issue 2; G.dmt (G.992.1) with line rate support of up to 8 Mbps downstream and 832 Kbps upstream. • G.lite (G.992.2) with line rate support of up to 1.5Mbps downstream and 512Kbps upstream.
Page 48: Networking Compatibility
Prestige 2602HW Series User’s Guide IP Policy Routing (IPPR) Traditionally, routing is based on the destination address only and the router takes the shortest path to forward a packet. IP Policy Routing (IPPR) provides a mechanism to override the default routing behavior and alter the packet forwarding based on the policy defined by the network administrator.
Page 49: Applications For The Prestige
Prestige 2602HW Series User’s Guide • ADSL circuitry • RAM • LAN port Packet Filters The Prestige's packet filtering functions allows added network security and management. Ease of Installation Your Prestige is designed for quick, intuitive and easy installation. Housing Your Prestige's compact and ventilated housing minimizes space requirements making it easy to position anywhere in your busy office.
Page 50: Making Calls Via Internet Telephony Service Provider
Prestige 2602HW Series User’s Guide Figure 1 Prestige Internet Access Application Internet Single User Account For a SOHO (Small Office/Home Office) environment, your Prestige offers the Single User Account (SUA) feature that allows multiple users on the LAN (Local Area Network) to access the Internet concurrently for the cost of a single IP address 1.4.2 Making Calls via Internet Telephony Service Provider...
Page 51: Firewall For Secure Broadband Internet Access
Prestige 2602HW Series User’s Guide In this example, you use your analog phone (A in the figure) and the Prestige (B) changes the call into VoIP and sends it to the IP-PBX. The IP-PBX forwards calls to PSTN phones (C) to the PSTN network.
Page 52: Prestige Hardware Installation And Connection
Prestige 2602HW Series User’s Guide Figure 5 Prestige LAN-to-LAN Application 1.5 Prestige Hardware Installation and Connection Refer to the Quick Start Guide for information on hardware installation and connection and LED descriptions. Chapter 1 Getting To Know Your Prestige...
Page 53: Introducing The Web Configurator
Prestige 2602HW Series User’s Guide H A P T E R Introducing the Web Configurator This chapter describes how to access and navigate the web configurator. 2.1 Web Configurator Overview The embedded web configurator allows you to manage the Prestige from anywhere through a browser such as Microsoft Internet Explorer or Netscape Navigator.
Page 54: Resetting The Prestige
Prestige 2602HW Series User’s Guide Figure 7 Change Password at Login 7 You should now see the SITE MAP screen. Note: The Prestige automatically times out after five minutes of inactivity. Simply log back into the Prestige if this happens to you.
Page 55: Figure 8 Web Configurator Site Map Screen
Prestige 2602HW Series User’s Guide • Click Logout in the navigation panel when you have finished a Prestige management session. Figure 8 Web Configurator SITE MAP Screen Note: Click the icon (located in the top right corner of most screens) to view embedded help.
Page 56 Prestige 2602HW Series User’s Guide Table 3 Web Configurator Screens Summary (continued) LINK SUB-LINK FUNCTION Voice SIP Settings Use this screen to configure your Prestige’s Session Initiation Protocol settings. Use this screen to configure your Prestige’s Quality of Service settings.
Page 57: Chapter 3 Wizard Setup
Prestige 2602HW Series User’s Guide H A P T E R Wizard Setup This chapter provides information on the Wizard Setup screens for Internet access and VoIP in the web configurator. 3.1 Wizard Setup Introduction Use the Wizard Setup screens to configure your system for Internet access and Voice with the information (provided by your ISP) that you fill in the Internet Account Information and Voice Account Information tables in the Quick Start Guide.
Page 58: Rfc 1483
Prestige 2602HW Series User’s Guide 3.1.1.4 RFC 1483 RFC 1483 describes two methods for Multiprotocol Encapsulation over ATM Adaptation Layer 5 (AAL5). The first method allows multiplexing of multiple protocols over a single ATM virtual circuit (LLC-based multiplexing) and the second method assumes that each protocol is carried over a separate ATM virtual circuit (VC-based multiplexing).
Page 59: Ip Address And Subnet Mask
Prestige 2602HW Series User’s Guide Figure 9 Internet Access Wizard Setup: First Screen The following table describes the fields in this screen. Table 4 Internet Access Wizard Setup: First Screen LABEL DESCRIPTION Mode From the Mode drop-down list box, select Routing (default) if your ISP allows multiple computers to share an Internet account.
Page 60: Ip Address Assignment
Prestige 2602HW Series User’s Guide If the ISP did not explicitly give you an IP network number, then most likely you have a single user account and the ISP will assign you a dynamic IP address when the connection is established.
Page 61: Private Ip Addresses
Prestige 2602HW Series User’s Guide 3.2.1.4 Private IP Addresses Every machine on the Internet must have a unique address. If your networks are isolated from the Internet, for example, only between your two branch offices, you can assign any IP addresses to the hosts without problems.
Page 62: Figure 10 Internet Connection With Pppoe
Prestige 2602HW Series User’s Guide Figure 10 Internet Connection with PPPoE The following table describes the fields in this screen. Table 5 Internet Connection with PPPoE LABEL DESCRIPTION Service Name Type the name of your PPPoE service here. User Name Enter the user name exactly as your ISP assigned.
Page 63: Figure 11 Internet Connection With Rfc 1483
Prestige 2602HW Series User’s Guide Figure 11 Internet Connection with RFC 1483 The following table describes the fields in this screen. Table 6 Internet Connection with RFC 1483 LABEL DESCRIPTION IP Address This field is available if you select Routing in the Mode field.
Page 64: Figure 13 Internet Connection With Pppoa
Prestige 2602HW Series User’s Guide Table 7 Internet Connection with ENET ENCAP LABEL DESCRIPTION IP Address A static IP address is a fixed IP that your ISP gives you. A dynamic IP address is not fixed; the ISP assigns you a different one each time you connect to the Internet.
Page 65: Sip Identities
Prestige 2602HW Series User’s Guide Table 8 Internet Connection with PPPoA LABEL DESCRIPTION User Name Enter the login name that your ISP gives you. Password Enter the password associated with the user name above. IP Address This option is available if you select Routing in the Mode field.
Page 66: Figure 14 Internet Access Wizard Setup: Third Screen
Prestige 2602HW Series User’s Guide Figure 14 Internet Access Wizard Setup: Third Screen Table 9 Internet Access Wizard Setup: Voice Configuration LABEL DESCRIPTION Active Select this check box to have the Prestige use this SIP account. Clear the check box to have the Prestige not use this SIP account.
Page 67: Dhcp Setup
Prestige 2602HW Series User’s Guide Table 9 Internet Access Wizard Setup: Voice Configuration (continued) LABEL DESCRIPTION Authentication Type the password associated with the user name above. You can use up to Password 95 ASCII Extended set characters. Send Caller ID Select this check box to show identification information when you make VoIP phone calls.
Page 68: Figure 15 Internet Access Wizard Setup: Fourth Screen
Prestige 2602HW Series User’s Guide Figure 15 Internet Access Wizard Setup: Fourth Screen If you want to change your Prestige LAN settings, click Change LAN Configuration to display the screen as shown next. Chapter 3 Wizard Setup...
Page 69: Internet Access Wizard Setup: Connection Test
Prestige 2602HW Series User’s Guide Figure 16 Internet Access Wizard Setup: LAN Configuration The following table describes the fields in this screen. Table 10 Internet Access Wizard Setup: LAN Configuration LABEL DESCRIPTION LAN IP Address Enter the IP address of your Prestige in dotted decimal notation, for example, 192.168.1.1 (factory default).
Page 70: Test Your Internet Connection
Prestige 2602HW Series User’s Guide Figure 17 Internet Access Wizard Setup: Connection Tests 3.2.9.1 Test Your Internet Connection Launch your web browser and navigate to www.zyxel.com. Internet access is just the beginning. Refer to the rest of this User’s Guide for more detailed information on the complete range of Prestige features.
Page 71: Chapter 4 Password Setup
Prestige 2602HW Series User’s Guide H A P T E R Password Setup This chapter provides information on the Password screen. 4.1 Password Overview It is highly recommended that you change the password for accessing the Prestige. 4.1.1 Configuring Password To change your Prestige’s password (recommended), click Password in the Site Map screen.
Page 72 Prestige 2602HW Series User’s Guide Chapter 4 Password Setup...
Page 73: Chapter 5 Lan Setup
Prestige 2602HW Series User’s Guide H A P T E R LAN Setup This chapter describes how to configure LAN settings. 5.1 LAN Overview A Local Area Network (LAN) is a shared communication system to which many computers are attached. A LAN is a computer network limited to the immediate area, usually the same building or floor of a building.
Page 74: Dns Server Address
Prestige 2602HW Series User’s Guide 5.2 DNS Server Address DNS (Domain Name System) is for mapping a domain name to its corresponding IP address and vice versa. The DNS server is extremely important because without it, you must know the IP address of a machine before you can access it.
Page 75: Lan Tcp/Ip
Prestige 2602HW Series User’s Guide 5.4 LAN TCP/IP The Prestige has built-in DHCP server capability that assigns IP addresses and DNS servers to systems that support DHCP client capability. 5.4.1 Factory LAN Defaults The LAN parameters of the Prestige are preset in the factory with the following values: •...
Page 76: Multicast
Prestige 2602HW Series User’s Guide 5.4.4 Multicast Traditionally, IP packets are transmitted in one of either two ways - Unicast (1 sender - 1 recipient) or Broadcast (1 sender - everybody on the network). Multicast delivers IP packets to a group of hosts on the network - not everybody and not just 1.
Page 77: How Any Ip Works
Prestige 2602HW Series User’s Guide Figure 20 Any IP Example The Any IP feature does not apply to a computer using either a dynamic IP address or a static IP address that is in the same subnet as the Prestige’s IP address.
Page 78: Configuring Lan
Prestige 2602HW Series User’s Guide After all the routing information is updated, the computer can access the Prestige and the Internet as if it is in the same subnet as the Prestige. 5.6 Configuring LAN Click LAN and LAN Setup to open the following screen.
Page 79: Table 12 Lan Setup
Prestige 2602HW Series User’s Guide The following table describes the fields in this screen. Table 12 LAN Setup LABEL DESCRIPTION DHCP DHCP If set to Server, your Prestige can assign IP addresses, an IP default gateway and DNS servers to Windows 95, Windows NT and other systems that support the DHCP client.
Page 80: Configuring Static Dhcp
Prestige 2602HW Series User’s Guide 5.7 Configuring Static DHCP This table allows you to assign IP addresses on the LAN to specific individual computers based on their MAC Addresses. Every Ethernet device has a unique MAC (Media Access Control) address. The MAC address is assigned at the factory and consists of six pairs of hexadecimal characters, for example, 00:A0:C5:00:00:02.
Page 81: Chapter 6 Wireless Lan Setup
Prestige 2602HW Series User’s Guide H A P T E R Wireless LAN Setup This chapter discusses how to configure Wireless LAN on the Prestige. 6.1 Wireless LAN Introduction This section introduces the wireless LAN and some basic configurations. Wireless LANs can...
Page 82: Ess Id
Prestige 2602HW Series User’s Guide 6.1.3 ESS ID An Extended Service Set (ESS) is a group of access points or wireless gateways connected to a wired LAN on the same subnet. An ESS ID uniquely identifies each set. All access points or wireless gateways and their associated wireless stations in the same set must have the same ESSID.
Page 83: Fragmentation Threshold
Prestige 2602HW Series User’s Guide If the RTS/CTS value is greater than the Fragmentation Threshold value (see next), then the RTS (Request To Send)/CTS (Clear to Send) handshake will never occur as data frames will be fragmented before they reach RTS/CTS size.
Page 84: Data Encryption With Wep
Prestige 2602HW Series User’s Guide Figure 24 Prestige Wireless Security Levels If you do not enable any wireless security on your Prestige, your network is accessible to any wireless networking device that is within range. Use the Prestige web configurator to configurator to set up your wireless LAN security settings.
Page 85: Figure 25 Wireless Lan
Prestige 2602HW Series User’s Guide Click Wireless LAN, Wireless to open the Wireless screen. Figure 25 Wireless LAN The following table describes the fields in this screen. Table 14 Wireless LAN LABEL DESCRIPTION Enable Wireless The wireless LAN is turned off by default, before you enable the wireless LAN you should configure some security by setting MAC filters and/or 802.1x security;...
Page 86: Configuring Mac Filter
Prestige 2602HW Series User’s Guide Table 14 Wireless LAN (continued) LABEL DESCRIPTION Fragmentation The threshold (number of bytes) for the fragmentation boundary for directed Threshold messages. It is the maximum data fragment size that can be sent. Enter a value between 256 and 2432.
Page 87: Figure 26 Mac Address Filter
Prestige 2602HW Series User’s Guide Figure 26 MAC Address Filter The following table describes the fields in this menu. Table 15 MAC Address Filter LABEL DESCRIPTION Active Select Yes from the drop down list box to enable MAC address filtering.
Page 88: Network Authentication
Prestige 2602HW Series User’s Guide Table 15 MAC Address Filter (continued) LABEL DESCRIPTION Apply Click Apply to save your changes back to the Prestige. Cancel Click Cancel to begin configuring this screen afresh. 6.6 Network Authentication You can set the Prestige and your network to authenticate a wireless station before the wireless station can communicate with the Prestige and the wired network to which the Prestige is connected.
Page 89: Eap Authentication Overview
Prestige 2602HW Series User’s Guide • Access-Reject Sent by a RADIUS server rejecting access. • Access-Accept Sent by a RADIUS server allowing access. • Access-Challenge Sent by a RADIUS server requesting more information in order to allow access. The access point sends a proper response from the user and then sends another Access- Request message.
Page 90: Introduction To Wpa
Prestige 2602HW Series User’s Guide 3 The wireless station replies with identity information, including username and password. 4 The RADIUS server checks the user information against its user profile database and determines whether or not to authenticate the wireless station.
Page 91: Wpa-Psk Application Example
Prestige 2602HW Series User’s Guide By generating unique data encryption keys for every data packet and by creating an integrity checking mechanism (MIC), TKIP makes it much more difficult to decode data on a Wi-Fi network than WEP, making it difficult for an intruder to break into the network.
Page 92: Security Parameters Summary
Prestige 2602HW Series User’s Guide 2 The RADIUS server then checks the user's identification against its database and grants or denies network access accordingly. 3 The RADIUS server distributes a Pairwise Master Key (PMK) key to the AP that then...
Page 93: Wireless Client Wpa Supplicants
Prestige 2602HW Series User’s Guide Table 16 Wireless Security Relational Matrix (continued) AUTHENTICATION ENCRYPTION ENTER METHOD/ KEY ENABLE IEEE 802.1X METHOD MANUAL KEY MANAGEMENT PROTOCOL TKIP WPA-PSK WPA-PSK TKIP 6.11 Wireless Client WPA Supplicants A wireless client supplicant is the software that runs on an operating system instructing the wireless client how to use WPA.
Page 94: Authentication Required: 802.1X
Prestige 2602HW Series User’s Guide Table 17 Wireless LAN: 802.1x/WPA LABEL DESCRIPTION Wireless Port To control wireless stations access to the wired network, select a control method from Control the drop-down list box. Choose from No Access Allowed, No Authentication Required and Authentication Required.
Page 95: Table 18 Wireless Lan: 802.1X/Wpa For 802.1X Protocol
Prestige 2602HW Series User’s Guide Table 18 Wireless LAN: 802.1x/WPA for 802.1x Protocol LABEL DESCRIPTION Wireless Port To control wireless stations access to the wired network, select a control method Control from the drop-down list box. Choose from No Authentication Required, Authentication Required and No Access Allowed.
Page 96: Authentication Required: Wpa
Prestige 2602HW Series User’s Guide Table 18 Wireless LAN: 802.1x/WPA for 802.1x Protocol (continued) LABEL DESCRIPTION Back Click Back to go to the main wireless LAN setup screen. Apply Click Apply to save your changes back to the Prestige. Cancel Click Cancel to begin configuring this screen afresh.
Page 97: Authentication Required: Wpa-Psk
Prestige 2602HW Series User’s Guide Table 19 Wireless LAN: 802.1x/WPA for WPA Protocol LABEL DESCRIPTION Key Management Choose WPA in this field. Protocol WPA Mixed Mode The Prestige can operate in WPA Mixed Mode, which supports both clients running WPA and clients running dynamic WEP key exchange with 802.1x in the same Wi-Fi network.
Page 98: Figure 33 Wireless Lan: 802.1X/Wpa For Wpa-Psk Protocol
Prestige 2602HW Series User’s Guide Figure 33 Wireless LAN: 802.1x/WPA for WPA-PSK Protocol The following table describes the labels not previously discussed. Table 20 Wireless LAN: 802.1x/WPA for WPA-PSK Protocol LABEL DESCRIPTION Key Management Choose WPA-PSK in this field. Protocol Pre-Shared Key The encryption mechanisms used for WPA and WPA-PSK are the same.
Page 99: Configuring Local User Authentication
Prestige 2602HW Series User’s Guide 6.13 Configuring Local User Authentication By storing user profiles locally, your Prestige is able to authenticate wireless users without interacting with a network RADIUS server. However, there is a limit on the number of users you may authenticate in this way.
Page 100: Configuring Radius
Prestige 2602HW Series User’s Guide Table 21 Local User Database LABEL DESCRIPTION This is the index number of a local user account. Active Select this check box to enable the user profile. User Name Enter the user name of the user profile.
Page 101: Table 22 Radius
Prestige 2602HW Series User’s Guide Table 22 RADIUS LABEL DESCRIPTION Authentication Server Active Select Yes from the drop-down list box to enable user authentication through an external authentication server. Server IP Address Enter the IP address of the external authentication server in dotted decimal notation.
Page 102 Prestige 2602HW Series User’s Guide Chapter 6 Wireless LAN Setup...
Page 103: Chapter 7 Wan Setup
Prestige 2602HW Series User’s Guide H A P T E R WAN Setup This chapter describes how to configure WAN settings. 7.1 WAN Overview A WAN (Wide Area Network) is an outside connection to another network or the Internet. Chapter 3 Wizard Setup for more information on the fields in the WAN screens.
Page 104: Pppoe Encapsulation
Prestige 2602HW Series User’s Guide 7.3 PPPoE Encapsulation The Prestige supports PPPoE (Point-to-Point Protocol over Ethernet). PPPoE is an IETF Draft standard (RFC 2516) specifying how a personal computer (PC) interacts with a broadband modem (DSL, cable, wireless, etc.) connection. The PPPoE option is for a dial-up connection using PPPoE.
Page 105: Zero Configuration Internet Access
Prestige 2602HW Series User’s Guide Figure 36 Example of Traffic Shaping 7.5 Zero Configuration Internet Access Once you turn on and connect the Prestige to a telephone jack, it automatically detects the Internet connection settings (such as the VCI/VPI numbers and the encapsulation method) from the ISP and makes the necessary configuration changes.
Page 106: Figure 37 Wan Setup (Pppoe)
Prestige 2602HW Series User’s Guide Figure 37 WAN Setup (PPPoE) The following table describes the fields in this screen. Table 23 WAN Setup LABEL DESCRIPTION Name Enter the name of your Internet Service Provider, e.g., MyISP. This information is for identification purposes only.
Page 107 Prestige 2602HW Series User’s Guide Table 23 WAN Setup (continued) LABEL DESCRIPTION Encapsulation Select the method of encapsulation used by your ISP from the drop-down list box. Choices vary depending on the mode you select in the Mode field. If you select Bridge in the Mode field, select either PPPoA or RFC 1483.
Page 108: Traffic Redirect
Prestige 2602HW Series User’s Guide Table 23 WAN Setup (continued) LABEL DESCRIPTION Connect on Demand Select Connect on Demand when you don't want the connection up all the time and specify an idle time-out in the Max Idle Timeout field.
Page 109: Configuring Wan Backup
Prestige 2602HW Series User’s Guide Figure 38 Traffic Redirect Example The following network topology allows you to avoid triangle route security issues when the backup gateway is connected to the LAN. Use IP alias to configure the LAN into two or three logical networks with the Prestige itself as the gateway for each LAN network.
Page 110: Figure 40 Wan Backup
Prestige 2602HW Series User’s Guide Figure 40 WAN Backup The following table describes the fields in this screen. Table 24 WAN Backup LABEL DESCRIPTION Backup Type Select the method that the Prestige uses to check the DSL connection. Select DSL Link to have the Prestige check if the connection to the DSLAM is up.
Page 111 Prestige 2602HW Series User’s Guide Table 24 WAN Backup (continued) LABEL DESCRIPTION Timeout Type the number of seconds (3 recommended) for your Prestige to wait for a ping response from one of the IP addresses in the Check WAN IP Address field before timing out the request.
Page 112 Prestige 2602HW Series User’s Guide Chapter 7 WAN Setup...
Page 113: Network Address Translation (Nat) Screens
Prestige 2602HW Series User’s Guide H A P T E R Network Address Translation (NAT) Screens This chapter discusses how to configure NAT on the Prestige. 8.1 NAT Overview NAT (Network Address Translation - NAT, RFC 1631) is the translation of the IP address of a host in a packet, for example, the source address of an outgoing packet, used within one network to a different IP address known within another network.
Page 114: What Nat Does
Prestige 2602HW Series User’s Guide 8.1.2 What NAT Does In the simplest form, NAT changes the source IP address in a packet received from a subscriber (the inside local address) to another (the inside global address) before forwarding the packet to the WAN side. When the response comes back, NAT translates the destination address (the inside global address) back to the inside local address before forwarding it to the original inside host.
Page 115: Nat Application
Prestige 2602HW Series User’s Guide Figure 41 How NAT Works 8.1.4 NAT Application The following figure illustrates a possible NAT application, where three inside LANs (logical LANs using IP Alias) behind the Prestige can communicate with three distinct WAN networks. More examples follow at the end of this chapter.
Page 116: Sua (Single User Account) Versus Nat
Prestige 2602HW Series User’s Guide • One to One: In One-to-One mode, the Prestige maps one local IP address to one global IP address. • Many to One: In Many-to-One mode, the Prestige maps multiple local IP addresses to one global IP address. This is equivalent to SUA (for instance, PAT, port address translation), ZyXEL’s Single User Account feature that previous ZyXEL routers...
Page 117: Sua Server
Prestige 2602HW Series User’s Guide 8.3 SUA Server A SUA server set is a list of inside (behind NAT on the LAN) servers, for example, web or FTP, that you can make visible to the outside world even though SUA makes your whole inside network appear as a single computer to the outside world.
Page 118: Configuring Servers Behind Sua (Example)
Prestige 2602HW Series User’s Guide 8.3.3 Configuring Servers Behind SUA (Example) Let's say you want to assign ports 21-25 to one FTP, Telnet and SMTP server (A in the example), port 80 to another (B in the example) and assign a default server IP address of 192.168.1.35 to a third (C in the example).
Page 119: Configuring Sua Server
Prestige 2602HW Series User’s Guide Table 28 NAT Mode (continued) LABEL DESCRIPTION Full Feature Select this radio button if you have multiple public WAN IP addresses for your Prestige. Edit Details Click this link to go to the NAT - Address Mapping Rules screen.
Page 120: Figure 45 Edit Sua/Nat Server Set
Prestige 2602HW Series User’s Guide Figure 45 Edit SUA/NAT Server Set The following table describes the fields in this screen. Table 29 Edit SUA/NAT Server Set LABEL DESCRIPTION Start Port No. Enter a port number in this field. To forward only one port, enter the port number again in the End Port No. field.
Page 121: Configuring Address Mapping
Prestige 2602HW Series User’s Guide 8.6 Configuring Address Mapping Ordering your rules is important because the Prestige applies the rules in the order that you specify. When a rule matches the current packet, the Prestige takes the corresponding action and the remaining rules are ignored. If there are any empty rules before your new configured rule, your configured rule will be pushed up by that number of empty rules.
Page 122: Editing An Address Mapping Rule
Prestige 2602HW Series User’s Guide Table 30 Address Mapping Rules (continued) LABEL DESCRIPTION Type 1-1: One-to-one mode maps one local IP address to one global IP address. Note that port numbers do not change for the One-to-one NAT mapping type.
Page 123: Table 31 Address Mapping Rule Edit
Prestige 2602HW Series User’s Guide Table 31 Address Mapping Rule Edit LABEL DESCRIPTION Type Choose the port mapping type from one of the following. • One-to-One: One-to-One mode maps one local IP address to one global IP address. Note that port numbers do not change for One-to-one NAT mapping type.
Page 124 Prestige 2602HW Series User’s Guide Chapter 8 Network Address Translation (NAT) Screens...
Page 125: Introduction To Voip
Prestige 2602HW Series User’s Guide H A P T E R Introduction to VoIP This chapter provides background information on VoIP and SIP. 9.1 Introduction to VoIP VoIP is the sending of voice signals over the Internet Protocol. This allows you to make phone calls and send faxes over the Internet at a fraction of the cost of using the traditional circuit- switched telephone network.
Page 126: Sip Call Progression
Prestige 2602HW Series User’s Guide 9.2.2 SIP Call Progression The following figure displays the basic steps in the setup and tear down of a SIP call. A calls Table 32 SIP Call Progression 1. INVITE 2. Ringing 3. OK 4. ACK 5.Dialogue (voice traffic)
Page 127: Sip Proxy Server
Prestige 2602HW Series User’s Guide Figure 48 SIP User Agent Server 9.2.3.2 SIP Proxy Server A SIP proxy server receives requests from clients and forwards them to another server. In the following example, you want to use client device A to call someone who is using client device C.
Page 128: Sip Register Server
Prestige 2602HW Series User’s Guide Figure 50 SIP Redirect Server 9.2.3.4 SIP Register Server A SIP register server maintains a database of SIP identity-to-IP address (or domain name) mapping. The register server checks your user name and password when you register.
Page 129: Voice Coding
Prestige 2602HW Series User’s Guide 9.5 Voice Coding A codec (coder/decoder) codes analog voice signals into digital signals and decodes the digital signals back into voice signals. The Prestige supports the following codecs. 9.5.1 G.711 G.711 is a Pulse Code Modulation (PCM) waveform codec. G.711 provides very good sound quality but requires 64kbps of bandwidth.
Page 130 Prestige 2602HW Series User’s Guide Chapter 9 Introduction to VoIP...
Page 131: Chapter 10 Voice Screens
Prestige 2602HW Series User’s Guide H A P T E R Voice Screens This chapter describes how to configure advanced VoIP, QoS, phone and phone book settings. 10.1 Voice Screens Introduction This chapter covers the configuration of the VoIP screens.
Page 132: Advanced Voice Settings Configuration
Prestige 2602HW Series User’s Guide Table 33 SIP Settings LABEL DESCRIPTION SIP Account You can configure the Prestige to use multiple SIP accounts. Select one to configure its settings on the Prestige. Active SIP Select this check box to have the Prestige use this SIP account. Clear the check box to have the Prestige not use this SIP account.
Page 133: Figure 52 Voice Advanced Setup
Prestige 2602HW Series User’s Guide Figure 52 Voice Advanced Setup The following table describes the labels in this screen. Table 34 Voice Advanced Setup LABEL DESCRIPTION Advanced VoIP This read-only field displays the number of the SIP account that you are Settings configuring.
Page 134: Quality Of Service (Qos)
Prestige 2602HW Series User’s Guide Table 34 Voice Advanced Setup (continued) LABEL DESCRIPTION Min-SE When two SIP devices negotiate a SIP session, they must negotiate a common expiration time for idle SIP sessions. This field sets the shortest expiration time that the Prestige will accept.
Page 135: Diffserv
Prestige 2602HW Series User’s Guide 10.4.2 DiffServ DiffServ is a class of service (CoS) model that marks packets so that they receive specific per- hop treatment at DiffServ-compliant network devices along the route based on the application types and traffic flow. Packets are marked with DiffServ Code Points (DSCPs) indicating the level of service desired.
Page 136: Phone
Prestige 2602HW Series User’s Guide Figure 54 QoS The following table describes the labels in this screen. Table 35 QoS LABEL DESCRIPTION SIP TOS Priority Type a priority for voice transmissions. The Prestige applies Type of Service priority tags with this priority to voice traffic that it transmits. Priorities 6 and 7 are reserved for network control traffic.
Page 137: Comfort Noise Generation
Prestige 2602HW Series User’s Guide 10.6.2 Comfort Noise Generation When using VAD, the Prestige generates and sends comfort noise when you are not speaking. Comfort noise uses the lowest possible transmission bandwidth to match the background noise. The comfort noise lets the person at the other end of the connection know that the line is still connected (total silence would easily be mistaken for a lost connection).
Page 138: Speed Dial
Prestige 2602HW Series User’s Guide Table 36 Phone (continued) LABEL DESCRIPTION Listening Volume Use this field to set the loudness that the Prestige uses for the speech signal that it receives from the peer device and sends to your phone. -1 is the quietest and 1 is the loudest.
Page 139: Figure 56 Speed Dial
Prestige 2602HW Series User’s Guide Figure 56 Speed Dial The following table describes the labels in this screen. Table 37 Speed Dial LABEL DESCRIPTION Add New Entry Use this section of the screen to edit and save new or existing speed dial phone book entries.
Page 140: Lifeline (Prestige 2602Hwl)
Prestige 2602HW Series User’s Guide Table 37 Speed Dial (continued) LABEL DESCRIPTION Name This is the descriptive name of the party that you will use this speed dial entry to call. Destination This field displays Use Proxy if calls to this party use one of your SIP accounts.
Page 141: Figure 57 Lifeline
Prestige 2602HW Series User’s Guide Figure 57 Lifeline The following table describes the labels in this screen. Table 38 Lifeline LABEL DESCRIPTION PSTN Pre-fix Specify the prefix number for dialing regular calls when the VoIP service is Number available. Relay to PSTN Use these fields to specify phone numbers to which the Prestige will always send calls through the regular phone service without the need of dialing a prefix number.
Page 142 Prestige 2602HW Series User’s Guide Chapter 10 Voice Screens...
Page 143: Chapter 11 Dynamic Dns Setup
Prestige 2602HW Series User’s Guide H A P T E R Dynamic DNS Setup This chapter discusses how to configure your Prestige to use Dynamic DNS. 11.1 Dynamic DNS Dynamic DNS allows you to update your current dynamic IP address with one or many dynamic DNS services so that anyone can contact you (in NetMeeting, CU-SeeMe, etc.).
Page 144: Figure 58 Dynamic Dns
Prestige 2602HW Series User’s Guide Figure 58 Dynamic DNS The following table describes the fields in this screen. Table 39 Dynamic DNS LABEL DESCRIPTION Active Select this check box to use dynamic DNS. Service Provider This is the name of your Dynamic DNS service provider.
Page 145: Chapter 12 Time And Date
Prestige 2602HW Series User’s Guide H A P T E R Time and Date Use this screen to configure the Prestige’s time and date settings. 12.1 Pre-defined NTP Time Servers List The Prestige uses the following pre-defined list of NTP time servers if you do not specify a time server or it cannot synchronize with the time server you specified.
Page 146: Figure 59 Time And Date
Prestige 2602HW Series User’s Guide Figure 59 Time and Date The following table describes the fields in this screen. Table 41 Time and Date LABEL DESCRIPTION Time Server Use Protocol when Select the time service protocol that your time server sends when you turn on the Bootup Prestige.
Page 147 Prestige 2602HW Series User’s Guide Table 41 Time and Date (continued) LABEL DESCRIPTION End Date Enter the month and day that your daylight-savings time ends on if you selected Daylight Savings. Synchronize Select this option to have your Prestige use the time server (that you configured system clock with above) to set its internal system clock.
Page 148 Prestige 2602HW Series User’s Guide Chapter 12 Time and Date...
Page 149: Chapter 13 Firewalls
Prestige 2602HW Series User’s Guide H A P T E R Firewalls This chapter gives some background information on firewalls and introduces the Prestige firewall. 13.1 Firewall Overview Originally, the term firewall referred to a construction technique designed to prevent the spread of fire from one room to another.
Page 150: Stateful Inspection Firewalls
Prestige 2602HW Series User’s Guide Information hiding prevents the names of internal systems from being made known via DNS to outside systems, since the application gateway is the only host whose name must be made known to outside systems. Robust authentication and logging pre-authenticates application traffic before it reaches internal hosts and causes it to be logged more effectively than if it were logged with standard host logging.
Page 151: Denial Of Service Attacks
Prestige 2602HW Series User’s Guide 13.3.1 Denial of Service Attacks Figure 60 Prestige Firewall Application 13.4 Denial of Service Denials of Service (DoS) attacks are aimed at devices and networks with a connection to the Internet. Their goal is not to steal information, but to disable a device or network so users no longer have access to network resources.
Page 152: Types Of Dos Attacks
Prestige 2602HW Series User’s Guide Table 42 Common IP Ports Telnet HTTP SMTP POP3 13.4.2 Types of DoS Attacks There are four types of DoS attacks: 1 Those that exploit bugs in a TCP/IP implementation. 2 Those that exploit weaknesses in the TCP/IP specification.
Page 153: Figure 61 Three-Way Handshake
Prestige 2602HW Series User’s Guide Figure 61 Three-Way Handshake Under normal circumstances, the application that initiates a session sends a SYN (synchronize) packet to the receiving server. The receiver sends back an ACK (acknowledgment) packet and its own SYN, and then the initiator responds with an ACK (acknowledgment).
Page 154: Icmp Vulnerability
Prestige 2602HW Series User’s Guide amount of ICMP echo request and response traffic. If a hacker chooses to spoof the source IP address of the ICMP echo request packet, the resulting ICMP traffic will not only clog up the "intermediary" network, but will also congest the network of the spoofed source IP address, known as the "victim"...
Page 155: Traceroute
Prestige 2602HW Series User’s Guide Table 45 Legal SMTP Commands AUTH DATA EHLO ETRN EXPN HELO HELP MAIL NOOP QUIT RCPT RSET SAML SEND SOML TURN VRFY 13.4.2.3 Traceroute Traceroute is a utility used to determine the path a packet takes between two endpoints.
Page 156: Stateful Inspection Process
Prestige 2602HW Series User’s Guide Figure 64 Stateful Inspection The previous figure shows the Prestige’s default firewall rules in action as well as demonstrates how stateful inspection works. User A can initiate a Telnet session from within the LAN and responses to this request are allowed. However other Telnet traffic initiated from the WAN is blocked.
Page 157: Stateful Inspection And The Prestige
Prestige 2602HW Series User’s Guide temporary entries might be modified, in order to permit only packets that are valid for the current state of the connection. 8 Any additional inbound or outbound packets that belong to the connection are inspected to update the state table entry and to modify the temporary inbound access list entries as required, and are forwarded through the interface.
Page 158: Udp/Icmp Security
Prestige 2602HW Series User’s Guide If an initiation packet originates on the LAN, this means that someone is trying to make a connection from the LAN to the Internet. Assuming that this is an acceptable part of the security policy (as is the case with the default policy), the connection will be allowed. A cache entry is added which includes connection information such as IP addresses, TCP ports, sequence numbers, etc.
Page 159: Guidelines For Enhancing Security With Your Firewall
Prestige 2602HW Series User’s Guide Any protocol that operates in this way must be supported on a case-by-case basis. You can use the web configurator’s Custom Ports feature to do this. 13.6 Guidelines for Enhancing Security with Your Firewall • Change the default password via SMT or web configurator.
Page 160: Packet Filtering Vs Firewall
Prestige 2602HW Series User’s Guide • Upgrade your software regularly. Many older versions of software, especially web browsers, have well known security deficiencies. When you upgrade to the latest versions, you get the latest patches and fixes. • If you use “chat rooms” or IRC sessions, be careful with any information you reveal to strangers.
Page 161: When To Use The Firewall
Prestige 2602HW Series User’s Guide • The firewall provides e-mail service to notify you of routine reports and when alerts occur. 13.7.2.1 When To Use The Firewall • To prevent DoS attacks and prevent hackers cracking your network. • A range of source and destination IP addresses as well as port numbers can be specified within one firewall rule making the firewall a better choice when complex rules are required.
Page 162 Prestige 2602HW Series User’s Guide Chapter 13 Firewalls...
Page 163: Firewall Configuration
Prestige 2602HW Series User’s Guide H A P T E R Firewall Configuration This chapter shows you how to enable and configure the Prestige firewall. 14.1 Access Methods The web configurator is, by far, the most comprehensive firewall configuration tool your Prestige has to offer.
Page 164: Rule Logic Overview
Prestige 2602HW Series User’s Guide You may define additional rules and sets or modify existing ones but please exercise extreme caution in doing so. Note: If you configure firewall rules without a good understanding of how they work, you might inadvertently introduce security risks to the firewall and to the protected network.
Page 165: Security Ramifications
Prestige 2602HW Series User’s Guide 14.3.2 Security Ramifications 1 Once the logic of the rule has been defined, it is critical to consider the security ramifications created by the rule: 2 Does this rule stop LAN users from accessing critical resources on the Internet? For...
Page 166: Lan To Wan Rules
Prestige 2602HW Series User’s Guide LAN to LAN/ Router and WAN to WAN/ Router rules applies to packets coming in on the associated interface (LAN or WAN respectively). LAN to LAN/ Router means policies for LAN-to-Prestige (the policies for managing the Prestige through the LAN interface) and policies for LAN-to-LAN (the policies that control routing between two subnets on the LAN).
Page 167: Alerts
Prestige 2602HW Series User’s Guide 14.4.3 Alerts Alerts are reports on events, such as attacks, that you may want to know about right away. You can choose to generate an alert when an attack is detected in the Edit Rule screen (select the...
Page 168: Rule Summary
Prestige 2602HW Series User’s Guide Table 46 Firewall: Default Policy (continued) LABEL DESCRIPTION Packet Direction This is the direction of travel of packets (LAN to LAN/Router, LAN to WAN, WAN to WAN/Router or WAN to LAN. Firewall rules are grouped based on the direction of travel of packets to which they apply.
Page 169: Figure 68 Firewall: Rule Summary
Prestige 2602HW Series User’s Guide Figure 68 Firewall: Rule Summary Table 47 Rule Summary LABEL DESCRIPTION Firewall Rules This read-only bar shows how much of the Prestige's memory for recording firewall Storage Space rules it is currently using. When you are using 80% or less of the storage space, the in Use bar is green.
Page 170: Configuring Firewall Rules
Prestige 2602HW Series User’s Guide Table 47 Rule Summary (continued) LABEL DESCRIPTION Schedule This field tells you whether a schedule is specified (Yes) or not (No). This field shows you whether a log is created when packets match this rule (Enabled) or not (Disable).
Page 171: Figure 69 Firewall: Edit Rule
Prestige 2602HW Series User’s Guide Figure 69 Firewall: Edit Rule The following table describes the labels in this screen. Chapter 14 Firewall Configuration...
Page 172: Table 48 Firewall: Edit Rule
Prestige 2602HW Series User’s Guide Table 48 Firewall: Edit Rule LABEL DESCRIPTION Active Select this option to enable this firewall rule. Action for Matched Use the radio button to select whether to discard (Block) or allow the passage of Packet (Forward) packets that match this rule.
Page 173: Customized Services
Prestige 2602HW Series User’s Guide 14.7 Customized Services Configure customized services and port numbers not predefined by the Prestige. For a comprehensive list of port numbers and services, visit the IANA (Internet Assigned Number Authority) website. For further information on these services, please read...
Page 174: Example Firewall Rule
Prestige 2602HW Series User’s Guide Figure 71 Firewall: Configure Customized Services The following table describes the labels in this screen. Table 50 Firewall: Configure Customized Services LABEL DESCRIPTION Service Name Type a unique name for your custom port. Service Type Choose the IP port (TCP, UDP or TCP/UDP) that defines your customized port from the drop down list box.
Page 175: Figure 72 Firewall Example: Rule Summary
Prestige 2602HW Series User’s Guide Figure 72 Firewall Example: Rule Summary 3 In the Rule Summary screen, type the index number for where you want to put the rule. For example, if you type “6”, your new rule becomes number 6 and the previous rule 6 (if there is one) becomes rule 7.
Page 176: Figure 73 Firewall Example: Edit Rule: Destination Address
Prestige 2602HW Series User’s Guide Figure 73 Firewall Example: Edit Rule: Destination Address 7 In the Edit Rule screen, click the Edit Customized Services link to open the Customized Services screen. 8 Click the number of a customized service to open the configuration screen. Configure it as follows and click Apply.
Page 177: Figure 75 Firewall Example: Edit Rule: Select Customized Services
Prestige 2602HW Series User’s Guide Figure 75 Firewall Example: Edit Rule: Select Customized Services Note: Custom ports show up with an “*” before their names in the Services list box and the Rule Summary list box. Click Apply after you’ve created your custom port.
Page 178: Predefined Services
Prestige 2602HW Series User’s Guide Rule 2 allows a “My Service” connection from the WAN to IP addresses 10.0.0.10 through 10.0.0.15 on the LAN. Figure 76 Firewall Example: Rule Summary: My Service 14.10 Predefined Services The Available Services list box in the Edit Rule screen (see the Configuring Firewall Rules section) displays all predefined services that the Prestige already supports.
Page 179 Prestige 2602HW Series User’s Guide Table 51 Predefined Services (continued) SERVICE DESCRIPTION FTP(TCP:20.21) File Transfer Program, a program to enable fast transfer of files, including large files that may not be possible by e-mail. H.323(TCP:1720) Net Meeting uses this protocol.
Page 180: Anti-Probing
Prestige 2602HW Series User’s Guide Table 51 Predefined Services (continued) SERVICE DESCRIPTION SQL-NET(TCP:1521) Structured Query Language is an interface to access data on many different types of database systems, including mainframes, midrange systems, UNIX systems and network servers. SSDP(UDP:1900) Simole Service Discovery Protocol (SSDP) is a discovery service searching for Universal Plug and Play devices on your home network or upstream Internet gateways using DUDP port 1900.
Page 181: Configuring Attack Alert
Prestige 2602HW Series User’s Guide Figure 77 Firewall: Anti Probing The following table describes the labels in this screen. Table 52 Firewall: Anti Probing LABEL DESCRIPTION Respond to PING The Prestige does not respond to any incoming Ping requests when Disable is selected.
Page 182: Threshold Values
Prestige 2602HW Series User’s Guide 14.12.1 Threshold Values Tune these parameters when something is not working and after you have checked the firewall counters. These default values should work fine for most small offices. Factors influencing choices for threshold values are: •...
Page 183: Figure 78 Firewall: Threshold
Prestige 2602HW Series User’s Guide Whenever the number of half-open sessions with the same destination host address rises above a threshold (TCP Maximum Incomplete), the Prestige starts deleting half-open sessions according to one of the following methods: • If the Blocking Time timeout is 0 (the default), then the Prestige deletes the oldest existing half-open session for the host for every new connection request to the host.
Page 184 Prestige 2602HW Series User’s Guide Table 53 Firewall: Threshold (continued) LABEL DESCRIPTION DEFAULT VALUES One Minute High This is the rate of new half-open sessions that 100 half-open sessions per minute. causes the firewall to start deleting half-open The above numbers cause the sessions.
Page 185: Chapter 15 Content Filtering
Prestige 2602HW Series User’s Guide H A P T E R Content Filtering This chapter covers how to configure content filtering. 15.1 Content Filtering Overview Internet content filtering allows you to create and enforce Internet access policies tailored to your needs. Content filtering gives you the ability to block web sites that contain key words (that you specify) in the URL.
Page 186: Configuring The Schedule
Prestige 2602HW Series User’s Guide Figure 79 Content Filter: Keyword The following table describes the labels in this screen. Table 54 Content Filter: Keyword LABEL DESCRIPTION Enable Keyword Blocking Select this check box to enable this feature. Block Websites that contain...
Page 187: Configuring Trusted Computers
Prestige 2602HW Series User’s Guide Figure 80 Content Filter: Schedule The following table describes the labels in this screen. Table 55 Content Filter: Schedule LABEL DESCRIPTION Days to Block: Select a check box to configure which days of the week (or everyday) you want the content filtering to be active.
Page 188: Figure 81 Content Filter: Trusted
Prestige 2602HW Series User’s Guide Figure 81 Content Filter: Trusted The following table describes the labels in this screen. Table 56 Content Filter: Trusted LABEL DESCRIPTION Trusted User IP Range From Type the IP address of a computer (or the beginning IP address of a specific range of computers) on the LAN that you want to exclude from content filtering.
Page 189: Remote Management Configuration
Prestige 2602HW Series User’s Guide H A P T E R Remote Management Configuration This chapter provides information on configuring remote management. 16.1 Remote Management Overview Remote management allows you to determine which services/protocols can access which Prestige interface (if any) from which computers.
Page 190: Remote Management And Nat
Prestige 2602HW Series User’s Guide • A filter in SMT menu 3.1 (LAN) or in menu 11.5 (WAN) is applied to block a Telnet, FTP or Web service. • You have disabled that service in one of the remote management screens.
Page 191: Web
Prestige 2602HW Series User’s Guide 16.4 Web You can use the Prestige’s embedded web configurator for configuration and file management. See the online help for details. 16.5 Configuring Remote Management Click Remote Management to open the following screen. Figure 83 Remote Management The following table describes the fields in this screen.
Page 192 Prestige 2602HW Series User’s Guide Chapter 16 Remote Management Configuration...
Page 193: Universal Plug-And-Play (Upnp)
Prestige 2602HW Series User’s Guide H A P T E R Universal Plug-and-Play (UPnP) This chapter introduces the UPnP feature in the web configurator. 17.1 Introducing Universal Plug and Play Universal Plug and Play (UPnP) is a distributed, open networking standard that uses TCP/IP for simple peer-to-peer network connectivity between devices.
Page 194: Upnp And Zyxel
Prestige 2602HW Series User’s Guide All UPnP-enabled devices may communicate freely with each other without additional configuration. Disable UPnP if this is not your intention. 17.2 UPnP and ZyXEL ZyXEL has achieved UPnP certification from the Universal Plug and Play Forum Creates UPnP™...
Page 195: Installing Upnp In Windows Example
Prestige 2602HW Series User’s Guide Table 58 Configuring UPnP LABEL DESCRIPTION Enable the Universal Plug Select this checkbox to activate UPnP. Be aware that anyone could use and Play (UPnP) Service a UPnP application to open the web configurator's login screen without entering the Prestige's IP address (although you must still enter the password to access the web configurator).
Page 196: Figure 85 Add/Remove Programs: Windows Setup: Communication
Prestige 2602HW Series User’s Guide Figure 85 Add/Remove Programs: Windows Setup: Communication 3 In the Communications window, select the Universal Plug and Play check box in the Components selection box. Figure 86 Add/Remove Programs: Windows Setup: Communication: Components 4 Click OK to go back to the Add/Remove Programs Properties window and click Next.
Page 197: Figure 87 Network Connections
Prestige 2602HW Series User’s Guide Installing UPnP in Windows XP Follow the steps below to install the UPnP in Windows XP. 1 Click Start and Control Panel. 2 Double-click Network Connections. 3 In the Network Connections window, click Advanced in the main menu and select Optional Networking Components ….
Page 198: Figure 88 Windows Optional Networking Components Wizard
Prestige 2602HW Series User’s Guide Figure 88 Windows Optional Networking Components Wizard 5 In the Networking Services window, select the Universal Plug and Play check box. Chapter 17 Universal Plug-and-Play (UPnP)
Page 199: Using Upnp In Windows Xp Example
Prestige 2602HW Series User’s Guide Figure 89 Networking Services 6 Click OK to go back to the Windows Optional Networking Component Wizard window and click Next. 17.4 Using UPnP in Windows XP Example This section shows you how to use the UPnP feature in Windows XP. You must already have UPnP installed in Windows XP and UPnP activated on the Prestige.
Page 200: Figure 90 Network Connections
Prestige 2602HW Series User’s Guide Figure 90 Network Connections 3 In the Internet Connection Properties window, click Settings to see the port mappings there were automatically created. Chapter 17 Universal Plug-and-Play (UPnP)
Page 201: Figure 91 Internet Connection Properties
Prestige 2602HW Series User’s Guide Figure 91 Internet Connection Properties 4 You may edit or delete the port mappings or click Add to manually add port mappings. Chapter 17 Universal Plug-and-Play (UPnP)
Page 202: Figure 92 Internet Connection Properties: Advanced Settings
Prestige 2602HW Series User’s Guide Figure 92 Internet Connection Properties: Advanced Settings Figure 93 Internet Connection Properties: Advanced Settings: Add 5 When the UPnP-enabled device is disconnected from your computer, all port mappings will be deleted automatically. 6 Select Show icon in notification area when connected option and click OK. An icon displays in the system tray.
Page 203: Figure 94 System Tray Icon
Prestige 2602HW Series User’s Guide Figure 94 System Tray Icon 7 Double-click on the icon to display your current Internet connection status. Figure 95 Internet Connection Status Web Configurator Easy Access With UPnP, you can access the web-based configurator on the Prestige without finding out the IP address of the Prestige first.
Page 204: Figure 96 Network Connections
Prestige 2602HW Series User’s Guide Figure 96 Network Connections 4 An icon with the description for each UPnP-enabled device displays under Local Network. 5 Right-click on the icon for your Prestige and select Invoke. The web configurator login screen displays.
Page 205: Figure 97 Network Connections: My Network Places
Prestige 2602HW Series User’s Guide Figure 97 Network Connections: My Network Places 6 Right-click on the icon for your Prestige and select Properties. A properties window displays with basic information about the Prestige. Figure 98 Network Connections: My Network Places: Properties: Example...
Page 206 Prestige 2602HW Series User’s Guide Chapter 17 Universal Plug-and-Play (UPnP)
Page 207: Chapter 18 Logs Screens
Prestige 2602HW Series User’s Guide H A P T E R Logs Screens This chapter contains information about configuring general log settings and viewing the Prestige’s logs. Refer to the appendix for example log message explanations. 18.1 Logs Overview The web configurator allows you to choose which categories of events and/or alerts to have the Prestige log and then display the logs or have the Prestige send them to an administrator (as e-mail) or to a syslog server.
Page 208: Figure 99 Log Settings
Prestige 2602HW Series User’s Guide Figure 99 Log Settings The following table describes the fields in this screen. Table 59 Log Settings LABEL DESCRIPTION Address Info Mail Server Enter the server name or the IP address of the mail server for the e-mail addresses specified below.
Page 209: Displaying The Logs
Prestige 2602HW Series User’s Guide Table 59 Log Settings (continued) LABEL DESCRIPTION Send alerts to Alerts are sent to the e-mail address specified in this field. If this field is left blank, alerts will not be sent via e-mail. UNIX Syslog Syslog logging sends a log to an external syslog server used to store logs.
Page 210: Smtp Error Messages
Prestige 2602HW Series User’s Guide Figure 100 View Logs The following table describes the fields in this screen. Table 60 View Logs LABEL DESCRIPTION Display The categories that you select in the Log Settings screen (see section ) display in the drop-down list box.
Page 211: Example E-Mail Log
Prestige 2602HW Series User’s Guide Table 61 SMTP Error Messages (continued) -6 means RCPT TO fail -7 means DATA fail -8 means mail data send fail 18.4.1 Example E-mail Log An "End of Log" message displays for each mail in which a complete log has been sent. The following is an example of a log sent by e-mail.
Page 212 Prestige 2602HW Series User’s Guide Chapter 18 Logs Screens...
Page 213: Chapter 19 Maintenance
Prestige 2602HW Series User’s Guide H A P T E R Maintenance This chapter displays system information such as ZyNOS firmware, port IP addresses and port traffic statistics. 19.1 Maintenance Overview The maintenance screens can help you view system information, upload new firmware, manage configuration and restart your Prestige.
Page 214: Figure 102 System Status
Prestige 2602HW Series User’s Guide Figure 102 System Status Chapter 19 Maintenance...
Page 215: Table 62 System Status
Prestige 2602HW Series User’s Guide The following table describes the fields in this screen. Table 62 System Status LABEL DESCRIPTION System Status System Name This is the name of your Prestige. It is for identification purposes. ZyNOS Firmware This is the ZyNOS firmware version and the date created. ZyNOS is ZyXEL's Version proprietary Network Operating System design.
Page 216: System Statistics
Prestige 2602HW Series User’s Guide 19.2.1 System Statistics Click Show Statistics in the System Status screen to open the following screen. Read-only information here includes port status and packet specific statistics. Also provided are "system up time" and "poll interval(s)". The Poll Interval(s) field is configurable.
Page 217: Dhcp Table Screen
Prestige 2602HW Series User’s Guide Table 63 System Status: Show Statistics (continued) LABEL DESCRIPTION Status For the WAN port, this displays the port speed and duplex setting if you're using Ethernet encapsulation and down (line is down), idle (line (ppp) idle), dial (starting to trigger a call) and drop (dropping a call) if you're using PPPoE encapsulation.
Page 218: Any Ip Table Screen
Prestige 2602HW Series User’s Guide Figure 104 DHCP Table The following table describes the fields in this screen. Table 64 DHCP Table LABEL DESCRIPTION Host Name This is the name of the host computer. IP Address This field displays the IP address relative to the Host Name field.
Page 219: Wireless Screen
Prestige 2602HW Series User’s Guide Table 65 Any IP Table LABEL DESCRIPTION MAC Address This field displays the MAC (Media Access Control) address of the computer with the displayed IP address. Every Ethernet device has a unique MAC address. The MAC address is assigned at the factory and consists of six pairs of hexadecimal characters, for example, 00:A0:C5:00:00:02.
Page 220: Diagnostic Screens
Prestige 2602HW Series User’s Guide 19.6 Diagnostic Screens These read-only screens display information to help you identify problems with the Prestige. 19.6.1 Diagnostic General Screen Click Diagnostic and then General to open the screen shown next. Figure 107 Diagnostic: General The following table describes the fields in this screen.
Page 221: Figure 108 Diagnostic: Dsl Line
Prestige 2602HW Series User’s Guide Figure 108 Diagnostic: DSL Line The following table describes the fields in this screen. Table 68 Diagnostic: DSL Line LABEL DESCRIPTION Reset ADSL Click this button to reinitialize the ADSL line. The large text box above then displays...
Page 222: Firmware Screen
Prestige 2602HW Series User’s Guide 19.7 Firmware Screen Find firmware at www.zyxel.com in a file that (usually) uses the system model name with a "*.bin" extension, e.g., "Prestige.bin". The upload process uses HTTP (Hypertext Transfer Protocol) and may take up to two minutes. After a successful upload, the system will reboot.
Page 223: Figure 110 Network Temporarily Disconnected
Prestige 2602HW Series User’s Guide After you see the Firmware Upload in Process screen, wait two minutes before logging into the Prestige again. The Prestige automatically restarts in this time causing a temporary network disconnect. In some operating systems, you may see the following icon on your desktop.
Page 224 Prestige 2602HW Series User’s Guide Chapter 19 Maintenance...
Page 225: Chapter 20 Introducing The Smt
Prestige 2602HW Series User’s Guide H A P T E R Introducing the SMT This chapter explains how to access and navigate the System Management Terminal and gives an overview of its menus. 20.1 Introduction to the SMT The Prestige’s SMT (System Management Terminal) is a menu-driven interface that you can access from a terminal emulator through the console port or over a telnet connection.
Page 226: Entering The Password
Prestige 2602HW Series User’s Guide Figure 112 Initial Screen Copyright (c) 1994 - 2004 ZyXEL Communications Corp. initialize ch =0, ethernet address: 00:A0:C5:7A:86:D5 initialize ch =1, ethernet address: 00:A0:C5:7A:86:D6 initialize ch =2, ethernet address: 00:A0:C5:7A:86:D7 initialize ch =3, ethernet address: 00:00:00:00:00:00 AUX port init .
Page 227: Entering Password
Prestige 2602HW Series User’s Guide 20.2.4 Entering Password The login screen appears after you press [ENTER], prompting you to enter the password, as shown next. For your first login, enter the default password " ". As you type the password, the screen 1234 displays an asterisk "...
Page 228: Navigating The Smt Interface
Prestige 2602HW Series User’s Guide Figure 115 Prestige SMT Menu Overview 20.3 Navigating the SMT Interface The SMT (System Management Terminal) is the interface that you use to configure your Prestige. Several operations that you should be familiar with before you attempt to modify the configuration are listed in the table below.
Page 229: Table 71 Smt Main Menu
[ENTER] to exit the SMT interface. After you enter the password, the SMT displays the main menu, as shown next. Table 71 SMT Main Menu Copyright (c) 1994 - 2004 ZyXEL Communications Corp. Prestige 2602HW-61 Main Menu Getting Started Advanced Management 1.
Page 230: System Management Terminal Interface Summary
Prestige 2602HW Series User’s Guide 20.3.1 System Management Terminal Interface Summary Table 72 Main Menu Summary MENU TITLE DESCRIPTION General Setup Use this menu to set up your general information. WAN Backup Setup Use this menu to setup traffic redirect and dial-back up.
Page 231: Figure 116 Menu 23.1 Change Password
Prestige 2602HW Series User’s Guide Figure 116 Menu 23.1 Change Password Menu 23.1 - System Security - Change Password Old Password= ? New Password= ? Retype to confirm= ? Enter here to CONFIRM or ESC to CANCEL: 4 Type your new system password in the New Password field (up to 30 characters), and press [ENTER].
Page 232 Prestige 2602HW Series User’s Guide Chapter 20 Introducing the SMT...
Page 233: Chapter 21 Menu 1 General Setup
Prestige 2602HW Series User’s Guide H A P T E R Menu 1 General Setup Menu 1 - General Setup contains administrative and system-related information. 21.1 General Setup Menu 1 — General Setup contains administrative and system-related information (shown next). The System Name field is for identification purposes. However, because some ISPs check this name you should enter your computer's "Computer Name".
Page 234: Procedure To Configure Dynamic Dns
Prestige 2602HW Series User’s Guide Figure 117 Menu 1 General Setup Menu 1 General Setup System Name= ? Location= Contact Person's Name= Domain Name= Edit Dynamic DNS= No Route IP= Yes Bridge= No Press ENTER to Confirm or ESC to Cancel: Fill in the required fields.
Page 235: Figure 118 Menu 1.1 Configure Dynamic Dns
Prestige 2602HW Series User’s Guide Figure 118 Menu 1.1 Configure Dynamic DNS Menu 1.1 - Configure Dynamic DNS Service Provider= WWW.DynDNS.ORG Active= No Host= EMAIL= USER= Password= ******** Enable Wildcard= No Press ENTER to Confirm or ESC to Cancel: Follow the instructions in the next table to configure dynamic DNS parameters.
Page 236 Prestige 2602HW Series User’s Guide Chapter 21 Menu 1 General Setup...
Page 237: Chapter 22 Menu 2 Wan Backup Setup
Prestige 2602HW Series User’s Guide H A P T E R Menu 2 WAN Backup Setup This chapter describes how to configure traffic redirect and dial-backup using menu 2 and 2.1. 22.1 Introduction to WAN Backup Setup This chapter explains how to configure the Prestige for traffic redirect connections.
Page 238: Traffic Redirect Setup
Prestige 2602HW Series User’s Guide Table 75 Menu 2 WAN Backup Setup (continued) FIELD DESCRIPTION KeepAlive Fail Type the number of times (2 recommended) that your Prestige may ping the IP Tolerance addresses configured in the Check WAN IP Address field without getting a response before switching to a WAN backup connection (or a different WAN backup connection).
Page 239 Prestige 2602HW Series User’s Guide Table 76 Menu 2.1Traffic Redirect Setup FIELD DESCRIPTION Metric This field sets this route's priority among the routes the Prestige uses. The metric represents the "cost of transmission". A router determines the best route for transmission by choosing a path with the lowest "cost". RIP routing uses hop count as the measurement of cost, with a minimum of "1"...
Page 240 Prestige 2602HW Series User’s Guide Chapter 22 Menu 2 WAN Backup Setup...
Page 241: Chapter 23 Menu 3 Lan Setup
Prestige 2602HW Series User’s Guide H A P T E R Menu 3 LAN Setup This chapter covers how to configure your wired Local Area Network (LAN) settings. 23.1 LAN Setup This section describes how to configure the Ethernet using Menu 3 — LAN Setup. From the main menu, enter 3 to display menu 3.
Page 242: Protocol Dependent Ethernet Setup
Prestige 2602HW Series User’s Guide 23.2 Protocol Dependent Ethernet Setup Depending on the protocols for your applications, you need to configure the respective Ethernet Setup, as outlined below. • For TCP/IP Ethernet setup refer to the Internet Access Configuration section •...
Page 243: Table 77 Dhcp Ethernet Setup
Prestige 2602HW Series User’s Guide Table 77 DHCP Ethernet Setup FIELD DESCRIPTION DHCP Setup DHCP If set to Server, your Prestige can assign IP addresses, an IP default gateway and DNS servers to Windows 95, Windows NT and other systems that support the DHCP client.
Page 244 Prestige 2602HW Series User’s Guide Chapter 23 Menu 3 LAN Setup...
Page 245: Chapter 24 Wireless Lan Setup
Prestige 2602HW Series User’s Guide H A P T E R Wireless LAN Setup This chapter covers how to configure wireless LAN settings in SMT menu 3.5. 24.1 Wireless LAN Overview Refer to the chapter on the wireless LAN screens for wireless LAN background information.
Page 246: Wireless Lan Mac Address Filter
Prestige 2602HW Series User’s Guide Table 79 Menu 3.5 - Wireless LAN Setup (continued) FIELD DESCRIPTION Channel ID Press [SPACE BAR] to select a channel. This allows you to set the operating frequency/ channel depending on your particular region. RTS (Request To Send) threshold (number of bytes) enables RTS/CTS handshake.
Page 247: Figure 125 Menu 3.5.1 Wlan Mac Address Filtering
Prestige 2602HW Series User’s Guide Figure 125 Menu 3.5.1 WLAN MAC Address Filtering Menu 3.5.1 - WLAN MAC Address Filter Active= No Filter Action= Allowed Association -------------------------------------------------------------------------- 00:00:00:00:00:00 00:00:00:00:00:00 00:00:00:00:00:00 00:00:00:00:00:00 00:00:00:00:00:00 00:00:00:00:00:00 00:00:00:00:00:00 00:00:00:00:00:00 00:00:00:00:00:00 00:00:00:00:00:00 00:00:00:00:00:00 00:00:00:00:00:00 00:00:00:00:00:00...
Page 248 Prestige 2602HW Series User’s Guide Chapter 24 Wireless LAN Setup...
Page 249: Chapter 25 Internet Access
Prestige 2602HW Series User’s Guide H A P T E R Internet Access This chapter shows you how to configure the LAN and WAN of your Prestige for Internet access 25.1 Internet Access Overview Refer to the chapters on the web configurator’s wizard, LAN and WAN screens for more background information on fields in the SMT screens covered in this chapter.
Page 250: Ip Alias Setup
Prestige 2602HW Series User’s Guide Figure 126 IP Alias Network Example Use menu 3.2.1 to configure IP Alias on your Prestige. 25.4 IP Alias Setup Use menu 3.2 to configure the first network. Move the cursor to Edit IP Alias field and press [SPACEBAR] to choose Yes and press [ENTER] to configure the second and third network.
Page 251: Route Ip Setup
Prestige 2602HW Series User’s Guide Figure 128 Menu 3.2.1 IP Alias Setup Menu 3.2.1 - IP Alias Setup IP Alias 1= No IP Address= N/A IP Subnet Mask= N/A RIP Direction= N/A Version= N/A Incoming protocol filters= N/A Outgoing protocol filters= N/A...
Page 252: Internet Access Configuration
Prestige 2602HW Series User’s Guide Figure 129 Menu 1 General Setup Menu 1 - General Setup System Name= ? Location= location Contact Person's Name= Domain Name= Edit Dynamic DNS= No Route IP= Yes Bridge= No Press ENTER to Confirm or ESC to Cancel: 25.6 Internet Access Configuration...
Page 253: Table 82 Menu 4 Internet Access Setup
Prestige 2602HW Series User’s Guide Table 82 Menu 4 Internet Access Setup FIELD DESCRIPTION ISP’s Name Enter the name of your Internet Service Provider (ISP). This information is for identification purposes only. SPACE BAR Encapsulation Press [ ] to select the method of encapsulation used by your ISP.
Page 254 Prestige 2602HW Series User’s Guide Chapter 25 Internet Access...
Page 255: Remote Node Configuration
Prestige 2602HW Series User’s Guide H A P T E R Remote Node Configuration This chapter covers remote node configuration. 26.1 Remote Node Setup Overview This section describes the protocol-independent parameters for a remote node. A remote node is required for placing calls to a remote gateway. A remote node represents both the remote gateway and the network behind it across a WAN connection.
Page 256: Encapsulation And Multiplexing Scenarios
Prestige 2602HW Series User’s Guide Figure 131 Menu 11 Remote Node Setup Menu 11 - Remote Node Setup 1. MyISP (ISP, SUA) 2. ________ 3. ________ 4. ________ 5. ________ 6. ________ 7. ________ 8. ________ Enter Node # to Edit: 26.2.2 Encapsulation and Multiplexing Scenarios...
Page 257: Figure 132 Menu 11.1 Remote Node Profile
Prestige 2602HW Series User’s Guide Figure 132 Menu 11.1 Remote Node Profile Menu 11.1 - Remote Node Profile Rem Node Name= MyISP Route= IP Active= Yes Bridge= No Encapsulation= RFC 1483 Edit IP/Bridge= No Multiplexing= LLC-based Edit ATM Options= No...
Page 258: Outgoing Authentication Protocol
Prestige 2602HW Series User’s Guide Table 83 Menu 11.1 Remote Node Profile (continued) FIELD DESCRIPTION PAP – accept PAP (Password Authentication Protocol) only. Route This field determines the protocol used in routing. Options are IP and None. Bridge When bridging is enabled, your Prestige will forward any packet that it does not route to this remote node;...
Page 259: Remote Node Network Layer Options
Prestige 2602HW Series User’s Guide 26.3 Remote Node Network Layer Options For the TCP/IP parameters, perform the following steps to edit Menu 11.3 – Remote Node Network Layer Options as shown next. 1 In menu 11.1, make sure IP is among the protocols in the Route field.
Page 260: My Wan Addr Sample Ip Addresses
Prestige 2602HW Series User’s Guide Table 84 Menu 11.3 Remote Node Network Layer Options (continued) FIELD DESCRIPTION Address When Full Feature is selected in the NAT field, configure address mapping sets in Mapping Set menu 15.1. Select one of the NAT server sets (2-10) in menu 15.2 (see...
Page 261: Remote Node Filter
Prestige 2602HW Series User’s Guide Figure 134 Sample IP Addresses for a TCP/IP LAN-to-LAN Connection 26.4 Remote Node Filter Move the cursor to the Edit Filter Sets field in menu 11.1, then press [SPACE BAR] to select Yes. Press [ENTER] to display Menu 11.5 – Remote Node Filter.
Page 262: Editing Atm Layer Options
Prestige 2602HW Series User’s Guide Figure 135 Menu 11.5 Remote Node Filter (RFC 1483 or ENET Encapsulation) Menu 11.5 - Remote Node Filter Input Filter Sets: protocol filters= device filters= Output Filter Sets: protocol filters= device filters= Enter here to CONFIRM or ESC to CANCEL: Figure 136 Menu 11.5 Remote Node Filter (PPPoA or PPPoE Encapsulation)
Page 263: Llc-Based Multiplexing Or Ppp Encapsulation
Prestige 2602HW Series User’s Guide Figure 137 Menu 11.6 for VC-based Multiplexing Menu 11.6 - Remote Node ATM Layer Options VPI/VCI (VC-Multiplexing) VC Options for IP: VC Options for Bridge: VPI #= 8 VPI #= 1 VCI #= 35 VCI #= 36...
Page 264: Figure 139 Menu 11.1 Remote Node Profile
Prestige 2602HW Series User’s Guide Figure 139 Menu 11.1 Remote Node Profile Menu 11.1 - Remote Node Profile Rem Node Name= MyISP Route= IP Active= Yes Bridge= No Encapsulation= PPPoE Edit IP/Bridge= No Multiplexing= LLC-based Edit ATM Options= No Service Name=...
Page 265: Chapter 27 Static Route Setup
Prestige 2602HW Series User’s Guide H A P T E R Static Route Setup This chapter shows how to setup IP static routes. 27.1 IP Static Route Overview Static routes tell the Prestige routing information that it cannot learn automatically through other means.
Page 266: Figure 142 Menu 12 Static Route Setup
Prestige 2602HW Series User’s Guide Figure 142 Menu 12 Static Route Setup Menu 12 - Static Route Setup 1. IP Static Route 3. Bridge Static Route Please enter selection: From menu 12, select 1 to open Menu 12.1 — IP Static Route Setup (shown next).
Page 267: Table 86 Menu12.1.1 Edit Ip Static Route
Prestige 2602HW Series User’s Guide Table 86 Menu12.1.1 Edit IP Static Route FIELD DESCRIPTION Route # This is the index number of the static route that you chose in menu 12.1. Route Name Type a descriptive name for this route. This is for identification purpose only.
Page 268 Prestige 2602HW Series User’s Guide Chapter 27 Static Route Setup...
Page 269: Chapter 28 Bridging Setup
Prestige 2602HW Series User’s Guide H A P T E R Bridging Setup This chapter shows you how to configure the bridging parameters of your Prestige. 28.1 Bridging in General Bridging bases the forwarding decision on the MAC (Media Access Control), or hardware address, while routing does it on the network layer (IP) address.
Page 270: Figure 145 Menu 11.1 Remote Node Profile
Prestige 2602HW Series User’s Guide Figure 145 Menu 11.1 Remote Node Profile Menu 11.1 - Remote Node Profile Rem Node Name= ? Route= IP Active= Yes Bridge= Yes Encapsulation= ENET ENCAP Edit IP/Bridge= No Multiplexing= VC-based Edit ATM Options= No...
Page 271: Bridge Static Route Setup
Prestige 2602HW Series User’s Guide 28.2.2 Bridge Static Route Setup Similar to network layer static routes, a bridging static route tells the Prestige the route to a node before a connection is established. You configure bridge static routes in menu 12.3.1 (go to menu 12, choose option 3, then choose a static route to edit) as shown next.
Page 272 Prestige 2602HW Series User’s Guide Chapter 28 Bridging Setup...
Page 273: Network Address Translation (Nat)
Prestige 2602HW Series User’s Guide H A P T E R Network Address Translation (NAT) This chapter discusses how to configure NAT on the Prestige. 29.1 Using NAT You must create a firewall rule in addition to setting up SUA/NAT, to allow traffic from the WAN to be forwarded through the Prestige.
Page 274: Figure 148 Menu 4 Applying Nat For Internet Access
Prestige 2602HW Series User’s Guide Figure 148 Menu 4 Applying NAT for Internet Access Menu 4 - Internet Access Setup ISP's Name= MyISP Encapsulation= RFC 1483 Multiplexing= LLC-based VPI #= 8 VCI #= 35 ATM QoS Type= UBR Peak Cell Rate (PCR)= 0...
Page 275: Nat Setup
Prestige 2602HW Series User’s Guide Table 89 Applying NAT in Menus 4 & 11.3 FIELD DESCRIPTION Press [SPACE BAR] and then [ENTER] to select Full Feature if you have multiple public WAN IP addresses for your Prestige. The SMT uses the address mapping set that you...
Page 276: Sua Address Mapping Set
Prestige 2602HW Series User’s Guide Figure 151 Menu 15.1 Address Mapping Sets Menu 15.1 - Address Mapping Sets 255. SUA (read only) Enter Menu Selection Number: 29.3.1.1 SUA Address Mapping Set Enter 255 to display the next screen (see also section 27.1.1). The fields in this menu cannot be changed.
Page 277: User-Defined Address Mapping Sets
Prestige 2602HW Series User’s Guide Table 90 SUA Address Mapping Rules (continued) FIELD DESCRIPTION Global Start IP This is the starting global IP address (IGA). If you have a dynamic IP, enter 0.0.0.0 as the Global Start IP. Global End IP This is the ending global IP address (IGA).
Page 278: Ordering Your Rules
Prestige 2602HW Series User’s Guide 29.3.1.3 Ordering Your Rules Ordering your rules is important because the Prestige applies the rules in the order that you specify. When a rule matches the current packet, the Prestige takes the corresponding action and the remaining rules are ignored. If there are any empty rules before your new configured rule, your configured rule will be pushed up by that number of empty rules.
Page 279: Configuring A Server Behind Nat
Prestige 2602HW Series User’s Guide Figure 154 Menu 15.1.1.1 Editing/Configuring an Individual Rule in a Set Menu 15.1.1.1 Address Mapping Rule Type= One-to-One Local IP: Start= = N/A Global IP: Start= = N/A Server Mapping Set= N/A Press ENTER to Confirm or ESC to Cancel: The following table explains the fields in this menu.
Page 280: Figure 155 Menu 15.2 Nat Server Setup
Prestige 2602HW Series User’s Guide Figure 155 Menu 15.2 NAT Server Setup Menu 15.2 - NAT Server Sets 1. Server Set 1 (Used for SUA Only) 2. Server Set 2 3. Server Set 3 4. Server Set 4 5. Server Set 5 6.
Page 281: General Nat Examples
Prestige 2602HW Series User’s Guide Figure 157 Multiple Servers Behind NAT Example 29.5 General NAT Examples The following are some examples of NAT configuration. 29.5.1 Example 1: Internet Access Only In the following Internet access example, you only need one rule where your ILAs (Inside Local addresses) all map to one dynamic IGA (Inside Global Address) assigned by your ISP.
Page 282: Example 2: Internet Access With An Inside Server
Prestige 2602HW Series User’s Guide Figure 159 Menu 4 Internet Access & NAT Example Menu 4 - Internet Access Setup ISP's Name= MyISP Encapsulation= RFC 1483 Multiplexing= LLC-based VPI #= 8 VCI #= 35 ATM QoS Type= UBR Peak Cell Rate (PCR)= 0...
Page 283: Example 3: Multiple Public Ip Addresses With Inside Servers
Prestige 2602HW Series User’s Guide Figure 161 Menu 15.2.1 Specifying an Inside Server Menu 15.2.1 - NAT Server Setup (Used for SUA Only) Rule Start Port No. End Port No. IP Address --------------------------------------------------- Default Default 192.168.1.10 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0...
Page 284: Figure 162 Nat Example 3
Prestige 2602HW Series User’s Guide Figure 162 NAT Example 3 In this case you need to configure Address Mapping Set 1 from Menu 15.1 - Address Mapping Sets. Therefore you must choose the Full Feature option from the Network Address Translation field (in menu 4 or menu 11.3) in Figure 163 1 Enter 15 from the main menu.
Page 285: Figure 164 Example 3: Menu 15.1.1.1
Prestige 2602HW Series User’s Guide Figure 164 Example 3: Menu 15.1.1.1 Menu 15.1.1.1 Address Mapping Rule Type= One-to-One Local IP: Start= 192.168.1.10 = N/A Global IP: Start= 10.132.50.1 = N/A Server Mapping Set= N/A Press ENTER to Confirm or ESC to Cancel: Figure 165 Example 3: Final Menu 15.1.1...
Page 286: Example 4: Nat Unfriendly Application Programs
Prestige 2602HW Series User’s Guide Figure 166 Example 3: Menu 15.2.1 Menu 15.2.1 - NAT Server Setup Rule Start Port No. End Port No. IP Address --------------------------------------------------- Default Default 0.0.0.0 192.168.1.21 192.168.1.20 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0...
Page 287: Figure 168 Example 4: Menu 15.1.1.1 Address Mapping Rule
Prestige 2602HW Series User’s Guide Figure 168 Example 4: Menu 15.1.1.1 Address Mapping Rule Menu 15.1.1.1 Address Mapping Rule Type= Many-to-Many No Overload Local IP: Start= 192.168.1.10 = 192.168.1.12 Global IP: Start= 10.132.50.1 = 10.132.50.3 Server Mapping Set= N/A Press ENTER to Confirm or ESC to Cancel: After you’ve configured your rule, you should be able to check the settings in menu 15.1.1 as...
Page 288 Prestige 2602HW Series User’s Guide Chapter 29 Network Address Translation (NAT)
Page 289: Chapter 30 Enabling The Firewall
Prestige 2602HW Series User’s Guide H A P T E R Enabling the Firewall This chapter shows you how to get started with the Prestige firewall. 30.1 Remote Management and the Firewall When SMT menu 24.11 is configured to allow management (see the Remote Management chapter) and the firewall is enabled: •...
Page 290: Figure 170 Menu 21.2 Firewall Setup
Prestige 2602HW Series User’s Guide Figure 170 Menu 21.2 Firewall Setup Menu 21.2 - Firewall Setup The firewall protects against Denial of Service (DOS) attacks when it is active. The default Policy sets 1. allow all sessions originating from the LAN to the WAN and 2.
Page 291: Chapter 31 Filter Configuration
Prestige 2602HW Series User’s Guide H A P T E R Filter Configuration This chapter shows you how to create and apply filters. 31.1 About Filtering Your Prestige uses filters to decide whether or not to allow passage of a data packet and/or to make a call.
Page 292: The Filter Structure Of The Prestige
Prestige 2602HW Series User’s Guide Figure 172 Filter Rule Process Start Packet intoFilter Fetch First Filter Set Filter Set Fetch Next Fetch First Filter Set Filter Rule Fetch Next Filter Rule Next filter Next Filter Set Rule Active? Available? Available?
Page 293: Configuring A Filter Set For The Prestige
Prestige 2602HW Series User’s Guide 31.2 Configuring a Filter Set for the Prestige To configure a filter set, follow the steps shown next. 1 Enter 21 in the main menu to display Menu 21 – Filter and Firewall Setup. 2 Enter 1 to display Menu 21.1 – Filter Set Configuration as shown next.
Page 294: Filter Rules Summary Menus
Prestige 2602HW Series User’s Guide Figure 175 NetBIOS_LAN Filter Rules Summary Menu 21.1.3 - Filter Rules Summary # A Type Filter Rules M m n - - ---- --------------------------------------------------------------- - 1 Y IP Pr=17, SA=0.0.0.0, SP=137, DA=0.0.0.0, DP=53 N D F...
Page 295: Configuring A Filter Rule
Prestige 2602HW Series User’s Guide Table 93 Abbreviations Used in the Filter Rules Summary Menu (continued) FIELD DESCRIPTION Action Matched. “F” means to forward the packet immediately and skip checking the remaining rules. “D” means to drop the packet. “N“ means to check the next rule.
Page 296: Tcp/Ip Filter Rule
Prestige 2602HW Series User’s Guide 31.4.1 TCP/IP Filter Rule This section shows you how to configure a TCP/IP filter rule. TCP/IP rules allow you to base the rule on the fields in the IP and the upper layer protocol, for example, UDP and TCP headers.
Page 297 Prestige 2602HW Series User’s Guide Table 95 Menu 21.1.x.1 TCP/IP Filter Rule (continued) FIELD DESCRIPTION Port # Type the destination port of the packets you want to filter. The field range is 0 to 65535. A 0 field is ignored.
Page 298: Generic Filter Rule
Prestige 2602HW Series User’s Guide Figure 178 Executing an IP Filter Packet into IP Filter Filter Active? Apply SrcAddrMask to Src Addr Check Src Not Matched IP Addr Matched Apply DestAddrMask to Dest Addr Check Dest Not Matched IP Addr...
Page 299: Figure 179 Menu 21.1.5.1 Generic Filter Rule
Prestige 2602HW Series User’s Guide To configure a generic rule select an empty filter set in menu 21, for example 5. Select Generic Filter Rule in the Filter Type field and press [ENTER] to open Menu 21.1.5.1 – Generic Filter Rule, as shown in the following figure.
Page 300: Filter Types And Nat
Prestige 2602HW Series User’s Guide Table 96 Menu 21.1.5.1 Generic Filter Rule (continued) FIELD DESCRIPTION Action Not Select the action for a packet not matching the rule. Choices are Check Next Rule, Matched Forward or Drop. When you have completed this menu, press [ENTER] at the prompt “...
Page 301: Figure 181 Sample Telnet Filter
Prestige 2602HW Series User’s Guide Figure 181 Sample Telnet Filter 1 Enter 1 in the menu 21 to display Menu 21.1 — Filter Set Configuration. 2 Enter the index number of the filter set you want to configure (in this case 6) 3 Type a descriptive name or comment in the Edit Comments field (for example, TELNET_WAN) and press [ENTER].
Page 302: Applying Filters And Factory Defaults
Prestige 2602HW Series User’s Guide 2 Go to the Edit Filter Sets field, press [SPACE BAR] to choose Yes and press [ENTER]. This brings you to menu 11.5. Apply the example filter set (for example, filter set 3) in this menu as shown in the next section.
Page 303: Ethernet Traffic
Prestige 2602HW Series User’s Guide 31.7.1 Ethernet Traffic You seldom need to filter Ethernet traffic; however, the filter sets may be useful to block certain packets, reduce traffic and prevent security breaches. Go to menu 3.1 (shown next) and type the number(s) of the filter set(s) that you want to apply as appropriate. You can choose up to four filter sets (from twelve) by typing their numbers separated by commas, for example, 3, 4, 6, 11.
Page 304 Prestige 2602HW Series User’s Guide Chapter 31 Filter Configuration...
Page 305: Chapter 32 Snmp Configuration
Prestige 2602HW Series User’s Guide H A P T E R SNMP Configuration This chapter explains SNMP Configuration menu 22. 32.1 About SNMP Simple Network Management Protocol (SNMP) is a protocol used for exchanging management information between network devices. SNMP is a member of the TCP/IP protocol suite.
Page 306: Supported Mibs
Prestige 2602HW Series User’s Guide The managed devices contain object variables/managed objects that define each piece of information to be collected about a device. Examples of variables include the number of packets received, node port status etc. A Management Information Base (MIB) is a collection of managed objects.
Page 307: Snmp Traps
Prestige 2602HW Series User’s Guide Figure 187 Menu 22 SNMP Configuration Menu 22 - SNMP Configuration SNMP: Get Community= public Set Community= public Trusted Host= 0.0.0.0 Trap: Community= public Destination= 0.0.0.0 Press ENTER to Confirm or ESC to Cancel: The following table describes the SNMP configuration parameters.
Page 308: Table 100 Ports And Permanent Virtual Circuits
Prestige 2602HW Series User’s Guide Table 99 SNMP Traps (continued) TRAP # TRAP NAME DESCRIPTION authenticationFailure (defined in A trap is sent to the manager when receiving any RFC-1215) SNMP gets or sets requirements with wrong community (password). whyReboot (defined in ZYXEL-MIB) A trap is sent with the reason of restart before rebooting when the system is going to restart (warm start).
Page 309: Chapter 33 System Security
Prestige 2602HW Series User’s Guide H A P T E R System Security This chapter describes how to configure the system security on the Prestige. 33.1 System Security You can configure the system password.. 33.1.1 System Password Enter 23 in the main menu to display Menu 23 – System Security.
Page 310: Figure 190 Menu 23.2 System Security: Radius Server
Prestige 2602HW Series User’s Guide Figure 190 Menu 23.2 System Security: RADIUS Server Menu 23.2 - System Security - RADIUS Server Authentication Server: Active= No Server Address= 10.11.12.13 Port #= 1812 Shared Secret= ******** Accounting Server: Active= No Server Address= 10.11.12.13...
Page 311: Ieee802.1X
Prestige 2602HW Series User’s Guide 33.1.3 IEEE802.1x The IEEE802.1x standards outline enhanced security methods for both the authentication of wireless stations and encryption key management. Follow the steps below to enable EAP authentication on your Prestige. 1 From the main menu, enter 23 to display Menu23 – System Security.
Page 312: Table 102 Menu 23.4 System Security: Ieee802.1X
Prestige 2602HW Series User’s Guide Table 102 Menu 23.4 System Security: IEEE802.1x FIELD DESCRIPTION Wireless Port Press [SPACE BAR] and select a security mode for the wireless LAN access. Control Select No Authentication Required to allow any wireless stations access to your wired network without entering usernames and passwords.
Page 313: Creating User Accounts On The Prestige
Prestige 2602HW Series User’s Guide Table 102 Menu 23.4 System Security: IEEE802.1x (continued) FIELD DESCRIPTION Authentication The authentication database contains wireless station login information. The local Databases user database is the built-in database on the Prestige. The RADIUS is an external server.
Page 314: Figure 193 Menu 14 Dial-In User Setup
Prestige 2602HW Series User’s Guide Figure 193 Menu 14 Dial-in User Setup Menu 14 - Dial-in User Setup 1. ________ 9. ________ 17. ________ 25. ________ 2. ________ 10. ________ 18. ________ 26. ________ 3. ________ 11. ________ 19. ________ 27.
Page 315: System Information And Diagnosis
Prestige 2602HW Series User’s Guide H A P T E R System Information and Diagnosis This chapter covers the information and diagnostic tools in SMT menus 24.1 to 24.4. 34.1 Overview These tools include updates on system status, port status, log and trace capabilities and upgrades for the system software.
Page 316: Figure 196 Menu 24.1 System Maintenance : Status
Prestige 2602HW Series User’s Guide To get to System Status, type 24 to go to Menu 24 — System Maintenance. From this menu, type 1. System Status. There are two commands in Menu 24.1 — System Maintenance — Status. Entering 1 resets the counters; [ESC] takes you back to the previous screen.
Page 317: System Information
Prestige 2602HW Series User’s Guide Table 104 Menu 24.1 System Maintenance: Status (continued) FIELD DESCRIPTION Rx Pkts This is the number of received packets from the LAN. Collision This is the number of collisions. This shows statistics for the WAN.
Page 318: Console Port Speed
Refers to the routing protocol used. ZyNOS F/W Version Refers to the ZyNOS (ZyXEL Network Operating System) system firmware version. ZyNOS is a registered trademark of ZyXEL Communications Corporation. ADSL Chipset Displays the vendor of the ADSL chipset and DSL version.
Page 319: Log And Trace
Prestige 2602HW Series User’s Guide Figure 199 Menu 24.2.2 System Maintenance : Change Console Port Speed Menu 24.2.2 – System Maintenance – Change Console Port Speed Console Port Speed: 9600 Press ENTER to Confirm or ESC to Cancel: Once you change the Prestige console port speed, you must also set the speed parameter for the communication software you are using to connect to the Prestige.
Page 320: Syslog And Accounting
Prestige 2602HW Series User’s Guide Figure 201 Sample Error and Information Messages 53 Sat Jan 01 00:00:03 2000 PP01 -WARN SNMP TRAP 0: cold start 54 Sat Jan 01 00:00:03 2000 PP01 INFO main: init completed 55 Sat Jan 01 00:00:03 2000 PP01...
Page 321: Figure 203 Syslog Example
Prestige 2602HW Series User’s Guide Figure 203 Syslog Example 1 - CDR SdcmdSyslogSend ( SYSLOG_CDR, SYSLOG_INFO, String); String = board xx line xx channel xx, call xx, str board = the hardware board ID line = the WAN ID in a board...
Page 322: Diagnostic
Prestige 2602HW Series User’s Guide Figure 203 Syslog Example (continued) prot: Protocol (“TCP”, ”UDP”, ”ICMP”) spo: Source port dpo: Destination port Jul 19 14:43:55 192.168.102.2 ZYXEL: IP [Src=202.132.154.123 Dst=255.255.255.255 UDP spo=0208 dpo=0208]} S03>R01mF Jul 19 14:44:00 192.168.102.2 ZYXEL: IP [Src=192.168.102.20 Dst=202.132.154.1 UDP spo=05d4 dpo=0035]} S03>R01mF...
Page 323: Table 107 Menu 24.4 System Maintenance Menu: Diagnostic
Prestige 2602HW Series User’s Guide The following table describes the diagnostic tests available in menu 24.4 for and the connections. Table 107 Menu 24.4 System Maintenance Menu: Diagnostic FIELD DESCRIPTION Reset xDSL Re-initialize the xDSL link to the telephone company.
Page 324 Prestige 2602HW Series User’s Guide Chapter 34 System Information and Diagnosis...
Page 325: Firmware And Configuration File Maintenance
Prestige 2602HW Series User’s Guide H A P T E R Firmware and Configuration File Maintenance This chapter tells you how to backup and restore your configuration file as well as upload new firmware and configuration files. 35.1 Filename Conventions The configuration file (often called the romfile or rom-0) contains the factory default settings in the menus such as password, DHCP Setup, TCP/IP Setup, etc.
Page 326: Backup Configuration
Prestige 2602HW Series User’s Guide The following table is a summary. Please note that the internal filename refers to the filename on the Prestige and the external filename refers to the filename not on the Prestige, that is, on your computer, local network or FTP site and so the name (but not the extension) may vary.
Page 327: Using The Ftp Command From The Command Line
Prestige 2602HW Series User’s Guide Figure 205 Telnet in Menu 24.5 Menu 24.5 - System Maintenance - Backup Configuration To transfer the configuration file to your workstation, follow the procedure below: 1. Launch the FTP client on your workstation. 2. Type "open" and the IP address of your Prestige. Then type "root" and SMT password as requested.
Page 328: Gui-Based Ftp Clients
Prestige 2602HW Series User’s Guide Figure 206 FTP Session Example 331 Enter PASS command Password: 230 Logged in ftp> bin 200 Type I OK ftp> get rom-0 zyxel.rom 200 Port command okay 150 Opening data connection for STOR ras 226 File received OK ftp: 16384 bytes sent in 1.10Seconds 297.89Kbytes/sec.
Page 329: Backup Configuration Using Tftp
Prestige 2602HW Series User’s Guide 35.2.6 Backup Configuration Using TFTP The Prestige supports the up/downloading of the firmware and the configuration file using TFTP (Trivial File Transfer Protocol) over LAN. Although TFTP should work over WAN as well, it is not recommended.
Page 330: Backup Via Console Port
Prestige 2602HW Series User’s Guide Table 110 General Commands for GUI-based TFTP Clients COMMAND DESCRIPTION Host Enter the IP address of the Prestige. 192.168.1.1 is the Prestige’s default IP address when shipped. Send/Fetch Use “Send” to upload the file to the Prestige and “Fetch” to back up the file on your computer.
Page 331: Restore Configuration
Prestige 2602HW Series User’s Guide Figure 209 Backup Configuration Example Type a location for storing the configuration file or click Browse to look for one. Choose the Xmodem protocol. Then click Receive. 4 After a successful backup you will see the following screen. Press any key to return to the SMT menu.
Page 332: Restore Using Ftp Session Example
Prestige 2602HW Series User’s Guide Figure 211 Telnet into Menu 24.6 Menu 24.6 -- System Maintenance - Restore Configuration To transfer the firmware and configuration file to your workstation, follow the procedure below: 1. Launch the FTP client on your workstation.
Page 333: Restore Via Console Port
Prestige 2602HW Series User’s Guide 35.3.3 Restore Via Console Port Restore configuration via console port by following the HyperTerminal procedure shown next. Procedures using other serial communications programs should be similar. 1 Display menu 24.6 and enter “y” at the following screen.
Page 334: Uploading Firmware And Configuration Files
Prestige 2602HW Series User’s Guide Figure 216 Successful Restoration Confirmation Screen Save to ROM Hit any key to start system reboot. 35.4 Uploading Firmware and Configuration Files This section shows you how to upload firmware and configuration files. You can upload...
Page 335: Ftp File Upload Command From The Dos Prompt Example
Prestige 2602HW Series User’s Guide Figure 218 Telnet Into Menu 24.7.2 System Maintenance Menu 24.7.2 - System Maintenance - Upload System Configuration File To upload the system configuration file, follow the procedure below: 1. Launch the FTP client on your workstation.
Page 336: Ftp Session Example Of Firmware File Upload
Prestige 2602HW Series User’s Guide 35.4.4 FTP Session Example of Firmware File Upload Figure 219 FTP Session Example of Firmware File Upload 331 Enter PASS command Password: 230 Logged in ftp> bin 200 Type I OK ftp> put firmware.bin ras...
Page 337: Tftp Upload Command Example
Prestige 2602HW Series User’s Guide 35.4.6 TFTP Upload Command Example The following is an example TFTP command: tftp [-i] host put firmware.bin ras where “ ” specifies binary image transfer mode (use this mode when transferring binary files), “ ” is the Prestige’s IP address and “...
Page 338: Example Xmodem Firmware Upload Using Hyperterminal
Prestige 2602HW Series User’s Guide 35.4.9 Example Xmodem Firmware Upload Using HyperTerminal Click Transfer, then Send File to display the following screen. Figure 221 Example Xmodem Upload After the firmware upload process has completed, the Prestige will automatically restart. 35.4.10 Uploading Configuration File Via Console Port 1 Select 2 from Menu 24.7 –...
Page 339: Example Xmodem Configuration Upload Using Hyperterminal
Prestige 2602HW Series User’s Guide 3 Enter “atgo” to restart the Prestige. 35.4.11 Example Xmodem Configuration Upload Using HyperTerminal Click Transfer, then Send File to display the following screen. Figure 223 Example Xmodem Upload After the configuration upload process has completed, restart the Prestige by entering “atgo”.
Page 340 Prestige 2602HW Series User’s Guide Chapter 35 Firmware and Configuration File Maintenance...
Page 341: Chapter 36 System Maintenance
Upload Firmware Command Interpreter Mode Call Control 10. Time and Date Setting 11. Remote Management Enter Menu Selection Number: Figure 225 Valid Commands Copyright (c) 1994 - 2003 ZyXEL Communications Corp. ras> ? Valid commands are: exit ether wlan bridge...
Page 342: Call Control Support
Prestige 2602HW Series User’s Guide 36.2 Call Control Support Call Control Support is only applicable when Encapsulation is set to PPPoE in menu 4 or menu 11.1. The budget management function allows you to set a limit on the total outgoing call time of the Prestige within certain times.
Page 343: Time And Date Setting
Prestige 2602HW Series User’s Guide The total budget is the time limit on the accumulated time for outgoing calls to a remote node. When this limit is reached, the call will be dropped and further outgoing calls to that remote node will be blocked.
Page 344: Resetting The Time
Prestige 2602HW Series User’s Guide Figure 229 Menu 24.10 System Maintenance: Time and Date Setting Menu 24.10 - System Maintenance - Time and Date Setting Use Time Server when Bootup= None Time Server Address= N/A Current Time: 00 : 51 : 24...
Page 345 Prestige 2602HW Series User’s Guide • 24-hour intervals after starting. Chapter 36 System Maintenance...
Page 346 Prestige 2602HW Series User’s Guide Chapter 36 System Maintenance...
Page 347: Chapter 37 Remote Management
Prestige 2602HW Series User’s Guide H A P T E R Remote Management This chapter covers remote management (SMT menu 24.11). 37.1 Remote Management Overview Remote management allows you to determine which services/protocols can access which Prestige interface (if any) from which computers.
Page 348: Remote Management Limitations
Prestige 2602HW Series User’s Guide Figure 230 Menu 24.11 Remote Management Control Menu 24.11 - Remote Management Control TELNET Server: Server Port = 23 Server Access = LAN only Secured Client IP = 0.0.0.0 FTP Server: Server Port = 21 Server Access = LAN only Secured Client IP = 0.0.0.0...
Page 349: Remote Management And Nat
Prestige 2602HW Series User’s Guide 37.3 Remote Management and NAT When NAT is enabled: • Use the Prestige’s WAN IP address when configuring from the WAN. • Use the Prestige’s LAN IP address when configuring from the LAN. 37.4 System Timeout There is a default system management idle timeout of five minutes (three hundred seconds).
Page 350 Prestige 2602HW Series User’s Guide Chapter 37 Remote Management...
Page 351: Chapter 38 Ip Policy Routing
Prestige 2602HW Series User’s Guide H A P T E R IP Policy Routing This chapter covers setting and applying policies used for IP routing. 38.1 IP Policy Routing Overview Traditionally, routing is based on the destination address only and the IAD takes the shortest path to forward a packet.
Page 352: Ip Routing Policy Setup
Prestige 2602HW Series User’s Guide • routing the packet to a different gateway (and hence the outgoing interface). • setting the TOS and precedence fields in the IP header. IPPR follows the existing packet filtering facility of RAS in style and in implementation. The policies are divided into sets, where related policies are grouped together.
Page 353: Figure 232 Menu 25.1 Ip Routing Policy Setup
Prestige 2602HW Series User’s Guide Figure 232 Menu 25.1 IP Routing Policy Setup Menu 25.1 - IP Routing Policy Setup Criteria/Action - - -------------------------------------------------------------------------- 1 Y SA=1.1.1.1-1.1.1.1,DA=2.2.2.2-2.2.2.5 SP=20-25,DP=20-25,P=6,T=NM,PR=0 |GW=192.168.1.1,T=MT,PR=0 2 N __________________________________________________________________________ __________________________________________________________________________ 3 N __________________________________________________________________________ __________________________________________________________________________ 4 N __________________________________________________________________________...
Page 354: Figure 233 Menu 25.1.1 Ip Routing Policy
Prestige 2602HW Series User’s Guide Figure 233 Menu 25.1.1 IP Routing Policy Menu 25.1.1 - IP Routing Policy Policy Set Name= test Active= No Criteria: IP Protocol Type of Service= Don't Care Packet length= 0 Precedence = Don't Care Len Comp= N/A Source: addr start= 0.0.0.0...
Page 355: Applying An Ip Policy
Prestige 2602HW Series User’s Guide Table 115 Menu 25.1.1 IP Routing Policy (continued) FIELD DESCRIPTION Gateway addr Defines the outgoing gateway address. The gateway must be on the same subnet as the Prestige if it is on the LAN, otherwise, the gateway must be the IP address of a remote node.
Page 356: Ip Policy Routing Example
Prestige 2602HW Series User’s Guide Figure 234 Menu 3.2 TCP/IP and DHCP Ethernet Setup Menu 3.2 - TCP/IP and DHCP Setup DHCP Setup DHCP= Server Client IP Pool Starting Address= 192.168.1.33 Size of Client IP Pool= 32 Primary DNS Server= 0.0.0.0 Secondary DNS Server= 0.0.0.0...
Page 357: Figure 236 Example Of Ip Policy Routing
Prestige 2602HW Series User’s Guide Figure 236 Example of IP Policy Routing To force packets coming from clients with IP addresses of 192.168.1.33 to 192.168.1.64 to be routed to the Internet via the WAN port of the Prestige, follow the steps as shown next.
Page 358: Figure 238 Ip Routing Policy Example
Prestige 2602HW Series User’s Guide 3 Create a rule in menu 25.1 for this set to route packets from any host ( IP=0.0.0.0 means any host) with protocol TCP and port FTP access through another gateway (192.168.1.100). Figure 238 IP Routing Policy Example Menu 25.1.1 - IP Routing Policy...
Page 359: Chapter 39 Call Scheduling
Prestige 2602HW Series User’s Guide H A P T E R Call Scheduling Call scheduling (applicable for PPPoA or PPPoE encapsulation only) allows you to dictate when a remote node should be called and for how long. 39.1 Introduction The call scheduling feature allows the Prestige to manage a remote node and dictate when a remote node should be called and for how long.
Page 360: Figure 241 Menu 26.1 Schedule Set Setup
Prestige 2602HW Series User’s Guide To setup a schedule set, select the schedule set you want to setup from menu 26 (1-12) and press [ENTER] to see Menu 26.1 — Schedule Set Setup as shown next. Figure 241 Menu 26.1 Schedule Set Setup Menu 26.1 Schedule Set Setup...
Page 361: Figure 242 Applying Schedule Set(S) To A Remote Node (Pppoe)
Prestige 2602HW Series User’s Guide Table 116 Menu 26.1 Schedule Set Setup (continued) FIELD DESCRIPTION Action Forced On means that the connection is maintained whether or not there is a demand call on the line and will persist for the time period specified in the Duration field.
Page 362 Prestige 2602HW Series User’s Guide Chapter 39 Call Scheduling...
Page 363: Chapter 40 Internal Sptgen
Prestige 2602HW Series User’s Guide H A P T E R Internal SPTGEN 40.1 Internal SPTGEN Overview Internal SPTGEN (System Parameter Table Generator) is a configuration text file useful for efficient configuration of multiple Prestiges. Internal SPTGEN lets you configure, save and upload multiple menus at the same time using just one configuration text file –...
Page 364: Internal Sptgen File Modification - Important Points To Remember
Prestige 2602HW Series User’s Guide 40.2.1 Internal SPTGEN File Modification - Important Points to Remember Each parameter you enter must be preceded by one “=”sign and one space. Some parameters are dependent on others. For example, if you disable the Configured field in...
Page 365: Internal Sptgen Ftp Upload Example
Prestige 2602HW Series User’s Guide Figure 246 Internal SPTGEN FTP Download Example c:\ftp 192.168.1.1 220 PPP FTP version 1.0 ready at Sat Jan 1 03:22:12 2000 User (192.168.1.1:(none)): 331 Enter PASS command Password: 230 Logged in ftp>bin 200 Type I OK ftp>...
Page 366 Prestige 2602HW Series User’s Guide Chapter 40 Internal SPTGEN...
Page 367: Chapter 41 Troubleshooting
Prestige 2602HW Series User’s Guide H A P T E R Troubleshooting This chapter covers potential problems and the corresponding remedies. 41.1 Problems Starting Up the Prestige Table 117 Troubleshooting the Start-Up of Your Prestige PROBLEM CORRECTIVE ACTION None of the Make sure that the Prestige’s power adaptor is connected to the Prestige and plugged...
Page 368: Problems With The Dsl Led
Prestige 2602HW Series User’s Guide 41.3 Problems with the DSL LED Table 119 Troubleshooting the DSL LED PROBLEM CORRECTIVE ACTION The DSL LED is Check the telephone wire and connections between the Prestige DSL port and the off. wall jack.
Page 369: Problems With Internet Access
Prestige 2602HW Series User’s Guide 41.6 Problems with Internet Access Table 122 Troubleshooting Internet Access PROBLEM CORRECTIVE ACTION I cannot access Make sure the Prestige is turned on and connected to the network. the Internet. If the DSL LED is off, refer to .
Page 370: Problems With The Web Configurator
Prestige 2602HW Series User’s Guide 41.8 Problems with the Web Configurator Table 124 Troubleshooting the Web Configurator PROBLEM CORRECTIVE ACTION I cannot access Refer to . the web Make sure that there is not an SMT console session running. configurator.
Page 371: Telephone Problems
Prestige 2602HW Series User’s Guide 41.10 Telephone Problems Table 126 Troubleshooting Telephone PROBLEM CORRECTIVE ACTION The telephone port Check the telephone connections and telephone wire. won’t work or the Make sure you have the Voice SIP Settings screen properly configured.
Page 372 Prestige 2602HW Series User’s Guide Chapter 41 Troubleshooting...
Page 373: Hardware Specifications
Prestige 2602HW Series User’s Guide Appendix A Hardware Specifications Ethernet Cable Pin Assignments Figure 248 Ethernet Cable Pin Assignments Prestige 2602HWL DSL Port Pin Assignments The following figure describes the pin assignments for the DSL port on the Prestige 2602HWL...
Page 374: Figure 249 Prestige 2602Hwl Dsl Port Pin Assignments
Prestige 2602HW Series User’s Guide Figure 249 Prestige 2602HWL DSL Port Pin Assignments Appendix A Hardware Specifications...
Page 375: Prestige 2602Hw Series Power Adaptor Specifications
Prestige 2602HW Series User’s Guide Prestige 2602HW Series Power Adaptor Specifications Table 127 Prestige 2602HW Series Power Adaptor Specifications NORTH AMERICAN PLUG STANDARDS AC Power Adapter Model ADS6818-1818-W 1810 Input Power AC 100~240Volts/50/60Hz/0.5A Output Power DC 18Volts/1A Power Consumption Safety Standards...
Page 376 Prestige 2602HW Series User’s Guide Appendix A Hardware Specifications...
Page 377: Setting Up Your Computer's Ip Address
Prestige 2602HW Series User’s Guide Appendix B Setting up Your Computer’s IP Address All computers must have a 10M or 100M Ethernet adapter card and TCP/IP installed. Windows 95/98/Me/NT/2000/XP, Macintosh OS 7 and later operating systems and all versions of UNIX/LINUX include the software components you need to install and use TCP/ IP on your computer.
Page 378: Figure 250 Windows 95/98/Me: Network: Configuration
Prestige 2602HW Series User’s Guide Figure 250 WIndows 95/98/Me: Network: Configuration Installing Components The Network window Configuration tab displays a list of installed components. You need a network adapter, the TCP/IP protocol and Client for Microsoft Networks. If you need the adapter: 1 In the Network window, click Add.
Page 379: Configuring
Prestige 2602HW Series User’s Guide 3 Select Microsoft from the list of manufacturers. 4 Select Client for Microsoft Networks from the list of network clients and then click 5 Restart your computer so the changes you made take effect. Configuring...
Page 380: Verifying Settings
Prestige 2602HW Series User’s Guide Figure 252 Windows 95/98/Me: TCP/IP Properties: DNS Configuration 4 Click the Gateway tab. • If you do not know your gateway’s IP address, remove previously installed gateways. • If you have a gateway IP address, type it in the New gateway field and click Add.
Page 381: Figure 253 Windows Xp: Start Menu
Prestige 2602HW Series User’s Guide Figure 253 Windows XP: Start Menu 2 For Windows XP, click Network Connections. For Windows 2000/NT, click Network and Dial-up Connections. Figure 254 Windows XP: Control Panel 3 Right-click Local Area Connection and then click Properties.
Page 382: Figure 255 Windows Xp: Control Panel: Network Connections: Properties
Prestige 2602HW Series User’s Guide Figure 255 Windows XP: Control Panel: Network Connections: Properties 4 Select Internet Protocol (TCP/IP) (under the General tab in Win XP) and click Properties. Figure 256 Windows XP: Local Area Connection Properties 5 The Internet Protocol TCP/IP Properties window opens (the General tab in Windows XP).
Page 383: Figure 257 Windows Xp: Advanced Tcp/Ip Settings
Prestige 2602HW Series User’s Guide • If you have a static IP address click Use the following IP Address and fill in the IP address, Subnet mask, and Default gateway fields. Click Advanced. Figure 257 Windows XP: Advanced TCP/IP Settings 6 If you do not know your gateway's IP address, remove any previously installed gateways in the IP Settings tab and click OK.
Page 384: Verifying Settings
Prestige 2602HW Series User’s Guide 7 In the Internet Protocol TCP/IP Properties window (the General tab in Windows XP): • Click Obtain DNS server address automatically if you do not know your DNS server IP address(es). • If you know your DNS server IP address(es), click Use the following DNS server addresses, and type them in the Preferred DNS server and Alternate DNS server fields.
Page 385: Macintosh Os 8/9
Prestige 2602HW Series User’s Guide Macintosh OS 8/9 1 Click the Apple menu, Control Panel and double-click TCP/IP to open the TCP/IP Control Panel. Figure 259 Macintosh OS 8/9: Apple Menu 2 Select Ethernet built-in from the Connect via list.
Page 386: Verifying Settings
Prestige 2602HW Series User’s Guide Figure 260 Macintosh OS 8/9: TCP/IP 3 For dynamically assigned settings, select Using DHCP Server from the Configure: list. 4 For statically assigned settings, do the following: • From the Configure box, select Manually. •...
Page 387: Figure 261 Macintosh Os X: Apple Menu
Prestige 2602HW Series User’s Guide Figure 261 Macintosh OS X: Apple Menu 2 Click Network in the icon bar. • Select Automatic from the Location list. • Select Built-in Ethernet from the Show list. • Click the TCP/IP tab. 3 For dynamically assigned settings, select Using DHCP from the Configure list.
Page 388: Verifying Settings
Prestige 2602HW Series User’s Guide 5 Click Apply Now and close the window. 6 Turn on your Prestige and restart your computer (if prompted). Verifying Settings Check your TCP/IP properties in the Network window. Appendix B Setting up Your Computer’s IP Address...
Page 389: Ip Subnetting
Prestige 2602HW Series User’s Guide Appendix C IP Subnetting IP Addressing Routers “route” based on the network number. The router that delivers the data packet to the correct destination host uses the host ID. IP Classes An IP address is made up of four octets (eight bits), written in dotted decimal notation, for example, 192.168.1.1.
Page 390: Subnet Masks
Prestige 2602HW Series User’s Guide Since the first octet of a class “A” IP address must contain a “0”, the first octet of a class “A” address can have a value of 0 to 127. Similarly the first octet of a class “B” must begin with “10”, therefore the first octet of a class “B”...
Page 391: Example: Two Subnets
Prestige 2602HW Series User’s Guide Since the mask is always a continuous number of ones beginning from the left, followed by a continuous number of zeros for the remainder of the 32 bit mask, you can simply specify the number of ones instead of writing the value of each octet. This is usually specified by writing a “/”...
Page 392: Table 133 Subnet 1
Prestige 2602HW Series User’s Guide Divide the network 192.168.1.0 into two separate subnets by converting one of the host ID bits of the IP address to a network number bit. The “borrowed” host ID bit can be either “0” or “1”...
Page 393: Example: Four Subnets
Prestige 2602HW Series User’s Guide Example: Four Subnets The above example illustrated using a 25-bit subnet mask to divide a class “C” address space into two subnets. Similarly to divide a class “C” address into four subnets, you need to “borrow”...
Page 394: Example Eight Subnets
Prestige 2602HW Series User’s Guide Table 138 Subnet 4 NETWORK NUMBER LAST OCTET BIT VALUE IP Address 192.168.1. IP Address (Binary) 11000000.10101000.00000001. 11000000 Subnet Mask (Binary) 11111111.11111111.11111111. 11000000 Subnet Address: Lowest Host ID: 192.168.1.193 192.168.1.192 Broadcast Address: Highest Host ID: 192.168.1.254 192.168.1.255...
Page 395: Subnetting With Class A And Class B Networks
Prestige 2602HW Series User’s Guide Subnetting With Class A and Class B Networks. For class “A” and class “B” addresses the subnet mask also determines which bits are part of the network number and which are part of the host ID.
Page 396 Prestige 2602HW Series User’s Guide Appendix C IP Subnetting...
Page 397: Appendix Dpppoe
Prestige 2602HW Series User’s Guide Appendix D PPPoE PPPoE in Action An ADSL modem bridges a PPP session over Ethernet (PPP over Ethernet, RFC 2516) from your computer to an ATM PVC (Permanent Virtual Circuit) which connects to a DSL Access...
Page 398: How Pppoe Works
Prestige 2602HW Series User’s Guide Figure 263 Single-Computer per Router Hardware Configuration How PPPoE Works The PPPoE driver makes the Ethernet appear as a serial link to the computer and the computer runs PPP over it, while the modem bridges the Ethernet frames to the Access Concentrator (AC).
Page 399: Wireless Lan And Ieee 802.11
Prestige 2602HW Series User’s Guide Appendix E Wireless LAN and IEEE 802.11 A wireless LAN (WLAN) provides a flexible data communications system that you can use to access various services (navigating the Internet, E-mail, printer services, etc.) without the use of a cabled connection.
Page 400: Ad-Hoc Wireless Lan Configuration
Prestige 2602HW Series User’s Guide Ad-hoc Wireless LAN Configuration The simplest WLAN configuration is an independent (Ad-hoc) WLAN that connects a set of computers with wireless nodes or stations (STA), which is called a Basic Service Set (BSS). In the most basic form, a wireless LAN connects a set of computers with wireless adapters. Any...
Page 401: Figure 266 Ess Provides Campus-Wide Coverage
Prestige 2602HW Series User’s Guide Figure 266 ESS Provides Campus-Wide Coverage Appendix E Wireless LAN and IEEE 802.11...
Page 402 Prestige 2602HW Series User’s Guide Appendix E Wireless LAN and IEEE 802.11...
Page 403: Wireless Lan With Ieee 802.1X
Prestige 2602HW Series User’s Guide Appendix F Wireless LAN With IEEE 802.1x As wireless networks become popular for both portable computing and corporate networks, security is now a priority. Security Flaws with IEEE 802.11 Wireless networks based on the original IEEE 802.11 have a poor reputation for safety. The IEEE 802.11b wireless access standard, first published in 1999, was based on the MAC...
Page 404: Radius Server Authentication Sequence
Prestige 2602HW Series User’s Guide RADIUS Server Authentication Sequence The following figure depicts a typical wireless network with a remote RADIUS server for user authentication using EAPOL (EAP Over LAN). Figure 267 Sequences for EAP MD5–Challenge Authentication Appendix F Wireless LAN With IEEE 802.1x...
Page 405: Types Of Eap Authentication
Prestige 2602HW Series User’s Guide Appendix G Types of EAP Authentication This appendix discusses three popular EAP authentication types: EAP-MD5, EAP-TLS and EAP-TTLS. The type of authentication you use depends on the RADIUS server or the AP. Consult your network administrator for more information.
Page 406: Leap
Prestige 2602HW Series User’s Guide LEAP LEAP (Lightweight Extensible Authentication Protocol) is a Cisco implementation of IEEE802.1x. Table 142 Comparison of EAP Authentication Types EAP-MD5 EAP-TLS EAP-TTLS PEAP LEAP Mutual Authentication Certificate – Client Optional Optional Certificate – Server Dynamic Key Exchange...
Page 407: Appendix H Triangle Route
Prestige 2602HW Series User’s Guide Appendix H Triangle Route The Ideal Setup When the firewall is on, your Prestige acts as a secure gateway between your LAN and the Internet. In an ideal network topology, all incoming and outgoing network traffic passes through the Prestige to protect your LAN against attacks.
Page 408: The "Triangle Route" Solutions
Prestige 2602HW Series User’s Guide The “Triangle Route” Solutions This section presents you two solutions to the “triangle route” problem. IP Aliasing IP alias allows you to partition your network into logical sections over the same Ethernet interface. Your Prestige supports up to three logical LAN interfaces with the Prestige being the gateway for each logical network.
Page 409 Prestige 2602HW Series User’s Guide Appendix H Triangle Route...
Page 410 Prestige 2602HW Series User’s Guide Appendix H Triangle Route...
Page 411: Example Internal Sptgen Screens
Prestige 2602HW Series User’s Guide Appendix I Example Internal SPTGEN Screens This appendix covers Prestige Internal SPTGEN screens. Table 143 Abbreviations Used in the Example Internal SPTGEN Screens Table ABBREVIATION MEANING Field Identification Number (not seen in SMT screens) Field Name...
Page 412 Prestige 2602HW Series User’s Guide Table 145 Menu 3 (SMT Menu 3 (continued)) 30100008 = Input device filters Set 4 = 256 30100009 = Output protocol filters Set 1 = 256 30100010 = Output protocol filters Set 2 = 256...
Page 413 Prestige 2602HW Series User’s Guide Table 145 Menu 3 (SMT Menu 3 (continued)) 30201004 = RIP Direction <0(None) | 1(Both) | 2(In Only) | 3(Out Only)> 30201005 = Version <0(Rip-1) | 1(Rip-2B) |2(Rip-2M)> 30201006 = IP Alias #1 Incoming protocol filters...
Page 414 Prestige 2602HW Series User’s Guide Table 145 Menu 3 (SMT Menu 3 (continued)) 30201026 = IP Alias #2 Outgoing protocol filters = 256 Set 4 */ Menu 3.5 Wireless LAN Setup (SMT Menu 3.5) INPUT 30500001 = ESSID Wireless 30500002 = Hide ESSID <0(No) |...
Page 415: Table 146 Menu 4 Internet Access Setup (Smt Menu 4)
Prestige 2602HW Series User’s Guide Table 146 Menu 4 Internet Access Setup (SMT Menu 4) / Menu 4 Internet Access Setup (SMT Menu 4) INPUT 40000000 = Configured <0(No) | 1(Yes)> 40000001 = <0(No) | 1(Yes)> 40000002 = Active <0(No) | 1(Yes)>...
Page 416: Table 147 Menu 12 (Smt Menu 12)
Prestige 2602HW Series User’s Guide Table 146 Menu 4 Internet Access Setup (SMT Menu 4) (continued) 40000027 = ATM QoS Type <0(CBR) | (1 (UBR)> 40000028 = Peak Cell Rate (PCR) 40000029 = Sustain Cell Rate (SCR) 40000030 = Maximum Burst Size(MBS)
Page 417 Prestige 2602HW Series User’s Guide Table 147 Menu 12 (SMT Menu 12) (continued) 120103002 = IP Static Route set #3, Active <0(No) |1(Yes)> 120103003 = IP Static Route set #3, Destination = 0.0.0.0 IP address 120103004 = IP Static Route set #3, Destination...
Page 418 Prestige 2602HW Series User’s Guide Table 147 Menu 12 (SMT Menu 12) (continued) INPUT 120107001 = IP Static Route set #7, Name <Str> 120107002 = IP Static Route set #7, Active <0(No) |1(Yes)> 120107003 = IP Static Route set #7, Destination = 0.0.0.0...
Page 419 Prestige 2602HW Series User’s Guide Table 147 Menu 12 (SMT Menu 12) (continued) 120110007 = IP Static Route set #10, Private <0(No) |1(Yes)> */ Menu 12.1.11 IP Static Route Setup (SMT Menu 12.1.11) INPUT 120111001 = IP Static Route set #11, Name <Str>...
Page 420: Table 148 Menu 15 Sua Server Setup (Smt Menu 15)
Prestige 2602HW Series User’s Guide Table 147 Menu 12 (SMT Menu 12) (continued) 120114005 = IP Static Route set #14, Gateway = 0.0.0.0 120114006 = IP Static Route set #14, Metric 120114007 = IP Static Route set #14, Private <0(No) |1(Yes)>...
Page 421 Prestige 2602HW Series User’s Guide Table 148 Menu 15 SUA Server Setup (SMT Menu 15) (continued) 150000008 = SUA Server #3 Protocol <0(All)|6(TCP)|17(U DP)> 150000009 = SUA Server #3 Port Start 150000010 = SUA Server #3 Port End 150000011 = SUA Server #3 Local IP address = 0.0.0.0...
Page 422: Table 149 Menu 21.1 Filter Set #1 (Smt Menu 21.1)
Prestige 2602HW Series User’s Guide Table 148 Menu 15 SUA Server Setup (SMT Menu 15) (continued) 150000042 = SUA Server #10 Active <0(No) | 1(Yes)> 150000043 = SUA Server #10 Protocol <0(All)|6(TCP)|17(U DP)> 150000044 = SUA Server #10 Port Start...
Page 423 Prestige 2602HW Series User’s Guide Table 149 Menu 21.1 Filter Set #1 (SMT Menu 21.1) (continued) 210101011 = IP Filter Set 1,Rule 1 Src Port Comp <0(none)|1(equal) |2(not equal)|3(less)|4( greater)> 210101013 = IP Filter Set 1,Rule 1 Act Match <1(check next)|2(forward)| 3(drop)>...
Page 424 Prestige 2602HW Series User’s Guide Table 149 Menu 21.1 Filter Set #1 (SMT Menu 21.1) (continued) 210103007 = IP Filter Set 1,Rule 3 Dest Port Comp <0(none)|1(equal) |2(not equal)|3(less)|4( greater)> 210103008 = IP Filter Set 1,Rule 3 Src IP address = 0.0.0.0...
Page 425 Prestige 2602HW Series User’s Guide Table 149 Menu 21.1 Filter Set #1 (SMT Menu 21.1) (continued) 210105002 = IP Filter Set 1,Rule 5 Active <0(No)|1(Yes)> 210105003 = IP Filter Set 1,Rule 5 Protocol = 17 210105004 = IP Filter Set 1,Rule 5 Dest IP address = 0.0.0.0...
Page 426: Table 150 Menu 21.1 Filer Set #2, (Smt Menu 21.1)
Prestige 2602HW Series User’s Guide Table 149 Menu 21.1 Filter Set #1 (SMT Menu 21.1) (continued) 210106013 = IP Filter Set 1,Rule 6 Act Match <1(check next)|2(forward)| 3(drop)> 210106014 = IP Filter Set 1,Rule 6 Act Not Match <1(check next)|2(forward)| 3(drop)>...
Page 427 Prestige 2602HW Series User’s Guide Table 150 Menu 21.1 Filer Set #2, (SMT Menu 21.1) (continued) 210202001 = IP Filter Set 2, Rule 2 Type <0(none)|2(TCP/IP)> = 2 210202002 = IP Filter Set 2, Rule 2 Active <0(No)|1(Yes)> 210202003 =...
Page 428 Prestige 2602HW Series User’s Guide Table 150 Menu 21.1 Filer Set #2, (SMT Menu 21.1) (continued) 210203011 = IP Filter Set 2, Rule 3 Src Port <0(none)|1(equal)|2 Comp (not equal)|3(less)|4(gr eater)> 210203013 = IP Filter Set 2, Rule 3 Act Match <1(check...
Page 429 Prestige 2602HW Series User’s Guide Table 150 Menu 21.1 Filer Set #2, (SMT Menu 21.1) (continued) 210205004 = IP Filter Set 2, Rule 5 Dest IP = 0.0.0.0 address 210205005 = IP Filter Set 2, Rule 5 Dest Subnet Mask...
Page 430: Table 151 Menu 23 System Menus (Smt Menu 23)
Prestige 2602HW Series User’s Guide Table 150 Menu 21.1 Filer Set #2, (SMT Menu 21.1) (continued) 210206013 = IP Filter Set 2,Rule 6 Act Match <1(check next)|2(forward)|3( drop)> 210206014 = IP Filter Set 2,Rule 6 Act Not <1(check Match next)|2(forward)|3( drop)>...
Page 431: Table 152 Menu 24.11 Remote Management Control (Smt Menu 24.11)
Prestige 2602HW Series User’s Guide Table 151 Menu 23 System Menus (SMT Menu 23) (continued) 230400001 = Wireless Port Control <0(Authentication Required) |1(No Access Allowed) |2(No Authentication Required)> 230400002 = ReAuthentication Timer (in second) = 555 230400003 = Idle Timeout (in second)
Page 432: Command Examples
Prestige 2602HW Series User’s Guide Command Examples The following are example Internal SPTGEN screens associated with the Prestige’s command interpreter commands. Table 153 ci command (for annex a): wan adsl opencmd /ci command (for annex a): wan adsl opencmd INPUT...
Page 433: Appendix J Command Interpreter
Prestige 2602HW Series User’s Guide Appendix J Command Interpreter The following describes how to use the command interpreter. Enter 24 in the main menu to bring up the system maintenance menu. Enter 8 to go to Menu 24.8 - Command Interpreter Mode.
Page 434 Prestige 2602HW Series User’s Guide Appendix J Command Interpreter...
Page 435: Appendix K Firewall Commands
Prestige 2602HW Series User’s Guide Appendix K Firewall Commands Sys Firewall Commands The following describes the firewall commands. See Appendix J Each of these commands must be information on the command structure. preceded by when you use them. For example, type sys firewall to turn on the firewall.
Page 436 Prestige 2602HW Series User’s Guide Appendix K Firewall Commands...
Page 437: Appendix L Boot Commands
Prestige 2602HW Series User’s Guide Appendix L Boot Commands The BootModule AT commands execute from within the router’s bootup software, when debug mode is selected before the main router firmware is started. When you start up your Prestige, you are given a choice to go into debug mode by pressing a key at the prompt shown in the following screen.
Page 438: Figure 273 Boot Module Commands
Prestige 2602HW Series User’s Guide Figure 273 Boot Module Commands just answer OK ATHE print help ATBAx change baudrate. 1:38.4k, 2:19.2k, 3:9.6k 4:57.6k 5:115.2k ATENx,(y) set BootExtension Debug Flag (y=password) ATSE show the seed of password generator ATTI(h,m,s) change system time to hour:min:sec or show...
Page 439: Appendix M Log Descriptions
Prestige 2602HW Series User’s Guide Appendix M Log Descriptions This appendix provides descriptions of example log messages. Table 155 System Maintenance Logs LOG MESSAGE DESCRIPTION The router has adjusted its time based on information from the Time calibration is time server.
Page 440: Table 156 System Error Logs
Prestige 2602HW Series User’s Guide Table 155 System Maintenance Logs (continued) LOG MESSAGE DESCRIPTION The router is saving configuration changes. Configuration Change: PC = 0x%x, Task ID = 0x%x Someone has logged on to the router’s SSH server. Successful SSH login Someone has failed to log on to the router’s SSH server.
Page 441: Table 158 Tcp Reset Logs
Prestige 2602HW Series User’s Guide Table 158 TCP Reset Logs LOG MESSAGE DESCRIPTION The router sent a TCP reset packet when a host was under a SYN Under SYN flood attack, flood attack (the TCP incomplete count is per destination host.)
Page 442: Table 161 Cdr Logs
Prestige 2602HW Series User’s Guide Table 160 ICMP Logs (continued) LOG MESSAGE DESCRIPTION The firewall allowed a triangle route session to pass Triangle route packet forwarded: through. ICMP The router blocked a packet that didn’t have a Packet without a NAT table entry corresponding NAT table entry.
Page 443: Table 163 Upnp Logs
Prestige 2602HW Series User’s Guide Table 163 UPnP Logs LOG MESSAGE DESCRIPTION UPnP packets can pass through the firewall. UPnP pass through Firewall Table 164 Content Filtering Logs LOG MESSAGE DESCRIPTION The content of a requested web page matched a user defined keyword.
Page 444: Table 166 802.1X Logs
Prestige 2602HW Series User’s Guide Table 165 Attack Logs (continued) LOG MESSAGE DESCRIPTION The firewall classified an ICMP packet with no source routing entry ip spoofing - no routing as an IP spoofing attack. entry ICMP (type:%d, code:%d) The firewall detected an ICMP vulnerability attack. For type and...
Page 445: Table 167 Acl Setting Notes
Prestige 2602HW Series User’s Guide Table 166 802.1X Logs (continued) LOG MESSAGE DESCRIPTION There is no authentication server to authenticate a user. No Server to authenticate user. A user was not authenticated by the local user database Local User Database does not because the user is not listed in the local user database.
Page 446: Table 169 Syslog Logs
Prestige 2602HW Series User’s Guide Table 168 ICMP Notes (continued) TYPE CODE DESCRIPTION Time Exceeded Time to live exceeded in transit Fragment reassembly time exceeded Parameter Problem Pointer indicates the error Timestamp Timestamp request message Timestamp Reply Timestamp reply message...
Page 447: Table 171 Rtp Logs
Prestige 2602HW Series User’s Guide Table 171 RTP Logs LOG MESSAGE DESCRIPTION The initialization of an RTP session failed. Error, RTP init fail A VoIP phone call failed because the RTP session could not be Error, Call fail: RTP established.
Page 448: Log Commands
Prestige is to record. 2 Use sys logs category to view a list of the log categories. Figure 274 Displaying Log Categories Example Copyright (c) 1994 - 2004 ZyXEL Communications Corp. ras> ? Valid commands are: exit...
Page 449: Displaying Logs
Prestige 2602HW Series User’s Guide Figure 275 Displaying Log Parameters Example ras> sys logs category access Usage: [0:none/1:log/2:alert/3:both] ras> 4 Use sys logs category followed by a log category and a parameter to decide what to record. Use 0 to not record logs for that category, 1 to record only logs for that category, 2 to record only alerts for that category, and 3 to record both logs and alerts for that category.
Page 450: Log Command Example
Prestige 2602HW Series User’s Guide Log Command Example This example shows how to set the Prestige to record the access logs and alerts and then view the results. Figure 276 Log Command Example ras> sys logs load ras> sys logs category access 3 ras>...
Page 451: Index
Prestige 2602HW Series User’s Guide Index Numerics authentication databases Authentication Password 67, 132 Authentication protocol 64kbps Authentication User ID 66, 132 8kbps auto-Crossover auto-negotiation Auto-provisioning Access methods ACK Message Backup Address mapping Backup Type Address Resolution Protocol (ARP) Basic Service Set...
Page 452 Prestige 2602HW Series User’s Guide CBR (Continuous Bit Rate) Customized services CDR (Call Detail Record) CE regulations Certificate Authority Data encryption change password at login Data Filtering Channel Interference data privacy Channel ID Daylight Savings CHAP DBPSK Class of Service...
Page 453 Prestige 2602HW Series User’s Guide DS Field Expiration Duration DS field Extended Service Set DSCPs Extended Service Set (ESS) DSL (Digital Subscriber Line) Extensible Authentication Protocol DSL, What Is It? External Antenna DSLAM DSLAM (Digital Subscriber Line Access Multiplexer) DSSS...
Page 454 Prestige 2602HW Series User’s Guide Rule Security Ramifications Services SMT menus IANA 60, 61 Types When To Use IANA (Internet Assigned Number Authority) firmware IBSS Firmware Upgrade ICMP echo Flow Control Idle timeout Fragment Threshold IEEE 802.11 Deployment Issues Fragmentation Threshold...
Page 455 Prestige 2602HW Series User’s Guide IP alias 47, 249 LAN TCP/IP IP Alias Setup LAN to WAN Rules IP Classes LAND 152, 153 IP Filter Lifeline 42, 140 Logic Flow Lifeline Screen IP mask Link type IP Packet Listening Port...
Page 456 Prestige 2602HW Series User’s Guide Message Logging Metric 103, 239, 260, 267 OFDM Min-SE OK Response Moving the Cursor One-Minute High MSDU (MAC Service Data Unit) Operating frequency Multicast 76, 260 Orthogonal Frequency Division Multiplexing Modulation Multimedia Multiple SIP Accounts...
Page 457 Prestige 2602HW Series User’s Guide PPPoA Rate Receiving PPPoE 104, 397 Transmission Benefits Read Me First PPPoE (Point-to-Point Protocol over Ethernet) 46, 104 Real time Transport Protocol 128, 134 PPPoE pass-through Register PPTP Register Resend Timer Precedence 351, 354 REGISTER Server Address...
Page 458 Prestige 2602HW Series User’s Guide RTP Port Range SIP Proxy Server RTS (Request To Send) 82, 246 SIP Redirect Server RTS (Request To Send) threshold SIP Register Server RTS Threshold 82, 83, 246 SIP Registration Status Rule Summary SIP Server Address...
Page 459 Prestige 2602HW Series User’s Guide Sustain Cell Rate Timeout Sustain Cell Rate (SCR) TKIP Sustained Cell Rate (SCR) SYN Flood 152, 153 SYN-ACK TOS (Type of Service) Syntax Conventions Trace Records Syslog 178, 320 Traceroute Syslog IP Address Traffic Redirect...
Page 460: Table 14 Wireless Lan
Prestige 2602HW Series User’s Guide User Profiles Default Key user profiles WEP (Wired Equivalent Privacy) 45, 86, 246 WEP Encryption WEP encryption Wi-Fi Protected Access Wi-Fi Protected Access (WPA) Wireless Client WPA Supplicants 43, 136 Wireless LAN 81, 245, 399...

ZyXEL Communications Prestige 2602HW Series User Manual

Chapter 1 Getting to Know Your Prestige

Chapter 2 Introducing the Web Configurator

Chapter 3 Wizard Setup

Chapter 4 Password Setup

Chapter 5 LAN Setup

Chapter 6 Wireless LAN Setup

Chapter 7 WAN Setup

Chapter 8 Network Address Translation (NAT) Screens

Chapter 9 Introduction to Voip

Chapter 10 Voice Screens

Chapter 11 Dynamic DNS Setup

Chapter 12 Time and Date

Chapter 13 Firewalls

Quick Links

Troubleshooting

Related Manuals for ZyXEL Communications Prestige 2602HW Series

Summary of Contents for ZyXEL Communications Prestige 2602HW Series