Page 1 Prestige 660H/HW Series 802.11g Wireless ADSL2+ 4-Port Security Gateway User’s Guide Version 3.40 January 2005...
Page 4: Federal Communications Commission (Fcc) Interference Statement
Prestige 660H/HW Series User’s Guide Federal Communications Commission (FCC) Interference Statement This device complies with Part 15 of FCC rules. Operation is subject to the following two conditions: • This device may not cause harmful interference. • This device must accept any interference received, including interference that may cause undesired operations.
Page 5: Zyxel Limited Warranty
Prestige 660H/HW Series User’s Guide ZyXEL Limited Warranty ZyXEL warrants to the original end user (purchaser) that this product is free from any defects in materials or workmanship for a period of up to two years from the date of purchase. During the warranty period, and upon proof of purchase, should the product have indications of failure due to faulty workmanship and/or materials, ZyXEL will, at its discretion, repair or replace the defective products or components without charge for either parts or labor, and to whatever...
Page 6: Customer Support
• Brief description of the problem and the steps you took to solve it. METHOD SUPPORT E-MAIL TELEPHONE WEB SITE REGULAR MAIL SALES E-MAIL FTP SITE LOCATION support@zyxel.com.tw +886-3-578-3942 www.zyxel.com ZyXEL Communications Corp. 6 Innovation Road II www.europe.zyxel.com Science Park WORLDWIDE sales@zyxel.com.tw +886-3-578-2439 ftp.zyxel.com Hsinchu 300 Taiwan ftp.europe.zyxel.com support@zyxel.com...
Page 7: Table Of Contents
Prestige 660H/HW Series User’s Guide Table of Contents Copyright ........................2 Federal Communications Commission (FCC) Interference Statement ....3 ZyXEL Limited Warranty..................4 Customer Support....................5 Table of Contents ..................... 6 List of Figures ......................22 List of Tables ......................30 Preface ........................
Page 8 Prestige 660H/HW Series User’s Guide 3.1.1 Encapsulation ...................54 3.1.1.1 ENET ENCAP .................54 3.1.1.2 PPP over Ethernet ................54 3.1.1.3 PPPoA .....................54 3.1.1.4 RFC 1483 ..................55 3.1.2 Multiplexing ....................55 3.1.2.1 VC-based Multiplexing ..............55 3.1.2.2 LLC-based Multiplexing ..............55 3.1.3 VPI and VCI ....................55 3.1.4 Internet Access Wizard Setup: First Screen ..........55 3.2 IP Address and Subnet Mask ................56 3.2.1 IP Address Assignment ................57...
Page 9 Prestige 660H/HW Series User’s Guide 6.3 DNS Server Address Assignment ..............73 6.4 LAN TCP/IP ......................74 6.4.1 Factory LAN Defaults ................74 6.4.2 IP Address and Subnet Mask ..............74 6.4.3 RIP Setup ....................74 6.4.4 Multicast ....................75 6.5 Any IP .........................75 6.5.1 How Any IP Works ..................76 6.6 Configuring LAN ....................77 6.7 Configuring Static DHCP ..................78 Chapter 7...
Page 10 Prestige 660H/HW Series User’s Guide Chapter 8 WAN Setup......................104 8.1 WAN Overview ....................104 8.2 Metric ......................104 8.3 PPPoE Encapsulation ..................105 8.4 Traffic Shaping ....................105 8.5 Zero Configuration Internet Access ..............106 8.6 Configuring WAN Setup ...................106 8.7 Traffic Redirect ....................109 8.8 Configuring WAN Backup .................110 Chapter 9 Network Address Translation (NAT) Screens ............
Page 11 Prestige 660H/HW Series User’s Guide 12.2.1 Packet Filtering Firewalls ..............130 12.2.2 Application-level Firewalls ..............130 12.2.3 Stateful Inspection Firewalls ..............131 12.3 Introduction to ZyXEL’s Firewall ..............131 12.3.1 Denial of Service Attacks ..............132 12.4 Denial of Service ....................132 12.4.1 Basics ....................132 12.4.2 Types of DoS Attacks ................133 12.4.2.1 ICMP Vulnerability ..............135 12.4.2.2 Illegal Commands (NetBIOS and SMTP) ........135 12.4.2.3 Traceroute ...................136...
Page 12 Prestige 660H/HW Series User’s Guide 13.6.1 Configuring Firewall Rules ..............151 13.7 Customized Services ..................154 13.8 Creating/Editing A Customized Service ............154 13.9 Example Firewall Rule ...................155 13.10 Predefined Services ..................159 13.11 Anti-Probing ....................161 13.12 Configuring Attack Alert ................162 13.12.1 Threshold Values ................163 13.12.2 Half-Open Sessions ................163 13.12.2.1 TCP Maximum Incomplete and Blocking Time ......163 Chapter 14...
Page 13 Prestige 660H/HW Series User’s Guide 17.1.1 Alerts and Logs ..................188 17.2 Configuring Log Settings ................188 17.3 Displaying the Logs ..................190 17.4 SMTP Error Messages ...................191 17.4.1 Example E-mail Log ................192 Chapter 18 Media Bandwidth Management Advanced Setup..........194 18.1 Bandwidth Management Advanced Setup Overview ........194 18.2 Bandwidth Classes and Filters ...............194 18.3 Proportional Bandwidth Allocation ..............195 18.4 Bandwidth Management Usage Examples ............195...
Page 14 Prestige 660H/HW Series User’s Guide Chapter 20 Introducing the SMT .................... 220 20.1 SMT Introduction ....................220 20.1.1 Procedure for SMT Configuration via Telnet .........220 20.1.2 Entering Password ................220 20.1.3 Prestige SMT Menu Overview ..............221 20.2 Navigating the SMT Interface .................221 20.2.1 System Management Terminal Interface Summary ......223 20.3 Changing the System Password ..............223 Chapter 21...
Page 15 Prestige 660H/HW Series User’s Guide Chapter 26 Remote Node Configuration ................248 26.1 Remote Node Setup Overview ...............248 26.2 Remote Node Setup ..................248 26.2.1 Remote Node Profile ................248 26.2.2 Encapsulation and Multiplexing Scenarios ...........249 26.2.2.1 Scenario 1: One VC, Multiple Protocols ........249 26.2.2.2 Scenario 2: One VC, One Protocol (IP) ........249 26.2.2.3 Scenario 3: Multiple VCs .............249 26.2.3 Outgoing Authentication Protocol ............251...
Page 16 Prestige 660H/HW Series User’s Guide 29.5.2 Example 2: Internet Access with an Inside Server .......274 29.5.3 Example 3: Multiple Public IP Addresses With Inside Servers .....275 29.5.4 Example 4: NAT Unfriendly Application Programs .......279 Chapter 30 Enabling the Firewall ................... 282 30.1 Remote Management and the Firewall ............282 30.2 Access Methods .....................282 30.3 Enabling the Firewall ..................282...
Page 17 Prestige 660H/HW Series User’s Guide 34.2 System Status ....................308 34.3 System Information ..................310 34.3.1 System Information ................310 34.3.2 Console Port Speed ................311 34.4 Log and Trace ....................312 34.4.1 Viewing Error Log .................312 34.4.2 Syslog and Accounting .................313 34.5 Diagnostic ......................315 Chapter 35 Firmware and Configuration File Maintenance ..........
Page 18 Prestige 660H/HW Series User’s Guide 37.2 Remote Management ..................336 37.2.1 Remote Management Setup ..............336 37.2.2 Remote Management Limitations ............337 37.3 Remote Management and NAT ..............338 37.4 System Timeout .....................338 Chapter 38 IP Policy Routing....................340 38.1 IP Policy Routing Overview ................340 38.2 Benefits of IP Policy Routing ................340 38.3 Routing Policy ....................340 38.4 IP Routing Policy Setup .................341...
Page 19 Prestige 660H/HW Series User’s Guide Telephone Microfilters .................... 363 Prestige With ISDN ....................363 Appendix B Setting up Your Computer’s IP Address............366 Windows 95/98/Me....................366 Installing Components ..................367 Configuring ...................... 368 Verifying Settings ..................... 369 Windows 2000/NT/XP .................... 369 Verifying Settings .....................
Page 20 Prestige 660H/HW Series User’s Guide Ad-hoc Wireless LAN Configuration............... 391 Infrastructure Wireless LAN Configuration............. 391 Appendix G Wireless LAN With IEEE 802.1x ................394 Security Flaws with IEEE 802.11 ................394 Deployment Issues with IEEE 802.11 ..............394 IEEE 802.1x ......................394 Advantages of the IEEE 802.1x ................
Page 21 Prestige 660H/HW Series User’s Guide Appendix M Brute-Force Password Guessing Protection............. 426 Example ......................... 426 Appendix N Boot Commands ....................428 Appendix O Log Descriptions....................430 Log Commands...................... 439 Configuring What You Want the Prestige to Log ..........439 Displaying Logs ....................439 Log Command Example..................
Page 22 Prestige 660H/HW Series User’s Guide...
Page 23: List Of Figures
Prestige 660H/HW Series User’s Guide List of Figures Figure 1 Prestige Internet Access Application ..............46 Figure 2 Firewall Application ....................47 Figure 3 Prestige LAN-to-LAN Application ................47 Figure 4 Password Screen ....................49 Figure 5 Change Password at Login ................... 49 Figure 6 Web Configurator: Site Map Screen ..............
Page 24 Prestige 660H/HW Series User’s Guide Figure 37 OTIST Start ......................102 Figure 38 OTIST Process ....................102 Figure 39 Example of Traffic Shaping ................. 106 Figure 40 WAN Setup (PPPoE) ..................107 Figure 41 Traffic Redirect Example ..................110 Figure 42 Traffic Redirect LAN Setup ................. 110 Figure 43 WAN Backup .......................
Page 25 Prestige 660H/HW Series User’s Guide Figure 80 Network Connections ..................178 Figure 81 Windows Optional Networking Components Wizard .......... 179 Figure 82 Networking Services ................... 180 Figure 83 Network Connections ..................181 Figure 84 Internet Connection Properties ................182 Figure 85 Internet Connection Properties: Advanced Settings ........... 183 Figure 86 Internet Connection Properties: Advanced Settings: Add ........
Page 26 Prestige 660H/HW Series User’s Guide Figure 123 Menu 3 LAN Setup .................... 234 Figure 124 Menu 3.1 LAN Port Filter Setup ................ 234 Figure 125 Menu 3.2 TCP/IP and DHCP Ethernet Setup ........... 235 Figure 126 Menu 3.5 - Wireless LAN Setup ............... 238 Figure 127 Menu 3.5.1 WLAN MAC Address Filtering ............
Page 27 Prestige 660H/HW Series User’s Guide Figure 166 Example 3: Menu 15.1.1.1 ................277 Figure 167 Example 3: Final Menu 15.1.1 ................278 Figure 168 Example 3: Menu 15.2.1 ................... 278 Figure 169 NAT Example 4 ....................279 Figure 170 Example 4: Menu 15.1.1.1 Address Mapping Rule ........... 279 Figure 171 Example 4: Menu 15.1.1 Address Mapping Rules ..........
Page 28 Prestige 660H/HW Series User’s Guide Figure 209 Restore Using FTP Session Example ............... 324 Figure 210 Telnet Into Menu 24.7.1 Upload System Firmware .......... 325 Figure 211 Telnet Into Menu 24.7.2 System Maintenance ..........326 Figure 212 FTP Session Example of Firmware File Upload ..........327 Figure 213 Command Mode in Menu 24 ................
Page 29 Prestige 660H/HW Series User’s Guide Figure 252 Macintosh OS X: Network ................. 376 Figure 253 Single-Computer per Router Hardware Configuration ........387 Figure 254 Prestige as a PPPoE Client ................387 Figure 255 Virtual Circuit Topology ..................388 Figure 256 Peer-to-Peer Communication in an Ad-hoc Network ........391 Figure 257 ESS Provides Campus-Wide Coverage ............
Page 30 Prestige 660H/HW Series User’s Guide...
Page 31: List Of Tables
Prestige 660H/HW Series User’s Guide List of Tables Table 1 ADSL Standards ....................40 Table 2 IEEE802.11g ......................42 Table 3 Web Configurator Screens Summary ..............51 Table 4 Internet Access Wizard Setup: First Screen ............56 Table 5 Internet Connection with PPPoE ................59 Table 6 Internet Connection with RFC 1483 ..............
Page 32 Prestige 660H/HW Series User’s Guide Table 37 Common IP Ports ....................133 Table 38 ICMP Commands That Trigger Alerts ..............135 Table 39 Legal NetBIOS Commands ................. 135 Table 40 Legal SMTP Commands ..................136 Table 41 Firewall: Default Policy ..................148 Table 42 Rule Summary .....................
Page 33 Prestige 660H/HW Series User’s Guide Table 80 TCP/IP Ethernet Setup ..................236 Table 81 Menu 3.5 - Wireless LAN Setup ................238 Table 82 Menu 3.5.1 WLAN MAC Address Filtering ............240 Table 83 Menu 3.2.1 IP Alias Setup ................... 244 Table 84 Menu 4 Internet Access Setup ................
Page 34 Prestige 660H/HW Series User’s Guide Table 123 Troubleshooting the WAN Interface ..............359 Table 124 Troubleshooting Internet Access ............... 360 Table 125 Troubleshooting the Password ................360 Table 126 Troubleshooting the Web Configurator .............. 361 Table 127 Troubleshooting Remote Management ............. 361 Table 128 Classes of IP Addresses ...................
Page 35 Prestige 660H/HW Series User’s Guide Table 166 ACL Setting Notes ..................... 436 Table 167 ICMP Notes ....................... 437 Table 168 Syslog Logs ....................... 438 Table 169 RFC-2408 ISAKMP Payload Types ..............438...
Page 36 Prestige 660H/HW Series User’s Guide...
Page 37: Preface
Prestige 660H/HW Series User’s Guide Preface Congratulations on your purchase of the Prestige 660HW Wireless ADSL Security Gateway or the Prestige 660H ADSL Security Gateway. Note: Register your product online to receive e-mail notices of firmware upgrades and information at www.zyxel.com for global products, or at www.us.zyxel.com...
Page 38 Help us help you. E-mail all User Guide-related comments, questions or suggestions for improvement to techwriters@zyxel.com.tw or send regular mail to The Technical Writing Team, ZyXEL Communications Corp., 6 Innovation Road II, Science-Based Industrial Park, Hsinchu, 300, Taiwan. Thank you.
Page 39: Introduction To Dsl
Prestige 660H/HW Series User’s Guide Introduction to DSL DSL (Digital Subscriber Line) technology enhances the data capacity of the existing twisted- pair wire that runs between the local telephone company switching offices and most homes and offices. While the wire itself can handle higher frequencies, the telephone switching equipment is designed to cut off signals above 4,000 Hz to filter noise off the voice line, but now everybody is searching for ways to get more bandwidth to improve access to the Web - hence DSL technologies.
Page 40 Prestige 660H/HW Series User’s Guide Introduction to DSL...
Page 41: Getting To Know Your Prestige
Prestige 660H/HW Series User’s Guide H A P T E R Getting To Know Your Prestige Prestige. This chapter describes the key features and applications of your 1.1 Introducing the Prestige Your Prestige integrates high-speed 10/100Mbps auto-negotiating LAN interface(s) and a high-speed ADSL port into a single package.
Page 42: Features Of The Prestige
Prestige 660H/HW Series User’s Guide The web browser-based Graphical User Interface (GUI) provides easy management. 1.1.1 Features of the Prestige The following sections describe the features of the Prestige. High Speed Internet Access Your Prestige ADSL/ADSL2/ADSL2+ router can support downstream transmission rates of up to 24Mbps and upstream transmission rates of 3.5Mbps.
Page 43: Table 2 Ieee802.11G
Prestige 660H/HW Series User’s Guide IEEE 802.11g Wireless LAN IEEE 802.11g is fully compatible with the IEEE 802.11b standard. This means an IEEE 802.11b radio card can interface directly with an IEEE 802.11g access point (and vice versa) at 11 Mbps or lower depending on range. IEEE 802.11g has several intermediate rate steps between the maximum and minimum data rates.
Page 44: Dynamic Dns Support
Prestige 660H/HW Series User’s Guide Traffic Redirect Traffic redirect forwards WAN traffic to a backup gateway when the Prestige cannot connect to the Internet, thus acting as an auxiliary if your regular WAN connection fails. Media Bandwidth Management ZyXEL’s Media Bandwidth Management allows you to specify bandwidth classes based on an application and/or subnet.
Page 45: Protocol Support
Prestige 660H/HW Series User’s Guide Multiple PVC (Permanent Virtual Circuits) Support Your Prestige supports up to 8 PVC’s. ADSL Standards • Full-Rate (ANSI T1.413, Issue 2; G.dmt (G.992.1) with line rate support of up to 8 Mbps downstream and 832 Kbps upstream. •...
Page 46: Network Management
Prestige 660H/HW Series User’s Guide • ICMP support • ATM QoS support • MIB II support (RFC 1213) Networking Compatibility Your Prestige is compatible with the major ADSL DSLAM (Digital Subscriber Line Access Multiplexer) providers, making configuration as simple as possible for you. Multiplexing The Prestige supports VC-based and LLC-based multiplexing.
Page 47: Applications For The Prestige
Prestige 660H/HW Series User’s Guide • LAN port Packet Filters The Prestige's packet filtering functions allows added network security and management. Ease of Installation Your Prestige is designed for quick, intuitive and easy installation. Housing Your Prestige's compact and ventilated housing minimizes space requirements making it easy to position anywhere in your busy office.
Page 48: Firewall For Secure Broadband Internet Access
Prestige 660H/HW Series User’s Guide 1.1.3 Firewall for Secure Broadband Internet Access The Prestige provides protection from attacks by Internet hackers. By default, the firewall blocks all incoming traffic from the WAN. The firewall supports TCP/UDP inspection and DoS (Denial of Services) detection and prevention, as well as real time alerts, reports and logs. Figure 2 Firewall Application 1.1.3.1 LAN to LAN Application You can use the Prestige to connect two geogr...
Page 49: Introducing The Web Configurator
Prestige 660H/HW Series User’s Guide H A P T E R Introducing the Web Configurator This chapter describes how to access and navigate the web configurator. 2.1 Web Configurator Overview The web configurator is an HTML-based management interface that allows easy Prestige setup and management via Internet browser.
Page 50: Resetting The Prestige
Prestige 660H/HW Series User’s Guide Figure 4 Password Screen 6 It is highly recommended you change the default password! Enter a new password, retype it to confirm and click Apply; alternatively click Ignore to proceed to the main menu if you do not want to change the password now.
Page 51: Navigating The Prestige Web Configurator
Prestige 660H/HW Series User’s Guide 2 Press the RESET button for ten seconds or until the PWR/SYS LED begins to blink and then release it. When the PWR/SYS LED begins to blink, the defaults have been restored and the Prestige restarts. 2.1.3 Navigating the Prestige Web Configurator The following summarizes how to navigate the web configurator from the SITE MAP screen.
Page 52: Table 3 Web Configurator Screens Summary
Prestige 660H/HW Series User’s Guide Note: Click the icon (located in the top right corner of most screens) to view embedded help. Table 3 Web Configurator Screens Summary LINK SUB-LINK FUNCTION Wizard Setup Connection Use these screens for initial configuration including general Setup setup, ISP parameters for Internet Access and WAN IP/DNS Server/MAC address assignment.
Page 53 Prestige 660H/HW Series User’s Guide Table 3 Web Configurator Screens Summary (continued) LINK SUB-LINK FUNCTION UPnP Use this screen to enable UPnP on the Prestige. Logs Log Settings Use this screen to change your Prestige’s log settings. View Log Use this screen to view the logs for the categories that you selected.
Page 54 Prestige 660H/HW Series User’s Guide Chapter 2 Introducing the Web Configurator...
Page 55: Wizard Setup For Internet Access
Prestige 660H/HW Series User’s Guide H A P T E R Wizard Setup for Internet Access This chapter provides information on the Wizard Setup screens for Internet access in the web configurator. 3.1 Introduction Use the Wizard Setup screens to configure your system for Internet access with the information (provided by your ISP) that you fill in the Internet Account Information table in the Quick Start Guide.
Page 56: Rfc 1483
Prestige 660H/HW Series User’s Guide 3.1.1.4 RFC 1483 RFC 1483 describes two methods for Multiprotocol Encapsulation over ATM Adaptation Layer 5 (AAL5). The first method allows multiplexing of multiple protocols over a single ATM virtual circuit (LLC-based multiplexing) and the second method assumes that each protocol is carried over a separate ATM virtual circuit (VC-based multiplexing).
Page 57: Ip Address And Subnet Mask
Prestige 660H/HW Series User’s Guide Figure 7 Internet Access Wizard Setup: First Screen The following table describes the fields in this screen. Table 4 Internet Access Wizard Setup: First Screen LABEL DESCRIPTION Mode From the Mode drop-down list box, select Routing (default) if your ISP allows multiple computers to share an Internet account.
Page 58: Ip Address Assignment
Prestige 660H/HW Series User’s Guide If the ISP did not explicitly give you an IP network number, then most likely you have a single user account and the ISP will assign you a dynamic IP address when the connection is established.
Page 59: Private Ip Addresses
Prestige 660H/HW Series User’s Guide 3.2.1.4 Private IP Addresses Every machine on the Internet must have a unique address. If your networks are isolated from the Internet, for example, only between your two branch offices, you can assign any IP addresses to the hosts without problems.
Page 60: Figure 8 Internet Connection With Pppoe
Prestige 660H/HW Series User’s Guide Figure 8 Internet Connection with PPPoE The following table describes the fields in this screen. Table 5 Internet Connection with PPPoE LABEL DESCRIPTION Service Name Type the name of your PPPoE service here. User Name Enter the user name exactly as your ISP assigned.
Page 61: Figure 9 Internet Connection With Rfc 1483
Prestige 660H/HW Series User’s Guide Figure 9 Internet Connection with RFC 1483 The following table describes the fields in this screen. Table 6 Internet Connection with RFC 1483 LABEL DESCRIPTION IP Address This field is available if you select Routing in the Mode field. Type your ISP assigned IP address in this field.
Page 62: Figure 11 Internet Connection With Pppoa
Prestige 660H/HW Series User’s Guide The following table describes the fields in this screen. Table 7 Internet Connection with ENET ENCAP LABEL DESCRIPTION IP Address A static IP address is a fixed IP that your ISP gives you. A dynamic IP address is not fixed;...
Page 63: Dhcp Setup
Prestige 660H/HW Series User’s Guide The following table describes the fields in this screen. Table 8 Internet Connection with PPPoA LABEL DESCRIPTION User Name Enter the login name that your ISP gives you. Password Enter the password associated with the user name above. IP Address This option is available if you select Routing in the Mode field.
Page 64: Figure 12 Internet Access Wizard Setup: Third Screen
Prestige 660H/HW Series User’s Guide Figure 12 Internet Access Wizard Setup: Third Screen If you want to change your Prestige LAN settings, click Change LAN Configuration to display the screen as shown next. Figure 13 Internet Access Wizard Setup: LAN Configuration Chapter 3 Wizard Setup for Internet Access...
Page 65: Internet Access Wizard Setup: Connection Test
Prestige 660H/HW Series User’s Guide The following table describes the fields in this screen. Table 9 Internet Access Wizard Setup: LAN Configuration LABEL DESCRIPTION LAN IP Address Enter the IP address of your Prestige in dotted decimal notation, for example, 192.168.1.1 (factory default).
Page 66: Test Your Internet Connection
Prestige 660H/HW Series User’s Guide Figure 14 Internet Access Wizard Setup: Connection Tests 3.2.7.1 Test Your Internet Connection Launch your web browser and navigate to www.zyxel.com. Internet access is just the beginning. Refer to the rest of this guide for more detailed information on the complete range of Prestige features.
Page 67: Wizard Setup For Media Bandwidth Management
Prestige 660H/HW Series User’s Guide H A P T E R Wizard Setup for Media Bandwidth Management This chapter shows you how to configure basic bandwidth management using the wizard screens. 4.1 Introduction The web configurator’s Media Bandwidth Magnt. screens under Wizard Setup allows you to specify bandwidth classes based on an application (or service).
Page 68: Media Bandwidth Management Setup: First Screen
Prestige 660H/HW Series User’s Guide Table 10 Media Bandwidth Mgnt. Wizard Setup: Services (continued) SERVICE DESCRIPTION File Transfer Program enables fast transfer of files, including large files that may not be possible by e-mail. FTP uses port number 21. E-Mail Electronic mail consists of messages sent through a computer network to specific groups or individuals.
Page 69: Media Bandwidth Mgnt. Wizard Setup: Second Screen
Prestige 660H/HW Series User’s Guide The following table describes the labels in this screen. Table 11 Media Bandwidth Mgnt. Wizard Setup: First Screen LABEL DESCRIPTION Active Select the Active check box to have the Prestige apply bandwidth management to traffic going out through the Prestige’s WAN, LAN or WLAN port. Select the service to These checkboxes are applicable when you select the Active checkbox above.
Page 70: Media Bandwidth Mgnt. Wizard Setup: Finish
Prestige 660H/HW Series User’s Guide The following table describes the fields in this screen. Table 12 Media Bandwidth Mgnt. Wizard Setup: Second Screen LABEL DESCRIPTION Service These fields display the service(s) selected in the previous screen. Priority Select High, Mid or Low priority for each service to have your Prestige use a priority for traffic that matches that service.
Page 71: Chapter 5 Password Setup
Prestige 660H/HW Series User’s Guide H A P T E R Password Setup This chapter provides information on the Password screen. 5.1 Password Overview It is highly recommended that you change the password for accessing the Prestige. 5.1.1 Configuring Password To change your Prestige’s password (recommended), click Password in the Site Map screen.
Page 72 Prestige 660H/HW Series User’s Guide Chapter 5 Password Setup...
Page 73: Chapter 6 Lan Setup
Prestige 660H/HW Series User’s Guide H A P T E R LAN Setup This chapter describes how to configure LAN settings. 6.1 LAN Overview A Local Area Network (LAN) is a shared communication system to which many computers are attached. A LAN is a computer network limited to the immediate area, usually the same building or floor of a building.
Page 74: Dns Server Address
Prestige 660H/HW Series User’s Guide 6.2 DNS Server Address DNS (Domain Name System) is for mapping a domain name to its corresponding IP address and vice versa. The DNS server is extremely important because without it, you must know the IP address of a machine before you can access it.
Page 75: Lan Tcp/Ip
Prestige 660H/HW Series User’s Guide 6.4 LAN TCP/IP The Prestige has built-in DHCP server capability that assigns IP addresses and DNS servers to systems that support DHCP client capability. 6.4.1 Factory LAN Defaults The LAN parameters of the Prestige are preset in the factory with the following values: •...
Page 76: Multicast
Prestige 660H/HW Series User’s Guide 6.4.4 Multicast Traditionally, IP packets are transmitted in one of either two ways - Unicast (1 sender - 1 recipient) or Broadcast (1 sender - everybody on the network). Multicast delivers IP packets to a group of hosts on the network - not everybody and not just 1. IGMP (Internet Group Multicast Protocol) is a network-layer protocol used to establish membership in a Multicast group - it is not used to carry user data.
Page 77: How Any Ip Works
Prestige 660H/HW Series User’s Guide Figure 20 Any IP Example The Any IP feature does not apply to a computer using either a dynamic IP address or a static IP address that is in the same subnet as the Prestige’s IP address. Note: You must enable NAT/SUA to use the Any IP feature on the Prestige.
Page 78: Configuring Lan
Prestige 660H/HW Series User’s Guide 6.6 Configuring LAN Click LAN and LAN Setup to open the following screen. Figure 21 LAN Setup The following table describes the fields in this screen. Table 14 LAN Setup LABEL DESCRIPTION DHCP DHCP If set to Server, your Prestige can assign IP addresses, an IP default gateway and DNS servers to Windows 95, Windows NT and other systems that support the DHCP client.
Page 79: Configuring Static Dhcp
Prestige 660H/HW Series User’s Guide Table 14 LAN Setup (continued) LABEL DESCRIPTION Primary DNS Server Enter the IP addresses of the DNS servers. The DNS servers are passed to the DHCP clients along with the IP address and the subnet mask. Secondary DNS As above.
Page 80: Figure 22 Lan: Static Dhcp
Prestige 660H/HW Series User’s Guide Figure 22 LAN: Static DHCP The following table describes the labels in this screen. Table 15 LAN: Static DHCP LABEL DESCRIPTION This is the index number of the Static IP table entry (row). MAC Address Type the MAC address (with colons) of a computer on your LAN.
Page 81: Chapter 7 Wireless Lan Setup
Prestige 660H/HW Series User’s Guide H A P T E R Wireless LAN Setup This chapter discusses how to configure Wireless LAN on the Prestige. 7.1 Introduction This section introduces the wireless LAN and some basic configurations. Wireless LANs can be as simple as two computers with wireless LAN cards communicating in a peer-to-peer network or as complex as a number of computers with wireless LAN cards communicating through access points which bridge network traffic to the wired LAN.
Page 82: Rts/Cts
Prestige 660H/HW Series User’s Guide 7.1.4 RTS/CTS A hidden node occurs when two stations are within range of the same access point, but are not within range of each other. The following figure illustrates a hidden node. Both stations (STA) are within range of the access point (AP) or wireless gateway, but out-of-range of each other, so they cannot "hear"...
Page 83: Fragmentation Threshold
Prestige 660H/HW Series User’s Guide 7.1.5 Fragmentation Threshold A Fragmentation Threshold is the maximum data fragment size (between 256 and 2432 bytes) that can be sent in the wireless network before the Prestige will fragment the packet into smaller data frames. A large Fragmentation Threshold is recommended for networks not prone to interference while you should set a smaller threshold for busy networks or networks that are prone to interference.
Page 84: Data Encryption With Wep
Prestige 660H/HW Series User’s Guide 7.3 Data Encryption with WEP WEP encryption scrambles the data transmitted between the wireless stations and the access points to keep network communications private. It encrypts unicast and multicast communications in a network. Both the wireless stations and the access points must use the same WEP key for data encryption and decryption.
Page 85: Figure 25 Wireless Lan
Prestige 660H/HW Series User’s Guide Figure 25 Wireless LAN The following table describes the fields in this screen. Table 16 Wireless LAN LABEL DESCRIPTION Enable Wireless The wireless LAN is turned off by default, before you enable the wireless LAN you should configure some security by setting MAC filters and/or 802.1x security;...
Page 86: Configuring Mac Filter
Prestige 660H/HW Series User’s Guide Table 16 Wireless LAN (continued) LABEL DESCRIPTION RTS/CTS The RTS (Request To Send) threshold (number of bytes) for enabling RTS/CTS Threshold handshake. Data with its frame size larger than this value will perform the RTS/CTS handshake.
Page 87: Figure 26 Mac Address Filter
Prestige 660H/HW Series User’s Guide To change your Prestige’s MAC filter settings, click Wireless LAN, MAC Filter to open the MAC Filter screen. The screen appears as shown. Note: Be careful not to list your computer’s MAC address and set the Action field to Deny Association when managing the Prestige via a wireless connection.
Page 88: Network Authentication
Prestige 660H/HW Series User’s Guide The following table describes the fields in this menu. Table 17 MAC Address Filter LABEL DESCRIPTION Active Select Yes from the drop down list box to enable MAC address filtering. Action Define the filter action for the list of MAC addresses in the MAC Address table. Select Deny Association to block access to the router, MAC addresses not listed will be allowed to access the Prestige.
Page 89: Types Of Radius Messages
Prestige 660H/HW Series User’s Guide RADIUS is a simple package exchange in which your Prestige acts as a message relay between the wireless station and the network RADIUS server. 7.6.1.2 Types of RADIUS Messages The following types of RADIUS messages are exchanged between the access point and the RADIUS server for user authentication: •...
Page 90: Introduction To Wpa
Prestige 660H/HW Series User’s Guide Figure 27 EAP Authentication The details below provide a general description of how IEEE 802.1x EAP authentication works. For an example list of EAP-MD5 authentication steps, see the appendix about IEEE 802.1x. 1 The wireless station sends a "start" message to the Prestige. 2 The Prestige sends a "request identity"...
Page 91: Wpa-Psk Application Example
Prestige 660H/HW Series User’s Guide Temporal Key Integrity Protocol (TKIP) uses 128-bit keys that are dynamically generated and distributed by the authentication server. It includes a per-packet key mixing function, a Message Integrity Check (MIC) named Michael, an extended initialization vector (IV) with sequencing rules, and a re-keying mechanism.
Page 92: Wpa With Radius Application Example
Prestige 660H/HW Series User’s Guide Figure 28 WPA - PSK Authentication 7.9 WPA with RADIUS Application Example You need the IP address of the RADIUS server, its port number (default is 1812), and the RADIUS shared secret. A WPA application example with an external RADIUS server looks as follows.
Page 93: Security Parameters Summary
Prestige 660H/HW Series User’s Guide Figure 29 WPA with RADIUS Application Example 7.10 Security Parameters Summary Refer to this table to see what other security parameters you should configure for each Authentication Method/ key management protocol type. You enter manual keys by first selecting 64-bit WEP or 128-bit WEP from the WEP Encryption field and then typing the keys (in ASCII or hexadecimal format) in the key text boxes.
Page 94: Wireless Client Wpa Supplicants
Prestige 660H/HW Series User’s Guide 7.11 Wireless Client WPA Supplicants A wireless client supplicant is the software that runs on an operating system instructing the wireless client how to use WPA. At the time of writing, the most widely available supplicants are the WPA patch for Windows XP, Funk Software's Odyssey client, and Meetinghouse Data Communications' AEGIS client.
Page 95: Authentication Required: 802.1X
Prestige 660H/HW Series User’s Guide 7.12.1 Authentication Required: 802.1x Select Authentication Required in the Wireless Port Control field and 802.1x in the Key Management Protocol field to display the next screen. Figure 31 Wireless LAN: 802.1x/WPA for 802.1x Protocol The following table describes the labels in this screen. Table 20 Wireless LAN: 802.1x/WPA for 802.1x Protocol LABEL DESCRIPTION...
Page 96: Authentication Required: Wpa
Prestige 660H/HW Series User’s Guide Table 20 Wireless LAN: 802.1x/WPA for 802.1x Protocol (continued) LABEL DESCRIPTION Dynamic WEP Key This field is activated only when you select Authentication Required in the Exchange Wireless Port Control field. Also set the Authentication Databases field to RADIUS Only.
Page 97: Figure 32 Wireless Lan: 802.1X/Wpa For Wpa Protocol
Prestige 660H/HW Series User’s Guide Figure 32 Wireless LAN: 802.1x/WPA for WPA Protocol The following table describes the labels not previously discussed Table 21 Wireless LAN: 802.1x/WPA for WPA Protocol LABEL DESCRIPTION Key Management Choose WPA in this field. Protocol WPA Mixed Mode The Prestige can operate in WPA Mixed Mode, which supports both clients running WPA and clients running dynamic WEP key exchange with 802.1x in the...
Page 98: Authentication Required: Wpa-Psk
Prestige 660H/HW Series User’s Guide 7.12.3 Authentication Required: WPA-PSK Select Authentication Required in the Wireless Port Control field and WPA-PSK in the Key Management Protocol field to display the next screen. Figure 33 Wireless LAN: 802.1x/WPA for WPA-PSK Protocol The following table describes the labels not previously discussed. Table 22 Wireless LAN: 802.1x/WPA for WPA-PSK Protocol LABEL DESCRIPTION...
Page 99: Configuring Local User Authentication
Prestige 660H/HW Series User’s Guide 7.13 Configuring Local User Authentication By storing user profiles locally, your Prestige is able to authenticate wireless users without interacting with a network RADIUS server. However, there is a limit on the number of users you may authenticate in this way.
Page 100: Configuring Radius
Prestige 660H/HW Series User’s Guide The following table describes the fields in this screen. Table 23 Local User Database LABEL DESCRIPTION This is the index number of a local user account. Active Select this check box to enable the user profile. User Name Enter the user name of the user profile.
Page 101: Otist
Prestige 660H/HW Series User’s Guide The following table describes the fields in this screen. Table 24 RADIUS LABEL DESCRIPTION Authentication Server Active Select Yes from the drop-down list box to enable user authentication through an external authentication server. Server IP Address Enter the IP address of the external authentication server in dotted decimal notation.
Page 102: Activating Otist
Prestige 660H/HW Series User’s Guide Click Wireless LAN, OTIST to display the next screen. Figure 36 OTIST The following table describes the fields in this screen. Table 25 OTIST LABEL DESCRIPTION Enter the setup key from zero to eight ASCII characters. The default OTIST setup key is "01234567".
Page 103: Figure 37 Otist Start
Prestige 660H/HW Series User’s Guide Figure 37 OTIST Start The process takes three minutes. During this time the OTIST-enabled wireless clients search for a Prestige to associate. Figure 38 OTIST Process When the previous screen closes, your current Prestige security configuration are automatically saved to the wireless clients.
Page 104 Prestige 660H/HW Series User’s Guide Chapter 7 Wireless LAN Setup...
Page 105: Chapter 8 Wan Setup
Prestige 660H/HW Series User’s Guide H A P T E R WAN Setup This chapter describes how to configure WAN settings. 8.1 WAN Overview A WAN (Wide Area Network) is an outside connection to another network or the Internet. Chapter 3 on page 54 for more information on the fields in the WAN screens.
Page 106: Pppoe Encapsulation
Prestige 660H/HW Series User’s Guide 8.3 PPPoE Encapsulation The Prestige supports PPPoE (Point-to-Point Protocol over Ethernet). PPPoE is an IETF Draft standard (RFC 2516) specifying how a personal computer (PC) interacts with a broadband modem (DSL, cable, wireless, etc.) connection. The PPPoE option is for a dial-up connection using PPPoE.
Page 107: Zero Configuration Internet Access
Prestige 660H/HW Series User’s Guide Figure 39 Example of Traffic Shaping 8.5 Zero Configuration Internet Access Once you turn on and connect the Prestige to a telephone jack, it automatically detects the Internet connection settings (such as the VCI/VPI numbers and the encapsulation method) from the ISP and makes the necessary configuration changes.
Page 108: Figure 40 Wan Setup (Pppoe)
Prestige 660H/HW Series User’s Guide Figure 40 WAN Setup (PPPoE) The following table describes the fields in this screen. Table 26 WAN Setup LABEL DESCRIPTION Name Enter the name of your Internet Service Provider, e.g., MyISP. This information is for identification purposes only. Mode Select Routing (default) from the drop-down list box if your ISP allows multiple computers to share an Internet account.
Page 109 Prestige 660H/HW Series User’s Guide Table 26 WAN Setup (continued) LABEL DESCRIPTION Encapsulation Select the method of encapsulation used by your ISP from the drop-down list box. Choices vary depending on the mode you select in the Mode field. If you select Bridge in the Mode field, select either PPPoA or RFC 1483. If you select Routing in the Mode field, select PPPoA, RFC 1483, ENET ENCAP or PPPoE.
Page 110: Traffic Redirect
Prestige 660H/HW Series User’s Guide Table 26 WAN Setup (continued) LABEL DESCRIPTION Connect on Demand Select Connect on Demand when you don't want the connection up all the time and specify an idle time-out in the Max Idle Timeout field. Max Idle Timeout Specify an idle time-out in the Max Idle Timeout field when you select Connect on Demand.
Page 111: Configuring Wan Backup
Prestige 660H/HW Series User’s Guide Figure 41 Traffic Redirect Example The following network topology allows you to avoid triangle route security issues when the backup gateway is connected to the LAN. Use IP alias to configure the LAN into two or three logical networks with the Prestige itself as the gateway for each LAN network.
Page 112: Figure 43 Wan Backup
Prestige 660H/HW Series User’s Guide Figure 43 WAN Backup The following table describes the fields in this screen. Table 27 WAN Backup LABEL DESCRIPTION Backup Type Select the method that the Prestige uses to check the DSL connection. Select DSL Link to have the Prestige check if the connection to the DSLAM is up. Select ICMP to have the Prestige periodically ping the IP addresses configured in the Check WAN IP Address fields.
Page 113 Prestige 660H/HW Series User’s Guide Table 27 WAN Backup (continued) LABEL DESCRIPTION Timeout Type the number of seconds (3 recommended) for your Prestige to wait for a ping response from one of the IP addresses in the Check WAN IP Address field before timing out the request.
Page 114 Prestige 660H/HW Series User’s Guide Chapter 8 WAN Setup...
Page 115: Network Address Translation (Nat) Screens
Prestige 660H/HW Series User’s Guide H A P T E R Network Address Translation (NAT) Screens This chapter discusses how to configure NAT on the Prestige. 9.1 NAT Overview NAT (Network Address Translation - NAT, RFC 1631) is the translation of the IP address of a host in a packet, for example, the source address of an outgoing packet, used within one network to a different IP address known within another network.
Page 116: What Nat Does
Prestige 660H/HW Series User’s Guide 9.1.2 What NAT Does In the simplest form, NAT changes the source IP address in a packet received from a subscriber (the inside local address) to another (the inside global address) before forwarding the packet to the WAN side. When the response comes back, NAT translates the destination address (the inside global address) back to the inside local address before forwarding it to the original inside host.
Page 117: Nat Application
Prestige 660H/HW Series User’s Guide Figure 44 How NAT Works 9.1.4 NAT Application The following figure illustrates a possible NAT application, where three inside LANs (logical LANs using IP Alias) behind the Prestige can communicate with three distinct WAN networks. More examples follow at the end of this chapter. Figure 45 NAT Application With IP Alias Chapter 9 Network Address Translation (NAT) Screens...
Page 118: Nat Mapping Types
Prestige 660H/HW Series User’s Guide 9.1.5 NAT Mapping Types NAT supports five types of IP/port mapping. They are: • One to One: In One-to-One mode, the Prestige maps one local IP address to one global IP address. • Many to One: In Many-to-One mode, the Prestige maps multiple local IP addresses to one global IP address.
Page 119: Sua (Single User Account) Versus Nat
Prestige 660H/HW Series User’s Guide 9.2 SUA (Single User Account) Versus NAT SUA (Single User Account) is a ZyNOS implementation of a subset of NAT that supports two types of mapping, Many-to-One and Server. The Prestige also supports Full Feature NAT to map multiple global IP addresses to multiple private LAN IP addresses of clients or servers using mapping types as outlined in Table 29 on page...
Page 120: Configuring Servers Behind Sua (Example)
Prestige 660H/HW Series User’s Guide Table 30 Services and Port Numbers (continued) SERVICES PORT NUMBER SMTP (Simple Mail Transfer Protocol) DNS (Domain Name System) Finger HTTP (Hyper Text Transfer protocol or WWW, Web) POP3 (Post Office Protocol) NNTP (Network News Transport Protocol) SNMP (Simple Network Management Protocol) SNMP trap PPTP (Point-to-Point Tunneling Protocol)
Page 121: Configuring Sua Server
Prestige 660H/HW Series User’s Guide Figure 47 NAT Mode The following table describes the labels in this screen. Table 31 NAT Mode LABEL DESCRIPTION None Select this radio button to disable NAT. SUA Only Select this radio button if you have just one public WAN IP address for your Prestige. The Prestige uses Address Mapping Set 1 in the NAT - Edit SUA/NAT Server Set screen.
Page 122: Figure 48 Edit Sua/Nat Server Set
Prestige 660H/HW Series User’s Guide Figure 48 Edit SUA/NAT Server Set The following table describes the fields in this screen. Table 32 Edit SUA/NAT Server Set LABEL DESCRIPTION Start Port No. Enter a port number in this field. To forward only one port, enter the port number again in the End Port No. field. To forward a series of ports, enter the start port number here and the end port number in the End Port No.
Page 123: Configuring Address Mapping
Prestige 660H/HW Series User’s Guide 9.6 Configuring Address Mapping Ordering your rules is important because the Prestige applies the rules in the order that you specify. When a rule matches the current packet, the Prestige takes the corresponding action and the remaining rules are ignored. If there are any empty rules before your new configured rule, your configured rule will be pushed up by that number of empty rules.
Page 124: Editing An Address Mapping Rule
Prestige 660H/HW Series User’s Guide Table 33 Address Mapping Rules (continued) LABEL DESCRIPTION Type 1-1: One-to-one mode maps one local IP address to one global IP address. Note that port numbers do not change for the One-to-one NAT mapping type. M-1: Many-to-One mode maps multiple local IP addresses to one global IP address.
Page 125: Table 34 Address Mapping Rule Edit
Prestige 660H/HW Series User’s Guide Table 34 Address Mapping Rule Edit LABEL DESCRIPTION Type Choose the port mapping type from one of the following. • One-to-One: One-to-One mode maps one local IP address to one global IP address. Note that port numbers do not change for One-to-one NAT mapping type.
Page 126 Prestige 660H/HW Series User’s Guide Chapter 9 Network Address Translation (NAT) Screens...
Page 127: Chapter 10 Dynamic Dns Setup
Prestige 660H/HW Series User’s Guide H A P T E R Dynamic DNS Setup This chapter discusses how to configure your Prestige to use Dynamic DNS. 10.1 Dynamic DNS Dynamic DNS allows you to update your current dynamic IP address with one or many dynamic DNS services so that anyone can contact you (in NetMeeting, CU-SeeMe, etc.).
Page 128: Figure 51 Dynamic Dns
Prestige 660H/HW Series User’s Guide Figure 51 Dynamic DNS The following table describes the fields in this screen. Table 35 Dynamic DNS LABEL DESCRIPTION Active Select this check box to use dynamic DNS. Service Provider This is the name of your Dynamic DNS service provider. Host Names Type the domain name assigned to your Prestige by your Dynamic DNS provider.
Page 129: Chapter 11 Time And Date
Prestige 660H/HW Series User’s Guide H A P T E R Time and Date This screen is not available on all models. Use this screen to configure the Prestige’s time and date settings. 11.1 Configuring Time and Date To change your Prestige’s time and date, click Time And Date. The screen appears as shown. Use this screen to configure the Prestige’s time based on your local time zone.
Page 130: Table 36 Time And Date
Prestige 660H/HW Series User’s Guide Table 36 Time and Date LABEL DESCRIPTION Time Server Use Protocol when Select the time service protocol that your time server sends when you turn on the Bootup Prestige. Not all time servers support all protocols, so you may have to check with your ISP/network administrator or use trial and error to find a protocol that works.
Page 131: Chapter 12 Firewalls
Prestige 660H/HW Series User’s Guide H A P T E R Firewalls This chapter gives some background information on firewalls and introduces the Prestige firewall. 12.1 Firewall Overview Originally, the term firewall referred to a construction technique designed to prevent the spread of fire from one room to another.
Page 132: Stateful Inspection Firewalls
Prestige 660H/HW Series User’s Guide Information hiding prevents the names of internal systems from being made known via DNS to outside systems, since the application gateway is the only host whose name must be made known to outside systems. Robust authentication and logging pre-authenticates application traffic before it reaches internal hosts and causes it to be logged more effectively than if it were logged with standard host logging.
Page 133: Denial Of Service Attacks
Prestige 660H/HW Series User’s Guide 12.3.1 Denial of Service Attacks Figure 53 Prestige Firewall Application 12.4 Denial of Service Denials of Service (DoS) attacks are aimed at devices and networks with a connection to the Internet. Their goal is not to steal information, but to disable a device or network so users no longer have access to network resources.
Page 134: Types Of Dos Attacks
Prestige 660H/HW Series User’s Guide Table 37 Common IP Ports Telnet HTTP SMTP POP3 12.4.2 Types of DoS Attacks There are four types of DoS attacks: 1 Those that exploit bugs in a TCP/IP implementation. 2 Those that exploit weaknesses in the TCP/IP specification. 3 Brute-force attacks that flood a network with useless data.
Page 135: Figure 55 Syn Flood
Prestige 660H/HW Series User’s Guide Under normal circumstances, the application that initiates a session sends a SYN (synchronize) packet to the receiving server. The receiver sends back an ACK (acknowledgment) packet and its own SYN, and then the initiator responds with an ACK (acknowledgment).
Page 136: Icmp Vulnerability
Prestige 660H/HW Series User’s Guide Figure 56 Smurf Attack 12.4.2.1 ICMP Vulnerability ICMP is an error-reporting protocol that works in concert with IP. The following ICMP types trigger an alert: Table 38 ICMP Commands That Trigger Alerts REDIRECT TIMESTAMP_REQUEST TIMESTAMP_REPLY ADDRESS_MASK_REQUEST ADDRESS_MASK_REPLY 12.4.2.2 Illegal Commands (NetBIOS and SMTP)
Page 137: Traceroute
Prestige 660H/HW Series User’s Guide Table 40 Legal SMTP Commands AUTH DATA EHLO ETRN EXPN HELO HELP MAIL NOOP QUIT RCPT RSET SAML SEND SOML TURN VRFY 12.4.2.3 Traceroute Traceroute is a utility used to determine the path a packet takes between two endpoints. Sometimes when a packet filter firewall is configured incorrectly an attacker can traceroute the firewall gaining knowledge of the network topology inside the firewall.
Page 138: Stateful Inspection Process
Prestige 660H/HW Series User’s Guide Figure 57 Stateful Inspection The previous figure shows the Prestige’s default firewall rules in action as well as demonstrates how stateful inspection works. User A can initiate a Telnet session from within the LAN and responses to this request are allowed. However other Telnet traffic initiated from the WAN is blocked.
Page 139: Stateful Inspection And The Prestige
Prestige 660H/HW Series User’s Guide temporary entries might be modified, in order to permit only packets that are valid for the current state of the connection. 8 Any additional inbound or outbound packets that belong to the connection are inspected to update the state table entry and to modify the temporary inbound access list entries as required, and are forwarded through the interface.
Page 140: Udp/Icmp Security
Prestige 660H/HW Series User’s Guide When the Prestige receives any subsequent packet (from the Internet or from the LAN), its connection information is extracted and checked against the cache. A packet is only allowed to pass through if it corresponds to a valid connection (that is, if it is a response to a connection which originated on the LAN).
Page 141: Security In General
Prestige 660H/HW Series User’s Guide • Limit who can telnet into your router. • Don't enable any local service (such as SNMP or NTP) that you don't use. Any enabled service could present a potential security risk. A determined hacker might be able to find creative ways to misuse the enabled services to access the firewall or the network.
Page 142: Packet Filtering Vs Firewall
Prestige 660H/HW Series User’s Guide • Always shred confidential information, particularly about your computer, before throwing it away. Some hackers dig through the trash of companies or individuals for information that might help them in an attack. 12.7 Packet Filtering Vs Firewall Below are some comparisons between the Prestige’s filtering and firewall functions.
Page 143 Prestige 660H/HW Series User’s Guide • A range of source and destination IP addresses as well as port numbers can be specified within one firewall rule making the firewall a better choice when complex rules are required. • To selectively block/allow inbound or outbound traffic between inside host/networks and outside host/networks.
Page 144 Prestige 660H/HW Series User’s Guide Chapter 12 Firewalls...
Page 145: Firewall Configuration
Prestige 660H/HW Series User’s Guide H A P T E R Firewall Configuration This chapter shows you how to enable and configure the Prestige firewall. 13.1 Access Methods The web configurator is, by far, the most comprehensive firewall configuration tool your Prestige has to offer.
Page 146: Rule Logic Overview
Prestige 660H/HW Series User’s Guide Note: If you configure firewall rules without a good understanding of how they work, you might inadvertently introduce security risks to the firewall and to the protected network. Make sure you test your rules after you configure them. For example, you may create rules to: •...
Page 147: Key Fields For Configuring Rules
Prestige 660H/HW Series User’s Guide 4 Does a rule that allows Internet users access to resources on the LAN create a security vulnerability? For example, if FTP ports (TCP 20, 21) are allowed from the Internet to the LAN, Internet users may be able to connect to computers with running FTP servers. 5 Does this rule conflict with any existing rules? 6 Once these questions have been answered, adding rules is simply a matter of plugging the information into the correct fields in the web configurator screens.
Page 148: Lan To Wan Rules
Prestige 660H/HW Series User’s Guide 13.4.1 LAN to WAN Rules The default rule for LAN to WAN traffic is that all users on the LAN are allowed non- restricted access to the WAN. When you configure a LAN to WAN rule, you in essence want to limit some or all users from accessing certain services on the WAN.
Page 149: Alerts
Prestige 660H/HW Series User’s Guide 13.4.3 Alerts Alerts are reports on events, such as attacks, that you may want to know about right away. You can choose to generate an alert when an attack is detected in the Edit Rule screen (select the Send Alert Message to Administrator When Matched checkbox) or when a rule is matched in the Edit Rule screen (see Section 13.6.1 on page...
Page 150: Rule Summary
Prestige 660H/HW Series User’s Guide Table 41 Firewall: Default Policy (continued) LABEL DESCRIPTION Default Action Use the radio buttons to select whether to Block (silently discard) or Forward (allow the passage of) packets that are traveling in the selected direction. Select the check box to create a log (when the above action is taken) for packets that are traveling in the selected direction and do not match any of the rules below.
Page 151: Table 42 Rule Summary
Prestige 660H/HW Series User’s Guide The following table describes the labels in this screen. Table 42 Rule Summary LABEL DESCRIPTION Firewall Rules This read-only bar shows how much of the Prestige's memory for recording firewall Storage Space rules it is currently using. When you are using 80% or less of the storage space, the in Use bar is green.
Page 152: Configuring Firewall Rules
Prestige 660H/HW Series User’s Guide 13.6.1 Configuring Firewall Rules Follow these directions to create a new rule. 1 In the Rule Summary screen, type the index number for where you want to put the rule. For example, if you type “6”, your new rule becomes number 6 and the previous rule 6 (if there is one) becomes rule 7.
Page 153: Figure 62 Firewall: Edit Rule
Prestige 660H/HW Series User’s Guide Figure 62 Firewall: Edit Rule Chapter 13 Firewall Configuration...
Page 154: Table 43 Firewall: Edit Rule
Prestige 660H/HW Series User’s Guide The following table describes the labels in this screen. Table 43 Firewall: Edit Rule LABEL DESCRIPTION Active Select this option to enable this firewall rule. Action for Matched Use the radio button to select whether to discard (Block) or allow the passage of Packet (Forward) packets that match this rule.
Page 155: Customized Services
Prestige 660H/HW Series User’s Guide 13.7 Customized Services Configure customized services and port numbers not predefined by the Prestige. For a comprehensive list of port numbers and services, visit the IANA (Internet Assigned Number Authority) website. For further information on these services, please read Section 13.10 on page 159.
Page 156: Example Firewall Rule
Prestige 660H/HW Series User’s Guide Figure 64 Firewall: Configure Customized Services The following table describes the labels in this screen. Table 45 Firewall: Configure Customized Services LABEL DESCRIPTION Service Name Type a unique name for your custom port. Service Type Choose the IP port (TCP, UDP or TCP/UDP) that defines your customized port from the drop down list box.
Page 157: Figure 65 Firewall Example: Rule Summary
Prestige 660H/HW Series User’s Guide Figure 65 Firewall Example: Rule Summary 3 In the Rule Summary screen, type the index number for where you want to put the rule. For example, if you type “6”, your new rule becomes number 6 and the previous rule 6 (if there is one) becomes rule 7.
Page 158: Figure 66 Firewall Example: Edit Rule: Destination Address
Prestige 660H/HW Series User’s Guide Figure 66 Firewall Example: Edit Rule: Destination Address 7 In the Edit Rule screen, click the Customized Services link to open the Customized Service screen. 8 Click an index number to display the Customized Services -Config screen and configure the screen as follows and click Apply.
Page 159: Figure 68 Firewall Example: Edit Rule: Select Customized Services
Prestige 660H/HW Series User’s Guide Figure 68 Firewall Example: Edit Rule: Select Customized Services Note: Custom ports show up with an “*” before their names in the Services list box and the Rule Summary list box. Click Apply after you’ve created your custom port.
Page 160: Predefined Services
Prestige 660H/HW Series User’s Guide Rule 2 allows a “My Service” connection from the WAN to IP addresses 10.0.0.10 through 10.0.0.15 on the LAN. Figure 69 Firewall Example: Rule Summary: My Service 13.10 Predefined Services The Available Services list box in the Edit Rule screen (see Section 13.6.1 on page 151) displays all predefined services that the Prestige already supports.
Page 161 Prestige 660H/HW Series User’s Guide Table 46 Predefined Services (continued) SERVICE DESCRIPTION CU-SEEME(TCP/UDP:7648, A popular videoconferencing solution from White Pines Software. 24032) DNS(UDP/TCP:53) Domain Name Server, a service that matches web names (e.g. ) to IP numbers. www.zyxel.com FINGER(TCP:79) Finger is a UNIX or Internet related command that can be used to find out if a user is logged on.
Page 162: Anti-Probing
Prestige 660H/HW Series User’s Guide Table 46 Predefined Services (continued) SERVICE DESCRIPTION SMTP(TCP:25) Simple Mail Transfer Protocol is the message-exchange standard for the Internet. SMTP enables you to move messages from one e-mail server to another. SNMP(TCP/UDP:161) Simple Network Management Program. SNMP-TRAPS (TCP/ Traps for use with the SNMP (RFC:1215).
Page 163: Configuring Attack Alert
Prestige 660H/HW Series User’s Guide Figure 70 Firewall: Anti Probing The following table describes the labels in this screen. Table 47 Firewall: Anti Probing LABEL DESCRIPTION Respond to PING The Prestige does not respond to any incoming Ping requests when Disable is selected.
Page 164: Threshold Values
Prestige 660H/HW Series User’s Guide 13.12.1 Threshold Values Tune these parameters when something is not working and after you have checked the firewall counters. These default values should work fine for most small offices. Factors influencing choices for threshold values are: •...
Page 165: Figure 71 Firewall: Threshold
Prestige 660H/HW Series User’s Guide Whenever the number of half-open sessions with the same destination host address rises above a threshold (TCP Maximum Incomplete), the Prestige starts deleting half-open sessions according to one of the following methods: • If the Blocking Time timeout is 0 (the default), then the Prestige deletes the oldest existing half-open session for the host for every new connection request to the host.
Page 166 Prestige 660H/HW Series User’s Guide Table 48 Firewall: Threshold (continued) LABEL DESCRIPTION DEFAULT VALUES One Minute High This is the rate of new half-open sessions that 100 half-open sessions per minute. causes the firewall to start deleting half-open The above numbers cause the sessions.
Page 167: Chapter 14 Content Filtering
Prestige 660H/HW Series User’s Guide H A P T E R Content Filtering This chapter covers how to configure content filtering. 14.1 Content Filtering Overview Internet content filtering allows you to create and enforce Internet access policies tailored to your needs. Content filtering gives you the ability to block web sites that contain key words (that you specify) in the URL.
Page 168: Configuring The Schedule
Prestige 660H/HW Series User’s Guide The following table describes the labels in this screen. Table 49 Content Filter: Keyword LABEL DESCRIPTION Enable Keyword Blocking Select this check box to enable this feature. Block Websites that contain This box contains the list of all the keywords that you have configured the these keywords in the URL: Prestige to block.
Page 169: Configuring Trusted Computers
Prestige 660H/HW Series User’s Guide The following table describes the labels in this screen. Table 50 Content Filter: Schedule LABEL DESCRIPTION Days to Block: Select a check box to configure which days of the week (or everyday) you want the content filtering to be active.
Page 170 Prestige 660H/HW Series User’s Guide Chapter 14 Content Filtering...
Page 171: Remote Management Configuration
Prestige 660H/HW Series User’s Guide H A P T E R Remote Management Configuration This chapter provides information on configuring remote management. 15.1 Remote Management Overview Remote management allows you to determine which services/protocols can access which Prestige interface (if any) from which computers. When you configure remote management to allow management from the WAN, you still need to configure a firewall rule to allow access.
Page 172: Remote Management And Nat
Prestige 660H/HW Series User’s Guide • A filter in SMT menu 3.1 (LAN) or in menu 11.5 (WAN) is applied to block a Telnet, FTP or Web service. • You have disabled that service in one of the remote management screens. •...
Page 173: Web
Prestige 660H/HW Series User’s Guide 15.4 Web You can use the Prestige’s embedded web configurator for configuration and file management. See the online help for details. 15.5 Configuring Remote Management Click Remote Management to open the following screen. Figure 76 Remote Management The following table describes the fields in this screen.
Page 174 Prestige 660H/HW Series User’s Guide Chapter 15 Remote Management Configuration...
Page 175: Universal Plug-And-Play (Upnp)
Prestige 660H/HW Series User’s Guide H A P T E R Universal Plug-and-Play (UPnP) This chapter introduces the UPnP feature in the web configurator. 16.1 Introducing Universal Plug and Play Universal Plug and Play (UPnP) is a distributed, open networking standard that uses TCP/IP for simple peer-to-peer network connectivity between devices.
Page 176: Upnp And Zyxel
Prestige 660H/HW Series User’s Guide All UPnP-enabled devices may communicate freely with each other without additional configuration. Disable UPnP if this is not your intention. 16.2 UPnP and ZyXEL ZyXEL has achieved UPnP certification from the Universal Plug and Play Forum Creates UPnP™...
Page 177: Installing Upnp In Windows Example
Prestige 660H/HW Series User’s Guide Table 53 Configuring UPnP LABEL DESCRIPTION Enable the Universal Plug Select this checkbox to activate UPnP. Be aware that anyone could use and Play (UPnP) Service a UPnP application to open the web configurator's login screen without entering the Prestige's IP address (although you must still enter the password to access the web configurator).
Page 178: Figure 78 Add/Remove Programs: Windows Setup: Communication
Prestige 660H/HW Series User’s Guide Figure 78 Add/Remove Programs: Windows Setup: Communication 3 In the Communications window, select the Universal Plug and Play check box in the Components selection box. Figure 79 Add/Remove Programs: Windows Setup: Communication: Components 4 Click OK to go back to the Add/Remove Programs Properties window and click Next. 5 Restart the computer when prompted.
Page 179: Figure 80 Network Connections
Prestige 660H/HW Series User’s Guide Installing UPnP in Windows XP Follow the steps below to install the UPnP in Windows XP. 1 Click Start and Control Panel. 2 Double-click Network Connections. 3 In the Network Connections window, click Advanced in the main menu and select Optional Networking Components ….
Page 180: Figure 81 Windows Optional Networking Components Wizard
Prestige 660H/HW Series User’s Guide Figure 81 Windows Optional Networking Components Wizard 5 In the Networking Services window, select the Universal Plug and Play check box. Chapter 16 Universal Plug-and-Play (UPnP)
Page 181: Using Upnp In Windows Xp Example
Prestige 660H/HW Series User’s Guide Figure 82 Networking Services 6 Click OK to go back to the Windows Optional Networking Component Wizard window and click Next. 16.4 Using UPnP in Windows XP Example This section shows you how to use the UPnP feature in Windows XP. You must already have UPnP installed in Windows XP and UPnP activated on the Prestige.
Page 182: Figure 83 Network Connections
Prestige 660H/HW Series User’s Guide Figure 83 Network Connections 3 In the Internet Connection Properties window, click Settings to see the port mappings there were automatically created. Chapter 16 Universal Plug-and-Play (UPnP)
Page 183: Figure 84 Internet Connection Properties
Prestige 660H/HW Series User’s Guide Figure 84 Internet Connection Properties 4 You may edit or delete the port mappings or click Add to manually add port mappings. Chapter 16 Universal Plug-and-Play (UPnP)
Page 184: Figure 85 Internet Connection Properties: Advanced Settings
Prestige 660H/HW Series User’s Guide Figure 85 Internet Connection Properties: Advanced Settings Figure 86 Internet Connection Properties: Advanced Settings: Add 5 When the UPnP-enabled device is disconnected from your computer, all port mappings will be deleted automatically. 6 Select Show icon in notification area when connected option and click OK. An icon displays in the system tray.
Page 185: Figure 87 System Tray Icon
Prestige 660H/HW Series User’s Guide Figure 87 System Tray Icon 7 Double-click on the icon to display your current Internet connection status. Figure 88 Internet Connection Status Web Configurator Easy Access With UPnP, you can access the web-based configurator on the Prestige without finding out the IP address of the Prestige first.
Page 186: Figure 89 Network Connections
Prestige 660H/HW Series User’s Guide Figure 89 Network Connections 4 An icon with the description for each UPnP-enabled device displays under Local Network. 5 Right-click on the icon for your Prestige and select Invoke. The web configurator login screen displays. Chapter 16 Universal Plug-and-Play (UPnP)
Page 187: Figure 90 Network Connections: My Network Places
Prestige 660H/HW Series User’s Guide Figure 90 Network Connections: My Network Places 6 Right-click on the icon for your Prestige and select Properties. A properties window displays with basic information about the Prestige. Figure 91 Network Connections: My Network Places: Properties: Example Chapter 16 Universal Plug-and-Play (UPnP)
Page 188 Prestige 660H/HW Series User’s Guide Chapter 16 Universal Plug-and-Play (UPnP)
Page 189: Chapter 17 Logs Screens
Prestige 660H/HW Series User’s Guide H A P T E R Logs Screens This chapter contains information about configuring general log settings and viewing the Prestige’s logs. Refer to the appendix for example log message explanations. 17.1 Logs Overview The web configurator allows you to choose which categories of events and/or alerts to have the Prestige log and then display the logs or have the Prestige send them to an administrator (as e-mail) or to a syslog server.
Page 190: Figure 92 Log Settings
Prestige 660H/HW Series User’s Guide Figure 92 Log Settings The following table describes the fields in this screen. Table 54 Log Settings LABEL DESCRIPTION Address Info Mail Server Enter the server name or the IP address of the mail server for the e-mail addresses specified below.
Page 191: Displaying The Logs
Prestige 660H/HW Series User’s Guide Table 54 Log Settings LABEL DESCRIPTION UNIX Syslog Syslog logging sends a log to an external syslog server used to store logs. Active Click Active to enable syslog logging. Syslog IP Enter the server name or IP address of the syslog server that will log the selected Address categories of logs.
Page 192: Smtp Error Messages
Prestige 660H/HW Series User’s Guide Figure 93 View Logs The following table describes the fields in this screen. Table 55 View Logs LABEL DESCRIPTION Display The categories that you select in the Log Settings screen (see Section 17.2 on page 188) display in the drop-down list box.
Page 193: Example E-Mail Log
Prestige 660H/HW Series User’s Guide Table 56 SMTP Error Messages -5 means MAIL FROM fail -6 means RCPT TO fail -7 means DATA fail -8 means mail data send fail 17.4.1 Example E-mail Log An "End of Log" message displays for each mail in which a complete log has been sent. The following is an example of a log sent by e-mail.
Page 194 Prestige 660H/HW Series User’s Guide Chapter 17 Logs Screens...
Page 195: Media Bandwidth Management Advanced Setup
Prestige 660H/HW Series User’s Guide H A P T E R Media Bandwidth Management Advanced Setup This chapter describes the functions and advanced configuration of bandwidth management. 18.1 Bandwidth Management Advanced Setup Overview Bandwidth management allows you to allocate an interface’s outgoing capacity to specific types of traffic.
Page 196: Proportional Bandwidth Allocation
Prestige 660H/HW Series User’s Guide you configure child-classes with filters for any classes that you configure without filters. The Prestige leaves the bandwidth budget allocated and unused for a class that does not have a filter itself or child-classes with filters. View your configured bandwidth classes and child- classes in the Class Setup screen (see Section 18.9 on page 202 for details).
Page 197: Application And Subnet-Based Bandwidth Management Example
Prestige 660H/HW Series User’s Guide Figure 96 Subnet-based Bandwidth Management Example 18.4.3 Application and Subnet-based Bandwidth Management Example The following example uses bandwidth classes based on LAN subnets and applications (specific applications in each subnet are allotted bandwidth). Table 57 Application and Subnet-based Bandwidth Management Example TRAFFIC TYPE FROM SUBNET A FROM SUBNET B...
Page 198: Scheduler
Prestige 660H/HW Series User’s Guide 18.5 Scheduler The scheduler divides up an interface’s bandwidth among the bandwidth classes. The Prestige has two types of scheduler: fairness-based and priority-based. 18.5.1 Priority-based Scheduler With the priority-based scheduler, the Prestige forwards traffic from bandwidth classes according to the priorities that you assign to the bandwidth classes.
Page 199: Maximize Bandwidth Usage Example
Prestige 660H/HW Series User’s Guide 18.6.2 Maximize Bandwidth Usage Example Here is an example of a Prestige that has maximized bandwidth usage enabled on an interface. The first figure shows each bandwidth class’s bandwidth budget and priority. The classes are set up based on subnets.
Page 200: Bandwidth Borrowing
Prestige 660H/HW Series User’s Guide Figure 99 Maximize Bandwidth Usage Example 18.7 Bandwidth Borrowing Bandwidth borrowing allows a child-class to borrow unused bandwidth from its parent class, whereas maximize bandwidth usage allows bandwidth classes to borrow any unused or unbudgeted bandwidth on the whole interface. Enable bandwidth borrowing on a child-class to allow the child-class to use its parent class’s unused bandwidth.
Page 201: Maximize Bandwidth Usage With Bandwidth Borrowing
Prestige 660H/HW Series User’s Guide Figure 100 Bandwidth Borrowing Example • The Administration and Sales classes cannot borrow unused bandwidth from the Root class because the Administration and Sales classes has bandwidth borrowing disabled. • The Marketing and R&D classes can both borrow unused bandwidth from the Root class because the Marketing and R&D classes both have bandwidth borrowing enabled.
Page 202: Figure 101 Media Bandwidth Management: Summary
Prestige 660H/HW Series User’s Guide Figure 101 Media Bandwidth Management: Summary The following table describes the labels in this screen. Table 58 Media Bandwidth Management: Summary LABEL DESCRIPTION These read-only labels represent the physical interfaces. Select an interface’s check box WLAN to enable bandwidth management on that interface.
Page 203: Configuring Class Setup
Prestige 660H/HW Series User’s Guide 18.9 Configuring Class Setup The class setup screen displays the configured bandwidth classes by individual interface. Select an interface and click the buttons to perform the actions described next. Click “+” to expand the class tree or click “-“ to collapse the class tree. Each interface has a permanent root class.
Page 204: Media Bandwidth Management Class Configuration
Prestige 660H/HW Series User’s Guide 18.9.1 Media Bandwidth Management Class Configuration Configure a bandwidth management class in the Class Configuration screen. You must use the Media Bandwidth Management - Summary screen to enable bandwidth management on an interface before you can configure classes for that interface. To add a child class, click Media Bandwidth Management, then Class Setup.
Page 205 Prestige 660H/HW Series User’s Guide Table 60 Media Bandwidth Management: Class Configuration (continued) LABEL DESCRIPTION Borrow bandwidth Select this option to allow a child-class to borrow bandwidth from its parent class from parent class if the parent class is not using up its bandwidth budget. Bandwidth borrowing is governed by the priority of the child-classes.
Page 206: Media Bandwidth Management Statistics
Prestige 660H/HW Series User’s Guide Table 60 Media Bandwidth Management: Class Configuration (continued) LABEL DESCRIPTION Apply Click Apply to save your changes back to the Prestige. Cancel Click Cancel to begin configuring this screen afresh. Table 61 Services and Port Numbers SERVICES PORT NUMBER ECHO...
Page 207: Bandwidth Monitor
Prestige 660H/HW Series User’s Guide Figure 104 Media Bandwidth Management Statistics The following table describes the labels in this screen. Table 62 Media Bandwidth Management Statistics LABEL DESCRIPTION Class Name This field displays the name of the class the statistics page is showing. Budget (kbps) This field displays the amount of bandwidth allocated to the class.
Page 208: Figure 105 Media Bandwidth Management: Monitor
Prestige 660H/HW Series User’s Guide Figure 105 Media Bandwidth Management: Monitor The following table describes the labels in this screen. Table 63 Media Bandwidth Management: Monitor LABEL DESCRIPTION Interface Select an interface from the drop-down list box to view the bandwidth usage of its bandwidth classes.
Page 209: Chapter 19 Maintenance
Prestige 660H/HW Series User’s Guide H A P T E R Maintenance This chapter displays system information such as ZyNOS firmware, port IP addresses and port traffic statistics. 19.1 Maintenance Overview The maintenance screens can help you view system information, upload new firmware, manage configuration and restart your Prestige.
Page 210: Figure 106 System Status
Prestige 660H/HW Series User’s Guide Figure 106 System Status The following table describes the fields in this screen. Table 64 System Status LABEL DESCRIPTION System Status System Name This is the name of your Prestige. It is for identification purposes. Chapter 19 Maintenance...
Page 211: System Statistics
Prestige 660H/HW Series User’s Guide Table 64 System Status (continued) LABEL DESCRIPTION ZyNOS Firmware This is the ZyNOS firmware version and the date created. ZyNOS is ZyXEL's Version proprietary Network Operating System design. DSL FW Version This is the DSL firmware version associated with your Prestige. Standard This is the standard that your Prestige is using.
Page 212: Figure 107 System Status: Show Statistics
Prestige 660H/HW Series User’s Guide Figure 107 System Status: Show Statistics The following table describes the fields in this screen. Table 65 System Status: Show Statistics LABEL DESCRIPTION System up Time This is the elapsed time the system has been up. CPU Load This field specifies the percentage of CPU utilization.
Page 213: Dhcp Table Screen
Prestige 660H/HW Series User’s Guide Table 65 System Status: Show Statistics (continued) LABEL DESCRIPTION Poll Interval(s) Type the time interval for the browser to refresh system statistics. Set Interval Click this button to apply the new poll interval you entered in the Poll Interval field above.
Page 214: Any Ip Table Screen
Prestige 660H/HW Series User’s Guide 19.4 Any IP Table Screen Click Maintenance, Any IP. The Any IP table shows current read-only information (including the IP address and the MAC address) of all network devices that use the Any IP feature to communicate with the Prestige. Refer to Section 6.5 on page 75 for more information.
Page 215: Diagnostic Screens
Prestige 660H/HW Series User’s Guide Figure 110 Association List The following table describes the fields in this screen. Table 68 Association List LABEL DESCRIPTION This is the index number of an associated wireless station. MAC Address This field displays the MAC (Media Access Control) address of an associated wireless station.
Page 216: Diagnostic Dsl Line Screen
Prestige 660H/HW Series User’s Guide Figure 111 Diagnostic: General The following table describes the fields in this screen. Table 69 Diagnostic: General LABEL DESCRIPTION TCP/IP Type the IP address of a computer that you want to ping in order to test a connection. Address Ping Click this button to ping the IP address that you entered.
Page 217: Figure 112 Diagnostic: Dsl Line
Prestige 660H/HW Series User’s Guide Figure 112 Diagnostic: DSL Line The following table describes the fields in this screen. Table 70 Diagnostic: DSL Line LABEL DESCRIPTION Reset ADSL Click this button to reinitialize the ADSL line. The large text box above then displays Line the progress and results of this operation, for example: "Start to reset ADSL...
Page 218: Firmware Screen
Prestige 660H/HW Series User’s Guide 19.7 Firmware Screen Find firmware at www.zyxel.com in a file that (usually) uses the system model name with a .bin extension, for example, "Prestige.bin". The upload process uses HTTP (Hypertext Transfer Protocol) and may take up to two minutes. After a successful upload, the system will reboot.
Page 219: Figure 114 Network Temporarily Disconnected
Prestige 660H/HW Series User’s Guide The Prestige automatically restarts in this time causing a temporary network disconnect. In some operating systems, you may see the following icon on your desktop. Figure 114 Network Temporarily Disconnected After two minutes, log in again and check your new firmware version in the System Status screen.
Page 220 Prestige 660H/HW Series User’s Guide Chapter 19 Maintenance...
Page 221: Chapter 20 Introducing The Smt
Prestige 660H/HW Series User’s Guide H A P T E R Introducing the SMT This chapter explains how to access and navigate the System Management Terminal and gives an overview of its menus. 20.1 SMT Introduction The Prestige’s SMT (System Management Terminal) is a menu-driven interface that you can access from a terminal emulator over a telnet connection.
Page 222: Prestige Smt Menu Overview
Prestige 660H/HW Series User’s Guide Figure 116 Login Screen Enter Password : **** 20.1.3 Prestige SMT Menu Overview We use the Prestige 660HW-61 SMT menus in this guide as an example. The SMT menus vary slightly for different Prestige models. The following figure gives you an overview of the various SMT menu screens of your Pres- tige.
Page 223: Table 72 Navigating The Smt Interface
[ENTER] to exit the SMT interface. After you enter the password, the SMT displays the main menu, as shown next. Table 73 SMT Main Menu Copyright (c) 1994 - 2004 ZyXEL Communications Corp. Prestige 660HW-61 Main Menu Getting Started Advanced Management 1.
Page 224: System Management Terminal Interface Summary
Prestige 660H/HW Series User’s Guide 20.2.1 System Management Terminal Interface Summary Table 74 Main Menu Summary MENU TITLE DESCRIPTION General Setup Use this menu to set up your general information. WAN Backup Setup Use this menu to setup traffic redirect and dial-back up. LAN Setup Use this menu to set up your wireless LAN and LAN connection.
Page 225: Figure 118 Menu 23.1 Change Password
Prestige 660H/HW Series User’s Guide Figure 118 Menu 23.1 Change Password Menu 23.1 - System Security - Change Password Old Password= ? New Password= ? Retype to confirm= ? Enter here to CONFIRM or ESC to CANCEL: 4 Type your new system password in the New Password field (up to 30 characters), and press [ENTER].
Page 226 Prestige 660H/HW Series User’s Guide Chapter 20 Introducing the SMT...
Page 227: Chapter 21 Menu 1 General Setup
Prestige 660H/HW Series User’s Guide H A P T E R Menu 1 General Setup Menu 1 - General Setup contains administrative and system-related information. 21.1 General Setup Menu 1 — General Setup contains administrative and system-related information (shown next). The System Name field is for identification purposes. However, because some ISPs check this name you should enter your computer's "Computer Name".
Page 228: Procedure To Configure Dynamic Dns
Prestige 660H/HW Series User’s Guide Figure 119 Menu 1 General Setup Menu 1 General Setup System Name= ? Location= Contact Person's Name= Domain Name= Edit Dynamic DNS= No Route IP= Yes Bridge= No Press ENTER to Confirm or ESC to Cancel: Fill in the required fields.
Page 229: Figure 120 Menu 1.1 Configure Dynamic Dns
Prestige 660H/HW Series User’s Guide Figure 120 Menu 1.1 Configure Dynamic DNS Menu 1.1 - Configure Dynamic DNS Service Provider= WWW.DynDNS.ORG Active= No Host= EMAIL= USER= Password= ******** Enable Wildcard= No Press ENTER to Confirm or ESC to Cancel: Follow the instructions in the next table to configure dynamic DNS parameters. Table 76 Menu 1.1 Configure Dynamic DNS FIELD DESCRIPTION...
Page 230 Prestige 660H/HW Series User’s Guide Chapter 21 Menu 1 General Setup...
Page 231: Menu 2 Wan Backup Setup
Prestige 660H/HW Series User’s Guide H A P T E R Menu 2 WAN Backup Setup This chapter describes how to configure traffic redirect and dial-backup using menu 2 and 2.1. 22.1 Introduction to WAN Backup Setup This chapter explains how to configure the Prestige for traffic redirect and dial backup connections.
Page 232: Traffic Redirect Setup
Prestige 660H/HW Series User’s Guide Table 77 Menu 2 WAN Backup Setup (continued) FIELD DESCRIPTION KeepAlive Fail Type the number of times (2 recommended) that your Prestige may ping the IP Tolerance addresses configured in the Check WAN IP Address field without getting a response before switching to a WAN backup connection (or a different WAN backup connection).
Page 233 Prestige 660H/HW Series User’s Guide Table 78 Menu 2.1Traffic Redirect Setup FIELD DESCRIPTION Metric This field sets this route's priority among the routes the Prestige uses. The metric represents the "cost of transmission". A router determines the best route for transmission by choosing a path with the lowest "cost". RIP routing uses hop count as the measurement of cost, with a minimum of "1"...
Page 234 Prestige 660H/HW Series User’s Guide Chapter 22 Menu 2 WAN Backup Setup...
Page 235: Chapter 23 Menu 3 Lan Setup
Prestige 660H/HW Series User’s Guide H A P T E R Menu 3 LAN Setup This chapter covers how to configure your wired Local Area Network (LAN) settings. 23.1 LAN Setup This section describes how to configure the Ethernet using Menu 3 — LAN Setup. From the main menu, enter 3 to display menu 3.
Page 236: Protocol Dependent Ethernet Setup
Prestige 660H/HW Series User’s Guide 23.2 Protocol Dependent Ethernet Setup Depending on the protocols for your applications, you need to configure the respective Ethernet Setup, as outlined below. • For TCP/IP Ethernet setup refer to Section 25.6 on page 245. •...
Page 237: Table 79 Dhcp Ethernet Setup
Prestige 660H/HW Series User’s Guide Follow the instructions in the following table on how to configure the DHCP fields. Table 79 DHCP Ethernet Setup FIELD DESCRIPTION DHCP Setup DHCP If set to Server, your Prestige can assign IP addresses, an IP default gateway and DNS servers to Windows 95, Windows NT and other systems that support the DHCP client.
Page 238 Prestige 660H/HW Series User’s Guide Chapter 23 Menu 3 LAN Setup...
Page 239: Chapter 24 Wireless Lan Setup
Prestige 660H/HW Series User’s Guide H A P T E R Wireless LAN Setup This chapter covers how to configure wireless LAN settings in SMT menu 3.5. 24.1 Wireless LAN Overview Refer to the chapter on the wireless LAN screens for wireless LAN background information. 24.2 Wireless LAN Setup Use menu 3.5 to set up your Prestige as the wireless access point.
Page 240: Wireless Lan Mac Address Filter
Prestige 660H/HW Series User’s Guide Table 81 Menu 3.5 - Wireless LAN Setup (continued) FIELD DESCRIPTION Channel ID Press [SPACE BAR] to select a channel. This allows you to set the operating frequency/ channel depending on your particular region. RTS(Request To Send) threshold (number of bytes) enables RTS/CTS handshake. Data Threshold with its frame size larger than this value will perform the RTS/CTS handshake.
Page 241: Figure 127 Menu 3.5.1 Wlan Mac Address Filtering
Prestige 660H/HW Series User’s Guide Figure 127 Menu 3.5.1 WLAN MAC Address Filtering Menu 3.5.1 - WLAN MAC Address Filter Active= No Filter Action= Allowed Association -------------------------------------------------------------------------- 00:00:00:00:00:00 00:00:00:00:00:00 00:00:00:00:00:00 00:00:00:00:00:00 00:00:00:00:00:00 00:00:00:00:00:00 00:00:00:00:00:00 00:00:00:00:00:00 00:00:00:00:00:00 00:00:00:00:00:00 00:00:00:00:00:00 00:00:00:00:00:00 00:00:00:00:00:00 00:00:00:00:00:00 00:00:00:00:00:00 00:00:00:00:00:00...
Page 242 Prestige 660H/HW Series User’s Guide Chapter 24 Wireless LAN Setup...
Page 243: Chapter 25 Internet Access
Prestige 660H/HW Series User’s Guide H A P T E R Internet Access This chapter shows you how to configure the LAN and WAN of your Prestige for Internet access 25.1 Internet Access Overview Refer to the chapters on the web configurator’s wizard, LAN and WAN screens for more background information on fields in the SMT screens covered in this chapter.
Page 244: Ip Alias Setup
Prestige 660H/HW Series User’s Guide Figure 128 IP Alias Network Example Use menu 3.2.1 to configure IP Alias on your Prestige. 25.4 IP Alias Setup Use menu 3.2 to configure the first network. Move the cursor to Edit IP Alias field and press [SPACEBAR] to choose Yes and press [ENTER] to configure the second and third network.
Page 245: Route Ip Setup
Prestige 660H/HW Series User’s Guide Figure 130 Menu 3.2.1 IP Alias Setup Menu 3.2.1 - IP Alias Setup IP Alias 1= No IP Address= N/A IP Subnet Mask= N/A RIP Direction= N/A Version= N/A Incoming protocol filters= N/A Outgoing protocol filters= N/A IP Alias 2= No IP Address= N/A IP Subnet Mask= N/A...
Page 246: Internet Access Configuration
Prestige 660H/HW Series User’s Guide Figure 131 Menu 1 General Setup Menu 1 - General Setup System Name= ? Location= location Contact Person's Name= Domain Name= Edit Dynamic DNS= No Route IP= Yes Bridge= No Press ENTER to Confirm or ESC to Cancel: 25.6 Internet Access Configuration Menu 4 allows you to enter the Internet Access information in one screen.
Page 247: Table 84 Menu 4 Internet Access Setup
Prestige 660H/HW Series User’s Guide Menu 4 Internet Access Setup Table 84 FIELD DESCRIPTION ISP’s Name Enter the name of your Internet Service Provider (ISP). This information is for identification purposes only. SPACE BAR Encapsulation Press [ ] to select the method of encapsulation used by your ISP. Choices are PPPoE, PPPoA, RFC 1483 or ENET ENCAP.
Page 248 Prestige 660H/HW Series User’s Guide Chapter 25 Internet Access...
Page 249: Remote Node Configuration
Prestige 660H/HW Series User’s Guide H A P T E R Remote Node Configuration This chapter covers remote node configuration. 26.1 Remote Node Setup Overview This section describes the protocol-independent parameters for a remote node. A remote node is required for placing calls to a remote gateway. A remote node represents both the remote gateway and the network behind it across a WAN connection.
Page 250: Encapsulation And Multiplexing Scenarios
Prestige 660H/HW Series User’s Guide Figure 133 Menu 11 Remote Node Setup Menu 11 - Remote Node Setup 1. MyISP (ISP, SUA) 2. ________ 3. ________ 4. ________ 5. ________ 6. ________ 7. ________ 8. ________ Enter Node # to Edit: 26.2.2 Encapsulation and Multiplexing Scenarios For Internet access you should use the encapsulation and multiplexing methods used by your ISP.
Page 251: Figure 134 Menu 11.1 Remote Node Profile
Prestige 660H/HW Series User’s Guide Figure 134 Menu 11.1 Remote Node Profile Menu 11.1 - Remote Node Profile Rem Node Name= MyISP Route= IP Active= Yes Bridge= No Encapsulation= RFC 1483 Edit IP/Bridge= No Multiplexing= LLC-based Edit ATM Options= No Service Name= N/A Edit Advance Options= N/A Incoming:...
Page 252: Outgoing Authentication Protocol
Prestige 660H/HW Series User’s Guide Table 85 Menu 11.1 Remote Node Profile (continued) FIELD DESCRIPTION PAP – accept PAP (Password Authentication Protocol) only. Route This field determines the protocol used in routing. Options are IP and None. Bridge When bridging is enabled, your Prestige will forward any packet that it does not route to this remote node;...
Page 253: Remote Node Network Layer Options
Prestige 660H/HW Series User’s Guide 26.3 Remote Node Network Layer Options For the TCP/IP parameters, perform the following steps to edit Menu 11.3 – Remote Node Network Layer Options as shown next. 1 In menu 11.1, make sure IP is among the protocols in the Route field. 2 Move the cursor to the Edit IP/Bridge field, press [SPACE BAR] to select Yes, then press [ENTER] to display Menu 11.3 –...
Page 254: My Wan Addr Sample Ip Addresses
Prestige 660H/HW Series User’s Guide Table 86 Menu 11.3 Remote Node Network Layer Options (continued) FIELD DESCRIPTION Address When Full Feature is selected in the NAT field, configure address mapping sets in Mapping Set menu 15.1. Select one of the NAT server sets (2-10) in menu 15.2 (see Chapter 29 on page 266 for details) and type that number here.
Page 255: Remote Node Filter
Prestige 660H/HW Series User’s Guide Figure 136 Sample IP Addresses for a TCP/IP LAN-to-LAN Connection 26.4 Remote Node Filter Move the cursor to the Edit Filter Sets field in menu 11.1, then press [SPACE BAR] to select Yes. Press [ENTER] to display Menu 11.5 – Remote Node Filter. Use Menu 11.5 –...
Page 256: Editing Atm Layer Options
Prestige 660H/HW Series User’s Guide Figure 138 Menu 11.5 Remote Node Filter (PPPoA or PPPoE Encapsulation) Menu 11.5 - Remote Node Filter Input Filter Sets: protocol filters= device filters= Output Filter Sets: protocol filters= device filters= Call Filter Sets: protocol filters= device filters= Enter here to CONFIRM or ESC to CANCEL: 26.5 Editing ATM Layer Options...
Page 257: Advance Setup Options
Prestige 660H/HW Series User’s Guide Figure 140 Menu 11.6 for LLC-based Multiplexing or PPP Encapsulation Menu 11.6 - Remote Node ATM Layer Options VPI/VCI (LLC-Multiplexing or PPP-Encapsulation) VPI #= 0 VCI #= 38 ATM QoS Type= UBR Peak Cell Rate (PCR)= 0 Sustain Cell Rate (SCR)= 0 Maximum Burst Size (MBS)= 0 ENTER here to CONFIRM or ESC to CANCEL:...
Page 258: Figure 142 Menu 11.8 Advance Setup Options
Prestige 660H/HW Series User’s Guide Figure 142 Menu 11.8 Advance Setup Options Menu 11.8 - Advance Setup Options PPPoE pass-through= No Press ENTER to Confirm or ESC to Cancel: The following table describes the fields in this menu. Table 87 Menu 11.8 Advance Setup Options FIELD DESCRIPTION PPPoE pass-through...
Page 259: Chapter 27 Static Route Setup
Prestige 660H/HW Series User’s Guide H A P T E R Static Route Setup This chapter shows how to setup IP static routes. 27.1 IP Static Route Overview Static routes tell the Prestige routing information that it cannot learn automatically through other means.
Page 260: Figure 144 Menu 12 Static Route Setup
Prestige 660H/HW Series User’s Guide Figure 144 Menu 12 Static Route Setup Menu 12 - Static Route Setup 1. IP Static Route 3. Bridge Static Route Please enter selection: From menu 12, select 1 to open Menu 12.1 — IP Static Route Setup (shown next). Figure 145 Menu 12.1 IP Static Route Setup Menu 12.1 - IP Static Route Setup 1.
Page 261: Table 88 Menu12.1.1 Edit Ip Static Route
Prestige 660H/HW Series User’s Guide The following table describes the fields for Menu 12.1.1 – Edit IP Static Route Setup. Table 88 Menu12.1.1 Edit IP Static Route FIELD DESCRIPTION Route # This is the index number of the static route that you chose in menu 12.1. Route Name Type a descriptive name for this route.
Page 262 Prestige 660H/HW Series User’s Guide Chapter 27 Static Route Setup...
Page 263: Chapter 28 Bridging Setup
Prestige 660H/HW Series User’s Guide H A P T E R Bridging Setup This chapter shows you how to configure the bridging parameters of your Prestige. 28.1 Bridging in General Bridging bases the forwarding decision on the MAC (Media Access Control), or hardware address, while routing does it on the network layer (IP) address.
Page 264: Figure 147 Menu 11.1 Remote Node Profile
Prestige 660H/HW Series User’s Guide Figure 147 Menu 11.1 Remote Node Profile Menu 11.1 - Remote Node Profile Rem Node Name= ? Route= IP Active= Yes Bridge= Yes Encapsulation= ENET ENCAP Edit IP/Bridge= No Multiplexing= VC-based Edit ATM Options= No Service Name= N/A Edit Advance Options= N/A Incoming:...
Page 265: Bridge Static Route Setup
Prestige 660H/HW Series User’s Guide 28.2.2 Bridge Static Route Setup Similar to network layer static routes, a bridging static route tells the Prestige the route to a node before a connection is established. You configure bridge static routes in menu 12.3.1 (go to menu 12, choose option 3, then choose a static route to edit) as shown next.
Page 266 Prestige 660H/HW Series User’s Guide Chapter 28 Bridging Setup...
Page 267: Network Address Translation (Nat)
Prestige 660H/HW Series User’s Guide H A P T E R Network Address Translation (NAT) This chapter discusses how to configure NAT on the Prestige. 29.1 Using NAT You must create a firewall rule in addition to setting up SUA/NAT, to allow traffic from the WAN to be forwarded through the Prestige.
Page 268: Figure 150 Menu 4 Applying Nat For Internet Access
Prestige 660H/HW Series User’s Guide Figure 150 Menu 4 Applying NAT for Internet Access Menu 4 - Internet Access Setup ISP's Name= MyISP Encapsulation= RFC 1483 Multiplexing= LLC-based VPI #= 8 VCI #= 35 ATM QoS Type= UBR Peak Cell Rate (PCR)= 0 Sustain Cell Rate (SCR)= 0 Maximum Burst Size (MBS)= 0 My Login= N/A...
Page 269: Nat Setup
Prestige 660H/HW Series User’s Guide Table 91 Applying NAT in Menus 4 & 11.3 FIELD DESCRIPTION Press [SPACE BAR] and then [ENTER] to select Full Feature if you have multiple public WAN IP addresses for your Prestige. The SMT uses the address mapping set that you configure and enter in the Address Mapping Set field (seeFigure 153 on page 269).
Page 270: Sua Address Mapping Set
Prestige 660H/HW Series User’s Guide Figure 153 Menu 15.1 Address Mapping Sets Menu 15.1 - Address Mapping Sets 255. SUA (read only) Enter Menu Selection Number: 29.3.1.1 SUA Address Mapping Set Enter 255 to display the next screen (see also Section 29.1.1 on page 266).
Page 271: User-Defined Address Mapping Sets
Prestige 660H/HW Series User’s Guide Table 92 SUA Address Mapping Rules (continued) FIELD DESCRIPTION Local End IP Local End IP is the ending local IP address (ILA). If the rule is for all local IPs, then the Start IP is 0.0.0.0 and the End IP is 255.255.255.255. Global Start IP This is the starting global IP address (IGA).
Page 272: Ordering Your Rules
Prestige 660H/HW Series User’s Guide 29.3.1.3 Ordering Your Rules Ordering your rules is important because the Prestige applies the rules in the order that you specify. When a rule matches the current packet, the Prestige takes the corresponding action and the remaining rules are ignored. If there are any empty rules before your new configured rule, your configured rule will be pushed up by that number of empty rules.
Page 273: Configuring A Server Behind Nat
Prestige 660H/HW Series User’s Guide The following table explains the fields in this menu. Menu 15.1.1.1 Editing/Configuring an Individual Rule in a Set Table 94 FIELD DESCRIPTION Type Press [SPACE BAR] and then [ENTER] to select from a total of five types. These are the mapping types discussed in Chapter 9 on page 114.
Page 274: General Nat Examples
Prestige 660H/HW Series User’s Guide Figure 158 Menu 15.2.1 NAT Server Setup Menu 15.2 - NAT Server Setup Rule Start Port No. End Port No. IP Address --------------------------------------------------- Default Default 0.0.0.0 192.168.1.33 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 Press ENTER to Confirm or ESC to Cancel:...
Page 275: Example 1: Internet Access Only
Prestige 660H/HW Series User’s Guide 29.5.1 Example 1: Internet Access Only In the following Internet access example, you only need one rule where your ILAs (Inside Local addresses) all map to one dynamic IGA (Inside Global Address) assigned by your ISP. Figure 160 NAT Example 1 Figure 161 Menu 4 Internet Access &...
Page 276: Example 3: Multiple Public Ip Addresses With Inside Servers
Prestige 660H/HW Series User’s Guide Figure 162 NAT Example 2 In this case, you do exactly as above (use the convenient pre-configured SUA Only set) and also go to menu 15.2 to specify the Inside Server behind the NAT as shown in the next figure. Figure 163 Menu 15.2.1 Specifying an Inside Server Menu 15.2.1 - NAT Server Setup (Used for SUA Only) Rule...
Page 277: Figure 164 Nat Example 3
Prestige 660H/HW Series User’s Guide Map the other outgoing LAN traffic to IGA3 (Many : 1 mapping). You also map your third IGA to the web server and mail server on the LAN. Type Server allows you to specify multiple servers, of different types, to other computers behind NAT on the LAN.
Page 278: Figure 165 Example 3: Menu 11.3
Prestige 660H/HW Series User’s Guide Figure 165 Example 3: Menu 11.3 Menu 11.3 - Remote Node Network Layer Options IP Options: Bridge Options: IP Address Assignment= Static Ethernet Addr Timeout (min)= 0 Rem IP Addr: 0.0.0.0 Rem Subnet Mask= 0.0.0.0 My WAN Addr= 0.0.0.0 NAT= Full Feature Address Mapping Set= 2...
Page 279: Figure 167 Example 3: Final Menu 15.1.1
Prestige 660H/HW Series User’s Guide Figure 167 Example 3: Final Menu 15.1.1 Menu 15.1.1 - Address Mapping Rules Set Name= Example3 Local Start IP Local End IP Global Start IP Global End IP Type --------------- ------------- --------------- -------------- ---- 1. 192.168.1.10 10.132.50.1 192.168.1.11 10.132.50.2...
Page 280: Example 4: Nat Unfriendly Application Programs
Prestige 660H/HW Series User’s Guide 29.5.4 Example 4: NAT Unfriendly Application Programs Some applications do not support NAT Mapping using TCP or UDP port address translation. In this case it is better to use Many-to-Many No Overload mapping as port numbers do not change for Many-to-Many No Overload (and One-to-One) NAT mapping types.
Page 281: Figure 171 Example 4: Menu 15.1.1 Address Mapping Rules
Prestige 660H/HW Series User’s Guide Figure 171 Example 4: Menu 15.1.1 Address Mapping Rules Menu 15.1.1 - Address Mapping Rules Set Name= Example4 Local Start IP Local End IP Global Start IP Global End IP Type --------------- ------------ --------------- --------------- ---- 192.168.1.10 192.168.1.12...
Page 282 Prestige 660H/HW Series User’s Guide Chapter 29 Network Address Translation (NAT)
Page 283: Chapter 30 Enabling The Firewall
Prestige 660H/HW Series User’s Guide H A P T E R Enabling the Firewall This chapter shows you how to get started with the Prestige firewall. 30.1 Remote Management and the Firewall When SMT menu 24.11 is configured to allow management (see Chapter 37 on page 336) and the firewall is enabled:...
Page 284: Figure 172 Menu 21.2 Firewall Setup
Prestige 660H/HW Series User’s Guide Figure 172 Menu 21.2 Firewall Setup Menu 21.2 - Firewall Setup The firewall protects against Denial of Service (DOS) attacks when it is active. The default Policy sets 1. allow all sessions originating from the LAN to the WAN and 2.
Page 285: Chapter 31 Filter Configuration
Prestige 660H/HW Series User’s Guide H A P T E R Filter Configuration This chapter shows you how to create and apply filters. 31.1 About Filtering Your Prestige uses filters to decide whether or not to allow passage of a data packet and/or to make a call.
Page 286: The Filter Structure Of The Prestige
Prestige 660H/HW Series User’s Guide Figure 174 Filter Rule Process You can apply up to four filter sets to a particular port to block various types of packets. Because each filter set can have up to six rules, you can have a maximum of 24 rules active for a single port.
Page 287: Configuring A Filter Set For The Prestige
Prestige 660H/HW Series User’s Guide 31.2 Configuring a Filter Set for the Prestige To configure a filter set, follow the steps shown next. 1 Enter 21 in the main menu to display Menu 21 – Filter and Firewall Setup. 2 Enter 1 to display Menu 21.1 – Filter Set Configuration as shown next. Figure 175 Menu 21 Filter Set Configuration Menu 21.1 - Filter Set Configuration Filter...
Page 288: Filter Rules Summary Menus
Prestige 660H/HW Series User’s Guide Figure 177 NetBIOS_LAN Filter Rules Summary Menu 21.1.3 - Filter Rules Summary # A Type Filter Rules M m n - - ---- ------------------------------------------------------------ - - - 1 Y IP Pr=17, SA=0.0.0.0, SP=137, DA=0.0.0.0, DP=53 N D F Enter Filter Rule Number (1-6) to Configure: Figure 178 IGMP Filter Rules Summary...
Page 289: Configuring A Filter Rule
Prestige 660H/HW Series User’s Guide Table 95 Abbreviations Used in the Filter Rules Summary Menu (continued) FIELD DESCRIPTION Action Matched. “F” means to forward the packet immediately and skip checking the remaining rules. “D” means to drop the packet. “N“ means to check the next rule. Action Not Matched.
Page 290: Tcp/Ip Filter Rule
Prestige 660H/HW Series User’s Guide 31.4.1 TCP/IP Filter Rule This section shows you how to configure a TCP/IP filter rule. TCP/IP rules allow you to base the rule on the fields in the IP and the upper layer protocol, for example, UDP and TCP headers.
Page 291 Prestige 660H/HW Series User’s Guide Table 97 Menu 21.1.x.1 TCP/IP Filter Rule (continued) FIELD DESCRIPTION Port # Type the destination port of the packets you want to filter. The field range is 0 to 65535. A 0 field is ignored. Port # Comp Select the comparison to apply to the destination port in the packet against the value given in Destination: Port #.
Page 292: Generic Filter Rule
Prestige 660H/HW Series User’s Guide Figure 180 Executing an IP Filter 31.4.2 Generic Filter Rule This section shows you how to configure a generic filter rule. The purpose of generic rules is to allow you to filter non-IP packets. For IP, it is generally easier to use the IP rules directly. For generic rules, the Prestige treats a packet as a byte stream as opposed to an IP packet.
Page 293: Figure 181 Menu 21.1.5.1 Generic Filter Rule
Prestige 660H/HW Series User’s Guide To configure a generic rule select an empty filter set in menu 21, for example 5. Select Generic Filter Rule in the Filter Type field and press [ENTER] to open Menu 21.1.5.1 – Generic Filter Rule, as shown in the following figure. Figure 181 Menu 21.1.5.1 Generic Filter Rule Menu 21.1.5.1 - Generic Filter Rule Filter #: 5,1...
Page 294: Filter Types And Nat
Prestige 660H/HW Series User’s Guide Table 98 Menu 21.1.5.1 Generic Filter Rule (continued) FIELD DESCRIPTION Action Not Select the action for a packet not matching the rule. Choices are Check Next Rule, Matched Forward or Drop. When you have completed this menu, press [ENTER] at the prompt “ Press ENTER to Confirm or ESC to Cancel: ”...
Page 295: Figure 183 Sample Telnet Filter
Prestige 660H/HW Series User’s Guide Figure 183 Sample Telnet Filter 1 Enter 1 in the menu 21 to display Menu 21.1 — Filter Set Configuration. 2 Enter the index number of the filter set you want to configure (in this case 6) 3 Type a descriptive name or comment in the Edit Comments field (for example, TELNET_WAN) and press [ENTER].
Page 296: Applying Filters And Factory Defaults
Prestige 660H/HW Series User’s Guide 2 Go to the Edit Filter Sets field, press [SPACE BAR] to choose Yes and press [ENTER]. This brings you to menu 11.5. Apply the example filter set (for example, filter set 3) in this menu as shown in the next section.
Page 297: Ethernet Traffic
Prestige 660H/HW Series User’s Guide 31.7.1 Ethernet Traffic You seldom need to filter Ethernet traffic; however, the filter sets may be useful to block certain packets, reduce traffic and prevent security breaches. Go to menu 3.1 (shown next) and type the number(s) of the filter set(s) that you want to apply as appropriate. You can choose up to four filter sets (from twelve) by typing their numbers separated by commas, for example, 3, 4, 6, 11.
Page 298 Prestige 660H/HW Series User’s Guide Chapter 31 Filter Configuration...
Page 299: Chapter 32 Snmp Configuration
Prestige 660H/HW Series User’s Guide H A P T E R SNMP Configuration This chapter explains SNMP Configuration menu 22. 32.1 About SNMP Simple Network Management Protocol (SNMP) is a protocol used for exchanging management information between network devices. SNMP is a member of the TCP/IP protocol suite.
Page 300: Supported Mibs
Prestige 660H/HW Series User’s Guide The managed devices contain object variables/managed objects that define each piece of information to be collected about a device. Examples of variables include the number of packets received, node port status etc. A Management Information Base (MIB) is a collection of managed objects.
Page 301: Snmp Traps
Prestige 660H/HW Series User’s Guide Figure 189 Menu 22 SNMP Configuration Menu 22 - SNMP Configuration SNMP: Get Community= public Set Community= public Trusted Host= 0.0.0.0 Trap: Community= public Destination= 0.0.0.0 Press ENTER to Confirm or ESC to Cancel: The following table describes the SNMP configuration parameters. Table 100 Menu 22 SNMP Configuration FIELD DESCRIPTION...
Page 302: Table 102 Ports And Permanent Virtual Circuits
Prestige 660H/HW Series User’s Guide Table 101 SNMP Traps (continued) TRAP # TRAP NAME DESCRIPTION authenticationFailure (defined in A trap is sent to the manager when receiving any RFC-1215) SNMP gets or sets requirements with wrong community (password). whyReboot (defined in ZYXEL-MIB) A trap is sent with the reason of restart before rebooting when the system is going to restart (warm start).
Page 303: Chapter 33 System Security
Prestige 660H/HW Series User’s Guide H A P T E R System Security This chapter describes how to configure the system security on the Prestige. 33.1 System Security You can configure the system password.. 33.1.1 System Password Enter 23 in the main menu to display Menu 23 – System Security. You should change the default password.
Page 304: Figure 191 Menu 23.2 System Security: Radius Server
Prestige 660H/HW Series User’s Guide Figure 191 Menu 23.2 System Security: RADIUS Server Menu 23.2 - System Security - RADIUS Server Authentication Server: Active= No Server Address= 10.11.12.13 Port #= 1812 Shared Secret= ******** Accounting Server: Active= No Server Address= 10.11.12.13 Port #= 1813 Shared Secret= ******** Press ENTER to Confirm or ESC to Cancel:...
Page 305: Ieee802.1X
Prestige 660H/HW Series User’s Guide 33.1.3 IEEE802.1x The IEEE802.1x standards outline enhanced security methods for both the authentication of wireless stations and encryption key management. Follow the steps below to enable EAP authentication on your Prestige. 1 From the main menu, enter 23 to display Menu23 – System Security. Figure 192 Menu 23 System Security Menu 23 - System Security 1.
Page 306: Table 104 Menu 23.4 System Security : Ieee802.1X
Prestige 660H/HW Series User’s Guide Table 104 Menu 23.4 System Security : IEEE802.1x FIELD DESCRIPTION Wireless Port Press [SPACE BAR] and select a security mode for the wireless LAN access. Control Select No Authentication Required to allow any wireless stations access to your wired network without entering usernames and passwords.
Page 307: Creating User Accounts On The Prestige
Prestige 660H/HW Series User’s Guide Table 104 Menu 23.4 System Security : IEEE802.1x (continued) FIELD DESCRIPTION Authentication The authentication database contains wireless station login information. The local Databases user database is the built-in database on the Prestige. The RADIUS is an external server.
Page 308: Figure 194 Menu 14 Dial-In User Setup
Prestige 660H/HW Series User’s Guide Figure 194 Menu 14 Dial-in User Setup Menu 14 - Dial-in User Setup 1. ________ 9. ________ 17. ________ 25. ________ 2. ________ 10. ________ 18. ________ 26. ________ 3. ________ 11. ________ 19. ________ 27.
Page 309: System Information And Diagnosis
Prestige 660H/HW Series User’s Guide H A P T E R System Information and Diagnosis This chapter covers the information and diagnostic tools in SMT menus 24.1 to 24.4. 34.1 Overview These tools include updates on system status, port status, log and trace capabilities and upgrades for the system software.
Page 310: Figure 197 Menu 24.1 System Maintenance : Status
Prestige 660H/HW Series User’s Guide The following table describes the fields present in Menu 24.1 — System Maintenance — Status which are read-only and meant for diagnostic purposes. Figure 197 Menu 24.1 System Maintenance : Status Menu 24.1 - System Maintenance - Status 03:53:21 Sat.
Page 311: System Information
Prestige 660H/HW Series User’s Guide Table 106 Menu 24.1 System Maintenance : Status (continued) FIELD DESCRIPTION This shows statistics for the WAN. Line Status This shows the current status of the xDSL line, which can be Up or Down. Upstream This shows the upstream transfer rate in kbps.
Page 312: Console Port Speed
Refers to the routing protocol used. ZyNOS F/W Version Refers to the ZyNOS (ZyXEL Network Operating System) system firmware version. ZyNOS is a registered trademark of ZyXEL Communications Corporation. ADSL Chipset Displays the vendor of the ADSL chipset and DSL version.
Page 313: Log And Trace
Prestige 660H/HW Series User’s Guide Figure 200 Menu 24.2.2 System Maintenance : Change Console Port Speed Menu 24.2.2 – System Maintenance – Change Console Port Speed Console Port Speed: 9600 Press ENTER to Confirm or ESC to Cancel: Once you change the Prestige console port speed, you must also set the speed parameter for the communication software you are using to connect to the Prestige.
Page 314: Syslog And Accounting
Prestige 660H/HW Series User’s Guide Figure 202 Sample Error and Information Messages 53 Sat Jan 01 00:00:03 2000 PP01 -WARN SNMP TRAP 0: cold start 54 Sat Jan 01 00:00:03 2000 PP01 INFO main: init completed 55 Sat Jan 01 00:00:03 2000 PP01 INFO Starting Connectivity Monitor 56 Sat Jan 01 00:00:03 2000 PP20...
Page 315: Figure 204 Syslog Example
Prestige 660H/HW Series User’s Guide Figure 204 Syslog Example 1 - CDR SdcmdSyslogSend ( SYSLOG_CDR, SYSLOG_INFO, String); String = board xx line xx channel xx, call xx, str board = the hardware board ID line = the WAN ID in a board Channel = channel ID within the WAN call = the call reference number which starts from 1 and increments by 1 for each new call...
Page 316: Diagnostic
Prestige 660H/HW Series User’s Guide Figure 204 Syslog Example (continued) prot: Protocol (“TCP”, ”UDP”, ”ICMP”) spo: Source port dpo: Destination port Jul 19 14:43:55 192.168.102.2 ZYXEL: IP [Src=202.132.154.123 Dst=255.255.255.255 UDP spo=0208 dpo=0208]} S03>R01mF Jul 19 14:44:00 192.168.102.2 ZYXEL: IP [Src=192.168.102.20 Dst=202.132.154.1 UDP spo=05d4 dpo=0035]} S03>R01mF Jul 19 14:44:04 192.168.102.2 ZYXEL: IP [Src=192.168.102.20 Dst=202.132.154.1 UDP spo=05d4 dpo=0035]} S03>R01mF...
Page 317: Table 109 Menu 24.4 System Maintenance Menu: Diagnostic
Prestige 660H/HW Series User’s Guide The following table describes the diagnostic tests available in menu 24.4 for and the connections. Table 109 Menu 24.4 System Maintenance Menu: Diagnostic FIELD DESCRIPTION Reset xDSL Re-initialize the xDSL link to the telephone company. Ping Host Ping the host to see if the links and TCP/IP protocol on both systems are working.
Page 318 Prestige 660H/HW Series User’s Guide Chapter 34 System Information and Diagnosis...
Page 319: Firmware And Configuration File Maintenance
Prestige 660H/HW Series User’s Guide H A P T E R Firmware and Configuration File Maintenance This chapter tells you how to backup and restore your configuration file as well as upload new firmware and configuration files. 35.1 Filename Conventions The configuration file (often called the romfile or rom-0) contains the factory default settings in the menus such as password, DHCP Setup, TCP/IP Setup, etc.
Page 320: Backup Configuration
Prestige 660H/HW Series User’s Guide The following table is a summary. Please note that the internal filename refers to the filename on the Prestige and the external filename refers to the filename not on the Prestige, that is, on your computer, local network or FTP site and so the name (but not the extension) may vary. After uploading new firmware, see the ZyNOS F/W Version field in Menu 24.2.1 –...
Page 321: Using The Ftp Command From The Command Line
Prestige 660H/HW Series User’s Guide Figure 206 Telnet in Menu 24.5 Menu 24.5 - System Maintenance - Backup Configuration To transfer the configuration file to your workstation, follow the procedure below: 1. Launch the FTP client on your workstation. 2. Type "open" and the IP address of your Prestige. Then type "root" and SMT password as requested.
Page 322: Gui-Based Ftp Clients
Prestige 660H/HW Series User’s Guide Figure 207 FTP Session Example 331 Enter PASS command Password: 230 Logged in ftp> bin 200 Type I OK ftp> get rom-0 zyxel.rom 200 Port command okay 150 Opening data connection for STOR ras 226 File received OK ftp: 16384 bytes sent in 1.10Seconds 297.89Kbytes/sec.
Page 323: Backup Configuration Using Tftp
Prestige 660H/HW Series User’s Guide 35.2.6 Backup Configuration Using TFTP The Prestige supports the up/downloading of the firmware and the configuration file using TFTP (Trivial File Transfer Protocol) over LAN. Although TFTP should work over WAN as well, it is not recommended. To use TFTP, your computer must have both telnet and TFTP clients.
Page 324: Restore Configuration
Prestige 660H/HW Series User’s Guide Table 112 General Commands for GUI-based TFTP Clients COMMAND DESCRIPTION Host Enter the IP address of the Prestige. 192.168.1.1 is the Prestige’s default IP address when shipped. Send/Fetch Use “Send” to upload the file to the Prestige and “Fetch” to back up the file on your computer.
Page 325: Restore Using Ftp Session Example
Prestige 660H/HW Series User’s Guide Figure 208 Telnet into Menu 24.6 Menu 24.6 -- System Maintenance - Restore Configuration To transfer the firmware and configuration file to your workstation, follow the procedure below: 1. Launch the FTP client on your workstation. 2.
Page 326: Uploading Firmware And Configuration Files
Prestige 660H/HW Series User’s Guide 35.4 Uploading Firmware and Configuration Files This section shows you how to upload firmware and configuration files. You can upload configuration files by following the procedure in Section 35.2 on page 319 or by following the instructions in Menu 24.7.2 –...
Page 327: Ftp File Upload Command From The Dos Prompt Example
Prestige 660H/HW Series User’s Guide Figure 211 Telnet Into Menu 24.7.2 System Maintenance Menu 24.7.2 - System Maintenance - Upload System Configuration File To upload the system configuration file, follow the procedure below: 1. Launch the FTP client on your workstation. 2.
Page 328: Ftp Session Example Of Firmware File Upload
Prestige 660H/HW Series User’s Guide 35.4.4 FTP Session Example of Firmware File Upload Figure 212 FTP Session Example of Firmware File Upload 331 Enter PASS command Password: 230 Logged in ftp> bin 200 Type I OK ftp> put firmware.bin ras 200 Port command okay 150 Opening data connection for STOR ras 226 File received OK...
Page 329: Tftp Upload Command Example
Prestige 660H/HW Series User’s Guide 35.4.6 TFTP Upload Command Example The following is an example TFTP command: tftp [-i] host put firmware.bin ras where “ ” specifies binary image transfer mode (use this mode when transferring binary files), “ ” is the Prestige’s IP address and “ ”...
Page 330 Prestige 660H/HW Series User’s Guide Chapter 35 Firmware and Configuration File Maintenance...
Page 331: Chapter 36 System Maintenance
Upload Firmware Command Interpreter Mode Call Control 10. Time and Date Setting 11. Remote Management Enter Menu Selection Number: Figure 214 Valid Commands Copyright (c) 1994 - 2004 ZyXEL Communications Corp. ras> ? Valid commands are: exit ether wlan ipsec...
Page 332: Call Control Support
Prestige 660H/HW Series User’s Guide 36.2 Call Control Support Call Control Support is only applicable when Encapsulation is set to PPPoE in menu 4 or menu 11.1. The budget management function allows you to set a limit on the total outgoing call time of the Prestige within certain times.
Page 333: Time And Date Setting
Prestige 660H/HW Series User’s Guide The total budget is the time limit on the accumulated time for outgoing calls to a remote node. When this limit is reached, the call will be dropped and further outgoing calls to that remote node will be blocked.
Page 334: Resetting The Time
Prestige 660H/HW Series User’s Guide Figure 218 Menu 24.10 System Maintenance: Time and Date Setting Menu 24.10 - System Maintenance - Time and Date Setting Use Time Server when Bootup= None Time Server Address= N/A Current Time: 00 : 51 : 24 New Time (hh:mm:ss): 00 : 51 : 19 Current Date:...
Page 335 Prestige 660H/HW Series User’s Guide • 24-hour intervals after starting. Chapter 36 System Maintenance...
Page 336 Prestige 660H/HW Series User’s Guide Chapter 36 System Maintenance...
Page 337: Chapter 37 Remote Management
Prestige 660H/HW Series User’s Guide H A P T E R Remote Management This chapter covers remote management (SMT menu 24.11). 37.1 Remote Management Overview Remote management allows you to determine which services/protocols can access which Prestige interface (if any) from which computers. When you configure remote management to allow management from the WAN, you still need to configure a firewall rule to allow access.
Page 338: Remote Management Limitations
Prestige 660H/HW Series User’s Guide Figure 219 Menu 24.11 Remote Management Control Menu 24.11 - Remote Management Control TELNET Server: Server Port = 23 Server Access = LAN only Secured Client IP = 0.0.0.0 FTP Server: Server Port = 21 Server Access = LAN only Secured Client IP = 0.0.0.0 Web Server:...
Page 339: Remote Management And Nat
Prestige 660H/HW Series User’s Guide 37.3 Remote Management and NAT When NAT is enabled: • Use the Prestige’s WAN IP address when configuring from the WAN. • Use the Prestige’s LAN IP address when configuring from the LAN. 37.4 System Timeout There is a default system management idle timeout of five minutes (three hundred seconds).
Page 340 Prestige 660H/HW Series User’s Guide Chapter 37 Remote Management...
Page 341: Chapter 38 Ip Policy Routing
Prestige 660H/HW Series User’s Guide H A P T E R IP Policy Routing This chapter covers setting and applying policies used for IP routing. 38.1 IP Policy Routing Overview Traditionally, routing is based on the destination address only and the IAD takes the shortest path to forward a packet.
Page 342: Ip Routing Policy Setup
Prestige 660H/HW Series User’s Guide • routing the packet to a different gateway (and hence the outgoing interface). • setting the TOS and precedence fields in the IP header. IPPR follows the existing packet filtering facility of RAS in style and in implementation. The policies are divided into sets, where related policies are grouped together.
Page 343: Figure 221 Menu 25.1 Ip Routing Policy Setup
Prestige 660H/HW Series User’s Guide Figure 221 Menu 25.1 IP Routing Policy Setup Menu 25.1 - IP Routing Policy Setup Criteria/Action - - ---------------------------------------------------------------------- 1 Y SA=1.1.1.1-1.1.1.1,DA=2.2.2.2-2.2.2.5 SP=20-25,DP=20-25,P=6,T=NM,PR=0 |GW=192.168.1.1,T=MT,PR=0 2 N ______________________________________________________________________ ______________________________________________________________________ 3 N ______________________________________________________________________ ______________________________________________________________________ 4 N ______________________________________________________________________ ______________________________________________________________________ 5 N ______________________________________________________________________ ______________________________________________________________________...
Page 344: Figure 222 Menu 25.1.1 Ip Routing Policy
Prestige 660H/HW Series User’s Guide Figure 222 Menu 25.1.1 IP Routing Policy Menu 25.1.1 - IP Routing Policy Policy Set Name= test Active= No Criteria: IP Protocol Type of Service= Don't Care Packet length= 0 Precedence = Don't Care Len Comp= N/A Source: addr start= 0.0.0.0 end= N/A...
Page 345: Applying An Ip Policy
Prestige 660H/HW Series User’s Guide Table 117 Menu 25.1.1 IP Routing Policy (continued) FIELD DESCRIPTION Gateway addr Defines the outgoing gateway address. The gateway must be on the same subnet as the Prestige if it is on the LAN, otherwise, the gateway must be the IP address of a remote node.
Page 346: Ip Policy Routing Example
Prestige 660H/HW Series User’s Guide Figure 223 Menu 3.2 TCP/IP and DHCP Ethernet Setup Menu 3.2 - TCP/IP and DHCP Setup DHCP Setup DHCP= Server Client IP Pool Starting Address= 192.168.1.33 Size of Client IP Pool= 32 Primary DNS Server= 0.0.0.0 Secondary DNS Server= 0.0.0.0 Remote DHCP Server= N/A TCP/IP Setup:...
Page 347: Figure 225 Example Of Ip Policy Routing
Prestige 660H/HW Series User’s Guide Route 1 represents the default IP route and route 2 represents the configured IP route. Figure 225 Example of IP Policy Routing To force packets coming from clients with IP addresses of 192.168.1.33 to 192.168.1.64 to be routed to the Internet via the WAN port of the Prestige, follow the steps as shown next.
Page 348: Figure 226 Ip Routing Policy Example
Prestige 660H/HW Series User’s Guide Figure 226 IP Routing Policy Example Menu 25.1.1 - IP Routing Policy Policy Set Name= set1 Packet length= 10 Active= Yes Len Comp= N/A Criteria: IP Protocol end= 192.168.1.64 Type of Service= Don't Care end= N/A Precedence = Don't Care end= N/A...
Page 349: Figure 227 Ip Routing Policy Example
Prestige 660H/HW Series User’s Guide Figure 227 IP Routing Policy Example Menu 25.1.1 - IP Routing Policy Policy Set Name= set2 Packet length= 10 Active= Yes Len Comp= N/A Criteria: IP Protocol end= N/A Type of Service= Don't Care end= N/A Precedence = Don't Care end= N/A...
Page 350 Prestige 660H/HW Series User’s Guide Chapter 38 IP Policy Routing...
Page 351: Chapter 39 Call Scheduling
Prestige 660H/HW Series User’s Guide H A P T E R Call Scheduling Call scheduling (applicable for PPPoA or PPPoE encapsulation only) allows you to dictate when a remote node should be called and for how long. 39.1 Introduction The call scheduling feature allows the Prestige to manage a remote node and dictate when a remote node should be called and for how long.
Page 352: Figure 230 Menu 26.1 Schedule Set Setup
Prestige 660H/HW Series User’s Guide To setup a schedule set, select the schedule set you want to setup from menu 26 (1-12) and press [ENTER] to see Menu 26.1 — Schedule Set Setup as shown next. Figure 230 Menu 26.1 Schedule Set Setup Menu 26.1 Schedule Set Setup Active= Yes Start Date(yyyy-mm-dd)= 2000 - 01 - 01...
Page 353: Figure 231 Applying Schedule Set(S) To A Remote Node (Pppoe)
Prestige 660H/HW Series User’s Guide Table 118 Menu 26.1 Schedule Set Setup (continued) FIELD DESCRIPTION Action Forced On means that the connection is maintained whether or not there is a demand call on the line and will persist for the time period specified in the Duration field. Forced Down means that the connection is blocked whether or not there is a demand call on the line.
Page 354 Prestige 660H/HW Series User’s Guide Chapter 39 Call Scheduling...
Page 355: Chapter 40 Internal Sptgen
Prestige 660H/HW Series User’s Guide H A P T E R Internal SPTGEN 40.1 Internal SPTGEN Overview Internal SPTGEN (System Parameter Table Generator) is a configuration text file useful for efficient configuration of multiple Prestiges. Internal SPTGEN lets you configure, save and upload multiple menus at the same time using just one configuration text file –...
Page 356: Internal Sptgen File Modification - Important Points To Remember
Prestige 660H/HW Series User’s Guide 40.2.1 Internal SPTGEN File Modification - Important Points to Remember Each parameter you enter must be preceded by one “=”sign and one space. Some parameters are dependent on others. For example, if you disable the Configured field in menu 1 (seeFigure 232 on page 354), then you disable every field in this menu.
Page 357: Internal Sptgen Ftp Upload Example
Prestige 660H/HW Series User’s Guide Figure 235 Internal SPTGEN FTP Download Example c:\ftp 192.168.1.1 220 PPP FTP version 1.0 ready at Sat Jan 1 03:22:12 2000 User (192.168.1.1:(none)): 331 Enter PASS command Password: 230 Logged in ftp>bin 200 Type I OK ftp>...
Page 358 Prestige 660H/HW Series User’s Guide Chapter 40 Internal SPTGEN...
Page 359: Chapter 41 Troubleshooting
Prestige 660H/HW Series User’s Guide H A P T E R Troubleshooting This chapter covers potential problems and the corresponding remedies. 41.1 Problems Starting Up the Prestige Table 119 Troubleshooting the Start-Up of Your Prestige PROBLEM CORRECTIVE ACTION None of the Make sure that the Prestige’s power adaptor is connected to the Prestige and plugged LEDs turn on in to an appropriate power source.
Page 360: Problems With The Dsl Led
Prestige 660H/HW Series User’s Guide 41.3 Problems with the DSL LED Table 121 Troubleshooting the DSL LED PROBLEM CORRECTIVE ACTION The DSL LED is Check the telephone wire and connections between the Prestige DSL port and the off. wall jack. Make sure that the telephone company has checked your phone line and set it up for DSL service.
Page 361: Problems With Internet Access
Prestige 660H/HW Series User’s Guide 41.6 Problems with Internet Access Table 124 Troubleshooting Internet Access PROBLEM CORRECTIVE ACTION I cannot access Make sure the Prestige is turned on and connected to the network. the Internet. If the DSL LED is off, refer to Section 41.3 on page 359.
Page 362: Problems With The Web Configurator
Prestige 660H/HW Series User’s Guide 41.8 Problems with the Web Configurator Table 126 Troubleshooting the Web Configurator PROBLEM CORRECTIVE ACTION I cannot access Refer to the Quick Start Guide for hardware connections. the web Make sure that there is not an SMT console session running. configurator.
Page 363: Splitters And Microfilters
Prestige 660H/HW Series User’s Guide P P E N D I X Splitters and Microfilters This appendix tells you how to install a POTS splitter or a telephone microfilter. Connecting a POTS Splitter When you use the Full Rate (G.dmt) ADSL standard, you can use a POTS (Plain Old Telephone Service) splitter to separate the telephone and ADSL signals.
Page 364: Telephone Microfilters
Prestige 660H/HW Series User’s Guide Telephone Microfilters Telephone voice transmissions take place in the lower frequency range, 0 - 4KHz, while ADSL transmissions take place in the higher bandwidth range, above 4KHz. A microfilter acts as a low-pass filter, for your telephone, to ensure that ADSL transmissions do not interfere with your telephone voice transmissions.
Page 365: Figure 239 Prestige With Isdn
Prestige 660H/HW Series User’s Guide Figure 239 Prestige with ISDN Splitters and Microfilters...
Page 366 Prestige 660H/HW Series User’s Guide Splitters and Microfilters...
Page 367: Setting Up Your Computer's Ip Address
Prestige 660H/HW Series User’s Guide P P E N D I X Setting up Your Computer’s IP Address All computers must have a 10M or 100M Ethernet adapter card and TCP/IP installed. Windows 95/98/Me/NT/2000/XP, Macintosh OS 7 and later operating systems and all versions of UNIX/LINUX include the software components you need to install and use TCP/ IP on your computer.
Page 368: Installing Components
Prestige 660H/HW Series User’s Guide Figure 240 WIndows 95/98/Me: Network: Configuration Installing Components The Network window Configuration tab displays a list of installed components. You need a network adapter, the TCP/IP protocol and Client for Microsoft Networks. If you need the adapter: 1 In the Network window, click Add.
Page 369: Configuring
Prestige 660H/HW Series User’s Guide 3 Select Microsoft from the list of manufacturers. 4 Select Client for Microsoft Networks from the list of network clients and then click 5 Restart your computer so the changes you made take effect. Configuring 1 In the Network window Configuration tab, select your network adapter's TCP/IP entry and click Properties 2 Click the IP Address tab.
Page 370: Verifying Settings
Prestige 660H/HW Series User’s Guide Figure 242 Windows 95/98/Me: TCP/IP Properties: DNS Configuration 4 Click the Gateway tab. • If you do not know your gateway’s IP address, remove previously installed gateways. • If you have a gateway IP address, type it in the New gateway field and click Add.
Page 371: Figure 243 Windows Xp: Start Menu
Prestige 660H/HW Series User’s Guide Figure 243 Windows XP: Start Menu 2 For Windows XP, click Network Connections. For Windows 2000/NT, click Network and Dial-up Connections. Figure 244 Windows XP: Control Panel 3 Right-click Local Area Connection and then click Properties. Splitters and Microfilters...
Page 372: Figure 245 Windows Xp: Control Panel: Network Connections: Properties
Prestige 660H/HW Series User’s Guide Figure 245 Windows XP: Control Panel: Network Connections: Properties 4 Select Internet Protocol (TCP/IP) (under the General tab in Win XP) and click Properties. Figure 246 Windows XP: Local Area Connection Properties 5 The Internet Protocol TCP/IP Properties window opens (the General tab in Windows XP).
Page 373: Figure 247 Windows Xp: Advanced Tcp/Ip Settings
Prestige 660H/HW Series User’s Guide • If you have a static IP address click Use the following IP Address and fill in the IP address, Subnet mask, and Default gateway fields. Click Advanced. Figure 247 Windows XP: Advanced TCP/IP Settings 6 If you do not know your gateway's IP address, remove any previously installed gateways in the IP Settings tab and click OK.
Page 374: Verifying Settings
Prestige 660H/HW Series User’s Guide • Click Obtain DNS server address automatically if you do not know your DNS server IP address(es). • If you know your DNS server IP address(es), click Use the following DNS server addresses, and type them in the Preferred DNS server and Alternate DNS server fields.
Page 375: Figure 249 Macintosh Os 8/9: Apple Menu
Prestige 660H/HW Series User’s Guide Figure 249 Macintosh OS 8/9: Apple Menu 2 Select Ethernet built-in from the Connect via list. Figure 250 Macintosh OS 8/9: TCP/IP 3 For dynamically assigned settings, select Using DHCP Server from the Configure: list. Splitters and Microfilters...
Page 376: Verifying Settings
Prestige 660H/HW Series User’s Guide 4 For statically assigned settings, do the following: • From the Configure box, select Manually. • Type your IP address in the IP Address box. • Type your subnet mask in the Subnet mask box. •...
Page 377: Verifying Settings
Prestige 660H/HW Series User’s Guide Figure 252 Macintosh OS X: Network 4 For statically assigned settings, do the following: • From the Configure box, select Manually. • Type your IP address in the IP Address box. • Type your subnet mask in the Subnet mask box. •...
Page 378 Prestige 660H/HW Series User’s Guide Splitters and Microfilters...
Page 379: Ip Subnetting
Prestige 660H/HW Series User’s Guide P P E N D I X IP Subnetting IP Addressing Routers “route” based on the network number. The router that delivers the data packet to the correct destination host uses the host ID. IP Classes An IP address is made up of four octets (eight bits), written in dotted decimal notation, for example, 192.168.1.1.
Page 380: Subnet Masks
Prestige 660H/HW Series User’s Guide Since the first octet of a class “A” IP address must contain a “0”, the first octet of a class “A” address can have a value of 0 to 127. Similarly the first octet of a class “B” must begin with “10”, therefore the first octet of a class “B”...
Page 381: Example: Two Subnets
Prestige 660H/HW Series User’s Guide Since the mask is always a continuous number of ones beginning from the left, followed by a continuous number of zeros for the remainder of the 32 bit mask, you can simply specify the number of ones instead of writing the value of each octet. This is usually specified by writing a “/”...
Page 382: Table 133 Subnet 1
Prestige 660H/HW Series User’s Guide Note: In the following charts, shaded/bolded last octet bit values indicate host ID bits “borrowed” to form network ID bits. The number of “borrowed” host ID bits determines the number of subnets you can have. The remaining number of host ID bits (after “borrowing”) determines the number of hosts you can have on each subnet.
Page 383: Example: Four Subnets
Prestige 660H/HW Series User’s Guide Example: Four Subnets The above example illustrated using a 25-bit subnet mask to divide a class “C” address space into two subnets. Similarly to divide a class “C” address into four subnets, you need to “borrow”...
Page 384: Example Eight Subnets
Prestige 660H/HW Series User’s Guide Table 138 Subnet 4 NETWORK NUMBER LAST OCTET BIT VALUE IP Address 192.168.1. IP Address (Binary) 11000000.10101000.00000001. 11000000 Subnet Mask (Binary) 11111111.11111111.11111111. 11000000 Subnet Address: Lowest Host ID: 192.168.1.193 192.168.1.192 Broadcast Address: Highest Host ID: 192.168.1.254 192.168.1.255 Example Eight Subnets Similarly use a 27-bit mask to create 8 subnets (001, 010, 011, 100, 101, 110).
Page 385: Subnetting With Class A And Class B Networks
Prestige 660H/HW Series User’s Guide Subnetting With Class A and Class B Networks. For class “A” and class “B” addresses the subnet mask also determines which bits are part of the network number and which are part of the host ID. A class “B”...
Page 386 Prestige 660H/HW Series User’s Guide Splitters and Microfilters...
Page 387: Pppoe
Prestige 660H/HW Series User’s Guide P P E N D I X PPPoE PPPoE in Action An ADSL modem bridges a PPP session over Ethernet (PPP over Ethernet, RFC 2516) from your computer to an ATM PVC (Permanent Virtual Circuit) which connects to a DSL Access Concentrator where the PPP session terminates (Figure 253 on page 387).
Page 388: How Pppoe Works
Prestige 660H/HW Series User’s Guide Figure 253 Single-Computer per Router Hardware Configuration How PPPoE Works The PPPoE driver makes the Ethernet appear as a serial link to the computer and the computer runs PPP over it, while the modem bridges the Ethernet frames to the Access Concentrator (AC).
Page 389: Virtual Circuit Topology
Prestige 660H/HW Series User’s Guide P P E N D I X Virtual Circuit Topology ATM is a connection-oriented technology, meaning that it sets up virtual circuits over which end systems communicate. The terminology for virtual circuits is as follows: •...
Page 390 Prestige 660H/HW Series User’s Guide Splitters and Microfilters...
Page 391: Wireless Lan And Ieee 802.11
Prestige 660H/HW Series User’s Guide P P E N D I X Wireless LAN and IEEE 802.11 A wireless LAN (WLAN) provides a flexible data communications system that you can use to access various services (navigating the Internet, email, printer services, etc.) without the use of a cabled connection.
Page 392: Ad-Hoc Wireless Lan Configuration
Prestige 660H/HW Series User’s Guide Ad-hoc Wireless LAN Configuration The simplest WLAN configuration is an independent (Ad-hoc) WLAN that connects a set of computers with wireless nodes or stations (STA), which is called a Basic Service Set (BSS). In the most basic form, a wireless LAN connects a set of computers with wireless adapters. Any time two or more wireless adapters are within range of each other, they can set up an independent network, which is commonly referred to as an Ad-hoc network or Independent Basic Service Set (IBSS).
Page 393: Figure 257 Ess Provides Campus-Wide Coverage
Prestige 660H/HW Series User’s Guide Figure 257 ESS Provides Campus-Wide Coverage Splitters and Microfilters...
Page 394 Prestige 660H/HW Series User’s Guide Splitters and Microfilters...
Page 395: Wireless Lan With Ieee 802.1X
Prestige 660H/HW Series User’s Guide P P E N D I X Wireless LAN With IEEE 802.1x As wireless networks become popular for both portable computing and corporate networks, security is now a priority. Security Flaws with IEEE 802.11 Wireless networks based on the original IEEE 802.11 have a poor reputation for safety. The IEEE 802.11b wireless access standard, first published in 1999, was based on the MAC address.
Page 396: Radius Server Authentication Sequence
Prestige 660H/HW Series User’s Guide RADIUS Server Authentication Sequence The following figure depicts a typical wireless network with a remote RADIUS server for user authentication using EAPOL (EAP Over LAN). Figure 258 Sequences for EAP MD5–Challenge Authentication Splitters and Microfilters...
Page 397: Types Of Eap Authentication
Prestige 660H/HW Series User’s Guide P P E N D I X Types of EAP Authentication This appendix discusses the five popular EAP authentication types: EAP-MD5, EAP-TLS, EAP-TTLS, PEAP and LEAP. The type of authentication you use depends on the RADIUS server or the AP. Consult your network administrator for more information.
Page 398: Peap (Protected Eap)
Prestige 660H/HW Series User’s Guide PEAP (Protected EAP) Like EAP-TTLS, server-side certificate authentication is used to establish a secure connection, then use simple username and password methods through the secured connection to authenticate the clients, thus hiding client identity. However, PEAP only supports EAP methods, such as EAP-MD5, EAP-MSCHAPv2 and EAP-GTC (EAP-Generic Token Card), for client authentication.
Page 399: Antenna Selection And Positioning Recommendation
Prestige 660H/HW Series User’s Guide P P E N D I X Antenna Selection and Positioning Recommendation An antenna couples RF signals onto air. A transmitter within a wireless device sends an RF signal to the antenna, which propagates the signal through the air. The antenna also operates in reverse by capturing RF signals from the air.
Page 400: Types Of Antennas For Wlan
Prestige 660H/HW Series User’s Guide Types of Antennas For WLAN There are two types of antennas used for wireless LAN applications. • Omni-directional antennas send the RF signal out in all directions on a horizontal plane. The coverage area is torus-shaped (like a donut) which makes these antennas ideal for a room environment.
Page 401: Example Internal Sptgen Screens
Prestige 660H/HW Series User’s Guide P P E N D I X Example Internal SPTGEN Screens This appendix covers Prestige Internal SPTGEN screens. Table 143 Abbreviations Used in the Example Internal SPTGEN Screens Table ABBREVIATION MEANING Field Identification Number (not seen in SMT screens) Field Name Parameter Values Allowed INPUT...
Page 402 Prestige 660H/HW Series User’s Guide Table 145 Menu 3 (SMT Menu 1) 30100007 = Input device filters Set 3 = 256 30100008 = Input device filters Set 4 = 256 30100009 = Output protocol filters Set 1 = 256 30100010 = Output protocol filters Set 2 = 256 30100011 =...
Page 403 Prestige 660H/HW Series User’s Guide Table 145 Menu 3 (SMT Menu 1) 30201003 = IP Subnet Mask 30201004 = RIP Direction <0(None) | 1(Both) | 2(In Only) | 3(Out Only)> 30201005 = Version <0(Rip-1) | 1(Rip-2B) |2(Rip-2M)> 30201006 = IP Alias #1 Incoming protocol filters = 256 Set 1 30201007 =...
Page 404 Prestige 660H/HW Series User’s Guide Table 145 Menu 3 (SMT Menu 1) 30201025 = IP Alias #2 Outgoing protocol filters = 256 Set 3 30201026 = IP Alias #2 Outgoing protocol filters = 256 Set 4 */ Menu 3.5 Wireless LAN Setup (SMT Menu 3.5) 30500001 = ESSID Wireless...
Page 405 Prestige 660H/HW Series User’s Guide Table 146 Menu 4 Internet Access Setup (SMT Menu 4) / Menu 4 Internet Access Setup (SMT Menu 4) INPUT 40000000 = Configured <0(No) | 1(Yes)> 40000001 = <0(No) | 1(Yes)> 40000002 = Active <0(No) | 1(Yes)>...
Page 406: Table 146 Menu 4 Internet Access Setup (Smt Menu 4)
Prestige 660H/HW Series User’s Guide Table 146 Menu 4 Internet Access Setup (SMT Menu 4) 40000027 = ATM QoS Type <0(CBR) | (1 (UBR)> 40000028 = Peak Cell Rate (PCR) 40000029 = Sustain Cell Rate (SCR) 40000030 = Maximum Burst Size(MBS) 40000031= RIP Direction <0(None) |...
Page 407 Prestige 660H/HW Series User’s Guide Table 147 Menu 12(SMT Menu 12) (continued) 120103002 = IP Static Route set #3, Active <0(No) |1(Yes)> 120103003 = IP Static Route set #3, Destination = 0.0.0.0 IP address 120103004 = IP Static Route set #3, Destination IP subnetmask 120103005 = IP Static Route set #3, Gateway...
Page 408 Prestige 660H/HW Series User’s Guide Table 147 Menu 12(SMT Menu 12) (continued) INPUT 120107001 = IP Static Route set #7, Name <Str> 120107002 = IP Static Route set #7, Active <0(No) |1(Yes)> 120107003 = IP Static Route set #7, Destination = 0.0.0.0 IP address 120107004 =...
Page 409 Prestige 660H/HW Series User’s Guide Table 147 Menu 12(SMT Menu 12) (continued) 120110007 = IP Static Route set #10, Private <0(No) |1(Yes)> */ Menu 12.1.11 IP Static Route Setup (SMT Menu 12.1.11) INPUT 120111001 = IP Static Route set #11, Name <Str>...
Page 410 Prestige 660H/HW Series User’s Guide Table 147 Menu 12(SMT Menu 12) (continued) 120114004 = IP Static Route set #14, Destination IP subnetmask 120114005 = IP Static Route set #14, Gateway = 0.0.0.0 120114006 = IP Static Route set #14, Metric 120114007 = IP Static Route set #14, Private <0(No) |1(Yes)>...
Page 411: Table 148 Menu 15 Sua Server Setup (Smt Menu 15)
Prestige 660H/HW Series User’s Guide Table 148 Menu 15 SUA Server Setup (SMT Menu 15) (continued) 150000007 = SUA Server #3 Active <0(No) | 1(Yes)> 150000008 = SUA Server #3 Protocol <0(All)|6(TCP)|17(U DP)> 150000009 = SUA Server #3 Port Start 150000010 = SUA Server #3 Port End 150000011 =...
Page 412: Table 149 Menu 21.1 Filter Set #1 (Smt Menu 21.1)
Prestige 660H/HW Series User’s Guide Table 148 Menu 15 SUA Server Setup (SMT Menu 15) (continued) 150000041 = SUA Server #9 Local IP address = 0.0.0.0 150000042 = SUA Server #10 Active <0(No) | 1(Yes)> 150000043 = SUA Server #10 Protocol <0(All)|6(TCP)|17(U DP)>...
Page 413 Prestige 660H/HW Series User’s Guide Table 149 Menu 21.1 Filter Set #1 (SMT Menu 21.1) (continued) 210101011 = IP Filter Set 1,Rule 1 Src Port Comp <0(none)|1(equal) |2(not equal)|3(less)|4( greater)> 210101013 = IP Filter Set 1,Rule 1 Act Match <1(check next)|2(forward)| 3(drop)>...
Page 414 Prestige 660H/HW Series User’s Guide Table 149 Menu 21.1 Filter Set #1 (SMT Menu 21.1) (continued) 210103007 = IP Filter Set 1,Rule 3 Dest Port Comp <0(none)|1(equal) |2(not equal)|3(less)|4( greater)> 210103008 = IP Filter Set 1,Rule 3 Src IP address = 0.0.0.0 210103009 = IP Filter Set 1,Rule 3 Src Subnet Mask...
Page 415 Prestige 660H/HW Series User’s Guide Table 149 Menu 21.1 Filter Set #1 (SMT Menu 21.1) (continued) 210105002 = IP Filter Set 1,Rule 5 Active <0(No)|1(Yes)> 210105003 = IP Filter Set 1,Rule 5 Protocol = 17 210105004 = IP Filter Set 1,Rule 5 Dest IP address = 0.0.0.0 210105005 = IP Filter Set 1,Rule 5 Dest Subnet Mask...
Page 416: Table 150 Menu 21.1 Filer Set #2, (Smt Menu 21.1)
Prestige 660H/HW Series User’s Guide Table 149 Menu 21.1 Filter Set #1 (SMT Menu 21.1) (continued) 210106013 = IP Filter Set 1,Rule 6 Act Match <1(check next)|2(forward)| 3(drop)> 210106014 = IP Filter Set 1,Rule 6 Act Not Match <1(check next)|2(forward)| 3(drop)>...
Page 417 Prestige 660H/HW Series User’s Guide Table 150 Menu 21.1 Filer Set #2, (SMT Menu 21.1) (continued) 210202001 = IP Filter Set 2, Rule 2 Type <0(none)|2(TCP/IP)> = 2 210202002 = IP Filter Set 2, Rule 2 Active <0(No)|1(Yes)> 210202003 = IP Filter Set 2, Rule 2 Protocol 210202004 = IP Filter Set 2, Rule 2 Dest IP...
Page 418 Prestige 660H/HW Series User’s Guide Table 150 Menu 21.1 Filer Set #2, (SMT Menu 21.1) (continued) 210203011 = IP Filter Set 2, Rule 3 Src Port <0(none)|1(equal)|2 Comp (not equal)|3(less)|4(gr eater)> 210203013 = IP Filter Set 2, Rule 3 Act Match <1(check next)|2(forward)|3( drop)>...
Page 419 Prestige 660H/HW Series User’s Guide Table 150 Menu 21.1 Filer Set #2, (SMT Menu 21.1) (continued) 210205004 = IP Filter Set 2, Rule 5 Dest IP = 0.0.0.0 address 210205005 = IP Filter Set 2, Rule 5 Dest Subnet Mask 210205006 = IP Filter Set 2, Rule 5 Dest Port = 138...
Page 420 Prestige 660H/HW Series User’s Guide Table 150 Menu 21.1 Filer Set #2, (SMT Menu 21.1) (continued) 210206013 = IP Filter Set 2,Rule 6 Act Match <1(check next)|2(forward)|3( drop)> 210206014 = IP Filter Set 2,Rule 6 Act Not <1(check Match next)|2(forward)|3( drop)>...
Page 421: Command Examples
Prestige 660H/HW Series User’s Guide Table 150 Menu 21.1 Filer Set #2, (SMT Menu 21.1) (continued) 241100005 = FTP Server Access <0(all)|1(none)|2(L an)|3(Wan)> 241100006 = FTP Server Secured IP address = 0.0.0.0 241100007 = WEB Server Port = 80 241100008 = WEB Server Access <0(all)|1(none)|2(L an) |3(Wan)>...
Page 422 Prestige 660H/HW Series User’s Guide...
Page 423: Appendix K Command Interpreter
Prestige 660H/HW Series User’s Guide P P E N D I X Command Interpreter The following describes how to use the command interpreter. Enter 24 in the main menu to bring up the system maintenance menu. Enter 8 to go to Menu 24.8 - Command Interpreter Mode.
Page 424 Prestige 660H/HW Series User’s Guide...
Page 425: Appendix L Firewall Commands
Prestige 660H/HW Series User’s Guide P P E N D I X Firewall Commands 41.10 Sys Firewall Commands The following describes the firewall commands. See Appendix K on page 422 for information on the command structure. Each of these commands must be preceded by sys firewall when you use them.
Page 426 Prestige 660H/HW Series User’s Guide...
Page 427: Brute-Force Password Guessing Protection
Prestige 660H/HW Series User’s Guide P P E N D I X Brute-Force Password Guessing Protection The following describes the commands for enabling, disabling and configuring the brute-force password guessing protection mechanism for the password. See Appendix K on page 422 information on the command structure.
Page 428 Prestige 660H/HW Series User’s Guide...
Page 429: Appendix N Boot Commands
Prestige 660H/HW Series User’s Guide P P E N D I X Boot Commands The BootModule AT commands execute from within the router’s bootup software, when debug mode is selected before the main router firmware is started. When you start up your Prestige, you are given a choice to go into debug mode by pressing a key at the prompt shown in the following screen.
Page 430: Figure 260 Boot Module Commands
Prestige 660H/HW Series User’s Guide Figure 260 Boot Module Commands just answer OK ATHE print help ATBAx change baudrate. 1:38.4k, 2:19.2k, 3:9.6k 4:57.6k 5:115.2k ATENx,(y) set BootExtension Debug Flag (y=password) ATSE show the seed of password generator ATTI(h,m,s) change system time to hour:min:sec or show current time ATDA(y,m,d) change system date to year/month/day or show...
Page 431: Appendix O Log Descriptions
Prestige 660H/HW Series User’s Guide P P E N D I X Log Descriptions This appendix provides descriptions of example log messages. Table 154 System Maintenance Logs LOG MESSAGE DESCRIPTION The router has adjusted its time based on information from the Time calibration is time server.
Page 432: Table 155 System Error Logs
Prestige 660H/HW Series User’s Guide Table 154 System Maintenance Logs (continued) LOG MESSAGE DESCRIPTION The router is saving configuration changes. Configuration Change: PC = 0x%x, Task ID = 0x%x Someone has logged on to the router’s SSH server. Successful SSH login Someone has failed to log on to the router’s SSH server.
Page 433: Table 157 Tcp Reset Logs
Prestige 660H/HW Series User’s Guide Table 157 TCP Reset Logs LOG MESSAGE DESCRIPTION The router sent a TCP reset packet when a host was under a SYN Under SYN flood attack, flood attack (the TCP incomplete count is per destination host.) sent TCP RST The router sent a TCP reset packet when the number of TCP Exceed TCP MAX...
Page 434: Table 160 Cdr Logs
Prestige 660H/HW Series User’s Guide Table 159 ICMP Logs (continued) LOG MESSAGE DESCRIPTION The firewall allowed a triangle route session to pass Triangle route packet forwarded: through. ICMP The router blocked a packet that didn’t have a Packet without a NAT table entry corresponding NAT table entry.
Page 435: Table 162 Upnp Logs
Prestige 660H/HW Series User’s Guide Table 162 UPnP Logs LOG MESSAGE DESCRIPTION UPnP packets can pass through the firewall. UPnP pass through Firewall Table 163 Content Filtering Logs LOG MESSAGE DESCRIPTION The content of a requested web page matched a user defined keyword. %s: Keyword blocking The web site is not in a trusted domain, and the router blocks all traffic %s: Not in trusted web...
Page 436: Table 164 Attack Logs
Prestige 660H/HW Series User’s Guide Table 164 Attack Logs LOG MESSAGE DESCRIPTION The firewall detected a TCP/UDP/IGMP/ESP/GRE/OSPF attack. attack [ TCP | UDP | IGMP | ESP | GRE | OSPF ] The firewall detected an ICMP attack. For type and code details, attack ICMP (type:%d, Table 167 on page 437.
Page 437: Table 165 802.1X Logs
Prestige 660H/HW Series User’s Guide Table 165 802.1X Logs LOG MESSAGE DESCRIPTION A user was authenticated by the local user database. Local User Database accepts user. A user was not authenticated by the local user database Local User Database reports user because of an incorrect user password.
Page 438: Table 167 Icmp Notes
Prestige 660H/HW Series User’s Guide Table 166 ACL Setting Notes (continued) PACKET DIRECTION DIRECTION DESCRIPTION (L to L/Prestige) LAN to LAN/ ACL set for packets traveling from the LAN to the LAN or Prestige the Prestige. (W to W/Prestige) WAN to WAN/ ACL set for packets traveling from the WAN to the WAN Prestige or the Prestige.
Page 439: Table 168 Syslog Logs
Prestige 660H/HW Series User’s Guide Table 167 ICMP Notes (continued) TYPE CODE DESCRIPTION Information request message Information Reply Information reply message Table 168 Syslog Logs LOG MESSAGE DESCRIPTION "This message is sent by the system ("RAS" displays as the <Facility*8 + Severity>Mon dd system name if you haven’t configured one) when the router hr:mm:ss hostname generates a syslog.
Page 440: Log Commands
1 Use the sys logs load command to load the log setting buffer that allows you to configure which logs the Prestige is to record. 2 Use sys logs category to view a list of the log categories. Figure 261 Displaying Log Categories Example Copyright (c) 1994 - 2004 ZyXEL Communications Corp. ras> ? exit device...
Page 441: Log Command Example
Prestige 660H/HW Series User’s Guide Log Command Example This example shows how to set the Prestige to record the access logs and alerts and then view the results. Figure 263 Log Command Example ras> sys logs load ras> sys logs category access 3 ras>...
Page 442 Prestige 660H/HW Series User’s Guide...
Page 443: Index
Prestige 660H/HW Series User’s Guide Index bandwidth budget bandwidth capacity Bandwidth Class Access methods bandwidth class Address Assignment Bandwidth Filter Address mapping bandwidth filter Address Resolution Protocol (ARP) Bandwidth Management ADSL, what is it? Bandwidth Management Statistics ADSLstandards Bandwidth Manager Class Configuration Alternative Subnet Mask Notation Bandwidth Manager Class Setup Antenna...
Page 444 Prestige 660H/HW Series User’s Guide CDR (Call Detail Record) DHCP 44, 62, 74, 126, 212, 236, 311 CE regulations DHCP client Certificate Authority DHCP relay change password at login DHCP server 44, 212, 236 Channel DHCP table Interference diagnostic Channel ID Diagnostic Tools CHAP Direct Sequence Spread Spectrum...
Page 445 Prestige 660H/HW Series User’s Guide Encryption Introduction LAN to WAN Rules Error Log Policies 80, 391 Remote Management ESS ID Rule Checklist ESSID (Extended Service Set Identification) Rule Logic Example Internal SPTGEN Screens Rule Security Ramifications Services Extended Service Set SMT menus Extended Service Set (ESS) Types...
Page 446 Prestige 660H/HW Series User’s Guide Ethernet IP Policies Gateway IP Pool Setup IANA IP Protocol IANA (Internet Assigned Number Authority) IP protocol IBSS IP protocol type ICMP echo IP Routing Policy (IPPR) Idle timeout Benefits IEEE 802.11g Cost Savings IEEE 802.11i Criteria Load Sharing IEEE 802.1x...
Page 447 Prestige 660H/HW Series User’s Guide What NAT does NAT (Network Address Translation) NAT mode MAC (Media Access Control) NAT Traversal MAC (Media Access Control) address. navigating the web configurator MAC address NetBIOS commands MAC Address Filter Network Address Translation MAC address filter Network Address Translation (NAT) 43, 266 Filter action...
Page 448: Figure 24 Prestige Wireless Security Levels
Prestige 660H/HW Series User’s Guide PPP session over Ethernet (PPP over Ethernet, RFC Remote Management 2516) Firewall PPPoA remote management PPPoE 105, 386 Remote Management and NAT Benefits Remote Management Limitations 170, 337 PPPoE (Point-to-Point Protocol over Ethernet) 43, 105 Remote Management Setup PPPoE pass-through Remote Node...
Page 449: Figure 54 Three-Way Handshake
Prestige 660H/HW Series User’s Guide Scheduler SYN Flood 133, 134 SCRSee Sustain Cell Rate SYN-ACK Security In General Syntax Conventions Security Parameters Syslog 159, 313 Security Ramifications Syslog IP Address Server 117, 268, 270, 272, 273, 274, 275, 276, 333 Syslog Server Server behind NAT System...
Page 450: Table 16 Wireless Lan
Prestige 660H/HW Series User’s Guide traffic redirect WEP (Wired Equivalent Privacy) 42, 85, 239 Traffic shaping WEP Encryption Transmission Rates WEP encryption Type of Service 340, 342, 343, 344 Wi-Fi Protected Access Wi-Fi Protected Access (WPA) Wireless Client WPA Supplicants Wireless LAN 238, 390 Configuring...

This manual is also suitable for:

Prestige 660hw series

ZyXEL Communications Prestige 660H Series User Manual

Chapter 1 Getting to Know Your Prestige

Chapter 2 Introducing the Web Configurator

Chapter 3 Wizard Setup for Internet Access

Chapter 4 Wizard Setup for Media Bandwidth Management

Chapter 5 Password Setup

Chapter 6 LAN Setup

Chapter 7 Wireless LAN Setup

Chapter 8 WAN Setup

Chapter 9 Network Address Translation (NAT) Screens

Chapter 10 Dynamic DNS Setup

Chapter 11 Time and Date

Chapter 12 Firewalls

Chapter 13 Firewall Configuration

Quick Links

Troubleshooting

Related Manuals for ZyXEL Communications Prestige 660H Series

Summary of Contents for ZyXEL Communications Prestige 660H Series