P-334WT User’s Guide Federal Communications Commission (FCC) Interference Statement This device complies with Part 15 of FCC rules. Operation is subject to the following two conditions: • This device may not cause harmful interference. • This device must accept any interference received, including interference that may cause undesired operations.
P-334WT User’s Guide Safety Warnings For your safety, be sure to read and follow all warning notices and instructions. • To reduce the risk of fire, use only No. 26 AWG (American Wire Gauge) or larger telecommunication line cord. • Do NOT open the device or unit. Opening or removing covers can expose you to dangerous high voltage points or other risks.
P-334WT User’s Guide ZyXEL Limited Warranty ZyXEL warrants to the original end user (purchaser) that this product is free from any defects in materials or workmanship for a period of up to two years from the date of purchase. During...
P-334WT User’s Guide Customer Support Please have the following information ready when you contact customer support. • Product model and serial number. • Warranty Information. • Date that you received your device. • Brief description of the problem and the steps you took to solve it.
Page 8
P-334WT User’s Guide METHOD SUPPORT E-MAIL TELEPHONE WEB SITE REGULAR MAIL SALES E-MAIL FTP SITE LOCATION info@pl.zyxel.com +48-22-5286603 www.pl.zyxel.com ZyXEL Communications ul.Emilli Plater 53 POLAND +48-22-5206701 00-113 Warszawa Poland http://zyxel.ru/support +7-095-542-89-29 www.zyxel.ru ZyXEL Russia Ostrovityanova 37a Str. RUSSIA sales@zyxel.ru +7-095-542-89-25...
P-334WT User’s Guide Table of Contents Copyright ........................3 Federal Communications Commission (FCC) Interference Statement ....4 Safety Warnings ....................... 5 ZyXEL Limited Warranty..................6 Customer Support....................7 Table of Contents ..................... 9 Preface ........................37 Chapter 1 Getting to Know Your Prestige ................39 1.1 Prestige Overview ....................39...
Page 10
P-334WT User’s Guide 2.4.7 Summary: Packet Statistics ...............60 2.4.8 Summary: Port Isolation ................61 2.4.9 Summary: Wireless Station Status ............62 2.4.9.1 WMM QoS ..................62 Chapter 3 Connection Wizard....................65 3.1 Wizard Setup ......................65 3.2 Connection Wizard: STEP 1: System Information ..........66 3.2.1 System Name ...................66...
Page 11
P-334WT User’s Guide 4.4.4 Introduction to WPA and WPA2 ..............89 4.4.5 WPA(2)-PSK Application Example ............89 4.4.6 WPA-PSK/WPA2-PSK Authentication Screen ..........89 4.4.7 Wireless Client WPA Supplicants .............91 4.4.8 WPA(2) with RADIUS Application Example ..........91 4.4.9 WPA/WPA2 Authentication Screen ............92 4.4.10 IEEE 802.1x Overview ................94 4.4.11 IEEE 802.1x and Dynamic WEP Key Exchange ........94...
Page 12
P-334WT User’s Guide 6.2.3 RIP Setup ....................124 6.2.4 Multicast ....................124 6.3 Any IP .......................125 6.3.1 How Any IP Works ..................126 6.4 IP Screen ......................126 6.5 LAN IP Alias ....................127 6.6 Advanced LAN Screen ..................128 Chapter 7 DHCP Server ......................131 7.1 DHCP .......................131...
Page 13
P-334WT User’s Guide 9.1.4 Guidelines For Enhancing Security With Your Firewall ......148 9.2 General Firewall Screen ...................148 9.3 Services Screen ....................149 Chapter 10 Content Filtering ....................153 10.1 Introduction to Content Filtering ..............153 10.2 Restrict Web Features ...................153 10.3 Days and Times .....................153 10.4 Filter Screen ....................153...
Page 14
P-334WT User’s Guide 12.4.1 Dynamic Secure Gateway Address ............167 12.5 VPN Summary Screen ...................167 12.6 Keep Alive ......................168 12.7 NAT Traversal ....................169 12.7.1 NAT Traversal Configuration ..............169 12.7.2 Remote DNS Server ................169 12.8 ID Type and Content ..................170 12.8.1 ID Type and Content Examples ............171 12.9 Pre-Shared Key ....................172...
Page 15
P-334WT User’s Guide 13.4.7 Configuring the User List in Per-User Mode .........210 13.4.8 Content Blocking Categories ..............211 13.5 Port Isolation ....................212 Chapter 14 Static Route Screens ................... 215 14.1 Static Route Overview ..................215 14.2 IP Static Route Screen ...................215 14.2.1 Static Route Setup Screen ..............216 Chapter 15 Bandwidth Management ..................
Page 16
P-334WT User’s Guide Chapter 17 UPnP........................241 17.1 Universal Plug and Play Overview ..............241 17.1.1 How Do I Know If I'm Using UPnP? ............241 17.1.2 NAT Traversal ..................241 17.1.3 Cautions with UPnP ................241 17.2 UPnP and ZyXEL ...................242 17.3 UPnP Screen ....................242 17.4 Installing UPnP in Windows Example ............243...
Page 17
P-334WT User’s Guide 21.1.2 Entering Password ................267 21.1.3 Prestige SMT Menu Overview ..............268 21.2 Navigating the SMT Interface .................269 21.2.1 System Management Terminal Interface Summary ......271 21.3 Changing the System Password ..............271 Chapter 22 Menu 1 General Setup ..................273 22.1 General Setup ....................273...
Page 20
P-334WT User’s Guide 34.2.5 TFTP and FTP over WAN Management Limitations ......358 34.2.6 Backup Configuration Using TFTP ............358 34.2.7 TFTP Command Example ..............358 34.2.8 GUI-based TFTP Clients ..............359 34.3 Restore Configuration ..................359 34.3.1 Restore Using FTP ................359 34.3.2 Restore Using FTP Session Example ..........360 34.4 Uploading Firmware and Configuration Files ..........361...
Page 21
P-334WT User’s Guide Chapter 39 SA Monitor ......................387 39.1 SA Monitor Overview ..................387 39.2 Using SA Monitor ...................387 Chapter 40 Troubleshooting ....................389 40.1 Problems Starting Up the Prestige ..............389 40.2 Problems with the LAN ...................389 40.3 Problems with the WAN .................390 40.4 Problems Accessing the Prestige ..............391...
Page 27
P-334WT User’s Guide Figure 166 Menu 11.5: Remote Node Filter (PPPoE or PPTP Encapsulation) ....298 Figure 167 Menu 11.6: Traffic Redirect Setup ..............298 Figure 168 Menu 12 IP Static Route Setup ................ 301 Figure 169 Menu12.1 Edit IP Static Route ................301 Figure 170 Menu 4: Applying NAT for Internet Access ............
Page 28
P-334WT User’s Guide Figure 209 Menu 23.2 System Security : RADIUS Server ..........340 Figure 210 Menu 23.4 System Security : IEEE802.1x ............341 Figure 211 Menu 24 System Maintenance ................343 Figure 212 Menu 24.1 System Maintenance : Status ............344 Figure 213 Menu 24.2 System Information and Console Port Speed .......
Page 29
P-334WT User’s Guide Figure 252 Java (Sun) ......................400 Figure 253 Internet Options Security .................. 401 Figure 254 Security Setting ActiveX Controls ..............402 Figure 255 WIndows 95/98/Me: Network: Configuration ............. 404 Figure 256 Windows 95/98/Me: TCP/IP Properties: IP Address ......... 405 Figure 257 Windows 95/98/Me: TCP/IP Properties: DNS Configuration ......
Note: Use the web configurator, System Management Terminal (SMT) or command interpreter interface to configure your Prestige. Not all features can be configured through all interfaces. This manual may refer to the P-334WT, 802.11g Wireless Broadband Router with Firewall as the Prestige. About This User's Guide This User’s Guide is designed to guide you through the configuration of your Prestige using...
Page 38
P-334WT User’s Guide Syntax Conventions • “Enter” means for you to type one or more characters. “Select” or “Choose” means for you to use one predefined choice. • The SMT menu titles and labels are in Bold Times New Roman font. Predefined field choices are in Bold Arial font.
The embedded web configurator is easy to operate. In the Prestige product name, “W” denotes wireless functionality. The P-334WT has an embedded mini-PCI module for 802.11g Wireless LAN connectivity. Note: Only use firmware for your Prestige’s specific model.
P-334WT User’s Guide 4-Port Switch A combination of switch and router makes your Prestige a cost-effective and viable network solution. You can add up to four computers to the Prestige without the cost of a hub. Add more than four computers to your LAN by using a hub.
P-334WT User’s Guide Packet Filtering The packet filtering mechanism blocks unwanted traffic from entering/leaving your network. Time and Date The Prestige allows you to get the current time and date from an external server when you turn on your Prestige. You can also set the time manually.
Page 42
P-334WT User’s Guide IP Alias IP Alias allows you to partition a physical network into logical networks over the same Ethernet interface. The Prestige supports three logical LAN interfaces via its single physical Ethernet LAN interface with the Prestige itself as the gateway for each LAN network.
802.11b standard, meaning that you can have both IEEE 802.11b and IEEE 802.11g wireless clients in the same wireless network. Note: The P-334WT may be prone to RF (Radio Frequency) interference from other 2.4 GHz devices such as microwave ovens, wireless phones, Bluetooth enabled devices, and other wireless LANs.
P-334WT User’s Guide WPA(2) Wi-Fi Protected Access (WPA) is a subset of the IEEE 802.11i standard. WPA 2 (IEEE 802.11i) is a wireless security standard that defines stronger encryption, authentication and key management than WPA. Key differences between WPA(2) and WEP are improved data encryption and user authentication.
P-334WT User’s Guide 1.3 Applications for the Prestige Here are some examples of what you can do with your Prestige. 1.3.1 Secure Broadband Internet Access via Cable or DSL Modem You can connect a cable modem, DSL or wireless modem to the Prestige for broadband Internet access via an Ethernet or a wireless port on the modem.
P-334WT User’s Guide Figure 2 VPN Application 1.3.3 Wireless LAN Application Add a wireless LAN to your existing network without expensive network cables. Wireless stations can move freely anywhere in the coverage area and use resources on the wired network.
P-334WT User’s Guide 1.3.4 Front Panel LEDs Figure 4 P-334WT Front Panel The following table describes the LEDs. Table 1 Front Panel LEDs COLOR STATUS DESCRIPTION Green The Prestige is receiving power and functioning properly. Blinking The Prestige is performing testing.
Page 48
P-334WT User’s Guide Chapter 1 Getting to Know Your Prestige...
P-334WT User’s Guide H A P T E R Introducing the Web Configurator This chapter describes how to access the Prestige web configurator and provides an overview of its screens. 2.1 Web Configurator Overview The web configurator is an HTML-based management interface that allows easy Prestige setup and management via Internet browser.
P-334WT User’s Guide Figure 5 Change Password Screen Note: The management session automatically times out when the time period set in the Administrator Inactivity Timer field expires (default five minutes). Simply log back into the Prestige if this happens to you.
P-334WT User’s Guide Figure 6 Web Configurator Status Screen The following table describes the icons shown in the Status screen. Table 2 Status Screen Icon Key ICON DESCRIPTION Select a language from the drop-down list box to have the web configurator display in that language.
P-334WT User’s Guide Table 2 Status Screen Icon Key ICON DESCRIPTION Select a number of seconds or None from the drop-down list box to refresh all screen statistics automatically at the end of every time interval or to not refresh the screen statistics.
P-334WT User’s Guide Table 3 Web Configurator Status Screen LABEL DESCRIPTION Interface Status Interface This displays the Prestige port types. The port types are: WAN, LAN and WLAN. Status For the LAN and WAN ports, this field displays Down (line is down) or Up (line is up or connected).
Page 54
P-334WT User’s Guide Table 4 Screens Summary LINK FUNCTION Wireless LAN General Use this screen to configure wireless LAN. OTIST This screen allows you to assign wireless clients the Prestige’s wireless security settings. MAC Filter Use the MAC filter screen to configure the Prestige to block access to devices or block the devices from accessing the Prestige.
P-334WT User’s Guide Table 4 Screens Summary LINK FUNCTION TMSS General Use this screen to enable or disable TMSS. Exception List Use this screen to decide which computers in the network you can apply TMSS. Virus Protection Use this screen to check the computers in the network for Trend Micro Internet Security.
P-334WT User’s Guide Figure 7 Summary: Any IP Table The following table describes the labels in this screen. Table 5 Summary: Any IP Table LABEL DESCRIPTION This field displays the index number. IP Address This field displays the IP address of the network device.
P-334WT User’s Guide The following table describes the labels in this screen. Table 6 Summary: DHCP Table LABEL DESCRIPTION This is the index number of the host computer. IP Address This field displays the IP address relative to the # field listed above.
P-334WT User’s Guide Figure 9 Summary: Parental Control Statistics The following table describes the labels in this screen. Table 7 Summary: Parental Control Statistics LABEL DESCRIPTION Control Mode This displays the current parental control mode (General Control or Per-User Control).
P-334WT User’s Guide 2.4.5 Summary: VPN Monitor Click the VPN Monitor (Details...) hyperlink in the Status screen. Read-only information here includes encapsulation mode and security protocol. Figure 10 Summary: VPN Monitor The following table describes the labels in this screen.
P-334WT User’s Guide Figure 11 Summary: BW MGMT Monitor 2.4.7 Summary: Packet Statistics Click the Packet Statistics (Details...) hyperlink in the Status screen. Read-only information here includes port status and packet specific statistics. Also provided are "system up time" and "poll interval(s)".
P-334WT User’s Guide The following table describes the labels in this screen. Table 9 Summary: Packet Statistics LABEL DESCRIPTION Port This is the WAN, LAN or WLAN port. Status For the LAN ports, this displays the port speed and duplex setting or Down when the line is disconnected.
P-334WT User’s Guide Figure 13 Summary: Port Isolation The following table describes the labels in this screen. Table 10 Summary: Wireless Association List LABEL DESCRIPTION Port This is the LAN or WLAN port. Bypass This displays whether port isolation is performed on the port.
P-334WT User’s Guide Figure 14 Summary: Wireless Association List The following table describes the labels in this screen. Table 11 Summary: Wireless Association List LABEL DESCRIPTION This is the index number of an associated wireless station. MAC Address This field displays the MAC address of an associated wireless station.
Page 64
P-334WT User’s Guide Chapter 2 Introducing the Web Configurator...
P-334WT User’s Guide H A P T E R Connection Wizard This chapter provides information on the Wizard setup screens in the web configurator. 3.1 Wizard Setup The web configurator’s Wizard setup helps you configure your device to access the Internet.
P-334WT User’s Guide Figure 16 Select a Language 4 Read the on-screen information and click Next. Figure 17 Welcome to the Connection Wizard 3.2 Connection Wizard: STEP 1: System Information System Information contains administrative and system-related information. 3.2.1 System Name System Name is for identification purposes.
P-334WT User’s Guide 3.2.2 Domain Name The Domain Name entry is what is propagated to the DHCP clients on the LAN. If you leave this blank, the domain name obtained by DHCP from the ISP is used. While you must enter the host name (System Name) on each individual computer, the domain name can be assigned from the Prestige via DHCP.
P-334WT User’s Guide Figure 19 Wizard Step 2: Wireless LAN The following table describes the labels in this screen. Table 13 Wizard Step 2: Wireless LAN LABEL DESCRIPTION Name(SSID) Enter a descriptive name (up to 32 printable 7-bit ASCII characters) for the wireless LAN.
P-334WT User’s Guide Figure 20 Wizard Step 2: Basic(WEP) Security The following table describes the labels in this screen. Table 14 Wizard Step 2: Basic(WEP) Security LABEL DESCRIPTION Passphrase Type a Passphrase (up to 32 printable characters) and click Generate. The Prestige automatically generates a WEP key.
P-334WT User’s Guide Table 14 Wizard Step 2: Basic(WEP) Security LABEL DESCRIPTION Back Click Back to display the previous screen. Next Click Next to proceed to the next screen. Exit Click Exit to close the wizard screen without saving. 3.3.2 Extend(WPA-PSK or WPA2-PSK) Security Choose Extend(WPA-PSK) or Extend(WPA2-PSK) security in the Wireless LAN setup screen to set up a Pre-Shared Key.
P-334WT User’s Guide Figure 22 Wizard Step 2: OTIST The following table describes the labels in this screen. Table 16 Wizard Step 2: OTIST LABEL DESCRIPTION Do you want to Select the Yes radio button and click Next to proceed with the setup wizard and enable OTIST? enable OTIST only when you click Finish in the final wizard screen.
P-334WT User’s Guide This wizard screen varies according to the connection type that you select. Figure 23 Wizard Step 3: ISP Parameters. The following table describes the labels in this screen, Table 17 Wizard Step 3: ISP Parameters CONNECTION TYPE...
P-334WT User’s Guide 3.4.2 PPPoE Connection Point-to-Point Protocol over Ethernet (PPPoE) functions as a dial-up connection. PPPoE is an IETF (Internet Engineering Task Force) standard specifying how a host personal computer interacts with a broadband modem (for example DSL, cable, wireless, etc.) to achieve access to high-speed data networks.
P-334WT User’s Guide Table 18 Wizard Step 3: PPPoE Connection LABEL DESCRIPTION Back Click Back to return to the previous screen. Next Click Next to continue. Exit Click Exit to close the wizard screen without saving. 3.4.3 PPTP Connection Point-to-Point Tunneling Protocol (PPTP) is a network protocol that enables transfers of data from a remote client to a private server, creating a Virtual Private Network (VPN) using TCP/ IP-based networks.
P-334WT User’s Guide The following table describes the fields in this screen Table 19 Wizard Step 3: PPTP Connection LABEL DESCRIPTION ISP Parameters for Internet Access Connection Type Select PPTP from the drop-down list box. To configure a PPTP client, you must configure the User Name and Password fields for a PPP connection and the PPTP parameters for a PPTP connection.
P-334WT User’s Guide The following table describes the labels in this screen Table 20 Wizard Step 3: Your IP Address LABEL DESCRIPTION Get automatically from Select this option If your ISP did not assign you a fixed IP address. This is your ISP the default selection.
P-334WT User’s Guide If the ISP did not explicitly give you an IP network number, then most likely you have a single user account and the ISP will assign you a dynamic IP address when the connection is established. The Internet Assigned Number Authority (IANA) reserved this block of addresses specifically for private use;...
P-334WT User’s Guide Figure 28 Wizard Step 3: WAN IP and DNS Server Addresses The following table describes the labels in this screen Table 22 Wizard Step 3: WAN IP and DNS Server Addresses LABEL DESCRIPTION WAN IP Address Assignment My WAN IP Address Enter your WAN IP address in this field.
P-334WT User’s Guide 3.4.9 WAN MAC Address Every Ethernet device has a unique MAC (Media Access Control) address. The MAC address is assigned at the factory and consists of six pairs of hexadecimal characters, for example, 00:A0:C5:00:00:02. Table 23 Example of Network Properties for LAN Servers with Fixed IP Addresses Choose an IP address 192.168.1.2-192.168.1.32;...
P-334WT User’s Guide Table 24 Wizard Step 3: WAN MAC Address LABEL DESCRIPTION Back Click Back to return to the previous screen. Next Click Next to continue. Exit Click Exit to close the wizard screen without saving. 3.5 Connection Wizard: STEP 4: Bandwidth management Bandwidth management allows you to control the amount of bandwidth going out through the Prestige’s WAN, LAN or WLAN port and prioritize the distribution of the bandwidth...
P-334WT User’s Guide Figure 31 Connection Wizard Save Follow the on-screen instructions and click Finish to complete the wizard setup. Figure 32 Connection Wizard Complete Well done! You have successfully set up your Prestige to operate on your network and access the Internet.
P-334WT User’s Guide H A P T E R Wireless LAN This chapter discusses how to configure Wireless LAN. 4.1 Introduction A wireless LAN can be as simple as two computers with wireless LAN adapters communicating in a peer-to-peer network or as complex as a number of computers with wireless LAN adapters communicating through access points which bridge network traffic to the wired LAN.
P-334WT User’s Guide 4.2.3 Restricted Access The MAC Filter screen allows you to configure the AP to give exclusive access to devices (Allow) or exclude them from accessing the AP (Deny). 4.2.4 Hide Prestige Identity If you hide the ESSID, then the Prestige cannot be seen when a wireless client scans for local APs.
P-334WT User’s Guide 4 If you have OTIST-enabled clients, configure OTIST in the OTIST screen. OTIST transfers device SSID and WEP or WPA-PSK key settings (if enabled) to wireless clients. The following figure shows the relative effectiveness of these wireless security methods available on your Prestige.
P-334WT User’s Guide The following table describes the general wireless LAN labels in this screen. Table 27 Wireless LABEL DESCRIPTION Enable Click the check box to activate wireless LAN. Wireless LAN Name(SSID) (Service Set IDentity) The SSID identifies the Service Set with which a wireless station is associated.
P-334WT User’s Guide The following table describes the labels in this screen. Table 28 Wireless No Security LABEL DESCRIPTION Security Mode Choose No Security from the drop-down list box. Apply Click Apply to save your changes back to the Prestige.
P-334WT User’s Guide Figure 35 Wireless: Static WEP Encryption The following table describes the wireless LAN security labels in this screen. Table 29 Wireless: Static WEP Encryption LABEL DESCRIPTION Passphrase Enter a Passphrase (up to 32 printable characters) and clicking Generate. The Prestige automatically generates a WEP key.
P-334WT User’s Guide 4.4.4 Introduction to WPA and WPA2 Wi-Fi Protected Access (WPA) is a subset of the IEEE 802.11i standard. WPA is preferred to WEP as WPA has user authentication and improved data encryption. WPA improves data encryption by using Temporal Key Integrity Protocol (TKIP), Message Integrity Check (MIC) and IEEE 802.1x.
P-334WT User’s Guide Figure 37 Wireless: WPA-PSK/WPA2-PSK The following table describes the labels in this screen. Table 30 Wireless: WPA-PSK/WPA2-PSK LABEL DESCRIPTION WPA Compatible This check box is available only when you select WPA2-PSK or WPA2 in the Security Mode field.
P-334WT User’s Guide Table 30 Wireless: WPA-PSK/WPA2-PSK LABEL DESCRIPTION Group Key Update The Group Key Update Timer is the rate at which the AP (if using WPA-PSK/ Timer WPA2-PSK key management) or RADIUS server (if using WPA/WPA2 key management) sends a new group key out to all clients. The re-keying process is the WPA/WPA2 equivalent of automatically changing the WEP key for an AP and all stations in a WLAN on a periodic basis.
P-334WT User’s Guide Figure 38 WPA(2) with RADIUS Application Example 4.4.9 WPA/WPA2 Authentication Screen Click the Wireless LAN link under Network to display the Wireless General screen. Figure 39 Wireless: WPA/WPA2 Chapter 4 Wireless LAN...
P-334WT User’s Guide The following table describes the labels in this screen. Table 31 Wireless: WPA/WPA2 LABEL DESCRIPTION WPA Compatible This check box is available only when you select WPA2-PSK or WPA2 in the Security Mode field. Select the check box to have both WPA2 and WPA wireless clients be able to communicate with the Prestige even when the Prestige is using WPA2-PSK or WPA2.
P-334WT User’s Guide Table 31 Wireless: WPA/WPA2 LABEL DESCRIPTION Apply Click Apply to save your changes back to the Prestige. Reset Click Reset to reload the previous configuration for this screen. 4.4.10 IEEE 802.1x Overview You need the following for IEEE 802.1x authentication.
P-334WT User’s Guide The following table describes the labels in this screen. Table 32 Wireless: 802.1x and Dynamic WEP LABEL DESCRIPTION ReAuthentication Specify how often wireless stations have to resend usernames and passwords in Timer (in seconds) order to stay connected. Enter a time interval between 10 and 9999 seconds. The default time interval is 1800 seconds (30 minutes).
P-334WT User’s Guide Figure 41 Wireless: 802.1x and Static WEP The following table describes the labels in this screen. Table 33 Wireless: 802.1x and Static WEP LABEL DESCRIPTION Passphrase Enter a Passphrase (up to 32 printable characters) and clicking Generate. The Prestige automatically generates a WEP key.
Page 97
P-334WT User’s Guide Table 33 Wireless: 802.1x and Static WEP LABEL DESCRIPTION Key 1 to Key 4 The WEP keys are used to encrypt data. Both the Prestige and the wireless stations must use the same WEP key for data transmission.
P-334WT User’s Guide 4.4.13 IEEE 802.1x + no WEP In order to configure and enable 802.1x; click the Wireless LAN link under Network to display the Wireless General screen. Select 802.1x + No WEP from the Security Mode list. Figure 42 Wireless: 802.1x The following table describes the labels in this screen.
P-334WT User’s Guide Table 34 Wireless: 802.1x and No WEP LABEL DESCRIPTION Shared Secret Enter a password (up to 31 alphanumeric characters) as the key to be shared between the external authentication server and the Prestige. The key must be the same on the external authentication server and your Prestige.
P-334WT User’s Guide Figure 43 OTIST The following table describes the labels in this screen. Table 35 OTIST LABEL DESCRIPTION Setup Key Type an OTIST Setup Key of exactly eight ASCII characters in length. The default OTIST setup key is "01234567".
P-334WT User’s Guide Figure 44 OTIST Start Note: The process takes three minutes. During this time the Prestige assigns its security settings to OTIST-enabled wireless clients within range that have selected to associate with this Prestige. Figure 45 OTIST Process When the previous screen closes, your current Prestige security configuration is automatically saved to the wireless clients.
P-334WT User’s Guide Figure 46 MAC Address Filter The following table describes the labels in this menu. Table 36 MAC Address Filter LABEL DESCRIPTION Active Select Yes from the drop down list box to enable MAC address filtering. Filter Action Define the filter action for the list of MAC addresses in the MAC Address table.
P-334WT User’s Guide To enable roaming on your Prestige, click the Wireless LAN link under Network and then the Advanced tab. The screen appears as shown. Figure 47 Advanced The following table describes the labels in this screen. Table 37 Advanced...
P-334WT User’s Guide Table 37 Advanced LABEL DESCRIPTION Preamble Select a preamble type from the drop-down list menu. Choices are Long, Short or Dynamic. The default setting is Long. See the section on preamble for more information. 802.11 Mode Select 802.11b Only to allow only IEEE 802.11b compliant WLAN devices to associate with the Prestige.
P-334WT User’s Guide 4.8.2 WMM QoS Priorities The following table describes the priorities that you can apply to traffic that the Prestige sends to the wireless network. Table 38 WMM QoS Priorities PRIORITY LEVELS: Highest Typically used for voice traffic or video that is especially sensitive to jitter (variations in delay).
Page 106
P-334WT User’s Guide Table 39 Commonly Used Services SERVICE DESCRIPTION HTTP(TCP:80) Hyper Text Transfer Protocol - a client/server protocol for the world wide web. HTTPS(TCP:443) HTTPS is a secured http session often used in e-commerce. ICQ(UDP:4000) This is a popular Internet chat program.
P-334WT User’s Guide Table 39 Commonly Used Services SERVICE DESCRIPTION SSH(TCP/UDP:22) Secure Shell Remote Login Program. STRM WORKS(UDP:1558) Stream Works Protocol. SYSLOG(UDP:514) Syslog allows you to send system logs to a UNIX server. TACACS(UDP:49) Login Host Protocol used for (Terminal Access Controller Access Control System).
P-334WT User’s Guide Figure 48 QoS The following table describes the fields in this screen. Table 40 QoS LABEL DESCRIPTION QoS Setup Enable WMM QoS Select the check box to enable WMM QoS on the Prestige. WMM QoS Policy Select Default to have the Prestige automatically give a service a priority level according to the ToS value in the IP header of packets it sends.
P-334WT User’s Guide 4.10 Application Priority Configuration Screen To edit a WMM QoS application entry, click the edit icon under Modify. The following screen displays. Figure 49 Application Priority Configuration The following table describes the fields in this screen. Table 41 Application Priority Configuration...
P-334WT User’s Guide H A P T E R This chapter describes how to configure WAN settings. 5.1 WAN Overview See the chapter about the connection wizard for more information on the fields in the WAN screens. 5.2 TCP/IP Priority (Metric) The metric represents the "cost of transmission".
P-334WT User’s Guide 5.4 WAN ISP Screen To change your Prestige’s WAN ISP settings, click WAN, then the WAN ISP tab. The screen differs by the encapsulation. 5.4.1 Ethernet Encapsulation The screen shown next is for Ethernet encapsulation. Figure 50 Ethernet Encapsulation The following table describes the labels in this screen.
P-334WT User’s Guide Table 42 Ethernet Encapsulation LABEL DESCRIPTION Login Server (Telia Type the domain name of the Telia login server, for example login1.telia.com. Login only) Relogin Every(min) The Telia server logs the Prestige out if the Prestige does not log in periodically.
P-334WT User’s Guide By implementing PPPoE directly on the Prestige (rather than individual computers), the computers on the LAN do not need PPPoE software installed, since the Prestige does that part of the task. Furthermore, with NAT, all of the LANs’ computers will have access.
P-334WT User’s Guide The following table describes the labels in this screen. Table 43 PPPoE Encapsulation LABEL DESCRIPTION ISP Parameters for Internet Access Encapsulation The PPP over Ethernet choice is for a dial-up connection using PPPoE. The Prestige supports PPPoE (Point-to-Point Protocol over Ethernet). PPPoE is an IETF Draft standard (RFC 2516) specifying how a personal computer (PC) interacts with a broadband modem (i.e.
P-334WT User’s Guide Table 43 PPPoE Encapsulation LABEL DESCRIPTION Clone the Select Clone the computer's MAC address - IP Address and enter the IP computer’s MAC address of the computer on the LAN whose MAC you are cloning. Once it is...
P-334WT User’s Guide The following table describes the labels in this screen. Table 44 PPTP Encapsulation LABEL DESCRIPTION ISP Parameters for Internet Access Encapsulation Point-to-Point Tunneling Protocol (PPTP) is a network protocol that enables secure transfer of data from a remote client to a private server, creating a Virtual Private Network (VPN) using TCP/IP-based networks.
P-334WT User’s Guide Table 44 PPTP Encapsulation LABEL DESCRIPTION Private (PPPoE and This parameter determines if the Prestige will include the route to this remote PPTP only) node in its RIP broadcasts. If set to Yes, this route is kept private and not included in RIP broadcast.
P-334WT User’s Guide The following table describes the labels in this screen. Table 45 Advanced LABEL DESCRIPTION DNS Servers First DNS Server Select From ISP if your ISP dynamically assigns DNS server information (and the Prestige's WAN IP address). The field to the right displays the (read-only) Second DNS Server DNS server IP address that the ISP assigns.
P-334WT User’s Guide Table 45 Advanced LABEL DESCRIPTION Apply Click Apply to save your changes back to the Prestige. Reset Click Reset to begin configuring this screen afresh. 5.6 Traffic Redirect Traffic redirect forwards WAN traffic to a backup gateway when the Prestige cannot connect to the Internet through its normal gateway.
P-334WT User’s Guide 5.7 Traffic Redirect Screen To change your Prestige’s Traffic Redirect settings, click the WAN link under Network and the Traffic Redirect tab. The screen appears as shown. Figure 56 WAN: Traffic Redirect The following table describes the labels in this screen.
P-334WT User’s Guide H A P T E R This chapter describes how to configure LAN settings. 6.1 LAN Overview Local Area Network (LAN) is a shared communication system to which many computers are attached. The LAN screens can help you configure a LAN DHCP server, manage IP addresses, and partition your physical network into logical networks.
P-334WT User’s Guide 6.2.2 IP Address and Subnet Mask Refer to the IP Address and Subnet Mask section in the Connection Wizard chapter for this information. 6.2.3 RIP Setup RIP (Routing Information Protocol, RFC 1058 and RFC 1389) allows a router to exchange routing information with other routers.
P-334WT User’s Guide The Prestige supports both IGMP version 1 (IGMP-v1) and IGMP version 2 (IGMP-v2). At start up, the Prestige queries all directly connected networks to gather group membership. After that, the Prestige periodically updates this information. IP multicasting can be enabled/ disabled on the Prestige LAN and/or WAN interfaces in the web configurator (LAN;...
P-334WT User’s Guide 6.3.1 How Any IP Works Address Resolution Protocol (ARP) is a protocol for mapping an Internet Protocol address (IP address) to a physical machine address, also known as a Media Access Control or MAC address, on the local area network. IP routing table is defined on IP Ethernet devices (the Prestige) to decide which hop to use, to help forward data along to its specified destination.
P-334WT User’s Guide The following table describes the labels in this screen. Table 47 LAN IP LABEL DESCRIPTION LAN TCP/IP IP Address Type the IP address of your Prestige in dotted decimal notation 192.168.1.1 (factory default). IP Subnet Mask The subnet mask specifies the network number portion of an IP address. Your Prestige will automatically calculate the subnet mask based on the IP address that you assign.
P-334WT User’s Guide The following table describes the labels in this screen. Table 48 LAN IP Alias LABEL DESCRIPTION IP Alias 1,2 Select the check box to configure another LAN network for the Prestige. IP Address Enter the IP address of your Prestige in dotted decimal notation.
P-334WT User’s Guide Figure 60 Advanced The following table describes the labels in this screen. Table 49 Advanced LABEL DESCRIPTION RIP Direction RIP (Routing Information Protocol, RFC1058 and RFC 1389) allows a router to exchange routing information with other routers. The RIP Direction field controls the sending and receiving of RIP packets.
Page 130
P-334WT User’s Guide Table 49 Advanced LABEL DESCRIPTION Windows Networking (NetBIOS over TCP/IP): NetBIOS (Network Basic Input/Output System) are TCP or UDP broadcast packets that enable a computer to connect to and communicate with a LAN. For some dial-up services such as PPPoE or PPTP, NetBIOS packets cause unwanted calls. However it may sometimes be necessary to allow NetBIOS packets to pass through to the WAN in order to find a computer on the WAN.
P-334WT User’s Guide H A P T E R DHCP Server 7.1 DHCP DHCP (Dynamic Host Configuration Protocol, RFC 2131 and RFC 2132) allows individual clients to obtain TCP/IP configuration at start-up from a server. You can configure the Prestige as a DHCP server or disable it.
P-334WT User’s Guide The following table describes the labels in this screen. Table 50 General LABEL DESCRIPTION Enable DHCP Server DHCP (Dynamic Host Configuration Protocol, RFC 2131 and RFC 2132) allows individual clients (computers) to obtain TCP/IP configuration at startup from a server.
P-334WT User’s Guide Every Ethernet device has a unique MAC (Media Access Control) address. The MAC address is assigned at the factory and consists of six pairs of hexadecimal characters, for example, 00:A0:C5:00:00:02. To change your Prestige’s Static DHCP settings, click the DHCP Server link under Network and the Static DHCP tab.
P-334WT User’s Guide Figure 63 Client List The following table describes the labels in this screen. Table 52 Client List LABEL DESCRIPTION This is the index number of the host computer. IP Address This field displays the IP address relative to the # field listed above.
P-334WT User’s Guide H A P T E R Network Address Translation (NAT) This chapter discusses how to configure NAT on the Prestige. 8.1 NAT Overview NAT (Network Address Translation - NAT, RFC 1631) is the translation of the IP address of a host in a packet.
P-334WT User’s Guide 8.1.2 What NAT Does In the simplest form, NAT changes the source IP address in a packet received from a subscriber (the inside local address) to another (the inside global address) before forwarding the packet to the WAN side. When the response comes back, NAT translates the destination address (the inside global address) back to the inside local address before forwarding it to the original inside host.
P-334WT User’s Guide 8.1.4 NAT Application The following figure illustrates a possible NAT application, where three inside LANs (logical LANs using IP Alias) behind the Prestige can communicate with three distinct WAN networks. More examples follow at the end of this chapter.
P-334WT User’s Guide You may enter a single port number or a range of port numbers to be forwarded, and the local IP address of the desired server. The port number identifies a service; for example, web service is on port 80 and FTP on port 21. In some cases, such as for unknown services or where one server can support more than one service (for example both FTP and web service), it might be better to specify a range of port numbers.
P-334WT User’s Guide The most often used port numbers are shown in the following table. Please refer to RFC 1700 for further information about port numbers. Please also refer to the Supporting CD for more examples and details on SUA/NAT.
P-334WT User’s Guide Figure 67 NAT General The following table describes the labels in this screen. Table 56 NAT General LABEL DESCRIPTION Network Address Network Address Translation (NAT) allows the translation of an Internet protocol Translation address used within one network (for example a private IP address used in a local network) to a different IP address known within another network (for example a public IP address used on the Internet).
P-334WT User’s Guide Figure 68 Port Forwarding The following table describes the labels in this screen. Table 57 Port Forwarding LABEL DESCRIPTION Default Server In addition to the servers for specified services, NAT supports a default server. A default server receives packets from ports that are not specified in this screen.
P-334WT User’s Guide 8.5.1 Port Forwarding Rule Setup To edit a port forwarding rule, click the edit icon under Modify. The following screen displays. Figure 69 Port Forwarding Rule Setup The following table describes the labels in this screen. Table 58 Port Forwarding Rule Setup...
P-334WT User’s Guide Trigger port forwarding solves this problem by allowing computers on the LAN to dynamically take turns using the service. The Prestige records the IP address of a LAN computer that sends traffic to the WAN to request a service with a specific port number and protocol (a "trigger"...
P-334WT User’s Guide 8.7 Trigger Port Forwarding Screen To change your Prestige’s trigger port settings, click the NAT link under Network and the Trigger Port tab. The screen appears as shown. Note: Only one LAN computer can use a trigger port (range) at a time.
P-334WT User’s Guide H A P T E R Firewall This chapter gives some background information on firewalls and explains how to get started with the Prestige firewall. 9.1 Introduction to Firewall 9.1.1 What is a Firewall? Originally, the term firewall referred to a construction technique designed to prevent the spread of fire from one room to another.
P-334WT User’s Guide The Prestige has one Ethernet WAN port and four Ethernet LAN ports, which are used to physically separate the network into two areas.The WAN (Wide Area Network) port attaches to the broadband (cable or DSL) modem to the Internet.
P-334WT User’s Guide The following table describes the labels in this screen. Table 60 Firewall General LABEL DESCRIPTION Enable Firewall Select this check box to activate the firewall. The Prestige performs access control and protects against Denial of Service (DoS) attacks when the firewall is activated.
P-334WT User’s Guide Figure 73 Services The following table describes the labels in this screen. Table 61 Firewall Services LABEL DESCRIPTION Enable Services Select this check box to enable this feature. Blocking Available Service This is a list of pre-defined services (ports) you may prohibit your LAN computers from using.
Page 151
P-334WT User’s Guide Table 61 Firewall Services LABEL DESCRIPTION Time of Day to Select the time of day you want service blocking to take effect. Configure blocking Block (24-Hour to take effect all day by selecting the All Day check box. You can also configure...
P-334WT User’s Guide H A P T E R Content Filtering This chapter provides a brief overview of content filtering using the embedded web GUI. 10.1 Introduction to Content Filtering Internet content filtering allows you to create and enforce Internet access policies tailored to their needs.
P-334WT User’s Guide Figure 75 Content Filter: Filter The following table describes the labels in this screen. Table 62 Content Filter: Filter LABEL DESCRIPTION Trusted IP Setup To enable this feature, type an IP address of any one of the computers in your network that you want to have as a trusted computer.
P-334WT User’s Guide Table 62 Content Filter: Filter LABEL DESCRIPTION Keyword List This list displays the keywords already added. Click Add after you have typed a keyword. Repeat this procedure to add other keywords. Up to 64 keywords are allowed.
P-334WT User’s Guide The following table describes the labels in this screen. Table 63 Content Filter: Schedule LABEL DESCRIPTION Day to Block Select check boxes for the days that you want the Prestige to perform content filtering. Select the Everyday check box to have content filtering turned on all days of the week.
P-334WT User’s Guide 10.6.3 File Name URL Checking Filename URL checking has the Prestige check all of the characters in the URL. For example, filename URL checking searches for keywords within the URL www.zyxel.com.tw/news/pressroom.php. Use the ip urlfilter customize actionFlags 8 [disable | enable] command to extend (or not extend) the keyword blocking search to include the URL's complete filename.
P-334WT User’s Guide H A P T E R Introduction to IPSec This chapter introduces the basics of IPSec VPNs. 11.1 VPN Overview A VPN (Virtual Private Network) provides secure communications between sites without the expense of leased site-to-site lines. A secure VPN is a combination of tunneling, encryption, authentication, access control and auditing technologies/services used to transport traffic over the Internet or any insecure network that uses the TCP/IP protocol suite for communication.
P-334WT User’s Guide Figure 77 Encryption and Decryption 11.1.3.2 Data Confidentiality The IPSec sender can encrypt packets before transmitting them across a network. 11.1.3.3 Data Integrity The IPSec receiver can validate packets sent by the IPSec sender to ensure that the data has not been altered during transmission.
P-334WT User’s Guide Figure 78 IPSec Architecture 11.2.1 IPSec Algorithms The ESP (Encapsulating Security Payload) Protocol (RFC 2406) and AH (Authentication Header) protocol (RFC 2402) describe the packet formats and the default standards for packet structure (including implementation algorithms). The Encryption Algorithm describes the use of encryption techniques such as DES (Data Encryption Standard) and Triple DES algorithms.
P-334WT User’s Guide Figure 79 Transport and Tunnel Mode IPSec Encapsulation 11.3.1 Transport Mode Transport mode is used to protect upper layer protocols and only affects the data in the IP packet. In Transport mode, the IP packet contains the security protocol (AH or ESP) located after the original IP header and options, but before any upper layer protocols contained in the packet (such as TCP and UDP).
P-334WT User’s Guide NAT is incompatible with the AH protocol in both Transport and Tunnel mode. An IPSec VPN using the AH protocol digitally signs the outbound packet, both data payload and headers, with a hash value appended to the packet. When using AH protocol, packet contents (the data payload) are not encrypted.
Page 164
P-334WT User’s Guide Chapter 11 Introduction to IPSec...
P-334WT User’s Guide H A P T E R VPN Screens This chapter introduces the VPN web configurator. See the chapter on logs for information on viewing logs and the Appendices for IPSec log descriptions. 12.1 VPN/IPSec Overview Use the screens documented in this chapter to configure rules for VPN connections and manage VPN connections.
P-334WT User’s Guide Table 65 AH and ESP Encryption DES (default) Data Encryption Standard (DES) is a widely used method of data encryption using a secret key. DES applies a 56-bit key to each 64-bit block of data. 3DES Triple DES (3DES) is a variant of DES,...
P-334WT User’s Guide You can also enter a remote secure gateway’s domain name in the Secure Gateway Address field if the remote secure gateway has a dynamic WAN IP address and is using DDNS. The Prestige has to rebuild the VPN tunnel each time the remote secure gateway’s WAN IP address changes (there may be a delay until the DDNS servers are updated with the remote gateway’s new WAN IP address).
P-334WT User’s Guide The following table describes the labels in this screen. Table 66 VPN Summary LABEL DESCRIPTION The VPN policy index number. Active This field displays whether the VPN policy is active or not. The icon is turned on when this VPN policy is active.
P-334WT User’s Guide Note: When there is outbound traffic with no inbound traffic, the Prestige automatically drops the tunnel after two minutes. 12.7 NAT Traversal NAT traversal allows you to set up a VPN connection when there are NAT routers between IPSec routers A and B.
P-334WT User’s Guide The following figure depicts an example where three VPN tunnels are created from Prestige A; one to branch office 2, one to branch office 3 and another to headquarters. In order to access computers that use private domain names on the headquarters (HQ) network, the Prestige at branch office 1 uses the Intranet DNS server in headquarters.
P-334WT User’s Guide between three encryption algorithms (DES and 3DES), two authentication algorithms (MD5 and SHA1) and two key groups (DH1 and DH2) when you configure a VPN rule (see Section 12.12 on page 178). The ID type and content act as an extra level of identification for incoming SAs.
P-334WT User’s Guide The two Prestiges in this example cannot complete their negotiation because Prestige B’s Local ID type is IP, but Prestige A’s Peer ID type is set to E-mail. An “ID mismatched” message displays in the IPSEC LOG.
P-334WT User’s Guide Figure 85 VPN Rule Setup The following table describes the labels in this screen. Table 70 VPN Rule Setup LABEL DESCRIPTION Active Select this check box to activate this VPN tunnel. This option determines whether a VPN rule is applied before a packet leaves the firewall.
Page 174
P-334WT User’s Guide Table 70 VPN Rule Setup (continued) LABEL DESCRIPTION DNS Server (for If there is a private DNS server that services the VPN, type its IP address here. IPSec VPN) The Prestige assigns this additional DNS server to the Prestige’s DHCP clients that have IP addresses in this IPSec rule's range of local addresses.
Page 175
P-334WT User’s Guide Table 70 VPN Rule Setup (continued) LABEL DESCRIPTION Peer ID Type Select IP to identify the remote IPSec router by its IP address. Select DNS to identify the remote IPSec router by a domain name. Select E-mail to identify the remote IPSec router by an e-mail address.
P-334WT User’s Guide Table 70 VPN Rule Setup (continued) LABEL DESCRIPTION Apply Click Apply to save your changes back to the Prestige. Reset Click Reset to begin configuring this screen afresh. 12.11 IKE Phases There are two phases to every IKE (Internet Key Exchange) negotiation – phase 1 (Authentication) and phase 2 (Key Exchange).
P-334WT User’s Guide Choose Tunnel mode or Transport mode. Set the IPSec SA lifetime. This field allows you to determine how long the IPSec SA should stay up before it times out. The Prestige automatically renegotiates the IPSec SA if there is traffic when the IPSec SA lifetime period expires.
P-334WT User’s Guide The following table describes the labels in this screen. Table 71 Advanced Rule Setup LABEL DESCRIPTION Active Select this check box to activate this VPN policy. Keep Alive Select this check box to turn on the Keep Alive feature for this SA.
Page 180
P-334WT User’s Guide Table 71 Advanced Rule Setup (continued) LABEL DESCRIPTION Remote Address Start Remote IP addresses must be static and correspond to the remote IPSec router's configured local IP addresses. The remote address fields do not apply when the Secure Gateway Address field is configured to 0.0.0.0. In this case only the remote IPSec router can initiate the VPN.
Page 181
P-334WT User’s Guide Table 71 Advanced Rule Setup (continued) LABEL DESCRIPTION Peer Content The configuration of the peer content depends on the peer ID type. • For IP, type the IP address of the computer with which you will make the VPN connection.
P-334WT User’s Guide Table 71 Advanced Rule Setup (continued) LABEL DESCRIPTION IPSec Protocol Select ESP or AH from the drop-down list box. The Prestige's IPSec Protocol should be identical to the secure remote gateway. The ESP (Encapsulation Security Payload) protocol (RFC 2406) provides encryption as well as the authentication offered by AH.
P-334WT User’s Guide Note: Current ZyXEL implementation assumes identical outgoing and incoming SPIs. 12.14 Manual Key Screen You only configure VPN Manual Key when you select Manual in the Key Management field on the Rule Setup screen. The Rule Setup Manual screen as shown next.
Page 184
P-334WT User’s Guide Table 72 Rule Setup with Manual Key LABEL DESCRIPTION Local Address The Local IP address must be static and correspond to the remote IPSec router's configured remote IP addresses. Two active SAs can have the same local or remote IP address, but not both.
P-334WT User’s Guide Table 72 Rule Setup with Manual Key LABEL DESCRIPTION IPSec Protocol Select ESP if you want to use ESP (Encapsulation Security Payload). The ESP protocol (RFC 2406) provides encryption as well as some of the services offered by AH. If you select ESP here, you must select options from the Encryption Algorithm and Authentication Algorithm fields (described next).
P-334WT User’s Guide Figure 89 SA Monitor The following table describes the labels in this screen. Table 73 SA Monitor LABEL DESCRIPTION This is the security association index number. Name This field displays the identification name for this VPN policy.
P-334WT User’s Guide The following table describes the labels in this screen. Table 74 Global Setting LABEL DESCRIPTION Windows Networking NetBIOS (Network Basic Input/Output System) are TCP or UDP broadcast (NetBIOS over TCP/IP) packets that enable a computer to find other computers. It may sometimes...
P-334WT User’s Guide Figure 91 Telecommuters Sharing One VPN Rule Example 12.17.2 Telecommuters Using Unique VPN Rules Example With aggressive negotiation mode (see Section 12.11.1 on page 177), the Prestige can use the ID types and contents to distinguish between VPN rules. Telecommuters can each use a separate VPN rule to simultaneously access a Prestige at headquarters.
P-334WT User’s Guide Figure 92 Telecommuters Using Unique VPN Rules Example 12.18 VPN and Remote Management If a VPN tunnel uses a remote management service port (Telnet, FTP, WWW SNMP, DNS or ICMP) and terminates at the Prestige’s LAN or WAN port, configure remote management (REMOTE MGNT) to allow access for that service.
P-334WT User’s Guide H A P T E R Trend Micro Home Network Security (TMSS) This chapter provides instructions for installing and configuring Trend Micro Home Network Security, also known as “TMSS”. It includes the following sections: • Installing the Trend Micro Dashboard on page 192 •...
P-334WT User’s Guide 13.2 Installing the Trend Micro Dashboard Note: The Trend Micro dashboard requires Microsoft Internet Explorer version 5.5 or later. If you are using a non-Microsoft browser or an earlier version of Internet Explorer, please install Internet Explorer 5.5 or later before continuing.
P-334WT User’s Guide 4 After a few seconds, the Trend Micro dashboard appears (Figure 95). Note: If the dashboard screen does not appear, please refer to Section 13.2.1 on page 193. Figure 95 Trend Micro Dashboard) To start the Trend Micro dashboard in future, click Trend Micro Security Services in the Start menu or the icon in your browser’s toolbar.
P-334WT User’s Guide 3 Choose the following settings: Table 76 Internet Explorer Default Security Settings SETTING CHOOSE Download signed ActiveX controls Prompt Script ActiveX control marked safe for scripting Enable Run ActiveX controls and plug-ins Enable Java permissions High safety...
P-334WT User’s Guide 13.3.1 Registering a Trend Micro Customer Account To register a Trend Micro customer account: 1 Start the dashboard by clicking Trend Micro Security Services in the Start menu or the icon in your browser’s toolbar. The dashboard’s home screen appears...
P-334WT User’s Guide 5 On the account registration screen, type your name, email address, and other required information, and then click Next. The Check Information screen appears. Note: If you already have a Trend Micro customer account, type your user ID and password, click Log in Now, and then click Next.
P-334WT User’s Guide Figure 99 Download Now Screen 4 Click Start Download & Install. A file download message box opens. 5 Click Run or Open, and then wait while Setup downloads the installation files. If a second message box opens asking “Do you want to run this software?”, click Run. After downloading the files, the Location to Save Files screen appears.
P-334WT User’s Guide 8 Type your name, Trend Micro Internet Security serial number, and organization (optional). Click Next. The Installation Location screen appears. Note: When you activated your customer account, Trend Micro sent you an email message containing your Trend Micro Internet Security serial number.
P-334WT User’s Guide Note: Use the same serial number each time you install Trend Micro Internet Security. You can install the program on up to ten computers using this serial number. 13.3.3 Registering Trend Micro Internet Security After installing Internet Security, register your software to get free updates to scanning components during the trial period, and free use of Parental Controls for one year.
P-334WT User’s Guide The Account Confirmed screen shows your Trend Micro Internet Security serial number and the expiration date of your trial subscription. To purchase an annual subscription now, click Upgrade Now. 13.4 TMSS Settings This section describes the following Trend Micro Home Network Security (TMSS) configuration screens: •...
P-334WT User’s Guide The following table describes the settings on this screen. Table 77 Settings: General Screen LABEL DESCRIPTION Enable Trend Micro Select this check box to enable Trend Micro Home Network Security on Security Services your Prestige. Enable Parental Controls Select this check box to enable this feature on your Prestige.
P-334WT User’s Guide Figure 103 Exception List Screen The following table describes the settings on this screen. Table 78 Settings: Exception List Screen LABEL DESCRIPTION Exclude computer(s) from displaying Trend Micro Home Network Security Services Computer(s) that will This box lists the Prestige LAN computers that will automatically display the display Trend Micro Trend Micro dashboard at the interval selected on the General screen.
P-334WT User’s Guide Table 78 Settings: Exception List Screen LABEL DESCRIPTION Include specified Select this radio button to enable Parental Controls only on the computers with address ranges in IP addresses listed in the Selected IP Addresses list box. the Parental Control enforcement.
P-334WT User’s Guide Table 79 Settings: Virus Protection Screen LABEL DESCRIPTION IP Address This field displays the IP address of a TMSS client computer or the Prestige. Computer Name This field displays the host name of a TMSS client computer or the Prestige system name.
P-334WT User’s Guide 13.4.4.2 Parents Override Password This password allows mature users to view blocked web pages. You can also use it on the Trend Micro dashboard's Parental Controls screen to override Parental Controls for a specified period. In per-user control mode, select Parents as the user name to have full access to restricted web content.
P-334WT User’s Guide Figure 106 Parental Control Screen: Per-User Control Mode The following table describes the labels on this screen. Table 80 Settings: Parental Control Screen LABEL DESCRIPTION Restrict Web Features Select the check boxes to restrict web features. When you download a page containing a restricted feature, that part of the web page will appear blank or grayed out.
P-334WT User’s Guide Table 80 Settings: Parental Control Screen LABEL DESCRIPTION Parents Override This password allows users to bypass Parental Control. Enter a password Password between four and 32 printable characters. Spaces are not allowed. Confirmed Password To change the override password, type the new password in the Parents Override Password field, retype it in the Confirmed Password field, and then click Apply.
P-334WT User’s Guide 3 Click Edit Category. In the Profile list box, choose the pre-defined access profile that will apply to all users. To create a custom profile, choose Custom and then select the check boxes for the categories you want to block. (For additional choices, click more categories).
P-334WT User’s Guide Figure 108 General Mode: Edit Schedule 13.4.7 Configuring the User List in Per-User Mode The User List in per-user control mode shows each user’s name and access profile. Active users (green light bulb) can access the websites permitted by their access profiles. Inactive users (gray light bulb) cannot log in and cannot access the Internet.
P-334WT User’s Guide Figure 109 Per-User Control Mode: Edit User List 13.4.8 Content Blocking Categories Trend Micro has defined twelve categories of potentially offensive websites. The following table summarizes the blocking criteria for each category. Table 81 Content Blocking Categories...
P-334WT User’s Guide Table 81 Content Blocking Categories CATEGORY DESCRIPTION Gambling Sites at which users can place bets or participate in betting pools (including lotteries) online. Also includes sites that provide information, assistance, recommendations, or training on placing bets or participating in games of chance.
P-334WT User’s Guide Figure 110 Port Isolation Example Click Security > TMSS > Port Isolation to display the screen as shown next. Figure 111 Port Isolation The following table describes the labels on this screen. Table 82 Port Isolation LABEL...
Page 214
P-334WT User’s Guide Table 82 Port Isolation LABEL DESCRIPTION Bypass Port Isolation Select the check box(es) of the interface(s) that are exempt from port isolation. Apply Click Apply to save the settings. Reset Click Reset to begin configuring this screen afresh.
P-334WT User’s Guide H A P T E R Static Route Screens This chapter shows you how to configure static routes for your Prestige. 14.1 Static Route Overview Each remote node specifies only the network to which the gateway is directly connected, and the Prestige has no knowledge of the networks beyond.
P-334WT User’s Guide Figure 113 IP Static Route The following table describes the labels in this screen. Table 83 IP Static Route LABEL DESCRIPTION Number of an individual static route. Name Name that describes or identifies this route. Active This icon is turned on when this static route is active.
P-334WT User’s Guide Figure 114 Static Route Setup The following table describes the labels in this screen. Table 84 Static Route Setup LABEL DESCRIPTION Route Name Enter the name of the IP static route. Leave this field blank to delete this static route.
P-334WT User’s Guide H A P T E R Bandwidth Management This chapter contains information about configuring bandwidth management, editing rules and viewing the Prestige’s bandwidth management logs. 15.1 Bandwidth Management Overview ZyXEL’s Bandwidth Management allows you to specify bandwidth management rules based on an application and/or subnet.
P-334WT User’s Guide The following figure shows LAN subnets. You could configure one bandwidth class for subnet A and another for subnet B. Figure 115 Subnet-based Bandwidth Management Example 15.4 Application and Subnet-based Bandwidth Management You could also create bandwidth classes based on a combination of a subnet and an application.
P-334WT User’s Guide 15.5 Bandwidth Management Priorities The following table describes the priorities that you can apply to traffic that the Prestige forwards out through an interface. Table 86 Bandwidth Management Priorities PRIORITY LEVELS: TRAFFIC WITH A HIGHER PRIORITY GETS THROUGH FASTER WHILE TRAFFIC WITH A LOWER PRIORITY IS DROPPED IF THE NETWORK IS CONGESTED.
P-334WT User’s Guide Table 87 Media Bandwidth Management Setup: Services (continued) SERVICE DESCRIPTION MSN Webcam MSN messenger allows you to chat online and send instant messages. If you use MSN messenger and also have a webcam, you can send your image/photo in real-...
Page 223
P-334WT User’s Guide Table 88 Commonly Used Services SERVICE DESCRIPTION IPSEC_TUNNEL(ESP:0) The IPSEC ESP (Encapsulation Security Protocol) tunneling protocol uses this service. IRC(TCP/UDP:6667) This is another popular Internet chat program. MSN Messenger(TCP:1863) Microsoft Networks’ messenger service uses this protocol. MULTICAST(IGMP:0) Internet Group Multicast Protocol is used when sending packets to a specific group of hosts.
P-334WT User’s Guide Table 88 Commonly Used Services SERVICE DESCRIPTION TELNET(TCP:23) Telnet is the login and terminal emulation protocol common on the Internet and in UNIX environments. It operates over TCP/IP networks. Its primary function is to allow users to log into remote host systems.
P-334WT User’s Guide Figure 116 Bandwidth Management: General The following table describes the labels in this screen. Table 90 Bandwidth Management: General LABEL DESCRIPTION Enable Bandwidth Select this check box to have the Prestige apply bandwidth management. Management Enable bandwidth management to give traffic that matches a bandwidth rule priority over traffic that does not match a bandwidth rule.
P-334WT User’s Guide Figure 117 Bandwidth Management: Advanced The following table describes the labels in this screen. Table 91 Bandwidth Management: Advanced LABEL DESCRIPTION Upstream Enter the amount of bandwidth in kbps (2 to 100,000) that you want to allocate for Bandwidth (kbps) traffic.
P-334WT User’s Guide Table 91 Bandwidth Management: Advanced (continued) LABEL DESCRIPTION Enable Select this check box to have the Prestige apply this bandwidth management rule. Service This is the name of the service. Priority Select a priority from the drop down list box. Choose High, Mid or Low.
P-334WT User’s Guide The following table describes the labels in this screen. Table 92 Bandwidth Management Rule Configuration: Pre-defined Service LABEL DESCRIPTION This is the number of an individual bandwidth management rule. Enable Select an interface’s check box to enable bandwidth management on that interface.
P-334WT User’s Guide The following table describes the labels in this screen. Table 93 Bandwidth Management Rule Configuration: User-defined Service LABEL DESCRIPTION BW Budget Select Maximum Bandwidth or Minimum Bandwidth and specify the maximum or minimum bandwidth allowed for the rule in kilobits per second.
P-334WT User’s Guide H A P T E R Remote Management Screens This chapter provides information on the Remote Management screens. 16.1 Remote Management Overview Remote management allows you to determine which services/protocols can access which Prestige interface (if any) from which computers.
P-334WT User’s Guide 3 The IP address in the Secured Client IP Address field does not match the client IP address. If it does not match, the Prestige will disconnect the session immediately. 4 There is already another remote management session with an equal or higher priority running.
P-334WT User’s Guide The following table describes the labels in this screen. Table 94 WWW Remote Management LABEL DESCRIPTION Server Port You may change the server port number for a service if needed, however you must use the same port number in order to use that service for remote management.
P-334WT User’s Guide Figure 123 Telnet Remote Management The following table describes the labels in this screen. Table 95 Telnet Remote Management LABEL DESCRIPTION Server Port You may change the server port number for a service if needed, however you must use the same port number in order to use that service for remote management.
P-334WT User’s Guide The following table describes the labels in this screen. Table 96 FTP Remote Management LABEL DESCRIPTION Server Port You may change the server port number for a service if needed, however you must use the same port number in order to use that service for remote management.
P-334WT User’s Guide Figure 125 SNMP Management Model An SNMP managed network consists of two main types of component: agents and a manager. An agent is a management software module that resides in a managed device (the Prestige). An agent translates the local management information from the managed device into a form compatible with SNMP.
P-334WT User’s Guide 16.6.1 Supported MIBs The Prestige supports MIB II that is defined in RFC-1213 and RFC-1215. The focus of the MIBs is to let administrators collect statistical data and monitor status and performance. 16.6.2 SNMP Traps The Prestige will send traps to the SNMP manager when any one of the following events...
P-334WT User’s Guide The following table describes the labels in this screen. Table 98 SNMP Remote Management LABEL DESCRIPTION SNMP Configuration Get Community Enter the Get Community, which is the password for the incoming Get and GetNext requests from the management station. The default is public and allows all requests.
P-334WT User’s Guide The following table describes the labels in this screen. Table 99 DNS Remote Management LABEL DESCRIPTION Server Port The DNS service port number is 53 and cannot be changed here. Server Access Select the interface(s) through which a computer may send DNS queries to the Prestige.
P-334WT User’s Guide The following table describes the labels in this screen. Table 100 Security Remote Management LABEL DESCRIPTION ICMP Internet Control Message Protocol is a message control and error-reporting protocol between a host server and a gateway to the Internet. ICMP uses Internet Protocol (IP) datagrams, but the messages are processed by the TCP/IP software and directly apparent to the application user.
P-334WT User’s Guide H A P T E R UP N P This chapter introduces the Universal Plug and Play feature. 17.1 Universal Plug and Play Overview Universal Plug and Play (UPnP) is a distributed, open networking standard that uses TCP/IP for simple peer-to-peer network connectivity between devices.
P-334WT User’s Guide All UPnP-enabled devices may communicate freely with each other without additional configuration. Disable UPnP if this is not your intention. 17.2 UPnP and ZyXEL ZyXEL has achieved UPnP certification from the Universal Plug and Play Forum Creates UPnP™...
P-334WT User’s Guide Table 101 Configuring UPnP LABEL DESCRIPTION Allow UPnP to pass UPnP broadcasts are only allowed on the LAN. If you block LAN-to-LAN/ through Firewall Prestige traffic using the firewall, then you need to select this check box to allow UPnP-enabled traffic to pass through the firewall.
P-334WT User’s Guide 3 In the Communications window, select the Universal Plug and Play check box in the Components selection box. 4 Click OK to go back to the Add/Remove Programs Properties window and click Next. 5 Restart the computer when prompted.
P-334WT User’s Guide 4 Select Networking Service in the Components selection box and click Details. 5 In the Networking Services window, select the Universal Plug and Play check box. 6 Click OK to go back to the Windows Optional Networking Component Wizard window and click Next.
P-334WT User’s Guide 17.5.1 Auto-discover Your UPnP-enabled Network Device 1 Click Start and Control Panel. Double- click Network Connections. An icon displays under Internet Gateway. 2 Right-click the icon and select Properties. 3 In the Internet Connection Properties 4 You may edit or delete the port...
P-334WT User’s Guide 6 Double-click the icon to display your current Internet connection status. 17.5.2 Web Configurator Easy Access With UPnP, you can access the web-based configurator on the ZyXEL device without finding out the IP address of the ZyXEL device first. This is helpful if you do not know the IP address of the ZyXEL device.
P-334WT User’s Guide 6 Right-click the icon for your ZyXEL device and select Properties. A properties window displays with basic information about the ZyXEL device. 17.5.3 Web Configurator Easy Access With UPnP, you can access the web-based configurator on the ZyXEL device without finding out the IP address of the ZyXEL device first.
Page 249
P-334WT User’s Guide 4 An icon with the description for each UPnP-enabled device displays under Local Network. 5 Right-click the icon for your ZyXEL device and select Invoke. The web configurator login screen displays. 6 Right-click the icon for your ZyXEL device and select Properties.
P-334WT User’s Guide H A P T E R System This chapter provides information on the System screens. 18.1 System Overview See the chapter about wizard setup for more information on the next few screens. 18.2 System General Screen Click the System link under Maintenance and the General tab. The following screen displays.
P-334WT User’s Guide Table 102 System General LABEL DESCRIPTION Administrator Type how many minutes a management session (either via the web configurator Inactivity Timer or SMT) can be left idle before the session times out. The default is 5 minutes.
P-334WT User’s Guide Figure 131 Dynamic DNS The following table describes the labels in this screen. Table 103 Dynamic DNS LABEL DESCRIPTION Enable Dynamic DNS Select this check box to use dynamic DNS. Service Provider Select the name of your Dynamic DNS service provider.
P-334WT User’s Guide 18.5 Time Setting Screen To change your Prestige’s time and date, click the System link under Maintenance and the Time Setting tab. The screen appears as shown. Use this screen to configure the Prestige’s time based on your local time zone.
Page 255
P-334WT User’s Guide Table 104 Time Setting LABEL DESCRIPTION New Time This field displays the last updated time from the time server or the last time configured manually. (hh:mm:ss) When you set Time and Date Setup to Manual, enter the new time in this field and then click Apply.
Page 256
P-334WT User’s Guide Table 104 Time Setting LABEL DESCRIPTION Start Date Configure the day and time when Daylight Saving Time starts if you selected Daylight Saving. The o'clock field uses the 24 hour format. Here are a couple of examples: Daylight Saving Time starts in most parts of the United States on the first Sunday of April.
P-334WT User’s Guide H A P T E R Logs This chapter contains information about configuring general log settings and viewing the Prestige’s logs. Refer to the appendices for example log message explanations. 19.1 View Log The web configurator allows you to look at all of the Prestige’s logs in one location.
P-334WT User’s Guide The following table describes the labels in this screen. Table 105 View Logs LABEL DESCRIPTION Display The categories that you select in the Log Settings page (see Section 19.2 on page 258) display in the drop-down list box.
P-334WT User’s Guide Figure 134 Log Settings The following table describes the labels in this screen. Table 106 Log Settings LABEL DESCRIPTION Address Info Mail Server Enter the server name or the IP address of the mail server for the e-mail addresses specified below.
Page 260
P-334WT User’s Guide Table 106 Log Settings LABEL DESCRIPTION Send Alerts To Alerts are real-time notifications that are sent as soon as an event, such as a DoS attack, system error, or forbidden web access attempt occurs. Enter the E- mail address where the alert messages will be sent.
P-334WT User’s Guide H A P T E R Tools This chapter shows you how to upload a new firmware, upload or save backup configuration files and restart the Prestige. 20.1 Firmware Upload Screen Find firmware at www.zyxel.com in a file that (usually) uses the system model name with a "*.bin"...
P-334WT User’s Guide After you see the Firmware Upload In Process screen, wait two minutes before logging into the Prestige again. Figure 136 Upload Warning The Prestige automatically restarts in this time causing a temporary network disconnect. In some operating systems, you may see the following icon on your desktop.
P-334WT User’s Guide Click the Tools link under Maintenance, and the Configuration tab. Information related to factory defaults, backup configuration, and restoring configuration appears as shown next. Figure 139 Configuration 20.2.1 Backup Configuration Backup configuration allows you to back up (save) the Prestige’s current configuration to a file on your computer.
P-334WT User’s Guide Figure 140 Configuration Restore Successful The Prestige automatically restarts in this time causing a temporary network disconnect. In some operating systems, you may see the following icon on your desktop. Figure 141 Temporarily Disconnected If you uploaded the default configuration file you may need to change the IP address of your computer to be in the same subnet as that of the default Prestige IP address (192.168.1.1).
P-334WT User’s Guide 20.3 Restart Screen System restart allows you to reboot the Prestige without turning the power off. Click the Tools link under Maintenance, and the Restart tab. Click Restart to have the Prestige reboot. This does not affect the Prestige's configuration.
P-334WT User’s Guide H A P T E R Introducing the SMT This chapter explains how to access and navigate the System Management Terminal and gives an overview of its menus. 21.1 SMT Introduction The Prestige’s SMT (System Management Terminal) is a menu-driven interface that you can access from a terminal emulator through the console port or over a telnet connection.
P-334WT User’s Guide 21.1.3 Prestige SMT Menu Overview The following figure gives you an overview of the various SMT menu screens of your Prestige.The following table gives you an overview of your Prestige’s various SMT menus. Table 109 SMT Menus Overview...
P-334WT User’s Guide Table 109 SMT Menus Overview (continued) MENUS SUB MENUS 24 System Maintenance 24.1 System Status 24.2 System Information and 24.2.1 System Information Console Port Speed 24.2.2 Console Port Speed 24.3 Log and Trace 24.3.2 Syslog Logging 24.3.4 Call-Triggering Packet 24.4 Diagnostic...
[ENTER]. the SMT interface. After you enter the password, the SMT displays the main menu, as shown next. Figure 145 SMT Main Menu Copyright (c) 1994 - 2005 ZyXEL Communications Corp. P-334WT Main Menu Getting Started Advanced Management 1. General Setup 21.
P-334WT User’s Guide 21.2.1 System Management Terminal Interface Summary The following table describes the fields in the previous screen. Table 111 Main Menu Summary MENU TITLE DESCRIPTION General Setup Use this menu to set up your general information. WAN Setup Use this menu to clone a MAC address from a computer on your LAN.
P-334WT User’s Guide Figure 146 Menu 23 System Password Menu 23.1 - System Security - Change Password Old Password= ? New Password= ? Retype to confirm= ? Enter here to CONFIRM or ESC to CANCEL: 3 Type your new system password in the New Password field (up to 30 characters), and press [ENTER].
P-334WT User’s Guide H A P T E R Menu 1 General Setup Menu 1 - General Setup contains administrative and system-related information. 22.1 General Setup Menu 1 — General Setup contains administrative and system-related information (shown next). The System Name field is for identification purposes. However, because some ISPs check this name you should enter your computer's "Computer Name".
P-334WT User’s Guide Figure 147 Menu 1 General Setup. Menu 1 - General Setup System Name= Domain Name= zyxel.com.tw First System DNS Server= From ISP IP Address= N/A Second System DNS Server= From ISP IP Address= N/A Third System DNS Server= From ISP...
P-334WT User’s Guide 22.2.1 Procedure to Configure Dynamic DNS Note: If you have a private WAN IP address, then you cannot use Dynamic DNS. To configure Dynamic DNS, go to Menu 1 — General Setup and select Yes in the Edit Dynamic DNS field.
Page 276
P-334WT User’s Guide Table 113 Menu 1.1 Configure Dynamic DNS FIELD DESCRIPTION Enable Off Line This field is only available when CustomDNS is selected in the DDNS Type field. http:/ Option Press [SPACE BAR] and then [ENTER] to select Yes. When Yes is selected, /www.dyndns.org/...
P-334WT User’s Guide H A P T E R Menu 2 WAN Setup This chapter describes how to configure the WAN using menu 2. 23.1 WAN Setup From the main menu, enter 2 to open menu 2. Figure 149 Menu 2 WAN Setu...
Page 278
P-334WT User’s Guide Chapter 23 Menu 2 WAN Setup...
P-334WT User’s Guide H A P T E R Menu 3 LAN Setup This chapter covers how to configure your wired Local Area Network (LAN) settings. 24.1 LAN Setup This section describes how to configure the Ethernet using Menu 3 - LAN Setup. From the main menu, enter 3 to display menu 3.
P-334WT User’s Guide 24.2 Protocol Dependent Ethernet Setup Depending on the protocols for your applications, you need to configure the respective Ethernet Setup, as outlined below. • For TCP/IP Ethernet setup refer to the Internet Access Application chapter. • For bridging Ethernet setup refer to the Bridging Setup chapter.
P-334WT User’s Guide Table 115 DHCP Ethernet Setup Fields FIELD DESCRIPTION Size of Client IP This field specifies the size, or count of the IP address pool. Pool The Prestige passes a DNS (Domain Name System) server IP address (in the order First DNS Server you specify here) to the DHCP clients.
P-334WT User’s Guide 24.3.1 IP Alias Setup IP alias allows you to partition a physical network into different logical networks over the same Ethernet interface. The Prestige supports three logical LAN interfaces via its single physical Ethernet interface with the Prestige itself as the gateway for each LAN network.
P-334WT User’s Guide Table 117 Menu 3.2.1: IP Alias Setup FIELD DESCRIPTION IP Subnet Mask Your Prestige will automatically calculate the subnet mask based on the IP address that you assign. Unless you are implementing subnetting, use the subnet mask computed by the Prestige.
P-334WT User’s Guide The following table describes the fields in this menu. Table 118 Menu 3.5: Wireless LAN Setup FIELD DESCRIPTION ESSID The ESSID (Extended Service Set IDentity) identifies the AP to which the wireless stations associate. Wireless stations associating to the AP must have the same ESSID.
P-334WT User’s Guide 24.4.1 Configuring MAC Address Filter Your Prestige checks the MAC address of the wireless station device against a list of allowed or denied MAC addresses. However, intruders could fake allowed MAC addresses so MAC- based authentication is less secure than EAP authentication.
P-334WT User’s Guide Table 119 Menu 3.5.1: WLAN MAC Address Filter FIELD DESCRIPTION 1..32 Enter the MAC addresses (in XX:XX:XX:XX:XX:XX format) of the client computers that are allowed or denied access to the Prestige in these address fields. When you have completed this menu, press [ENTER] at the prompt “Press ENTER to Confirm…” to save your configuration, or press [ESC] at any time to cancel.
P-334WT User’s Guide H A P T E R Internet Access This chapter shows you how to configure your Prestige for Internet access 25.1 Introduction to Internet Access Setup Use information from your ISP along with the instructions in this chapter to set up your Prestige to access the Internet.
P-334WT User’s Guide The following table describes the fields in this menu. Table 121 Internet Access Setup (Ethernet FIELD DESCRIPTION ISP’s Name Enter the name of your Internet Service Provider, e.g., myISP. This information is for identification purposes only. Encapsulation Press [SPACE BAR] and then press [ENTER] to choose Ethernet.
P-334WT User’s Guide 25.3 Configuring the PPTP Client Note: The Prestige supports only one PPTP server connection at any given time To configure a PPTP client, you must configure the My Login and Password fields for a PPP connection and the PPTP parameters for a PPTP connection.
P-334WT User’s Guide Figure 160 Internet Access Setup (PPPoE) Menu 4 - Internet Access Setup ISP's Name= MyISP Encapsulation= PPPoE Service Type= N/A My Login= My Password= ******** Retype to Confirm= ******** Idle Timeout= 100 IP Address Assignment= Dynamic IP Address= N/A...
P-334WT User’s Guide H A P T E R Remote Node Configuration This chapter covers remote node configuration. 26.1 Introduction to Remote Node Setup A remote node is required for placing calls to a remote gateway. A remote node represents both the remote gateway and the network behind it across a WAN connection.
P-334WT User’s Guide Figure 161 Menu 11.1 Remote Node Profile for Ethernet Encapsulation Menu 11.1 - Remote Node Profile Rem Node Name= MyISP Route= IP Active= Yes Encapsulation= Ethernet Edit IP= No Service Type= Standard Session Options: Service Name= N/A...
P-334WT User’s Guide Table 124 Menu 11.1 Remote Node Profile for Ethernet Encapsulation FIELD DESCRIPTION Edit IP This field leads to a “hidden” menu. Press [SPACE BAR] to select Yes and press [ENTER] to go to Menu 11.3 - Remote Node Network Layer Options.
P-334WT User’s Guide 26.2.2.2 Nailed-Up Connection A nailed-up connection is a dial-up line where the connection is always up regardless of traffic demand. The Prestige does two things when you specify a nailed-up connection. The first is that idle timeout is disabled. The second is that the Prestige will try to bring up the connection when turned on and whenever the connection is down.
P-334WT User’s Guide Figure 163 Menu 11.1 Remote Node Profile for PPTP Encapsulation Menu 11.1 - Remote Node Profile Rem Node Name= MyISP Route= IP Active= Yes Encapsulation= PPTP Edit IP= No Service Type= Standard Telco Option: Service Name= N/A...
P-334WT User’s Guide Table 127 Remote Node Network Layer Options FIELD DESCRIPTION Metric Enter a number from 1 to 15 to set this route’s priority among the Prestige’s routes (see the Metric section in the WAN and Dial Backup Setup chapter) The smaller the number, the higher priority the route has.
P-334WT User’s Guide Figure 166 Menu 11.5: Remote Node Filter (PPPoE or PPTP Encapsulation) Menu 11.5 - Remote Node Filter Input Filter Sets: protocol filters= device filters= Output Filter Sets: protocol filters= device filters= Call Filter Sets: protocol filters= device filters= Enter here to CONFIRM or ESC to CANCEL: 26.4.1 Traffic Redirect Setup...
Page 299
P-334WT User’s Guide Table 128 Menu 11.6 Traffic Redirect Setup FIELD DESCRIPTION Check WAN IP Enter the IP address of a reliable nearby computer (for example, your ISP’s DNS Address server address) to test your Prestige’s WAN accessibility. The Prestige uses the default gateway IP address if you do not enter an IP address here.
P-334WT User’s Guide H A P T E R Static Route Setup This chapter shows how to setup IP static routes. 27.1 IP Static Route Setup To configure an IP static route, use Menu 12 – Static Routing Setup (shown next).
P-334WT User’s Guide The following table describes the fields for Menu 12.1 – Edit IP Static Route Setup. Table 129 Menu12.1 Edit IP Static Route FIELD DESCRIPTION Route # This is the index number of the static route that you chose in menu 12.
P-334WT User’s Guide H A P T E R Network Address Translation (NAT) This chapter discusses how to configure NAT on the Prestige. 28.1 Using NAT Note: You must create a firewall rule in addition to setting up SUA/NAT, to allow traffic from the WAN to be forwarded through the Prestige.
P-334WT User’s Guide Figure 170 Menu 4: Applying NAT for Internet Access Menu 4 - Internet Access Setup ISP's Name= MyISP Encapsulation= Ethernet Service Type= Standard My Login= N/A My Password= N/A Retype to Confirm= N/A Login Server= N/A Relogin Every (min)=...
P-334WT User’s Guide The following table describes the options for Network Address Translation. Table 130 Applying NAT in Menus 4 & 11.3 FIELD DESCRIPTION Press [SPACE BAR] and then [ENTER] to select Full Feature if you have multiple public WAN IP addresses for your Prestige. The SMT uses the address mapping set that you configure and enter in the Address Mapping Set field (menu 15.1 - see...
P-334WT User’s Guide Enter 255 to display the next screen, (see Section 28.1.1 on page 303). The fields in this menu cannot be changed. Figure 174 Menu 15.1.255 SUA Address Mapping Rules Menu 15.1.255 - Address Mapping Rules Set Name= SUA...
P-334WT User’s Guide Figure 175 Menu 15.1.1 First Set Menu 15.1.1 - Address Mapping Rules Set Name= NAT_SET Local Start IP Local End IP Global Start IP Global End IP Type --------------- -------------- --------------- --------------- ------ Action= Edit Select Rule= Press ENTER to Confirm or ESC to Cancel: Note: If the Set Name field is left blank, the entire set will be deleted.
P-334WT User’s Guide Note: You must press [ENTER] at the bottom of the screen to save the whole set. You must do this again if you make any changes to the set – including deleting a rule. No changes to the set take place until this action is taken Selecting Edit in the Action field and then selecting a rule brings up the following menu, Menu 15.1.1.1 - Address Mapping Rule in which you can edit an individual rule and...
P-334WT User’s Guide 28.4 Configuring a Server behind NAT Follow these steps to configure a server behind NAT: 1 Enter 15 in the main menu to go to Menu 15 - NAT Setup. 2 Enter 2 to display Menu 15.2 - NAT Server Setup as shown next.
P-334WT User’s Guide Figure 178 Multiple Servers Behind NAT Example 28.5 General NAT Examples The following are some examples of NAT configuration. 28.5.1 Example 1: Internet Access Only In the following Internet access example, you only need one rule where the ILAs (Inside Local Addresses) of computers A through D map to one dynamic IGA (Inside Global Address) assigned by your ISP.
P-334WT User’s Guide Figure 180 Menu 4 Internet Access & NAT Example Menu 4 - Internet Access Setup ISP's Name= MyISP Encapsulation= Ethernet Service Type= Standard My Login= N/A My Password= N/A Retype to Confirm= N/A Login Server= N/A Relogin Every (min)=...
P-334WT User’s Guide Figure 182 Menu 15.2.1 Specifying an Inside Server Menu 15.2.1 - NAT Server Setup Rule Start Port No. End Port No. IP Address --------------------------------------------------- Default Default 192.168.1.10 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0...
P-334WT User’s Guide Figure 183 NAT Example 3 1 In this case you need to configure Address Mapping Set 1 from Menu 15.1 - Address Mapping Sets. Therefore you must choose the Full Feature option from the Network Address Translation field (in menu 4 or menu 11.3) Figure 164 on page 296.
P-334WT User’s Guide Figure 185 Example 3: Menu 15.1.1.1 Menu 15.1.1.1 Address Mapping Rule Type= One-to-One Local IP: Start= 192.168.1.10 = N/A Global IP: Start= 10.132.50.1 = N/A Press ENTER to Confirm or ESC to Cancel: Press Space Bar to Toggle.
P-334WT User’s Guide Figure 187 Example 3: Menu 15.2 Menu 15.2 - NAT Server Setup Rule Start Port No. End Port No. IP Address --------------------------------------------------- Default Default 0.0.0.0 192.168.1.21 192.168.1.20 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 Press ENTER to Confirm or ESC to Cancel: HTTP:80 FTP:21 Telnet:23 SMTP:25 POP3:110 PPTP:1723 28.5.4 Example 4: NAT Unfriendly Application Programs...
P-334WT User’s Guide Figure 189 Example 4: Menu 15.1.1.1 Address Mapping Rule. Menu 15.1.1.1 Address Mapping Rule Type= Many-One-to-One Local IP: Start= 192.168.1.10 = 192.168.1.12 Global IP: Start= 10.132.50.1 = 10.132.50.3 Press ENTER to Confirm or ESC to Cancel: After you’ve configured your rule, you should be able to check the settings in menu 15.1.1 as shown next.
P-334WT User’s Guide Figure 191 Menu 15.3 Trigger Port Setup Menu 15.3 - Trigger Port Setup Incoming Trigger Rule Name Start Port End Port Start Port End Port ---------------------------------------------------------------------- Real Audio 6970 7170 7070 7070 Press ENTER to Confirm or ESC to Cancel: The following table describes the fields in this screen.
P-334WT User’s Guide H A P T E R Enabling the Firewall This chapter shows you how to get started with the Prestige firewall. 29.1 Remote Management and the Firewall When SMT menu 24.11 is configured to allow management (see the Remote Management chapter) and the firewall is enabled: •...
P-334WT User’s Guide Figure 192 Menu 21.2 Firewall Setup Menu 21.2 - Firewall Setup The firewall protects against Denial of Service (DoS) attacks when it is active. Your network is vulnerable to attacks when the firewall is turned off. Refer to the User's Guide for details about the firewall default policies.
P-334WT User’s Guide H A P T E R Filter Configuration This chapter shows you how to create and apply filters. 30.1 Introduction to Filters Your Prestige uses filters to decide whether to allow passage of a data packet and/or to make a call.
P-334WT User’s Guide 30.1.1 The Filter Structure of the Prestige A filter set consists of one or more filter rules. Usually, you would group related rules, e.g., all the rules for NetBIOS, into a single set and give it a descriptive name. The Prestige allows you to configure up to twelve filter sets with six rules in each set, for a total of 72 filter rules in the system.
P-334WT User’s Guide Figure 194 Filter Rule Process You can apply up to four filter sets to a particular port to block multiple types of packets. With each filter set having up to six rules, you can have a maximum of 24 rules active for a single port.
P-334WT User’s Guide Figure 195 Menu 21: Filter and Firewall Setup Menu 21 - Filter and Firewall Setup 1. Filter Setup 2. Firewall Setup Enter Menu Selection Number: 2 Enter 1 to bring up the following menu. Figure 196 Menu 21.1: Filter Set Configuration Menu 21.1 - Filter Set Configuration...
P-334WT User’s Guide Table 135 Abbreviations Used in the Filter Rules Summary Menu FIELD DESCRIPTION Action Matched. “F” means to forward the packet immediately and skip checking the remaining rules. “D” means to drop the packet. “N“ means to check the next rule.
P-334WT User’s Guide To configure TCP/IP rules, select TCP/IP Filter Rule from the Filter Type field and press [ENTER] to open Menu 21.1.x.x - TCP/IP Filter Rule, as shown next Figure 197 Menu 21.1.1.1 TCP/IP Filter Rule. Menu 21.1.1.1 - TCP/IP Filter Rule...
Page 327
P-334WT User’s Guide Table 137 Menu 21.1.x.x TCP/IP Filter Rule FIELD DESCRIPTION OPTIONS Source IP Address Enter the source IP Address of the packet you wish to filter. This 0.0.0.0 field is ignored if it is 0.0.0.0. IP Mask Enter the IP mask to apply to the Source: IP Addr.
P-334WT User’s Guide Figure 198 Executing an IP Filter 30.2.3 Configuring a Generic Filter Rule This section shows you how to configure a generic filter rule. The purpose of generic rules is to allow you to filter non-IP packets. For IP, it is generally easier to use the IP rules directly.
P-334WT User’s Guide Table 138 Menu 21.1.x.x Generic Filter Rule Menu Fields FIELD DESCRIPTION OPTIONS Action Select the action for a packet matching the rule. Check Next Rule Matched Forward Drop Action Not Select the action for a packet not matching the rule.
P-334WT User’s Guide Figure 201 Example Filter: Menu 21.1.3.1 Menu 21.1.3.1 - TCP/IP Filter Rule Filter #: 3,1 Filter Type= TCP/IP Filter Rule Active= Yes IP Protocol= 6 IP Source Route= No Destination: IP Addr= 0.0.0.0 IP Mask= 0.0.0.0 Port #= 23 Port # Comp= Equal Source: IP Addr= 0.0.0.0...
P-334WT User’s Guide Figure 202 Example Filter Rules Summary: Menu 21.1.3 Menu 21.1.3 - Filter Rules Summary # A Type Filter Rules M m n - - ---- --------------------------------------------------------- - - - 1 Y IP Pr=6, SA=0.0.0.0, DA=0.0.0.0, DP=23 N D F...
P-334WT User’s Guide Figure 203 Protocol and Device Filter Sets 30.5 Firewall Versus Filters Firewall configuration is discussed in the firewall chapters of this manual. Further comparisons are also made between filtering, NAT and the firewall. 30.6 Applying a Filter This section shows you where to apply the filter(s) after you design it (them).
P-334WT User’s Guide 30.6.2 Applying Remote Node Filters Go to menu 11.5 (shown below – note that call filter sets are only present for PPPoE encapsulation) and enter the number(s) of the filter set(s) as appropriate. You can cascade up to four filter sets by entering their numbers separated by commas.
P-334WT User’s Guide H A P T E R SNMP Configuration This chapter explains SNMP Configuration menu 22. 31.1 About SNMP Simple Network Management Protocol is a protocol used for exchanging management information between network devices. SNMP is a member of the TCP/IP protocol suite. Your Prestige supports SNMP agent functionality, which allows a manager station to manage and monitor the Prestige through the network.
P-334WT User’s Guide The managed devices contain object variables/managed objects that define each piece of information to be collected about a device. Examples of variables include the number of packets received, node port status etc. A Management Information Base (MIB) is a collection of managed objects.
P-334WT User’s Guide The following table describes the SNMP configuration parameters. Table 139 Menu 22 SNMP Configuration FIELD DESCRIPTION SNMP: Get Community Type the Get Community, which is the password for the incoming Get- and GetNext requests from the management station.
P-334WT User’s Guide The port number is its interface index under the interface group. Table 141 Ports and Permanent Virtual Circuits PVC (PERMANENT PORT VIRTUAL CIRCUIT) Ethernet LAN … … xDSL Chapter 31 SNMP Configuration...
P-334WT User’s Guide H A P T E R System Security This chapter describes how to configure the system security on the Prestige. 32.1 System Security You can configure the system password, an external RADIUS server and 802.1x in this menu.
P-334WT User’s Guide Figure 209 Menu 23.2 System Security : RADIUS Server Menu 23.2 - System Security - RADIUS Server Authentication Server: Active= No Server Address= 0.0.0.0 Port #= 1812 Shared Secret= ******** Accounting Server: Active= No Server Address= 0.0.0.0...
P-334WT User’s Guide 32.4 IEEE 802.1x The IEEE802.1x standards outline enhanced security methods for both the authentication of wireless stations and encryption key management. Follow the steps below to enable EAP authentication on your Prestige. 1 From the main menu, enter 23 to display Menu23 - System Security.
Page 342
P-334WT User’s Guide Table 143 Menu 23.4 System Security : IEEE802.1x FIELD DESCRIPTION Idle Timeout The ZyAIR automatically disconnects a client from the wired network after a period of inactivity. The client needs to enter the username and password again (in second) before access to the wired network is allowed.
P-334WT User’s Guide H A P T E R System Information and Diagnosis This chapter covers the information and diagnostic tools in SMT menus 24.1 to 24.4. These tools include updates on system status, port status, log and trace capabilities and upgrades for the system software.
P-334WT User’s Guide Figure 212 Menu 24.1 System Maintenance : Status Menu 24.1 - System Maintenance - Status 01:04:32 Sun. Jan. 02, 2000 Port Status TxPkts RxPkts Cols Tx B/s Rx B/s Up Time 100M/Full 2440 21360 1:02:03 100M/Full 2563...
P-334WT User’s Guide Table 144 System Maintenance: Status Menu Fields FIELD DESCRIPTION Name This is the Prestige's system name + domain name assigned in menu 1. For example, System Name= xxx; Domain Name= baboo.mickey.com Name= xxx.baboo.mickey.com Routing Refers to the routing protocol used.
Routing Refers to the routing protocol used. ZyNOS F/W Version Refers to the ZyNOS (ZyXEL Network Operating System) system firmware version. ZyNOS is a registered trademark of ZyXEL Communications Corporation. Refers to the country code of the firmware. Country Code Ethernet Address Refers to the Ethernet MAC (Media Access Control) of your Prestige.
P-334WT User’s Guide Figure 216 Menu 24.3.2 System Maintenance : Syslog Logging Menu 24.3.2 - System Maintenance - Syslog Logging Syslog: Active= No Syslog Server IP Address= 0.0.0.0 Log Facility= Local 1 Press ENTER to Confirm or ESC to Cancel: You need to configure the syslog parameters described in the following table to activate syslog then choose what you want to log.
P-334WT User’s Guide 33.3.1.1 CDR CDR Message Format SdcmdSyslogSend ( SYSLOG_CDR, SYSLOG_INFO, String); String = board xx line xx channel xx, call xx, str board = the hardware board ID line = the WAN ID in a board Channel = channel ID within the WAN...
P-334WT User’s Guide 33.3.1.3 Filter log Filter log Message Format SdcmdSyslogSend(SYSLOG_FILLOG, SYSLOG_NOTICE, String ); String = IP[Src=xx.xx.xx.xx Dst=xx.xx.xx.xx prot spo=xxxx dpo=xxxx] S04>R01mD IP[…] is the packet header and S04>R01mD means filter set 4 (S) and rule 1 (R), match (m) drop (D).
P-334WT User’s Guide Figure 217 Call-Triggering Packet Example IP Frame: ENET0-RECV Size: Time: 17:02:44.262 Frame Type: IP Header: IP Version Header Length = 20 Type of Service = 0x00 (0) Total Length = 0x002C (44) Identification = 0x0002 (2) Flags...
P-334WT User’s Guide Figure 218 Menu 24.4 System Maintenance : Diagnostic Menu 24.4 - System Maintenance - Diagnostic TCP/IP 1. Ping Host 2. WAN DHCP Release 3. WAN DHCP Renewal 4. Internet Setup Test System 11. Reboot System Enter Menu Selection Number: Host IP Address= N/A 33.4.1 WAN DHCP...
Page 353
P-334WT User’s Guide Table 147 System Maintenance Menu Diagnostic FIELD DESCRIPTION Internet Setup Test Enter 4 to test the Internet setup. You can also test the Internet setup in Menu 4 - Internet Access. Please refer to the Internet Access chapter for more details.
Page 354
P-334WT User’s Guide Chapter 33 System Information and Diagnosis...
P-334WT User’s Guide H A P T E R Firmware and Configuration File Maintenance This chapter tells you how to backup and restore your configuration file as well as upload new firmware and configuration files. 34.1 Filename Conventions The configuration file (often called the romfile or rom-0) contains the factory default settings in the menus such as password, DHCP Setup, TCP/IP Setup, etc.
P-334WT User’s Guide The following table is a summary. Please note that the internal filename refers to the filename on the Prestige and the external filename refers to the filename not on the Prestige, that is, on your computer, local network or FTP site and so the name (but not the extension) may vary.
P-334WT User’s Guide 34.2.2 Using the FTP Command from the Command Line 1 Launch the FTP client on your computer. 2 Enter “open”, followed by a space and the IP address of your Prestige. 3 Press [ENTER] when prompted for a username.
P-334WT User’s Guide 34.2.5 TFTP and FTP over WAN Management Limitations TFTP, FTP and Telnet over WAN will not work when: • You have disabled Telnet service in menu 24.11. • You have applied a filter in menu 3.1 (LAN) or in menu 11.5 (WAN) to block Telnet service.
P-334WT User’s Guide where “i” specifies binary image transfer mode (use this mode when transferring binary files), “host” is the Prestige IP address, “get” transfers the file source on the Prestige (rom-0, name of the configuration file on the Prestige) to the file destination on the computer and renames it config.rom.
P-334WT User’s Guide Figure 222 Telnet into Menu 24.6. Menu 24.6 -- System Maintenance - Restore Configuration To transfer the firmware and configuration file to your workstation, follow the procedure below: 1. Launch the FTP client on your workstation. 2. Type "open" and the IP address of your Prestige. Then type "root" and SMT password as requested.
P-334WT User’s Guide 34.4 Uploading Firmware and Configuration Files This section shows you how to upload firmware and configuration files. You can upload configuration files by following the procedure in the previous section about restoring configuration or by following the instructions in Menu 24.7.2 – System Maintenance –...
P-334WT User’s Guide Figure 225 Telnet Into Menu 24.7.2 System Maintenance . Menu 24.7.2 - System Maintenance - Upload System Configuration File To upload the system configuration file, follow the procedure below: 1. Launch the FTP client on your workstation.
P-334WT User’s Guide 34.4.4 FTP Session Example of Firmware File Upload Figure 226 FTP Session Example of Firmware File Upload 331 Enter PASS command Password: 230 Logged in ftp> bin 200 Type I OK ftp> put firmware.bin ras 200 Port command okay...
Page 364
P-334WT User’s Guide tftp [-i] host put firmware.bin ras where “i” specifies binary image transfer mode (use this mode when transferring binary files), “host” is the Prestige’s IP address and “put” transfers the file source on the computer (firmware.bin – name of the firmware on the computer) to the file destination on the remote host (ras - name of the firmware on the Prestige).
P-334WT User’s Guide H A P T E R System Maintenance This chapter leads you through SMT menus 24.8 to 24.10. 35.1 Command Interpreter Mode The Command Interpreter (CI) is a part of the main system firmware. The CI provides much of the same functionality as the SMT, while adding some low-level setup and diagnostic functions.
A list of commands can be found by typing help or ? at the command prompt. Always type the full command. Type exit to return to the SMT main menu when finished. Figure 228 Valid Commands Copyright (c) 1994 - 2004 ZyXEL Communications Corp. P-334WT> ? Valid commands are:...
P-334WT User’s Guide Figure 230 Budget Management Menu 24.9.1 - Budget Management Remote Node Connection Time/Total Budget Elapsed Time/Total Period 1.MyISP No Budget No Budget The total budget is the time limit on the accumulated time for outgoing calls to a remote node.
P-334WT User’s Guide Figure 231 Menu 24.9.2 - Call History Menu 24.9.2 - Call History Phone Number Rate #call Total Enter Entry to Delete(0 to exit): The following table describes the fields in this menu. Table 152 Call History Fields...
P-334WT User’s Guide Figure 232 Menu 24: System Maintenance Menu 24 - System Maintenance System Status System Information and Console Port Speed Log and Trace Diagnostic Backup Configuration Restore Configuration Upload Firmware Command Interpreter Mode Call Control 10. Time and Date Setting 11.
P-334WT User’s Guide The following table describes the fields in this screen. Table 153 Time and Date Setting Fields FIELD DESCRIPTION Time Protocol Enter the time service protocol that your timeserver sends when you turn on the Prestige. Not all timeservers support all protocols, so you may have to check with your ISP/network administrator or use trial and error to find a protocol that works.
P-334WT User’s Guide H A P T E R Remote Management This chapter covers remote management (SMT menu 24.11). 36.1 Remote Management Remote management allows you to determine which services/protocols can access which Prestige interface (if any) from which computers.
P-334WT User’s Guide The following table describes the fields in this screen. Table 154 Menu 24.11 – Remote Management Control FIELD DESCRIPTION Telnet Server Each of these read-only labels denotes a service or protocol. FTP Server Web Server SNMP Service...
P-334WT User’s Guide H A P T E R Call Scheduling Call scheduling (applicable for PPPoA or PPPoE encapsulation only) allows you to dictate when a remote node should be called and for how long. 37.1 Introduction to Call Scheduling The call scheduling feature allows the Prestige to manage a remote node and dictate when a remote node should be called and for how long.
P-334WT User’s Guide To setup a schedule set, select the schedule set you want to setup from menu 26 (1-12) and press [ENTER] to see Menu 26.1 - Schedule Set Setup as shown next. Figure 236 Menu 26.1 Schedule Set Setup Menu 26.1 - Schedule Set Setup...
P-334WT User’s Guide Table 155 Menu 26.1 Schedule Set Setup FIELD DESCRIPTION Action Forced On means that the connection is maintained whether or not there is a demand call on the line and will persist for the time period specified in the Duration field.
P-334WT User’s Guide H A P T E R VPN/IPSec Setup This chapter introduces the VPN SMT menus. 38.1 VPN/IPSec Overview The VPN/IPSec main SMT menu has these main submenus: 1 Define VPN policies in menu 27.1 submenus, including security policies, endpoint IP addresses, peer IPSec router IP address and key management.
P-334WT User’s Guide 38.2 IPSec Summary Screen Type 1 in menu 27 and then press [ENTER] to display Menu 27.1 - IPSec Summary. This is a summary read-only menu of your IPSec rules (tunnels). Edit or create an IPSec rule by selecting an index number and then configuring the associated submenus.
Page 379
P-334WT User’s Guide Table 156 Menu 27.1 IPSec Summary FIELD DESCRIPTION Key Mgt This field displays the SA’s type of key management, (IKE or Manual). Remote Addr When the Addr Type field in Menu 27.1.1 IPSec Setup is configured to Single, this is a Start static IP address on the network behind the remote IPSec router.
P-334WT User’s Guide Figure 241 Menu 27.1.1 IPSec Setup Menu 27.1.1 - IPSec Setup Index #= 2 Name= example Active= Yes Keep Alive= No Nat Traversal= No Local ID type= IP Content= My IP Addr= 0.0.0.0 Peer ID type= IP Content= Secure Gateway Address= zwtest.zyxel.com.tw...
Page 381
P-334WT User’s Guide Table 157 Menu 27.1.1 IPSec Setup FIELD DESCRIPTION Content When you select IP in the Local ID Type field, type the IP address of your computer or leave the field blank to have the Prestige automatically use its own IP address.
Page 382
P-334WT User’s Guide Table 157 Menu 27.1.1 IPSec Setup FIELD DESCRIPTION Enter a port number in this field to define a port range. This port number must be greater than that specified in the previous field. This field is N/A when 0 is configured in the Port Start field.
P-334WT User’s Guide 38.3 IKE Setup To edit this menu, the Key Management field in Menu 27.1.1 – IPSec Setup must be set to IKE. Move the cursor to the Edit Key Management Setup field in Menu 27.1.1 – IPSec Setup;...
P-334WT User’s Guide Table 158 Menu 27.1.1.1 IKE Setup FIELD DESCRIPTION Encryption When DES is used for data communications, both sender and receiver must know Algorithm the same secret key, which can be used to encrypt and decrypt the message or to generate and verify a message authentication code.
P-334WT User’s Guide 38.4.1 Active Protocol This field is a combination of mode and security protocols used for the VPN. See the Web Configurator part on VPN for more information on these parameters. Table 159 Active Protocol: Encapsulation and Security Protocol...
Page 386
P-334WT User’s Guide Table 160 Menu 27.1.1.2 Manual Setup FIELD DESCRIPTION Encryption Press [SPACE BAR] to choose from NULL, 3DES or DES and then press [ENTER]. Algorithm Fill in the Key1 field below when you choose DES and fill in fields Key1 to Key3 when you choose 3DES.
P-334WT User’s Guide H A P T E R SA Monitor This chapter teaches you how to manage your SAs by using the SA Monitor in SMT menu 27.2. 39.1 SA Monitor Overview A Security (SA) is the group of security settings related to a specific VPN tunnel. This menu (shown next) displays active VPN connections.
P-334WT User’s Guide The following table describes the fields in this menu. Table 161 Menu 27.2 SA Monitor FIELD DESCRIPTION This is the security index number. Name This field displays the identification name for this VPN policy. This name is unique for each connection where the secure gateway IP address is a public static IP address.
P-334WT User’s Guide H A P T E R Troubleshooting This chapter covers potential problems and the corresponding remedies. 40.1 Problems Starting Up the Prestige Table 162 Troubleshooting Starting Up Your Prestige PROBLEM CORRECTIVE ACTION None of the Make sure that the Prestige’s power adaptor is connected to the Prestige and plugged LEDs turn on in to an appropriate power source.
P-334WT User’s Guide 40.3 Problems with the WAN Table 164 Troubleshooting the WAN PROBLEM CORRECTIVE ACTION The WAN LED is Check the connections between the Prestige WAN port and the cable/DSL modem off. or ethernet jack. Check whether your cable/DSL device requires a crossover or straight-through cable.
P-334WT User’s Guide 40.4 Problems Accessing the Prestige Table 165 Troubleshooting Accessing the Prestige PROBLEM CORRECTIVE ACTION I cannot The username is “admin”. The default password is “1234”. The Password and access the Username fields are case-sensitive. Make sure that you enter the correct password Prestige.
P-334WT User’s Guide Table 166 Troubleshooting Restricted Web Pages and Keyword Blocking PROBLEM CORRECTIVE ACTION Parental Restart the device to clear the cache. Control is The content filter server may be unavailable. The View Logs screen can display configured content filtering log messages. See the Log Descriptions appendix for a list of possible correctly, but I log messages.
P-334WT User’s Guide • Java permissions (enabled by default). Note: Internet Explorer 6 screens are used here. Screens for other Internet Explorer versions may vary. 40.5.1.1 Internet Explorer Pop-up Blockers You may have to disable pop-up blocking to log into your device.
P-334WT User’s Guide Figure 246 Internet Options 3 Click Apply to save this setting. 40.5.1.1.2 Enable pop-up Blockers with Exceptions Alternatively, if you only want to allow pop-up windows from your device, see the following steps. 1 In Internet Explorer, select Tools, Internet Options and then the Privacy tab.
P-334WT User’s Guide Figure 247 Internet Options 3 Type the IP address of your device (the web page that you do not want to have blocked) with the prefix “http://”. For example, http://192.168.1.1. 4 Click Add to move the IP address to the list of Allowed sites.
P-334WT User’s Guide Figure 248 Pop-up Blocker Settings 5 Click Close to return to the Privacy screen. 6 Click Apply to save this setting. 40.5.1.2 JavaScripts If pages of the web configurator do not display properly in Internet Explorer, check that JavaScripts are allowed.
P-334WT User’s Guide Figure 249 Internet Options 2 Click the Custom Level... button. 3 Scroll down to Scripting. 4 Under Active scripting make sure that Enable is selected (the default). 5 Under Scripting of Java applets make sure that Enable is selected (the default).
P-334WT User’s Guide Figure 250 Security Settings - Java Scripting 40.5.1.3 Java Permissions 1 From Internet Explorer, click Tools, Internet Options and then the Security tab. 2 Click the Custom Level... button. 3 Scroll down to Microsoft VM. 4 Under Java permissions make sure that a safety level is selected.
P-334WT User’s Guide Figure 251 Security Settings - Java 40.5.1.3.1 JAVA (Sun) 1 From Internet Explorer, click Tools, Internet Options and then the Advanced tab. 2 Make sure that Use Java 2 for <applet> under Java (Sun) is selected. 3 Click OK to close the window.
P-334WT User’s Guide Figure 252 Java (Sun) 40.5.2 ActiveX Controls in Internet Explorer If ActiveX is disabled, you will not be able to download ActiveX controls or to use Trend Micro Security Serivces. Make sure that ActiveX controls are allowed in Internet Explorer.
P-334WT User’s Guide Figure 253 Internet Options Security 3 Scroll down to ActiveX controls and plug-ins. 4 Under Download signed ActiveX controls select the Prompt radio button. 5 Under Run ActiveX controls and plug-ins make sure the Enable radio button is selected.
P-334WT User’s Guide P P E N D I X Setting up Your Computer’s IP Address All computers must have a 10M or 100M Ethernet adapter card and TCP/IP installed. Windows 95/98/Me/NT/2000/XP, Macintosh OS 7 and later operating systems and all versions of UNIX/LINUX include the software components you need to install and use TCP/ IP on your computer.
P-334WT User’s Guide Figure 255 WIndows 95/98/Me: Network: Configuration Installing Components The Network window Configuration tab displays a list of installed components. You need a network adapter, the TCP/IP protocol and Client for Microsoft Networks. If you need the adapter: 1 In the Network window, click Add.
P-334WT User’s Guide 3 Select Microsoft from the list of manufacturers. 4 Select Client for Microsoft Networks from the list of network clients and then click 5 Restart your computer so the changes you made take effect. Configuring 1 In the Network window Configuration tab, select your network adapter's TCP/IP entry and click Properties 2 Click the IP Address tab.
P-334WT User’s Guide Figure 257 Windows 95/98/Me: TCP/IP Properties: DNS Configuration 4 Click the Gateway tab. • If you do not know your gateway’s IP address, remove previously installed gateways. • If you have a gateway IP address, type it in the New gateway field and click Add.
P-334WT User’s Guide Figure 258 Windows XP: Start Menu 2 In the Control Panel, double-click Network Connections (Network and Dial-up Connections in Windows 2000/NT). Figure 259 Windows XP: Control Panel 3 Right-click Local Area Connection and then click Properties. Appendix A Setting up Your Computer’s IP Address...
P-334WT User’s Guide Figure 260 Windows XP: Control Panel: Network Connections: Properties 4 Select Internet Protocol (TCP/IP) (under the General tab in Win XP) and then click Properties. Figure 261 Windows XP: Local Area Connection Properties 5 The Internet Protocol TCP/IP Properties window opens (the General tab in Windows XP).
P-334WT User’s Guide • If you have a static IP address click Use the following IP Address and fill in the IP address, Subnet mask, and Default gateway fields. • Click Advanced. Figure 262 Windows XP: Internet Protocol (TCP/IP) Properties 6 If you do not know your gateway's IP address, remove any previously installed gateways in the IP Settings tab and click OK.
P-334WT User’s Guide Figure 263 Windows XP: Advanced TCP/IP Properties 7 In the Internet Protocol TCP/IP Properties window (the General tab in Windows XP): • Click Obtain DNS server address automatically if you do not know your DNS server IP address(es).
P-334WT User’s Guide Figure 264 Windows XP: Internet Protocol (TCP/IP) Properties 8 Click OK to close the Internet Protocol (TCP/IP) Properties window. 9 Click Close (OK in Windows 2000/NT) to close the Local Area Connection Properties window. 10 Close the Network Connections window (Network and Dial-up Connections in Windows 2000/NT).
P-334WT User’s Guide Figure 265 Macintosh OS 8/9: Apple Menu 2 Select Ethernet built-in from the Connect via list. Figure 266 Macintosh OS 8/9: TCP/IP 3 For dynamically assigned settings, select Using DHCP Server from the Configure: list. Appendix A Setting up Your Computer’s IP Address...
P-334WT User’s Guide 4 For statically assigned settings, do the following: • From the Configure box, select Manually. • Type your IP address in the IP Address box. • Type your subnet mask in the Subnet mask box. • Type the IP address of your Prestige in the Router address box.
P-334WT User’s Guide Figure 268 Macintosh OS X: Network 4 For statically assigned settings, do the following: • From the Configure box, select Manually. • Type your IP address in the IP Address box. • Type your subnet mask in the Subnet mask box.
P-334WT User’s Guide Note: Make sure you are logged in as the root administrator. Using the K Desktop Environment (KDE) Follow the steps below to configure your computer IP address using the KDE. 1 Click the Red Hat button (located on the bottom left corner), select System Setting and click Network.
P-334WT User’s Guide • If you have a dynamic IP address click Automatically obtain IP address settings with and select dhcp from the drop down list. • If you have a static IP address click Statically set IP Addresses and fill in the Address, Subnet mask, and Default Gateway Address fields.
P-334WT User’s Guide 1 Assuming that you have only one network card on the computer, locate the ifconfig- configuration file (where is the name of the Ethernet card). Open the eth0 eth0 configuration file with any plain text editor. •...
P-334WT User’s Guide Figure 276 Red Hat 9.0: Restart Ethernet Card [root@localhost init.d]# network restart Shutting down interface eth0: [OK] Shutting down loopback interface: [OK] Setting network parameters: [OK] Bringing up loopback interface: [OK] Bringing up interface eth0: [OK] 40.5.3 Verifying Settings Enter in a terminal screen to check your TCP/IP properties.
P-334WT User’s Guide P P E N D I X IP Subnetting IP Addressing Routers “route” based on the network number. The router that delivers the data packet to the correct destination host uses the host ID. IP Classes An IP address is made up of four octets (eight bits), written in dotted decimal notation, for example, 192.168.1.1.
P-334WT User’s Guide Since the first octet of a class “A” IP address must contain a “0”, the first octet of a class “A” address can have a value of 0 to 127. Similarly the first octet of a class “B” must begin with “10”, therefore the first octet of a class “B”...
P-334WT User’s Guide Since the mask is always a continuous number of ones beginning from the left, followed by a continuous number of zeros for the remainder of the 32 bit mask, you can simply specify the number of ones instead of writing the value of each octet. This is usually specified by writing a “/”...
P-334WT User’s Guide Note: In the following charts, shaded/bolded last octet bit values indicate host ID bits “borrowed” to form network ID bits. The number of “borrowed” host ID bits determines the number of subnets you can have. The remaining number of host ID bits (after “borrowing”) determines the number of hosts you can have...
P-334WT User’s Guide Example: Four Subnets The above example illustrated using a 25-bit subnet mask to divide a class “C” address space into two subnets. Similarly to divide a class “C” address into four subnets, you need to “borrow” two host ID bits to give four possible combinations of 00, 01, 10 and 11. The subnet mask is 26 bits (11111111.11111111.11111111.11000000) or 255.255.255.192.
P-334WT User’s Guide Subnetting With Class A and Class B Networks. For class “A” and class “B” addresses the subnet mask also determines which bits are part of the network number and which are part of the host ID. A class “B” address has two host ID octets available for subnetting and a class “A” address has...
Page 426
P-334WT User’s Guide Appendix B IP Subnetting...
P-334WT User’s Guide P P E N D I X PPPoE PPPoE in Action An ADSL modem bridges a PPP session over Ethernet (PPP over Ethernet, RFC 2516) from your computer to an ATM PVC (Permanent Virtual Circuit) which connects to a DSL Access...
P-334WT User’s Guide Figure 278 Single-Computer per Router Hardware Configuration How PPPoE Works The PPPoE driver makes the Ethernet appear as a serial link to the computer and the computer runs PPP over it, while the modem bridges the Ethernet frames to the Access Concentrator (AC).
P-334WT User’s Guide P P E N D I X PPTP What is PPTP? PPTP (Point-to-Point Tunneling Protocol) is a Microsoft proprietary protocol (RFC 2637 for PPTP is informational only) to tunnel PPP frames. How can we transport PPP frames from a computer to a broadband...
P-334WT User’s Guide PPTP Protocol Overview PPTP is very similar to L2TP, since L2TP is based on both PPTP and L2F (Cisco’s Layer 2 Forwarding). Conceptually, there are three parties in PPTP, namely the PNS (PPTP Network Server), the PAC (PPTP Access Concentrator) and the PPTP user. The PNS is the box that hosts both the PPP and the PPTP stacks and forms one end of the PPTP tunnel.
P-334WT User’s Guide Figure 282 Example Message Exchange between Computer and an ANT PPP Data Connection The PPP frames are tunneled between the PNS and PAC over GRE (General Routing Encapsulation, RFC 1701, 1702). The individual calls within a tunnel are distinguished using the Call ID field in the GRE header.
P-334WT User’s Guide P P E N D I X Wireless LANs Wireless LAN Topologies This section discusses ad-hoc and infrastructure wireless LAN topologies. Ad-hoc Wireless LAN Configuration The simplest WLAN configuration is an independent (Ad-hoc) WLAN that connects a set of computers with wireless stations (A, B, C).
P-334WT User’s Guide Figure 284 Basic Service Set An Extended Service Set (ESS) consists of a series of overlapping BSSs, each containing an access point, with each access point connected together by a wired network. This wired connection between APs is called a Distribution System (DS).
P-334WT User’s Guide Figure 285 Infrastructure WLAN Channel A channel is the radio frequency(ies) used by IEEE 802.11a/b/g wireless devices. Channels available depend on your geographical area. You may have a choice of channels (for your region) so you should use a different channel than an adjacent AP (access point) to reduce interference.
P-334WT User’s Guide Figure 286 RTS/CTS When station A sends data to the AP, it might not know that the station B is already using the channel. If these two stations send data at the same time, collisions may occur when both sets of data arrive at the AP at the same time, resulting in a loss of messages for both stations.
P-334WT User’s Guide A large Fragmentation Threshold is recommended for networks not prone to interference while you should set a smaller threshold for busy networks or networks that are prone to interference. If the Fragmentation Threshold value is smaller than the RTS/CTS value (see previously) you set then the RTS (Request To Send)/CTS (Clear to Send) handshake will never occur as data frames will be fragmented before they reach RTS/CTS size.
P-334WT User’s Guide IEEE 802.1x In June 2001, the IEEE 802.1x standard was designed to extend the features of IEEE 802.11 to support extended authentication as well as providing additional accounting and control features. It is supported by Windows XP and a number of network devices. Some advantages of IEEE 802.1x are:...
P-334WT User’s Guide • Access-Challenge Sent by a RADIUS server requesting more information in order to allow access. The access point sends a proper response from the user and then sends another Access- Request message. The following types of RADIUS messages are exchanged between the access point and the RADIUS server for user accounting: •...
P-334WT User’s Guide EAP-TLS (Transport Layer Security) With EAP-TLS, digital certifications are needed by both the server and the wireless stations for mutual authentication. The server presents a certificate to the client. After validating the identity of the server, the client sends a different certificate to the server. The exchange of certificates is done in the open before a secured tunnel is created.
P-334WT User’s Guide For added security, certificate-based authentications (EAP-TLS, EAP-TTLS and PEAP) use dynamic keys for data encryption. They are often deployed in corporate environments, but for public deployment, a simple user name and password pair is more practical. The following table is a comparison of the features of authentication types.
P-334WT User’s Guide The Message Integrity Check (MIC) is designed to prevent an attacker from capturing data packets, altering them and resending them. The MIC provides a strong mathematical function in which the receiver and the transmitter each compute and then compare the MIC. If they do not match, it is assumed that the data has been tampered with and the packet is dropped.
P-334WT User’s Guide P P E N D I X Log Descriptions This appendix provides descriptions of example log messages. Table 186 System Maintenance Logs LOG MESSAGE DESCRIPTION The router has adjusted its time based on information from the Time calibration is time server.
P-334WT User’s Guide Table 186 System Maintenance Logs (continued) LOG MESSAGE DESCRIPTION The router is saving configuration changes. Configuration Change: PC = 0x%x, Task ID = 0x%x Someone has logged on to the router’s SSH server. Successful SSH login Someone has failed to log on to the router’s SSH server.
P-334WT User’s Guide Table 189 TCP Reset Logs LOG MESSAGE DESCRIPTION The router sent a TCP reset packet when a host was under a SYN Under SYN flood attack, flood attack (the TCP incomplete count is per destination host.) sent TCP RST...
P-334WT User’s Guide Table 191 ICMP Logs LOG MESSAGE DESCRIPTION ICMP access matched the default policy and was blocked Firewall default policy: ICMP or forwarded according to the user's setting. For type and <Packet Direction>, <type:%d>, code details, see Table 203 on page 455.
P-334WT User’s Guide Table 193 PPP Logs (continued) LOG MESSAGE DESCRIPTION The PPP connection’s Link Control Protocol stage is closing. ppp:LCP Closing The PPP connection’s Internet Protocol Control Protocol stage is closing. ppp:IPCP Closing Table 194 UPnP Logs LOG MESSAGE DESCRIPTION UPnP packets can pass through the firewall.
P-334WT User’s Guide Table 195 Content Filtering Logs (continued) LOG MESSAGE DESCRIPTION The connection to the external content filtering server failed. Connecting to content filter server fail License key is invalid The external content filtering license key is invalid. Table 196 Attack Logs...
P-334WT User’s Guide Table 197 IPSec Logs LOG MESSAGE DESCRIPTION The router received and discarded a packet with an incorrect Discard REPLAY packet sequence number. The router received a packet that has been altered. A third party may Inbound packet have altered or tampered with the packet.
Page 450
P-334WT User’s Guide Table 198 IKE Logs (continued) LOG MESSAGE DESCRIPTION The router couldn’t resolve the IP address from the domain Cannot resolve Secure Gateway name that was used for the secure gateway address. Addr for rule <%d> The displayed ID information did not match between the two Peer ID: <peer id>...
Page 451
P-334WT User’s Guide Table 198 IKE Logs (continued) LOG MESSAGE DESCRIPTION The router was not able to use extended authentication to XAUTH fail! Username: authenticate the listed username. <Username> The listed rule’s IKE phase 1 negotiation mode did not match Rule[%d] Phase 1 negotiation between the router and the peer.
P-334WT User’s Guide Table 198 IKE Logs (continued) LOG MESSAGE DESCRIPTION The listed rule’s IKE phase 2 did not match between the router Rule [%d] phase 2 mismatch and the peer. The listed rule’s IKE phase 2 key lengths (with the AES...
P-334WT User’s Guide Table 199 PKI Logs (continued) LOG MESSAGE DESCRIPTION The router received directory data that was too large (the size is listed) Rcvd data <size> too from the LDAP server whose address and port are recorded in the large! Max size Source field.
P-334WT User’s Guide Table 200 Certificate Path Verification Failure Reason Codes (continued) CODE DESCRIPTION Database method failed. Path was not verified. Maximum path length reached. Table 201 802.1X Logs LOG MESSAGE DESCRIPTION A user was authenticated by the local user database.
P-334WT User’s Guide Table 202 ACL Setting Notes PACKET DIRECTION DIRECTION DESCRIPTION (L to W) LAN to WAN ACL set for packets traveling from the LAN to the WAN. (W to L) WAN to LAN ACL set for packets traveling from the WAN to the LAN.
P-334WT User’s Guide Table 203 ICMP Notes (continued) TYPE CODE DESCRIPTION Time Exceeded Time to live exceeded in transit Fragment reassembly time exceeded Parameter Problem Pointer indicates the error Timestamp Timestamp request message Timestamp Reply Timestamp reply message Information Request...
1 Use the sys logs load command to load the log setting buffer that allows you to configure which logs the Prestige is to record. 2 Use sys logs category to view a list of the log categories. Figure 287 Displaying Log Categories Example Copyright (c) 1994 - 2004 ZyXEL Communications Corp. ras>? Valid commands are: exit...
P-334WT User’s Guide Use 0 to not record logs for that category, 1 to record only logs for that category, 2 to record only alerts for that category, and 3 to record both logs and alerts for that category. Not every parameter is available with every category.
P-334WT User’s Guide P P E N D I X Wall-mounting Instructions Do the following to hang your Prestige on a wall. Note: See the product specifications appendix for the size of screws to use and how far apart to place them.
Page 460
P-334WT User’s Guide Appendix G Wall-mounting Instructions...
Page 461
P-334WT User’s Guide Index Numerics 110V AC 230V AC Cables, Connecting 802.1x Call Control Call History Call Scheduling Maximum Number of Schedule Sets PPPoE Precedence Precedence Example Abnormal Working Conditions Call-Trigerring Packet Accessories CDR (Call Detail Record) Active Certificate Authority...
Page 462
P-334WT User’s Guide Copyright Ethernet Encapsulation 139, 291, 292 Correcting Interference Europe Corrosive Liquids Exposure Cost Of Transmission Extended Service Set Covers Extended Service Set IDentification CTS (Clear to Send) Extended wireless security Customer Support Factory LAN Defaults Damage Fail Tolerance...
Page 463
P-334WT User’s Guide Gateway IP Addr IP Pool Setup Gateway IP Address IP Ports 381, 382 General wireless LAN screen IP Static Route Setup Germany, Contact Information Global God, act of Java 154, 207 Harmful Interference Hidden Menus Hidden node...
Page 464
P-334WT User’s Guide My Password 288, 292 Period(hr) My Server IP Addr Permission Photocopying Ping Pipes Point-to-Point Tunneling Protocol 116, 140 Pool Nailed-Up Connection POP3 Nailed-up Connection Port Numbers 138, 139, 140, 296, 332 Postage Prepaid. Applying NAT in the SMT Menus...
Page 465
P-334WT User’s Guide Receiving Antenna Security Association Registered Security Parameters Registered Trademark Separation Between Equipment and Receiver Regular Mail Serial Number Related Documentation Server 137, 138, 255, 288, 292, 305, 306, 308, 309, 311, 312, 370 Relocate Server IP Rem Node Name...
Page 466
P-334WT User’s Guide System Information & Diagnosis System Maintenance 258, 343, 345, 352, 356, 358, 363, 365, 366, 367, 369 Value System Name Vendor System Timeout Ventilation Slots Viewing Certifications Voltage Supply Voltage, High VPN monitor Tampering TCP/IP 127, 325, 326, 332 TCP/IP filter rule Telecommunication Line Cord.
Page 467
P-334WT User’s Guide Written Permission www.dyndns.org ZyNOS 3, 345, 356 ZyNOS F/W Version 345, 356 ZyXEL Communications Corporation ZyXEL Home Page ZyXEL Limited Warranty Note ZyXEL Network Operating System Index...