Page 1 Prestige 662HW Series 802.11g Wireless ADSL 2+ 4 Port Security Gateway User's Guide Version 3.40 May 2004...
Page 2: Copyright
This publication is subject to change without notice. Trademarks ZyNOS (ZyXEL Network Operating System) is a registered trademark of ZyXEL Communications, Inc. Other trademarks mentioned in this publication are used for identification purposes only and may be properties of their respective owners.
Page 3 Prestige 662HW Series User’s Guide Federal Communications Commission (FCC) Interference Statement This device complies with Part 15 of FCC rules. Operation is subject to the following two conditions: • This device may not cause harmful interference. • This device must accept any interference received, including interference that may cause undesired operations.
Page 4: Zyxel Limited Warranty
Prestige 662HW Series User’s Guide ZyXEL Limited Warranty ZyXEL warrants to the original end user (purchaser) that this product is free from any defects in materials or workmanship for a period of up to two years from the date of purchase. During the...
Page 5: Customer Support
Prestige 662HW Series User’s Guide Customer Support Please have the following information ready when you contact customer support. • Product model and serial number. • Warranty Information. • Date that you received your device. • Brief description of the problem and the steps you took to solve it.
Page 6: Table Of Contents
Prestige 662HW Series User’s Guide Table of Contents Copyright................................. ii Federal Communications Commission (FCC) Interference Statement............. iii ZyXEL Limited Warranty ..........................iv Customer Support ............................v List of Figures ............................... xii List of Tables .............................. xviii List of Charts .............................. xxii Preface ................................
Page 7 Prestige 662HW Series User’s Guide Network Authentication......................6-7 Introduction to WPA........................6-8 WPA-PSK Application Example ....................6-9 WPA with RADIUS Application Example................6-10 6.10 Security Parameters Summary ....................6-11 6.11 Wireless Client WPA Supplicants....................6-11 6.12 Configuring 802.1x and WPA....................6-11 6.13 Configuring Local User Authentication...................6-17 6.14 Configuring RADIUS ......................6-18 Chapter 7 WAN Setup ..........................7-1...
Page 8 Prestige 662HW Series User’s Guide 12.10 Predefined Services ....................... 12-15 12.11 Anti-Probing .......................... 12-17 12.12 Configuring Attack Alert ....................... 12-18 Chapter 13 Content Filtering........................13-1 13.1 Content Filtering Overview ..................... 13-1 13.2 Configuring Keyword Blocking ....................13-1 13.3 Configuring the Schedule ......................13-2 13.4 Configuring Trusted Computers ....................
Page 9 Prestige 662HW Series User’s Guide Media Bandwidth Management ........................ VII Chapter 20 Media Bandwidth Management ...................20-1 20.1 Bandwidth Management Overview..................20-1 20.2 Bandwidth Classes and Filters ....................20-1 20.3 Proportional Bandwidth Allocation ..................20-1 20.4 Bandwidth Management Usage Examples................20-2 20.5 Scheduler..........................20-3 20.6 Maximize Bandwidth Usage ....................20-3 20.7 Bandwidth Borrowing......................20-5...
Page 10 Prestige 662HW Series User’s Guide 29.2 Configuration........................... 29-1 Chapter 30 Bridging Setup ........................30-1 30.1 Bridging in General ......................... 30-1 30.2 Bridge Ethernet Setup......................30-1 Chapter 31 Network Address Translation (NAT) ................... 31-1 31.1 Using NAT ..........................31-1 31.2 Applying NAT ......................... 31-1 31.3 NAT Setup..........................
Page 11 Prestige 662HW Series User’s Guide 40.5 Applying an IP Policy ......................40-5 40.6 IP Policy Routing Example......................40-6 Chapter 41 Call Scheduling ........................41-1 41.1 Introduction..........................41-1 SMT VPN/IPSec and Internal SPTGEN.....................XI Chapter 42 VPN/IPSec Setup........................42-1 42.1 VPN/IPSec Overview ......................42-1 42.2 IPSec Summary Screen ......................42-2 42.3 IPSec Setup ..........................42-4...
Page 12: List Of Figures
Prestige 662HW Series User’s Guide List of Figures Figure 1-1 Prestige Internet Access Application....................1-7 Figure 1-2 Firewall Application..........................1-7 Figure 1-3 Prestige LAN-to-LAN Application .....................1-7 Figure 2-1 Password Screen ..........................2-1 Figure 2-2 Change Password at Login........................2-2 Figure 2-3 Web Configurator SITE MAP Screen ....................2-3 Figure 3-1 Wizard Screen 1 ..........................3-2...
Page 13 Prestige 662HW Series User’s Guide Figure 8-2 NAT Application With IP Alias ......................8-3 Figure 8-3 Multiple Servers Behind NAT Example..................... 8-5 Figure 8-4 NAT Mode............................8-6 Figure 8-5 Edit SUA/NAT Server Set........................8-7 Figure 8-6 Address Mapping Rules ........................8-8 Figure 8-7 Address Mapping Rule Edit .......................
Page 14 Prestige 662HW Series User’s Guide Figure 16-5 VPN IKE............................16-8 Figure 16-6 Two Phases to Set Up the IPSec SA .....................16-13 Figure 16-7 VPN IKE: Advanced Setup......................16-15 Figure 16-8 VPN: Manual Key.........................16-18 Figure 16-9 VPN: SA Monitor..........................16-21 Figure 16-10 VPN: Global Setting ........................16-22 Figure 16-11 Telecommuters Sharing One VPN Rule Example...............16-23...
Page 15 Prestige 662HW Series User’s Guide Figure 24-2 Menu 2.1Traffic Redirect Setup ..................... 24-2 Figure 24-3 Menu 2.2 Dial Backup Setup ......................24-3 Figure 24-4 Menu 2.2.1 Advanced Dial Backup Setup..................24-4 Figure 25-1 Menu 3 LAN Setup ........................25-1 Figure 25-2 Menu 3.1 LAN Port Filter Setup ....................25-1 Figure 25-3 Menu 3.2 TCP/IP and DHCP Ethernet Setup .................
Page 16 Prestige 662HW Series User’s Guide Figure 31-13 NAT Example 2...........................31-11 Figure 31-14 Menu 15.2.1 Specifying an Inside Server ...................31-11 Figure 31-15 NAT Example 3...........................31-12 Figure 31-16 Example 3: Menu 11.3 ........................31-13 Figure 31-17 Example 3: Menu 15.1.1.1 ......................31-13 Figure 31-18 Example 3: Final Menu 15.1.1....................31-14 Figure 31-19 NAT Example 4...........................31-15...
Page 17 Prestige 662HW Series User’s Guide Figure 36-9 Menu 24.4 System Maintenance : Diagnostic ................36-7 Figure 37-1 Telnet in Menu 24.5........................37-2 Figure 37-2 FTP Session Example........................37-3 Figure 37-3 Telnet into Menu 24.6 ........................37-5 Figure 37-4 Restore Using FTP Session Example ..................... 37-6 Figure 37-5 Telnet Into Menu 24.7.1 Upload System Firmware ...............
Page 18 Prestige 662HW Series User’s Guide List of Tables Table 2-1 Web Configurator Screens Summary....................2-3 Table 3-1 Wizard Screen 1............................3-3 Table 3-2 Internet Connection with PPPoE ......................3-6 Table 3-3 Internet Connection with RFC 1483.....................3-6 Table 3-4 Internet Connection with ENET ENCAP .....................3-7 Table 3-5 Internet Connection with PPPoA......................3-8...
Page 19 Prestige 662HW Series User’s Guide Table 12-4 Customized Services........................12-10 Table 12-5 Firewall: Configure Customized Services ..................12-11 Table 12-6 Predefined Services........................12-15 Table 12-7 Firewall: Anti-Probing ........................12-18 Table 12-8 Firewall: Threshold........................12-20 Table 13-1 Content Filter: Keyword ........................13-2 Table 13-2 Content Filter: Schedule ........................
Page 20 Prestige 662HW Series User’s Guide Table 21-6 Diagnostic: General ..........................21-8 Table 21-7 Diagnostic: DSL Line ........................21-9 Table 21-8 Firmware Upgrade..........................21-10 Table 22-1 Main Menu Commands ........................22-2 Table 22-2 Main Menu Summary........................22-3 Table 23-1 Menu 1 General Setup ........................23-2 Table 23-2 Menu 1.1 Configure Dynamic DNS ....................23-3 Table 24-1 Menu 2 WAN Backup Setup......................24-1...
Page 21 Prestige 662HW Series User’s Guide Table 36-4 Menu 24.4 System Maintenance Menu : Diagnostic ............... 36-8 Table 37-1 Filename Conventions ........................37-2 Table 37-2 General Commands for GUI-based FTP Clients................37-3 Table 37-3 General Commands for GUI-based TFTP Clients ................37-4 Table 38-1 Menu 24.9.1 System Maintenance : Budget Management...............
Page 22 Prestige 662HW Series User’s Guide List of Charts Chart A-1 Troubleshooting the Start-Up of Your Prestige ...................A-1 Chart A-2 Troubleshooting the LAN LED ......................A-1 Chart A-3 Troubleshooting the DSL LED ......................A-1 Chart A-4 Troubleshooting the LAN Interface ....................A-2 Chart A-5 Troubleshooting the WAN Interface ....................A-2 Chart A-6 Troubleshooting Internet Access......................A-2...
Page 23: Preface
Prestige 662HW Series User’s Guide Preface Congratulations on your purchase of the Prestige 662HW Series 802.11g Wireless ADSL 2+ 4 Port Security Gateway. Register your product online to receive e-mail notices of firmware upgrades and information at www.zyxel.com for global products, or at www.us.zyxel.com...
Page 24 “in other words” throughout this manual. • The Prestige 662HW series 802.11g Wireless ADSL 2+ 4 Port Security Gateway may be referred to as the Prestige in this user’s guide. This refers to both models (ADSL over POTS and ADSL over ISDN) unless specifically identified.
Page 25: Introduction To Dsl
Introduction to DSL DSL (Digital Subscriber Line) technology enhances the data capacity of the existing twisted-pair wire that runs between the local telephone company switching offices and most homes and offices. While the wire itself can handle higher frequencies, the telephone switching equipment is designed to cut off signals above 4,000 Hz to filter noise off the voice line, but now everybody is searching for ways to get more bandwidth to improve access to the Web - hence DSL technologies.
Page 27: Getting Started
Getting Started Getting Started This part is structured as a step-by-step guide to help you access your Prestige. It covers key features and applications, accessing the web configurator and configuring the wizard screens for initial setup.
Page 29: Chapter 1 Getting To Know Your Prestige
Prestige 662HW Series User’s Guide Chapter 1 Getting To Know Your Prestige This chapter describes the key features and applications of your Prestige Introducing the Prestige Your Prestige integrates high-speed 10/100Mbps auto-negotiating LAN interface(s) and a high-speed ADSL port into a single package. The Prestige is ideal for high-speed Internet browsing and making LAN-to-LAN connections to remote networks.
Page 30: Web Configurator
Prestige 662HW Series User’s Guide High Speed Internet Access Your Prestige ADSL/ADSL2/ADSL2+ router can support downstream transmission rates of up to 24Mbps and upstream transmission rates of 3.5Mbps. Actual speeds attained depend on ISP DSLAM environment. Zero Configuration Internet Access...
Page 31: Bandwidth Management
Prestige 662HW Series User’s Guide IEEE 802.11 DATA RATE (MBPS) MODULATION DBPSK (Differential Binary Phase Shift Keyed) DQPSK (Differential Quadrature Phase Shift Keying 5.5 / 11 CCK (Complementary Code Keying) 6/9/12/18/24/36/48/54 OFDM (Orthogonal Frequency Division Multiplexing) The Prestige may be prone to RF (Radio Frequency) interference from other 2.4 GHz devices such as microwave ovens,...
Page 32 Prestige 662HW Series User’s Guide PPPoE Support (RFC2516) PPPoE (Point-to-Point Protocol over Ethernet) emulates a dial-up connection. It allows your ISP to use their existing network configuration with newer broadband technologies such as ADSL. The PPPoE driver on the Prestige is transparent to the computers on the LAN, which see only Ethernet and are not aware of PPPoE thus saving you from having to manage PPPoE clients on individual computers.
Page 33: Protocol Support
Prestige 662HW Series User’s Guide Protocol Support ♦ DHCP Support DHCP (Dynamic Host Configuration Protocol) allows the individual clients (computers) to obtain the TCP/IP configuration at start-up from a centralized DHCP server. The Prestige has built-in DHCP server capability enabled by default. It can assign IP addresses, an IP default gateway and DNS servers to DHCP clients.
Page 34: Lan Port
Prestige 662HW Series User’s Guide ♦ Remote Management via Telnet or Web ♦ SNMP manageable ♦ DHCP Server/Client/Relay ♦ Built-in Diagnostic Tools ♦ Syslog ♦ Telnet Support (Password-protected telnet access to internal configuration manager) ♦ TFTP/FTP server, firmware upgrade and configuration backup/support supported ♦...
Page 35: Firewall For Secure Broadband Internet Access
Prestige 662HW Series User’s Guide Figure 1-1 Prestige Internet Access Application Internet Single User Account For a SOHO (Small Office/Home Office) environment, your Prestige offers the Single User Account (SUA) feature that allows multiple users on the LAN (Local Area Network) to access the Internet concurrently for the cost of a single IP address.
Page 37: Chapter 2 Introducing The Web Configurator
Prestige 662HW Series User’s Guide Chapter 2 Introducing the Web Configurator This chapter describes how to access and navigate the web configurator. Web Configurator Overview The embedded web configurator allows you to manage the Prestige from anywhere through a browser such as Microsoft Internet Explorer or Netscape Navigator.
Page 38: Resetting The Prestige
Prestige 662HW Series User’s Guide Figure 2-2 Change Password at Login You should now see the SITE MAP screen. The Prestige automatically times out after five minutes of inactivity. Simply log back into the Prestige if this happens to you.
Page 39: Figure 2-3 Web Configurator Site Map Screen
Prestige 662HW Series User’s Guide Wizard Setup Navigation panel Logout Figure 2-3 Web Configurator SITE MAP Screen Click the icon (located in the top right corner of most screens) to view embedded help. Table 2-1 Web Configurator Screens Summary LINK...
Page 40 Prestige 662HW Series User’s Guide Table 2-1 Web Configurator Screens Summary LINK SUB-LINK FUNCTION Trusted Use this screen to exclude a range of users on the LAN from content filtering on your Prestige. Setup Use the screens to set up VPN tunnels.
Page 41: Chapter 3 Wizard Setup
Prestige 662HW Series User’s Guide Chapter 3 Wizard Setup This chapter provides information on the Wizard Setup screens in the web configurator. Wizard Setup Introduction Use the Wizard Setup screens to configure your system for Internet access settings and fill in the fields with the information in the Internet Account Information table in the Compact Guide.
Page 42: Multiplexing
Prestige 662HW Series User’s Guide Multiplexing There are two conventions to identify what protocols the virtual circuit (VC) is carrying. Be sure to use the multiplexing method required by your ISP. 3.3.1 VC-based Multiplexing In this case, by prior mutual agreement, each protocol is assigned to a specific virtual circuit; for example, VC1 carries IP, etc.
Page 43: Ip Address And Subnet Mask
Prestige 662HW Series User’s Guide Table 3-1 Wizard Screen 1 LABEL DESCRIPTION Mode From the Mode drop-down list box, select Routing (default) if your ISP allows multiple computers to share an Internet account. Otherwise select Bridge. Encapsulation Select the encapsulation type your ISP uses from the Encapsulation drop-down list box.
Page 44: Ip Address Assignment
Prestige 662HW Series User’s Guide IP Address Assignment A static IP is a fixed IP that your ISP gives you. A dynamic IP is not fixed; the ISP assigns you a different one each time. The Single User Account feature can be enabled or disabled if you have either a dynamic or static IP.
Page 45: Nailed-Up Connection (Ppp)
Prestige 662HW Series User’s Guide Regardless of your particular situation, do not create an arbitrary IP address; always follow the guidelines above. For more information on address assignment, please refer to RFC 1597, Address Allocation for Private Internets and RFC 1466, Guidelines for Management of IP Address Space.
Page 46: Figure 3-3 Internet Connection With Rfc 1483
Prestige 662HW Series User’s Guide Table 3-2 Internet Connection with PPPoE LABEL DESCRIPTION Service Name Type the name of your PPPoE service here. User Name Enter the user name exactly as your ISP assigned. If assigned a name in the form user@domain where domain identifies a service name, then enter both components exactly as given.
Page 47: Figure 3-4 Internet Connection With Enet Encap
Prestige 662HW Series User’s Guide Table 3-3 Internet Connection with RFC 1483 LABEL DESCRIPTION Select None, SUA Only or Full Feature from the drop-sown list box. Refer to the NAT Network Address Translation chapter for more details. Back Click Back to go back to the first wizard screen.
Page 48: Figure 3-5 Internet Connection With Pppoa
Prestige 662HW Series User’s Guide Table 3-4 Internet Connection with ENET ENCAP LABEL DESCRIPTION Select None, SUA Only or Full Feature from the drop-sown list box. Refer to the NAT Network Address Translation chapter for more details. Back Click Back to go back to the first wizard screen.
Page 49: Dhcp Setup
Prestige 662HW Series User’s Guide Table 3-5 Internet Connection with PPPoA LABEL DESCRIPTION Select Connect on Demand when you don't want the connection up all the time and specify an Connection idle time-out (in seconds) in the Max. Idle Timeout field. The default setting selects Connection on Demand with 0 as the idle time-out, which means the Internet session will not timeout.
Page 50: Figure 3-7 Wizard: Lan Configuration
Prestige 662HW Series User’s Guide Figure 3-6 Wizard Screen 3 If you want to change your Prestige LAN settings, click Change LAN Configuration to display the screen as shown next. Figure 3-7 Wizard: LAN Configuration The following table describes the fields in this screen.
Page 51: Wizard Setup Configuration: Connection Tests
Prestige 662HW Series User’s Guide Table 3-6 Wizard: LAN Configuration LABEL DESCRIPTION LAN IP Address Enter the IP address of your Prestige in dotted decimal notation, for example, 192.168.1.1 (factory default). If you changed the Prestige's LAN IP address, you must use the new IP address if you want to access the web configurator again.
Page 52: Test Your Internet Connection
Prestige 662HW Series User’s Guide Figure 3-8 Wizard Screen 4 3.14 Test Your Internet Connection Launch your web browser and navigate to www.zyxel.com. Internet access is just the beginning. Refer to the rest of this User’s Guide for more detailed information on the complete range of Prestige features.
Page 53: Password, Lan , Wireless Lan And Wan
Password, LAN, Wireless LAN and WAN Password, LAN , Wireless LAN and WAN This part covers the password, LAN (Local Area Network), Wireless LAN and WAN setup.
Page 55: Chapter 4 Password Setup
Prestige 662HW Series User’s Guide Chapter 4 Password Setup This chapter provides information on the Password screen. Password Overview It is highly recommended that you change the password for accessing the Prestige. Configuring Password To change your Prestige’s password (recommended), click Password. The screen appears as shown.
Page 57: Chapter 5 Lan Setup
Prestige 662HW Series User’s Guide Chapter 5 LAN Setup This chapter describes how to configure LAN settings. LAN Overview A Local Area Network (LAN) is a shared communication system to which many computers are attached. A LAN is a computer network limited to the immediate area, usually the same building or floor of a building.
Page 58: Dns Server Address Assignment
Prestige 662HW Series User’s Guide the DNS servers are conveyed through IPCP negotiation. The Prestige supports the IPCP DNS server extensions through the DNS proxy feature. If the Primary and Secondary DNS Server fields in the LAN Setup screen are not specified, for instance, left as 0.0.0.0, the Prestige tells the DHCP clients that it itself is the DNS server.
Page 59: Any Ip
Prestige 662HW Series User’s Guide ♦ Both - the Prestige will broadcast its routing table periodically and incorporate the RIP information that it receives. ♦ In Only - the Prestige will not send any RIP packets but will accept all RIP packets received.
Page 60: How Any Ip Works
Prestige 662HW Series User’s Guide computer to access the Internet without changing the network settings, even when the IP addresses of the computer and the Prestige are not in the same subnet. The Any IP feature does not apply to a computer using either a dynamic IP address or a static IP address that is in the same subnet as the Prestige’s IP address.
Page 61: Configuring Lan
Prestige 662HW Series User’s Guide Configuring LAN Click LAN and LAN Setup to open the following screen. Figure 5-2 LAN Setup The following table describes the fields in this screen. Table 5-1 LAN Setup LABEL DESCRIPTION DHCP If set to Server, your Prestige can assign IP addresses, an IP default gateway and DNS servers to Windows 95, Windows NT and other systems that support the DHCP client.
Page 62: Configuring Static Dhcp
Prestige 662HW Series User’s Guide Table 5-1 LAN Setup LABEL DESCRIPTION Enter the IP addresses of the DNS servers. The DNS servers are passed to the DHCP Primary DNS Server clients along with the IP address and the subnet mask.
Page 63: Figure 5-3 Lan: Static Dhcp
Prestige 662HW Series User’s Guide Figure 5-3 LAN: Static DHCP The following table describes the labels in this screen. Table 5-2 LAN: Static DHCP LABEL DESCRIPTION This is the index number of the Static IP table entry (row). MAC Address Type the MAC address (with colons) of a computer on your LAN.
Page 65: Chapter 6 Wireless Lan Setup
Prestige 662HW Series User’s Guide Chapter 6 Wireless LAN Setup This chapter discusses how to configure Wireless LAN on the Prestige. Wireless LAN Overview This section introduces the wireless LAN and some basic configurations. Wireless LANs can be as simple as two computers with wireless LAN cards communicating in a peer-to-peer network or as complex as a number of computers with wireless LAN cards communicating through access points which bridge network traffic to the wired LAN.
Page 66: Figure 6-1 Rts/Cts
Prestige 662HW Series User’s Guide “hear” each other, that is they do not know if the channel is currently being used. Therefore, they are considered hidden from each other. Figure 6-1 RTS/CTS When station A sends data to the Prestige, it might not know that the station B is already using the channel.
Page 67: Levels Of Security
Prestige 662HW Series User’s Guide Levels of Security Wireless security is vital to your network to protect wireless communication between wireless stations, access points and the wired network. The figure below shows the possible wireless security levels on your Prestige. EAP (Extensible Authentication Protocol) is used for authentication and utilizes dynamic WEP key exchange.
Page 68: Configuring Wireless Lan
Prestige 662HW Series User’s Guide Configuring Wireless LAN If you are configuring the Prestige from a computer connected to the wireless LAN and you change the Prestige’s ESSID or WEP settings, you will lose your wireless connection when you press Apply to confirm.
Page 69: Configuring Mac Filter
Prestige 662HW Series User’s Guide Table 6-1 Wireless LABEL DESCRIPTION Channel ID The radio frequency used by IEEE 802.11b wireless devices is called a channel. Select a channel from the drop-down list box. RTS/CTS The RTS (Request To Send) threshold (number of bytes) for enabling RTS/CTS handshake.
Page 70: Figure 6-4 Mac Address Filter
Prestige 662HW Series User’s Guide Figure 6-4 MAC Address Filter The following table describes the fields in this menu. Table 6-2 MAC Address Filter LABEL DESCRIPTION Active Select Yes from the drop down list box to enable MAC address filtering Action Define the filter action for the list of MAC addresses in the MAC Address table.
Page 71: Network Authentication
Prestige 662HW Series User’s Guide Table 6-2 MAC Address Filter LABEL DESCRIPTION Apply Click Apply to save your changes back to the Prestige. Click Cancel to begin configuring this screen afresh. Cancel Network Authentication You can set the Prestige and your network to authenticate a wireless station before the wireless station can communicate with the Prestige and the wired network to which the Prestige is connected.
Page 72: Eap Authentication Overview
Prestige 662HW Series User’s Guide • Access-Challenge Sent by a RADIUS server requesting more information in order to allow access. The access point sends a proper response from the user and then sends another Access-Request message. The following types of RADIUS messages are exchanged between the access point and the RADIUS server for user accounting: •...
Page 73: Wpa-Psk Application Example
Prestige 662HW Series User’s Guide WPA authentication purposes since the Local User Database uses EAP-MD5 which cannot be used to generate keys. See later in this chapter and the appendices for more information on IEEE 802.1x, RADIUS and EAP. Therefore, if you don’t have an external RADIUS server you should use WPA-PSK (WPA -Pre- Shared Key) that only requires a single (identical) password entered into each access point, wireless gateway and wireless client.
Page 74: Wpa With Radius Application Example
Prestige 662HW Series User’s Guide Figure 6-6 WPA - PSK Authentication WPA with RADIUS Application Example You need the IP address of the RADIUS server, its port number (default is 1812), and the RADIUS shared secret. A WPA application example with an external RADIUS server looks as follows. “A” is the RADIUS server.
Page 75: Security Parameters Summary
Prestige 662HW Series User’s Guide 6.10 Security Parameters Summary Refer to this table to see what other security parameters you should configure for each Authentication Method/ key management protocol type. You enter manual keys by first selecting 64-bit WEP or 128-bit WEP from the WEP Encryption field and then typing the keys (in ASCII or hexadecimal format) in the key text boxes.
Page 76: Figure 6-8 Wireless Lan: 802.1X/Wpa
Prestige 662HW Series User’s Guide Figure 6-8 Wireless LAN: 802.1x/WPA The following table describes the label in this screen. Table 6-4 Wireless LAN: 802.1x/WPA LABEL DESCRIPTION Wireless Port To control wireless stations access to the wired network, select a control method from the drop-down list box.
Page 77: Figure 6-9 Wireless Lan: 802.1X/Wpa For 802.1X Protocol
Prestige 662HW Series User’s Guide Figure 6-9 Wireless LAN: 802.1x/WPA for 802.1x Protocol The following table describes the labels in this screen. Table 6-5 Wireless LAN: 802.1x/WPA for 802.1x Protocol LABEL DESCRIPTION Wireless Port To control wireless stations access to the wired network, select a control method from the Control drop-down list box.
Page 78 Prestige 662HW Series User’s Guide Table 6-5 Wireless LAN: 802.1x/WPA for 802.1x Protocol LABEL DESCRIPTION Dynamic WEP Key This field is activated only when you select Authentication Required in the Wireless Port Exchange Control field. Also set the Authentication Databases field to RADIUS Only. Local user database may not be used.
Page 79: Figure 6-10 Wireless Lan: 802.1X/Wpa For Wpa Protocol
Prestige 662HW Series User’s Guide Figure 6-10 Wireless LAN: 802.1x/WPA for WPA Protocol The following table describes the labels not previously discussed Table 6-6 Wireless LAN: 802.1x/WPA for WPA Protocol LABEL DESCRIPTION Choose WPA in this field. Key Management Protocol...
Page 80: Figure 6-11 Wireless Lan: 802.1X/Wpa For Wpa-Psk Protocol
Prestige 662HW Series User’s Guide Authentication Required: WPA-PSK Select Authentication Required in the Wireless Port Control field and WPA-PSK in the Key Management Protocol field to display the next screen. Figure 6-11 Wireless LAN: 802.1x/WPA for WPA-PSK Protocol The following table describes the labels not previously discussed Table 6-7 Wireless LAN: 802.1x/WPA for WPA-PSK Protocol...
Page 81: Configuring Local User Authentication
Prestige 662HW Series User’s Guide 6.13 Configuring Local User Authentication By storing user profiles locally, your Prestige is able to authenticate wireless users without interacting with a network RADIUS server. However, there is a limit on the number of users you may authenticate in this way.
Page 82: Configuring Radius
Prestige 662HW Series User’s Guide Table 6-8 Local User Database LABEL DESCRIPTION This is the index number of a local user account. Active Select this check box to enable the user profile. User Name Enter the user name of the user profile.
Page 83 Prestige 662HW Series User’s Guide Table 6-9 RADIUS LABEL DESCRIPTION Port Number The default port of the RADIUS server for authentication is 1812. You need not change this value unless your network administrator instructs you to do so with additional information.
Page 85: Chapter 7 Wan Setup
Prestige 662HW Series User’s Guide Chapter 7 WAN Setup This chapter describes how to configure WAN settings. WAN Overview A WAN (Wide Area Network) is an outside connection to another network or the Internet. See the Wizard Setup chapter for more information on the fields in the WAN screens.
Page 86: Traffic Shaping
Prestige 662HW Series User’s Guide By implementing PPPoE directly on the Prestige (rather than individual computers), the computers on the LAN do not need PPPoE software installed, since the Prestige does that part of the task. Furthermore, with NAT, all of the LANs’ computers will have access.
Page 87: Configuring Wan Setup
Prestige 662HW Series User’s Guide Zero configuration for Internet access is disable when ♦ the Prestige is in bridge mode ♦ you set the Prestige to use a static (fixed) WAN IP address. Configuring WAN Setup To change your Prestige’s WAN remote node settings, click WAN and WAN Setup.
Page 88: Table 7-1 Wan Setup
Prestige 662HW Series User’s Guide Table 7-1 WAN Setup LABEL DESCRIPTION Name Enter the name of your Internet Service Provider, e.g., MyISP. This information is for identification purposes only. Mode Select Routing (default) from the drop-down list box if your ISP allows multiple computers to share an Internet account.
Page 89 Prestige 662HW Series User’s Guide Table 7-1 WAN Setup LABEL DESCRIPTION IP Address This option is available if you select Routing in the Mode field. A static IP address is a fixed IP that your ISP gives you. A dynamic IP address is not fixed;...
Page 90: Traffic Redirect
Prestige 662HW Series User’s Guide Table 7-1 WAN Setup LABEL DESCRIPTION Cancel Click Cancel to begin configuring this screen afresh. Traffic Redirect Traffic redirect forwards traffic to a backup gateway when the Prestige cannot connect to the Internet. An example is shown in the figure below.
Page 91: Configuring Wan Backup
Prestige 662HW Series User’s Guide Figure 7-4 Traffic Redirect LAN Setup Configuring WAN Backup To change your Prestige’s WAN backup settings, click WAN, then WAN Backup. The screen appears as shown. Figure 7-5 WAN Backup The following table describes the fields in this screen.
Page 92: Table 7-2 Wan Backup
Prestige 662HW Series User’s Guide Table 7-2 WAN Backup LABEL DESCRIPTION Backup Type Select the method that the Prestige uses to check the DSL connection. Select DSL Link to have the Prestige check if the connection to the DSLAM is up.
Page 93: Configuring Advanced Wan Backup
Prestige 662HW Series User’s Guide Table 7-2 WAN Backup LABEL DESCRIPTION Active Select this check box to turn on dial backup. If you activate traffic redirect, you must configure at least one Check WAN IP Address. Metric This field sets this route's priority among the three routes the Prestige uses (normal, traffic redirect and dial backup).
Page 94: Figure 7-6 Advanced Wan Backup
Prestige 662HW Series User’s Guide Figure 7-6 Advanced WAN Backup The following table describes the fields in this screen. Advanced WAN Backup Table 7-3 LABEL DESCRIPTION Basic Login Name Type the login name assigned by your ISP. 7-10 WAN Setup...
Page 95: Table 7-3 Advanced Wan Backup
Prestige 662HW Series User’s Guide Advanced WAN Backup Table 7-3 LABEL DESCRIPTION Password Type the password assigned by your ISP. Retype to Confirm Type your password again to make sure that you have entered is correctly. Authentication Type Use the drop-down list box to select an authentication protocol for outgoing calls.
Page 96: At Command Strings
Prestige 662HW Series User’s Guide Advanced WAN Backup Table 7-3 LABEL DESCRIPTION RIP Direction RIP (Routing Information Protocol) allows a router to exchange routing information with other routers. The RIP Direction field controls the sending and receiving of RIP packets.
Page 97: Dtr Signal
Prestige 662HW Series User’s Guide For ISDN lines, there are many more protocols and operational modes. Please consult the documentation of your TA. You may need additional commands in both “Dial” and “Init” strings. 7.11 DTR Signal The majority of WAN devices default to hanging up the current call when the DTR (Data Terminal Ready) signal is dropped by the DTE.
Page 98: Table 7-4 Advanced Modem Setup
Prestige 662HW Series User’s Guide Table 7-4 Advanced Modem Setup LABEL DESCRIPTION AT Command Strings Dial Type the AT Command string to make a call. Example: atdt Drop Type the AT Command string to drop a call. "~" represents a one second wait, for example, "~~+++~~ath"...
Page 99: Nat, Dynamic Dns And Time And Date
NAT, Dynamic DNS and Time and Date NAT, Dynamic DNS and Time and Date This part covers NAT (Network Address Translation), dynamic DNS (Domain Name Sever) and Time and Date setup.
Page 101: Chapter 8 Network Address Translation (Nat) Screens
Prestige 662HW Series User’s Guide Chapter 8 Network Address Translation (NAT) Screens This chapter discusses how to configure NAT on the Prestige. NAT Overview NAT (Network Address Translation - NAT, RFC 1631) is the translation of the IP address of a host in a packet, for example, the source address of an outgoing packet, used within one network to a different IP address known within another network.
Page 102: Figure 8-1 How Nat Works
Prestige 662HW Series User’s Guide firewall protection. With no servers defined, your Prestige filters out all incoming inquiries, thus preventing intruders from probing your network. For more information on IP address translation, refer to RFC 1631, The IP Network Address Translator (NAT).
Page 103: Figure 8-2 Nat Application With Ip Alias
Prestige 662HW Series User’s Guide Figure 8-2 NAT Application With IP Alias 8.1.5 NAT Mapping Types NAT supports five types of IP/port mapping. They are: One to One: In One-to-One mode, the Prestige maps one local IP address to one global IP address.
Page 104: Sua (Single User Account) Versus Nat
Prestige 662HW Series User’s Guide Table 8-2 NAT Mapping Types TYPE IP MAPPING SMT ABBREVIATION ILA2 IGA1 … Many-to-Many Overload ILA1 IGA1 M:M Ov ILA2 IGA2 ILA3 IGA1 ILA4 IGA2 … Many-to-Many No Overload ILA1 IGA1 M:M No OV ILA2...
Page 105: Selecting The Nat Mode
Prestige 662HW Series User’s Guide If you do not assign an IP address in Server Set 1 (default server), the Prestige discards all packets received for ports that are not specified here or in the remote management setup. 8.3.1 Port Forwarding: Services and Port Numbers The most often used port numbers are shown in the following table.
Page 106: Configuring Sua Server
Prestige 662HW Series User’s Guide Click NAT to open the following screen. Figure 8-4 NAT Mode The following table describes the labels in this screen. Table 8-4 NAT Mode LABEL DESCRIPTION None Select this radio button to disable NAT. Select this radio button if you have just one public WAN IP address for your Prestige. The SUA Only Prestige uses Address Mapping Set 1 in the NAT - Edit SUA/NAT Server Set screen.
Page 107: Configuring Address Mapping
Prestige 662HW Series User’s Guide Figure 8-5 Edit SUA/NAT Server Set The following table describes the fields in this screen. Table 8-5 Edit SUA/NAT Server Set LABEL DESCRIPTION Start Port No. Enter a port number in this field. To forward only one port, enter the port number again in the End Port No. field.
Page 108: Figure 8-6 Address Mapping Rules
Prestige 662HW Series User’s Guide will be pushed up by that number of empty rules. For example, if you have already configured rules 1 to 6 in your current set and now you configure rule number 9. In the set summary screen, the new rule will be rule 7, not 9.
Page 109: Editing An Address Mapping Rule
Prestige 662HW Series User’s Guide Table 8-6 Address Mapping Rules LABEL DESCRIPTION Type 1-1: One-to-one mode maps one local IP address to one global IP address. Note that port numbers do not change for the One-to-one NAT mapping type. M-1: Many-to-One mode maps multiple local IP addresses to one global IP address. This is equivalent to SUA (i.e., PAT, port address translation), ZyXEL's Single User Account...
Page 110: Table 8-7 Address Mapping Rule Edit
Prestige 662HW Series User’s Guide Table 8-7 Address Mapping Rule Edit LABEL DESCRIPTION Type Choose the port mapping type from one of the following. 1. One-to-One: One-to-One mode maps one local IP address to one global IP address. Note that port numbers do not change for One-to-one NAT mapping type.
Page 111: Chapter 9 Dynamic Dns Setup
Prestige 662HW Series User’s Guide Chapter 9 Dynamic DNS Setup This chapter discusses how to configure your Prestige to use Dynamic DNS. Dynamic DNS Dynamic DNS allows you to update your current dynamic IP address with one or many dynamic DNS services so that anyone can contact you (in NetMeeting, CU-SeeMe, etc.).
Page 112: Table 9-1 Dynamic Dns
Prestige 662HW Series User’s Guide Table 9-1 Dynamic DNS LABEL DESCRIPTION Active Select this check box to use dynamic DNS. Service Provider This is the name of your Dynamic DNS service provider. Host Names Type the domain name assigned to your Prestige by your Dynamic DNS provider.
Page 113: Chapter 10 Time And Date
Prestige 662HW Series User’s Guide Chapter 10 Time and Date This screen is not available on all models. Use this screen to configure the Prestige’s time and date settings. 10.1 Configuring Time and Date To change your Prestige’s time and date, click Time And Date. The screen appears as shown. Use this screen to configure the Prestige’s time based on your local time zone.
Page 114 Prestige 662HW Series User’s Guide Table 10-1 Time and Date LABEL DESCRIPTION Use Protocol when Select the time service protocol that your time server sends when you turn on the Bootup Prestige. Not all time servers support all protocols, so you may have to check with your ISP/network administrator or use trial and error to find a protocol that works.
Page 115: Firewall, Content Filter And Anti-Virus Packet Scan
Firewall, Content Filter and Anti-Virus Packet Scan Firewall, Content Filter and Anti-Virus Packet Scan This part introduces firewalls in general and the Prestige firewall. It also explains customized services and logs and gives example firewall rules and an overview of content filtering. Anti-virus packet scan is also discussed in this part.
Page 117: Chapter 11 Firewalls
Prestige 662HW Series User’s Guide Chapter 11 Firewalls This chapter gives some background information on firewalls and introduces the Prestige firewall. 11.1 Firewall Overview Originally, the term firewall referred to a construction technique designed to prevent the spread of fire from one room to another.
Page 118: Stateful Inspection Firewalls
Prestige 662HW Series User’s Guide 11.2.3 Stateful Inspection Firewalls Stateful inspection firewalls restrict access by screening data packets against defined access rules. They make access control decisions based on IP address and protocol. They also "inspect" the session data to assure the integrity of the connection and to adapt to dynamic protocols. These firewalls generally provide the best speed and transparency, however, they may lack the granular application level access control or caching that some proxies support.
Page 119: Denial Of Service
Prestige 662HW Series User’s Guide 11.4 Denial of Service Denials of Service (DoS) attacks are aimed at devices and networks with a connection to the Internet. Their goal is not to steal information, but to disable a device or network so users no longer have access to network resources.
Page 120: Figure 11-2 Three-Way Handshake
Prestige 662HW Series User’s Guide 2. Weaknesses in the TCP/IP specification leave it open to "SYN Flood" and "LAND" attacks. These attacks are executed during the handshake that initiates a communication session between two applications. Figure 11-2 Three-Way Handshake Under normal circumstances, the application that initiates a session sends a SYN (synchronize) packet to the receiving server.
Page 121: Figure 11-4 Smurf Attack
Prestige 662HW Series User’s Guide numerous hosts, this will create a large amount of ICMP echo request and response traffic. If a hacker chooses to spoof the source IP address of the ICMP echo request packet, the resulting ICMP traffic will not only clog up the "intermediary" network, but will also congest the network of the spoofed source IP address, known as the "victim"...
Page 122: Stateful Inspection
Prestige 662HW Series User’s Guide Traceroute Traceroute is a utility used to determine the path a packet takes between two endpoints. Sometimes when a packet filter firewall is configured incorrectly an attacker can traceroute the firewall gaining knowledge of the network topology inside the firewall.
Page 123: Stateful Inspection Process
Prestige 662HW Series User’s Guide 11.5.1 Stateful Inspection Process In this example, the following sequence of events occurs when a TCP packet leaves the LAN network through the firewall's WAN interface. The TCP packet is the first in a session, and the packet's application layer protocol is configured for a firewall rule inspection: 1.
Page 124: Tcp Security
Prestige 662HW Series User’s Guide block all access to the Internet. Use extreme caution when creating or deleting firewall rules. Test changes after creating them to make sure they work correctly. Below is a brief technical description of how these connections are tracked. Connections may either be defined by the upper protocols (for instance, TCP), or by the Prestige itself (as with the "virtual...
Page 125: Guidelines For Enhancing Security With Your Firewall
Prestige 662HW Series User’s Guide Consider the FTP protocol. A user on the LAN opens a control connection to a server on the Internet and requests a file. At this point, the remote server will open a data connection from the Internet. For FTP to work properly, this connection must be allowed to pass through even though a connection from the Internet would normally be rejected.
Page 126: Packet Filtering Vs Firewall
Prestige 662HW Series User’s Guide ♦ Never reveal your IP address or other system networking information to people outside your company. Be careful of files e-mailed to you from strangers. One common way of getting BackOrifice on a system is to include it as a Trojan horse with other files.
Page 127 Prestige 662HW Series User’s Guide request for that packet and allowed in. Conversely, an incoming packet masquerading as a response to a nonexistent outbound request can be blocked. ♦ The firewall uses session filtering, i.e., smart rules, that enhance the filtering process and control the network session rather than control individual packets in a session.
Page 129: Chapter 12 Firewall Configuration
Prestige 662HW Series User’s Guide Chapter 12 Firewall Configuration This chapter shows you how to enable and configure the Prestige firewall. 12.1 Access Methods The web configurator is, by far, the most comprehensive firewall configuration tool your Prestige has to offer. For this reason, it is recommended that you configure your firewall using the web configurator.
Page 130: Rule Logic Overview
Prestige 662HW Series User’s Guide ♦ Allow everyone except your competitors to access a Web server. ♦ Restrict use of certain protocols, such as Telnet, to authorized users on the LAN. These custom rules work by comparing the Source IP address, Destination IP address and IP protocol type of network traffic to rules set by the administrator.
Page 131: Source Address
Prestige 662HW Series User’s Guide “Block” means the firewall silently discards the packet. Service Select the service from the Service scrolling list box. If the service is not listed, it is necessary to first define it. See section 12.10 for more information on predefined services.
Page 132: Configuring Basic Firewall Settings
Prestige 662HW Series User’s Guide Figure 12-2 WAN to LAN Traffic 12.4.3 Alerts Alerts are reports on events, such as attacks, that you may want to know about right away. You can choose to generate an alert when an attack is detected in the Edit Rule screen (select the Send Alert...
Page 133: Rule Summary
Prestige 662HW Series User’s Guide Table 12-1 Firewall: Default Policy LABEL DESCRIPTION Allow Select this check box to have the Prestige firewall permit the use of triangle route topology Asymmetrical on the network. See the appendix for more on triangle route topology.
Page 134: Figure 12-4 Firewall: Rule Summary
Prestige 662HW Series User’s Guide Figure 12-4 Firewall: Rule Summary Table 12-2 Rule Summary LABEL DESCRIPTION Firewall Rules This read-only bar shows how much of the Prestige's memory for recording firewall rules it is Storage Space in currently using. When you are using 80% or less of the storage space, the bar is green.
Page 135: Configuring Firewall Rules
Prestige 662HW Series User’s Guide Table 12-2 Rule Summary LABEL DESCRIPTION Action This is the specified action for that rule, either Block or Forward. Note that Block means the firewall silently discards the packet. Schedule This field tells you whether a schedule is specified (Yes) or not (No).
Page 136: Figure 12-5 Firewall: Edit Rule
Prestige 662HW Series User’s Guide Figure 12-5 Firewall: Edit Rule The following table describes the labels in this screen. 12-8 Firewall Configuration...
Page 137: Table 12-3 Firewall: Edit Rule
Prestige 662HW Series User’s Guide Table 12-3 Firewall: Edit Rule LABEL DESCRIPTION Active Select this option to enable this firewall rule. Action for Use the radio button to select whether to discard (Block) or allow the passage of (Forward) Matched Packet packets that match this rule.
Page 138: Customized Services
Prestige 662HW Series User’s Guide 12.7 Customized Services Configure customized services and port numbers not predefined by the Prestige. For a comprehensive list of port numbers and services, visit the IANA (Internet Assigned Number Authority) website. For further information on these services, please read section 12.10. Click the Available Services link while editing a firewall rule to configure a custom service port.
Page 139: Example Firewall Rule
Prestige 662HW Series User’s Guide Figure 12-7 Firewall: Configure Customized Services The following table describes the labels in this screen. Table 12-5 Firewall: Configure Customized Services LABEL DESCRIPTION Service Name Type a unique name for your custom port. Service Type Choose the IP port (TCP, UDP or TCP/UDP) that defines your customized port from the drop down list box.
Page 140: Figure 12-8 Firewall Example: Rule Summary
Prestige 662HW Series User’s Guide Figure 12-8 Firewall Example: Rule Summary In the Rule Summary screen, type the index number for where you want to put the rule. For example, if you type “6”, your new rule becomes number 6 and the previous rule 6 (if there is one) becomes rule 7.
Page 141: Figure 12-10 Edit Custom Port Example
Prestige 662HW Series User’s Guide In the Edit Rule screen, click the Available Services link to open the Customized Service Config screen. Configure it as follows and click Apply. Figure 12-10 Edit Custom Port Example In the Edit Rule screen, use the Add>> and Remove buttons between Available Services and Selected Services list boxes to configure it as follows.
Page 142: Figure 12-11 Firewall Example: Edit Rule: Select Customized Services
Prestige 662HW Series User’s Guide Figure 12-11 Firewall Example: Edit Rule: Select Customized Services 12-14 Firewall Configuration...
Page 143: Predefined Services
Prestige 662HW Series User’s Guide Custom ports show up with an “*” before their names in the Services list box and the Rule Summary list box. Click Apply after you’ve created your custom port. On completing the configuration procedure for this Internet firewall rule, the Rule Summary screen should look like the following.
Page 144: Finger
Prestige 662HW Series User’s Guide Table 12-6 Predefined Services SERVICE DESCRIPTION BOOTP_CLIENT(UDP:68) DHCP Client. BOOTP_SERVER(UDP:67) DHCP Server. CU-SEEME(TCP/UDP:7648, A popular videoconferencing solution from White Pines Software. 24032) DNS(UDP/TCP:53) Domain Name Server, a service that matches web names (e.g. ) to IP numbers.
Page 145: Anti-Probing
Prestige 662HW Series User’s Guide Table 12-6 Predefined Services SERVICE DESCRIPTION RTSP(TCP/UDP:554) The Real Time Streaming (media control) Protocol (RTSP) is a remote control for multimedia on the Internet. SFTP(TCP:115) Simple File Transfer Protocol. SMTP(TCP:25) Simple Mail Transfer Protocol is the message-exchange standard for the Internet.
Page 146: Configuring Attack Alert
Prestige 662HW Series User’s Guide Figure 12-13 Firewall: Anti-Probing The following table describes the labels in this screen. Table 12-7 Firewall: Anti-Probing LABEL DESCRIPTION Respond to PING The Prestige does not respond to any incoming Ping requests when Disable is selected.
Page 147: Threshold Values
Prestige 662HW Series User’s Guide 12.12.1 Threshold Values Tune these parameters when something is not working and after you have checked the firewall counters. These default values should work fine for most small offices. Factors influencing choices for threshold values are: ♦...
Page 148: Figure 12-14 Firewall: Threshold
Prestige 662HW Series User’s Guide The Prestige also sends alerts whenever TCP Maximum Incomplete is exceeded. The global values specified for the threshold and timeout apply to all TCP connections. Click Firewall, and Threshold to bring up the next screen.
Page 149 Prestige 662HW Series User’s Guide Table 12-8 Firewall: Threshold LABEL DESCRIPTION DEFAULT VALUES Maximum This is the number of existing half-open sessions 100 existing half-open sessions. Incomplete High that causes the firewall to start deleting half-open The above values causes the sessions.
Page 151: Chapter 13 Content Filtering
Prestige 662HW Series User’s Guide Chapter 13 Content Filtering This chapter covers how to configure content filtering. 13.1 Content Filtering Overview Internet content filtering allows you to create and enforce Internet access policies tailored to your needs. Content filtering gives you the ability to block web sites that contain key words (that you specify) in the URL.
Page 152: Configuring The Schedule
Prestige 662HW Series User’s Guide Table 13-1 Content Filter: Keyword LABEL DESCRIPTION Enable Keyword Blocking Select this check box to enable this feature. Block Websites that contain This box contains the list of all the keywords that you have configured the Prestige to these keywords in the URL: block.
Page 153: Configuring Trusted Computers
Prestige 662HW Series User’s Guide Table 13-2 Content Filter: Schedule LABEL DESCRIPTION Days to Block: Select a check box to configure which days of the week (or everyday) you want the content filtering to be active. Time of Day to...
Page 155: Chapter 14 Anti-Virus Packet Scan
Prestige 662HW Series User’s Guide Chapter 14 Anti-Virus Packet Scan This chapter introduces and shows you how to configure the anti-virus packet scan. 14.1 Overview A computer virus is a small program designed to corrupt and/or alter the operation of other legitimate programs.
Page 156: Computer Virus Infection And Prevention
Prestige 662HW Series User’s Guide 14.2.1 Computer Virus Infection and Prevention The follow describes a simplistic life cycle of a computer virus. A computer gets a copy of a virus from an unknown source (such as the Internet, e-mail or removable storage media).
Page 157: Anti-Virus Packet Scan Configuration
Prestige 662HW Series User’s Guide ♦ Simultaneous file downloads (for example, when you use the FlashGet download program). 14.4 Anti-virus Packet Scan Configuration Click Anti Virus and Packet Scan to display the configuration screen as shown next. Figure 14-2 Anti Virus: Packet Scan The following table describes the labels in this screen.
Page 158: Registration And Online Update
Prestige 662HW Series User’s Guide Table 14-2 Anti Virus: Packet Scan LABEL DESCRIPTION Cancel Click Cancel to return to the previously saved settings. 14.5 Registration and Online Update Before you can use the anti-virus packet scan on the Prestige, you must register for the anti-virus service in the Registration and Virus Information Update screen.
Page 159: Figure 14-4 Virus Scan Update In Progress
Prestige 662HW Series User’s Guide Table 14-3 Anti Virus: Registration and Virus Information Update LABEL DESCRIPTION Activation After you have successfully registered for the anti-virus service, click Activate to enable and start using the anti-virus feature. Virus Information Set the fields below to configure the Prestige to automatically update the virus pattern file.
Page 160: Figure 14-5 Virus Scan Update Successful
Prestige 662HW Series User’s Guide Figure 14-5 Virus Scan Update Successful The Prestige automatically restarts after the virus scan update is complete. 14-6 Anti-Virus Packet Scan...
Page 161: Vpn/Ipsec
VPN/IPSec VPN/IPSec This part provides information about configuring VPN/IPSec for secure communications.
Page 163: Chapter 15 Introduction To Ipsec
Prestige 662HW Series User’s Guide Chapter 15 Introduction to IPSec This chapter introduces the basics of IPSec VPNs. 15.1 VPN Overview A VPN (Virtual Private Network) provides secure communications between sites without the expense of leased site-to-site lines. A secure VPN is a combination of tunneling, encryption, authentication, access control and auditing technologies/services used to transport traffic over the Internet or any insecure network that uses the TCP/IP protocol suite for communication.
Page 164: Data Confidentiality
Prestige 662HW Series User’s Guide Figure 15-1 Encryption and Decryption Data Confidentiality The IPSec sender can encrypt packets before transmitting them across a network. Data Integrity The IPSec receiver can validate packets sent by the IPSec sender to ensure that the data has not been altered during transmission.
Page 165: Encapsulation
Prestige 662HW Series User’s Guide Figure 15-2 IPSec Architecture 15.2.1 IPSec Algorithms The ESP (Encapsulating Security Payload) Protocol (RFC 2406) and AH (Authentication Header) protocol (RFC 2402) describe the packet formats and the default standards for packet structure (including implementation algorithms).
Page 166: Transport Mode
Prestige 662HW Series User’s Guide 15.3.1 Transport Mode Transport mode is used to protect upper layer protocols and only affects the data in the IP packet. In Transport mode, the IP packet contains the security protocol (AH or ESP) located after the original IP header and options, but before any upper layer protocols contained in the packet (such as TCP and UDP).
Page 167: Table 15-1 Vpn And Nat
Prestige 662HW Series User’s Guide Transport mode ESP with authentication is not compatible with NAT, although NAT traversal provides a way to use Transport mode ESP when there is a NAT router between the IPSec endpoints (see section 16.7 for details).
Page 169: Chapter 16 Vpn Screens
Prestige 662HW Series User’s Guide Chapter 16 VPN Screens This chapter introduces the VPN screens. See the Logs chapter for information on viewing logs and the appendix for IPSec log descriptions. 16.1 VPN/IPSec Overview Use the screens documented in this chapter to configure rules for VPN connections and manage VPN connections.
Page 170: My Ip Address
Prestige 662HW Series User’s Guide Table 16-1 AH and ESP Advanced Encryption Standard is a newer method of data encryption that also uses a secret key. This implementation of AES applies a 128-bit key to 128-bit blocks of data. AES is faster than 3DES.
Page 171: Figure 16-1 Ipsec Summary Fields
Prestige 662HW Series User’s Guide Figure 16-1 IPSec Summary Fields Local and remote IP addresses must be static. Click VPN and Setup to open the VPN Summary screen. This is a read-only menu of your IPSec rules (tunnels). The IPSec summary menu is read-only. Edit a VPN by selecting an index number and then configuring its associated submenus.
Page 172: Keep Alive
Prestige 662HW Series User’s Guide Table 16-2 VPN Summary LABEL DESCRIPTION This is the VPN policy index number. Click a number to edit VPN policies. Name This field displays the identification name for this VPN policy. This field displays whether the VPN policy is active or not. A Yes signifies that this VPN policy Active is active.
Page 173: Nat Traversal
Prestige 662HW Series User’s Guide When there is outbound traffic with no inbound traffic, the Prestige automatically drops the tunnel after two minutes. 16.7 NAT Traversal NAT traversal allows you to set up a VPN connection when there are NAT routers between the two IPSec routers.
Page 174: Id Type And Content
Prestige 662HW Series User’s Guide Figure 16-4 VPN Host using Intranet DNS Server Example If you do not specify an Intranet DNS server on the remote network, then the VPN host must use IP addresses to access the computers on the remote network.
Page 175: Table 16-4 Peer Id Type And Content Fields
Prestige 662HW Series User’s Guide Table 16-3 Local ID Type and Content Fields LOCAL ID TYPE= CONTENT= The domain name or e-mail address that you use in the Content field is used for identification purposes only and does not need to be a real domain name or e-mail address.
Page 176: Pre-Shared Key
Prestige 662HW Series User’s Guide 16.9 Pre-Shared Key A pre-shared key identifies a communicating party during a phase 1 IKE negotiation (see section 16.11 for more on IKE phases). It is called “pre-shared” because you have to share it with another party before you can communicate with them over a secure connection.
Page 177: Table 16-7 Vpn Ike
Prestige 662HW Series User’s Guide Table 16-7 VPN IKE LABEL DESCRIPTION IPSec Setup Active Select this check box to activate this VPN policy. This option determines whether a VPN rule is applied before a packet leaves the firewall. Keep Alive Select either Yes or No from the drop-down list box.
Page 178 Prestige 662HW Series User’s Guide Table 16-7 VPN IKE LABEL DESCRIPTION End / Subnet Mask When the Local Address Type field is configured to Single, this field is N/A. When the Local Address Type field is configured to Range, enter the end (static) IP address, in a range of computers on the LAN behind your Prestige.
Page 179 Prestige 662HW Series User’s Guide Table 16-7 VPN IKE LABEL DESCRIPTION My IP Address Enter the WAN IP address of your Prestige. The VPN tunnel has to be rebuilt if this IP address changes. The following applies if this field is configured as 0.0.0.0: The Prestige uses the current Prestige WAN IP address (static or dynamic) to set up the VPN tunnel.
Page 180: Ike Phases
Prestige 662HW Series User’s Guide Table 16-7 VPN IKE LABEL DESCRIPTION Pre-Shared Key Type your pre-shared key in this field. A pre-shared key identifies a communicating party during a phase 1 IKE negotiation. It is called "pre-shared" because you have to share it with another party before you can communicate with them over a secure connection.
Page 181: Figure 16-6 Two Phases To Set Up The Ipsec Sa
Prestige 662HW Series User’s Guide Figure 16-6 Two Phases to Set Up the IPSec SA In phase 1 you must: Choose a negotiation mode. Authenticate the connection by entering a pre-shared key. Choose an encryption algorithm. Choose an authentication algorithm.
Page 182: Configuring Advanced Ike Settings
Prestige 662HW Series User’s Guide number). This mode features identity protection (your identity is not revealed in the negotiation). Aggressive Mode is quicker than Main Mode because it eliminates several steps when the communicating parties are negotiating authentication (phase 1). However the trade-off is that faster speed limits its negotiating power and it also does not provide identity protection.
Page 183: Figure 16-7 Vpn Ike: Advanced Setup
Prestige 662HW Series User’s Guide Figure 16-7 VPN IKE: Advanced Setup The following table describes the fields in this screen. Table 16-8 VPN IKE: Advanced Setup LABEL DESCRIPTION VPN - IKE Protocol Enter 1 for ICMP, 6 for TCP, 17 for UDP, etc. 0 is the default and signifies any protocol.
Page 184 Prestige 662HW Series User’s Guide Table 16-8 VPN IKE: Advanced Setup LABEL DESCRIPTION Enter a port number in this field to define a port range. This port number must be greater than that specified in the previous field. If Remote Start Port is left at 0, End will also remain at 0.
Page 185: Manual Key Setup
Prestige 662HW Series User’s Guide Table 16-8 VPN IKE: Advanced Setup LABEL DESCRIPTION Encryption Algorithm This field is available when you select ESP in the Active Protocol field. Select DES, 3DES, AES or NULL from the drop-down list box. When you use one of these encryption algorithms for data communications, both the...
Page 186: Configuring Manual Key
Prestige 662HW Series User’s Guide 16.14 Configuring Manual Key You only configure VPN Manual Key when you select Manual in the IPSec Key Mode field on the VPN IKE screen. This is the VPN Manual Key screen as shown next.
Page 187 Prestige 662HW Series User’s Guide Table 16-9 VPN: Manual Key LABEL DESCRIPTION Name Type up to 32 characters to identify this VPN policy. You may use any character, including spaces, but the Prestige drops trailing spaces. IPSec Key Mode Select IKE or Manual from the drop-down list box. Manual is a useful option for troubleshooting if you have problems using IKE key management.
Page 188: Viewing Sa Monitor
Prestige 662HW Series User’s Guide Table 16-9 VPN: Manual Key LABEL DESCRIPTION Address Information My IP Address Enter the WAN IP address of your Prestige. The VPN tunnel has to be rebuilt if this IP address changes. The following applies if this field is configured as 0.0.0.0: The Prestige uses the current Prestige WAN IP address (static or dynamic) to set up the VPN tunnel.
Page 189: Figure 16-9 Vpn: Sa Monitor
Prestige 662HW Series User’s Guide When there is outbound traffic but no inbound traffic, the SA times out automatically after two minutes. A tunnel with no outbound or inbound traffic is "idle" and does not timeout until the SA lifetime period expires. See section 16.6 on keep alive to have the Prestige renegotiate an IPSec SA when the SA lifetime expires, even if there is no traffic.
Page 190: Configuring Global Setting
Prestige 662HW Series User’s Guide Table 16-10 VPN: SA Monitor LABEL DESCRIPTION Disconnect Select Disconnect next to a security association and then click Apply to stop that security association. Back Click Back to return to the previous screen. Apply Click Apply to save your changes back to the Prestige.
Page 191: Figure 16-11 Telecommuters Sharing One Vpn Rule Example
Prestige 662HW Series User’s Guide 16.17.1 Telecommuters Sharing One VPN Rule Example See the following figure and table for an example configuration that allows multiple telecommuters (A, B and C in the figure) to use one VPN rule to simultaneously access a Prestige at headquarters (HQ in the figure).
Page 192: Figure 16-12 Telecommuters Using Unique Vpn Rules Example
Prestige 662HW Series User’s Guide Figure 16-12 Telecommuters Using Unique VPN Rules Example Table 16-13 Telecommuters Using Unique VPN Rules Example TELECOMMUTERS HEADQUARTERS All Telecommuter Rules: All Headquarters Rules: My IP Address 0.0.0.0 My IP Address: bigcompanyhq.com Secure Gateway Address: bigcompanyhq.com Local IP Address: 192.168.1.10...
Page 193: Vpn And Remote Management
Prestige 662HW Series User’s Guide 16.18 VPN and Remote Management If a VPN tunnel uses Telnet, FTP, WWW, then you should configure remote management (Remote Management) to allow access for that service. VPN Screens 16-25...
Page 195: Remote Management, Upnp And Logs
Remote Management, UPnP and Logs Remote Management, UPnP and Logs This part contains information on how to configure the Prestige for remote management, setting up Universal Plug and Play (UPnP) and setting up and displaying logs.
Page 197: Chapter 17 Remote Management Configuration
Prestige 662HW Series User’s Guide Chapter 17 Remote Management Configuration This chapter provides information on configuring remote management. 17.1 Remote Management Overview Remote management allows you to determine which services/protocols can access which Prestige interface (if any) from which computers.
Page 198: Telnet
Prestige 662HW Series User’s Guide ♦ Use the Prestige’s LAN IP address when configuring from the LAN. 17.1.3 System Timeout There is a default system management idle timeout of five minutes (three hundred seconds). The Prestige automatically logs you out if the management session remains idle for longer than this timeout period.
Page 199: Figure 17-2 Remote Management
Prestige 662HW Series User’s Guide Table 17-1 Remote Management LABEL DESCRIPTION Server Type Each of these labels denotes a service that you may use to remotely manage the Prestige. Access Status Select the access interface. Choices are All, LAN Only, WAN Only and Disable.
Page 201: Chapter 18 Universal Plug-And-Play (Upnp)
Prestige 662HW Series User’s Guide Chapter 18 Universal Plug-and-Play (UPnP) This chapter introduces the UPnP feature in the web configurator. 18.1 Introducing Universal Plug and Play Universal Plug and Play (UPnP) is a distributed, open networking standard that uses TCP/IP for simple peer-to-peer network connectivity between devices.
Page 202: Installing Upnp In Windows Example
Prestige 662HW Series User’s Guide See later sections for examples of installing UPnP in Windows XP and Windows Me as well as an example of using UPnP in Windows. 18.2.1 Configuring UPnP From the Site Map in the main menu, click UPnP under Advanced Setup to display the screen shown next.
Page 203 Prestige 662HW Series User’s Guide Click Start and Control Panel. Double-click Add/Remove Programs. Click on the Windows Setup tab and select Communication in the Components selection box. Click Details. In the Communications window, select the Universal Plug and Play check box in the Components selection box.
Page 204: Using Upnp In Windows Xp Example
Prestige 662HW Series User’s Guide In the Networking Services window, select the Universal Plug and Play check box. Click OK to go back to the Windows Optional Networking Component Wizard window and click Next. 18.4 Using UPnP in Windows XP Example This section shows you how to use the UPnP feature in Windows XP.
Page 205 Prestige 662HW Series User’s Guide In the Internet Connection Properties window, You may edit or delete the port click Settings to see the port mappings there were mappings or click Add to manually add automatically created. port mappings. When the UPnP-enabled device is disconnected from your computer, all port mappings will be deleted automatically.
Page 206 Prestige 662HW Series User’s Guide Web Configurator Easy Access With UPnP, you can access the web-based configurator on the Prestige without finding out the IP address of the Prestige first. This comes helpful if you do not know the IP address of the Prestige.
Page 207 Prestige 662HW Series User’s Guide Right-click on the icon for your Prestige and select Properties. A properties window displays with basic information about the Prestige. UPnP 18-7...
Page 209: Chapter 19 Logs Screens
Prestige 662HW Series User’s Guide Chapter 19 Logs Screens This chapter contains information about configuring general log settings and viewing the Prestige’s logs. Refer to the appendix for example log message explanations. 19.1 Logs Overview The web configurator allows you to choose which categories of events and/or alerts to have the Prestige log and then display the logs or have the Prestige send them to an administrator (as e-mail) or to a syslog server.
Page 210: Figure 19-1 Log Settings
Prestige 662HW Series User’s Guide Figure 19-1 Log Settings The following table describes the fields in this screen. Table 19-1 Log Settings LABEL DESCRIPTION Address Info Mail Server Enter the server name or the IP address of the mail server for the e-mail addresses specified below.
Page 211: Displaying The Logs
Prestige 662HW Series User’s Guide Table 19-1 Log Settings LABEL DESCRIPTION Send alerts to Alerts are sent to the e-mail address specified in this field. If this field is left blank, alerts will not be sent via e-mail. UNIX Syslog Syslog logging sends a log to an external syslog server used to store logs.
Page 212: Smtp Error Messages
Prestige 662HW Series User’s Guide Figure 19-2 View Logs The following table describes the fields in this screen. Table 19-2 View Logs LABEL DESCRIPTION Display The categories that you select in the Log Settings screen (see section 19.2) display in the drop-down list box.
Page 213: Figure 19-3 E-Mail Log Example
Prestige 662HW Series User’s Guide Table 19-3 SMTP Error Messages -1 means Prestige out of socket -2 means tcp SYN fail -3 means smtp server OK fail -4 means HELO fail -5 means MAIL FROM fail -6 means RCPT TO fail...
Page 215 Media Bandwidth Management Media Bandwidth Management This part provides information on the functions and configuration of Media Bandwidth Management.
Page 217: Media Bandwidth Management
Prestige 662HW Series User’s Guide Chapter 20 Media Bandwidth Management This chapter describes the functions and configuration of bandwidth management. 20.1 Bandwidth Management Overview Bandwidth management allows you to allocate an interface’s outgoing capacity to specific types of traffic. It can also help you make sure that the Prestige forwards certain types of traffic (especially real-time applications) with minimum delay.
Page 218: Bandwidth Management Usage Examples
Prestige 662HW Series User’s Guide 20.4 Bandwidth Management Usage Examples These examples show bandwidth management allotments on a WAN interface that is configured for 640Kbps. 20.4.1 Application-based Bandwidth Management Example The bandwidth classes in the following example are based solely on application. Each bandwidth class (VoIP, Web, FTP, E-mail and Video) is allotted 128kbps.
Page 219: Scheduler
Prestige 662HW Series User’s Guide Figure 20-3 Application and Subnet-based Bandwidth Management Example 20.5 Scheduler The scheduler divides up an interface’s bandwidth among the bandwidth classes. The Prestige has two types of scheduler: fairness-based and priority-based. 20.5.1 Priority-based Scheduler With the priority-based scheduler, the Prestige forwards traffic from bandwidth classes according to the priorities that you assign to the bandwidth classes.
Page 220: Figure 20-4 Bandwidth Allotment Example
Prestige 662HW Series User’s Guide Leave some of the interface’s bandwidth unbudgeted. Do not enable the interface’s Maximize Bandwidth Usage option. Do not enable bandwidth borrowing on the child-classes that have the root class as their parent (see section 20.7).
Page 221: Bandwidth Borrowing
Prestige 662HW Series User’s Guide Figure 20-5 Maximize Bandwidth Usage Example 20.7 Bandwidth Borrowing Bandwidth borrowing allows a child-class to borrow unused bandwidth from its parent class, whereas maximize bandwidth usage allows bandwidth classes to borrow any unused or unbudgeted bandwidth on the whole interface.
Page 222: Figure 20-6 Bandwidth Borrowing Example
Prestige 662HW Series User’s Guide Figure 20-6 Bandwidth Borrowing Example The Bill class can borrow unused bandwidth from the Sales USA class because the Bill class has bandwidth borrowing enabled. The Bill class can also borrow unused bandwidth from the Sales class because the Sales USA class also has bandwidth borrowing enabled.
Page 223: Maximize Bandwidth Usage With Bandwidth Borrowing
Prestige 662HW Series User’s Guide 20.7.2 Maximize Bandwidth Usage With Bandwidth Borrowing If you configure both maximize bandwidth usage (on the interface) and bandwidth borrowing (on individual child-classes), the Prestige functions as follows. The Prestige sends traffic according to each bandwidth class’s bandwidth budget.
Page 224: Configuring Class Setup
Prestige 662HW Series User’s Guide Table 20-2 Media Bandwidth Management: Summary LABEL DESCRIPTION Speed Enter the amount of bandwidth for this interface that you want to allocate using bandwidth (kbps) management. This appears as the bandwidth budget of the interface’s root class (see section 20.9). The recommendation is to set this speed to match what the interface’s connection can handle.
Page 225: Figure 20-9 Media Bandwidth Management: Class Configuration
Prestige 662HW Series User’s Guide The following table describes the labels in this screen. Table 20-3 Media Bandwidth Management: Class Setup LABEL DESCRIPTION Interface Select an interface from the drop-down list box for which you wish to set up classes.
Page 226: Table 20-4 Media Bandwidth Management: Class Configuration
Prestige 662HW Series User’s Guide Table 20-4 Media Bandwidth Management: Class Configuration LABEL DESCRIPTION Class Name Use the auto-generated name or enter a descriptive name of up to 20 alphanumeric characters, including spaces. BW Budget (kbps) Specify the maximum bandwidth allowed for the class in kbps. The recommendation is a setting between 20 kbps and 20000 kbps for an individual class.
Page 227: Figure 20-10 Media Bandwidth Management Statistics
Prestige 662HW Series User’s Guide Table 20-5 Services and Port Numbers SERVICES PORT NUMBER ECHO FTP (File Transfer Protocol) SMTP (Simple Mail Transfer Protocol) DNS (Domain Name System) Finger HTTP (Hyper Text Transfer protocol or WWW, Web) POP3 (Post Office Protocol)
Page 228: Bandwidth Monitor
Prestige 662HW Series User’s Guide Table 20-6 Media Bandwidth Management Statistics LABEL DESCRIPTION This field displays the bandwidth statistics (in bps) for the past one to eight seconds. For example, t-1 means one second ago. Update Period Enter the time interval in seconds to define how often the information should be refreshed.
Page 229: Maintenance
Maintenance Maintenance This part covers the maintenance screens. VIII...
Page 231: Chapter 21 Maintenance
Prestige 662HW Series User’s Guide Chapter 21 Maintenance This chapter displays system information such as ZyNOS firmware, port IP addresses and port traffic statistics. 21.1 Maintenance Overview The maintenance screens can help you view system information, upload new firmware, manage configuration and restart your Prestige.
Page 232: Figure 21-1 System Status
Prestige 662HW Series User’s Guide Figure 21-1 System Status The following table describes the fields in this screen. Table 21-1 System Status LABEL DESCRIPTION System Status System Name This is the name of your Prestige. It is for identification purposes.
Page 233: System Statistics
Prestige 662HW Series User’s Guide Table 21-1 System Status LABEL DESCRIPTION This is the ZyNOS firmware version and the date created. ZyNOS is ZyXEL's ZyNOS Firmware Version proprietary Network Operating System design. DSL FW Version This is the DSL firmware version associated with your Prestige.
Page 234: Figure 21-2 System Status: Show Statistics
Prestige 662HW Series User’s Guide Figure 21-2 System Status: Show Statistics The following table describes the fields in this screen. Table 21-2 System Status: Show Statistics LABEL DESCRIPTION System up Time This is the elapsed time the system has been up.
Page 235: Dhcp Table Screen
Prestige 662HW Series User’s Guide Table 21-2 System Status: Show Statistics LABEL DESCRIPTION Tx B/s This field displays the number of bytes transmitted in the last second. Rx B/s This field displays the number of bytes received in the last second.
Page 236: Any Ip Table Screen
Prestige 662HW Series User’s Guide 21.4 Any IP Table Screen Click Maintenance, Any IP. The Any IP table shows current read-only information (including the IP address and the MAC address) of all network devices that use the Any IP feature to communicate with the Prestige.
Page 237: Diagnostic Screens
Prestige 662HW Series User’s Guide Figure 21-5 Association List The following table describes the fields in this screen. Table 21-5 Association List LABEL DESCRIPTION This is the index number of an associated wireless station. MAC Address This field displays the MAC (Media Access Control) address of an associated wireless station.
Page 238: Figure 21-6 Diagnostic: General
Prestige 662HW Series User’s Guide Figure 21-6 Diagnostic: General The following table describes the fields in this screen. Table 21-6 Diagnostic: General LABEL DESCRIPTION TCP/IP Type the IP address of a computer that you want to ping in order to test a connection.
Page 239: Firmware Screen
Prestige 662HW Series User’s Guide Figure 21-7 Diagnostic: DSL Line The following table describes the fields in this screen. Table 21-7 Diagnostic: DSL Line LABEL DESCRIPTION Reset ADSL Line Click this button to reinitialize the ADSL line. The large text box above then displays the progress and results of this operation, for example: "...
Page 240: Figure 21-8 Firmware Upgrade
Prestige 662HW Series User’s Guide take up to two minutes. After a successful upload, the system will reboot. See the Firmware and Configuration File Maintenance chapter in the parts that document the SMT for upgrading firmware using FTP/TFTP commands. Only use firmware for your device’s specific model. Refer to the label on the bottom of your device.
Page 241: Figure 21-9 Network Temporarily Disconnected
Prestige 662HW Series User’s Guide Figure 21-9 Network Temporarily Disconnected After two minutes, log in again and check your new firmware version in the System Status screen. If the upload was not successful, the following screen will appear. Click Back to go back to the Firmware screen.
Page 243: Smt General Configuration
SMT General Configuration SMT General Configuration This part covers System Management Terminal configuration for general setup, WAN backup, LAN setup, wireless LAN setup, Internet access, remote node, static route, NAT and enabling the firewall. See the web configurator parts of this guide for background information on features configurable by web configurator and SMT.
Page 245: Chapter 22 Introducing The Smt
Prestige 662HW Series User’s Guide Chapter 22 Introducing the SMT This chapter explains how to access and navigate the System Management Terminal and gives an overview of its menus. 22.1 SMT Introduction The Prestige’s SMT (System Management Terminal) is a menu-driven interface that you can access from a terminal emulator over a telnet connection.
Page 246: Navigating The Smt Interface
Prestige 662HW Series User’s Guide Figure 22-2 Prestige SMT Menu Overview 22.2 Navigating the SMT Interface The SMT (System Management Terminal) is the interface that you use to configure your Prestige. Several operations that you should be familiar with before you attempt to modify the configuration are listed in the table below.
Page 247: Figure 22-3 Smt Main Menu
Type 99 at the main menu prompt and press [ENTER] to exit the SMT [ENTER]. interface. After you enter the password, the SMT displays the main menu, as shown next. Copyright (c) 1994 - 2004 ZyXEL Communications Corp. Prestige 662HW-61 Main Menu Getting Started Advanced Management 1.
Page 248: Changing The System Password
Prestige 662HW Series User’s Guide Table 22-2 Main Menu Summary MENU TITLE DESCRIPTION Remote Node Setup Use this menu to set up the Remote Node for LAN-to-LAN connection, including Internet connection. Static Routing Setup Use this menu to set up static routes.
Page 249: Chapter 23 Menu 1 General Setup
Prestige 662HW Series User’s Guide Chapter 23 Menu 1 General Setup Menu 1 - General Setup contains administrative and system-related information. 23.1 General Setup Menu 1 — General Setup contains administrative and system-related information (shown next). The System Name field is for identification purposes. However, because some ISPs check this name you should enter your computer's "Computer Name".
Page 250: Figure 23-2 Menu 1.1 Configure Dynamic Dns
Prestige 662HW Series User’s Guide Table 23-1 Menu 1 General Setup FIELD DESCRIPTION EXAMPLE System Name Choose a descriptive name for identification purposes. This name can be up to 30 alphanumeric characters long. Spaces are not allowed, but dashes “-” and underscores "_" are accepted.
Page 251: Table 23-2 Menu 1.1 Configure Dynamic Dns
Prestige 662HW Series User’s Guide Table 23-2 Menu 1.1 Configure Dynamic DNS FIELD DESCRIPTION EXAMPLE Service Provider This is the name of your Dynamic DNS service provider. WWW.DynDNS.ORG (default) Active Press [SPACE BAR] to select Yes and then press [ENTER] to make dynamic DNS active.
Page 253: Introduction To Wan Backup Setup
Prestige 662HW Series User’s Guide Chapter 24 Menu 2 WAN Backup Setup This chapter describes how to configure traffic redirect and dial-backup using menu 2 and 2.1. 24.1 Introduction to WAN Backup Setup This chapter explains how to configure the Prestige for traffic redirect and dial backup connections.
Page 254: Figure 24-2 Menu 2.1Traffic Redirect Setup
Prestige 662HW Series User’s Guide Table 24-1 Menu 2 WAN Backup Setup FIELD DESCRIPTION Recovery Interval(sec) When the Prestige is using a lower priority connection (usually a WAN backup connection), it periodically checks to whether or not it can use a higher priority connection.
Page 255: Configuring Dial Backup Setup
Prestige 662HW Series User’s Guide Table 24-2 Menu 2.1Traffic Redirect Setup FIELD DESCRIPTION Metric This field sets this route's priority among the routes the Prestige uses. The metric represents the "cost of transmission". A router determines the best route for transmission by choosing a path with the lowest "cost".
Page 256: Advanced Dial Backup Setup
Prestige 662HW Series User’s Guide Table 24-3 Menu 2.2 Dial Backup Setup FIELD DESCRIPTION EXAMPLE When you have completed this menu, press [ENTER] at the prompt “Press ENTER to Confirm…” to save your configuration, or press [ESC] at any time to cancel.
Page 257: Table 24-5 Menu 2.2.1 Advanced Dial Backup Setup: Call Control Parameters
Prestige 662HW Series User’s Guide Table 24-4 Menu 2.2.1 Advanced Dial Backup Setup: AT Commands Fields FIELD DESCRIPTION EXAMPLE CLID (Calling Line Enter the keyword that precedes the CLID (Calling Line Identification) in the NMBR = Identification) AT response string. This lets the Prestige capture the CLID in the AT response string that comes from the WAN device.
Page 259: Chapter 25 Menu 3 Lan Setup
Prestige 662HW Series User’s Guide Chapter 25 Menu 3 LAN Setup This chapter covers how to configure your wired Local Area Network (LAN) settings. 25.1 LAN Setup This section describes how to configure the Ethernet using Menu 3 — LAN Setup. From the main menu, enter 3 to display menu 3.
Page 260: Protocol Dependent Ethernet Setup
Prestige 662HW Series User’s Guide 25.2 Protocol Dependent Ethernet Setup Depending on the protocols for your applications, you need to configure the respective Ethernet Setup, as outlined below. ♦ For TCP/IP Ethernet setup refer to the Internet Access Application chapter.
Page 261: Table 25-2 Tcp/Ip Ethernet Setup
Prestige 662HW Series User’s Guide Table 25-1 DHCP Ethernet Setup FIELD DESCRIPTION EXAMPLE Client IP Pool Starting This field specifies the first of the contiguous addresses in the IP 192.168.1.33 Address address pool. Size of Client IP Pool This field specifies the size or count of the IP address pool.
Page 263: Chapter 26 Wireless Lan Setup
Prestige 662HW Series User’s Guide Chapter 26 Wireless LAN Setup This chapter covers how to configure wireless LAN settings in SMT menu 3.5. 26.1 Wireless LAN Overview Refer to the chapter on the wireless LAN screens for wireless LAN background information.
Page 264: Wireless Lan Mac Address Filter
Prestige 662HW Series User’s Guide Table 26-1 Menu 3.5 - Wireless LAN Setup FIELD DESCRIPTION EXAMPLE RTS(Request To Send) threshold (number of bytes) enables RTS/CTS 2432 Threshold handshake. Data with its frame size larger than this value will perform the RTS/CTS handshake.
Page 265: Figure 26-2 Menu 3.5.1 Wlan Mac Address Filtering
Prestige 662HW Series User’s Guide Menu 3.5.1 - WLAN MAC Address Filter Active= No Filter Action= Allowed Association ------------------------------------------------------------------------------ 00:00:00:00:00:00 00:00:00:00:00:00 00:00:00:00:00:00 00:00:00:00:00:00 00:00:00:00:00:00 00:00:00:00:00:00 00:00:00:00:00:00 00:00:00:00:00:00 00:00:00:00:00:00 00:00:00:00:00:00 00:00:00:00:00:00 00:00:00:00:00:00 00:00:00:00:00:00 00:00:00:00:00:00 00:00:00:00:00:00 00:00:00:00:00:00 00:00:00:00:00:00 00:00:00:00:00:00 00:00:00:00:00:00 00:00:00:00:00:00 00:00:00:00:00:00...
Page 267: Chapter 27 Internet Access
Prestige 662HW Series User’s Guide Chapter 27 Internet Access This chapter shows you how to configure the LAN and WAN of your Prestige for Internet access 27.1 Internet Access Overview Refer to the chapters on the web configurator’s wizard, LAN and WAN screens for more background information on fields in the SMT screens covered in this chapter.
Page 268: Ip Alias Setup
Prestige 662HW Series User’s Guide 27.4 IP Alias Setup Use menu 3.2 to configure the first network. Move the cursor to Edit IP Alias field and press [SPACEBAR] to choose Yes and press [ENTER] to configure the second and third network.
Page 269: Route Ip Setup
Prestige 662HW Series User’s Guide Menu 3.2.1 - IP Alias Setup IP Alias 1= No IP Address= N/A IP Subnet Mask= N/A RIP Direction= N/A Version= N/A Incoming protocol filters= N/A Outgoing protocol filters= N/A IP Alias 2= No IP Address= N/A...
Page 270: Internet Access Configuration
Prestige 662HW Series User’s Guide Menu 1 - General Setup System Name= ? Location= location Contact Person's Name= Domain Name= Edit Dynamic DNS= No Route IP= Yes Bridge= No Press ENTER to Confirm or ESC to Cancel: Figure 27-5 Menu 1 General Setup 27.6 Internet Access Configuration...
Page 271: Table 27-2 Menu 4 Internet Access Setup
Prestige 662HW Series User’s Guide Table 27-2 Menu 4 Internet Access Setup FIELD DESCRIPTION EXAMPLE ISP’s Name Enter the name of your Internet Service Provider. This information is for MyIsp identification purposes only. Encapsulation SPACE BAR ENET ENCAP Press [ ] to select the method of encapsulation used by your ISP.
Page 273: Chapter 28 Remote Node Configuration
Prestige 662HW Series User’s Guide Chapter 28 Remote Node Configuration This chapter covers remote node configuration. 28.1 Remote Node Setup Overview This section describes the protocol-independent parameters for a remote node. A remote node is required for placing calls to a remote gateway. A remote node represents both the remote gateway and the network behind it across a WAN connection.
Page 274: Figure 28-1 Menu 11 Remote Node Setup
Prestige 662HW Series User’s Guide Menu 11 - Remote Node Setup 1. MyISP (ISP, SUA) 2. ________ 3. ________ 4. ________ 5. ________ 6. ________ 7. ________ 8. ________ Enter Node # to Edit: Figure 28-1 Menu 11 Remote Node Setup 28.2.2 Encapsulation and Multiplexing Scenarios...
Page 275: Figure 28-2 Menu 11.1 Remote Node Profile
Prestige 662HW Series User’s Guide Menu 11.1 - Remote Node Profile Edit IP/Bridge Rem Node Name= MyISP Route= IP Active= Yes Bridge= No Options in menu 11.3. Encapsulation= RFC 1483 Edit IP/Bridge= No Multiplexing= LLC-based Edit ATM Options= No Service Name= N/A...
Page 276 Prestige 662HW Series User’s Guide Table 28-1 Menu 11.1 Remote Node Profile FIELD DESCRIPTION EXAMPLE Authen This field sets the authentication protocol used for outgoing calls. Options for this field are: CHAP/PAP – Your Prestige will accept either CHAP or PAP when requested by this remote node.
Page 277: Outgoing Authentication Protocol
Prestige 662HW Series User’s Guide 28.2.3 Outgoing Authentication Protocol For obvious reasons, you should employ the strongest authentication protocol possible. However, some vendors’ implementation includes specific authentication protocol in the user profile. It will disconnect if the negotiated protocol is different from that in the user profile, even when the negotiated protocol is stronger than specified.
Page 278: My Wan Addr Sample Ip Addresses
Prestige 662HW Series User’s Guide Table 28-2 Menu 11.3 Remote Node Network Layer Options FIELD DESCRIPTION EXAMPLE Rem Subnet Type the subnet mask assigned to the remote node. Mask My WAN Some implementations, especially UNIX derivatives, require separate IP network...
Page 279: Remote Node Filter
Prestige 662HW Series User’s Guide Figure 28-4 Sample IP Addresses for a TCP/IP LAN-to-LAN Connection 28.4 Remote Node Filter Move the cursor to the Edit Filter Sets field in menu 11.1, then press [SPACE BAR] to select Yes. Press [ENTER] to display Menu 11.5 – Remote Node Filter.
Page 280: Editing Atm Layer Options
Prestige 662HW Series User’s Guide Menu 11.5 - Remote Node Filter Input Filter Sets: protocol filters= device filters= Output Filter Sets: protocol filters= device filters= Call Filter Sets: protocol filters= device filters= Enter here to CONFIRM or ESC to CANCEL: Figure 28-6 Menu 11.5 Remote Node Filter (PPPoA or PPPoE Encapsulation)
Page 281: Figure 28-8 Menu 11.6 For Llc-Based Multiplexing Or Ppp Encapsulation
Prestige 662HW Series User’s Guide 28.5.2 LLC-based Multiplexing or PPP Encapsulation For LLC-based multiplexing or PPP encapsulation, one VC carries multiple protocols with protocol identifying information being contained in each packet header. Menu 11.6 - Remote Node ATM Layer Options...
Page 282: Figure 28-10 Menu 11.8 Advance Setup Options
Prestige 662HW Series User’s Guide Move the cursor to the Edit Advance Options field, press [SPACE BAR] to select Yes, then press [ENTER] to display Menu 11.8 – Advance Setup Options. Menu 11.8 - Advance Setup Options PPPoE pass-through= No Press ENTER to Confirm or ESC to Cancel: Figure 28-10 Menu 11.8 Advance Setup Options...
Page 283: Chapter 29 Static Route Setup
Prestige 662HW Series User’s Guide Chapter 29 Static Route Setup This chapter shows how to setup IP static routes. 29.1 IP Static Route Overview Static routes tell the Prestige routing information that it cannot learn automatically through other means. This can arise in cases where RIP is disabled on the LAN or a remote network is beyond the one that is directly connected to a remote node.
Page 284: Figure 29-2 Menu 12 Static Route Setup
Prestige 662HW Series User’s Guide Menu 12 - Static Route Setup 1. IP Static Route 3. Bridge Static Route Please enter selection: Figure 29-2 Menu 12 Static Route Setup From menu 12, select 1 to open Menu 12.1 — IP Static Route Setup (shown next).
Page 285: Figure 29-4 Menu12.1.1 Edit Ip Static Route
Prestige 662HW Series User’s Guide Menu 12.1.1 - Edit IP Static Route Route #: 1 Route Name= ? Active= No Destination IP Address= ? IP Subnet Mask= ? Gateway IP Address= ? Metric= 2 Private= No Press ENTER to Confirm or ESC to Cancel: Figure 29-4 Menu12.1.1 Edit IP Static Route...
Page 287: Chapter 30 Bridging Setup
Prestige 662HW Series User’s Guide Chapter 30 Bridging Setup This chapter shows you how to configure the bridging parameters of your Prestige. 30.1 Bridging in General Bridging bases the forwarding decision on the MAC (Media Access Control), or hardware address, while routing does it on the network layer (IP) address.
Page 288: Figure 30-1 Menu 11.1 Remote Node Profile
Prestige 662HW Series User’s Guide Menu 11.1 - Remote Node Profile Rem Node Name= ? Route= IP Active= Yes Bridge= Yes Encapsulation= ENET ENCAP Edit IP/Bridge= No Multiplexing= VC-based Edit ATM Options= No Service Name= N/A Edit Advance Options= N/A...
Page 289: Figure 30-3 Menu 12.3.1 Edit Bridge Static Route
Prestige 662HW Series User’s Guide Table 30-1 Remote Node Network Layer Options: Bridge Fields FIELD DESCRIPTION Bridge (menu 11.1) Make sure this field is set to Yes. Edit IP/Bridge (menu Press [SPACE BAR] to select Yes and press [ENTER] to display menu 11.3.
Page 291: Chapter 31 Network Address Translation (Nat)
Prestige 662HW Series User’s Guide Chapter 31 Network Address Translation (NAT) This chapter discusses how to configure NAT on the Prestige. 31.1 Using NAT You must create a firewall rule in addition to setting up SUA/NAT, to allow traffic from the WAN to be forwarded through the Prestige.
Page 292: Figure 31-1 Menu 4 Applying Nat For Internet Access
Prestige 662HW Series User’s Guide Menu 4 - Internet Access Setup ISP's Name= MyISP Encapsulation= RFC 1483 Multiplexing= LLC-based VPI #= 8 VCI #= 35 ATM QoS Type= UBR Peak Cell Rate (PCR)= 0 Sustain Cell Rate (SCR)= 0 Maximum Burst Size (MBS)= 0...
Page 293: Nat Setup
Prestige 662HW Series User’s Guide Menu 11.3 - Remote Node Network Layer Options IP Options: Bridge Options: IP Address Assignment = Static Ethernet Addr Timeout(min)= N/A Rem IP Addr = 0.0.0.0 Rem Subnet Mask= 0.0.0.0 My WAN Addr= 0.0.0.0 NAT= SUA Only...
Page 294: Figure 31-3 Menu 15 Nat Setup
Prestige 662HW Series User’s Guide Menu 15 - NAT Setup 1. Address Mapping Sets 2. NAT Server Sets Enter Menu Selection Number: Figure 31-3 Menu 15 NAT Setup 31.3.1 Address Mapping Sets Enter 1 to bring up Menu 15.1 — Address Mapping Sets.
Page 295: Figure 31-5 Menu 15.1.255 Sua Address Mapping Rules
Prestige 662HW Series User’s Guide Menu 15.1.255 - Address Mapping Rules Set Name= Local Start IP Local End IP Global Start IP Global End IP Type --------------- --------------- --------------- --------------- ------ 0.0.0.0 255.255.255.255 0.0.0.0 0.0.0.0 Server Press ENTER to Confirm or ESC to Cancel: Figure 31-5 Menu 15.1.255 SUA Address Mapping Rules...
Page 296: Figure 31-6 Menu 15.1.1 First Set
Prestige 662HW Series User’s Guide Now let’s look at option 1 in menu 15.1. Enter 1 to bring up this menu. We’ll just look at the differences from the previous menu. Note the extra Action and Select Rule fields mean you can configure rules in this screen.
Page 297: Figure 31-7 Menu 15.1.1.1 Editing/Configuring An Individual Rule In A Set
Prestige 662HW Series User’s Guide Table 31-3 Menu 15.1.1 First Set FIELD DESRIPTION EXAMPLE Action The default is Edit. Edit means you want to edit a selected rule (see Edit following field). Insert Before means to insert a rule before the rule selected.
Page 298: Configuring A Server Behind Nat
Prestige 662HW Series User’s Guide Table 31-4 Menu 15.1.1.1 Editing/Configuring an Individual Rule in a Set FIELD DESCRIPTION EXAMPLE This is the ending local IP address (ILA). If the rule is for all local IPs, then put the Start IP as 0.0.0.0 and the End IP as 255.255.255.255. This field is N/A for One-to-One and Server types.
Page 299: General Nat Examples
Prestige 662HW Series User’s Guide Menu 15.2 - NAT Server Setup Rule Start Port No. End Port No. IP Address --------------------------------------------------- Default Default 0.0.0.0 192.168.1.33 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 Press ENTER to Confirm or ESC to Cancel: Figure 31-9 Menu 15.2.1 NAT Server Setup...
Page 300: Figure 31-11 Nat Example 1
Prestige 662HW Series User’s Guide 31.5.1 Example 1: Internet Access Only In the following Internet access example, you only need one rule where your ILAs (Inside Local addresses) all map to one dynamic IGA (Inside Global Address) assigned by your ISP.
Page 301: Figure 31-14 Menu 15.2.1 Specifying An Inside Server
Prestige 662HW Series User’s Guide 31.5.2 Example 2: Internet Access with an Inside Server Figure 31-13 NAT Example 2 In this case, you do exactly as above (use the convenient pre-configured SUA Only set) and also go to menu 15.2 to specify the Inside Server behind the NAT as shown in the next figure.
Page 302 Prestige 662HW Series User’s Guide Map the other outgoing LAN traffic to IGA3 (Many : 1 mapping). You also map your third IGA to the web server and mail server on the LAN. Type Server allows you to specify multiple servers, of different types, to other computers behind NAT on the LAN.
Page 303: Figure 31-16 Example 3: Menu 11.3
Prestige 662HW Series User’s Guide Menu 11.3 - Remote Node Network Layer Options IP Options: Bridge Options: IP Address Assignment= Static Ethernet Addr Timeout (min)= 0 Rem IP Addr: 0.0.0.0 Rem Subnet Mask= 0.0.0.0 My WAN Addr= 0.0.0.0 NAT= Full Feature...
Page 304 Prestige 662HW Series User’s Guide Menu 15.1.1 - Address Mapping Rules Set Name= Example3 Local Start IP Local End IP Global Start IP Global End IP Type --------------- --------------- --------------- --------------- ------ 1. 192.168.1.10 10.132.50.1 192.168.1.11 10.132.50.2 3. 0.0.0.0 255.255.255.255 10.132.50.3...
Page 305: Figure 31-19 Nat Example 4
Prestige 662HW Series User’s Guide Menu 15.2.1 - NAT Server Setup Rule Start Port No. End Port No. IP Address --------------------------------------------------- Default Default 0.0.0.0 192.168.1.21 192.168.1.20 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 Press ENTER to Confirm or ESC to Cancel: Example 3: Menu 15.2.1...
Page 306: Figure 31-20 Example 4: Menu 15.1.1.1 Address Mapping Rule
Prestige 662HW Series User’s Guide Follow the steps outlined in example 3 to configure these two menus as follows. Menu 15.1.1.1 Address Mapping Rule Type= Many-to-Many No Overload Local IP: Start= 192.168.1.10 = 192.168.1.12 Global IP: Start= 10.132.50.1 = 10.132.50.3...
Page 307: Chapter 32 Enabling The Firewall
Prestige 662HW Series User’s Guide Chapter 32 Enabling the Firewall This chapter shows you how to get started with the Prestige firewall. 32.1 Remote Management and the Firewall When SMT menu 24.11 is configured to allow management (see the Remote Management chapter) and the firewall is enabled: ♦...
Page 308: Figure 32-1 Menu 21.2 Firewall Setup
Prestige 662HW Series User’s Guide Menu 21.2 - Firewall Setup The firewall protects against Denial of Service (DOS) attacks when it is active. The default Policy sets 1. allow all sessions originating from the LAN to the WAN and 2. deny all sessions originating from the WAN to the LAN...
Page 309: Smt Advanced Management
SMT Advanced Management SMT Advanced Management This part discusses filtering setup, SNMP, system security, system information and diagnosis, firmware and configuration file maintenance, system maintenance, remote management, IP Policy Routing, call scheduling and Internal SPTGEN for configuration of multiple Prestiges. See the web configurator parts of this guide for background information on features configurable by web configurator and SMT.
Page 311: Chapter 33 Filter Configuration
Prestige 662HW Series User’s Guide Chapter 33 Filter Configuration This chapter shows you how to create and apply filters. 33.1 About Filtering Your Prestige uses filters to decide whether or not to allow passage of a data packet and/or to make a call.
Page 312: Figure 33-2 Filter Rule Process
Prestige 662HW Series User’s Guide Start Packet intoFilter Fetch First Filter Set Filter Set Fetch Next Fetch First Filter Set Filter Rule Fetch Next Filter Rule Next filter Next Filter Set Rule Active? Available? Available? Execute Filter Rule Check Next...
Page 313: Configuring A Filter Set For The Prestige
Prestige 662HW Series User’s Guide 33.2 Configuring a Filter Set for the Prestige To configure a filter set, follow the steps shown next. Enter 21 in the main menu to display Menu 21 – Filter and Firewall Setup. Enter 1 to display Menu 21.1 – Filter Set Configuration as shown next.
Page 314: Filter Rules Summary Menus
Prestige 662HW Series User’s Guide Menu 21.1.3 - Filter Rules Summary # A Type Filter Rules M m n - - ---- --------------------------------------------------------------- - - - 1 Y IP Pr=17, SA=0.0.0.0, SP=137, DA=0.0.0.0, DP=53 N D F Enter Filter Rule Number (1-6) to Configure: Figure 33-5 NetBIOS_LAN Filter Rules Summary Menu 21.1.4 - Filter Rules Summary...
Page 315: Configuring A Filter Rule
Prestige 662HW Series User’s Guide Table 33-1 Abbreviations Used in the Filter Rules Summary Menu FIELD DESCRIPTION More. “Y” means there are more rules to check which form a rule chain with the present rule. An action cannot be taken until the rule chain is complete.
Page 316: Figure 33-7 Menu 21.1.X.1 Tcp/Ip Filter Rule
Prestige 662HW Series User’s Guide 33.4.1 TCP/IP Filter Rule This section shows you how to configure a TCP/IP filter rule. TCP/IP rules allow you to base the rule on the fields in the IP and the upper layer protocol, for example, UDP and TCP headers.
Page 317 Prestige 662HW Series User’s Guide Table 33-3 Menu 21.1.x.1 TCP/IP Filter Rule FIELD DESCRIPTION EXAMPLE IP Addr Type the destination IP address of the packet you want to filter. IP address This field is ignored if it is 0.0.0.0. IP Mask Type the IP mask to apply to the Destination: IP Addr field.
Page 318: Figure 33-8 Executing An Ip Filter
Prestige 662HW Series User’s Guide Packet into IP Filter Filter Active? Apply SrcAddrMask to Src Addr Check Src Not Matched IP Addr Matched Apply DestAddrMask to Dest Addr Check Dest Not Matched IP Addr Matched Check Not Matched IP Protocol Matched Check Src &...
Page 319: Figure 33-9 Menu 21.1.5.1 Generic Filter Rule
Prestige 662HW Series User’s Guide To configure a generic rule select an empty filter set in menu 21, for example 5. Select Generic Filter Rule in the Filter Type field and press [ENTER] to open Menu 21.1.5.1 Generic Filter –...
Page 320: Filter Types And Nat
Prestige 662HW Series User’s Guide FIELD DESCRIPTION EXAMPLE Select the logging option from the following: None – No packets will be logged. None Action Matched – Only matching packets and rules will be logged. Action Not Matched – Only packets that do not match the rule parameters will be logged.
Page 321: Figure 33-11 Sample Telnet Filter
Prestige 662HW Series User’s Guide Figure 33-11 Sample Telnet Filter Enter 1 in the menu 21 to display Menu 21.1 — Filter Set Configuration. Enter the index number of the filter set you want to configure (in this case 6) Type a descriptive name or comment in the Edit Comments field (for example, TELNET_WAN) and press [ENTER].
Page 322: Figure 33-12 Menu 21.1.6.1 Sample Filter
Prestige 662HW Series User’s Guide Press [SPACE BAR] to choose this Menu 21.1.6.1 - TCP/IP Filter Rule filter rule type. The first filter rule type determines all subsequent filter Filter #: 6,1 types within a set. Filter Type= TCP/IP Filter Rule...
Page 323: Applying Filters And Factory Defaults
Prestige 662HW Series User’s Guide Menu 21.1.6 - Filter Rules Summary # A Type Filter Rules M m n - - ---- --------------------------------------------------------------- - - - 1 Y IP Pr=6, SA=0.0.0.0, DA=0.0.0.0, DP=23 N D F M = N means an action can be taken immediately.
Page 324: Figure 33-14 Filtering Ethernet Traffic
Prestige 662HW Series User’s Guide default filter set, NetBIOS_LAN, is inserted in the protocol filters field under Input Filter Sets in menu 3.1 in order to prevent local NetBIOS messages from triggering calls to the DNS server. Menu 3.1 – LAN Port Filter Setup...
Page 325: Chapter 34 Snmp Configuration
Prestige 662HW Series User’s Guide Chapter 34 SNMP Configuration This chapter explains SNMP Configuration menu 22. 34.1 About SNMP Simple Network Management Protocol is a protocol used for exchanging management information between network devices. SNMP is a member of the TCP/IP protocol suite. Your Prestige supports SNMP agent functionality, which allows a manager station to manage and monitor the Prestige through the network.
Page 326: Supported Mibs
Prestige 662HW Series User’s Guide • Get - Allows the manager to retrieve an object variable from the agent. • GetNext - Allows the manager to retrieve the next object variable from a table or list within an agent. In SNMPv1, when a manager wants to retrieve all elements of a table from an agent, it initiates a Get operation, followed by a series of GetNext operations.
Page 327: Snmp Traps
Prestige 662HW Series User’s Guide FIELD DESCRIPTION EXAMPLE Community Type the trap community, which is the password sent with each trap to public the SNMP manager. Destination Type the IP address of the station to send your SNMP traps to.
Page 329: Chapter 35 System Security
Prestige 662HW Series User’s Guide Chapter 35 System Security This chapter describes how to configure the system security on the Prestige. 35.1 System Security You can configure the system password.. 35.1.1 System Password Enter 23 in the main menu to display Menu 23 – System Security.
Page 330: Figure 35-3 Menu 23.2 System Security : Radius Server
Prestige 662HW Series User’s Guide Menu 23.2 - System Security - RADIUS Server Authentication Server: Active= No Server Address= 10.11.12.13 Port #= 1812 Shared Secret= ******** Accounting Server: Active= No Server Address= 10.11.12.13 Port #= 1813 Shared Secret= ******** Figure 35-3 Menu 23.2 System Security : RADIUS Server The following table describes the fields in this menu.
Page 331: Figure 35-4 Menu 23 System Security
Prestige 662HW Series User’s Guide 35.1.3 IEEE802.1x The IEEE802.1x standards outline enhanced security methods for both the authentication of wireless stations and encryption key management. Follow the steps below to enable EAP authentication on your Prestige. From the main menu, enter 23 to display Menu23 – System Security.
Page 332 Prestige 662HW Series User’s Guide Table 35-2 Menu 23.4 System Security : IEEE802.1x FIELD DESCRIPTION network without entering usernames and passwords. This is the default setting. Selecting Authentication Required means wireless stations have to enter usernames and passwords before access to the wired network is allowed.
Page 333: Creating User Accounts On The Prestige
Prestige 662HW Series User’s Guide Table 35-2 Menu 23.4 System Security : IEEE802.1x FIELD DESCRIPTION Authentication The authentication database contains wireless station login information. The local user Databases database is the built-in database on the Prestige. The RADIUS is an external server. Use this field to decide which database the Prestige should use (first) to authenticate a wireless station.
Page 334: Figure 35-6 Menu 14 Dial-In User Setup
Prestige 662HW Series User’s Guide Menu 14 - Dial-in User Setup 1. ________ 9. ________ 17. ________ ________ 2. ________ 10. ________ 18. ________ ________ 3. ________ 11. ________ 19. ________ ________ 4. ________ 12. ________ 20. ________ ________ 5. ________ 13.
Page 335: Chapter 36 System Information And Diagnosis
Prestige 662HW Series User’s Guide Chapter 36 System Information and Diagnosis This chapter covers the information and diagnostic tools in SMT menus 24.1 to 24.4. 36.1 Overview These tools include updates on system status, port status, log and trace capabilities and upgrades for the system software.
Page 336: Figure 36-2 Menu 24.1 System Maintenance : Status
Prestige 662HW Series User’s Guide Menu 24.1 - System Maintenance - Status 00:36:37 Sat. Jan. 01, 2000 Node-Lnk Status TxPkts RxPkts Errors Tx B/s Rx B/s Up Time 1-PPPoA N/A 0:00:00 0:00:00 0:00:00 0:00:00 0:00:00 0:00:00 0:00:00 My WAN IP (from ISP): 0.0.0.0...
Page 337: System Information
Prestige 662HW Series User’s Guide Table 36-1 Menu 24.1 System Maintenance : Status FIELD DESCRIPTION Upstream This shows the upstream transfer rate in kbps. Speed Downstream This shows the downstream transfer rate in kbps. Speed CPU Load This specifies the percentage of CPU utilization.
Page 338: Log And Trace
Refers to the routing protocol used. ZyNOS F/W Version Refers to the ZyNOS (ZyXEL Network Operating System) system firmware version. ZyNOS is a registered trademark of ZyXEL Communications Corporation. ADSL Chipset Vendor Displays the vendor of the ADSL chipset and DSL version.
Page 339: Figure 36-6 Menu 24.3 System Maintenance : Log And Trace
Prestige 662HW Series User’s Guide From menu 24, type 3 to display Menu 24.3 – System Maintenance – Log and Trace. Menu 24.3 - System Maintenance - Log and Trace 1. View Error Log 2. UNIX Syslog Please enter selection Figure 36-6 Menu 24.3 System Maintenance : Log and Trace...
Page 340: Table 36-3 Menu 24.3.2 System Maintenance : Syslog And Accounting
Prestige 662HW Series User’s Guide You need to configure the UNIX syslog parameters described in the following table to activate syslog then choose what you want to log. Table 36-3 Menu 24.3.2 System Maintenance : Syslog and Accounting PARAMETER DESCRIPTION...
Page 341: Diagnostic
Prestige 662HW Series User’s Guide String = IP[Src=xx.xx.xx.xx Dst=xx.xx.xx.xx prot spo=xxxx dpo=xxxx] S04>R01mD IP[…] is the packet header and S04>R01mD means filter set 4 (S) and rule 1 (R), match (m), drop (D). Src: Source Address Dst: Destination Address prot: Protocol (“TCP”, ”UDP”, ”ICMP”)
Page 342: Table 36-4 Menu 24.4 System Maintenance Menu : Diagnostic
Prestige 662HW Series User’s Guide Table 36-4 Menu 24.4 System Maintenance Menu : Diagnostic FIELD DESCRIPTION Reset xDSL Re-initialize the xDSL link to the telephone company. Ping Host Ping the host to see if the links and TCP/IP protocol on both systems are working.
Page 343 Prestige 662HW Series User’s Guide Chapter 37 Firmware and Configuration File Maintenance This chapter tells you how to backup and restore your configuration file as well as upload new firmware and configuration files. 37.1 Filename Conventions The configuration file (often called the romfile or rom-0) contains the factory default settings in the menus such as password, DHCP Setup, TCP/IP Setup, etc.
Page 344: Chapter 37 Firmware And Configuration File Maintenance
Prestige 662HW Series User’s Guide Table 37-1 Filename Conventions FILE TYPE INTERNAL NAME EXTERNAL NAME DESCRIPTION Configuration Rom-0 This is the configuration filename on the Prestige. *.rom File Uploading the rom-0 file replaces the entire ROM file system, including your Prestige configurations, system-related data (including the default password), the error log and the trace log.
Page 345: Figure 37-2 Ftp Session Example
Prestige 662HW Series User’s Guide Enter your password as requested (the default is “1234”). Enter “bin” to set transfer mode to binary. Use “get” to transfer files from the Prestige to the computer, for example, “get rom-0 config.rom” transfers the configuration file on the Prestige to your computer and renames it “config.rom”. See earlier in this chapter for more information on filename conventions.
Page 346: Table 37-3 General Commands For Gui-Based Tftp Clients
Prestige 662HW Series User’s Guide ♦ The IP address in the Secured Client IP field in menu 24.11 does not match the client IP. If it does not match, the Prestige will disconnect the Telnet session immediately. ♦ You have an SMT console session running.
Page 347: Restore Configuration
Prestige 662HW Series User’s Guide Table 37-3 General Commands for GUI-based TFTP Clients COMMAND DESCRIPTION Remote File This is the filename on the Prestige. The filename for the firmware is “ras” and for the configuration file, is “rom-0”. Binary Transfer the file in binary mode.
Page 348: Uploading Firmware And Configuration Files
Prestige 662HW Series User’s Guide Enter “open”, followed by a space and the IP address of your Prestige. Press [ENTER] when prompted for a username. Enter your password as requested (the default is “1234”). Enter “bin” to set transfer mode to binary.
Page 349: Figure 37-5 Telnet Into Menu 24.7.1 Upload System Firmware
Prestige 662HW Series User’s Guide Menu 24.7.1 - System Maintenance - Upload System Firmware To upload the system firmware, follow the procedure below: 1. Launch the FTP client on your workstation. 2. Type "open" and the IP address of your system. Then type "root" and SMT password as requested.
Page 350: Figure 37-7 Ftp Session Example Of Firmware File Upload
Prestige 662HW Series User’s Guide Press [ENTER] when prompted for a username. Enter your password as requested (the default is “1234”). Enter “bin” to set transfer mode to binary. Use “put” to transfer files from the computer to the Prestige, for example, “put firmware.bin ras”...
Page 351: Tftp Upload Command Example
Prestige 662HW Series User’s Guide Use the TFTP client (see the example below) to transfer files between the Prestige and the computer. The file name for the firmware is “ras”. Note that the telnet connection must be active and the Prestige in CI mode before and during the TFTP transfer.
Page 353: Chapter 38 System Maintenance
Prestige 662HW Series User’s Guide Chapter 38 System Maintenance This chapter leads you through SMT menus 24.8 to 24.10. 38.1 Command Interpreter Mode The Command Interpreter (CI) is a part of the main system firmware. The CI provides much of the same functionality as the SMT, while adding some low-level setup and diagnostic functions.
Page 354: Call Control Support
Prestige 662HW Series User’s Guide Copyright (c) 1994 - 2003 ZyXEL Communications Corp. ras> ? Valid commands are: exit ether wlan ipsec bridge radius 8021x ras> Figure 38-2 Valid Commands 38.2 Call Control Support Call Control Support is only applicable when Encapsulation is set to PPPoE in menu 4 or menu 11.1.
Page 355: Time And Date Setting
Prestige 662HW Series User’s Guide Menu 24.9.1 - System Maintenance - Budget Management Remote Node Connection Elapsed Time/Total Period 1.MyIsp Time/Total Budget No Budget 2.-------- No Budget 3.-------- 4.-------- 5.-------- 6.-------- 7.-------- 8.-------- Reset Node (0 to update screen): Figure 38-4 Menu 24.9.1 System Maintenance : Budget Management The total budget is the time limit on the accumulated time for outgoing calls to a remote node.
Page 356: Figure 38-5 Menu 24 System Maintenance
Prestige 662HW Series User’s Guide Menu 24 - System Maintenance System Status System Information and Console Port Speed Log and Trace Diagnostic Backup Configuration Restore Configuration Upload Firmware Command Interpreter Mode Call Control 10. Time and Date Setting 11. Remote Management...
Page 357: Table 38-2 Menu 24.10 System Maintenance: Time And Date Setting
Prestige 662HW Series User’s Guide Table 38-2 Menu 24.10 System Maintenance: Time and Date Setting FIELD DESCRIPTION Use Time Server Enter the time service protocol that your time server sends when you turn on the when Bootup Prestige. Not all time servers support all protocols, so you may have to check with your ISP/network administrator or use trial and error to find a protocol that works.
Page 359: Chapter 39 Remote Management
Prestige 662HW Series User’s Guide Chapter 39 Remote Management This chapter covers remote management (SMT menu 24.11). 39.1 Remote Management Overview Remote management allows you to determine which services/protocols can access which Prestige interface (if any) from which computers. When you configure remote management to allow management from the WAN, you still need to configure a firewall rule to allow access.
Page 360: Figure 39-1 Menu 24.11 Remote Management Control
Prestige 662HW Series User’s Guide Menu 24.11 - Remote Management Control TELNET Server: Server Port = 23 Server Access = LAN only Secured Client IP = 0.0.0.0 FTP Server: Server Port = 21 Server Access = LAN only Secured Client IP = 0.0.0.0...
Page 361: Remote Management And Nat
Prestige 662HW Series User’s Guide ♦ There is a firewall rule that blocks it. 39.3 Remote Management and NAT When NAT is enabled: ♦ Use the Prestige’s WAN IP address when configuring from the WAN. ♦ Use the Prestige’s LAN IP address when configuring from the LAN.
Page 363: Chapter 40 Ip Policy Routing
Prestige 662HW Series User’s Guide Chapter 40 IP Policy Routing This chapter covers setting and applying policies used for IP routing. 40.1 IP Policy Routing Overview Traditionally, routing is based on the destination address only and the IAD takes the shortest path to forward a packet.
Page 364: Ip Routing Policy Setup
Prestige 662HW Series User’s Guide 40.4 IP Routing Policy Setup Menu 25 shows all the policies defined. Menu 25 - IP Routing Policy Setup Policy Policy Set # Name Set # Name ------ ----------------- ------ ----------------- _______________ _______________ _______________ _______________...
Page 365: Figure 40-2 Menu 25.1 Ip Routing Policy Setup
Prestige 662HW Series User’s Guide Menu 25.1 - IP Routing Policy Setup Criteria/Action - - -------------------------------------------------------------------------- 1 Y SA=1.1.1.1-1.1.1.1,DA=2.2.2.2-2.2.2.5 SP=20-25,DP=20-25,P=6,T=NM,PR=0 |GW=192.168.1.1,T=MT,PR=0 2 N __________________________________________________________________________ __________________________________________________________________________ 3 N __________________________________________________________________________ __________________________________________________________________________ 4 N __________________________________________________________________________ __________________________________________________________________________ 5 N __________________________________________________________________________ __________________________________________________________________________ 6 N __________________________________________________________________________...
Page 366: Figure 40-3 Menu 25.1.1 Ip Routing Policy
Prestige 662HW Series User’s Guide Menu 25.1.1 - IP Routing Policy Policy Set Name= test Active= No Criteria: IP Protocol Type of Service= Don't Care Packet length= 0 Precedence = Don't Care Len Comp= N/A Source: addr start= 0.0.0.0 end= N/A...
Page 367: Applying An Ip Policy
Prestige 662HW Series User’s Guide Table 40-2 Menu 25.1.1 IP Routing Policy FIELD DESCRIPTION Action Specifies whether action should be taken on criteria Matched or Not Matched. Gateway addr Defines the outgoing gateway address. The gateway must be on the same subnet as the Prestige if it is on the LAN, otherwise, the gateway must be the IP address of a remote node.
Page 368: Ip Policy Routing Example
Prestige 662HW Series User’s Guide Menu 11.3 - Remote Node Network Layer Options IP Options: Bridge Options: IP Address Assignment= Static Ethernet Addr Timeout (min)= 0 Rem IP Addr: 0.0.0.0 Rem Subnet Mask= 0.0.0.0 My WAN Addr= 0.0.0.0 NAT= Full Feature...
Page 369: Figure 40-7 Ip Routing Policy Example
Prestige 662HW Series User’s Guide Create a rule for this set in Menu 25.1.1 — IP Routing Policy as shown next. Menu 25.1.1 - IP Routing Policy Policy Set Name= set1 Active= Yes Criteria: IP Protocol Type of Service= Don't Care...
Page 370: Figure 40-8 Ip Routing Policy Example
Prestige 662HW Series User’s Guide Menu 25.1.1 - IP Routing Policy Policy Set Name= set2 Active= Yes Criteria: IP Protocol Type of Service= Don't Care Packet length= 10 Precedence = Don't Care Len Comp= N/A Source: addr start= 0.0.0.0 end= N/A...
Page 371: Chapter 41 Call Scheduling
Prestige 662HW Series User’s Guide Chapter 41 Call Scheduling Call scheduling (applicable for PPPoA or PPPoE encapsulation only) allows you to dictate when a remote node should be called and for how long. 41.1 Introduction The call scheduling feature allows the Prestige to manage a remote node and dictate when a remote node should be called and for how long.
Page 372: Figure 41-2 Menu 26.1 Schedule Set Setup
Prestige 662HW Series User’s Guide Menu 26.1 Schedule Set Setup Active= Yes Start Date(yyyy-mm-dd)= 2000 - 01 - 01 How Often= Once Once: Date(yyyy-mm-dd)= 2000 - 01 - 01 Weekdays: Sunday= N/A Monday= N/A Tuesday= N/A Wednesday= N/A Thursday= N/A...
Page 373: Figure 41-3 Applying Schedule Set(S) To A Remote Node (Pppoe)
Prestige 662HW Series User’s Guide Table 41-1 Menu 26.1 Schedule Set Setup FIELD DESCRIPTION EXAMPLE Action Forced On means that the connection is maintained whether or not there is a demand call on the line and will persist for the time period specified in the Forced On Duration field.
Page 375: Smt Vpn/Ipsec And Internal Sptgen
SMT VPN/IPSec and Internal SPTGEN SMT VPN/IPSec and Internal SPTGEN This part provides information about configuring VPN/IPSec for secure communications and Internal SPTGEN for configuration of multiple Prestiges. See the web configurator parts of this guide for background information on features configurable by web configurator and SMT.
Page 377: Chapter 42 Vpn/Ipsec Setup
Prestige 662HW Series User’s Guide Chapter 42 VPN/IPSec Setup This chapter introduces the VPN SMT menus. 42.1 VPN/IPSec Overview The VPN/IPSec main SMT menu has these main submenus: 1. Define VPN policies in menu 27.1 submenus, including security policies, endpoint IP addresses, peer IPSec router IP address and key management.
Page 378: Ipsec Summary Screen
Prestige 662HW Series User’s Guide Menu 27 - VPN/IPSec Setup 1. IPSec Summary 2. SA Monitor Enter Menu Selection Number: Figure 42-2 Menu 27 VPN/IPSec Setup 42.2 IPSec Summary Screen Type 1 in menu 27 and then press [ENTER] to display Menu 27.1 IPSec Summary. This is a summary read-only menu of your IPSec rules (tunnels).
Page 379 Prestige 662HW Series User’s Guide Table 42-1 Menu 27.1 IPSec Summary FIELD DESCRIPTION EXAMPLE Addr End / When the Addr Type field in Menu 27.1.1 IPSec Setup is configured to 192.168.1.38 Mask Single, this is the same (static) IP address as in the Local Addr Start field.
Page 380: Ipsec Setup
Prestige 662HW Series User’s Guide Table 42-1 Menu 27.1 IPSec Summary FIELD DESCRIPTION EXAMPLE Secure GW This is the WAN IP address or the domain name (up to the first 15 characters 193.81.13.2 Addr are displayed) of the IPSec router with which you are making the VPN connection.
Page 381: Figure 42-4 Menu 27.1.1 Ipsec Setup
Prestige 662HW Series User’s Guide Menu 27.1.1 – IPSec Setup Index= 1 Name= Taiwan Active= Yes Keep Alive= No Nat Traversal= No Local ID type= IP Content: My IP Addr= 0.0.0.0 Peer ID type= IP Content: Secure Gateway Address= zw50test.zyxel.com.tw Protocol= 0 DNS Server= 0.0.0.0...
Page 382 Prestige 662HW Series User’s Guide Table 42-2 Menu 27.1.1 IPSec Setup FIELD DESCRIPTION EXAMPLE Content When you select IP in the Local ID Type field, type the IP address of your computer or leave the field blank to have the Prestige automatically use its own IP address.
Page 383 Prestige 662HW Series User’s Guide Table 42-2 Menu 27.1.1 IPSec Setup FIELD DESCRIPTION EXAMPLE Local Local IP addresses must be static and correspond to the remote IPSec router’s configured remote IP addresses. Two active SAs cannot have the local and remote IP address(es) both the same.
Page 384 Prestige 662HW Series User’s Guide Table 42-2 Menu 27.1.1 IPSec Setup FIELD DESCRIPTION EXAMPLE IP Addr Start When the Addr Type field is configured to Single, enter a static IP address 4.4.4.4 on the network behind the remote IPSec router.
Page 385: Ike Setup
Prestige 662HW Series User’s Guide 42.4 IKE Setup To edit this menu, the Key Management field in Menu 27.1.1 – IPSec Setup must be set to IKE. Move the cursor to the Edit Key Management Setup field in Menu 27.1.1 – IPSec Setup; press [SPACE BAR] to select Yes and then press [ENTER] to display Menu 27.1.1.1 –...
Page 386: Manual Setup
Prestige 662HW Series User’s Guide Table 42-3 Menu 27.1.1.1 IKE Setup FIELD DESCRIPTION EXAMPLE SA Life Time Define the length of time before an IKE Security Association automatically 28800 (Seconds) renegotiates in this field. It may range from 60 to 3,000,000 seconds (almost 35 (default) days).
Page 387: Figure 42-6 Menu 27.1.1.2 Manual Setup
Prestige 662HW Series User’s Guide 42.5.2 Security Parameter Index (SPI) To edit this menu, move the cursor to the Edit Manual Setup field in Menu 27.1.1 – IPSec Setup press [SPACE BAR] to select Yes and then press [ENTER] to go to Menu 27.1.1.2 – Manual Setup.
Page 388 Prestige 662HW Series User’s Guide Table 42-5 Menu 27.1.1.2 Manual Setup FIELD DESCRIPTION EXAMPLE SPI (Decimal) The SPI must be from one to four unique decimal characters ("0" to "9") long. Authentication Press [SPACE BAR] to choose from MD5 or SHA1 and then press [ENTER].
Page 389: Chapter 43 Sa Monitor
Prestige 662HW Series User’s Guide Chapter 43 SA Monitor This chapter teaches you how to manage your SAs by using the SA Monitor in SMT menu 27.2. 43.1 SA Monitor Overview A Security Association (SA) is the group of security settings related to a specific VPN tunnel. This menu (shown next) displays active VPN connections.
Page 390 Prestige 662HW Series User’s Guide Table 43-1 Menu 27.2 SA Monitor FIELD DESCRIPTION EXAMPLE Name This field displays the identification name for this VPN policy. This name is unique Taiwan for each connection where the secure gateway IP address is a public static IP address.
Page 391: Chapter 44 Internal Sptgen
Prestige 662HW Series User’s Guide Chapter 44 Internal SPTGEN 44.1 Internal SPTGEN Overview Internal SPTGEN (System Parameter Table Generator) is a configuration text file useful for efficient configuration of multiple Prestiges. Internal SPTGEN lets you configure, save and upload multiple menus at the same time using just one configuration text file –...
Page 392: Internal Sptgen Ftp Download Example
Prestige 662HW Series User’s Guide 44.2.1 Internal SPTGEN File Modification - Important Points to Remember • Each parameter you enter must be preceded by one “=”sign and one space. • Some parameters are dependent on others. For example, if you disable the Configured field in menu 1 (see Figure 44-1), then you disable every field in this menu.
Page 393: Internal Sptgen Ftp Upload Example
Prestige 662HW Series User’s Guide You can rename your “rom-t” file when you save it to your computer but it must be named “rom-t” when you upload it to your Prestige. 44.4 Internal SPTGEN FTP Upload Example c:\ftp 192.168.1.1 220 PPP FTP version 1.0 ready at Sat Jan 1 1.
Page 395: Appendices And Index
Appendices and Index Appendices and Index This part contains additional background information and an index or key terms.
Page 396: Appenidx A Troubleshooting
Prestige 662HW Series User’s Guide Appenidx A Troubleshooting This chapter covers potential problems and the corresponding remedies. Problems Starting Up the Prestige Chart A-1 Troubleshooting the Start-Up of Your Prestige PROBLEM CORRECTIVE ACTION None of the Make sure that the Prestige’s power adaptor is connected to the Prestige and plugged in to an LEDs turn on appropriate power source.
Page 397: Problems With The Lan Interface
Prestige 662HW Series User’s Guide Problems with the LAN Interface Chart A-4 Troubleshooting the LAN Interface PROBLEM CORRECTIVE ACTION I cannot access the If the 10M/100M LEDs on the front panel are both off, refer to Chart A-2 Troubleshooting Prestige from the the LAN LED.
Page 399: Problems With The Password
Prestige 662HW Series User’s Guide Problems with the Password Chart A-7 Troubleshooting the Password PROBLEM CORRECTIVE ACTION I cannot access the The username is “admin”. The default password is “1234”. The Password and Username Prestige. fields are case-sensitive. Make sure that you enter the correct password and username using the proper casing.
Page 401: Appenidx Bip Subnetting
Prestige 662HW Series User’s Guide Appenidx B IP Subnetting IP Addressing Routers “route” based on the network number. The router that delivers the data packet to the correct destination host uses the host ID. IP Classes An IP address is made up of four octets (eight bits), written in dotted decimal notation, for example, 192.168.1.1.
Page 402: Subnet Masks
Prestige 662HW Series User’s Guide Chart B-2 Allowed IP Address Range By Class CLASS ALLOWED RANGE OF FIRST OCTET ALLOWED RANGE OF FIRST OCTET (BINARY) (DECIMAL) Class A 00000000 to 01111111 0 to 127 10000000 to 10111111 Class B 128 to 191...
Page 403 Prestige 662HW Series User’s Guide Chart B-4 Alternative Subnet Mask Notation SUBNET MASK IP ADDRESS SUBNET MASK “1” BITS LAST OCTET BIT VALUE 255.255.255.240 1111 0000 255.255.255.248 1111 1000 255.255.255.252 1111 1100 The first mask shown is the class “C” natural mask. Normally if no mask is specified it is understood that the natural mask is being used.
Page 404 Prestige 662HW Series User’s Guide Chart B-6 Subnet 2 NETWORK NUMBER LAST OCTET BIT VALUE Subnet Mask (Binary) 11111111.11111111.11111111. 10000000 Subnet Address: 192.168.1.128 Lowest Host ID: 192.168.1.129 Broadcast Address: 192.168.1.255 Highest Host ID: 192.168.1.254 The remaining 7 bits determine the number of hosts each subnet can have. Host IDs of all zeros...
Page 405: Example Eight Subnets
Prestige 662HW Series User’s Guide Chart B-9 Subnet 3 NETWORK NUMBER LAST OCTET BIT VALUE IP Address (Binary) 11000000.10101000.00000001. 10000000 Subnet Mask (Binary) 11111111.11111111.11111111. 11000000 Subnet Address: 192.168.1.128 Lowest Host ID: 192.168.1.129 Broadcast Address: 192.168.1.191 Highest Host ID: 192.168.1.190 Chart B-10 Subnet 4...
Page 406 Prestige 662HW Series User’s Guide Subnetting With Class A and Class B Networks. For class “A” and class “B” addresses the subnet mask also determines which bits are part of the network number and which are part of the host ID.
Page 407: Appenidx Cpppoe
Prestige 662HW Series User’s Guide Appenidx C PPPoE PPPoE in Action An ADSL modem bridges a PPP session over Ethernet (PPP over Ethernet, RFC 2516) from your PC to an ATM PVC (Permanent Virtual Circuit) that connects to a xDSL Access Concentrator where the PPP session terminates (see the next figure).
Page 408: Prestige As A Pppoe Client
Prestige 662HW Series User’s Guide Prestige as a PPPoE Client When using the Prestige as a PPPoE client, the computers on the LAN see only Ethernet and are not aware of PPPoE. This alleviates the administrator from having to manage the PPPoE clients on the individual PCs.
Page 409: Appenidx D Virtual Circuit Topology
Prestige 662HW Series User’s Guide Appenidx D Virtual Circuit Topology ATM is a connection-oriented technology, meaning that it sets up virtual circuits over which end systems communicate. The terminology for virtual circuits is as follows: • Virtual Channel Logical connections between ATM switches •...
Page 411 Prestige 662HW Series User’s Guide Appenidx E Example Internal SPTGEN Screens This appendix covers Prestige Internal SPTGEN screens. Abbreviations Used in the Example Internal SPTGEN Screens Table ABBREVIATION MEANING Field Identification Number (not seen in SMT screens) Field Name Parameter Values Allowed...
Page 412 Prestige 662HW Series User’s Guide / Menu 3.1 General Ethernet Setup (SMT menu 3.1) INPUT 30100001 = Input Protocol filters Set 1 30100002 = Input Protocol filters Set 2 = 256 30100003 = Input Protocol filters Set 3 = 256...
Page 413 Prestige 662HW Series User’s Guide 30200012 = Multicast <0(IGMP-v2) | 1(IGMP- v1) | 2(None)> 30200013 = IP Policies Set 1 (1~12) = 256 30200014 = IP Policies Set 2 (1~12) = 256 30200015 = IP Policies Set 3 (1~12) = 256...
Page 414 Prestige 662HW Series User’s Guide 30201017 = RIP Direction <0(None) | 1(Both) | 2(In Only) | 3(Out Only)> 30201018 = Version <0(Rip-1) | 1(Rip-2B) |2(Rip-2M)> 30201019 = IP Alias #2 Incoming protocol = 256 filters Set 1 30201020 = IP Alias #2 Incoming protocol...
Page 415 Prestige 662HW Series User’s Guide 30500011 = WEP Key4 */ MENU 3.5.1 WLAN MAC ADDRESS FILTER (SMT MENU 3.5.1) 30501001 = Mac Filter Active <0(No) | 1(Yes)> 30501002 = Filter Action <0(Allow) | 1(Deny)> 30501003 = Address 00:00:00:00:00 30501004 =...
Page 416 Prestige 662HW Series User’s Guide 40000011 = Single User Account <0(No) | 1(Yes)> 40000012 = IP Address Assignment <0(Static)| 1(Dynamic)> 40000013 = IP Address = 0.0.0.0 40000014 = Remote IP address = 0.0.0.0 40000015 = Remote IP subnet mask This value must be between 0-32.
Page 417 Prestige 662HW Series User’s Guide / Menu 12.1.1 IP Static Route Setup (SMT Menu 12.1.1) INPUT 120101001 = IP Static Route set #1, Name <Str> 120101002 = IP Static Route set #1, Active <0(No) |1(Yes)> 120101003 = IP Static Route set #1, = 0.0.0.0...
Page 418 Prestige 662HW Series User’s Guide INPUT 120104001 = IP Static Route set #4, Name <Str> 120104002 = IP Static Route set #4, Active <0(No) |1(Yes)> 120104003 = IP Static Route set #4, = 0.0.0.0 Destination IP address 120104004 = IP Static Route set #4,...
Page 419 Prestige 662HW Series User’s Guide 120107001 = IP Static Route set #7, Name <Str> 120107002 = IP Static Route set #7, Active <0(No) |1(Yes)> 120107003 = IP Static Route set #7, = 0.0.0.0 Destination IP address 120107004 = IP Static Route set #7,...
Page 420 Prestige 662HW Series User’s Guide 120110001 = IP Static Route set #10, Name 120110002 = IP Static Route set #10, Active <0(No) |1(Yes)> 120110003 = IP Static Route set #10, = 0.0.0.0 This value Destination IP address must be between 0-...
Page 421 Prestige 662HW Series User’s Guide 120113002 = IP Static Route set #13, Active <0(No) |1(Yes)> 120113003 = IP Static Route set #13, = 0.0.0.0 Destination IP address 120113004 = IP Static Route set #13, Destination IP subnetmask 120113005 = IP Static Route set #13, Gateway = 0.0.0.0...
Page 422 Prestige 662HW Series User’s Guide 120116003 = IP Static Route set #16, = 0.0.0.0 Destination IP address 120116004 = IP Static Route set #16, Destination IP subnetmask 120116005 = IP Static Route set #16, Gateway = 0.0.0.0 120116006 = IP Static Route set #16, Metric...
Page 423 Prestige 662HW Series User’s Guide 150000023 = SUA Server #6 Protocol <0(All)|6(TCP)|1 7(UDP)> 150000024 = SUA Server #6 Port Start 150000025 = SUA Server #6 Port End 150000026 = SUA Server #6 Local IP address = 0.0.0.0 150000027 = SUA Server #7 Active <0(No) | 1(Yes)>...
Page 424 Prestige 662HW Series User’s Guide 150000054 = SUA Server #12 Port Start 150000055 = SUA Server #12 Port End 150000056 = SUA Server #12 Local IP address = 0.0.0.0 You may configure / Menu 21 Filter set #1 (SMT Menu 21)
Page 425 Prestige 662HW Series User’s Guide 210102004 = IP Filter Set 1,Rule 2 Dest IP = 0.0.0.0 address 210102005 = IP Filter Set 1,Rule 2 Dest Subnet Mask 210102006 = IP Filter Set 1,Rule 2 Dest Port = 138 210102007 = IP Filter Set 1,Rule 2 Dest Port <0(none)|1(equal...
Page 426 Prestige 662HW Series User’s Guide 210103011 = IP Filter Set 1,Rule 3 Src Port <0(none)|1(equal Comp )|2(not equal)|3(less)|4 (greater)> 210103013 = IP Filter Set 1,Rule 3 Act Match <1(check next)|2(forward) |3(drop) 210103014 = IP Filter Set 1,Rule 3 Act Not <1(check...
Page 427 Prestige 662HW Series User’s Guide 210105003 = IP Filter Set 1,Rule 5 Protocol = 17 210105004 = IP Filter Set 1,Rule 5 Dest IP = 0.0.0.0 address 210105005 = IP Filter Set 1,Rule 5 Dest Subnet Mask 210105006 = IP Filter Set 1,Rule 5 Dest Port...
Page 428 Prestige 662HW Series User’s Guide 210106010 = IP Filter Set 1,Rule 6 Src Port 210106011 = IP Filter Set 1,Rule 6 Src Port <0(none)|1(equal Comp )|2(not equal)|3(less)|4 (greater)> 210106013 = IP Filter Set 1,Rule 6 Act Match <1(check next)|2(forward) |3(drop)>...
Page 429 Prestige 662HW Series User’s Guide 210201014 = IP Filter Set 2, Rule 1 Act Not <1(check Match next)|2(forward) |3(drop)> / Menu 21.1.2.2 Filter set #2, rule #2 (SMT Menu 21.1.2.2) INPUT 210202001 = IP Filter Set 2, Rule 2 Type <0(none)|2(TCP/I...
Page 430 Prestige 662HW Series User’s Guide 210203006 = IP Filter Set 2, Rule 3 Dest Port = 139 210203007 = IP Filter Set 2, Rule 3 Dest Port <0(none)|1(equal Comp )|2(not equal)|3(less)|4 (greater)> 210203008 = IP Filter Set 2, Rule 3 Src IP = 0.0.0.0...
Page 431 Prestige 662HW Series User’s Guide 210204013 = IP Filter Set 2, Rule 4 Act Match <1(check next)|2(forward) |3(drop)> 210204014 = IP Filter Set 2, Rule 4 Act Not <1(check Match next)|2(forward) |3(drop)> / Menu 21.1.2.5 Filter set #2, rule #5 (SMT Menu 21.1.2.5)
Page 432 Prestige 662HW Series User’s Guide 210206004 = IP Filter Set 2, Rule 6 Dest IP = 0.0.0.0 address 210206005 = IP Filter Set 2, Rule 6 Dest Subnet Mask 210206006 = IP Filter Set 2, Rule 6 Dest Port = 139...
Page 433 Prestige 662HW Series User’s Guide 230200008 = Accounting Server IP Address 192.168.1. 230200009 = Accounting Server Port = 1823 230200010 = Accounting Server Shared Secret = 1234 */ Menu 23.4 System security: IEEE802.1x (SMT Menu 23.4) INPUT 230400002 = ReAuthentication Timer (in...
Page 434 Prestige 662HW Series User’s Guide 990000001 = ADSL OPMD <0(etsi)|1(norma l)|2(gdmt)|3(mul timode)> E-24 Example Internal SPTGEN Screens...
Page 435: Installing Components
Prestige 662HW Series User’s Guide Appenidx F Setting up Your Computer’s IP Address All computers must have a 10M or 100M Ethernet adapter card and TCP/IP installed. Windows 95/98/Me/NT/2000/XP, Macintosh OS 7 and later operating systems and all versions of UNIX/LINUX include the software components you need to install and use TCP/IP on your computer.
Page 436 Prestige 662HW Series User’s Guide In the Network window, click Add. Select Protocol and then click Add. Select Microsoft from the list of manufacturers. Select TCP/IP from the list of network protocols and then click OK. If you need Client for Microsoft Networks: Click Add.
Page 437: Verifying Settings
Prestige 662HW Series User’s Guide Click the DNS Configuration tab. -If you do not know your DNS information, select Disable DNS. -If you know your DNS information, select Enable DNS and type the information in the fields below (you may not need to fill them all in).
Page 438 Prestige 662HW Series User’s Guide default gateway. Windows 2000/NT/XP 1. For Windows XP, click start, Control Panel. In Windows 2000/NT, click Start, Settings, Control Panel. 2. For Windows XP, click Network Right-click Local Area Connection Connections. For Windows 2000/NT, and then click Properties.
Page 439 Prestige 662HW Series User’s Guide 4. Select Internet Protocol (TCP/IP) (under the General tab in Win XP) and click Properties. 5. The Internet Protocol TCP/IP Properties window opens (the General tab in Windows XP). -If you have a dynamic IP address click Obtain an IP address automatically.
Page 440 Prestige 662HW Series User’s Guide 6. -If you do not know your gateway's IP address, remove any previously installed gateways in the IP Settings tab and click Do one or more of the following if you want to configure additional IP addresses: -In the IP Settings tab, in IP addresses, click Add.
Page 441 Prestige 662HW Series User’s Guide 7. In the Internet Protocol TCP/IP Properties window (the General tab in Windows XP): -Click Obtain DNS server address automatically if you do not know your DNS server IP address(es). -If you know your DNS server IP...
Page 442: Macintosh Os X
Prestige 662HW Series User’s Guide Select Ethernet built- in from the Connect via list. For dynamically assigned settings, select Using DHCP Server from the Configure: list. For statically assigned settings, do the following: -From the Configure box, select Manually. -Type your IP address in the IP Address box.
Page 443 Prestige 662HW Series User’s Guide Click Network in the icon bar. - Select Automatic from the Location list. - Select Built-in Ethernet from the Show list. - Click the TCP/IP tab. For dynamically assigned settings, select Using DHCP from the Configure list.
Page 445: Appenidx G Splitters And Microfilters
Prestige 662HW Series User’s Guide Appenidx G Splitters and Microfilters This appendix tells you how to install a POTS splitter or a telephone microfilter. Connecting a POTS Splitter When you use the Full Rate (G.dmt) ADSL standard, you can use a POTS (Plain Old Telephone Service) splitter to separate the telephone and ADSL signals.
Page 446: Prestige With Isdn
Prestige 662HW Series User’s Guide Diagram G-2 Connecting a Microfilter Prestige With ISDN This section relates to people who use their Prestige with ADSL over ISDN (digital telephone service) only. The following is an example installation for the Prestige with ISDN.
Page 447: Appenidx H Log Descriptions
Prestige 662HW Series User’s Guide Appenidx H Log Descriptions This appendix provides descriptions of example log messages1. Chart H-1 System Maintenance Logs LOG MESSAGE DESCRIPTION Time calibration is The router has adjusted its time based on information from the time server.
Page 448 Prestige 662HW Series User’s Guide Chart H-3 Content Filtering Logs MESSAGE NOTE DESCRIPTION (Destination) Web Block The Prestige blocked access to an address or domain name that had a forbidden keyword. Keyword Blocking (Destination) Web Block The Prestige blocked access to an IP address or domain...
Page 449 Prestige 662HW Series User’s Guide (Protocol) is the protocol of the packet (for example TCP or UDP) that triggered the log. (Direction) is the direction in which the packet was traveling (for example LAN to WAN or WAN to LAN) (Rule) is the number of the firewall rule that caused the log.
Page 450 Prestige 662HW Series User’s Guide Chart H-5 Access Logs LOG MESSAGE DESCRIPTION Router reply ICMP The router sent an ICMP response packet. This packet automatically bypasses the firewall. packet Remote access denied The router blocked a remote access attempt. Chart H-6 TCP Reset Logs...
Page 451 Prestige 662HW Series User’s Guide Chart H-7 ICMP Notes TYPE CODE DESCRIPTION Parameter Problem Pointer indicates the error Timestamp Timestamp request message Timestamp Reply Timestamp reply message Information Request Information request message Information Reply Information reply message Log Descriptions...
Page 453 Prestige 662HW Series User’s Guide Appenidx I Index Built-In ............33-1 User-Defined ..........33-1 Call Scheduling..........41-1 Address Assignment ........... 5-2 Maximum Number of Schedule Sets.... 41-1 Address Resolution Protocol (ARP) ....5-4 PPPoE............41-3 ADSL, what is it?..........xxiv Precedence............
Page 454 Prestige 662HW Series User’s Guide DNS ..............25-3 SUA.............33-10 DNS Server TCP/IP Filter Rule ........33-6 For VPN Host..........16-5 Filter Log............36-6 Domain Name..........5-2, 8-5 Filter Rule............33-6 Domain Name System ........5-1 Filter Rule Process..........33-2 Filter Rule Setup..........33-5 Basics ............11-3 Filter Rules Summary Types............
Page 455 Prestige 662HW Series User’s Guide Benefits............40-1 Cost Savings..........40-1 Half-Open Sessions......... 12-19 Criteria............40-1 Hidden Menus........... 22-2 Load Sharing ..........40-1 Hop Count..........28-6, 29-3 Setup............. 40-2 Host..............4-1 IP Spoofing ..........11-3, 11-6 Host IDs ............. B-1 IP Static Route ..........29-1 HTTP ......
Page 456 Prestige 662HW Series User’s Guide Multiplexing ......1-5, 3-2, 27-5, 28-2 PPPoA ...............28-2 Multiprotocol Encapsulation ......3-1 PPTP..............8-5 My IP Address..........16-2 Precedence..........40-1, 40-4 My WAN Address ..........28-6 Pre-Shared Key..........16-8 Prestige Firewall Application ......11-2 Priority.............20-10 Priority-based Scheduler ........20-3 Nailed-Up Connection........3-5 Private............
Page 457 Prestige 662HW Series User’s Guide Logic............. 12-2 SYN Flood............11-4 Predefined Services ........12-15 SYN-ACK ............11-4 Summary ............12-5 Syntax Conventions ........... xxii Syslog .........12-11, 12-15, 36-5 Syslog IP Address..........36-6 Syslog Server ............ 36-5 SA ..............15-1 System SA Monitor ............
Page 458 Prestige 662HW Series User’s Guide WAN to LAN Rules ..........12-3 Web Configurator..2-1, 2-2, 2-3, 11-2, 11-9, 12-2, UDP/ICMP Security ......... 11-8 32-2 Universal Plug and Play ........18-1 WEP ..............6-3 Application........... 18-1 WEP Encryption..........26-2 Security issues..........18-1 Wireless Client WPA Supplicants.....6-11 Universal Plug and Play Forum......

ZyXEL Communications Prestige 662HW Series User Manual

Chapter 1 Getting to Know Your Prestige

Chapter 2 Introducing the Web Configurator

Chapter 3 Wizard Setup

Chapter 4 Password Setup

Chapter 5 LAN Setup

Chapter 6 Wireless LAN Setup

Chapter 7 WAN Setup

Chapter 8 Network Address Translation (NAT) Screens

Chapter 9 Dynamic DNS Setup

Chapter 10 Time and Date

Chapter 11 Firewalls

Chapter 12 Firewall Configuration

Chapter 13 Content Filtering

Chapter 14 Anti-Virus Packet Scan

Chapter 15 Introduction to Ipsec

Quick Links

Related Manuals for ZyXEL Communications Prestige 662HW Series

Summary of Contents for ZyXEL Communications Prestige 662HW Series