ZyXEL Communications P-334W manuel d'utilisation
- Voir en ligne ou télécharger le manuel d’utilisation
- 496 pages
- 13.09 mb
Aller à la page of
Les manuels d’utilisation similaires
-
Network Router
ZyXEL Communications P-324
285 pages 5.09 mb -
Network Router
ZyXEL Communications P-662H/HW-D1/D3
18 pages 1.56 mb -
Network Router
ZyXEL Communications 802.11g High Power Wireless Router P-334WH
115 pages 3.36 mb -
Network Router
ZyXEL Communications Prestige 660W/HW Series
40 pages 1.97 mb -
Network Router
ZyXEL Communications P-330W
2 pages 0.16 mb -
Network Router
ZyXEL Communications 2602HW-C
13 pages 2.2 mb -
Network Router
ZyXEL Communications A-6000
46 pages 1.36 mb -
Network Router
ZyXEL Communications 650R-31/33
213 pages 2.48 mb
Un bon manuel d’utilisation
Les règles imposent au revendeur l'obligation de fournir à l'acheteur, avec des marchandises, le manuel d’utilisation ZyXEL Communications P-334W. Le manque du manuel d’utilisation ou les informations incorrectes fournies au consommateur sont à la base d'une plainte pour non-conformité du dispositif avec le contrat. Conformément à la loi, l’inclusion du manuel d’utilisation sous une forme autre que le papier est autorisée, ce qui est souvent utilisé récemment, en incluant la forme graphique ou électronique du manuel ZyXEL Communications P-334W ou les vidéos d'instruction pour les utilisateurs. La condition est son caractère lisible et compréhensible.
Qu'est ce que le manuel d’utilisation?
Le mot vient du latin "Instructio", à savoir organiser. Ainsi, le manuel d’utilisation ZyXEL Communications P-334W décrit les étapes de la procédure. Le but du manuel d’utilisation est d’instruire, de faciliter le démarrage, l'utilisation de l'équipement ou l'exécution des actions spécifiques. Le manuel d’utilisation est une collection d'informations sur l'objet/service, une indice.
Malheureusement, peu d'utilisateurs prennent le temps de lire le manuel d’utilisation, et un bon manuel permet non seulement d’apprendre à connaître un certain nombre de fonctionnalités supplémentaires du dispositif acheté, mais aussi éviter la majorité des défaillances.
Donc, ce qui devrait contenir le manuel parfait?
Tout d'abord, le manuel d’utilisation ZyXEL Communications P-334W devrait contenir:
- informations sur les caractéristiques techniques du dispositif ZyXEL Communications P-334W
- nom du fabricant et année de fabrication ZyXEL Communications P-334W
- instructions d'utilisation, de réglage et d’entretien de l'équipement ZyXEL Communications P-334W
- signes de sécurité et attestations confirmant la conformité avec les normes pertinentes
Pourquoi nous ne lisons pas les manuels d’utilisation?
Habituellement, cela est dû au manque de temps et de certitude quant à la fonctionnalité spécifique de l'équipement acheté. Malheureusement, la connexion et le démarrage ZyXEL Communications P-334W ne suffisent pas. Le manuel d’utilisation contient un certain nombre de lignes directrices concernant les fonctionnalités spécifiques, la sécurité, les méthodes d'entretien (même les moyens qui doivent être utilisés), les défauts possibles ZyXEL Communications P-334W et les moyens de résoudre des problèmes communs lors de l'utilisation. Enfin, le manuel contient les coordonnées du service ZyXEL Communications en l'absence de l'efficacité des solutions proposées. Actuellement, les manuels d’utilisation sous la forme d'animations intéressantes et de vidéos pédagogiques qui sont meilleurs que la brochure, sont très populaires. Ce type de manuel permet à l'utilisateur de voir toute la vidéo d'instruction sans sauter les spécifications et les descriptions techniques compliquées ZyXEL Communications P-334W, comme c’est le cas pour la version papier.
Pourquoi lire le manuel d’utilisation?
Tout d'abord, il contient la réponse sur la structure, les possibilités du dispositif ZyXEL Communications P-334W, l'utilisation de divers accessoires et une gamme d'informations pour profiter pleinement de toutes les fonctionnalités et commodités.
Après un achat réussi de l’équipement/dispositif, prenez un moment pour vous familiariser avec toutes les parties du manuel d'utilisation ZyXEL Communications P-334W. À l'heure actuelle, ils sont soigneusement préparés et traduits pour qu'ils soient non seulement compréhensibles pour les utilisateurs, mais pour qu’ils remplissent leur fonction de base de l'information et d’aide.
Table des matières du manuel d’utilisation
-
Page 1
Pr estige 334W 802.11g Wireless Broadband Router with Firewall User’s Guide Version 3.60 May 2004[...]
-
Page 2
Prestige 334W User’s Gui de ii Copyright Copyright Copyright © 2004 by Zy XEL Communications Corporation. The contents of this publi cation may not be reproduced in any part or a s a whole, t ranscribed, sto red in a retrieval system, translated into any langu age, or tr ansmitted in any form or by any means, electronic, mechanical, magnetic, op[...]
-
Page 3
Prestige 334W User’s Gui de FCC iii Federal Communications Commission (FCC) Interference S t atement This device complies with Part 15 of FCC rules. Operation is subject to the following two cond itions: This device m ay not cause harmful interference. This device must accept any interference received, incl uding interference that m ay cause unde[...]
-
Page 4
Prestige 334W User’s Gui de iv Information for Canadian Users Information for Canadian Users The Industry Canada label identifies certified equipmen t. This certification means that the equipment meets certain telecommunications network pr otective, op eration, and safety requirements. The Industr y Canada does not guarantee that the equipment w [...]
-
Page 5
Prestige 334W User’s Gui de Warranty v ZyXEL Limited W arranty ZyXEL warrants to the original end us er (purchaser) that this product is free from any defects in materials or workmanshi p for a peri od of up t o two years fr om the date of purchase. During the warranty pe riod, and u pon proof of purchase, shoul d the prod uct have indi cations o[...]
-
Page 6
[...]
-
Page 7
Prestige 334W User’s Gui de vi Customer Support Customer Support When you contact your cu stomer support repr esenta tive please have t he followi ng inform ation ready: Please have th e following inf ormation re a dy when you contact custom er support. • Product model and serial num ber. • Warranty Information. • Date that you received you[...]
-
Page 8
Prestige 334W User’s Gui de Customer Support vii SUPPORT E-MAIL TELEPHONE 1 WEB SITE METHOD LOCATION SALES E-MAIL FAX 1 FTP SITE REGULAR MAIL support@zyxel.se +46 31 744 7700 www.zyx el.se SWEDEN sales@zyx el.se +46 31 744 7701 ZyXEL Communications A /S Sjöporten 4, 41764 Göteborg Sweden support@zyxel.fi +358-9-4780-8411 www.zyx el.fi FINLAND s[...]
-
Page 9
Prestige 334W User’s Gui de Table of Contents ix T able of Content s Copyright...................................................................................................................... ................................ii Federal Communications Commission (FCC) Interfer en ce S tatemen t................................................. [...]
-
Page 10
Prestige 334W User’s Gui de x Table of Contents 3.6.4 WA N MAC Address ............................................................................................................. 3-1 2 3.7 Basic Setup Complete ........................................................................................................... ...... 3-14 Chapter 4 Me dia[...]
-
Page 11
Prestige 334W User’s Gui de Table of Contents xi 7.4 Configurin g Roaming ............................................................................................................ ...... 7-6 7.4.1 Requirem ents for Roam ing .................................................................................................... 7-8 Chapter 8 W ir e[...]
-
Page 12
Prestige 334W User’s Gui de xii Table of Contents SUA/NA T and S tatic Route ....................................................................................................... ................... III Chapter 10 Network Addre ss T r anslation (NA T) Scr eens....................................................................... 10-1 10.1 NA T[...]
-
Page 13
Prestige 334W User’s Gui de Table of Contents xiii 13.3 The Firew all, NA T and Re mote Managem ent ..................................................................... 13-5 13.3.1 LAN-to-WAN rules ............................................................................................................. 13 -5 13.3.2 WAN-to-LA N rules ........[...]
-
Page 14
Prestige 334W User’s Gui de xiv Table of Contents 16.4.1 Dynamic Secure Gate way Address ....................................................................................... 16-3 16.5 Summary Scr een ................................................................................................................. .... 16-3 16.6 Keep Alive .....[...]
-
Page 15
Prestige 334W User’s Gui de Table of Contents xv 18.5 Monitor Scre en ................................................................................................................. .... 18-13 Chapter 19 Maintenance ......................................................................................................... .................. 19-1 [...]
-
Page 16
Prestige 334W User’s Gui de xvi Table of Contents 24.1 Intr oduction to I nternet Access Setup ................................................................................... 24-1 24.2 Ethernet Enc apsulation ......................................................................................................... .2 4 - 1 24.3 Configuring t h[...]
-
Page 17
Prestige 334W User’s Gui de Table of Contents xvii 30.2.2 Configuring a TCP/IP Filter Ru le ........................................................................................ 30-6 30.2.3 Configuring a Generi c Filter Ru le ...................................................................................... 30-11 30.3 Example Filte r .....[...]
-
Page 18
Prestige 334W User’s Gui de xviii Table of Contents 34.3.2 Restore Using FTP Se ssion Exam ple .................................................................................... 34-8 34.4 Uploading Firmwar e and Co nfigur ation Files ..................................................................... 34-8 34.4.1 Firmware File Upl oad ........[...]
-
Page 19
Prestige 334W User’s Gui de Table of Contents xix Appendix G Wir eless L AN W ith I EEE 802. 1x ....................................................................................... .. G-1 Appendix H T y pes of EAP Authentication ......................................................................................... ....... H-1 Appendix I Ant[...]
-
Page 20
[...]
-
Page 21
Prestige 334W User’s Gui de List of Figures xxi List of Figures Figure 1-1 Secure Internet Access vi a Cable, DS L or W i reless Modem ........................................................ 1-6 Figure 1-2 VP N Application ..................................................................................................... ..................... [...]
-
Page 22
Prestige 334W User’s Gui de xxii List of Figures Figure 8-6 Wi reless: WP A-PSK ................................................................................................... ................. 8-11 Figure 8-7 WP A with RADI U S Application Example ................................................................................. .8 - 1 4 Figu[...]
-
Page 23
Prestige 334W User’s Gui de List of Figures xxiii Figure 14-7 Remote Management: DNS............................................................................................. ....... 14-12 Figure 14-8 Security........................................................................................................... ........................ 14-[...]
-
Page 24
Prestige 334W User’s Gui de xxiv List of Figures Figure 19-15 Sy stem Restart.................................................................................................... ................... 19-12 Figure 20-1 Login Screen ....................................................................................................... ...............[...]
-
Page 25
Prestige 334W User’s Gui de List of Figures xxv Figure 28-10 NA T Exam ple 1 ..................................................................................................... ............... 28-10 Figure 28-1 1 Menu 4 Intern et Access & NA T Exam ple.............................................................................. 28-1 1 Figu[...]
-
Page 26
Prestige 334W User’s Gui de xxvi List of Figures Figure 33-9 LA N & W AN DHCP..................................................................................................... .......... 33-10 Figure 34-1 T elnet in Menu 24.5 ................................................................................................ ..................[...]
-
Page 27
Prestige 334W User’s Gui de List of T ables xxvii List of T ables T able 2-1 Scre ens Sum mary...................................................................................................... ..................... 2-3 T able 3-1 W izard 2: W ireless LA N Setup ..................................................................................[...]
-
Page 28
Prestige 334W User’s Gui de xxviii List of Tables T able 9-6 W AN: T raffic Redirect .................................................................................................................... 9-13 T able 10-1 NA T Defin itions ..................................................................................................... .........[...]
-
Page 29
Prestige 334W User’s Gui de List of T ables xxix T able 19-1 Main tenance S tatus .................................................................................................. .................. 19-2 T able 19-2 Maintenanc e Syst em S tatistics ....................................................................................... ..........[...]
-
Page 30
Prestige 334W User’s Gui de xxx List of Tables T able 32-2 Menu 23.4 Syst em Security : IEEE802 .1x .............................................................................. ... 32-4 T able 33-1 System Maintena nce: S tatus Menu Fi elds .............................................................................. .... 33-2 T able 33-2 Menu [...]
-
Page 31
Prestige 334W User’s Gui de Preface xxxi Preface About This User's Manual Congratulations on your purchase of the Prestige 334 802.11g W ireless Broadband Router w ith Firewall. This manual is designed to gu ide you through the config ur ation of your Prestige for its various applications. Use the web configurator , System Management T ermin[...]
-
Page 32
Prestige 334W User’s Gui de xxxii Preface • The version number on the title page is the latest firm ware version that is documented in this User’s Guide . Earlier versi ons may also be included. • “Enter” means for you t o type one or more charact ers and press the carriage return. “Select” or “Choose” means for you t o use one [...]
-
Page 33
Getting S tarted I Part I: Getting Started This part help s you get to know your Prestige, in troduces the web configurator and covers how to configure the Wizard Setup screens.[...]
-
Page 34
[...]
-
Page 35
Prestige 334W User ’s Gui de Getting to Know Y our Prestige 1-1 Chapter 1 Getting to Know Your Prestige This chapter introduces the main features and applications of the Prestige. 1.1 Prestige Internet Secu rity Gateway Overview The Prestige is the ideal secure gateway for all data passing betwee n the Internet a nd LAN’s. By integrating NAT, f[...]
-
Page 36
Prestige 334W User ’s Gui de 1-2 Getting to Know Y our Prestige 1.2.2 Non-Physical Features Media Bandwidth Management ZyXEL’s Medi a Bandwidth M anagement all ows you to speci fy bandwidt h classes based o n an application and/or subnet. You can alloc ate speci fic am ounts of bandwidth capacity (bandwidt h budgets ) to different bandwidth cla[...]
-
Page 37
Prestige 334W User ’s Gui de Getting to Know Y our Prestige 1-3 IEEE 802.11b Data Rate (Mbps) Modulation 1 DBPSK (Differential Binar y Phase Shift Keyed) 2 DQPSK (Differential Quadrature Phase Shif t Keying ) 5.5 / 11 CCK (Complementary Code Ke ying) The Prestige may be prone to RF (Radio Frequen cy) interference from other 2.4 GHz devices such a[...]
-
Page 38
Prestige 334W User ’s Gui de 1-4 Getting to Know Y our Prestige Dynamic DNS Support With Dynam ic DNS (Dom ain Name Syst em) support, you can have a st atic hostnam e alias for a dynam ic IP address, allowing the host t o be more easily acce ssible from various locations on the Internet. You must register for this service with a Dynamic DNS servi[...]
-
Page 39
Prestige 334W User ’s Gui de Getting to Know Y our Prestige 1-5 Any IP The Any IP feature allows a computer to access the In ternet without ch anging the network setting s (such as IP address and subnet m ask) of the computer, when the IP addresses of t he computer an d the Prestige are not in the same subnet. Full Network Management The embedded[...]
-
Page 40
Prestige 334W User ’s Gui de 1-6 Getting to Know Y our Prestige 1.3.1 Secure Broadband Internet Access via Cable or DSL Modem You can connect a cable m odem, DSL or wireless m ode m to the Prestige for broa dband Internet access via an Ethernet or a wireless port on the modem . The Pr estige guarantees not only high speed Internet access, but sec[...]
-
Page 41
Prestige 334W User ’s Gui de Getting to Know Y our Prestige 1-7 1.3.3 Internet Access Application Add a wireless LAN to your existing network without expensive network cabl es. Wireless st ations can move freely a nywhere in t he coverage are a and use re sources on the wired network. Figure 1-3 Internet Access Application Example[...]
-
Page 42
[...]
-
Page 43
Prestige 334W User ’s Gui de Introducing the W eb Configurator 2-1 Chapter 2 Introducing the Web Configurator This chapter describes how to access the Prestige we b configurator and provides an overview of its screens. 2.1 Web Configurator Overview The embedded we b configurat or allows you to manage the Prestige from anywhere thro ugh a browser [...]
-
Page 44
Prestige 334W User ’s Gui de 2-2 Introducing the W eb Configurator Step 6. You should now see the MAIN M ENU screen (see Figure 2- 2 ). The management session automa tically times out w hen the time period set in the Administrator Inactivity T imer field expires (default five minutes). Simply log back into the Prestige if this happens to y ou. 2.[...]
-
Page 45
Prestige 334W User ’s Gui de Introducing the W eb Configurator 2-3 Figure 2-2 The MAIN MENU Screen of the Web Co nfigurator 2.3.2 Navigation Panel After you ent er the passwor d, use the sub-m enus on the navigation pa nel to configure Prestige features. The followin g table describes the sub-m enus. Table 2-1 Screens Summary LINK TA B FUNCTION W[...]
-
Page 46
Prestige 334W User ’s Gui de 2-4 Introducing the W eb Configurator Table 2-1 Screens Summary LINK TA B FUNCTION DDNS Use this screen to set up dynamic DNS. Password Use this screen to change your pass word. Time Zone Use this screen to change your Prestige’s time and date. IP Use this screen to configure LAN DHCP, TCP/IP settings and to enable [...]
-
Page 47
Prestige 334W User ’s Gui de Introducing the W eb Configurator 2-5 Table 2-1 Screens Summary LINK TA B FUNCTION Settings Use this screen to activate/deactivate the firewall and log pa ckets related to firewall rules. Filter This screen allows you to blo ck sites containing certain keywords i n the URL and set the days and times for the Prestige t[...]
-
Page 48
Prestige 334W User ’s Gui de 2-6 Introducing the W eb Configurator Table 2-1 Screens Summary LINK TA B FUNCTION DHCP Table This screen dis plays DHCP (Dynamic Host Configuration Pr otocol) related information and is READ-ONLY. Any IP Use this screen to allow a computer to access the Internet without changing the network settings of the computer, [...]
-
Page 49
Prestige 334W User ’s Gui de Wizard Setup 3-1 Chapter 3 Wizard Setup This chapter provides information on the Wiza rd Setup screens in the web configurator. 3.1 Wizard Setup Overview The web configur ator’s setup wizard helps yo u config ure your device to access the Internet. T he second screen has thre e variations de pending on what encapsul[...]
-
Page 50
Prestige 334W User ’s Gui de 3-2 Wizard Setup Figure 3-1 Wizard 1: General Setup 3.3 Wizard Setup: Screen 2 Set up your wireless LAN using th e second wizard screen. Figure 3-2 Wizard 2: Wireless LAN Setup The following table describes the fields in this screen.[...]
-
Page 51
Prestige 334W User ’s Gui de Wizard Setup 3-3 Table 3-1 Wizard 2: Wireless LAN Setup LA BE L DESCRIPTION ESSID Enter a descriptive name (up to 32 printable 7- bit ASCII characters) for the wireless LAN. If you change this field on the Prestige, make sure all wireless stations use the same ESSID in order to access the network. Choose Channel ID To[...]
-
Page 52
Prestige 334W User ’s Gui de 3-4 Wizard Setup Figure 3-3 Wizard 3: Wireless LAN Setup: Basic Security The following table describes the labels in this screen. Table 3-2 Wizard 3: Wireless LAN Setup: Basic Security WEP Encryption Select 64-bit WEP or 128-bit WEP to allow data encryption. ASCII Select this option in order to enter ASCII characters [...]
-
Page 53
Prestige 334W User ’s Gui de Wizard Setup 3-5 If you choose Extend security in the Wireless LAN Setup screen, you can set up a Pre-Shared Key . Figure 3-4 Wizard 3: Wireless LAN Setup: Extend Security The following table describes the labels in this screen. Table 3-3 Wizard 3: Wireless LAN Setup: Extend Security Pre-Shared Key Type from 8 to 31 c[...]
-
Page 54
Prestige 334W User ’s Gui de 3-6 Wizard Setup Figure 3-5 Wizard 4: Ethernet Encapsulation The following table describes the fields in this screen. Table 3-4 Wizard 4: Ethernet Enca psulation LA BE L DESCRIPTION ISP Parameters fo r Internet Access Encapsulation You must choo se the Ethernet option when the WAN port is used as a reg ular Ethernet. [...]
-
Page 55
Prestige 334W User ’s Gui de Wizard Setup 3-7 Table 3-4 Wizard 4: Ethernet Enca psulation LA BE L DESCRIPTION Relogin Every (min) This field only app lies when you select Telia Login in the Service Ty pe field. The Telia server logs the Prestige out if the Pres tige does not lo g in periodically. T ype the number of minutes from 1 to 59 (30 defau[...]
-
Page 56
Prestige 334W User ’s Gui de 3-8 Wizard Setup Figure 3-6 Wizard 4: PPPoE Encapsulation The following table describes the fields in this screen. Table 3-5 Wizard 4: PPPoE Encapsulation LABEL DESCRIPTION ISP Parameter for Internet Access Encapsulation Choose PPP over Ethernet from the pull-do wn list box. PPPoE forms a dial-up connection. Service N[...]
-
Page 57
Prestige 334W User ’s Gui de Wizard Setup 3-9 Table 3-5 Wizard 4: PPPoE Encapsulation LABEL DESCRIPTION Back Click Back to return to the previous screen. 3.5.3 PPTP Encapsulation Point-to-Poi nt Tunnelin g Protocol (P PTP) is a netw ork protocol t hat enable s transfers of data from a re mote client to a private server, crea ting a Virtual Pr iva[...]
-
Page 58
Prestige 334W User ’s Gui de 3-10 Wizard Setup Table 3-6 Wizard 4: PPTP Encapsulation LABEL DESCRIPTION ISP Parameters fo r Internet Access Encapsulation Select PPTP from the drop-down list box. User Name Type the user name given to yo u by your ISP. Password Type the password associated with the User Name above. Nailed-Up Connection Select Naile[...]
-
Page 59
Prestige 334W User ’s Gui de Wizard Setup 3-1 1 Table 3-7 Private IP Address Ranges 10.0.0.0 - 10. 255.255.255 172.16.0.0 - 172.31.255.255 192.168.0.0 - 192. 168.255.255 You can obt ain your IP a ddress from the IANA, from an ISP o r have it assigne d by a pri vate network. If you belong to a small organization and your Internet access is t hroug[...]
-
Page 60
Prestige 334W User ’s Gui de 3-12 Wizard Setup The Prestige can get the DNS server addresses in the following ways. 1. The ISP tells you the DNS server addresses, usually in th e form of an information sheet, when you sign up. If your ISP gives you DN S server addresses, e nter them in the DNS Se rver fields in DHCP Setup. 2. If the ISP di d not [...]
-
Page 61
Prestige 334W User ’s Gui de Wizard Setu p 3-13 Figure 3-8 Wizard 5: WAN Setup The following table describes the fields in this screen. Table 3-9 Wizard 5: WAN Setup LA BE L DESCRIPTION WAN IP Address Assignment Get automatically from ISP Select this option If your ISP did not assign you a fixed IP address. T his is the default selection. Use fix[...]
-
Page 62
Prestige 334W User ’s Gui de 3-14 Wizard Setup Table 3-9 Wizard 5: WAN Setup LA BE L DESCRIPTION System DNS Server Address Assignment (if applicable) DNS (Domain Name System) is for mapping a domain name to its corresponding IP ad dress and vice versa. The DNS server is extremely important becaus e without it, you must know the IP address of a co[...]
-
Page 63
Prestige 334W User ’s Gui de Wizard Setu p 3-15 Figure 3-9 Wizard Finish Well done! You have successfully set up your Prestige to operate on your network an d access the Internet.[...]
-
Page 64
[...]
-
Page 65
Prestige 334W User ’s Gui de Bandwidth M anagement Setup 4-1 Chapter 4 Media Bandwidth Management Setup This chapter provides information on the bandwidth management setup screens in the web configurator. 4.1 Media Bandwid th Management Setup Overview The web conf igurator’s BW SETUP allows you to specify ba ndwidth cla sses based on an a pplic[...]
-
Page 66
Prestige 334W User ’s Gui de 4-2 Bandwid th Management Setup Table 4-1 Media Bandwidth Managem ent Setup 1 LA BE L DESCRIPTION Active Select the Ac t i ve check bo x to have the Prestige apply ban dwidth management to traffic going out through the Prestige’s WAN, LAN or WLAN port. Managed Bandwidth (Kbps) Enter the amount of Managed Bandwidth i[...]
-
Page 67
Prestige 334W User ’s Gui de Bandwidth M anagement Setup 4-3 Table 4-2 Media Bandwidth Management Setup 2: Services LA BE L DESCRIPTION Choose Channel ID Create band width management classes by sele cting servic es from the list provided. XBox Live VoIP (SIP) FTP E-Mail eMule/eDonkey WWW For a detailed description of these[...]
-
Page 68
Prestige 334W User ’s Gui de 4-4 Bandwid th Management Setup Table 4-3 Media Bandwidth Management Setup 3: Service Priority LA BE L DESCRIPTION Service These fields display the serv ic es selected in the previous screen. Priority Select High , Mid or Low priority for each service to have your Prestige use a priorit y for traffic that matches that[...]
-
Page 69
System, LAN, WLAN and WAN II Part II: System, LAN, WLAN and WAN This part covers config uration of t he system, LAN, WLAN and W AN screens.[...]
-
Page 70
[...]
-
Page 71
Prestige 334W User’s Gui de System Screens 5-1 Chapter 5 System Screens This chapter provides information on the System screens. 5.1 System Overview See the Wizard Setup cha pter for more infor mation on the next few screens. 5.2 Configuring General Setup Click SYSTEM to open the General screen. Figure 5-1 System General Setup[...]
-
Page 72
Prestige 334W User’s Gui de 5-2 System Screens The following table describes the labels in this screen. Table 5-1 System General Setup LABEL DESCRIPTION System Name Choose a descriptive name for i dentification purposes. It is recommended you enter your computer’s “Computer name” in this fiel d (see the Wizard Setup chapter for how to find [...]
-
Page 73
Prestige 334W User’s Gui de System Screens 5-3 5.3 Dynamic DNS Dynamic DNS allows you to update your curr ent dynamic IP address with one or many dynamic DNS services so that anyone can c ontact you (in NetMee ting, CU-SeeMe, etc.). Yo u can also a ccess your FTP server or We b site on yo ur own comput er using a dom ain name (fo r instance m yho[...]
-
Page 74
Prestige 334W User’s Gui de 5-4 System Screens Figure 5-2 DDNS The following table describes the labels in this screen. Table 5-2 DDNS LABEL DESCRIPTION Active Select this che ck box to use dynamic DNS. Service Provider Select the name of your Dynamic DNS service provi der. DDNS Type Select the t ype of service that you are register ed for from y[...]
-
Page 75
Prestige 334W User’s Gui de System Screens 5-5 Table 5-2 DDNS LABEL DESCRIPTION Host Names 1~3 Enter the host names in the three fields provided. You can specif y up to two host names in each field separated by a comma (","). User Enter your user name. Password Enter the password assigned to you. Enable Wildcard Select the check box to [...]
-
Page 76
Prestige 334W User’s Gui de 5-6 System Screens Figure 5-3 Password The following table describes the labels in this screen. Table 5-3 Password LABEL DESCRIPTION Old Password Type the default password or the ex isting p assword you use to access the system in this field. New Password Type the ne w password in this field. Retype to Confirm T ype th[...]
-
Page 77
Prestige 334W User’s Gui de System Screens 5-7 Figure 5-4 Time Setting The following table describes the labels in this screen. Table 5-4 Time Setting LABEL DESCRIPTION Use Time Server when Boo tup Select the time service protocol that y our time server sends when you turn on the Prestige. Not all time servers support all pr otocols, so you may h[...]
-
Page 78
Prestige 334W User’s Gui de 5-8 System Screens Table 5-4 Time Setting LABEL DESCRIPTION Time Server IP Address Enter the IP address of your time server. Check with your ISP/network administrator if you are unsure of this information. Current Time This field displays the time of your Prestige. Each time you reload this page, the Presti ge s ynchro[...]
-
Page 79
Prestige 334W User’s Gui de LAN Screens 6-1 Chapter 6 LAN Screens This chapter describes how to configure LAN settings. 6.1 LAN Overview Local Area Network (L AN) is a shared comm unication sy stem to which many com puters are attached. The LAN screens can help you configure a LAN DHCP server , manag e IP addresses, and partition your physical ne[...]
-
Page 80
Prestige 334W User’s Gui de 6-2 LAN Screens These param eters should wor k for the m ajority of in stallations. If your ISP gi ves you explicit DNS server address(es), read the em bedded we b confi gurator help re garding w hat fields need to be configure d. 6.3.2 IP Address and Subnet Mask Refer to the IP Address and Subnet Mask section in the W[...]
-
Page 81
Prestige 334W User’s Gui de LAN Screens 6-3 6.4 Any IP Traditionally, you must set the IP addresses and the subnet masks of a computer and the Prestige to be in th e same subnet to allow the com puter to access the Inte rnet (through the Prestige ). In cases where your computer is required to use a static IP address in an other network, y ou may [...]
-
Page 82
Prestige 334W User’s Gui de 6-4 LAN Screens Y ou must enable NA T/SUA to use the Any IP featu re on the Prestige. 6.4.1 How Any IP W orks Address Resol ution Prot ocol (ARP) i s a protocol for mappi ng an Inter net Protocol address (IP ad dress) to a physical machine address, also known as a Media Access Control or MAC address, on the local area [...]
-
Page 83
Prestige 334W User’s Gui de LAN Screens 6-5 Figure 6-2 IP The following table describes the fields in this screen. Table 6-1 IP LABEL DESCRIPTION DHCP Server DHCP (Dynamic Host Configurat ion Protocol, RFC 2131 and RFC 2132) allows individual clients (computers) to obtain T CP/ IP configuration at st artup from a server. Leave the DHCP Ser ver ch[...]
-
Page 84
Prestige 334W User’s Gui de 6-6 LAN Screens Table 6-1 IP LABEL DESCRIPTION Pool Size This field specifies the size, or count of the IP address p ool. DNS Servers Assigned by DHCP Server The Prestige passes a DNS (Domain Nam e System) serv er IP address (in the order you s pecify here) to the DHCP clients. The Prestige only passes this informa tio[...]
-
Page 85
Prestige 334W User’s Gui de LAN Screens 6-7 Table 6-1 IP LABEL DESCRIPTION RIP Direction RIP (Routing Information Protocol, RFC1058 and RF C 1389) allows a router to exchange routing inform ati on with other routers. The RIP Direction field controls the sending and receiving of RIP packets . Select the RIP direction from Both / In Only / Out Only[...]
-
Page 86
Prestige 334W User’s Gui de 6-8 LAN Screens Table 6-1 IP LABEL DESCRIPTION Allow from LAN to WAN Select this check box to forward NetBIOS packets from the LAN to the WAN and from the WAN to the LAN. If your firewall is enabled with the default polic y set to block WAN to LAN traffic, you also need to enable the def ault WAN to LAN firewall rule t[...]
-
Page 87
Prestige 334W User’s Gui de LAN Screens 6-9 Table 6-2 Static DHCP LABEL DESCRIPTION # This is the index number of th e Static IP table entry (row). MAC Address Type the MAC address ( with colons) of a computer on your LAN. IP Address This field specifies the size, or count of the IP address p ool. Apply Click Apply to save your changes back to th[...]
-
Page 88
Prestige 334W User’s Gui de 6-10 LAN Screens Table 6-3 IP Alias LABEL DESCRIPTION IP Alias 1,2 Select the ch eck box to conf igure anoth er LAN network for the Prestige. IP Address Enter the IP address of your Prestige i n dotted decimal notation. IP Subnet Mask Your Prestige will automatically calculate the subnet mask based on the IP address th[...]
-
Page 89
Prestige 334W User’s Gui de Wireless Configuration and Roamin g 7-1 Chapter 7 Wireless Configuration and Roaming This chapter discusses how to configure the Wireless and Roaming screen s on the Prestige. 7.1 Wireless LAN Overview This section introduces the wireless LA N(WLAN) and so me bas ic scenar ios. 7.1.1 IBSS An Independent Basic Service S[...]
-
Page 90
Prestige 334W User’s Gui de 7-2 Wireless Configuration and Roaming Figure 7-2 Basic Service set 7.1.3 ESS An Extended Service Set (ESS) consists of a series of overlappi ng BSSs, each contai ning an access point, with each access point conne cted together by a wired ne twork. This wired connection between APs is called a Distribution System (DS).[...]
-
Page 91
Prestige 334W User’s Gui de Wireless Configuration and Roamin g 7-3 Figure 7-3 Extended Service Set 7.2 Wireless LAN Basics Refer also to the Wizard Setup chapter for more backgro und information on Wireless LAN features, suc h as channels. 7.2.1 RTS/CTS A hidden node occurs when two stati ons are within range of the sam e acce ss point, but are [...]
-
Page 92
Prestige 334W User’s Gui de 7-4 Wireless Configuration and Roaming Figure 7-4 RTS/CTS When station A sends data to the Prestige, it migh t not know that station B is already using the channel . If these two stations send data at the same time, co llisions may occur when both sets of data arrive at the AP at the same time, resulting in a loss of m[...]
-
Page 93
Prestige 334W User’s Gui de Wireless Configuration and Roamin g 7-5 A large Fragmentation Threshold is recommended for networks no t prone to interferen ce while you should set a smaller t hreshold for b usy networks or networks t hat are prone to inte rference. If the Fragmentation Thres hold value is smaller than th e RTS/CTS value (see previou[...]
-
Page 94
Prestige 334W User’s Gui de 7-6 Wireless Configuration and Roaming Table 7-1 Wireless LABEL DESCRIPTION ESSID (Extended Ser vice Set IDentity) The ESSI D identifi es the Service Set with which a wireless station is associated . Wireless stations associating to the access point (AP) must have the same ESSID. Enter a descrip tive name (up to 32 pri[...]
-
Page 95
Prestige 334W User’s Gui de Wireless Configuration and Roamin g 7-7 The roaming feature on the access po ints allows the access points to rela y inform ation about the wireless stations to eac h other. When a wireless stat ion moves fr om a coverage are a to another , it scans and uses the channel of a new access point, which t hen informs th e a[...]
-
Page 96
Prestige 334W User’s Gui de 7-8 Wireless Configuration and Roaming 7.4.1 Requirement s for Roaming The following requirements must be met in order for wi reless stations to roam between t he coverage ar eas. 1. All the access points m ust be on the same subnet and configure d with the sam e ESSID. 2. If IEEE 802.1x user authentication is ena bled[...]
-
Page 97
Prestige 334W User’s Gui de Wireless Configuration and Roamin g 7-9 Table 7-2 Roaming LABEL DESCRIPTION Port Enter the port number to communic ate roaming information between APs. The port number must be the same on all APs. The defaul t is 3517. Make sure this port is not used by other services. Apply Click Apply to save your changes back to the[...]
-
Page 98
[...]
-
Page 99
Prestige 334W User’s Gui de Wireless Security 8-1 Chapter 8 Wireless Security This Chapter describes how to use the MAC F ilter, 802.1x, Local User Database and RADIUS to configure wireless security on your Prestige. 8.1 Wireless Security Overview Wireless security is vital to your network to prot ect wireless communicati on between wireless stat[...]
-
Page 100
Prestige 334W User’s Gui de 8-2 Wireless Security Figure 8-2 Wireless: No Security The following table describes the labels in this screen. Table 8-1 Wireless: No Security LABEL DESCRIPTION Security Choose from one of the securit y features listed in the drop-down box. No Security Static WEP WPA-PSK WPA 802.1x + Dynamic WEP ?[...]
-
Page 101
Prestige 334W User’s Gui de Wireless Security 8-3 Table 8-1 Wireless: No Security LABEL DESCRIPTION 802.11 Mode Select 802.11b Only to allow only IEEE 802.11b compliant WLAN devices to associate with the Prestige. Select 802.11g Only to allow only IEEE 802.11g compliant WLAN devices to associate with the Prestige. Select Mixed to allow either IEE[...]
-
Page 102
Prestige 334W User’s Gui de 8-4 Wireless Security Table 8-2 Wireless Security Relational Matrix AUTHENTICATION METHOD/ KEY MANAGEMENT PROTOCOL ENCRYPTION METHOD ENTER MA NUA L KEY IEEE 802.1X Yes Enable without Dynamic WEP Key Yes Disable WPA WEP No Enable WPA TKIP No Enable WPA-PSK WEP Yes Enable WPA-PSK TKIP Yes Enable 8.3 WEP Overview WEP (Wir[...]
-
Page 103
Prestige 334W User’s Gui de Wireless Security 8-5 Figure 8-3 WEP Authentication Steps Open system authentication i nvolves an une ncrypted t wo-message proce dure. A wireles s station sends an open system authentication request to the AP, which will then automatically accep t and connect the wi reless station to the network. In effect, open syste[...]
-
Page 104
Prestige 334W User’s Gui de 8-6 Wireless Security 8.3.3 Preamble T ype A preamble is used to synchro nize the transmission ti ming in your wireless network. There ar e two preamble modes: Long and Short . Short pream ble takes less tim e to process and minimi zes overhead, so i t should be use d in a good wi reless network en vironment whe n all [...]
-
Page 105
Prestige 334W User’s Gui de Wireless Security 8-7 Figure 8-4 Wireless: Static WEP Encryption The following table d escribes the wireless LAN security lab els in this screen. Table 8-3 Wireless: Static WEP Encr yption LABEL DESCRIPTION WEP Encryption Select 64-bit WEP or 128-bit WEP to enable data encrypti on. Authentication Method This field is a[...]
-
Page 106
Prestige 334W User’s Gui de 8-8 Wireless Security Table 8-3 Wireless: Static WEP Encr yption LABEL DESCRIPTION Hex Select this option in order to enter hexa decimal characters as the WEP keys. The preceding "0 x", that identifies a hexadec imal key, is entered a utomatically. Key 1 to Key 4 The WEP keys are used to encr ypt data. Both t[...]
-
Page 107
Prestige 334W User’s Gui de Wireless Security 8-9 8.5.1 User Authentication WPA applies IEEE 802.1x a nd Extensible Authenticati on Protocol (EAP) to authenticate wireless clients using an exte rnal RADIUS database. You can’t use the Prestige’s Local User Database for WPA authentication purposes since the Local User Database uses EAP M D5, wh[...]
-
Page 108
Prestige 334W User’s Gui de 8-10 Wireless Security Step 3. The AP derive s and distrib utes keys t o the wireless cli ents. Step 4. The AP and wireless clients use the TKIP encryp ti on process to e ncrypt da ta exchanged between them. Figure 8-5 WPA - PSK Authentica tion 8.6 Configuring WP A-PSK Authentication In order to configure and enable WP[...]
-
Page 109
Prestige 334W User’s Gui de Wireless Security 8-11 Figure 8-6 Wireless: WPA-PSK The following table describes the labels in this screen. Table 8-4 Wireless: WPA-PSK LABEL DESCRIPTION Pre-Shared Key T he encryption mechanisms used for WP A and WPA -PSK are the same. The only difference between the t wo is that WPA-PSK uses a simple common password[...]
-
Page 110
Prestige 334W User’s Gui de 8-12 Wireless Security Table 8-4 Wireless: WPA-PSK LABEL DESCRIPTION ReAuthentication Timer (in seconds) Specify how often wireless stations have to reenter usern ames and passwords in order to stay connected. Enter a time interval bet ween 10 and 9999 seconds. The default time interval is 1800 seconds (30 minutes). If[...]
-
Page 111
Prestige 334W User’s Gui de Wireless Security 8-13 8.7 Wireless Client WP A Supplicant s A wireless client supplicant is the software that runs on an operatin g system instructing the wi reless client how to use WPA. At the time of writing, the most widely available supplicants are the WPA patch fo r Windows XP, Funk Softwar e's Odyssey clie[...]
-
Page 112
Prestige 334W User’s Gui de 8-14 Wireless Security Figure 8-7 WPA with RADIUS Application Example 8.8 Configuring WP A Authentication In order to configure and en able WPA Authentication; click th e WIRELESS lin k under ADVANCED to display the Wireless screen. Select WPA from the Security list.[...]
-
Page 113
Prestige 334W User’s Gui de Wireless Security 8-15 Figure 8-8 Wireless: WPA The following table describes the labels in this screen. Table 8-5 Wireless: WPA LABEL DESCRIPTION ReAuthentication Timer (in seconds) Specify how often wireless stations have to reenter usern ames and passwords in order to stay connected. Enter a time interval bet ween 1[...]
-
Page 114
Prestige 334W User’s Gui de 8-16 Wireless Security Table 8-5 Wireless: WPA LABEL DESCRIPTION WPA Group Key Update Timer The WPA Group Key Update Timer is the rate at which the AP (if using WPA-PSK key management) or RADIUS server (if using WPA key management) sends a new group key out to all clients. The re-k eying process is the WPA equiv alent [...]
-
Page 115
Prestige 334W User’s Gui de Wireless Security 8-17 8.10 Dynamic WEP Key Exchange The AP m aps a unique key tha t is generate d with the RA DIUS server. T his key expires when the wi reless connection times out, disconnects or reauth entication times out. A new WEP key is generated each time reauthentication is performed. If this feature is enable[...]
-
Page 116
Prestige 334W User’s Gui de 8-18 Wireless Security Figure 8-9 Wireless: 802.1x and Dy namic WEP The following table describes the labels in this screen. Table 8-6 Wireless: 802.1x and Dy namic WEP LABEL DESCRIPTION ReAuthentication Timer (in seconds) Specify how often wireless stations have to reenter usern ames and passwords in order to stay con[...]
-
Page 117
Prestige 334W User’s Gui de Wireless Security 8-19 Table 8-6 Wireless: 802.1x and Dy namic WEP LABEL DESCRIPTION Dynamic WEP Key Exchange Select 64-bit WEP or 128-bit WEP to enabl e data encryption. Up to 32 stations ca n access the Prestige when you configure dyna mic WEP key exc hange.This field is not available when you set Security to WPA or [...]
-
Page 118
Prestige 334W User’s Gui de 8-20 Wireless Security Figure 8-10 Wireless: 802.1x and Static WEP The following table describes the labels in this screen. Table 8-7 Wireless: 802.1x and Static WEP LABEL DESCRIPTION WEP Encryption Select 64-bit WEP or 128-bit WEP to enable data encryption. Authentication Method This field is activated when yo u selec[...]
-
Page 119
Prestige 334W User’s Gui de Wireless Security 8-21 Table 8-7 Wireless: 802.1x and Static WEP LABEL DESCRIPTION ASCII Select this option in order to enter ASCII characters as the WEP key s. Hex Select this option in order to enter hexa decimal characters as the WEP keys. The preceding "0x", that ident ifies a hexadecimal key, is entered [...]
-
Page 120
Prestige 334W User’s Gui de 8-22 Wireless Security Table 8-7 Wireless: 802.1x and Static WEP LABEL DESCRIPTION Authentication Databases The authentication databas e cont ains wireless station login information. The local user database is the built-in databas e on th e Prestige. The RADIUS is an externa l server. Use this drop-down list box to sel[...]
-
Page 121
Prestige 334W User’s Gui de Wireless Security 8-23 Table 8-7 Wireless: 802.1x and Static WEP LABEL DESCRIPTION Apply Click Apply to save your changes back to the Prestige. Reset Click Reset to reload the pr evious configuration for this scre en. 8.13 Configuring 802.1x In order t o configure a nd enable 802.1x; cli ck the WIREL ESS link under ADV[...]
-
Page 122
Prestige 334W User’s Gui de 8-24 Wireless Security Table 8-8 Wireless: 802.1x and No WEP LABEL DESCRIPTION ReAuthentication Timer (in seconds) Specify how often wireless stations have to reenter usern ames and passwords in order to stay connected. Enter a time interval bet ween 10 and 9999 seconds. The default time interval is 1800 seconds (30 mi[...]
-
Page 123
Prestige 334W User’s Gui de Wireless Security 8-25 Table 8-8 Wireless: 802.1x and No WEP LABEL DESCRIPTION 802.11 Mode Select 802.11b Only to allow only IEEE 802.11b com pliant WLAN devices to associate with the Prestige. Select 802.11g Only to allow only IEEE 802.11g compliant WLAN devices to associate with the Prestige. Select Mixed to allow ei[...]
-
Page 124
Prestige 334W User’s Gui de 8-26 Wireless Security Figure 8-12 MAC Address Filter The following table describes the labe ls in this menu. Table 8-9 MAC Address Filter LA BE L DESCRIPTION Active Select Yes from the drop down list box to enable MAC address filtering.[...]
-
Page 125
Prestige 334W User’s Gui de Wireless Security 8-27 Table 8-9 MAC Address Filter LA BE L DESCRIPTION Filter Action Define the filter action for t he list of MAC addresses in the MAC A ddress table. Select Deny Association to block access to the Prestige, MAC addresses not listed will be allowed to access the Prestige Select Allow Association to pe[...]
-
Page 126
Prestige 334W User’s Gui de 8-28 Wireless Security 8.16 Configuring Local User Dat abase To change your Prestig e’s local user datab ase, click the WIRELESS link un der ADVAN CED and then the Local User Database tab. The scr een app ears as show n. Figure 8-13 Local User Database[...]
-
Page 127
Prestige 334W User’s Gui de Wireless Security 8-29 The following table describes the labels in this screen. Table 8-10 Local User Database LABEL DESCRIPTION Active Select this option to activate the user profile. User Name Enter the user name (up to 31 characters) for this user profile. Password T ype a password (up to 31 characters) for this use[...]
-
Page 128
Prestige 334W User’s Gui de 8-30 Wireless Security • Access-Challenge Sent by a RADIUS server requesting m ore inform ation in order to allow access. The access point sends a proper response from the user and then sends another Access-Request m essage. The following types of RADIUS m essages are exchange d between t he access point and the R AD[...]
-
Page 129
Prestige 334W User’s Gui de Wireless Security 8-31 • The wireless station sends a “start” message to the Prestige. • The Prestige sends a “request identity” message to the wireless station for identity information. • The wireless station replies with identity information, including username and password. • The RADIUS serve r check[...]
-
Page 130
Prestige 334W User’s Gui de 8-32 Wireless Security Table 8-11 RADIUS LABEL DESCRIPTION Server IP Address Enter the IP address of the external authentication server in dotted dec imal notation. Port Number Enter the port number of the exte rnal authentication server. The default port number is 1812 . You need not change this value unl ess your net[...]
-
Page 131
Prestige 334W User’s Gui de WAN Screens 9-1 Chapter 9 WAN Screens This chapter describes how to configure WAN settings. 9.1 W AN Overview See the Wizard Setup chapter for more inform ation on the fields in the WAN screens. 9.2 TCP/IP Priority (Metric) The metric represents the "cost of transmission". A ro uter determines the best route [...]
-
Page 132
Prestige 334W User’s Gui de 9-2 WAN Scre ens Figure 9-1 WAN: Route The following table describes the lab els in this screen. Table 9-1 WAN: Route LABEL DESCRIPTION WAN Traf fic Redirect The default WAN connection is "1' as your broadband connection vi a the WAN port should always be your preferred method of accessing the WAN. T he defau[...]
-
Page 133
Prestige 334W User’s Gui de WAN Screens 9-3 Figure 9-2 Ethernet Encapsulation The following table describes the labels in this screen. Table 9-2 Ethernet Encapsulation LABEL DESCRIPTION Encapsulation You must choose the Ethernet opt ion when the WAN port is used as a regular Ethernet. Service Type Choose from Standard , Telst ra (RoadRunner Telst[...]
-
Page 134
Prestige 334W User’s Gui de 9-4 WAN Scre ens Table 9-2 Ethernet Encapsulation LABEL DESCRIPTION Apply Click Apply to save your changes back to the Prestige. Reset Click Reset to begin co nfiguring this screen afresh. 9.4.2 PPPoE Encapsulation The Prestige s upports PPPoE (Point-to- Point Protoc ol over Ethernet) . PPPoE is a n IETF Draft standard[...]
-
Page 135
Prestige 334W User’s Gui de WAN Screens 9-5 Figure 9-3 PPPoE Encapsulation The following table describes the labels in this screen. Table 9-3 PPPoE Encapsulation LABEL DESCRIPTION ISP Parameters fo r Internet Access Encapsulation The PPP over Ethernet choice is for a dial-up connection using PPPoE. The Prestige supports PPPoE (Point-to-Point Prot[...]
-
Page 136
Prestige 334W User’s Gui de 9-6 WAN Scre ens Table 9-3 PPPoE Encapsulation LABEL DESCRIPTION Nailed-Up Connection Select Nailed-Up Connection if you do not want the connection to time out. Idle Timeout This value specifies the time i n seco nds that elapses before the router automatically disconnects from the PPPoE server. Apply Click Apply to sa[...]
-
Page 137
Prestige 334W User’s Gui de WAN Screens 9-7 The following table describes the labels in this screen. Table 9-4 PPTP Encapsulation LABEL DESCRIPTION ISP Parameters fo r Internet Access Encapsulation Point-to-Point Tunneling Prot ocol (PPT P) is a network protocol that enabl es secure transfer of data from a remote client to a private server, creat[...]
-
Page 138
Prestige 334W User’s Gui de 9-8 WAN Scre ens Figure 9-5 WAN: IP The following table describes the labels in this screen. Table 9-5 WAN: IP LA BE L DESCRIPTION WAN IP Address Assignment Get automatically from ISP Select this option If your ISP did not assign you a fixed IP address. T his is the default selection. Use fixed IP address Select this o[...]
-
Page 139
Prestige 334W User’s Gui de WAN Screens 9-9 Table 9-5 WAN: IP LA BE L DESCRIPTION Remote IP Address Enter the Rem ote IP Address (if your I SP gave you one) in this field. Gateway/Remote IP Address Enter the gateway IP address (if your ISP gave you one) in this field if you selecte d Use Fixed IP Address . Network Address Translation Network Addr[...]
-
Page 140
Prestige 334W User’s Gui de 9-10 WAN Screens Table 9-5 WAN: IP LA BE L DESCRIPTION RIP Direction RIP (Routing Information Protocol) al lo ws a router to exchange routing inf ormation with other routers. The RIP Direction field controls the sending and receiv ing of RIP packets. Choose Both , None , In Only or Out Only . When set to Both or Out On[...]
-
Page 141
Prestige 334W User’s Gui de WAN Screens 9-11 Table 9-5 WAN: IP LA BE L DESCRIPTION Allow between WAN and LAN Select this check box to forward NetBIOS packets from the LAN to the WAN and from the WAN to the LAN. If your firewall is enabled with the default polic y set to block WAN to LAN traffic, you also need to enable the def ault WAN to LAN fir[...]
-
Page 142
Prestige 334W User’s Gui de 9-12 WAN Screens 9.7 T r affic Redirect Traffic redirect forwards WA N traffic to a backup gate way when the Prestige canno t connect to t he Internet through its normal gateway. Conn ect the backup gatewa y on the WAN so that the Prestige still provides firewall protect ion. Figure 9-7 Traffic Redirect WAN Se tup The [...]
-
Page 143
Prestige 334W User’s Gui de WAN Screens 9-13 9.8 Configuring T r affic Redirect To change your Prestige’s Traffic Redirect settin gs, click WAN , then the Traffic Redir ect tab. The screen appe ars as show n. Figure 9-9 WAN: Traffic Redirect The following table describes the labels in this screen. Table 9-6 WAN: Traffic Redirect LABEL DESCRIPTI[...]
-
Page 144
Prestige 334W User’s Gui de 9-14 WAN Screens Table 9-6 WAN: Traffic Redirect LABEL DESCRIPTION Check WAN IP Address Configuration of this field is optiona l. If yo u do not enter an IP address here, the Prestige will use the default gate way IP address. Configur e this field to test your Prestige' s WAN accessibility. Type the IP address of [...]
-
Page 145
NAT and Static Route III Part III: SUA/NAT and Static Route This part covers Network Address T r anslation and setting up static routes.[...]
-
Page 146
[...]
-
Page 147
Prestige 334W User’s Gui de NAT Screens 10-1 Chapter 10 Network Address Translation (NAT) Screens This chapter discusses how to configure NAT on the Prestige. 10.1 NA T Overview NAT (Network Address Tran slation - NAT, RFC 1631) is the translation of the IP addr ess of a host in a packet. For example, the so urce address of an outgoing pack et, u[...]
-
Page 148
Prestige 334W User’s Gui de 10-2 NAT Screens NA T never changes the IP address (either local or global) of an outside host. 10.1.2 What NA T Does In the simplest form, NAT changes the source IP address in a pac ket recei ved from a subscriber (the inside local address) t o another (the inside gl obal address) before for warding the packet t o the[...]
-
Page 149
Prestige 334W User’s Gui de NAT Screens 10-3 Figure 10-1 How NAT Works 10.1.4 NA T Application The following figure illu strates a possible NAT applicatio n, where three inside LANs (logical LANs using IP Alias) behind the Prestige can comm unicate with three distinct WAN networks. More examples follow at th e end of this chapter.[...]
-
Page 150
Prestige 334W User’s Gui de 10-4 NAT Screens Figure 10-2 NAT Application With IP Alias 10.1.5 NA T Mapping T ypes NAT supports five types o f IP/port m apping. They are: One to One : In One-to-One mode, the Pres tige maps one local IP address t o one global IP address. Many to One : In Many-to-One m ode, the Prestige maps multiple local I[...]
-
Page 151
Prestige 334W User’s Gui de NAT Screens 10-5 Many One-to-One : In Many-One-to-One mode, the Prestige m a ps each local IP address to a unique global IP address. Server : This type allows you to sp ecify inside server s of different services b ehind the NAT to be accessible to the outside world. Port numbers do not change for One-to-One an[...]
-
Page 152
Prestige 334W User’s Gui de 10-6 NAT Screens 10.2 Using NA T Y ou must create a fire wall rule in addition to setting up SUA/NA T , to allo w traffic from the W AN to be forwarded through the Prestige. 10.2.1 SUA (Single User Account) V ersus NA T SUA (Single User Account) is a ZyNOS implementati on of a su bset of NAT t hat supports t wo types o[...]
-
Page 153
Prestige 334W User’s Gui de NAT Screens 10-7 21. In some cases, such as for unknown services or wh ere one serve r can support more than one service (for example bot h FTP and web service), it m ight be bett er to specify a range of port numbers. In addition to the servers for specified services, NAT supports a default server. A service request t[...]
-
Page 154
Prestige 334W User’s Gui de 10-8 NAT Screens Figure 10-3 Multiple Servers Behind NAT Ex ample 10.4 Configuring SUA Server If you do not assign a Default Server IP Address, the Prestige di scards all p acket s received for port s that are not specifi ed in this screen or remote management. Click SUA/NAT to open the SUA Server s creen. Refer to Tab[...]
-
Page 155
Prestige 334W User’s Gui de NAT Screens 10-9 Figure 10-4 SUA/NAT Setup The following table describes the labels in this screen. Table 10-4 SUA/NAT Setup LABEL DESCRIPTION Default Server In addition to the servers for specified services, NAT supp orts a default server. A default server receives packets from ports that are not specified in this scr[...]
-
Page 156
Prestige 334W User’s Gui de 10-10 NAT Screens Table 10-4 SUA/NAT Setup LABEL DESCRIPTION # Number of an indivi dual SUA server entry. Active Select this check box to enable the SUA server entry. Clear this checkb ox to disallow forwarding of these ports to an inside server without having to delete the entry. Name Enter a name to identify this por[...]
-
Page 157
Prestige 334W User’s Gui de NAT Screens 10-11 Figure 10-5 Address Mapping The following table describes the labels in this screen. Table 10-5 Address Mapping LABEL DESCRIPTION Local Start IP This refers to the Inside Local Address (ILA), which is the starting local IP address. If the rule is for all local IP addresses, t hen this field displays 0[...]
-
Page 158
Prestige 334W User’s Gui de 10-12 NAT Screens Table 10-5 Address Mapping LABEL DESCRIPTION Type 1. One-to-One mode maps one local IP address to one global IP addr ess. Note that port numbers do not change for the One-to-one NAT mapping type. 2. Many-to-One mode maps multiple local IP addresses to one global IP address. T his is equivalent to SUA [...]
-
Page 159
Prestige 334W User’s Gui de NAT Screens 10-13 Table 10-6 Address Mapping Edit LABEL DESCRIPTION Type Choose the po rt mapping type from one of the following. 1. One-to-One : One-to-one mode maps one local IP addres s to one global IP address. Note that port numbers do not change for One-to-one NAT mapping type. 2. Many-to-One : Many-to-One mode m[...]
-
Page 160
Prestige 334W User’s Gui de 10-14 NAT Screens receives a response wit h a specific port num ber and pr otocol ("i ncoming" port), the Prestige forwards the traffic to the LAN IP address of the c omputer that sent t he request. After that com puter’s connection for that service closes, another com puter on the LAN can use th e service [...]
-
Page 161
Prestige 334W User’s Gui de NAT Screens 10-15 Only one LAN computer can use a trigger port (range) at a time. Figure 10-8 Trigger Port The following table describes the labels in this screen. Table 10-7 Trigger Port LABEL DESCRIPTION # This is the rule inde x number (read-only).[...]
-
Page 162
Prestige 334W User’s Gui de 10-16 NAT Screens Table 10-7 Trigger Port LABEL DESCRIPTION Name Type a uniqu e name (up to 15 characters) fo r identificatio n purposes. All characters are permitted - including spaces. Incoming Incoming is a port (or a range of ports) that a server on the WAN uses when it sends out a particular service. The Prestige [...]
-
Page 163
Prestige 334W User’s Gui de Static Route Screens 11-1 Chapter 11 Static Route Screens This chapter shows you how to configu re static routes for your Prestige. 11.1 S t atic Route Overview Each remote n ode specifies o nly the network t o which the gat eway is direct ly connected, an d the Prestige has no knowledge of the net works beyon d. For i[...]
-
Page 164
Prestige 334W User’s Gui de 11-2 Static Route Screens Figure 11-2 Static Route The following table describes the labels in this screen. Table 11-1 Static Route LABEL DESCRIPTION # Number of an individual static route. Name Name that des cribes or identifies this route. Active T his field shows whether this static route is active ( Yes ) or not ( [...]
-
Page 165
Prestige 334W User’s Gui de Static Route Screens 11-3 Figure 11-3 Static Route: Edit The following table describes the labels in this screen. Table 11-2 Static Route: Edit LABEL DESCRIPTION Route Name Enter the name of the IP static route. Leave this field b l ank to delete this static route. Active This field allo ws you to acti vate/deactivate [...]
-
Page 166
Prestige 334W User’s Gui de 11-4 Static Route Screens Table 11-2 Static Route: Edit LABEL DESCRIPTION Private T his parameter determines if the Prestige will include this route to a remote node in its RIP broadcasts. Select this check box to keep this route privat e and not included in RIP broadcasts. Clear this checkbox to propagate this r oute [...]
-
Page 167
UPnP and Firewall IV Part IV: UPnP and Firewall This part prov ides information and configuration in struction s for configuration of Universal Plug and Play , firewall and content filtering.[...]
-
Page 168
[...]
-
Page 169
Prestige 334W User’s Gui de UPnP 12-1 Chapter 12 UPnP This chapter introduces the Universal Plug and Play feature. 12.1 Universal Plug and Play Overview Universal Plug and Play (UPn P) is a distri buted, open net working standar d that uses TCP/ IP for simpl e peer-to-peer network connectiv ity between dev ices. A UP nP device can dynamically joi[...]
-
Page 170
Prestige 334W User’s Gui de 12-2 UPnP 12.1.3 Cautions with UPnP The automat ed nature of N AT traversal a pplications i n establishin g their own ser vices and ope ning fire wall ports may present networ k security issues . Network i nformation an d configurat ion may also be obtained and modifi ed by users in some netwo rk environm ents. All UPn[...]
-
Page 171
Prestige 334W User’s Gui de UPnP 12-3 Figure 12-1 Configuring UPnP The following table describes the labels in this screen. Table 12-1 Configuring UPnP LA BE L DESCRIPTION Enable the Universal Plug and Play (UPnP) feature Select this checkbox to activate UPnP. Be aware that anyone cou ld use a UPnP application to open the web config urator' [...]
-
Page 172
Prestige 334W User’s Gui de 12-4 UPnP 12.4 Inst alling UPnP in Windows Example This section shows how to install UPn P in Windows Me and Windows XP. 12.4.1 Inst alling UPnP in Windows Me Follow the steps below to install UPnP in Windo ws Me. Step 1. Click Start and Control Panel . Double-click Add/Remove Programs . Step 2. Click on th e Windows S[...]
-
Page 173
Prestige 334W User’s Gui de UPnP 12-5 Step 1. Click Start and Control Pan el . Step 2. Double-click Network Connections . Step 3. In the Network Connecti ons window, click Advanced in the main menu and select Optional Networking Components … . The Windows Opti onal Networki ng Components Wizard window displays. Step 4. Select Networking Service[...]
-
Page 174
Prestige 334W User’s Gui de 12-6 UPnP 12.5 Using UPnP in Windows XP Example This section sh ows you how t o use the UP nP feat ure in Windows XP. You must alread y have UPnP installed in Wind ows XP and UPnP activated on the ZyXEL device. Make sure the com puter is connected to a LAN port of the ZyXEL device. Turn on your com puter and the ZyXEL [...]
-
Page 175
Prestige 334W User’s Gui de UPnP 12-7 Step 3. In the Internet Connection Properties window, click Settings to see the port mappings that were aut omatically created. Step 4. You may edit or delete th e port mappings or cli ck Add to manually add port m appings.[...]
-
Page 176
Prestige 334W User’s Gui de 12-8 UPnP When the UPnP-enabled device is disconn ected from your computer , all port mappings will be deleted automaticall y . Step 5. Select the Show icon in notification area when connected check box and click OK . An icon displays in the system tray Step 6. Double- click the icon to display your cu rrent Internet c[...]
-
Page 177
Prestige 334W User’s Gui de UPnP 12-9 Step 1. Click Start and then Control Panel . Step 2. Double-click Network Connections . Step 3. Select My Network Places unde r Other Places . Step 4. An icon with the description for each UPnP-enabl ed device displa ys under Local Network . Step 5. Right-click the icon for yo ur ZyXEL device and sele ct Invo[...]
-
Page 178
Prestige 334W User’s Gui de 12-10 UPnP Step 6. Right-click the icon for yo ur ZyXEL device and sele ct Properties . A properties window displays with b asic information about the ZyXEL device.[...]
-
Page 179
Prestige 334W User’s Gui de Firewall 13-1 Chapter 13 Firewall This chapter gives som e background inform ation on firewalls and explains h ow to get started with the Prestige firewall. 13.1 Introduction What is a Firewall? Originally, the term firewal l referred to a construction techniqu e designed to prevent th e spread of fire from one room to[...]
-
Page 180
Prestige 334W User’s Gui de 13-2 Firewall Prestige can be used to pre vent theft, destr uction and m odificati on of data, as well as log e vents, which m ay be important to the securi ty of you r network. The Prestige is installed between th e LAN and a broadba nd modem connecting to the Internet. Th is allows it to act as a secure gateway for a[...]
-
Page 181
Prestige 334W User’s Gui de Firewall 13-3 13.2 Firewall Settings Screen From the MAIN MEN U , click FIREWALL to ope n the Settings screen. Figure 13-1 Fire w all: Settings The following table describes the labels in this screen. Table 13-1 Firewall: Settings LA BE L DESCRIPTION Enable Firewall Select this che ck box to activate the firewall. The [...]
-
Page 182
Prestige 334W User’s Gui de 13-4 Firewall Table 13-1 Firewall: Settings LA BE L DESCRIPTION LAN to WAN T o log packets related to fire wall rules, make sure that Access C ontrol under Log is selected in the Logs , Log Settings screen. Packets to Log Choose what LAN to WA N packets to log. Choose from: No Log Log Blocked (block ed LAN to W[...]
-
Page 183
Prestige 334W User’s Gui de Firewall 13-5 13.3 The Firewall, NA T a nd Remote Management Figure 13-2 Fire w all Rule Directions 13.3.1 LAN-to-W AN rules LAN-to-WAN rules are lo cal network to Internet firewall rule s. The default is to forward all traffic from your local network to the In ternet. How can you block certain LAN to WA N traffic ? Yo[...]
-
Page 184
Prestige 334W User’s Gui de 13-6 Firewall How can you forward certain WAN to LAN traffic ? You may allow traffic originating from the WAN to be forwarded to t he LAN by: Configu ring NAT port forward ing rules in the web co nfigurator SUA Server screen or SMT NAT menus. Configu ring One-to- One and Many-One-to-One NAT mapping rule s in th[...]
-
Page 185
Prestige 334W User’s Gui de Firewall 13-7 Figure 13-3 Fire w all: Filter The following table describes the labels in this screen. Table 13-2 Firewall: Filter LA BE L DESCRIPTION Restricted Web Features ActiveX ActiveX is a tool for building dynamic and act ive Web pages and distri buted object applications. When yo u visit an ActiveX Web site, Ac[...]
-
Page 186
Prestige 334W User’s Gui de 13-8 Firewall Table 13-2 Firewall: Filter LA BE L DESCRIPTION Java Java is a programming language and d evelopment environment for building downloadable Web compo nents or Internet and intranet business appl ications of all kinds. Cookies Web servers that track usage and provid e service based on ID use cookies . Web P[...]
-
Page 187
Prestige 334W User’s Gui de Firewall 13-9 Figure 13-4 Fire w all: Service The following table describes the labels in this screen. Table 13-3 Firewall: Service LA BE L DESCRIPTION Enable Services Blocking Select this check box to enable this feature. Available Service This is a list of pre-defined ser vices (ports) you may proh ibit your LAN comp[...]
-
Page 188
Prestige 334W User’s Gui de 13-10 Firewall Table 13-3 Firewall: Service LA BE L DESCRIPTION Blocked Service This is a list of services (ports) that will be inaccessible to c omputers on your LAN once you enable service b locking. Choose the IP port ( TCP , UDP or TCP / UDP ) that defines your customized por t from the drop do wn list box. Custom [...]
-
Page 189
Remote Management and VPN/IPSec V Part V: Remote Management and VPN/IPSec This part prov ides information and configurati on instruction s for configuration of remote management and VPN/IPSec.[...]
-
Page 190
[...]
-
Page 191
Prestige 334W User’s Gui de Remote Management Screens 14-1 Chapter 14 Remote Management Screens This chapter provides information on the Remote Management screens. 14.1 Remote Management Overview Remote management allows you to determine which services/protocols can acces s which Prestige interface (if any) fr om which c omputers . When you confi[...]
-
Page 192
Prestige 334W User’s Gui de 14-2 Remote Management Screens 14.1.1 Remote Management Limit ations Remote ma nagement ove r LAN or WAN will not work when: 1. A filter in SMT menu 3.1 (LAN) or in m enu 11.5 (WAN) is applied to block a Telnet, FTP or Web service. 2. You have di sabled that ser vice in one of the rem ote management screen s. 3. The IP[...]
-
Page 193
Prestige 334W User’s Gui de Remote Management Screens 14-3 Figure 14-1 Remote Man agement: WWW The following table describes the labels in this screen. Table 14-1 Remote Management: WWW LABEL DESCRIPTION Server Port You may chan ge the server port num ber for a service if ne eded, however you must use the same port number in order to us e that se[...]
-
Page 194
Prestige 334W User’s Gui de 14-4 Remote Management Screens 14.3 Configuring T elnet You can configure y our Prestige for remote Telnet acce ss as shown next. The adm inistrator uses Telnet from a computer on a rem ote ne twork to access the Prestige. Figure 14-2 Telnet Confi guration on a TCP/IP Network 14.4 Configuring TELNET Click REMOTE MGMT a[...]
-
Page 195
Prestige 334W User’s Gui de Remote Management Screens 14-5 Figure 14-3 Remote Management: Te lnet The following table describes the labels in this screen. Table 14-2 Remote Management: Telnet LABEL DESCRIPTION Server Port You may chan ge the server port num ber for a service if ne eded, however you must use the same port number in order to us e t[...]
-
Page 196
Prestige 334W User’s Gui de 14-6 Remote Management Screens 14.5 Configuring FTP You can uploa d and downl oad the Presti ge’s firmware a nd configuration files using FTP , please see the chapter on firmware and configuration file maintenance for details. To use this feature, your computer must have an FTP cl ient. To change your Prestige’s FT[...]
-
Page 197
Prestige 334W User’s Gui de Remote Management Screens 14-7 Table 14-3 Remote Management: FTP LABEL DESCRIPTION Secured Client IP Address A secured client is a “trusted” computer that is allowed to communicate with the Prestige using this service. Select Al l to allo w any computer to access the Prestige using this service. Choose Selected to [...]
-
Page 198
Prestige 334W User’s Gui de 14-8 Remote Management Screens SNMP is only available if TCP/IP is configured. Figure 14-5 SNMP Management Mod el An SNMP m anaged netwo rk consists of t wo ma in types of com ponent: agent s and a m anager. An agent is a manageme nt software mod ule that resides i n a managed d evice (the Pres tige). An agent translat[...]
-
Page 199
Prestige 334W User’s Gui de Remote Management Screens 14-9 SNMP itself i s a simple reque st/response pr otocol base d on the m anager/agent model . The ma nager issues a request and the agent returns responses usi ng the follo wing protoc ol operat ions: • Get - Allows the manager to retrieve an object variable from the agent. • GetNext - Al[...]
-
Page 200
Prestige 334W User’s Gui de 14-10 Remote Management Screens 14.6.3 Configuring SNMP To change your Prestige’s SNMP setting s, click RE MOTE MGMT , then the SNMP tab. The sc reen app ears as shown. Figure 14-6 Remote Management: SNMP The following table describes the labels in this screen.[...]
-
Page 201
Prestige 334W User’s Gui de Remote Management Screens 14-11 Table 14-5 Remote Management: SNMP LABEL DESCRIPTION SNMP Configuration Get Community Enter the Get Community , which is the password for the incoming Get and GetNext requests from the management station. T he default is public and al lows all requests. Set Community Enter the Set commun[...]
-
Page 202
Prestige 334W User’s Gui de 14-12 Remote Management Screens T o change your Prestige’ s DNS settings, click REMOTE MGMT , t hen the DNS tab. The screen appears as shown. Figure 14-7 Remote Management: DNS The following table describes the labels in this screen. Table 14-6 Remote Management: DNS LABEL DESCRIPTION Server Port The DNS service port[...]
-
Page 203
Prestige 334W User’s Gui de Remote Management Screens 14-13 14.8 Configuring Security T o change your Prestige’ s security settings, click REMOTE MG MT , then th e Security tab. The screen appe ars as show n. If an outside user attempts to probe an unsupported po rt on your Prestige, an ICMP response packet is automatically returned. This allow[...]
-
Page 204
Prestige 334W User’s Gui de 14-14 Remote Management Screens Table 14-7 Security LABEL DESCRIPTION Respond to Ping on The Prestige will not respond to an y incoming Ping requests when Disable is selected. Select LA N to reply to incoming LAN Pi ng requests . Select WA N to reply to incoming WAN Ping requests. Otherwise select L AN & WAN to rep[...]
-
Page 205
Prestige 334W User’s Gui de Introduction to IPSec 15-1 Chapter 15 Introduction to IPSec This chapter introduces the basics of IPSec VPNs 15.1 VPN Overview A VPN (Virt ual Private Net work) provi des secure com munications between sites without the expe nse of leased site-to-site lines. A secure VPN is a com bination of tunn eling, encryption, aut[...]
-
Page 206
Prestige 334W User’s Gui de 15-2 Introduction to IPSec Figure 15-1 Encryption and Dec ryption Data Confidentiality The IPSec sender can enc rypt packets befo re transm itting them across a network. Data Integrity The IPSec receiver ca n validate pack ets sent by the IPSec sender to e n sure that the data has not been altered durin g trans[...]
-
Page 207
Prestige 334W User’s Gui de Introduction to IPSec 15-3 15.2 IPSec Architecture The overall IPSec architect ure is shown as follows. Figure 15-2 IPSec Architecture 15.2.1 IPSec Algorithms The ESP (Encapsulat ing Securit y Payload) Protocol (RFC 2406) and AH (Authe ntication Heade r) protocol (RFC 2402) describe the packet formats and the default s[...]
-
Page 208
Prestige 334W User’s Gui de 15-4 Introduction to IPSec 15.2.2 Key Management Key managem ent allows you to determ ine whether to use IKE (ISAKMP) or manual key configurati on in order to set u p a VPN. 15.3 Encap sulation The two modes of ope ration for IPSec VPNs are Trans port m ode and Tunnel m ode. Figure 15-3 Transport and Tunnel Mo de IPSec[...]
-
Page 209
Prestige 334W User’s Gui de Introduction to IPSec 15-5 Inside header : The inside IP header c ontains the dest ination IP a ddress of the final system behind the VPN gatew ay. The security protocol a ppears afte r the outer IP hea der and before the inside IP header. 15.4 IPSec and NA T Read this section if you ar e running IPSec on a host co[...]
-
Page 210
[...]
-
Page 211
Prestige 334W User’s Gui de VPN Screens 16-1 Chapter 16 VPN Screens This chapter introduces the VPN Web Configurator. See the Logs chapter for information on viewing logs and the Appendices for IPSec log descriptions. 16.1 VPN/IPSec Overview Use the screens docum ented in th is chapter to configure rules for VPN connecti ons and m anage VPN conne[...]
-
Page 212
Prestige 334W User’s Gui de 16-2 VPN Screens 16.2.2 ESP (Encap sulating Secu rity Pay load) Protocol The ESP protocol (R FC 2406) pr ovides encry ption as wel l as some of t he services offe red by AH . ESP authenticating properties are limited com pared to the AH due to the non-inclusion of the IP header information during the authenticatio n pr[...]
-
Page 213
Prestige 334W User’s Gui de VPN Screens 16-3 If the remote secure gateway has a static WAN IP address, enter it in the Secure Gateway Address field. You may alternatively enter the remote secure gateway’s domain name (if it has one) in the Secure Gateway Address field. You can also enter a remote secure ga teway’s domain name in the Secure Ga[...]
-
Page 214
Prestige 334W User’s Gui de 16-4 VPN Screens Local and remote IP addresses m ust be static. Click VPN to open t he Summary screen. This is a read -only menu of your IPSec ru les (tunnels). Edit or create an IPSec rule by selecting an index number and t hen clicking Edit to configure the associated submenus. Figure 16-2 VPN: Summary The following [...]
-
Page 215
Prestige 334W User’s Gui de VPN Screens 16-5 Table 16-2 VPN: Summary LABEL DESCRIPTION Remote Addr. This is the IP address(es) of com puter(s) on the remote network behind the remote IPSec router. A single (static) IP address is displayed when the Remote Address Start and Remote Address End/Mask fields in the Rule Setup IKE (or Manual ) screen ar[...]
-
Page 216
Prestige 334W User’s Gui de 16-6 VPN Screens If the Prestige has its maxim um number of simultaneous IPSec tunnels connected to it and they all have keep alive enable d, then no ot her tunnels can ta ke a turn connecting to the Prestige bec ause the Prestige never drops the tunnels t hat are already connected. When there is outbound traffic with [...]
-
Page 217
Prestige 334W User’s Gui de VPN Screens 16-7 Use ESP security protocol (in either transpor t or tunnel m ode). Use IKE keying mode. Enable NAT traversal on both IPSec endpoints. In order for IPSec router A (see the figure) to receive a n initiating IPS ec packet from IPSec router B, set the NAT router t o forwar d UDP port 500 to IPS [...]
-
Page 218
Prestige 334W User’s Gui de 16-8 VPN Screens If you do not specify an Intranet DNS server on the remote network, then the VPN host must use IP addresses to access the compu ters on the remote net w ork. 16.8 ID T ype and Content With aggressiv e negotiati on mode (see Section 16.11.1 ), the Prestige identifies incoming SAs by ID type and content [...]
-
Page 219
Prestige 334W User’s Gui de VPN Screens 16-9 Table 16-4 Peer ID Type and Conten t Fields PEER ID TYPE CONTENT IP Type the IP address of the computer wi th which you will make the VPN connection or leave the field blank to have t he Prestige automatically use the addr ess in the Secure Gateway A ddress field. DNS Ty pe a domain name (up to 31 char[...]
-
Page 220
Prestige 334W User’s Gui de 16-10 VPN Screens Table 16-6 Mismatching ID Ty pe and Content Configuration Example PRESTIGE A PRESTIGE B Peer ID content: aa@yahoo.com Peer ID content: N/A 16.9 Pre-Shared Key A pre-shared key identifies a comm unicating party du ring a phase 1 IKE negotiati on (see Section 16. 11 for more on IKE phases). It is called[...]
-
Page 221
Prestige 334W User’s Gui de VPN Screens 16-11 Figure 16-5 VPN: Rule Setup (Basic) The following table describes the labels in this screen.[...]
-
Page 222
Prestige 334W User’s Gui de 16-12 VPN Screens Table 16-7 VPN: Rule Setup (Basic) LABEL DESCRIPTION Active Select this check bo x to activate th is VPN tunnel. This opt ion determines whether a VPN rule is applied before a packet leaves the firewall. Keep Alive Select this check box to have the Pr estige automatically re-initiate the SA after the [...]
-
Page 223
Prestige 334W User’s Gui de VPN Screens 16-13 Table 16-7 VPN: Rule Setup (Basic) LABEL DESCRIPTION DNS Server (for IPSec VPN) If there is a private DNS server that serv ices the VPN, type its IP address here. The Prestige assigns this additional DNS serv er to the Prestige’s DHCP clients that have IP addresses in this IPSec rule's range of[...]
-
Page 224
Prestige 334W User’s Gui de 16-14 VPN Screens Table 16-7 VPN: Rule Setup (Basic) LABEL DESCRIPTION Peer Content The configurat ion of the peer content d epends on the peer ID type. For IP , type the IP address of the computer with which you will make the VPN connection. If you configure this field to 0.0.0.0 or leav e it blank, the Prestige w[...]
-
Page 225
Prestige 334W User’s Gui de VPN Screens 16-15 Table 16-7 VPN: Rule Setup (Basic) LABEL DESCRIPTION Pre-Shared Key Type your pre-shared ke y in this fi eld. A pre-shared key identifies a communicating party during a phase 1 IKE negoti ation. It is called "pre-shared" becaus e you have to share it with another party before you can communi[...]
-
Page 226
Prestige 334W User’s Gui de 16-16 VPN Screens Figure 16-6 T wo Phases to Set Up the IPSec SA In phase 1 you m ust: Choose a negot iation m ode. Authenticate the connection by en tering a pre-shar ed key. Choo se an en cryption a lgorith m. Choose an authentication algorith m. Choose a D iffie-Hellman public-key cryp tography k[...]
-
Page 227
Prestige 334W User’s Gui de VPN Screens 16-17 Choose Tunnel m ode or Transport mode. Set the IPSec SA lifetime. This field allows yo u to determine how long the IPSec SA shou ld stay up before it times out. The Prestige automa tically renegotiates th e IPSec SA if there is traffic when the IPSec SA lifetim e period expires. The Prestige a[...]
-
Page 228
Prestige 334W User’s Gui de 16-18 VPN Screens 16.11.3 Perfect Forward Secrecy (PFS) Enabling PFS means that the ke y is transient. The ke y is thrown a way and replace d by a brand new key using a new Di ffie-Hellman exchange for each new I PSec SA setup. With PFS enabled, if one key is compromi sed, previous an d subseque nt keys are not comprom[...]
-
Page 229
Prestige 334W User’s Gui de VPN Screens 16-19 Figure 16-7 VPN IKE: Adv anced[...]
-
Page 230
Prestige 334W User’s Gui de 16-20 VPN Screens The following table describes the labels in this screen. Table 16-8 VPN IKE: Advanced LABEL DESCRIPTION Active Select this check box to activate this VPN policy. Keep Alive Select this check box to turn on the Keep Alive feature for this SA. Turn on Keep Alive to have the Prestige aut omatically reini[...]
-
Page 231
Prestige 334W User’s Gui de VPN Screens 16-21 Table 16-8 VPN IKE: Advanced LABEL DESCRIPTION Local Port End Enter a port number in this field to def ine a port range. This port numb er must be greater than that specified in the prev ious field (or equal to it for configuring an individual port). Remote Address Start Remote IP addresses must be st[...]
-
Page 232
Prestige 334W User’s Gui de 16-22 VPN Screens Table 16-8 VPN IKE: Advanced LABEL DESCRIPTION Local Content When you select IP in the Local ID Ty pe field, type the IP address of your computer in the local Content field. The Prestige automatic ally uses the IP address in the My IP Address field (refer to the My IP Address field description) if you[...]
-
Page 233
Prestige 334W User’s Gui de VPN Screens 16-23 Table 16-8 VPN IKE: Advanced LABEL DESCRIPTION Peer Content The configuration of t he peer content depe nds on the peer ID type. For IP , type the IP address of the computer with which you will mak e the VPN connection. If you configure this fiel d to 0.0.0.0 or leave it blank, the Prestige will u[...]
-
Page 234
Prestige 334W User’s Gui de 16-24 VPN Screens Table 16-8 VPN IKE: Advanced LABEL DESCRIPTION SA Life Time Define the length of time before an I KE SA automatically renegotiates in this field. It may range from 60 to 3,000,000 seconds (almost 35 days). A shor t SA Life Time increases securit y by forcing the two VPN gateways to update the encrypti[...]
-
Page 235
Prestige 334W User’s Gui de VPN Screens 16-25 Table 16-8 VPN IKE: Advanced LABEL DESCRIPTION Authentication Algorithm Select SHA1 or MD5 from the drop-down list box. MD5 (Message Digest 5) and SHA1 (Secure Hash Algorithm) are hash al gorithms used to authenticate packet data. The SHA1 algorithm is generall y considered stronger than MD5, but is s[...]
-
Page 236
Prestige 334W User’s Gui de 16-26 VPN Screens Current ZyXEL implement ation assumes identical outgoing and incoming SPIs. 16.14 Configuring Manual Key You only configu re VPN Manual Key when you select Manual in the IPSec Keying Mode field on the Rule Setup IKE screen. This is the Rule Se tup Manual screen as shown next.[...]
-
Page 237
Prestige 334W User’s Gui de VPN Screens 16-27 Figure 16-8 Rule Setup: Manual The following table describes the labels in this screen.[...]
-
Page 238
Prestige 334W User’s Gui de 16-28 VPN Screens Table 16-9 Rule Setup: Manual LABEL DESCRIPTION Active Select this check box to activate this VPN policy. IPSec Keying Mode Select IKE or Manual from the drop-down list box. Manual is a useful option for troubleshooting if you have p roblems using IKE key manageme nt. Protocol Number Enter 1 for ICMP,[...]
-
Page 239
Prestige 334W User’s Gui de VPN Screens 16-29 Table 16-9 Rule Setup: Manual LABEL DESCRIPTION Remote Port End Enter a port number in this field to define a port range. This port number must be greater than that specifie d in the previous field. If Remote Port Start is left at 0, Remote Port End will also remain at 0. DNS Server (for IPSec VPN) If[...]
-
Page 240
Prestige 334W User’s Gui de 16-30 VPN Screens Table 16-9 Rule Setup: Manual LABEL DESCRIPTION Authentication Algorithm Select SHA1 or MD5 from the drop-down list box. MD5 (Message Digest 5) and SHA1 (Secure Hash Algorithm) are has h al gorithms used to authenticate packet data. The SHA1 algorithm is generall y considered stronger than MD5 , but i[...]
-
Page 241
Prestige 334W User’s Gui de VPN Screens 16-31 When there is outbound traffic but no inbound traffic, the SA times out automatically af ter tw o minutes. A tunnel with no outbound or inbound traffic is "idle" and does not timeout until the SA lifetime period expires. See section 16.6 on keep alive to have the Prestige renegotiate an I PS[...]
-
Page 242
Prestige 334W User’s Gui de 16-32 VPN Screens Table 16-10 SA Monitor LABEL DESCRIPTION Previous Page (If applicable) Click Previous Page to view more items in the summary. Refresh Click Refresh to disp lay the current active VPN connection (s). Next Page (If applicable) Click Next Page to view more items in the summary. 16.16 Configuring Global S[...]
-
Page 243
Prestige 334W User’s Gui de VPN Screens 16-33 Table 16-11 VPN: Global Setting LABEL DESCRIPTION Allow Through IP/Sec Tunnel Select this check box to send NetBIOS packets through the VPN connecti on. Apply Click Apply to save your changes back to the Prestige. Reset Click Reset to begin configuring this scree n afresh. 16.17 T elecommuter VPN/IPSe[...]
-
Page 244
Prestige 334W User’s Gui de 16-34 VPN Screens Figure 16-11 Telecommuters Sharing One VPN Ru le Example 16.17.2 T elecommuters Using Unique VPN Rules Example With aggressiv e negotiati on mode (see sect ion 16.11.1 ), the Prestige can use the ID types and contents to distinguish between VPN rules. Tel ecommuters can each use a separate VPN rule to[...]
-
Page 245
Prestige 334W User’s Gui de VPN Screens 16-35 Figure 16-12 Telecommuters Using Unique VPN Rules Example[...]
-
Page 246
Prestige 334W User’s Gui de 16-36 VPN Screens 16.18 VPN and Remote Management If a VPN tu nnel uses a rem ote managem ent service port (Telnet, FT P, WWW SNMP, DNS or ICMP) a nd terminates at the Prestige’s LAN or WA N port , configure rem ote managem ent ( REMOTE MG NT ) to allow access for that service. If the VPN tunnel terminates at the Pre[...]
-
Page 247
Logs, Media Bandwidth Manag ement and Maintenance VI Part VI: Logs, Media Bandwidth Management and Maintenance This part covers the cent ralized logs, media bandwid th management and mainte nance screens.[...]
-
Page 248
[...]
-
Page 249
Prestige 334W User’s Gui de Centralized Logs 17-1 Chapter 17 Centralized Logs This chapter contains info rmation about configurin g general log settings and viewing the Prestige’ s logs. Refer to the appendices for exampl e log message explanatio ns. 17.1 V iew Log The web configurator allows you to look at all of the Prestige’s logs in one l[...]
-
Page 250
Prestige 334W User’s Gui de 17-2 Centralized Logs Table 17-1 View Logs LABEL DESCRIPTION Display The categories that you select in the Log Settings page (see section 17.2 ) display in the drop-down list box. Select a category of logs to view; select A ll Logs to view logs from all of the log categories that you selected in the Log Settings page. [...]
-
Page 251
Prestige 334W User’s Gui de Centralized Logs 17-3 Figure 17-2 Log Settings[...]
-
Page 252
Prestige 334W User’s Gui de 17-4 Centralized Logs The following table describes the labels in this screen. Table 17-2 log Settings LABEL DESCRIPTION Address Info Mail Server Enter the server name or the IP addr ess of the mail server for the e-mail address es specified below. If this field is left blank, logs and alert messages will not be sent v[...]
-
Page 253
Prestige 334W User’s Gui de Centralized Logs 17-5 Table 17-2 log Settings LABEL DESCRIPTION Log Schedule T his drop-down menu is used to configure the frequency of log messages being sent as E-mail: • Daily • Weekly • Hourly • When Log is Full • None. If you select Weekly or Daily , specify a time of day when the E-mail should be sent. [...]
-
Page 254
[...]
-
Page 255
Prestige 334W User’s Gui de Media Bandwidth Management 18-1 Chapter 18 Media Bandwidth Management This chapter contains info rmation about conf iguring media bandwi dth management, editing rules and viewing the Prestige’ s media bandwidth management logs. 18.1 Bandwid th Management Overview ZyXEL’s Medi a Bandwidth Management al lows you to s[...]
-
Page 256
Prestige 334W User’s Gui de 18-2 Media Bandwidth Management Figure 18-1 Application-based Band width Management Example 18.1.2 Subnet-based Bandwid th Management Example The following exam ple uses bandwidt h rules based sole ly on LAN subnets. Each bandwidth rule ( Subnet A and Subnet B) is allotted 320 Kbps. Figure 18-2 Subnet-based Band w idth[...]
-
Page 257
Prestige 334W User’s Gui de Media Bandwidth Management 18-3 Figure 18-3 Application and Subnet-based Bandwidth Management Example 18.1.4 Bandwid th Usage Example Here is an exa mple of a Prest ige that has ba ndwidth usa ge enabled on an interface . The first fi gure shows each bandwidth rule’s bandwid th budget. The rules are set up based on s[...]
-
Page 258
Prestige 334W User’s Gui de 18-4 Media Bandwidth Management The following fig ure shows the bandwidth usa ge with the maxim ize bandwidth usage option enabled. The Prestige divide s up the unbudgeted 64 Kbps among the rules that require more bandwidth. If the administ ration departm ent only uses 32 Kbps of the budgete d 64 Kbps, t he Prestige al[...]
-
Page 259
Prestige 334W User’s Gui de Media Bandwidth Management 18-5 Table 18-2 Media Band width Management Priorities Priority Levels: Traffic with a higher priority gets through faster while traffic with a lo wer priority is dropped if the net work is congested. High Typically used for voice traffic or video that is especiall y sensitive to jitter (jitt[...]
-
Page 260
Prestige 334W User’s Gui de 18-6 Media Bandwidth Management eMule/eDonkey These programs use adva nced file sharing applications relying on ce ntral servers to searc h for files. They use default port 4662. WWW The World Wi de Web is an I nternet system to distribute graphical, hy per-linked informat ion, based on Hyper Text Transfer Prot[...]
-
Page 261
Prestige 334W User’s Gui de Media Bandwidth Management 18-7 Table 18-3 Commonly Used Serv ices SERVICE DESCRIPTION HTTP(T CP:80) Hyper Text T r ansfer Protocol - a client/server protocol for the world wide web. HTTPS(TCP:443) HT TPS is a secured http session often used i n e-commerce. ICQ(UDP:4000) This is a popular Internet chat program. IKE(UDP[...]
-
Page 262
Prestige 334W User’s Gui de 18-8 Media Bandwidth Management Table 18-3 Commonly Used Serv ices SERVICE DESCRIPTION REXEC(TCP:514) Remote Execution Daemon. RLOGIN(TCP:513) Remote Login. RTELNET(TCP:107) Remote Telnet. RTSP(TCP/UDP:554) The Real Time Streaming (medi a control) Protocol (RT SP) is a remote control for multimedia on the Internet. SFT[...]
-
Page 263
Prestige 334W User’s Gui de Media Bandwidth Management 18-9 Figure 18-6 Bandwidth Management Configuration[...]
-
Page 264
Prestige 334W User’s Gui de 18-10 Media Bandwidth Management The following table describes the labels in this screen. Table 18-4 Bandwidth Management Configuration LABEL DESCRIPTION Active Select this check box to have the Prestige apply bandwidth management. Enable bandwidth managem ent to give traffic that matches a bandwidth rule priority over[...]
-
Page 265
Prestige 334W User’s Gui de Media Bandwidth Management 18-11 18.3 Editing Bandwid th Management Rules Use the Bandwidth Manage ment Configuration Edi t screen to configure a ba ndwidth m anagement rule . Use bandwidth rules to all ocate specific amounts of ba ndwidth capacity (bandwidth budge ts) to specific applications a nd/or subnets. 18.3.1 B[...]
-
Page 266
Prestige 334W User’s Gui de 18-12 Media Bandwidth Management Table 18-5 Bandwidth Management Edit LABEL DESCRIPTION Active Select this check box to have the Pr estige apply this band width management rule. Enable a bandwidth managem ent rule to give tr affic that matches the rule priority over traffic that does not match the rule. Rule Name Use t[...]
-
Page 267
Prestige 334W User’s Gui de Media Bandwidth Management 18-13 Table 18-5 Bandwidth Management Edit LABEL DESCRIPTION Protocol Enter the protocol (service type) numbe r, for example: 1 for ICMP, 6 for TCP or 17 for UDP. Apply Click Apply to save your customized settings and exit this screen. Reset Click Reset to beg in configuring this screen afres[...]
-
Page 268
Prestige 334W User’s Gui de 18-14 Media Bandwidth Management Figure 18-8 Bandwidth Management Monitor[...]
-
Page 269
Pres tige 334W User’s Guide Maintenance 19-1 Chapter 19 Maintenance This chapter displays system information such as ZyNOS firmware, port IP addresses and port traffic statistics. 19.1 Maintenance Overview The maintenance scree ns can help y ou view system info rmat ion, upload new fi rmware, manage con figuration and restart your Pr estige. 19.2[...]
-
Page 270
Prestige 334W User’s Gui de 19-2 Maintenance Table 19-1 Maintenance Statu s LA BE L DESCRIPTION Syst em Name This is the Sy stem Name you chose in the first Internet Access Wizard screen. It is for identification purposes Model Name The model name identifies your dev ice type. The model na me should also be on a sticker on your Prestige. If you a[...]
-
Page 271
Pres tige 334W User’s Guide Maintenance 19-3 Figure 19-2 Maintenance System Statistics The following table describes the labels in this screen. Table 19-2 Maintenance Sy stem Statistics LA BE L DESCRIPTION Port This is the WAN, LAN or WLAN port. Status This displays the port speed and duplex setting if you're usi ng Ethernet encapsulation an[...]
-
Page 272
Prestige 334W User’s Gui de 19-4 Maintenance 19.3 DHCP T able Screen DHCP (Dynamic Ho st Configuration Protoco l, RFC 2131 and RFC 2132) allows indiv idual clients to obtain TCP/IP config uration at start- up from a serv er. You can confi gure the Prestige as a DHCP serve r or disable it. When configur ed as a s erver, th e Prestig e provid es th[...]
-
Page 273
Pres tige 334W User’s Guide Maintenance 19-5 Table 19-3 Maintenance DHCP Table LABEL DESCRIPTION Refresh Click Refresh to renew the screen. 19.4 Any IP T able Click MAINTENANCE , Any IP Table . T he Any IP t able shows cu rrent read-o nly infor mation (incl uding the IP address and the MAC addr ess) of all network de vices that use the Any IP fea[...]
-
Page 274
Prestige 334W User’s Gui de 19-6 Maintenance Figure 19-5 Maintenance Association List The following table describes the labels in this screen. Table 19-5 Maintenance Asso ciation List LA BE L DESCRIPTION # This is the index number of an associated wireless station. MAC Address This field displays the MAC address of an associated wireless station.[...]
-
Page 275
Pres tige 334W User’s Guide Maintenance 19-7 The following table describes the labels in this screen. Table 19-6 Maintenance Fi rmware Upload LA BE L DESCRIPTION File Path Type in the location of the file you want to upload in this field or click Browse ... to find it. Browse... Click Browse... to find the .bin file you want to upl oad. Remember [...]
-
Page 276
Prestige 334W User’s Gui de 19-8 Maintenance If the upload was not successful, the fo llowing sc reen will appear. Click Return to go back to the F/W Upload screen. Figure 19-9 Upload Error Message 19.7 Configuration Screen See the Firmware and Configuration File Maintenance chapter for tran sferri ng config uration files usin g FTP/TFTP commands[...]
-
Page 277
Pres tige 334W User’s Guide Maintenance 19-9 Figure 19-10 Maintenance Con figuration 19.7.1 Backup Configuration Backup config uration allows you to back up (save) th e Prestige’s current c onfigur ation to a file on your computer. Once your Prestige is co nfigu red and fu nctioning pr operly, it is highly rec ommended that you back up your c o[...]
-
Page 278
Prestige 334W User’s Gui de 19-10 Maintenance Table 19-7 Maintenance Res tore Configuration LA BE L DESCRIPTION File Path Type in the location of the file you want to upload in this field or click Browse ... to find it. Browse... Click Browse... to find the file yo u want to upload. Remember that you must decompress compressed (.ZIP) files bef or[...]
-
Page 279
Pres tige 334W User’s Guide Maintenance 19-11 Figure 19-13 Configurati on Restore Error 19.7.3 Back to Factory Default s Pressing the Reset button in this section clears all user-enter ed configuration information and returns the Prestige to its factory defaults as shown on the screen. The fo llowing warning screen will appear. Figure 19-14 Facto[...]
-
Page 280
Prestige 334W User’s Gui de 19-12 Maintenance Figure 19-15 System Res tart[...]
-
Page 281
SMT General Configuration VII Part VII: SMT General Configuration This part covers System Manag ement T e rminal co nfiguration for general setup, W AN setup, LAN setup, WLAN setup, Internet access, remote node, static route, NA T and enabling the firewall. See the web configurator parts o f this guide for background information on features configu[...]
-
Page 282
[...]
-
Page 283
Prestige 334W User’s Gui de Introducing the SMT 20-1 Chapter 20 Introducing the SMT This chapter explains how to access and navigate the System Management Terminal and gives an overview of its menus. 20.1 SMT Introduction T he Prestige’s SMT (System Management Term inal) is a menu-driven interface t hat you can access from a terminal emulator t[...]
-
Page 284
Prestige 334W User’s Gui de 20-2 Introducing the SMT Please note that if there is no activity for longer than five minutes after you log in, your Prestige will automatically log you out. Figure 20-1 Login Screen 20.1.4 Prestige SM T Menu Overview The following fig ure gives you an overvi ew of the various SMT me nu screens of your Prestige. Enter[...]
-
Page 285
Prestige 334W User’s Gui de Introducing the SMT 20-3 Figure 20-2 SMT Menu Ov erview 20.2 Navigating the SMT Interface The SMT (System Management Terminal) is the inte rface that you use t o co nfigure your Pr estige. Several operations that you should be familiar with before you attempt to modify the configuration are listed in the table below.[...]
-
Page 286
Prestige 334W User’s Gui de 20-4 Introducing the SMT Table 20-1 Main Menu Commands OPERATION KEYSTROKE DESCRIPTION Move down to another menu [ENTER] To move forward to a submenu, type in the number of the desired submenu and press [ENTER]. Move up to a previous menu [ESC] Press [ESC] to move back to the previous m enu. Move to a “hidden” menu[...]
-
Page 287
Prestige 334W User’s Gui de Introducing the SMT 20-5 Figure 20-3 SMT Main Menu 20.2.1 System Management T erminal Interface Summar y Table 20-2 Main Menu Summary # MENU TITLE DESCRIPTION 1 General Setup Use this menu to set up your general inform ation. 2 WAN Setup Use this menu to clone a MA C address from a computer on your LAN. 3 LAN Setup Use[...]
-
Page 288
Prestige 334W User’s Gui de 20-6 Introducing the SMT Table 20-2 Main Menu Summary # MENU TITLE DESCRIPTION 24 System Maintenance This menu pro vides system status, diagnostics, software upload, etc. 26 Schedule Setup Use this menu to schedule outgoing calls. 27 VPN/ IPSec Setup Use this men u to configure VPN connection s. 99 Exit Use this to exi[...]
-
Page 289
Prestige 334W User’s Gui de Menu 1 General Setup 21-1 Chapter 21 Menu 1 General Setup Menu 1 - General Setup contains administrative and system-related information. 21.1 General Setup Menu 1 — General Se tup contains a dministrat ive and system -related in formation (s hown next ). The System Name fiel d is for iden tification purp oses. Howeve[...]
-
Page 290
Prestige 334W User’s Gui de 21-2 Menu 1 General Setup Figure 21-1 Menu 1 General Setup Step 2. Fill in the required fields. Refer to the table shown nex t for more information about these fields. Table 21-1 Menu 1 General Setup FIELD DESCRIPTION EXAMPLE System Name Choose a descriptive n a me for identification purposes. It is recommended you ent[...]
-
Page 291
Prestige 334W User’s Gui de Menu 1 General Setup 21-3 Table 21-1 Menu 1 General Setup FIELD DESCRIPTION EXAMPLE First System DNS Server Second System DNS Server Third System DNS Server DNS (Domain Name System) is for mapping a domain name to its corresponding IP address and vice versa. T he DNS server is extremely important becaus e without it, y[...]
-
Page 292
Prestige 334W User’s Gui de 21-4 Menu 1 General Setup Figure 21-2 Menu 1.1 Configure Dy namic DNS Follow the instructions in the next tabl e to configure Dynamic DNS parame ters. Table 21-2 Menu 1.1 Configure Dy namic DNS FIELD DESCRIPTION EXAMPLE Service Provider This is the name of your Dynamic DNS servic e provider. WWW.DynDNS.ORG (default) Ac[...]
-
Page 293
Prestige 334W User’s Gui de Menu 1 General Setup 21-5 Table 21-2 Menu 1.1 Configure Dy namic DNS FIELD DESCRIPTION EXAMPLE Offline T his field is only availabl e when CustomDNS is selected in the DDNS Type field. Press [SPACE BAR] and then [ENTER] to select Yes . When Yes is selected, http://www.dyndns.org/ traffic is redirected to a URL that you[...]
-
Page 294
[...]
-
Page 295
Prestige 334W User’s Gui de Menu 2 WAN Setup 22-1 Chapter 22 Menu 2 WAN Setup This chapter describes how to configure the WAN using menu 2. 22.1 Introduction to W AN This chapte r explains how to confi gure settings for your WAN port. 22.2 W AN Setup From the m ain menu, e nter 2 to open menu 2. Figure 22-1 Menu 2 WAN Setup The following table de[...]
-
Page 296
Prestige 334W User’s Gui de 22-2 Menu 2 WAN Setup Table 22-1 Menu 2 WAN Setup FIELD DESCRIPTION When you have compl eted this menu, press [ENTER] at the prompt “Press ENTER to Confirm…” to save your configuration, or press [ESC] at an y time to cancel.[...]
-
Page 297
Prestige 334W User’s Gui de Menu 3 LAN Setup 23-1 Chapter 23 Menu 3 LAN Setup This chapter covers how to configure your wired Local Area Network (LAN) settings. 23.1 LAN Setup This section describes how to configure the Ethern et using Menu 3 — LAN Setup . From the main m enu, enter 3 to displ ay menu 3. Figure 23-1 Menu 3 LAN Setup 23.1.1 Gene[...]
-
Page 298
Prestige 334W User’s Gui de 23-2 Menu 3 LAN Setup 23.2 Protocol Dependent Ethernet Setup Depending on the protoc ols for your ap plications, yo u need to configure the respective Et hernet Setup, a s outlined b elow. For TCP/IP Ethernet setup refer to the Internet Access Application chap ter. For brid ging Ether net setup refer t o the Br[...]
-
Page 299
Prestige 334W User’s Gui de Menu 3 LAN Setup 23-3 Table 23-1 Menu 3.2: DHCP Ethernet Setup Fields FIELD DESCRIPTION EXA MPLE Client IP Pool: Starting Address This field specifies the first of the contiguous addresses in th e IP address pool. 192.168.1.33 Size of Client IP Pool This field specifies the size, or count of the IP address p ool. 128 F[...]
-
Page 300
Prestige 334W User’s Gui de 23-4 Menu 3 LAN Setup Table 23-2 Menu 3.2: LAN TCP/IP Setup Fields FIELD DESCRIPTION EXAMPLE TCP/IP Setup: IP Address Enter the IP address of your Prestige i n dotted decimal notation 192.168.1.1 (default) IP Subnet Mask Your Prestige will automatic ally calculate the subnet mask based on the IP address that you assi g[...]
-
Page 301
Prestige 334W User’s Gui de Menu 3 LAN Setup 23-5 Figure 23-4 Physical Network & Partitioned Logic al Networks You must use menu 3. 2 to configu re the firs t network. M ove the curs or to the Edit IP Alias field, press [SPACE BAR] to choose Yes and press [ENTER] to configure the second an d third network. Press [ENTER] to open Menu 3.2.1 - I[...]
-
Page 302
Prestige 334W User’s Gui de 23-6 Menu 3 LAN Setup Table 23-3 Menu 3.2.1: IP Alias Setup FIELD DESCRIPTION EXAMPLE IP Alias 1, 2 Choose Yes to configure the LAN net work for the Prestige. Yes IP Address Enter the IP address of your Pr estige in dotted decim al notation. 192.168.1.1 IP Subnet Mask Your Prestige will automatic ally calculate the sub[...]
-
Page 303
Prestige 334W User’s Gui de Menu 3 LAN Setup 23-7 Figure 23-6 Menu 3.5 Wireless L AN Setup The following table describes the fields in this menu. Table 23-4 Menu 3.5 Wireless LAN Setup FIELD DESCRIPTION EXAMPLE ESSID The ESSID (Extended Service Set IDentit y) identifies the AP to which the wireless stations associate. Wireless stations associatin[...]
-
Page 304
Prestige 334W User’s Gui de 23-8 Menu 3 LAN Setup Table 23-4 Menu 3.5 Wireless LAN Setup FIELD DESCRIPTION EXAMPLE WEP Select Disable to allow wireless stations to communicate with the access points without any data encr yption. Select 64-bit WEP or 128-bit WEP to enable data e ncryption. Disable Default Key Enter the key number (1 to 4) in this [...]
-
Page 305
Prestige 334W User’s Gui de Menu 3 LAN Setup 23-9 Table 23-4 Menu 3.5 Wireless LAN Setup FIELD DESCRIPTION EXAMPLE When you have compl eted this menu, press [ENTER] at the prompt “Press ENTER to confirm or ESC to cancel” to save your configuration or press [E SC] to cancel and go back to the prev ious screen. 23.4.1 Configuring MAC Address Fi[...]
-
Page 306
Prestige 334W User’s Gui de 23-10 Menu 3 LAN Setup Figure 23-8 Menu 3.5.1 WLAN M AC Address Filter The following table describes the fields in this menu. Table 23-5 Menu 3.5.1 WLAN M AC Address Filter FIELD DESCRIPTION Active To enable MAC address filter ing, press [SPACE BAR] to select Yes and press [ENTER]. Filter Action Define the filter ac ti[...]
-
Page 307
Prestige 334W User’s Gui de Menu 3 LAN Setup 23-11 Table 23-5 Menu 3.5.1 WLAN M AC Address Filter FIELD DESCRIPTION MAC Address Filter 1..32 Enter the MAC addresses (in XX: XX:XX:XX:XX: XX format) of the client computers that ar e allowed or denied access to the Prestige i n these address fields. When you have compl eted this menu, press [ENTER] [...]
-
Page 308
Prestige 334W User’s Gui de 23-12 Menu 3 LAN Setup Figure 23-10 Menu 3.5.2 Roaming Configuration The following table describes the fields in this menu. Table 23-6 Menu 3.5.2 Roaming Confi guration FIELD DESCRIPTION Active Press [SPACE BAR] and then [ENTER] to select Yes to enable roamin g on the Prestige if you have two or more Prestige’s on th[...]
-
Page 309
Prestige 334W User’s Gui de Internet Access 24-1 Chapter 24 Internet Access This chapter sho ws you how to config ure your Prestige for Internet access . 24.1 Introduction to Internet Access Setup Use information from your ISP along w ith the instructions in this cha pte r to set up your Pr estige to access the Internet. The re are three dif fere[...]
-
Page 310
Prestige 334W User’s Gui de 24-2 Internet Access Table 24-1 Menu 4: Internet Acces s Setup (Ethernet) FIELD DESCRIPTION ISP’s Name Enter the nam e of your Internet Serv ice Provider, e.g., myISP. This information is for identification purposes only. Encapsulation Press [SPACE BAR] and then press [ENTER] to choose Ethernet . The encapsulation me[...]
-
Page 311
Prestige 334W User’s Gui de Internet Access 24-3 Table 24-1 Menu 4: Internet Acces s Setup (Ethernet) FIELD DESCRIPTION Network Address Translation Network Address Translation (NAT ) allows the translation of an Internet protocol address used within one net work (for example a private IP address used in a local network) to a different IP address [...]
-
Page 312
Prestige 334W User’s Gui de 24-4 Internet Access Figure 24-2 Internet Access Setup (PPTP) The following table contains instructions about the new fi elds when y ou choose PPTP in the Encapsulation field in m enu 4. Table 24-2 New Fields in Menu 4 (PPTP) Screen FIELD DESCRIPTION EXAMPLE Encapsulation Press [SPACE BAR] and the n press [ENTER] to ch[...]
-
Page 313
Prestige 334W User’s Gui de Internet Access 24-5 Figure 24-3 Internet Access Setup (PPPoE) The following table contains instructions about the new fi elds when y ou choose PPPoE in the Encapsulation fiel d in menu 4. Table 24-3 New Fields in Menu 4 (PPPoE) screen FIELD DESCRIPTION EX AMPLE Encapsulation Press [SPACE BAR] and then press [ENTER] to[...]
-
Page 314
Prestige 334W User’s Gui de 24-6 Internet Access You may deact ivate the firew all in menu 2 1.2 or via the P restige em bedded web confi gurator. You m ay also define additional firewall rules or modify existing ones but please exercise extrem e caution in doing so. See the chapters on firewall for more inf ormation on the firewall.[...]
-
Page 315
Prestige 334W User’s Gui de Remote Node Configuration 25-1 Chapter 25 Remote Node Configuration This chapter covers remote node configuration. 25.1 Introduction to Remote Node Setup A remote node is required for placing calls to a remote gateway. A remote node represents both the remote gateway and th e network behi nd it across a WAN connect ion[...]
-
Page 316
Prestige 334W User’s Gui de 25-2 Remote Node Configuration Figure 25-1 Menu 11.1 Remote Node Profile for Etherne t Encapsulation The following table describes the fields in this menu. Table 25-1 Menu 11.1 Remote Node Profile for Eth ernet Encapsulation FIELD DESCRIPTION EXAMPLE Rem Node Name Enter a descriptive name for the remote node. This fiel[...]
-
Page 317
Prestige 334W User’s Gui de Remote Node Configuration 25-3 Table 25-1 Menu 11.1 Remote Node Profile for Eth ernet Encapsulation FIELD DESCRIPTION EXAMPLE My Password Enter the password assigned b y your ISP when the Prestige calls this remote node. Valid for PPPoE encapsul ation only. ***** Retype to Confirm Type your pass word again to make sure[...]
-
Page 318
Prestige 334W User’s Gui de 25-4 Remote Node Configuration 25.2.2 PPPoE Encapsulation The Prestige s upports PPPoE (Point-to- Point Prot ocol over Ether net). You ca n only use PPP oE encapsul ation when you’re using the Prestige with a DSL modem as the WA N device. I f you change the Encapsulati on to PPPoE, then you will see the next screen. [...]
-
Page 319
Prestige 334W User’s Gui de Remote Node Configuration 25-5 The second is that the Prestige will try to bring up the connection when turned on and whenev er the connection is down. A nail ed-up connection can be very expensive for ob vious reasons. Do not specify a nailed-up connection unless your telephone company offers flat- rate service or you[...]
-
Page 320
Prestige 334W User’s Gui de 25-6 Remote Node Configuration 25.2.3 PPTP Encap sulation If you change t he Encapsulation to PPTP in menu 11.1, then you will see the next screen. Please see the appendix for i nformati on on PPTP. Figure 25-3 Menu 11.1 Remote Node Profile for PPTP Encaps ulation The next table shows how to configure fields in menu 11[...]
-
Page 321
Prestige 334W User’s Gui de Remote Node Configuration 25-7 25.3 Edit IP Move the cur sor to the Edit IP fiel d in menu 11.1, then p ress [SPACE BAR] to select Yes . Press [ENTER] to open Menu 11.3 - Remote Node Networ k Layer Options . Figure 25-4 Menu 11.3 Remote Node Net work Layer Options for Ethernet Encapsulation This menu displays the My WA[...]
-
Page 322
Prestige 334W User’s Gui de 25-8 Remote Node Configuration Table 25-4 Remote Node Net work Layer Options FIELD DESCRIPTION EXAMPLE My WAN Addr This field is applicable to PPPoE and PPTP encapsulations only. Some implementations, especiall y the UNIX der iv atives, require the WAN link to have a separate IP network number from the LAN and each end[...]
-
Page 323
Prestige 334W User’s Gui de Remote Node Configuration 25-9 Table 25-4 Remote Node Net work Layer Options FIELD DESCRIPTION EXAMPLE Multicast IGMP (Internet Group Multicast Prot ocol) is a network-layer protocol used to establish membership in a Multic ast group. The Prestige supports both IGMP version 1 ( IGMP-v1 ) and version 2 ( IGMP-v2 ) . Pre[...]
-
Page 324
Prestige 334W User’s Gui de 25-10 Remote Node Configuration Figure 25-6 Menu 11.5: Remote Node Filter (PPPoE or PPTP Encapsulation) 25.4.1 T raffic Redirect Setup Configure parameters that determine when the Pres tige will forward WAN traffic to the backup gateway using Menu 11.6 — Traffic Redirect Setup . Figure 25-7 Menu 11.6: Traffic Redirec[...]
-
Page 325
Prestige 334W User’s Gui de Remote Node Configuration 25-11 Table 25-5 Menu 11.6: Traffic Redirect Setup FIELD DESCRIPTION EXAMPLE Configuration: Backup Gateway IP Address Enter the IP address of your backup gateway in dotted deci mal notation. The Prestige automatically forwards traffic to this IP address if the Prestige’s Internet connection [...]
-
Page 326
[...]
-
Page 327
Prestige 334W User’s Gui de Static Route Setup 26-1 Chapter 26 Static Route Setup This chapter shows how to setup IP static routes. 26.1 IP S tatic Route Setup Step 1. To configure an IP static route, use Menu 1 2 – Static Routing S etup (shown next). Figure 26-1 Menu 12 IP Static Route Setup Step 2. Now, type the route num ber of a stat ic rou[...]
-
Page 328
Prestige 334W User’s Gui de 26-2 Static Route Setup Figure 26-2 Menu12.1 Edit IP Static Route The following table describes the fields for Menu 12.1 – Edit IP Static Route Setup . Table 26-1 Menu12.1 Edit IP Static Route FIELD DESCRIPTION Route # This is the inde x number of the static route that y ou chose in menu 12.1. Route Name Type a descr[...]
-
Page 329
Prestige 334W User’s Gui de Static Route Setup 26-3 Table 26-1 Menu12.1 Edit IP Static Route FIELD DESCRIPTION Private This parameter determine s if the Prestige will include the route to this remote node in its RIP broadcasts. If set to Yes , this route is kept private and is not included in RIP broadcasts. If No , the route to this remote node [...]
-
Page 330
[...]
-
Page 331
Prestige 334W User’s Gui de Dial-in User Setup 27-1 Chapter 27 Dial-in User Setup This chapter shows you how to create user accounts on the ZyAIR. 27.1 Dial-in User Setup By storing user profiles locally, your ZyAIR is able to authenticate wireless users without interacting with a network RAD IUS server. Follow the steps below to set up user pro [...]
-
Page 332
Prestige 334W User’s Gui de 27-2 Dial-in User Setup The following table describes the fields in this screen. Table 27-1 Menu 14.1- Edit Dial-in User FIELD DESCRIPTION User Name Enter a usern ame up to 31 alphanumer ic characters long for this user profile. This field is case sensitive. Active Press [SPACE BAR] to select Yes and press [ENT ER] to [...]
-
Page 333
Prestige 334W User’s Gui de NAT 28-1 Chapter 28 Network Address Translation (NAT) This chapter discusses ho w to configure NAT on the Prestige. 28.1 Using NA T You must create a fire w all rule in addition to setting up SUA/ NAT, to allow traffic from the WAN to be forwarded through the Presti ge. 28.1.1 SUA (Single User Account) V ersus NA T SUA[...]
-
Page 334
Prestige 334W User’s Gui de 28-2 NAT Figure 28-1 Menu 4 Apply ing NAT for Internet Access The following fig ure shows how you apply NAT to the rem ote node in menu 11.1. Step 1. Enter 11 from the mai n menu. Step 2. When menu 11 ap pears, as shown i n the foll owing figure, t ype the num ber of the rem ote node that you want to conf igure. Step 3[...]
-
Page 335
Prestige 334W User’s Gui de NAT 28-3 Figure 28-2 Menu 11.3 Apply ing NAT to the Remote Node The following table describes the op tions for Network Address Translation. Table 28-1 Applying NAT in Menus 4 & 11.3 FIELD DESCRIPTION EX AMPLE Press [SPACE BAR] and then [ENTER] to select Full Feature if you have multiple public WAN IP address es for[...]
-
Page 336
Prestige 334W User’s Gui de 28-4 NAT configurator screens for f urther info rmation on these menus. T o configure NAT, enter 1 5 from the m ain menu to bring up the following screen. Figure 28-3 Menu 15 NAT Setup 28.3.1 Address Mapping Set s Enter 1 to brin g up Menu 15.1 — Address Mapping Sets . Figure 28-4 Menu 15.1 Address Map ping Sets SUA [...]
-
Page 337
Prestige 334W User’s Gui de NAT 28-5 Figure 28-5 Menu 15.1.255 SUA Addr ess Mapping Rules The following table explains the fields in this menu. Menu 15.1.255 is read-only. Table 28-2 SUA Address Mapping Rules FIELD DESCRIPTION EXAMPLE Set Name This is the name of the set you selected in m enu 15.1 or enter the name of a new set you want to create[...]
-
Page 338
Prestige 334W User’s Gui de 28-6 NAT Table 28-2 SUA Address Mapping Rules FIELD DESCRIPTION EXAMPLE When you have compl eted this menu, press [ENTER] at the prompt “Press ENTER to confirm or ESC to cancel” to save your configuration or press [E SC] to cancel and go back to the prev ious screen. User-Defined Address Mapping Sets Now let’s lo[...]
-
Page 339
Prestige 334W User’s Gui de NAT 28-7 ignored. If there are any empty rules before your new co nfigured ru le, your configur ed rule will be pushed u p by that number of empty rules. Fo r example, if you have already configured rules 1 to 6 in your current set and now you configur e rule number 9. In the set summary screen, the new rule will be ru[...]
-
Page 340
Prestige 334W User’s Gui de 28-8 NAT Figure 28-7 Menu 15.1.1.1 Editing/Co nfiguring an Individual Rule in a Set The following table explains the fields in this menu. Table 28-4 Menu 15.1.1.1 Editing/Conf iguring an Individual Rule in a Set FIELD DESCRIPTION EXAMPLE Type Press [SPACE BAR] and the n [ENTER] to select from a total of five types. The[...]
-
Page 341
Prestige 334W User’s Gui de NAT 28-9 28.4 Configuring a Server behind NA T Follow these steps to c onfigure a server behind NAT: Step 1. Enter 15 in the main menu to go to Menu 15 - NAT Setup. Step 2. Enter 2 to displ ay Menu 15.2 - NAT Server Setup as sho wn next. Figure 28-8 Menu 15.2.1 NAT Serv er Setup Step 3. Enter a port number in an unused[...]
-
Page 342
Prestige 334W User’s Gui de 28-10 NAT Figure 28-9 Multiple Servers Behind NAT Ex ample 28.5 General NA T Examples The following are some exampl es of NAT configurati on. 28.5.1 Example 1: Internet Access Onl y In the following Internet access exam pl e, you only need one rule where the ILAs (Inside Local Addresses) of computers A thro ugh D map t[...]
-
Page 343
Prestige 334W User’s Gui de NAT 28-11 Figure 28-11 Menu 4 Internet Access & NAT Example From m enu 4, choose t he SUA Onl y option from the Network Address Translation field. This is the Many-to-One m apping discussed in secti on 28.5. The SUA O nly read-only optio n from the Network Address Translation field in menus 4 and 11.3 is specifical[...]
-
Page 344
Prestige 334W User’s Gui de 28-12 NAT Figure 28-13 Menu 15.2.1 Specifying an Inside Server 28.5.3 Example 3: Multip le Public IP Addresses With Inside Servers In this exam ple, there are 3 IGAs from our ISP. T here are many depa rtments but two have t heir own F TP server. All departments share the same router. The ex ample will reserve one IGA f[...]
-
Page 345
Prestige 334W User’s Gui de NAT 28-13 Figure 28-14 NAT Example 3 Step 1. In this case you need t o configure Address Mappi ng Set 1 from Menu 15.1 - Address Mapping Sets. Therefore you must choose the Full Feature option from the Network Address Translation field (in m enu 4 or m enu 11.3) in Figure 28-15 . Step 2. Then enter 15 f rom the m ain m[...]
-
Page 346
Prestige 334W User’s Gui de 28-14 NAT Figure 28-15 Example 3: Menu 11.3 The following figu res show how to conf igure the first rule. Figure 28-16 Example 3: Menu 15.1.1.1 Menu 15.1.1.1 Address Mapping Rule Type= One-to-One Local IP: Start= 192.168.1.10 End = N/A Global IP: Start= 10.132.50.1 End = N/A Press ENTER to Confirm or ESC to Cancel: Pre[...]
-
Page 347
Prestige 334W User’s Gui de NAT 28-15 Figure 28-17 Example 3: Final Menu 15.1.1 Now conf igure th e IGA3 to map to our web serv er and mail serv er on the LAN. Step 8. Enter 15 from the mai n menu. Step 9. Enter 2 in Menu 15 - NAT Setup . Step 10. Enter 1 in Menu 15.2 - NAT Server Setup to see the following m enu. Confi gure it as sh own. Menu 15[...]
-
Page 348
Prestige 334W User’s Gui de 28-16 NAT Example 3: Menu 15.2 28.5.4 Example 4: NA T Unfr iendly Application Programs Some applications do not support NAT Mapping using TCP or UDP port address translation. In this case it is better to use Many-to-Many No Ov erload mapping as po rt numbers do not chang e for Many-to-Many No Overload (and One-to-One )[...]
-
Page 349
Prestige 334W User’s Gui de NAT 28-17 Other applications such as some ga ming programs are NAT unfriendly because they embed addressing information in the data stream. These applications won’t work through NAT even when using One-to -One and Many-to-Many No Overload mapping types. Follow the steps outlined in example 3 to configure these two me[...]
-
Page 350
Prestige 334W User’s Gui de 28-18 NAT 28.6 Configuring T rigger Port Forwarding Only one LAN computer can use a trigger port (range) at a time. Enter 3 i n menu 15 t o displa y Menu 15.3 — Trigger Port Setup , show n next. Figure 28-21 Menu 15.3 Trigger Port Setup The following table describes the fields in this screen. Table 28-5 Menu 15.3 Tri[...]
-
Page 351
Prestige 334W User’s Gui de NAT 28-19 Table 28-5 Menu 15.3 Trigger Port Setup FIELD DESCRIPTION EXAMPLE End Port Enter a port number or the ending port number in a range of port numbers. 7070 Press [ENTER] at the message “Press EN TER to Confirm...” to save your configuration, or press [ESC] at any time to cancel.[...]
-
Page 352
[...]
-
Page 353
Prestige 334W User’s Gui de Enabling the Firewall 29-1 Chapter 29 Enabling the Firewall This chapter show s you how to get started with the Prestige firewall. 29.1 Remote Management and the Firewall When SMT menu 24.11 is co nfigured to all ow managem ent (see the Remote Managemen t chapter) and the firewall is enabled: • The firewall blocks re[...]
-
Page 354
Prestige 334W User’s Gui de 29-2 Enabling the Firewall Figure 29-1 Menu 21.2 Fire wall Setup Use the web configurator or the com mand interpreter to configure the fire wall rules. Menu 21.2 - Firewall Setup The firewall protects against Denial of Service (DoS) attacks when it is active. Your network is vulnerable to attacks when the firewall is t[...]
-
Page 355
SMT Advanced Management VIII Part VIII: SMT Advanced Management This part discusse s filtering se tup, SNMP , system security , sy stem information and diagno sis, firmware and configuration file maintenance, system maintenance, remote management and call scheduling. See the web configurator parts o f this guide for background information on featur[...]
-
Page 356
[...]
-
Page 357
Prestige 334W User’s Gui de Filter Configuration 30-1 Chapter 30 Filter Configuration This chapter shows you how to create and apply filters. 30.1 Introduction to Filters Your Prestige uses filters to decide whether to allow passa ge of a data packet and/or to make a call. There are two types of filter applications: data filtering and call f ilte[...]
-
Page 358
Prestige 334W User’s Gui de 30-2 Filter Configuration Figure 30-1 Outgoing Packet Filtering Process For incoming packets, your Prestige ap plies data filters only. Packets are processed depending upon whether a match is found. The following sections describe how to configure filter sets. 30.1.1 The Filter Structure of the Prestige A filter set co[...]
-
Page 359
Prestige 334W User’s Gui de Filter Configuration 30-3 Start Fetch First Filter Set Fetch First Filter Rule Active? Execute Filter Rule Fetch Next Filter Rule Next filter Rule Available? Fetch Next Filter Set Next Filter Set Available? Accept Packet Drop Packet Yes No Yes No Yes Packet into filter Filter Set Forward Drop No Check Next Rule Figure [...]
-
Page 360
Prestige 334W User’s Gui de 30-4 Filter Configuration You can apply up to four filter sets to a particular port to b lock multiple types of packets. With each filter set having up t o six rules, y ou can have a m aximum of 24 rules acti ve for a single p ort. 30.2 Configuring a Filter Set The Prestige includes filtering for NetBIOS over TCP/IP pa[...]
-
Page 361
Prestige 334W User’s Gui de Filter Configuration 30-5 Step 3. Select the filter set you wish to co nfigure (1-12) and pr ess [ENTER] . Step 4. Enter a descriptive name or co mment in the Edit Comments field and press [ENTER] . Step 5. Press [ENTER] at the message [Press ENTER to confirm] to open Menu 21.1.1 - Filter R ules Summary . This screen s[...]
-
Page 362
Prestige 334W User’s Gui de 30-6 Filter Configuration Table 30-2 Rule Abbreviations Used ABBREVIATION DESCRIPTION IP Pr Protocol SA Sourc e Address SP Source Port number DA Destination Address DP Destination Port number GEN Off Offs et Len Length Refer to the next section for information on configuring the filter ru les. 30.2.1 Configuring a Filt[...]
-
Page 363
Prestige 334W User’s Gui de Filter Configuration 30-7 To configure TCP/IP rules, select TCP/IP Filter Rule from the Filter Type field and press [ENTER] to open Menu 21.1.1.1 - TCP/IP Filt er Rule , as shown next. Figure 30-6 Menu 21.1.1.1 TCP/IP Filter Rule The following table describes how to con figure your TCP/IP filter rule. Table 30-3 TCP/IP[...]
-
Page 364
Prestige 334W User’s Gui de 30-8 Filter Configuration Table 30-3 TCP/IP Filter Rule FIELD DESCRIPTION OPTIONS IP Mask Enter the IP mask to apply to the Destination: IP Addr . 0.0.0.0 Port # Enter the destination port of t he packets that you wish to filter. The range of this field is 0 to 6553 5. This field is ignor ed if it is 0. 0-65535 Port # [...]
-
Page 365
Prestige 334W User’s Gui de Filter Configuration 30-9 Table 30-3 TCP/IP Filter Rule FIELD DESCRIPTION OPTIONS Log Press [SPACE BAR] and then [ENTER] to select a logg ing option from the following: None – No packets will be logged. Action Matched - Only packets that match the rule parameters will be logged. Action Not Matched - Only packets that[...]
-
Page 366
Prestige 334W User’s Gui de 30-10 Filter Configuration Packet into IP Filter Matched Matched Yes Action Matched Action Not Matched More? No Filter Active? Check IP Protocol Drop Drop Packet Accept Packet Drop Forward Check Next Rule Check Next Rule Check Next Rule Forward Not Matched Yes No Check Src IP Addr Apply SrcAddrMask to Src Addr Matched [...]
-
Page 367
Prestige 334W User’s Gui de Filter Configuration 30-11 30.2.3 Configuring a Generic Filter Rule This section shows you how to configure a generic filter rule. The purpose of gen eric rules is to allow you to filter non-IP packets. For IP, it is genera lly easier to use the IP rules directly. For generic rules, the Pre stige treats a packet as a b[...]
-
Page 368
Prestige 334W User’s Gui de 30-12 Filter Configuration Table 30-4 Generic Filter Rule Menu Fields FIELD DESCRIPTION OPTIONS Filter Type Use [SPACE BAR] and then [ENTER] to select a rule type. Parameters displayed belo w each type will be different. TCP/IP filter rule s are used to filter IP packets while generic filter rules allow filtering of no[...]
-
Page 369
Prestige 334W User’s Gui de Filter Configuration 30-13 30.3 Example Filter Let’s look at an example to block outside us ers from accessing the Prestige via telnet. Figure 30-9 Telnet Filter Example Step 1. Enter 21 from the ma in menu to o pen Menu 21 - Filter and Firewall Setup . Step 2. Enter 1 to o pen Menu 21.1 - Filter Set Configuration . [...]
-
Page 370
Prestige 334W User’s Gui de 30-14 Filter Configuration Step 6. Enter 1 to configure the first filter rule (the only filter rule of this set). Make the entries in this menu as sho wn in the f ollowing fi gure. Figure 30-10 Example Filter: Menu 21.1.3.1 When you press [ENTER] to confirm, you will see the following screen . Note that there is only o[...]
-
Page 371
Prestige 334W User’s Gui de Filter Configuration 30-15 Figure 30-11 Example Filter Rules Summary : Menu 21.1.3 After you’ve created the filter set, you must apply it. Step 1. Enter 11 from the main m enu to go t o menu 11 . Step 2. Go to the Edit Filter Sets field, press [SPACE BAR] to select Yes and press [ENTER] . Step 3. This brings you to m[...]
-
Page 372
Prestige 334W User’s Gui de 30-16 Filter Configuration Generic and TCP/IP filter rules are discussed in more detail in the next section. When NAT (Network Address Transl ation) is enable d, the inside IP addr ess and port num ber are replaced on a c onnection-by- connection basis, which makes it impossib le to know the exact address and port on t[...]
-
Page 373
Prestige 334W User’s Gui de Filter Configuration 30-17 30.6.1 Applying LAN Filters LAN traffic filter sets may be useful to block certain packets, reduce traffic and prevent security breach es. Go to menu 3.1 (shown next) and enter the number(s) of the filter set(s) that you want to apply as appropriate. You can choose up to four filter sets (fro[...]
-
Page 374
Prestige 334W User’s Gui de 30-18 Filter Configuration Figure 30-14 Filtering Remote Node T raffic Menu 11.5 - Remote Node Filter Input Filter Sets: protocol filters= device filters= Output Filter Sets: protocol filters= device filters= Enter here to CONFIRM or ESC to CANCEL:[...]
-
Page 375
Prestige 334W User’s Gui de SNMP Configuration 31-1 Chapter 31 SNMP Configuration This chapter explains SNMP Configuration menu 22. 31.1 About SNMP Simple Netw ork Managem ent Protoc ol is a prot ocol used for exchangi ng managem ent inform ation between network de vices. SNMP is a member of the TCP/IP protocol s uite. Your Prest ige supports S N[...]
-
Page 376
Prestige 334W User’s Gui de 31-2 SN MP Configuration An agent is a manageme nt software mod ule that resides i n a managed d evice (the Pres tige). An agent translates the local management information from the managed device into a form compatible with SNMP. The manager i s the consol e through which netw ork ad m inistrators pe rform network man[...]
-
Page 377
Prestige 334W User’s Gui de SNMP Configuration 31-3 Figure 31-2 Menu 22 SNMP Configuration The following table d escribes the SNMP configu ration parameters. Table 31-1 Menu 22 SNMP Configur ation FIELD DESCRIPTION EXAMPLE SNMP: Get Community Type the Get Community , which is the password for the incoming Get- and GetNext requests from the manage[...]
-
Page 378
Prestige 334W User’s Gui de 31-4 SN MP Configuration 31.4 SNMP T rap s The Prestige will send traps to the SNMP manager when any on e of the following events occurs: Table 31-2 SNMP Traps TRAP # TRAP NAME DESCRIPTION 1 coldStart ( defined in RFC-1215 ) A trap is sent after booting (power on). 2 warmStart ( defined in RFC-1215 ) A trap is sent aft[...]
-
Page 379
Prestige 334W User’s Gui de System Security 32-1 Chapter 32 System Security This chapter describes how to configure the system security on the Prestige. 32.1 System Security You can confi gure the syste m password, a n external RADI US server and 8 02.1x in thi s menu. 32.1.1 System Password Figure 32-1 Menu 23 Sy stem Security You should chang e[...]
-
Page 380
Prestige 334W User’s Gui de 32-2 S ystem Security Figure 32-3 Menu 23.2 Sy stem Security : RADIUS Server The following table describes the fields in this screen. Table 32-1 Menu 23.2 Sy stem Security : RADIUS Serv er FIELD DESCRIPTION EXAMPLE Authentication Server Active Press [SPACE BAR] to select Yes and press [ENTER] to enable user authenticat[...]
-
Page 381
Prestige 334W User’s Gui de System Security 32-3 Table 32-1 Menu 23.2 Sy stem Security : RADIUS Serv er FIELD DESCRIPTION EXAMPLE Server Address Enter the IP address of the external accou nting server in dotted decimal notation. 10.11.12.13 Port The default port of the RADIUS server for accounting is 1813 . You need not change this value unl ess [...]
-
Page 382
Prestige 334W User’s Gui de 32-4 S ystem Security Figure 32-5 Menu 23.4 Sy stem Security : IEEE802.1x The following table describes the fields in this menu. Table 32-2 Menu 23.4 Sy stem Security : IEEE802.1x FIELD DESCRIPTION Wireless Port Control Press [SPACE BAR] and select a security mode for the wireless LAN access. Select No Authentica tion [...]
-
Page 383
Prestige 334W User’s Gui de System Security 32-5 Table 32-2 Menu 23.4 Sy stem Security : IEEE802.1x FIELD DESCRIPTION Idle Timeout (in second) The ZyAIR automatically disconn ects a client from the wired net work after a period of inactivity. The client needs to enter the us ername and password agai n before access to the wired network is allowed[...]
-
Page 384
Prestige 334W User’s Gui de 32-6 S ystem Security Table 32-2 Menu 23.4 Sy stem Security : IEEE802.1x FIELD DESCRIPTION Authentication Databases The authentication databas e contains wireless station login information. The local user database is the built-in database on the Z yAIR. The RADIUS is an external server. Use this field to decide which d[...]
-
Page 385
Prestige 334W User’s Gui de System Information and Diagnosis 33-1 Chapter 33 System Information and Diagnosis This chapter covers the information and diag nostic tools in SMT menus 24.1 to 24.4. These tools include updates on system status, port status, log and trace capabilities and upgrades for t he system software. This chapter describ es how [...]
-
Page 386
Prestige 334W User’s Gui de 33-2 System Information and Diagnosis Figure 33-2 Menu 24.1 Sy stem Maintenance : Status The following ta ble describe s the fields present in Menu 24.1 — System Maintenance — Status . These fields are READ-ONLY and meant for diagnostic purposes . The uppe r right corne r of the screen shows the time and da te acco[...]
-
Page 387
Prestige 334W User’s Gui de System Information and Diagnosis 33-3 Table 33-1 System Maintenance: Sta tus Menu Fields FIELD DESCRIPTION IP Mask The IP mask of the port listed on the left. DHCP T he DHCP setting of the port listed on the left. System up Time The total time the Prestige has been on. Name This is the Prestige' s system nam e + d[...]
-
Page 388
Prestige 334W User’s Gui de 33-4 System Information and Diagnosis Figure 33-4 Menu 24.2.1 Sy stem Maintenance : Information The following table describes the fields in this menu. Table 33-2 Menu 24.2.1 Sy stem Maintenance : Information FIELD DESCRIPTION Name Displays the system name of your Pr estige. This information can be changed i n Menu 1 ?[...]
-
Page 389
Prestige 334W User’s Gui de System Information and Diagnosis 33-5 Figure 33-5 Menu 24.2.2 Sy stem Maintenance : Change Consol e Port Speed 33.3 Log and T race There are two logging facilities in t he Prestige. The first is the error logs and trace records that are stored locally. The second is the sysl og facility for message logging. 33.3.1 Sysl[...]
-
Page 390
Prestige 334W User’s Gui de 33-6 System Information and Diagnosis Table 33-3 Menu 24.3.2 Sy stem Maintenance : Sy slog and Accounting PARAMETER DESCRIPTION Syslog Server IP Address Enter the IP Address of the server t hat will log the CDR (Call Detail Recor d) and system messages i.e., the syslog server. Log Facility Press [SPACE BAR] and then [E[...]
-
Page 391
Prestige 334W User’s Gui de System Information and Diagnosis 33-7 3. Filter log Filter log Message Format SdcmdSyslogSend(SYSLOG_FILLOG, SYSLOG_NOTICE, String ); String = IP[Src=xx.xx.xx.xx Dst=xx.xx.xx.xx prot spo=xxxx dpo=xxxx] S04>R01mD IP[…] is the packet header and S04>R01mD means filter set 4 (S) and rule 1 (R), match (m) drop (D). [...]
-
Page 392
Prestige 334W User’s Gui de 33-8 System Information and Diagnosis 5. Firewall log Firewall Log Message Format SdcmdSyslogSend(SYSLOG_FIREWALL, SYSLOG_NOTICE, buf); buf = IP[Src=xx.xx.xx.xx : spo=xxxx Dst=xx.xx.xx.xx : dpo=xxxx | prot | rule | action] Src: Source Address spo: Source port (empty means no source port information) Dst: Destination Ad[...]
-
Page 393
Prestige 334W User’s Gui de System Information and Diagnosis 33-9 Figure 33-7 Call-Triggering Packet Example 33.4 Diagnostic The diagnostic facility allows you to test the different aspects of your Prestige to determine if it is working properly. Menu 24.4 allows you to ch oose among various t ypes of diagnostic tests to evaluate your syst em, as[...]
-
Page 394
Prestige 334W User’s Gui de 33-10 System Information and Diagnosis Figure 33-8 Menu 24.4 Sy stem Maintenance : Diagnostic 33.4.1 W AN DHCP DHCP functionality can be en abled on the LAN or W AN as shown in Figure 33-9 . L AN DHCP ha s already been discussed. The Prestige can act eithe r as a WAN DHC P client ( IP Address Assignm ent field in m enu[...]
-
Page 395
Prestige 334W User’s Gui de System Information and Diagnosis 33-11 Table 33-4 System Maintenance Men u Diagnostic FIELD DESCRIPTION Ping Host Enter 1 to ping any machine (with an IP ad dress) on your LAN or W AN. Enter its IP address in the Host IP Address field below. WAN DHCP Release Enter 2 to release your WAN DHCP settings. WAN DHCP Renewal E[...]
-
Page 396
[...]
-
Page 397
Prestige 334W User’s Gui de Firmware and Configuration File Maintenance 34-1 Chapter 34 Firmware and Configuration File Maintenance This chapter tells you how to backup and restor e your configuration file as well as upload n ew firmware and configuration files. 34.1 Filename Convent ions The configu ration file ( often called t he romfile or rom[...]
-
Page 398
Prestige 334W User’s Gui de 34-2 Firmware and Configuration File Maintenance Table 34-1 Filename Conventions FILE TYPE INTERNAL NAME EXTERNAL NAME DESCRIPTION Configuration File Rom-0 This is the configuration filename on the Prestige. Uploading the rom-0 file repl aces the entire ROM file system, including your Prestige configurations, system-re[...]
-
Page 399
Prestige 334W User’s Gui de Firmware and Configuration File Maintenance 34-3 34.2.1 Backup Configuration Follow the instructions as shown in the next screen. Figure 34-1 Telnet in Menu 24.5 34.2.2 Using the FTP Command from the Command Line Step 1. Launch the FTP client on your computer. Step 2. Enter “open”, followed by a s pace and the IP a[...]
-
Page 400
Prestige 334W User’s Gui de 34-4 Firmware and Configuration File Maintenance 34.2.3 Example of FTP Commands from the Command Line Figure 34-2 FTP Session Example 34.2.4 GUI-based FTP Client s The followin g table describes some of the c ommands that you may see in GUI-based FT P clients. Table 34-2 General Commands for GUI-based FTP Clients COMMA[...]
-
Page 401
Prestige 334W User’s Gui de Firmware and Configuration File Maintenance 34-5 3. The IP addres s in the Secure d Client IP fiel d in menu 2 4.11 does not match the clie nt IP. If it does not match, the Prestige will disconnect the Telnet session immediately. 4. You have a n SMT console se ssion runni ng. 34.2.6 Backup Confi guration Using TFTP The[...]
-
Page 402
Prestige 334W User’s Gui de 34-6 Firmware and Configuration File Maintenance 34.2.8 GUI-based TFTP Client s The followin g table describes some of the fields that you may see in GU I-based TFTP cli ents. Table 34-3 General Commands for GUI-based TFTP Clients COMMAND DESCRIPTION Host Enter the IP address of the Prestige. 19 2.168.1.1 is the Pre st[...]
-
Page 403
Prestige 334W User’s Gui de Firmware and Configuration File Maintenance 34-7 34.3.1 Restore Using FTP For details about backup using (T)FTP please refer to ea rlier sections on FTP and TFTP file upload in this chapter. Figure 34-3 Telnet into Menu 24.6 Step 1. Launch the FTP client on your computer. Step 2. Enter “open”, followed by a s pace [...]
-
Page 404
Prestige 334W User’s Gui de 34-8 Firmware and Configuration File Maintenance 34.3.2 Restore Using FTP Session Example Figure 34-4 Restore Usi ng FTP Session Example Refer to section 34 .2.5 to read about configurations that disallow TFTP and FTP over WAN. 34.4 Uploading Firmware and Configuration Files This section s hows you ho w to upload firmw[...]
-
Page 405
Prestige 334W User’s Gui de Firmware and Configuration File Maintenance 34-9 Figure 34-5 Telnet Into Menu 24.7.1 Upload Sy stem Firmware 34.4.2 Configuration File Upload You see the following screen when you telnet into menu 24.7 .2. Figure 34-6 Telnet Into Menu 24.7.2 Sy stem Maintenance To upload the firmware and the conf iguration file, follow[...]
-
Page 406
Prestige 334W User’s Gui de 34-10 Firmware and Configuration File Maintenance 34.4.3 FTP File Upload Command from the DOS Prompt Example Step 1. Launch the FTP client on your computer. Step 2. Enter “open”, followed by a s pace and the IP address of y our Prestige. Step 3. Press [ENTER] when prompted for a usernam e. Step 4. Enter your passwo[...]
-
Page 407
Prestige 334W User’s Gui de Firmware and Configuration File Maintenance 34-11 To use TFTP, your comput er must have both telnet an d T FTP clients. To transfer t he firmware and the configuration file, fo llow the procedure show n next. Step 1. Use telnet from your computer to connect to th e Prestige and log in. Because TFTP does not have any se[...]
-
Page 408
[...]
-
Page 409
Prestige 334W User’s Gui de System Maintenance 35-1 Chapter 35 System Maintenance This chapter leads yo u through SMT menus 24.8 to 24.10. 35.1 Command Interpreter Mode The Command I nterpreter (CI) is a part o f the main system firmware. The CI provides much of t he same functionality as the SMT, while adding some low-level setup and diagnostic [...]
-
Page 410
Prestige 334W User’s Gui de 35-2 System Maintenance The | symbol means “or”. For example, sys filter netbios config <type> <on|off> means that you must specify the type of netbios filter and whether to turn it on or off. 35.1.2 Command Usage A list of c ommands can be found by typing help or ? at the com mand prom pt. Always ty pe[...]
-
Page 411
Prestige 334W User’s Gui de System Maintenance 35-3 35.2.1 Budget Management Menu 24.9.1 shows the budget management statistics for ou tgoing calls. Enter 1 from Menu 24. 9 - System Maintenance - Call Contro l to br ing up th e fo llow ing menu . Figure 35-4 Budget Managemen t The total budget is the time limit on the accum ulated time for outgoi[...]
-
Page 412
Prestige 334W User’s Gui de 35-4 System Maintenance 35.2.2 Call History This is the second option in Menu 24.9 - System Main tenance - Call C ontrol . It displays information about past incoming and outgo ing calls. Enter 2 from Menu 24.9 - System Maintenance - Call Con trol to bring up the following menu. Figure 35-5 Call History The following t[...]
-
Page 413
Prestige 334W User’s Gui de System Maintenance 35-5 you turn on your Prestige. Men u 24.10 allows you to update the time and date settings of your Prestige. The real time is then displayed in the Prestige error logs and firewall lo gs. Select menu 24 in the main menu to open Menu 24 - System Maintenance , as shown next. Figure 35-6 Menu 24: Sy st[...]
-
Page 414
Prestige 334W User’s Gui de 35-6 System Maintenance Table 35-3 Time and Date Setting Fields FIELD DESCRIPTION Enter the time service protocol that your timeserver sends when you turn on the Prestige. Not all timeservers support all prot ocols, so you ma y have to check with your ISP/network administrator or use trial and erro r to find a prot oco[...]
-
Page 415
Prestige 334W User’s Gui de System Maintenance 35-7 i. On leaving menu 24. 10 after making cha nges. ii. When the Prestige starts up, if there is a timeserver configured in menu 24.10. iii. 24-hour intervals after starting.[...]
-
Page 416
[...]
-
Page 417
Prestige 334W User’s Gui de Remote Management 36-1 Chapter 36 Remote Management This chapter cove rs remote management (SMT m enu 24.11). 36.1 Remote Management Remote management allows you to determine which services/protocols can acces s which Prestige interface (if any) fr om which c omputers . You may manage your Prestige from a remote locati[...]
-
Page 418
Prestige 334W User’s Gui de 36-2 Remote Management The following table describes the fields in this screen. Table 36-1 Menu 24.11 – Remote Managemen t Control FIELD DESCRIPTION EXAMPLE Telnet Server FTP Server Web Server SNMP Service DNS Service Each of these read-only l abels denotes a service or protoc ol. Port This field shows the port numbe[...]
-
Page 419
Prestige 334W User’s Gui de Call Scheduling 37-1 Chapter 37 Call Scheduling Call scheduling (applicable for PPPoA or PPPoE encaps ulation only) allows you to dictate when a remote node should be call ed and for how long. 37.1 Introduction to Call Scheduling The call scheduling feature allows the Prestige to mana ge a remote no de and dictate whe [...]
-
Page 420
Prestige 334W User’s Gui de 37-2 Call Scheduli ng To setup a schedule set, select the schedule set you want to setup from men u 26 (1-12) and pr ess [ENTER] to see Menu 26.1 — Sche dule Set Setup as shown next. Figure 37-2 Menu 26.1 Schedule Set Setup If a connection has been already established, your Pr estige will not drop it. Once the connec[...]
-
Page 421
Prestige 334W User’s Gui de Call Scheduling 37-3 Table 37-1 Menu 26.1 Schedule Set Setup FIELD DESCRIPTION EXAMPLE Weekday: Day If you selected Weekly in the How Often field above, then select the day(s) when the set should activate (and rec ur) by going to that day(s) and pressing [SPACE BAR] to select Yes , then press [ENTER]. Yes No N/A Start [...]
-
Page 422
Prestige 334W User’s Gui de 37-4 Call Scheduli ng Figure 37-3 Applying Schedule Set( s) to a Remote Node (PPPoE) You can ap ply up to fou r schedule sets, separate d by comm as, for one rem ote node. C hange the sc hedule set numbers to your prefe rence(s). Menu 11.1 - Remote Node Profile Rem Node Name= MyISP Route= IP Active= Yes Encapsulation= [...]
-
Page 423
SMT VPN/IPSec IX Part IX: SMT VPN/IPSec This part provides informati on about conf iguring VPN/IPSec for secure communications. See the web configurator parts o f this guide for background information on features configurable by web configurator a nd SMT.[...]
-
Page 424
[...]
-
Page 425
Prestige 334W User ’s Gui de VPN/IPSec Setup 38-1 Chapter 38 VPN/IPSec Setup This chapter introduces the VPN SMT menus. 38.1 VPN/IPSec Overview The VPN/IPSe c main SMT menu has these m ain submenus: 1. Define VPN policies in m enu 27.1 s ubmenus, incl uding securi ty polici es, endpoint IP addresses, peer IPSec router IP address and key manage me[...]
-
Page 426
Prestige 334W User ’s Gui de 38-2 VPN/IPSec Setup Figure 38-2 Menu 27 VPN/IPSec Setup 38.2 IPSec Summary Screen Type 1 in m enu 27 and t hen press [ENTE R] to display Menu 27.1 IPSec Summary . This is a s ummary read-only m enu of your IPSec rules (t unnels). E dit or creat e an IPSec rule by selecting a n index num ber and then configuring the a[...]
-
Page 427
Prestige 334W User ’s Gui de VPN/IPSec Setup 38-3 Table 38-1 Menu 27.1 IPSec Summary FIELD DESCRIPTION EX AMPLE Name T his field displays the unique iden tification na me for this VPN rule. The name may be up to 32 characters long but onl y 10 characters will be displayed her e. Taiwan A Y signifies that this VPN rule is active. Y Local Addr Star[...]
-
Page 428
Prestige 334W User ’s Gui de 38-4 VPN/IPSec Setup Table 38-1 Menu 27.1 IPSec Summary FIELD DESCRIPTION EX AMPLE Key Mgt T his field displays the SA’s type of key management, ( IKE or Manual ). IKE Remote Addr Start When the Addr Type field in Menu 27.1.1 IPSec Setup is configured to Single , this is a static IP address on the network behind the[...]
-
Page 429
Prestige 334W User ’s Gui de VPN/IPSec Setup 38-5 Table 38-1 Menu 27.1 IPSec Summary FIELD DESCRIPTION EX AMPLE Select Command Press [SPACE BAR] to choose from None , Edit , Delete , Go To Rule , Next Page or Previous Page and then press [ENTER]. You must select a rule in the next field when you choose the Edit , Delete or Go To commands. Select [...]
-
Page 430
Prestige 334W User ’s Gui de 38-6 VPN/IPSec Setup Figure 38-4 Menu 27.1.1 IPSec Setup The following table describes the fields in this menu. Table 38-2 Menu 27.1.1 IPSec Setup FIELD DESCRIPTION EXAMPLE Index This is the VPN rule index number you selected in the pr evious menu. 1 Name Enter a unique identificatio n name for this VPN rule. The name[...]
-
Page 431
Prestige 334W User ’s Gui de VPN/IPSec Setup 38-7 Table 38-2 Menu 27.1.1 IPSec Setup FIELD DESCRIPTION EXAMPLE Nat Traversal Select this check box to enable NAT traversal. NAT traversal allows you to set up a VPN connection when ther e are NAT routers bet ween the two IPSec routers. The remote IPSec router must also have NA T traversal enabled. Y[...]
-
Page 432
Prestige 334W User ’s Gui de 38-8 VPN/IPSec Setup Table 38-2 Menu 27.1.1 IPSec Setup FIELD DESCRIPTION EXAMPLE Content When you select IP in the Peer ID Type field, type the IP address of the computer with which you w ill make t he VPN connection or leave the field blank to have the Prestige aut omatically use the address in the Secure Gateway A [...]
-
Page 433
Prestige 334W User ’s Gui de VPN/IPSec Setup 38-9 Table 38-2 Menu 27.1.1 IPSec Setup FIELD DESCRIPTION EXAMPLE End Enter a port number in this field to define a port range. This port number must be greater than that specified in the previous field. T his field is N/A when 0 is configured in the Port Start field. N/A Remote Remote IP addresses mus[...]
-
Page 434
Prestige 334W User ’s Gui de 38-10 VPN/IPSec Setup Table 38-2 Menu 27.1.1 IPSec Setup FIELD DESCRIPTION EXAMPLE Port Start 0 is the default and signifies any port. Type a port number from 0 to 65535. Someone behind the remote IPSec router cannot create a VPN tunnel when attempting to connect using a port number that do es not match this port numb[...]
-
Page 435
Prestige 334W User ’s Gui de VPN/IPSec Setup 38-1 1 Figure 38-5 Menu 27.1.1.1 IKE Setup The following table describes the fields in this menu. Table 38-3 Menu 27.1.1.1 IKE Setup FIELD DESCRIPTION EXAMPLE Phase 1 Negotiation Mode Press [SPACE BAR] to choose from Main or Aggressive and then press [ENTER]. See earlier for a discussi on of thes e mod[...]
-
Page 436
Prestige 334W User ’s Gui de 38-12 VPN/IPSec Setup Table 38-3 Menu 27.1.1.1 IKE Setup FIELD DESCRIPTION EXAMPLE Encryption Algorithm When DES is used for data communications, both sender and receiver mus t know the same secret key, which can be used to encrypt and decrypt the message or to generate and verif y a message authentication code. Prest[...]
-
Page 437
Prestige 334W User ’s Gui de VPN/IPSec Setup 38-13 Table 38-3 Menu 27.1.1.1 IKE Setup FIELD DESCRIPTION EXAMPLE Perfect Forward Secrecy (PFS) Perfect Forward Secrecy (PFS) is disabled ( None ) by default in phase 2 IPSec SA setup. This allows faster IPSe c setup, but is not so secure. Press [SPACE BAR] and choose from DH1 or DH2 to enable PF S. D[...]
-
Page 438
Prestige 334W User ’s Gui de 38-14 VPN/IPSec Setup Figure 38-6 Menu 27.1.1.2 Manual Setup The following table describes the fields in this menu. Table 38-5 Menu 27.1.1.2 Manual Setup FIELD DESCRIPTION EXAMPLE Active Protocol Press [SPACE BAR] to choos e from ESP Tunnel , ESP Transport , AH Tunnel or AH Transport and then press [ENTER]. Choosing a[...]
-
Page 439
Prestige 334W User ’s Gui de VPN/IPSec Setup 38-15 Table 38-5 Menu 27.1.1.2 Manual Setup FIELD DESCRIPTION EXAMPLE Key3 Enter a unique eight-character key. It can be comprised of any character including spaces (but trailing spaces are truncated). Authentication Algorithm Press [SPACE BAR] to choose from MD5 or SHA1 and then press [ENTER]. MD5 Key[...]
-
Page 440
[...]
-
Page 441
Prestige 334W User ’s Gui de SA Monitor 39-1 Chapter 39 SA Monitor This chapter teaches you how to manage your SA s by using the SA Monitor in SMT menu 27.2. 39.1 SA Monitor Overview A Security Association (SA) is the group of security settings related to a specific VPN tunnel. Th is menu (shown next) displays activ e VPN connections. When there [...]
-
Page 442
Prestige 334W User ’s Gui de 39-2 SA Monitor The following table describes the fields in this menu. Table 39-1 Menu 27.2 SA Monitor FIELD DESCRIPTION EX AMPLE # This is the security associatio n index number. Name This field displays th e identification name for this VPN policy. This name is unique for each connection where the secure gateway IP [...]
-
Page 443
X Part X: Appendices and Index This section provides some Appendices and an Index.[...]
-
Page 444
[...]
-
Page 445
Prestige 334W User’s Gui de PPPoE A-1 Appendix A PPPoE PPPoE in Action An ADSL m odem bridges a PPP session o ver Ethernet (P PP over Ethe rnet, RFC 2516) from your PC t o an ATM PVC (Permanent Virt ual Circuit) that connects to an xDSL Access C oncentrat or where the PPP session terminates (see the next figu re). One PVC ca n support a ny number[...]
-
Page 446
Prestige 334W User’s Gui de A-2 PPPoE Diagram A-1 Single-PC per Modem Hard w are Configuration How PPPoE Works The PPPoE driver m akes the Ethernet appear as a serial link to the PC and the PC runs PPP over it, while the modem bridges the Et hernet frames to the Access Conce n trator (AC). Between the AC and an ISP, the AC is acting as a L2TP (La[...]
-
Page 447
Prestige 334W User’s Gui de PPPoE A-3 The Prestige as a PPPoE Client When using the Prestige as a PPPoE client, th e PCs on the LAN see only Ethernet and are not aware of PPPoE. This al leviates the ad ministrator fr om having t o manage the PPPoE clients on the indivi dual PCs. Diagram A-2 The Prestige as a PPPoE Client[...]
-
Page 448
[...]
-
Page 449
Prestige 334W User’s Gui de PPTP B-1 Appendix B PPTP What is PPTP? PPTP (Point -to-Point T unneling Prot ocol) is a M icrosoft pr oprietary pr otocol (RFC 2637 for PPTP is informational only) to tunnel PPP frames. How can we transport PPP frames from a PC to a broadb and modem over Ethernet? A solution is to build PPTP into the ANT (ADSL Ne twork[...]
-
Page 450
Prestige 334W User’s Gui de B-2 PPTP In Windows VPN o r PPTP Pass-Through f eature, th e PPTP tunneling is created from Window s 95, 98 and NT clients to an NT server in a remote location. Th e pass-through feature allow s users on th e network to access a different remote server usi ng the Prestige's Intern et connection. In NAT mode , the [...]
-
Page 451
Prestige 334W User’s Gui de PPTP B-3 The control connection runs over TCP. Similar to L2TP, a tunnel contro l connection is first established before call control messages can be exch anged. Please note that a tunnel con trol connection supports multiple call sessions. The following diagram depicts the message exchange of a successful call setup b[...]
-
Page 452
[...]
-
Page 453
Prestige 334W User’s Gui de NetBIOS Filter Commands C-1 Appendix C NetBIOS Filter Commands The following describes the NetBIOS packet filter commands. Introduction NetBIOS (Network Basic Input/Output System ) are TCP or UDP b roadcast pa c kets that enable a computer t o connect to and communicate with a LAN. For some dial-up services such as PPP[...]
-
Page 454
Prestige 334W User’s Gui de C-2 NetBIOS Filter Commands Table C-1 NetBIOS Filter Default Settings NAME DESCRIPTION EXAMPLE Between LAN and WAN This field displays whether NetBIOS packets are blocked o r forwarded from the LAN to the WAN or from the WAN to the LAN. Forward IPSec Packets This field displa ys whet her NetBIOS packets sent through a [...]
-
Page 455
Prestige 334W User’s Gui de NetBIOS Filter Commands C-3 Command: sys filter netbios config 4 off This command stops NetBIOS commands from initiatin g calls.[...]
-
Page 456
[...]
-
Page 457
Prestige 334W User’s Gui de Log Descriptions D -1 Appendix D Log Descriptions Configure centralized logs using the em bedded w eb configurator; see the onlin e help for details. This appendix describ es some of the log messa ges. Chart 1 System Error Logs LOG MESSAGE DESCRIPTION %s exceeds the max. number of session per host! This attempt to crea[...]
-
Page 458
Prestige 334W User’s Gui de D-2 Lo g Descriptions Chart 2 System Maintena nce Logs LOG MESSAGE DESCRIPTION TELNET Login Successfully Someone has logged on to the router via telnet. TELNET Login Fail Someone has failed to log on to the router via telnet. FTP Login Successfully Someone has logged on to the router via ftp. FTP Login Fail Someone has[...]
-
Page 459
Prestige 334W User’s Gui de Log Descriptions D -3 Chart 4 Content Filtering Logs CATEGORY LOG MESSAGE DESCRIPTION JAVBLK IP/Domain Name The Prestige blocked access to this IP addre ss or domain name because of a forbidden service suc h as: ActiveX, a Java applet, a cookie, or a proxy. Chart 5 ICMP Type and Code Expla nations TYPE CODE DESCRIPTION[...]
-
Page 460
Prestige 334W User’s Gui de D-4 Lo g Descriptions Chart 5 ICMP Type and Code Expla nations TYPE CODE DESCRIPTION 0 Echo message 11 Time Exceeded 0 Time to live exceeded in transit 1 Fragment reassembly time exceeded 12 Parameter Problem 0 Pointer indicates the error 13 Timestamp 0 Timestamp request message 14 Timestamp Reply 0 Timestamp reply mes[...]
-
Page 461
Prestige 334W User’s Gui de Setting up Your Computer’s IP Address E-1 Appendix E Setting up Your Computer’s IP Address All computers must have a 1 0M or 100M Et he rnet adapter card and TC P/IP installed. Windows 95/ 98/Me/NT/2 000/XP, Maci ntosh OS 7 a nd later ope rating sy stems and all versions of UNIX/LINU X include the software com pone[...]
-
Page 462
Prestige 334W User’s Gui de E-2 Setting up Your Computer’s IP Address 1. Click Start , Settings , Control Panel and double- click the Network icon to open the Network window. 2. The Networ k window Configurati on tab displ ays a list of installed c omponents. You need a net work adapter, the T CP/IP protoc ol and Cl ient for Microsoft Net works[...]
-
Page 463
Prestige 334W User’s Gui de Setting up Your Computer’s IP Address E-3 d. Select Client for Microsoft Networks from the list of network clients and then cl ick OK . e. Restart your computer so t he changes you made take effect. In the Networ k window Configuration tab, select your network adapter's TCP/IP en try and click Properties . 1. Cl[...]
-
Page 464
Prestige 334W User’s Gui de E-4 Setting up Your Computer’s IP Address 2. Click the DNS Configuration tab. -If you do not know your DNS information, select Disable DNS . -If you know your DNS information, select Enable DNS and type the information in the fields below (you may not need to fill them a ll in). 3. Click the Gateway tab. -If you do n[...]
-
Page 465
Prestige 334W User’s Gui de Setting up Your Computer’s IP Address E-5 5. Click OK to close the Network window. Insert the Windows CD if prompted. 6. Turn on your Prestige and restar t your com puter when prompted. Checking/Modifying Your Computer’s IP Address 1. Click Start and then Run . 2. In the Run window, type "winipcfg" and th[...]
-
Page 466
Prestige 334W User’s Gui de E-6 Setting up Your Computer’s IP Address Windows 2000/NT/XP 1. In Windo ws XP, click start , Control Panel . In Windows 2000/NT, click Start , Settings , Control Panel . 2. In Windo ws XP, click Net work Connections . In Windows 2000/NT, click Netwo rk and Dial-up Connections . 3. Right-click Local A rea Connection [...]
-
Page 467
Prestige 334W User’s Gui de Setting up Your Computer’s IP Address E-7 4. Select Internet Protocol (TCP/IP) (under the General tab in Win XP) and click Properties .[...]
-
Page 468
Prestige 334W User’s Gui de E-8 Setting up Your Computer’s IP Address 5. T he Internet Protocol TCP/IP Propertie s window opens (the General tab in Windows XP). - To have your computer assigned a d ynamic IP address, click Obtain an IP address automatically . -If you have a static IP address click Use the following IP Address and fill in the IP[...]
-
Page 469
Prestige 334W User’s Gui de Setting up Your Computer’s IP Address E-9 6. -If you do not know your gateway's IP address, remove any previously installed gate ways in the IP Settin gs tab and click OK . Do one or more of the following if you want to configure additional IP addres ses: -In the IP Settings tab, in IP addresses, click Add . -In[...]
-
Page 470
Prestige 334W User’s Gui de E-10 Setting up Your Computer’s IP Address 7. In the Internet Protocol TCP/IP Properties window (the Gene ral t ab in Windows XP): -Click Obtain DNS server address automatically if you do not know your DNS server IP address(es). -If you know your DNS server IP address(es), click Use the follow ing DNS server addresse[...]
-
Page 471
Prestige 334W User’s Gui de Setting up Your Computer’s IP Address E-11 Macintosh OS 8/9 1. Click the Apple menu, Control Pane l and double-click TCP/IP to open the TCP/IP Control Panel . 2. Select Ethernet built-in from the Connect v ia list.[...]
-
Page 472
Prestige 334W User’s Gui de E-12 Setting up Your Computer’s IP Address 3. For dynamically assigned settings, select Using DHCP Server from the Configure: list. 4. For statically assigned settings, do the following: -From the Configure box, select Manually . -Type your IP address in the IP Address box. -Type your subnet mask in the Subnet mask b[...]
-
Page 473
Prestige 334W User’s Gui de Setting up Your Computer’s IP Address E-13 2. Click Network in the icon bar. - Select Automatic from the Location list. - Select Built-in Ethernet from the Show list. - Click the TCP/IP tab. 3. For dynamically assigned settings, select Using DHCP from the Configure list. 4. For statically assigned settings, do the fo[...]
-
Page 474
[...]
-
Page 475
Prestige 334W User’s Gui de Wireless LAN and IEEE 802.11 F -1 Appendix F Wireless LAN and IEEE 802.11 A wireless LAN (WLA N) provides a flexi ble data co mmunications system that you can use to access various services (navi gating the Internet, email, printer services, etc.) without the use of a cabled connection. In effect a wireless LAN environ[...]
-
Page 476
Prestige 334W User’s Gui de Wireles s LAN and IEEE 802.11 F-2 Spread Spectrum (DSSS) an d Fre quency-Hopping Spread Spectrum (FHSS), in t he 2.4 to 2.4825 GHz unlicensed ISM (Industrial, Scientific and Medical) ba nd. The th ird method is infrared technology, using very high fre quencies, just below visi ble light in t he electromagnet ic spectru[...]
-
Page 477
Prestige 334W User’s Gui de Wireless LAN and IEEE 802.11 F -3 points can pro vide wireless cove rage for an entire buildi ng or campus. All communications bet ween stations or between a station and a wired network client go through th e access point. The Extended Service Set (ESS) shown in the next figure consists of a series of overlapping BSSs [...]
-
Page 478
[...]
-
Page 479
Prestige 334W User’s Gui de Wireless LAN with IEEE 802.1x G-1 Appendix G Wireless LAN With IEEE 802.1x As wireless networks becom e popular for both portable com puting and c orporate netw orks, security is now a priority. Security Flaws w ith IEEE 802.1 1 Wireless networks based on the o riginal IEEE 802 .11 have a poor reputation for safety. Th[...]
-
Page 480
Prestige 334W User’s Gui de Wireless LAN with IEE E 802.1x G-2 RADIUS Server Authentication Seque nce The following figure depicts a ty pical wirele ss network wit h a re mote RADIUS server for user authentication using EA POL (E AP Over LAN) . Diagram G-1 Sequences for EAP MD5–Challenge Authentication Client computer access authorized. Client [...]
-
Page 481
Prestige 334W User’s Gui de Types of EAP Authentication H-1 Appendix H Types of EAP Authentication This appendix discu sses the four popular EAP authen tication types: EAP-MD5 , EAP-TLS , EAP-TTLS and PEAP . The type of auth entication you use depen ds on the RADIUS server or th e AP. Consult your network adm inistrat or for more informati on. EA[...]
-
Page 482
Prestige 334W User’s Gui de H-2 Types of EAP Authentication hiding client identity. However, PEAP only su pports EAP m ethods, such as EAP-MD5 and E AP- MSCHAPv2, for client authenticatio n. For added sec urity, certificat e-based authenti cations (EAP- TLS, EAP-TTLS a nd PEAP) use dy namic keys for data enc ryption. They are often deployed in c [...]
-
Page 483
Prestige 334W User’s Gui de Antenna Selection and Positioning Recommendation I-1 Appendix I Antenna Selection and Positioning Recommendation An antenna couples RF signals onto air. A transmitter within a wireless device sends an RF signal to the antenna, which propag ates the signal through the air. The antenna also op erates in reverse by capt u[...]
-
Page 484
Prestige 334W User’s Gui de I-2 Antenna Selection and Positioning Recommendation T ypes of Antennas For WLAN There are two t ypes of ant ennas used f or wireless LAN a pplicati ons. • Omni-directional antennas send the RF signal out in all directions on a horizontal plan e. The coverage area is torus -shaped (like a donut) which makes thes e an[...]
-
Page 485
Prestige 334W User’s Gui de Brute-Force Password Guessing Protection J -1 Appendix J Brute-Force Password Guessing Protection The followin g describes the c ommands fo r enabling, di sabling a nd config uring the br ute-force pas sword guessing pr otection m echanism for the password . See othe r appendices for information on the command structur[...]
-
Page 486
[...]
-
Page 487
Prestige 334W User’s Gui de Triangle Route K-1 Appendix K Triangle Route The Ideal Setup When the firewall is on, your Prestige acts as a secure gateway between your LA N and the Internet. In an ideal network t opology, all i ncoming and outgoing netw ork traffic pas ses through t he Prestige to protect your LAN against attacks. Diagram K-1 Ideal[...]
-
Page 488
Prestige 334W User’s Gui de K-2 Triangle Route Diagram K-2 “Triangle Route” Problem The “T riangle Route” Solutions This section presents you two solutions to the “triangle route” problem. IP Aliasing IP alias allows you to partition your network into logi cal sections over the same Ethernet interface. Your Prestige supports up to thr[...]
-
Page 489
Prestige 334W User’s Gui de Triangle Route K-3 Diagram K-3 IP Alias Gateways on the W AN Side A second sol ution to the “t riangle r oute” problem is to put all of your net work gate ways on the WAN side as the following fig ure shows. This en sures that all incoming ne twork traffic p asses through your Pr estige to your LAN. Therefo re your[...]
-
Page 490
Prestige 334W User’s Gui de K-4 Triangle Route Step 3. Use the following commands to allow/disallo w triangle route. sys firewall ignore triangle all off This command allows triangle route. sys firewall ignore triangle all on This command disall ows triangle route.[...]
-
Page 491
Prestige 334W User’s Gui de Index L-1 Index 8 802.1x ............................................................ 8-16 A Active ............................................................. 25-2 Address Assignme nt ............................. 3-10, 3-11 Address Resolution Prot ocol (ARP) ................ 6-4 Ad-hoc Configuration ...............[...]
-
Page 492
Prestige 334W User’s Gui de L-2 Index Disclaimer ............................................................ii Distribution System ......................................... F-3 DNS .................................................... 14-11, 23-3 DNS Server For VPN Host ............................................ 16-7 Domain Nam e ............. [...]
-
Page 493
Prestige 334W User’s Gui de Index L-3 Gateway IP Address ....................................... 24- 2 General Setup ................................... 3-1, 5-1, 21-1 Global............................................................. 10-1 H Hidden Menus ................................................ 20-4 Hop Count ............................[...]
-
Page 494
Prestige 334W User’s Gui de L-4 Index N Nailed-up Conn ection .................................... 25-4 Nailed-Up Conn ection ................................... 25- 5 NAT ........ 3-7, 10-6, 10-7, 10-8, 10-9, 25- 8, 30-16 Applying NAT in th e SMT Menus ............ 28-1 Configuring ............................................... 28-3 Definitions[...]
-
Page 495
Prestige 334W User’s Gui de Index L-5 Repairs ................................................................ v Replacement ........................................................ v Required fields ............................................... 20-4 Reset Button ..................................................... 1-1 Resetting the Time .....[...]
-
Page 496
Prestige 334W User’s Gui de L-6 Index T TCP/IP ..... 6-6, 14-4, 23-3, 23-4, 25-7, 30- 6, 30-7, 30-9, 30-12, 30 -15 Setup .......................................................... 23- 4 TCP/IP filter rule ........................................... 30-6 Telnet ............................................................. 14-4 Telnet Configur atio[...]