ZyXEL Communications P-660H-T Series manuel d'utilisation

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466

Aller à la page of

Un bon manuel d’utilisation

Les règles imposent au revendeur l'obligation de fournir à l'acheteur, avec des marchandises, le manuel d’utilisation ZyXEL Communications P-660H-T Series. Le manque du manuel d’utilisation ou les informations incorrectes fournies au consommateur sont à la base d'une plainte pour non-conformité du dispositif avec le contrat. Conformément à la loi, l’inclusion du manuel d’utilisation sous une forme autre que le papier est autorisée, ce qui est souvent utilisé récemment, en incluant la forme graphique ou électronique du manuel ZyXEL Communications P-660H-T Series ou les vidéos d'instruction pour les utilisateurs. La condition est son caractère lisible et compréhensible.

Qu'est ce que le manuel d’utilisation?

Le mot vient du latin "Instructio", à savoir organiser. Ainsi, le manuel d’utilisation ZyXEL Communications P-660H-T Series décrit les étapes de la procédure. Le but du manuel d’utilisation est d’instruire, de faciliter le démarrage, l'utilisation de l'équipement ou l'exécution des actions spécifiques. Le manuel d’utilisation est une collection d'informations sur l'objet/service, une indice.

Malheureusement, peu d'utilisateurs prennent le temps de lire le manuel d’utilisation, et un bon manuel permet non seulement d’apprendre à connaître un certain nombre de fonctionnalités supplémentaires du dispositif acheté, mais aussi éviter la majorité des défaillances.

Donc, ce qui devrait contenir le manuel parfait?

Tout d'abord, le manuel d’utilisation ZyXEL Communications P-660H-T Series devrait contenir:
- informations sur les caractéristiques techniques du dispositif ZyXEL Communications P-660H-T Series
- nom du fabricant et année de fabrication ZyXEL Communications P-660H-T Series
- instructions d'utilisation, de réglage et d’entretien de l'équipement ZyXEL Communications P-660H-T Series
- signes de sécurité et attestations confirmant la conformité avec les normes pertinentes

Pourquoi nous ne lisons pas les manuels d’utilisation?

Habituellement, cela est dû au manque de temps et de certitude quant à la fonctionnalité spécifique de l'équipement acheté. Malheureusement, la connexion et le démarrage ZyXEL Communications P-660H-T Series ne suffisent pas. Le manuel d’utilisation contient un certain nombre de lignes directrices concernant les fonctionnalités spécifiques, la sécurité, les méthodes d'entretien (même les moyens qui doivent être utilisés), les défauts possibles ZyXEL Communications P-660H-T Series et les moyens de résoudre des problèmes communs lors de l'utilisation. Enfin, le manuel contient les coordonnées du service ZyXEL Communications en l'absence de l'efficacité des solutions proposées. Actuellement, les manuels d’utilisation sous la forme d'animations intéressantes et de vidéos pédagogiques qui sont meilleurs que la brochure, sont très populaires. Ce type de manuel permet à l'utilisateur de voir toute la vidéo d'instruction sans sauter les spécifications et les descriptions techniques compliquées ZyXEL Communications P-660H-T Series, comme c’est le cas pour la version papier.

Pourquoi lire le manuel d’utilisation?

Tout d'abord, il contient la réponse sur la structure, les possibilités du dispositif ZyXEL Communications P-660H-T Series, l'utilisation de divers accessoires et une gamme d'informations pour profiter pleinement de toutes les fonctionnalités et commodités.

Après un achat réussi de l’équipement/dispositif, prenez un moment pour vous familiariser avec toutes les parties du manuel d'utilisation ZyXEL Communications P-660H-T Series. À l'heure actuelle, ils sont soigneusement préparés et traduits pour qu'ils soient non seulement compréhensibles pour les utilisateurs, mais pour qu’ils remplissent leur fonction de base de l'information et d’aide.

Table des matières du manuel d’utilisation

  • Page 1

    P-660H-T Series ADSL2+ 4-port Se curity Gateway P-660HW -T Series 802.1 1g Wireless ADSL2+ 4-port Security Gateway User ’ s Guide V ersi on 3.40 2/2006[...]

  • Page 2

    [...]

  • Page 3

    P-660H/HW-T Series User’ Guide Copyright 2 Copyright Copyright © 2006 by ZyXEL Communications Corpor ation. The contents of this publication may not be reprod uced in any part or as a whole, tr anscribed, stored in a retrieval system, tran slated into any language, or transmitted in any form or by any means, el ectronic, mech anical , magn etic,[...]

  • Page 4

    P-660H/HW-T Series User’ Guide 3 Federal Communications Commission (FCC) Interference Statement Federal Communications Commission (FCC) Interference S t atement This device complies with Part 15 of FCC rul es. Operation is subject to the following two conditions: • This device may not cause harmful interference. • This device must accept any [...]

  • Page 5

    P-660H/HW-T Series User’ Guide Federal Com munications Commission ( FCC) Interf erence Statem ent 4 This transmitter must not be co-located or op erating in conj unction with any other antenn a or transmitter . ZyXEL Communications Corporation declared th at Prestige 660HW -T1 is limi ted in CH1~1 1 from 2400 to 2483 .5 MHz by specified firmware [...]

  • Page 6

    P-660H/HW-T Series User’ Guide 5 Safety Warnings Safety W arnings For your safety , be sure to read and fo llow all warning notices and instructions. • T o reduce the risk of fire, use only No. 26 A WG (American W ire Gauge) or larger telecommunication line cord. • Do NOT open the device or un it. Opening or removi ng covers can expose you to[...]

  • Page 7

    P-660H/HW-T Series User’ Guide ZyXEL Limited Warranty 6 ZyXEL Limited W arranty ZyXEL warrants to the original en d user (purchaser) that this product is free from any defects in materials or workmansh ip for a period of up to tw o years from the date of purchase . During the warranty period, and upon proof of purchase, should the product have in[...]

  • Page 8

    P-660H/HW-T Series User’ Guide 7 Customer Suppo rt Customer Support Please have the following information r eady when you contact customer support. • Product model and serial number . • W arranty Information. • Date that you received your de vice. • Brief description of the problem and the steps you t ook to solve it. METHOD LOCATION SUPP[...]

  • Page 9

    P-660H/HW-T Series User’ Guide Customer Support 8 POLAND info@pl.zyxel.com +48-22-5286603 www .pl.zyxel.com ZyXEL Communications ul.Emilli Plater 53 00-1 13 W arszawa Poland +48-22-5206701 RUSSIA http://zyxel.ru/support +7-095-542- 89-29 www .zyxel.ru ZyXEL Russia Ostrovityanova 37a S tr . Moscow , 1 1727 9 Russia sales@zyxel.ru +7-095-542-89-25 [...]

  • Page 10

    P-660H/HW-T Series User’ Guide 9 Customer Suppo rt[...]

  • Page 11

    P-660H/HW-T Series User’ Guide Table of Contents 10 T able of Content s Copyright .................................................. ..................................................... ........... 2 Federal Communications Commissi on (FCC) Interference St atement ............... 3 Safety W arnings ....................................... .......[...]

  • Page 12

    P-660H/HW-T Series User’ Guide 11 Table of Contents Chapter 3 Wizard Setup for Inte rnet Access ................................................................ ......... 54 3.1 Introduction ............................ ............. ................ ............. ............. ................ ..... 54 3.1.1 Internet Acc ess Wizard Set up ......[...]

  • Page 13

    P-660H/HW-T Series User’ Guide Table of Contents 12 5.8 Configuring Local User Au thenticat ion .................. ................ ............. ............... 85 5.9 Configuring RADIUS .......................... ............. ................ ............. ............ ......... 87 Chapter 6 W AN Setup .........................................[...]

  • Page 14

    P-660H/HW-T Series User’ Guide 13 Table of Contents 7.4 Selecting the NA T Mode ............. ............. ................ ................ ............. .......... 107 7.5 Configuring SUA Server Set ........................... ................ ............. ................ ...108 7.6 Configuring Address Mapping Rules .. ......... ............[...]

  • Page 15

    P-660H/HW-T Series User’ Guide Table of Contents 14 Chapter 1 1 Firewall Configuration ....................................... .................................................. 132 1 1.1 Access Methods ... ................ ............. ................ ............. ................ ............. ...132 1 1.2 Firewall Policies Overview ........[...]

  • Page 16

    P-660H/HW-T Series User’ Guide 15 Table of Contents 13.2 T elnet .......... ............. ................ ............. ............. ................ ............. ............. ...159 13.3 FTP ............................ ............. ................ ............. ................ ............. ............. 160 13.4 Web ....................[...]

  • Page 17

    P-660H/HW-T Series User’ Guide Table of Contents 16 16.9 Configuring Summary ...................... ... ............. ............. ................ ............. ...188 16.10 Configuring Class Setup .................. ................ ............. ................ ............. 190 16.10.1 Media Bandwidth Management Class Configuration . ......[...]

  • Page 18

    P-660H/HW-T Series User’ Guide 17 Table of Contents Chapter 21 Menu 3 LAN Setup .............. ............................................................... .................. 222 21.1 LAN Setup ..................... ............. ................ ............. ................ ............. .......... 222 21.1.1 General Ethernet Se tup . .....[...]

  • Page 19

    P-660H/HW-T Series User’ Guide Table of Contents 18 25.2 Configuration ................. ................ ............. ................ ............. ................ ....... 246 Chapter 26 Bridging Setup .................... ..................................................... ............................ 250 26.1 Bridging in General . ... ...[...]

  • Page 20

    P-660H/HW-T Series User’ Guide 19 Table of Contents 29.7 Applying Filters and Factory Defaults ............... ............. ................ ............. ...283 29.7.1 Ethernet T raffic .................... ............. ................ ............. ................ .......284 29.7.2 Remote Node Filter s ...... ................ ............. [...]

  • Page 21

    P-660H/HW-T Series User’ Guide Table of Contents 20 33.3 Restore Configuration ....................... ................ ............. ................ ................ 31 1 33.3.1 Restore Using FTP .................. ............. ................ ............. ................ ... 31 1 33.3.2 Restore Using FTP Session Exampl e .. ............ ..[...]

  • Page 22

    P-660H/HW-T Series User’ Guide 21 Table of Contents Chapter 38 T roubleshooting ............................ ..................................................... .................. 342 38.1 Problems S tarting Up the Prestige .................... ............. ............. ................ ...342 38.2 Problems with the LAN ............... ......[...]

  • Page 23

    P-660H/HW-T Series User’ Guide Table of Contents 22 Command Syntax ...... ............. ................ ............. ................ ............. ................ ...... 386 Command Usage .......................... ............. ................ ............. ................ ............. .. 386 Appendix G Firewall Commands .................[...]

  • Page 24

    P-660H/HW-T Series User’ Guide 23 Table of Contents Log Command Example ...... ................ ................ ............. ................ ............. ......... 429 Appendix M Internal SPTGEN ...................................................................... ............................ 430 Internal SPTGEN Overview ............. ......[...]

  • Page 25

    P-660H/HW-T Series User’ Guide List of Figure s 24 List of Figures Figure 1 Protected Internet A ccess Applications ............................ ................. ................ ... 46 Figure 2 LAN-to-LAN Applicat ion Example ............ ................ ............. ................ ............. ... 46 Figure 3 P-660H-T FrontPanel LEDs ....[...]

  • Page 26

    P-660H/HW-T Series User’ Guide 25 List of Figures Figure 39 NA T Application With IP Alias ...... ............. ............. ............. ................ ............. ... 104 Figure 40 Multiple Servers Behind NA T Exampl e ........... ................ ............. ............. .......... 107 Figure 41 NA T Mode ............. ...............[...]

  • Page 27

    P-660H/HW-T Series User’ Guide List of Figure s 26 Figure 82 Network Connections ...................... ............. ................ ............. ............. ............. 173 Figure 83 Network Connections: My Network Pl aces ............... ............. ............. ................ 174 Figure 84 Network Connections: My Network Pl aces: P[...]

  • Page 28

    P-660H/HW-T Series User’ Guide 27 List of Figures Figure 125 Menu 1 1 Remote Node Setup ....... ............. ............. ................ ............. ............. 237 Figure 126 Menu 1 1.1 Remote Node Profile ............... ............. ............. ................ ............. 238 Figure 127 Menu 1 1.3 Remote Node Network Layer Option[...]

  • Page 29

    P-660H/HW-T Series User’ Guide List of Figure s 28 Figure 168 NetBIOS_WAN Filter Rules Summary ............. ............ ................. ............ ....... 274 Figure 169 NetBIOS_LAN Filter Rules Summary ................. ................ ............. ................ 275 Figure 170 IGMP Filter Rules Summary ........ ............. .........[...]

  • Page 30

    P-660H/HW-T Series User’ Guide 29 List of Figures Figure 21 1 Menu 24.1 1 Remote Management Co ntrol ... ................ ............. ............. .......... 325 Figure 212 Menu 25 IP Routing Policy Setup . ... ................. ............ ............. ................ ....... 329 Figure 213 Menu 25.1 IP Routing Policy Setup ..... .........[...]

  • Page 31

    P-660H/HW-T Series User’ Guide List of Figure s 30 Figure 254 Red Hat 9.0: S tatic IP Address Settin g in ifconfig-eth0 ............... ................ ... 374 Figure 255 Red Hat 9.0: DNS Setti ngs in resolv .conf ...................... ................ ............. ... 374 Figure 256 Red Hat 9.0: Restart Ethernet Card ...... ................ .[...]

  • Page 32

    P-660H/HW-T Series User’ Guide 31 List of Figures[...]

  • Page 33

    P-660H/HW-T Series User’ Guide List of Tables 32 List of T ables T able 1 ADSL S tandards .......................... ............. ................ ............. ................ ................ 42 T able 2 Front Panel LEDs . ................ ................ ............. ................ ................. ................ ... 47 T able 3 Web C[...]

  • Page 34

    P-660H/HW-T Series User’ Guide 33 List of Tables T able 39 Firewall: Edit Rule ............ ................ ................ ............. ................ ................ ....... 1 40 T able 40 Customized Services ....................... ............. ................ ................ ................ ....... 141 T able 41 Firewall: Configure [...]

  • Page 35

    P-660H/HW-T Series User’ Guide List of Tables 34 T able 82 Menu 3.2.1 IP Alias Setup .................. ................. ............ ................. ................ ... 232 T able 83 Menu 4 Internet Access Setup ..... ... .......... ............. ............. ................ ............. ... 234 T able 84 Menu 1 1.1 Remote Node Profile ..[...]

  • Page 36

    P-660H/HW-T Series User’ Guide 35 List of Tables T able 125 Allowed IP Address Range By Class ................. ................ ................ ............. ... 377 T able 126 “Natural” Masks ............................ ................ ............. ................ ............. .......... 377 T able 127 Alternative Subnet Mask Notation[...]

  • Page 37

    P-660H/HW-T Series User’ Guide List of Tables 36 T able 168 Menu 15 SUA Server Setup (SMT Menu 15) ....... ................ ................ ............. 442 T able 169 Menu 21.1 Filter Set #1 (SMT Menu 21.1) .............. ............. ................ ............. 444 T able 170 Menu 21.1 Filer Set #2, (SMT Menu 21.1) .................... ..[...]

  • Page 38

    P-660H/HW-T Series User’ Guide 37 List of Tables[...]

  • Page 39

    P-660H/HW-T Series User’ Guide Preface 38 Preface Congratulations on your p urchase of the P-660H/HW -T series ADSL 2+ gat eway . P-660HW comes with a built-in IEEE 802.1 1g wireless capability al lowing wireless connectivity . P- 660H and P-660 HW have a 4-port switch that allows you to connect up to 4 computers to the Prestige without purch asi[...]

  • Page 40

    P-660H/HW-T Series User’ Guide 39 Preface Embedded web help for descriptions of individual screens and supplementary information. • ZyXEL Glossary and W eb Site Please refer to www .zyxel.com for an online gl ossary of networking terms and a dditional support documentation. User Guide Feedback Help us help you. E-mail all User Guide-related com[...]

  • Page 41

    P-660H/HW-T Series User’ Guide Introduction to DSL 40 Introduction to DSL DSL (Digital Subscriber Line) te chnology enhances the data ca pacity of the existing twisted- pair wire that runs betwee n the local telephone co mpany switching of fi ces and most homes and offices. While the wire itself can handle higher frequencies, the telephone switch[...]

  • Page 42

    P-660H/HW-T Series User’ Guide 41 Introduction to DSL[...]

  • Page 43

    P-660H/HW-T Series User’ Guide Chapter 1 Getting To Kn ow Your Prestige 42 C HAPTER 1 Getting T o Know Y our Prestige This chapter describes the key features and applications of your Prestige . 1.1 Introducing the Prestige The Prestige is an ADSL2+ gateway that allows super-fast, secure Internet access over analog (POTS) or digital (ISDN) telepho[...]

  • Page 44

    P-660H/HW-T Series User’ Guide 43 Ch apter 1 Gett ing To Know Your Prestige Note: See the product specifications in t he appendix for deta iled features and standards support. High Speed Internet Access Y our Prestige ADSL /ADSL2/ADSL2+ router can support downstream transmission rates of up to 24Mbps and upst ream tran smission rates of 3.5M bps.[...]

  • Page 45

    P-660H/HW-T Series User’ Guide Chapter 1 Getting To Kn ow Your Prestige 44 Universal Plug and Play (UPnP) Using the standard TCP/IP protocol, the Pr estige and other UPnP enable d devices can dynamically join a network, obtain an IP addr ess and convey its capab ilities to other devices on the network. PPPoE (RFC2516) PPPoE (Point-to-Point Pro to[...]

  • Page 46

    P-660H/HW-T Series User’ Guide 45 Ch apter 1 Gett ing To Know Your Prestige Packet Filters The Prestige's packet filtering functions a llows added network security and management. Housing Y our Prestige's compact and ven tilated housing minimizes space requirements making it easy to position anywhere in your busy office. 4-Port Switch ([...]

  • Page 47

    P-660H/HW-T Series User’ Guide Chapter 1 Getting To Kn ow Your Prestige 46 1.3 Applications for the Prestige Here are some example uses for which the Prestige is well suited. 1.3.1 Protected Internet Access The Prestige is the ideal high-speed Internet acc ess solution. It is comp atible with all major ADSL DSLAM (Digital Subscriber Line Acces s [...]

  • Page 48

    P-660H/HW-T Series User’ Guide 47 Ch apter 1 Gett ing To Know Your Prestige Figure 3 P-660H-T FrontPanel LEDs P-660HW -T FrontPanel LEDs The following table describes the LEDs. 1.5 Hardware Connection Refer to the Quick S tart Guide for in formation on hard ware connection. Table 2 Front Panel LEDs LED COLOR ST ATUS DESCRIPTION PWR/SYS Green On T[...]

  • Page 49

    P-660H/HW-T Series User’ Guide Chapter 2 Introducing the Web Configur ator 48 C HAPTER 2 Introducing the W eb Configurator This chapter describes how to access and navigate the web configurator . 2.1 W eb Configurator Overview The web configurator is an HTML-based mana gement interface that allows easy Prestige setup and management via Internet b[...]

  • Page 50

    P-660H/HW-T Series User’ Guide 49 Chapter 2 Introd ucing the Web Configurator Figure 4 Password Screen 6 It is highly recommended you change th e default password! Enter a new password between 1 and 30 characters, re type it to confirm and click Apply ; alternatively click Ignore to proceed to the main menu if you do not want to change the passwo[...]

  • Page 51

    P-660H/HW-T Series User’ Guide Chapter 2 Introducing the Web Configur ator 50 2.1.3 Navigating the We b Configurator The following summarizes how to navigate the web configurator from th e SITE MAP screen. Screens vary slightly for different Prestige models. • Click W izard Setup to begin a series of screens to configure you r Prestige for the [...]

  • Page 52

    P-660H/HW-T Series User’ Guide 51 Chapter 2 Introd ucing the Web Configurator Wireless LAN (P-660HW only) Wireless Use this screen to conf igure the wireless LAN se ttings. MAC Filter Use this screen to change MA C filter setting s on the Prestige. 802.1x/WP A Use this screen to configure WLAN authenti cation and security settings. Local User Dat[...]

  • Page 53

    P-660H/HW-T Series User’ Guide Chapter 2 Introducing the Web Configur ator 52 2.2 Change Login Password It is highly recommended that you periodic ally change the password for accessing the Prestige. If you didn’ t change the default one after you logg ed in or you want to change to a new password again, then click Password in the Site Map scre[...]

  • Page 54

    P-660H/HW-T Series User’ Guide 53 Chapter 2 Introd ucing the Web Configurator T able 4 Pas sword LABEL DESCRIPTION Old Password T ype the default password or the ex isting p assword you use to access the system in this field. New Password T ype the new password in this field. Retype to Confirm T ype the new password again in this field. Apply Cli[...]

  • Page 55

    P-660H/HW-T Series User’ Guide Chapter 3 Wizard Setup for Internet Acces s 54 C HAPTER 3 W izard Setup for Internet Access This chapter provides informatio n on the W izard Setup screens for Internet access in the web configurator . 3.1 Introduction Use the W izard Setup screens to configure your system for Internet access with the information gi[...]

  • Page 56

    P-660H/HW-T Series User’ Guide 55 Chapter 3 Wizard Set up for Intern et Access 2 The next wizard screen varies depending on wh at mode and encapsulation type y ou use. All screens shown are with routing mode. Configure the fields and click Next to continue. Figure 9 Internet Connection with PPPoE The following table describes the fields in this s[...]

  • Page 57

    P-660H/HW-T Series User’ Guide Chapter 3 Wizard Setup for Internet Acces s 56 Figure 10 Internet Connection with RFC 1483 The following table describes the fields in this screen. Table 6 Internet Connection with PPPoE LABEL DESCRIPTION Service Name T ype the name of your PPPoE service here. User Name Enter the user name exactly as your ISP assign[...]

  • Page 58

    P-660H/HW-T Series User’ Guide 57 Chapter 3 Wizard Set up for Intern et Access Figure 1 1 Internet Connection with ENET ENCAP The following table describes the fields in this screen. Back Click Back to go b ack to the first wizard scree n. Next Click Next to continue to the next wizard screen. Table 8 Internet Connection with ENET ENCAP LABEL DES[...]

  • Page 59

    P-660H/HW-T Series User’ Guide Chapter 3 Wizard Setup for Internet Acces s 58 Figure 12 Internet Connection with PPPoA The following table describes the fields in this screen. Table 9 Internet Connection with PPPoA LABEL DESCRIPTION User Name Ente r the login name that your ISP gi ves you. Password Enter the password associated with the user name[...]

  • Page 60

    P-660H/HW-T Series User’ Guide 59 Chapter 3 Wizard Set up for Intern et Access 3 V erify the settings in the screen shown next. T o change the LAN information on the Prestige, click Change LAN Configurations . Otherwise cli ck Save Settings to save the configuration and skip to the section 3.13. Figure 13 Internet Access Wizard Setup: Third Scree[...]

  • Page 61

    P-660H/HW-T Series User’ Guide Chapter 3 Wizard Setup for Internet Acces s 60 The following table describes the fields in this screen. 4 The Prestige automatically tests the connectio n to the computer(s) connected to the LAN ports. T o test the connection from the Prest ige to the ISP , click S tart Diagnose . Otherwise click Return to Main Menu[...]

  • Page 62

    P-660H/HW-T Series User’ Guide 61 Chapter 3 Wizard Set up for Intern et Access[...]

  • Page 63

    P-660H/HW-T Series User’ Guide Chapter 4 LAN Setup 62 C HAPTER 4 LAN Setup This chapter describes how to configure LAN settings. 4.1 LAN Overview A Local Area Network (LAN) is a shared comm unication system to which many computers are attached. A LAN is a computer network lim ited to the immediate area, usually the same building or floor of a bui[...]

  • Page 64

    P-660H/HW-T Series User’ Guide 63 Chapter 4 LAN Setup 4.1.2 DHCP Setup DHCP (Dynamic Host Configuration Protocol , RFC 2131 and RFC 2132) allows indiv idual clients to obtain TCP/IP configuration at star t-up from a server . Y ou can configure the Prestige as a DHCP server or disable it. When configured as a server, the Prestige provides the TCP/[...]

  • Page 65

    P-660H/HW-T Series User’ Guide Chapter 4 LAN Setup 64 There are two ways that an ISP disseminates the DNS serve r addresses. • The ISP tells you the DNS server addresses, us ually in the form of an information sheet, when you sign up. If your ISP gives you DNS server addresses, enter them in the DNS Server fields in the LAN Setup screen. • Th[...]

  • Page 66

    P-660H/HW-T Series User’ Guide 65 Chapter 4 LAN Setup 4.2.1.1 Private IP Addresses Every machine on the Internet must ha ve a unique address. If your ne tworks are isolate d from the Internet, for example, only between your two branch of fices, you can assign any IP addresses to the hosts without problems. However , the Internet Assigned Numbers [...]

  • Page 67

    P-660H/HW-T Series User’ Guide Chapter 4 LAN Setup 66 4.2.3 Multicast T raditionally , IP packets are transmitted in one of either two ways - Unicast (1 sender - 1 recipient) or Broadcast (1 sender - everybody on the network). Multicast delivers IP packets to a group of host s on the network - not everybody and no t just 1. IGMP (Internet Group M[...]

  • Page 68

    P-660H/HW-T Series User’ Guide 67 Chapter 4 LAN Setup Figure 17 Any IP Example The Any IP fe ature does n ot apply to a co mputer using either a dynamic IP addr ess or a static IP address that is in the same subnet as the Prestige’ s IP address. Note: Y ou must enable NA T/SUA to use the Any IP feature on the Prestige. 4.2.4.1 How Any IP Works [...]

  • Page 69

    P-660H/HW-T Series User’ Guide Chapter 4 LAN Setup 68 4.3 Configuring LAN Click LAN to open the LAN Setup screen. See Section 4.1 on page 62 for background information. Figure 18 LAN Setup The following table describes th e fields in this screen. Table 11 LAN Setup LABEL DESCRIPTION DHCP DHCP If set to Server , your Prestige can assign IP address[...]

  • Page 70

    P-660H/HW-T Series User’ Guide 69 Chapter 4 LAN Setup Size of Client IP Pool This field specifies the size or count of the IP address pool. Primary DNS Server Enter the IP addresses of the DNS servers. Th e DNS servers are passed to the DHCP clients along with the IP address and the subnet mask. Secondary DNS Server As above. Remote DHCP Server I[...]

  • Page 71

    P-660H/HW-T Series User’ Guide Chapter 5 Wireless LAN 70 C HAPTER 5 W ireless LAN This chapter discusses how to configure the W ireless LAN screens for P-660HW . 5.1 Wireless LAN Introduction A wireless LAN can be as simple as two computers with wireless LAN adapters communicating in a peer-to-p eer network or as complex as a number of computers [...]

  • Page 72

    P-660H/HW-T Series User’ Guide 71 Chapter 5 Wireless LAN • Use RADIUS authentication if you have a RADIUS server . See the appendices for information on pro tocols used when a client authenticates with a RADIUS server via the Prestige. • Use the Local User Database if you have less than 32 wireless client s in your network. The Prestige uses [...]

  • Page 73

    P-660H/HW-T Series User’ Guide Chapter 5 Wireless LAN 72 Figure 19 Wirele ss LAN The following table describes the links in this screen. The following figure shows th e relative effectiveness of th ese wireless security methods available on your Prestige. Table 12 Wireless LAN LINK DESCRIPTION Wireless Click this link to go to a screen where you [...]

  • Page 74

    P-660H/HW-T Series User’ Guide 73 Chapter 5 Wireless LAN Figure 20 Wireless Secu rity Method s Note: Y ou must enable th e same wireless securi ty settings on t he Prestige and on all wireless clients that you w ant to associate with it. If you do not enable any wireless security on your Prestige, your network is accessible to any wireless networ[...]

  • Page 75

    P-660H/HW-T Series User’ Guide Chapter 5 Wireless LAN 74 Figure 21 Wireless Sc reen The following table describes the labels in this screen. Table 13 Wirel ess LAN LABEL DESCRIPTION Enable Wireless LAN Y ou should configure some wireless security (see Figure 20 on page 73 ) when you enable the wireless LAN. Sele ct the check box to enable the wir[...]

  • Page 76

    P-660H/HW-T Series User’ Guide 75 Chapter 5 Wireless LAN Note: If you are configuring the Prestige from a computer connected to th e wireless LAN and you change the Prestige’s ESSID or security settings (see F igure 20 on page 73 ), you will lose your wireless connection when you press Apply to confirm. Y ou must then change the wireless settin[...]

  • Page 77

    P-660H/HW-T Series User’ Guide Chapter 5 Wireless LAN 76 Note: Be careful not to list your computer’s MAC address and set the Action field to Deny Association when managing the Prestige vi a a wireless conne ction. This would lock you out. Figure 22 MAC Filter The following table describes the fields in this menu. Table 14 MAC Filter LABEL DESC[...]

  • Page 78

    P-660H/HW-T Series User’ Guide 77 Chapter 5 Wireless LAN 5.6 Introduction to WP A W i-Fi Protected Ac cess (WP A) is a subset of th e IEEE 802.1 1i standard. WP A is preferred to WEP as WP A has user authentication and improv ed data encryption. See the appe ndix for more information on WP A user authentication and WP A encryption. If you don’t[...]

  • Page 79

    P-660H/HW-T Series User’ Guide Chapter 5 Wireless LAN 78 Figure 23 WP A - PSK Authentication 5.6.2 WP A with RADIUS Application Example Y ou need the IP address, port number (default is 1812) and shared secret of a RAD IUS server . A WP A application example with an external RADIUS server looks as follows. "A" is the RADIUS server . &qu[...]

  • Page 80

    P-660H/HW-T Series User’ Guide 79 Chapter 5 Wireless LAN Figure 24 WP A with RADIUS Application Example2 5.6.3 Wireless Client WP A Supplicant s A wireless client supplicant is the software that runs on an operating system instructing the wireless client how to use WP A. At the time of writing, the mo st widely availa ble supplicants are the WP A[...]

  • Page 81

    P-660H/HW-T Series User’ Guide Chapter 5 Wireless LAN 80 5.7.1 No Access Allowe d or Authentication Select No Access Allowed or No Authentication Required in the Wireless Port Control field. Figure 25 Wireless LAN: 802.1x/WP A: No Access Allowed Figure 26 Wireless LAN: 802.1x/WP A: No Authentication The following table describes the label in thes[...]

  • Page 82

    P-660H/HW-T Series User’ Guide 81 Chapter 5 Wireless LAN • A computer with an IEEE 802.1 1 a/b/g wi reless LAN adapter and equipped with a web browser (with JavaScript enabled) and/or T elnet. • A wireless station computer must be runn ing IEEE 802.1x-compliant software. Not all W indows operating systems support IEEE 802.1x (see the Microsof[...]

  • Page 83

    P-660H/HW-T Series User’ Guide Chapter 5 Wireless LAN 82 Note: Once you enable user auth entication, y ou need to specify an external RADIUS server or create local user account s on the Prestige for authentication. 5.7.3 Authentication Required: WP A Select Authentication Required in the Wir eless Port Control field and WP A in the Key Management[...]

  • Page 84

    P-660H/HW-T Series User’ Guide 83 Chapter 5 Wireless LAN See Section 5.6 on page 7 7 for more information. Figure 28 Wireless LAN: 802.1x/WP A: WP A The following table describes the labe ls not previously discussed. Table 17 Wireless LAN: 802.1x/WP A: WP A LABEL DESCRIPTION Key Management Protocol Choose WP A in this field. WP A Mixed Mode The P[...]

  • Page 85

    P-660H/HW-T Series User’ Guide Chapter 5 Wireless LAN 84 5.7.4 Authentication Required: WP A-PSK Select Authentication Required in the Wireless Port Contr ol field and WP A-PSK in the Key Management Protocol field to display the next screen. See Section 5.6 on page 7 7 for more information. Figure 29 Wireless LAN: 802.1x/WP A:WP A-PSK The followi[...]

  • Page 86

    P-660H/HW-T Series User’ Guide 85 Chapter 5 Wireless LAN 5.8 Configuring Local User Authentication By storing user profiles locally , your Prestige is able to authenticate wireless users without interacting with a network RADIUS server . How ever , there is a limit on the number of users you may authentica te in this way . T o change your Prestig[...]

  • Page 87

    P-660H/HW-T Series User’ Guide Chapter 5 Wireless LAN 86 Figure 30 Local User Database The following table describes th e fields in this screen. Table 19 Local User Database LABEL DESCRIPTION # This is the index number of a local user account. Active Se lect this check box to enable the user profile. User Name Enter a user name of up to 31 alphan[...]

  • Page 88

    P-660H/HW-T Series User’ Guide 87 Chapter 5 Wireless LAN 5.9 Configuring RADIUS T o set up your Prestige’ s RADIUS server settings, click WIRELESS LAN , RADIUS . The screen appears as shown. Figure 31 RADIUS The following table describes th e fields in this screen. Table 20 RADIUS LABEL DESCRIPTION Authentication Server Active Select Ye s from [...]

  • Page 89

    P-660H/HW-T Series User’ Guide Chapter 5 Wireless LAN 88 Port Number The default port of the RADIUS server for accou nting is 1813 . Y ou need not change this value unless your network administrator instructs you to do so with additional information. Shared Secret Enter a password (up to 31 alp hanumeric characters) as the key to be shared betwee[...]

  • Page 90

    P-660H/HW-T Series User’ Guide 89 Chapter 5 Wireless LAN[...]

  • Page 91

    P-660H/HW-T Series User’ Guide Chapter 6 WAN Setup 90 C HAPTER 6 W AN Setup This chapter describes how to configure W AN settings. 6.1 W AN Overview A W A N (W ide Area Network) is an outside conn ection to another network or the Internet. 6.1.1 Encap sulation Be sure to use the encapsulat ion method required by your IS P . The Prestige supports [...]

  • Page 92

    P-660H/HW-T Series User’ Guide 91 Chapter 6 WAN Setup 6.1.1.4 RFC 1483 RFC 1483 describes two methods for Multipro tocol Encapsulation over A TM Adaptation Layer 5 (AAL5). The first method allows mult iplexing of multiple protocols over a single A TM virtual circuit (LLC -based multiplexing ) and the second method assumes that each protocol is ca[...]

  • Page 93

    P-660H/HW-T Series User’ Guide Chapter 6 WAN Setup 92 6.1.4.2 IP Assignment wi th RFC 1483 Encap sulation In this case the IP Address Assignment must be static with the same requirements for the IP Address an d ENET ENCAP Gateway fie lds as stated above. 6.1.4.3 IP Assignment with ENET ENCAP Encap sulation In this case you can have either a stati[...]

  • Page 94

    P-660H/HW-T Series User’ Guide 93 Chapter 6 WAN Setup For example, if the normal route has a metric of "1" and the traffic-redirect route has a metric of "2" and dial-backup route has a metric of "3", then the normal route acts as the primary default route. If the normal rout e fails to connect to the Intern et, the [...]

  • Page 95

    P-660H/HW-T Series User’ Guide Chapter 6 WAN Setup 94 Peak Cell Rate (PCR) is the maximum rate at wh ich the sender can send cells. This parameter may be lower (but not hig her) than the maximum line speed. 1 A TM cell is 53 bytes (424 bits), so a maximum speed of 832Kbps gives a maximu m PCR of 1962 cells/sec. This rate is not guaranteed because[...]

  • Page 96

    P-660H/HW-T Series User’ Guide 95 Chapter 6 WAN Setup 6.6 The Main W AN Screen Click WA N in the navigation pane l to display the man WA N screen. See Section 6.1 on page 9 0 for more information. Figure 33 WA N The following table describes the links in this screen. 6.7 Configuring W AN Setup T o change your Prestige’ s W A N remote node setti[...]

  • Page 97

    P-660H/HW-T Series User’ Guide Chapter 6 WAN Setup 96 Figure 34 W A N Setup (PPPoE) The following table describes th e fields in this screen. Table 22 WAN Se tu p LABEL DESCRIPTION Name Enter the name of your Internet Service Provider , e.g., MyISP . This information is for identification purpose s only . Mode Select Routing (default) from the dr[...]

  • Page 98

    P-660H/HW-T Series User’ Guide 97 Chapter 6 WAN Setup Encapsulation Selec t the method of encapsulatio n used by your ISP from the drop-down list box. Choices vary depending on the mode you select in th e Mode field. If you select Bridge in the Mode field, select either PPPoA or RFC 1483 . If you select Routing in the Mode field, select PPPoA , R[...]

  • Page 99

    P-660H/HW-T Series User’ Guide Chapter 6 WAN Setup 98 6.8 T raffic Redirect T ra ffic redirect forwards traf fic to a backup gateway when the Prestige cannot connect to the Internet. An exampl e is shown in the figu re below . Connect on Demand Select Connect on Demand when you don't want the co nnection up all the ti me and specify an idle [...]

  • Page 100

    P-660H/HW-T Series User’ Guide 99 Chapter 6 WAN Setup Figure 35 T raffic Redirect Example The following network topology allows you to avoid triangle route security issues when the backup gateway is co nnected to the LAN. Use IP alias to configure the LAN into two or three logical networks with the Prestige itself as the gateway for each LAN netw[...]

  • Page 101

    P-660H/HW-T Series User’ Guide Chapter 6 WAN Setup 100 Figure 37 W A N Backup The following table describes th e fields in this screen. Table 23 WAN Ba ck up LABEL DESCRIPTION Backup T ype Select the method that the Pr esti ge uses to check the DSL connection. Select DSL Link to have the Prestige check if the connection to the DSLAM is up. Select[...]

  • Page 102

    P-660H/HW-T Series User’ Guide 101 Chapter 6 WAN Setup T imeout T ype the number of seconds (3 recommended) for your Prestige to wait for a ping response from one of the IP addresses in the Check W AN IP Add ress field before timing out the request. The WAN connection is considered "down" after the Prestige times out the number of times[...]

  • Page 103

    P-660H/HW-T Series User’ Guide Chapter 7 Network Address Translatio n (NAT) Screens 102 C HAPTER 7 Network Address T ranslation (NA T) Screens This chapter discusses how to configure NA T on the Prestige. 7.1 NA T Overview NA T (Netw ork Address T ranslation - NA T , RFC 1631) is the translation of the IP address of a host in a packet, for exampl[...]

  • Page 104

    P-660H/HW-T Series User’ Guide 103 Chapter 7 Network Addr ess Translatio n (NAT) Scre ens 7.1.2 What NA T Does In the simplest form, NA T c hanges the sour ce IP address in a packet received from a subscriber (the inside local address) to anothe r (the inside global address) before forwarding the packet to the W AN side. When the resp onse comes [...]

  • Page 105

    P-660H/HW-T Series User’ Guide Chapter 7 Network Address Translatio n (NAT) Screens 104 Figure 38 How NA T Works 7.1.4 NA T Application The following figure illustrates a possible NA T application, wher e three inside LANs (logical LANs using IP Alias) behind the Prestige can communicate with three distinct W AN networks. More examples follow at [...]

  • Page 106

    P-660H/HW-T Series User’ Guide 105 Chapter 7 Network Addr ess Translatio n (NAT) Scre ens 7.1.5 NA T Mapping T ype s NA T sup ports five types of IP/port mapping. They are: • One to One : In One-to-One mode, the Prestige maps one local IP address to one global IP address. • Many to One : In Many-to-One mode, the Prestige maps multiple local I[...]

  • Page 107

    P-660H/HW-T Series User’ Guide Chapter 7 Network Address Translatio n (NAT) Screens 106 7.2 SUA (Single User Account) V ersus NA T SUA (Single User Account) is a ZyNOS implemen tation of a subset of NA T that supports two types of mapping, Many-to-One and Server . The Prestige also supports Full Feature NA T to map multiple global IP addresse s t[...]

  • Page 108

    P-660H/HW-T Series User’ Guide 107 Chapter 7 Network Addr ess Translatio n (NAT) Scre ens 7.3.3 Configuring Ser vers Behind SUA (Example) Let's say you want to assign po rts 21-25 to one FTP , T elnet and SMTP server (A in the example), port 80 to another (B in the exam ple) and assign a default server IP address of 192.168.1.35 to a third ([...]

  • Page 109

    P-660H/HW-T Series User’ Guide Chapter 7 Network Address Translatio n (NAT) Screens 108 Figure 41 NA T Mode The following table describes the labels in this screen. 7.5 Configuring SUA Server Set If you do not assign an IP address in Server Set 1 (default server) the Prestige discards all packets received for ports that are not specif ied here or[...]

  • Page 110

    P-660H/HW-T Series User’ Guide 109 Chapter 7 Network Addr ess Translatio n (NAT) Scre ens Figure 42 Edit SUA/NA T Server Set The following table describes th e fields in this screen. T able 28 Edit SUA/NA T Server Set LABEL DESCRIPTION S tart Port No. Enter a port number in this field. T o forward only one port, ente r the port number again in th[...]

  • Page 111

    P-660H/HW-T Series User’ Guide Chapter 7 Network Address Translatio n (NAT) Screens 110 7.6 Configuring Address Mapping Rules Ordering your rules is important because the Pr estige applies the rules in the order that you specify . When a rule matches the c urrent pack et, the Prestige take s the corresponding action and the remaining rules are ig[...]

  • Page 112

    P-660H/HW-T Series User’ Guide 111 Chapter 7 Network Addr ess Translatio n (NAT) Scre ens 7.7 Editing an Address Mapping Rule T o edit an address mapping rule, click the rule’ s link in the NA T Ad dress Mapping Rules screen to display the screen sh own next. Ty p e 1-1 : One-to-one mode maps one loca l IP address to one global IP address. Note[...]

  • Page 113

    P-660H/HW-T Series User’ Guide Chapter 7 Network Address Translatio n (NAT) Screens 112 Figure 44 Edit Address Mapping Rule The following table describes th e fields in this screen. Table 30 Edit Address Ma pping Rule LABEL DESCRIPTION Ty p e Choose the port ma pping type from one of the follow ing. • One-to-One : One-to-One mode maps one local[...]

  • Page 114

    P-660H/HW-T Series User’ Guide 113 Chapter 7 Network Addr ess Translatio n (NAT) Scre ens Cancel Click Cancel to return to the pr eviously saved settings. Delete Click Delete to exi t this screen without savin g. Table 30 Edit Address Mappin g Rule (continued) LABEL DESCRIPTION[...]

  • Page 115

    P-660H/HW-T Series User’ Guide Chapter 8 Dynamic DNS Setup 114 C HAPTER 8 Dynamic DNS Setup This chapter discusses how to configure your Prestige to use Dynamic DNS. 8.1 Dynamic DNS Overview Dynamic DNS allows you to update your curre nt dynamic IP address with one or many dynamic DNS services so that anyone can c ont act you (in NetMeeting, CU-S[...]

  • Page 116

    P-660H/HW-T Series User’ Guide 115 Chapter 8 Dynamic DNS Setup Figure 45 Dynamic DNS The following table describes th e fields in this screen. Table 31 Dynamic DNS LABEL DESCRIPTION Active Select this check box to use dynamic DNS. Service Provider This is the name of your Dyn amic DNS service pr ovider . Host Names T ype the domain n ame assigned[...]

  • Page 117

    P-660H/HW-T Series User’ Guide Chapter 9 Time and Date 116 C HAPTER 9 T ime and Date This screen is not available on all models. Us e this screen to configur e the Prestige’ s time and date settings. 9.1 Configuring T ime and Date T o change your Presti ge’ s time and date, click T ime And Date . The screen appears as shown. Use this screen t[...]

  • Page 118

    P-660H/HW-T Series User’ Guide 117 Chapter 9 Time and Date Table 32 T ime and Date LABEL DESCRIPTION T ime Server Use Protocol when Bootup Select the time service protocol that your time server sends w hen you turn on the Prestige. Not all time servers support all protocols, so you may have to check with your ISP/network administrator or use tria[...]

  • Page 119

    P-660H/HW-T Series User’ Guide Chapter 10 Firewalls 118 C HAPTER 10 Firewalls This chapter gives some backgr ound information on firewalls and introduces the Prestige firewall. 10.1 Firewall Overview Originally , the term fir ewall referred to a construction techni que designed to prevent the spread of fire from one room to another . The ne twork[...]

  • Page 120

    P-660H/HW-T Series User’ Guide 119 Chapter 10 Firewalls 10.2.2 Application-level Firewalls Application-level firewalls restrict access by serv ing as proxies for e xternal servers. Since they use programs written for specific Internet servic es, such as HTTP, FTP and tel net, they can evaluate network packets for valid applicatio n-sp ecific data[...]

  • Page 121

    P-660H/HW-T Series User’ Guide Chapter 10 Firewalls 120 • The LAN (Local Area Network) port attache s to a network of compute rs, which needs security from the outside world. These computer s will have access to Internet services such as e-mail, FTP , and the W orld W i de W e b. However , “inbound access” will not be allowed unless you con[...]

  • Page 122

    P-660H/HW-T Series User’ Guide 121 Chapter 10 Firewalls 10.4.2 T ypes of DoS Att acks There are four types of DoS attacks: 1 Those that exploit bugs in a TCP/IP implementation. 2 Those that exploit weaknesses in the TCP/IP specification. 3 Brute-force attacks that flood a network with useless data. 4 IP Spoofing. 5 " Ping of Death " and[...]

  • Page 123

    P-660H/HW-T Series User’ Guide Chapter 10 Firewalls 122 Figure 48 Three-W ay Handshake Under normal circumstances, the applica tion that initiates a session sends a SYN (synchronize) packet to the receiving server . The receiver sends back an ACK (acknowledgment) packet and its own SYN, and then the in itiator responds with an ACK (acknowledgment[...]

  • Page 124

    P-660H/HW-T Series User’ Guide 123 Chapter 10 Firewalls (ICMP) echo request packets (pin gs). Since the destination IP address of each packet is the broadcast address of the network, the router will broadcast the ICMP echo request packet to all hosts on the network. If there are numerous hosts, this will create a large amount of ICMP echo request[...]

  • Page 125

    P-660H/HW-T Series User’ Guide Chapter 10 Firewalls 124 All SMTP commands are illegal except for tho se displayed in the following tables. 10.4.2.3 T raceroute T raceroute is a utility used to determine th e path a packet takes between two endpoints. Sometimes when a packet filter firewall is conf igured incorrectly an at tacker can traceroute th[...]

  • Page 126

    P-660H/HW-T Series User’ Guide 125 Chapter 10 Firewalls Figure 51 S tateful Inspection The previous figure shows the Prestige’ s default firewall rules in action as well as demonstrates how stateful inspection works. User A can initiate a T elnet session from within the LAN and responses to this request are allowe d. However other T elnet traff[...]

  • Page 127

    P-660H/HW-T Series User’ Guide Chapter 10 Firewalls 126 temporary entries might be modified, in order to permit only packets that are valid for the current state o f the connec tion. 8 Any additional inbound or outb ound packets that belong to the connection are inspected to update the state table entry and to modify the temporary inbound access [...]

  • Page 128

    P-660H/HW-T Series User’ Guide 127 Chapter 10 Firewalls When the Prestige receives any subsequent packet (from the In ternet or from the LAN), its connection information is extracted and checked against the cache. A packet is only allowed to pass through if it corresponds to a valid connection (that is, if i t is a response to a connection which [...]

  • Page 129

    P-660H/HW-T Series User’ Guide Chapter 10 Firewalls 128 • Limit who can telnet into your router . • Don't enable any local service (such as SN MP or NTP) that you don't use. An y enabled service could present a potential sec urity risk. A determined hacker might be able to find creative ways to misuse the enabled services to access [...]

  • Page 130

    P-660H/HW-T Series User’ Guide 129 Chapter 10 Firewalls • Always shred confidential in formation, particularly about your computer , before throwing it away . Some hackers dig through the trash of companies or individuals for information that might he lp them in an attack. 10.7 Packet Filtering Vs Firewall Below are some comparisons between the[...]

  • Page 131

    P-660H/HW-T Series User’ Guide Chapter 10 Firewalls 130 • A range of source an d destination IP address es as well as port numbers can be specified within one firewall rule making the fire wall a better choice when complex rules are required. • T o selecti vely block/allow inbound or out bound traf fic between inside host/networks and outside[...]

  • Page 132

    P-660H/HW-T Series User’ Guide 131 Chapter 10 Firewalls[...]

  • Page 133

    P-660H/HW-T Series User’ Guide Chapter 11 Firewall Configurat ion 132 C HAPTER 11 Firewall Configuration This chapter shows you how to enable and configure the Prestige firewall. 1 1.1 Access Methods The web configurator is, by far , the most co mprehensive firewall configuration tool your Prestige has to offer . For this reason, it is reco mmend[...]

  • Page 134

    P-660H/HW-T Series User’ Guide 133 Chapter 11 Firewall Configuration Note: If you configure firewall rules wit hout a good understan ding of how they work, you might inadvertently introduce securi ty risks to the f irewall and to the protected network. Make sure you test your rules af ter you configure them. For example, you may create rules to: [...]

  • Page 135

    P-660H/HW-T Series User’ Guide Chapter 11 Firewall Configurat ion 134 4 Does a rule that allows Internet users acces s to resources on the LAN create a security vulnerability? For example, if FTP ports (TCP 20, 21) are al lowed from the Internet to the LAN, Internet users may be able to connect to computers with running FTP servers. 5 Does this r[...]

  • Page 136

    P-660H/HW-T Series User’ Guide 135 Chapter 11 Firewall Configuration The default rule for W AN to LAN traffic bloc ks al l incoming connections (W AN to LAN). If you wish to allow certain W AN users to have access to your LAN, you will need to create custom rules to allow it. 1 1.4.2 Alert s Alerts are reports on events, such as attacks, that you[...]

  • Page 137

    P-660H/HW-T Series User’ Guide Chapter 11 Firewall Configurat ion 136 1 1.6 Rule Summary Note: The ordering of your rule s is very important as rules are applied in t urn. Refer to Section 10.1 on page 1 18 for more information. Click on Fire wall , then Rule Summary to bring up the following screen. This screen is a summary of the existing rules[...]

  • Page 138

    P-660H/HW-T Series User’ Guide 137 Chapter 11 Firewall Configuration Figure 53 Firewall: Rule Summary The following table describes the labels in this screen. Table 38 Rule Summary LABEL DESCRIPTION Firewall Rules S torage Sp ace in Use This read-only bar shows how much of the Prestige' s memory for recording fire wall rules it is currently [...]

  • Page 139

    P-660H/HW-T Series User’ Guide Chapter 11 Firewall Configurat ion 138 1 1.6.1 Configuring Firewall Rules Refer to Section 10.1 on page 1 18 for more information. Follow these directions to create a new rule. 1 In the Rule Summary screen, type the index number for where you want to put the rule. For example, if you type “6”, your new rule beco[...]

  • Page 140

    P-660H/HW-T Series User’ Guide 139 Chapter 11 Firewall Configuration Figure 54 Firewall: Edit Rule The following table describes the labels in this screen.[...]

  • Page 141

    P-660H/HW-T Series User’ Guide Chapter 11 Firewall Configurat ion 140 Table 39 Firewall: Edit Rule LABEL DESCRIPTION Active Select this option to ena ble this firewall rule. Action for Matched Packet Use the radio button to select whether to disca rd ( Block ) o r allow the passage of ( Forward ) packets that match this rule. Source/Destination A[...]

  • Page 142

    P-660H/HW-T Series User’ Guide 141 Chapter 11 Firewall Configuration 1 1.7 Customized Services Configure customized services and port numbers not predefined by the Prestige. For a comprehensive list of port numbers and services, visit the IANA (Internet Assigned Number Authority) website. For further inform ation on these services, please read Se[...]

  • Page 143

    P-660H/HW-T Series User’ Guide Chapter 11 Firewall Configurat ion 142 Refer to Section 10.1 on page 1 18 for more information. Figure 56 Firewall: Configure Customized Services The following table describes the labels in this screen. 1 1.9 Example Firewall Rule The following Internet firewa ll rule example allows a hypot hetical “My Service” [...]

  • Page 144

    P-660H/HW-T Series User’ Guide 143 Chapter 11 Firewall Configuration Figure 57 Firewall Example: Rule Summary 3 In the Rule Summary screen, type the index number for where you want to put the rule. For example, if you type “6”, your new rule becomes number 6 and th e previous rule 6 (if there is one) becomes rule 7. 4 Click Inser t to display[...]

  • Page 145

    P-660H/HW-T Series User’ Guide Chapter 11 Firewall Configurat ion 144 Figure 58 Firewall Example: Edit Ru le: Des tination Addres s 7 In the Edit Rule screen, click the Customized Servic es link to open the Customized Service screen. 8 Click an index numb er to display the Customized Services -Config screen and configure the screen as follows and[...]

  • Page 146

    P-660H/HW-T Series User’ Guide 145 Chapter 11 Firewall Configuration Figure 60 Firewall Example: Edit Rule: Select Customized Services Note: Custom ports show up with an “*” before their names in the Services list box and the Rule Summary list box. Click Apply af ter you’ve crea ted your custom port. On completing the configuration procedur[...]

  • Page 147

    P-660H/HW-T Series User’ Guide Chapter 11 Firewall Configurat ion 146 Rule 2 allows a “My Service” connection fro m the W AN to IP addresses 10.0.0.10 through 10.0.0.15 on the LAN. Figure 61 Firewall Example: Rule Summary: My Service 1 1.10 Predefined Services The A vailable Services list box in the Edit Ru le screen (see Section 1 1.6.1 on p[...]

  • Page 148

    P-660H/HW-T Series User’ Guide 147 Chapter 11 Firewall Configuration CU-SEEME(TCP/UDP:7648, 24032) A popular videocon ferencing solution from White Pines So ftware. DNS(UDP/TCP:53) Domain Name Server , a service that matches web names (e.g. www .zyxel.com ) to IP numbers. FINGER(TCP:79) Finger is a UNIX or Internet rela ted command that can be us[...]

  • Page 149

    P-660H/HW-T Series User’ Guide Chapter 11 Firewall Configurat ion 148 1 1.1 1 Anti-Probing If an outside user attempts to probe an unsupp orted port on your Prestige, an ICMP respon se packet is automatically returned. This allows the outside user to know the Prestige exists. The Prestige supports anti-probing, which prevents the ICMP response pa[...]

  • Page 150

    P-660H/HW-T Series User’ Guide 149 Chapter 11 Firewall Configuration Figure 62 Firewall: Anti Probing The following table describes the labels in this screen. 1 1.12 DoS Thresholds For DoS attacks, the Prestige uses thresholds to dete rmine when to drop sessions that do not become fully established. These threshol ds apply globally to all session[...]

  • Page 151

    P-660H/HW-T Series User’ Guide Chapter 11 Firewall Configurat ion 150 1 1.12.1 Threshold V alues T une these parameters when some thing is not working and after you have checked the firewall counters. These default values sh ould work fine for most small offices. Factors influencing choices for threshold values are: • The maximum number of open[...]

  • Page 152

    P-660H/HW-T Series User’ Guide 151 Chapter 11 Firewall Configuration Whenever the number of half-o pen sessions with the same destin ation host address rises a bove a threshold ( TCP Maximum Incomplete ), the Prestige starts deleting half-open sessions according to one of the following methods: • If the Blocking Time timeout is 0 (the default),[...]

  • Page 153

    P-660H/HW-T Series User’ Guide Chapter 11 Firewall Configurat ion 152 Table 44 Firewall: Thre shold LABEL DESCRIPTION DEF AUL T V ALUES Denial of Service Thresholds One Minute Low This is the rate of new half-open sessions that causes the firewall to stop deleting hal f-open sessions. The Prestige continues to delete half-open sessions as necessa[...]

  • Page 154

    P-660H/HW-T Series User’ Guide 153 Chapter 11 Firewall Configuration Deny new connection request for Select this radio button and specify for how long the Prestige should block new connection requests when TCP Maximum Incomplete is reached. Enter the length of blocking time in minutes (between 1 and 256). Back Click Back to return to the previous[...]

  • Page 155

    P-660H/HW-T Series User’ Guide Chapter 12 Content Filtering 154 C HAPTER 12 Content Filtering This chapter covers how to configure content filtering. 12.1 Content Filtering Overview Internet content filtering allows you to create and enforce Internet access policies tailored to your needs. Content filtering gives you the ab ility to block web sit[...]

  • Page 156

    P-660H/HW-T Series User’ Guide 155 Chapter 12 Content Filtering 12.3 Configuring Keyword Blocking Use this screen to block sites containing certai n keywords in the URL. For example, if you enable the keyword "bad", the Prestige blocks all sites contai ning this keyword including the URL http://www .website.com/bad.html, even if it is n[...]

  • Page 157

    P-660H/HW-T Series User’ Guide Chapter 12 Content Filtering 156 12.4 Configuring the Schedule T o set the days and times for the Prestige to perform content filtering, click Con tent Filter and Schedule . The screen appears as shown. Figure 66 Content Filter: Schedule The following table describes the labels in this screen. 12.5 Configuring T rus[...]

  • Page 158

    P-660H/HW-T Series User’ Guide 157 Chapter 12 Content Filtering Figure 67 Content Filter: T rusted The following table describes the labels in this screen. Table 48 Content Filter: T rusted LABEL DESCRIPTION T rusted User IP Range From T ype th e IP address of a computer (or the b eginning IP address of a specific range of computers) on the LAN t[...]

  • Page 159

    P-660H/HW-T Series User’ Guide Chapter 13 Remote M anagement Configuration 158 C HAPTER 13 Remote Management Configuration This chapter provides information on config uring remote management. 13.1 Remote Management Overview Remote management allows you to determ ine which services/protocols can access which Prestige interface (if any) from which [...]

  • Page 160

    P-660H/HW-T Series User’ Guide 159 Chapter 13 Remote Management Configuratio n • A filter in SMT menu 3.1 (LAN) or in menu 1 1.5 (W AN) is applied to block a T elnet, FTP or W eb service. • Y ou have disabled that service in one of the remote management screens. • The IP address in the Secured Client IP field does not match th e client IP a[...]

  • Page 161

    P-660H/HW-T Series User’ Guide Chapter 13 Remote M anagement Configuration 160 13.3 FTP Y ou can upload and download Prestige firmware and configuration files using FTP . T o use this feature, your computer m ust have an FTP cl ient. 13.4 W eb Y ou can use the Prestige’ s embedded web configurator for config uration and file management. See the[...]

  • Page 162

    P-660H/HW-T Series User’ Guide 161 Chapter 13 Remote Management Configuratio n[...]

  • Page 163

    P-660H/HW-T Series User’ Guide Chapter 14 Universa l Plug-and-Play (UPnP) 162 C HAPTER 14 Universal Plug-and-Play (UPnP) This chapter introduces the UPnP feature in the web configura tor . 14.1 Introducing Universal Plug and Play Universal Plug and Play (UPnP) is a distributed, open networking standard that uses TCP/IP for simple peer-to-peer net[...]

  • Page 164

    P-660H/HW-T Series User’ Guide 163 Chapter 14 Universal Plug-and-Pla y (UPnP) 14.1.3 Cautions with UPnP The automated nature of NA T traversal applications in establishing their own services and opening firewall ports ma y present network security issues. Network information and configuration may also be obtained and modifi ed by users in some ne[...]

  • Page 165

    P-660H/HW-T Series User’ Guide Chapter 14 Universa l Plug-and-Play (UPnP) 164 14.3 Inst alling UPnP in Windows Example This section shows ho w to install UPnP in W indows Me and W indows XP . Inst alling UPnP in Windows Me Follow the steps below to inst all the UPnP in W indows Me. 1 Click St a r t and Contro l Panel . Double-click Add/Remove Pro[...]

  • Page 166

    P-660H/HW-T Series User’ Guide 165 Chapter 14 Universal Plug-and-Pla y (UPnP) Figure 71 Add/Remove Programs: Windows Setup : Communication 3 In the Communications window , select the Universal Plug and Play check box in the Components selection box. Figure 72 Add/Remove Programs: Windows Setup : Communication: Component s 4 Click OK to go back to[...]

  • Page 167

    P-660H/HW-T Series User’ Guide Chapter 14 Universa l Plug-and-Play (UPnP) 166 Inst alling UPnP in Windows XP Follow the steps below to install the UPnP in Windows XP . 1 Click St a r t and Contro l Panel . 2 Double-click Network Connections . 3 In the Network Connections window , click Adv anced in the main menu and select Optional Networking Com[...]

  • Page 168

    P-660H/HW-T Series User’ Guide 167 Chapter 14 Universal Plug-and-Pla y (UPnP) Figure 74 Windows Op tional Networ king Compon ents Wizard 5 In the Networking Services window , select the Universal Plug and Play check box.[...]

  • Page 169

    P-660H/HW-T Series User’ Guide Chapter 14 Universa l Plug-and-Play (UPnP) 168 Figure 75 Networking Servic es 6 Click OK to go back to the W indows Optional Networking Component Wizard window and click Next . 14.4 Using UPnP in Windows XP Example This section shows yo u how to use the UPnP feature in W indows XP . Y ou must already have UPnP insta[...]

  • Page 170

    P-660H/HW-T Series User’ Guide 169 Chapter 14 Universal Plug-and-Pla y (UPnP) Figure 76 Network Connections 3 In the Internet Connection Properties window , click Settings to see the port mappings there were automatically created.[...]

  • Page 171

    P-660H/HW-T Series User’ Guide Chapter 14 Universa l Plug-and-Play (UPnP) 170 Figure 77 Internet Co nnection Proper ties 4 Y ou may edit or delet e the port mappings or click Add to manually add port mappings.[...]

  • Page 172

    P-660H/HW-T Series User’ Guide 171 Chapter 14 Universal Plug-and-Pla y (UPnP) Figure 78 Internet Connection Properties: Advanced Settings Figure 79 Internet Connection Pr operties: Advanced Settings: Add 5 When the UP nP-enabled device is disconnected from your computer , all port mappings will be deleted automatically . 6 Select Show icon in not[...]

  • Page 173

    P-660H/HW-T Series User’ Guide Chapter 14 Universa l Plug-and-Play (UPnP) 172 Figure 80 System T ray Icon 7 Double-click on the icon to display yo ur curr ent Internet co nnection statu s. Figure 81 Internet Conne ction S tatus Web Configurator Eas y Access W ith UPnP , you can access the web-based configur a tor on the Prestige w ithout finding [...]

  • Page 174

    P-660H/HW-T Series User’ Guide 173 Chapter 14 Universal Plug-and-Pla y (UPnP) Figure 82 Network Connections 4 An icon with the description for e ach UPnP-enabled device disp lays under Local Network . 5 Right-click on the icon for your Prestige and select Invoke . The web configurator login screen displays.[...]

  • Page 175

    P-660H/HW-T Series User’ Guide Chapter 14 Universa l Plug-and-Play (UPnP) 174 Figure 83 Network Con nections: M y Network Places 6 Right-click on the icon for your Prestige and select Pr operties . A prop erties window displays with basic information about the Prestige. Figure 84 Network Conn ections: My N etwork Plac es: Properties: Example[...]

  • Page 176

    P-660H/HW-T Series User’ Guide 175 Chapter 14 Universal Plug-and-Pla y (UPnP)[...]

  • Page 177

    P-660H/HW-T Series User’ Guide Chapter 15 Logs Scree ns 176 C HAPTER 15 Logs Screens This chapter contains inform ation about configuring genera l log settings and viewing the Prestige’ s logs. Refer to the appendix for example log message explanations. 15.1 Logs Overview The web confi gurator allows you to choose which categories of events a n[...]

  • Page 178

    P-660H/HW-T Series User’ Guide 177 Chapter 15 Log s Screens Figure 85 Log Settings The following table describes the fields in this screen. Table 51 Log Settings LABEL DESCRIPTION Address Info Mail Server Enter the server name or the IP address of the mail server for the e-mail addresses specified below . If this field is left blan k, logs and al[...]

  • Page 179

    P-660H/HW-T Series User’ Guide Chapter 15 Logs Scree ns 178 15.3 Displaying the Logs Click Logs and then Vi e w L o g to open the Vi e w L o g s sc reen. Use the Vi e w L o g s screen to see the logs for the categorie s that you selected in the Log Settings screen (s ee Section 15.2 on page 176 ). Log entries in red indicate alerts . The log wrap[...]

  • Page 180

    P-660H/HW-T Series User’ Guide 179 Chapter 15 Log s Screens Figure 86 Vi ew Logs The following table describes the fields in this screen. 15.4 SMTP Error Messages If there are d ifficult ies in sending e-mail the follo wing error message s appear . E-mail error messages appear in SMT menu 24.3.1 as "SMTP action request failed. ret= ??".[...]

  • Page 181

    P-660H/HW-T Series User’ Guide Chapter 15 Logs Scree ns 180 15.4.1 Example E-mail Log An "End of Log" message displays for each ma il in which a complete log has been sent. The following is an example of a log sent by e-mail. • Y ou may edit the subject title. • The date format here is Day-Month-Y ear . • The date format here is M[...]

  • Page 182

    P-660H/HW-T Series User’ Guide 181 Chapter 15 Log s Screens[...]

  • Page 183

    P-660H/HW-T Series User’ Guide Chapter 16 M edia Bandwidth Managemen t Advanced Setup 182 C HAPTER 16 Media Bandwid th Management Advanced Setup This chapter describes bandwidth manage ment with one level of child class. 16.1 Media Bandwid th Management Overview Bandwidth management allo ws you to allocate an interface’ s outgoing capacity to s[...]

  • Page 184

    P-660H/HW-T Series User’ Guide 183 Chapter 16 Med ia Bandwidth Management Advanced Setu p bandwidth filter. Y o u can configure up to one bandwidth filter per bandwidth class. Y ou can also configure bandwidth classes without bandwidth filters. However , it is recommended that you configure child-classes with filters for any classes that you conf[...]

  • Page 185

    P-660H/HW-T Series User’ Guide Chapter 16 M edia Bandwidth Managemen t Advanced Setup 184 Figure 89 Subnet-based Bandwid th Management Examp le 16.4.3 Application and Subn et-based Bandwid th Management Example The following example uses bandwidth classes based on LAN subnets and applications (specific applications in each subnet ar e allotted ba[...]

  • Page 186

    P-660H/HW-T Series User’ Guide 185 Chapter 16 Med ia Bandwidth Management Advanced Setu p 16.5 Scheduler The scheduler divides up an interface’ s bandwi dth among the bandwidth classes. The Prestige has two types of schedule r: fair ness-based and priority-based. 16.5.1 Priority-based Scheduler W ith the priority-based scheduler, the Prestige f[...]

  • Page 187

    P-660H/HW-T Series User’ Guide Chapter 16 M edia Bandwidth Managemen t Advanced Setup 186 16.6.2 Maximize Ba ndwid th Usage Example Here is an example of a Prestige that has ma xi mized bandwidth usage ena bled on an interface. The first figure shows each bandwidth class’ s band width budget and pr iority . The classes are set up based on subne[...]

  • Page 188

    P-660H/HW-T Series User’ Guide 187 Chapter 16 Med ia Bandwidth Management Advanced Setu p Figure 92 Maximize Bandwidth Usage Example 16.7 Bandwid th Borrowing Bandwidth borrowing allows a child -class to borrow unused bandwidth from its parent class, whereas maximize bandwidth usage allows bandwidth classes to bo rrow any unused or unbudgeted ban[...]

  • Page 189

    P-660H/HW-T Series User’ Guide Chapter 16 M edia Bandwidth Managemen t Advanced Setup 188 4 The Prestige assigns any remainin g unbudgeted bandwidth to traffic t hat does not match any of the bandwidth classes. 16.8 The Main Media Bandwid th Management Screen Click Media Bandwidth Mgnt. to display the main Media Bandwidth Management screen as sho[...]

  • Page 190

    P-660H/HW-T Series User’ Guide 189 Chapter 16 Med ia Bandwidth Management Advanced Setu p Figure 94 Media Bandwid th Management: Sum mary The following table describes the labels in this screen. Table 56 Media Bandwid th Management: Summary LABEL DESCRIPTION LAN WLAN WA N These read-only labels represent the physical inte rfaces. Select an interf[...]

  • Page 191

    P-660H/HW-T Series User’ Guide Chapter 16 M edia Bandwidth Managemen t Advanced Setup 190 16.10 Configuring Class Setup The class se tup screen displays the configured band width classes by individual interface. Select an interface and click the buttons to pe rform the actions des cribed next. Click “+” to expand the class tree or click “-?[...]

  • Page 192

    P-660H/HW-T Series User’ Guide 191 Chapter 16 Med ia Bandwidth Management Advanced Setu p T o add a child class, click Media Bandwidth Management , then Class Setup . Click the Add Child-Class button to open th e following screen. Figure 96 Media Bandwid th Management: Class Configuration The following table describes the labels in this screen. T[...]

  • Page 193

    P-660H/HW-T Series User’ Guide Chapter 16 M edia Bandwidth Managemen t Advanced Setup 192 Active Select the check box to have the Presti ge use th is bandwidth filter when it performs bandwidth management. Service Y ou can select a predefined serv ice inste ad of configuring the Destination Port , Source Port and Protocol ID fields. SIP (Session [...]

  • Page 194

    P-660H/HW-T Series User’ Guide 193 Chapter 16 Med ia Bandwidth Management Advanced Setu p 16.10.2 Media Bandwid th Management St atistics Use the Media Bandwidth Management S tatistics screen to view network performance information. Click the S tatistics button in the Class Setup screen to open the St a t i s t i c s screen. Figure 97 Media Bandw[...]

  • Page 195

    P-660H/HW-T Series User’ Guide Chapter 16 M edia Bandwidth Managemen t Advanced Setup 194 16.1 1 Bandwid th Monitor T o vie w the Prestig e’ s bandwid t h usage and allotments, click M edia Bandwidth Management , then Monitor . The screen appears as shown. Figure 98 Media Bandwid th Management: Mo nitor The following table describes the labels [...]

  • Page 196

    P-660H/HW-T Series User’ Guide 195 Chapter 16 Med ia Bandwidth Management Advanced Setu p[...]

  • Page 197

    P-660H/HW-T Series User’ Guide Chapter 17 Maintenance 196 C HAPTER 17 Maintenance This chapter displays system information such as ZyNOS firmware, port IP addresses and port traffic statistics. 17.1 Maintenance Overview The maintenanc e screens can help you view system inform a tion, upload new firmware, manage configuratio n and restart your Pre[...]

  • Page 198

    P-660H/HW-T Series User’ Guide 197 Chapter 17 Maintenance Figure 99 System S tatus The following table describes th e fields in this screen. Table 62 System S tatus LABEL DESCRIPTION System S tatus System Name This is the name of yo ur Prestige. It is for identification purposes.[...]

  • Page 199

    P-660H/HW-T Series User’ Guide Chapter 17 Maintenance 198 17.2.1 System St atistics Click Show S tatistics in the System S tatus screen to open the following screen. Read-only information here includes port status and packet specific statistics. Also provided are "system up time" and "poll interval(s)". The Poll Interval(s) fi[...]

  • Page 200

    P-660H/HW-T Series User’ Guide 199 Chapter 17 Maintenance Figure 100 System S tatus: Show S tatistics The following table describes th e fields in this screen. Table 63 System S tatus: Show S tatistics LABEL DESCRIPTION System up T ime This is the elapsed time the system has been up. CPU Load Th is field specifies the pe rcentage of CPU utilizati[...]

  • Page 201

    P-660H/HW-T Series User’ Guide Chapter 17 Maintenance 200 17.3 DHCP T able Screen DHCP (Dynamic Host Configuration Protocol , RFC 2131 and RFC 2132) allows indiv idual clients to obtain TCP/IP configuration at star t-up from a server . Y ou can configure the Prestige as a DHCP server or disable it. When configured as a server, the Prestige provid[...]

  • Page 202

    P-660H/HW-T Series User’ Guide 201 Chapter 17 Maintenance 17.4 Any IP T able Screen Click Maintenance , Any IP . The Any IP table shows cu rrent read-only information (including the IP address and the MAC address) of all network devices that use the Any IP feature to communicat e with the Prestige. Figure 102 Any IP T able The following table des[...]

  • Page 203

    P-660H/HW-T Series User’ Guide Chapter 17 Maintenance 202 Figure 103 Associa tion List The following table describes th e fields in this screen. 17.6 Diagnostic Screens These read-only screens display information to help you identify proble ms with the Prestige. 17.6.1 General Diagnostic Click Diagnostic and then General to open the scre en shown[...]

  • Page 204

    P-660H/HW-T Series User’ Guide 203 Chapter 17 Maintenance Figure 104 Diagnostic: General The following table describes th e fields in this screen. 17.6.2 DSL Line Diagnostic Click Diagnostic and then DSL Line to open the screen shown next. T able 67 Diagnostic: Gener al LABEL DESCRIPTION TCP/IP Address T ype the IP add ress of a computer that you[...]

  • Page 205

    P-660H/HW-T Series User’ Guide Chapter 17 Maintenance 204 Figure 105 Diagnostic: DSL Line The following table describes th e fields in this screen. Table 68 Diagnostic: DSL Line LABEL DESCRIPTION Reset ADSL Line Click this button to reinitialize the ADSL line. The large text box above then displays the progress and results of this operation, for [...]

  • Page 206

    P-660H/HW-T Series User’ Guide 205 Chapter 17 Maintenance 17.7 Firmware Upgrade Find firmware at www .zyxel.com in a file that (usually) uses the system model name with a.bin extension, for example, "Prestige.bi n". The upload proce ss uses HTTP (Hypertext T ransfer Protocol) and may take up to two minu tes. After a successful upload, t[...]

  • Page 207

    P-660H/HW-T Series User’ Guide Chapter 17 Maintenance 206 The Prestige automatically restarts in this time causing a temporary network d isconnect. In some operating systems, you may see the following icon on your desktop. Figure 107 Network T emporarily Disconnected After two minutes, log in again an d check your new firmware version in the Syst[...]

  • Page 208

    P-660H/HW-T Series User’ Guide 207 Chapter 17 Maintenance[...]

  • Page 209

    P-660H/HW-T Series User’ Guide Chapter 18 Intro ducing the SMT 208 C HAPTER 18 Introducing the SMT This chapter explains how to access and na viga te the System Management T erminal and gives an overview of its menus. 18.1 SMT Introduction T he Prestige’ s SMT (System Ma nagement T erminal) is a menu-drive n interface that you c an access from [...]

  • Page 210

    P-660H/HW-T Series User’ Guide 209 Chapter 18 In troducing the SM T Figure 109 Login Screen 18.1.3 Prestige SMT Menus Overview The following table gi ves you an overview of y our Prestige’ s various SMT menu s. Enter Password: **** Table 70 SMT Menus Overview MENUS SUB MENUS 1 General Setup 1.1 Configure Dyna mic DNS 2 W AN Backup Setup 3 LAN S[...]

  • Page 211

    P-660H/HW-T Series User’ Guide Chapter 18 Intro ducing the SMT 210 18.2 Navigating the SMT Interface The SMT (System Manage ment T erminal) is the int erface that you use to configure y our Prestige. Several operations that you should be fam iliar with before you a ttempt to modify the configuration are listed in the table below . 24 System Maint[...]

  • Page 212

    P-660H/HW-T Series User’ Guide 211 Chapter 18 In troducing the SM T After you enter the password, the SMT di splays the main menu, as shown next. 18.2.1 System Manage ment T erminal Interface Summary Entering information T ype in or press [SP ACE BAR], then press [ENTER]. Y ou need to fill in two types of fields. The first requires you to type in[...]

  • Page 213

    P-660H/HW-T Series User’ Guide Chapter 18 Intro ducing the SMT 212 18.3 Changing the System Password Change the P restige defau lt password by following the st eps shown next. 1 Enter 23 in the main menu to display Menu 23 - System Securi ty . 2 Enter 1 to display Menu 23.1 - System Security - Change Password as shown next. 3 T ype your existing [...]

  • Page 214

    P-660H/HW-T Series User’ Guide 213 Chapter 18 In troducing the SM T Note: Note that as you type a password, the screen displa ys an “ * ” for each character you type.[...]

  • Page 215

    P-660H/HW-T Series User’ Guide Chapter 19 Menu 1 General Setup 214 C HAPTER 19 Menu 1 General Setup Menu 1 - General Setup contains administra tive an d system-related information. 19.1 General Setup Menu 1 — General Setup contains administrative and system-related information (shown next). The System Name field is for identification purpo ses.[...]

  • Page 216

    P-660H/HW-T Series User’ Guide 215 Chapter 19 Menu 1 General Setup Figure 1 1 1 Men u 1 General Setup Fill in the required fields. Refer to the tabl e shown next for more information about these fields. 19.2.1 Procedure to Configure Dynamic DNS Note: If you have a private W AN IP address, then you cannot use dynamic DNS. T o configure dynamic DNS[...]

  • Page 217

    P-660H/HW-T Series User’ Guide Chapter 19 Menu 1 General Setup 216 Figure 1 12 Menu 1.1 Configu re Dynamic DNS Follow the instructions in the next tabl e to configure dynamic DNS parameters. Menu 1.1 - Configure Dynamic DNS Service Provider= WWW.DynDNS.ORG Active= No Host= EMAIL= USER= Password= ******** Enable Wildcard= No Press ENTER to Confirm[...]

  • Page 218

    P-660H/HW-T Series User’ Guide 217 Chapter 19 Menu 1 General Setup[...]

  • Page 219

    P-660H/HW-T Series User’ Guide Chapter 20 Menu 2 WAN Backup Setup 218 C HAPTER 20 Menu 2 W AN Backup Setup This chapter describes how to co nfigure traffic redirect and dial-backup using me nu 2 and 2.1. 20.1 Introduction to W AN Backup Setup This chapter explains how to configure the Pr estige for traf fic redirect and dial backup connections. 2[...]

  • Page 220

    P-660H/HW-T Series User’ Guide 219 Chapter 20 Menu 2 WAN Backup Setup 20.2.1 T raffic Redirect Setup Configure parameters that determine when th e Prestige will forward W AN traf fic to the backup gateway using Menu 2.1 — T raffic Redirect Setup . Figure 1 14 Menu 2.1 T raffic Redirect Setup The following table describes the fields in this menu[...]

  • Page 221

    P-660H/HW-T Series User’ Guide Chapter 20 Menu 2 WAN Backup Setup 220 Metric Th is field sets this route's prio rity among the routes the Prestige uses. The metric represents the "cost of transm ission". A router determine s the best route for transmission by choosing a path with th e lowest "cost". RIP routing uses hop c[...]

  • Page 222

    P-660H/HW-T Series User’ Guide 221 Chapter 20 Menu 2 WAN Backup Setup[...]

  • Page 223

    P-660H/HW-T Series User’ Guide Chapter 21 Menu 3 LAN Setup 222 C HAPTER 21 Menu 3 LAN Setup This chapter covers how to configure your wired Local Area Network (LAN) settings. 21.1 LAN Setup This section describes how to configure the Ethernet using Menu 3 — LAN Setup . From the main menu, enter 3 to display menu 3. Figure 1 15 Menu 3 LAN Setup [...]

  • Page 224

    P-660H/HW-T Series User’ Guide 223 C hapter 21 Men u 3 LAN Setup 21.2 Protocol Dependent Ethernet Setup Depending on the proto cols for your applications, yo u need to config ure the respective Ethernet Setup, as outlined below . • TCP/IP Ethernet setup • Bridging Ethernet setup 21.3 TCP/IP Ethernet Setup and DHCP Use menu 3.2 to con figure y[...]

  • Page 225

    P-660H/HW-T Series User’ Guide Chapter 21 Menu 3 LAN Setup 224 Follow the instructions in the following table on how to configure th e DHCP fields. Follow the instructions in the following tabl e to configure TCP/IP parameters for the Ethernet port. Table 78 DHCP Ethernet Setu p FIELD DESCRIPTION DHCP Setup DHCP If set to Server , your Prestige c[...]

  • Page 226

    P-660H/HW-T Series User’ Guide 225 C hapter 21 Men u 3 LAN Setup[...]

  • Page 227

    P-660H/HW-T Series User’ Guide Chapter 22 Wireless LAN Setup 226 C HAPTER 22 W ireless LAN Setup This chapter covers how to configure wireless LAN settings in SMT menu 3.5 for P-660HW . 22.1 Wireless LAN Overview Refer to the chapter on the wireless LAN scr eens for wireless LAN background information. 22.2 Wireless LAN Setup Use menu 3.5 to set [...]

  • Page 228

    P-660H/HW-T Series User’ Guide 227 Chapter 22 Wirele ss LAN Setup 22.2.1 Wireless LAN MAC Address Filter The next layer of security is MAC address filter . T o allow a wireless st ation to associate with the Prestige, enter the MAC address of the wireless LAN ada pter on that wireless station in the MAC address table. Channel ID Press [SP ACE BAR[...]

  • Page 229

    P-660H/HW-T Series User’ Guide Chapter 22 Wireless LAN Setup 228 Figure 1 19 Menu 3.5.1 WLAN MAC Address Filtering The following table describes the fields in this menu. Menu 3.5.1 - W LAN MAC Address Filter Active= No Filter Action= A llowed Association ----------------------------------- --------------------------------------- 1= 00:00:00:00:00[...]

  • Page 230

    P-660H/HW-T Series User’ Guide 229 Chapter 22 Wirele ss LAN Setup[...]

  • Page 231

    P-660H/HW-T Series User’ Guide Chapter 23 Internet Access 230 C HAPTER 23 Internet Access This chapter shows you how to configure the LAN and W AN of your Prestige for Internet access . 23.1 Internet Access Overview Refer to the chapters on the web configurat or’ s wizard, LAN and W AN scre ens for more background information on fields in th e [...]

  • Page 232

    P-660H/HW-T Series User’ Guide 231 Chapter 23 Internet Access Figure 120 IP Alias Network Example Use menu 3.2.1 to co nfigure IP Alias on your Prestige. 23.4 IP Alias Setup Use menu 3.2 to configure the first netw ork. Move the cursor to Edit IP Alias field and press [ SP ACEBAR] to choose Ye s and press [ENTER] to configure the sec ond and thir[...]

  • Page 233

    P-660H/HW-T Series User’ Guide Chapter 23 Internet Access 232 Figure 122 Menu 3.2.1 IP Alias Setup Follow the instructions in the following table to configure IP Alias parameters. 23.5 Route IP Setup The first step is to en able the IP routing in Menu 1 — General Setup . T o edit menu 1, type 1 in the main menu and press [ ENTER ]. Set the Rout[...]

  • Page 234

    P-660H/HW-T Series User’ Guide 233 Chapter 23 Internet Access Figure 123 Menu 1 General Setu p 23.6 Internet Access Configuration Menu 4 allows you to enter the Internet Access information in one screen. Menu 4 is actually a simplified setup for one of t he remote nodes that you can access in menu 11. Before you configure your Prestige for Intern[...]

  • Page 235

    P-660H/HW-T Series User’ Guide Chapter 23 Internet Access 234 . If all your settings are correct your Prestige shou ld connect automatically to the Internet. If the connection fails, note the error message that you receive on the screen and take the appropriate troubleshooting steps. Table 83 Menu 4 Internet Access Setup FIELD DESCRIPTION ISP’s[...]

  • Page 236

    P-660H/HW-T Series User’ Guide 235 Chapter 23 Internet Access[...]

  • Page 237

    P-660H/HW-T Series User’ Guide Chapter 24 Remot e Node Configur ation 236 C HAPTER 24 Remote Node Configuration This chapter covers remo te node configuration. 24.1 Remote Node Setup Overview This section describes the protocol-independent parameters for a remote node. A remote node is required for placing calls to a remote gateway . A remote n o[...]

  • Page 238

    P-660H/HW-T Series User’ Guide 237 Chap ter 24 Remote Node Configuration Figure 125 Menu 1 1 Remote Node Setup 24.2.2 Encap sulation and Multiplexing Scenarios For Internet access you should use the encapsulation and multiple xing methods used by your ISP . Consult your telephone company for information on en capsulation and multiplexing methods [...]

  • Page 239

    P-660H/HW-T Series User’ Guide Chapter 24 Remot e Node Configur ation 238 Figure 126 Menu 1 1 .1 Remote Node Profile In Menu 1 1.1 – Remote Node Profile , fill in the fields as describ ed in the following table. Menu 11.1 - Remote Nod e Profile Rem Node Name= MyISP Route= IP Active= Yes Bridge= No Encapsulation= RFC 1483 Edit IP/Bridge= No Mult[...]

  • Page 240

    P-660H/HW-T Series User’ Guide 239 Chap ter 24 Remote Node Configuration 24.2.3 Outgoing Au thentication Protocol For obvious reasons, you sho uld employ the strongest authentication protocol possible. However , some vendors’ implementation includes specific authentication protocol in the user profile. It will disconnect if the negotiated proto[...]

  • Page 241

    P-660H/HW-T Series User’ Guide Chapter 24 Remot e Node Configur ation 240 24.3 Remote Node Network Layer Options For the TCP/IP parameters, perf orm the following steps to edit Menu 1 1.3 – Remote Node Network Layer Options as shown next. 1 In menu 1 1.1, make sure IP is among the protoc ols in the Route field. 2 Move the cu rs or to the Edit I[...]

  • Page 242

    P-660H/HW-T Series User’ Guide 241 Chap ter 24 Remote Node Configuration 24.3.1 My W AN Addr Sample IP Addresses The following figure uses sample IP addresses to help you u nderstand the field of My W AN Addr in menu 1 1.3. My W AN Addr indicates the local Prestige W AN IP (172.16.0.1 in the following figure) while Rem IP Addr indicates the peer [...]

  • Page 243

    P-660H/HW-T Series User’ Guide Chapter 24 Remot e Node Configur ation 242 Figure 128 Sample IP Addresses for a TC P/IP LAN-to-LAN Connection 24.4 Remote Node Filter Move the cu rs or to the Edit Filter Sets field in menu 1 1.1, then press [SP ACE BAR] to select Ye s . Press [ENTER] to displ ay Menu 1 1.5 – Remote Node Filter . Use Menu 1 1.5 ?[...]

  • Page 244

    P-660H/HW-T Series User’ Guide 243 Chap ter 24 Remote Node Configuration Figure 130 Menu 1 1 .5 Remote Node Filter (PPPoA or PPPoE Encapsulation) 24.5 Editing A TM Layer Options Follow the steps shown next to edit Menu 1 1.6 – Remote Node A TM Layer Options . In menu 1 1.1, move the cursor to the Edit A TM Options field and then press [SP ACE B[...]

  • Page 245

    P-660H/HW-T Series User’ Guide Chapter 24 Remot e Node Configur ation 244 Figure 132 Menu 1 1 .6 for LLC-based Multip lexing or PPP Encapsulation In this case, only one set of VPI and VCI numb ers need be specified for all protocols. The valid range for the VPI is 0 to 25 5 and for the VC I is 32 to 65535 (1 to 31 is reserved for local management[...]

  • Page 246

    P-660H/HW-T Series User’ Guide 245 Chap ter 24 Remote Node Configuration Figure 134 Menu 1 1.8 Advance Setup Options The following table describes the fields in this menu. Menu 11.8 - Advance Se tup Options PPPoE pass-through= No Press ENTER to Confirm or ESC to Cancel: T able 86 Menu 1 1.8 Advance Setup Optio ns FIELD DESCRIPTION PPPoE pass-thro[...]

  • Page 247

    P-660H/HW-T Series User’ Guide Chapter 25 Static Route Setup 246 C HAPTER 25 S t atic Route Setup This chapter shows how to setup IP static routes. 25.1 IP S t atic Route Overview Stat ic routes tell the Prestige ro uting information that it cann ot learn automatically t hrough other means. This can arise in cases where RIP is disabled on the LAN[...]

  • Page 248

    P-660H/HW-T Series User’ Guide 247 Chapter 25 Static Route Setup Figure 136 Menu 12 S tatic Route Setup From menu 12, select 1 to open Menu 12.1 — IP S tatic Route Setup (shown next). Figure 137 Menu 12.1 IP S tatic Route Se tup Now , type the route number of a st atic route you want to configure. Figure 138 Menu12.1.1 Edit IP S tatic Route Men[...]

  • Page 249

    P-660H/HW-T Series User’ Guide Chapter 25 Static Route Setup 248 The following table describes the fields for Menu 12.1.1 – Edit IP S tatic Route Setup . T able 87 Menu12.1.1 Edit IP S t atic Route FIELD DESCRIPTION Route # This is the index number of the stat ic route that you chose in menu 12.1. Route Name T ype a descriptive name for this ro[...]

  • Page 250

    P-660H/HW-T Series User’ Guide 249 Chapter 25 Static Route Setup[...]

  • Page 251

    P-660H/HW-T Series User’ Guide Chapter 26 Bridgin g Setup 250 C HAPTER 26 Bridging Setup This chapter shows you how to configure the bridgin g parameters of your Prestige. 26.1 Bridging in General Bridging bases the forwarding decision on th e MAC (Media Access Control), or ha rdware address, while routing does it on the network layer (IP) addres[...]

  • Page 252

    P-660H/HW-T Series User’ Guide 251 Chapter 26 Bridging Setup Figure 139 Menu 1 1 .1 Remote Node Profile 3 Move the cursor to the Edit IP/Bridge field, then press [ SP ACE BAR ] to set the value to Ye s and press [E NTER] to edit Menu 1 1.3 – Remote Node Network Layer Options . Figure 140 Menu 1 1.3 Remote Node Network Layer Options The followin[...]

  • Page 253

    P-660H/HW-T Series User’ Guide Chapter 26 Bridgin g Setup 252 26.2.2 Bridge St atic Route Setup Similar to network layer static routes, a bridging static route tells the Prestige the route to a node before a conn ection is established. Y o u c onfigure b ridge static routes in menu 12.3.1 (go to menu 12, choose option 3, then choose a static rout[...]

  • Page 254

    P-660H/HW-T Series User’ Guide 253 Chapter 26 Bridging Setup[...]

  • Page 255

    P-660H/HW-T Series User’ Guide Chapter 27 Network Address Translation (NAT) 254 C HAPTER 27 Network Address T ranslation (NA T) This chapter discusses how to configure NA T on the Prestige. 27.1 Using NA T Y ou must create a firewall rule in addition to setting up SUA/NA T , to allow traf fic from the W AN to be forwarded through the Prestige. 27[...]

  • Page 256

    P-660H/HW-T Series User’ Guide 255 Chapter 27 Network Address Transla tion (NAT) Figure 142 Menu 4 Applying NA T for Internet Access The following figure shows how you apply NA T to the remote node in menu 1 1.1. 1 Enter 1 1 from the main menu. 2 When menu 1 1 appears, as shown in the follo wing figure, type the number of the remote node that you[...]

  • Page 257

    P-660H/HW-T Series User’ Guide Chapter 27 Network Address Translation (NAT) 256 27.3 NA T Setup Use the address mapping sets me nus and submenus to create the mapping table used to assign global addresses to computers on the LAN. Set 255 is used for SUA. When you select Full Feature in menu 4 or 1 1.3, the SMT will use Set 1 . When you select SUA[...]

  • Page 258

    P-660H/HW-T Series User’ Guide 257 Chapter 27 Network Address Transla tion (NAT) Figure 145 Menu 15.1 Addr ess Mapping Sets 27.3.1.1 SUA Address Mapping Set Enter 255 to display th e next screen (see also Sect ion 27.1.1 on page 254 ). The fields in this menu cannot be changed. Figure 146 Menu 15.1.255 SUA Address Mapping Rule s The following tab[...]

  • Page 259

    P-660H/HW-T Series User’ Guide Chapter 27 Network Address Translation (NAT) 258 27.3.1.2 User-Defined Address Mapping Set s Now let’ s look at option 1 in menu 15.1. Enter 1 to bring up this menu. W e’ll just look at the differences from the previous menu. Note the extra Action and Select Rule fields mean you can configure rules in this scree[...]

  • Page 260

    P-660H/HW-T Series User’ Guide 259 Chapter 27 Network Address Transla tion (NAT) 27.3.1.3 Ordering Y our Rules Ordering your rules is important because the Pr estige applies the rules in the order that you specify . When a rule matches the c urrent pack et, the Prestige take s the corresponding action and the remaining rules are ignored. If there[...]

  • Page 261

    P-660H/HW-T Series User’ Guide Chapter 27 Network Address Translation (NAT) 260 The following table explains the fields in t his menu. 27.4 Configuring a Server behind NA T Follow these steps to config ure a server behind NA T : 1 Enter 15 in the main menu to go to Menu 15 - NA T Setup . 2 Enter 2 to display Menu 15.2 - NA T Server Sets as shown [...]

  • Page 262

    P-660H/HW-T Series User’ Guide 261 Chapter 27 Network Address Transla tion (NAT) Figure 150 Menu 15.2.1 NA T Server Setup 4 Enter a port number in an unused St a r t P o r t N o field. T o forward only one port, enter it again in the End Port No field. T o specify a range of po rts, enter the last port to be forwarded in the End Port No field. 5 [...]

  • Page 263

    P-660H/HW-T Series User’ Guide Chapter 27 Network Address Translation (NAT) 262 27.5.1 Example 1: Internet Access Only In the following Internet access example, you only need one rule where your ILAs (Inside Local addresses) all map to one dynamic IGA (In side Global Address) assigned by your ISP . Figure 152 NA T Example 1 Figure 153 Menu 4 Inte[...]

  • Page 264

    P-660H/HW-T Series User’ Guide 263 Chapter 27 Network Address Transla tion (NAT) Figure 154 NA T Example 2 In this case, you do exactly as above (use the convenient pre-configured SUA Only set) and also go to menu 15.2 to specify the Inside Server behind the NA T as shown in the next figure. Figure 155 Menu 15.2.1 S pecifying an Inside Server 27.[...]

  • Page 265

    P-660H/HW-T Series User’ Guide Chapter 27 Network Address Translation (NAT) 264 Map the other outgoing LAN traffic to IGA3 ( Many : 1 mapping). Y ou also map your th ird IGA to the web server and mail server on the LAN. T ype Server allows you to specify multiple se rvers, of dif ferent types, to other computers behind NA T on the LAN. The exampl[...]

  • Page 266

    P-660H/HW-T Series User’ Guide 265 Chapter 27 Network Address Transla tion (NAT) Figure 157 Example 3: Menu 1 1.3 The following figures show how to configure the first rule Figure 158 Example 3: Menu 15.1.1.1 Menu 11.3 - Remote Node Network Laye r Options IP Options: Bridge Options: IP Address Assignment= Static Ethernet Addr Timeout (min)= 0 Rem[...]

  • Page 267

    P-660H/HW-T Series User’ Guide Chapter 27 Network Address Translation (NAT) 266 Figure 159 Example 3: Final Menu 15.1.1 Now configure the IGA3 to map to our web server and mail server on the LAN. 1 Enter 15 from the main menu. 2 Enter 2 in Menu 15 - NA T Setup . 3 Enter 1 in Menu 15.2 - NA T Server Sets to see the following men u. Configure it as[...]

  • Page 268

    P-660H/HW-T Series User’ Guide 267 Chapter 27 Network Address Transla tion (NAT) 27.5.4 Example 4: NA T Unfr iendly Application Programs Some applications do not support NA T Mapping using TCP or UDP port address translation. In this case it is better to use Many-to-Many No Overload mapp ing as port numbers do not change for Many-to-Many No Overl[...]

  • Page 269

    P-660H/HW-T Series User’ Guide Chapter 27 Network Address Translation (NAT) 268 Figure 163 Example 4: Menu 15.1.1 Address Map ping Rules Menu 15.1.1 - Address Mapping Rules Set Name= Example4 Idx Local Start IP Local End IP Glob al Start IP Global End I P Type --- --------------- ------------ --------------- --------------- ---- 1. 192.168.1.10 1[...]

  • Page 270

    P-660H/HW-T Series User’ Guide 269 Chapter 27 Network Address Transla tion (NAT)[...]

  • Page 271

    P-660H/HW-T Series User’ Guide Chapter 28 Enabling the Firewall 270 C HAPTER 28 Enabling the Firewall This chapter shows you how to get started with the Prestige firewall. 28.1 Remote Management and the Firewall When SMT menu 24.1 1 is configured to allo w management and the firewall is enabled: • The firewall blocks remote management from the [...]

  • Page 272

    P-660H/HW-T Series User’ Guide 271 Chapte r 28 Enabling the Firew all Figure 164 Menu 21.2 Firewa ll Setup Use the we b configurator o r the comman d in terpreter to configure the firewall rules Menu 21.2 - Firewall Setup The firewall protects against Denial of Service (DOS) attacks when it is active. The default Poli cy sets 1. allow all session[...]

  • Page 273

    P-660H/HW-T Series User’ Guide Chapter 29 Filter Configuration 272 C HAPTER 29 Filter Configuration This chapter shows you how to create and apply filters. 29.1 About Filtering Y our Prestige uses filters to deci de whether or not to allow passage of a data packet and/or to make a call. There are two types of filter appli cations: data filtering [...]

  • Page 274

    P-660H/HW-T Series User’ Guide 273 Chapter 29 Filter Configuration Figure 166 Filter Rule Process Y ou can apply up to four filter sets to a partic ular port to block various types of packets. Because each filter set can have up to six rules, you can have a maximum of 24 rules active for a single port. For incoming packets, yo ur Prestige applies[...]

  • Page 275

    P-660H/HW-T Series User’ Guide Chapter 29 Filter Configuration 274 29.2 Configuring a Filter Set for the Prestige T o configure a filter set, follow the steps shown next. 1 Enter 21 in the main menu to display Menu 21 – Filter and Fir ewall Setup . 2 Enter 1 to display Menu 21.1 – Filter Set Configu ration as shown next. Figure 167 Menu 21 Fi[...]

  • Page 276

    P-660H/HW-T Series User’ Guide 275 Chapter 29 Filter Configuration Figure 169 NetBIOS_LAN Filter Rules Summary Figure 170 IGMP Filter Rules Summary 29.3 Filter Rules Summary Menus The following tables briefly descri be the abbreviations used in menus 21.1.1 and 21.1.2. Menu 21.1.3 - Filter Rules Summary # A Type Filter Rules M m n - - ---- ------[...]

  • Page 277

    P-660H/HW-T Series User’ Guide Chapter 29 Filter Configuration 276 The protocol dependent filter rules abbreviation are listed as follows: 29.4 Configuring a Filter Rule T o configure a filter rule , type its number in Menu 21.1.x – Filter Rules Summary and press [ENTER] to open menu 21.1 .x.1 for the rule. There are two types of filter rules: [...]

  • Page 278

    P-660H/HW-T Series User’ Guide 277 Chapter 29 Filter Configuration 29.4.1 TCP/IP Filter Rule This section shows you how to configure a TCP/IP filter rule. TCP/IP rules allow you to base the rule on the fiel ds in the IP and the upper layer p rotocol, for example, UDP and TCP headers. T o configure TCP/ IP rules, select TCP/IP Filter Rule from the[...]

  • Page 279

    P-660H/HW-T Series User’ Guide Chapter 29 Filter Configuration 278 The following figure illustrates th e logic flow of an IP filter. Port # T ype the destination port of the packets you want to filter . The field range is 0 to 65535. A 0 field i s ignored. Port # Comp Select the comparison to apply to the dest inatio n port in the packet against [...]

  • Page 280

    P-660H/HW-T Series User’ Guide 279 Chapter 29 Filter Configuration Figure 172 Executing an IP Filter 29.4.2 Generic Filter Rule This section shows you how to co nfigure a generic filter rule. The purpose of generic rules is to allow you to filter non-IP packets. For IP , it is generally easier to us e the IP rules directly .[...]

  • Page 281

    P-660H/HW-T Series User’ Guide Chapter 29 Filter Configuration 280 For generic rules, the Prestige treats a packe t as a byte stream as opposed to an IP packet. Y ou specify the portion of the packet to check with the Offset (from 0) and the Length fields, both in bytes. The Prestig e applies the Mask (bit-wise ANDing) to the data portion before [...]

  • Page 282

    P-660H/HW-T Series User’ Guide 281 Chapter 29 Filter Configuration 29.5 Filter T ypes and NA T There are two classes of filter rules, Generic Filter Device rules and Protocol Filter ( TCP/IP ) rules. Generic Filter rules act on the raw data from/ to LAN and W A N. Protocol Filter rules act on IP packets. When NA T (Network Address T ranslation) i[...]

  • Page 283

    P-660H/HW-T Series User’ Guide Chapter 29 Filter Configuration 282 Figure 175 Sample T elnet Filter 1 Enter 1 in the menu 21 to display Menu 21.1 — Fi lter Set Configuration . 2 Enter the index number of th e filter set you want to configure (in this case 6) . 3 T ype a descriptive name or comment in the Edit Comments field (for example, TELNET[...]

  • Page 284

    P-660H/HW-T Series User’ Guide 283 Chapter 29 Filter Configuration 2 Go to the Edit Filter Sets field, press [SP ACE BAR] to choose Ye s and press [ENTER]. This brings you to menu 1 1.5. Apply the example fi lter set (for example, filter set 3) in this menu as shown in the next section. This shows you that you have configured and activated ( A = [...]

  • Page 285

    P-660H/HW-T Series User’ Guide Chapter 29 Filter Configuration 284 29.7.1 Ethernet T raffic Y ou seldom need to filter Ethernet traf fic; however , the filter sets may be useful to block certain packets, reduce traffic and prevent secur ity breaches. Go to me nu 3.1 (shown next ) and type the number(s) of the filter set (s) that you want to apply[...]

  • Page 286

    P-660H/HW-T Series User’ Guide 285 Chapter 29 Filter Configuration[...]

  • Page 287

    P-660H/HW-T Series User’ Guide Chapter 30 SNMP Configuration 286 C HAPTER 30 SNMP Configuration This chapter explains SNMP Configuration menu 22. 30.1 About SNMP Simple Network Management Protocol (SNM P) i s a protocol u sed for excha nging management information b etween network devices. SNMP is a member of th e TCP/IP protocol suite. Y our Pre[...]

  • Page 288

    P-660H/HW-T Series User’ Guide 287 Chapter 30 SNMP Configuration The managed devices cont ain object variables/ managed objects that define each piece of information to be collected ab out a device. Examples of vari ables include the number of packets received, node port status etc. A Ma nagement Information Ba se (MIB) is a collection of managed[...]

  • Page 289

    P-660H/HW-T Series User’ Guide Chapter 30 SNMP Configuration 288 Figure 181 Menu 22 SNMP Configurat ion The following table describes the SNMP configuration parameters. 30.4 SNMP T rap s The Prestige will send traps to the SNMP mana ger when any one of t he following events occurs: Menu 22 - SNMP Configuration SNMP: Get Community= public Set Comm[...]

  • Page 290

    P-660H/HW-T Series User’ Guide 289 Chapter 30 SNMP Configuration The port number is its interface index under the interface group. 5 authenticationFailure ( defined in RFC-1215 ) A trap is sent to the manager when receiving any SNMP gets or set s requirements with wrong community (password). 6 whyReboot (defin ed in ZYXEL-MIB) A trap is sent with[...]

  • Page 291

    P-660H/HW-T Series User’ Guide Chapter 31 System Security 290 C HAPTER 31 System Security This chapter describes how to configur e the system security on the Prestige. 31.1 System Security Y ou can configure the system password. 31.1.1 System Password Enter 23 in the main menu to display Menu 23 – System Security . Y ou should change the d efau[...]

  • Page 292

    P-660H/HW-T Series User’ Guide 291 Chapter 31 Syst em Security Figure 183 Menu 23.2 System Security: RADIUS Server The following table describes the fields in this menu. Menu 23.2 - System Security - RADIUS Server Authentication Server: Active= No Server Address= 10.1 1.12.13 Port #= 1812 Shared Secret= ***** *** Accounting Server: Active= No Ser[...]

  • Page 293

    P-660H/HW-T Series User’ Guide Chapter 31 System Security 292 31.1.3 IEEE 802.1x The IEEE 802.1x standards outline enhanced security methods for both the authentication of wireless stations and en cryption key managemen t. Follow the steps below to enable EA P authentication on your Prestige. 1 From the main menu, enter 23 to display Menu23 – S[...]

  • Page 294

    P-660H/HW-T Series User’ Guide 293 Chapter 31 Syst em Security T able 103 Menu 23.4 System Security: IEEE 80 2.1x FIELD DESCRIPTION Wireless Port Control Press [SP ACE BAR] and select a securi ty mode for the wireless LAN access. Select No Authentication Required to allow any wi reless st ations access to your wired network without entering usern[...]

  • Page 295

    P-660H/HW-T Series User’ Guide Chapter 31 System Security 294 Once you enable user authenticatio n, you need to specify an exte rnal RADIUS server or create local user accounts on the Prestige for authentication. 31.2 Creating User Account s on the Prestige By storing user profiles locally , your Prestige is able to authenticate wireless users wi[...]

  • Page 296

    P-660H/HW-T Series User’ Guide 295 Chapter 31 Syst em Security Figure 186 Menu 14 Dial-in User Setup 2 T ype a nu mber and press [ENTER] to edit the user profile. Figure 187 Menu 14.1 Edit Dial-in User The following table describes the fields in this menu. Menu 14 - Dial-in U ser Setup 1. ________ 9. ________ 17. ________ 25. ________ 2. ________[...]

  • Page 297

    P-660H/HW-T Series User’ Guide Chapter 32 System Inform ation and Diagnosis 296 C HAPTER 32 System Information and Diagnosis This chapter covers the information and diag nostic tools in SMT menus 24.1 to 24.4. 32.1 Overview These tools include updates on system status , port status, log and trace capabiliti es and upgrades for the system software[...]

  • Page 298

    P-660H/HW-T Series User’ Guide 297 Chapter 32 System Information and Diagnosis The following table describes the fields present in Menu 24.1 — System Maintenance — St a t u s which are read-only an d meant for diagnostic purposes. Figure 189 Menu 24.1 System Maintenance : S ta tus The following table describes the fields present in Menu 24.1 [...]

  • Page 299

    P-660H/HW-T Series User’ Guide Chapter 32 System Inform ation and Diagnosis 298 32.3 System Information T o get to the System Information: 1 Enter 24 to display Menu 24 — System Maintenance . 2 Enter 2 to display Menu 24.2 — System In form ation and Console Port Speed . From this menu you have two choices as shown in th e next figure: Figure [...]

  • Page 300

    P-660H/HW-T Series User’ Guide 299 Chapter 32 System Information and Diagnosis Figure 191 Menu 24.2.1 System Maintenance: In formation The following table describes the fields in this menu. 32.3.2 Console Port Speed Note: The console port is intern al and reserved for technician use only . Y ou can set up different port speeds for the console por[...]

  • Page 301

    P-660H/HW-T Series User’ Guide Chapter 32 System Inform ation and Diagnosis 300 Figure 192 Menu 24.2.2 System Maintenance : Chang e Console Port S peed Once you change the Prestige console port speed , you must also set the speed parameter for the communication software you are using to connect to the Prestige. 32.4 Log and T race There are two l[...]

  • Page 302

    P-660H/HW-T Series User’ Guide 301 Chapter 32 System Information and Diagnosis Figure 194 Sample Error an d Informat ion Messages 32.4.2 Syslog and Accounting The Prestige uses the syslog fa cility to log the CDR (Call Deta il Record) and system messages to a syslog server. Syslog and accounting can be configured in Menu 24.3.2 — System Mainten[...]

  • Page 303

    P-660H/HW-T Series User’ Guide Chapter 32 System Inform ation and Diagnosis 302 Figure 196 Syslog Example 1 - CDR SdcmdSyslogSend ( SYSLOG_CDR, SYSLOG _INFO, String); String = board xx line xx channel xx , call xx, str board = the hardware board ID line = the WAN ID in a board Channel = channel ID within the WAN call = the call reference nu mber [...]

  • Page 304

    P-660H/HW-T Series User’ Guide 303 Chapter 32 System Information and Diagnosis 32.5 Diagnostic The diagnostic facility allows you to test the di f ferent aspects of your Prestige to determine if it is working properly . Menu 24.4 allows you to choo se among various types of diagn ostic tests to evaluate your system, as shown in the following figu[...]

  • Page 305

    P-660H/HW-T Series User’ Guide Chapter 32 System Inform ation and Diagnosis 304 The following table describes the diagnostic tests available in menu 24.4 for and the connections. T able 108 Menu 24.4 System Ma intenance Menu: Diagnostic FIELD DESCRIPTION Reset xDSL R e-initialize the xDSL link to the tel ephone company . Ping Host Ping the host t[...]

  • Page 306

    P-660H/HW-T Series User’ Guide 305 Chapter 32 System Information and Diagnosis[...]

  • Page 307

    P-660H/HW-T Series User’ Guide Chapter 33 Firmware and Confi guration File Maintenance 306 C HAPTER 33 Firmware and Configuration File Maintenance This chapter tells y ou how to backup and restor e your configuration file as well as upload new firmware and configuration files. 33.1 Filename Conventions The configuration file (often ca lled the ro[...]

  • Page 308

    P-660H/HW-T Series User’ Guide 307 Chapter 33 Firmware and Con figuration File Main tenance The following table is a summary . Please note that the internal filename refe rs to the filename on the Prestige and the external f ilename refers to the filename not on the Prestige, that is, on your computer , local network or FTP site and so the name ([...]

  • Page 309

    P-660H/HW-T Series User’ Guide Chapter 33 Firmware and Confi guration File Maintenance 308 Figure 198 T elnet in Menu 24.5 33.2.2 Using the FTP Command from the Comman d Line 1 Launch the FTP client on your computer . 2 Enter “ open ”, followed by a space and the IP address of your Prestige. 3 Press [ENTER] when prompted for a username. 4 Ent[...]

  • Page 310

    P-660H/HW-T Series User’ Guide 309 Chapter 33 Firmware and Con figuration File Main tenance Figure 199 FTP Session Example 33.2.4 GUI-based FTP Clients The following table describes some of the commands that you may see in GUI-based FTP clients. 33.2.5 TFTP and FTP over W A N Management Limit ations TFTP , FTP and T elnet over W AN will not work [...]

  • Page 311

    P-660H/HW-T Series User’ Guide Chapter 33 Firmware and Confi guration File Maintenance 310 33.2.6 Backup Configuration Using TFTP The Prestige support s the up/downloading of the firmware and the configuration file usi ng TFTP (T rivial File T ransfer Protocol) over LA N. Alt hough TFTP should work over W AN as well, it is not recommended. T o us[...]

  • Page 312

    P-660H/HW-T Series User’ Guide 311 Chapter 33 Firmware and Con figuration File Main tenance Refer to Section 33.2.5 on page 309 to read about configurations that disallow TFTP and FTP over W AN. 33.3 Restore Configuration This section shows you how to restore a previ ously saved configuration. Note that this function erases the current configurat[...]

  • Page 313

    P-660H/HW-T Series User’ Guide Chapter 33 Firmware and Confi guration File Maintenance 312 Figure 200 T elnet in to Menu 24. 6 1 Launch the FTP client on your computer . 2 Enter “ open ”, followed by a space and the IP address of your Prestige. 3 Press [ENTER] when prompted for a username. 4 Enter your password as requested (the default is ?[...]

  • Page 314

    P-660H/HW-T Series User’ Guide 313 Chapter 33 Firmware and Con figuration File Main tenance 33.4 Uploading Firmware and Configuration Files This section shows you how to upload firmware and configuratio n files. Y ou can upload configuration files by following the procedure in Section 33.2 on page 307 or by following the instructions in Menu 24.7[...]

  • Page 315

    P-660H/HW-T Series User’ Guide Chapter 33 Firmware and Confi guration File Maintenance 314 Figure 203 T elnet Into Menu 24.7.2 System Maintenance T o upload the firmware and the configuration file, follow these examples 33.4.3 FTP File Upload Comman d from the DOS Prompt Example 1 Launch the FTP client on your computer . 2 Enter “ open ”, fol[...]

  • Page 316

    P-660H/HW-T Series User’ Guide 315 Chapter 33 Firmware and Con figuration File Main tenance 33.4.4 FTP Session Exampl e of Firmware File Upload Figure 204 FTP Session Example of Firmware File Upload More commands (found in GUI-based FTP clie nts) are listed earlier in this chapter . Refer to Section 33.2.5 o n page 309 to read about configuration[...]

  • Page 317

    P-660H/HW-T Series User’ Guide Chapter 33 Firmware and Confi guration File Maintenance 316 33.4.6 TFTP Upload Command Example The following is an example TFTP command: tftp [-i] host put firmware.bin ras where “ i ” specifies binary image transfer mode (use this mode when transferring binary files), “ host ” is the Prestige’ s IP addres[...]

  • Page 318

    P-660H/HW-T Series User’ Guide 317 Chapter 33 Firmware and Con figuration File Main tenance[...]

  • Page 319

    P-660H/HW-T Series User’ Guide Chapter 34 System Maintenance 318 C HAPTER 34 System Maintenance This chapter leads you through SM T menus 24.8 to 24.10 . 34.1 Command Interpreter Mode The Command Interpreter (CI) is a part of the ma in system firmware. The CI provides much of the same functionality as the SMT , while a dding some low-level se tup[...]

  • Page 320

    P-660H/HW-T Series User’ Guide 319 Chapter 34 System M aintenance 34.2 Call Control Support Call Control Support is only applicable when Encapsulation is set to PPPoE in menu 4 or menu 1 1.1. The budget management func tion allows you to set a limit on the total outgoing call time of the Prestige within certain times. When the to tal outgoing cal[...]

  • Page 321

    P-660H/HW-T Series User’ Guide Chapter 34 System Maintenance 320 Figure 208 Menu 24.9.1 System Maintenance: Budg et Management The total budget is the time li mit on the accumulated time for ou tgoing calls to a remo te node. When this limit is reached, th e call will be dropped and further outgoing calls to that remote node will be blocked. Afte[...]

  • Page 322

    P-660H/HW-T Series User’ Guide 321 Chapter 34 System M aintenance Figure 209 Menu 24 System Maintenance Then enter 10 to go to Menu 24.10 System Maintenance Time and Date Setting to update the time and date settings of your Pres tige as shown in th e following screen. Figure 210 Menu 24.10 System Maintenance : T ime and Date Setting Menu 24 - Sys[...]

  • Page 323

    P-660H/HW-T Series User’ Guide Chapter 34 System Maintenance 322 34.3.1 Resetting the T ime • The Prestige resets the time in three instances: • On leaving menu 24.10 after making changes. • When the Prestige starts up, if there is a timeserver co nfigured in menu 24.10. • 24-hour intervals after starting. Current T ime This field display[...]

  • Page 324

    P-660H/HW-T Series User’ Guide 323 Chapter 34 System M aintenance[...]

  • Page 325

    P-660H/HW-T Series User’ Guide Chapter 35 Remo te Management 324 C HAPTER 35 Remote Management This chapte r covers re mote mana gement (SM T menu 24. 11). 35.1 Remote Management Overview Remote management allows you to determ ine which services/protocols can access which Prestige interface (if any) from which computers. When you configure remote[...]

  • Page 326

    P-660H/HW-T Series User’ Guide 325 Chapter 35 Remote Management Figure 21 1 Menu 24.1 1 Re mote Management Contro l The following table describes the fields in this menu. 35.2.2 Remote Management Limit ations Remote management over LAN or W AN will not work when: • A filter in menu 3.1 (LAN) or in menu 1 1.5 (W AN) is applied to block a T elnet[...]

  • Page 327

    P-660H/HW-T Series User’ Guide Chapter 35 Remo te Management 326 35.3 Remote Management and NA T When NA T is enabled: • Use the Prestige’ s W AN IP addre ss when configuring from the W AN. • Use the Prestige’ s LAN IP address when config uring from the LAN. 35.4 System T imeout There is a default system management idle tim eout of five m[...]

  • Page 328

    P-660H/HW-T Series User’ Guide 327 Chapter 35 Remote Management[...]

  • Page 329

    P-660H/HW-T Series User’ Guide Chapter 36 IP Policy Routing 328 C HAPTER 36 IP Policy Routing This chapter covers setting and appl ying policies used for IP routing. 36.1 IP Policy Routing Overview T raditionally , routing is based on the destinatio n address only and the IAD takes the shortest path to forward a packet. IP Routing Polic y (IPPR) [...]

  • Page 330

    P-660H/HW-T Series User’ Guide 329 Chapter 36 IP Policy Routing • routing the packet to a different gate way (and hence the outgoing interface). • setting the TO S and precedence fields in the IP header . IPPR follows the existing packet filtering facility of RAS in st yle and in impl ementation. The policies are divided into sets, where rela[...]

  • Page 331

    P-660H/HW-T Series User’ Guide Chapter 36 IP Policy Routing 330 Figure 213 Menu 25.1 IP Routing Po licy Setup T ype a n umber from 1 to 6 to display Menu 25.1.1 – IP Routing Policy (see the next figure). This menu allows you to configure a policy rule. Menu 25.1 - IP Routing Policy Setup # A Criteri a/Action - - ------------------------------- [...]

  • Page 332

    P-660H/HW-T Series User’ Guide 331 Chapter 36 IP Policy Routing Figure 214 Menu 25.1.1 IP Routing Policy The following table describes the fields in this menu. Menu 25.1.1 - IP Routing Policy Policy Set Name= test Active= No Criteria: IP Protocol = 0 Type of Service= Don't Care Packet length= 0 Precedence = Don't Care Len Comp= N/A Sour[...]

  • Page 333

    P-660H/HW-T Series User’ Guide Chapter 36 IP Policy Routing 332 36.5 Applying an IP Policy This section shows yo u where to apply the IP policies after you design them. 36.5.1 Ethernet IP Policies From Menu 3 — Ethernet Setup , type 2 to go to Menu 3 .2 — TCP/IP and DHCP Ethernet Setup . Y ou can choose up to four IP policy sets (from 12) by [...]

  • Page 334

    P-660H/HW-T Series User’ Guide 333 Chapter 36 IP Policy Routing Figure 215 Menu 3.2 TCP/IP and DHCP Ethernet Se tup Go to menu 1 1.3 (shown next) and typ e the number(s) of the IP Routing Policy set(s) as appropriate. Y ou can cascade up to four polic y sets by typing their numbers separated by commas. Figure 216 Menu 1 1.3 Remote Node Network La[...]

  • Page 335

    P-660H/HW-T Series User’ Guide Chapter 36 IP Policy Routing 334 Route 1 represents the default IP route and route 2 represents the configured IP route. Figure 217 Example of IP Policy Routing T o force packets comin g from clients with IP addresses of 192.16 8.1.33 to 192.168.1.64 to be routed to the Internet via the W AN port of the Prestige, fo[...]

  • Page 336

    P-660H/HW-T Series User’ Guide 335 Chapter 36 IP Policy Routing Figure 218 IP Routing Policy Example 1 Check Menu 25.1 — IP Routing Policy S etup to see if the rule is added correctly . 2 Create another policy set in menu 25. 3 Create a rule in menu 25.1 for this set to route packets from any host ( IP=0.0.0.0 means any host) with protocol TCP [...]

  • Page 337

    P-660H/HW-T Series User’ Guide Chapter 36 IP Policy Routing 336 Figure 219 IP Routing Policy Example 4 Check Menu 25.1 — IP Routing Policy S etup to see if the rule is added correctly . 5 Apply both policy sets in menu 3.2 as shown n ext. Figure 220 Applying IP Policies Example Menu 25.1.1 - IP Routing Policy Policy Set Name= set2 Active= Yes C[...]

  • Page 338

    P-660H/HW-T Series User’ Guide 337 Chapter 36 IP Policy Routing[...]

  • Page 339

    P-660H/HW-T Series User’ Guide Chapter 37 Call Scheduling 338 C HAPTER 37 Call Scheduling Call scheduling (applicable for PPPoA or PPPoE encapsulati on only) allows you to dictate when a remote node sho uld be called and for how long. 37.1 Introduction The call scheduling feature allows the Prestige to manage a remote node and dictate when a remo[...]

  • Page 340

    P-660H/HW-T Series User’ Guide 339 Chapter 37 Call Scheduling T o setup a schedule set, select the schedule set you wan t to setup from menu 26 (1-12) and press [ENTER] to see Menu 26.1 — Schedule Set Setup as shown next. Figure 222 Menu 26.1 Schedule Set Setup If a connection has been already established, your Prestige will not drop it. Once t[...]

  • Page 341

    P-660H/HW-T Series User’ Guide Chapter 37 Call Scheduling 340 Once your schedule sets are conf igured , you must then apply them to the desired remote node(s). Enter 1 1 from the Main Menu and then enter the tar get remote node index. Usin g [SP A CE BAR] , select PPPoE or PPPoA in the Encapsulation field and then press [ENTER] to make the schedu[...]

  • Page 342

    P-660H/HW-T Series User’ Guide 341 Chapter 37 Call Scheduling[...]

  • Page 343

    P-660H/HW-T Series User’ Guide Chapter 38 Troubleshooting 342 C HAPTER 38 T roubleshooting This chapter covers potential proble ms and the corresponding remedies. 38.1 Problems St arting Up the Prestige 38.2 Problems with the LAN Table 118 Troubleshooting Starting Up Your Prestige PROBLEM CORRECTIVE ACTION None of the LEDs turn on when I turn on [...]

  • Page 344

    P-660H/HW-T Series User’ Guide 343 Chapter 38 Troublesh ooting 38.3 Problems with the W A N Table 120 Troubleshooting the WAN PROBLEM CORRECTIVE ACTION The DSL LED is off. Check the telephone wire and connections betwee n the Prestige DSL port and the wall jack. Make sure that the telephone company has checked your phone line and set it up for DS[...]

  • Page 345

    P-660H/HW-T Series User’ Guide Chapter 38 Troubleshooting 344 38.4 Problems Accessing the Prestige 38.4.1 Pop-up Windows, Ja vaScript s and Java Permissions In order to use the web configurator you need to allow: • W eb browser pop-up windows from your device. • JavaScripts (enabled by default). • Java permissions (enabled by default). Note[...]

  • Page 346

    P-660H/HW-T Series User’ Guide 345 Chapter 38 Troublesh ooting Figure 224 Pop-up Blocker Y ou can also check if pop-up bloc king is disabled in the Pop-up Blocker section in the Privacy tab. 1 In Internet Explorer , select To o l s , Internet Options , Privacy . 2 Clear the Block pop-ups check box in the Pop-up Block er section of the screen. Thi[...]

  • Page 347

    P-660H/HW-T Series User’ Guide Chapter 38 Troubleshooting 346 Figure 226 Internet Options 3 T ype the IP address of your device (the web page that you do not want to have blocked) with the prefix “http://”. For example, http://192.168.1.1. 4 Click Add to move the IP address to the list of Allowed sites .[...]

  • Page 348

    P-660H/HW-T Series User’ Guide 347 Chapter 38 Troublesh ooting Figure 227 Pop-up Blocker Settings 5 Click Close to return to the Privacy screen. 6 Click Apply to save this setting. 38.4.1.2 JavaScript s If pages of the web configura tor do not display properly in Internet Explorer, check that JavaScripts are allowed. 1 In Internet Explorer , clic[...]

  • Page 349

    P-660H/HW-T Series User’ Guide Chapter 38 Troubleshooting 348 Figure 228 Internet Options 2 Click the Custom Level... button. 3 Scroll down to Scripting . 4 Under Active scripting make sure that Enable is selected (the default). 5 Under Scripting of Java applets make sure that Enable is sele cted (the default). 6 Click OK to clos e the window .[...]

  • Page 350

    P-660H/HW-T Series User’ Guide 349 Chapter 38 Troublesh ooting Figure 229 Security Settings - Java Scripting 38.4.1.3 Java Permissions 1 From Internet Explorer , click To o l s , I nternet Options and then the Security tab. 2 Click the Custom Level... button. 3 Scroll down to Microsoft VM . 4 Under Java permissions make sure that a safety level i[...]

  • Page 351

    P-660H/HW-T Series User’ Guide Chapter 38 Troubleshooting 350 Figure 230 Security Settings - Java 38.4.1.3.1 JA V A (Sun) 1 From Internet Explorer , click To o l s , I nternet Options and then the Advance d tab. 2 make sure that Use Java 2 for <applet> u nder Java (Sun) is selected. 3 Click OK to clos e the window .[...]

  • Page 352

    P-660H/HW-T Series User’ Guide 351 Chapter 38 Troublesh ooting Figure 231 Java (Sun) 38.4.2 ActiveX Controls in Internet Explorer If ActiveX is disabled, you will not be able to download ActiveX cont rols or to use T rend Micro Security Services. Make sure that ActiveX controls are allowed in Internet Explorer . Screen shots for Internet Explorer[...]

  • Page 353

    P-660H/HW-T Series User’ Guide Chapter 38 Troubleshooting 352 Figure 232 Internet Options Security 3 Scroll down to ActiveX controls and plug-ins . 4 Under Download signed ActiveX controls select the Prompt radio button. 5 Under Run ActiveX controls and plug-ins make sure the Enable radio button is selected. 6 Then click the OK button.[...]

  • Page 354

    P-660H/HW-T Series User’ Guide 353 Chapter 38 Troublesh ooting Figure 233 Security Setting ActiveX Controls[...]

  • Page 355

    P-660H/HW-T Series User’ Guide Appendix A 354 Appendix A Product S pecifications See also the Introduction ch apter for a general overvi ew of the key features. S pecification T ables Table 122 Device Default IP Address 192.168.1 .1 Default Subnet Mask 255.255 .255.0 (24 bits) Default Password 1234 DHCP Pool 1 92.168.1.32 to 192.168.1.64 Dimensio[...]

  • Page 356

    P-660H/HW-T Series User’ Guide 355 Appendix A Table 123 Firmware ADSL S tandards Multi-Mode standard (ANSI T1.413,Issu e 2; G .dmt(G .992.1 ); G .lite(G992.2)). ADSL2 G .dmt.bis (G .992.3) ADSL2 G .lite.bis (G .992.4) ADSL2+ (G .992.5) Reach-Extended ADSL (RE ADSL) SRA (Seamless Rate Adaptation) Auto-negotiating rate adaptation ADSL physical conn[...]

  • Page 357

    P-660H/HW-T Series User’ Guide Appendix A 356 Firewall S tateful Packet Inspection. Prevent Denial of Service attacks such as Ping of Death, SYN Flood, LAND, Smurf etc . Real time E-mail alerts. Reports and logs. NA T/SUA Port Forwarding 1024 NA T sessions Multimedia application PPTP under NA T/SUA IPSec passthrough SIP ALG passthrough VPN passth[...]

  • Page 358

    P-660H/HW-T Series User’ Guide 357 Appendix A[...]

  • Page 359

    P-660H/HW-T Series User’ Guide Appendix B 358 A PPENDIX B W all-mounting Instructions Do the following to hang your Prestige on a wall. Note: See the product specifications appe ndix for the size of screws to use and how far apart to place them. 1 Locate a high posit ion on wall that is free of obstr uctions. Use a sturdy wall. 2 Drill two holes [...]

  • Page 360

    P-660H/HW-T Series User’ Guide 359 Appendix B[...]

  • Page 361

    P-660H/HW-T Series User’ Guide Appendix C 360 Appendix C Setting up Y our Computer ’ s IP Address All computers must have a 10M or 100M Et hernet adapter card and TCP/IP installed. W indows 95/98/Me/NT/2000/XP , Macintosh OS 7 and later operating systems and all versions of UNIX/LINUX include the software components you need to install and use [...]

  • Page 362

    P-660H/HW-T Series User’ Guide 361 Appendix C Figure 235 WIndows 95/98 /Me: Networ k: Configura tion Inst alling Components The Network window Configuration tab displays a list of installed components. Y ou need a network adapter , the TCP/IP protocol and Client for Mic rosoft Networks. If you need the adapter: 1 In the Network window , click Add[...]

  • Page 363

    P-660H/HW-T Series User’ Guide Appendix C 362 3 Select Microsoft from the list of manufacturers. 4 Select Client for Microsoft Networks from the list of network clients and then click OK . 5 Restart your computer so the changes you made take ef fect. Configuring 1 In the Network window Configuration tab, select your network adapter's T CP/IP[...]

  • Page 364

    P-660H/HW-T Series User’ Guide 363 Appendix C Figure 237 Windows 95/98/Me : TCP/IP Pr operties: DNS Configuration 4 Click the Gateway tab. • If you do not know your gateway’ s IP ad dress, remove previously installed gateways. • If you have a gateway IP addr ess, type it in the New gateway field and click Add . 5 Click OK to save and close [...]

  • Page 365

    P-660H/HW-T Series User’ Guide Appendix C 364 Figure 238 Windows XP: S tart Menu 2 In the Control Panel , double-click Network Connections ( Network and Dial-up Connections in W i ndows 2000/NT). Figure 239 Windows XP: Control Panel 3 Right-click Local Area Connection and then click Pr oper ties .[...]

  • Page 366

    P-660H/HW-T Series User’ Guide 365 Appendix C Figure 240 Windows XP: Control Panel: Network Connections: Pro perties 4 Select Internet Protocol (TCP/IP) (under the Genera l tab in W in XP) and then click Properties . Figure 241 Windows XP: Local Area Conne ction Properties 5 The Internet Pr otocol TCP/IP Properties window opens (the General tab i[...]

  • Page 367

    P-660H/HW-T Series User’ Guide Appendix C 366 • Click Advanced . Figure 242 Windows XP: Internet Protocol (TCP/IP) Propert ies 6 If you do not know your gateway's IP address, remove any previously installed gateways in the IP Settings tab and click OK . Do one or more of the fo llowing if you want to configu re additional IP add resses: ?[...]

  • Page 368

    P-660H/HW-T Series User’ Guide 367 Appendix C Figure 243 Windows XP: Advanced TCP/IP Properties 7 In the Internet Protocol TCP/IP Pr operties window (the General tab in W indows XP): • Click Obtain DNS server address automatically if you do not know your DNS server IP address(es). • If you know your DNS server IP address(es), click Use the fo[...]

  • Page 369

    P-660H/HW-T Series User’ Guide Appendix C 368 Figure 244 Windows XP: Internet Protocol (TCP/IP) Propert ies 8 Click OK to close the Internet Protocol (TCP/IP) Pr operties window . 9 Click Close ( OK in W indows 2000/NT) to close the Local Area Connection Properties window . 10 Close the Network Connections window ( Network and Dial-up Connections[...]

  • Page 370

    P-660H/HW-T Series User’ Guide 369 Appendix C Figure 245 Macintosh OS 8/9: Apple Menu 2 Select Ethernet built-in from the Connect via list. Figure 246 Macintosh O S 8/9: TC P/IP 3 For dynamically assigned settings, select Using DHCP Server from the Configur e: list.[...]

  • Page 371

    P-660H/HW-T Series User’ Guide Appendix C 370 4 For statically assigned settings, do the following: •F r o m t h e Configure box, select Manually . • T ype your IP address in the IP Address box. • T ype your subnet mask in the Subnet mask box. • T ype the IP address of your Prestige in the Router address box. 5 Close the TCP/IP Contr ol P[...]

  • Page 372

    P-660H/HW-T Series User’ Guide 371 Appendix C Figure 248 Macintosh O S X: Netw ork 4 For statically assigned settings, do the following: •F r o m t h e Configure box, select Manually . • T ype your IP address in the IP Address box. • T ype your subnet mask in the Subnet mask box. • T ype the IP address of your Prestige in the Router addre[...]

  • Page 373

    P-660H/HW-T Series User’ Guide Appendix C 372 Note: Make sure you are logged in as the ro ot administrator . Using the K Desktop Environment (KDE) Follow the steps below to configure your computer IP address using the KDE. 1 Click the Red Hat button (located on the bottom left corner), select System Setting and click Network . Figure 249 Red Hat [...]

  • Page 374

    P-660H/HW-T Series User’ Guide 373 Appendix C • If you have a dynamic IP address click Automatically obtain IP addr ess settings with and select dhcp from the drop down list. • If you have a static IP address click S tatically set IP Addresses and fill in the Address , Sub net mask , and Default Gateway Address fields. 3 Click OK to save the [...]

  • Page 375

    P-660H/HW-T Series User’ Guide Appendix C 374 1 Assuming that you have only one network card on th e computer , locate the ifconfig - eth0 configuration file (where eth0 is the name of the Ethernet card). Open the configuration file with any plain text editor . • If you have a dynamic IP address, enter dhcp in the BOOTPROTO= field. The followin[...]

  • Page 376

    P-660H/HW-T Series User’ Guide 375 Appendix C Figure 256 Red Hat 9.0: Restart Eth ernet Card V erifying Settings Enter ifconfig in a terminal screen to ch eck your TCP/IP properties. Figure 257 Red Hat 9.0: Checking TCP/IP Properties [root@localhost init.d]# network res tart Shutting down interface eth0: [OK] Shutting down loopback interface: [OK[...]

  • Page 377

    P-660H/HW-T Series User’ Guide Appendix D 376 Appendix D IP Subnetting IP Addressing Routers “route” based on the network number . The router that delivers the data packet to the correct destination host uses the host ID. IP Classes An IP address is made up of four octets (ei ght bits), wri tten in dotted decimal notation, for example, 192.16[...]

  • Page 378

    P-660H/HW-T Series User’ Guide 377 Appendix D Since the first octet of a class “A” IP address must contain a “0”, the first octet of a class “A” address can have a valu e of 0 to 127. Similarly the first octet of a class “B” must begi n with “10”, therefore the first octet of a class “B” address has a valid range of 128 to[...]

  • Page 379

    P-660H/HW-T Series User’ Guide Appendix D 378 Since the mask is always a continuous number of ones begin ning from the left, fo llowed by a continuous number of zeros for the remainder of the 32 bit mask, you can si mply specify the number of ones instead of writing the value of each octet. This is usually specified by writing a “/” followed [...]

  • Page 380

    P-660H/HW-T Series User’ Guide 379 Appendix D Note: In the following chart s, shaded/bolded last octet b it values indicate host ID bits “borrowed” to form network ID bits. The number of “borrowed” host ID bits determines the number of subnets you can have. The remaining number of host I D bits (af ter “borrowing”) determines the numb[...]

  • Page 381

    P-660H/HW-T Series User’ Guide Appendix D 380 Example: Four Subnet s The above exampl e illustrated using a 25-bit subne t mask to divide a class “C” address space into two subnets. Similarly to divide a class “C” address into four subnets, you need to “borrow” two host ID bits to give four possible combinations of 00 , 01, 10 and 1 1[...]

  • Page 382

    P-660H/HW-T Series User’ Guide 381 Appendix D Example Eight Subnet s Similarly use a 27-bit mask to create 8 subnets (001 , 010, 01 1, 100, 101, 1 10). The following table shows class C IP ad dress last octet values for each subnet. The following table is a summary for class “C” subnet planning. Table 134 Subnet 4 IP/SUBNET MASK NETWORK NUMBE[...]

  • Page 383

    P-660H/HW-T Series User’ Guide Appendix D 382 Subnetting With Class A and Class B Networks. For class “A” and class “B” addresses the subnet ma sk also determines which bits are part of the network number and which are part of the host ID. A class “B” address has two host ID octets ava ilable for subnetting and a class “A” address[...]

  • Page 384

    P-660H/HW-T Series User’ Guide 383 Appendix D[...]

  • Page 385

    P-660H/HW-T Series User’ Guide Appendix E 384 Appendix E Boot Commands The BootModule A T commands execute from wi thin the router ’ s bootup software, when debug mode is selected before the main router firmware is start ed. When you start up your Prestige, you are given a choice to go into deb ug mode by pressing a key at the prompt shown in t[...]

  • Page 386

    P-660H/HW-T Series User’ Guide 385 Appendix E Figure 259 Boot Module Commands AT just answer OK ATHE print help ATBAx change baud rate. 1:38.4k, 2:19.2k, 3:9.6k 4:57.6 k 5:115.2k ATENx,(y) set BootExtension Debu g Flag (y=password) ATSE show the seed of passw ord generator ATTI(h,m,s) change system time to hour:min:sec or show current time ATDA(y[...]

  • Page 387

    P-660H/HW-T Series User’ Guide Appendix F 386 Appendix F Command Interpreter The following describes how to use the comman d interpreter . Enter 24 in the main menu to bring up the system maintena nce menu. Enter 8 to go to Menu 24.8 - Command Interpr eter Mode . See the included disk or zyxel.com for more detailed information on these commands. [...]

  • Page 388

    P-660H/HW-T Series User’ Guide 387 Appendix F[...]

  • Page 389

    P-660H/HW-T Series User’ Guide Appendix G 388 Appendix G Firewall Commands The following describes the firewall commands. Table 138 Firewall Commands FUNCTION COMMAND DESCRIPTION Firewall Se tUp config edit firewall active <yes | no> This command turns the firewall on or off. config retrieve firewall T his command returns the previous ly sa[...]

  • Page 390

    P-660H/HW-T Series User’ Guide 389 Appendix G config edit firewall e-mail return-addr <e-mail address> This command sets the source e-mail add ress of the firewall e-mails. config edit firewall e-mail email-to <e-mail address> This command sets the e-mail address to which the fire wall e-mails ar e sent. config edit firewall e-mail po[...]

  • Page 391

    P-660H/HW-T Series User’ Guide Appendix G 390 config edit firewall attack minute-low <0-255> This command sets the threshold of half-open sessions where the Prestige stops deleting half-opened sessions. config edit firewall attack max-incomplete-high <0-255> This command sets the threshold of half-open sessions where the Prestige star[...]

  • Page 392

    P-660H/HW-T Series User’ Guide 391 Appendix G Config edit firewall set <set #> log <yes | no> This command sets whether or not the Prestige creates logs for packet s that match the firewall’s default rule set. Rules Config edit firewall set <set #> rule <rule #> permit <forward | block> This command sets whether pa[...]

  • Page 393

    P-660H/HW-T Series User’ Guide Appendix G 392 config edit firewall set <set #> rule <rule #> destaddr- range <start ip address> <end ip address> This command sets a rule to have the Prestige check for traffic going to this range of addresses. config edit firewall set <set #> rule <rule #> TCP destport- single &[...]

  • Page 394

    P-660H/HW-T Series User’ Guide 393 Appendix G[...]

  • Page 395

    P-660H/HW-T Series User’ Guide Appendix H 394 Appendix H NetBIOS Filter Commands The following describes the Ne tBIOS packet filter commands. Introduction NetBIOS (Network Basic Input/Output System ) are TCP or UDP broadcast packets that enable a computer to connect to and communicate with a LAN. For some dial-up services such as PPPoE or PP TP ,[...]

  • Page 396

    P-660H/HW-T Series User’ Guide 395 Appendix H The filter types and their defa ult settings are as follows. NetBIOS Filter Configuration Syntax:sys filter netbios config <ty pe> <on|off> where Table 139 NetBIOS Filter Default Settings NAME DESCRIPTION EXAMPLE Between LAN and WAN This field displays whether NetBIOS packets are blocked o[...]

  • Page 397

    P-660H/HW-T Series User’ Guide Appendix H 396 sys filter netbios config 3 on This command blocks IPSec NetBIOS packets. sys filter netbios config 4 off This command stops NetBIOS commands from initiating calls.[...]

  • Page 398

    P-660H/HW-T Series User’ Guide 397 Appendix H[...]

  • Page 399

    P-660H/HW-T Series User’ Guide Appendix I 398 Appendix I S plitters and Microfilters This appendix tells you how to install a POTS splitter or a telephone microfilter . Connecting a POTS S plitter When you use the Full Rate (G .dmt) ADSL standard, you can use a POTS (Plain Old T elephone Service) splitter to separate th e telephone and ADSL si gn[...]

  • Page 400

    P-660H/HW-T Series User’ Guide 399 Appendix I 1 Connect a phone cable from the wall jack to the single jack end of the Y - Connector . 2 Connect a cable from the double jack end of the Y -Connector to th e “wall side” of the microfilter . 3 Connect another cable from the double jack end of the Y -Connec tor to the Prestige. 4 Connect the “p[...]

  • Page 401

    P-660H/HW-T Series User’ Guide Appendix I 400[...]

  • Page 402

    P-660H/HW-T Series User’ Guide 401 Appendix I[...]

  • Page 403

    P-660H/HW-T Series User’ Guide Appendix J 402 Appendix J PPPoE PPPoE in Action An ADSL modem bridges a PPP session over Ethernet (PPP ov er Ethernet, RFC 2516) from your computer to an A TM PVC (Permanent V irt ual Circ uit) which connects to a DSL Access Concentrator where the PPP session terminates (see F igure 263 on pag e 403 ). One PVC can s[...]

  • Page 404

    P-660H/HW-T Series User’ Guide 403 Appendix J Figure 263 Single-Compute r per Router Hardwa re Configuration How PPPoE W orks The PPPoE driver makes the Ethernet appea r as a serial link to the computer and the computer runs PPP over it, while the modem bridges the Ethernet frames to the Access Concentrator (AC). Between the AC and an ISP , the A[...]

  • Page 405

    P-660H/HW-T Series User’ Guide Appendix K 404 Appendix K Wireless LANs Wireless LAN T opologies This section discusses ad-hoc and in frastructure w ireless LAN topologies. Ad-hoc Wireless LAN Configuration The simplest WLAN configuration is an inde pendent (Ad-hoc) WLAN that connects a set of computers with wireless stations (A, B, C). Any time t[...]

  • Page 406

    P-660H/HW-T Series User’ Guide 405 Appendix K Figure 266 Basic Service Set ESS An Extended Service Set (ESS) consists of a series of overlappi ng BSSs, each containing an access point, with each access point connected together by a wired network. This wired connection between APs is called a Distribution System (DS). This type of wireless LAN top[...]

  • Page 407

    P-660H/HW-T Series User’ Guide Appendix K 406 Figure 267 Infrastructure WLAN Channel A channel is the radio frequency(ies) used by IEEE 802.1 1a/b/g wireless devices. Channels available depend on your ge ographical area. Y ou may have a choice of channels (for your region) so you should use a dif ferent channel th an an adjacent AP (access point)[...]

  • Page 408

    P-660H/HW-T Series User’ Guide 407 Appendix K Figure 268 RTS/ CT S When station A sends data to the AP , it might no t know that the station B is already using the channel. If these two stations se nd data at the same time, collis ions may occur when both sets of data arrive at the AP at the same time, r esulting in a loss of me ssages for both s[...]

  • Page 409

    P-660H/HW-T Series User’ Guide Appendix K 408 A large Fragmentation Thr eshold is recommended for networks not prone to interference while you should set a smaller thresh old for busy networks or ne tworks that are prone to interference. If the Fragmentation Threshold value is smaller than the RT S / C T S value (see previously) you set then the [...]

  • Page 410

    P-660H/HW-T Series User’ Guide 409 Appendix K IEEE 802.1x In June 2001, the IEEE 802.1x st andard was designed to extend th e features of IEEE 802.1 1 to support extended authentication as well as providing additional accounting and control features. It is supported by W indows XP and a number of network devices. Some advantages of IEEE 802.1x ar[...]

  • Page 411

    P-660H/HW-T Series User’ Guide Appendix K 410 • Access-Challenge Sent by a RADIUS server requesting more information in order to allow access. The access point sends a proper response from the user and then sends another Access- Request message. The following types of RADIUS messages are exchanged between the acces s point and the RADIUS server[...]

  • Page 412

    P-660H/HW-T Series User’ Guide 411 Appendix K EAP-TLS (T rans port Layer Security) W ith EAP-TLS, digital certifications are needed by both the server and the wireless stations for mutual authentication. The server presents a certificate to the client. After validating the identity of the server , the client sends a differ ent certificate to the [...]

  • Page 413

    P-660H/HW-T Series User’ Guide Appendix K 412 For added security , certificate-based authen tications (EAP-TLS, EAP-T TLS and PEAP) use dynamic keys for data encryption. They are ofte n deployed in corporate envi ronments, but for public deployment, a simp le user name and p assword pair is more practical. The following table is a comparison of t[...]

  • Page 414

    P-660H/HW-T Series User’ Guide 413 Appendix K The Message Integrity Check (MIC ) is designed to prevent an attacker from capturing data packets, altering them and resending them. The MIC provides a strong mathematical function in which the receiver and the transmitter each compute and then compare the MIC. If they do not match, it is assumed that[...]

  • Page 415

    P-660H/HW-T Series User’ Guide Appendix L 414 Appendix L Log Descriptions This appendix provides descrip tions of example log messages. Table 143 System Maintenance Logs LOG MESSAGE DESCRIPTION Time calibration is successful The router has adjusted its time based on informati on from the time server . Time calibration failed The router fa iled to[...]

  • Page 416

    P-660H/HW-T Series User’ Guide 415 Appendix L Configuration Change: PC = 0x%x, Task ID = 0x%x The router is saving configuration changes. Successful SSH login Someone has logged on to the router ’s SSH server . SSH login failed Someone has failed to log on to the router ’s SSH server . Successful HTTPS login Someone has logged on to the route[...]

  • Page 417

    P-660H/HW-T Series User’ Guide Appendix L 416 Table 146 TCP Reset Lo gs LOG MESSAGE DESCRIPTION Under SYN flood attack, sent TCP RST The router sent a TCP reset packet when a host was u nder a SYN flood attack (the TCP incomplete count is per desti nation host.) Exceed TCP MAX incomplete, sent TCP RST The router sent a TCP reset packet when the n[...]

  • Page 418

    P-660H/HW-T Series User’ Guide 417 Appendix L Table 148 ICMP Logs LOG MESSAGE DESCRIPTION Firewall default policy: ICMP <Packet Direction>, <type:%d>, <code:%d> ICMP access matched the default policy and was blocked or forwarded according to the user's setting. For type and code details, see T able 160 on page 426 . Firewal[...]

  • Page 419

    P-660H/HW-T Series User’ Guide Appendix L 418 ppp:LCP Closing The PPP connection’s Link Control Protocol stage is closing. ppp:IPCP Closing The PPP connection’s Internet Protocol Control Protoc ol stage is closing. Table 151 UPnP Logs LOG MESSAGE DESCRIPTION UPnP pass through Firewall UPnP packets can pass through the firewall. Table 152 Cont[...]

  • Page 420

    P-660H/HW-T Series User’ Guide 419 Appendix L Connecting to content filter server fail The connection to the external content fi ltering server failed. License key is invalid The external content filter ing licen se key is invalid. Table 153 Attack Logs LOG MESSAGE DESCRIPTION attack [TCP | UDP | IGMP | ESP | GRE | OSPF] The firewall detected a T[...]

  • Page 421

    P-660H/HW-T Series User’ Guide Appendix L 420 Table 154 IPSec Logs LOG MESSAGE DESCRIPTION Discard REPLAY packet The router re ceived and discarded a packet with an incorrect sequence number . Inbound packet authentication failed The router received a packet that has been altered. A third party may have altered or tampered with the packet. Receiv[...]

  • Page 422

    P-660H/HW-T Series User’ Guide 421 Appendix L Cannot resolve Secure Gateway Addr for rule <%d> The router couldn’t resolve t he IP address from the domain name that was used for the secure gateway address. Peer ID: <peer id> <My remote type> -<My local type> The displayed ID information did not match between the two ends[...]

  • Page 423

    P-660H/HW-T Series User’ Guide Appendix L 422 XAUTH fail! Username: <Username> The router was not able to use extended authentication to authenticate the listed username. Rule[%d] Phase 1 negotiation mode mismatch The listed rule’s IKE phase 1 negotiation mode did not ma tch between the router and the peer . Rule [%d] Phase 1 encryptio n [...]

  • Page 424

    P-660H/HW-T Series User’ Guide 423 Appendix L Rule [%d] phase 2 mismatch The l isted rule’s IKE phase 2 di d not ma tch betwe en the router and the peer . Rule [%d] Phase 2 key length mismatch The listed rule’s IKE phase 2 key lengths (with the AES encryption algorithm) di d not match between the router and the peer . Table 156 PKI Logs LOG M[...]

  • Page 425

    P-660H/HW-T Series User’ Guide Appendix L 424 Rcvd data <size> too large! Max size allowed: <max size> The router received dire ctory data that was too large (the size is listed) from the LDAP server whose address and port are recorded in the Source field. The maximu m size of di rectory data that the router allows is also recorded. C[...]

  • Page 426

    P-660H/HW-T Series User’ Guide 425 Appendix L 26 Database method failed. 27 Path was not verified. 28 Maximum path length reached. Table 158 802.1X Logs LOG MESSAGE DESCRIPTION Local User Database accepts user. A user was authenticated by the local user database. Local User Database reports us er credential error. A user was not authenticated by [...]

  • Page 427

    P-660H/HW-T Series User’ Guide Appendix L 426 Table 159 ACL Setting Notes P ACKET DIRECTION DIRECTION DESCRIPTION (L to W) LAN to W AN ACL set for packets traveling from the LAN to the WAN. (W to L) W AN to LAN ACL set for packet s traveling from the W AN to the LAN. (D to L) DMZ to LAN ACL set for packets traveling from the DM Z to the LAN. (D t[...]

  • Page 428

    P-660H/HW-T Series User’ Guide 427 Appendix L The following table shows RFC-2408 ISAKMP payload types that the log displays. Please refer to the RFC for detailed information on each type. 11 T ime Exceeded 0 T ime to live exceeded in transit 1 Fragment reassembly time exceeded 12 Parameter Problem 0 Pointer indicates the error 13 T imestamp 0 T i[...]

  • Page 429

    P-660H/HW-T Series User’ Guide Appendix L 428 Log Commands Go to the command in terpreter interface. Configuring What Y ou W ant the Prestige to Log 1 Use the sys logs load command to load the log setting buffer that allows you to configure which logs the Prestige is to record. 2 Use sys logs category to view a list of the log categories. Figure [...]

  • Page 430

    P-660H/HW-T Series User’ Guide 429 Appendix L Use 0 to not record logs for that cate g ory , 1 to record on ly logs for that category , 2 to record only alerts for that category , and 3 to record both logs and alerts for that category . No t every parameter is available with every category . 5 Step 5.Use the sys logs save command to store the set[...]

  • Page 431

    P-660H/HW-T Series User’ Guide Appendix M 430 A PPENDIX M Internal SPTGEN Internal SPTGEN Overview Internal SP TGEN (System Parame ter T able Generator) is a configuration text file useful for efficient configuration of multiple Prestiges. Internal SP TGEN lets you configure, save and upload multiple menus at the same time using just one configur[...]

  • Page 432

    P-660H/HW-T Series User’ Guide 431 Appendix M Some parameters are dependent on othe rs. For example, if you disable the Configur e d field in menu 1 (see Figure 271 on page 430 ), then you disable every field in this menu. If you enter a parameter that is invalid in the In put column, the Prestige will not save the configuration and the command l[...]

  • Page 433

    P-660H/HW-T Series User’ Guide Appendix M 432 Figure 274 Internal SP TGEN FTP Downloa d Example Note: Y ou can rename your “ rom-t ” file when you save it to your computer but it must be named “ rom-t ” when you uplo ad it to your Prestige. Internal SPTGEN FTP Upload Example 1 Launch your FTP application. 2 Enter " bin ". The co[...]

  • Page 434

    P-660H/HW-T Series User’ Guide 433 Appendix M The following ar e Internal SP TGEN screens asso ciated with the SMT screens of your Prestige. PV A Par ameter V alues Allowed INPUT An example of what you may enter * Applies to the Prestige. Table 163 Abbreviations Used in the Example Internal SPTGEN Screens Table (con tinued) ABBREVIA TION MEANING [...]

  • Page 435

    P-660H/HW-T Series User’ Guide Appendix M 434 FIN FN PVA INPUT 30200001 = DHCP <0(None) | 1(Server) | 2(Relay)> = 0 30200002 = Clie nt IP Pool Starting Address = 192.168.1.33 30200003 = Size of Client IP Pool = 32 30200004 = Prim ary DNS Server = 0.0.0.0 30200005 = Seco ndary DNS Server = 0.0.0.0 30200006 = Remo te DHCP Server = 0.0.0.0 302[...]

  • Page 436

    P-660H/HW-T Series User’ Guide 435 Appendix M 30201008 = IP Ali as #1 Incoming protocol filters Set 3 = 256 30201009 = IP Ali as #1 Incoming protocol filters Set 4 = 256 30201010 = IP Ali as #1 Outgoing protocol filters Set 1 = 256 30201011 = IP Ali as #1 Outgoing protocol filters Set 2 = 256 30201012 = IP Ali as #1 Outgoing protocol filters Set [...]

  • Page 437

    P-660H/HW-T Series User’ Guide Appendix M 436 30500004 = RTS Threshold <0 ~ 2432> = 2432 30500005 = FRAG . Threshold <256 ~ 2432> = 2432 30500006 = WEP <0(DISABLE) | 1(64-bit WEP) | 2(128-bit WEP)> = 0 30500007 = Defa ult Key <1|2|3|4> = 0 30500008 = WEP Key1 = 30500009 = WEP Key2 = 30500010 = WEP Key3 = 30500011 = WEP Key[...]

  • Page 438

    P-660H/HW-T Series User’ Guide 437 Appendix M 40000002 = Active <0(No) | 1(Yes)> = 1 40000003 = ISP's Name = ChangeMe 40000004 = Encaps ulation <2(PPPOE) | 3(RFC 1483)| 4(PPPoA )| 5(ENET ENCAP)> = 2 40000005 = Multip lexing <1(LLC-based) | 2(VC-based) = 1 40000006 = VPI # = 0 40000007 = VCI # = 35 40000008 = Servic e Name <[...]

  • Page 439

    P-660H/HW-T Series User’ Guide Appendix M 438 40000032= RIP Version <0(Rip-1) | 1(Rip-2B) |2(Rip-2M)> = 0 40000033= Nailed-up Connection <0(No) |1(Yes)> = 0 Table 166 Menu 4 Internet Access Setup ( SMT Menu 4) (continued) Table 167 Menu 12 (SMT Menu 1 2) / Menu 12.1.1 IP Static Route Setup (SMT Menu 12.1.1) FIN FN P VA INPUT 120101001[...]

  • Page 440

    P-660H/HW-T Series User’ Guide 439 Appendix M / Menu 12.1.4 IP Static Route Setup (SMT Menu 12.1.4) FIN FN PVA INPUT 120104001 = IP Static Route set #4, Name < Str> = 120104002 = IP Static Route set #4, Active <0(No) |1(Yes)> = 0 120104003 = IP Static Route set #4, Destination IP address = 0.0.0.0 120104004 = IP Static Route set #4, D[...]

  • Page 441

    P-660H/HW-T Series User’ Guide Appendix M 440 120107006 = IP Static Route set #7, Metric = 0 120107007 = IP Static Route set #7, Private <0(No) |1(Yes)> = 0 / Menu 12.1.8 IP Static Route Setup (SMT Menu 12.1.8) FIN FN PVA INPUT 120108001 = IP Static Route set #8, Name <Str> = 120108002 = IP Static Route set #8, Active <0(No) |1(Yes[...]

  • Page 442

    P-660H/HW-T Series User’ Guide 441 Appendix M 120111004 = IP Static Route set #11, Destination IP subnetmask = 0 120111005 = IP Static Route set #11, Gateway = 0.0.0.0 120111006 = IP Static Route set #11, Metric = 0 120111007 = IP Static Route set #11, Private <0(No) |1(Yes)> = 0 */ Menu 12.1.12 IP Static Route Set up (SMT Menu 12.1.12) FIN[...]

  • Page 443

    P-660H/HW-T Series User’ Guide Appendix M 442 120115002 = IP Static Route set #15, Active <0(No) |1(Yes)> = 0 120115003 = IP Static Route set #15, Destination IP address = 0.0.0.0 120115004 = IP Static Route set #15, Destination IP subnetmask = 0 120115005 = IP Static Route set #15, Gateway = 0.0.0.0 120115006 = IP Static Route set #15, Met[...]

  • Page 444

    P-660H/HW-T Series User’ Guide 443 Appendix M 150000014 = SUA Server #4 Port Start = 0 150000015 = SUA Server #4 Port End = 0 150000016 = SUA Server #4 Local IP address = 0.0.0.0 150000017 = SUA Server #5 Active <0(No) | 1(Yes)> = 0 150000018 = SUA Server #5 Protocol <0(All)|6(TCP)|17(U DP)> = 0 150000019 = SUA Server #5 Port Start = [...]

  • Page 445

    P-660H/HW-T Series User’ Guide Appendix M 444 150000048 = SUA Server #11 Protocol <0(All)|6(TCP)|17(U DP)> = 0 150000049 = SUA Server #11 Port Start = 0 150000050 = SUA Server #11 Port End = 0 150000051 = SUA Server #11 Local IP addr ess = 0.0.0.0 150000052 = SUA Server #12 Active <0(No) | 1(Yes)> = 0 150000053 = SUA Server #12 Protoc[...]

  • Page 446

    P-660H/HW-T Series User’ Guide 445 Appendix M / Menu 21.1.1.2 set #1, rule #2 (SMT Menu 21.1.1.2) FIN FN PVA INPUT 210102001 = IP Filter Set 1, Rule 2 Type <2(TCP/IP)> = 2 210102002 = IP Filter Set 1, Rule 2 Active <0(No)|1(Yes)> = 1 210102003 = IP Filter Set 1, Rule 2 Protocol = 6 210102004 = IP Filter Set 1,Rule 2 Dest IP address = [...]

  • Page 447

    P-660H/HW-T Series User’ Guide Appendix M 446 210103013 = IP Filter Set 1 ,Rule 3 Act Match <1(check next)|2(forward)| 3(drop) = 3 210103014 = IP Filter Set 1 ,Rule 3 Act Not Match <1(check next)|2(forward)| 3(drop) = 1 / Menu 21.1.1.4 set #1, rule #4 (SMT Menu 21.1.1.4) FIN FN PVA INPUT 210104001 = IP Filter Set 1 ,Rule 4 Type <2(TCP/IP[...]

  • Page 448

    P-660H/HW-T Series User’ Guide 447 Appendix M 210105009 = IP Filter Set 1,Rule 5 Src Subnet Mask = 0 210105010 = IP Filter Set 1, Rule 5 Src Port = 0 210105011 = IP Filter Set 1, Rule 5 Src Port Comp <0(none)|1(equal) |2(not equal)|3(less)|4( greater)> = 0 210105013 = IP Filter Set 1, Rule 5 Act Match <1(check next)|2(forward)| 3(drop)&g[...]

  • Page 449

    P-660H/HW-T Series User’ Guide Appendix M 448 / Menu 21.1.2.1 Filter set #2, rule #1 (SMT Menu 21.1.2.1) FIN FN PVA INPUT 210201001 = IP Filter Set 2, Rule 1 Type <0(none)|2(T CP/IP)> = 2 210201002 = IP Filter Set 2, Rule 1 Active <0(No)|1(Yes)> = 1 210201003 = IP Filter Set 2, Rule 1 Protocol = 6 210201004 = IP Filter Set 2, Rule 1 D[...]

  • Page 450

    P-660H/HW-T Series User’ Guide 449 Appendix M 210202009 = IP Filter Set 2, Rule 2 Src Subnet Mask = 0 210202010 = IP Filter Set 2,Rule 2 Sr c Port = 0 210202011 = IP Filter Set 2, Rule 2 S rc Port Comp <0(none)|1(equal)|2 (not equal)|3(less)|4(gr eater)> = 0 210202013 = IP Filter Set 2, Rule 2 A ct Match <1(check next)|2(forward)|3( drop[...]

  • Page 451

    P-660H/HW-T Series User’ Guide Appendix M 450 210204002 = IP Filter Set 2, Rule 4 Active <0(No)|1(Yes )> = 1 210204003 = IP Filter Set 2, Rule 4 Protocol = 17 210204004 = IP Filter Set 2, Rule 4 Dest IP address = 0.0.0.0 210204005 = IP Filter Set 2, Rule 4 Dest Subnet Mask = 0 210204006 = IP Filter Set 2, Rule 4 Dest Port = 137 210204007 = [...]

  • Page 452

    P-660H/HW-T Series User’ Guide 451 Appendix M 210205011 = IP Filter Set 2, Rule 5 S rc Port Comp <0(none)|1(equal)|2 (not equal)|3(less)|4(gr eater)> = 0 210205013 = IP Filter Set 2, Rule 5 A ct Match <1(check next)|2(forward)|3( drop)> = 3 210205014 = IP Filter Set 2, Rule 5 A ct Not Match <1(check next)|2(forward)|3( drop)> = [...]

  • Page 453

    P-660H/HW-T Series User’ Guide Appendix M 452 Table 171 Menu 23 System Menus (SMT Me nu 23) */ Menu 23.1 System Password Setup ( SMT Menu 23.1) FIN FN PVA INPUT 230000000 = System Password = 1234 */ Menu 23.2 System security: radius server (SMT Menu 23.2) FIN FN PVA INPUT 230200001 = Authentication Server Co nfigured <0(No) | 1(Y es)> = 1 2[...]

  • Page 454

    P-660H/HW-T Series User’ Guide 453 Appendix M Command Examples The following are example Internal SP TGEN scr eens associated w ith the Prestige’ s comma nd interpreter commands. 230400008 = WPA Mixed Mode <0(Disable) |1(Enable)> = 0 230400009 = Data Privacy for Broadca st/ Multicast packets <0(TKIP) |1(WEP)> = 0 230400010 = WPA Bro[...]

  • Page 455

    P-660H/HW-T Series User’ Guide Appendix M 454 FIN FN PVA INPUT 990000001 = ADSL OPMD <0(etsi)|1(normal) |2(gdmt)|3(multimo de)> = 3 Table 173 Command Examples (continued) FIN FN PV A INPUT[...]

  • Page 456

    P-660H/HW-T Series User’ Guide 455 Appendix M[...]

  • Page 457

    P-660H/HW-T Series User’ Guide Index 456 Index Numerics 11 0 V A C 5 230V AC 5 A Abnormal Working Conditions 6 AC 5 Access methods 270 Accessories 5 Acts of God 6 Address Assignment 63 Address mapping 11 0 Address Resolution Protocol (ARP) 67 ADSL, what is it? 40 ADSLstandards 42 Airflow 5 Alternative Subnet Mask Notation 378 American Wire Gauge [...]

  • Page 458

    P-660H/HW-T Series User’ Guide 457 Index Precedence 338 Precedence Example 338 CBR (Continuous Bit Rate) 97 CDR 302 CDR (Call Detail Record) 301 Certificate Authority 41 1 Certifications 4 change password at login 49 Channel 406 Interference 406 Channel ID 227 CHAP 238 Charge 6 Circuit 3 Class B 3 Class Name 191 Collision 298 Command Interpreter [...]

  • Page 459

    P-660H/HW-T Series User’ Guide Index 458 Dynamic WEP key exchange 82 dynamic WEP key exchange 293 DYNDNS Wildcard 11 4 E EAP 70 EAP Authentication 410 EAP authentication 292 ECHO 106 Electric Shock 5 Electrical Pipes 5 Electrocution 5 E-mail Log Example 180 embedded help 50 Encapsulated Routing Link Protocol (ENET ENCAP) 90 Encapsulation 90 , 234[...]

  • Page 460

    P-660H/HW-T Series User’ Guide 459 Index G Gas Pipes 5 Gateway 248 Gateway Node 252 General Setup 214 Generic filter 281 Germany , Contac t Informati on 7 God, act of 6 H Half-Open Sessions 150 Harmful Interfere nce 3 Hidden Menus 210 Hidden node 406 High V ol tage Points 5 Hop Count 241 , 248 Host 53 Host IDs 376 HTTP 107 , 11 9 , 120 , 121 HTTP[...]

  • Page 461

    P-660H/HW-T Series User’ Guide Index 460 Key management protocol 293 L Labor 6 LAN 297 LAN Setup 62 , 90 LAN TCP/IP 64 LAN to W AN Rules 134 LAND 121 , 122 Legal Rights 6 Liability 2 License 2 Lightning 5 Link type 297 Liquids, Corrosive 5 LLC-based Multiplexing 243 Local Network Rule Summary 136 Local User Database 294 Local user database 85 Log[...]

  • Page 462

    P-660H/HW-T Series User’ Guide 461 Index O One-Minute High 150 Opening 5 Operating Condition 6 Operating frequency 227 Out-dated Warranty 6 Outlet 3 P Packet Error 297 Received 297 T ransmitted 297 Packet Filtering 129 Packet filtering When to use 129 Packet Filtering Firewalls 11 8 Packet T riggered 302 Packets 297 Pairwise Master Key (PMK) 412 [...]

  • Page 463

    P-660H/HW-T Series User’ Guide Index 462 RADIUS 409 Configuring 87 Shared Secret Key 410 RADIUS Message T ype s 409 RADIUS Messages 409 RADIUS server 290 RAS 299 , 329 Rate Receiving 297 T ransmission 297 real-time application 182 Receiving Antenna 3 Register ed 2 Registered Trademark 2 Regular Mail 7 reinitialize the ADSL line 204 Related Docume[...]

  • Page 464

    P-660H/HW-T Series User’ Guide 463 Index Shock, Electric 5 SMT Menu Overvi ew 209 SMTP 107 SMTP Error Messages 17 9 Smurf 122 , 123 SNMP 107 Community 288 Configuration 287 Get 287 GetNext 287 Manager 286 MIBs 287 Set 287 Tr a p 287 T rusted Host 288 Source Address 134 , 140 Source-Based Routing 328 S pain, Cont act Information 8 S plitters 398 S[...]

  • Page 465

    P-660H/HW-T Series User’ Guide Index 464 T raffic shaping 93 T ranslation 2 T ransmission Rates 43 TV T echnician 3 T ype of Service 328 , 330 , 33 1 , 332 U UBR (Unspecified Bit Rate) 97 UDP/ICMP Security 127 Undesired Operations 3 Universal Plug and Pl ay 162 Application 162 Security issues 163 Universal Plug and Pl ay (UPnP) 44 Universal Plug [...]

  • Page 466

    P-660H/HW-T Series User’ Guide 465 Index X XMODEM protocol 307 Z Zero Configurati on Internet Access 43 Zero configuratio n Internet a ccess 94 ZyNOS 2 , 307 ZyNOS (ZyXEL Network Operating System) 306 ZyNOS F/W V ersion 307 ZyXEL Communications Corporation 2 ZyXEL Home Page 4 ZyXEL Limi ted Warranty Note 6 ZyXEL Network Operating System 2 ZyXEL_s[...]