ZyXEL Communications P-334W manual

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496

Ir para a página of

Bom manual de uso

As regras impõem ao revendedor a obrigação de fornecer ao comprador o manual com o produto ZyXEL Communications P-334W. A falta de manual ou informações incorretas fornecidas ao consumidor são a base de uma queixa por não conformidade do produto com o contrato. De acordo com a lei, pode anexar o manual em uma outra forma de que em papel, o que é frequentemente utilizado, anexando uma forma gráfica ou manual electrónicoZyXEL Communications P-334W vídeos instrutivos para os usuários. A condição é uma forma legível e compreensível.

O que é a instrução?

A palavra vem do latim "Instructio" ou instruir. Portanto, no manual ZyXEL Communications P-334W você pode encontrar uma descrição das fases do processo. O objetivo do manual é instruir, facilitar o arranque, a utilização do equipamento ou a execução de determinadas tarefas. O manual é uma coleção de informações sobre o objeto / serviço, um guia.

Infelizmente, pequenos usuários tomam o tempo para ler o manual ZyXEL Communications P-334W, e um bom manual não só permite conhecer uma série de funcionalidades adicionais do dispositivo, mas evita a formação da maioria das falhas.

Então, o que deve conter o manual perfeito?

Primeiro, o manual ZyXEL Communications P-334W deve conte:
- dados técnicos do dispositivo ZyXEL Communications P-334W
- nome do fabricante e ano de fabricação do dispositivo ZyXEL Communications P-334W
- instruções de utilização, regulação e manutenção do dispositivo ZyXEL Communications P-334W
- sinais de segurança e certificados que comprovam a conformidade com as normas pertinentes

Por que você não ler manuais?

Normalmente, isso é devido à falta de tempo e à certeza quanto à funcionalidade específica do dispositivo adquirido. Infelizmente, a mesma ligação e o arranque ZyXEL Communications P-334W não são suficientes. O manual contém uma série de orientações sobre funcionalidades específicas, a segurança, os métodos de manutenção (mesmo sobre produtos que devem ser usados), possíveis defeitos ZyXEL Communications P-334W e formas de resolver problemas comuns durante o uso. No final, no manual podemos encontrar as coordenadas do serviço ZyXEL Communications na ausência da eficácia das soluções propostas. Atualmente, muito apreciados são manuais na forma de animações interessantes e vídeos de instrução que de uma forma melhor do que o o folheto falam ao usuário. Este tipo de manual é a chance que o usuário percorrer todo o vídeo instrutivo, sem ignorar especificações e descrições técnicas complicadas ZyXEL Communications P-334W, como para a versão papel.

Por que ler manuais?

Primeiro de tudo, contem a resposta sobre a construção, as possibilidades do dispositivo ZyXEL Communications P-334W, uso dos acessórios individuais e uma gama de informações para desfrutar plenamente todos os recursos e facilidades.

Após a compra bem sucedida de um equipamento / dispositivo, é bom ter um momento para se familiarizar com cada parte do manual ZyXEL Communications P-334W. Atualmente, são cuidadosamente preparados e traduzidos para sejam não só compreensíveis para os usuários, mas para cumprir a sua função básica de informação

Índice do manual

  • Página 1

    Pr estige 334W 802.11g Wireless Broadband Router with Firewall User’s Guide Version 3.60 May 2004[...]

  • Página 2

    Prestige 334W User’s Gui de ii Copyright Copyright Copyright © 2004 by Zy XEL Communications Corporation. The contents of this publi cation may not be reproduced in any part or a s a whole, t ranscribed, sto red in a retrieval system, translated into any langu age, or tr ansmitted in any form or by any means, electronic, mechanical, magnetic, op[...]

  • Página 3

    Prestige 334W User’s Gui de FCC iii Federal Communications Commission (FCC) Interference S t atement This device complies with Part 15 of FCC rules. Operation is subject to the following two cond itions: This device m ay not cause harmful interference. This device must accept any interference received, incl uding interference that m ay cause unde[...]

  • Página 4

    Prestige 334W User’s Gui de iv Information for Canadian Users Information for Canadian Users The Industry Canada label identifies certified equipmen t. This certification means that the equipment meets certain telecommunications network pr otective, op eration, and safety requirements. The Industr y Canada does not guarantee that the equipment w [...]

  • Página 5

    Prestige 334W User’s Gui de Warranty v ZyXEL Limited W arranty ZyXEL warrants to the original end us er (purchaser) that this product is free from any defects in materials or workmanshi p for a peri od of up t o two years fr om the date of purchase. During the warranty pe riod, and u pon proof of purchase, shoul d the prod uct have indi cations o[...]

  • Página 6

    [...]

  • Página 7

    Prestige 334W User’s Gui de vi Customer Support Customer Support When you contact your cu stomer support repr esenta tive please have t he followi ng inform ation ready: Please have th e following inf ormation re a dy when you contact custom er support. • Product model and serial num ber. • Warranty Information. • Date that you received you[...]

  • Página 8

    Prestige 334W User’s Gui de Customer Support vii SUPPORT E-MAIL TELEPHONE 1 WEB SITE METHOD LOCATION SALES E-MAIL FAX 1 FTP SITE REGULAR MAIL support@zyxel.se +46 31 744 7700 www.zyx el.se SWEDEN sales@zyx el.se +46 31 744 7701 ZyXEL Communications A /S Sjöporten 4, 41764 Göteborg Sweden support@zyxel.fi +358-9-4780-8411 www.zyx el.fi FINLAND s[...]

  • Página 9

    Prestige 334W User’s Gui de Table of Contents ix T able of Content s Copyright...................................................................................................................... ................................ii Federal Communications Commission (FCC) Interfer en ce S tatemen t................................................. [...]

  • Página 10

    Prestige 334W User’s Gui de x Table of Contents 3.6.4 WA N MAC Address ............................................................................................................. 3-1 2 3.7 Basic Setup Complete ........................................................................................................... ...... 3-14 Chapter 4 Me dia[...]

  • Página 11

    Prestige 334W User’s Gui de Table of Contents xi 7.4 Configurin g Roaming ............................................................................................................ ...... 7-6 7.4.1 Requirem ents for Roam ing .................................................................................................... 7-8 Chapter 8 W ir e[...]

  • Página 12

    Prestige 334W User’s Gui de xii Table of Contents SUA/NA T and S tatic Route ....................................................................................................... ................... III Chapter 10 Network Addre ss T r anslation (NA T) Scr eens....................................................................... 10-1 10.1 NA T[...]

  • Página 13

    Prestige 334W User’s Gui de Table of Contents xiii 13.3 The Firew all, NA T and Re mote Managem ent ..................................................................... 13-5 13.3.1 LAN-to-WAN rules ............................................................................................................. 13 -5 13.3.2 WAN-to-LA N rules ........[...]

  • Página 14

    Prestige 334W User’s Gui de xiv Table of Contents 16.4.1 Dynamic Secure Gate way Address ....................................................................................... 16-3 16.5 Summary Scr een ................................................................................................................. .... 16-3 16.6 Keep Alive .....[...]

  • Página 15

    Prestige 334W User’s Gui de Table of Contents xv 18.5 Monitor Scre en ................................................................................................................. .... 18-13 Chapter 19 Maintenance ......................................................................................................... .................. 19-1 [...]

  • Página 16

    Prestige 334W User’s Gui de xvi Table of Contents 24.1 Intr oduction to I nternet Access Setup ................................................................................... 24-1 24.2 Ethernet Enc apsulation ......................................................................................................... .2 4 - 1 24.3 Configuring t h[...]

  • Página 17

    Prestige 334W User’s Gui de Table of Contents xvii 30.2.2 Configuring a TCP/IP Filter Ru le ........................................................................................ 30-6 30.2.3 Configuring a Generi c Filter Ru le ...................................................................................... 30-11 30.3 Example Filte r .....[...]

  • Página 18

    Prestige 334W User’s Gui de xviii Table of Contents 34.3.2 Restore Using FTP Se ssion Exam ple .................................................................................... 34-8 34.4 Uploading Firmwar e and Co nfigur ation Files ..................................................................... 34-8 34.4.1 Firmware File Upl oad ........[...]

  • Página 19

    Prestige 334W User’s Gui de Table of Contents xix Appendix G Wir eless L AN W ith I EEE 802. 1x ....................................................................................... .. G-1 Appendix H T y pes of EAP Authentication ......................................................................................... ....... H-1 Appendix I Ant[...]

  • Página 20

    [...]

  • Página 21

    Prestige 334W User’s Gui de List of Figures xxi List of Figures Figure 1-1 Secure Internet Access vi a Cable, DS L or W i reless Modem ........................................................ 1-6 Figure 1-2 VP N Application ..................................................................................................... ..................... [...]

  • Página 22

    Prestige 334W User’s Gui de xxii List of Figures Figure 8-6 Wi reless: WP A-PSK ................................................................................................... ................. 8-11 Figure 8-7 WP A with RADI U S Application Example ................................................................................. .8 - 1 4 Figu[...]

  • Página 23

    Prestige 334W User’s Gui de List of Figures xxiii Figure 14-7 Remote Management: DNS............................................................................................. ....... 14-12 Figure 14-8 Security........................................................................................................... ........................ 14-[...]

  • Página 24

    Prestige 334W User’s Gui de xxiv List of Figures Figure 19-15 Sy stem Restart.................................................................................................... ................... 19-12 Figure 20-1 Login Screen ....................................................................................................... ...............[...]

  • Página 25

    Prestige 334W User’s Gui de List of Figures xxv Figure 28-10 NA T Exam ple 1 ..................................................................................................... ............... 28-10 Figure 28-1 1 Menu 4 Intern et Access & NA T Exam ple.............................................................................. 28-1 1 Figu[...]

  • Página 26

    Prestige 334W User’s Gui de xxvi List of Figures Figure 33-9 LA N & W AN DHCP..................................................................................................... .......... 33-10 Figure 34-1 T elnet in Menu 24.5 ................................................................................................ ..................[...]

  • Página 27

    Prestige 334W User’s Gui de List of T ables xxvii List of T ables T able 2-1 Scre ens Sum mary...................................................................................................... ..................... 2-3 T able 3-1 W izard 2: W ireless LA N Setup ..................................................................................[...]

  • Página 28

    Prestige 334W User’s Gui de xxviii List of Tables T able 9-6 W AN: T raffic Redirect .................................................................................................................... 9-13 T able 10-1 NA T Defin itions ..................................................................................................... .........[...]

  • Página 29

    Prestige 334W User’s Gui de List of T ables xxix T able 19-1 Main tenance S tatus .................................................................................................. .................. 19-2 T able 19-2 Maintenanc e Syst em S tatistics ....................................................................................... ..........[...]

  • Página 30

    Prestige 334W User’s Gui de xxx List of Tables T able 32-2 Menu 23.4 Syst em Security : IEEE802 .1x .............................................................................. ... 32-4 T able 33-1 System Maintena nce: S tatus Menu Fi elds .............................................................................. .... 33-2 T able 33-2 Menu [...]

  • Página 31

    Prestige 334W User’s Gui de Preface xxxi Preface About This User's Manual Congratulations on your purchase of the Prestige 334 802.11g W ireless Broadband Router w ith Firewall. This manual is designed to gu ide you through the config ur ation of your Prestige for its various applications. Use the web configurator , System Management T ermin[...]

  • Página 32

    Prestige 334W User’s Gui de xxxii Preface • The version number on the title page is the latest firm ware version that is documented in this User’s Guide . Earlier versi ons may also be included. • “Enter” means for you t o type one or more charact ers and press the carriage return. “Select” or “Choose” means for you t o use one [...]

  • Página 33

    Getting S tarted I Part I: Getting Started This part help s you get to know your Prestige, in troduces the web configurator and covers how to configure the Wizard Setup screens.[...]

  • Página 34

    [...]

  • Página 35

    Prestige 334W User ’s Gui de Getting to Know Y our Prestige 1-1 Chapter 1 Getting to Know Your Prestige This chapter introduces the main features and applications of the Prestige. 1.1 Prestige Internet Secu rity Gateway Overview The Prestige is the ideal secure gateway for all data passing betwee n the Internet a nd LAN’s. By integrating NAT, f[...]

  • Página 36

    Prestige 334W User ’s Gui de 1-2 Getting to Know Y our Prestige 1.2.2 Non-Physical Features Media Bandwidth Management ZyXEL’s Medi a Bandwidth M anagement all ows you to speci fy bandwidt h classes based o n an application and/or subnet. You can alloc ate speci fic am ounts of bandwidth capacity (bandwidt h budgets ) to different bandwidth cla[...]

  • Página 37

    Prestige 334W User ’s Gui de Getting to Know Y our Prestige 1-3 IEEE 802.11b Data Rate (Mbps) Modulation 1 DBPSK (Differential Binar y Phase Shift Keyed) 2 DQPSK (Differential Quadrature Phase Shif t Keying ) 5.5 / 11 CCK (Complementary Code Ke ying) The Prestige may be prone to RF (Radio Frequen cy) interference from other 2.4 GHz devices such a[...]

  • Página 38

    Prestige 334W User ’s Gui de 1-4 Getting to Know Y our Prestige Dynamic DNS Support With Dynam ic DNS (Dom ain Name Syst em) support, you can have a st atic hostnam e alias for a dynam ic IP address, allowing the host t o be more easily acce ssible from various locations on the Internet. You must register for this service with a Dynamic DNS servi[...]

  • Página 39

    Prestige 334W User ’s Gui de Getting to Know Y our Prestige 1-5 Any IP The Any IP feature allows a computer to access the In ternet without ch anging the network setting s (such as IP address and subnet m ask) of the computer, when the IP addresses of t he computer an d the Prestige are not in the same subnet. Full Network Management The embedded[...]

  • Página 40

    Prestige 334W User ’s Gui de 1-6 Getting to Know Y our Prestige 1.3.1 Secure Broadband Internet Access via Cable or DSL Modem You can connect a cable m odem, DSL or wireless m ode m to the Prestige for broa dband Internet access via an Ethernet or a wireless port on the modem . The Pr estige guarantees not only high speed Internet access, but sec[...]

  • Página 41

    Prestige 334W User ’s Gui de Getting to Know Y our Prestige 1-7 1.3.3 Internet Access Application Add a wireless LAN to your existing network without expensive network cabl es. Wireless st ations can move freely a nywhere in t he coverage are a and use re sources on the wired network. Figure 1-3 Internet Access Application Example[...]

  • Página 42

    [...]

  • Página 43

    Prestige 334W User ’s Gui de Introducing the W eb Configurator 2-1 Chapter 2 Introducing the Web Configurator This chapter describes how to access the Prestige we b configurator and provides an overview of its screens. 2.1 Web Configurator Overview The embedded we b configurat or allows you to manage the Prestige from anywhere thro ugh a browser [...]

  • Página 44

    Prestige 334W User ’s Gui de 2-2 Introducing the W eb Configurator Step 6. You should now see the MAIN M ENU screen (see Figure 2- 2 ). The management session automa tically times out w hen the time period set in the Administrator Inactivity T imer field expires (default five minutes). Simply log back into the Prestige if this happens to y ou. 2.[...]

  • Página 45

    Prestige 334W User ’s Gui de Introducing the W eb Configurator 2-3 Figure 2-2 The MAIN MENU Screen of the Web Co nfigurator 2.3.2 Navigation Panel After you ent er the passwor d, use the sub-m enus on the navigation pa nel to configure Prestige features. The followin g table describes the sub-m enus. Table 2-1 Screens Summary LINK TA B FUNCTION W[...]

  • Página 46

    Prestige 334W User ’s Gui de 2-4 Introducing the W eb Configurator Table 2-1 Screens Summary LINK TA B FUNCTION DDNS Use this screen to set up dynamic DNS. Password Use this screen to change your pass word. Time Zone Use this screen to change your Prestige’s time and date. IP Use this screen to configure LAN DHCP, TCP/IP settings and to enable [...]

  • Página 47

    Prestige 334W User ’s Gui de Introducing the W eb Configurator 2-5 Table 2-1 Screens Summary LINK TA B FUNCTION Settings Use this screen to activate/deactivate the firewall and log pa ckets related to firewall rules. Filter This screen allows you to blo ck sites containing certain keywords i n the URL and set the days and times for the Prestige t[...]

  • Página 48

    Prestige 334W User ’s Gui de 2-6 Introducing the W eb Configurator Table 2-1 Screens Summary LINK TA B FUNCTION DHCP Table This screen dis plays DHCP (Dynamic Host Configuration Pr otocol) related information and is READ-ONLY. Any IP Use this screen to allow a computer to access the Internet without changing the network settings of the computer, [...]

  • Página 49

    Prestige 334W User ’s Gui de Wizard Setup 3-1 Chapter 3 Wizard Setup This chapter provides information on the Wiza rd Setup screens in the web configurator. 3.1 Wizard Setup Overview The web configur ator’s setup wizard helps yo u config ure your device to access the Internet. T he second screen has thre e variations de pending on what encapsul[...]

  • Página 50

    Prestige 334W User ’s Gui de 3-2 Wizard Setup Figure 3-1 Wizard 1: General Setup 3.3 Wizard Setup: Screen 2 Set up your wireless LAN using th e second wizard screen. Figure 3-2 Wizard 2: Wireless LAN Setup The following table describes the fields in this screen.[...]

  • Página 51

    Prestige 334W User ’s Gui de Wizard Setup 3-3 Table 3-1 Wizard 2: Wireless LAN Setup LA BE L DESCRIPTION ESSID Enter a descriptive name (up to 32 printable 7- bit ASCII characters) for the wireless LAN. If you change this field on the Prestige, make sure all wireless stations use the same ESSID in order to access the network. Choose Channel ID To[...]

  • Página 52

    Prestige 334W User ’s Gui de 3-4 Wizard Setup Figure 3-3 Wizard 3: Wireless LAN Setup: Basic Security The following table describes the labels in this screen. Table 3-2 Wizard 3: Wireless LAN Setup: Basic Security WEP Encryption Select 64-bit WEP or 128-bit WEP to allow data encryption. ASCII Select this option in order to enter ASCII characters [...]

  • Página 53

    Prestige 334W User ’s Gui de Wizard Setup 3-5 If you choose Extend security in the Wireless LAN Setup screen, you can set up a Pre-Shared Key . Figure 3-4 Wizard 3: Wireless LAN Setup: Extend Security The following table describes the labels in this screen. Table 3-3 Wizard 3: Wireless LAN Setup: Extend Security Pre-Shared Key Type from 8 to 31 c[...]

  • Página 54

    Prestige 334W User ’s Gui de 3-6 Wizard Setup Figure 3-5 Wizard 4: Ethernet Encapsulation The following table describes the fields in this screen. Table 3-4 Wizard 4: Ethernet Enca psulation LA BE L DESCRIPTION ISP Parameters fo r Internet Access Encapsulation You must choo se the Ethernet option when the WAN port is used as a reg ular Ethernet. [...]

  • Página 55

    Prestige 334W User ’s Gui de Wizard Setup 3-7 Table 3-4 Wizard 4: Ethernet Enca psulation LA BE L DESCRIPTION Relogin Every (min) This field only app lies when you select Telia Login in the Service Ty pe field. The Telia server logs the Prestige out if the Pres tige does not lo g in periodically. T ype the number of minutes from 1 to 59 (30 defau[...]

  • Página 56

    Prestige 334W User ’s Gui de 3-8 Wizard Setup Figure 3-6 Wizard 4: PPPoE Encapsulation The following table describes the fields in this screen. Table 3-5 Wizard 4: PPPoE Encapsulation LABEL DESCRIPTION ISP Parameter for Internet Access Encapsulation Choose PPP over Ethernet from the pull-do wn list box. PPPoE forms a dial-up connection. Service N[...]

  • Página 57

    Prestige 334W User ’s Gui de Wizard Setup 3-9 Table 3-5 Wizard 4: PPPoE Encapsulation LABEL DESCRIPTION Back Click Back to return to the previous screen. 3.5.3 PPTP Encapsulation Point-to-Poi nt Tunnelin g Protocol (P PTP) is a netw ork protocol t hat enable s transfers of data from a re mote client to a private server, crea ting a Virtual Pr iva[...]

  • Página 58

    Prestige 334W User ’s Gui de 3-10 Wizard Setup Table 3-6 Wizard 4: PPTP Encapsulation LABEL DESCRIPTION ISP Parameters fo r Internet Access Encapsulation Select PPTP from the drop-down list box. User Name Type the user name given to yo u by your ISP. Password Type the password associated with the User Name above. Nailed-Up Connection Select Naile[...]

  • Página 59

    Prestige 334W User ’s Gui de Wizard Setup 3-1 1 Table 3-7 Private IP Address Ranges 10.0.0.0 - 10. 255.255.255 172.16.0.0 - 172.31.255.255 192.168.0.0 - 192. 168.255.255 You can obt ain your IP a ddress from the IANA, from an ISP o r have it assigne d by a pri vate network. If you belong to a small organization and your Internet access is t hroug[...]

  • Página 60

    Prestige 334W User ’s Gui de 3-12 Wizard Setup The Prestige can get the DNS server addresses in the following ways. 1. The ISP tells you the DNS server addresses, usually in th e form of an information sheet, when you sign up. If your ISP gives you DN S server addresses, e nter them in the DNS Se rver fields in DHCP Setup. 2. If the ISP di d not [...]

  • Página 61

    Prestige 334W User ’s Gui de Wizard Setu p 3-13 Figure 3-8 Wizard 5: WAN Setup The following table describes the fields in this screen. Table 3-9 Wizard 5: WAN Setup LA BE L DESCRIPTION WAN IP Address Assignment Get automatically from ISP Select this option If your ISP did not assign you a fixed IP address. T his is the default selection. Use fix[...]

  • Página 62

    Prestige 334W User ’s Gui de 3-14 Wizard Setup Table 3-9 Wizard 5: WAN Setup LA BE L DESCRIPTION System DNS Server Address Assignment (if applicable) DNS (Domain Name System) is for mapping a domain name to its corresponding IP ad dress and vice versa. The DNS server is extremely important becaus e without it, you must know the IP address of a co[...]

  • Página 63

    Prestige 334W User ’s Gui de Wizard Setu p 3-15 Figure 3-9 Wizard Finish Well done! You have successfully set up your Prestige to operate on your network an d access the Internet.[...]

  • Página 64

    [...]

  • Página 65

    Prestige 334W User ’s Gui de Bandwidth M anagement Setup 4-1 Chapter 4 Media Bandwidth Management Setup This chapter provides information on the bandwidth management setup screens in the web configurator. 4.1 Media Bandwid th Management Setup Overview The web conf igurator’s BW SETUP allows you to specify ba ndwidth cla sses based on an a pplic[...]

  • Página 66

    Prestige 334W User ’s Gui de 4-2 Bandwid th Management Setup Table 4-1 Media Bandwidth Managem ent Setup 1 LA BE L DESCRIPTION Active Select the Ac t i ve check bo x to have the Prestige apply ban dwidth management to traffic going out through the Prestige’s WAN, LAN or WLAN port. Managed Bandwidth (Kbps) Enter the amount of Managed Bandwidth i[...]

  • Página 67

    Prestige 334W User ’s Gui de Bandwidth M anagement Setup 4-3 Table 4-2 Media Bandwidth Management Setup 2: Services LA BE L DESCRIPTION Choose Channel ID Create band width management classes by sele cting servic es from the list provided.  XBox Live  VoIP (SIP)  FTP  E-Mail  eMule/eDonkey  WWW For a detailed description of these[...]

  • Página 68

    Prestige 334W User ’s Gui de 4-4 Bandwid th Management Setup Table 4-3 Media Bandwidth Management Setup 3: Service Priority LA BE L DESCRIPTION Service These fields display the serv ic es selected in the previous screen. Priority Select High , Mid or Low priority for each service to have your Prestige use a priorit y for traffic that matches that[...]

  • Página 69

    System, LAN, WLAN and WAN II Part II: System, LAN, WLAN and WAN This part covers config uration of t he system, LAN, WLAN and W AN screens.[...]

  • Página 70

    [...]

  • Página 71

    Prestige 334W User’s Gui de System Screens 5-1 Chapter 5 System Screens This chapter provides information on the System screens. 5.1 System Overview See the Wizard Setup cha pter for more infor mation on the next few screens. 5.2 Configuring General Setup Click SYSTEM to open the General screen. Figure 5-1 System General Setup[...]

  • Página 72

    Prestige 334W User’s Gui de 5-2 System Screens The following table describes the labels in this screen. Table 5-1 System General Setup LABEL DESCRIPTION System Name Choose a descriptive name for i dentification purposes. It is recommended you enter your computer’s “Computer name” in this fiel d (see the Wizard Setup chapter for how to find [...]

  • Página 73

    Prestige 334W User’s Gui de System Screens 5-3 5.3 Dynamic DNS Dynamic DNS allows you to update your curr ent dynamic IP address with one or many dynamic DNS services so that anyone can c ontact you (in NetMee ting, CU-SeeMe, etc.). Yo u can also a ccess your FTP server or We b site on yo ur own comput er using a dom ain name (fo r instance m yho[...]

  • Página 74

    Prestige 334W User’s Gui de 5-4 System Screens Figure 5-2 DDNS The following table describes the labels in this screen. Table 5-2 DDNS LABEL DESCRIPTION Active Select this che ck box to use dynamic DNS. Service Provider Select the name of your Dynamic DNS service provi der. DDNS Type Select the t ype of service that you are register ed for from y[...]

  • Página 75

    Prestige 334W User’s Gui de System Screens 5-5 Table 5-2 DDNS LABEL DESCRIPTION Host Names 1~3 Enter the host names in the three fields provided. You can specif y up to two host names in each field separated by a comma (","). User Enter your user name. Password Enter the password assigned to you. Enable Wildcard Select the check box to [...]

  • Página 76

    Prestige 334W User’s Gui de 5-6 System Screens Figure 5-3 Password The following table describes the labels in this screen. Table 5-3 Password LABEL DESCRIPTION Old Password Type the default password or the ex isting p assword you use to access the system in this field. New Password Type the ne w password in this field. Retype to Confirm T ype th[...]

  • Página 77

    Prestige 334W User’s Gui de System Screens 5-7 Figure 5-4 Time Setting The following table describes the labels in this screen. Table 5-4 Time Setting LABEL DESCRIPTION Use Time Server when Boo tup Select the time service protocol that y our time server sends when you turn on the Prestige. Not all time servers support all pr otocols, so you may h[...]

  • Página 78

    Prestige 334W User’s Gui de 5-8 System Screens Table 5-4 Time Setting LABEL DESCRIPTION Time Server IP Address Enter the IP address of your time server. Check with your ISP/network administrator if you are unsure of this information. Current Time This field displays the time of your Prestige. Each time you reload this page, the Presti ge s ynchro[...]

  • Página 79

    Prestige 334W User’s Gui de LAN Screens 6-1 Chapter 6 LAN Screens This chapter describes how to configure LAN settings. 6.1 LAN Overview Local Area Network (L AN) is a shared comm unication sy stem to which many com puters are attached. The LAN screens can help you configure a LAN DHCP server , manag e IP addresses, and partition your physical ne[...]

  • Página 80

    Prestige 334W User’s Gui de 6-2 LAN Screens These param eters should wor k for the m ajority of in stallations. If your ISP gi ves you explicit DNS server address(es), read the em bedded we b confi gurator help re garding w hat fields need to be configure d. 6.3.2 IP Address and Subnet Mask Refer to the IP Address and Subnet Mask section in the W[...]

  • Página 81

    Prestige 334W User’s Gui de LAN Screens 6-3 6.4 Any IP Traditionally, you must set the IP addresses and the subnet masks of a computer and the Prestige to be in th e same subnet to allow the com puter to access the Inte rnet (through the Prestige ). In cases where your computer is required to use a static IP address in an other network, y ou may [...]

  • Página 82

    Prestige 334W User’s Gui de 6-4 LAN Screens Y ou must enable NA T/SUA to use the Any IP featu re on the Prestige. 6.4.1 How Any IP W orks Address Resol ution Prot ocol (ARP) i s a protocol for mappi ng an Inter net Protocol address (IP ad dress) to a physical machine address, also known as a Media Access Control or MAC address, on the local area [...]

  • Página 83

    Prestige 334W User’s Gui de LAN Screens 6-5 Figure 6-2 IP The following table describes the fields in this screen. Table 6-1 IP LABEL DESCRIPTION DHCP Server DHCP (Dynamic Host Configurat ion Protocol, RFC 2131 and RFC 2132) allows individual clients (computers) to obtain T CP/ IP configuration at st artup from a server. Leave the DHCP Ser ver ch[...]

  • Página 84

    Prestige 334W User’s Gui de 6-6 LAN Screens Table 6-1 IP LABEL DESCRIPTION Pool Size This field specifies the size, or count of the IP address p ool. DNS Servers Assigned by DHCP Server The Prestige passes a DNS (Domain Nam e System) serv er IP address (in the order you s pecify here) to the DHCP clients. The Prestige only passes this informa tio[...]

  • Página 85

    Prestige 334W User’s Gui de LAN Screens 6-7 Table 6-1 IP LABEL DESCRIPTION RIP Direction RIP (Routing Information Protocol, RFC1058 and RF C 1389) allows a router to exchange routing inform ati on with other routers. The RIP Direction field controls the sending and receiving of RIP packets . Select the RIP direction from Both / In Only / Out Only[...]

  • Página 86

    Prestige 334W User’s Gui de 6-8 LAN Screens Table 6-1 IP LABEL DESCRIPTION Allow from LAN to WAN Select this check box to forward NetBIOS packets from the LAN to the WAN and from the WAN to the LAN. If your firewall is enabled with the default polic y set to block WAN to LAN traffic, you also need to enable the def ault WAN to LAN firewall rule t[...]

  • Página 87

    Prestige 334W User’s Gui de LAN Screens 6-9 Table 6-2 Static DHCP LABEL DESCRIPTION # This is the index number of th e Static IP table entry (row). MAC Address Type the MAC address ( with colons) of a computer on your LAN. IP Address This field specifies the size, or count of the IP address p ool. Apply Click Apply to save your changes back to th[...]

  • Página 88

    Prestige 334W User’s Gui de 6-10 LAN Screens Table 6-3 IP Alias LABEL DESCRIPTION IP Alias 1,2 Select the ch eck box to conf igure anoth er LAN network for the Prestige. IP Address Enter the IP address of your Prestige i n dotted decimal notation. IP Subnet Mask Your Prestige will automatically calculate the subnet mask based on the IP address th[...]

  • Página 89

    Prestige 334W User’s Gui de Wireless Configuration and Roamin g 7-1 Chapter 7 Wireless Configuration and Roaming This chapter discusses how to configure the Wireless and Roaming screen s on the Prestige. 7.1 Wireless LAN Overview This section introduces the wireless LA N(WLAN) and so me bas ic scenar ios. 7.1.1 IBSS An Independent Basic Service S[...]

  • Página 90

    Prestige 334W User’s Gui de 7-2 Wireless Configuration and Roaming Figure 7-2 Basic Service set 7.1.3 ESS An Extended Service Set (ESS) consists of a series of overlappi ng BSSs, each contai ning an access point, with each access point conne cted together by a wired ne twork. This wired connection between APs is called a Distribution System (DS).[...]

  • Página 91

    Prestige 334W User’s Gui de Wireless Configuration and Roamin g 7-3 Figure 7-3 Extended Service Set 7.2 Wireless LAN Basics Refer also to the Wizard Setup chapter for more backgro und information on Wireless LAN features, suc h as channels. 7.2.1 RTS/CTS A hidden node occurs when two stati ons are within range of the sam e acce ss point, but are [...]

  • Página 92

    Prestige 334W User’s Gui de 7-4 Wireless Configuration and Roaming Figure 7-4 RTS/CTS When station A sends data to the Prestige, it migh t not know that station B is already using the channel . If these two stations send data at the same time, co llisions may occur when both sets of data arrive at the AP at the same time, resulting in a loss of m[...]

  • Página 93

    Prestige 334W User’s Gui de Wireless Configuration and Roamin g 7-5 A large Fragmentation Threshold is recommended for networks no t prone to interferen ce while you should set a smaller t hreshold for b usy networks or networks t hat are prone to inte rference. If the Fragmentation Thres hold value is smaller than th e RTS/CTS value (see previou[...]

  • Página 94

    Prestige 334W User’s Gui de 7-6 Wireless Configuration and Roaming Table 7-1 Wireless LABEL DESCRIPTION ESSID (Extended Ser vice Set IDentity) The ESSI D identifi es the Service Set with which a wireless station is associated . Wireless stations associating to the access point (AP) must have the same ESSID. Enter a descrip tive name (up to 32 pri[...]

  • Página 95

    Prestige 334W User’s Gui de Wireless Configuration and Roamin g 7-7 The roaming feature on the access po ints allows the access points to rela y inform ation about the wireless stations to eac h other. When a wireless stat ion moves fr om a coverage are a to another , it scans and uses the channel of a new access point, which t hen informs th e a[...]

  • Página 96

    Prestige 334W User’s Gui de 7-8 Wireless Configuration and Roaming 7.4.1 Requirement s for Roaming The following requirements must be met in order for wi reless stations to roam between t he coverage ar eas. 1. All the access points m ust be on the same subnet and configure d with the sam e ESSID. 2. If IEEE 802.1x user authentication is ena bled[...]

  • Página 97

    Prestige 334W User’s Gui de Wireless Configuration and Roamin g 7-9 Table 7-2 Roaming LABEL DESCRIPTION Port Enter the port number to communic ate roaming information between APs. The port number must be the same on all APs. The defaul t is 3517. Make sure this port is not used by other services. Apply Click Apply to save your changes back to the[...]

  • Página 98

    [...]

  • Página 99

    Prestige 334W User’s Gui de Wireless Security 8-1 Chapter 8 Wireless Security This Chapter describes how to use the MAC F ilter, 802.1x, Local User Database and RADIUS to configure wireless security on your Prestige. 8.1 Wireless Security Overview Wireless security is vital to your network to prot ect wireless communicati on between wireless stat[...]

  • Página 100

    Prestige 334W User’s Gui de 8-2 Wireless Security Figure 8-2 Wireless: No Security The following table describes the labels in this screen. Table 8-1 Wireless: No Security LABEL DESCRIPTION Security Choose from one of the securit y features listed in the drop-down box.  No Security  Static WEP  WPA-PSK  WPA  802.1x + Dynamic WEP ?[...]

  • Página 101

    Prestige 334W User’s Gui de Wireless Security 8-3 Table 8-1 Wireless: No Security LABEL DESCRIPTION 802.11 Mode Select 802.11b Only to allow only IEEE 802.11b compliant WLAN devices to associate with the Prestige. Select 802.11g Only to allow only IEEE 802.11g compliant WLAN devices to associate with the Prestige. Select Mixed to allow either IEE[...]

  • Página 102

    Prestige 334W User’s Gui de 8-4 Wireless Security Table 8-2 Wireless Security Relational Matrix AUTHENTICATION METHOD/ KEY MANAGEMENT PROTOCOL ENCRYPTION METHOD ENTER MA NUA L KEY IEEE 802.1X Yes Enable without Dynamic WEP Key Yes Disable WPA WEP No Enable WPA TKIP No Enable WPA-PSK WEP Yes Enable WPA-PSK TKIP Yes Enable 8.3 WEP Overview WEP (Wir[...]

  • Página 103

    Prestige 334W User’s Gui de Wireless Security 8-5 Figure 8-3 WEP Authentication Steps Open system authentication i nvolves an une ncrypted t wo-message proce dure. A wireles s station sends an open system authentication request to the AP, which will then automatically accep t and connect the wi reless station to the network. In effect, open syste[...]

  • Página 104

    Prestige 334W User’s Gui de 8-6 Wireless Security 8.3.3 Preamble T ype A preamble is used to synchro nize the transmission ti ming in your wireless network. There ar e two preamble modes: Long and Short . Short pream ble takes less tim e to process and minimi zes overhead, so i t should be use d in a good wi reless network en vironment whe n all [...]

  • Página 105

    Prestige 334W User’s Gui de Wireless Security 8-7 Figure 8-4 Wireless: Static WEP Encryption The following table d escribes the wireless LAN security lab els in this screen. Table 8-3 Wireless: Static WEP Encr yption LABEL DESCRIPTION WEP Encryption Select 64-bit WEP or 128-bit WEP to enable data encrypti on. Authentication Method This field is a[...]

  • Página 106

    Prestige 334W User’s Gui de 8-8 Wireless Security Table 8-3 Wireless: Static WEP Encr yption LABEL DESCRIPTION Hex Select this option in order to enter hexa decimal characters as the WEP keys. The preceding "0 x", that identifies a hexadec imal key, is entered a utomatically. Key 1 to Key 4 The WEP keys are used to encr ypt data. Both t[...]

  • Página 107

    Prestige 334W User’s Gui de Wireless Security 8-9 8.5.1 User Authentication WPA applies IEEE 802.1x a nd Extensible Authenticati on Protocol (EAP) to authenticate wireless clients using an exte rnal RADIUS database. You can’t use the Prestige’s Local User Database for WPA authentication purposes since the Local User Database uses EAP M D5, wh[...]

  • Página 108

    Prestige 334W User’s Gui de 8-10 Wireless Security Step 3. The AP derive s and distrib utes keys t o the wireless cli ents. Step 4. The AP and wireless clients use the TKIP encryp ti on process to e ncrypt da ta exchanged between them. Figure 8-5 WPA - PSK Authentica tion 8.6 Configuring WP A-PSK Authentication In order to configure and enable WP[...]

  • Página 109

    Prestige 334W User’s Gui de Wireless Security 8-11 Figure 8-6 Wireless: WPA-PSK The following table describes the labels in this screen. Table 8-4 Wireless: WPA-PSK LABEL DESCRIPTION Pre-Shared Key T he encryption mechanisms used for WP A and WPA -PSK are the same. The only difference between the t wo is that WPA-PSK uses a simple common password[...]

  • Página 110

    Prestige 334W User’s Gui de 8-12 Wireless Security Table 8-4 Wireless: WPA-PSK LABEL DESCRIPTION ReAuthentication Timer (in seconds) Specify how often wireless stations have to reenter usern ames and passwords in order to stay connected. Enter a time interval bet ween 10 and 9999 seconds. The default time interval is 1800 seconds (30 minutes). If[...]

  • Página 111

    Prestige 334W User’s Gui de Wireless Security 8-13 8.7 Wireless Client WP A Supplicant s A wireless client supplicant is the software that runs on an operatin g system instructing the wi reless client how to use WPA. At the time of writing, the most widely available supplicants are the WPA patch fo r Windows XP, Funk Softwar e's Odyssey clie[...]

  • Página 112

    Prestige 334W User’s Gui de 8-14 Wireless Security Figure 8-7 WPA with RADIUS Application Example 8.8 Configuring WP A Authentication In order to configure and en able WPA Authentication; click th e WIRELESS lin k under ADVANCED to display the Wireless screen. Select WPA from the Security list.[...]

  • Página 113

    Prestige 334W User’s Gui de Wireless Security 8-15 Figure 8-8 Wireless: WPA The following table describes the labels in this screen. Table 8-5 Wireless: WPA LABEL DESCRIPTION ReAuthentication Timer (in seconds) Specify how often wireless stations have to reenter usern ames and passwords in order to stay connected. Enter a time interval bet ween 1[...]

  • Página 114

    Prestige 334W User’s Gui de 8-16 Wireless Security Table 8-5 Wireless: WPA LABEL DESCRIPTION WPA Group Key Update Timer The WPA Group Key Update Timer is the rate at which the AP (if using WPA-PSK key management) or RADIUS server (if using WPA key management) sends a new group key out to all clients. The re-k eying process is the WPA equiv alent [...]

  • Página 115

    Prestige 334W User’s Gui de Wireless Security 8-17 8.10 Dynamic WEP Key Exchange The AP m aps a unique key tha t is generate d with the RA DIUS server. T his key expires when the wi reless connection times out, disconnects or reauth entication times out. A new WEP key is generated each time reauthentication is performed. If this feature is enable[...]

  • Página 116

    Prestige 334W User’s Gui de 8-18 Wireless Security Figure 8-9 Wireless: 802.1x and Dy namic WEP The following table describes the labels in this screen. Table 8-6 Wireless: 802.1x and Dy namic WEP LABEL DESCRIPTION ReAuthentication Timer (in seconds) Specify how often wireless stations have to reenter usern ames and passwords in order to stay con[...]

  • Página 117

    Prestige 334W User’s Gui de Wireless Security 8-19 Table 8-6 Wireless: 802.1x and Dy namic WEP LABEL DESCRIPTION Dynamic WEP Key Exchange Select 64-bit WEP or 128-bit WEP to enabl e data encryption. Up to 32 stations ca n access the Prestige when you configure dyna mic WEP key exc hange.This field is not available when you set Security to WPA or [...]

  • Página 118

    Prestige 334W User’s Gui de 8-20 Wireless Security Figure 8-10 Wireless: 802.1x and Static WEP The following table describes the labels in this screen. Table 8-7 Wireless: 802.1x and Static WEP LABEL DESCRIPTION WEP Encryption Select 64-bit WEP or 128-bit WEP to enable data encryption. Authentication Method This field is activated when yo u selec[...]

  • Página 119

    Prestige 334W User’s Gui de Wireless Security 8-21 Table 8-7 Wireless: 802.1x and Static WEP LABEL DESCRIPTION ASCII Select this option in order to enter ASCII characters as the WEP key s. Hex Select this option in order to enter hexa decimal characters as the WEP keys. The preceding "0x", that ident ifies a hexadecimal key, is entered [...]

  • Página 120

    Prestige 334W User’s Gui de 8-22 Wireless Security Table 8-7 Wireless: 802.1x and Static WEP LABEL DESCRIPTION Authentication Databases The authentication databas e cont ains wireless station login information. The local user database is the built-in databas e on th e Prestige. The RADIUS is an externa l server. Use this drop-down list box to sel[...]

  • Página 121

    Prestige 334W User’s Gui de Wireless Security 8-23 Table 8-7 Wireless: 802.1x and Static WEP LABEL DESCRIPTION Apply Click Apply to save your changes back to the Prestige. Reset Click Reset to reload the pr evious configuration for this scre en. 8.13 Configuring 802.1x In order t o configure a nd enable 802.1x; cli ck the WIREL ESS link under ADV[...]

  • Página 122

    Prestige 334W User’s Gui de 8-24 Wireless Security Table 8-8 Wireless: 802.1x and No WEP LABEL DESCRIPTION ReAuthentication Timer (in seconds) Specify how often wireless stations have to reenter usern ames and passwords in order to stay connected. Enter a time interval bet ween 10 and 9999 seconds. The default time interval is 1800 seconds (30 mi[...]

  • Página 123

    Prestige 334W User’s Gui de Wireless Security 8-25 Table 8-8 Wireless: 802.1x and No WEP LABEL DESCRIPTION 802.11 Mode Select 802.11b Only to allow only IEEE 802.11b com pliant WLAN devices to associate with the Prestige. Select 802.11g Only to allow only IEEE 802.11g compliant WLAN devices to associate with the Prestige. Select Mixed to allow ei[...]

  • Página 124

    Prestige 334W User’s Gui de 8-26 Wireless Security Figure 8-12 MAC Address Filter The following table describes the labe ls in this menu. Table 8-9 MAC Address Filter LA BE L DESCRIPTION Active Select Yes from the drop down list box to enable MAC address filtering.[...]

  • Página 125

    Prestige 334W User’s Gui de Wireless Security 8-27 Table 8-9 MAC Address Filter LA BE L DESCRIPTION Filter Action Define the filter action for t he list of MAC addresses in the MAC A ddress table. Select Deny Association to block access to the Prestige, MAC addresses not listed will be allowed to access the Prestige Select Allow Association to pe[...]

  • Página 126

    Prestige 334W User’s Gui de 8-28 Wireless Security 8.16 Configuring Local User Dat abase To change your Prestig e’s local user datab ase, click the WIRELESS link un der ADVAN CED and then the Local User Database tab. The scr een app ears as show n. Figure 8-13 Local User Database[...]

  • Página 127

    Prestige 334W User’s Gui de Wireless Security 8-29 The following table describes the labels in this screen. Table 8-10 Local User Database LABEL DESCRIPTION Active Select this option to activate the user profile. User Name Enter the user name (up to 31 characters) for this user profile. Password T ype a password (up to 31 characters) for this use[...]

  • Página 128

    Prestige 334W User’s Gui de 8-30 Wireless Security • Access-Challenge Sent by a RADIUS server requesting m ore inform ation in order to allow access. The access point sends a proper response from the user and then sends another Access-Request m essage. The following types of RADIUS m essages are exchange d between t he access point and the R AD[...]

  • Página 129

    Prestige 334W User’s Gui de Wireless Security 8-31 • The wireless station sends a “start” message to the Prestige. • The Prestige sends a “request identity” message to the wireless station for identity information. • The wireless station replies with identity information, including username and password. • The RADIUS serve r check[...]

  • Página 130

    Prestige 334W User’s Gui de 8-32 Wireless Security Table 8-11 RADIUS LABEL DESCRIPTION Server IP Address Enter the IP address of the external authentication server in dotted dec imal notation. Port Number Enter the port number of the exte rnal authentication server. The default port number is 1812 . You need not change this value unl ess your net[...]

  • Página 131

    Prestige 334W User’s Gui de WAN Screens 9-1 Chapter 9 WAN Screens This chapter describes how to configure WAN settings. 9.1 W AN Overview See the Wizard Setup chapter for more inform ation on the fields in the WAN screens. 9.2 TCP/IP Priority (Metric) The metric represents the "cost of transmission". A ro uter determines the best route [...]

  • Página 132

    Prestige 334W User’s Gui de 9-2 WAN Scre ens Figure 9-1 WAN: Route The following table describes the lab els in this screen. Table 9-1 WAN: Route LABEL DESCRIPTION WAN Traf fic Redirect The default WAN connection is "1' as your broadband connection vi a the WAN port should always be your preferred method of accessing the WAN. T he defau[...]

  • Página 133

    Prestige 334W User’s Gui de WAN Screens 9-3 Figure 9-2 Ethernet Encapsulation The following table describes the labels in this screen. Table 9-2 Ethernet Encapsulation LABEL DESCRIPTION Encapsulation You must choose the Ethernet opt ion when the WAN port is used as a regular Ethernet. Service Type Choose from Standard , Telst ra (RoadRunner Telst[...]

  • Página 134

    Prestige 334W User’s Gui de 9-4 WAN Scre ens Table 9-2 Ethernet Encapsulation LABEL DESCRIPTION Apply Click Apply to save your changes back to the Prestige. Reset Click Reset to begin co nfiguring this screen afresh. 9.4.2 PPPoE Encapsulation The Prestige s upports PPPoE (Point-to- Point Protoc ol over Ethernet) . PPPoE is a n IETF Draft standard[...]

  • Página 135

    Prestige 334W User’s Gui de WAN Screens 9-5 Figure 9-3 PPPoE Encapsulation The following table describes the labels in this screen. Table 9-3 PPPoE Encapsulation LABEL DESCRIPTION ISP Parameters fo r Internet Access Encapsulation The PPP over Ethernet choice is for a dial-up connection using PPPoE. The Prestige supports PPPoE (Point-to-Point Prot[...]

  • Página 136

    Prestige 334W User’s Gui de 9-6 WAN Scre ens Table 9-3 PPPoE Encapsulation LABEL DESCRIPTION Nailed-Up Connection Select Nailed-Up Connection if you do not want the connection to time out. Idle Timeout This value specifies the time i n seco nds that elapses before the router automatically disconnects from the PPPoE server. Apply Click Apply to sa[...]

  • Página 137

    Prestige 334W User’s Gui de WAN Screens 9-7 The following table describes the labels in this screen. Table 9-4 PPTP Encapsulation LABEL DESCRIPTION ISP Parameters fo r Internet Access Encapsulation Point-to-Point Tunneling Prot ocol (PPT P) is a network protocol that enabl es secure transfer of data from a remote client to a private server, creat[...]

  • Página 138

    Prestige 334W User’s Gui de 9-8 WAN Scre ens Figure 9-5 WAN: IP The following table describes the labels in this screen. Table 9-5 WAN: IP LA BE L DESCRIPTION WAN IP Address Assignment Get automatically from ISP Select this option If your ISP did not assign you a fixed IP address. T his is the default selection. Use fixed IP address Select this o[...]

  • Página 139

    Prestige 334W User’s Gui de WAN Screens 9-9 Table 9-5 WAN: IP LA BE L DESCRIPTION Remote IP Address Enter the Rem ote IP Address (if your I SP gave you one) in this field. Gateway/Remote IP Address Enter the gateway IP address (if your ISP gave you one) in this field if you selecte d Use Fixed IP Address . Network Address Translation Network Addr[...]

  • Página 140

    Prestige 334W User’s Gui de 9-10 WAN Screens Table 9-5 WAN: IP LA BE L DESCRIPTION RIP Direction RIP (Routing Information Protocol) al lo ws a router to exchange routing inf ormation with other routers. The RIP Direction field controls the sending and receiv ing of RIP packets. Choose Both , None , In Only or Out Only . When set to Both or Out On[...]

  • Página 141

    Prestige 334W User’s Gui de WAN Screens 9-11 Table 9-5 WAN: IP LA BE L DESCRIPTION Allow between WAN and LAN Select this check box to forward NetBIOS packets from the LAN to the WAN and from the WAN to the LAN. If your firewall is enabled with the default polic y set to block WAN to LAN traffic, you also need to enable the def ault WAN to LAN fir[...]

  • Página 142

    Prestige 334W User’s Gui de 9-12 WAN Screens 9.7 T r affic Redirect Traffic redirect forwards WA N traffic to a backup gate way when the Prestige canno t connect to t he Internet through its normal gateway. Conn ect the backup gatewa y on the WAN so that the Prestige still provides firewall protect ion. Figure 9-7 Traffic Redirect WAN Se tup The [...]

  • Página 143

    Prestige 334W User’s Gui de WAN Screens 9-13 9.8 Configuring T r affic Redirect To change your Prestige’s Traffic Redirect settin gs, click WAN , then the Traffic Redir ect tab. The screen appe ars as show n. Figure 9-9 WAN: Traffic Redirect The following table describes the labels in this screen. Table 9-6 WAN: Traffic Redirect LABEL DESCRIPTI[...]

  • Página 144

    Prestige 334W User’s Gui de 9-14 WAN Screens Table 9-6 WAN: Traffic Redirect LABEL DESCRIPTION Check WAN IP Address Configuration of this field is optiona l. If yo u do not enter an IP address here, the Prestige will use the default gate way IP address. Configur e this field to test your Prestige' s WAN accessibility. Type the IP address of [...]

  • Página 145

    NAT and Static Route III Part III: SUA/NAT and Static Route This part covers Network Address T r anslation and setting up static routes.[...]

  • Página 146

    [...]

  • Página 147

    Prestige 334W User’s Gui de NAT Screens 10-1 Chapter 10 Network Address Translation (NAT) Screens This chapter discusses how to configure NAT on the Prestige. 10.1 NA T Overview NAT (Network Address Tran slation - NAT, RFC 1631) is the translation of the IP addr ess of a host in a packet. For example, the so urce address of an outgoing pack et, u[...]

  • Página 148

    Prestige 334W User’s Gui de 10-2 NAT Screens NA T never changes the IP address (either local or global) of an outside host. 10.1.2 What NA T Does In the simplest form, NAT changes the source IP address in a pac ket recei ved from a subscriber (the inside local address) t o another (the inside gl obal address) before for warding the packet t o the[...]

  • Página 149

    Prestige 334W User’s Gui de NAT Screens 10-3 Figure 10-1 How NAT Works 10.1.4 NA T Application The following figure illu strates a possible NAT applicatio n, where three inside LANs (logical LANs using IP Alias) behind the Prestige can comm unicate with three distinct WAN networks. More examples follow at th e end of this chapter.[...]

  • Página 150

    Prestige 334W User’s Gui de 10-4 NAT Screens Figure 10-2 NAT Application With IP Alias 10.1.5 NA T Mapping T ypes NAT supports five types o f IP/port m apping. They are:  One to One : In One-to-One mode, the Pres tige maps one local IP address t o one global IP address.  Many to One : In Many-to-One m ode, the Prestige maps multiple local I[...]

  • Página 151

    Prestige 334W User’s Gui de NAT Screens 10-5  Many One-to-One : In Many-One-to-One mode, the Prestige m a ps each local IP address to a unique global IP address.  Server : This type allows you to sp ecify inside server s of different services b ehind the NAT to be accessible to the outside world. Port numbers do not change for One-to-One an[...]

  • Página 152

    Prestige 334W User’s Gui de 10-6 NAT Screens 10.2 Using NA T Y ou must create a fire wall rule in addition to setting up SUA/NA T , to allo w traffic from the W AN to be forwarded through the Prestige. 10.2.1 SUA (Single User Account) V ersus NA T SUA (Single User Account) is a ZyNOS implementati on of a su bset of NAT t hat supports t wo types o[...]

  • Página 153

    Prestige 334W User’s Gui de NAT Screens 10-7 21. In some cases, such as for unknown services or wh ere one serve r can support more than one service (for example bot h FTP and web service), it m ight be bett er to specify a range of port numbers. In addition to the servers for specified services, NAT supports a default server. A service request t[...]

  • Página 154

    Prestige 334W User’s Gui de 10-8 NAT Screens Figure 10-3 Multiple Servers Behind NAT Ex ample 10.4 Configuring SUA Server If you do not assign a Default Server IP Address, the Prestige di scards all p acket s received for port s that are not specifi ed in this screen or remote management. Click SUA/NAT to open the SUA Server s creen. Refer to Tab[...]

  • Página 155

    Prestige 334W User’s Gui de NAT Screens 10-9 Figure 10-4 SUA/NAT Setup The following table describes the labels in this screen. Table 10-4 SUA/NAT Setup LABEL DESCRIPTION Default Server In addition to the servers for specified services, NAT supp orts a default server. A default server receives packets from ports that are not specified in this scr[...]

  • Página 156

    Prestige 334W User’s Gui de 10-10 NAT Screens Table 10-4 SUA/NAT Setup LABEL DESCRIPTION # Number of an indivi dual SUA server entry. Active Select this check box to enable the SUA server entry. Clear this checkb ox to disallow forwarding of these ports to an inside server without having to delete the entry. Name Enter a name to identify this por[...]

  • Página 157

    Prestige 334W User’s Gui de NAT Screens 10-11 Figure 10-5 Address Mapping The following table describes the labels in this screen. Table 10-5 Address Mapping LABEL DESCRIPTION Local Start IP This refers to the Inside Local Address (ILA), which is the starting local IP address. If the rule is for all local IP addresses, t hen this field displays 0[...]

  • Página 158

    Prestige 334W User’s Gui de 10-12 NAT Screens Table 10-5 Address Mapping LABEL DESCRIPTION Type 1. One-to-One mode maps one local IP address to one global IP addr ess. Note that port numbers do not change for the One-to-one NAT mapping type. 2. Many-to-One mode maps multiple local IP addresses to one global IP address. T his is equivalent to SUA [...]

  • Página 159

    Prestige 334W User’s Gui de NAT Screens 10-13 Table 10-6 Address Mapping Edit LABEL DESCRIPTION Type Choose the po rt mapping type from one of the following. 1. One-to-One : One-to-one mode maps one local IP addres s to one global IP address. Note that port numbers do not change for One-to-one NAT mapping type. 2. Many-to-One : Many-to-One mode m[...]

  • Página 160

    Prestige 334W User’s Gui de 10-14 NAT Screens receives a response wit h a specific port num ber and pr otocol ("i ncoming" port), the Prestige forwards the traffic to the LAN IP address of the c omputer that sent t he request. After that com puter’s connection for that service closes, another com puter on the LAN can use th e service [...]

  • Página 161

    Prestige 334W User’s Gui de NAT Screens 10-15 Only one LAN computer can use a trigger port (range) at a time. Figure 10-8 Trigger Port The following table describes the labels in this screen. Table 10-7 Trigger Port LABEL DESCRIPTION # This is the rule inde x number (read-only).[...]

  • Página 162

    Prestige 334W User’s Gui de 10-16 NAT Screens Table 10-7 Trigger Port LABEL DESCRIPTION Name Type a uniqu e name (up to 15 characters) fo r identificatio n purposes. All characters are permitted - including spaces. Incoming Incoming is a port (or a range of ports) that a server on the WAN uses when it sends out a particular service. The Prestige [...]

  • Página 163

    Prestige 334W User’s Gui de Static Route Screens 11-1 Chapter 11 Static Route Screens This chapter shows you how to configu re static routes for your Prestige. 11.1 S t atic Route Overview Each remote n ode specifies o nly the network t o which the gat eway is direct ly connected, an d the Prestige has no knowledge of the net works beyon d. For i[...]

  • Página 164

    Prestige 334W User’s Gui de 11-2 Static Route Screens Figure 11-2 Static Route The following table describes the labels in this screen. Table 11-1 Static Route LABEL DESCRIPTION # Number of an individual static route. Name Name that des cribes or identifies this route. Active T his field shows whether this static route is active ( Yes ) or not ( [...]

  • Página 165

    Prestige 334W User’s Gui de Static Route Screens 11-3 Figure 11-3 Static Route: Edit The following table describes the labels in this screen. Table 11-2 Static Route: Edit LABEL DESCRIPTION Route Name Enter the name of the IP static route. Leave this field b l ank to delete this static route. Active This field allo ws you to acti vate/deactivate [...]

  • Página 166

    Prestige 334W User’s Gui de 11-4 Static Route Screens Table 11-2 Static Route: Edit LABEL DESCRIPTION Private T his parameter determines if the Prestige will include this route to a remote node in its RIP broadcasts. Select this check box to keep this route privat e and not included in RIP broadcasts. Clear this checkbox to propagate this r oute [...]

  • Página 167

    UPnP and Firewall IV Part IV: UPnP and Firewall This part prov ides information and configuration in struction s for configuration of Universal Plug and Play , firewall and content filtering.[...]

  • Página 168

    [...]

  • Página 169

    Prestige 334W User’s Gui de UPnP 12-1 Chapter 12 UPnP This chapter introduces the Universal Plug and Play feature. 12.1 Universal Plug and Play Overview Universal Plug and Play (UPn P) is a distri buted, open net working standar d that uses TCP/ IP for simpl e peer-to-peer network connectiv ity between dev ices. A UP nP device can dynamically joi[...]

  • Página 170

    Prestige 334W User’s Gui de 12-2 UPnP 12.1.3 Cautions with UPnP The automat ed nature of N AT traversal a pplications i n establishin g their own ser vices and ope ning fire wall ports may present networ k security issues . Network i nformation an d configurat ion may also be obtained and modifi ed by users in some netwo rk environm ents. All UPn[...]

  • Página 171

    Prestige 334W User’s Gui de UPnP 12-3 Figure 12-1 Configuring UPnP The following table describes the labels in this screen. Table 12-1 Configuring UPnP LA BE L DESCRIPTION Enable the Universal Plug and Play (UPnP) feature Select this checkbox to activate UPnP. Be aware that anyone cou ld use a UPnP application to open the web config urator' [...]

  • Página 172

    Prestige 334W User’s Gui de 12-4 UPnP 12.4 Inst alling UPnP in Windows Example This section shows how to install UPn P in Windows Me and Windows XP. 12.4.1 Inst alling UPnP in Windows Me Follow the steps below to install UPnP in Windo ws Me. Step 1. Click Start and Control Panel . Double-click Add/Remove Programs . Step 2. Click on th e Windows S[...]

  • Página 173

    Prestige 334W User’s Gui de UPnP 12-5 Step 1. Click Start and Control Pan el . Step 2. Double-click Network Connections . Step 3. In the Network Connecti ons window, click Advanced in the main menu and select Optional Networking Components … . The Windows Opti onal Networki ng Components Wizard window displays. Step 4. Select Networking Service[...]

  • Página 174

    Prestige 334W User’s Gui de 12-6 UPnP 12.5 Using UPnP in Windows XP Example This section sh ows you how t o use the UP nP feat ure in Windows XP. You must alread y have UPnP installed in Wind ows XP and UPnP activated on the ZyXEL device. Make sure the com puter is connected to a LAN port of the ZyXEL device. Turn on your com puter and the ZyXEL [...]

  • Página 175

    Prestige 334W User’s Gui de UPnP 12-7 Step 3. In the Internet Connection Properties window, click Settings to see the port mappings that were aut omatically created. Step 4. You may edit or delete th e port mappings or cli ck Add to manually add port m appings.[...]

  • Página 176

    Prestige 334W User’s Gui de 12-8 UPnP When the UPnP-enabled device is disconn ected from your computer , all port mappings will be deleted automaticall y . Step 5. Select the Show icon in notification area when connected check box and click OK . An icon displays in the system tray Step 6. Double- click the icon to display your cu rrent Internet c[...]

  • Página 177

    Prestige 334W User’s Gui de UPnP 12-9 Step 1. Click Start and then Control Panel . Step 2. Double-click Network Connections . Step 3. Select My Network Places unde r Other Places . Step 4. An icon with the description for each UPnP-enabl ed device displa ys under Local Network . Step 5. Right-click the icon for yo ur ZyXEL device and sele ct Invo[...]

  • Página 178

    Prestige 334W User’s Gui de 12-10 UPnP Step 6. Right-click the icon for yo ur ZyXEL device and sele ct Properties . A properties window displays with b asic information about the ZyXEL device.[...]

  • Página 179

    Prestige 334W User’s Gui de Firewall 13-1 Chapter 13 Firewall This chapter gives som e background inform ation on firewalls and explains h ow to get started with the Prestige firewall. 13.1 Introduction What is a Firewall? Originally, the term firewal l referred to a construction techniqu e designed to prevent th e spread of fire from one room to[...]

  • Página 180

    Prestige 334W User’s Gui de 13-2 Firewall Prestige can be used to pre vent theft, destr uction and m odificati on of data, as well as log e vents, which m ay be important to the securi ty of you r network. The Prestige is installed between th e LAN and a broadba nd modem connecting to the Internet. Th is allows it to act as a secure gateway for a[...]

  • Página 181

    Prestige 334W User’s Gui de Firewall 13-3 13.2 Firewall Settings Screen From the MAIN MEN U , click FIREWALL to ope n the Settings screen. Figure 13-1 Fire w all: Settings The following table describes the labels in this screen. Table 13-1 Firewall: Settings LA BE L DESCRIPTION Enable Firewall Select this che ck box to activate the firewall. The [...]

  • Página 182

    Prestige 334W User’s Gui de 13-4 Firewall Table 13-1 Firewall: Settings LA BE L DESCRIPTION LAN to WAN T o log packets related to fire wall rules, make sure that Access C ontrol under Log is selected in the Logs , Log Settings screen. Packets to Log Choose what LAN to WA N packets to log. Choose from:  No Log  Log Blocked (block ed LAN to W[...]

  • Página 183

    Prestige 334W User’s Gui de Firewall 13-5 13.3 The Firewall, NA T a nd Remote Management Figure 13-2 Fire w all Rule Directions 13.3.1 LAN-to-W AN rules LAN-to-WAN rules are lo cal network to Internet firewall rule s. The default is to forward all traffic from your local network to the In ternet. How can you block certain LAN to WA N traffic ? Yo[...]

  • Página 184

    Prestige 334W User’s Gui de 13-6 Firewall How can you forward certain WAN to LAN traffic ? You may allow traffic originating from the WAN to be forwarded to t he LAN by:  Configu ring NAT port forward ing rules in the web co nfigurator SUA Server screen or SMT NAT menus.  Configu ring One-to- One and Many-One-to-One NAT mapping rule s in th[...]

  • Página 185

    Prestige 334W User’s Gui de Firewall 13-7 Figure 13-3 Fire w all: Filter The following table describes the labels in this screen. Table 13-2 Firewall: Filter LA BE L DESCRIPTION Restricted Web Features ActiveX ActiveX is a tool for building dynamic and act ive Web pages and distri buted object applications. When yo u visit an ActiveX Web site, Ac[...]

  • Página 186

    Prestige 334W User’s Gui de 13-8 Firewall Table 13-2 Firewall: Filter LA BE L DESCRIPTION Java Java is a programming language and d evelopment environment for building downloadable Web compo nents or Internet and intranet business appl ications of all kinds. Cookies Web servers that track usage and provid e service based on ID use cookies . Web P[...]

  • Página 187

    Prestige 334W User’s Gui de Firewall 13-9 Figure 13-4 Fire w all: Service The following table describes the labels in this screen. Table 13-3 Firewall: Service LA BE L DESCRIPTION Enable Services Blocking Select this check box to enable this feature. Available Service This is a list of pre-defined ser vices (ports) you may proh ibit your LAN comp[...]

  • Página 188

    Prestige 334W User’s Gui de 13-10 Firewall Table 13-3 Firewall: Service LA BE L DESCRIPTION Blocked Service This is a list of services (ports) that will be inaccessible to c omputers on your LAN once you enable service b locking. Choose the IP port ( TCP , UDP or TCP / UDP ) that defines your customized por t from the drop do wn list box. Custom [...]

  • Página 189

    Remote Management and VPN/IPSec V Part V: Remote Management and VPN/IPSec This part prov ides information and configurati on instruction s for configuration of remote management and VPN/IPSec.[...]

  • Página 190

    [...]

  • Página 191

    Prestige 334W User’s Gui de Remote Management Screens 14-1 Chapter 14 Remote Management Screens This chapter provides information on the Remote Management screens. 14.1 Remote Management Overview Remote management allows you to determine which services/protocols can acces s which Prestige interface (if any) fr om which c omputers . When you confi[...]

  • Página 192

    Prestige 334W User’s Gui de 14-2 Remote Management Screens 14.1.1 Remote Management Limit ations Remote ma nagement ove r LAN or WAN will not work when: 1. A filter in SMT menu 3.1 (LAN) or in m enu 11.5 (WAN) is applied to block a Telnet, FTP or Web service. 2. You have di sabled that ser vice in one of the rem ote management screen s. 3. The IP[...]

  • Página 193

    Prestige 334W User’s Gui de Remote Management Screens 14-3 Figure 14-1 Remote Man agement: WWW The following table describes the labels in this screen. Table 14-1 Remote Management: WWW LABEL DESCRIPTION Server Port You may chan ge the server port num ber for a service if ne eded, however you must use the same port number in order to us e that se[...]

  • Página 194

    Prestige 334W User’s Gui de 14-4 Remote Management Screens 14.3 Configuring T elnet You can configure y our Prestige for remote Telnet acce ss as shown next. The adm inistrator uses Telnet from a computer on a rem ote ne twork to access the Prestige. Figure 14-2 Telnet Confi guration on a TCP/IP Network 14.4 Configuring TELNET Click REMOTE MGMT a[...]

  • Página 195

    Prestige 334W User’s Gui de Remote Management Screens 14-5 Figure 14-3 Remote Management: Te lnet The following table describes the labels in this screen. Table 14-2 Remote Management: Telnet LABEL DESCRIPTION Server Port You may chan ge the server port num ber for a service if ne eded, however you must use the same port number in order to us e t[...]

  • Página 196

    Prestige 334W User’s Gui de 14-6 Remote Management Screens 14.5 Configuring FTP You can uploa d and downl oad the Presti ge’s firmware a nd configuration files using FTP , please see the chapter on firmware and configuration file maintenance for details. To use this feature, your computer must have an FTP cl ient. To change your Prestige’s FT[...]

  • Página 197

    Prestige 334W User’s Gui de Remote Management Screens 14-7 Table 14-3 Remote Management: FTP LABEL DESCRIPTION Secured Client IP Address A secured client is a “trusted” computer that is allowed to communicate with the Prestige using this service. Select Al l to allo w any computer to access the Prestige using this service. Choose Selected to [...]

  • Página 198

    Prestige 334W User’s Gui de 14-8 Remote Management Screens SNMP is only available if TCP/IP is configured. Figure 14-5 SNMP Management Mod el An SNMP m anaged netwo rk consists of t wo ma in types of com ponent: agent s and a m anager. An agent is a manageme nt software mod ule that resides i n a managed d evice (the Pres tige). An agent translat[...]

  • Página 199

    Prestige 334W User’s Gui de Remote Management Screens 14-9 SNMP itself i s a simple reque st/response pr otocol base d on the m anager/agent model . The ma nager issues a request and the agent returns responses usi ng the follo wing protoc ol operat ions: • Get - Allows the manager to retrieve an object variable from the agent. • GetNext - Al[...]

  • Página 200

    Prestige 334W User’s Gui de 14-10 Remote Management Screens 14.6.3 Configuring SNMP To change your Prestige’s SNMP setting s, click RE MOTE MGMT , then the SNMP tab. The sc reen app ears as shown. Figure 14-6 Remote Management: SNMP The following table describes the labels in this screen.[...]

  • Página 201

    Prestige 334W User’s Gui de Remote Management Screens 14-11 Table 14-5 Remote Management: SNMP LABEL DESCRIPTION SNMP Configuration Get Community Enter the Get Community , which is the password for the incoming Get and GetNext requests from the management station. T he default is public and al lows all requests. Set Community Enter the Set commun[...]

  • Página 202

    Prestige 334W User’s Gui de 14-12 Remote Management Screens T o change your Prestige’ s DNS settings, click REMOTE MGMT , t hen the DNS tab. The screen appears as shown. Figure 14-7 Remote Management: DNS The following table describes the labels in this screen. Table 14-6 Remote Management: DNS LABEL DESCRIPTION Server Port The DNS service port[...]

  • Página 203

    Prestige 334W User’s Gui de Remote Management Screens 14-13 14.8 Configuring Security T o change your Prestige’ s security settings, click REMOTE MG MT , then th e Security tab. The screen appe ars as show n. If an outside user attempts to probe an unsupported po rt on your Prestige, an ICMP response packet is automatically returned. This allow[...]

  • Página 204

    Prestige 334W User’s Gui de 14-14 Remote Management Screens Table 14-7 Security LABEL DESCRIPTION Respond to Ping on The Prestige will not respond to an y incoming Ping requests when Disable is selected. Select LA N to reply to incoming LAN Pi ng requests . Select WA N to reply to incoming WAN Ping requests. Otherwise select L AN & WAN to rep[...]

  • Página 205

    Prestige 334W User’s Gui de Introduction to IPSec 15-1 Chapter 15 Introduction to IPSec This chapter introduces the basics of IPSec VPNs 15.1 VPN Overview A VPN (Virt ual Private Net work) provi des secure com munications between sites without the expe nse of leased site-to-site lines. A secure VPN is a com bination of tunn eling, encryption, aut[...]

  • Página 206

    Prestige 334W User’s Gui de 15-2 Introduction to IPSec Figure 15-1 Encryption and Dec ryption  Data Confidentiality The IPSec sender can enc rypt packets befo re transm itting them across a network.  Data Integrity The IPSec receiver ca n validate pack ets sent by the IPSec sender to e n sure that the data has not been altered durin g trans[...]

  • Página 207

    Prestige 334W User’s Gui de Introduction to IPSec 15-3 15.2 IPSec Architecture The overall IPSec architect ure is shown as follows. Figure 15-2 IPSec Architecture 15.2.1 IPSec Algorithms The ESP (Encapsulat ing Securit y Payload) Protocol (RFC 2406) and AH (Authe ntication Heade r) protocol (RFC 2402) describe the packet formats and the default s[...]

  • Página 208

    Prestige 334W User’s Gui de 15-4 Introduction to IPSec 15.2.2 Key Management Key managem ent allows you to determ ine whether to use IKE (ISAKMP) or manual key configurati on in order to set u p a VPN. 15.3 Encap sulation The two modes of ope ration for IPSec VPNs are Trans port m ode and Tunnel m ode. Figure 15-3 Transport and Tunnel Mo de IPSec[...]

  • Página 209

    Prestige 334W User’s Gui de Introduction to IPSec 15-5  Inside header : The inside IP header c ontains the dest ination IP a ddress of the final system behind the VPN gatew ay. The security protocol a ppears afte r the outer IP hea der and before the inside IP header. 15.4 IPSec and NA T Read this section if you ar e running IPSec on a host co[...]

  • Página 210

    [...]

  • Página 211

    Prestige 334W User’s Gui de VPN Screens 16-1 Chapter 16 VPN Screens This chapter introduces the VPN Web Configurator. See the Logs chapter for information on viewing logs and the Appendices for IPSec log descriptions. 16.1 VPN/IPSec Overview Use the screens docum ented in th is chapter to configure rules for VPN connecti ons and m anage VPN conne[...]

  • Página 212

    Prestige 334W User’s Gui de 16-2 VPN Screens 16.2.2 ESP (Encap sulating Secu rity Pay load) Protocol The ESP protocol (R FC 2406) pr ovides encry ption as wel l as some of t he services offe red by AH . ESP authenticating properties are limited com pared to the AH due to the non-inclusion of the IP header information during the authenticatio n pr[...]

  • Página 213

    Prestige 334W User’s Gui de VPN Screens 16-3 If the remote secure gateway has a static WAN IP address, enter it in the Secure Gateway Address field. You may alternatively enter the remote secure gateway’s domain name (if it has one) in the Secure Gateway Address field. You can also enter a remote secure ga teway’s domain name in the Secure Ga[...]

  • Página 214

    Prestige 334W User’s Gui de 16-4 VPN Screens Local and remote IP addresses m ust be static. Click VPN to open t he Summary screen. This is a read -only menu of your IPSec ru les (tunnels). Edit or create an IPSec rule by selecting an index number and t hen clicking Edit to configure the associated submenus. Figure 16-2 VPN: Summary The following [...]

  • Página 215

    Prestige 334W User’s Gui de VPN Screens 16-5 Table 16-2 VPN: Summary LABEL DESCRIPTION Remote Addr. This is the IP address(es) of com puter(s) on the remote network behind the remote IPSec router. A single (static) IP address is displayed when the Remote Address Start and Remote Address End/Mask fields in the Rule Setup IKE (or Manual ) screen ar[...]

  • Página 216

    Prestige 334W User’s Gui de 16-6 VPN Screens If the Prestige has its maxim um number of simultaneous IPSec tunnels connected to it and they all have keep alive enable d, then no ot her tunnels can ta ke a turn connecting to the Prestige bec ause the Prestige never drops the tunnels t hat are already connected. When there is outbound traffic with [...]

  • Página 217

    Prestige 334W User’s Gui de VPN Screens 16-7  Use ESP security protocol (in either transpor t or tunnel m ode).  Use IKE keying mode.  Enable NAT traversal on both IPSec endpoints. In order for IPSec router A (see the figure) to receive a n initiating IPS ec packet from IPSec router B, set the NAT router t o forwar d UDP port 500 to IPS [...]

  • Página 218

    Prestige 334W User’s Gui de 16-8 VPN Screens If you do not specify an Intranet DNS server on the remote network, then the VPN host must use IP addresses to access the compu ters on the remote net w ork. 16.8 ID T ype and Content With aggressiv e negotiati on mode (see Section 16.11.1 ), the Prestige identifies incoming SAs by ID type and content [...]

  • Página 219

    Prestige 334W User’s Gui de VPN Screens 16-9 Table 16-4 Peer ID Type and Conten t Fields PEER ID TYPE CONTENT IP Type the IP address of the computer wi th which you will make the VPN connection or leave the field blank to have t he Prestige automatically use the addr ess in the Secure Gateway A ddress field. DNS Ty pe a domain name (up to 31 char[...]

  • Página 220

    Prestige 334W User’s Gui de 16-10 VPN Screens Table 16-6 Mismatching ID Ty pe and Content Configuration Example PRESTIGE A PRESTIGE B Peer ID content: aa@yahoo.com Peer ID content: N/A 16.9 Pre-Shared Key A pre-shared key identifies a comm unicating party du ring a phase 1 IKE negotiati on (see Section 16. 11 for more on IKE phases). It is called[...]

  • Página 221

    Prestige 334W User’s Gui de VPN Screens 16-11 Figure 16-5 VPN: Rule Setup (Basic) The following table describes the labels in this screen.[...]

  • Página 222

    Prestige 334W User’s Gui de 16-12 VPN Screens Table 16-7 VPN: Rule Setup (Basic) LABEL DESCRIPTION Active Select this check bo x to activate th is VPN tunnel. This opt ion determines whether a VPN rule is applied before a packet leaves the firewall. Keep Alive Select this check box to have the Pr estige automatically re-initiate the SA after the [...]

  • Página 223

    Prestige 334W User’s Gui de VPN Screens 16-13 Table 16-7 VPN: Rule Setup (Basic) LABEL DESCRIPTION DNS Server (for IPSec VPN) If there is a private DNS server that serv ices the VPN, type its IP address here. The Prestige assigns this additional DNS serv er to the Prestige’s DHCP clients that have IP addresses in this IPSec rule's range of[...]

  • Página 224

    Prestige 334W User’s Gui de 16-14 VPN Screens Table 16-7 VPN: Rule Setup (Basic) LABEL DESCRIPTION Peer Content The configurat ion of the peer content d epends on the peer ID type.  For IP , type the IP address of the computer with which you will make the VPN connection. If you configure this field to 0.0.0.0 or leav e it blank, the Prestige w[...]

  • Página 225

    Prestige 334W User’s Gui de VPN Screens 16-15 Table 16-7 VPN: Rule Setup (Basic) LABEL DESCRIPTION Pre-Shared Key Type your pre-shared ke y in this fi eld. A pre-shared key identifies a communicating party during a phase 1 IKE negoti ation. It is called "pre-shared" becaus e you have to share it with another party before you can communi[...]

  • Página 226

    Prestige 334W User’s Gui de 16-16 VPN Screens Figure 16-6 T wo Phases to Set Up the IPSec SA In phase 1 you m ust:  Choose a negot iation m ode.  Authenticate the connection by en tering a pre-shar ed key.  Choo se an en cryption a lgorith m.  Choose an authentication algorith m.  Choose a D iffie-Hellman public-key cryp tography k[...]

  • Página 227

    Prestige 334W User’s Gui de VPN Screens 16-17  Choose Tunnel m ode or Transport mode.  Set the IPSec SA lifetime. This field allows yo u to determine how long the IPSec SA shou ld stay up before it times out. The Prestige automa tically renegotiates th e IPSec SA if there is traffic when the IPSec SA lifetim e period expires. The Prestige a[...]

  • Página 228

    Prestige 334W User’s Gui de 16-18 VPN Screens 16.11.3 Perfect Forward Secrecy (PFS) Enabling PFS means that the ke y is transient. The ke y is thrown a way and replace d by a brand new key using a new Di ffie-Hellman exchange for each new I PSec SA setup. With PFS enabled, if one key is compromi sed, previous an d subseque nt keys are not comprom[...]

  • Página 229

    Prestige 334W User’s Gui de VPN Screens 16-19 Figure 16-7 VPN IKE: Adv anced[...]

  • Página 230

    Prestige 334W User’s Gui de 16-20 VPN Screens The following table describes the labels in this screen. Table 16-8 VPN IKE: Advanced LABEL DESCRIPTION Active Select this check box to activate this VPN policy. Keep Alive Select this check box to turn on the Keep Alive feature for this SA. Turn on Keep Alive to have the Prestige aut omatically reini[...]

  • Página 231

    Prestige 334W User’s Gui de VPN Screens 16-21 Table 16-8 VPN IKE: Advanced LABEL DESCRIPTION Local Port End Enter a port number in this field to def ine a port range. This port numb er must be greater than that specified in the prev ious field (or equal to it for configuring an individual port). Remote Address Start Remote IP addresses must be st[...]

  • Página 232

    Prestige 334W User’s Gui de 16-22 VPN Screens Table 16-8 VPN IKE: Advanced LABEL DESCRIPTION Local Content When you select IP in the Local ID Ty pe field, type the IP address of your computer in the local Content field. The Prestige automatic ally uses the IP address in the My IP Address field (refer to the My IP Address field description) if you[...]

  • Página 233

    Prestige 334W User’s Gui de VPN Screens 16-23 Table 16-8 VPN IKE: Advanced LABEL DESCRIPTION Peer Content The configuration of t he peer content depe nds on the peer ID type.  For IP , type the IP address of the computer with which you will mak e the VPN connection. If you configure this fiel d to 0.0.0.0 or leave it blank, the Prestige will u[...]

  • Página 234

    Prestige 334W User’s Gui de 16-24 VPN Screens Table 16-8 VPN IKE: Advanced LABEL DESCRIPTION SA Life Time Define the length of time before an I KE SA automatically renegotiates in this field. It may range from 60 to 3,000,000 seconds (almost 35 days). A shor t SA Life Time increases securit y by forcing the two VPN gateways to update the encrypti[...]

  • Página 235

    Prestige 334W User’s Gui de VPN Screens 16-25 Table 16-8 VPN IKE: Advanced LABEL DESCRIPTION Authentication Algorithm Select SHA1 or MD5 from the drop-down list box. MD5 (Message Digest 5) and SHA1 (Secure Hash Algorithm) are hash al gorithms used to authenticate packet data. The SHA1 algorithm is generall y considered stronger than MD5, but is s[...]

  • Página 236

    Prestige 334W User’s Gui de 16-26 VPN Screens Current ZyXEL implement ation assumes identical outgoing and incoming SPIs. 16.14 Configuring Manual Key You only configu re VPN Manual Key when you select Manual in the IPSec Keying Mode field on the Rule Setup IKE screen. This is the Rule Se tup Manual screen as shown next.[...]

  • Página 237

    Prestige 334W User’s Gui de VPN Screens 16-27 Figure 16-8 Rule Setup: Manual The following table describes the labels in this screen.[...]

  • Página 238

    Prestige 334W User’s Gui de 16-28 VPN Screens Table 16-9 Rule Setup: Manual LABEL DESCRIPTION Active Select this check box to activate this VPN policy. IPSec Keying Mode Select IKE or Manual from the drop-down list box. Manual is a useful option for troubleshooting if you have p roblems using IKE key manageme nt. Protocol Number Enter 1 for ICMP,[...]

  • Página 239

    Prestige 334W User’s Gui de VPN Screens 16-29 Table 16-9 Rule Setup: Manual LABEL DESCRIPTION Remote Port End Enter a port number in this field to define a port range. This port number must be greater than that specifie d in the previous field. If Remote Port Start is left at 0, Remote Port End will also remain at 0. DNS Server (for IPSec VPN) If[...]

  • Página 240

    Prestige 334W User’s Gui de 16-30 VPN Screens Table 16-9 Rule Setup: Manual LABEL DESCRIPTION Authentication Algorithm Select SHA1 or MD5 from the drop-down list box. MD5 (Message Digest 5) and SHA1 (Secure Hash Algorithm) are has h al gorithms used to authenticate packet data. The SHA1 algorithm is generall y considered stronger than MD5 , but i[...]

  • Página 241

    Prestige 334W User’s Gui de VPN Screens 16-31 When there is outbound traffic but no inbound traffic, the SA times out automatically af ter tw o minutes. A tunnel with no outbound or inbound traffic is "idle" and does not timeout until the SA lifetime period expires. See section 16.6 on keep alive to have the Prestige renegotiate an I PS[...]

  • Página 242

    Prestige 334W User’s Gui de 16-32 VPN Screens Table 16-10 SA Monitor LABEL DESCRIPTION Previous Page (If applicable) Click Previous Page to view more items in the summary. Refresh Click Refresh to disp lay the current active VPN connection (s). Next Page (If applicable) Click Next Page to view more items in the summary. 16.16 Configuring Global S[...]

  • Página 243

    Prestige 334W User’s Gui de VPN Screens 16-33 Table 16-11 VPN: Global Setting LABEL DESCRIPTION Allow Through IP/Sec Tunnel Select this check box to send NetBIOS packets through the VPN connecti on. Apply Click Apply to save your changes back to the Prestige. Reset Click Reset to begin configuring this scree n afresh. 16.17 T elecommuter VPN/IPSe[...]

  • Página 244

    Prestige 334W User’s Gui de 16-34 VPN Screens Figure 16-11 Telecommuters Sharing One VPN Ru le Example 16.17.2 T elecommuters Using Unique VPN Rules Example With aggressiv e negotiati on mode (see sect ion 16.11.1 ), the Prestige can use the ID types and contents to distinguish between VPN rules. Tel ecommuters can each use a separate VPN rule to[...]

  • Página 245

    Prestige 334W User’s Gui de VPN Screens 16-35 Figure 16-12 Telecommuters Using Unique VPN Rules Example[...]

  • Página 246

    Prestige 334W User’s Gui de 16-36 VPN Screens 16.18 VPN and Remote Management If a VPN tu nnel uses a rem ote managem ent service port (Telnet, FT P, WWW SNMP, DNS or ICMP) a nd terminates at the Prestige’s LAN or WA N port , configure rem ote managem ent ( REMOTE MG NT ) to allow access for that service. If the VPN tunnel terminates at the Pre[...]

  • Página 247

    Logs, Media Bandwidth Manag ement and Maintenance VI Part VI: Logs, Media Bandwidth Management and Maintenance This part covers the cent ralized logs, media bandwid th management and mainte nance screens.[...]

  • Página 248

    [...]

  • Página 249

    Prestige 334W User’s Gui de Centralized Logs 17-1 Chapter 17 Centralized Logs This chapter contains info rmation about configurin g general log settings and viewing the Prestige’ s logs. Refer to the appendices for exampl e log message explanatio ns. 17.1 V iew Log The web configurator allows you to look at all of the Prestige’s logs in one l[...]

  • Página 250

    Prestige 334W User’s Gui de 17-2 Centralized Logs Table 17-1 View Logs LABEL DESCRIPTION Display The categories that you select in the Log Settings page (see section 17.2 ) display in the drop-down list box. Select a category of logs to view; select A ll Logs to view logs from all of the log categories that you selected in the Log Settings page. [...]

  • Página 251

    Prestige 334W User’s Gui de Centralized Logs 17-3 Figure 17-2 Log Settings[...]

  • Página 252

    Prestige 334W User’s Gui de 17-4 Centralized Logs The following table describes the labels in this screen. Table 17-2 log Settings LABEL DESCRIPTION Address Info Mail Server Enter the server name or the IP addr ess of the mail server for the e-mail address es specified below. If this field is left blank, logs and alert messages will not be sent v[...]

  • Página 253

    Prestige 334W User’s Gui de Centralized Logs 17-5 Table 17-2 log Settings LABEL DESCRIPTION Log Schedule T his drop-down menu is used to configure the frequency of log messages being sent as E-mail: • Daily • Weekly • Hourly • When Log is Full • None. If you select Weekly or Daily , specify a time of day when the E-mail should be sent. [...]

  • Página 254

    [...]

  • Página 255

    Prestige 334W User’s Gui de Media Bandwidth Management 18-1 Chapter 18 Media Bandwidth Management This chapter contains info rmation about conf iguring media bandwi dth management, editing rules and viewing the Prestige’ s media bandwidth management logs. 18.1 Bandwid th Management Overview ZyXEL’s Medi a Bandwidth Management al lows you to s[...]

  • Página 256

    Prestige 334W User’s Gui de 18-2 Media Bandwidth Management Figure 18-1 Application-based Band width Management Example 18.1.2 Subnet-based Bandwid th Management Example The following exam ple uses bandwidt h rules based sole ly on LAN subnets. Each bandwidth rule ( Subnet A and Subnet B) is allotted 320 Kbps. Figure 18-2 Subnet-based Band w idth[...]

  • Página 257

    Prestige 334W User’s Gui de Media Bandwidth Management 18-3 Figure 18-3 Application and Subnet-based Bandwidth Management Example 18.1.4 Bandwid th Usage Example Here is an exa mple of a Prest ige that has ba ndwidth usa ge enabled on an interface . The first fi gure shows each bandwidth rule’s bandwid th budget. The rules are set up based on s[...]

  • Página 258

    Prestige 334W User’s Gui de 18-4 Media Bandwidth Management The following fig ure shows the bandwidth usa ge with the maxim ize bandwidth usage option enabled. The Prestige divide s up the unbudgeted 64 Kbps among the rules that require more bandwidth. If the administ ration departm ent only uses 32 Kbps of the budgete d 64 Kbps, t he Prestige al[...]

  • Página 259

    Prestige 334W User’s Gui de Media Bandwidth Management 18-5 Table 18-2 Media Band width Management Priorities Priority Levels: Traffic with a higher priority gets through faster while traffic with a lo wer priority is dropped if the net work is congested. High Typically used for voice traffic or video that is especiall y sensitive to jitter (jitt[...]

  • Página 260

    Prestige 334W User’s Gui de 18-6 Media Bandwidth Management  eMule/eDonkey These programs use adva nced file sharing applications relying on ce ntral servers to searc h for files. They use default port 4662.  WWW The World Wi de Web is an I nternet system to distribute graphical, hy per-linked informat ion, based on Hyper Text Transfer Prot[...]

  • Página 261

    Prestige 334W User’s Gui de Media Bandwidth Management 18-7 Table 18-3 Commonly Used Serv ices SERVICE DESCRIPTION HTTP(T CP:80) Hyper Text T r ansfer Protocol - a client/server protocol for the world wide web. HTTPS(TCP:443) HT TPS is a secured http session often used i n e-commerce. ICQ(UDP:4000) This is a popular Internet chat program. IKE(UDP[...]

  • Página 262

    Prestige 334W User’s Gui de 18-8 Media Bandwidth Management Table 18-3 Commonly Used Serv ices SERVICE DESCRIPTION REXEC(TCP:514) Remote Execution Daemon. RLOGIN(TCP:513) Remote Login. RTELNET(TCP:107) Remote Telnet. RTSP(TCP/UDP:554) The Real Time Streaming (medi a control) Protocol (RT SP) is a remote control for multimedia on the Internet. SFT[...]

  • Página 263

    Prestige 334W User’s Gui de Media Bandwidth Management 18-9 Figure 18-6 Bandwidth Management Configuration[...]

  • Página 264

    Prestige 334W User’s Gui de 18-10 Media Bandwidth Management The following table describes the labels in this screen. Table 18-4 Bandwidth Management Configuration LABEL DESCRIPTION Active Select this check box to have the Prestige apply bandwidth management. Enable bandwidth managem ent to give traffic that matches a bandwidth rule priority over[...]

  • Página 265

    Prestige 334W User’s Gui de Media Bandwidth Management 18-11 18.3 Editing Bandwid th Management Rules Use the Bandwidth Manage ment Configuration Edi t screen to configure a ba ndwidth m anagement rule . Use bandwidth rules to all ocate specific amounts of ba ndwidth capacity (bandwidth budge ts) to specific applications a nd/or subnets. 18.3.1 B[...]

  • Página 266

    Prestige 334W User’s Gui de 18-12 Media Bandwidth Management Table 18-5 Bandwidth Management Edit LABEL DESCRIPTION Active Select this check box to have the Pr estige apply this band width management rule. Enable a bandwidth managem ent rule to give tr affic that matches the rule priority over traffic that does not match the rule. Rule Name Use t[...]

  • Página 267

    Prestige 334W User’s Gui de Media Bandwidth Management 18-13 Table 18-5 Bandwidth Management Edit LABEL DESCRIPTION Protocol Enter the protocol (service type) numbe r, for example: 1 for ICMP, 6 for TCP or 17 for UDP. Apply Click Apply to save your customized settings and exit this screen. Reset Click Reset to beg in configuring this screen afres[...]

  • Página 268

    Prestige 334W User’s Gui de 18-14 Media Bandwidth Management Figure 18-8 Bandwidth Management Monitor[...]

  • Página 269

    Pres tige 334W User’s Guide Maintenance 19-1 Chapter 19 Maintenance This chapter displays system information such as ZyNOS firmware, port IP addresses and port traffic statistics. 19.1 Maintenance Overview The maintenance scree ns can help y ou view system info rmat ion, upload new fi rmware, manage con figuration and restart your Pr estige. 19.2[...]

  • Página 270

    Prestige 334W User’s Gui de 19-2 Maintenance Table 19-1 Maintenance Statu s LA BE L DESCRIPTION Syst em Name This is the Sy stem Name you chose in the first Internet Access Wizard screen. It is for identification purposes Model Name The model name identifies your dev ice type. The model na me should also be on a sticker on your Prestige. If you a[...]

  • Página 271

    Pres tige 334W User’s Guide Maintenance 19-3 Figure 19-2 Maintenance System Statistics The following table describes the labels in this screen. Table 19-2 Maintenance Sy stem Statistics LA BE L DESCRIPTION Port This is the WAN, LAN or WLAN port. Status This displays the port speed and duplex setting if you're usi ng Ethernet encapsulation an[...]

  • Página 272

    Prestige 334W User’s Gui de 19-4 Maintenance 19.3 DHCP T able Screen DHCP (Dynamic Ho st Configuration Protoco l, RFC 2131 and RFC 2132) allows indiv idual clients to obtain TCP/IP config uration at start- up from a serv er. You can confi gure the Prestige as a DHCP serve r or disable it. When configur ed as a s erver, th e Prestig e provid es th[...]

  • Página 273

    Pres tige 334W User’s Guide Maintenance 19-5 Table 19-3 Maintenance DHCP Table LABEL DESCRIPTION Refresh Click Refresh to renew the screen. 19.4 Any IP T able Click MAINTENANCE , Any IP Table . T he Any IP t able shows cu rrent read-o nly infor mation (incl uding the IP address and the MAC addr ess) of all network de vices that use the Any IP fea[...]

  • Página 274

    Prestige 334W User’s Gui de 19-6 Maintenance Figure 19-5 Maintenance Association List The following table describes the labels in this screen. Table 19-5 Maintenance Asso ciation List LA BE L DESCRIPTION # This is the index number of an associated wireless station. MAC Address This field displays the MAC address of an associated wireless station.[...]

  • Página 275

    Pres tige 334W User’s Guide Maintenance 19-7 The following table describes the labels in this screen. Table 19-6 Maintenance Fi rmware Upload LA BE L DESCRIPTION File Path Type in the location of the file you want to upload in this field or click Browse ... to find it. Browse... Click Browse... to find the .bin file you want to upl oad. Remember [...]

  • Página 276

    Prestige 334W User’s Gui de 19-8 Maintenance If the upload was not successful, the fo llowing sc reen will appear. Click Return to go back to the F/W Upload screen. Figure 19-9 Upload Error Message 19.7 Configuration Screen See the Firmware and Configuration File Maintenance chapter for tran sferri ng config uration files usin g FTP/TFTP commands[...]

  • Página 277

    Pres tige 334W User’s Guide Maintenance 19-9 Figure 19-10 Maintenance Con figuration 19.7.1 Backup Configuration Backup config uration allows you to back up (save) th e Prestige’s current c onfigur ation to a file on your computer. Once your Prestige is co nfigu red and fu nctioning pr operly, it is highly rec ommended that you back up your c o[...]

  • Página 278

    Prestige 334W User’s Gui de 19-10 Maintenance Table 19-7 Maintenance Res tore Configuration LA BE L DESCRIPTION File Path Type in the location of the file you want to upload in this field or click Browse ... to find it. Browse... Click Browse... to find the file yo u want to upload. Remember that you must decompress compressed (.ZIP) files bef or[...]

  • Página 279

    Pres tige 334W User’s Guide Maintenance 19-11 Figure 19-13 Configurati on Restore Error 19.7.3 Back to Factory Default s Pressing the Reset button in this section clears all user-enter ed configuration information and returns the Prestige to its factory defaults as shown on the screen. The fo llowing warning screen will appear. Figure 19-14 Facto[...]

  • Página 280

    Prestige 334W User’s Gui de 19-12 Maintenance Figure 19-15 System Res tart[...]

  • Página 281

    SMT General Configuration VII Part VII: SMT General Configuration This part covers System Manag ement T e rminal co nfiguration for general setup, W AN setup, LAN setup, WLAN setup, Internet access, remote node, static route, NA T and enabling the firewall. See the web configurator parts o f this guide for background information on features configu[...]

  • Página 282

    [...]

  • Página 283

    Prestige 334W User’s Gui de Introducing the SMT 20-1 Chapter 20 Introducing the SMT This chapter explains how to access and navigate the System Management Terminal and gives an overview of its menus. 20.1 SMT Introduction T he Prestige’s SMT (System Management Term inal) is a menu-driven interface t hat you can access from a terminal emulator t[...]

  • Página 284

    Prestige 334W User’s Gui de 20-2 Introducing the SMT Please note that if there is no activity for longer than five minutes after you log in, your Prestige will automatically log you out. Figure 20-1 Login Screen 20.1.4 Prestige SM T Menu Overview The following fig ure gives you an overvi ew of the various SMT me nu screens of your Prestige. Enter[...]

  • Página 285

    Prestige 334W User’s Gui de Introducing the SMT 20-3 Figure 20-2 SMT Menu Ov erview 20.2 Navigating the SMT Interface The SMT (System Management Terminal) is the inte rface that you use t o co nfigure your Pr estige. Several operations that you should be familiar with before you attempt to modify the configuration are listed in the table below.[...]

  • Página 286

    Prestige 334W User’s Gui de 20-4 Introducing the SMT Table 20-1 Main Menu Commands OPERATION KEYSTROKE DESCRIPTION Move down to another menu [ENTER] To move forward to a submenu, type in the number of the desired submenu and press [ENTER]. Move up to a previous menu [ESC] Press [ESC] to move back to the previous m enu. Move to a “hidden” menu[...]

  • Página 287

    Prestige 334W User’s Gui de Introducing the SMT 20-5 Figure 20-3 SMT Main Menu 20.2.1 System Management T erminal Interface Summar y Table 20-2 Main Menu Summary # MENU TITLE DESCRIPTION 1 General Setup Use this menu to set up your general inform ation. 2 WAN Setup Use this menu to clone a MA C address from a computer on your LAN. 3 LAN Setup Use[...]

  • Página 288

    Prestige 334W User’s Gui de 20-6 Introducing the SMT Table 20-2 Main Menu Summary # MENU TITLE DESCRIPTION 24 System Maintenance This menu pro vides system status, diagnostics, software upload, etc. 26 Schedule Setup Use this menu to schedule outgoing calls. 27 VPN/ IPSec Setup Use this men u to configure VPN connection s. 99 Exit Use this to exi[...]

  • Página 289

    Prestige 334W User’s Gui de Menu 1 General Setup 21-1 Chapter 21 Menu 1 General Setup Menu 1 - General Setup contains administrative and system-related information. 21.1 General Setup Menu 1 — General Se tup contains a dministrat ive and system -related in formation (s hown next ). The System Name fiel d is for iden tification purp oses. Howeve[...]

  • Página 290

    Prestige 334W User’s Gui de 21-2 Menu 1 General Setup Figure 21-1 Menu 1 General Setup Step 2. Fill in the required fields. Refer to the table shown nex t for more information about these fields. Table 21-1 Menu 1 General Setup FIELD DESCRIPTION EXAMPLE System Name Choose a descriptive n a me for identification purposes. It is recommended you ent[...]

  • Página 291

    Prestige 334W User’s Gui de Menu 1 General Setup 21-3 Table 21-1 Menu 1 General Setup FIELD DESCRIPTION EXAMPLE First System DNS Server Second System DNS Server Third System DNS Server DNS (Domain Name System) is for mapping a domain name to its corresponding IP address and vice versa. T he DNS server is extremely important becaus e without it, y[...]

  • Página 292

    Prestige 334W User’s Gui de 21-4 Menu 1 General Setup Figure 21-2 Menu 1.1 Configure Dy namic DNS Follow the instructions in the next tabl e to configure Dynamic DNS parame ters. Table 21-2 Menu 1.1 Configure Dy namic DNS FIELD DESCRIPTION EXAMPLE Service Provider This is the name of your Dynamic DNS servic e provider. WWW.DynDNS.ORG (default) Ac[...]

  • Página 293

    Prestige 334W User’s Gui de Menu 1 General Setup 21-5 Table 21-2 Menu 1.1 Configure Dy namic DNS FIELD DESCRIPTION EXAMPLE Offline T his field is only availabl e when CustomDNS is selected in the DDNS Type field. Press [SPACE BAR] and then [ENTER] to select Yes . When Yes is selected, http://www.dyndns.org/ traffic is redirected to a URL that you[...]

  • Página 294

    [...]

  • Página 295

    Prestige 334W User’s Gui de Menu 2 WAN Setup 22-1 Chapter 22 Menu 2 WAN Setup This chapter describes how to configure the WAN using menu 2. 22.1 Introduction to W AN This chapte r explains how to confi gure settings for your WAN port. 22.2 W AN Setup From the m ain menu, e nter 2 to open menu 2. Figure 22-1 Menu 2 WAN Setup The following table de[...]

  • Página 296

    Prestige 334W User’s Gui de 22-2 Menu 2 WAN Setup Table 22-1 Menu 2 WAN Setup FIELD DESCRIPTION When you have compl eted this menu, press [ENTER] at the prompt “Press ENTER to Confirm…” to save your configuration, or press [ESC] at an y time to cancel.[...]

  • Página 297

    Prestige 334W User’s Gui de Menu 3 LAN Setup 23-1 Chapter 23 Menu 3 LAN Setup This chapter covers how to configure your wired Local Area Network (LAN) settings. 23.1 LAN Setup This section describes how to configure the Ethern et using Menu 3 — LAN Setup . From the main m enu, enter 3 to displ ay menu 3. Figure 23-1 Menu 3 LAN Setup 23.1.1 Gene[...]

  • Página 298

    Prestige 334W User’s Gui de 23-2 Menu 3 LAN Setup 23.2 Protocol Dependent Ethernet Setup Depending on the protoc ols for your ap plications, yo u need to configure the respective Et hernet Setup, a s outlined b elow.  For TCP/IP Ethernet setup refer to the Internet Access Application chap ter.  For brid ging Ether net setup refer t o the Br[...]

  • Página 299

    Prestige 334W User’s Gui de Menu 3 LAN Setup 23-3 Table 23-1 Menu 3.2: DHCP Ethernet Setup Fields FIELD DESCRIPTION EXA MPLE Client IP Pool: Starting Address This field specifies the first of the contiguous addresses in th e IP address pool. 192.168.1.33 Size of Client IP Pool This field specifies the size, or count of the IP address p ool. 128 F[...]

  • Página 300

    Prestige 334W User’s Gui de 23-4 Menu 3 LAN Setup Table 23-2 Menu 3.2: LAN TCP/IP Setup Fields FIELD DESCRIPTION EXAMPLE TCP/IP Setup: IP Address Enter the IP address of your Prestige i n dotted decimal notation 192.168.1.1 (default) IP Subnet Mask Your Prestige will automatic ally calculate the subnet mask based on the IP address that you assi g[...]

  • Página 301

    Prestige 334W User’s Gui de Menu 3 LAN Setup 23-5 Figure 23-4 Physical Network & Partitioned Logic al Networks You must use menu 3. 2 to configu re the firs t network. M ove the curs or to the Edit IP Alias field, press [SPACE BAR] to choose Yes and press [ENTER] to configure the second an d third network. Press [ENTER] to open Menu 3.2.1 - I[...]

  • Página 302

    Prestige 334W User’s Gui de 23-6 Menu 3 LAN Setup Table 23-3 Menu 3.2.1: IP Alias Setup FIELD DESCRIPTION EXAMPLE IP Alias 1, 2 Choose Yes to configure the LAN net work for the Prestige. Yes IP Address Enter the IP address of your Pr estige in dotted decim al notation. 192.168.1.1 IP Subnet Mask Your Prestige will automatic ally calculate the sub[...]

  • Página 303

    Prestige 334W User’s Gui de Menu 3 LAN Setup 23-7 Figure 23-6 Menu 3.5 Wireless L AN Setup The following table describes the fields in this menu. Table 23-4 Menu 3.5 Wireless LAN Setup FIELD DESCRIPTION EXAMPLE ESSID The ESSID (Extended Service Set IDentit y) identifies the AP to which the wireless stations associate. Wireless stations associatin[...]

  • Página 304

    Prestige 334W User’s Gui de 23-8 Menu 3 LAN Setup Table 23-4 Menu 3.5 Wireless LAN Setup FIELD DESCRIPTION EXAMPLE WEP Select Disable to allow wireless stations to communicate with the access points without any data encr yption. Select 64-bit WEP or 128-bit WEP to enable data e ncryption. Disable Default Key Enter the key number (1 to 4) in this [...]

  • Página 305

    Prestige 334W User’s Gui de Menu 3 LAN Setup 23-9 Table 23-4 Menu 3.5 Wireless LAN Setup FIELD DESCRIPTION EXAMPLE When you have compl eted this menu, press [ENTER] at the prompt “Press ENTER to confirm or ESC to cancel” to save your configuration or press [E SC] to cancel and go back to the prev ious screen. 23.4.1 Configuring MAC Address Fi[...]

  • Página 306

    Prestige 334W User’s Gui de 23-10 Menu 3 LAN Setup Figure 23-8 Menu 3.5.1 WLAN M AC Address Filter The following table describes the fields in this menu. Table 23-5 Menu 3.5.1 WLAN M AC Address Filter FIELD DESCRIPTION Active To enable MAC address filter ing, press [SPACE BAR] to select Yes and press [ENTER]. Filter Action Define the filter ac ti[...]

  • Página 307

    Prestige 334W User’s Gui de Menu 3 LAN Setup 23-11 Table 23-5 Menu 3.5.1 WLAN M AC Address Filter FIELD DESCRIPTION MAC Address Filter 1..32 Enter the MAC addresses (in XX: XX:XX:XX:XX: XX format) of the client computers that ar e allowed or denied access to the Prestige i n these address fields. When you have compl eted this menu, press [ENTER] [...]

  • Página 308

    Prestige 334W User’s Gui de 23-12 Menu 3 LAN Setup Figure 23-10 Menu 3.5.2 Roaming Configuration The following table describes the fields in this menu. Table 23-6 Menu 3.5.2 Roaming Confi guration FIELD DESCRIPTION Active Press [SPACE BAR] and then [ENTER] to select Yes to enable roamin g on the Prestige if you have two or more Prestige’s on th[...]

  • Página 309

    Prestige 334W User’s Gui de Internet Access 24-1 Chapter 24 Internet Access This chapter sho ws you how to config ure your Prestige for Internet access . 24.1 Introduction to Internet Access Setup Use information from your ISP along w ith the instructions in this cha pte r to set up your Pr estige to access the Internet. The re are three dif fere[...]

  • Página 310

    Prestige 334W User’s Gui de 24-2 Internet Access Table 24-1 Menu 4: Internet Acces s Setup (Ethernet) FIELD DESCRIPTION ISP’s Name Enter the nam e of your Internet Serv ice Provider, e.g., myISP. This information is for identification purposes only. Encapsulation Press [SPACE BAR] and then press [ENTER] to choose Ethernet . The encapsulation me[...]

  • Página 311

    Prestige 334W User’s Gui de Internet Access 24-3 Table 24-1 Menu 4: Internet Acces s Setup (Ethernet) FIELD DESCRIPTION Network Address Translation Network Address Translation (NAT ) allows the translation of an Internet protocol address used within one net work (for example a private IP address used in a local network) to a different IP address [...]

  • Página 312

    Prestige 334W User’s Gui de 24-4 Internet Access Figure 24-2 Internet Access Setup (PPTP) The following table contains instructions about the new fi elds when y ou choose PPTP in the Encapsulation field in m enu 4. Table 24-2 New Fields in Menu 4 (PPTP) Screen FIELD DESCRIPTION EXAMPLE Encapsulation Press [SPACE BAR] and the n press [ENTER] to ch[...]

  • Página 313

    Prestige 334W User’s Gui de Internet Access 24-5 Figure 24-3 Internet Access Setup (PPPoE) The following table contains instructions about the new fi elds when y ou choose PPPoE in the Encapsulation fiel d in menu 4. Table 24-3 New Fields in Menu 4 (PPPoE) screen FIELD DESCRIPTION EX AMPLE Encapsulation Press [SPACE BAR] and then press [ENTER] to[...]

  • Página 314

    Prestige 334W User’s Gui de 24-6 Internet Access You may deact ivate the firew all in menu 2 1.2 or via the P restige em bedded web confi gurator. You m ay also define additional firewall rules or modify existing ones but please exercise extrem e caution in doing so. See the chapters on firewall for more inf ormation on the firewall.[...]

  • Página 315

    Prestige 334W User’s Gui de Remote Node Configuration 25-1 Chapter 25 Remote Node Configuration This chapter covers remote node configuration. 25.1 Introduction to Remote Node Setup A remote node is required for placing calls to a remote gateway. A remote node represents both the remote gateway and th e network behi nd it across a WAN connect ion[...]

  • Página 316

    Prestige 334W User’s Gui de 25-2 Remote Node Configuration Figure 25-1 Menu 11.1 Remote Node Profile for Etherne t Encapsulation The following table describes the fields in this menu. Table 25-1 Menu 11.1 Remote Node Profile for Eth ernet Encapsulation FIELD DESCRIPTION EXAMPLE Rem Node Name Enter a descriptive name for the remote node. This fiel[...]

  • Página 317

    Prestige 334W User’s Gui de Remote Node Configuration 25-3 Table 25-1 Menu 11.1 Remote Node Profile for Eth ernet Encapsulation FIELD DESCRIPTION EXAMPLE My Password Enter the password assigned b y your ISP when the Prestige calls this remote node. Valid for PPPoE encapsul ation only. ***** Retype to Confirm Type your pass word again to make sure[...]

  • Página 318

    Prestige 334W User’s Gui de 25-4 Remote Node Configuration 25.2.2 PPPoE Encapsulation The Prestige s upports PPPoE (Point-to- Point Prot ocol over Ether net). You ca n only use PPP oE encapsul ation when you’re using the Prestige with a DSL modem as the WA N device. I f you change the Encapsulati on to PPPoE, then you will see the next screen. [...]

  • Página 319

    Prestige 334W User’s Gui de Remote Node Configuration 25-5 The second is that the Prestige will try to bring up the connection when turned on and whenev er the connection is down. A nail ed-up connection can be very expensive for ob vious reasons. Do not specify a nailed-up connection unless your telephone company offers flat- rate service or you[...]

  • Página 320

    Prestige 334W User’s Gui de 25-6 Remote Node Configuration 25.2.3 PPTP Encap sulation If you change t he Encapsulation to PPTP in menu 11.1, then you will see the next screen. Please see the appendix for i nformati on on PPTP. Figure 25-3 Menu 11.1 Remote Node Profile for PPTP Encaps ulation The next table shows how to configure fields in menu 11[...]

  • Página 321

    Prestige 334W User’s Gui de Remote Node Configuration 25-7 25.3 Edit IP Move the cur sor to the Edit IP fiel d in menu 11.1, then p ress [SPACE BAR] to select Yes . Press [ENTER] to open Menu 11.3 - Remote Node Networ k Layer Options . Figure 25-4 Menu 11.3 Remote Node Net work Layer Options for Ethernet Encapsulation This menu displays the My WA[...]

  • Página 322

    Prestige 334W User’s Gui de 25-8 Remote Node Configuration Table 25-4 Remote Node Net work Layer Options FIELD DESCRIPTION EXAMPLE My WAN Addr This field is applicable to PPPoE and PPTP encapsulations only. Some implementations, especiall y the UNIX der iv atives, require the WAN link to have a separate IP network number from the LAN and each end[...]

  • Página 323

    Prestige 334W User’s Gui de Remote Node Configuration 25-9 Table 25-4 Remote Node Net work Layer Options FIELD DESCRIPTION EXAMPLE Multicast IGMP (Internet Group Multicast Prot ocol) is a network-layer protocol used to establish membership in a Multic ast group. The Prestige supports both IGMP version 1 ( IGMP-v1 ) and version 2 ( IGMP-v2 ) . Pre[...]

  • Página 324

    Prestige 334W User’s Gui de 25-10 Remote Node Configuration Figure 25-6 Menu 11.5: Remote Node Filter (PPPoE or PPTP Encapsulation) 25.4.1 T raffic Redirect Setup Configure parameters that determine when the Pres tige will forward WAN traffic to the backup gateway using Menu 11.6 — Traffic Redirect Setup . Figure 25-7 Menu 11.6: Traffic Redirec[...]

  • Página 325

    Prestige 334W User’s Gui de Remote Node Configuration 25-11 Table 25-5 Menu 11.6: Traffic Redirect Setup FIELD DESCRIPTION EXAMPLE Configuration: Backup Gateway IP Address Enter the IP address of your backup gateway in dotted deci mal notation. The Prestige automatically forwards traffic to this IP address if the Prestige’s Internet connection [...]

  • Página 326

    [...]

  • Página 327

    Prestige 334W User’s Gui de Static Route Setup 26-1 Chapter 26 Static Route Setup This chapter shows how to setup IP static routes. 26.1 IP S tatic Route Setup Step 1. To configure an IP static route, use Menu 1 2 – Static Routing S etup (shown next). Figure 26-1 Menu 12 IP Static Route Setup Step 2. Now, type the route num ber of a stat ic rou[...]

  • Página 328

    Prestige 334W User’s Gui de 26-2 Static Route Setup Figure 26-2 Menu12.1 Edit IP Static Route The following table describes the fields for Menu 12.1 – Edit IP Static Route Setup . Table 26-1 Menu12.1 Edit IP Static Route FIELD DESCRIPTION Route # This is the inde x number of the static route that y ou chose in menu 12.1. Route Name Type a descr[...]

  • Página 329

    Prestige 334W User’s Gui de Static Route Setup 26-3 Table 26-1 Menu12.1 Edit IP Static Route FIELD DESCRIPTION Private This parameter determine s if the Prestige will include the route to this remote node in its RIP broadcasts. If set to Yes , this route is kept private and is not included in RIP broadcasts. If No , the route to this remote node [...]

  • Página 330

    [...]

  • Página 331

    Prestige 334W User’s Gui de Dial-in User Setup 27-1 Chapter 27 Dial-in User Setup This chapter shows you how to create user accounts on the ZyAIR. 27.1 Dial-in User Setup By storing user profiles locally, your ZyAIR is able to authenticate wireless users without interacting with a network RAD IUS server. Follow the steps below to set up user pro [...]

  • Página 332

    Prestige 334W User’s Gui de 27-2 Dial-in User Setup The following table describes the fields in this screen. Table 27-1 Menu 14.1- Edit Dial-in User FIELD DESCRIPTION User Name Enter a usern ame up to 31 alphanumer ic characters long for this user profile. This field is case sensitive. Active Press [SPACE BAR] to select Yes and press [ENT ER] to [...]

  • Página 333

    Prestige 334W User’s Gui de NAT 28-1 Chapter 28 Network Address Translation (NAT) This chapter discusses ho w to configure NAT on the Prestige. 28.1 Using NA T You must create a fire w all rule in addition to setting up SUA/ NAT, to allow traffic from the WAN to be forwarded through the Presti ge. 28.1.1 SUA (Single User Account) V ersus NA T SUA[...]

  • Página 334

    Prestige 334W User’s Gui de 28-2 NAT Figure 28-1 Menu 4 Apply ing NAT for Internet Access The following fig ure shows how you apply NAT to the rem ote node in menu 11.1. Step 1. Enter 11 from the mai n menu. Step 2. When menu 11 ap pears, as shown i n the foll owing figure, t ype the num ber of the rem ote node that you want to conf igure. Step 3[...]

  • Página 335

    Prestige 334W User’s Gui de NAT 28-3 Figure 28-2 Menu 11.3 Apply ing NAT to the Remote Node The following table describes the op tions for Network Address Translation. Table 28-1 Applying NAT in Menus 4 & 11.3 FIELD DESCRIPTION EX AMPLE Press [SPACE BAR] and then [ENTER] to select Full Feature if you have multiple public WAN IP address es for[...]

  • Página 336

    Prestige 334W User’s Gui de 28-4 NAT configurator screens for f urther info rmation on these menus. T o configure NAT, enter 1 5 from the m ain menu to bring up the following screen. Figure 28-3 Menu 15 NAT Setup 28.3.1 Address Mapping Set s Enter 1 to brin g up Menu 15.1 — Address Mapping Sets . Figure 28-4 Menu 15.1 Address Map ping Sets SUA [...]

  • Página 337

    Prestige 334W User’s Gui de NAT 28-5 Figure 28-5 Menu 15.1.255 SUA Addr ess Mapping Rules The following table explains the fields in this menu. Menu 15.1.255 is read-only. Table 28-2 SUA Address Mapping Rules FIELD DESCRIPTION EXAMPLE Set Name This is the name of the set you selected in m enu 15.1 or enter the name of a new set you want to create[...]

  • Página 338

    Prestige 334W User’s Gui de 28-6 NAT Table 28-2 SUA Address Mapping Rules FIELD DESCRIPTION EXAMPLE When you have compl eted this menu, press [ENTER] at the prompt “Press ENTER to confirm or ESC to cancel” to save your configuration or press [E SC] to cancel and go back to the prev ious screen. User-Defined Address Mapping Sets Now let’s lo[...]

  • Página 339

    Prestige 334W User’s Gui de NAT 28-7 ignored. If there are any empty rules before your new co nfigured ru le, your configur ed rule will be pushed u p by that number of empty rules. Fo r example, if you have already configured rules 1 to 6 in your current set and now you configur e rule number 9. In the set summary screen, the new rule will be ru[...]

  • Página 340

    Prestige 334W User’s Gui de 28-8 NAT Figure 28-7 Menu 15.1.1.1 Editing/Co nfiguring an Individual Rule in a Set The following table explains the fields in this menu. Table 28-4 Menu 15.1.1.1 Editing/Conf iguring an Individual Rule in a Set FIELD DESCRIPTION EXAMPLE Type Press [SPACE BAR] and the n [ENTER] to select from a total of five types. The[...]

  • Página 341

    Prestige 334W User’s Gui de NAT 28-9 28.4 Configuring a Server behind NA T Follow these steps to c onfigure a server behind NAT: Step 1. Enter 15 in the main menu to go to Menu 15 - NAT Setup. Step 2. Enter 2 to displ ay Menu 15.2 - NAT Server Setup as sho wn next. Figure 28-8 Menu 15.2.1 NAT Serv er Setup Step 3. Enter a port number in an unused[...]

  • Página 342

    Prestige 334W User’s Gui de 28-10 NAT Figure 28-9 Multiple Servers Behind NAT Ex ample 28.5 General NA T Examples The following are some exampl es of NAT configurati on. 28.5.1 Example 1: Internet Access Onl y In the following Internet access exam pl e, you only need one rule where the ILAs (Inside Local Addresses) of computers A thro ugh D map t[...]

  • Página 343

    Prestige 334W User’s Gui de NAT 28-11 Figure 28-11 Menu 4 Internet Access & NAT Example From m enu 4, choose t he SUA Onl y option from the Network Address Translation field. This is the Many-to-One m apping discussed in secti on 28.5. The SUA O nly read-only optio n from the Network Address Translation field in menus 4 and 11.3 is specifical[...]

  • Página 344

    Prestige 334W User’s Gui de 28-12 NAT Figure 28-13 Menu 15.2.1 Specifying an Inside Server 28.5.3 Example 3: Multip le Public IP Addresses With Inside Servers In this exam ple, there are 3 IGAs from our ISP. T here are many depa rtments but two have t heir own F TP server. All departments share the same router. The ex ample will reserve one IGA f[...]

  • Página 345

    Prestige 334W User’s Gui de NAT 28-13 Figure 28-14 NAT Example 3 Step 1. In this case you need t o configure Address Mappi ng Set 1 from Menu 15.1 - Address Mapping Sets. Therefore you must choose the Full Feature option from the Network Address Translation field (in m enu 4 or m enu 11.3) in Figure 28-15 . Step 2. Then enter 15 f rom the m ain m[...]

  • Página 346

    Prestige 334W User’s Gui de 28-14 NAT Figure 28-15 Example 3: Menu 11.3 The following figu res show how to conf igure the first rule. Figure 28-16 Example 3: Menu 15.1.1.1 Menu 15.1.1.1 Address Mapping Rule Type= One-to-One Local IP: Start= 192.168.1.10 End = N/A Global IP: Start= 10.132.50.1 End = N/A Press ENTER to Confirm or ESC to Cancel: Pre[...]

  • Página 347

    Prestige 334W User’s Gui de NAT 28-15 Figure 28-17 Example 3: Final Menu 15.1.1 Now conf igure th e IGA3 to map to our web serv er and mail serv er on the LAN. Step 8. Enter 15 from the mai n menu. Step 9. Enter 2 in Menu 15 - NAT Setup . Step 10. Enter 1 in Menu 15.2 - NAT Server Setup to see the following m enu. Confi gure it as sh own. Menu 15[...]

  • Página 348

    Prestige 334W User’s Gui de 28-16 NAT Example 3: Menu 15.2 28.5.4 Example 4: NA T Unfr iendly Application Programs Some applications do not support NAT Mapping using TCP or UDP port address translation. In this case it is better to use Many-to-Many No Ov erload mapping as po rt numbers do not chang e for Many-to-Many No Overload (and One-to-One )[...]

  • Página 349

    Prestige 334W User’s Gui de NAT 28-17 Other applications such as some ga ming programs are NAT unfriendly because they embed addressing information in the data stream. These applications won’t work through NAT even when using One-to -One and Many-to-Many No Overload mapping types. Follow the steps outlined in example 3 to configure these two me[...]

  • Página 350

    Prestige 334W User’s Gui de 28-18 NAT 28.6 Configuring T rigger Port Forwarding Only one LAN computer can use a trigger port (range) at a time. Enter 3 i n menu 15 t o displa y Menu 15.3 — Trigger Port Setup , show n next. Figure 28-21 Menu 15.3 Trigger Port Setup The following table describes the fields in this screen. Table 28-5 Menu 15.3 Tri[...]

  • Página 351

    Prestige 334W User’s Gui de NAT 28-19 Table 28-5 Menu 15.3 Trigger Port Setup FIELD DESCRIPTION EXAMPLE End Port Enter a port number or the ending port number in a range of port numbers. 7070 Press [ENTER] at the message “Press EN TER to Confirm...” to save your configuration, or press [ESC] at any time to cancel.[...]

  • Página 352

    [...]

  • Página 353

    Prestige 334W User’s Gui de Enabling the Firewall 29-1 Chapter 29 Enabling the Firewall This chapter show s you how to get started with the Prestige firewall. 29.1 Remote Management and the Firewall When SMT menu 24.11 is co nfigured to all ow managem ent (see the Remote Managemen t chapter) and the firewall is enabled: • The firewall blocks re[...]

  • Página 354

    Prestige 334W User’s Gui de 29-2 Enabling the Firewall Figure 29-1 Menu 21.2 Fire wall Setup Use the web configurator or the com mand interpreter to configure the fire wall rules. Menu 21.2 - Firewall Setup The firewall protects against Denial of Service (DoS) attacks when it is active. Your network is vulnerable to attacks when the firewall is t[...]

  • Página 355

    SMT Advanced Management VIII Part VIII: SMT Advanced Management This part discusse s filtering se tup, SNMP , system security , sy stem information and diagno sis, firmware and configuration file maintenance, system maintenance, remote management and call scheduling. See the web configurator parts o f this guide for background information on featur[...]

  • Página 356

    [...]

  • Página 357

    Prestige 334W User’s Gui de Filter Configuration 30-1 Chapter 30 Filter Configuration This chapter shows you how to create and apply filters. 30.1 Introduction to Filters Your Prestige uses filters to decide whether to allow passa ge of a data packet and/or to make a call. There are two types of filter applications: data filtering and call f ilte[...]

  • Página 358

    Prestige 334W User’s Gui de 30-2 Filter Configuration Figure 30-1 Outgoing Packet Filtering Process For incoming packets, your Prestige ap plies data filters only. Packets are processed depending upon whether a match is found. The following sections describe how to configure filter sets. 30.1.1 The Filter Structure of the Prestige A filter set co[...]

  • Página 359

    Prestige 334W User’s Gui de Filter Configuration 30-3 Start Fetch First Filter Set Fetch First Filter Rule Active? Execute Filter Rule Fetch Next Filter Rule Next filter Rule Available? Fetch Next Filter Set Next Filter Set Available? Accept Packet Drop Packet Yes No Yes No Yes Packet into filter Filter Set Forward Drop No Check Next Rule Figure [...]

  • Página 360

    Prestige 334W User’s Gui de 30-4 Filter Configuration You can apply up to four filter sets to a particular port to b lock multiple types of packets. With each filter set having up t o six rules, y ou can have a m aximum of 24 rules acti ve for a single p ort. 30.2 Configuring a Filter Set The Prestige includes filtering for NetBIOS over TCP/IP pa[...]

  • Página 361

    Prestige 334W User’s Gui de Filter Configuration 30-5 Step 3. Select the filter set you wish to co nfigure (1-12) and pr ess [ENTER] . Step 4. Enter a descriptive name or co mment in the Edit Comments field and press [ENTER] . Step 5. Press [ENTER] at the message [Press ENTER to confirm] to open Menu 21.1.1 - Filter R ules Summary . This screen s[...]

  • Página 362

    Prestige 334W User’s Gui de 30-6 Filter Configuration Table 30-2 Rule Abbreviations Used ABBREVIATION DESCRIPTION IP Pr Protocol SA Sourc e Address SP Source Port number DA Destination Address DP Destination Port number GEN Off Offs et Len Length Refer to the next section for information on configuring the filter ru les. 30.2.1 Configuring a Filt[...]

  • Página 363

    Prestige 334W User’s Gui de Filter Configuration 30-7 To configure TCP/IP rules, select TCP/IP Filter Rule from the Filter Type field and press [ENTER] to open Menu 21.1.1.1 - TCP/IP Filt er Rule , as shown next. Figure 30-6 Menu 21.1.1.1 TCP/IP Filter Rule The following table describes how to con figure your TCP/IP filter rule. Table 30-3 TCP/IP[...]

  • Página 364

    Prestige 334W User’s Gui de 30-8 Filter Configuration Table 30-3 TCP/IP Filter Rule FIELD DESCRIPTION OPTIONS IP Mask Enter the IP mask to apply to the Destination: IP Addr . 0.0.0.0 Port # Enter the destination port of t he packets that you wish to filter. The range of this field is 0 to 6553 5. This field is ignor ed if it is 0. 0-65535 Port # [...]

  • Página 365

    Prestige 334W User’s Gui de Filter Configuration 30-9 Table 30-3 TCP/IP Filter Rule FIELD DESCRIPTION OPTIONS Log Press [SPACE BAR] and then [ENTER] to select a logg ing option from the following: None – No packets will be logged. Action Matched - Only packets that match the rule parameters will be logged. Action Not Matched - Only packets that[...]

  • Página 366

    Prestige 334W User’s Gui de 30-10 Filter Configuration Packet into IP Filter Matched Matched Yes Action Matched Action Not Matched More? No Filter Active? Check IP Protocol Drop Drop Packet Accept Packet Drop Forward Check Next Rule Check Next Rule Check Next Rule Forward Not Matched Yes No Check Src IP Addr Apply SrcAddrMask to Src Addr Matched [...]

  • Página 367

    Prestige 334W User’s Gui de Filter Configuration 30-11 30.2.3 Configuring a Generic Filter Rule This section shows you how to configure a generic filter rule. The purpose of gen eric rules is to allow you to filter non-IP packets. For IP, it is genera lly easier to use the IP rules directly. For generic rules, the Pre stige treats a packet as a b[...]

  • Página 368

    Prestige 334W User’s Gui de 30-12 Filter Configuration Table 30-4 Generic Filter Rule Menu Fields FIELD DESCRIPTION OPTIONS Filter Type Use [SPACE BAR] and then [ENTER] to select a rule type. Parameters displayed belo w each type will be different. TCP/IP filter rule s are used to filter IP packets while generic filter rules allow filtering of no[...]

  • Página 369

    Prestige 334W User’s Gui de Filter Configuration 30-13 30.3 Example Filter Let’s look at an example to block outside us ers from accessing the Prestige via telnet. Figure 30-9 Telnet Filter Example Step 1. Enter 21 from the ma in menu to o pen Menu 21 - Filter and Firewall Setup . Step 2. Enter 1 to o pen Menu 21.1 - Filter Set Configuration . [...]

  • Página 370

    Prestige 334W User’s Gui de 30-14 Filter Configuration Step 6. Enter 1 to configure the first filter rule (the only filter rule of this set). Make the entries in this menu as sho wn in the f ollowing fi gure. Figure 30-10 Example Filter: Menu 21.1.3.1 When you press [ENTER] to confirm, you will see the following screen . Note that there is only o[...]

  • Página 371

    Prestige 334W User’s Gui de Filter Configuration 30-15 Figure 30-11 Example Filter Rules Summary : Menu 21.1.3 After you’ve created the filter set, you must apply it. Step 1. Enter 11 from the main m enu to go t o menu 11 . Step 2. Go to the Edit Filter Sets field, press [SPACE BAR] to select Yes and press [ENTER] . Step 3. This brings you to m[...]

  • Página 372

    Prestige 334W User’s Gui de 30-16 Filter Configuration Generic and TCP/IP filter rules are discussed in more detail in the next section. When NAT (Network Address Transl ation) is enable d, the inside IP addr ess and port num ber are replaced on a c onnection-by- connection basis, which makes it impossib le to know the exact address and port on t[...]

  • Página 373

    Prestige 334W User’s Gui de Filter Configuration 30-17 30.6.1 Applying LAN Filters LAN traffic filter sets may be useful to block certain packets, reduce traffic and prevent security breach es. Go to menu 3.1 (shown next) and enter the number(s) of the filter set(s) that you want to apply as appropriate. You can choose up to four filter sets (fro[...]

  • Página 374

    Prestige 334W User’s Gui de 30-18 Filter Configuration Figure 30-14 Filtering Remote Node T raffic Menu 11.5 - Remote Node Filter Input Filter Sets: protocol filters= device filters= Output Filter Sets: protocol filters= device filters= Enter here to CONFIRM or ESC to CANCEL:[...]

  • Página 375

    Prestige 334W User’s Gui de SNMP Configuration 31-1 Chapter 31 SNMP Configuration This chapter explains SNMP Configuration menu 22. 31.1 About SNMP Simple Netw ork Managem ent Protoc ol is a prot ocol used for exchangi ng managem ent inform ation between network de vices. SNMP is a member of the TCP/IP protocol s uite. Your Prest ige supports S N[...]

  • Página 376

    Prestige 334W User’s Gui de 31-2 SN MP Configuration An agent is a manageme nt software mod ule that resides i n a managed d evice (the Pres tige). An agent translates the local management information from the managed device into a form compatible with SNMP. The manager i s the consol e through which netw ork ad m inistrators pe rform network man[...]

  • Página 377

    Prestige 334W User’s Gui de SNMP Configuration 31-3 Figure 31-2 Menu 22 SNMP Configuration The following table d escribes the SNMP configu ration parameters. Table 31-1 Menu 22 SNMP Configur ation FIELD DESCRIPTION EXAMPLE SNMP: Get Community Type the Get Community , which is the password for the incoming Get- and GetNext requests from the manage[...]

  • Página 378

    Prestige 334W User’s Gui de 31-4 SN MP Configuration 31.4 SNMP T rap s The Prestige will send traps to the SNMP manager when any on e of the following events occurs: Table 31-2 SNMP Traps TRAP # TRAP NAME DESCRIPTION 1 coldStart ( defined in RFC-1215 ) A trap is sent after booting (power on). 2 warmStart ( defined in RFC-1215 ) A trap is sent aft[...]

  • Página 379

    Prestige 334W User’s Gui de System Security 32-1 Chapter 32 System Security This chapter describes how to configure the system security on the Prestige. 32.1 System Security You can confi gure the syste m password, a n external RADI US server and 8 02.1x in thi s menu. 32.1.1 System Password Figure 32-1 Menu 23 Sy stem Security You should chang e[...]

  • Página 380

    Prestige 334W User’s Gui de 32-2 S ystem Security Figure 32-3 Menu 23.2 Sy stem Security : RADIUS Server The following table describes the fields in this screen. Table 32-1 Menu 23.2 Sy stem Security : RADIUS Serv er FIELD DESCRIPTION EXAMPLE Authentication Server Active Press [SPACE BAR] to select Yes and press [ENTER] to enable user authenticat[...]

  • Página 381

    Prestige 334W User’s Gui de System Security 32-3 Table 32-1 Menu 23.2 Sy stem Security : RADIUS Serv er FIELD DESCRIPTION EXAMPLE Server Address Enter the IP address of the external accou nting server in dotted decimal notation. 10.11.12.13 Port The default port of the RADIUS server for accounting is 1813 . You need not change this value unl ess [...]

  • Página 382

    Prestige 334W User’s Gui de 32-4 S ystem Security Figure 32-5 Menu 23.4 Sy stem Security : IEEE802.1x The following table describes the fields in this menu. Table 32-2 Menu 23.4 Sy stem Security : IEEE802.1x FIELD DESCRIPTION Wireless Port Control Press [SPACE BAR] and select a security mode for the wireless LAN access. Select No Authentica tion [...]

  • Página 383

    Prestige 334W User’s Gui de System Security 32-5 Table 32-2 Menu 23.4 Sy stem Security : IEEE802.1x FIELD DESCRIPTION Idle Timeout (in second) The ZyAIR automatically disconn ects a client from the wired net work after a period of inactivity. The client needs to enter the us ername and password agai n before access to the wired network is allowed[...]

  • Página 384

    Prestige 334W User’s Gui de 32-6 S ystem Security Table 32-2 Menu 23.4 Sy stem Security : IEEE802.1x FIELD DESCRIPTION Authentication Databases The authentication databas e contains wireless station login information. The local user database is the built-in database on the Z yAIR. The RADIUS is an external server. Use this field to decide which d[...]

  • Página 385

    Prestige 334W User’s Gui de System Information and Diagnosis 33-1 Chapter 33 System Information and Diagnosis This chapter covers the information and diag nostic tools in SMT menus 24.1 to 24.4. These tools include updates on system status, port status, log and trace capabilities and upgrades for t he system software. This chapter describ es how [...]

  • Página 386

    Prestige 334W User’s Gui de 33-2 System Information and Diagnosis Figure 33-2 Menu 24.1 Sy stem Maintenance : Status The following ta ble describe s the fields present in Menu 24.1 — System Maintenance — Status . These fields are READ-ONLY and meant for diagnostic purposes . The uppe r right corne r of the screen shows the time and da te acco[...]

  • Página 387

    Prestige 334W User’s Gui de System Information and Diagnosis 33-3 Table 33-1 System Maintenance: Sta tus Menu Fields FIELD DESCRIPTION IP Mask The IP mask of the port listed on the left. DHCP T he DHCP setting of the port listed on the left. System up Time The total time the Prestige has been on. Name This is the Prestige' s system nam e + d[...]

  • Página 388

    Prestige 334W User’s Gui de 33-4 System Information and Diagnosis Figure 33-4 Menu 24.2.1 Sy stem Maintenance : Information The following table describes the fields in this menu. Table 33-2 Menu 24.2.1 Sy stem Maintenance : Information FIELD DESCRIPTION Name Displays the system name of your Pr estige. This information can be changed i n Menu 1 ?[...]

  • Página 389

    Prestige 334W User’s Gui de System Information and Diagnosis 33-5 Figure 33-5 Menu 24.2.2 Sy stem Maintenance : Change Consol e Port Speed 33.3 Log and T race There are two logging facilities in t he Prestige. The first is the error logs and trace records that are stored locally. The second is the sysl og facility for message logging. 33.3.1 Sysl[...]

  • Página 390

    Prestige 334W User’s Gui de 33-6 System Information and Diagnosis Table 33-3 Menu 24.3.2 Sy stem Maintenance : Sy slog and Accounting PARAMETER DESCRIPTION Syslog Server IP Address Enter the IP Address of the server t hat will log the CDR (Call Detail Recor d) and system messages i.e., the syslog server. Log Facility Press [SPACE BAR] and then [E[...]

  • Página 391

    Prestige 334W User’s Gui de System Information and Diagnosis 33-7 3. Filter log Filter log Message Format SdcmdSyslogSend(SYSLOG_FILLOG, SYSLOG_NOTICE, String ); String = IP[Src=xx.xx.xx.xx Dst=xx.xx.xx.xx prot spo=xxxx dpo=xxxx] S04>R01mD IP[…] is the packet header and S04>R01mD means filter set 4 (S) and rule 1 (R), match (m) drop (D). [...]

  • Página 392

    Prestige 334W User’s Gui de 33-8 System Information and Diagnosis 5. Firewall log Firewall Log Message Format SdcmdSyslogSend(SYSLOG_FIREWALL, SYSLOG_NOTICE, buf); buf = IP[Src=xx.xx.xx.xx : spo=xxxx Dst=xx.xx.xx.xx : dpo=xxxx | prot | rule | action] Src: Source Address spo: Source port (empty means no source port information) Dst: Destination Ad[...]

  • Página 393

    Prestige 334W User’s Gui de System Information and Diagnosis 33-9 Figure 33-7 Call-Triggering Packet Example 33.4 Diagnostic The diagnostic facility allows you to test the different aspects of your Prestige to determine if it is working properly. Menu 24.4 allows you to ch oose among various t ypes of diagnostic tests to evaluate your syst em, as[...]

  • Página 394

    Prestige 334W User’s Gui de 33-10 System Information and Diagnosis Figure 33-8 Menu 24.4 Sy stem Maintenance : Diagnostic 33.4.1 W AN DHCP DHCP functionality can be en abled on the LAN or W AN as shown in Figure 33-9 . L AN DHCP ha s already been discussed. The Prestige can act eithe r as a WAN DHC P client ( IP Address Assignm ent field in m enu[...]

  • Página 395

    Prestige 334W User’s Gui de System Information and Diagnosis 33-11 Table 33-4 System Maintenance Men u Diagnostic FIELD DESCRIPTION Ping Host Enter 1 to ping any machine (with an IP ad dress) on your LAN or W AN. Enter its IP address in the Host IP Address field below. WAN DHCP Release Enter 2 to release your WAN DHCP settings. WAN DHCP Renewal E[...]

  • Página 396

    [...]

  • Página 397

    Prestige 334W User’s Gui de Firmware and Configuration File Maintenance 34-1 Chapter 34 Firmware and Configuration File Maintenance This chapter tells you how to backup and restor e your configuration file as well as upload n ew firmware and configuration files. 34.1 Filename Convent ions The configu ration file ( often called t he romfile or rom[...]

  • Página 398

    Prestige 334W User’s Gui de 34-2 Firmware and Configuration File Maintenance Table 34-1 Filename Conventions FILE TYPE INTERNAL NAME EXTERNAL NAME DESCRIPTION Configuration File Rom-0 This is the configuration filename on the Prestige. Uploading the rom-0 file repl aces the entire ROM file system, including your Prestige configurations, system-re[...]

  • Página 399

    Prestige 334W User’s Gui de Firmware and Configuration File Maintenance 34-3 34.2.1 Backup Configuration Follow the instructions as shown in the next screen. Figure 34-1 Telnet in Menu 24.5 34.2.2 Using the FTP Command from the Command Line Step 1. Launch the FTP client on your computer. Step 2. Enter “open”, followed by a s pace and the IP a[...]

  • Página 400

    Prestige 334W User’s Gui de 34-4 Firmware and Configuration File Maintenance 34.2.3 Example of FTP Commands from the Command Line Figure 34-2 FTP Session Example 34.2.4 GUI-based FTP Client s The followin g table describes some of the c ommands that you may see in GUI-based FT P clients. Table 34-2 General Commands for GUI-based FTP Clients COMMA[...]

  • Página 401

    Prestige 334W User’s Gui de Firmware and Configuration File Maintenance 34-5 3. The IP addres s in the Secure d Client IP fiel d in menu 2 4.11 does not match the clie nt IP. If it does not match, the Prestige will disconnect the Telnet session immediately. 4. You have a n SMT console se ssion runni ng. 34.2.6 Backup Confi guration Using TFTP The[...]

  • Página 402

    Prestige 334W User’s Gui de 34-6 Firmware and Configuration File Maintenance 34.2.8 GUI-based TFTP Client s The followin g table describes some of the fields that you may see in GU I-based TFTP cli ents. Table 34-3 General Commands for GUI-based TFTP Clients COMMAND DESCRIPTION Host Enter the IP address of the Prestige. 19 2.168.1.1 is the Pre st[...]

  • Página 403

    Prestige 334W User’s Gui de Firmware and Configuration File Maintenance 34-7 34.3.1 Restore Using FTP For details about backup using (T)FTP please refer to ea rlier sections on FTP and TFTP file upload in this chapter. Figure 34-3 Telnet into Menu 24.6 Step 1. Launch the FTP client on your computer. Step 2. Enter “open”, followed by a s pace [...]

  • Página 404

    Prestige 334W User’s Gui de 34-8 Firmware and Configuration File Maintenance 34.3.2 Restore Using FTP Session Example Figure 34-4 Restore Usi ng FTP Session Example Refer to section 34 .2.5 to read about configurations that disallow TFTP and FTP over WAN. 34.4 Uploading Firmware and Configuration Files This section s hows you ho w to upload firmw[...]

  • Página 405

    Prestige 334W User’s Gui de Firmware and Configuration File Maintenance 34-9 Figure 34-5 Telnet Into Menu 24.7.1 Upload Sy stem Firmware 34.4.2 Configuration File Upload You see the following screen when you telnet into menu 24.7 .2. Figure 34-6 Telnet Into Menu 24.7.2 Sy stem Maintenance To upload the firmware and the conf iguration file, follow[...]

  • Página 406

    Prestige 334W User’s Gui de 34-10 Firmware and Configuration File Maintenance 34.4.3 FTP File Upload Command from the DOS Prompt Example Step 1. Launch the FTP client on your computer. Step 2. Enter “open”, followed by a s pace and the IP address of y our Prestige. Step 3. Press [ENTER] when prompted for a usernam e. Step 4. Enter your passwo[...]

  • Página 407

    Prestige 334W User’s Gui de Firmware and Configuration File Maintenance 34-11 To use TFTP, your comput er must have both telnet an d T FTP clients. To transfer t he firmware and the configuration file, fo llow the procedure show n next. Step 1. Use telnet from your computer to connect to th e Prestige and log in. Because TFTP does not have any se[...]

  • Página 408

    [...]

  • Página 409

    Prestige 334W User’s Gui de System Maintenance 35-1 Chapter 35 System Maintenance This chapter leads yo u through SMT menus 24.8 to 24.10. 35.1 Command Interpreter Mode The Command I nterpreter (CI) is a part o f the main system firmware. The CI provides much of t he same functionality as the SMT, while adding some low-level setup and diagnostic [...]

  • Página 410

    Prestige 334W User’s Gui de 35-2 System Maintenance The | symbol means “or”. For example, sys filter netbios config <type> <on|off> means that you must specify the type of netbios filter and whether to turn it on or off. 35.1.2 Command Usage A list of c ommands can be found by typing help or ? at the com mand prom pt. Always ty pe[...]

  • Página 411

    Prestige 334W User’s Gui de System Maintenance 35-3 35.2.1 Budget Management Menu 24.9.1 shows the budget management statistics for ou tgoing calls. Enter 1 from Menu 24. 9 - System Maintenance - Call Contro l to br ing up th e fo llow ing menu . Figure 35-4 Budget Managemen t The total budget is the time limit on the accum ulated time for outgoi[...]

  • Página 412

    Prestige 334W User’s Gui de 35-4 System Maintenance 35.2.2 Call History This is the second option in Menu 24.9 - System Main tenance - Call C ontrol . It displays information about past incoming and outgo ing calls. Enter 2 from Menu 24.9 - System Maintenance - Call Con trol to bring up the following menu. Figure 35-5 Call History The following t[...]

  • Página 413

    Prestige 334W User’s Gui de System Maintenance 35-5 you turn on your Prestige. Men u 24.10 allows you to update the time and date settings of your Prestige. The real time is then displayed in the Prestige error logs and firewall lo gs. Select menu 24 in the main menu to open Menu 24 - System Maintenance , as shown next. Figure 35-6 Menu 24: Sy st[...]

  • Página 414

    Prestige 334W User’s Gui de 35-6 System Maintenance Table 35-3 Time and Date Setting Fields FIELD DESCRIPTION Enter the time service protocol that your timeserver sends when you turn on the Prestige. Not all timeservers support all prot ocols, so you ma y have to check with your ISP/network administrator or use trial and erro r to find a prot oco[...]

  • Página 415

    Prestige 334W User’s Gui de System Maintenance 35-7 i. On leaving menu 24. 10 after making cha nges. ii. When the Prestige starts up, if there is a timeserver configured in menu 24.10. iii. 24-hour intervals after starting.[...]

  • Página 416

    [...]

  • Página 417

    Prestige 334W User’s Gui de Remote Management 36-1 Chapter 36 Remote Management This chapter cove rs remote management (SMT m enu 24.11). 36.1 Remote Management Remote management allows you to determine which services/protocols can acces s which Prestige interface (if any) fr om which c omputers . You may manage your Prestige from a remote locati[...]

  • Página 418

    Prestige 334W User’s Gui de 36-2 Remote Management The following table describes the fields in this screen. Table 36-1 Menu 24.11 – Remote Managemen t Control FIELD DESCRIPTION EXAMPLE Telnet Server FTP Server Web Server SNMP Service DNS Service Each of these read-only l abels denotes a service or protoc ol. Port This field shows the port numbe[...]

  • Página 419

    Prestige 334W User’s Gui de Call Scheduling 37-1 Chapter 37 Call Scheduling Call scheduling (applicable for PPPoA or PPPoE encaps ulation only) allows you to dictate when a remote node should be call ed and for how long. 37.1 Introduction to Call Scheduling The call scheduling feature allows the Prestige to mana ge a remote no de and dictate whe [...]

  • Página 420

    Prestige 334W User’s Gui de 37-2 Call Scheduli ng To setup a schedule set, select the schedule set you want to setup from men u 26 (1-12) and pr ess [ENTER] to see Menu 26.1 — Sche dule Set Setup as shown next. Figure 37-2 Menu 26.1 Schedule Set Setup If a connection has been already established, your Pr estige will not drop it. Once the connec[...]

  • Página 421

    Prestige 334W User’s Gui de Call Scheduling 37-3 Table 37-1 Menu 26.1 Schedule Set Setup FIELD DESCRIPTION EXAMPLE Weekday: Day If you selected Weekly in the How Often field above, then select the day(s) when the set should activate (and rec ur) by going to that day(s) and pressing [SPACE BAR] to select Yes , then press [ENTER]. Yes No N/A Start [...]

  • Página 422

    Prestige 334W User’s Gui de 37-4 Call Scheduli ng Figure 37-3 Applying Schedule Set( s) to a Remote Node (PPPoE) You can ap ply up to fou r schedule sets, separate d by comm as, for one rem ote node. C hange the sc hedule set numbers to your prefe rence(s). Menu 11.1 - Remote Node Profile Rem Node Name= MyISP Route= IP Active= Yes Encapsulation= [...]

  • Página 423

    SMT VPN/IPSec IX Part IX: SMT VPN/IPSec This part provides informati on about conf iguring VPN/IPSec for secure communications. See the web configurator parts o f this guide for background information on features configurable by web configurator a nd SMT.[...]

  • Página 424

    [...]

  • Página 425

    Prestige 334W User ’s Gui de VPN/IPSec Setup 38-1 Chapter 38 VPN/IPSec Setup This chapter introduces the VPN SMT menus. 38.1 VPN/IPSec Overview The VPN/IPSe c main SMT menu has these m ain submenus: 1. Define VPN policies in m enu 27.1 s ubmenus, incl uding securi ty polici es, endpoint IP addresses, peer IPSec router IP address and key manage me[...]

  • Página 426

    Prestige 334W User ’s Gui de 38-2 VPN/IPSec Setup Figure 38-2 Menu 27 VPN/IPSec Setup 38.2 IPSec Summary Screen Type 1 in m enu 27 and t hen press [ENTE R] to display Menu 27.1 IPSec Summary . This is a s ummary read-only m enu of your IPSec rules (t unnels). E dit or creat e an IPSec rule by selecting a n index num ber and then configuring the a[...]

  • Página 427

    Prestige 334W User ’s Gui de VPN/IPSec Setup 38-3 Table 38-1 Menu 27.1 IPSec Summary FIELD DESCRIPTION EX AMPLE Name T his field displays the unique iden tification na me for this VPN rule. The name may be up to 32 characters long but onl y 10 characters will be displayed her e. Taiwan A Y signifies that this VPN rule is active. Y Local Addr Star[...]

  • Página 428

    Prestige 334W User ’s Gui de 38-4 VPN/IPSec Setup Table 38-1 Menu 27.1 IPSec Summary FIELD DESCRIPTION EX AMPLE Key Mgt T his field displays the SA’s type of key management, ( IKE or Manual ). IKE Remote Addr Start When the Addr Type field in Menu 27.1.1 IPSec Setup is configured to Single , this is a static IP address on the network behind the[...]

  • Página 429

    Prestige 334W User ’s Gui de VPN/IPSec Setup 38-5 Table 38-1 Menu 27.1 IPSec Summary FIELD DESCRIPTION EX AMPLE Select Command Press [SPACE BAR] to choose from None , Edit , Delete , Go To Rule , Next Page or Previous Page and then press [ENTER]. You must select a rule in the next field when you choose the Edit , Delete or Go To commands. Select [...]

  • Página 430

    Prestige 334W User ’s Gui de 38-6 VPN/IPSec Setup Figure 38-4 Menu 27.1.1 IPSec Setup The following table describes the fields in this menu. Table 38-2 Menu 27.1.1 IPSec Setup FIELD DESCRIPTION EXAMPLE Index This is the VPN rule index number you selected in the pr evious menu. 1 Name Enter a unique identificatio n name for this VPN rule. The name[...]

  • Página 431

    Prestige 334W User ’s Gui de VPN/IPSec Setup 38-7 Table 38-2 Menu 27.1.1 IPSec Setup FIELD DESCRIPTION EXAMPLE Nat Traversal Select this check box to enable NAT traversal. NAT traversal allows you to set up a VPN connection when ther e are NAT routers bet ween the two IPSec routers. The remote IPSec router must also have NA T traversal enabled. Y[...]

  • Página 432

    Prestige 334W User ’s Gui de 38-8 VPN/IPSec Setup Table 38-2 Menu 27.1.1 IPSec Setup FIELD DESCRIPTION EXAMPLE Content When you select IP in the Peer ID Type field, type the IP address of the computer with which you w ill make t he VPN connection or leave the field blank to have the Prestige aut omatically use the address in the Secure Gateway A [...]

  • Página 433

    Prestige 334W User ’s Gui de VPN/IPSec Setup 38-9 Table 38-2 Menu 27.1.1 IPSec Setup FIELD DESCRIPTION EXAMPLE End Enter a port number in this field to define a port range. This port number must be greater than that specified in the previous field. T his field is N/A when 0 is configured in the Port Start field. N/A Remote Remote IP addresses mus[...]

  • Página 434

    Prestige 334W User ’s Gui de 38-10 VPN/IPSec Setup Table 38-2 Menu 27.1.1 IPSec Setup FIELD DESCRIPTION EXAMPLE Port Start 0 is the default and signifies any port. Type a port number from 0 to 65535. Someone behind the remote IPSec router cannot create a VPN tunnel when attempting to connect using a port number that do es not match this port numb[...]

  • Página 435

    Prestige 334W User ’s Gui de VPN/IPSec Setup 38-1 1 Figure 38-5 Menu 27.1.1.1 IKE Setup The following table describes the fields in this menu. Table 38-3 Menu 27.1.1.1 IKE Setup FIELD DESCRIPTION EXAMPLE Phase 1 Negotiation Mode Press [SPACE BAR] to choose from Main or Aggressive and then press [ENTER]. See earlier for a discussi on of thes e mod[...]

  • Página 436

    Prestige 334W User ’s Gui de 38-12 VPN/IPSec Setup Table 38-3 Menu 27.1.1.1 IKE Setup FIELD DESCRIPTION EXAMPLE Encryption Algorithm When DES is used for data communications, both sender and receiver mus t know the same secret key, which can be used to encrypt and decrypt the message or to generate and verif y a message authentication code. Prest[...]

  • Página 437

    Prestige 334W User ’s Gui de VPN/IPSec Setup 38-13 Table 38-3 Menu 27.1.1.1 IKE Setup FIELD DESCRIPTION EXAMPLE Perfect Forward Secrecy (PFS) Perfect Forward Secrecy (PFS) is disabled ( None ) by default in phase 2 IPSec SA setup. This allows faster IPSe c setup, but is not so secure. Press [SPACE BAR] and choose from DH1 or DH2 to enable PF S. D[...]

  • Página 438

    Prestige 334W User ’s Gui de 38-14 VPN/IPSec Setup Figure 38-6 Menu 27.1.1.2 Manual Setup The following table describes the fields in this menu. Table 38-5 Menu 27.1.1.2 Manual Setup FIELD DESCRIPTION EXAMPLE Active Protocol Press [SPACE BAR] to choos e from ESP Tunnel , ESP Transport , AH Tunnel or AH Transport and then press [ENTER]. Choosing a[...]

  • Página 439

    Prestige 334W User ’s Gui de VPN/IPSec Setup 38-15 Table 38-5 Menu 27.1.1.2 Manual Setup FIELD DESCRIPTION EXAMPLE Key3 Enter a unique eight-character key. It can be comprised of any character including spaces (but trailing spaces are truncated). Authentication Algorithm Press [SPACE BAR] to choose from MD5 or SHA1 and then press [ENTER]. MD5 Key[...]

  • Página 440

    [...]

  • Página 441

    Prestige 334W User ’s Gui de SA Monitor 39-1 Chapter 39 SA Monitor This chapter teaches you how to manage your SA s by using the SA Monitor in SMT menu 27.2. 39.1 SA Monitor Overview A Security Association (SA) is the group of security settings related to a specific VPN tunnel. Th is menu (shown next) displays activ e VPN connections. When there [...]

  • Página 442

    Prestige 334W User ’s Gui de 39-2 SA Monitor The following table describes the fields in this menu. Table 39-1 Menu 27.2 SA Monitor FIELD DESCRIPTION EX AMPLE # This is the security associatio n index number. Name This field displays th e identification name for this VPN policy. This name is unique for each connection where the secure gateway IP [...]

  • Página 443

    X Part X: Appendices and Index This section provides some Appendices and an Index.[...]

  • Página 444

    [...]

  • Página 445

    Prestige 334W User’s Gui de PPPoE A-1 Appendix A PPPoE PPPoE in Action An ADSL m odem bridges a PPP session o ver Ethernet (P PP over Ethe rnet, RFC 2516) from your PC t o an ATM PVC (Permanent Virt ual Circuit) that connects to an xDSL Access C oncentrat or where the PPP session terminates (see the next figu re). One PVC ca n support a ny number[...]

  • Página 446

    Prestige 334W User’s Gui de A-2 PPPoE Diagram A-1 Single-PC per Modem Hard w are Configuration How PPPoE Works The PPPoE driver m akes the Ethernet appear as a serial link to the PC and the PC runs PPP over it, while the modem bridges the Et hernet frames to the Access Conce n trator (AC). Between the AC and an ISP, the AC is acting as a L2TP (La[...]

  • Página 447

    Prestige 334W User’s Gui de PPPoE A-3 The Prestige as a PPPoE Client When using the Prestige as a PPPoE client, th e PCs on the LAN see only Ethernet and are not aware of PPPoE. This al leviates the ad ministrator fr om having t o manage the PPPoE clients on the indivi dual PCs. Diagram A-2 The Prestige as a PPPoE Client[...]

  • Página 448

    [...]

  • Página 449

    Prestige 334W User’s Gui de PPTP B-1 Appendix B PPTP What is PPTP? PPTP (Point -to-Point T unneling Prot ocol) is a M icrosoft pr oprietary pr otocol (RFC 2637 for PPTP is informational only) to tunnel PPP frames. How can we transport PPP frames from a PC to a broadb and modem over Ethernet? A solution is to build PPTP into the ANT (ADSL Ne twork[...]

  • Página 450

    Prestige 334W User’s Gui de B-2 PPTP In Windows VPN o r PPTP Pass-Through f eature, th e PPTP tunneling is created from Window s 95, 98 and NT clients to an NT server in a remote location. Th e pass-through feature allow s users on th e network to access a different remote server usi ng the Prestige's Intern et connection. In NAT mode , the [...]

  • Página 451

    Prestige 334W User’s Gui de PPTP B-3 The control connection runs over TCP. Similar to L2TP, a tunnel contro l connection is first established before call control messages can be exch anged. Please note that a tunnel con trol connection supports multiple call sessions. The following diagram depicts the message exchange of a successful call setup b[...]

  • Página 452

    [...]

  • Página 453

    Prestige 334W User’s Gui de NetBIOS Filter Commands C-1 Appendix C NetBIOS Filter Commands The following describes the NetBIOS packet filter commands. Introduction NetBIOS (Network Basic Input/Output System ) are TCP or UDP b roadcast pa c kets that enable a computer t o connect to and communicate with a LAN. For some dial-up services such as PPP[...]

  • Página 454

    Prestige 334W User’s Gui de C-2 NetBIOS Filter Commands Table C-1 NetBIOS Filter Default Settings NAME DESCRIPTION EXAMPLE Between LAN and WAN This field displays whether NetBIOS packets are blocked o r forwarded from the LAN to the WAN or from the WAN to the LAN. Forward IPSec Packets This field displa ys whet her NetBIOS packets sent through a [...]

  • Página 455

    Prestige 334W User’s Gui de NetBIOS Filter Commands C-3 Command: sys filter netbios config 4 off This command stops NetBIOS commands from initiatin g calls.[...]

  • Página 456

    [...]

  • Página 457

    Prestige 334W User’s Gui de Log Descriptions D -1 Appendix D Log Descriptions Configure centralized logs using the em bedded w eb configurator; see the onlin e help for details. This appendix describ es some of the log messa ges. Chart 1 System Error Logs LOG MESSAGE DESCRIPTION %s exceeds the max. number of session per host! This attempt to crea[...]

  • Página 458

    Prestige 334W User’s Gui de D-2 Lo g Descriptions Chart 2 System Maintena nce Logs LOG MESSAGE DESCRIPTION TELNET Login Successfully Someone has logged on to the router via telnet. TELNET Login Fail Someone has failed to log on to the router via telnet. FTP Login Successfully Someone has logged on to the router via ftp. FTP Login Fail Someone has[...]

  • Página 459

    Prestige 334W User’s Gui de Log Descriptions D -3 Chart 4 Content Filtering Logs CATEGORY LOG MESSAGE DESCRIPTION JAVBLK IP/Domain Name The Prestige blocked access to this IP addre ss or domain name because of a forbidden service suc h as: ActiveX, a Java applet, a cookie, or a proxy. Chart 5 ICMP Type and Code Expla nations TYPE CODE DESCRIPTION[...]

  • Página 460

    Prestige 334W User’s Gui de D-4 Lo g Descriptions Chart 5 ICMP Type and Code Expla nations TYPE CODE DESCRIPTION 0 Echo message 11 Time Exceeded 0 Time to live exceeded in transit 1 Fragment reassembly time exceeded 12 Parameter Problem 0 Pointer indicates the error 13 Timestamp 0 Timestamp request message 14 Timestamp Reply 0 Timestamp reply mes[...]

  • Página 461

    Prestige 334W User’s Gui de Setting up Your Computer’s IP Address E-1 Appendix E Setting up Your Computer’s IP Address All computers must have a 1 0M or 100M Et he rnet adapter card and TC P/IP installed. Windows 95/ 98/Me/NT/2 000/XP, Maci ntosh OS 7 a nd later ope rating sy stems and all versions of UNIX/LINU X include the software com pone[...]

  • Página 462

    Prestige 334W User’s Gui de E-2 Setting up Your Computer’s IP Address 1. Click Start , Settings , Control Panel and double- click the Network icon to open the Network window. 2. The Networ k window Configurati on tab displ ays a list of installed c omponents. You need a net work adapter, the T CP/IP protoc ol and Cl ient for Microsoft Net works[...]

  • Página 463

    Prestige 334W User’s Gui de Setting up Your Computer’s IP Address E-3 d. Select Client for Microsoft Networks from the list of network clients and then cl ick OK . e. Restart your computer so t he changes you made take effect. In the Networ k window Configuration tab, select your network adapter's TCP/IP en try and click Properties . 1. Cl[...]

  • Página 464

    Prestige 334W User’s Gui de E-4 Setting up Your Computer’s IP Address 2. Click the DNS Configuration tab. -If you do not know your DNS information, select Disable DNS . -If you know your DNS information, select Enable DNS and type the information in the fields below (you may not need to fill them a ll in). 3. Click the Gateway tab. -If you do n[...]

  • Página 465

    Prestige 334W User’s Gui de Setting up Your Computer’s IP Address E-5 5. Click OK to close the Network window. Insert the Windows CD if prompted. 6. Turn on your Prestige and restar t your com puter when prompted. Checking/Modifying Your Computer’s IP Address 1. Click Start and then Run . 2. In the Run window, type "winipcfg" and th[...]

  • Página 466

    Prestige 334W User’s Gui de E-6 Setting up Your Computer’s IP Address Windows 2000/NT/XP 1. In Windo ws XP, click start , Control Panel . In Windows 2000/NT, click Start , Settings , Control Panel . 2. In Windo ws XP, click Net work Connections . In Windows 2000/NT, click Netwo rk and Dial-up Connections . 3. Right-click Local A rea Connection [...]

  • Página 467

    Prestige 334W User’s Gui de Setting up Your Computer’s IP Address E-7 4. Select Internet Protocol (TCP/IP) (under the General tab in Win XP) and click Properties .[...]

  • Página 468

    Prestige 334W User’s Gui de E-8 Setting up Your Computer’s IP Address 5. T he Internet Protocol TCP/IP Propertie s window opens (the General tab in Windows XP). - To have your computer assigned a d ynamic IP address, click Obtain an IP address automatically . -If you have a static IP address click Use the following IP Address and fill in the IP[...]

  • Página 469

    Prestige 334W User’s Gui de Setting up Your Computer’s IP Address E-9 6. -If you do not know your gateway's IP address, remove any previously installed gate ways in the IP Settin gs tab and click OK . Do one or more of the following if you want to configure additional IP addres ses: -In the IP Settings tab, in IP addresses, click Add . -In[...]

  • Página 470

    Prestige 334W User’s Gui de E-10 Setting up Your Computer’s IP Address 7. In the Internet Protocol TCP/IP Properties window (the Gene ral t ab in Windows XP): -Click Obtain DNS server address automatically if you do not know your DNS server IP address(es). -If you know your DNS server IP address(es), click Use the follow ing DNS server addresse[...]

  • Página 471

    Prestige 334W User’s Gui de Setting up Your Computer’s IP Address E-11 Macintosh OS 8/9 1. Click the Apple menu, Control Pane l and double-click TCP/IP to open the TCP/IP Control Panel . 2. Select Ethernet built-in from the Connect v ia list.[...]

  • Página 472

    Prestige 334W User’s Gui de E-12 Setting up Your Computer’s IP Address 3. For dynamically assigned settings, select Using DHCP Server from the Configure: list. 4. For statically assigned settings, do the following: -From the Configure box, select Manually . -Type your IP address in the IP Address box. -Type your subnet mask in the Subnet mask b[...]

  • Página 473

    Prestige 334W User’s Gui de Setting up Your Computer’s IP Address E-13 2. Click Network in the icon bar. - Select Automatic from the Location list. - Select Built-in Ethernet from the Show list. - Click the TCP/IP tab. 3. For dynamically assigned settings, select Using DHCP from the Configure list. 4. For statically assigned settings, do the fo[...]

  • Página 474

    [...]

  • Página 475

    Prestige 334W User’s Gui de Wireless LAN and IEEE 802.11 F -1 Appendix F Wireless LAN and IEEE 802.11 A wireless LAN (WLA N) provides a flexi ble data co mmunications system that you can use to access various services (navi gating the Internet, email, printer services, etc.) without the use of a cabled connection. In effect a wireless LAN environ[...]

  • Página 476

    Prestige 334W User’s Gui de Wireles s LAN and IEEE 802.11 F-2 Spread Spectrum (DSSS) an d Fre quency-Hopping Spread Spectrum (FHSS), in t he 2.4 to 2.4825 GHz unlicensed ISM (Industrial, Scientific and Medical) ba nd. The th ird method is infrared technology, using very high fre quencies, just below visi ble light in t he electromagnet ic spectru[...]

  • Página 477

    Prestige 334W User’s Gui de Wireless LAN and IEEE 802.11 F -3 points can pro vide wireless cove rage for an entire buildi ng or campus. All communications bet ween stations or between a station and a wired network client go through th e access point. The Extended Service Set (ESS) shown in the next figure consists of a series of overlapping BSSs [...]

  • Página 478

    [...]

  • Página 479

    Prestige 334W User’s Gui de Wireless LAN with IEEE 802.1x G-1 Appendix G Wireless LAN With IEEE 802.1x As wireless networks becom e popular for both portable com puting and c orporate netw orks, security is now a priority. Security Flaws w ith IEEE 802.1 1 Wireless networks based on the o riginal IEEE 802 .11 have a poor reputation for safety. Th[...]

  • Página 480

    Prestige 334W User’s Gui de Wireless LAN with IEE E 802.1x G-2 RADIUS Server Authentication Seque nce The following figure depicts a ty pical wirele ss network wit h a re mote RADIUS server for user authentication using EA POL (E AP Over LAN) . Diagram G-1 Sequences for EAP MD5–Challenge Authentication Client computer access authorized. Client [...]

  • Página 481

    Prestige 334W User’s Gui de Types of EAP Authentication H-1 Appendix H Types of EAP Authentication This appendix discu sses the four popular EAP authen tication types: EAP-MD5 , EAP-TLS , EAP-TTLS and PEAP . The type of auth entication you use depen ds on the RADIUS server or th e AP. Consult your network adm inistrat or for more informati on. EA[...]

  • Página 482

    Prestige 334W User’s Gui de H-2 Types of EAP Authentication hiding client identity. However, PEAP only su pports EAP m ethods, such as EAP-MD5 and E AP- MSCHAPv2, for client authenticatio n. For added sec urity, certificat e-based authenti cations (EAP- TLS, EAP-TTLS a nd PEAP) use dy namic keys for data enc ryption. They are often deployed in c [...]

  • Página 483

    Prestige 334W User’s Gui de Antenna Selection and Positioning Recommendation I-1 Appendix I Antenna Selection and Positioning Recommendation An antenna couples RF signals onto air. A transmitter within a wireless device sends an RF signal to the antenna, which propag ates the signal through the air. The antenna also op erates in reverse by capt u[...]

  • Página 484

    Prestige 334W User’s Gui de I-2 Antenna Selection and Positioning Recommendation T ypes of Antennas For WLAN There are two t ypes of ant ennas used f or wireless LAN a pplicati ons. • Omni-directional antennas send the RF signal out in all directions on a horizontal plan e. The coverage area is torus -shaped (like a donut) which makes thes e an[...]

  • Página 485

    Prestige 334W User’s Gui de Brute-Force Password Guessing Protection J -1 Appendix J Brute-Force Password Guessing Protection The followin g describes the c ommands fo r enabling, di sabling a nd config uring the br ute-force pas sword guessing pr otection m echanism for the password . See othe r appendices for information on the command structur[...]

  • Página 486

    [...]

  • Página 487

    Prestige 334W User’s Gui de Triangle Route K-1 Appendix K Triangle Route The Ideal Setup When the firewall is on, your Prestige acts as a secure gateway between your LA N and the Internet. In an ideal network t opology, all i ncoming and outgoing netw ork traffic pas ses through t he Prestige to protect your LAN against attacks. Diagram K-1 Ideal[...]

  • Página 488

    Prestige 334W User’s Gui de K-2 Triangle Route Diagram K-2 “Triangle Route” Problem The “T riangle Route” Solutions This section presents you two solutions to the “triangle route” problem. IP Aliasing IP alias allows you to partition your network into logi cal sections over the same Ethernet interface. Your Prestige supports up to thr[...]

  • Página 489

    Prestige 334W User’s Gui de Triangle Route K-3 Diagram K-3 IP Alias Gateways on the W AN Side A second sol ution to the “t riangle r oute” problem is to put all of your net work gate ways on the WAN side as the following fig ure shows. This en sures that all incoming ne twork traffic p asses through your Pr estige to your LAN. Therefo re your[...]

  • Página 490

    Prestige 334W User’s Gui de K-4 Triangle Route Step 3. Use the following commands to allow/disallo w triangle route. sys firewall ignore triangle all off This command allows triangle route. sys firewall ignore triangle all on This command disall ows triangle route.[...]

  • Página 491

    Prestige 334W User’s Gui de Index L-1 Index 8 802.1x ............................................................ 8-16 A Active ............................................................. 25-2 Address Assignme nt ............................. 3-10, 3-11 Address Resolution Prot ocol (ARP) ................ 6-4 Ad-hoc Configuration ...............[...]

  • Página 492

    Prestige 334W User’s Gui de L-2 Index Disclaimer ............................................................ii Distribution System ......................................... F-3 DNS .................................................... 14-11, 23-3 DNS Server For VPN Host ............................................ 16-7 Domain Nam e ............. [...]

  • Página 493

    Prestige 334W User’s Gui de Index L-3 Gateway IP Address ....................................... 24- 2 General Setup ................................... 3-1, 5-1, 21-1 Global............................................................. 10-1 H Hidden Menus ................................................ 20-4 Hop Count ............................[...]

  • Página 494

    Prestige 334W User’s Gui de L-4 Index N Nailed-up Conn ection .................................... 25-4 Nailed-Up Conn ection ................................... 25- 5 NAT ........ 3-7, 10-6, 10-7, 10-8, 10-9, 25- 8, 30-16 Applying NAT in th e SMT Menus ............ 28-1 Configuring ............................................... 28-3 Definitions[...]

  • Página 495

    Prestige 334W User’s Gui de Index L-5 Repairs ................................................................ v Replacement ........................................................ v Required fields ............................................... 20-4 Reset Button ..................................................... 1-1 Resetting the Time .....[...]

  • Página 496

    Prestige 334W User’s Gui de L-6 Index T TCP/IP ..... 6-6, 14-4, 23-3, 23-4, 25-7, 30- 6, 30-7, 30-9, 30-12, 30 -15 Setup .......................................................... 23- 4 TCP/IP filter rule ........................................... 30-6 Telnet ............................................................. 14-4 Telnet Configur atio[...]