P-660H/HW/W-T Series ADSL 2+ Gateway User’s Guide Version 3.
P-660H/HW/W-T Series User’ Guide Copyright Copyright © 2005 by ZyXEL Communications Corporation. The contents of this publication may not be reproduced in any part or as a whole, transcribed, stored in a retrieval system, translated into any language, or transmitted in any form or by any means, electronic, mechanical, magnetic, optical, chemical, photocopying, manual, or otherwise, without the prior written permission of ZyXEL Communications Corporation. Published by ZyXEL Communications Corporation.
P-660H/HW/W-T Series User’ Guide Federal Communications Commission (FCC) Interference Statement This device complies with Part 15 of FCC rules. Operation is subject to the following two conditions: • This device may not cause harmful interference. • This device must accept any interference received, including interference that may cause undesired operations. This equipment has been tested and found to comply with the limits for a Class B digital device pursuant to Part 15 of the FCC Rules.
P-660H/HW/W-T Series User’ Guide This transmitter must not be co-located or operating in conjunction with any other antenna or transmitter. ZyXEL Communications Corporation declared that Prestige 660HW-T1 is limited in CH1~11 from 2400 to 2483.5 MHz by specified firmware controlled in USA. Certifications Go to www.zyxel.com 1 Select your product from the drop-down list box on the ZyXEL home page to go to that product's page. 2 Select the certification you wish to view from this page.
P-660H/HW/W-T Series User’ Guide Safety Warnings For your safety, be sure to read and follow all warning notices and instructions. • To reduce the risk of fire, use only No. 26 AWG (American Wire Gauge) or larger telecommunication line cord. • Do NOT open the device or unit. Opening or removing covers can expose you to dangerous high voltage points or other risks. ONLY qualified service personnel can service the device. Please contact your vendor for further information.
P-660H/HW/W-T Series User’ Guide ZyXEL Limited Warranty ZyXEL warrants to the original end user (purchaser) that this product is free from any defects in materials or workmanship for a period of up to two years from the date of purchase.
P-660H/HW/W-T Series User’ Guide Customer Support Please have the following information ready when you contact customer support. • • • • Product model and serial number. Warranty Information. Date that you received your device. Brief description of the problem and the steps you took to solve it. METHOD SUPPORT E-MAIL TELEPHONEA WEB SITE FAX FTP SITE REGULAR MAIL LOCATION SALES E-MAIL support@zyxel.com.tw +886-3-578-3942 CORPORATE HEADQUARTERS (WORLDWIDE) CZECH REPUBLIC sales@zyxel.com.
P-660H/HW/W-T Series User’ Guide TELEPHONEA WEB SITE SALES E-MAIL FAX FTP SITE support@zyxel.co.uk +44 (0) 1344 303044 08707 555779 (UK only) www.zyxel.co.uk sales@zyxel.co.uk +44 (0) 1344 303034 ftp.zyxel.co.uk METHOD SUPPORT E-MAIL REGULAR MAIL LOCATION UNITED KINGDOM ZyXEL Communications UK Ltd.,11 The Courtyard, Eastern Road, Bracknell, Berkshire, RG12 2XB, United Kingdom (UK) a. “+” is the (prefix) number you enter to make an international telephone call.
P-660H/HW/W-T Series User’ Guide 9 Customer Support
P-660H/HW/W-T Series User’ Guide Table of Contents Copyright .................................................................................................................. 2 Federal Communications Commission (FCC) Interference Statement ............... 3 Safety Warnings ....................................................................................................... 5 ZyXEL Limited Warranty..........................................................................................
P-660H/HW/W-T Series User’ Guide Chapter 3 Wizard Setup for Internet Access ......................................................................... 54 3.1 Introduction ........................................................................................................54 3.1.1 Internet Access Wizard Setup ..................................................................54 Chapter 4 LAN Setup..............................................................................................................
P-660H/HW/W-T Series User’ Guide 5.8 Configuring Local User Authentication ..............................................................85 5.9 Configuring RADIUS .........................................................................................87 Chapter 6 WAN Setup.............................................................................................................. 90 6.1 WAN Overview ..................................................................................................90 6.1.
P-660H/HW/W-T Series User’ Guide 7.4 Selecting the NAT Mode .................................................................................107 7.5 Configuring SUA Server Set ...........................................................................108 7.6 Configuring Address Mapping Rules ...............................................................110 7.7 Editing an Address Mapping Rule ................................................................... 111 Chapter 8 Dynamic DNS Setup...............
P-660H/HW/W-T Series User’ Guide Chapter 11 Firewall Configuration ......................................................................................... 132 11.1 Access Methods .............................................................................................132 11.2 Firewall Policies Overview .............................................................................132 11.3 Rule Logic Overview .....................................................................................133 11.3.
P-660H/HW/W-T Series User’ Guide 13.2 Telnet ..............................................................................................................159 13.3 FTP ................................................................................................................160 13.4 Web ................................................................................................................160 13.5 Configuring Remote Management ................................................................
P-660H/HW/W-T Series User’ Guide 16.9 Configuring Summary ...................................................................................188 16.10 Configuring Class Setup ............................................................................190 16.10.1 Media Bandwidth Management Class Configuration ........................190 16.10.2 Media Bandwidth Management Statistics .........................................193 16.11 Bandwidth Monitor ........................................................
P-660H/HW/W-T Series User’ Guide Chapter 21 Menu 3 LAN Setup ............................................................................................... 222 21.1 LAN Setup ......................................................................................................222 21.1.1 General Ethernet Setup ........................................................................222 21.2 Protocol Dependent Ethernet Setup ..............................................................223 21.
P-660H/HW/W-T Series User’ Guide 25.2 Configuration ..................................................................................................246 Chapter 26 Bridging Setup ..................................................................................................... 250 26.1 Bridging in General ........................................................................................250 26.2 Bridge Ethernet Setup ................................................................................
P-660H/HW/W-T Series User’ Guide 29.7 Applying Filters and Factory Defaults ............................................................283 29.7.1 Ethernet Traffic .....................................................................................284 29.7.2 Remote Node Filters .............................................................................284 Chapter 30 SNMP Configuration ............................................................................................ 286 30.1 About SNMP ......
P-660H/HW/W-T Series User’ Guide 33.3 Restore Configuration ....................................................................................311 33.3.1 Restore Using FTP ...............................................................................311 33.3.2 Restore Using FTP Session Example ..................................................312 33.4 Uploading Firmware and Configuration Files .................................................313 33.4.1 Firmware File Upload ...............................
P-660H/HW/W-T Series User’ Guide Chapter 38 Troubleshooting ................................................................................................... 342 38.1 Problems Starting Up the Prestige .................................................................342 38.2 Problems with the LAN ...................................................................................342 38.3 Problems with the WAN .................................................................................343 38.
P-660H/HW/W-T Series User’ Guide Command Usage ................................................................................................... 386 Appendix G Firewall Commands ............................................................................................. 388 Appendix H NetBIOS Filter Commands .................................................................................. 394 Introduction .................................................................................................
P-660H/HW/W-T Series User’ Guide Appendix M Internal SPTGEN .................................................................................................. 430 Internal SPTGEN Overview ................................................................................... 430 The Configuration Text File Format........................................................................ 430 Internal SPTGEN FTP Download Example............................................................
P-660H/HW/W-T Series User’ Guide List of Figures Figure 1 Protected Internet Access Applications ................................................................ 46 Figure 2 LAN-to-LAN Application Example ......................................................................... 46 Figure 3 Password Screen .................................................................................................. 49 Figure 4 Change Password at Login ....................................................................
P-660H/HW/W-T Series User’ Guide Figure 39 Multiple Servers Behind NAT Example ............................................................... 107 Figure 40 NAT Mode ........................................................................................................... 108 Figure 41 Edit SUA/NAT Server Set ................................................................................... 109 Figure 42 Address Mapping Rules ...............................................................................
P-660H/HW/W-T Series User’ Guide Figure 82 Network Connections: My Network Places ......................................................... 174 Figure 83 Network Connections: My Network Places: Properties: Example ....................... 174 Figure 84 Log Settings ........................................................................................................ 177 Figure 85 View Logs ...........................................................................................................
P-660H/HW/W-T Series User’ Guide Figure 125 Menu 11.1 Remote Node Profile ...................................................................... 238 Figure 126 Menu 11.3 Remote Node Network Layer Options ............................................ 240 Figure 127 Sample IP Addresses for a TCP/IP LAN-to-LAN Connection ........................... 242 Figure 128 Menu 11.5 Remote Node Filter (RFC 1483 or ENET Encapsulation) ............... 242 Figure 129 Menu 11.
P-660H/HW/W-T Series User’ Guide Figure 168 NetBIOS_LAN Filter Rules Summary .............................................................. 275 Figure 169 IGMP Filter Rules Summary ............................................................................ 275 Figure 170 Menu 21.1.x.1 TCP/IP Filter Rule ..................................................................... 277 Figure 171 Executing an IP Filter ........................................................................................
P-660H/HW/W-T Series User’ Guide Figure 211 Menu 25 IP Routing Policy Setup ..................................................................... 329 Figure 212 Menu 25.1 IP Routing Policy Setup .................................................................. 330 Figure 213 Menu 25.1.1 IP Routing Policy .......................................................................... 331 Figure 214 Menu 3.2 TCP/IP and DHCP Ethernet Setup ...................................................
P-660H/HW/W-T Series User’ Guide Figure 254 Red Hat 9.0: Restart Ethernet Card ................................................................ 375 Figure 255 Red Hat 9.0: Checking TCP/IP Properties ...................................................... 375 Figure 256 Option to Enter Debug Mode ............................................................................ 384 Figure 257 Boot Module Commands ..................................................................................
P-660H/HW/W-T Series User’ Guide 31 List of Figures
P-660H/HW/W-T Series User’ Guide List of Tables Table 1 ADSL Standards .................................................................................................... 42 Table 2 Front Panel LEDs .................................................................................................. 47 Table 3 Web Configurator Screens Summary .................................................................... 50 Table 4 Password ...............................................................................
P-660H/HW/W-T Series User’ Guide Table 39 Firewall: Edit Rule ................................................................................................ 140 Table 40 Customized Services ........................................................................................... 141 Table 41 Firewall: Configure Customized Services ............................................................ 142 Table 42 Predefined Services ................................................................................
P-660H/HW/W-T Series User’ Guide Table 82 Menu 3.2.1 IP Alias Setup ................................................................................... 232 Table 83 Menu 4 Internet Access Setup ............................................................................ 234 Table 84 Menu 11.1 Remote Node Profile ......................................................................... 238 Table 85 Menu 11.3 Remote Node Network Layer Options ...............................................
P-660H/HW/W-T Series User’ Guide Table 125 Allowed IP Address Range By Class ................................................................. 377 Table 126 “Natural” Masks ................................................................................................ 377 Table 127 Alternative Subnet Mask Notation ..................................................................... 378 Table 128 Two Subnets Example .......................................................................................
P-660H/HW/W-T Series User’ Guide Table 168 Menu 15 SUA Server Setup (SMT Menu 15) .................................................... 442 Table 169 Menu 21.1 Filter Set #1 (SMT Menu 21.1) ........................................................ 444 Table 170 Menu 21.1 Filer Set #2, (SMT Menu 21.1) ........................................................ 447 Table 171 Menu 23 System Menus (SMT Menu 23) .......................................................... 452 Table 172 Menu 24.
P-660H/HW/W-T Series User’ Guide 37 List of Tables
P-660H/HW/W-T Series User’ Guide Preface Congratulations on your purchase of the P-660H/HW/W T series ADSL 2+ gateway. P-660W and P-660HW come with biult-in IEEE 802.11g wireless capability allowing wireless connectivity. P-660H and P-660HW have a 4-port switch that allows you to connect up to 4 computers to the Prestige without purchasing a switch/hub. Note: Register your product online to receive e-mail notices of firmware upgrades and information at www.zyxel.com for global products, or at www.us.zyxel.
P-660H/HW/W-T Series User’ Guide • Web Configurator Online Help Embedded web help for descriptions of individual screens and supplementary information. • ZyXEL Glossary and Web Site Please refer to www.zyxel.com for an online glossary of networking terms and additional support documentation. User Guide Feedback Help us help you. E-mail all User Guide-related comments, questions or suggestions for improvement to techwriters@zyxel.com.
P-660H/HW/W-T Series User’ Guide Introduction to DSL DSL (Digital Subscriber Line) technology enhances the data capacity of the existing twistedpair wire that runs between the local telephone company switching offices and most homes and offices.
P-660H/HW/W-T Series User’ Guide 41 Introduction to DSL
P-660H/HW/W-T Series User’ Guide CHAPTER 1 Getting To Know Your Prestige This chapter describes the key features and applications of your Prestige. 1.1 Introducing the Prestige The Prestige is an ADSL2+ gateway that allows super-fast, secure Internet access over analog (POTS) or digital (ISDN) telephone lines (depending on your model). In the Prestige product name, “H” denotes an integrated 4-port switch (hub) and “W” denotes an included wireless LAN card that provides wireless connectivity.
P-660H/HW/W-T Series User’ Guide Note: See the product specifications in the appendix for detailed features and standards support. High Speed Internet Access Your Prestige ADSL/ADSL2/ADSL2+ router can support downstream transmission rates of up to 24Mbps and upstream transmission rates of 3.5Mbps. Actual speeds attained depend on the ADSL service you subscribed to, distance from your ISP, line quality, etc.
P-660H/HW/W-T Series User’ Guide Universal Plug and Play (UPnP) Using the standard TCP/IP protocol, the Prestige and other UPnP enabled devices can dynamically join a network, obtain an IP address and convey its capabilities to other devices on the network. PPPoE (RFC2516) PPPoE (Point-to-Point Protocol over Ethernet) emulates a dial-up connection. It allows your ISP to use their existing network configuration with newer broadband technologies such as ADSL.
P-660H/HW/W-T Series User’ Guide Packet Filters The Prestige's packet filtering functions allows added network security and management. Housing Your Prestige's compact and ventilated housing minimizes space requirements making it easy to position anywhere in your busy office. 4-Port Switch (P-660H/P-660HW) A combination of switch and router makes your Prestige a cost-effective and viable network solution. You can connect up to four computers to the Prestige without the cost of a hub.
P-660H/HW/W-T Series User’ Guide 1.3 Applications for the Prestige Here are some example uses for which the Prestige is well suited. Application graphics shown are for the P-660W. 1.3.1 Protected Internet Access The Prestige is the ideal high-speed Internet access solution. It is compatible with all major ADSL DSLAM (Digital Subscriber Line Access Multiplexer) providers and supports the ADSL standards as shown in Table 1 on page 42.
P-660H/HW/W-T Series User’ Guide The following table describes the LEDs. Table 2 Front Panel LEDs LED COLOR STATUS DESCRIPTION PWR/SYS Green On The Prestige is receiving power and functioning properly. Blinking The Prestige is rebooting or performing diagnostics. On Power to the Prestige is too low. Red LAN Green Amber WLAN (P660HW/ P660W) Green DSL/PPP Green Amber Off The system is not ready or has malfunctioned. On The Prestige has a successful 10Mb Ethernet connection.
P-660H/HW/W-T Series User’ Guide CHAPTER 2 Introducing the Web Configurator This chapter describes how to access and navigate the web configurator. 2.1 Web Configurator Overview The web configurator is an HTML-based management interface that allows easy Prestige setup and management via Internet browser. Use Internet Explorer 6.0 and later or Netscape Navigator 7.0 and later versions. The recommended screen resolution is 1024 by 768 pixels.
P-660H/HW/W-T Series User’ Guide Figure 3 Password Screen 6 It is highly recommended you change the default password! Enter a new password between 1 and 30 characters, retype it to confirm and click Apply; alternatively click Ignore to proceed to the main menu if you do not want to change the password now. Note: If you do not change the password at least once, the following screen appears every time you log in. Figure 4 Change Password at Login 7 You should now see the SITE MAP screen.
P-660H/HW/W-T Series User’ Guide 2.1.3 Navigating the Web Configurator The following summarizes how to navigate the web configurator from the SITE MAP screen. We use the Prestige 660W-T1 web screens in this guide as an example. Screens vary slightly for different Prestige models. • Click Wizard Setup to begin a series of screens to configure your Prestige for the first time. • Click a link under Advanced Setup to configure advanced Prestige features.
P-660H/HW/W-T Series User’ Guide Table 3 Web Configurator Screens Summary (continued) LINK SUB-LINK Wireless LAN (P-660W / P660HW only) Wireless Use this screen to configure the wireless LAN settings. MAC Filter Use this screen to change MAC filter settings on the Prestige. 802.1x/WPA Use this screen to configure WLAN authentication and security settings. Local User Database Use this screen to set up built-in user profiles for wireless station authentication.
P-660H/HW/W-T Series User’ Guide Table 3 Web Configurator Screens Summary (continued) LINK SUB-LINK FUNCTION DHCP Table This screen displays DHCP (Dynamic Host Configuration Protocol) related information and is READ-ONLY. Any IP Table Use this screen to view the IP and MAC addresses of LAN computers communicating with the Prestige. Wireless LAN (P-660W / P660HW only) Association List This screen displays the MAC address(es) of the wireless stations that are currently associating with the Prestige.
P-660H/HW/W-T Series User’ Guide Table 4 Password 53 LABEL DESCRIPTION Old Password Type the default password or the existing password you use to access the system in this field. New Password Type the new password in this field. Retype to Confirm Type the new password again in this field. Apply Click Apply to save your changes back to the Prestige. Cancel Click Cancel to begin configuring this screen afresh.
P-660H/HW/W-T Series User’ Guide CHAPTER 3 Wizard Setup for Internet Access This chapter provides information on the Wizard Setup screens for Internet access in the web configurator. 3.1 Introduction Use the Wizard Setup screens to configure your system for Internet access with the information given to you by your ISP. Note: See the advanced menu chapters for background information on these fields. 3.1.
P-660H/HW/W-T Series User’ Guide Table 5 Internet Access Wizard Setup: ISP Parameters LABEL DESCRIPTION Mode From the Mode drop-down list box, select Routing (default) if your ISP allows multiple computers to share an Internet account. Otherwise select Bridge. Encapsulation Select the encapsulation type your ISP uses from the Encapsulation drop-down list box. Choices vary depending on what you select in the Mode field. If you select Bridge in the Mode field, select either PPPoA or RFC 1483.
P-660H/HW/W-T Series User’ Guide Table 6 Internet Connection with PPPoE LABEL DESCRIPTION Service Name Type the name of your PPPoE service here. User Name Enter the user name exactly as your ISP assigned. If assigned a name in the form user@domain where domain identifies a service name, then enter both components exactly as given. Password Enter the password associated with the user name above. IP Address A static IP address is a fixed IP that your ISP gives you.
P-660H/HW/W-T Series User’ Guide Table 7 Internet Connection with RFC 1483 (continued) LABEL DESCRIPTION Back Click Back to go back to the first wizard screen. Next Click Next to continue to the next wizard screen. Figure 10 Internet Connection with ENET ENCAP The following table describes the fields in this screen. Table 8 Internet Connection with ENET ENCAP LABEL DESCRIPTION IP Address A static IP address is a fixed IP that your ISP gives you.
P-660H/HW/W-T Series User’ Guide Figure 11 Internet Connection with PPPoA The following table describes the fields in this screen. Table 9 Internet Connection with PPPoA LABEL DESCRIPTION User Name Enter the login name that your ISP gives you. Password Enter the password associated with the user name above. IP Address This option is available if you select Routing in the Mode field. A static IP address is a fixed IP that your ISP gives you.
P-660H/HW/W-T Series User’ Guide 3 Verify the settings in the screen shown next. To change the LAN information on the Prestige, click Change LAN Configurations. Otherwise click Save Settings to save the configuration and skip to the section 3.13. Figure 12 Internet Access Wizard Setup: Third Screen If you want to change your Prestige LAN settings, click Change LAN Configuration to display the screen as shown next.
P-660H/HW/W-T Series User’ Guide The following table describes the fields in this screen. Table 10 Internet Access Wizard Setup: LAN Configuration LABEL DESCRIPTION LAN IP Address Enter the IP address of your Prestige in dotted decimal notation, for example, 192.168.1.1 (factory default). If you changed the Prestige's LAN IP address, you must use the new IP address if you want to access the web configurator again. LAN Subnet Mask Enter a subnet mask in dotted decimal notation.
P-660H/HW/W-T Series User’ Guide 61 Chapter 3 Wizard Setup for Internet Access
P-660H/HW/W-T Series User’ Guide CHAPTER 4 LAN Setup This chapter describes how to configure LAN settings. 4.1 LAN Overview A Local Area Network (LAN) is a shared communication system to which many computers are attached. A LAN is a computer network limited to the immediate area, usually the same building or floor of a building. The LAN screens can help you configure a LAN DHCP server and manage IP addresses. See Section 4.3 on page 68 to configure the LAN screens. 4.1.
P-660H/HW/W-T Series User’ Guide 4.1.2 DHCP Setup DHCP (Dynamic Host Configuration Protocol, RFC 2131 and RFC 2132) allows individual clients to obtain TCP/IP configuration at start-up from a server. You can configure the Prestige as a DHCP server or disable it. When configured as a server, the Prestige provides the TCP/IP configuration for the clients. If you turn DHCP service off, you must have another DHCP server on your LAN, or else the computer must be manually configured. 4.1.2.
P-660H/HW/W-T Series User’ Guide There are two ways that an ISP disseminates the DNS server addresses. • The ISP tells you the DNS server addresses, usually in the form of an information sheet, when you sign up. If your ISP gives you DNS server addresses, enter them in the DNS Server fields in the LAN Setup screen. • The Prestige acts as a DNS proxy when the Primary and Secondary DNS Server fields are left blank in the LAN Setup screen. 4.
P-660H/HW/W-T Series User’ Guide 4.2.1.1 Private IP Addresses Every machine on the Internet must have a unique address. If your networks are isolated from the Internet, for example, only between your two branch offices, you can assign any IP addresses to the hosts without problems. However, the Internet Assigned Numbers Authority (IANA) has reserved the following three blocks of IP addresses specifically for private networks: • 10.0.0.0 — 10.255.255.255 • 172.16.0.0 — 172.31.255.255 • 192.168.0.0 — 192.
P-660H/HW/W-T Series User’ Guide 4.2.3 Multicast Traditionally, IP packets are transmitted in one of either two ways - Unicast (1 sender - 1 recipient) or Broadcast (1 sender - everybody on the network). Multicast delivers IP packets to a group of hosts on the network - not everybody and not just 1. IGMP (Internet Group Multicast Protocol) is a network-layer protocol used to establish membership in a Multicast group - it is not used to carry user data.
P-660H/HW/W-T Series User’ Guide Figure 16 Any IP Example The Any IP feature does not apply to a computer using either a dynamic IP address or a static IP address that is in the same subnet as the Prestige’s IP address. Note: You must enable NAT/SUA to use the Any IP feature on the Prestige. 4.2.4.
P-660H/HW/W-T Series User’ Guide 4.3 Configuring LAN Click LAN to open the LAN Setup screen. See Section 4.1 on page 62 for background information. Figure 17 LAN Setup The following table describes the fields in this screen. Table 11 LAN Setup LABEL DESCRIPTION DHCP DHCP If set to Server, your Prestige can assign IP addresses, an IP default gateway and DNS servers to Windows 95, Windows NT and other systems that support the DHCP client. If set to None, the DHCP server will be disabled.
P-660H/HW/W-T Series User’ Guide Table 11 LAN Setup (continued) LABEL DESCRIPTION Size of Client IP Pool This field specifies the size or count of the IP address pool. Primary DNS Server Enter the IP addresses of the DNS servers. The DNS servers are passed to the DHCP clients along with the IP address and the subnet mask. Secondary DNS Server As above. Remote DHCP Server If Relay is selected in the DHCP field above then enter the IP address of the actual remote DHCP server here.
P-660H/HW/W-T Series User’ Guide CHAPTER 5 Wireless LAN This chapter discusses how to configure the Wireless LAN screens for P-660HW or P-660W. 5.1 Wireless LAN Introduction A wireless LAN can be as simple as two computers with wireless LAN adapters communicating in a peer-to-peer network or as complex as a number of computers with wireless LAN adapters communicating through access points which bridge network traffic to the wired LAN. Refer to Section 5.3 on page 71 to configure wireless LAN settings.
P-660H/HW/W-T Series User’ Guide • Use RADIUS authentication if you have a RADIUS server. See the appendices for information on protocols used when a client authenticates with a RADIUS server via the Prestige. • Use the Local User Database if you have less than 32 wireless clients in your network. The Prestige uses MD5 encryption when a client authenticates with the Local User Database 5.2.
P-660H/HW/W-T Series User’ Guide Figure 18 Wireless LAN The following table describes the links in this screen. Table 12 Wireless LAN LINK DESCRIPTION Wireless Click this link to go to a screen where you can configure the ESSID and WEP. Note: If you configure WEP, you can’t configure WPA or WPAPSK. MAC Filter Click this link to go to a screen where you can restrict access to your wireless network by MAC address. 802.1x/WPA Click this link to go to a screen where you can configure WPA or WPA-PSK.
P-660H/HW/W-T Series User’ Guide Figure 19 Wireless Security Methods Note: You must enable the same wireless security settings on the Prestige and on all wireless clients that you want to associate with it. If you do not enable any wireless security on your Prestige, your network is accessible to any wireless networking device that is within range. 5.4 Configuring the Wireless Screen 5.4.
P-660H/HW/W-T Series User’ Guide Figure 20 Wireless Screen The following table describes the labels in this screen. Table 13 Wireless LAN LABEL DESCRIPTION Enable Wireless LAN You should configure some wireless security (see Figure 19 on page 73) when you enable the wireless LAN. Select the check box to enable the wireless LAN. ESSID The ESSID (Extended Service Set IDentification) is a unique name to identify the Prestige in the wireless LAN.
P-660H/HW/W-T Series User’ Guide Table 13 Wireless LAN (continued) LABEL DESCRIPTION Fragmentation Threshold This is the threshold (number of bytes) for the fragmentation boundary for directed messages. It is the maximum data fragment size that can be sent. Select the check box to change the default value and enter a value between 256 and 2432. You won’t see the following WEP-related fields if you have WPA or WPA-PSK enabled.
P-660H/HW/W-T Series User’ Guide Note: Be careful not to list your computer’s MAC address and set the Action field to Deny Association when managing the Prestige via a wireless connection. This would lock you out. Figure 21 MAC Filter The following table describes the fields in this menu. Table 14 MAC Filter LABEL DESCRIPTION Active Select Yes from the drop down list box to enable MAC address filtering. Action Define the filter action for the list of MAC addresses in the MAC Address table.
P-660H/HW/W-T Series User’ Guide Table 14 MAC Filter (continued) LABEL DESCRIPTION MAC Address Enter the MAC addresses in a valid MAC address format, that is, six hexadecimal character pairs, for example, 12:34:56:78:9a:bc of the wireless stations that are allowed or denied access to the Prestige in these address fields. Back Click Back to go to the main wireless LAN setup screen. Apply Click Apply to save your changes back to the Prestige.
P-660H/HW/W-T Series User’ Guide Figure 22 WPA - PSK Authentication 5.6.2 WPA with RADIUS Application Example You need the IP address, port number (default is 1812) and shared secret of a RADIUS server. A WPA application example with an external RADIUS server looks as follows. "A" is the RADIUS server. "DS" is the distribution system (wired link to the LAN). 1 The AP passes the wireless client’s authentication request to the RADIUS server.
P-660H/HW/W-T Series User’ Guide Figure 23 WPA with RADIUS Application Example2 5.6.3 Wireless Client WPA Supplicants A wireless client supplicant is the software that runs on an operating system instructing the wireless client how to use WPA. At the time of writing, the most widely available supplicants are the WPA patch for Windows XP, Funk Software's Odyssey client, and Meetinghouse Data Communications' AEGIS client.
P-660H/HW/W-T Series User’ Guide 5.7.1 No Access Allowed or Authentication Select No Access Allowed or No Authentication Required in the Wireless Port Control field. Figure 24 Wireless LAN: 802.1x/WPA: No Access Allowed Figure 25 Wireless LAN: 802.1x/WPA: No Authentication The following table describes the label in these screens. Table 15 Wireless LAN: 802.
P-660H/HW/W-T Series User’ Guide • A computer with an IEEE 802.11 a/b/g wireless LAN adapter and equipped with a web browser (with JavaScript enabled) and/or Telnet. • A wireless station computer must be running IEEE 802.1x-compliant software. Not all Windows operating systems support IEEE 802.1x (see the Microsoft web site for details). For other operating systems, see their documentation. If your operating system does not support IEEE 802.1x, then you may need to install IEEE 802.1x client software.
P-660H/HW/W-T Series User’ Guide Table 16 Wireless LAN: 802.1x/WPA: 802.1x (continued) LABEL DESCRIPTION Idle Timeout (in Seconds) The Prestige automatically disconnects a wireless station from the wired network after a period of inactivity. The wireless station needs to enter the username and password again before access to the wired network is allowed. This field is activated only when you select Authentication Required in the Wireless Port Control field.
P-660H/HW/W-T Series User’ Guide See Section 5.6 on page 77 for more information. Figure 27 Wireless LAN: 802.1x/WPA: WPA The following table describes the labels not previously discussed. Table 17 Wireless LAN: 802.1x/WPA: WPA 83 LABEL DESCRIPTION Key Management Protocol Choose WPA in this field. WPA Mixed Mode The Prestige can operate in WPA Mixed Mode, which supports both clients running WPA and clients running dynamic WEP key exchange with 802.1x in the same Wi-Fi network.
P-660H/HW/W-T Series User’ Guide 5.7.4 Authentication Required: WPA-PSK Select Authentication Required in the Wireless Port Control field and WPA-PSK in the Key Management Protocol field to display the next screen. See Section 5.6 on page 77 for more information. Figure 28 Wireless LAN: 802.1x/WPA:WPA-PSK The following table describes the labels not previously discussed. Table 18 Wireless LAN: 802.1x/WPA: WPA-PSK LABEL DESCRIPTION Key Management Protocol Choose WPA-PSK in this field.
P-660H/HW/W-T Series User’ Guide Table 18 Wireless LAN: 802.1x/WPA: WPA-PSK (continued) LABEL DESCRIPTION Group Data Privacy Group Data Privacy allows you to choose TKIP (recommended) or WEP for broadcast and multicast ("group") traffic if the Key Management Protocol is WPA and WPA Mixed Mode is disabled. WEP is used automatically if you have enabled WPA Mixed Mode. All unicast traffic is automatically encrypted by TKIP when WPA or WPA-PSK Key Management Protocol is selected.
P-660H/HW/W-T Series User’ Guide Figure 29 Local User Database The following table describes the fields in this screen. Table 19 Local User Database LABEL DESCRIPTION # This is the index number of a local user account. Active Select this check box to enable the user profile. User Name Enter a user name of up to 31 alphanumeric characters (case-sensitive), hyphens ('-') and underscores ('_') if you’re using MD5 encryption and maximum 14 if you’re using PEAP.
P-660H/HW/W-T Series User’ Guide 5.9 Configuring RADIUS To set up your Prestige’s RADIUS server settings, click WIRELESS LAN, RADIUS. The screen appears as shown. Figure 30 RADIUS The following table describes the fields in this screen. Table 20 RADIUS LABEL DESCRIPTION Authentication Server Active Select Yes from the drop-down list box to enable user authentication through an external authentication server.
P-660H/HW/W-T Series User’ Guide Table 20 RADIUS (continued) LABEL DESCRIPTION Port Number The default port of the RADIUS server for accounting is 1813. You need not change this value unless your network administrator instructs you to do so with additional information. Shared Secret Enter a password (up to 31 alphanumeric characters) as the key to be shared between the external accounting server and the access points. The key is not sent over the network.
P-660H/HW/W-T Series User’ Guide 89 Chapter 5 Wireless LAN
P-660H/HW/W-T Series User’ Guide CHAPTER 6 WAN Setup This chapter describes how to configure WAN settings. 6.1 WAN Overview A WAN (Wide Area Network) is an outside connection to another network or the Internet. 6.1.1 Encapsulation Be sure to use the encapsulation method required by your ISP. The Prestige supports the following methods. 6.1.1.1 ENET ENCAP The MAC Encapsulated Routing Link Protocol (ENET ENCAP) is only implemented with the IP network protocol.
P-660H/HW/W-T Series User’ Guide 6.1.1.4 RFC 1483 RFC 1483 describes two methods for Multiprotocol Encapsulation over ATM Adaptation Layer 5 (AAL5). The first method allows multiplexing of multiple protocols over a single ATM virtual circuit (LLC-based multiplexing) and the second method assumes that each protocol is carried over a separate ATM virtual circuit (VC-based multiplexing). Please refer to the RFC for more detailed information. 6.1.
P-660H/HW/W-T Series User’ Guide 6.1.4.2 IP Assignment with RFC 1483 Encapsulation In this case the IP Address Assignment must be static with the same requirements for the IP Address and ENET ENCAP Gateway fields as stated above. 6.1.4.3 IP Assignment with ENET ENCAP Encapsulation In this case you can have either a static or dynamic IP. For a static IP you must fill in all the IP Address and ENET ENCAP Gateway fields as supplied by your ISP.
P-660H/HW/W-T Series User’ Guide For example, if the normal route has a metric of "1" and the traffic-redirect route has a metric of "2" and dial-backup route has a metric of "3", then the normal route acts as the primary default route. If the normal route fails to connect to the Internet, the Prestige tries the trafficredirect route next. In the same manner, the Prestige uses the dial-backup route if the trafficredirect route also fails.
P-660H/HW/W-T Series User’ Guide Peak Cell Rate (PCR) is the maximum rate at which the sender can send cells. This parameter may be lower (but not higher) than the maximum line speed. 1 ATM cell is 53 bytes (424 bits), so a maximum speed of 832Kbps gives a maximum PCR of 1962 cells/sec. This rate is not guaranteed because it is dependent on the line speed. Sustained Cell Rate (SCR) is the mean cell rate of each bursty traffic source.
P-660H/HW/W-T Series User’ Guide 6.6 The Main WAN Screen Click WAN in the navigation panel to display the man WAN screen. See Section 6.1 on page 90 for more information. Figure 32 WAN The following table describes the links in this screen. Table 21 WAN LINK DESCRIPTION WAN Setup Click this link to go to the screen where you can configure your Prestige for an Internet connection.
P-660H/HW/W-T Series User’ Guide Figure 33 WAN Setup (PPPoE) The following table describes the fields in this screen. Table 22 WAN Setup LABEL DESCRIPTION Name Enter the name of your Internet Service Provider, e.g., MyISP. This information is for identification purposes only. Mode Select Routing (default) from the drop-down list box if your ISP allows multiple computers to share an Internet account. Otherwise select Bridge.
P-660H/HW/W-T Series User’ Guide Table 22 WAN Setup (continued) LABEL DESCRIPTION Encapsulation Select the method of encapsulation used by your ISP from the drop-down list box. Choices vary depending on the mode you select in the Mode field. If you select Bridge in the Mode field, select either PPPoA or RFC 1483. If you select Routing in the Mode field, select PPPoA, RFC 1483, ENET ENCAP or PPPoE. Multiplex Select the method of multiplexing used by your ISP from the drop-down list.
P-660H/HW/W-T Series User’ Guide Table 22 WAN Setup (continued) LABEL DESCRIPTION Connect on Demand Select Connect on Demand when you don't want the connection up all the time and specify an idle time-out in the Max Idle Timeout field. Max Idle Timeout Specify an idle time-out in the Max Idle Timeout field when you select Connect on Demand. The default setting is 0, which means the Internet session will not timeout. PPPoE Passthrough This field is available when you select PPPoE encapsulation.
P-660H/HW/W-T Series User’ Guide Figure 34 Traffic Redirect Example The following network topology allows you to avoid triangle route security issues when the backup gateway is connected to the LAN. Use IP alias to configure the LAN into two or three logical networks with the Prestige itself as the gateway for each LAN network. Put the protected LAN in one subnet (Subnet 1 in the following figure) and the backup gateway in another subnet (Subnet 2).
P-660H/HW/W-T Series User’ Guide Figure 36 WAN Backup The following table describes the fields in this screen. Table 23 WAN Backup LABEL DESCRIPTION Backup Type Select the method that the Prestige uses to check the DSL connection. Select DSL Link to have the Prestige check if the connection to the DSLAM is up. Select ICMP to have the Prestige periodically ping the IP addresses configured in the Check WAN IP Address fields.
P-660H/HW/W-T Series User’ Guide Table 23 WAN Backup (continued) LABEL DESCRIPTION Timeout Type the number of seconds (3 recommended) for your Prestige to wait for a ping response from one of the IP addresses in the Check WAN IP Address field before timing out the request. The WAN connection is considered "down" after the Prestige times out the number of times specified in the Fail Tolerance field. Use a higher value in this field if your network is busy or congested.
P-660H/HW/W-T Series User’ Guide CHAPTER 7 Network Address Translation (NAT) Screens This chapter discusses how to configure NAT on the Prestige. 7.1 NAT Overview NAT (Network Address Translation - NAT, RFC 1631) is the translation of the IP address of a host in a packet, for example, the source address of an outgoing packet, used within one network to a different IP address known within another network. 7.1.
P-660H/HW/W-T Series User’ Guide 7.1.2 What NAT Does In the simplest form, NAT changes the source IP address in a packet received from a subscriber (the inside local address) to another (the inside global address) before forwarding the packet to the WAN side. When the response comes back, NAT translates the destination address (the inside global address) back to the inside local address before forwarding it to the original inside host.
P-660H/HW/W-T Series User’ Guide Figure 37 How NAT Works 7.1.4 NAT Application The following figure illustrates a possible NAT application, where three inside LANs (logical LANs using IP Alias) behind the Prestige can communicate with three distinct WAN networks. More examples follow at the end of this chapter.
P-660H/HW/W-T Series User’ Guide 7.1.5 NAT Mapping Types NAT supports five types of IP/port mapping. They are: • One to One: In One-to-One mode, the Prestige maps one local IP address to one global IP address. • Many to One: In Many-to-One mode, the Prestige maps multiple local IP addresses to one global IP address. This is equivalent to SUA (for instance, PAT, port address translation), ZyXEL’s Single User Account feature that previous ZyXEL routers supported (the SUA Only option in today’s routers).
P-660H/HW/W-T Series User’ Guide 7.2 SUA (Single User Account) Versus NAT SUA (Single User Account) is a ZyNOS implementation of a subset of NAT that supports two types of mapping, Many-to-One and Server. The Prestige also supports Full Feature NAT to map multiple global IP addresses to multiple private LAN IP addresses of clients or servers using mapping types as outlined in Table 25 on page 105. • Choose SUA Only if you have just one public WAN IP address for your Prestige.
P-660H/HW/W-T Series User’ Guide Table 26 Services and Port Numbers (continued) SERVICES PORT NUMBER SMTP (Simple Mail Transfer Protocol) 25 DNS (Domain Name System) 53 Finger 79 HTTP (Hyper Text Transfer protocol or WWW, Web) 80 POP3 (Post Office Protocol) 110 NNTP (Network News Transport Protocol) 119 SNMP (Simple Network Management Protocol) 161 SNMP trap 162 PPTP (Point-to-Point Tunneling Protocol) 1723 7.3.
P-660H/HW/W-T Series User’ Guide Figure 40 NAT Mode The following table describes the labels in this screen. Table 27 NAT Mode LABEL DESCRIPTION None Select this radio button to disable NAT. SUA Only Select this radio button if you have just one public WAN IP address for your Prestige. The Prestige uses Address Mapping Set 1 in the NAT - Edit SUA/NAT Server Set screen. Edit Details Click this link to go to the NAT - Edit SUA/NAT Server Set screen.
P-660H/HW/W-T Series User’ Guide Figure 41 Edit SUA/NAT Server Set The following table describes the fields in this screen. Table 28 Edit SUA/NAT Server Set LABEL DESCRIPTION Start Port No. Enter a port number in this field. To forward only one port, enter the port number again in the End Port No. field. To forward a series of ports, enter the start port number here and the end port number in the End Port No. field. End Port No. Enter a port number in this field.
P-660H/HW/W-T Series User’ Guide 7.6 Configuring Address Mapping Rules Ordering your rules is important because the Prestige applies the rules in the order that you specify. When a rule matches the current packet, the Prestige takes the corresponding action and the remaining rules are ignored. If there are any empty rules before your new configured rule, your configured rule will be pushed up by that number of empty rules.
P-660H/HW/W-T Series User’ Guide Table 29 Address Mapping Rules (continued) LABEL DESCRIPTION Type 1-1: One-to-one mode maps one local IP address to one global IP address. Note that port numbers do not change for the One-to-one NAT mapping type. M-1: Many-to-One mode maps multiple local IP addresses to one global IP address. This is equivalent to SUA (i.e., PAT, port address translation), ZyXEL's Single User Account feature that previous ZyXEL routers supported only.
P-660H/HW/W-T Series User’ Guide Figure 43 Edit Address Mapping Rule The following table describes the fields in this screen. Table 30 Edit Address Mapping Rule LABEL DESCRIPTION Type Choose the port mapping type from one of the following. • One-to-One: One-to-One mode maps one local IP address to one global IP address. Note that port numbers do not change for One-to-one NAT mapping type. • Many-to-One: Many-to-One mode maps multiple local IP addresses to one global IP address.
P-660H/HW/W-T Series User’ Guide Table 30 Edit Address Mapping Rule (continued) LABEL 113 DESCRIPTION Cancel Click Cancel to return to the previously saved settings. Delete Click Delete to exit this screen without saving.
P-660H/HW/W-T Series User’ Guide CHAPTER 8 Dynamic DNS Setup This chapter discusses how to configure your Prestige to use Dynamic DNS. 8.1 Dynamic DNS Overview Dynamic DNS allows you to update your current dynamic IP address with one or many dynamic DNS services so that anyone can contact you (in NetMeeting, CU-SeeMe, etc.). You can also access your FTP server or Web site on your own computer using a domain name (for instance myhost.dhs.
P-660H/HW/W-T Series User’ Guide Figure 44 Dynamic DNS The following table describes the fields in this screen. Table 31 Dynamic DNS 115 LABEL DESCRIPTION Active Select this check box to use dynamic DNS. Service Provider This is the name of your Dynamic DNS service provider. Host Names Type the domain name assigned to your Prestige by your Dynamic DNS provider. E-mail Address Type your e-mail address. User Type your user name. Password Type the password assigned to you.
P-660H/HW/W-T Series User’ Guide CHAPTER 9 Time and Date This screen is not available on all models. Use this screen to configure the Prestige’s time and date settings. 9.1 Configuring Time and Date To change your Prestige’s time and date, click Time And Date. The screen appears as shown. Use this screen to configure the Prestige’s time based on your local time zone. Figure 45 Time and Date The following table describes the fields in this screen.
P-660H/HW/W-T Series User’ Guide Table 32 Time and Date LABEL DESCRIPTION Time Server Use Protocol when Select the time service protocol that your time server sends when you turn on the Bootup Prestige. Not all time servers support all protocols, so you may have to check with your ISP/network administrator or use trial and error to find a protocol that works. The main difference between them is the format. Daytime (RFC 867) format is day/month/year/time zone of the server.
P-660H/HW/W-T Series User’ Guide CHAPTER 10 Firewalls This chapter gives some background information on firewalls and introduces the Prestige firewall. 10.1 Firewall Overview Originally, the term firewall referred to a construction technique designed to prevent the spread of fire from one room to another. The networking term “firewall” is a system or group of systems that enforces an access-control policy between two networks.
P-660H/HW/W-T Series User’ Guide 10.2.2 Application-level Firewalls Application-level firewalls restrict access by serving as proxies for external servers. Since they use programs written for specific Internet services, such as HTTP, FTP and telnet, they can evaluate network packets for valid application-specific data.
P-660H/HW/W-T Series User’ Guide • The LAN (Local Area Network) port attaches to a network of computers, which needs security from the outside world. These computers will have access to Internet services such as e-mail, FTP, and the World Wide Web. However, “inbound access” will not be allowed unless you configure remote management or create a firewall rule to allow a remote host to use a specific service. 10.3.1 Denial of Service Attacks Figure 46 Prestige Firewall Application 10.
P-660H/HW/W-T Series User’ Guide Table 33 Common IP Ports 21 FTP 53 DNS 23 Telnet 80 HTTP 25 SMTP 110 POP3 10.4.2 Types of DoS Attacks There are four types of DoS attacks: 1 Those that exploit bugs in a TCP/IP implementation. 2 Those that exploit weaknesses in the TCP/IP specification. 3 Brute-force attacks that flood a network with useless data. 4 IP Spoofing. 5 "Ping of Death" and "Teardrop" attacks exploit bugs in the TCP/IP implementations of various computer and host systems.
P-660H/HW/W-T Series User’ Guide Figure 47 Three-Way Handshake Under normal circumstances, the application that initiates a session sends a SYN (synchronize) packet to the receiving server. The receiver sends back an ACK (acknowledgment) packet and its own SYN, and then the initiator responds with an ACK (acknowledgment). After this handshake, a connection is established. • SYN Attack floods a targeted system with a series of SYN packets. Each packet causes the targeted system to issue a SYN-ACK response.
P-660H/HW/W-T Series User’ Guide (ICMP) echo request packets (pings). Since the destination IP address of each packet is the broadcast address of the network, the router will broadcast the ICMP echo request packet to all hosts on the network. If there are numerous hosts, this will create a large amount of ICMP echo request and response traffic.
P-660H/HW/W-T Series User’ Guide Table 35 Legal NetBIOS Commands RETARGET: KEEPALIVE: All SMTP commands are illegal except for those displayed in the following tables. Table 36 Legal SMTP Commands AUTH DATA EHLO ETRN EXPN HELO HELP MAIL QUIT RCPT RSET SAML SEND SOML TURN VRFY NOOP 10.4.2.3 Traceroute Traceroute is a utility used to determine the path a packet takes between two endpoints.
P-660H/HW/W-T Series User’ Guide Figure 50 Stateful Inspection The previous figure shows the Prestige’s default firewall rules in action as well as demonstrates how stateful inspection works. User A can initiate a Telnet session from within the LAN and responses to this request are allowed. However other Telnet traffic initiated from the WAN is blocked. 10.5.
P-660H/HW/W-T Series User’ Guide temporary entries might be modified, in order to permit only packets that are valid for the current state of the connection. 8 Any additional inbound or outbound packets that belong to the connection are inspected to update the state table entry and to modify the temporary inbound access list entries as required, and are forwarded through the interface.
P-660H/HW/W-T Series User’ Guide When the Prestige receives any subsequent packet (from the Internet or from the LAN), its connection information is extracted and checked against the cache. A packet is only allowed to pass through if it corresponds to a valid connection (that is, if it is a response to a connection which originated on the LAN). 10.5.4 UDP/ICMP Security UDP and ICMP do not themselves contain any connection information (such as sequence numbers).
P-660H/HW/W-T Series User’ Guide • Limit who can telnet into your router. • Don't enable any local service (such as SNMP or NTP) that you don't use. Any enabled service could present a potential security risk. A determined hacker might be able to find creative ways to misuse the enabled services to access the firewall or the network. • For local services that are enabled, protect against misuse.
P-660H/HW/W-T Series User’ Guide • Always shred confidential information, particularly about your computer, before throwing it away. Some hackers dig through the trash of companies or individuals for information that might help them in an attack. 10.7 Packet Filtering Vs Firewall Below are some comparisons between the Prestige’s filtering and firewall functions. 10.7.1 Packet Filtering: • The router filters packets as they pass through the router’s interface according to the filter rules you designed.
P-660H/HW/W-T Series User’ Guide • A range of source and destination IP addresses as well as port numbers can be specified within one firewall rule making the firewall a better choice when complex rules are required. • To selectively block/allow inbound or outbound traffic between inside host/networks and outside host/networks. Remember that filters can not distinguish traffic originating from an inside host or an outside host by IP address.
P-660H/HW/W-T Series User’ Guide 131 Chapter 10 Firewalls
P-660H/HW/W-T Series User’ Guide C H A P T E R 11 Firewall Configuration This chapter shows you how to enable and configure the Prestige firewall. 11.1 Access Methods The web configurator is, by far, the most comprehensive firewall configuration tool your Prestige has to offer. For this reason, it is recommended that you configure your firewall using the web configurator. SMT screens allow you to activate the firewall.
P-660H/HW/W-T Series User’ Guide Note: If you configure firewall rules without a good understanding of how they work, you might inadvertently introduce security risks to the firewall and to the protected network. Make sure you test your rules after you configure them. For example, you may create rules to: • Block certain types of traffic, such as IRC (Internet Relay Chat), from the LAN to the Internet.
P-660H/HW/W-T Series User’ Guide 4 Does a rule that allows Internet users access to resources on the LAN create a security vulnerability? For example, if FTP ports (TCP 20, 21) are allowed from the Internet to the LAN, Internet users may be able to connect to computers with running FTP servers. 5 Does this rule conflict with any existing rules? 6 Once these questions have been answered, adding rules is simply a matter of plugging the information into the correct fields in the web configurator screens. 11.
P-660H/HW/W-T Series User’ Guide The default rule for WAN to LAN traffic blocks all incoming connections (WAN to LAN). If you wish to allow certain WAN users to have access to your LAN, you will need to create custom rules to allow it. 11.4.2 Alerts Alerts are reports on events, such as attacks, that you may want to know about right away.
P-660H/HW/W-T Series User’ Guide Table 37 Firewall: Default Policy (continued) LABEL DESCRIPTION Packet Direction This is the direction of travel of packets (LAN to LAN/Router, LAN to WAN, WAN to WAN/Router, WAN to LAN). Firewall rules are grouped based on the direction of travel of packets to which they apply. For example, LAN to LAN/Router means packets traveling from a computer/subnet on the LAN to either another computer/subnet on the LAN interface of the Prestige or the Prestige itself.
P-660H/HW/W-T Series User’ Guide Figure 52 Firewall: Rule Summary The following table describes the labels in this screen. Table 38 Rule Summary LABEL DESCRIPTION Firewall Rules Storage Space in Use This read-only bar shows how much of the Prestige's memory for recording firewall rules it is currently using. When you are using 80% or less of the storage space, the bar is green. When the amount of space used is over 80%, the bar is red.
P-660H/HW/W-T Series User’ Guide Table 38 Rule Summary (continued) LABEL DESCRIPTION Action This is the specified action for that rule, either Block or Forward. Note that Block means the firewall silently discards the packet. Schedule This field tells you whether a schedule is specified (Yes) or not (No). Log This field shows you whether a log is created when packets match this rule (Enabled) or not (Disable).
P-660H/HW/W-T Series User’ Guide Figure 53 Firewall: Edit Rule The following table describes the labels in this screen.
P-660H/HW/W-T Series User’ Guide Table 39 Firewall: Edit Rule LABEL DESCRIPTION Active Select this option to enable this firewall rule. Action for Matched Packet Use the radio button to select whether to discard (Block) or allow the passage of (Forward) packets that match this rule. Source/Destination Address Address Type Do you want your rule to apply to packets with a particular (single) IP, a range of IP addresses (e.g., 192.168.1.10 to 192.169.1.
P-660H/HW/W-T Series User’ Guide 11.7 Customized Services Configure customized services and port numbers not predefined by the Prestige. For a comprehensive list of port numbers and services, visit the IANA (Internet Assigned Number Authority) website. For further information on these services, please read Section 11.10 on page 146. Click the Customized Services link while editing a firewall rule to configure a custom service port. This displays the following screen. Refer to Section 10.
P-660H/HW/W-T Series User’ Guide Refer to Section 10.1 on page 118 for more information. Figure 55 Firewall: Configure Customized Services The following table describes the labels in this screen. Table 41 Firewall: Configure Customized Services LABEL DESCRIPTION Service Name Type a unique name for your custom port. Service Type Choose the IP port (TCP, UDP or TCP/UDP) that defines your customized port from the drop down list box.
P-660H/HW/W-T Series User’ Guide Figure 56 Firewall Example: Rule Summary 3 In the Rule Summary screen, type the index number for where you want to put the rule. For example, if you type “6”, your new rule becomes number 6 and the previous rule 6 (if there is one) becomes rule 7. 4 Click Insert to display the firewall rule configuration screen. 5 Select Any in the Destination Address box and then click Delete. 6 Configure the destination address screen as follows and click Add.
P-660H/HW/W-T Series User’ Guide Figure 57 Firewall Example: Edit Rule: Destination Address 7 In the Edit Rule screen, click the Customized Services link to open the Customized Service screen. 8 Click an index number to display the Customized Services -Config screen and configure the screen as follows and click Apply. Figure 58 Edit Custom Port Example 9 In the Edit Rule screen, use the Add>> and Remove buttons between Available Services and Selected Services list boxes to configure it as follows.
P-660H/HW/W-T Series User’ Guide Figure 59 Firewall Example: Edit Rule: Select Customized Services Note: Custom ports show up with an “*” before their names in the Services list box and the Rule Summary list box. Click Apply after you’ve created your custom port. On completing the configuration procedure for this Internet firewall rule, the Rule Summary screen should look like the following.
P-660H/HW/W-T Series User’ Guide Rule 2 allows a “My Service” connection from the WAN to IP addresses 10.0.0.10 through 10.0.0.15 on the LAN. Figure 60 Firewall Example: Rule Summary: My Service 11.10 Predefined Services The Available Services list box in the Edit Rule screen (see Section 11.6.1 on page 138) displays all predefined services that the Prestige already supports. Next to the name of the service, two fields appear in brackets. The first field indicates the IP protocol type (TCP, UDP, or ICMP).
P-660H/HW/W-T Series User’ Guide Table 42 147 Predefined Services (continued) SERVICE DESCRIPTION CU-SEEME(TCP/UDP:7648, 24032) A popular videoconferencing solution from White Pines Software. DNS(UDP/TCP:53) Domain Name Server, a service that matches web names (e.g. www.zyxel.com) to IP numbers. FINGER(TCP:79) Finger is a UNIX or Internet related command that can be used to find out if a user is logged on. FTP(TCP:20.
P-660H/HW/W-T Series User’ Guide Table 42 Predefined Services (continued) SERVICE DESCRIPTION SMTP(TCP:25) Simple Mail Transfer Protocol is the message-exchange standard for the Internet. SMTP enables you to move messages from one e-mail server to another. SNMP(TCP/UDP:161) Simple Network Management Program. SNMP-TRAPS (TCP/ UDP:162) Traps for use with the SNMP (RFC:1215).
P-660H/HW/W-T Series User’ Guide Figure 61 Firewall: Anti Probing The following table describes the labels in this screen. Table 43 Firewall: Anti Probing LABEL DESCRIPTION Respond to PING on The Prestige does not respond to any incoming Ping requests when Disable is selected. Select LAN to reply to incoming LAN Ping requests. Select WAN to reply to incoming WAN Ping requests. Otherwise select LAN & WAN to reply to both incoming LAN and WAN Ping requests.
P-660H/HW/W-T Series User’ Guide 11.12.1 Threshold Values Tune these parameters when something is not working and after you have checked the firewall counters. These default values should work fine for most small offices. Factors influencing choices for threshold values are: • • • • • The maximum number of opened sessions. The minimum capacity of server backlog in your LAN network. The CPU power of servers in your LAN network. Network bandwidth. Type of traffic for certain servers.
P-660H/HW/W-T Series User’ Guide Whenever the number of half-open sessions with the same destination host address rises above a threshold (TCP Maximum Incomplete), the Prestige starts deleting half-open sessions according to one of the following methods: • If the Blocking Time timeout is 0 (the default), then the Prestige deletes the oldest existing half-open session for the host for every new connection request to the host.
P-660H/HW/W-T Series User’ Guide Table 44 Firewall: Threshold LABEL DESCRIPTION DEFAULT VALUES Denial of Service Thresholds One Minute Low This is the rate of new half-open sessions that 80 existing half-open sessions. causes the firewall to stop deleting half-open sessions. The Prestige continues to delete half-open sessions as necessary, until the rate of new connection attempts drops below this number.
P-660H/HW/W-T Series User’ Guide Table 44 Firewall: Threshold (continued) 153 LABEL DESCRIPTION DEFAULT VALUES Deny new connection request for Select this radio button and specify for how long the Prestige should block new connection requests when TCP Maximum Incomplete is reached. Enter the length of blocking time in minutes (between 1 and 256). Back Click Back to return to the previous screen. Apply Click Apply to save your changes back to the Prestige.
P-660H/HW/W-T Series User’ Guide CHAPTER 12 Content Filtering This chapter covers how to configure content filtering. 12.1 Content Filtering Overview Internet content filtering allows you to create and enforce Internet access policies tailored to your needs. Content filtering gives you the ability to block web sites that contain key words (that you specify) in the URL. You can set a schedule for when the Prestige performs content filtering.
P-660H/HW/W-T Series User’ Guide 12.3 Configuring Keyword Blocking Use this screen to block sites containing certain keywords in the URL. For example, if you enable the keyword "bad", the Prestige blocks all sites containing this keyword including the URL http://www.website.com/bad.html, even if it is not included in the Filter List. To have your Prestige block Web sites containing keywords in their URLs, click Content Filter and Keyword. The screen appears as shown.
P-660H/HW/W-T Series User’ Guide 12.4 Configuring the Schedule To set the days and times for the Prestige to perform content filtering, click Content Filter and Schedule. The screen appears as shown. Figure 65 Content Filter: Schedule The following table describes the labels in this screen. Table 47 Content Filter: Schedule LABEL DESCRIPTION Days to Block: Select a check box to configure which days of the week (or everyday) you want the content filtering to be active.
P-660H/HW/W-T Series User’ Guide Figure 66 Content Filter: Trusted The following table describes the labels in this screen. Table 48 Content Filter: Trusted LABEL DESCRIPTION Trusted User IP Range 157 From Type the IP address of a computer (or the beginning IP address of a specific range of computers) on the LAN that you want to exclude from content filtering. To Type the ending IP address of a specific range of users on your LAN that you want to exclude from content filtering.
P-660H/HW/W-T Series User’ Guide CHAPTER 13 Remote Management Configuration This chapter provides information on configuring remote management. 13.1 Remote Management Overview Remote management allows you to determine which services/protocols can access which Prestige interface (if any) from which computers. When you configure remote management to allow management from the WAN, you still need to configure a firewall rule to allow access.
P-660H/HW/W-T Series User’ Guide • A filter in SMT menu 3.1 (LAN) or in menu 11.5 (WAN) is applied to block a Telnet, FTP or Web service. • You have disabled that service in one of the remote management screens. • The IP address in the Secured Client IP field does not match the client IP address. If it does not match, the Prestige will disconnect the session immediately. • There is already another remote management session with an equal or higher priority running.
P-660H/HW/W-T Series User’ Guide 13.3 FTP You can upload and download Prestige firmware and configuration files using FTP. To use this feature, your computer must have an FTP client. 13.4 Web You can use the Prestige’s embedded web configurator for configuration and file management. See the online help for details. 13.5 Configuring Remote Management Click Remote Management to open the following screen. See Section 13.1 on page 158 for more information.
P-660H/HW/W-T Series User’ Guide 161 Chapter 13 Remote Management Configuration
P-660H/HW/W-T Series User’ Guide CHAPTER 14 Universal Plug-and-Play (UPnP) This chapter introduces the UPnP feature in the web configurator. 14.1 Introducing Universal Plug and Play Universal Plug and Play (UPnP) is a distributed, open networking standard that uses TCP/IP for simple peer-to-peer network connectivity between devices. A UPnP device can dynamically join a network, obtain an IP address, convey its capabilities and learn about other devices on the network.
P-660H/HW/W-T Series User’ Guide 14.1.3 Cautions with UPnP The automated nature of NAT traversal applications in establishing their own services and opening firewall ports may present network security issues. Network information and configuration may also be obtained and modified by users in some network environments. All UPnP-enabled devices may communicate freely with each other without additional configuration. Disable UPnP if this is not your intention. 14.
P-660H/HW/W-T Series User’ Guide Table 50 Configuring UPnP LABEL DESCRIPTION Enable the Universal Plug and Play (UPnP) Service Select this check box to activate UPnP. Be aware that anyone could use a UPnP application to open the web configurator's login screen without entering the Prestige's IP address (although you must still enter the password to access the web configurator).
P-660H/HW/W-T Series User’ Guide Figure 70 Add/Remove Programs: Windows Setup: Communication 3 In the Communications window, select the Universal Plug and Play check box in the Components selection box. Figure 71 Add/Remove Programs: Windows Setup: Communication: Components 4 Click OK to go back to the Add/Remove Programs Properties window and click Next. 5 Restart the computer when prompted.
P-660H/HW/W-T Series User’ Guide Installing UPnP in Windows XP Follow the steps below to install the UPnP in Windows XP. 1 Click Start and Control Panel. 2 Double-click Network Connections. 3 In the Network Connections window, click Advanced in the main menu and select Optional Networking Components …. Figure 72 Network Connections 4 The Windows Optional Networking Components Wizard window displays. Select Networking Service in the Components selection box and click Details.
P-660H/HW/W-T Series User’ Guide Figure 73 Windows Optional Networking Components Wizard 5 In the Networking Services window, select the Universal Plug and Play check box.
P-660H/HW/W-T Series User’ Guide Figure 74 Networking Services 6 Click OK to go back to the Windows Optional Networking Component Wizard window and click Next. 14.4 Using UPnP in Windows XP Example This section shows you how to use the UPnP feature in Windows XP. You must already have UPnP installed in Windows XP and UPnP activated on the Prestige. Make sure the computer is connected to a LAN port of the Prestige. Turn on your computer and the Prestige.
P-660H/HW/W-T Series User’ Guide Figure 75 Network Connections 3 In the Internet Connection Properties window, click Settings to see the port mappings there were automatically created.
P-660H/HW/W-T Series User’ Guide Figure 76 Internet Connection Properties 4 You may edit or delete the port mappings or click Add to manually add port mappings.
P-660H/HW/W-T Series User’ Guide Figure 77 Internet Connection Properties: Advanced Settings Figure 78 Internet Connection Properties: Advanced Settings: Add 5 When the UPnP-enabled device is disconnected from your computer, all port mappings will be deleted automatically. 6 Select Show icon in notification area when connected option and click OK. An icon displays in the system tray.
P-660H/HW/W-T Series User’ Guide Figure 79 System Tray Icon 7 Double-click on the icon to display your current Internet connection status. Figure 80 Internet Connection Status Web Configurator Easy Access With UPnP, you can access the web-based configurator on the Prestige without finding out the IP address of the Prestige first. This comes helpful if you do not know the IP address of the Prestige. Follow the steps below to access the web configurator. 1 Click Start and then Control Panel.
P-660H/HW/W-T Series User’ Guide Figure 81 Network Connections 4 An icon with the description for each UPnP-enabled device displays under Local Network. 5 Right-click on the icon for your Prestige and select Invoke. The web configurator login screen displays.
P-660H/HW/W-T Series User’ Guide Figure 82 Network Connections: My Network Places 6 Right-click on the icon for your Prestige and select Properties. A properties window displays with basic information about the Prestige.
P-660H/HW/W-T Series User’ Guide 175 Chapter 14 Universal Plug-and-Play (UPnP)
P-660H/HW/W-T Series User’ Guide CHAPTER 15 Logs Screens This chapter contains information about configuring general log settings and viewing the Prestige’s logs. Refer to the appendix for example log message explanations. 15.1 Logs Overview The web configurator allows you to choose which categories of events and/or alerts to have the Prestige log and then display the logs or have the Prestige send them to an administrator (as e-mail) or to a syslog server. 15.1.
P-660H/HW/W-T Series User’ Guide Figure 84 Log Settings The following table describes the fields in this screen. Table 51 Log Settings LABEL DESCRIPTION Address Info 177 Mail Server Enter the server name or the IP address of the mail server for the e-mail addresses specified below. If this field is left blank, logs and alert messages will not be sent via e-mail. Mail Subject Type a title that you want to be in the subject line of the log e-mail message that the Prestige sends.
P-660H/HW/W-T Series User’ Guide Table 51 Log Settings LABEL DESCRIPTION Send alerts to Alerts are sent to the e-mail address specified in this field. If this field is left blank, alerts will not be sent via e-mail. UNIX Syslog Syslog logging sends a log to an external syslog server used to store logs. Active Click Active to enable syslog logging. Syslog IP Address Enter the server name or IP address of the syslog server that will log the selected categories of logs.
P-660H/HW/W-T Series User’ Guide Figure 85 View Logs The following table describes the fields in this screen. Table 52 View Logs LABEL DESCRIPTION Display The categories that you select in the Log Settings screen display in the drop-down list box. Select a category of logs to view; select All Logs to view logs from all of the log categories that you selected in the Log Settings page. Time This field displays the time the log was recorded. Message This field states the reason for the log.
P-660H/HW/W-T Series User’ Guide Table 53 SMTP Error Messages -6 means RCPT TO fail -7 means DATA fail -8 means mail data send fail 15.4.1 Example E-mail Log An "End of Log" message displays for each mail in which a complete log has been sent. The following is an example of a log sent by e-mail. • • • • You may edit the subject title. The date format here is Day-Month-Year. The date format here is Month-Day-Year. The time format is Hour-Minute-Second.
P-660H/HW/W-T Series User’ Guide 181 Chapter 15 Logs Screens
P-660H/HW/W-T Series User’ Guide CHAPTER 16 Media Bandwidth Management Advanced Setup This chapter describes bandwidth management with one level of child class. 16.1 Media Bandwidth Management Overview Bandwidth management allows you to allocate an interface’s outgoing capacity to specific types of traffic. It can also help you make sure that the Prestige forwards certain types of traffic (especially real-time applications) with minimum delay.
P-660H/HW/W-T Series User’ Guide bandwidth filter. You can configure up to one bandwidth filter per bandwidth class. You can also configure bandwidth classes without bandwidth filters. However, it is recommended that you configure child-classes with filters for any classes that you configure without filters. The Prestige leaves the bandwidth budget allocated and unused for a class that does not have a filter itself or child-classes with filters.
P-660H/HW/W-T Series User’ Guide Figure 88 Subnet-based Bandwidth Management Example 16.4.3 Application and Subnet-based Bandwidth Management Example The following example uses bandwidth classes based on LAN subnets and applications (specific applications in each subnet are allotted bandwidth).
P-660H/HW/W-T Series User’ Guide 16.5 Scheduler The scheduler divides up an interface’s bandwidth among the bandwidth classes. The Prestige has two types of scheduler: fairness-based and priority-based. 16.5.1 Priority-based Scheduler With the priority-based scheduler, the Prestige forwards traffic from bandwidth classes according to the priorities that you assign to the bandwidth classes. The larger a bandwidth class’s priority number is, the higher the priority.
P-660H/HW/W-T Series User’ Guide 16.6.2 Maximize Bandwidth Usage Example Here is an example of a Prestige that has maximized bandwidth usage enabled on an interface. The first figure shows each bandwidth class’s bandwidth budget and priority. The classes are set up based on subnets. The interface is set to 10 Mbps. Each subnet is allocated 2 Mbps. The unbudgeted 2 Mbps allows traffic not defined in one of the bandwidth filters to go out when you do not select the maximize bandwidth option.
P-660H/HW/W-T Series User’ Guide Figure 91 Maximize Bandwidth Usage Example 16.7 Bandwidth Borrowing Bandwidth borrowing allows a child-class to borrow unused bandwidth from its parent class, whereas maximize bandwidth usage allows bandwidth classes to borrow any unused or unbudgeted bandwidth on the whole interface. Enable bandwidth borrowing on a child-class to allow the child-class to use its parent class’s unused bandwidth.
P-660H/HW/W-T Series User’ Guide 4 The Prestige assigns any remaining unbudgeted bandwidth to traffic that does not match any of the bandwidth classes. 16.8 The Main Media Bandwidth Management Screen Click Media Bandwidth Mgnt. to display the main Media Bandwidth Management screen as shown. Figure 92 Media Bandwidth Mgnt. The following table describes the links in this screen. Table 55 Media Bandwidth Mgnt.
P-660H/HW/W-T Series User’ Guide Figure 93 Media Bandwidth Management: Summary The following table describes the labels in this screen. Table 56 Media Bandwidth Management: Summary 189 LABEL DESCRIPTION LAN WLAN WAN These read-only labels represent the physical interfaces. Select an interface’s check box to enable bandwidth management on that interface. Bandwidth management applies to all traffic flowing out of the router through the interface, regardless of the traffic’s source.
P-660H/HW/W-T Series User’ Guide 16.10 Configuring Class Setup The class setup screen displays the configured bandwidth classes by individual interface. Select an interface and click the buttons to perform the actions described next. Click “+” to expand the class tree or click “-“to collapse the class tree. Each interface has a permanent root class. The bandwidth budget of the root class is equal to the speed you configured on the interface (see Section 16.
P-660H/HW/W-T Series User’ Guide To add a child class, click Media Bandwidth Management, then Class Setup. Click the Add Child-Class button to open the following screen. Figure 95 Media Bandwidth Management: Class Configuration The following table describes the labels in this screen. Table 58 Media Bandwidth Management: Class Configuration LABEL DESCRIPTION Class Name Use the auto-generated name or enter a descriptive name of up to 20 alphanumeric characters, including spaces.
P-660H/HW/W-T Series User’ Guide Table 58 Media Bandwidth Management: Class Configuration (continued) LABEL DESCRIPTION Active Select the check box to have the Prestige use this bandwidth filter when it performs bandwidth management. Service You can select a predefined service instead of configuring the Destination Port, Source Port and Protocol ID fields.
P-660H/HW/W-T Series User’ Guide Table 59 Services and Port Numbers SERVICES PORT NUMBER SMTP (Simple Mail Transfer Protocol) 25 DNS (Domain Name System) 53 Finger 79 HTTP (Hyper Text Transfer protocol or WWW, Web) 80 POP3 (Post Office Protocol) 110 NNTP (Network News Transport Protocol) 119 SNMP (Simple Network Management Protocol) 161 SNMP trap 162 PPTP (Point-to-Point Tunneling Protocol) 1723 16.10.
P-660H/HW/W-T Series User’ Guide Table 60 Media Bandwidth Management Statistics LABEL DESCRIPTION This field displays the bandwidth statistics (in bps) for the past one to eight seconds. For example, t-1 means one second ago. Update Period (seconds) Enter the time interval in seconds to define how often the information should be refreshed. Set Interval Click Set Interval to apply the new update period you entered in the Update Period field above.
P-660H/HW/W-T Series User’ Guide 195 Chapter 16 Media Bandwidth Management Advanced Setup
P-660H/HW/W-T Series User’ Guide CHAPTER 17 Maintenance This chapter displays system information such as ZyNOS firmware, port IP addresses and port traffic statistics. 17.1 Maintenance Overview The maintenance screens can help you view system information, upload new firmware, manage configuration and restart your Prestige. 17.2 System Status Screen Click System Status under Maintenance to open the following screen, where you can use to monitor your Prestige.
P-660H/HW/W-T Series User’ Guide Figure 98 System Status The following table describes the fields in this screen. Table 62 System Status LABEL DESCRIPTION System Status System Name 197 This is the name of your Prestige. It is for identification purposes.
P-660H/HW/W-T Series User’ Guide Table 62 System Status (continued) LABEL DESCRIPTION ZyNOS Firmware Version This is the ZyNOS firmware version and the date created. ZyNOS is ZyXEL's proprietary Network Operating System design. DSL FW Version This is the DSL firmware version associated with your Prestige. Standard This is the standard that your Prestige is using. WAN Information IP Address This is the WAN port IP address. IP Subnet Mask This is the WAN port IP subnet mask.
P-660H/HW/W-T Series User’ Guide Figure 99 System Status: Show Statistics The following table describes the fields in this screen. Table 63 System Status: Show Statistics LABEL DESCRIPTION System up Time This is the elapsed time the system has been up. CPU Load This field specifies the percentage of CPU utilization. LAN or WAN Port Statistics This is the WAN or LAN port. Link Status This is the status of your WAN link. Upstream Speed This is the upstream speed of your Prestige.
P-660H/HW/W-T Series User’ Guide Table 63 System Status: Show Statistics (continued) LABEL DESCRIPTION Poll Interval(s) Type the time interval for the browser to refresh system statistics. Set Interval Click this button to apply the new poll interval you entered in the Poll Interval field above. Stop Click this button to halt the refreshing of the system statistics. 17.
P-660H/HW/W-T Series User’ Guide 17.4 Any IP Table Screen Click Maintenance, Any IP. The Any IP table shows current read-only information (including the IP address and the MAC address) of all network devices that use the Any IP feature to communicate with the Prestige. Figure 101 Any IP Table The following table describes the labels in this screen. Table 65 Any IP Table LABEL DESCRIPTION # This field displays the index number. IP Address This field displays the IP address of the network device.
P-660H/HW/W-T Series User’ Guide Figure 102 Association List The following table describes the fields in this screen. Table 66 Association List LABEL DESCRIPTION # This is the index number of an associated wireless station. MAC Address This field displays the MAC (Media Access Control) address of an associated wireless station. Every Ethernet device has a unique MAC address. The MAC address is assigned at the factory and consists of six pairs of hexadecimal characters, for example, 00:A0:C5:00:00:02.
P-660H/HW/W-T Series User’ Guide Figure 103 Diagnostic: General The following table describes the fields in this screen. Table 67 Diagnostic: General LABEL DESCRIPTION TCP/IP Address Type the IP address of a computer that you want to ping in order to test a connection. Ping Click this button to ping the IP address that you entered. Reset System Click this button to reboot the Prestige. A warning dialog box is then displayed asking you if you're sure you want to reboot the system.
P-660H/HW/W-T Series User’ Guide Figure 104 Diagnostic: DSL Line The following table describes the fields in this screen. Table 68 Diagnostic: DSL Line LABEL Reset ADSL Line DESCRIPTION Click this button to reinitialize the ADSL line. The large text box above then displays the progress and results of this operation, for example: "Start to reset ADSL Loading ADSL modem F/W... Reset ADSL Line Successfully!" ATM Status Click this button to view ATM status.
P-660H/HW/W-T Series User’ Guide 17.7 Firmware Upgrade Find firmware at www.zyxel.com in a file that (usually) uses the system model name with a.bin extension, for example, "Prestige.bin". The upload process uses HTTP (Hypertext Transfer Protocol) and may take up to two minutes. After a successful upload, the system will reboot. See Chapter 33 on page 306 for upgrading firmware using FTP/TFTP commands. Only use firmware for your device’s specific model. Refer to the label on the bottom of your device.
P-660H/HW/W-T Series User’ Guide The Prestige automatically restarts in this time causing a temporary network disconnect. In some operating systems, you may see the following icon on your desktop. Figure 106 Network Temporarily Disconnected After two minutes, log in again and check your new firmware version in the System Status screen. If the upload was not successful, the following screen will appear. Click Back to go back to the Firmware screen.
P-660H/HW/W-T Series User’ Guide 207 Chapter 17 Maintenance
P-660H/HW/W-T Series User’ Guide CHAPTER 18 Introducing the SMT This chapter explains how to access and navigate the System Management Terminal and gives an overview of its menus. 18.1 SMT Introduction The Prestige’s SMT (System Management Terminal) is a menu-driven interface that you can access from a terminal emulator over a telnet connection. This chapter shows you how to access the SMT (System Management Terminal) menus via Telnet, how to navigate the SMT and how to configure SMT menus. 18.1.
P-660H/HW/W-T Series User’ Guide Figure 108 Login Screen Enter Password: **** 18.1.3 Prestige SMT Menus Overview The following table gives you an overview of your Prestige’s various SMT menus. Table 70 SMT Menus Overview MENUS SUB MENUS 1 General Setup 1.1 Configure Dynamic DNS 2 WAN Backup Setup 3 LAN Setup 3.1 LAN Port Filter Setup 3.2 TCP/IP and DHCP Setup 3.2.1 IP Alias Setup 3.5 Wireless LAN Setup 3.5.1 WLAN MAC Address Filter 4 Internet Access Setup 11 Remote Node Setup 11.
P-660H/HW/W-T Series User’ Guide Table 70 SMT Menus Overview (continued) MENUS SUB MENUS 24 System Maintenance 24.1 Status 24.2 System Information and Console 24.2.1 Information Port Speed 24.2.2 Change Console Port Speed 24.3 Log and Trace 24.3.1 View Error Log 24.3.2 UNIX Syslog 24.4 Diagnostic 24.5 Backup Configuration 24.6 Restore Configuration 24.7 Upload Firmware 24.7.1 Upload System Firmware 24.7.2 Upload System Configuration File 24.8 Command Interpreter Mode 24.9 Call Control 24.9.
P-660H/HW/W-T Series User’ Guide Table 71 Navigating the SMT Interface OPERATION KEY STROKE DESCRIPTION Entering information Type in or press [SPACE BAR], then press [ENTER]. You need to fill in two types of fields. The first requires you to type in the appropriate information. The second allows you to cycle through the available choices by pressing [SPACE BAR]. Required fields > or ChangeMe All fields with the symbol > must be filled in order to be able to save the new configuration.
P-660H/HW/W-T Series User’ Guide Table 73 Main Menu Summary # MENU TITLE DESCRIPTION 3 LAN Setup Use this menu to set up your wireless LAN and LAN connection. 4 Internet Access Setup A quick and easy way to set up an Internet connection. 11 Remote Node Setup Use this menu to set up the Remote Node for LAN-to-LAN connection, including Internet connection. 12 Static Routing Setup Use this menu to set up static routes.
P-660H/HW/W-T Series User’ Guide Note: Note that as you type a password, the screen displays an “*” for each character you type.
P-660H/HW/W-T Series User’ Guide CHAPTER 19 Menu 1 General Setup Menu 1 - General Setup contains administrative and system-related information. 19.1 General Setup Menu 1 — General Setup contains administrative and system-related information (shown next). The System Name field is for identification purposes. However, because some ISPs check this name you should enter your computer's "Computer Name". • In Windows 95/98 click Start, Settings, Control Panel, Network.
P-660H/HW/W-T Series User’ Guide Figure 110 Menu 1 General Setup Menu 1 General Setup System Name= ? Location= Contact Person's Name= Domain Name= Edit Dynamic DNS= No Route IP= Yes Bridge= No Press ENTER to Confirm or ESC to Cancel: Fill in the required fields. Refer to the table shown next for more information about these fields. Table 74 Menu 1 General Setup FIELD DESCRIPTION System Name Choose a descriptive name for identification purposes. This name can be up to 30 alphanumeric characters long.
P-660H/HW/W-T Series User’ Guide Figure 111 Menu 1.1 Configure Dynamic DNS Menu 1.1 - Configure Dynamic DNS Service Provider= WWW.DynDNS.ORG Active= No Host= EMAIL= USER= Password= ******** Enable Wildcard= No Press ENTER to Confirm or ESC to Cancel: Follow the instructions in the next table to configure dynamic DNS parameters. Table 75 Menu 1.1 Configure Dynamic DNS FIELD DESCRIPTION Service Provider This is the name of your dynamic DNS service provider.
P-660H/HW/W-T Series User’ Guide 217 Chapter 19 Menu 1 General Setup
P-660H/HW/W-T Series User’ Guide CHAPTER 20 Menu 2 WAN Backup Setup This chapter describes how to configure traffic redirect and dial-backup using menu 2 and 2.1. 20.1 Introduction to WAN Backup Setup This chapter explains how to configure the Prestige for traffic redirect and dial backup connections. 20.2 Configuring Dial Backup in Menu 2 From the main menu, enter 2 to open menu 2. Figure 112 Menu 2 WAN Backup Setup Menu 2 - Wan Backup Setup Check Mechanism = DSL Link Check WAN IP Address1 = 0.0.0.
P-660H/HW/W-T Series User’ Guide Table 76 Menu 2 WAN Backup Setup (continued) FIELD DESCRIPTION KeepAlive Fail Tolerance Type the number of times (2 recommended) that your Prestige may ping the IP addresses configured in the Check WAN IP Address field without getting a response before switching to a WAN backup connection (or a different WAN backup connection).
P-660H/HW/W-T Series User’ Guide Table 77 Menu 2.1Traffic Redirect Setup FIELD DESCRIPTION Metric This field sets this route's priority among the routes the Prestige uses. The metric represents the "cost of transmission". A router determines the best route for transmission by choosing a path with the lowest "cost". RIP routing uses hop count as the measurement of cost, with a minimum of "1" for directly connected networks.
P-660H/HW/W-T Series User’ Guide 221 Chapter 20 Menu 2 WAN Backup Setup
P-660H/HW/W-T Series User’ Guide CHAPTER 21 Menu 3 LAN Setup This chapter covers how to configure your wired Local Area Network (LAN) settings. 21.1 LAN Setup This section describes how to configure the Ethernet using Menu 3 — LAN Setup. From the main menu, enter 3 to display menu 3. Figure 114 Menu 3 LAN Setup Menu 3 - LAN Setup 1. LAN Port Filter Setup 2. TCP/IP and DHCP Setup 5. Wireless LAN Setup Enter Menu Selection Number: 21.1.
P-660H/HW/W-T Series User’ Guide 21.2 Protocol Dependent Ethernet Setup Depending on the protocols for your applications, you need to configure the respective Ethernet Setup, as outlined below. • TCP/IP Ethernet setup • Bridging Ethernet setup 21.3 TCP/IP Ethernet Setup and DHCP Use menu 3.2 to configure your Prestige for TCP/IP. To edit menu 3.2, enter 3 from the main menu to display Menu 3 — LAN Setup. When menu 3 appears, press 2 and press [ENTER] to display Menu 3.
P-660H/HW/W-T Series User’ Guide Follow the instructions in the following table on how to configure the DHCP fields. Table 78 DHCP Ethernet Setup FIELD DESCRIPTION DHCP Setup DHCP If set to Server, your Prestige can assign IP addresses, an IP default gateway and DNS servers to Windows 95, Windows NT and other systems that support the DHCP client. If set to None, the DHCP server will be disabled.
P-660H/HW/W-T Series User’ Guide 225 Chapter 21 Menu 3 LAN Setup
P-660H/HW/W-T Series User’ Guide CHAPTER 22 Wireless LAN Setup This chapter covers how to configure wireless LAN settings in SMT menu 3.5 for P-660HW and P-660W. 22.1 Wireless LAN Overview Refer to the chapter on the wireless LAN screens for wireless LAN background information. 22.2 Wireless LAN Setup Use menu 3.5 to set up your Prestige as the wireless access point. To edit menu 3.5, enter 3 from the main menu to display Menu 3 – LAN Setup.
P-660H/HW/W-T Series User’ Guide Table 80 Menu 3.5 - Wireless LAN Setup (continued) FIELD DESCRIPTION Channel ID Press [SPACE BAR] to select a channel. This allows you to set the operating frequency/ channel depending on your particular region. RTS Threshold RTS(Request To Send) threshold (number of bytes) enables RTS/CTS handshake. Data with its frame size larger than this value will perform the RTS/CTS handshake.
P-660H/HW/W-T Series User’ Guide Figure 118 Menu 3.5.1 WLAN MAC Address Filtering Menu 3.5.
P-660H/HW/W-T Series User’ Guide 229 Chapter 22 Wireless LAN Setup
P-660H/HW/W-T Series User’ Guide CHAPTER 23 Internet Access This chapter shows you how to configure the LAN and WAN of your Prestige for Internet access. 23.1 Internet Access Overview Refer to the chapters on the web configurator’s wizard, LAN and WAN screens for more background information on fields in the SMT screens covered in this chapter. 23.2 IP Policies Traditionally, routing is based on the destination address only and the router takes the shortest path to forward a packet.
P-660H/HW/W-T Series User’ Guide Figure 119 IP Alias Network Example Use menu 3.2.1 to configure IP Alias on your Prestige. 23.4 IP Alias Setup Use menu 3.2 to configure the first network. Move the cursor to Edit IP Alias field and press [SPACEBAR] to choose Yes and press [ENTER] to configure the second and third network. Figure 120 Menu 3.2 TCP/IP and DHCP Setup Menu 3.2 - TCP/IP and DHCP Setup DHCP Setup DHCP= Server Client IP Pool Starting Address= 192.168.1.
P-660H/HW/W-T Series User’ Guide Figure 121 Menu 3.2.1 IP Alias Setup Menu 3.2.
P-660H/HW/W-T Series User’ Guide Figure 122 Menu 1 General Setup Menu 1 - General Setup System Name= ? Location= location Contact Person's Name= Domain Name= Edit Dynamic DNS= No Route IP= Yes Bridge= No Press ENTER to Confirm or ESC to Cancel: 23.6 Internet Access Configuration Menu 4 allows you to enter the Internet Access information in one screen. Menu 4 is actually a simplified setup for one of the remote nodes that you can access in menu 11.
P-660H/HW/W-T Series User’ Guide . Table 83 Menu 4 Internet Access Setup FIELD DESCRIPTION ISP’s Name Enter the name of your Internet Service Provider (ISP). This information is for identification purposes only. Encapsulation Press [SPACE BAR] to select the method of encapsulation used by your ISP. Choices are PPPoE, PPPoA, RFC 1483 or ENET ENCAP. Multiplexing Press [SPACE BAR] to select the method of multiplexing used by your ISP. Choices are VC-based or LLC-based.
P-660H/HW/W-T Series User’ Guide 235 Chapter 23 Internet Access
P-660H/HW/W-T Series User’ Guide CHAPTER 24 Remote Node Configuration This chapter covers remote node configuration. 24.1 Remote Node Setup Overview This section describes the protocol-independent parameters for a remote node. A remote node is required for placing calls to a remote gateway. A remote node represents both the remote gateway and the network behind it across a WAN connection. When you use menu 4 to set up Internet access, you are configuring one of the remote nodes.
P-660H/HW/W-T Series User’ Guide Figure 124 Menu 11 Remote Node Setup 1. 2. 3. 4. 5. 6. 7. 8. Menu 11 - Remote Node Setup MyISP (ISP, SUA) ________ ________ ________ ________ ________ ________ ________ Enter Node # to Edit: 24.2.2 Encapsulation and Multiplexing Scenarios For Internet access you should use the encapsulation and multiplexing methods used by your ISP.
P-660H/HW/W-T Series User’ Guide Figure 125 Menu 11.1 Remote Node Profile Menu 11.
P-660H/HW/W-T Series User’ Guide Table 84 Menu 11.1 Remote Node Profile (continued) FIELD DESCRIPTION PAP – accept PAP (Password Authentication Protocol) only. Route This field determines the protocol used in routing. Options are IP and None. Bridge When bridging is enabled, your Prestige will forward any packet that it does not route to this remote node; otherwise, the packets are discarded. Select Yes to enable and No to disable.
P-660H/HW/W-T Series User’ Guide 24.3 Remote Node Network Layer Options For the TCP/IP parameters, perform the following steps to edit Menu 11.3 – Remote Node Network Layer Options as shown next. 1 In menu 11.1, make sure IP is among the protocols in the Route field. 2 Move the cursor to the Edit IP/Bridge field, press [SPACE BAR] to select Yes, then press [ENTER] to display Menu 11.3 – Remote Node Network Layer Options. Figure 126 Menu 11.3 Remote Node Network Layer Options Menu 11.
P-660H/HW/W-T Series User’ Guide Table 85 Menu 11.3 Remote Node Network Layer Options (continued) FIELD DESCRIPTION Address Mapping Set When Full Feature is selected in the NAT field, configure address mapping sets in menu 15.1. Select one of the NAT server sets (2-10) in menu 15.2 (see Chapter 27 on page 254 for details) and type that number here. When SUA Only is selected in the NAT field, the SMT uses NAT server set 1 in menu 15.2 (see Chapter 27 on page 254 for details).
P-660H/HW/W-T Series User’ Guide Figure 127 Sample IP Addresses for a TCP/IP LAN-to-LAN Connection 24.4 Remote Node Filter Move the cursor to the Edit Filter Sets field in menu 11.1, then press [SPACE BAR] to select Yes. Press [ENTER] to display Menu 11.5 – Remote Node Filter. Use Menu 11.5 – Remote Node Filter to specify the filter set(s) to apply to the incoming and outgoing traffic between this remote node and the Prestige and also to prevent certain packets from triggering calls.
P-660H/HW/W-T Series User’ Guide Figure 129 Menu 11.5 Remote Node Filter (PPPoA or PPPoE Encapsulation) Menu 11.5 - Remote Node Filter Input Filter Sets: protocol filters= device filters= Output Filter Sets: protocol filters= device filters= Call Filter Sets: protocol filters= device filters= Enter here to CONFIRM or ESC to CANCEL: 24.5 Editing ATM Layer Options Follow the steps shown next to edit Menu 11.6 – Remote Node ATM Layer Options. In menu 11.
P-660H/HW/W-T Series User’ Guide Figure 131 Menu 11.6 for LLC-based Multiplexing or PPP Encapsulation Menu 11.6 - Remote Node ATM Layer Options VPI/VCI (LLC-Multiplexing or PPP-Encapsulation) VPI #= 0 VCI #= 38 ATM QoS Type= UBR Peak Cell Rate (PCR)= 0 Sustain Cell Rate (SCR)= 0 Maximum Burst Size (MBS)= 0 ENTER here to CONFIRM or ESC to CANCEL: In this case, only one set of VPI and VCI numbers need be specified for all protocols.
P-660H/HW/W-T Series User’ Guide Figure 133 Menu 11.8 Advance Setup Options Menu 11.8 - Advance Setup Options PPPoE pass-through= No Press ENTER to Confirm or ESC to Cancel: The following table describes the fields in this menu. Table 86 Menu 11.8 Advance Setup Options FIELD DESCRIPTION PPPoE pass-through Press [SPACE BAR] to select Yes and press [ENTER] to enable PPPoE pass through.
P-660H/HW/W-T Series User’ Guide CHAPTER 25 Static Route Setup This chapter shows how to setup IP static routes. 25.1 IP Static Route Overview Static routes tell the Prestige routing information that it cannot learn automatically through other means. This can arise in cases where RIP is disabled on the LAN or a remote network is beyond the one that is directly connected to a remote node.
P-660H/HW/W-T Series User’ Guide Figure 135 Menu 12 Static Route Setup Menu 12 - Static Route Setup 1. IP Static Route 3. Bridge Static Route Please enter selection: From menu 12, select 1 to open Menu 12.1 — IP Static Route Setup (shown next). Figure 136 Menu 12.1 IP Static Route Setup Menu 12.1 - IP Static Route Setup 1. ________ 2. ________ 3. ________ 4. ________ 5. ________ 6. ________ 7. ________ 8. ________ 9. ________ 10. ________ 11. ________ 12. ________ 13. ________ 14. ________ 15.
P-660H/HW/W-T Series User’ Guide The following table describes the fields for Menu 12.1.1 – Edit IP Static Route Setup. Table 87 Menu12.1.1 Edit IP Static Route FIELD DESCRIPTION Route # This is the index number of the static route that you chose in menu 12.1. Route Name Type a descriptive name for this route. This is for identification purpose only. Active This field allows you to activate/deactivate this static route.
P-660H/HW/W-T Series User’ Guide 249 Chapter 25 Static Route Setup
P-660H/HW/W-T Series User’ Guide CHAPTER 26 Bridging Setup This chapter shows you how to configure the bridging parameters of your Prestige. 26.1 Bridging in General Bridging bases the forwarding decision on the MAC (Media Access Control), or hardware address, while routing does it on the network layer (IP) address. Bridging allows the Prestige to transport packets of network layer protocols that it does not route, for example, SNA, from one network to another.
P-660H/HW/W-T Series User’ Guide Figure 138 Menu 11.1 Remote Node Profile Menu 11.
P-660H/HW/W-T Series User’ Guide 26.2.2 Bridge Static Route Setup Similar to network layer static routes, a bridging static route tells the Prestige the route to a node before a connection is established. You configure bridge static routes in menu 12.3.1 (go to menu 12, choose option 3, then choose a static route to edit) as shown next. Figure 140 Menu 12.3.1 Edit Bridge Static Route Menu 12.3.
P-660H/HW/W-T Series User’ Guide 253 Chapter 26 Bridging Setup
P-660H/HW/W-T Series User’ Guide CHAPTER 27 Network Address Translation (NAT) This chapter discusses how to configure NAT on the Prestige. 27.1 Using NAT You must create a firewall rule in addition to setting up SUA/NAT, to allow traffic from the WAN to be forwarded through the Prestige. 27.1.1 SUA (Single User Account) Versus NAT SUA (Single User Account) is a ZyNOS implementation of a subset of NAT that supports two types of mapping, Many-to-One and Server. See Section 27.
P-660H/HW/W-T Series User’ Guide Figure 141 Menu 4 Applying NAT for Internet Access Menu 4 - Internet Access Setup ISP's Name= MyISP Encapsulation= RFC 1483 Multiplexing= LLC-based VPI #= 8 VCI #= 35 ATM QoS Type= UBR Peak Cell Rate (PCR)= 0 Sustain Cell Rate (SCR)= 0 Maximum Burst Size (MBS)= 0 My Login= N/A My Password= N/A ENET ENCAP Gateway= N/A IP Address Assignment= Static IP Address= 0.0.0.
P-660H/HW/W-T Series User’ Guide Table 90 Applying NAT in Menus 4 & 11.3 FIELD DESCRIPTION NAT Press [SPACE BAR] and then [ENTER] to select Full Feature if you have multiple public WAN IP addresses for your Prestige. The SMT uses the address mapping set that you configure and enter in the Address Mapping Set field (seeFigure 144 on page 257). Select None to disable NAT. When you select SUA Only, the SMT uses Address Mapping Set 255 (seeFigure 145 on page 257).
P-660H/HW/W-T Series User’ Guide Figure 144 Menu 15.1 Address Mapping Sets Menu 15.1 - Address Mapping Sets 1. 2. 3. 4. 5. 6. 7. 8. 255. SUA (read only) Enter Menu Selection Number: 27.3.1.1 SUA Address Mapping Set Enter 255 to display the next screen (see also Section 27.1.1 on page 254). The fields in this menu cannot be changed. Figure 145 Menu 15.1.255 SUA Address Mapping Rules Set Idx --1. 2. 3. 4. 5. 6. 7. 8. 9. 10. Menu 15.1.
P-660H/HW/W-T Series User’ Guide Table 91 SUA Address Mapping Rules (continued) FIELD DESCRIPTION Local End IP Local End IP is the ending local IP address (ILA). If the rule is for all local IPs, then the Start IP is 0.0.0.0 and the End IP is 255.255.255.255. Global Start IP This is the starting global IP address (IGA). If you have a dynamic IP, enter 0.0.0.0 as the Global Start IP. Global End IP This is the ending global IP address (IGA). Type These are the mapping types.
P-660H/HW/W-T Series User’ Guide 27.3.1.3 Ordering Your Rules Ordering your rules is important because the Prestige applies the rules in the order that you specify. When a rule matches the current packet, the Prestige takes the corresponding action and the remaining rules are ignored. If there are any empty rules before your new configured rule, your configured rule will be pushed up by that number of empty rules.
P-660H/HW/W-T Series User’ Guide The following table explains the fields in this menu. Table 93 Menu 15.1.1.1 Editing/Configuring an Individual Rule in a Set FIELD DESCRIPTION Type Press [SPACE BAR] and then [ENTER] to select from a total of five types. These are the mapping types discussed in the web configurator NAT chapter. Server allows you to specify multiple servers of different types behind NAT to this computer.
P-660H/HW/W-T Series User’ Guide Figure 149 Menu 15.2.1 NAT Server Setup Menu 15.2 - NAT Server Setup Rule Start Port No. End Port No. IP Address --------------------------------------------------1. Default Default 0.0.0.0 2. 21 21 192.168.1.33 3. 0 0 0.0.0.0 4. 0 0 0.0.0.0 5. 0 0 0.0.0.0 6. 0 0 0.0.0.0 7. 0 0 0.0.0.0 8. 0 0 0.0.0.0 9. 0 0 0.0.0.0 10. 0 0 0.0.0.0 11. 0 0 0.0.0.0 12. 0 0 0.0.0.0 Press ENTER to Confirm or ESC to Cancel: 4 Enter a port number in an unused Start Port No field.
P-660H/HW/W-T Series User’ Guide 27.5.1 Example 1: Internet Access Only In the following Internet access example, you only need one rule where your ILAs (Inside Local addresses) all map to one dynamic IGA (Inside Global Address) assigned by your ISP.
P-660H/HW/W-T Series User’ Guide Figure 153 NAT Example 2 In this case, you do exactly as above (use the convenient pre-configured SUA Only set) and also go to menu 15.2 to specify the Inside Server behind the NAT as shown in the next figure. Figure 154 Menu 15.2.1 Specifying an Inside Server Menu 15.2.1 - NAT Server Setup (Used for SUA Only) Rule Start Port No. End Port No. IP Address --------------------------------------------------1. Default Default 192.168.1.10 2. 0 0 0.0.0.0 3. 0 0 0.0.0.0 4. 0 0 0.
P-660H/HW/W-T Series User’ Guide Map the other outgoing LAN traffic to IGA3 (Many : 1 mapping). You also map your third IGA to the web server and mail server on the LAN. Type Server allows you to specify multiple servers, of different types, to other computers behind NAT on the LAN. The example situation looks somewhat like this: Figure 155 NAT Example 3 In this case you need to configure Address Mapping Set 1 from Menu 15.1 - Address Mapping Sets.
P-660H/HW/W-T Series User’ Guide Figure 156 Example 3: Menu 11.3 Menu 11.3 - Remote Node Network Layer Options IP Options: Bridge Options: IP Address Assignment= Static Ethernet Addr Timeout (min)= 0 Rem IP Addr: 0.0.0.0 Rem Subnet Mask= 0.0.0.0 My WAN Addr= 0.0.0.
P-660H/HW/W-T Series User’ Guide Figure 158 Example 3: Final Menu 15.1.1 Set Idx --1. 2 3. 4. 5. 6. 7. 8. 9. 10. Menu 15.1.1 - Address Mapping Rules Name= Example3 Local Start IP Local End IP Global Start IP --------------- ------------- --------------192.168.1.10 10.132.50.1 192.168.1.11 10.132.50.2 0.0.0.0 255.255.255.255 10.132.50.3 10.132.50.
P-660H/HW/W-T Series User’ Guide 27.5.4 Example 4: NAT Unfriendly Application Programs Some applications do not support NAT Mapping using TCP or UDP port address translation. In this case it is better to use Many-to-Many No Overload mapping as port numbers do not change for Many-to-Many No Overload (and One-to-One) NAT mapping types. The following figure illustrates this.
P-660H/HW/W-T Series User’ Guide Figure 162 Example 4: Menu 15.1.1 Address Mapping Rules Set Idx --1. NO OV 2. 3. 4. 5. 6. 7. 8. 9. 10. Menu 15.1.1 - Address Mapping Rules Name= Example4 Local Start IP Local End IP Global Start IP --------------- -------------------------192.168.1.10 192.168.1.12 10.132.50.1 Action= Edit Global End IP --------------10.132.50.
P-660H/HW/W-T Series User’ Guide 269 Chapter 27 Network Address Translation (NAT)
P-660H/HW/W-T Series User’ Guide CHAPTER 28 Enabling the Firewall This chapter shows you how to get started with the Prestige firewall. 28.1 Remote Management and the Firewall When SMT menu 24.11 is configured to allow management and the firewall is enabled: • The firewall blocks remote management from the WAN unless you configure a firewall rule to allow it. • The firewall allows remote management from the LAN. 28.
P-660H/HW/W-T Series User’ Guide Figure 163 Menu 21.2 Firewall Setup Menu 21.2 - Firewall Setup The firewall protects against Denial of Service (DOS) attacks when it is active. The default Policy sets 1. allow all sessions originating from the LAN to the WAN and 2.
P-660H/HW/W-T Series User’ Guide CHAPTER 29 Filter Configuration This chapter shows you how to create and apply filters. 29.1 About Filtering Your Prestige uses filters to decide whether or not to allow passage of a data packet and/or to make a call. There are two types of filter applications: data filtering and call filtering. Filters are subdivided into device and protocol filters, which are discussed later. Data filtering screens data to determine if the packet should be allowed to pass.
P-660H/HW/W-T Series User’ Guide Figure 165 Filter Rule Process You can apply up to four filter sets to a particular port to block various types of packets. Because each filter set can have up to six rules, you can have a maximum of 24 rules active for a single port. For incoming packets, your Prestige applies data filters only. Packets are processed depending on whether a match is found. The following sections describe how to configure filter sets. 29.1.
P-660H/HW/W-T Series User’ Guide 29.2 Configuring a Filter Set for the Prestige To configure a filter set, follow the steps shown next. 1 Enter 21 in the main menu to display Menu 21 – Filter and Firewall Setup. 2 Enter 1 to display Menu 21.1 – Filter Set Configuration as shown next. Figure 166 Menu 21 Filter Set Configuration Menu 21.
P-660H/HW/W-T Series User’ Guide Figure 168 NetBIOS_LAN Filter Rules Summary Menu 21.1.3 - Filter Rules Summary # A Type Filter Rules M m n - - ---- ------------------------------------------------------------ - - 1 Y IP Pr=17, SA=0.0.0.0, SP=137, DA=0.0.0.0, DP=53 N D F 2 N 3 N 4 N 5 N 6 N Enter Filter Rule Number (1-6) to Configure: Figure 169 IGMP Filter Rules Summary # 1 2 3 4 5 6 Menu 21.1.
P-660H/HW/W-T Series User’ Guide Table 94 Abbreviations Used in the Filter Rules Summary Menu (continued) FIELD DESCRIPTION m Action Matched. “F” means to forward the packet immediately and skip checking the remaining rules. “D” means to drop the packet. “N“means to check the next rule. n Action Not Matched. “F” means to forward the packet immediately and skip checking the remaining rules. “D” means to drop the packet. “N” means to check the next rule.
P-660H/HW/W-T Series User’ Guide 29.4.1 TCP/IP Filter Rule This section shows you how to configure a TCP/IP filter rule. TCP/IP rules allow you to base the rule on the fields in the IP and the upper layer protocol, for example, UDP and TCP headers. To configure TCP/IP rules, select TCP/IP Filter Rule from the Filter Type field and press [ENTER] to open Menu 21.1.x.1 – TCP/IP Filter Rule, as shown next. Figure 170 Menu 21.1.x.1 TCP/IP Filter Rule Menu 21.1.1.
P-660H/HW/W-T Series User’ Guide Table 96 Menu 21.1.x.1 TCP/IP Filter Rule (continued) FIELD DESCRIPTION Port # Type the destination port of the packets you want to filter. The field range is 0 to 65535. A 0 field is ignored. Port # Comp Select the comparison to apply to the destination port in the packet against the value given in Destination: Port #. Choices are None, Less, Greater, Equal or Not Equal. Source: IP Addr Type the source IP Address of the packet you want to filter. A 0.0.0.
P-660H/HW/W-T Series User’ Guide Figure 171 Executing an IP Filter 29.4.2 Generic Filter Rule This section shows you how to configure a generic filter rule. The purpose of generic rules is to allow you to filter non-IP packets. For IP, it is generally easier to use the IP rules directly.
P-660H/HW/W-T Series User’ Guide For generic rules, the Prestige treats a packet as a byte stream as opposed to an IP packet. You specify the portion of the packet to check with the Offset (from 0) and the Length fields, both in bytes. The Prestige applies the Mask (bit-wise ANDing) to the data portion before comparing the result against the Value to determine a match. The Mask and Value fields are specified in hexadecimal numbers.
P-660H/HW/W-T Series User’ Guide Table 97 Menu 21.1.5.1 Generic Filter Rule (continued) FIELD DESCRIPTION Log Select the logging option from the following: None – No packets will be logged. Action Matched – Only matching packets and rules will be logged. Action Not Matched – Only packets that do not match the rule parameters will be logged. Both – All packets will be logged. Action Matched Select the action for a matching packet. Choices are Check Next Rule, Forward or Drop.
P-660H/HW/W-T Series User’ Guide Figure 174 Sample Telnet Filter 1 Enter 1 in the menu 21 to display Menu 21.1 — Filter Set Configuration. 2 Enter the index number of the filter set you want to configure (in this case 6). 3 Type a descriptive name or comment in the Edit Comments field (for example, TELNET_WAN) and press [ENTER]. 4 Press [ENTER] at the message “Press [ENTER] to confirm or [ESC] to cancel...” to open Menu 21.1.6 — Filter Rules Summary. 5 Type 1 to configure the first filter rule.
P-660H/HW/W-T Series User’ Guide 2 Go to the Edit Filter Sets field, press [SPACE BAR] to choose Yes and press [ENTER]. This brings you to menu 11.5. Apply the example filter set (for example, filter set 3) in this menu as shown in the next section. This shows you that you have configured and activated (A = Y) a TCP/IP filter rule (Type = IP, Pr = 6) for destination telnet ports (DP = 23). M = N means an action can be taken immediately.
P-660H/HW/W-T Series User’ Guide 29.7.1 Ethernet Traffic You seldom need to filter Ethernet traffic; however, the filter sets may be useful to block certain packets, reduce traffic and prevent security breaches. Go to menu 3.1 (shown next) and type the number(s) of the filter set(s) that you want to apply as appropriate. You can choose up to four filter sets (from twelve) by typing their numbers separated by commas, for example, 3, 4, 6, 11.
P-660H/HW/W-T Series User’ Guide 285 Chapter 29 Filter Configuration
P-660H/HW/W-T Series User’ Guide CHAPTER 30 SNMP Configuration This chapter explains SNMP Configuration menu 22. 30.1 About SNMP Simple Network Management Protocol (SNMP) is a protocol used for exchanging management information between network devices. SNMP is a member of the TCP/IP protocol suite. Your Prestige supports SNMP agent functionality, which allows a manager station to manage and monitor the Prestige through the network.
P-660H/HW/W-T Series User’ Guide The managed devices contain object variables/managed objects that define each piece of information to be collected about a device. Examples of variables include the number of packets received, node port status etc. A Management Information Base (MIB) is a collection of managed objects. SNMP allows a manager and agents to communicate for the purpose of accessing these objects. SNMP itself is a simple request/response protocol based on the manager/agent model.
P-660H/HW/W-T Series User’ Guide Figure 180 Menu 22 SNMP Configuration Menu 22 - SNMP Configuration SNMP: Get Community= public Set Community= public Trusted Host= 0.0.0.0 Trap: Community= public Destination= 0.0.0.0 Press ENTER to Confirm or ESC to Cancel: The following table describes the SNMP configuration parameters.
P-660H/HW/W-T Series User’ Guide Table 100 SNMP Traps (continued) TRAP # TRAP NAME DESCRIPTION 5 authenticationFailure (defined in RFC-1215) A trap is sent to the manager when receiving any SNMP gets or sets requirements with wrong community (password). 6 whyReboot (defined in ZYXEL-MIB) A trap is sent with the reason of restart before rebooting when the system is going to restart (warm start).
P-660H/HW/W-T Series User’ Guide CHAPTER 31 System Security This chapter describes how to configure the system security on the Prestige. 31.1 System Security You can configure the system password. 31.1.1 System Password Enter 23 in the main menu to display Menu 23 – System Security. You should change the default password. If you forget your password you have to restore the default configuration file. Figure 181 Menu 23 – System Security Menu 23 - System Security 1. Change Password 2. RADIUS Server 4.
P-660H/HW/W-T Series User’ Guide Figure 182 Menu 23.2 System Security: RADIUS Server Menu 23.2 - System Security - RADIUS Server Authentication Server: Active= No Server Address= 10.11.12.13 Port #= 1812 Shared Secret= ******** Accounting Server: Active= No Server Address= 10.11.12.13 Port #= 1813 Shared Secret= ******** Press ENTER to Confirm or ESC to Cancel: The following table describes the fields in this menu. Table 102 Menu 23.
P-660H/HW/W-T Series User’ Guide 31.1.3 IEEE 802.1x The IEEE 802.1x standards outline enhanced security methods for both the authentication of wireless stations and encryption key management. Follow the steps below to enable EAP authentication on your Prestige. 1 From the main menu, enter 23 to display Menu23 – System Security. Figure 183 Menu 23 System Security Menu 23 - System Security 1. Change Password 2. RADIUS Server 4. IEEE802.1x Enter Menu Selection Number: 2 Enter 4 to display Menu 23.
P-660H/HW/W-T Series User’ Guide Table 103 Menu 23.4 System Security: IEEE 802.1x FIELD DESCRIPTION Wireless Port Control Press [SPACE BAR] and select a security mode for the wireless LAN access. Select No Authentication Required to allow any wireless stations access to your wired network without entering usernames and passwords. This is the default setting. Selecting Authentication Required means wireless stations have to enter usernames and passwords before access to the wired network is allowed.
P-660H/HW/W-T Series User’ Guide Table 103 Menu 23.4 System Security: IEEE 802.1x (continued) FIELD DESCRIPTION Authentication Databases The authentication database contains wireless station login information. The local user database is the built-in database on the Prestige. The RADIUS is an external server. Use this field to decide which database the Prestige should use (first) to authenticate a wireless station.
P-660H/HW/W-T Series User’ Guide Figure 185 Menu 14 Dial-in User Setup Menu 14 - Dial-in User Setup 1. 2. 3. 4. 5. 6. 7. 8. ________ ________ ________ ________ ________ ________ ________ ________ 9. 10. 11. 12. 13. 14. 15. 16. ________ ________ ________ ________ ________ ________ ________ ________ 17. 18. 19. 20. 21. 22. 23. 24. ________ ________ ________ ________ ________ ________ ________ ________ 25. 26. 27. 28. 29. 30. 31. 32.
P-660H/HW/W-T Series User’ Guide CHAPTER 32 System Information and Diagnosis This chapter covers the information and diagnostic tools in SMT menus 24.1 to 24.4. 32.1 Overview These tools include updates on system status, port status, log and trace capabilities and upgrades for the system software. This chapter describes how to use these tools in detail. Type 24 in the main menu to open Menu 24 – System Maintenance, as shown in the following figure.
P-660H/HW/W-T Series User’ Guide The following table describes the fields present in Menu 24.1 — System Maintenance — Status which are read-only and meant for diagnostic purposes. Figure 188 Menu 24.1 System Maintenance : Status Menu 24.1 - System Maintenance - Status Node-Lnk Time 1-ENET 2 3 4 5 6 7 8 Status N/A N/A N/A N/A N/A N/A N/A N/A TxPkts 0 0 0 0 0 0 0 0 RxPkts 23:08:47 Sat. Jan.
P-660H/HW/W-T Series User’ Guide Table 105 Menu 24.1 System Maintenance: Status (continued) FIELD Collision WAN Line Status DESCRIPTION This is the number of collisions. This shows statistics for the WAN. This shows the current status of the xDSL line, which can be Up or Down. Upstream Speed This shows the upstream transfer rate in kbps. Downstream Speed This shows the downstream transfer rate in kbps. CPU Load This specifies the percentage of CPU utilization. 32.
P-660H/HW/W-T Series User’ Guide Figure 190 Menu 24.2.1 System Maintenance: Information Menu 24.2.1 - System Maintenance - Information Name: Routing: IP ZyNOS F/W Version: V3.40(ACC.0)| 04/26/2005 ADSL Chipset Vendor: DMT FwVer: 3.0.11.11_A_TC, HwVer: T14F+ Standard: Multi-Mode LAN Ethernet Address: 00:13:49:11:11:35 IP Address: 192.168.1.1 IP Mask: 255.255.255.0 DHCP: Server Press ESC or RETURN to Exit: The following table describes the fields in this menu. Table 106 Menu 24.2.
P-660H/HW/W-T Series User’ Guide Figure 191 Menu 24.2.2 System Maintenance : Change Console Port Speed Menu 24.2.2 – System Maintenance – Change Console Port Speed Console Port Speed: 9600 Press ENTER to Confirm or ESC to Cancel: Once you change the Prestige console port speed, you must also set the speed parameter for the communication software you are using to connect to the Prestige. 32.4 Log and Trace There are two logging facilities in the Prestige.
P-660H/HW/W-T Series User’ Guide Figure 193 Sample Error and Information Messages 53 Sat Jan 01 00:00:03 2000 PP01 -WARN SNMP TRAP 0: cold start 54 Sat Jan 01 00:00:03 2000 PP01 INFO main: init completed 55 Sat Jan 01 00:00:03 2000 PP01 INFO Starting Connectivity Monitor 56 Sat Jan 01 00:00:03 2000 PP20 INFO adjtime task pause 1 day 57 Sat Jan 01 00:00:03 2000 PP21 INFO monitoring WAN connectivity 58 Sat Jan 01 00:03:06 2000 PP19 INFO SMT Password pass 59 Sat Jan 01 00:03:06 2000 PP01 INFO SMT Session Begi
P-660H/HW/W-T Series User’ Guide Figure 195 Syslog Example 1 - CDR SdcmdSyslogSend ( SYSLOG_CDR, SYSLOG_INFO, String); String = board xx line xx channel xx, call xx, str board = the hardware board ID line = the WAN ID in a board Channel = channel ID within the WAN call = the call reference number which starts from 1 and increments by 1 for each new call str = C01 Outgoing Call dev xx ch xx (dev:device No. ch:channel No.
P-660H/HW/W-T Series User’ Guide Figure 195 Syslog Example (continued) prot: Protocol (“TCP”, ”UDP”, ”ICMP”) spo: Source port dpo: Destination port Jul 19 14:43:55 192.168.102.2 ZYXEL: IP [Src=202.132.154.123 Dst=255.255.255.255 UDP spo=0208 dpo=0208]} S03>R01mF Jul 19 14:44:00 192.168.102.2 ZYXEL: IP [Src=192.168.102.20 Dst=202.132.154.1 UDP spo=05d4 dpo=0035]} S03>R01mF Jul 19 14:44:04 192.168.102.2 ZYXEL: IP [Src=192.168.102.20 Dst=202.132.154.
P-660H/HW/W-T Series User’ Guide The following table describes the diagnostic tests available in menu 24.4 for and the connections. Table 108 Menu 24.4 System Maintenance Menu: Diagnostic FIELD DESCRIPTION Reset xDSL Re-initialize the xDSL link to the telephone company. Ping Host Ping the host to see if the links and TCP/IP protocol on both systems are working. Reboot System Reboot the Prestige. Command Mode Type the mode to test and diagnose your Prestige using specified commands.
P-660H/HW/W-T Series User’ Guide 305 Chapter 32 System Information and Diagnosis
P-660H/HW/W-T Series User’ Guide CHAPTER 33 Firmware and Configuration File Maintenance This chapter tells you how to backup and restore your configuration file as well as upload new firmware and configuration files. 33.1 Filename Conventions The configuration file (often called the romfile or rom-0) contains the factory default settings in the menus such as password, DHCP Setup, TCP/IP Setup, etc. It arrives from ZyXEL with a “rom” filename extension.
P-660H/HW/W-T Series User’ Guide The following table is a summary. Please note that the internal filename refers to the filename on the Prestige and the external filename refers to the filename not on the Prestige, that is, on your computer, local network or FTP site and so the name (but not the extension) may vary. After uploading new firmware, see the ZyNOS F/W Version field in Menu 24.2.1 – System Maintenance – Information to confirm that you have uploaded the correct firmware version.
P-660H/HW/W-T Series User’ Guide Figure 197 Telnet in Menu 24.5 Menu 24.5 - System Maintenance - Backup Configuration To transfer the configuration file to your workstation, follow the procedure below: 1. Launch the FTP client on your workstation. 2. Type "open" and the IP address of your Prestige. Then type "root" and SMT password as requested. 3. Locate the 'rom-0' file. 4. Type 'get rom-0' to back up the current Prestige configuration to your workstation.
P-660H/HW/W-T Series User’ Guide Figure 198 FTP Session Example 331 Enter PASS command Password: 230 Logged in ftp> bin 200 Type I OK ftp> get rom-0 zyxel.rom 200 Port command okay 150 Opening data connection for STOR ras 226 File received OK ftp: 16384 bytes sent in 1.10Seconds 297.89Kbytes/sec. ftp> quit 33.2.4 GUI-based FTP Clients The following table describes some of the commands that you may see in GUI-based FTP clients.
P-660H/HW/W-T Series User’ Guide 33.2.6 Backup Configuration Using TFTP The Prestige supports the up/downloading of the firmware and the configuration file using TFTP (Trivial File Transfer Protocol) over LAN. Although TFTP should work over WAN as well, it is not recommended. To use TFTP, your computer must have both telnet and TFTP clients. To backup the configuration file, follow the procedure shown next. 1 Use telnet from your computer to connect to the Prestige and log in.
P-660H/HW/W-T Series User’ Guide Table 111 General Commands for GUI-based TFTP Clients COMMAND DESCRIPTION Host Enter the IP address of the Prestige. 192.168.1.1 is the Prestige’s default IP address when shipped. Send/Fetch Use “Send” to upload the file to the Prestige and “Fetch” to back up the file on your computer. Local File Enter the path and name of the firmware file (*.bin extension) or configuration file (*.rom extension) on your computer. Remote File This is the filename on the Prestige.
P-660H/HW/W-T Series User’ Guide Figure 199 Telnet into Menu 24.6 Menu 24.6 -- System Maintenance - Restore Configuration To transfer the firmware and configuration file to your workstation, follow the procedure below: 1. Launch the FTP client on your workstation. 2. Type "open" and the IP address of your Prestige. Then type "root" and SMT password as requested. 3.
P-660H/HW/W-T Series User’ Guide 33.4 Uploading Firmware and Configuration Files This section shows you how to upload firmware and configuration files. You can upload configuration files by following the procedure in Section 33.2 on page 307 or by following the instructions in Menu 24.7.2 – System Maintenance – Upload System Configuration File. Note: Do not interrupt the file transfer process as this may PERMANENTLY DAMAGE YOUR Prestige. 33.4.
P-660H/HW/W-T Series User’ Guide Figure 202 Telnet Into Menu 24.7.2 System Maintenance Menu 24.7.2 - System Maintenance - Upload System Configuration File To upload the system configuration file, follow the procedure below: 1. Launch the FTP client on your workstation. 2. Type "open" and the IP address of your system. Then type "root" and SMT password as requested. 3.
P-660H/HW/W-T Series User’ Guide 33.4.4 FTP Session Example of Firmware File Upload Figure 203 FTP Session Example of Firmware File Upload 331 Enter PASS command Password: 230 Logged in ftp> bin 200 Type I OK ftp> put firmware.bin ras 200 Port command okay 150 Opening data connection for STOR ras 226 File received OK ftp: 1103936 bytes sent in 1.10Seconds 297.89Kbytes/sec. ftp> quit More commands (found in GUI-based FTP clients) are listed earlier in this chapter. Refer to Section 33.2.
P-660H/HW/W-T Series User’ Guide 33.4.6 TFTP Upload Command Example The following is an example TFTP command: tftp [-i] host put firmware.bin ras where “i” specifies binary image transfer mode (use this mode when transferring binary files), “host” is the Prestige’s IP address and “put” transfers the file source on the computer (firmware.bin – name of the firmware on the computer) to the file destination on the remote host (ras - name of the firmware on the Prestige).
P-660H/HW/W-T Series User’ Guide 317 Chapter 33 Firmware and Configuration File Maintenance
P-660H/HW/W-T Series User’ Guide CHAPTER 34 System Maintenance This chapter leads you through SMT menus 24.8 to 24.10. 34.1 Command Interpreter Mode The Command Interpreter (CI) is a part of the main system firmware. The CI provides much of the same functionality as the SMT, while adding some low-level setup and diagnostic functions. Enter the CI from the SMT by selecting menu 24.8. See the included disk or the zyxel.com web site for more detailed information on CI commands.
P-660H/HW/W-T Series User’ Guide 34.2 Call Control Support Call Control Support is only applicable when Encapsulation is set to PPPoE in menu 4 or menu 11.1. The budget management function allows you to set a limit on the total outgoing call time of the Prestige within certain times. When the total outgoing call time exceeds the limit, the current call will be dropped and any future outgoing calls will be blocked. To access the call control menu, select option 9 in menu 24 to go to Menu 24.
P-660H/HW/W-T Series User’ Guide Figure 207 Menu 24.9.1 System Maintenance: Budget Management Menu 24.9.1 - System Maintenance - Budget Management Remote Node 1.MyIsp 2.-------3.-------4.-------5.-------6.-------7.-------8.-------- Connection Time/Total Budget No Budget --------------- Elapsed Time/Total Period No Budget --------------- Reset Node (0 to update screen): The total budget is the time limit on the accumulated time for outgoing calls to a remote node.
P-660H/HW/W-T Series User’ Guide Figure 208 Menu 24 System Maintenance Menu 24 - System Maintenance 1. 2. 3. 4. 5. 6. 7. 8. 9. 10. 11. System Status System Information and Console Port Speed Log and Trace Diagnostic Backup Configuration Restore Configuration Upload Firmware Command Interpreter Mode Call Control Time and Date Setting Remote Management Enter Menu Selection Number: Then enter 10 to go to Menu 24.
P-660H/HW/W-T Series User’ Guide Table 113 Menu 24.10 System Maintenance: Time and Date Setting (continued) FIELD DESCRIPTION Current Time This field displays an updated time only when you reenter this menu. New Time Enter the new time in hour, minute and second format. Current Date This field displays an updated date only when you re-enter this menu. New Date Enter the new date in year, month and day format.
P-660H/HW/W-T Series User’ Guide 323 Chapter 34 System Maintenance
P-660H/HW/W-T Series User’ Guide CHAPTER 35 Remote Management This chapter covers remote management (SMT menu 24.11). 35.1 Remote Management Overview Remote management allows you to determine which services/protocols can access which Prestige interface (if any) from which computers. When you configure remote management to allow management from the WAN, you still need to configure a firewall rule to allow access. See the firewall chapters for details on configuring firewall rules. 35.
P-660H/HW/W-T Series User’ Guide Figure 210 Menu 24.11 Remote Management Control Menu 24.11 - Remote Management Control TELNET Server: Server Port = 23 Secured Client IP = 0.0.0.0 FTP Server: Server Port = 21 Secured Client IP = 0.0.0.0 Web Server: Server Port = 80 Secured Client IP = 0.0.0.0 Server Access = LAN only Server Access = LAN only Server Access = LAN only Press ENTER to Confirm or ESC to Cancel: The following table describes the fields in this menu. Table 114 Menu 24.
P-660H/HW/W-T Series User’ Guide 35.3 Remote Management and NAT When NAT is enabled: • Use the Prestige’s WAN IP address when configuring from the WAN. • Use the Prestige’s LAN IP address when configuring from the LAN. 35.4 System Timeout There is a default system management idle timeout of five minutes (three hundred seconds). The Prestige automatically logs you out if the management session remains idle for longer than this timeout period.
P-660H/HW/W-T Series User’ Guide 327 Chapter 35 Remote Management
P-660H/HW/W-T Series User’ Guide CHAPTER 36 IP Policy Routing This chapter covers setting and applying policies used for IP routing. 36.1 IP Policy Routing Overview Traditionally, routing is based on the destination address only and the IAD takes the shortest path to forward a packet. IP Routing Policy (IPPR) provides a mechanism to override the default routing behavior and alter the packet forwarding based on the policy defined by the network administrator.
P-660H/HW/W-T Series User’ Guide • routing the packet to a different gateway (and hence the outgoing interface). • setting the TOS and precedence fields in the IP header. IPPR follows the existing packet filtering facility of RAS in style and in implementation. The policies are divided into sets, where related policies are grouped together. A user defines the policies before applying them to an interface or a remote node, in the same fashion as the filters.
P-660H/HW/W-T Series User’ Guide Figure 212 Menu 25.1 IP Routing Policy Setup Menu 25.1 - IP Routing Policy Setup # A Criteria/Action - - ---------------------------------------------------------------------1 Y SA=1.1.1.1-1.1.1.1,DA=2.2.2.2-2.2.2.5 SP=20-25,DP=20-25,P=6,T=NM,PR=0 |GW=192.168.1.
P-660H/HW/W-T Series User’ Guide Figure 213 Menu 25.1.1 IP Routing Policy Menu 25.1.1 - IP Routing Policy Policy Set Name= test Active= No Criteria: IP Protocol = 0 Type of Service= Don't Care Precedence = Don't Care Source: addr start= 0.0.0.0 port start= N/A Destination: addr start= 0.0.0.0 port start= N/A Action= Matched Gateway addr = 0.0.0.
P-660H/HW/W-T Series User’ Guide Table 116 Menu 25.1.1 IP Routing Policy (continued) FIELD DESCRIPTION Gateway addr Defines the outgoing gateway address. The gateway must be on the same subnet as the Prestige if it is on the LAN, otherwise, the gateway must be the IP address of a remote node. The default gateway is specified as 0.0.0.0. Type of Service Set the new TOS value of the outgoing packet.
P-660H/HW/W-T Series User’ Guide Figure 214 Menu 3.2 TCP/IP and DHCP Ethernet Setup Menu 3.2 - TCP/IP and DHCP Setup DHCP Setup DHCP= Server Client IP Pool Starting Address= 192.168.1.33 Size of Client IP Pool= 32 Primary DNS Server= 0.0.0.0 Secondary DNS Server= 0.0.0.0 Remote DHCP Server= N/A TCP/IP Setup: IP Address= 192.168.1.1 IP Subnet Mask= 255.255.255.0 RIP Direction= Both Version= RIP-1 Multicast= None IP Policies= Edit IP Alias= No Press ENTER to Confirm or ESC to Cancel: Go to menu 11.
P-660H/HW/W-T Series User’ Guide Route 1 represents the default IP route and route 2 represents the configured IP route. Figure 216 Example of IP Policy Routing To force packets coming from clients with IP addresses of 192.168.1.33 to 192.168.1.64 to be routed to the Internet via the WAN port of the Prestige, follow the steps as shown next. 1 Create a routing policy set in menu 25. 2 Create a rule for this set in Menu 25.1.1 — IP Routing Policy as shown next.
P-660H/HW/W-T Series User’ Guide Figure 217 IP Routing Policy Example Menu 25.1.1 - IP Routing Policy Policy Set Name= set1 Active= Yes Criteria: IP Protocol = 6 Type of Service= Don't Care Precedence = Don't Care Source: addr start= 192.168.1.2 port start= 0 Destination: addr start= 0.0.0.0 port start= 80 Action= Matched Gateway addr = 192.168.1.1 Type of Service= No Change Precedence = No Change Packet length= 10 Len Comp= N/A end= end= end= end= Log= 192.168.1.
P-660H/HW/W-T Series User’ Guide Figure 218 IP Routing Policy Example Menu 25.1.1 - IP Routing Policy Policy Set Name= set2 Active= Yes Criteria: IP Protocol = 6 Type of Service= Don't Care Precedence = Don't Care Source: addr start= 0.0.0.0 port start= 0 Destination: addr start= 0.0.0.0 port start= 20 Action= Matched Gateway addr =192.168.1.
P-660H/HW/W-T Series User’ Guide 337 Chapter 36 IP Policy Routing
P-660H/HW/W-T Series User’ Guide CHAPTER 37 Call Scheduling Call scheduling (applicable for PPPoA or PPPoE encapsulation only) allows you to dictate when a remote node should be called and for how long. 37.1 Introduction The call scheduling feature allows the Prestige to manage a remote node and dictate when a remote node should be called and for how long. This feature is similar to the scheduler in a videocassette recorder (you can specify a time period for the VCR to record).
P-660H/HW/W-T Series User’ Guide To setup a schedule set, select the schedule set you want to setup from menu 26 (1-12) and press [ENTER] to see Menu 26.1 — Schedule Set Setup as shown next. Figure 221 Menu 26.1 Schedule Set Setup Menu 26.
P-660H/HW/W-T Series User’ Guide Table 117 Menu 26.1 Schedule Set Setup (continued) FIELD DESCRIPTION Action Forced On means that the connection is maintained whether or not there is a demand call on the line and will persist for the time period specified in the Duration field. Forced Down means that the connection is blocked whether or not there is a demand call on the line. Enable Dial-On-Demand means that this schedule permits a demand call on the line.
P-660H/HW/W-T Series User’ Guide 341 Chapter 37 Call Scheduling
P-660H/HW/W-T Series User’ Guide CHAPTER 38 Troubleshooting This chapter covers potential problems and the corresponding remedies. 38.1 Problems Starting Up the Prestige Table 118 Troubleshooting Starting Up Your Prestige PROBLEM CORRECTIVE ACTION None of the LEDs turn on when I turn on the Prestige. Make sure that the Prestige’s power adaptor is connected to the Prestige and plugged in to an appropriate power source. Make sure that the Prestige and the power source are both turned on.
P-660H/HW/W-T Series User’ Guide 38.3 Problems with the WAN Table 120 Troubleshooting the WAN PROBLEM CORRECTIVE ACTION The DSL LED is off. Check the telephone wire and connections between the Prestige DSL port and the wall jack. Make sure that the telephone company has checked your phone line and set it up for DSL service. Reset your ADSL line to reinitialize your link to the DSLAM. For details, refer to the Table 68 on page 204 (web configurator) or Table 108 on page 304 (SMT).
P-660H/HW/W-T Series User’ Guide 38.4 Problems Accessing the Prestige Table 121 Troubleshooting Accessing the Prestige PROBLEM CORRECTIVE ACTION I cannot access the Prestige. The username is “admin”. The default password is “1234”. The Password and Username fields are case-sensitive. Make sure that you enter the correct password and username using the proper casing. If you have changed the password and have now forgotten it, you will need to upload the default configuration file.
P-660H/HW/W-T Series User’ Guide Figure 223 Pop-up Blocker You can also check if pop-up blocking is disabled in the Pop-up Blocker section in the Privacy tab. 1 In Internet Explorer, select Tools, Internet Options, Privacy. 2 Clear the Block pop-ups check box in the Pop-up Blocker section of the screen. This disables any web pop-up blockers you may have enabled. Figure 224 Internet Options 3 Click Apply to save this setting. 38.4.1.1.
P-660H/HW/W-T Series User’ Guide Figure 225 Internet Options 3 Type the IP address of your device (the web page that you do not want to have blocked) with the prefix “http://”. For example, http://192.168.1.1. 4 Click Add to move the IP address to the list of Allowed sites.
P-660H/HW/W-T Series User’ Guide Figure 226 Pop-up Blocker Settings 5 Click Close to return to the Privacy screen. 6 Click Apply to save this setting. 38.4.1.2 JavaScripts If pages of the web configurator do not display properly in Internet Explorer, check that JavaScripts are allowed. 1 In Internet Explorer, click Tools, Internet Options and then the Security tab.
P-660H/HW/W-T Series User’ Guide Figure 227 Internet Options 2 Click the Custom Level... button. 3 Scroll down to Scripting. 4 Under Active scripting make sure that Enable is selected (the default). 5 Under Scripting of Java applets make sure that Enable is selected (the default). 6 Click OK to close the window.
P-660H/HW/W-T Series User’ Guide Figure 228 Security Settings - Java Scripting 38.4.1.3 Java Permissions 1 From Internet Explorer, click Tools, Internet Options and then the Security tab. 2 Click the Custom Level... button. 3 Scroll down to Microsoft VM. 4 Under Java permissions make sure that a safety level is selected. 5 Click OK to close the window.
P-660H/HW/W-T Series User’ Guide Figure 229 Security Settings - Java 38.4.1.3.1 JAVA (Sun) 1 From Internet Explorer, click Tools, Internet Options and then the Advanced tab. 2 make sure that Use Java 2 for
P-660H/HW/W-T Series User’ Guide Figure 230 Java (Sun) 38.4.2 ActiveX Controls in Internet Explorer If ActiveX is disabled, you will not be able to download ActiveX controls or to use Trend Micro Security Services. Make sure that ActiveX controls are allowed in Internet Explorer. Screen shots for Internet Explorer 6 are shown. Steps may vary depending on your version of Internet Explorer. 1 In Internet Explorer, click Tools, Internet Options and then the Security tab.
P-660H/HW/W-T Series User’ Guide Figure 231 Internet Options Security 3 Scroll down to ActiveX controls and plug-ins. 4 Under Download signed ActiveX controls select the Prompt radio button. 5 Under Run ActiveX controls and plug-ins make sure the Enable radio button is selected. 6 Then click the OK button.
P-660H/HW/W-T Series User’ Guide Figure 232 Security Setting ActiveX Controls 353 Chapter 38 Troubleshooting
P-660H/HW/W-T Series User’ Guide Appendix A Product Specifications See also the Introduction chapter for a general overview of the key features. Specification Tables Table 122 Device Appendix A Default IP Address 192.168.1.1 Default Subnet Mask 255.255.255.0 (24 bits) Default Password 1234 DHCP Pool 192.168.1.32 to 192.168.1.
P-660H/HW/W-T Series User’ Guide Table 123 Firmware ADSL Standards Multi-Mode standard (ANSI T1.413,Issue 2; G.dmt(G.992.1); G.lite(G992.2)). ADSL2 G.dmt.bis (G.992.3) ADSL2 G.lite.bis (G.992.4) ADSL2+ (G.992.
P-660H/HW/W-T Series User’ Guide Table 123 Firmware (continued) Appendix A Firewall Stateful Packet Inspection. Prevent Denial of Service attacks such as Ping of Death, SYN Flood, LAND, Smurf etc. Real time E-mail alerts. Reports and logs. NAT/SUA Port Forwarding 1024 NAT sessions Multimedia application PPTP under NAT/SUA IPSec passthrough SIP ALG passthrough VPN passthrough Content Filtering Web page blocking by URL keyword.
P-660H/HW/W-T Series User’ Guide 357 Appendix A
P-660H/HW/W-T Series User’ Guide APPENDIX B Wall-mounting Instructions Do the following to hang your Prestige on a wall. Note: See the product specifications appendix for the size of screws to use and how far apart to place them. 1 Locate a high position on wall that is free of obstructions. Use a sturdy wall. 2 Drill two holes for the screws. Make sure the distance between the centers of the holes matches what is listed in the product specifications appendix.
P-660H/HW/W-T Series User’ Guide 359 Appendix B
P-660H/HW/W-T Series User’ Guide Appendix C Setting up Your Computer’s IP Address All computers must have a 10M or 100M Ethernet adapter card and TCP/IP installed. Windows 95/98/Me/NT/2000/XP, Macintosh OS 7 and later operating systems and all versions of UNIX/LINUX include the software components you need to install and use TCP/ IP on your computer. Windows 3.1 requires the purchase of a third-party TCP/IP application package.
P-660H/HW/W-T Series User’ Guide Figure 233 WIndows 95/98/Me: Network: Configuration Installing Components The Network window Configuration tab displays a list of installed components. You need a network adapter, the TCP/IP protocol and Client for Microsoft Networks. If you need the adapter: 1 In the Network window, click Add. 2 Select Adapter and then click Add. 3 Select the manufacturer and model of your network adapter and then click OK. If you need TCP/IP: 1 In the Network window, click Add.
P-660H/HW/W-T Series User’ Guide 3 Select Microsoft from the list of manufacturers. 4 Select Client for Microsoft Networks from the list of network clients and then click OK. 5 Restart your computer so the changes you made take effect. Configuring 1 In the Network window Configuration tab, select your network adapter's TCP/IP entry and click Properties 2 Click the IP Address tab. • If your IP address is dynamic, select Obtain an IP address automatically.
P-660H/HW/W-T Series User’ Guide Figure 235 Windows 95/98/Me: TCP/IP Properties: DNS Configuration 4 Click the Gateway tab. • If you do not know your gateway’s IP address, remove previously installed gateways. • If you have a gateway IP address, type it in the New gateway field and click Add. 5 Click OK to save and close the TCP/IP Properties window. 6 Click OK to close the Network window. Insert the Windows CD if prompted. 7 Turn on your Prestige and restart your computer when prompted.
P-660H/HW/W-T Series User’ Guide Figure 236 Windows XP: Start Menu 2 In the Control Panel, double-click Network Connections (Network and Dial-up Connections in Windows 2000/NT). Figure 237 Windows XP: Control Panel 3 Right-click Local Area Connection and then click Properties.
P-660H/HW/W-T Series User’ Guide Figure 238 Windows XP: Control Panel: Network Connections: Properties 4 Select Internet Protocol (TCP/IP) (under the General tab in Win XP) and then click Properties. Figure 239 Windows XP: Local Area Connection Properties 5 The Internet Protocol TCP/IP Properties window opens (the General tab in Windows XP). • If you have a dynamic IP address click Obtain an IP address automatically.
P-660H/HW/W-T Series User’ Guide • Click Advanced. Figure 240 Windows XP: Internet Protocol (TCP/IP) Properties 6 If you do not know your gateway's IP address, remove any previously installed gateways in the IP Settings tab and click OK. Do one or more of the following if you want to configure additional IP addresses: • In the IP Settings tab, in IP addresses, click Add. • In TCP/IP Address, type an IP address in IP address and a subnet mask in Subnet mask, and then click Add.
P-660H/HW/W-T Series User’ Guide Figure 241 Windows XP: Advanced TCP/IP Properties 7 In the Internet Protocol TCP/IP Properties window (the General tab in Windows XP): • Click Obtain DNS server address automatically if you do not know your DNS server IP address(es). • If you know your DNS server IP address(es), click Use the following DNS server addresses, and type them in the Preferred DNS server and Alternate DNS server fields.
P-660H/HW/W-T Series User’ Guide Figure 242 Windows XP: Internet Protocol (TCP/IP) Properties 8 Click OK to close the Internet Protocol (TCP/IP) Properties window. 9 Click Close (OK in Windows 2000/NT) to close the Local Area Connection Properties window. 10 Close the Network Connections window (Network and Dial-up Connections in Windows 2000/NT). 11Turn on your Prestige and restart your computer (if prompted). Verifying Settings 1 Click Start, All Programs, Accessories and then Command Prompt.
P-660H/HW/W-T Series User’ Guide Figure 243 Macintosh OS 8/9: Apple Menu 2 Select Ethernet built-in from the Connect via list. Figure 244 Macintosh OS 8/9: TCP/IP 3 For dynamically assigned settings, select Using DHCP Server from the Configure: list.
P-660H/HW/W-T Series User’ Guide 4 For statically assigned settings, do the following: • • • • From the Configure box, select Manually. Type your IP address in the IP Address box. Type your subnet mask in the Subnet mask box. Type the IP address of your Prestige in the Router address box. 5 Close the TCP/IP Control Panel. 6 Click Save if prompted, to save changes to your configuration. 7 Turn on your Prestige and restart your computer (if prompted).
P-660H/HW/W-T Series User’ Guide Figure 246 Macintosh OS X: Network 4 For statically assigned settings, do the following: • • • • From the Configure box, select Manually. Type your IP address in the IP Address box. Type your subnet mask in the Subnet mask box. Type the IP address of your Prestige in the Router address box. 5 Click Apply Now and close the window. 6 Turn on your Prestige and restart your computer (if prompted). Verifying Settings Check your TCP/IP properties in the Network window.
P-660H/HW/W-T Series User’ Guide Note: Make sure you are logged in as the root administrator. Using the K Desktop Environment (KDE) Follow the steps below to configure your computer IP address using the KDE. 1 Click the Red Hat button (located on the bottom left corner), select System Setting and click Network. Figure 247 Red Hat 9.0: KDE: Network Configuration: Devices 2 Double-click on the profile of the network card you wish to configure. The Ethernet Device General screen displays as shown.
P-660H/HW/W-T Series User’ Guide • If you have a dynamic IP address click Automatically obtain IP address settings with and select dhcp from the drop down list. • If you have a static IP address click Statically set IP Addresses and fill in the Address, Subnet mask, and Default Gateway Address fields. 3 Click OK to save the changes and close the Ethernet Device General screen. 4 If you know your DNS server IP address(es), click the DNS tab in the Network Configuration screen.
P-660H/HW/W-T Series User’ Guide 1 Assuming that you have only one network card on the computer, locate the ifconfigeth0 configuration file (where eth0 is the name of the Ethernet card). Open the configuration file with any plain text editor. • If you have a dynamic IP address, enter dhcp in the BOOTPROTO= field. The following figure shows an example. Figure 251 Red Hat 9.
P-660H/HW/W-T Series User’ Guide Figure 254 Red Hat 9.0: Restart Ethernet Card [root@localhost init.d]# network restart Shutting down interface eth0: Shutting down loopback interface: Setting network parameters: Bringing up loopback interface: Bringing up interface eth0: [OK] [OK] [OK] [OK] [OK] Verifying Settings Enter ifconfig in a terminal screen to check your TCP/IP properties. Figure 255 Red Hat 9.
P-660H/HW/W-T Series User’ Guide Appendix D IP Subnetting IP Addressing Routers “route” based on the network number. The router that delivers the data packet to the correct destination host uses the host ID. IP Classes An IP address is made up of four octets (eight bits), written in dotted decimal notation, for example, 192.168.1.1. IP addresses are categorized into different classes. The class of an address depends on the value of its first octet. • Class “A” addresses have a 0 in the left most bit.
P-660H/HW/W-T Series User’ Guide Since the first octet of a class “A” IP address must contain a “0”, the first octet of a class “A” address can have a value of 0 to 127. Similarly the first octet of a class “B” must begin with “10”, therefore the first octet of a class “B” address has a valid range of 128 to 191. The first octet of a class “C” address begins with “110”, and therefore has a range of 192 to 223.
P-660H/HW/W-T Series User’ Guide Since the mask is always a continuous number of ones beginning from the left, followed by a continuous number of zeros for the remainder of the 32 bit mask, you can simply specify the number of ones instead of writing the value of each octet. This is usually specified by writing a “/” followed by the number of bits in the mask after the address. For example, 192.1.1.0 /25 is equivalent to saying 192.1.1.0 with mask 255.255.255.128.
P-660H/HW/W-T Series User’ Guide Note: In the following charts, shaded/bolded last octet bit values indicate host ID bits “borrowed” to form network ID bits. The number of “borrowed” host ID bits determines the number of subnets you can have. The remaining number of host ID bits (after “borrowing”) determines the number of hosts you can have on each subnet. Table 129 Subnet 1 IP/SUBNET MASK NETWORK NUMBER LAST OCTET BIT VALUE IP Address 192.168.1. 0 IP Address (Binary) 11000000.10101000.00000001.
P-660H/HW/W-T Series User’ Guide Example: Four Subnets The above example illustrated using a 25-bit subnet mask to divide a class “C” address space into two subnets. Similarly to divide a class “C” address into four subnets, you need to “borrow” two host ID bits to give four possible combinations of 00, 01, 10 and 11. The subnet mask is 26 bits (11111111.11111111.11111111.11000000) or 255.255.255.192.
P-660H/HW/W-T Series User’ Guide Table 134 Subnet 4 IP/SUBNET MASK NETWORK NUMBER LAST OCTET BIT VALUE IP Address 192.168.1. 192 IP Address (Binary) 11000000.10101000.00000001. 11000000 Subnet Mask (Binary) 11111111.11111111.11111111. 11000000 Subnet Address: 192.168.1.192 Lowest Host ID: 192.168.1.193 Broadcast Address: 192.168.1.255 Highest Host ID: 192.168.1.254 Example Eight Subnets Similarly use a 27-bit mask to create 8 subnets (001, 010, 011, 100, 101, 110).
P-660H/HW/W-T Series User’ Guide Subnetting With Class A and Class B Networks. For class “A” and class “B” addresses the subnet mask also determines which bits are part of the network number and which are part of the host ID. A class “B” address has two host ID octets available for subnetting and a class “A” address has three host ID octets (see Table 124 on page 376) available for subnetting. The following table is a summary for class “B” subnet planning. Table 137 Class B Subnet Planning Appendix D NO.
P-660H/HW/W-T Series User’ Guide 383 Appendix D
P-660H/HW/W-T Series User’ Guide Appendix E Boot Commands The BootModule AT commands execute from within the router’s bootup software, when debug mode is selected before the main router firmware is started. When you start up your Prestige, you are given a choice to go into debug mode by pressing a key at the prompt shown in the following screen. In debug mode you have access to a series of boot module commands, for example ATUR (for uploading firmware) and ATLC (for uploading the configuration file).
P-660H/HW/W-T Series User’ Guide Figure 257 Boot Module Commands AT just answer OK ATHE print help ATBAx change baudrate. 1:38.4k, 2:19.2k, 3:9.6k 4:57.6k 5:115.
P-660H/HW/W-T Series User’ Guide Appendix F Command Interpreter The following describes how to use the command interpreter. Enter 24 in the main menu to bring up the system maintenance menu. Enter 8 to go to Menu 24.8 - Command Interpreter Mode. See the included disk or zyxel.com for more detailed information on these commands. Note: Use of undocumented commands or misconfiguration can damage the unit and possibly render it unusable. Command Syntax • • • • • The command keywords are in courier new font.
P-660H/HW/W-T Series User’ Guide 387 Appendix F
P-660H/HW/W-T Series User’ Guide Appendix G Firewall Commands The following describes the firewall commands. Table 138 Firewall Commands FUNCTION COMMAND DESCRIPTION config edit firewall active This command turns the firewall on or off. config retrieve firewall This command returns the previously saved firewall settings. config save firewall This command saves the current firewall settings.
P-660H/HW/W-T Series User’ Guide Table 138 Firewall Commands (continued) FUNCTION Attack 389 COMMAND DESCRIPTION config edit firewall e-mail return-addr This command sets the source e-mail address of the firewall e-mails. config edit firewall e-mail email-to This command sets the e-mail address to which the firewall e-mails are sent.
P-660H/HW/W-T Series User’ Guide Table 138 Firewall Commands (continued) FUNCTION Sets Appendix G COMMAND DESCRIPTION config edit firewall attack minute-low <0-255> This command sets the threshold of half-open sessions where the Prestige stops deleting half-opened sessions. config edit firewall attack max-incomplete-high <0-255> This command sets the threshold of half-open sessions where the Prestige starts deleting old half-opened sessions until it gets them down to the max incomplete low.
P-660H/HW/W-T Series User’ Guide Table 138 Firewall Commands (continued) FUNCTION Rules 391 COMMAND DESCRIPTION Config edit firewall set log This command sets whether or not the Prestige creates logs for packets that match the firewall’s default rule set. Config edit firewall set rule permit This command sets whether packets that match this rule are dropped or allowed through.
P-660H/HW/W-T Series User’ Guide Table 138 Firewall Commands (continued) FUNCTION COMMAND DESCRIPTION config edit firewall set rule destaddrrange This command sets a rule to have the Prestige check for traffic going to this range of addresses. config edit firewall set rule TCP destportsingle This command sets a rule to have the Prestige check for TCP traffic with this destination address.
P-660H/HW/W-T Series User’ Guide 393 Appendix G
P-660H/HW/W-T Series User’ Guide Appendix H NetBIOS Filter Commands The following describes the NetBIOS packet filter commands. Introduction NetBIOS (Network Basic Input/Output System) are TCP or UDP broadcast packets that enable a computer to connect to and communicate with a LAN. For some dial-up services such as PPPoE or PPTP, NetBIOS packets cause unwanted calls.
P-660H/HW/W-T Series User’ Guide The filter types and their default settings are as follows. Table 139 NetBIOS Filter Default Settings NAME DESCRIPTION Between LAN and WAN This field displays whether NetBIOS packets are blocked or forwarded Block between the LAN and the WAN. Between LAN and DMZ This field displays whether NetBIOS packets are blocked or forwarded Block between the LAN and the DMZ.
P-660H/HW/W-T Series User’ Guide Appendix H sys filter netbios config 3 on This command blocks IPSec NetBIOS packets. sys filter netbios config 4 off This command stops NetBIOS commands from initiating calls.
P-660H/HW/W-T Series User’ Guide 397 Appendix H
P-660H/HW/W-T Series User’ Guide Appendix I Splitters and Microfilters This appendix tells you how to install a POTS splitter or a telephone microfilter. Connecting a POTS Splitter When you use the Full Rate (G.dmt) ADSL standard, you can use a POTS (Plain Old Telephone Service) splitter to separate the telephone and ADSL signals. This allows simultaneous Internet access and telephone service on the same line. A splitter also eliminates the destructive interference conditions caused by telephone sets.
P-660H/HW/W-T Series User’ Guide 1 Connect a phone cable from the wall jack to the single jack end of the Y- Connector. 2 Connect a cable from the double jack end of the Y-Connector to the “wall side” of the microfilter. 3 Connect another cable from the double jack end of the Y-Connector to the Prestige. 4 Connect the “phone side” of the microfilter to your telephone as shown in the following figure.
P-660H/HW/W-T Series User’ Guide Appendix I 400
P-660H/HW/W-T Series User’ Guide 401 Appendix I
P-660H/HW/W-T Series User’ Guide Appendix J PPPoE PPPoE in Action An ADSL modem bridges a PPP session over Ethernet (PPP over Ethernet, RFC 2516) from your computer to an ATM PVC (Permanent Virtual Circuit) which connects to a DSL Access Concentrator where the PPP session terminates (see Figure 261 on page 403). One PVC can support any number of PPP sessions from your LAN. PPPoE provides access control and billing functionality in a manner similar to dial-up services using PPP.
P-660H/HW/W-T Series User’ Guide Figure 261 Single-Computer per Router Hardware Configuration How PPPoE Works The PPPoE driver makes the Ethernet appear as a serial link to the computer and the computer runs PPP over it, while the modem bridges the Ethernet frames to the Access Concentrator (AC). Between the AC and an ISP, the AC is acting as a L2TP (Layer 2 Tunneling Protocol) LAC (L2TP Access Concentrator) and tunnels the PPP frames to the ISP.
P-660H/HW/W-T Series User’ Guide Appendix K Log Descriptions This appendix provides descriptions of example log messages. Table 140 System Maintenance Logs LOG MESSAGE DESCRIPTION Time calibration is successful The router has adjusted its time based on information from the time server. Time calibration failed The router failed to get information from the time server. WAN interface gets IP:%s A WAN interface got a new IP address from the DHCP, PPPoE, PPTP or dial-up server.
P-660H/HW/W-T Series User’ Guide Table 140 System Maintenance Logs (continued) LOG MESSAGE DESCRIPTION Configuration Change: PC = 0x%x, Task ID = 0x%x The router is saving configuration changes. Successful SSH login Someone has logged on to the router’s SSH server. SSH login failed Someone has failed to log on to the router’s SSH server. Successful HTTPS login Someone has logged on to the router's web configurator interface using HTTPS protocol.
P-660H/HW/W-T Series User’ Guide Table 143 TCP Reset Logs LOG MESSAGE DESCRIPTION Under SYN flood attack, sent TCP RST The router sent a TCP reset packet when a host was under a SYN flood attack (the TCP incomplete count is per destination host.) Exceed TCP MAX incomplete, sent TCP RST The router sent a TCP reset packet when the number of TCP incomplete connections exceeded the user configured threshold. (the TCP incomplete count is per destination host.
P-660H/HW/W-T Series User’ Guide Table 145 ICMP Logs LOG MESSAGE DESCRIPTION Firewall default policy: ICMP , , ICMP access matched the default policy and was blocked or forwarded according to the user's setting. For type and code details, see Table 157 on page 416.
P-660H/HW/W-T Series User’ Guide Table 147 PPP Logs (continued) LOG MESSAGE DESCRIPTION ppp:LCP Closing The PPP connection’s Link Control Protocol stage is closing. ppp:IPCP Closing The PPP connection’s Internet Protocol Control Protocol stage is closing. Table 148 UPnP Logs LOG MESSAGE DESCRIPTION UPnP pass through Firewall UPnP packets can pass through the firewall.
P-660H/HW/W-T Series User’ Guide Table 149 Content Filtering Logs (continued) LOG MESSAGE DESCRIPTION Connecting to content filter server fail The connection to the external content filtering server failed. License key is invalid The external content filtering license key is invalid. Table 150 Attack Logs 409 LOG MESSAGE DESCRIPTION attack [TCP | UDP | IGMP | ESP | GRE | OSPF] The firewall detected a TCP/UDP/IGMP/ESP/GRE/OSPF attack.
P-660H/HW/W-T Series User’ Guide Table 151 IPSec Logs LOG MESSAGE DESCRIPTION Discard REPLAY packet The router received and discarded a packet with an incorrect sequence number. Inbound packet authentication failed The router received a packet that has been altered. A third party may have altered or tampered with the packet. Receive IPSec packet, but no corresponding tunnel exists The router dropped an inbound packet for which SPI could not find a corresponding phase 2 SA.
P-660H/HW/W-T Series User’ Guide Table 152 IKE Logs (continued) 411 LOG MESSAGE DESCRIPTION Cannot resolve Secure Gateway Addr for rule <%d> The router couldn’t resolve the IP address from the domain name that was used for the secure gateway address. Peer ID: - The displayed ID information did not match between the two ends of the connection. vs.
P-660H/HW/W-T Series User’ Guide Table 152 IKE Logs (continued) LOG MESSAGE DESCRIPTION XAUTH fail! Username: The router was not able to use extended authentication to authenticate the listed username. Rule[%d] Phase 1 negotiation mode mismatch The listed rule’s IKE phase 1 negotiation mode did not match between the router and the peer. Rule [%d] Phase 1 encryption algorithm mismatch The listed rule’s IKE phase 1 encryption algorithm did not match between the router and the peer.
P-660H/HW/W-T Series User’ Guide Table 152 IKE Logs (continued) LOG MESSAGE DESCRIPTION Rule [%d] phase 2 mismatch The listed rule’s IKE phase 2 did not match between the router and the peer. Rule [%d] Phase 2 key length mismatch The listed rule’s IKE phase 2 key lengths (with the AES encryption algorithm) did not match between the router and the peer. Table 153 PKI Logs 413 LOG MESSAGE DESCRIPTION Enrollment successful The SCEP online certificate enrollment was successful.
P-660H/HW/W-T Series User’ Guide Table 153 PKI Logs (continued) LOG MESSAGE DESCRIPTION Rcvd data too large! Max size allowed: The router received directory data that was too large (the size is listed) from the LDAP server whose address and port are recorded in the Source field. The maximum size of directory data that the router allows is also recorded. Cert trusted: The router has verified the path of the certificate with the listed subject name.
P-660H/HW/W-T Series User’ Guide Table 154 Certificate Path Verification Failure Reason Codes (continued) CODE DESCRIPTION 26 Database method failed. 27 Path was not verified. 28 Maximum path length reached. Table 155 802.1X Logs LOG MESSAGE DESCRIPTION Local User Database accepts user. A user was authenticated by the local user database. Local User Database reports user credential error. A user was not authenticated by the local user database because of an incorrect user password.
P-660H/HW/W-T Series User’ Guide Table 156 ACL Setting Notes PACKET DIRECTION DIRECTION DESCRIPTION (L to W) LAN to WAN ACL set for packets traveling from the LAN to the WAN. (W to L) WAN to LAN ACL set for packets traveling from the WAN to the LAN. (D to L) DMZ to LAN ACL set for packets traveling from the DMZ to the LAN. (D to W) DMZ to WAN ACL set for packets traveling from the DMZ to the WAN. (W to D) WAN to DMZ ACL set for packets traveling from the WAN to the DMZ.
P-660H/HW/W-T Series User’ Guide Table 157 ICMP Notes (continued) TYPE CODE DESCRIPTION Time Exceeded 11 0 Time to live exceeded in transit 1 Fragment reassembly time exceeded Parameter Problem 12 0 Pointer indicates the error Timestamp 13 0 Timestamp request message Timestamp Reply 14 0 Timestamp reply message Information Request 15 0 Information request message Information Reply 16 0 Information reply message Table 158 Syslog Logs LOG MESSAGE DESCRIPTION Mon dd h
P-660H/HW/W-T Series User’ Guide Table 159 RFC-2408 ISAKMP Payload Types (continued) LOG DISPLAY PAYLOAD TYPE SIG Signature NONCE Nonce NOTFY Notification DEL Delete VID Vendor ID Log Commands Go to the command interpreter interface. Configuring What You Want the Prestige to Log 1 Use the sys logs load command to load the log setting buffer that allows you to configure which logs the Prestige is to record. 2 Use sys logs category to view a list of the log categories.
P-660H/HW/W-T Series User’ Guide Use 0 to not record logs for that category, 1 to record only logs for that category, 2 to record only alerts for that category, and 3 to record both logs and alerts for that category. Not every parameter is available with every category. 5 Step 5.Use the sys logs save command to store the settings in the Prestige (you must do this in order to record logs). Displaying Logs • Use the sys logs display command to show all of the logs in the Prestige’s log.
P-660H/HW/W-T Series User’ Guide Appendix L Wireless LANs Wireless LAN Topologies This section discusses ad-hoc and infrastructure wireless LAN topologies. Ad-hoc Wireless LAN Configuration The simplest WLAN configuration is an independent (Ad-hoc) WLAN that connects a set of computers with wireless stations (A, B, C).
P-660H/HW/W-T Series User’ Guide Figure 266 Basic Service Set ESS An Extended Service Set (ESS) consists of a series of overlapping BSSs, each containing an access point, with each access point connected together by a wired network. This wired connection between APs is called a Distribution System (DS). This type of wireless LAN topology is called an Infrastructure WLAN.
P-660H/HW/W-T Series User’ Guide Figure 267 Infrastructure WLAN Channel A channel is the radio frequency(ies) used by IEEE 802.11a/b/g wireless devices. Channels available depend on your geographical area. You may have a choice of channels (for your region) so you should use a different channel than an adjacent AP (access point) to reduce interference. Interference occurs when radio signals from different access points overlap causing interference and degrading performance.
P-660H/HW/W-T Series User’ Guide Figure 268 RTS/CTS When station A sends data to the AP, it might not know that the station B is already using the channel. If these two stations send data at the same time, collisions may occur when both sets of data arrive at the AP at the same time, resulting in a loss of messages for both stations. RTS/CTS is designed to prevent collisions due to hidden nodes.
P-660H/HW/W-T Series User’ Guide A large Fragmentation Threshold is recommended for networks not prone to interference while you should set a smaller threshold for busy networks or networks that are prone to interference. If the Fragmentation Threshold value is smaller than the RTS/CTS value (see previously) you set then the RTS (Request To Send)/CTS (Clear to Send) handshake will never occur as data frames will be fragmented before they reach RTS/CTS size.
P-660H/HW/W-T Series User’ Guide IEEE 802.1x In June 2001, the IEEE 802.1x standard was designed to extend the features of IEEE 802.11 to support extended authentication as well as providing additional accounting and control features. It is supported by Windows XP and a number of network devices. Some advantages of IEEE 802.1x are: • User based identification that allows for roaming.
P-660H/HW/W-T Series User’ Guide • Access-Challenge Sent by a RADIUS server requesting more information in order to allow access. The access point sends a proper response from the user and then sends another AccessRequest message. The following types of RADIUS messages are exchanged between the access point and the RADIUS server for user accounting: • Accounting-Request Sent by the access point requesting accounting.
P-660H/HW/W-T Series User’ Guide EAP-TLS (Transport Layer Security) With EAP-TLS, digital certifications are needed by both the server and the wireless stations for mutual authentication. The server presents a certificate to the client. After validating the identity of the server, the client sends a different certificate to the server. The exchange of certificates is done in the open before a secured tunnel is created. This makes user identity vulnerable to passive attacks.
P-660H/HW/W-T Series User’ Guide For added security, certificate-based authentications (EAP-TLS, EAP-TTLS and PEAP) use dynamic keys for data encryption. They are often deployed in corporate environments, but for public deployment, a simple user name and password pair is more practical. The following table is a comparison of the features of authentication types.
P-660H/HW/W-T Series User’ Guide The Message Integrity Check (MIC) is designed to prevent an attacker from capturing data packets, altering them and resending them. The MIC provides a strong mathematical function in which the receiver and the transmitter each compute and then compare the MIC. If they do not match, it is assumed that the data has been tampered with and the packet is dropped.
P-660H/HW/W-T Series User’ Guide APPENDIX M Internal SPTGEN Internal SPTGEN Overview Internal SPTGEN (System Parameter Table Generator) is a configuration text file useful for efficient configuration of multiple Prestiges. Internal SPTGEN lets you configure, save and upload multiple menus at the same time using just one configuration text file – eliminating the need to navigate and configure individual SMT menus for each Prestige.
P-660H/HW/W-T Series User’ Guide Some parameters are dependent on others. For example, if you disable the Configured field in menu 1 (see Figure 269 on page 430), then you disable every field in this menu. If you enter a parameter that is invalid in the Input column, the Prestige will not save the configuration and the command line will display the Field Identification Number.
P-660H/HW/W-T Series User’ Guide Figure 272 Internal SPTGEN FTP Download Example c:\ftp 192.168.1.1 220 PPP FTP version 1.0 ready at Sat Jan 1 03:22:12 2000 User (192.168.1.1:(none)): 331 Enter PASS command Password: 230 Logged in ftp>bin 200 Type I OK ftp> get rom-t ftp>bye c:\edit rom-t (edit the rom-t text file by a text editor and save it) Note: You can rename your “rom-t” file when you save it to your computer but it must be named “rom-t” when you upload it to your Prestige.
P-660H/HW/W-T Series User’ Guide Table 163 Abbreviations Used in the Example Internal SPTGEN Screens Table (continued) ABBREVIATION MEANING PVA Parameter Values Allowed INPUT An example of what you may enter * Applies to the Prestige. The following are Internal SPTGEN screens associated with the SMT screens of your Prestige.
P-660H/HW/W-T Series User’ Guide Table 165 Menu 3 (SMT Menu 3 (continued)) FIN FN PVA INPUT 30200001 = DHCP <0(None) | 1(Server) | 2(Relay)> = 0 30200002 = Client IP Pool Starting Address = 192.168.1.33 30200003 = Size of Client IP Pool = 32 30200004 = Primary DNS Server = 0.0.0.0 30200005 = Secondary DNS Server = 0.0.0.0 30200006 = Remote DHCP Server = 0.0.0.0 30200008 = IP Address = 172.21.2.
P-660H/HW/W-T Series User’ Guide Table 165 Menu 3 (SMT Menu 3 (continued)) 30201008 = IP Alias #1 Incoming protocol filters Set 3 = 256 30201009 = IP Alias #1 Incoming protocol filters Set 4 = 256 30201010 = IP Alias #1 Outgoing protocol filters Set 1 = 256 30201011 = IP Alias #1 Outgoing protocol filters Set 2 = 256 30201012 = IP Alias #1 Outgoing protocol filters Set 3 = 256 30201013 = IP Alias #1 Outgoing protocol filters Set 4 = 256 30201014 = IP Alias 2 <0(No) | 1(Yes)> = 0 302010
P-660H/HW/W-T Series User’ Guide Table 165 Menu 3 (SMT Menu 3 (continued)) 30500004 = RTS Threshold <0 ~ 2432> = 2432 30500005 = FRAG. Threshold <256 ~ 2432> = 2432 30500006 = WEP <0(DISABLE) | 1(64-bit WEP) | 2(128-bit WEP)> = 0 30500007 = Default Key 30500008 = WEP Key1 = 30500009 = WEP Key2 = 30500010 = WEP Key3 = 30500011 = WEP Key4 = 30500012 = Wlan Active <1|2|3|4> = 0 <0(Disable) | 1(Enable)> = 0 */ MENU 3.5.1 WLAN MAC ADDRESS FILTER (SMT MENU 3.5.
P-660H/HW/W-T Series User’ Guide Table 166 Menu 4 Internet Access Setup (SMT Menu 4) (continued) 437 40000002 = Active <0(No) | 1(Yes)> = 1 40000003 = ISP's Name 40000004 = Encapsulation <2(PPPOE) | 3(RFC 1483)| 4(PPPoA )| 5(ENET ENCAP)> = 2 40000005 = Multiplexing <1(LLC-based) | 2(VC-based) = 1 40000006 = VPI # 40000007 = VCI # 40000008 = Service Name = any 40000009 = My Login = test@pqa 40000010 = My Password = 1234 40000011 = Single User Account <0(No
P-660H/HW/W-T Series User’ Guide Table 166 Menu 4 Internet Access Setup (SMT Menu 4) (continued) 40000032= RIP Version <0(Rip-1) | 1(Rip-2B) |2(Rip-2M)> = 0 40000033= Nailed-up Connection <0(No) |1(Yes)> = 0 Table 167 Menu 12 (SMT Menu 12) / Menu 12.1.1 IP Static Route Setup (SMT Menu 12.1.1) FIN FN PVA INPUT 120101001 = IP Static Route set #1, Name = 120101002 = IP Static Route set #1, Active <0(No) |1(Yes)> = 0 120101003 = IP Static Route set #1, Destination IP address = 0.0.
P-660H/HW/W-T Series User’ Guide Table 167 Menu 12 (SMT Menu 12) (continued) / Menu 12.1.4 IP Static Route Setup (SMT Menu 12.1.4) FIN FN PVA INPUT 120104001 = IP Static Route set #4, Name = 120104002 = IP Static Route set #4, Active <0(No) |1(Yes)> = 0 120104003 = IP Static Route set #4, Destination IP address = 0.0.0.0 120104004 = IP Static Route set #4, Destination IP subnetmask = 0 120104005 = IP Static Route set #4, Gateway = 0.0.0.
P-660H/HW/W-T Series User’ Guide Table 167 Menu 12 (SMT Menu 12) (continued) 120107006 = IP Static Route set #7, Metric 120107007 = IP Static Route set #7, Private = 0 <0(No) |1(Yes)> = 0 / Menu 12.1.8 IP Static Route Setup (SMT Menu 12.1.8) FIN FN PVA INPUT 120108001 = IP Static Route set #8, Name = 120108002 = IP Static Route set #8, Active <0(No) |1(Yes)> = 0 120108003 = IP Static Route set #8, Destination IP address = 0.0.0.
P-660H/HW/W-T Series User’ Guide Table 167 Menu 12 (SMT Menu 12) (continued) 120111004 = IP Static Route set #11, Destination IP subnetmask = 0 120111005 = IP Static Route set #11, Gateway = 0.0.0.0 120111006 = IP Static Route set #11, Metric = 0 120111007 = IP Static Route set #11, Private <0(No) |1(Yes)> = 0 */ Menu 12.1.12 IP Static Route Setup (SMT Menu 12.1.
P-660H/HW/W-T Series User’ Guide Table 167 Menu 12 (SMT Menu 12) (continued) 120115002 = IP Static Route set #15, Active <0(No) |1(Yes)> = 0 120115003 = IP Static Route set #15, Destination IP address = 0.0.0.0 120115004 = IP Static Route set #15, Destination IP subnetmask = 0 120115005 = IP Static Route set #15, Gateway = 0.0.0.0 120115006 = IP Static Route set #15, Metric 120115007 = IP Static Route set #15, Private = 0 <0(No) |1(Yes)> = 0 */ Menu 12.1.
P-660H/HW/W-T Series User’ Guide Table 168 Menu 15 SUA Server Setup (SMT Menu 15) (continued) 150000014 = SUA Server #4 Port Start = 0 150000015 = SUA Server #4 Port End = 0 150000016 = SUA Server #4 Local IP address = 0.0.0.
P-660H/HW/W-T Series User’ Guide Table 168 Menu 15 SUA Server Setup (SMT Menu 15) (continued) 150000048 = SUA Server #11 Protocol <0(All)|6(TCP)|17(U DP)> = 0 150000049 = SUA Server #11 Port Start = 0 150000050 = SUA Server #11 Port End = 0 150000051 = SUA Server #11 Local IP address = 0.0.0.
P-660H/HW/W-T Series User’ Guide Table 169 Menu 21.1 Filter Set #1 (SMT Menu 21.1) (continued) / Menu 21.1.1.2 set #1, rule #2 (SMT Menu 21.1.1.2) FIN FN PVA INPUT 210102001 = IP Filter Set 1,Rule 2 Type <2(TCP/IP)> = 2 210102002 = IP Filter Set 1,Rule 2 Active <0(No)|1(Yes)> = 1 210102003 = IP Filter Set 1,Rule 2 Protocol = 6 210102004 = IP Filter Set 1,Rule 2 Dest IP address = 0.0.0.
P-660H/HW/W-T Series User’ Guide Table 169 Menu 21.1 Filter Set #1 (SMT Menu 21.1) (continued) 210103013 = IP Filter Set 1,Rule 3 Act Match <1(check next)|2(forward)| 3(drop) = 3 210103014 = IP Filter Set 1,Rule 3 Act Not Match <1(check next)|2(forward)| 3(drop) = 1 / Menu 21.1.1.4 set #1, rule #4 (SMT Menu 21.1.1.
P-660H/HW/W-T Series User’ Guide Table 169 Menu 21.1 Filter Set #1 (SMT Menu 21.1) (continued) 210105009 = IP Filter Set 1,Rule 5 Src Subnet Mask = 0 210105010 = IP Filter Set 1,Rule 5 Src Port 210105011 = IP Filter Set 1,Rule 5 Src Port Comp <0(none)|1(equal) |2(not equal)|3(less)|4( greater)> = 0 210105013 = IP Filter Set 1,Rule 5 Act Match <1(check next)|2(forward)| 3(drop)> = 3 210105014 = IP Filter Set 1,Rule 5 Act Not Match <1(Check Next) |2(Forward)|3(Dro p)> = 1 = 0 / Menu 21.1.1.
P-660H/HW/W-T Series User’ Guide Table 170 Menu 21.1 Filer Set #2, (SMT Menu 21.1) (continued) / Menu 21.1.2.1 Filter set #2, rule #1 (SMT Menu 21.1.2.1) FIN FN PVA 210201001 = IP Filter Set 2, Rule 1 Type <0(none)|2(TCP/IP)> = 2 INPUT 210201002 = IP Filter Set 2, Rule 1 Active <0(No)|1(Yes)> 210201003 = IP Filter Set 2, Rule 1 Protocol = 6 210201004 = IP Filter Set 2, Rule 1 Dest IP address = 0.0.0.
P-660H/HW/W-T Series User’ Guide Table 170 Menu 21.1 Filer Set #2, (SMT Menu 21.1) (continued) 210202009 = IP Filter Set 2, Rule 2 Src Subnet Mask = 0 210202010 = IP Filter Set 2,Rule 2 Src Port = 0 210202011 = IP Filter Set 2, Rule 2 Src Port Comp <0(none)|1(equal)|2 = 0 (not equal)|3(less)|4(gr eater)> 210202013 = IP Filter Set 2, Rule 2 Act Match <1(check = 3 next)|2(forward)|3( drop)> 210202014 = IP Filter Set 2, Rule 2 Act Not Match <1(check = 1 next)|2(forward)|3( drop)> / Menu 21.1.2.
P-660H/HW/W-T Series User’ Guide Table 170 Menu 21.1 Filer Set #2, (SMT Menu 21.1) (continued) 210204002 = IP Filter Set 2, Rule 4 Active <0(No)|1(Yes )> = 1 210204003 = IP Filter Set 2, Rule 4 Protocol = 17 210204004 = IP Filter Set 2, Rule 4 Dest IP address = 0.0.0.0 210204005 = IP Filter Set 2, Rule 4 Dest Subnet Mask = 0 210204006 = IP Filter Set 2, Rule 4 Dest Port = 137 210204007 = IP Filter Set 2, Rule 4 Dest Port Comp 210204008 = IP Filter Set 2, Rule 4 Src IP address = 0.0.0.
P-660H/HW/W-T Series User’ Guide Table 170 Menu 21.1 Filer Set #2, (SMT Menu 21.1) (continued) 210205011 = IP Filter Set 2, Rule 5 Src Port Comp <0(none)|1(equal)|2 = 0 (not equal)|3(less)|4(gr eater)> 210205013 = IP Filter Set 2, Rule 5 Act Match <1(check = 3 next)|2(forward)|3( drop)> 210205014 = IP Filter Set 2, Rule 5 Act Not Match <1(check = 1 next)|2(forward)|3( drop)> / Menu 21.1.2.6 Filter set #2, rule #6 (SMT Menu 21.1.2.
P-660H/HW/W-T Series User’ Guide Table 171 Menu 23 System Menus (SMT Menu 23) */ Menu 23.1 System Password Setup (SMT Menu 23.1) FIN FN PVA 230000000 = System Password INPUT = 1234 */ Menu 23.2 System security: radius server (SMT Menu 23.2) FIN FN PVA INPUT 230200001 = Authentication Server Configured <0(No) | 1(Yes)> = 1 230200002 = Authentication Server Active <0(No) | 1(Yes)> = 1 230200003 = Authentication Server IP Address = 192.168.1.
P-660H/HW/W-T Series User’ Guide Table 171 Menu 23 System Menus (SMT Menu 23) (continued) 230400008 = WPA Mixed Mode 230400009 = Data Privacy for Broadcast/ Multicast packets 230400010 = WPA Broadcast/Multicast Key Update Timer <0(Disable) |1(Enable)> <0(TKIP) |1(WEP)> = 0 = 0 = 0 Table 172 Menu 24.11 Remote Management Control (SMT Menu 24.11) / Menu 24.11 Remote Management Control (SMT Menu 24.
P-660H/HW/W-T Series User’ Guide Table 173 Command Examples (continued) FIN FN PVA INPUT FIN FN PVA INPUT 990000001 = ADSL OPMD <0(etsi)|1(normal) |2(gdmt)|3(multimo de)> = 3 Appendix M 454
P-660H/HW/W-T Series User’ Guide 455 Appendix M
P-660H/HW/W-T Series User’ Guide Index Numerics B 110V AC 5 230V AC 5 Backup 307 Backup Typ 100 Bandwidth Borrowing 187 bandwidth budget 182 bandwidth capacity 182 Bandwidth Class 182 bandwidth class 182 Bandwidth Filter 183 bandwidth filter 183 Bandwidth Management 182 Bandwidth Management Statistics 193 Bandwidth Manager Class Configuration 190 Bandwidth Manager Class Setup 190 Bandwidth Manager Monitor 194 Bandwidth Manager Summary 188 Basement 5 Blocking Time 150, 151 Borrow bandwidth from parent cl
P-660H/HW/W-T Series User’ Guide Precedence 338 Precedence Example 338 CBR (Continuous Bit Rate) 97 CDR 302 CDR (Call Detail Record) 301 Certificate Authority 427 Certifications 4 change password at login 49 Channel 422 Interference 422 Channel ID 227 CHAP 238 Charge 6 Circuit 3 Class B 3 Class Name 191 Collision 298 Command Interpreter Mode 318 Communications 3 Community 287 compact 45 compact guide 48 Compliance, FCC 3 Components 6 Computer Name 214 Condition 6 Conditions that prevent TFTP and FTP from w
P-660H/HW/W-T Series User’ Guide Dynamic WEP key exchange 82 dynamic WEP key exchange 293 DYNDNS Wildcard 114 E EAP 70 EAP Authentication 426 EAP authentication 292 ECHO 106 Electric Shock 5 Electrical Pipes 5 Electrocution 5 E-mail Log Example 180 embedded help 50 Encapsulated Routing Link Protocol (ENET ENCAP) 90 Encapsulation 90, 234, 237 ENET ENCAP 90 PPP over Ethernet 90 PPPoA 90 RFC 1483 91 Encryption 428 Equal Value 6 Error Log 300 ESS 421 ESSID (Extended Service Set Identification) 74 Ethernet 355
P-660H/HW/W-T Series User’ Guide G Gas Pipes 5 Gateway 248 Gateway Node 252 General Setup 214 Generic filter 281 Germany, Contact Information 7 God, act of 6 H Half-Open Sessions 150 Harmful Interference 3 Hidden Menus 210 Hidden node 422 High Voltage Points 5 Hop Count 241, 248 Host 53 Host IDs 376 HTTP 107, 119, 120, 121 HTTP (Hypertext Transfer Protocol) 205 I IANA 65 IANA (Internet Assigned Number Authority) 141 IBSS 420 ICMP echo 123 Idle timeout 239 IEEE 802.11g 45, 424 IEEE 802.11i 45 IEEE802.
P-660H/HW/W-T Series User’ Guide Key management protocol 293 L Labor 6 LAN 297 LAN Setup 62, 90 LAN TCP/IP 64 LAN to WAN Rules 134 LAND 121, 122 Legal Rights 6 Liability 2 License 2 Lightning 5 Link type 297 Liquids, Corrosive 5 LLC-based Multiplexing 243 Local Network Rule Summary 136 Local User Database 294 Local user database 85 Log and Trace 300 Log Facility 301 Logging Option 278, 281 Logical networks 230 Login 238 Logs 176 M MAC (Media Access Control) 200 MAC (Media Access Control) address.
P-660H/HW/W-T Series User’ Guide O One-Minute High 150 Opening 5 Operating Condition 6 Operating frequency 227 Out-dated Warranty 6 Outlet 3 P Packet Error 297 Received 297 Transmitted 297 Packet Filtering 129 Packet filtering When to use 129 Packet Filtering Firewalls 118 Packet Triggered 302 Packets 297 Pairwise Master Key (PMK) 428 PAP 239 Parts 6 Password 208, 212, 238, 287 password 208 Patent 2 Peak Cell Rate (PCR) 94, 97 Permission 2 Photocopying 2 Ping 304 Ping of Death 121 Pipes 5 Point to Point P
P-660H/HW/W-T Series User’ Guide RADIUS 425 Configuring 87 Shared Secret Key 426 RADIUS Message Types 425 RADIUS Messages 425 RADIUS server 290 RAS 299, 329 Rate Receiving 297 Transmission 297 real-time application 182 Receiving Antenna 3 Registered 2 Registered Trademark 2 Regular Mail 7 reinitialize the ADSL line 204 Related Documentation 38 Relocate 3 Re-manufactured 6 Remote DHCP Server 224 Remote Management Firewall 270 Remote Management and NAT 159 Remote Management Limitations 158, 325 Remote Manage
P-660H/HW/W-T Series User’ Guide Shock, Electric 5 SMT Menu Overview 209 SMTP 107 SMTP Error Messages 179 Smurf 122, 123 SNMP 107 Community 288 Configuration 287 Get 287 GetNext 287 Manager 286 MIBs 287 Set 287 Trap 287 Trusted Host 288 Source Address 134, 140 Source-Based Routing 328 Spain, Contact Information 7 Splitters 398 Stateful Inspection 43, 118, 119, 124, 125 Prestige 126 Process 125 Static route 246 Static Routing Topology 246 SUA 106, 107 SUA (Single User Account) 106, 254 SUA server 106, 108 D
P-660H/HW/W-T Series User’ Guide Traffic shaping 93 Translation 2 Transmission Rates 43 TV Technician 3 Type of Service 328, 330, 331, 332 U UBR (Unspecified Bit Rate) 97 UDP/ICMP Security 127 Undesired Operations 3 Universal Plug and Play 162 Application 162 Security issues 163 Universal Plug and Play (UPnP) 44 Universal Plug and Play Forum 163 UNIX Syslog 300, 301 UNIX syslog parameters 301 Upload Firmware 313 UPnP 162 Upper Layer Protocols 126, 127 User Authentication 428 User Name 115 User Profiles 85
P-660H/HW/W-T Series User’ Guide X XMODEM protocol 307 Z Zero Configuration Internet Access 43 Zero configuration Internet access 94 ZyNOS 2, 307 ZyNOS (ZyXEL Network Operating System) 306 ZyNOS F/W Version 307 ZyXEL Communications Corporation 2 ZyXEL Home Page 4 ZyXEL Limited Warranty Note 6 ZyXEL Network Operating System 2 ZyXEL_s Firewall Introduction 119 465 Index