Prestige 2602HW Series ADSL VoIP IAD with 802.11g Wireless User’s Guide Version 3.
Prestige 2602HW Series User’s Guide Copyright Copyright © 2005 by ZyXEL Communications Corporation. The contents of this publication may not be reproduced in any part or as a whole, transcribed, stored in a retrieval system, translated into any language, or transmitted in any form or by any means, electronic, mechanical, magnetic, optical, chemical, photocopying, manual, or otherwise, without the prior written permission of ZyXEL Communications Corporation. Published by ZyXEL Communications Corporation.
Prestige 2602HW Series User’s Guide Federal Communications Commission (FCC) Interference Statement This device complies with Part 15 of FCC rules. Operation is subject to the following two conditions: • This device may not cause harmful interference. • This device must accept any interference received, including interference that may cause undesired operations. This equipment has been tested and found to comply with the limits for a Class B digital device pursuant to Part 15 of the FCC Rules.
Prestige 2602HW Series User’s Guide Safety Warnings For your safety, be sure to read and follow all warning notices and instructions. • To reduce the risk of fire, use only No. 26 AWG (American Wire Gauge) or larger telecommunication line cord. • Do NOT open the device or unit. Opening or removing covers can expose you to dangerous high voltage points or other risks. ONLY qualified service personnel can service the device. Please contact your vendor for further information.
Prestige 2602HW Series User’s Guide ZyXEL Limited Warranty ZyXEL warrants to the original end user (purchaser) that this product is free from any defects in materials or workmanship for a period of up to two years from the date of purchase.
Prestige 2602HW Series User’s Guide Customer Support Please have the following information ready when you contact customer support. • • • • Product model and serial number. Warranty Information. Date that you received your device. Brief description of the problem and the steps you took to solve it. METHOD SUPPORT E-MAIL TELEPHONEA WEB SITE LOCATION SALES E-MAIL FAX FTP SITE support@zyxel.com.tw +886-3-578-3942 WORLDWIDE NORTH AMERICA GERMANY DENMARK NORWAY SWEDEN FINLAND a. www.zyxel.
Prestige 2602HW Series User’s Guide 8 Customer Support
Prestige 2602HW Series User’s Guide Table of Contents Copyright .................................................................................................................. 3 Federal Communications Commission (FCC) Interference Statement ............... 4 Safety Warnings ....................................................................................................... 5 ZyXEL Limited Warranty..........................................................................................
Prestige 2602HW Series User’s Guide Chapter 3 Wizard Setup .......................................................................................................... 63 3.1 Wizard Setup Introduction ..................................................................................63 3.1.1 Encapsulation ...........................................................................................63 3.1.1.1 ENET ENCAP .................................................................................63 3.1.1.
Prestige 2602HW Series User’s Guide 5.4 LAN TCP/IP ........................................................................................................81 5.4.1 Factory LAN Defaults ................................................................................81 5.4.2 IP Address and Subnet Mask ...................................................................81 5.4.3 RIP Setup .................................................................................................81 5.4.4 Multicast .........
Prestige 2602HW Series User’s Guide Chapter 7 WAN Setup............................................................................................................ 109 7.1 WAN Overview .................................................................................................109 7.2 Metric ..............................................................................................................109 7.3 PPPoE Encapsulation ............................................................................
Prestige 2602HW Series User’s Guide 9.3 SIP ALG ...........................................................................................................135 9.4 Pulse Code Modulation ....................................................................................135 9.5 Voice Coding ....................................................................................................136 9.5.1 G.711 .......................................................................................................
Prestige 2602HW Series User’s Guide Chapter 13 Firewalls................................................................................................................ 155 13.1 Firewall Overview ...........................................................................................155 13.2 Types of Firewalls ..........................................................................................155 13.2.1 Packet Filtering Firewalls ....................................................................
Prestige 2602HW Series User’s Guide 14.4.2 WAN to LAN Rules ...............................................................................172 14.4.3 Alerts .....................................................................................................173 14.5 Configuring Basic Firewall Settings ................................................................173 14.6 Rule Summary ...............................................................................................174 14.6.
Prestige 2602HW Series User’s Guide Chapter 17 VPN Screens......................................................................................................... 201 17.1 VPN/IPSec Overview .....................................................................................201 17.2 IPSec Algorithms ............................................................................................201 17.2.1 AH (Authentication Header) Protocol ...................................................201 17.2.
Prestige 2602HW Series User’s Guide Chapter 19 Universal Plug-and-Play (UPnP) ......................................................................... 233 19.1 Introducing Universal Plug and Play ..............................................................233 19.1.1 How do I know if I'm using UPnP? ........................................................233 19.1.2 NAT Traversal .......................................................................................233 19.1.3 Cautions with UPnP ..........
Prestige 2602HW Series User’s Guide 22.3.1 System Management Terminal Interface Summary ..............................268 22.3.2 SMT Menus Overview ..........................................................................269 22.4 Changing the System Password ....................................................................270 Chapter 23 Menu 1 General Setup ......................................................................................... 273 23.1 General Setup ..................................
Prestige 2602HW Series User’s Guide 28.2.2 Encapsulation and Multiplexing Scenarios ...........................................296 28.2.2.1 Scenario 1: One VC, Multiple Protocols ......................................296 28.2.2.2 Scenario 2: One VC, One Protocol (IP) ......................................296 28.2.2.3 Scenario 3: Multiple VCs .............................................................296 28.2.3 Outgoing Authentication Protocol .........................................................
Prestige 2602HW Series User’s Guide Chapter 32 Enabling the Firewall ........................................................................................... 329 32.1 Remote Management and the Firewall ..........................................................329 32.2 Access Methods .............................................................................................329 32.3 Enabling the Firewall ......................................................................................
Prestige 2602HW Series User’s Guide 36.4 Log and Trace ................................................................................................359 36.4.1 Viewing Error Log .................................................................................359 36.4.2 Syslog and Accounting .........................................................................360 36.5 Diagnostic ......................................................................................................
Prestige 2602HW Series User’s Guide Chapter 39 Remote Management ........................................................................................... 387 39.1 Remote Management Overview .....................................................................387 39.2 Remote Management .....................................................................................387 39.2.1 Remote Management Setup .................................................................387 39.2.
Prestige 2602HW Series User’s Guide 44.4 Problems with the LAN Interface ....................................................................420 44.5 Problems with the WAN Interface ..................................................................420 44.6 Problems with Internet Access .......................................................................421 44.7 Problems with the Password ..........................................................................421 44.
Prestige 2602HW Series User’s Guide Appendix E Wireless LAN and IEEE 802.11 ........................................................................... 451 Benefits of a Wireless LAN .................................................................................... 451 IEEE 802.11 ........................................................................................................... 451 Ad-hoc Wireless LAN Configuration.......................................................................
Prestige 2602HW Series User’s Guide Command Syntax................................................................................................... 489 Command Usage ................................................................................................... 489 Appendix K Firewall Commands ............................................................................................. 491 Sys Firewall Commands ........................................................................................
Prestige 2602HW Series User’s Guide 26 Table of Contents
Prestige 2602HW Series User’s Guide List of Figures Figure 1 Prestige Internet Access Application ....................................................... 54 Figure 2 Internet Telephony Service Provider Application ..................................... 55 Figure 3 Firewall Application .................................................................................. 55 Figure 4 Prestige LAN-to-LAN Application ............................................................. 56 Figure 5 Password Screen .........
Prestige 2602HW Series User’s Guide Figure 39 WAN Backup .......................................................................................... 116 Figure 40 How NAT Works ..................................................................................... 121 Figure 41 NAT Application With IP Alias ................................................................ 121 Figure 42 Multiple Servers Behind NAT Example .................................................. 124 Figure 43 NAT Mode .................
Prestige 2602HW Series User’s Guide Figure 82 Encryption and Decryption ..................................................................... 196 Figure 83 IPSec Architecture ................................................................................. 197 Figure 84 Transport and Tunnel Mode IPSec Encapsulation ................................. 198 Figure 85 IPSec Summary Fields .......................................................................... 203 Figure 86 VPN Summary .........................
Prestige 2602HW Series User’s Guide Figure 124 Firmware Upgrade ............................................................................... 262 Figure 125 Network Temporarily Disconnected ..................................................... 263 Figure 126 Error Message ..................................................................................... 263 Figure 127 Initial Screen ........................................................................................ 266 Figure 128 Password Screen .
Prestige 2602HW Series User’s Guide Figure 167 Menu 15.1.1 First Set ........................................................................... 317 Figure 168 Menu 15.1.1.1 Editing/Configuring an Individual Rule in a Set ........... 319 Figure 169 Menu 15.2 NAT Server Setup .............................................................. 320 Figure 170 Menu 15.2 NAT Server Setup .............................................................. 320 Figure 171 Multiple Servers Behind NAT Example .................
Prestige 2602HW Series User’s Guide Figure 210 Menu 24.1 System Maintenance : Status ............................................ 356 Figure 211 Menu 24.2 System Information and Console Port Speed .................... 357 Figure 212 Menu 24.2.1 System Maintenance: Information .................................. 358 Figure 213 Menu 24.2.2 System Maintenance : Change Console Port Speed ...... 359 Figure 214 Menu 24.3 System Maintenance: Log and Trace ................................
Prestige 2602HW Series User’s Guide Figure 253 Applying IP Policies Example .............................................................. 398 Figure 254 Menu 26 Schedule Setup ..................................................................... 399 Figure 255 Menu 26.1 Schedule Set Setup .......................................................... 400 Figure 256 Applying Schedule Set(s) to a Remote Node (PPPoE) ....................... 401 Figure 257 VPN SMT Menu Tree ........................................
Prestige 2602HW Series User’s Guide Figure 296 Displaying Log Parameters Example ................................................... 505 Figure 297 Log Command Example ......................................................................
Prestige 2602HW Series User’s Guide List of Tables Table 1 ADSL Standards ....................................................................................... 45 Table 2 IEEE 802.11g ............................................................................................ 49 Table 3 Web Configurator Screens Summary ....................................................... 59 Table 4 Internet Access Wizard Setup: First Screen .............................................
Prestige 2602HW Series User’s Guide Table 39 Phone Port Common .............................................................................. 148 Table 40 Dynamic DNS ......................................................................................... 150 Table 41 Pre-defined NTP Time Servers ............................................................... 151 Table 42 Time and Date ........................................................................................ 152 Table 43 Common IP Ports ....
Prestige 2602HW Series User’s Guide Table 82 Diagnostic: General ................................................................................ 260 Table 83 Diagnostic: DSL Line .............................................................................. 261 Table 84 Firmware Upgrade .................................................................................. 262 Table 85 Navigating the SMT Interface ................................................................. 267 Table 86 SMT Main Menu .....
Prestige 2602HW Series User’s Guide Table 125 General Commands for GUI-based FTP Clients .................................. 368 Table 126 General Commands for GUI-based TFTP Clients ................................ 370 Table 127 Menu 24.9.1 System Maintenance: Budget Management .................... 383 Table 128 Menu 24.10 System Maintenance: Time and Date Setting ................. 384 Table 129 Menu 24.11 Remote Management Control ........................................... 388 Table 130 Menu 25.
Prestige 2602HW Series User’s Guide Table 168 Menu 4 Internet Access Setup (SMT Menu 4) ..................................... 469 Table 169 Menu 12 (SMT Menu 12) ...................................................................... 471 Table 170 Menu 15 SUA Server Setup (SMT Menu 15) ....................................... 475 Table 171 Menu 21.1 Filter Set #1 (SMT Menu 21.1) ........................................... 477 Table 172 Menu 21.1 Filer Set #2, (SMT Menu 21.1) ..................................
Prestige 2602HW Series User’s Guide 40 List of Tables
Prestige 2602HW Series User’s Guide Preface Congratulations on your purchase of the Prestige 2602HW Series ADSL VoIP IAD with 802.11g Wireless. Note: Register your product online to receive e-mail notices of firmware upgrades and information at www.zyxel.com for global products, or at www.us.zyxel.com for North American products. Your Prestige is easy to install and configure.
Prestige 2602HW Series User’s Guide Syntax Conventions • “Enter” means for you to type one or more characters. “Select” or “Choose” means for you to use one predefined choices. • The SMT menu titles and labels are in Bold Times New Roman font. Predefined field choices are in Bold Arial font. Command and arrow keys are enclosed in square brackets. [ENTER] means the Enter, or carriage return key; [ESC] means the Escape key and [SPACE BAR] means the Space Bar.
Prestige 2602HW Series User’s Guide Graphics Icons Key Prestige Computer Notebook Computer Server Switch Router Telephone DSLAM Trunking Gateway Firewall Wireless Signal Introduction to DSL DSL (Digital Subscriber Line) technology enhances the data capacity of the existing twistedpair wire that runs between the local telephone company switching offices and most homes and offices.
Prestige 2602HW Series User’s Guide As data rates increase, the carrying distance decreases. That means that users who are beyond a certain distance from the telephone company’s central office may not be able to obtain the higher speeds. A DSL connection is a point-to-point dedicated circuit, meaning that the link is always up and there is no dialing required. Introduction to ADSL It is an asymmetrical technology, meaning that the downstream data rate is much higher than the upstream data rate.
Prestige 2602HW Series User’s Guide CHAPTER 1 Getting To Know Your Prestige This chapter describes the key features and applications of your Prestige. 1.1 Introducing the Prestige The Prestige P2602HW ADSL VoIP IAD (Integrated Access Device) combines high-speed ADSL Internet access, a 4-port Ethernet switch, IEEE 802.11g wireless access, and Voice over IP (VoIP) communication capabilities. It is ideal for small networks. VoIP is the sending of voice signals over the Internet.
Prestige 2602HW Series User’s Guide Note: Models ending in “1”, for example Prestige 2602HW-61, denote a device that works over the analog telephone system, POTS (Plain Old Telephone Service). Models ending in “3” denote a device that works over ISDN (Integrated Synchronous Digital System). Models ending in “7” denote a device that works over T-ISDN (UR-2). Note: Only use firmware for your Prestige’s specific model. Refer to the label on the bottom of your Prestige.
Prestige 2602HW Series User’s Guide Multiple SIP Accounts The Prestige allows you to simultaneously use multiple voice (SIP) accounts and assign them to one or both telephone ports. Multiple Voice Channels The Prestige can simultaneously handle multiple voice channels (telephone calls). Additionally you can answer an incoming phone call on a VoIP account, even while someone else is using the account for a phone call. Voice Coding The Prestige can use the following voice codecs (coder/decoders). • G.
Prestige 2602HW Series User’s Guide High Speed Internet Access Your Prestige ADSL/ADSL2/ADSL2+ router can support downstream transmission rates of up to 24Mbps and upstream transmission rates of 3.5Mbps. Actual speeds attained depend on ISP DSLAM environment.
Prestige 2602HW Series User’s Guide IEEE 802.11g Wireless LAN IEEE 802.11g is fully compatible with the IEEE 802.11b standard. This means an IEEE 802.11b radio card can interface directly with an IEEE 802.11g access point (and vice versa) at 11 Mbps or lower depending on range. IEEE 802.11g has several intermediate rate steps between the maximum and minimum data rates. The IEEE 802.11g data rate and modulation are as follows: Table 2 IEEE 802.
Prestige 2602HW Series User’s Guide Traffic Redirect Traffic redirect forwards WAN traffic to a backup gateway when the Prestige cannot connect to the Internet, thus acting as an auxiliary if your regular WAN connection fails. Universal Plug and Play (UPnP) Using the standard TCP/IP protocol, the Prestige and other UPnP enabled devices can dynamically join a network, obtain an IP address and convey its capabilities to other devices on the network.
Prestige 2602HW Series User’s Guide ADSL Standards • Full-Rate (ANSI T1.413, Issue 2; G.dmt (G.992.1) with line rate support of up to 8 Mbps downstream and 832 Kbps upstream. • G.lite (G.992.2) with line rate support of up to 1.5Mbps downstream and 512Kbps upstream. • Supports Multi-Mode standard (ANSI T1.413, Issue 2; G.dmt (G.992.1); G.lite (G992.2)). • TCP/IP (Transmission Control Protocol/Internet Protocol) network layer protocol. • ATM Forum UNI 3.1/4.0 PVC. • Supports up to 8 PVCs (UBR, CBR, VBR).
Prestige 2602HW Series User’s Guide IP Policy Routing (IPPR) Traditionally, routing is based on the destination address only and the router takes the shortest path to forward a packet. IP Policy Routing (IPPR) provides a mechanism to override the default routing behavior and alter the packet forwarding based on the policy defined by the network administrator.
Prestige 2602HW Series User’s Guide • ADSL circuitry • RAM • LAN port Packet Filters The Prestige's packet filtering functions allows added network security and management. Ease of Installation Your Prestige is designed for quick, intuitive and easy installation. Housing Your Prestige's compact and ventilated housing minimizes space requirements making it easy to position anywhere in your busy office. 1.4 Applications for the Prestige Here are some example uses for which the Prestige is well suited.
Prestige 2602HW Series User’s Guide Figure 1 Prestige Internet Access Application Internet Single User Account For a SOHO (Small Office/Home Office) environment, your Prestige offers the Single User Account (SUA) feature that allows multiple users on the LAN (Local Area Network) to access the Internet concurrently for the cost of a single IP address 1.4.
Prestige 2602HW Series User’s Guide Figure 2 Internet Telephony Service Provider Application 1.4.3 Firewall for Secure Broadband Internet Access The Prestige provides protection from attacks by Internet hackers. By default, the firewall blocks all incoming traffic from the WAN. The firewall supports TCP/UDP inspection and DoS (Denial of Services) detection and prevention, as well as real time alerts, reports and logs. Figure 3 Firewall Application 1.4.
Prestige 2602HW Series User’s Guide Figure 4 Prestige LAN-to-LAN Application 1.5 Prestige Hardware Installation and Connection Refer to the Quick Start Guide for information on hardware installation and connections and LED descriptions.
Prestige 2602HW Series User’s Guide CHAPTER 2 Introducing the Web Configurator This chapter describes how to access and navigate the web configurator. 2.1 Web Configurator Overview The embedded web configurator allows you to manage the Prestige from anywhere through a browser such as Microsoft Internet Explorer or Netscape Navigator. Use Internet Explorer 6.0 and later or Netscape Navigator 7.0 and later versions with JavaScript enabled.
Prestige 2602HW Series User’s Guide Figure 6 Change Password at Login 7 You should now see the SITE MAP screen. Note: The Prestige automatically times out after five minutes of inactivity. Simply log back into the Prestige if this happens to you. 2.1.2 Resetting the Prestige If you forget your password or cannot access the web configurator, you will need to use the RESET button at the back of the Prestige to reload the factory-default configuration file.
Prestige 2602HW Series User’s Guide • Click Logout in the navigation panel when you have finished a Prestige management session. Figure 7 Web Configurator SITE MAP Screen Note: Click the icon (located in the top right corner of most screens) to view embedded help. Table 3 Web Configurator Screens Summary LINK SUB-LINK FUNCTION Wizard Setup Wizard Setup Use these screens for initial configuration including general setup, ISP parameters for Internet Access and WAN IP/DNS Server/MAC address assignment.
Prestige 2602HW Series User’s Guide Table 3 Web Configurator Screens Summary (continued) LINK SUB-LINK FUNCTION Voice SIP Settings Use this screen to configure your Prestige’s Session Initiation Protocol settings. QoS Use this screen to configure your Prestige’s Quality of Service settings. Phone Use this screen to configure your Prestige’s phone settings. Speed Dial Use this screen to configure speed dial for SIP phone numbers that you call often.
Prestige 2602HW Series User’s Guide Table 3 Web Configurator Screens Summary (continued) LINK SUB-LINK FUNCTION Diagnostic General These screens display information to help you identify problems with the Prestige general connection. DSL Line These screens display information to help you identify problems with the DSL line. Firmware Use this screen to upload firmware to your Prestige LOGOUT Click this label to exit the web configurator.
Prestige 2602HW Series User’s Guide 62 Chapter 2 Introducing the Web Configurator
Prestige 2602HW Series User’s Guide CHAPTER 3 Wizard Setup This chapter provides information on the Wizard Setup screens for Internet access and VoIP in the web configurator. 3.1 Wizard Setup Introduction Use the Wizard Setup screens to configure your system for Internet access and Voice with the information provided by your ISP and voice service provider. Your ISP may have already configured some of the fields in the wizard screens for you. 3.1.
Prestige 2602HW Series User’s Guide 3.1.1.4 RFC 1483 RFC 1483 describes two methods for Multiprotocol Encapsulation over ATM Adaptation Layer 5 (AAL5). The first method allows multiplexing of multiple protocols over a single ATM virtual circuit (LLC-based multiplexing) and the second method assumes that each protocol is carried over a separate ATM virtual circuit (VC-based multiplexing). Please refer to the RFC for more detailed information. 3.1.
Prestige 2602HW Series User’s Guide Figure 8 Internet Access Wizard Setup: First Screen The following table describes the fields in this screen. Table 4 Internet Access Wizard Setup: First Screen LABEL DESCRIPTION Mode From the Mode drop-down list box, select Routing (default) if your ISP allows multiple computers to share an Internet account. Otherwise select Bridge. Encapsulation Select the encapsulation type your ISP uses from the Encapsulation drop-down list box.
Prestige 2602HW Series User’s Guide If the ISP did not explicitly give you an IP network number, then most likely you have a single user account and the ISP will assign you a dynamic IP address when the connection is established. If this is the case, it is recommended that you select a network number from 192.168.0.0 to 192.168.255.0 and you must enable the Network Address Translation (NAT) feature of the Prestige.
Prestige 2602HW Series User’s Guide 3.2.1.4 Private IP Addresses Every machine on the Internet must have a unique address. If your networks are isolated from the Internet, for example, only between your two branch offices, you can assign any IP addresses to the hosts without problems. However, the Internet Assigned Numbers Authority (IANA) has reserved the following three blocks of IP addresses specifically for private networks: • 10.0.0.0 — 10.255.255.255 • 172.16.0.0 — 172.31.255.255 • 192.168.0.0 — 192.
Prestige 2602HW Series User’s Guide Figure 9 Internet Connection with PPPoE The following table describes the fields in this screen. Table 5 68 Internet Connection with PPPoE LABEL DESCRIPTION Service Name Type the name of your PPPoE service here. User Name Enter the user name exactly as your ISP assigned. If assigned a name in the form user@domain where domain identifies a service name, then enter both components exactly as given. Password Enter the password associated with the user name above.
Prestige 2602HW Series User’s Guide Figure 10 Internet Connection with RFC 1483 The following table describes the fields in this screen. Table 6 Internet Connection with RFC 1483 LABEL DESCRIPTION IP Address This field is available if you select Routing in the Mode field. Type your ISP assigned IP address in this field. Network Address Translation Select None, SUA Only or Full Feature from the drop-sown list box. Refer to Chapter 8 on page 119 for more details.
Prestige 2602HW Series User’s Guide Table 7 Internet Connection with ENET ENCAP LABEL DESCRIPTION IP Address A static IP address is a fixed IP that your ISP gives you. A dynamic IP address is not fixed; the ISP assigns you a different one each time you connect to the Internet. Select Obtain an IP Address Automatically if you have a dynamic IP address; otherwise select Static IP Address and type your ISP assigned IP address in the IP Address text box below.
Prestige 2602HW Series User’s Guide Table 8 Internet Connection with PPPoA LABEL DESCRIPTION User Name Enter the login name that your ISP gives you. Password Enter the password associated with the user name above. IP Address This option is available if you select Routing in the Mode field. A static IP address is a fixed IP that your ISP gives you. A dynamic IP address is not fixed; the ISP assigns you a different one each time you connect to the Internet.
Prestige 2602HW Series User’s Guide Figure 13 Internet Access Wizard Setup: Third Screen Table 9 Internet Access Wizard Setup: Voice Configuration LABEL DESCRIPTION Active Select this check box to have the Prestige use this SIP account. Clear the check box to have the Prestige not use this SIP account. SIP Number Enter your SIP number in this field (use the number or text that comes before the @ symbol in a full SIP URI). You can use up to 95 ASCII characters.
Prestige 2602HW Series User’s Guide Table 9 Internet Access Wizard Setup: Voice Configuration (continued) LABEL DESCRIPTION Authentication Password Type the password associated with the user name above. You can use up to 95 ASCII Extended set characters. Send Caller ID Select this check box to show identification information when you make VoIP phone calls. Clear the check box to not show identification information when you make VoIP phone calls. Back Click Back to go back to the previous screen.
Prestige 2602HW Series User’s Guide Figure 14 Internet Access Wizard Setup: Fourth Screen If you want to change your Prestige LAN settings, click Change LAN Configuration to display the screen as shown next.
Prestige 2602HW Series User’s Guide Figure 15 Internet Access Wizard Setup: LAN Configuration The following table describes the fields in this screen. Table 10 Internet Access Wizard Setup: LAN Configuration LABEL DESCRIPTION LAN IP Address Enter the IP address of your Prestige in dotted decimal notation, for example, 192.168.1.1 (factory default). If you changed the Prestige's LAN IP address, you must use the new IP address if you want to access the web configurator again.
Prestige 2602HW Series User’s Guide Figure 16 Internet Access Wizard Setup: Connection Tests 3.2.9.1 Test Your Internet Connection Launch your web browser and navigate to www.zyxel.com. Internet access is just the beginning. Refer to the rest of this User’s Guide for more detailed information on the complete range of Prestige features. If you cannot access the Internet, open the web configurator again to confirm that the Internet settings you configured in the Wizard Setup are correct.
Prestige 2602HW Series User’s Guide CHAPTER 4 Password Setup This chapter provides information on the Password screen. 4.1 Password Overview It is highly recommended that you change the password for accessing the Prestige. 4.1.1 Configuring Password To change your Prestige’s password (recommended), click Password in the Site Map screen. Figure 17 Password The following table describes the fields in this screen.
Prestige 2602HW Series User’s Guide 78 Chapter 4 Password Setup
Prestige 2602HW Series User’s Guide CHAPTER 5 LAN Setup This chapter describes how to configure LAN settings. 5.1 LAN Overview A Local Area Network (LAN) is a shared communication system to which many computers are attached. A LAN is a computer network limited to the immediate area, usually the same building or floor of a building. The LAN screens can help you configure a LAN DHCP server and manage IP addresses. 5.1.
Prestige 2602HW Series User’s Guide 5.2 DNS Server Address DNS (Domain Name System) is for mapping a domain name to its corresponding IP address and vice versa. The DNS server is extremely important because without it, you must know the IP address of a machine before you can access it. The DNS server addresses that you enter in the DHCP setup are passed to the client machines along with the assigned IP address and subnet mask. There are two ways that an ISP disseminates the DNS server addresses.
Prestige 2602HW Series User’s Guide 5.4 LAN TCP/IP The Prestige has built-in DHCP server capability that assigns IP addresses and DNS servers to systems that support DHCP client capability. 5.4.1 Factory LAN Defaults The LAN parameters of the Prestige are preset in the factory with the following values: • IP address of 192.168.1.1 with subnet mask of 255.255.255.0 (24 bits) • DHCP server enabled with 32 client IP addresses starting from 192.168.1.33.
Prestige 2602HW Series User’s Guide 5.4.4 Multicast Traditionally, IP packets are transmitted in one of either two ways - Unicast (1 sender - 1 recipient) or Broadcast (1 sender - everybody on the network). Multicast delivers IP packets to a group of hosts on the network - not everybody and not just 1. IGMP (Internet Group Multicast Protocol) is a network-layer protocol used to establish membership in a Multicast group - it is not used to carry user data.
Prestige 2602HW Series User’s Guide Figure 19 Any IP Example The Any IP feature does not apply to a computer using either a dynamic IP address or a static IP address that is in the same subnet as the Prestige’s IP address. Note: You must enable NAT/SUA to use the Any IP feature on the Prestige. 5.5.
Prestige 2602HW Series User’s Guide 5.6 Configuring LAN Click LAN and LAN Setup to open the following screen. Figure 20 LAN Setup The following table describes the fields in this screen. Table 12 LAN Setup LABEL DESCRIPTION DHCP 84 DHCP If set to Server, your Prestige can assign IP addresses, an IP default gateway and DNS servers to Windows 95, Windows NT and other systems that support the DHCP client. If set to None, the DHCP server will be disabled.
Prestige 2602HW Series User’s Guide Table 12 LAN Setup (continued) LABEL DESCRIPTION Size of Client IP Pool This field specifies the size or count of the IP address pool. Primary DNS Server Enter the IP addresses of the DNS servers. The DNS servers are passed to the DHCP clients along with the IP address and the subnet mask. Secondary DNS Server As above. Remote DHCP Server If Relay is selected in the DHCP field above then enter the IP address of the actual remote DHCP server here.
Prestige 2602HW Series User’s Guide Figure 21 LAN: Static DHCP The following table describes the labels in this screen. Table 13 LAN: Static DHCP 86 LABEL DESCRIPTION # This is the index number of the Static IP table entry (row). MAC Address Type the MAC address (with colons) of a computer on your LAN. IP Address This field specifies the size, or count of the IP address pool. Back Click Back to return to the previous screen. Apply Click Apply to save your changes back to the Prestige.
Prestige 2602HW Series User’s Guide CHAPTER 6 Wireless LAN Setup This chapter discusses how to configure Wireless LAN on the Prestige. 6.1 Wireless LAN Introduction This section introduces the wireless LAN and some basic configurations. Wireless LANs can be as simple as two computers with wireless LAN cards communicating in a peer-to-peer network or as complex as a number of computers with wireless LAN cards communicating through access points which bridge network traffic to the wired LAN.
Prestige 2602HW Series User’s Guide 6.1.4 RTS/CTS A hidden node occurs when two stations are within range of the same access point, but are not within range of each other. The following figure illustrates a hidden node. Both stations (STA) are within range of the access point (AP) or wireless gateway, but out-of-range of each other, so they cannot "hear" each other, that is they do not know if the channel is currently being used. Therefore, they are considered hidden from each other.
Prestige 2602HW Series User’s Guide 6.1.5 Fragmentation Threshold A Fragmentation Threshold is the maximum data fragment size (between 256 and 2432 bytes) that can be sent in the wireless network before the Prestige will fragment the packet into smaller data frames. A large Fragmentation Threshold is recommended for networks not prone to interference while you should set a smaller threshold for busy networks or networks that are prone to interference.
Prestige 2602HW Series User’s Guide 6.3 Data Encryption with WEP WEP encryption scrambles the data transmitted between the wireless stations and the access points to keep network communications private. It encrypts unicast and multicast communications in a network. Both the wireless stations and the access points must use the same WEP key for data encryption and decryption. Your Prestige allows you to configure up to four 64-bit, 128-bit or 256-bit WEP keys but only one key can be enabled at any one time.
Prestige 2602HW Series User’s Guide Figure 24 Wireless LAN The following table describes the fields in this screen. Table 14 Wireless LAN LABEL DESCRIPTION Enable Wireless LAN The wireless LAN is turned off by default, before you enable the wireless LAN you should configure some security by setting MAC filters and/or 802.1x security; otherwise your wireless LAN will be vulnerable upon enabling it. Select the check box to enable the wireless LAN.
Prestige 2602HW Series User’s Guide Table 14 Wireless LAN (continued) LABEL DESCRIPTION WEP Encryption WEP (Wired Equivalent Privacy) encrypts data frames before transmitting over the wireless network. Select Disable to allow all wireless computers to communicate with the access points without any data encryption. Select 64-bit WEP, 128-bit WEP or 256-bit WEP to use data encryption. Key 1 to Key 4 The WEP keys are used to encrypt data.
Prestige 2602HW Series User’s Guide Figure 25 MAC Address Filter The following table describes the fields in this menu. Table 15 MAC Address Filter LABEL DESCRIPTION Active Select Yes from the drop down list box to enable MAC address filtering. Action Define the filter action for the list of MAC addresses in the MAC Address table. Select Deny Association to block access to the router, MAC addresses not listed will be allowed to access the Prestige.
Prestige 2602HW Series User’s Guide Table 15 MAC Address Filter (continued) LABEL DESCRIPTION Apply Click Apply to save your changes back to the Prestige. Cancel Click Cancel to begin configuring this screen afresh. 6.6 Network Authentication You can set the Prestige and your network to authenticate a wireless station before the wireless station can communicate with the Prestige and the wired network to which the Prestige is connected. 6.6.
Prestige 2602HW Series User’s Guide • Access-Reject Sent by a RADIUS server rejecting access. • Access-Accept Sent by a RADIUS server allowing access. • Access-Challenge Sent by a RADIUS server requesting more information in order to allow access. The access point sends a proper response from the user and then sends another AccessRequest message.
Prestige 2602HW Series User’s Guide 3 The wireless station replies with identity information, including username and password. 4 The RADIUS server checks the user information against its user profile database and determines whether or not to authenticate the wireless station. 6.7 Introduction to WPA Wi-Fi Protected Access (WPA) is a subset of the IEEE 802.11i security specification draft. Key differences between WPA and WEP are user authentication and improved data encryption. 6.7.
Prestige 2602HW Series User’s Guide By generating unique data encryption keys for every data packet and by creating an integrity checking mechanism (MIC), TKIP makes it much more difficult to decode data on a Wi-Fi network than WEP, making it difficult for an intruder to break into the network. The encryption mechanisms used for WPA and WPA-PSK are the same. The only difference between the two is that WPA-PSK uses a simple common password, instead of user-specific credentials.
Prestige 2602HW Series User’s Guide 2 The RADIUS server then checks the user's identification against its database and grants or denies network access accordingly.
Prestige 2602HW Series User’s Guide Table 16 Wireless Security Relational Matrix (continued) AUTHENTICATION ENCRYPTION ENTER METHOD/ KEY METHOD MANUAL KEY MANAGEMENT PROTOCOL ENABLE IEEE 802.1X WPA WEP No Yes WPA TKIP No Yes WPA-PSK WEP Yes Yes WPA-PSK TKIP Yes Yes 6.11 Wireless Client WPA Supplicants A wireless client supplicant is the software that runs on an operating system instructing the wireless client how to use WPA.
Prestige 2602HW Series User’s Guide Table 17 Wireless LAN: 802.1x/WPA LABEL DESCRIPTION Wireless Port Control To control wireless stations access to the wired network, select a control method from the drop-down list box. Choose from No Access Allowed, No Authentication Required and Authentication Required. No Access Allowed blocks all wireless stations access to the wired network.
Prestige 2602HW Series User’s Guide Table 18 Wireless LAN: 802.1x/WPA for 802.1x Protocol LABEL DESCRIPTION Wireless Port Control To control wireless stations access to the wired network, select a control method from the drop-down list box. Choose from No Authentication Required, Authentication Required and No Access Allowed. The following fields are only available when you select Authentication Required.
Prestige 2602HW Series User’s Guide Table 18 Wireless LAN: 802.1x/WPA for 802.1x Protocol (continued) LABEL DESCRIPTION Back Click Back to go to the main wireless LAN setup screen. Apply Click Apply to save your changes back to the Prestige. Cancel Click Cancel to begin configuring this screen afresh. Note: Once you enable user authentication, you need to specify an external RADIUS server or create local user accounts on the Prestige for authentication. 6.12.
Prestige 2602HW Series User’s Guide Table 19 Wireless LAN: 802.1x/WPA for WPA Protocol LABEL DESCRIPTION Key Management Protocol Choose WPA in this field. WPA Mixed Mode The Prestige can operate in WPA Mixed Mode, which supports both clients running WPA and clients running dynamic WEP key exchange with 802.1x in the same Wi-Fi network. Select the check box to activate WPA mixed mode. Otherwise, clear the check box and configure the Group Data Privacy field.
Prestige 2602HW Series User’s Guide Figure 32 Wireless LAN: 802.1x/WPA for WPA-PSK Protocol The following table describes the labels not previously discussed. Table 20 Wireless LAN: 802.1x/WPA for WPA-PSK Protocol 104 LABEL DESCRIPTION Key Management Protocol Choose WPA-PSK in this field. Pre-Shared Key The encryption mechanisms used for WPA and WPA-PSK are the same. The only difference between the two is that WPA-PSK uses a simple common password, instead of user-specific credentials.
Prestige 2602HW Series User’s Guide 6.13 Configuring Local User Authentication By storing user profiles locally, your Prestige is able to authenticate wireless users without interacting with a network RADIUS server. However, there is a limit on the number of users you may authenticate in this way. To change your Prestige’s local user database, click Wireless LAN, Local User Database. The screen appears as shown. Figure 33 Local User Database The following table describes the fields in this screen.
Prestige 2602HW Series User’s Guide Table 21 Local User Database LABEL DESCRIPTION # This is the index number of a local user account. Active Select this check box to enable the user profile. User Name Enter the user name of the user profile. Password Enter a password up to 31 characters long for this user profile. Back Click Back to go to the main wireless LAN setup screen. Apply Click Apply to save these settings back to the Prestige.
Prestige 2602HW Series User’s Guide Table 22 RADIUS LABEL DESCRIPTION Authentication Server Active Select Yes from the drop-down list box to enable user authentication through an external authentication server. Server IP Address Enter the IP address of the external authentication server in dotted decimal notation. Port Number The default port of the RADIUS server for authentication is 1812.
Prestige 2602HW Series User’s Guide 108 Chapter 6 Wireless LAN Setup
Prestige 2602HW Series User’s Guide CHAPTER 7 WAN Setup This chapter describes how to configure WAN settings. 7.1 WAN Overview A WAN (Wide Area Network) connection is a connection to another network or the Internet. See Chapter 3 on page 63 for more information on the fields in the WAN screens. 7.2 Metric The metric represents the "cost of transmission". A router determines the best route for transmission by choosing a path with the lowest "cost".
Prestige 2602HW Series User’s Guide 7.3 PPPoE Encapsulation The Prestige supports PPPoE (Point-to-Point Protocol over Ethernet). PPPoE is an IETF Draft standard (RFC 2516) specifying how a personal computer (PC) interacts with a broadband modem (DSL, cable, wireless, etc.) connection. The PPPoE option is for a dial-up connection using PPPoE. For the service provider, PPPoE offers an access and authentication method that works with existing access control systems (for example Radius).
Prestige 2602HW Series User’s Guide Figure 35 Example of Traffic Shaping 7.5 Zero Configuration Internet Access Once you turn on and connect the Prestige to a telephone jack, it automatically detects the Internet connection settings (such as the VCI/VPI numbers and the encapsulation method) from the ISP and makes the necessary configuration changes.
Prestige 2602HW Series User’s Guide Figure 36 WAN Setup (PPPoE) The following table describes the fields in this screen. Table 23 WAN Setup 112 LABEL DESCRIPTION Name Enter the name of your Internet Service Provider, e.g., MyISP. This information is for identification purposes only. Mode Select Routing (default) from the drop-down list box if your ISP allows multiple computers to share an Internet account. Otherwise select Bridge.
Prestige 2602HW Series User’s Guide Table 23 WAN Setup (continued) LABEL DESCRIPTION Encapsulation Select the method of encapsulation used by your ISP from the drop-down list box. Choices vary depending on the mode you select in the Mode field. If you select Bridge in the Mode field, select either PPPoA or RFC 1483. If you select Routing in the Mode field, select PPPoA, RFC 1483, ENET ENCAP or PPPoE. Multiplex Select the method of multiplexing used by your ISP from the drop-down list.
Prestige 2602HW Series User’s Guide Table 23 WAN Setup (continued) LABEL DESCRIPTION Connect on Demand Select Connect on Demand when you don't want the connection up all the time and specify an idle time-out in the Max Idle Timeout field. Max Idle Timeout Specify an idle time-out in the Max Idle Timeout field when you select Connect on Demand. The default setting is 0, which means the Internet session will not timeout. PPPoE Passthrough This field is available when you select PPPoE encapsulation.
Prestige 2602HW Series User’s Guide Figure 37 Traffic Redirect Example The following network topology allows you to avoid triangle route security issues when the backup gateway is connected to the LAN. Use IP alias to configure the LAN into two or three logical networks with the Prestige itself as the gateway for each LAN network. Put the protected LAN in one subnet (Subnet 1 in the following figure) and the backup gateway in another subnet (Subnet 2).
Prestige 2602HW Series User’s Guide Figure 39 WAN Backup The following table describes the fields in this screen. Table 24 WAN Backup LABEL DESCRIPTION Backup Type Select the method that the Prestige uses to check the DSL connection. Select DSL Link to have the Prestige check if the connection to the DSLAM is up. Select ICMP to have the Prestige periodically ping the IP addresses configured in the Check WAN IP Address fields.
Prestige 2602HW Series User’s Guide Table 24 WAN Backup (continued) LABEL DESCRIPTION Timeout Type the number of seconds (3 recommended) for your Prestige to wait for a ping response from one of the IP addresses in the Check WAN IP Address field before timing out the request. The WAN connection is considered "down" after the Prestige times out the number of times specified in the Fail Tolerance field. Use a higher value in this field if your network is busy or congested.
Prestige 2602HW Series User’s Guide 118 Chapter 7 WAN Setup
Prestige 2602HW Series User’s Guide CHAPTER 8 Network Address Translation (NAT) Screens This chapter discusses how to configure NAT on the Prestige. 8.1 NAT Overview NAT (Network Address Translation - NAT, RFC 1631) is the translation of the IP address of a host in a packet, for example, the source address of an outgoing packet, used within one network to a different IP address known within another network. 8.1.
Prestige 2602HW Series User’s Guide 8.1.2 What NAT Does In the simplest form, NAT changes the source IP address in a packet received from a subscriber (the inside local address) to another (the inside global address) before forwarding the packet to the WAN side. When the response comes back, NAT translates the destination address (the inside global address) back to the inside local address before forwarding it to the original inside host.
Prestige 2602HW Series User’s Guide Figure 40 How NAT Works 8.1.4 NAT Application The following figure illustrates a possible NAT application, where three inside LANs (logical LANs using IP Alias) behind the Prestige can communicate with three distinct WAN networks. More examples follow at the end of this chapter. Figure 41 NAT Application With IP Alias 8.1.5 NAT Mapping Types NAT supports five types of IP/port mapping.
Prestige 2602HW Series User’s Guide • One to One: In One-to-One mode, the Prestige maps one local IP address to one global IP address. • Many to One: In Many-to-One mode, the Prestige maps multiple local IP addresses to one global IP address. This is equivalent to SUA (for instance, PAT, port address translation), ZyXEL’s Single User Account feature that previous ZyXEL routers supported (the SUA Only option in today’s routers).
Prestige 2602HW Series User’s Guide • Choose Full Feature if you have multiple public WAN IP addresses for your Prestige. 8.3 SUA Server A SUA server set is a list of inside (behind NAT on the LAN) servers, for example, web or FTP, that you can make visible to the outside world even though SUA makes your whole inside network appear as a single computer to the outside world. You may enter a single port number or a range of port numbers to be forwarded, and the local IP address of the desired server.
Prestige 2602HW Series User’s Guide Table 27 Services and Port Numbers (continued) SERVICES PORT NUMBER SNMP trap 162 PPTP (Point-to-Point Tunneling Protocol) 1723 8.3.3 Configuring Servers Behind SUA (Example) Let's say you want to assign ports 21-25 to one FTP, Telnet and SMTP server (A in the example), port 80 to another (B in the example) and assign a default server IP address of 192.168.1.35 to a third (C in the example). You assign the LAN IP addresses and the ISP assigns the WAN IP address.
Prestige 2602HW Series User’s Guide Figure 43 NAT Mode The following table describes the labels in this screen. Table 28 NAT Mode LABEL DESCRIPTION None Select this radio button to disable NAT. SUA Only Select this radio button if you have just one public WAN IP address for your Prestige. The Prestige uses Address Mapping Set 1 in the NAT - Edit SUA/NAT Server Set screen. Edit Details Click this link to go to the NAT - Edit SUA/NAT Server Set screen.
Prestige 2602HW Series User’s Guide Figure 44 Edit SUA/NAT Server Set The following table describes the fields in this screen. Table 29 Edit SUA/NAT Server Set LABEL DESCRIPTION Start Port No. Enter a port number in this field. To forward only one port, enter the port number again in the End Port No. field. To forward a series of ports, enter the start port number here and the end port number in the End Port No. field. End Port No. Enter a port number in this field.
Prestige 2602HW Series User’s Guide 8.6 Configuring Address Mapping Ordering your rules is important because the Prestige applies the rules in the order that you specify. When a rule matches the current packet, the Prestige takes the corresponding action and the remaining rules are ignored. If there are any empty rules before your new configured rule, your configured rule will be pushed up by that number of empty rules.
Prestige 2602HW Series User’s Guide Table 30 Address Mapping Rules (continued) LABEL DESCRIPTION Type 1-1: One-to-one mode maps one local IP address to one global IP address. Note that port numbers do not change for the One-to-one NAT mapping type. M-1: Many-to-One mode maps multiple local IP addresses to one global IP address. This is equivalent to SUA (i.e., PAT, port address translation), ZyXEL's Single User Account feature that previous ZyXEL routers supported only.
Prestige 2602HW Series User’s Guide Table 31 Address Mapping Rule Edit LABEL DESCRIPTION Type Choose the port mapping type from one of the following. • One-to-One: One-to-One mode maps one local IP address to one global IP address. Note that port numbers do not change for One-to-one NAT mapping type. • Many-to-One: Many-to-One mode maps multiple local IP addresses to one global IP address. This is equivalent to SUA (i.e.
Prestige 2602HW Series User’s Guide 130 Chapter 8 Network Address Translation (NAT) Screens
Prestige 2602HW Series User’s Guide CHAPTER 9 Introduction to VoIP This chapter provides background information on VoIP and SIP. 9.1 Introduction to VoIP VoIP is the sending of voice signals over the Internet Protocol. This allows you to make phone calls and send faxes over the Internet at a fraction of the cost of using the traditional circuitswitched telephone network. You can also use servers to run telephone service applications like PBX services and voice mail.
Prestige 2602HW Series User’s Guide 9.2.1.2 SIP Service Domain The SIP service domain of the VoIP service provider is the domain name in a SIP URI. For example, if the SIP address is 1122334455@VoIP-provider.com, then “VoIP-provider.com” is the SIP service domain. 9.2.2 SIP Call Progression The following figure displays the basic steps in the setup and tear down of a SIP call. A calls B. Table 32 SIP Call Progression A B 1. INVITE 2. Ringing 3. OK 4. ACK 5.Dialogue (voice traffic) 6. BYE 7.
Prestige 2602HW Series User’s Guide 9.2.3.1 SIP User Agent Server A SIP user agent server can make and receive VoIP telephone calls. This means that SIP can be used for peer-to-peer communications even though it is a client-server protocol. In the following figure, either A or B can act as a SIP user agent client to initiate a call. A and B can also both act as a SIP user agent server to receive the call. Figure 47 SIP User Agent Server 9.2.3.
Prestige 2602HW Series User’s Guide Figure 48 SIP Proxy Server 9.2.3.3 SIP Redirect Server A SIP redirect server accepts SIP requests, translates the destination address to an IP address and sends the translated IP address back to the device that sent the request. Then the client device that originally sent the request can send requests to the IP address that it received back from the redirect server. Redirect servers do not initiate SIP requests.
Prestige 2602HW Series User’s Guide Figure 49 SIP Redirect Server 9.2.3.4 SIP Register Server A SIP register server maintains a database of SIP identity-to-IP address (or domain name) mapping. The register server checks your user name and password when you register. 9.2.4 RTP When you make a VoIP call using SIP, the RTP (Real time Transport Protocol) is used to handle voice data transfer. See RFC 1889 for details on RTP. 9.3 SIP ALG The Prestige 2602HW is a SIP Application Layer Gateway (ALG).
Prestige 2602HW Series User’s Guide 9.5 Voice Coding A codec (coder/decoder) codes analog voice signals into digital signals and decodes the digital signals back into voice signals. The Prestige supports the following codecs. 9.5.1 G.711 G.711 is a Pulse Code Modulation (PCM) waveform codec. G.711 provides very good sound quality but requires 64kbps of bandwidth. 9.5.2 G.729 G.
Prestige 2602HW Series User’s Guide CHAPTER 10 Voice Screens This chapter describes how to configure advanced VoIP, QoS, phone and phone book settings. 10.1 Voice Screens Introduction This chapter covers the configuration of the VoIP screens. 10.2 SIP Settings Configuration Click Voice in the navigation panel and then SIP Settings to display the following screen. Use this screen to configure the Prestige’s SIP settings.
Prestige 2602HW Series User’s Guide Table 33 SIP Settings LABEL DESCRIPTION SIP Account You can configure the Prestige to use multiple SIP accounts. Select one to configure its settings on the Prestige. Active SIP Select this check box to have the Prestige use this SIP account. Clear the check box to have the Prestige not use this SIP account. SIP Number Enter your SIP number in this field (use the number or text that comes before the @ symbol in a full SIP URI).
Prestige 2602HW Series User’s Guide Figure 51 Voice Advanced Setup The following table describes the labels in this screen. Table 34 Voice Advanced Setup LABEL DESCRIPTION Advanced VoIP Settings This read-only field displays the number of the SIP account that you are configuring. The changes that you save in this page affect the Prestige’s settings with the SIP account displayed here.
Prestige 2602HW Series User’s Guide Table 34 Voice Advanced Setup (continued) LABEL DESCRIPTION Min-SE When two SIP devices negotiate a SIP session, they must negotiate a common expiration time for idle SIP sessions. This field sets the shortest expiration time that the Prestige will accept. The Prestige checks the session expiration values of incoming SIP INVITE requests against the minimum session expiration value that you configure here.
Prestige 2602HW Series User’s Guide 10.4.2 DiffServ DiffServ is a class of service (CoS) model that marks packets so that they receive specific perhop treatment at DiffServ-compliant network devices along the route based on the application types and traffic flow. Packets are marked with DiffServ Code Points (DSCPs) indicating the level of service desired.
Prestige 2602HW Series User’s Guide Figure 53 QoS The following table describes the labels in this screen. Table 35 QoS LABEL DESCRIPTION SIP TOS Priority Type a priority for voice transmissions. The Prestige applies Type of Service priority tags with this priority to voice traffic that it transmits. Priorities 6 and 7 are reserved for network control traffic. It is recommended that you use priority 5 for SIP. RTP TOS Priority Type a priority for voice transmissions.
Prestige 2602HW Series User’s Guide 10.6.1 Voice Activity Detection/Silence Suppression Voice Activity Detection (VAD) detects whether or not speech is present. This lets the Prestige reduce the bandwidth that a call uses by not transmitting “silent packets” when you are not speaking. 10.6.2 Comfort Noise Generation When using VAD, the Prestige generates and sends comfort noise when you are not speaking. Comfort noise uses the lowest possible transmission bandwidth to match the background noise.
Prestige 2602HW Series User’s Guide The following table describes the labels in this screen. Table 36 Phone LABEL DESCRIPTION Phone Port Settings Use this field to select the phone port that you want to configure. Speaking Volume Use this field to set the loudness that the Prestige uses for the speech signal that it sends to the peer device. -1 is the quietest and 1 is the loudest.
Prestige 2602HW Series User’s Guide 10.9 Speed Dial Configuration Click Voice in the navigation panel and then Speed Dial to display the following screen. Figure 55 Speed Dial The following table describes the labels in this screen. Table 37 Speed Dial LABEL DESCRIPTION Add New Entry Use this section of the screen to edit and save new or existing speed dial phone book entries. Speed Dial Select a speed dial key combination from the drop-down list box.
Prestige 2602HW Series User’s Guide Table 37 Speed Dial (continued) LABEL DESCRIPTION Speed Dial Phone This section of the screen displays the currently saved speed dial entries. You can Book configure up to 10 entries and use them to make calls. Speed Dial This is the entry’s speed dial key combination. Press this key combination on a telephone attached to the Prestige in order to call the party named in this entry. SIP Number This is the SIP number of the party that you will call.
Prestige 2602HW Series User’s Guide Figure 56 Lifeline The following table describes the labels in this screen. Table 38 Lifeline LABEL DESCRIPTION PSTN Pre-fix Number Specify the prefix number for dialing regular calls when VoIP service is available. Relay to PSTN Use these fields to specify phone numbers to which the Prestige will always send calls through the regular phone service without the need of dialing a prefix number. These numbers must be for phones on the PSTN (not VoIP phones).
Prestige 2602HW Series User’s Guide Figure 57 Phone Port Common The following table describes the labels in this screen. Table 39 Phone Port Common 148 LABEL DESCRIPTION Country Settings Use the drop-down list box to select the country where your Prestige is located. Immediate Dial Use immediate dial to have the Prestige make calls right away instead of waiting for the dialing interval (the time period it waits to make sure you are done pressing the keys).
Prestige 2602HW Series User’s Guide C H A P T E R 11 Dynamic DNS Setup This chapter discusses how to configure your Prestige to use Dynamic DNS. 11.1 Dynamic DNS Dynamic DNS allows you to update your current dynamic IP address with one or many dynamic DNS services so that anyone can contact you (in NetMeeting, CU-SeeMe, etc.). You can also access your FTP server or Web site on your own computer using a domain name (for instance myhost.dhs.
Prestige 2602HW Series User’s Guide Figure 58 Dynamic DNS The following table describes the fields in this screen. Table 40 Dynamic DNS 150 LABEL DESCRIPTION Active Select this check box to use dynamic DNS. Service Provider This is the name of your Dynamic DNS service provider. Host Names Type the domain name assigned to your Prestige by your Dynamic DNS provider. E-mail Address Type your e-mail address. User Type your user name. Password Type the password assigned to you.
Prestige 2602HW Series User’s Guide CHAPTER 12 Time and Date Use this screen to configure the Prestige’s time and date settings. 12.1 Pre-defined NTP Time Servers List The Prestige uses the following pre-defined list of NTP time servers if you do not specify a time server or it cannot synchronize with the time server you specified. Note: The Prestige can use this pre-defined list of time servers regardless of the Time Protocol you select.
Prestige 2602HW Series User’s Guide Figure 59 Time and Date The following table describes the fields in this screen. Table 42 Time and Date LABEL DESCRIPTION Time Server Use Protocol when Select the time service protocol that your time server sends when you turn on the Bootup Prestige. Not all time servers support all protocols, so you may have to check with your ISP/network administrator or use trial and error to find a protocol that works. The main difference between them is the format.
Prestige 2602HW Series User’s Guide Table 42 Time and Date (continued) LABEL DESCRIPTION Start Date Enter the month and day that your daylight-savings time starts on if you selected Daylight Savings. End Date Enter the month and day that your daylight-savings time ends on if you selected Daylight Savings. Synchronize system clock with Time Server now. Select this option to have your Prestige use the time server (that you configured above) to set its internal system clock.
Prestige 2602HW Series User’s Guide 154 Chapter 12 Time and Date
Prestige 2602HW Series User’s Guide CHAPTER 13 Firewalls This chapter gives some background information on firewalls and introduces the Prestige firewall. 13.1 Firewall Overview Originally, the term firewall referred to a construction technique designed to prevent the spread of fire from one room to another. The networking term “firewall” is a system or group of systems that enforces an access-control policy between two networks.
Prestige 2602HW Series User’s Guide Information hiding prevents the names of internal systems from being made known via DNS to outside systems, since the application gateway is the only host whose name must be made known to outside systems. Robust authentication and logging pre-authenticates application traffic before it reaches internal hosts and causes it to be logged more effectively than if it were logged with standard host logging.
Prestige 2602HW Series User’s Guide 13.3.1 Denial of Service Attacks Figure 60 Prestige Firewall Application 13.4 Denial of Service Denials of Service (DoS) attacks are aimed at devices and networks with a connection to the Internet. Their goal is not to steal information, but to disable a device or network so users no longer have access to network resources. The Prestige is pre-configured to automatically detect and thwart all known DoS attacks. 13.4.
Prestige 2602HW Series User’s Guide Table 43 Common IP Ports 21 FTP 53 DNS 23 Telnet 80 HTTP 25 SMTP 110 POP3 13.4.2 Types of DoS Attacks There are four types of DoS attacks: 1 Those that exploit bugs in a TCP/IP implementation. 2 Those that exploit weaknesses in the TCP/IP specification. 3 Brute-force attacks that flood a network with useless data. 4 IP Spoofing. 5 "Ping of Death" and "Teardrop" attacks exploit bugs in the TCP/IP implementations of various computer and host systems.
Prestige 2602HW Series User’s Guide Figure 61 Three-Way Handshake Under normal circumstances, the application that initiates a session sends a SYN (synchronize) packet to the receiving server. The receiver sends back an ACK (acknowledgment) packet and its own SYN, and then the initiator responds with an ACK (acknowledgment). After this handshake, a connection is established. • SYN Attack floods a targeted system with a series of SYN packets.
Prestige 2602HW Series User’s Guide amount of ICMP echo request and response traffic. If a hacker chooses to spoof the source IP address of the ICMP echo request packet, the resulting ICMP traffic will not only clog up the "intermediary" network, but will also congest the network of the spoofed source IP address, known as the "victim" network. This flood of broadcast traffic consumes all available bandwidth, making communications impossible. Figure 63 Smurf Attack 13.4.2.
Prestige 2602HW Series User’s Guide Table 46 Legal SMTP Commands AUTH DATA EHLO ETRN EXPN HELO HELP MAIL QUIT RCPT RSET SAML SEND SOML TURN VRFY NOOP 13.4.2.3 Traceroute Traceroute is a utility used to determine the path a packet takes between two endpoints. Sometimes when a packet filter firewall is configured incorrectly an attacker can traceroute the firewall gaining knowledge of the network topology inside the firewall.
Prestige 2602HW Series User’s Guide Figure 64 Stateful Inspection The previous figure shows the Prestige’s default firewall rules in action as well as demonstrates how stateful inspection works. User A can initiate a Telnet session from within the LAN and responses to this request are allowed. However other Telnet traffic initiated from the WAN is blocked. 13.5.
Prestige 2602HW Series User’s Guide temporary entries might be modified, in order to permit only packets that are valid for the current state of the connection. 8 Any additional inbound or outbound packets that belong to the connection are inspected to update the state table entry and to modify the temporary inbound access list entries as required, and are forwarded through the interface.
Prestige 2602HW Series User’s Guide When the Prestige receives any subsequent packet (from the Internet or from the LAN), its connection information is extracted and checked against the cache. A packet is only allowed to pass through if it corresponds to a valid connection (that is, if it is a response to a connection which originated on the LAN). 13.5.4 UDP/ICMP Security UDP and ICMP do not themselves contain any connection information (such as sequence numbers).
Prestige 2602HW Series User’s Guide • Limit who can telnet into your router. • Don't enable any local service (such as SNMP or NTP) that you don't use. Any enabled service could present a potential security risk. A determined hacker might be able to find creative ways to misuse the enabled services to access the firewall or the network. • For local services that are enabled, protect against misuse.
Prestige 2602HW Series User’s Guide • Always shred confidential information, particularly about your computer, before throwing it away. Some hackers dig through the trash of companies or individuals for information that might help them in an attack. 13.7 Packet Filtering Vs Firewall Below are some comparisons between the Prestige’s filtering and firewall functions. 13.7.1 Packet Filtering: • The router filters packets as they pass through the router’s interface according to the filter rules you designed.
Prestige 2602HW Series User’s Guide • A range of source and destination IP addresses as well as port numbers can be specified within one firewall rule making the firewall a better choice when complex rules are required. • To selectively block/allow inbound or outbound traffic between inside host/networks and outside host/networks. Remember that filters can not distinguish traffic originating from an inside host or an outside host by IP address.
Prestige 2602HW Series User’s Guide 168 Chapter 13 Firewalls
Prestige 2602HW Series User’s Guide CHAPTER 14 Firewall Configuration This chapter shows you how to enable and configure the Prestige firewall. 14.1 Access Methods The web configurator is, by far, the most comprehensive firewall configuration tool your Prestige has to offer. For this reason, it is recommended that you configure your firewall using the web configurator. SMT screens allow you to activate the firewall.
Prestige 2602HW Series User’s Guide Note: If you configure firewall rules without a good understanding of how they work, you might inadvertently introduce security risks to the firewall and to the protected network. Make sure you test your rules after you configure them. For example, you may create rules to: • Block certain types of traffic, such as IRC (Internet Relay Chat), from the LAN to the Internet.
Prestige 2602HW Series User’s Guide 4 Does a rule that allows Internet users access to resources on the LAN create a security vulnerability? For example, if FTP ports (TCP 20, 21) are allowed from the Internet to the LAN, Internet users may be able to connect to computers with running FTP servers. 5 Does this rule conflict with any existing rules? 6 Once these questions have been answered, adding rules is simply a matter of plugging the information into the correct fields in the web configurator screens.
Prestige 2602HW Series User’s Guide 14.4.1 LAN to WAN Rules The default rule for LAN to WAN traffic is that all users on the LAN are allowed nonrestricted access to the WAN. When you configure a LAN to WAN rule, you in essence want to limit some or all users from accessing certain services on the WAN. See the following figure. Figure 65 LAN to WAN Traffic 14.4.2 WAN to LAN Rules The default rule for WAN to LAN traffic blocks all incoming connections (WAN to LAN).
Prestige 2602HW Series User’s Guide 14.4.3 Alerts Alerts are reports on events, such as attacks, that you may want to know about right away. You can choose to generate an alert when an attack is detected in the Edit Rule screen (select the Send Alert Message to Administrator When Matched check box) or when a rule is matched in the Edit Rule screen (see Section 14.6.1 on page 176).
Prestige 2602HW Series User’s Guide Table 47 Firewall: Default Policy (continued) LABEL DESCRIPTION Default Action Use the radio buttons to select whether to Block (silently discard) or Forward (allow the passage of) packets that are traveling in the selected direction. Log Select the check box to create a log (when the above action is taken) for packets that are traveling in the selected direction and do not match any of the rules below. Back Click Back to return to the previous screen.
Prestige 2602HW Series User’s Guide Figure 68 Firewall: Rule Summary Table 48 Rule Summary LABEL DESCRIPTION Firewall Rules Storage Space in Use This read-only bar shows how much of the Prestige's memory for recording firewall rules it is currently using. When you are using 80% or less of the storage space, the bar is green. When the amount of space used is over 80%, the bar is red.
Prestige 2602HW Series User’s Guide Table 48 Rule Summary (continued) LABEL DESCRIPTION Schedule This field tells you whether a schedule is specified (Yes) or not (No). Log This field shows you whether a log is created when packets match this rule (Enabled) or not (Disable). Alert This field tells you whether this rule generates an alert (Yes) or not (No) when the rule is matched. Insert/Append Type the index number for where you want to put a rule.
Prestige 2602HW Series User’s Guide Figure 69 Firewall: Edit Rule The following table describes the labels in this screen.
Prestige 2602HW Series User’s Guide Table 49 Firewall: Edit Rule LABEL DESCRIPTION Active Select this option to enable this firewall rule. Action for Matched Packet Use the radio button to select whether to discard (Block) or allow the passage of (Forward) packets that match this rule. Source/Destination Address Address Type Do you want your rule to apply to packets with a particular (single) IP, a range of IP addresses (e.g., 192.168.1.10 to 192.169.1.
Prestige 2602HW Series User’s Guide 14.7 Customized Services Configure customized services and port numbers not predefined by the Prestige. For a comprehensive list of port numbers and services, visit the IANA (Internet Assigned Number Authority) website. For further information on these services, please read Section 14.10 on page 184. Click the Edit Customized Services link while editing a firewall rule to configure a custom service port. This displays the following screen.
Prestige 2602HW Series User’s Guide Figure 71 Firewall: Configure Customized Services The following table describes the labels in this screen. Table 51 Firewall: Configure Customized Services LABEL DESCRIPTION Service Name Type a unique name for your custom port. Service Type Choose the IP port (TCP, UDP or TCP/UDP) that defines your customized port from the drop down list box.
Prestige 2602HW Series User’s Guide Figure 72 Firewall Example: Rule Summary 3 In the Rule Summary screen, type the index number for where you want to put the rule. For example, if you type “6”, your new rule becomes number 6 and the previous rule 6 (if there is one) becomes rule 7. 4 Click Insert to display the firewall rule configuration screen. 5 Select Any in the Destination Address box and then click Delete. 6 Configure the destination address screen as follows and click Add.
Prestige 2602HW Series User’s Guide Figure 73 Firewall Example: Edit Rule: Destination Address 7 In the Edit Rule screen, click the Edit Customized Services link to open the Customized Services screen. 8 Click the number of a customized service to open the configuration screen. Configure it as follows and click Apply. Figure 74 Edit Custom Port Example 9 Click Back in the Customized Services screen to return to the Edit Rule screen.
Prestige 2602HW Series User’s Guide Figure 75 Firewall Example: Edit Rule: Select Customized Services Note: Custom ports show up with an “*” before their names in the Services list box and the Rule Summary list box. Click Apply after you’ve created your custom port. On completing the configuration procedure for this Internet firewall rule, the Rule Summary screen should look like the following. Rule 2 allows a “My Service” connection from the WAN to IP addresses 10.0.0.10 through 10.0.0.15 on the LAN.
Prestige 2602HW Series User’s Guide Figure 76 Firewall Example: Rule Summary: My Service 14.10 Predefined Services The Available Services list box in the Edit Rule screen (see Section 14.6.1 on page 176) displays all predefined services that the Prestige already supports. Next to the name of the service, two fields appear in brackets. The first field indicates the IP protocol type (TCP, UDP, or ICMP). The second field indicates the IP port number that defines the service.
Prestige 2602HW Series User’s Guide Table 52 Predefined Services (continued) SERVICE DESCRIPTION HTTP(TCP:80) Hyper Text Transfer Protocol - a client/server protocol for the world wide web. HTTPS HTTPS is a secured http session often used in e-commerce. ICQ(UDP:4000) This is a popular Internet chat program. IPSEC_TRANSPORT/ TUNNEL(AH:0) The IPSEC AH (Authentication Header) tunneling protocol uses this service.
Prestige 2602HW Series User’s Guide Table 52 Predefined Services (continued) SERVICE DESCRIPTION SSH(TCP/UDP:22) Secure Shell Remote Login Program. STRMWORKS(UDP:1558) Stream Works Protocol. SYSLOG(UDP:514) Syslog allows you to send system logs to a UNIX server. TACACS(UDP:49) Login Host Protocol used for (Terminal Access Controller Access Control System). TELNET(TCP:23) Telnet is the login and terminal emulation protocol common on the Internet and in UNIX environments.
Prestige 2602HW Series User’s Guide Figure 77 Firewall: Anti Probing The following table describes the labels in this screen. Table 53 Firewall: Anti Probing LABEL DESCRIPTION Respond to PING on The Prestige does not respond to any incoming Ping requests when Disable is selected. Select LAN to reply to incoming LAN Ping requests. Select WAN to reply to incoming WAN Ping requests. Otherwise select LAN & WAN to reply to both incoming LAN and WAN Ping requests.
Prestige 2602HW Series User’s Guide 14.12.1 Threshold Values Tune these parameters when something is not working and after you have checked the firewall counters. These default values should work fine for most small offices. Factors influencing choices for threshold values are: • • • • • The maximum number of opened sessions. The minimum capacity of server backlog in your LAN network. The CPU power of servers in your LAN network. Network bandwidth. Type of traffic for certain servers.
Prestige 2602HW Series User’s Guide Whenever the number of half-open sessions with the same destination host address rises above a threshold (TCP Maximum Incomplete), the Prestige starts deleting half-open sessions according to one of the following methods: • If the Blocking Time timeout is 0 (the default), then the Prestige deletes the oldest existing half-open session for the host for every new connection request to the host.
Prestige 2602HW Series User’s Guide Table 54 Firewall: Threshold (continued) LABEL DESCRIPTION DEFAULT VALUES One Minute High This is the rate of new half-open sessions that causes the firewall to start deleting half-open sessions. When the rate of new connection attempts rises above this number, the Prestige deletes half-open sessions as required to accommodate new connection attempts. 100 half-open sessions per minute.
Prestige 2602HW Series User’s Guide CHAPTER 15 Content Filtering This chapter covers how to configure content filtering. 15.1 Content Filtering Overview Internet content filtering allows you to create and enforce Internet access policies tailored to your needs. Content filtering gives you the ability to block web sites that contain key words (that you specify) in the URL. You can set a schedule for when the Prestige performs content filtering.
Prestige 2602HW Series User’s Guide Figure 79 Content Filter: Keyword The following table describes the labels in this screen. Table 55 Content Filter: Keyword LABEL DESCRIPTION Enable Keyword Blocking Select this check box to enable this feature. Block Websites that contain This box contains the list of all the keywords that you have configured the these keywords in the URL: Prestige to block. Delete Highlight a keyword in the box and click Delete to remove it.
Prestige 2602HW Series User’s Guide Figure 80 Content Filter: Schedule The following table describes the labels in this screen. Table 56 Content Filter: Schedule LABEL DESCRIPTION Days to Block: Select a check box to configure which days of the week (or everyday) you want the content filtering to be active. Time of Day to Block: Use the 24 hour format to configure which time of the day (or select the All day check box) you want the content filtering to be active.
Prestige 2602HW Series User’s Guide Figure 81 Content Filter: Trusted The following table describes the labels in this screen. Table 57 Content Filter: Trusted LABEL DESCRIPTION Trusted User IP Range 194 From Type the IP address of a computer (or the beginning IP address of a specific range of computers) on the LAN that you want to exclude from content filtering. To Type the ending IP address of a specific range of users on your LAN that you want to exclude from content filtering.
Prestige 2602HW Series User’s Guide CHAPTER 16 Introduction to IPSec This chapter introduces the basics of IPSec VPNs. 16.1 VPN Overview A VPN (Virtual Private Network) provides secure communications between sites without the expense of leased site-to-site lines. A secure VPN is a combination of tunneling, encryption, authentication, access control and auditing technologies/services used to transport traffic over the Internet or any insecure network that uses the TCP/IP protocol suite for communication.
Prestige 2602HW Series User’s Guide Figure 82 Encryption and Decryption 16.1.3.2 Data Confidentiality The IPSec sender can encrypt packets before transmitting them across a network. 16.1.3.3 Data Integrity The IPSec receiver can validate packets sent by the IPSec sender to ensure that the data has not been altered during transmission. 16.1.3.4 Data Origin Authentication The IPSec receiver can verify the source of IPSec packets. This service depends on the data integrity service. 16.1.
Prestige 2602HW Series User’s Guide 16.2 IPSec Architecture The overall IPSec architecture is shown as follows. Figure 83 IPSec Architecture 16.2.1 IPSec Algorithms The ESP (Encapsulating Security Payload) Protocol (RFC 2406) and AH (Authentication Header) protocol (RFC 2402) describe the packet formats and the default standards for packet structure (including implementation algorithms).
Prestige 2602HW Series User’s Guide Figure 84 Transport and Tunnel Mode IPSec Encapsulation 16.3.1 Transport Mode Transport mode is used to protect upper layer protocols and only affects the data in the IP packet. In Transport mode, the IP packet contains the security protocol (AH or ESP) located after the original IP header and options, but before any upper layer protocols contained in the packet (such as TCP and UDP).
Prestige 2602HW Series User’s Guide NAT is incompatible with the AH protocol in both Transport and Tunnel mode. An IPSec VPN using the AH protocol digitally signs the outbound packet, both data payload and headers, with a hash value appended to the packet. When using AH protocol, packet contents (the data payload) are not encrypted. A NAT device in between the IPSec endpoints will rewrite either the source or destination address with one of its own choosing.
Prestige 2602HW Series User’s Guide 200 Chapter 16 Introduction to IPSec
Prestige 2602HW Series User’s Guide CHAPTER 17 VPN Screens This chapter introduces the VPN screens. See the chapter on logs for information on viewing logs and the appendix on logs for IPSec log descriptions. 17.1 VPN/IPSec Overview Use the screens documented in this chapter to configure rules for VPN connections and manage VPN connections. 17.2 IPSec Algorithms The ESP and AH protocols are necessary to create a Security Association (SA), the foundation of an IPSec VPN.
Prestige 2602HW Series User’s Guide 17.2.2 ESP (Encapsulating Security Payload) Protocol The ESP protocol (RFC 2406) provides encryption as well as the services offered by AH. ESP authenticating properties are limited compared to the AH due to the non-inclusion of the IP header information during the authentication process. However, ESP is sufficient if only the upper layer protocols need to be authenticated.
Prestige 2602HW Series User’s Guide • If the WAN connection goes down, the Prestige uses the dial backup IP address for the VPN tunnel when using dial backup or the LAN IP address when using traffic redirect. See the chapter on WAN for details on dial backup and traffic redirect. 17.4 Secure Gateway Address Secure Gateway Address is the WAN IP address or domain name of the remote IPSec router (secure gateway).
Prestige 2602HW Series User’s Guide Click VPN and Setup to open the VPN Summary screen. This is a read-only menu of your IPSec rules (tunnels). The IPSec summary menu is read-only. Edit a VPN by selecting an index number and then configuring its associated submenus. Figure 86 VPN Summary The following table describes the fields in this screen. Table 60 VPN Summary 204 LABEL DESCRIPTION No. This is the VPN policy index number. Click a number to edit VPN policies.
Prestige 2602HW Series User’s Guide Table 60 VPN Summary (continued) LABEL DESCRIPTION Remote Address This is the IP address(es) of computer(s) on the remote network behind the remote IPSec router. This field displays N/A when the Secure Gateway Address field displays 0.0.0.0. In this case only the remote IPSec router can initiate the VPN. The same (static) IP address is displayed twice when the Remote Address Type field in the VPN-IKE (or VPN-Manual Key) screen is configured to Single.
Prestige 2602HW Series User’s Guide The following figure depicts an example where three VPN tunnels are created from Prestige A; one to branch office 2, one to branch office 3 and another to headquarters. In order to access computers that use private domain names on the headquarters (HQ) network, the Prestige at branch office 1 uses the Intranet DNS server in headquarters. The DNS server feature for VPN does not work with Windows 2000 or Windows XP.
Prestige 2602HW Series User’s Guide 17.8.1 NAT Traversal Configuration For NAT traversal to work you must: • Use ESP security protocol (in either transport or tunnel mode). • Use IKE keying mode. • Enable NAT traversal on both IPSec endpoints. In order for IPSec router A (see Figure 88 on page 206) to receive an initiating IPSec packet from IPSec router B, set the NAT router to forward UDP port 500 to IPSec router A. 17.9 ID Type and Content With aggressive negotiation mode (see Section 17.12.
Prestige 2602HW Series User’s Guide Table 61 Local ID Type and Content Fields LOCAL ID TYPE= CONTENT= IP Type the IP address of your computer or leave the field blank to have the Prestige automatically use its own IP address. DNS Type a domain name (up to 31 characters) by which to identify this Prestige. E-mail Type an e-mail address (up to 31 characters) by which to identify this Prestige.
Prestige 2602HW Series User’s Guide The two Prestiges in this example cannot complete their negotiation because Prestige B’s Local ID type is IP, but Prestige A’s Peer ID type is set to E-mail. An “ID mismatched” message displays in the IPSEC LOG. Table 64 Mismatching ID Type and Content Configuration Example PRESTIGE A PRESTIGE B Local ID type: IP Local ID type: IP Local ID content: 1.1.1.10 Local ID content: 1.1.1.10 Peer ID type: E-mail Peer ID type: IP Peer ID content: aa@yahoo.
Prestige 2602HW Series User’s Guide Figure 89 VPN IKE The following table describes the fields in this screen.
Prestige 2602HW Series User’s Guide Table 65 VPN IKE LABEL DESCRIPTION IPSec Setup Active Select this check box to activate this VPN policy. This option determines whether a VPN rule is applied before a packet leaves the firewall. Keep Alive Select either Yes or No from the drop-down list box. Select Yes to have the Prestige automatically reinitiate the SA after the SA lifetime times out, even if there is no traffic.
Prestige 2602HW Series User’s Guide Table 65 VPN IKE (continued) LABEL DESCRIPTION IP Address Start When the Local Address Type field is configured to Single, enter a (static) IP address on the LAN behind your Prestige. When the Local Address Type field is configured to Range, enter the beginning (static) IP address, in a range of computers on your LAN behind your Prestige. When the Local Address Type field is configured to Subnet, this is a (static) IP address on the LAN behind your Prestige.
Prestige 2602HW Series User’s Guide Table 65 VPN IKE (continued) LABEL DESCRIPTION My IP Address Enter the WAN IP address of your Prestige. The VPN tunnel has to be rebuilt if this IP address changes. The following applies if this field is configured as 0.0.0.0: The Prestige uses the current Prestige WAN IP address (static or dynamic) to set up the VPN tunnel.
Prestige 2602HW Series User’s Guide Table 65 VPN IKE (continued) LABEL DESCRIPTION Pre-Shared Key Type your pre-shared key in this field. A pre-shared key identifies a communicating party during a phase 1 IKE negotiation. It is called "pre-shared" because you have to share it with another party before you can communicate with them over a secure connection. Type from 8 to 31 case-sensitive ASCII characters or from 16 to 62 hexadecimal ("0-9", "A-F") characters.
Prestige 2602HW Series User’s Guide Figure 90 Two Phases to Set Up the IPSec SA In phase 1 you must: • • • • • • Choose a negotiation mode. Authenticate the connection by entering a pre-shared key. Choose an encryption algorithm. Choose an authentication algorithm. Choose a Diffie-Hellman public-key cryptography key group (DH1 or DH2). Set the IKE SA lifetime. This field allows you to determine how long an IKE SA should stay up before it times out.
Prestige 2602HW Series User’s Guide 17.12.1 Negotiation Mode The phase 1 Negotiation Mode you select determines how the Security Association (SA) will be established for each connection through IKE negotiations. • Main Mode ensures the highest level of security when the communicating parties are negotiating authentication (phase 1). It uses 6 messages in three round trips: SA negotiation, Diffie-Hellman exchange and an exchange of nonces (a nonce is a random number).
Prestige 2602HW Series User’s Guide Figure 91 VPN IKE: Advanced Setup The following table describes the fields in this screen. Table 66 VPN IKE: Advanced Setup LABEL DESCRIPTION VPN - IKE Protocol Enter 1 for ICMP, 6 for TCP, 17 for UDP, etc. 0 is the default and signifies any protocol.
Prestige 2602HW Series User’s Guide Table 66 VPN IKE: Advanced Setup (continued) LABEL DESCRIPTION Remote Start Port 0 is the default and signifies any port. Type a port number from 0 to 65535. Some of the most common IP ports are: 21, FTP; 53, DNS; 23, Telnet; 80, HTTP; 25, SMTP; 110, POP3. End Enter a port number in this field to define a port range. This port number must be greater than that specified in the previous field. If Remote Start Port is left at 0, End will also remain at 0.
Prestige 2602HW Series User’s Guide Table 66 VPN IKE: Advanced Setup (continued) LABEL DESCRIPTION Encryption This field is available when you select ESP in the Active Protocol field. Algorithm Select DES, 3DES, AES or NULL from the drop-down list box.
Prestige 2602HW Series User’s Guide 17.15 Configuring Manual Key You only configure VPN Manual Key when you select Manual in the IPSec Key Mode field on the VPN IKE screen. This is the VPN Manual Key screen as shown next. Figure 92 VPN: Manual Key The following table describes the fields in this screen.
Prestige 2602HW Series User’s Guide Table 67 VPN: Manual Key LABEL DESCRIPTION IPSec Setup Active Select this check box to activate this VPN policy. Name Type up to 32 characters to identify this VPN policy. You may use any character, including spaces, but the Prestige drops trailing spaces. IPSec Key Mode Select IKE or Manual from the drop-down list box. Manual is a useful option for troubleshooting if you have problems using IKE key management.
Prestige 2602HW Series User’s Guide Table 67 VPN: Manual Key (continued) LABEL DESCRIPTION End / Subnet Mask When the Remote Address Type field is configured to Single, this field is N/A. When the Remote Address Type field is configured to Range, enter the end (static) IP address, in a range of computers on the network behind the remote IPSec router. When the Remote Address Type field is configured to Subnet, enter a subnet mask on the network behind the remote IPSec router.
Prestige 2602HW Series User’s Guide 17.16 Viewing SA Monitor Click VPN and Monitor to open the SA Monitor screen as shown. Use this screen to display and manage active VPN connections. A Security Association (SA) is the group of security settings related to a specific VPN tunnel. This screen displays active VPN connections. Use Refresh to display active VPN connections. This screen is read-only. The following table describes the fields in this tab.
Prestige 2602HW Series User’s Guide Figure 93 VPN: SA Monitor The following table describes the fields in this screen. Table 68 VPN: SA Monitor 224 LABEL DESCRIPTION No This is the security association index number. Name This field displays the identification name for this VPN policy. Encapsulation This field displays Tunnel or Transport mode. IPSec Algorithm This field displays the security protocols used for an SA.
Prestige 2602HW Series User’s Guide 17.17 Configuring Global Setting To change your Prestige’s global settings, click VPN and then Global Setting. The screen appears as shown. Figure 94 VPN: Global Setting The following table describes the fields in this screen. Table 69 VPN: Global Setting LABEL DESCRIPTION Windows Networking NetBIOS (Network Basic Input/Output System) are TCP or UDP packets that (NetBIOS over TCP/IP) enable a computer to find other computers.
Prestige 2602HW Series User’s Guide Figure 95 Telecommuters Sharing One VPN Rule Example Table 70 Telecommuters Sharing One VPN Rule Example FIELDS TELECOMMUTERS My IP Address: 0.0.0.0 (dynamic IP address assigned Public static IP address by the ISP) Secure Gateway IP Address: Public static IP address 0.0.0.0 With this IP address only the telecommuter can initiate the IPSec tunnel. Local IP Address: Telecommuter A: 192.168.2.12 Telecommuter B: 192.168.3.2 Telecommuter C: 192.168.4.15 192.168.1.
Prestige 2602HW Series User’s Guide Figure 96 Telecommuters Using Unique VPN Rules Example Table 71 Telecommuters Using Unique VPN Rules Example TELECOMMUTERS HEADQUARTERS All Telecommuter Rules: All Headquarters Rules: My IP Address 0.0.0.0 My IP Address: bigcompanyhq.com Secure Gateway Address: bigcompanyhq.com Local IP Address: 192.168.1.10 Remote IP Address: 192.168.1.10 Local ID Type: E-mail Peer ID Type: E-mail Local ID Content: bob@bigcompanyhq.com Peer ID Content: bob@bigcompanyhq.
Prestige 2602HW Series User’s Guide 17.19 VPN and Remote Management If a VPN tunnel uses Telnet, FTP, WWW, then you should configure remote management (Remote Management) to allow access for that service.
Prestige 2602HW Series User’s Guide CHAPTER 18 Remote Management Configuration This chapter provides information on configuring remote management. 18.1 Remote Management Overview Remote management allows you to determine which services/protocols can access which Prestige interface (if any) from which computers. When you configure remote management to allow management from the WAN, you still need to configure a firewall rule to allow access.
Prestige 2602HW Series User’s Guide • A filter in SMT menu 3.1 (LAN) or in menu 11.5 (WAN) is applied to block a Telnet, FTP or Web service. • You have disabled that service in one of the remote management screens. • The IP address in the Secured Client IP field does not match the client IP address. If it does not match, the Prestige will disconnect the session immediately. • There is already another remote management session with an equal or higher priority running.
Prestige 2602HW Series User’s Guide 18.4 Web You can use the Prestige’s embedded web configurator for configuration and file management. See the online help for details. 18.5 Configuring Remote Management Click Remote Management to open the following screen. Figure 98 Remote Management The following table describes the fields in this screen. Table 72 Remote Management LABEL DESCRIPTION Server Type Each of these labels denotes a service that you may use to remotely manage the Prestige.
Prestige 2602HW Series User’s Guide 232 Chapter 18 Remote Management Configuration
Prestige 2602HW Series User’s Guide CHAPTER 19 Universal Plug-and-Play (UPnP) This chapter introduces the UPnP feature in the web configurator. 19.1 Introducing Universal Plug and Play Universal Plug and Play (UPnP) is a distributed, open networking standard that uses TCP/IP for simple peer-to-peer network connectivity between devices. A UPnP device can dynamically join a network, obtain an IP address, convey its capabilities and learn about other devices on the network.
Prestige 2602HW Series User’s Guide All UPnP-enabled devices may communicate freely with each other without additional configuration. Disable UPnP if this is not your intention. 19.2 UPnP and ZyXEL ZyXEL has achieved UPnP certification from the Universal Plug and Play Forum Creates UPnP™ Implementers Corp. (UIC). ZyXEL's UPnP implementation supports IGD 1.0 (Internet Gateway Device). At the time of writing ZyXEL's UPnP implementation supports Windows Messenger 4.6 and 4.7 while Windows Messenger 5.
Prestige 2602HW Series User’s Guide Table 73 Configuring UPnP LABEL DESCRIPTION Enable the Universal Plug and Play (UPnP) Service Select this checkbox to activate UPnP. Be aware that anyone could use a UPnP application to open the web configurator's login screen without entering the Prestige's IP address (although you must still enter the password to access the web configurator).
Prestige 2602HW Series User’s Guide Figure 100 Add/Remove Programs: Windows Setup: Communication 3 In the Communications window, select the Universal Plug and Play check box in the Components selection box. Figure 101 Add/Remove Programs: Windows Setup: Communication: Components 4 Click OK to go back to the Add/Remove Programs Properties window and click Next. 5 Restart the computer when prompted.
Prestige 2602HW Series User’s Guide Installing UPnP in Windows XP Follow the steps below to install the UPnP in Windows XP. 1 Click Start and Control Panel. 2 Double-click Network Connections. 3 In the Network Connections window, click Advanced in the main menu and select Optional Networking Components …. Figure 102 Network Connections 4 The Windows Optional Networking Components Wizard window displays. Select Networking Service in the Components selection box and click Details.
Prestige 2602HW Series User’s Guide Figure 103 Windows Optional Networking Components Wizard 5 In the Networking Services window, select the Universal Plug and Play check box.
Prestige 2602HW Series User’s Guide Figure 104 Networking Services 6 Click OK to go back to the Windows Optional Networking Component Wizard window and click Next. 19.4 Using UPnP in Windows XP Example This section shows you how to use the UPnP feature in Windows XP. You must already have UPnP installed in Windows XP and UPnP activated on the Prestige. Make sure the computer is connected to a LAN port of the Prestige. Turn on your computer and the Prestige.
Prestige 2602HW Series User’s Guide Figure 105 Network Connections 3 In the Internet Connection Properties window, click Settings to see the port mappings there were automatically created.
Prestige 2602HW Series User’s Guide Figure 106 Internet Connection Properties 4 You may edit or delete the port mappings or click Add to manually add port mappings.
Prestige 2602HW Series User’s Guide Figure 107 Internet Connection Properties: Advanced Settings Figure 108 Internet Connection Properties: Advanced Settings: Add 5 When the UPnP-enabled device is disconnected from your computer, all port mappings will be deleted automatically. 6 Select Show icon in notification area when connected option and click OK. An icon displays in the system tray.
Prestige 2602HW Series User’s Guide Figure 109 System Tray Icon 7 Double-click on the icon to display your current Internet connection status. Figure 110 Internet Connection Status Web Configurator Easy Access With UPnP, you can access the web-based configurator on the Prestige without finding out the IP address of the Prestige first. This comes helpful if you do not know the IP address of the Prestige. Follow the steps below to access the web configurator. 1 Click Start and then Control Panel.
Prestige 2602HW Series User’s Guide Figure 111 Network Connections 4 An icon with the description for each UPnP-enabled device displays under Local Network. 5 Right-click on the icon for your Prestige and select Invoke. The web configurator login screen displays.
Prestige 2602HW Series User’s Guide Figure 112 Network Connections: My Network Places 6 Right-click on the icon for your Prestige and select Properties. A properties window displays with basic information about the Prestige.
Prestige 2602HW Series User’s Guide 246 Chapter 19 Universal Plug-and-Play (UPnP)
Prestige 2602HW Series User’s Guide CHAPTER 20 Logs Screens This chapter contains information about configuring general log settings and viewing the Prestige’s logs. Refer to the appendix for example log message explanations. 20.1 Logs Overview The web configurator allows you to choose which categories of events and/or alerts to have the Prestige log and then display the logs or have the Prestige send them to an administrator (as e-mail) or to a syslog server. 20.1.
Prestige 2602HW Series User’s Guide Figure 114 Log Settings 248 Chapter 20 Logs Screens
Prestige 2602HW Series User’s Guide The following table describes the fields in this screen. Table 74 Log Settings LABEL DESCRIPTION Address Info Mail Server Enter the server name or the IP address of the mail server for the e-mail addresses specified below. If this field is left blank, logs and alert messages will not be sent via e-mail. Mail Subject Type a title that you want to be in the subject line of the log e-mail message that the Prestige sends.
Prestige 2602HW Series User’s Guide 20.3 Displaying the Logs Click Logs and then View Log to open the View Logs screen. Use the View Logs screen to see the logs for the categories that you selected in the Log Settings screen (see Section 20.2 on page 247). Log entries in red indicate alerts. The log wraps around and deletes the old entries after it fills. Click a column heading to sort the entries. A triangle indicates ascending or descending sort order.
Prestige 2602HW Series User’s Guide E-mail error messages appear in SMT menu 24.3.1 as "SMTP action request failed. ret= ??". The “??"are described in the following table. Table 76 SMTP Error Messages -1 means Prestige out of socket -2 means tcp SYN fail -3 means smtp server OK fail -4 means HELO fail -5 means MAIL FROM fail -6 means RCPT TO fail -7 means DATA fail -8 means mail data send fail 20.4.1 Example E-mail Log An "End of Log" message displays for each mail in which a complete log has been sent.
Prestige 2602HW Series User’s Guide Figure 116 E-mail Log Example Subject: Firewall Alert From Prestige Date: Fri, 07 Apr 2000 10:05:42 From: user@zyxel.com To: user@zyxel.com 1|Apr 7 00 |From:192.168.1.1 To:192.168.1.255 |default policy |forward | 09:54:03 |UDP src port:00520 dest port:00520 |<1,00> | 2|Apr 7 00 |From:192.168.1.131 To:192.168.1.255 |default policy |forward | 09:54:17 |UDP src port:00520 dest port:00520 |<1,00> | 3|Apr 7 00 |From:192.168.1.6 To:10.10.10.
Prestige 2602HW Series User’s Guide CHAPTER 21 Maintenance This chapter displays system information such as ZyNOS firmware, port IP addresses and port traffic statistics. 21.1 Maintenance Overview The maintenance screens can help you view system information, upload new firmware, manage configuration and restart your Prestige. 21.2 System Status Screen Click System Status to open the following screen, where you can use to monitor your Prestige.
Prestige 2602HW Series User’s Guide Figure 117 System Status 254 Chapter 21 Maintenance
Prestige 2602HW Series User’s Guide The following table describes the fields in this screen. Table 77 System Status LABEL DESCRIPTION System Status System Name This is the name of your Prestige. It is for identification purposes. ZyNOS Firmware Version This is the ZyNOS firmware version and the date created. ZyNOS is ZyXEL's proprietary Network Operating System design. DSL FW Version This is the DSL firmware version associated with your Prestige.
Prestige 2602HW Series User’s Guide 21.2.1 System Statistics Click Show Statistics in the System Status screen to open the following screen. Read-only information here includes port status and packet specific statistics. Also provided are "system up time" and "poll interval(s)". The Poll Interval(s) field is configurable. Figure 118 System Status: Show Statistics The following table describes the fields in this screen.
Prestige 2602HW Series User’s Guide Table 78 System Status: Show Statistics (continued) LABEL DESCRIPTION Status For the WAN port, this displays the port speed and duplex setting if you're using Ethernet encapsulation and down (line is down), idle (line (ppp) idle), dial (starting to trigger a call) and drop (dropping a call) if you're using PPPoE encapsulation. For a LAN port, this shows the port speed and duplex setting. TxPkts This field displays the number of packets transmitted on this port.
Prestige 2602HW Series User’s Guide Figure 119 DHCP Table The following table describes the fields in this screen. Table 79 DHCP Table LABEL DESCRIPTION Host Name This is the name of the host computer. IP Address This field displays the IP address relative to the Host Name field. MAC Address This field displays the MAC (Media Access Control) address of the computer with the displayed host name. Every Ethernet device has a unique MAC address.
Prestige 2602HW Series User’s Guide Table 80 Any IP Table LABEL DESCRIPTION MAC Address This field displays the MAC (Media Access Control) address of the computer with the displayed IP address. Every Ethernet device has a unique MAC address. The MAC address is assigned at the factory and consists of six pairs of hexadecimal characters, for example, 00:A0:C5:00:00:02. Refresh Click Refresh to update this screen. 21.
Prestige 2602HW Series User’s Guide 21.6 Diagnostic Screens These read-only screens display information to help you identify problems with the Prestige. 21.6.1 Diagnostic General Screen Click Diagnostic and then General to open the screen shown next. Figure 122 Diagnostic: General The following table describes the fields in this screen. Table 82 Diagnostic: General LABEL DESCRIPTION TCP/IP Address Type the IP address of a computer that you want to ping in order to test a connection.
Prestige 2602HW Series User’s Guide Figure 123 Diagnostic: DSL Line The following table describes the fields in this screen. Table 83 Diagnostic: DSL Line LABEL Reset ADSL Line DESCRIPTION Click this button to reinitialize the ADSL line. The large text box above then displays the progress and results of this operation, for example: "Start to reset ADSL Loading ADSL modem F/W... Reset ADSL Line Successfully!" ATM Status Click this button to view ATM status.
Prestige 2602HW Series User’s Guide 21.7 Firmware Screen Find firmware at www.zyxel.com in a file that (usually) uses the system model name with a "*.bin" extension, e.g., "Prestige.bin". The upload process uses HTTP (Hypertext Transfer Protocol) and may take up to two minutes. After a successful upload, the system will reboot. See Chapter 37 on page 365 for upgrading firmware using FTP/TFTP commands. Only use firmware for your device’s specific model. Refer to the label on the bottom of your device.
Prestige 2602HW Series User’s Guide The Prestige automatically restarts in this time causing a temporary network disconnect. In some operating systems, you may see the following icon on your desktop. Figure 125 Network Temporarily Disconnected After two minutes, log in again and check your new firmware version in the System Status screen. If the upload was not successful, the following screen will appear. Click Back to go back to the Firmware screen.
Prestige 2602HW Series User’s Guide 264 Chapter 21 Maintenance
Prestige 2602HW Series User’s Guide CHAPTER 22 Introducing the SMT This chapter explains how to access and navigate the System Management Terminal and gives an overview of its menus. 22.1 Introduction to the SMT The Prestige’s SMT (System Management Terminal) is a menu-driven interface that you can access from a terminal emulator through the console port or over a telnet connection. This chapter shows you how to access the SMT menus via console port, how to navigate the SMT and how to configure SMT menus.
Prestige 2602HW Series User’s Guide Figure 127 Initial Screen Copyright (c) 1994 - 2004 ZyXEL Communications Corp. initialize ch =0, ethernet address: 00:A0:C5:7A:86:D5 initialize ch =1, ethernet address: 00:A0:C5:7A:86:D6 initialize ch =2, ethernet address: 00:A0:C5:7A:86:D7 initialize ch =3, ethernet address: 00:00:00:00:00:00 AUX port init . done Modem init . inactive Press ENTER to continue... 22.2.
Prestige 2602HW Series User’s Guide 22.2.4 Entering Password The login screen appears after you press [ENTER], prompting you to enter the password, as shown next. For your first login, enter the default password "1234". As you type the password, the screen displays an asterisk "*" for each character you type. Please note that if there is no activity for longer than five minutes after you log in, your Prestige will automatically log you out. Figure 129 Login Screen Enter Password : **** 22.
Prestige 2602HW Series User’s Guide Table 85 Navigating the SMT Interface OPERATION KEY STROKE DESCRIPTION Save your configuration [ENTER] Save your configuration by pressing [ENTER] at the message "Press ENTER to confirm or ESC to cancel". Saving the data on the screen will take you, in most cases to the previous menu. Exit the SMT Type 99, then press [ENTER].Type 99 at the main menu prompt and press [ENTER] to exit the SMT interface.
Prestige 2602HW Series User’s Guide Table 87 Main Menu Summary # MENU TITLE DESCRIPTION 24 System Maintenance This menu provides system status, diagnostics, software upload, etc. 25 IP Routing Policy Setup Use this menu to configure your IP routing policy. 26 Schedule Setup Use this menu to schedule outgoing calls. 27 VPN/IPSec Setup Use this menu to configure VPN connections. 99 Exit Use this to exit from SMT and return to a blank screen. 22.3.
Prestige 2602HW Series User’s Guide Table 88 SMT Menus Overview (continued) MENUS SUB MENUS 21 Filter and Firewall 21.1 Filter Setup Rule Setup 21.1 Filter Rules Summary 21.1.x.1 Generic Filter Rule 21.1.x.1 TCP/ IP Filter Rule 21.1 Firewall Setup 22 SNMP Configuration 23 System Security 23.1 Change Password 23.2 RADIUS Server 23.4 IEEE802.1X 24 System Maintenance 24.1 Status 24.2 System Information and Console Port Speed 24.2.1 Information 24.3 Log and Trace 24.3.1 View Error Log 24.2.
Prestige 2602HW Series User’s Guide 1 Enter 23 in the main menu to display Menu 23 - System Security. 2 Enter 1 to display Menu 23.1 - System Security - Change Password as shown next. 3 Type your existing system password in the Old Password field, for example “1234", and press [ENTER]. Figure 130 Menu 23.1 Change Password Menu 23.
Prestige 2602HW Series User’s Guide 272 Chapter 22 Introducing the SMT
Prestige 2602HW Series User’s Guide CHAPTER 23 Menu 1 General Setup Menu 1 - General Setup contains administrative and system-related information. 23.1 General Setup Menu 1 — General Setup contains administrative and system-related information (shown next). The System Name field is for identification purposes. However, because some ISPs check this name you should enter your computer's "Computer Name". • In Windows 95/98 click Start, Settings, Control Panel, Network.
Prestige 2602HW Series User’s Guide Figure 131 Menu 1 General Setup Menu 1 General Setup System Name= ? Location= Contact Person's Name= Domain Name= Edit Dynamic DNS= No Route IP= Yes Bridge= No Press ENTER to Confirm or ESC to Cancel: Fill in the required fields. Refer to the table shown next for more information about these fields. Table 89 Menu 1 General Setup FIELD DESCRIPTION System Name Choose a descriptive name for identification purposes. This name can be up to 30 alphanumeric characters long.
Prestige 2602HW Series User’s Guide Figure 132 Menu 1.1 Configure Dynamic DNS Menu 1.1 - Configure Dynamic DNS Service Provider= WWW.DynDNS.ORG Active= No Host= EMAIL= USER= Password= ******** Enable Wildcard= No Press ENTER to Confirm or ESC to Cancel: Follow the instructions in the next table to configure dynamic DNS parameters. Table 90 Menu 1.1 Configure Dynamic DNS FIELD DESCRIPTION Service Provider This is the name of your dynamic DNS service provider.
Prestige 2602HW Series User’s Guide 276 Chapter 23 Menu 1 General Setup
Prestige 2602HW Series User’s Guide CHAPTER 24 Menu 2 WAN Backup Setup This chapter describes how to configure traffic redirect and dial-backup using menu 2 and 2.1. 24.1 Introduction to WAN Backup Setup This chapter explains how to configure the Prestige for traffic redirect connections. 24.2 Configuring WAN Backup in Menu 2 From the main menu, enter 2 to open menu 2. Figure 133 Menu 2 WAN Backup Setup Menu 2 - Wan Backup Setup Check Mechanism = DSL Link Check WAN IP Address1 = 0.0.0.
Prestige 2602HW Series User’s Guide Table 91 Menu 2 WAN Backup Setup (continued) FIELD DESCRIPTION KeepAlive Fail Tolerance Type the number of times (2 recommended) that your Prestige may ping the IP addresses configured in the Check WAN IP Address field without getting a response before switching to a WAN backup connection (or a different WAN backup connection).
Prestige 2602HW Series User’s Guide Table 92 Menu 2.1Traffic Redirect Setup FIELD DESCRIPTION Metric This field sets this route's priority among the routes the Prestige uses. The metric represents the "cost of transmission". A router determines the best route for transmission by choosing a path with the lowest "cost". RIP routing uses hop count as the measurement of cost, with a minimum of "1" for directly connected networks.
Prestige 2602HW Series User’s Guide 280 Chapter 24 Menu 2 WAN Backup Setup
Prestige 2602HW Series User’s Guide CHAPTER 25 Menu 3 LAN Setup This chapter covers how to configure your wired Local Area Network (LAN) settings. 25.1 LAN Setup This section describes how to configure the Ethernet using Menu 3 — LAN Setup. From the main menu, enter 3 to display menu 3. Figure 135 Menu 3 LAN Setup Menu 3 - LAN Setup 1. LAN Port Filter Setup 2. TCP/IP and DHCP Setup 5. Wireless LAN Setup Enter Menu Selection Number: 25.1.
Prestige 2602HW Series User’s Guide • For TCP/IP Ethernet setup refer to Section 27.6 on page 292. • For bridging Ethernet setup refer to Chapter 30 on page 309. 25.3 TCP/IP Ethernet Setup and DHCP Use menu 3.2 to configure your Prestige for TCP/IP. To edit menu 3.2, enter 3 from the main menu to display Menu 3 — LAN Setup. When menu 3 appears, press 2 and press [ENTER] to display Menu 3.2 — TCP/IP and DHCP Ethernet Setup, as shown next: Figure 137 Menu 3.2 TCP/IP and DHCP Ethernet Setup Menu 3.
Prestige 2602HW Series User’s Guide Table 93 DHCP Ethernet Setup (continued) FIELD DESCRIPTION Size of Client IP Pool This field specifies the size or count of the IP address pool. Primary DNS Server Secondary DNS Server Enter the IP addresses of the DNS servers. The DNS servers are passed to the DHCP clients along with the IP address and the subnet mask. Remote DHCP Serve If Relay is selected in the DHCP field above then enter the IP address of the actual remote DHCP server here.
Prestige 2602HW Series User’s Guide 284 Chapter 25 Menu 3 LAN Setup
Prestige 2602HW Series User’s Guide CHAPTER 26 Wireless LAN Setup This chapter covers how to configure wireless LAN settings in SMT menu 3.5. 26.1 Wireless LAN Overview Refer to the chapter on the wireless LAN screens for wireless LAN background information. 26.2 Wireless LAN Setup Use menu 3.5 to set up your Prestige as the wireless access point. To edit menu 3.5, enter 3 from the main menu to display Menu 3 – LAN Setup. When menu 3 appears, press 5 and then press [ENTER] to display Menu 3.
Prestige 2602HW Series User’s Guide Table 95 Menu 3.5 - Wireless LAN Setup (continued) FIELD DESCRIPTION Channel ID Press [SPACE BAR] to select a channel. This allows you to set the operating frequency/ channel depending on your particular region. RTS Threshold RTS (Request To Send) threshold (number of bytes) enables RTS/CTS handshake. Data with its frame size larger than this value will perform the RTS/CTS handshake.
Prestige 2602HW Series User’s Guide Figure 139 Menu 3.5.1 WLAN MAC Address Filtering Menu 3.5.
Prestige 2602HW Series User’s Guide 288 Chapter 26 Wireless LAN Setup
Prestige 2602HW Series User’s Guide CHAPTER 27 Internet Access This chapter shows you how to configure the LAN and WAN of your Prestige for Internet access. 27.1 Internet Access Overview Refer to the chapters on the web configurator’s wizard, LAN and WAN screens for more background information on fields in the SMT screens covered in this chapter. 27.2 IP Policies Traditionally, routing is based on the destination address only and the router takes the shortest path to forward a packet.
Prestige 2602HW Series User’s Guide Figure 140 IP Alias Network Example Use menu 3.2.1 to configure IP Alias on your Prestige. 27.4 IP Alias Setup Use menu 3.2 to configure the first network. Move the cursor to Edit IP Alias field and press [SPACEBAR] to choose Yes and press [ENTER] to configure the second and third network. Figure 141 Menu 3.2 TCP/IP and DHCP Setup Menu 3.2 - TCP/IP and DHCP Setup DHCP Setup DHCP= Server Client IP Pool Starting Address= 192.168.1.
Prestige 2602HW Series User’s Guide Figure 142 Menu 3.2.1 IP Alias Setup Menu 3.2.
Prestige 2602HW Series User’s Guide Figure 143 Menu 1 General Setup Menu 1 - General Setup System Name= ? Location= location Contact Person's Name= Domain Name= Edit Dynamic DNS= No Route IP= Yes Bridge= No Press ENTER to Confirm or ESC to Cancel: 27.6 Internet Access Configuration Menu 4 allows you to enter the Internet Access information in one screen. Menu 4 is actually a simplified setup for one of the remote nodes that you can access in menu 11.
Prestige 2602HW Series User’s Guide . Table 98 Menu 4 Internet Access Setup FIELD DESCRIPTION ISP’s Name Enter the name of your Internet Service Provider (ISP). This information is for identification purposes only. Encapsulation Press [SPACE BAR] to select the method of encapsulation used by your ISP. Choices are PPPoE, PPPoA, RFC 1483 or ENET ENCAP. Multiplexing Press [SPACE BAR] to select the method of multiplexing used by your ISP. Choices are VC-based or LLC-based.
Prestige 2602HW Series User’s Guide 294 Chapter 27 Internet Access
Prestige 2602HW Series User’s Guide CHAPTER 28 Remote Node Configuration This chapter covers remote node configuration. 28.1 Remote Node Setup Overview This section describes the protocol-independent parameters for a remote node. A remote node is required for placing calls to a remote gateway. A remote node represents both the remote gateway and the network behind it across a WAN connection. When you use menu 4 to set up Internet access, you are configuring one of the remote nodes.
Prestige 2602HW Series User’s Guide Figure 145 Menu 11 Remote Node Setup 1. 2. 3. 4. 5. 6. 7. 8. Menu 11 - Remote Node Setup MyISP (ISP, SUA) ________ ________ ________ ________ ________ ________ ________ Enter Node # to Edit: 28.2.2 Encapsulation and Multiplexing Scenarios For Internet access you should use the encapsulation and multiplexing methods used by your ISP.
Prestige 2602HW Series User’s Guide Figure 146 Menu 11.1 Remote Node Profile Menu 11.
Prestige 2602HW Series User’s Guide Table 99 Menu 11.1 Remote Node Profile (continued) FIELD DESCRIPTION PAP – accept PAP (Password Authentication Protocol) only. Route This field determines the protocol used in routing. Options are IP and None. Bridge When bridging is enabled, your Prestige will forward any packet that it does not route to this remote node; otherwise, the packets are discarded. Select Yes to enable and No to disable.
Prestige 2602HW Series User’s Guide 28.3 Remote Node Network Layer Options For the TCP/IP parameters, perform the following steps to edit Menu 11.3 – Remote Node Network Layer Options as shown next. 1 In menu 11.1, make sure IP is among the protocols in the Route field. 2 Move the cursor to the Edit IP/Bridge field, press [SPACE BAR] to select Yes, then press [ENTER] to display Menu 11.3 – Remote Node Network Layer Options. Figure 147 Menu 11.3 Remote Node Network Layer Options Menu 11.
Prestige 2602HW Series User’s Guide Table 100 Menu 11.3 Remote Node Network Layer Options (continued) FIELD DESCRIPTION Address Mapping Set When Full Feature is selected in the NAT field, configure address mapping sets in menu 15.1. Select one of the NAT server sets (2-10) in menu 15.2 (see Chapter 31 on page 313 for details) and type that number here. When SUA Only is selected in the NAT field, the SMT uses NAT server set 1 in menu 15.2 (see Chapter 31 on page 313 for details).
Prestige 2602HW Series User’s Guide Figure 148 Sample IP Addresses for a TCP/IP LAN-to-LAN Connection 28.4 Remote Node Filter Move the cursor to the Edit Filter Sets field in menu 11.1, then press [SPACE BAR] to select Yes. Press [ENTER] to display Menu 11.5 – Remote Node Filter. Use Menu 11.5 – Remote Node Filter to specify the filter set(s) to apply to the incoming and outgoing traffic between this remote node and the Prestige and also to prevent certain packets from triggering calls.
Prestige 2602HW Series User’s Guide Figure 149 Menu 11.5 Remote Node Filter (RFC 1483 or ENET Encapsulation) Menu 11.5 - Remote Node Filter Input Filter Sets: protocol filters= device filters= Output Filter Sets: protocol filters= device filters= Enter here to CONFIRM or ESC to CANCEL: Figure 150 Menu 11.5 Remote Node Filter (PPPoA or PPPoE Encapsulation) Menu 11.
Prestige 2602HW Series User’s Guide Figure 151 Menu 11.6 for VC-based Multiplexing Menu 11.6 - Remote Node ATM Layer Options VPI/VCI (VC-Multiplexing) VC Options for IP: VPI #= 8 VCI #= 35 ATM QoS Type= UBR Peak Cell Rate (PCR)= 0 Sustain Cell Rate (SCR)= 0 Maximum Burst Size (MBS)= 0 VC Options for Bridge: VPI #= 1 VCI #= 36 ATM QoS Type= N/A Peak Cell Rate (PCR)= N/A Sustain Cell Rate (SCR)= N/A Maximum Burst Size (MBR)= N/A Enter here to CONFIRM or ESC to CANCEL: 28.5.
Prestige 2602HW Series User’s Guide Figure 153 Menu 11.1 Remote Node Profile Menu 11.
Prestige 2602HW Series User’s Guide CHAPTER 29 Static Route Setup This chapter shows how to setup IP static routes. 29.1 IP Static Route Overview Static routes tell the Prestige routing information that it cannot learn automatically through other means. This can arise in cases where RIP is disabled on the LAN or a remote network is beyond the one that is directly connected to a remote node.
Prestige 2602HW Series User’s Guide Figure 156 Menu 12 Static Route Setup Menu 12 - Static Route Setup 1. IP Static Route 3. Bridge Static Route Please enter selection: From menu 12, select 1 to open Menu 12.1 — IP Static Route Setup (shown next). Figure 157 Menu 12.1 IP Static Route Setup Menu 12.1 - IP Static Route Setup 1. ________ 2. ________ 3. ________ 4. ________ 5. ________ 6. ________ 7. ________ 8. ________ 9. ________ 10. ________ 11. ________ 12. ________ 13. ________ 14. ________ 15.
Prestige 2602HW Series User’s Guide Table 102 Menu12.1.1 Edit IP Static Route FIELD DESCRIPTION Route # This is the index number of the static route that you chose in menu 12.1. Route Name Type a descriptive name for this route. This is for identification purpose only. Active This field allows you to activate/deactivate this static route. Destination IP Address This parameter specifies the IP network address of the final destination. Routing is always based on network number.
Prestige 2602HW Series User’s Guide 308 Chapter 29 Static Route Setup
Prestige 2602HW Series User’s Guide CHAPTER 30 Bridging Setup This chapter shows you how to configure the bridging parameters of your Prestige. 30.1 Bridging in General Bridging bases the forwarding decision on the MAC (Media Access Control), or hardware address, while routing does it on the network layer (IP) address. Bridging allows the Prestige to transport packets of network layer protocols that it does not route, for example, SNA, from one network to another.
Prestige 2602HW Series User’s Guide Figure 159 Menu 11.1 Remote Node Profile Menu 11.
Prestige 2602HW Series User’s Guide 30.2.2 Bridge Static Route Setup Similar to network layer static routes, a bridging static route tells the Prestige the route to a node before a connection is established. You configure bridge static routes in menu 12.3.1 (go to menu 12, choose option 3, then choose a static route to edit) as shown next. Figure 161 Menu 12.3.1 Edit Bridge Static Route Menu 12.3.
Prestige 2602HW Series User’s Guide 312 Chapter 30 Bridging Setup
Prestige 2602HW Series User’s Guide CHAPTER 31 Network Address Translation (NAT) This chapter discusses how to configure NAT on the Prestige. 31.1 Using NAT You must create a firewall rule in addition to setting up SUA/NAT, to allow traffic from the WAN to be forwarded through the Prestige. 31.1.1 SUA (Single User Account) Versus NAT SUA (Single User Account) is a ZyNOS implementation of a subset of NAT that supports two types of mapping, Many-to-One and Server. See Section 31.
Prestige 2602HW Series User’s Guide Figure 162 Menu 4 Applying NAT for Internet Access Menu 4 - Internet Access Setup ISP's Name= MyISP Encapsulation= RFC 1483 Multiplexing= LLC-based VPI #= 8 VCI #= 35 ATM QoS Type= UBR Peak Cell Rate (PCR)= 0 Sustain Cell Rate (SCR)= 0 Maximum Burst Size (MBS)= 0 My Login= N/A My Password= N/A ENET ENCAP Gateway= N/A IP Address Assignment= Static IP Address= 0.0.0.
Prestige 2602HW Series User’s Guide Table 105 Applying NAT in Menus 4 & 11.3 FIELD DESCRIPTION NAT Press [SPACE BAR] and then [ENTER] to select Full Feature if you have multiple public WAN IP addresses for your Prestige. The SMT uses the address mapping set that you configure and enter in the Address Mapping Set field (see Figure 165 on page 316). Select None to disable NAT. When you select SUA Only, the SMT uses Address Mapping Set 255 (see Figure 166 on page 316).
Prestige 2602HW Series User’s Guide Figure 165 Menu 15.1 Address Mapping Sets Menu 15.1 - Address Mapping Sets 1. 2. 3. 4. 5. 6. 7. 8. 255. SUA (read only) Enter Menu Selection Number: 31.3.1.1 SUA Address Mapping Set Enter 255 to display the next screen (see also section 27.1.1). The fields in this menu cannot be changed. Figure 166 Menu 15.1.255 SUA Address Mapping Rules Set Idx --1. 2. 3. 4. 5. 6. 7. 8. 9. 10. Menu 15.1.
Prestige 2602HW Series User’s Guide Table 106 SUA Address Mapping Rules (continued) FIELD DESCRIPTION Global Start IP This is the starting global IP address (IGA). If you have a dynamic IP, enter 0.0.0.0 as the Global Start IP. Global End IP This is the ending global IP address (IGA). Type These are the mapping types. Server allows us to specify multiple servers of different types behind NAT to this machine. See later for some examples.
Prestige 2602HW Series User’s Guide 31.3.1.3 Ordering Your Rules Ordering your rules is important because the Prestige applies the rules in the order that you specify. When a rule matches the current packet, the Prestige takes the corresponding action and the remaining rules are ignored. If there are any empty rules before your new configured rule, your configured rule will be pushed up by that number of empty rules.
Prestige 2602HW Series User’s Guide Figure 168 Menu 15.1.1.1 Editing/Configuring an Individual Rule in a Set Menu 15.1.1.1 Address Mapping Rule Type= One-to-One Local IP: Start= End = N/A Global IP: Start= End = N/A Server Mapping Set= N/A Press ENTER to Confirm or ESC to Cancel: The following table explains the fields in this menu. Table 108 Menu 15.1.1.1 Editing/Configuring an Individual Rule in a Set FIELD DESCRIPTION Type Press [SPACE BAR] and then [ENTER] to select from a total of five types.
Prestige 2602HW Series User’s Guide Figure 169 Menu 15.2 NAT Server Setup Menu 15.2 - NAT Server Sets 1. Server Set 1 (Used for SUA Only) 2. Server Set 2 3. Server Set 3 4. Server Set 4 5. Server Set 5 6. Server Set 6 7. Server Set 7 8. Server Set 8 9. Server Set 9 10. Server Set 10 Enter Set Number to Edit: 3 Enter 1 to go to Menu 15.2 NAT Server Setup as follows. Figure 170 Menu 15.2 NAT Server Setup Menu 15.2 - NAT Server Setup Rule Start Port No. End Port No.
Prestige 2602HW Series User’s Guide Figure 171 Multiple Servers Behind NAT Example 31.5 General NAT Examples The following are some examples of NAT configuration. 31.5.1 Example 1: Internet Access Only In the following Internet access example, you only need one rule where your ILAs (Inside Local addresses) all map to one dynamic IGA (Inside Global Address) assigned by your ISP.
Prestige 2602HW Series User’s Guide Figure 173 Menu 4 Internet Access & NAT Example Menu 4 - Internet Access Setup ISP's Name= MyISP Encapsulation= RFC 1483 Multiplexing= LLC-based VPI #= 8 VCI #= 35 ATM QoS Type= UBR Peak Cell Rate (PCR)= 0 Sustain Cell Rate (SCR)= 0 Maximum Burst Size (MBS)= 0 My Login= N/A My Password= N/A ENET ENCAP Gateway= N/A IP Address Assignment= Static IP Address= 0.0.0.
Prestige 2602HW Series User’s Guide Figure 175 Menu 15.2.1 Specifying an Inside Server Menu 15.2.1 - NAT Server Setup (Used for SUA Only) Rule Start Port No. End Port No. IP Address --------------------------------------------------1. Default Default 192.168.1.10 2. 0 0 0.0.0.0 3. 0 0 0.0.0.0 4. 0 0 0.0.0.0 5. 0 0 0.0.0.0 6. 0 0 0.0.0.0 7. 0 0 0.0.0.0 8. 0 0 0.0.0.0 9. 0 0 0.0.0.0 10. 0 0 0.0.0.0 11. 0 0 0.0.0.0 12. 0 0 0.0.0.0 Press ENTER to Confirm or ESC to Cancel: 31.5.
Prestige 2602HW Series User’s Guide Figure 176 NAT Example 3 In this case you need to configure Address Mapping Set 1 from Menu 15.1 - Address Mapping Sets. Therefore you must choose the Full Feature option from the Network Address Translation field (in menu 4 or menu 11.3) in Figure 177 on page 324. 1 Enter 15 from the main menu. 2 Enter 1 to configure the Address Mapping Sets. 3 Enter 1 to begin configuring this new set. Enter a Set Name, choose the Edit Action and then enter 1 for the Select Rule field.
Prestige 2602HW Series User’s Guide Figure 178 Example 3: Menu 15.1.1.1 Menu 15.1.1.1 Address Mapping Rule Type= One-to-One Local IP: Start= 192.168.1.10 End = N/A Global IP: Start= 10.132.50.1 End = N/A Server Mapping Set= N/A Press ENTER to Confirm or ESC to Cancel: Figure 179 Example 3: Final Menu 15.1.1 Set Idx --1. 2 3. 4. 5. 6. 7. 8. 9. 10. Menu 15.1.1 - Address Mapping Rules Name= Example3 Local Start IP Local End IP Global Start IP --------------- --------------- --------------192.168.1.10 10.
Prestige 2602HW Series User’s Guide Figure 180 Example 3: Menu 15.2 Menu 15.2 - NAT Server Setup Rule Start Port No. End Port No. IP Address --------------------------------------------------1. Default Default 0.0.0.0 2. 80 80 192.168.1.21 3. 25 25 192.168.1.20 4. 0 0 0.0.0.0 5. 0 0 0.0.0.0 6. 0 0 0.0.0.0 7. 0 0 0.0.0.0 8. 0 0 0.0.0.0 9. 0 0 0.0.0.0 10. 0 0 0.0.0.0 11. 0 0 0.0.0.0 12. 0 0 0.0.0.0 Press ENTER to Confirm or ESC to Cancel: 31.5.
Prestige 2602HW Series User’s Guide Figure 182 Example 4: Menu 15.1.1.1 Address Mapping Rule Menu 15.1.1.1 Address Mapping Rule Type= Many-to-Many No Overload Local IP: Start= 192.168.1.10 End = 192.168.1.12 Global IP: Start= 10.132.50.1 End = 10.132.50.3 Server Mapping Set= N/A Press ENTER to Confirm or ESC to Cancel: After you’ve configured your rule, you should be able to check the settings in menu 15.1.1 as shown next. Figure 183 Example 4: Menu 15.1.1 Address Mapping Rules Set Idx --1. 2. 3. 4. 5. 6.
Prestige 2602HW Series User’s Guide 328 Chapter 31 Network Address Translation (NAT)
Prestige 2602HW Series User’s Guide CHAPTER 32 Enabling the Firewall This chapter shows you how to get started with the Prestige firewall. 32.1 Remote Management and the Firewall When SMT menu 24.11 is configured to allow management (see the Remote Management chapter) and the firewall is enabled: • The firewall blocks remote management from the WAN unless you configure a firewall rule to allow it. • The firewall allows remote management from the LAN. 32.
Prestige 2602HW Series User’s Guide Figure 184 Menu 21.2 Firewall Setup Menu 21.2 - Firewall Setup The firewall protects against Denial of Service (DOS) attacks when it is active. The default Policy sets 1. allow all sessions originating from the LAN to the WAN and 2.
Prestige 2602HW Series User’s Guide CHAPTER 33 Filter Configuration This chapter shows you how to create and apply filters. 33.1 About Filtering Your Prestige uses filters to decide whether or not to allow passage of a data packet and/or to make a call. There are two types of filter applications: data filtering and call filtering. Filters are subdivided into device and protocol filters, which are discussed later. Data filtering screens data to determine if the packet should be allowed to pass.
Prestige 2602HW Series User’s Guide Figure 186 Filter Rule Process Start Packet intoFilter Fetch First Filter Set Filter Set Fetch Next Filter Set Fetch First Filter Rule Fetch Next Filter Rule Yes Yes Next Filter Set Available? No Next filter Rule Available? No Active? Yes Execute Filter Rule No Check Next Rule Forward Drop Drop Packet Accept Packet You can apply up to four filter sets to a particular port to block various types of packets.
Prestige 2602HW Series User’s Guide 33.2 Configuring a Filter Set for the Prestige To configure a filter set, follow the steps shown next. 1 Enter 21 in the main menu to display Menu 21 – Filter and Firewall Setup. 2 Enter 1 to display Menu 21.1 – Filter Set Configuration as shown next. Figure 187 Menu 21 Filter Set Configuration Filter Set # -----1 2 3 4 5 6 Menu 21.
Prestige 2602HW Series User’s Guide Figure 189 NetBIOS_LAN Filter Rules Summary Menu 21.1.3 - Filter Rules Summary # A Type Filter Rules M m n - - ---- --------------------------------------------------------------- - 1 Y IP Pr=17, SA=0.0.0.0, SP=137, DA=0.0.0.0, DP=53 N D F 2 N 3 N 4 N 5 N 6 N Enter Filter Rule Number (1-6) to Configure: Figure 190 IGMP Filter Rules Summary Menu 21.1.
Prestige 2602HW Series User’s Guide Table 109 Abbreviations Used in the Filter Rules Summary Menu (continued) FIELD DESCRIPTION m Action Matched. “F” means to forward the packet immediately and skip checking the remaining rules. “D” means to drop the packet. “N“ means to check the next rule. n Action Not Matched. “F” means to forward the packet immediately and skip checking the remaining rules. “D” means to drop the packet. “N” means to check the next rule.
Prestige 2602HW Series User’s Guide 33.4.1 TCP/IP Filter Rule This section shows you how to configure a TCP/IP filter rule. TCP/IP rules allow you to base the rule on the fields in the IP and the upper layer protocol, for example, UDP and TCP headers. To configure TCP/IP rules, select TCP/IP Filter Rule from the Filter Type field and press [ENTER] to open Menu 21.1.x.1 – TCP/IP Filter Rule, as shown next. Figure 191 Menu 21.1.x.1 TCP/IP Filter Rule Menu 21.1.1.
Prestige 2602HW Series User’s Guide Table 111 Menu 21.1.x.1 TCP/IP Filter Rule (continued) FIELD DESCRIPTION Port # Type the destination port of the packets you want to filter. The field range is 0 to 65535. A 0 field is ignored. Port # Comp Select the comparison to apply to the destination port in the packet against the value given in Destination: Port #. Choices are None, Less, Greater, Equal or Not Equal. Source: IP Addr Type the source IP Address of the packet you want to filter. A 0.0.0.
Prestige 2602HW Series User’s Guide Figure 192 Executing an IP Filter Packet into IP Filter Filter Active? No Yes Apply SrcAddrMask to Src Addr Check Src IP Addr Not Matched Matched Apply DestAddrMask to Dest Addr Check Dest IP Addr Not Matched Matched Check IP Protocol Not Matched Matched Check Src & Dest Port Not Matched Matched More? Yes No Action Matched Drop Action Not Matched Check Next Rule Check Next Rule Drop Forward Forward Drop Packet Check Next Rule Accept Packet 33.4.
Prestige 2602HW Series User’s Guide To configure a generic rule select an empty filter set in menu 21, for example 5. Select Generic Filter Rule in the Filter Type field and press [ENTER] to open Menu 21.1.5.1 – Generic Filter Rule, as shown in the following figure. Figure 193 Menu 21.1.5.1 Generic Filter Rule Menu 21.1.5.
Prestige 2602HW Series User’s Guide Table 112 Menu 21.1.5.1 Generic Filter Rule (continued) FIELD DESCRIPTION Action Not Matched Select the action for a packet not matching the rule. Choices are Check Next Rule, Forward or Drop. When you have completed this menu, press [ENTER] at the prompt “Press ENTER to Confirm or ESC to Cancel:” to save your configuration, or press [ESC] at any time to cancel. 33.
Prestige 2602HW Series User’s Guide Figure 195 Sample Telnet Filter 1 Enter 1 in the menu 21 to display Menu 21.1 — Filter Set Configuration. 2 Enter the index number of the filter set you want to configure (in this case 6). 3 Type a descriptive name or comment in the Edit Comments field (for example, TELNET_WAN) and press [ENTER]. 4 Press [ENTER] at the message “Press [ENTER] to confirm or [ESC] to cancel ...” to open Menu 21.1.6 — Filter Rules Summary. 5 Type 1 to configure the first filter rule.
Prestige 2602HW Series User’s Guide 2 Go to the Edit Filter Sets field, press [SPACE BAR] to choose Yes and press [ENTER]. This brings you to menu 11.5. Apply the example filter set (for example, filter set 3) in this menu as shown in the next section. This shows you that you have configured and activated (A = Y) a TCP/IP filter rule (Type = IP, Pr = 6) for destination telnet ports (DP = 23). M = N means an action can be taken immediately.
Prestige 2602HW Series User’s Guide 33.7.1 Ethernet Traffic You seldom need to filter Ethernet traffic; however, the filter sets may be useful to block certain packets, reduce traffic and prevent security breaches. Go to menu 3.1 (shown next) and type the number(s) of the filter set(s) that you want to apply as appropriate. You can choose up to four filter sets (from twelve) by typing their numbers separated by commas, for example, 3, 4, 6, 11.
Prestige 2602HW Series User’s Guide 344 Chapter 33 Filter Configuration
Prestige 2602HW Series User’s Guide CHAPTER 34 SNMP Configuration This chapter explains SNMP Configuration menu 22. 34.1 About SNMP Simple Network Management Protocol (SNMP) is a protocol used for exchanging management information between network devices. SNMP is a member of the TCP/IP protocol suite. Your Prestige supports SNMP agent functionality, which allows a manager station to manage and monitor the Prestige through the network.
Prestige 2602HW Series User’s Guide The managed devices contain object variables/managed objects that define each piece of information to be collected about a device. Examples of variables include the number of packets received, node port status etc. A Management Information Base (MIB) is a collection of managed objects. SNMP allows a manager and agents to communicate for the purpose of accessing these objects. SNMP itself is a simple request/response protocol based on the manager/agent model.
Prestige 2602HW Series User’s Guide Figure 201 Menu 22 SNMP Configuration Menu 22 - SNMP Configuration SNMP: Get Community= public Set Community= public Trusted Host= 0.0.0.0 Trap: Community= public Destination= 0.0.0.0 Press ENTER to Confirm or ESC to Cancel: The following table describes the SNMP configuration parameters.
Prestige 2602HW Series User’s Guide Table 115 SNMP Traps (continued) TRAP # TRAP NAME DESCRIPTION 5 authenticationFailure (defined in RFC-1215) A trap is sent to the manager when receiving any SNMP gets or sets requirements with wrong community (password). 6 whyReboot (defined in ZYXEL-MIB) A trap is sent with the reason of restart before rebooting when the system is going to restart (warm start).
Prestige 2602HW Series User’s Guide CHAPTER 35 System Security This chapter describes how to configure the system security on the Prestige. 35.1 System Security You can configure the system password.. 35.1.1 System Password Enter 23 in the main menu to display Menu 23 – System Security. You should change the default password. If you forget your password you have to restore the default configuration file. Refer to Section 22.4 on page 270 and Section 2.1.2 on page 58 for information.
Prestige 2602HW Series User’s Guide Figure 204 Menu 23.2 System Security: RADIUS Server Menu 23.2 - System Security - RADIUS Server Authentication Server: Active= No Server Address= 10.11.12.13 Port #= 1812 Shared Secret= ******** Accounting Server: Active= No Server Address= 10.11.12.13 Port #= 1813 Shared Secret= ******** Press ENTER to Confirm or ESC to Cancel: The following table describes the fields in this menu. Table 117 Menu 23.
Prestige 2602HW Series User’s Guide 35.1.3 IEEE802.1x The IEEE802.1x standards outline enhanced security methods for both the authentication of wireless stations and encryption key management. Follow the steps below to enable EAP authentication on your Prestige. 1 From the main menu, enter 23 to display Menu23 – System Security. Figure 205 Menu 23 System Security Menu 23 - System Security 1. Change Password 2. RADIUS Server 4. IEEE802.1x Enter Menu Selection Number: 2 Enter 4 to display Menu 23.
Prestige 2602HW Series User’s Guide Table 118 Menu 23.4 System Security: IEEE802.1x FIELD DESCRIPTION Wireless Port Control Press [SPACE BAR] and select a security mode for the wireless LAN access. Select No Authentication Required to allow any wireless stations access to your wired network without entering usernames and passwords. This is the default setting. Selecting Authentication Required means wireless stations have to enter usernames and passwords before access to the wired network is allowed.
Prestige 2602HW Series User’s Guide Table 118 Menu 23.4 System Security: IEEE802.1x (continued) FIELD DESCRIPTION Authentication Databases The authentication database contains wireless station login information. The local user database is the built-in database on the Prestige. The RADIUS is an external server. Use this field to decide which database the Prestige should use (first) to authenticate a wireless station.
Prestige 2602HW Series User’s Guide Figure 207 Menu 14 Dial-in User Setup Menu 14 - Dial-in User Setup 1. 2. 3. 4. 5. 6. 7. 8. ________ ________ ________ ________ ________ ________ ________ ________ 9. 10. 11. 12. 13. 14. 15. 16. ________ ________ ________ ________ ________ ________ ________ ________ 17. 18. 19. 20. 21. 22. 23. 24. ________ ________ ________ ________ ________ ________ ________ ________ 25. 26. 27. 28. 29. 30. 31. 32.
Prestige 2602HW Series User’s Guide CHAPTER 36 System Information and Diagnosis This chapter covers the information and diagnostic tools in SMT menus 24.1 to 24.4. 36.1 Overview These tools include updates on system status, port status, log and trace capabilities and upgrades for the system software. This chapter describes how to use these tools in detail. Type 24 in the main menu to open Menu 24 – System Maintenance, as shown in the following figure.
Prestige 2602HW Series User’s Guide The following table describes the fields present in Menu 24.1 — System Maintenance — Status which are read-only and meant for diagnostic purposes. Figure 210 Menu 24.1 System Maintenance : Status Menu 24.1 - System Maintenance - Status Node-Lnk Status TxPkts RxPkts Time 1-PPPoA N/A 0 0 2 N/A 0 0 3 N/A 0 0 4 N/A 0 0 5 N/A 0 0 6 N/A 0 0 7 N/A 0 0 My WAN IP (from ISP): 0.0.0.0 Ethernet: Status: Tx Pkts: 528 Collisions: 0 Rx Pkts: 505 CPU Load = 2.
Prestige 2602HW Series User’s Guide Table 120 Menu 24.1 System Maintenance: Status (continued) FIELD Line Status DESCRIPTION This shows the current status of the xDSL line, which can be Up or Down. Upstream Speed This shows the upstream transfer rate in kbps. Downstream Speed This shows the downstream transfer rate in kbps. CPU Load This specifies the percentage of CPU utilization. 36.3 System Information To get to the System Information: 1 Enter 24 to display Menu 24 — System Maintenance.
Prestige 2602HW Series User’s Guide Figure 212 Menu 24.2.1 System Maintenance: Information Menu 24.2.1 - System Maintenance - Information Name: Routing: IP ZyNOS F/W Version: V3.40(MF.2) | 07/16/2004 ADSL Chipset Vendor: TI AR7 01.01.00.00 Standard: Multi-Mode LAN Ethernet Address: 00:a0:c5:78:de:8d IP Address: 192.168.1.1 IP Mask: 255.255.255.0 DHCP: Server Press ESC or RETURN to Exit: The following table describes the fields in this menu. Table 121 Menu 24.2.
Prestige 2602HW Series User’s Guide Figure 213 Menu 24.2.2 System Maintenance : Change Console Port Speed Menu 24.2.2 – System Maintenance – Change Console Port Speed Console Port Speed: 9600 Press ENTER to Confirm or ESC to Cancel: Once you change the Prestige console port speed, you must also set the speed parameter for the communication software you are using to connect to the Prestige. 36.4 Log and Trace There are two logging facilities in the Prestige.
Prestige 2602HW Series User’s Guide Figure 215 Sample Error and Information Messages 53 Sat Jan 01 54 Sat Jan 01 55 Sat Jan 01 56 Sat Jan 01 57 Sat Jan 01 58 Sat Jan 01 59 Sat Jan 01 60 Sat Jan 01 62 Sat Jan 01 63 Sat Jan 01 Clear Error Log 00:00:03 00:00:03 00:00:03 00:00:03 00:00:03 00:03:06 00:03:06 00:23:21 00:23:38 00:23:38 (y/n): 2000 2000 2000 2000 2000 2000 2000 2000 2000 2000 PP01 -WARN PP01 INFO PP01 INFO PP20 INFO PP21 INFO PP19 INFO PP01 INFO PP01 INFO PP19 INFO PP01 INFO SNMP TRAP 0: cold s
Prestige 2602HW Series User’s Guide Figure 217 Syslog Example 1 - CDR SdcmdSyslogSend ( SYSLOG_CDR, SYSLOG_INFO, String); String = board xx line xx channel xx, call xx, str board = the hardware board ID line = the WAN ID in a board Channel = channel ID within the WAN call = the call reference number which starts from 1 and increments by 1 for each new call str = C01 Outgoing Call dev xx ch xx (dev:device No. ch:channel No.
Prestige 2602HW Series User’s Guide Figure 217 Syslog Example (continued) prot: Protocol (“TCP”, ”UDP”, ”ICMP”) spo: Source port dpo: Destination port Jul 19 14:43:55 192.168.102.2 ZYXEL: IP [Src=202.132.154.123 Dst=255.255.255.255 UDP spo=0208 dpo=0208]} S03>R01mF Jul 19 14:44:00 192.168.102.2 ZYXEL: IP [Src=192.168.102.20 Dst=202.132.154.1 UDP spo=05d4 dpo=0035]} S03>R01mF Jul 19 14:44:04 192.168.102.2 ZYXEL: IP [Src=192.168.102.20 Dst=202.132.154.
Prestige 2602HW Series User’s Guide The following table describes the diagnostic tests available in menu 24.4 for and the connections. Table 123 Menu 24.4 System Maintenance Menu: Diagnostic FIELD DESCRIPTION Reset xDSL Re-initialize the xDSL link to the telephone company. Ping Host Ping the host to see if the links and TCP/IP protocol on both systems are working. Reboot System Reboot the Prestige. Command Mode Type the mode to test and diagnose your Prestige using specified commands.
Prestige 2602HW Series User’s Guide 364 Chapter 36 System Information and Diagnosis
Prestige 2602HW Series User’s Guide CHAPTER 37 Firmware and Configuration File Maintenance This chapter tells you how to backup and restore your configuration file as well as upload new firmware and configuration files. 37.1 Filename Conventions The configuration file (often called the romfile or rom-0) contains the factory default settings in the menus such as password, DHCP Setup, TCP/IP Setup, etc. It arrives from ZyXEL with a “rom” filename extension.
Prestige 2602HW Series User’s Guide The following table is a summary. Please note that the internal filename refers to the filename on the Prestige and the external filename refers to the filename not on the Prestige, that is, on your computer, local network or FTP site and so the name (but not the extension) may vary. After uploading new firmware, see the ZyNOS F/W Version field in Menu 24.2.1 – System Maintenance – Information to confirm that you have uploaded the correct firmware version.
Prestige 2602HW Series User’s Guide Figure 219 Telnet in Menu 24.5 Menu 24.5 - System Maintenance - Backup Configuration To transfer the configuration file to your workstation, follow the procedure below: 1. Launch the FTP client on your workstation. 2. Type "open" and the IP address of your Prestige. Then type "root" and SMT password as requested. 3. Locate the 'rom-0' file. 4. Type 'get rom-0' to back up the current Prestige configuration to your workstation.
Prestige 2602HW Series User’s Guide Figure 220 FTP Session Example 331 Enter PASS command Password: 230 Logged in ftp> bin 200 Type I OK ftp> get rom-0 zyxel.rom 200 Port command okay 150 Opening data connection for STOR ras 226 File received OK ftp: 16384 bytes sent in 1.10Seconds 297.89Kbytes/sec. ftp> quit 37.2.4 GUI-based FTP Clients The following table describes some of the commands that you may see in GUI-based FTP clients.
Prestige 2602HW Series User’s Guide 37.2.6 Backup Configuration Using TFTP The Prestige supports the up/downloading of the firmware and the configuration file using TFTP (Trivial File Transfer Protocol) over LAN. Although TFTP should work over WAN as well, it is not recommended. To use TFTP, your computer must have both telnet and TFTP clients. To backup the configuration file, follow the procedure shown next. 1 Use telnet from your computer to connect to the Prestige and log in.
Prestige 2602HW Series User’s Guide Table 126 General Commands for GUI-based TFTP Clients COMMAND DESCRIPTION Host Enter the IP address of the Prestige. 192.168.1.1 is the Prestige’s default IP address when shipped. Send/Fetch Use “Send” to upload the file to the Prestige and “Fetch” to back up the file on your computer. Local File Enter the path and name of the firmware file (*.bin extension) or configuration file (*.rom extension) on your computer.
Prestige 2602HW Series User’s Guide Figure 223 Backup Configuration Example Type a location for storing the configuration file or click Browse to look for one. Choose the Xmodem protocol. Then click Receive. 4 After a successful backup you will see the following screen. Press any key to return to the SMT menu. Figure 224 Successful Backup Confirmation Screen ** Backup Configuration completed. OK. ### Hit any key to continue.### 37.
Prestige 2602HW Series User’s Guide Figure 225 Telnet into Menu 24.6 Menu 24.6 -- System Maintenance - Restore Configuration To transfer the firmware and configuration file to your workstation, follow the procedure below: 1. Launch the FTP client on your workstation. 2. Type "open" and the IP address of your Prestige. Then type "root" and SMT password as requested. 3.
Prestige 2602HW Series User’s Guide 37.3.3 Restore Via Console Port Restore configuration via console port by following the HyperTerminal procedure shown next. Procedures using other serial communications programs should be similar. 1 Display menu 24.6 and enter “y” at the following screen. Figure 227 System Maintenance: Restore Configuration Ready to restore Configuration via Xmodem. Do you want to continue (y/n): 2 The following screen indicates that the Xmodem download has started.
Prestige 2602HW Series User’s Guide Figure 230 Successful Restoration Confirmation Screen Save to ROM Hit any key to start system reboot. 37.4 Uploading Firmware and Configuration Files This section shows you how to upload firmware and configuration files. You can upload configuration files by following the procedure in Section 37.2 on page 366 or by following the instructions in Menu 24.7.2 – System Maintenance – Upload System Configuration File.
Prestige 2602HW Series User’s Guide Figure 232 Telnet Into Menu 24.7.2 System Maintenance Menu 24.7.2 - System Maintenance - Upload System Configuration File To upload the system configuration file, follow the procedure below: 1. Launch the FTP client on your workstation. 2. Type "open" and the IP address of your system. Then type "root" and SMT password as requested. 3.
Prestige 2602HW Series User’s Guide 37.4.4 FTP Session Example of Firmware File Upload Figure 233 FTP Session Example of Firmware File Upload 331 Enter PASS command Password: 230 Logged in ftp> bin 200 Type I OK ftp> put firmware.bin ras 200 Port command okay 150 Opening data connection for STOR ras 226 File received OK ftp: 1103936 bytes sent in 1.10Seconds 297.89Kbytes/sec. ftp> quit More commands (found in GUI-based FTP clients) are listed earlier in this chapter. Refer to Section 37.2.
Prestige 2602HW Series User’s Guide 37.4.6 TFTP Upload Command Example The following is an example TFTP command: tftp [-i] host put firmware.bin ras where “i” specifies binary image transfer mode (use this mode when transferring binary files), “host” is the Prestige’s IP address and “put” transfers the file source on the computer (firmware.bin – name of the firmware on the computer) to the file destination on the remote host (ras - name of the firmware on the Prestige).
Prestige 2602HW Series User’s Guide 37.4.9 Example Xmodem Firmware Upload Using HyperTerminal Click Transfer, then Send File to display the following screen. Figure 235 Example Xmodem Upload After the firmware upload process has completed, the Prestige will automatically restart. 37.4.10 Uploading Configuration File Via Console Port 1 Select 2 from Menu 24.7 – System Maintenance – Upload Firmware to display Menu 24.7.2 - System Maintenance - Upload System Configuration File.
Prestige 2602HW Series User’s Guide 3 Enter “atgo” to restart the Prestige. 37.4.11 Example Xmodem Configuration Upload Using HyperTerminal Click Transfer, then Send File to display the following screen. Figure 237 Example Xmodem Upload After the configuration upload process has completed, restart the Prestige by entering “atgo”.
Prestige 2602HW Series User’s Guide 380 Chapter 37 Firmware and Configuration File Maintenance
Prestige 2602HW Series User’s Guide CHAPTER 38 System Maintenance This chapter leads you through SMT menus 24.8 to 24.10. 38.1 Command Interpreter Mode The Command Interpreter (CI) is a part of the main system firmware. The CI provides much of the same functionality as the SMT, while adding some low-level setup and diagnostic functions. Enter the CI from the SMT by selecting menu 24.8. See the included disk or the zyxel.com web site for more detailed information on CI commands.
Prestige 2602HW Series User’s Guide 38.2 Call Control Support Call Control Support is only applicable when Encapsulation is set to PPPoE in menu 4 or menu 11.1. The budget management function allows you to set a limit on the total outgoing call time of the Prestige within certain times. When the total outgoing call time exceeds the limit, the current call will be dropped and any future outgoing calls will be blocked. To access the call control menu, select option 9 in menu 24 to go to Menu 24.
Prestige 2602HW Series User’s Guide The total budget is the time limit on the accumulated time for outgoing calls to a remote node. When this limit is reached, the call will be dropped and further outgoing calls to that remote node will be blocked. After each period, the total budget is reset. The default for the total budget is 0 minutes and the period is 0 hours, meaning no budget control. You can reset the accumulated connection time in this menu by entering the index of a remote node.
Prestige 2602HW Series User’s Guide Figure 243 Menu 24.10 System Maintenance: Time and Date Setting Menu 24.10 - System Maintenance - Time and Date Setting Use Time Server when Bootup= None Time Server Address= N/A Current Time: 00 : 51 : 24 New Time (hh:mm:ss): 00 : 51 : 19 Current Date: 2000 - 01 - 01 New Date (yyyy-mm-dd): 2000 - 01 - 01 Time Zone= GMT Daylight Saving= No Start Date (mm-dd): 01 - 00 End Date (mm-dd): 01 - 00 Press ENTER to Confirm or ESC to Cancel: Table 128 Menu 24.
Prestige 2602HW Series User’s Guide • 24-hour intervals after starting.
Prestige 2602HW Series User’s Guide 386 Chapter 38 System Maintenance
Prestige 2602HW Series User’s Guide CHAPTER 39 Remote Management This chapter covers remote management (SMT menu 24.11). 39.1 Remote Management Overview Remote management allows you to determine which services/protocols can access which Prestige interface (if any) from which computers. When you configure remote management to allow management from the WAN, you still need to configure a firewall rule to allow access. See the firewall chapters for details on configuring firewall rules. 39.
Prestige 2602HW Series User’s Guide Figure 244 Menu 24.11 Remote Management Control Menu 24.11 - Remote Management Control TELNET Server: Server Port = 23 Secured Client IP = 0.0.0.0 FTP Server: Server Port = 21 Secured Client IP = 0.0.0.0 Web Server: Server Port = 80 Secured Client IP = 0.0.0.0 Server Access = LAN only Server Access = LAN only Server Access = LAN only Press ENTER to Confirm or ESC to Cancel: The following table describes the fields in this menu. Table 129 Menu 24.
Prestige 2602HW Series User’s Guide 39.3 Remote Management and NAT When NAT is enabled: • Use the Prestige’s WAN IP address when configuring from the WAN. • Use the Prestige’s LAN IP address when configuring from the LAN. 39.4 System Timeout There is a default system management idle timeout of five minutes (three hundred seconds). The Prestige automatically logs you out if the management session remains idle for longer than this timeout period.
Prestige 2602HW Series User’s Guide 390 Chapter 39 Remote Management
Prestige 2602HW Series User’s Guide CHAPTER 40 IP Policy Routing This chapter covers setting and applying policies used for IP routing. 40.1 IP Policy Routing Overview Traditionally, routing is based on the destination address only and the IAD takes the shortest path to forward a packet. IP Routing Policy (IPPR) provides a mechanism to override the default routing behavior and alter the packet forwarding based on the policy defined by the network administrator.
Prestige 2602HW Series User’s Guide • routing the packet to a different gateway (and hence the outgoing interface). • setting the TOS and precedence fields in the IP header. IPPR follows the existing packet filtering facility of RAS in style and in implementation. The policies are divided into sets, where related policies are grouped together. A user defines the policies before applying them to an interface or a remote node, in the same fashion as the filters.
Prestige 2602HW Series User’s Guide Figure 246 Menu 25.1 IP Routing Policy Setup Menu 25.1 - IP Routing Policy Setup # A Criteria/Action - - -------------------------------------------------------------------------1 Y SA=1.1.1.1-1.1.1.1,DA=2.2.2.2-2.2.2.5 SP=20-25,DP=20-25,P=6,T=NM,PR=0 |GW=192.168.1.
Prestige 2602HW Series User’s Guide Figure 247 Menu 25.1.1 IP Routing Policy Menu 25.1.1 - IP Routing Policy Policy Set Name= test Active= No Criteria: IP Protocol = 0 Type of Service= Don't Care Precedence = Don't Care Source: addr start= 0.0.0.0 port start= N/A Destination: addr start= 0.0.0.0 port start= N/A Action= Matched Gateway addr = 0.0.0.
Prestige 2602HW Series User’s Guide Table 131 Menu 25.1.1 IP Routing Policy (continued) FIELD DESCRIPTION Gateway addr Defines the outgoing gateway address. The gateway must be on the same subnet as the Prestige if it is on the LAN, otherwise, the gateway must be the IP address of a remote node. The default gateway is specified as 0.0.0.0. Type of Service Set the new TOS value of the outgoing packet.
Prestige 2602HW Series User’s Guide Figure 248 Menu 3.2 TCP/IP and DHCP Ethernet Setup Menu 3.2 - TCP/IP and DHCP Setup DHCP Setup DHCP= Server Client IP Pool Starting Address= 192.168.1.33 Size of Client IP Pool= 32 Primary DNS Server= 0.0.0.0 Secondary DNS Server= 0.0.0.0 Remote DHCP Server= N/A TCP/IP Setup: IP Address= 192.168.1.1 IP Subnet Mask= 255.255.255.0 RIP Direction= Both Version= RIP-1 Multicast= None IP Policies= Edit IP Alias= No Press ENTER to Confirm or ESC to Cancel: Go to menu 11.
Prestige 2602HW Series User’s Guide Figure 250 Example of IP Policy Routing To force packets coming from clients with IP addresses of 192.168.1.33 to 192.168.1.64 to be routed to the Internet via the WAN port of the Prestige, follow the steps as shown next. 1 Create a routing policy set in menu 25. 2 Create a rule for this set in Menu 25.1.1 — IP Routing Policy as shown next. Figure 251 IP Routing Policy Example Menu 25.1.
Prestige 2602HW Series User’s Guide 3 Create a rule in menu 25.1 for this set to route packets from any host (IP=0.0.0.0 means any host) with protocol TCP and port FTP access through another gateway (192.168.1.100). Figure 252 IP Routing Policy Example Menu 25.1.1 - IP Routing Policy Policy Set Name= set2 Active= Yes Criteria: IP Protocol = 6 Type of Service= Don't Care Precedence = Don't Care Source: addr start= 0.0.0.0 port start= 0 Destination: addr start= 0.0.0.
Prestige 2602HW Series User’s Guide CHAPTER 41 Call Scheduling Call scheduling (applicable for PPPoA or PPPoE encapsulation only) allows you to dictate when a remote node should be called and for how long. 41.1 Introduction The call scheduling feature allows the Prestige to manage a remote node and dictate when a remote node should be called and for how long. This feature is similar to the scheduler in a videocassette recorder (you can specify a time period for the VCR to record).
Prestige 2602HW Series User’s Guide To setup a schedule set, select the schedule set you want to setup from menu 26 (1-12) and press [ENTER] to see Menu 26.1 — Schedule Set Setup as shown next. Figure 255 Menu 26.1 Schedule Set Setup Menu 26.
Prestige 2602HW Series User’s Guide Table 132 Menu 26.1 Schedule Set Setup (continued) FIELD DESCRIPTION Action Forced On means that the connection is maintained whether or not there is a demand call on the line and will persist for the time period specified in the Duration field. Forced Down means that the connection is blocked whether or not there is a demand call on the line. Enable Dial-On-Demand means that this schedule permits a demand call on the line.
Prestige 2602HW Series User’s Guide 402 Chapter 41 Call Scheduling
Prestige 2602HW Series User’s Guide CHAPTER 42 VPN/IPSec Setup This chapter introduces the VPN SMT menus. 42.1 VPN/IPSec Overview The VPN/IPSec main SMT menu has these main submenus: Define VPN policies in menu 27.1 submenus, including security policies, endpoint IP addresses, peer IPSec router IP address and key management. Menu 27.2 - SA Monitor allows you to manage (refresh or disconnect) your SA connections. This is an overview of the VPN menu tree.
Prestige 2602HW Series User’s Guide Figure 258 Menu 27 VPN/IPSec Setup Menu 27 - VPN/IPSec Setup 1. IPSec Summary 2. SA Monitor Enter Menu Selection Number: 42.2 IPSec Summary Screen Type 1 in menu 27 and then press [ENTER] to display Menu 27.1 IPSec Summary. This is a summary read-only menu of your IPSec rules (tunnels). Edit or create an IPSec rule by selecting an index number and then configuring the associated submenus. Figure 259 Menu 27.1 IPSec Summary Menu 27.
Prestige 2602HW Series User’s Guide Table 133 Menu 27.1 IPSec Summary (continued) FIELD DESCRIPTION A Y signifies that this VPN rule is active. Local Addr Start When the Addr Type field in Menu 27.1.1 IPSec Setup is configured to Single, this is a static IP address on the LAN behind your Prestige. When the Addr Type field in Menu 27.1.1 IPSec Setup is configured to Range, this is the beginning (static) IP address, in a range of computers on the LAN behind your Prestige.
Prestige 2602HW Series User’s Guide Table 133 Menu 27.1 IPSec Summary (continued) FIELD DESCRIPTION Secure GW Addr This is the WAN IP address or the domain name (up to the first 15 characters are displayed) of the IPSec router with which you are making the VPN connection. This field displays 0.0.0.0 when you configure the Secure Gateway Address field in SMT 27.1.1 to 0.0.0.0.
Prestige 2602HW Series User’s Guide Figure 260 Menu 27.1.1 IPSec Setup Menu 27.1.1 – IPSec Setup Index= 1 Name= Taiwan Active= Yes Keep Alive= No Local ID type= IP Nat Traversal= No Content: My IP Addr= 0.0.0.0 Peer ID type= IP Content: Secure Gateway Address= zw50test.zyxel.com.tw Protocol= 0 DNS Server= 0.0.0.0 Local: Addr Type= SINGLE IP Addr Start= 1.1.1.1 Port Start= 0 Remote: End/Subnet Mask= N/A End= N/A Addr Type= SUBNET IP Addr Start= 4.4.4.4 Port Start= 0 End/Subnet Mask= 255.255.
Prestige 2602HW Series User’s Guide Table 134 408 Menu 27.1.1 IPSec Setup (continued) FIELD DESCRIPTION Nat Traversal Press [SPACE BAR] to choose either Yes or No. Choose Yes and press [ENTER] to enable NAT traversal. NAT traversal allows you to set up a VPN connection when there are NAT routers between the two IPSec routers. The remote IPSec router must also have NAT traversal enabled.
Prestige 2602HW Series User’s Guide Table 134 Menu 27.1.1 IPSec Setup (continued) FIELD DESCRIPTION DNS Server If there is a private DNS server that services the VPN, type its IP address here. The Prestige assigns this additional DNS server to the Prestige's DHCP clients that have IP addresses in this IPSec rule's range of local addresses. A DNS server allows clients on the VPN to find other computers and servers on the VPN by their (private) domain names.
Prestige 2602HW Series User’s Guide Table 134 Menu 27.1.1 IPSec Setup (continued) FIELD DESCRIPTION IP Addr Start When the Addr Type field is configured to Single, enter a static IP address on the network behind the remote IPSec router. When the Addr Type field is configured to Range, enter the beginning (static) IP address, in a range of computers on the network behind the remote IPSec router.
Prestige 2602HW Series User’s Guide Figure 261 Menu 27.1.1.1KE Setup Menu 27.1.1.1 - IKE Setup Phase 1 Negotiation Mode= Main PSK= Encryption Algorithm = AES Authentication Algorithm = SHA1 SA Life Time (Seconds)= 28800 Key Group= DH1 Phase 2 Active Protocol = ESP Encryption Algorithm = AES Authentication Algorithm = MD5 SA Life Time (Seconds)= 28800 Encapsulation = Tunnel Perfect Forward Secrecy (PFS)= None Press ENTER to Confirm or ESC to Cancel: The following table describes the fields in this menu.
Prestige 2602HW Series User’s Guide Table 135 Menu 27.1.1.1 IKE Setup (continued) FIELD DESCRIPTION Key Group You must choose a key group for phase 1 IKE setup. DH1 (default) refers to DiffieHellman Group 1 a 768 bit random number. DH2 refers to Diffie-Hellman Group 2 a 1024 bit (1Kb) random number. Phase 2 Active Protocol Press [SPACE BAR] to choose from ESP or AH and then press [ENTER]. See earlier for a discussion of these protocols.
Prestige 2602HW Series User’s Guide Figure 262 Menu 27.1.1.2 Manual Setup Menu 27.1.1.2 – Manual Setup Active Protocol= ESP Tunnel ESP Setup SPI (Decimal)= 0 Encryption Algorithm= DES Key1= ? Key2= N/A Key3= N/A Authentication Algorithm= MD5 Key= ? AH Setup SPI (Decimal)= N/A Authentication Algorithm= N/A Key= N/A Press ENTER to Confirm or ESC to Cancel: The following table describes the fields in this menu. Table 137 Menu 27.1.1.
Prestige 2602HW Series User’s Guide Table 137 Menu 27.1.1.2 Manual Setup (continued) FIELD DESCRIPTION Authentication Press [SPACE BAR] to choose from MD5 or SHA1 and then press [ENTER]. Algorithm Key Enter the authentication key to be used by IPSec if applicable. The key must be unique. Enter 16 characters for MD5 authentication and 20 characters for SHA-1 authentication. Any character may be used, including spaces, but trailing spaces are truncated.
Prestige 2602HW Series User’s Guide CHAPTER 43 SA Monitor This chapter teaches you how to manage your SAs by using the SA Monitor in SMT menu 27.2. 43.1 SA Monitor Overview A Security Association (SA) is the group of security settings related to a specific VPN tunnel. This menu (shown next) displays active VPN connections. Note: When there is outbound traffic but no inbound traffic, the SA times out automatically after two minutes.
Prestige 2602HW Series User’s Guide Figure 263 Menu 27.2 SA Monitor Menu 27.2 - SA Monitor # Name Encap. IPSec ALgorithm --- -------------------------------- --------- ---------------- 001 Taiwan : 3.3.3.1 – 3.3.3.3.100 Tunnel ESP DES MD5 002 003 004 005 006 007 008 009 010 Select Command= Refresh Select Connection= N/A Press ENTER to Confirm or ESC to Cancel: The following table describes the fields in this menu. Table 138 Menu 27.
Prestige 2602HW Series User’s Guide Table 138 Menu 27.2 SA Monitor (continued) FIELD DESCRIPTION Select Command Press [SPACE BAR] to choose from Refresh, Disconnect, None, Next Page, or Previous Page and then press [ENTER]. You must select a connection in the next field when you choose the Disconnect command. Refresh displays current active VPN connections. None allows you to jump to the “Press ENTER to Confirm…” prompt.
Prestige 2602HW Series User’s Guide 418 Chapter 43 SA Monitor
Prestige 2602HW Series User’s Guide CHAPTER 44 Troubleshooting This chapter covers potential problems and the corresponding remedies. 44.1 Problems Starting Up the Prestige Table 139 Troubleshooting the Start-Up of Your Prestige PROBLEM CORRECTIVE ACTION None of the LEDs turn on when I turn on the Prestige. Make sure that the Prestige’s power adaptor is connected to the Prestige and plugged in to an appropriate power source. Check that the Prestige and the power source are both turned on.
Prestige 2602HW Series User’s Guide 44.3 Problems with the DSL LED Table 141 Troubleshooting the DSL LED PROBLEM CORRECTIVE ACTION The DSL LED is off. Check the telephone wire and connections between the Prestige DSL port and the wall jack. Make sure that the telephone company has checked your phone line and set it up for DSL service. Reset your ADSL line to reinitialize your link to the DSLAM. For details, refer to Chapter 21 on page 253 (web configurator) or Chapter 36 on page 355 (SMT). 44.
Prestige 2602HW Series User’s Guide 44.6 Problems with Internet Access Table 144 Troubleshooting Internet Access PROBLEM CORRECTIVE ACTION I cannot access the Internet. Make sure the Prestige is turned on and connected to the network. If the DSL LED is off, refer to . Verify your WAN settings. Refer to the chapter on WAN setup (web configurator) or the section on Internet Access (SMT). Make sure you entered the correct user name and password.
Prestige 2602HW Series User’s Guide 44.8 Problems with the Web Configurator Table 146 Troubleshooting the Web Configurator PROBLEM CORRECTIVE ACTION I cannot access the web configurator. Refer to . Make sure that there is not an SMT console session running. Check that you have enabled web service access. If you have configured a secured client IP address, your computer’s IP address must match it. Refer to the chapter on remote management for details.
Prestige 2602HW Series User’s Guide 44.10 Telephone Problems Table 148 Troubleshooting Telephone PROBLEM CORRECTIVE ACTION The telephone port won’t work or the telephone lacks a dial tone. Check the telephone connections and telephone wire. Make sure you have the Voice SIP Settings screen properly configured. I cannot call from one of the Prestige’s phone ports to the other phone port. You cannot call the SIP number of the SIP account that you are using to make a call.
Prestige 2602HW Series User’s Guide 424 Chapter 44 Troubleshooting
Prestige 2602HW Series User’s Guide APPENDIX A Hardware Specifications Ethernet Cable Pin Assignments Figure 264 Ethernet Cable Pin Assignments Prestige 2602HW-L DSL Port Pin Assignments The following figure describes the pin assignments for the DSL port on the Prestige 2602HWL 425
Prestige 2602HW Series User’s Guide Figure 265 Prestige 2602HW-L DSL Port Pin Assignments 426
Prestige 2602HW Series User’s Guide Prestige 2602HW Series Power Adaptor Specifications Table 149 Prestige 2602HW Series Power Adaptor Specifications NORTH AMERICAN PLUG STANDARDS AC Power Adapter Model ADS6818-1818-W 1810 Input Power AC 100~240Volts/50/60Hz/0.5A Output Power DC 18Volts/1A Power Consumption 15W Safety Standards UL,CUL(UL 1950) EUROPEAN PLUG STANDARDS AC Power Adapter Model ADS6818-1818-B 1810 Input Power AC 100~240Volts/50/60Hz/0.
Prestige 2602HW Series User’s Guide 428
Prestige 2602HW Series User’s Guide APPENDIX B Setting up Your Computer’s IP Address All computers must have a 10M or 100M Ethernet adapter card and TCP/IP installed. Windows 95/98/Me/NT/2000/XP, Macintosh OS 7 and later operating systems and all versions of UNIX/LINUX include the software components you need to install and use TCP/ IP on your computer. Windows 3.1 requires the purchase of a third-party TCP/IP application package.
Prestige 2602HW Series User’s Guide Figure 266 WIndows 95/98/Me: Network: Configuration Installing Components The Network window Configuration tab displays a list of installed components. You need a network adapter, the TCP/IP protocol and Client for Microsoft Networks. If you need the adapter: 1 In the Network window, click Add. 2 Select Adapter and then click Add. 3 Select the manufacturer and model of your network adapter and then click OK. If you need TCP/IP: 1 In the Network window, click Add.
Prestige 2602HW Series User’s Guide 3 Select Microsoft from the list of manufacturers. 4 Select Client for Microsoft Networks from the list of network clients and then click OK. 5 Restart your computer so the changes you made take effect. Configuring 1 In the Network window Configuration tab, select your network adapter's TCP/IP entry and click Properties 2 Click the IP Address tab. • • If your IP address is dynamic, select Obtain an IP address automatically.
Prestige 2602HW Series User’s Guide Figure 268 Windows 95/98/Me: TCP/IP Properties: DNS Configuration 4 Click the Gateway tab. • • If you do not know your gateway’s IP address, remove previously installed gateways. If you have a gateway IP address, type it in the New gateway field and click Add. 5 Click OK to save and close the TCP/IP Properties window. 6 Click OK to close the Network window. Insert the Windows CD if prompted. 7 Turn on your Prestige and restart your computer when prompted.
Prestige 2602HW Series User’s Guide Figure 269 Windows XP: Start Menu 2 For Windows XP, click Network Connections. For Windows 2000/NT, click Network and Dial-up Connections. Figure 270 Windows XP: Control Panel 3 Right-click Local Area Connection and then click Properties.
Prestige 2602HW Series User’s Guide Figure 271 Windows XP: Control Panel: Network Connections: Properties 4 Select Internet Protocol (TCP/IP) (under the General tab in Win XP) and click Properties. Figure 272 Windows XP: Local Area Connection Properties 5 The Internet Protocol TCP/IP Properties window opens (the General tab in Windows XP). • 434 If you have a dynamic IP address click Obtain an IP address automatically.
Prestige 2602HW Series User’s Guide • If you have a static IP address click Use the following IP Address and fill in the IP address, Subnet mask, and Default gateway fields. Click Advanced. Figure 273 Windows XP: Advanced TCP/IP Settings 6 If you do not know your gateway's IP address, remove any previously installed gateways in the IP Settings tab and click OK.
Prestige 2602HW Series User’s Guide 7 In the Internet Protocol TCP/IP Properties window (the General tab in Windows XP): • • Click Obtain DNS server address automatically if you do not know your DNS server IP address(es). If you know your DNS server IP address(es), click Use the following DNS server addresses, and type them in the Preferred DNS server and Alternate DNS server fields. If you have previously configured DNS servers, click Advanced and then the DNS tab to order them.
Prestige 2602HW Series User’s Guide Macintosh OS 8/9 1 Click the Apple menu, Control Panel and double-click TCP/IP to open the TCP/IP Control Panel. Figure 275 Macintosh OS 8/9: Apple Menu 2 Select Ethernet built-in from the Connect via list.
Prestige 2602HW Series User’s Guide Figure 276 Macintosh OS 8/9: TCP/IP 3 For dynamically assigned settings, select Using DHCP Server from the Configure: list. 4 For statically assigned settings, do the following: • • • • From the Configure box, select Manually. Type your IP address in the IP Address box. Type your subnet mask in the Subnet mask box. Type the IP address of your Prestige in the Router address box. 5 Close the TCP/IP Control Panel.
Prestige 2602HW Series User’s Guide Figure 277 Macintosh OS X: Apple Menu 2 Click Network in the icon bar. • • • Select Automatic from the Location list. Select Built-in Ethernet from the Show list. Click the TCP/IP tab. 3 For dynamically assigned settings, select Using DHCP from the Configure list. Figure 278 Macintosh OS X: Network 4 For statically assigned settings, do the following: • • • • From the Configure box, select Manually. Type your IP address in the IP Address box.
Prestige 2602HW Series User’s Guide 5 Click Apply Now and close the window. 6 Turn on your Prestige and restart your computer (if prompted). Verifying Settings Check your TCP/IP properties in the Network window.
Prestige 2602HW Series User’s Guide APPENDIX C IP Subnetting IP Addressing Routers “route” based on the network number. The router that delivers the data packet to the correct destination host uses the host ID. IP Classes An IP address is made up of four octets (eight bits), written in dotted decimal notation, for example, 192.168.1.1. IP addresses are categorized into different classes. The class of an address depends on the value of its first octet. • Class “A” addresses have a 0 in the left most bit.
Prestige 2602HW Series User’s Guide Since the first octet of a class “A” IP address must contain a “0”, the first octet of a class “A” address can have a value of 0 to 127. Similarly the first octet of a class “B” must begin with “10”, therefore the first octet of a class “B” address has a valid range of 128 to 191. The first octet of a class “C” address begins with “110”, and therefore has a range of 192 to 223.
Prestige 2602HW Series User’s Guide Since the mask is always a continuous number of ones beginning from the left, followed by a continuous number of zeros for the remainder of the 32 bit mask, you can simply specify the number of ones instead of writing the value of each octet. This is usually specified by writing a “/” followed by the number of bits in the mask after the address. For example, 192.1.1.0 /25 is equivalent to saying 192.1.1.0 with mask 255.255.255.128.
Prestige 2602HW Series User’s Guide Note: In the following charts, shaded/bold last octet bit values indicate host ID bits “borrowed” to form network ID bits. The number of “borrowed” host ID bits determines the number of subnets you can have. The remaining number of host ID bits (after “borrowing”) determines the number of hosts you can have on each subnet. Table 155 Subnet 1 NETWORK NUMBER LAST OCTET BIT VALUE IP Address 192.168.1. 0 IP Address (Binary) 11000000.10101000.00000001.
Prestige 2602HW Series User’s Guide Example: Four Subnets The above example illustrated using a 25-bit subnet mask to divide a class “C” address space into two subnets. Similarly to divide a class “C” address into four subnets, you need to “borrow” two host ID bits to give four possible combinations of 00, 01, 10 and 11. The subnet mask is 26 bits (11111111.11111111.11111111.11000000) or 255.255.255.192.
Prestige 2602HW Series User’s Guide Table 160 Subnet 4 NETWORK NUMBER LAST OCTET BIT VALUE IP Address 192.168.1. 192 IP Address (Binary) 11000000.10101000.00000001. 11000000 Subnet Mask (Binary) 11111111.11111111.11111111. 11000000 Subnet Address: 192.168.1.192 Lowest Host ID: 192.168.1.193 Broadcast Address: 192.168.1.255 Highest Host ID: 192.168.1.254 Example Eight Subnets Similarly use a 27-bit mask to create 8 subnets (001, 010, 011, 100, 101, 110).
Prestige 2602HW Series User’s Guide Subnetting With Class A and Class B Networks. For class “A” and class “B” addresses the subnet mask also determines which bits are part of the network number and which are part of the host ID. A class “B” address has two host ID octets available for subnetting and a class “A” address has three host ID octets (Table 150 on page 441) available for subnetting. The following table is a summary for class “B” subnet planning. Table 163 Class B Subnet Planning NO.
Prestige 2602HW Series User’s Guide 448
Prestige 2602HW Series User’s Guide APPENDIX D PPPoE PPPoE in Action An ADSL modem bridges a PPP session over Ethernet (PPP over Ethernet, RFC 2516) from your computer to an ATM PVC (Permanent Virtual Circuit) which connects to a DSL Access Concentrator where the PPP session terminates (Figure 279 on page 450). One PVC can support any number of PPP sessions from your LAN. PPPoE provides access control and billing functionality in a manner similar to dial-up services using PPP.
Prestige 2602HW Series User’s Guide Figure 279 Single-Computer per Router Hardware Configuration How PPPoE Works The PPPoE driver makes the Ethernet appear as a serial link to the computer and the computer runs PPP over it, while the modem bridges the Ethernet frames to the Access Concentrator (AC). Between the AC and an ISP, the AC is acting as a L2TP (Layer 2 Tunneling Protocol) LAC (L2TP Access Concentrator) and tunnels the PPP frames to the ISP.
Prestige 2602HW Series User’s Guide APPENDIX E Wireless LAN and IEEE 802.11 A wireless LAN (WLAN) provides a flexible data communications system that you can use to access various services (navigating the Internet, E-mail, printer services, etc.) without the use of a cabled connection. In effect a wireless LAN environment provides you the freedom to stay connected to the network while roaming around in the coverage area.
Prestige 2602HW Series User’s Guide Ad-hoc Wireless LAN Configuration The simplest WLAN configuration is an independent (Ad-hoc) WLAN that connects a set of computers with wireless nodes or stations (STA), which is called a Basic Service Set (BSS). In the most basic form, a wireless LAN connects a set of computers with wireless adapters.
Prestige 2602HW Series User’s Guide Figure 282 ESS Provides Campus-Wide Coverage 453
Prestige 2602HW Series User’s Guide 454
Prestige 2602HW Series User’s Guide APPENDIX F Wireless LAN With IEEE 802.1x As wireless networks become popular for both portable computing and corporate networks, security is now a priority. Security Flaws with IEEE 802.11 Wireless networks based on the original IEEE 802.11 have a poor reputation for safety. The IEEE 802.11b wireless access standard, first published in 1999, was based on the MAC address. As the MAC address is sent across the wireless link in clear text, it is easy to spoof and fake.
Prestige 2602HW Series User’s Guide RADIUS Server Authentication Sequence The following figure depicts a typical wireless network with a remote RADIUS server for user authentication using EAPOL (EAP Over LAN).
Prestige 2602HW Series User’s Guide APPENDIX G Types of EAP Authentication This appendix discusses three popular EAP authentication types: EAP-MD5, EAP-TLS and EAP-TTLS. The type of authentication you use depends on the RADIUS server or the AP. Consult your network administrator for more information. EAP-MD5 (Message-Digest Algorithm 5) MD5 authentication is the simplest one-way authentication method. The authentication server sends a challenge to the wireless station.
Prestige 2602HW Series User’s Guide LEAP LEAP (Lightweight Extensible Authentication Protocol) is a Cisco implementation of IEEE802.1x.
Prestige 2602HW Series User’s Guide APPENDIX H Triangle Route The Ideal Setup When the firewall is on, your Prestige acts as a secure gateway between your LAN and the Internet. In an ideal network topology, all incoming and outgoing network traffic passes through the Prestige to protect your LAN against attacks. Figure 284 Ideal Setup The “Triangle Route” Problem A traffic route is a path for sending or receiving data packets between two Ethernet devices.
Prestige 2602HW Series User’s Guide Figure 285 “Triangle Route” Problem The “Triangle Route” Solutions This section presents you two solutions to the “triangle route” problem. IP Aliasing IP alias allows you to partition your network into logical sections over the same Ethernet interface. Your Prestige supports up to three logical LAN interfaces with the Prestige being the gateway for each logical network.
Prestige 2602HW Series User’s Guide Gateways on the WAN Side A second solution to the “triangle route” problem is to put all of your network gateways on the WAN side as the following figure shows. This ensures that all incoming network traffic passes through your Prestige to your LAN. Therefore your LAN is protected.
Prestige 2602HW Series User’s Guide 462
Prestige 2602HW Series User’s Guide APPENDIX I Internal SPTGEN Internal SPTGEN Overview Internal SPTGEN (System Parameter Table Generator) is a configuration text file useful for efficient configuration of multiple Prestiges. Internal SPTGEN lets you configure, save and upload multiple menus at the same time using just one configuration text file – eliminating the need to navigate and configure individual SMT menus for each Prestige.
Prestige 2602HW Series User’s Guide Some parameters are dependent on others. For example, if you disable the Configured field in menu 1 (see Figure 288 on page 463), then you disable every field in this menu. If you enter a parameter that is invalid in the Input column, the Prestige will not save the configuration and the command line will display the Field Identification Number.
Prestige 2602HW Series User’s Guide Figure 291 Internal SPTGEN FTP Download Example c:\ftp 192.168.1.1 220 PPP FTP version 1.0 ready at Sat Jan 1 03:22:12 2000 User (192.168.1.1:(none)): 331 Enter PASS command Password: 230 Logged in ftp>bin 200 Type I OK ftp> get rom-t ftp>bye c:\edit rom-t (edit the rom-t text file by a text editor and save it) Note: You can rename your “rom-t” file when you save it to your computer but it must be named “rom-t” when you upload it to your Prestige.
Prestige 2602HW Series User’s Guide Table 165 Abbreviations Used in the Example Internal SPTGEN Screens Table ABBREVIATION MEANING PVA Parameter Values Allowed INPUT An example of what you may enter * Applies to the Prestige. The following are Internal SPTGEN screens associated with the SMT screens of your Prestige.
Prestige 2602HW Series User’s Guide Table 167 Menu 3 (SMT Menu 3 (continued)) FIN FN PVA INPUT 30200001 = DHCP <0(None) | 1(Server) | 2(Relay)> = 0 30200002 = Client IP Pool Starting Address = 192.168.1.33 30200003 = Size of Client IP Pool = 32 30200004 = Primary DNS Server = 0.0.0.0 30200005 = Secondary DNS Server = 0.0.0.0 30200006 = Remote DHCP Server = 0.0.0.0 30200008 = IP Address = 172.21.2.
Prestige 2602HW Series User’s Guide Table 167 Menu 3 (SMT Menu 3 (continued)) 30201008 = IP Alias #1 Incoming protocol filters Set 3 = 256 30201009 = IP Alias #1 Incoming protocol filters Set 4 = 256 30201010 = IP Alias #1 Outgoing protocol filters Set 1 = 256 30201011 = IP Alias #1 Outgoing protocol filters Set 2 = 256 30201012 = IP Alias #1 Outgoing protocol filters Set 3 = 256 30201013 = IP Alias #1 Outgoing protocol filters Set 4 = 256 30201014 = IP Alias 2 <0(No) | 1(Yes)> = 0 3020
Prestige 2602HW Series User’s Guide Table 167 Menu 3 (SMT Menu 3 (continued)) 30500004 = RTS Threshold <0 ~ 2432> = 2432 30500005 = FRAG. Threshold <256 ~ 2432> = 2432 30500006 = WEP <0(DISABLE) | 1(64-bit WEP) | 2(128-bit WEP)> = 0 30500007 = Default Key 30500008 = WEP Key1 = 30500009 = WEP Key2 = 30500010 = WEP Key3 = 30500011 = WEP Key4 30500012 = Wlan Active <1|2|3|4> = 0 = <0(Disable) | 1(Enable)> = 0 */ MENU 3.5.1 WLAN MAC ADDRESS FILTER (SMT MENU 3.5.
Prestige 2602HW Series User’s Guide Table 168 Menu 4 Internet Access Setup (SMT Menu 4) (continued) 470 40000002 = Active <0(No) | 1(Yes)> = 1 40000003 = ISP's Name 40000004 = Encapsulation <2(PPPOE) | 3(RFC 1483)| 4(PPPoA )| 5(ENET ENCAP)> = 2 40000005 = Multiplexing <1(LLC-based) | 2(VC-based) = 1 40000006 = VPI # = 0 40000007 = VCI # = 35 40000008 = Service Name = any 40000009 = My Login = test@pqa 40000010 = My Password = 1234 40000011 = Single User A
Prestige 2602HW Series User’s Guide Table 168 Menu 4 Internet Access Setup (SMT Menu 4) (continued) 40000032= RIP Version <0(Rip-1) | 1(Rip-2B) |2(Rip-2M)> = 0 40000033= Nailed-up Connection <0(No) |1(Yes)> = 0 Table 169 Menu 12 (SMT Menu 12) / Menu 12.1.1 IP Static Route Setup (SMT Menu 12.1.1) FIN FN PVA INPUT 120101001 = IP Static Route set #1, Name = 120101002 = IP Static Route set #1, Active <0(No) |1(Yes)> = 0 120101003 = IP Static Route set #1, Destination IP address = 0.
Prestige 2602HW Series User’s Guide Table 169 Menu 12 (SMT Menu 12) (continued) / Menu 12.1.4 IP Static Route Setup (SMT Menu 12.1.4) FIN FN PVA INPUT 120104001 = IP Static Route set #4, Name = 120104002 = IP Static Route set #4, Active <0(No) |1(Yes)> = 0 120104003 = IP Static Route set #4, Destination IP address = 0.0.0.0 120104004 = IP Static Route set #4, Destination IP subnetmask = 0 120104005 = IP Static Route set #4, Gateway = 0.0.0.
Prestige 2602HW Series User’s Guide Table 169 Menu 12 (SMT Menu 12) (continued) 120107006 = IP Static Route set #7, Metric 120107007 = IP Static Route set #7, Private = 0 <0(No) |1(Yes)> = 0 / Menu 12.1.8 IP Static Route Setup (SMT Menu 12.1.8) FIN FN PVA INPUT 120108001 = IP Static Route set #8, Name = 120108002 = IP Static Route set #8, Active <0(No) |1(Yes)> = 0 120108003 = IP Static Route set #8, Destination IP address = 0.0.0.
Prestige 2602HW Series User’s Guide Table 169 Menu 12 (SMT Menu 12) (continued) 120111004 = IP Static Route set #11, Destination IP subnetmask = 0 120111005 = IP Static Route set #11, Gateway = 0.0.0.0 120111006 = IP Static Route set #11, Metric = 0 120111007 = IP Static Route set #11, Private <0(No) |1(Yes)> = 0 */ Menu 12.1.12 IP Static Route Setup (SMT Menu 12.1.
Prestige 2602HW Series User’s Guide Table 169 Menu 12 (SMT Menu 12) (continued) 120115002 = IP Static Route set #15, Active <0(No) |1(Yes)> 120115003 = IP Static Route set #15, Destination IP address = 0.0.0.0 120115004 = IP Static Route set #15, Destination IP subnetmask = 0 120115005 = IP Static Route set #15, Gateway = 0.0.0.0 120115006 = IP Static Route set #15, Metric = 0 120115007 = IP Static Route set #15, Private <0(No) |1(Yes)> = 0 = 0 */ Menu 12.1.
Prestige 2602HW Series User’s Guide Table 170 Menu 15 SUA Server Setup (SMT Menu 15) (continued) 150000014 = SUA Server #4 Port Start = 0 150000015 = SUA Server #4 Port End = 0 150000016 = SUA Server #4 Local IP address = 0.0.0.0 150000017 = SUA Server #5 Active <0(No) | 1(Yes)> = 0 150000018 = SUA Server #5 Protocol <0(All)|6(TCP)|17(U DP)> = 0 150000019 = SUA Server #5 Port Start = 0 150000020 = SUA Server #5 Port End = 0 150000021 = SUA Server #5 Local IP address = 0.0.0.
Prestige 2602HW Series User’s Guide Table 170 Menu 15 SUA Server Setup (SMT Menu 15) (continued) 150000048 = SUA Server #11 Protocol <0(All)|6(TCP)|17(U DP)> = 0 150000049 = SUA Server #11 Port Start = 0 150000050 = SUA Server #11 Port End = 0 150000051 = SUA Server #11 Local IP address = 0.0.0.
Prestige 2602HW Series User’s Guide Table 171 Menu 21.1 Filter Set #1 (SMT Menu 21.1) (continued) / Menu 21.1.1.2 set #1, rule #2 (SMT Menu 21.1.1.2) FIN FN PVA INPUT 210102001 = IP Filter Set 1,Rule 2 Type <2(TCP/IP)> = 2 210102002 = IP Filter Set 1,Rule 2 Active <0(No)|1(Yes)> = 1 210102003 = IP Filter Set 1,Rule 2 Protocol = 6 210102004 = IP Filter Set 1,Rule 2 Dest IP address = 0.0.0.
Prestige 2602HW Series User’s Guide Table 171 Menu 21.1 Filter Set #1 (SMT Menu 21.1) (continued) 210103013 = IP Filter Set 1,Rule 3 Act Match <1(check next)|2(forward)| 3(drop) = 3 210103014 = IP Filter Set 1,Rule 3 Act Not Match <1(check next)|2(forward)| 3(drop) = 1 / Menu 21.1.1.4 set #1, rule #4 (SMT Menu 21.1.1.
Prestige 2602HW Series User’s Guide Table 171 Menu 21.1 Filter Set #1 (SMT Menu 21.1) (continued) 210105009 = IP Filter Set 1,Rule 5 Src Subnet Mask = 0 210105010 = IP Filter Set 1,Rule 5 Src Port = 0 210105011 = IP Filter Set 1,Rule 5 Src Port Comp <0(none)|1(equal) |2(not equal)|3(less)|4( greater)> = 0 210105013 = IP Filter Set 1,Rule 5 Act Match <1(check next)|2(forward)| 3(drop)> = 3 210105014 = IP Filter Set 1,Rule 5 Act Not Match <1(Check Next) |2(Forward)|3(Dro p)> = 1 / Menu 21.1.
Prestige 2602HW Series User’s Guide Table 172 Menu 21.1 Filer Set #2, (SMT Menu 21.1) (continued) / Menu 21.1.2.1 Filter set #2, rule #1 (SMT Menu 21.1.2.1) FIN FN PVA INPUT 210201001 = IP Filter Set 2, Rule 1 Type <0(none)|2(TCP/IP)> = 2 210201002 = IP Filter Set 2, Rule 1 Active <0(No)|1(Yes)> 210201003 = IP Filter Set 2, Rule 1 Protocol = 6 210201004 = IP Filter Set 2, Rule 1 Dest IP address = 0.0.0.
Prestige 2602HW Series User’s Guide Table 172 Menu 21.1 Filer Set #2, (SMT Menu 21.1) (continued) 210202009 = IP Filter Set 2, Rule 2 Src Subnet Mask = 0 210202010 = IP Filter Set 2,Rule 2 Src Port = 0 210202011 = IP Filter Set 2, Rule 2 Src Port Comp <0(none)|1(equal)|2 = 0 (not equal)|3(less)|4(gr eater)> 210202013 = IP Filter Set 2, Rule 2 Act Match <1(check = 3 next)|2(forward)|3( drop)> 210202014 = IP Filter Set 2, Rule 2 Act Not Match <1(check = 1 next)|2(forward)|3( drop)> / Menu 21.1.
Prestige 2602HW Series User’s Guide Table 172 Menu 21.1 Filer Set #2, (SMT Menu 21.1) (continued) 210204002 = IP Filter Set 2, Rule 4 Active <0(No)|1(Yes )> = 1 210204003 = IP Filter Set 2, Rule 4 Protocol = 17 210204004 = IP Filter Set 2, Rule 4 Dest IP address = 0.0.0.0 210204005 = IP Filter Set 2, Rule 4 Dest Subnet Mask = 0 210204006 = IP Filter Set 2, Rule 4 Dest Port 210204007 = IP Filter Set 2, Rule 4 Dest Port Comp 210204008 = IP Filter Set 2, Rule 4 Src IP address = 0.0.0.
Prestige 2602HW Series User’s Guide Table 172 Menu 21.1 Filer Set #2, (SMT Menu 21.1) (continued) 210205011 = IP Filter Set 2, Rule 5 Src Port Comp <0(none)|1(equal)|2 = 0 (not equal)|3(less)|4(gr eater)> 210205013 = IP Filter Set 2, Rule 5 Act Match <1(check = 3 next)|2(forward)|3( drop)> 210205014 = IP Filter Set 2, Rule 5 Act Not Match <1(check = 1 next)|2(forward)|3( drop)> / Menu 21.1.2.6 Filter set #2, rule #6 (SMT Menu 21.1.2.
Prestige 2602HW Series User’s Guide Table 173 Menu 23 System Menus (SMT Menu 23) */ Menu 23.1 System Password Setup (SMT Menu 23.1) FIN FN PVA 230000000 = System Password INPUT = 1234 */ Menu 23.2 System security: radius server (SMT Menu 23.2) FIN FN PVA INPUT 230200001 = Authentication Server Configured <0(No) | 1(Yes)> = 1 230200002 = Authentication Server Active <0(No) | 1(Yes)> = 1 230200003 = Authentication Server IP Address = 192.168.1.
Prestige 2602HW Series User’s Guide Table 173 Menu 23 System Menus (SMT Menu 23) (continued) 230400008 = WPA Mixed Mode 230400009 = Data Privacy for Broadcast/ Multicast packets 230400010 = WPA Broadcast/Multicast Key Update Timer <0(Disable) |1(Enable)> <0(TKIP) |1(WEP)> = 0 = 0 = 0 Table 174 Menu 24.11 Remote Management Control (SMT Menu 24.11) / Menu 24.11 Remote Management Control (SMT Menu 24.
Prestige 2602HW Series User’s Guide Table 175 Command Examples (continued) FIN FN PVA INPUT FIN FN PVA INPUT 990000001 = ADSL OPMD <0(etsi)|1(normal) |2(gdmt)|3(multimo de)> = 3 487
Prestige 2602HW Series User’s Guide 488
Prestige 2602HW Series User’s Guide APPENDIX J Command Interpreter The following describes how to use the command interpreter. Enter 24 in the main menu to bring up the system maintenance menu. Enter 8 to go to Menu 24.8 - Command Interpreter Mode. See the included disk or zyxel.com for more detailed information on these commands. Note: Use of undocumented commands or misconfiguration can damage the unit and possibly render it unusable.
Prestige 2602HW Series User’s Guide 490
Prestige 2602HW Series User’s Guide APPENDIX K Firewall Commands Sys Firewall Commands The following describes the firewall commands. See the Command Interpreter appendix for information on the command structure. Each of these commands must be preceded by sys firewall when you use them. For example, type sys firewall active yes to turn on the firewall. Table 176 Sys Firewall Commands Command Description acl active disp Displays ACLs or a specific ACL set # and rule #.
Prestige 2602HW Series User’s Guide 492
Prestige 2602HW Series User’s Guide APPENDIX L Boot Commands The BootModule AT commands execute from within the router’s bootup software, when debug mode is selected before the main router firmware is started. When you start up your Prestige, you are given a choice to go into debug mode by pressing a key at the prompt shown in the following screen. In debug mode you have access to a series of boot module commands, for example ATUR (for uploading firmware) and ATLC (for uploading the configuration file).
Prestige 2602HW Series User’s Guide Figure 294 Boot Module Commands AT just answer OK ATHE print help ATBAx change baudrate. 1:38.4k, 2:19.2k, 3:9.6k 4:57.6k 5:115.
Prestige 2602HW Series User’s Guide APPENDIX M Log Descriptions This appendix provides descriptions of example log messages. Table 177 System Maintenance Logs LOG MESSAGE DESCRIPTION Time calibration is successful The router has adjusted its time based on information from the time server. Time calibration failed The router failed to get information from the time server. WAN interface gets IP: %s A WAN interface got a new IP address from the DHCP, PPPoE, PPTP or dial-up server.
Prestige 2602HW Series User’s Guide Table 177 System Maintenance Logs (continued) LOG MESSAGE DESCRIPTION Configuration Change: PC = 0x%x, Task ID = 0x%x The router is saving configuration changes. Successful SSH login Someone has logged on to the router’s SSH server. SSH login failed Someone has failed to log on to the router’s SSH server. Successful HTTPS login Someone has logged on to the router's web configurator interface using HTTPS protocol.
Prestige 2602HW Series User’s Guide Table 180 TCP Reset Logs LOG MESSAGE DESCRIPTION Under SYN flood attack, sent TCP RST The router sent a TCP reset packet when a host was under a SYN flood attack (the TCP incomplete count is per destination host.) Exceed TCP MAX incomplete, sent TCP RST The router sent a TCP reset packet when the number of TCP incomplete connections exceeded the user configured threshold. (the TCP incomplete count is per destination host.
Prestige 2602HW Series User’s Guide Table 182 ICMP Logs (continued) LOG MESSAGE DESCRIPTION Triangle route packet forwarded: ICMP The firewall allowed a triangle route session to pass through. Packet without a NAT table entry blocked: ICMP The router blocked a packet that didn’t have a corresponding NAT table entry. Unsupported/out-of-order ICMP: ICMP The firewall does not support this kind of ICMP packets or the ICMP packets are out of order.
Prestige 2602HW Series User’s Guide Table 185 UPnP Logs LOG MESSAGE DESCRIPTION UPnP pass through Firewall UPnP packets can pass through the firewall. Table 186 Content Filtering Logs LOG MESSAGE DESCRIPTION %s: block keyword The content of a requested web page matched a user defined keyword. %s The system forwarded web content. For type and code details, see Table 190 on page 501.
Prestige 2602HW Series User’s Guide Table 187 Attack Logs (continued) LOG MESSAGE DESCRIPTION ip spoofing - no routing entry ICMP (type:%d, code:%d) The firewall classified an ICMP packet with no source routing entry as an IP spoofing attack. vulnerability ICMP (type:%d, code:%d) The firewall detected an ICMP vulnerability attack. traceroute ICMP (type:%d, code:%d) The firewall detected an ICMP traceroute attack. Table 188 802.1X Logs LOG MESSAGE DESCRIPTION Local User Database accepts user.
Prestige 2602HW Series User’s Guide Table 188 802.1X Logs (continued) LOG MESSAGE DESCRIPTION No Server to authenticate user. There is no authentication server to authenticate a user. Local User Database does not find user`s credential. A user was not authenticated by the local user database because the user is not listed in the local user database. Table 189 ACL Setting Notes PACKET DIRECTION DIRECTION DESCRIPTION (L to W) LAN to WAN ACL set for packets traveling from the LAN to the WAN.
Prestige 2602HW Series User’s Guide Table 190 ICMP Notes (continued) TYPE CODE DESCRIPTION Time Exceeded 11 0 Time to live exceeded in transit 1 Fragment reassembly time exceeded Parameter Problem 12 0 Pointer indicates the error Timestamp 13 0 Timestamp request message Timestamp Reply 14 0 Timestamp reply message Information Request 15 0 Information request message Information Reply 16 0 Information reply message Table 191 Syslog Logs LOG MESSAGE DESCRIPTION Mon dd
Prestige 2602HW Series User’s Guide Table 193 RTP Logs LOG MESSAGE DESCRIPTION Error, RTP init fail The initialization of an RTP session failed. Error, Call fail: RTP connect fail A VoIP phone call failed because the RTP session could not be established. Error, RTP connection cannot close The termination of an RTP session failed.
Prestige 2602HW Series User’s Guide The following table shows RFC-2408 ISAKMP payload types that the log displays. Please refer to the RFC for detailed information on each type.
Prestige 2602HW Series User’s Guide Figure 296 Displaying Log Parameters Example ras> sys logs category access Usage: [0:none/1:log/2:alert/3:both] ras> 4 Use sys logs category followed by a log category and a parameter to decide what to record. Use 0 to not record logs for that category, 1 to record only logs for that category, 2 to record only alerts for that category, and 3 to record both logs and alerts for that category. Not every parameter is available with every category.
Prestige 2602HW Series User’s Guide Log Command Example This example shows how to set the Prestige to record the access logs and alerts and then view the results. Figure 297 Log Command Example ras> sys ras> sys ras> sys ras> sys # .time logs logs logs logs load category access 3 save display access source destination message 7|01/01/2000 09:40:13 |192.168.1.1:3 |192.168.1.33:1 RWARD Router reply ICMP packet: ICMP(type:3, code:1) 8|01/01/2000 09:40:07 |192.168.1.1:3 |192.168.1.
Prestige 2602HW Series User’s Guide Index Numerics 110V AC 5 230V AC 5 64kbps 140 8kbps 140 A Abnormal Working Conditions 6 AbS 136 AC 5 Access methods 329 Accessories 5 ACK Message 132 Acts of God 6 Address mapping 127 Address Resolution Protocol (ARP) 83 Ad-hoc Configuration 452 ADSL Standards 45, 51 ADSL, what is it? 44 AH 197 AH (Authentication Header) 405 AH Protocol 201 Airflow 5 ALG 47, 135 Allow Asymmetrical Route 173 Alternative Subnet Mask Notation 443 American Wire Gauge 5 Analysis-by-Synthesis
Prestige 2602HW Series User’s Guide Call filtering 331 Call filters Built-in 331 User-defined 331 Call Scheduling 399 Maximum Number of Schedule Sets 399 PPPoE 401 Precedence 399 Precedence Example 399 Caller ID 73, 138 CBR 293 CBR (Continuous Bit Rate) 113 CCK 49 CDR 361 CDR (Call Detail Record) 360 CE regulations 49 Certificate Authority 457 Certifications 4 change password at login 58 Changes or Modifications 4 Channel 87 Interference 87 Channel ID 286 CHAP 297 Charge 6 Circuit 4 Class B 4 Class of Serv
Prestige 2602HW Series User’s Guide Destination Address 171 Device Filter rules 340 Device rule 340 DH 216 DHCP 51, 73, 80, 81, 149, 257, 358 DHCP client 51 DHCP relay 51 DHCP server 51 DHCP Table 257 Diagnostic Screens 260 Diagnostic Tools 355 Dialing Interval 144 Differential Binary Phase Shift Keyed Modulation 49 Differential Quadrature Phase Shift Keying Modulation 49 Differentiated Services 141 Diffie-Hellman Key Groups 216 DiffServ 141 DiffServ Code Point (DSCP) 141 DiffServ Code Points 141 DiffServ
Prestige 2602HW Series User’s Guide Europe 5 Exiting the SMT 268 Expiration Duration 139 Exposure 5 Extended Service Set 452 Extended Service Set (ESS) 87 Extensible Authentication Protocol 89 External Antenna 49 F Factory LAN Defaults 81 Failure 6 FCC 4 Compliance 4 Rules, Part 15 4 FCC Rules 4 Federal Communications Commission 4 FHSS 451 Filename Conventions 365 filename conventions 366 Filter 281, 331 Applying Filters 342 Ethernet Traffic 343 Ethernet traffic 343 Filter Rules 334 Filter structure 332 G
Prestige 2602HW Series User’s Guide H Half-Open Sessions 188 Harmful Interference 4 Hidden Menus 267 Hidden node 88 High Voltage Points 5 Hop Count 300, 307 Host 77 Host IDs 441 HTTP 123, 155, 157, 158, 409, 410 HyperTerminal 378, 379 HyperTerminal program 370, 373 I IANA 66, 67 IANA (Internet Assigned Number Authority) 179 IBSS 452 ICMP echo 160 ID Type and Content 207 Idle timeout 298 IEEE 802.11 451 Deployment Issues 455 Security Flaws 455 IEEE 802.11g 49 IEEE 802.11g Data Rates 49 IEEE 802.
Prestige 2602HW Series User’s Guide IP Static Route 305 IP Static Route Setup 306 IPSec 195 IPSec Algorithm 405 IPSec algorithm 416 IPSec Algorithms 197, 201 IPSec and NAT 198 IPSec Architecture 197 IPSec rule 404 IPSec standard 48 IPSec VPN Capability 48 ISDN (Integrated Synchronous Digital System) 46 ITSP 54 ITU-T 143 LLC-based Multiplexing 303 Local Network Rule Summary 174 Local User Authentication 105 Local User Database 105, 353 Local user database 105 Locations, Customer Support 7 Log and Trace 359
Prestige 2602HW Series User’s Guide Modem 43 Modifications 4 Moving the Cursor 267 MSDU (MAC Service Data Unit) 286 Multicast 82, 300 Multimedia 131 Multiple SIP Accounts 47 Multiple Voice Channels 47 Multiplexing 52, 64, 65, 293, 296 multiplexing 52, 64 LLC-based 64 VC-based 64 Multiprotocol Encapsulation 64 My IP Address 202 My WAN Address 299 N N/A Fields 267 Nailed-Up Connection 67 NAT 66, 123, 124, 340 Address mapping rule 128 Application 121 Applying NAT in the SMT Menus 313 Configuring 315 Definiti
Prestige 2602HW Series User’s Guide PHONE 1 and 2 Ports 138 Phone Port Screen 143, 148 Phone Port Settings 144, 148 Photocopying 3 Ping 260, 363 Ping of Death 158 Pipes 5 Point to Point Protocol over ATM Adaptation Layer 5 (AAL5) 63 Point-to-Point 44 Point-to-Point Tunneling Protocol 124 policy-based routing 391 Pool 5 POP3 123, 157, 158 Port Numbers 123 Postage Prepaid.
Prestige 2602HW Series User’s Guide REGISTER Server Port 72, 138 Registered 3 Registered Trademark 3 Regular Mail 7 Related Documentation 41 Relay to PSTN 147 Relocate 4 Re-manufactured 6 Remote Authentication Dial-In User Service 89 Remote DHCP Server 283 Remote Management 229 Firewall 329 Remote Management and NAT 230 Remote Management Limitations 229, 388 Remote Management Setup 387 Remote Node 295, 356 Remote Node Profile 297 Remote Node Setup 295 Remote Node Index Number 356 Remote Node Network Layer
Prestige 2602HW Series User’s Guide Security Parameter Index (SPI) 412 Security Parameters 98 security protocols 405 Security Ramifications 170 Separation Between Equipment and Receiver 4 Serial Number 7 Server 43, 122, 315, 317, 319, 320, 322, 323, 384 Server behind NAT 319 Service 5, 6, 171 Service Personnel 5 Service Type 180, 420 Services 123 Session Expires 139 Session Initiation Protocol 131 setup a schedule 400 Shared secret 107, 350 Shipping 6 Shock, Electric 5 Silence Suppression 47, 143 Single Us
Prestige 2602HW Series User’s Guide System Information 357 System Status 355 System Information 357 System Information & Diagnosis 355 System Maintenance 250, 355, 357, 366, 369, 376, 377, 381, 382, 384 System Management Terminal 265, 267 System Parameter Table Generator 463 System password 349 System Security 349 System Statistics 256 System Status 253, 255, 356 System Timeout 230, 389 T Talk Time 257 Tampering 6 TCP Maximum Incomplete 188, 189 TCP Security 163 TCP/IP 157, 158, 230, 340, 363 Teardrop 158
Prestige 2602HW Series User’s Guide User Authentication 96 User Name 150 User Profiles 105 user profiles 353 V VAD 47, 143 VAD Support 144 Value 6 Variable Bit Rate 293 VBR 293 VBR (Variable Bit Rate) 113 VC-based Multiplexing 296 VCI 65 Vendor 5 Ventilation Slots 5 VID 142 Viewing Certifications 4 Virtual Channel Identifier 65 Virtual Channel Identifier (VCI) 64 Virtual Circuit ID 65 Virtual Local Area Network 141 Virtual Path Identifier 65 Virtual Path Identifier (VPI) 64 Virtual Private Network 48, 195
Prestige 2602HW Series User’s Guide X Xmodem File Upload 378 XMODEM protocol 366 Z Zero Configuration 114 Zero Configuration Internet Access 48 Zero configuration Internet access 111 ZyNOS 3, 366 ZyNOS (ZyXEL Network Operating System) 365 ZyNOS F/W Version 366 ZyXEL Communications Corporation 3 ZyXEL Home Page 4 ZyXEL Limited Warranty Note 6 ZyXEL Network Operating System 3 ZyXEL_s Firewall Introduction 156 Index 519
