Instruction/ maintenance manual of the product 662HW Series ZyXEL Communications
Go to page of 563
Prestige 662H/HW Series ADSL 2+ 4-Port Security Gateway User ’ s Guide V ersion 3.40 November 2 0 04.
Prestige 662H/HW Series User’s Guide Copyright 2 Copyright Copyright © 2004 by ZyXEL Communications Corpo ration. The contents of this publication may not be reprod uced in any part or as a whole, .
Prestige 662H/HW Series User’s Guide 3 Federal Communications Commission (FCC) Interference Statement Federal Communications Commission (FCC) Interference S t atement This device complies with Part 15 of FCC rul es. Operation is subject to the following two conditions: • This device may not cause harmful interference.
Prestige 662H/HW Series User’s Guide ZyXEL Limited Warranty 4 ZyXEL Limited W arranty ZyXEL warrants to the original en d user (purchaser) that this product is free from any defects in materials or workmansh ip for a period of up to tw o years from the date of purchase .
Prestige 662H/HW Series User’s Guide 5 Customer Suppo rt Customer Support Please have the following information r eady when you contact customer support. • Product model and serial number . • W arranty Information. • Date that you received your de vice.
Prestige 662H/HW Series User’s Guide Customer Support 6.
Prestige 662H/HW Series User’s Guide 7 Customer Suppo rt.
Prestige 662H/HW Series User’s Guide 8 T able of Content s Copyright .................................................. ................................................................ 2 Federal Communications Commissi on (FCC) Interference St atement .
Prestige 662H/HW Series User’s Guide 9 3.1.1 Encapsulation ........... ................. ............. ............ ................. ............ ......... 60 3.1.1.1 ENET ENCAP ..................... ............. ................ ............. ...
Prestige 662H/HW Series User’s Guide 10 6.3 DNS Server Address Assignment ................ ............. ................ ............. ............ 79 6.4 LAN TCP/IP ........ ............. ................ ............. ............. ..............
Prestige 662H/HW Series User’s Guide 11 8.12.3 Authentication Required: WP A-PSK ........ ............. ............. ................ ...106 8.13 Configuring Local User Authentication ........... ............ ............. ................ ....... 108 8.
Prestige 662H/HW Series User’s Guide 12 Chapter 12 Time and Date ................................................................ ....................................... 142 12.1 Configuring T ime and Date ........... .... ......... ................
Prestige 662H/HW Series User’s Guide 13 14.3.3.3 Source Address . ............. ................ ............. ............. ............ .......160 14.3.3.4 Destination Addr es s ............. ............. ................ ............. ..........
Prestige 662H/HW Series User’s Guide 14 Chapter 17 Anti-Virus Packet Sca n ................................................. ....................................... 204 17.1 Overview ................. ................ ............. ............. ...
Prestige 662H/HW Series User’s Guide 15 19.7 NA T Traversal .. ................ ............. ................. ............ ................. ................ ...222 19.7.1 NA T Traversal Config uration .................... ............. ..........
Prestige 662H/HW Series User’s Guide 16 Chapter 22 Logs Screens ................................................................. ....................................... 264 22.1 Logs Overview ..................... ................ ............. ...
Prestige 662H/HW Series User’s Guide 17 24.6.1 Diagnostic General Screen ...... ............. ................ ............. ................ ...290 24.6.2 Diagnostic DSL Line Screen ....... ... ............. ................ ............. .........
Prestige 662H/HW Series User’s Guide 18 Chapter 30 Internet Access .................................................................................. .................. 320 30.1 Internet Access Overview ................. ............. ..............
Prestige 662H/HW Series User’s Guide 19 34.2 Applying NA T ... ............. ................ ............. ................ ............. ................ ....... 344 34.3 NA T Set up ............... ............. ................ ............. ...
Prestige 662H/HW Series User’s Guide 20 Chapter 38 System Security ....................................... .......................................... .................. 380 38.1 System Security ... ...... ...... ................. ............. .....
Prestige 662H/HW Series User’s Guide 21 40.4.6 TFTP Upload Command Example . ................................................ ....... 408 40.4.7 Uploading Via Consol e Port ..... ................ ............. ................ ............. ...408 40.
Prestige 662H/HW Series User’s Guide 22 45.4 IKE Setup ... ................ ............. ................ ............. ............. ................ ............. 441 45.5 Manual Setup .......... ... ...... ............. ................. .......
Prestige 662H/HW Series User’s Guide 23 Configuring ......... ............. ................ ............. ................ ............. ................ ...... 464 V erifying Settings ....... ................ ............. ................ .......
Prestige 662H/HW Series User’s Guide 24 IEEE 802.1x ..... ................ ............. ................ ............. ................ ............. ............... 490 Advantages of the IEEE 802. 1x ................. .............................
Prestige 662H/HW Series User’s Guide 25 Appendix O Firewall Commands ...................................................... ....................................... 530 Appendix O Sys Firewall Comma nds ........... ............. ............. .......
Prestige 662H/HW Series User’s Guide 26 List of Figures Figure 1 Prestige Internet Access Applicati on ... ............. ................ ............. ................ ....... 51 Figure 2 Firewall Application ........ ................ .......... ..
Prestige 662H/HW Series User’s Guide 27 Figure 37 Example of T raffic Shaping ....... ...... .......... ............. ............. ................ ............. ... 1 14 Figure 38 W AN Setup (PPPoE) ................................................
Prestige 662H/HW Series User’s Guide 28 Figure 80 Content Access Contro l: General: Diagnose ....................... ................ ............. 198 Figure 81 Content Access Control: User Profiles .......................... ............. ........
Prestige 662H/HW Series User’s Guide 29 Figure 123 View Logs .. ................ ............. ................ ............. ................ ............. ................ 2 67 Figure 124 E-mail Log Example ...... ................ ................
Prestige 662H/HW Series User’s Guide 30 Figure 166 Menu 1 1.1 Remote Node Profile .. ............. ............. ................ ............. ............. 328 Figure 167 Menu 1 1.3 Remote Node Network Layer Options .................. ............
Prestige 662H/HW Series User’s Guide 31 Figure 209 NetBIOS_LAN Filter Rules Summary ................. ................ ............. ................ 365 Figure 210 IGMP Filter Rules Summary .. ...... ....... ............. ................ .........
Prestige 662H/HW Series User’s Guide 32 Figure 252 T elnet Into Menu 24.7.2 Syst em Ma intenance ................. ............. ................ ... 406 Figure 253 FTP Session Example of Firmware F ile Upload ........... ............. .............
Prestige 662H/HW Series User’s Guide 33 Figure 7 Windows 95/98/Me: TCP/IP Properties : IP Address ................ ................ ............. 464 Figure 8 Windows 95/98/Me: TCP/IP Properties : DNS Configuration ...................... .......... 465 Figure 9 Windows XP: S tart Menu .
Prestige 662H/HW Series User’s Guide 34 List of T ables T able 1 AD SL S tandards ...... ................ ............. ................. ................ ............. ................ ... 44 T able 2 IEEE802.1 1g ................ .................
Prestige 662H/HW Series User’s Guide 35 T able 37 Dynamic DN S ........ ................ ................. ............. ................ ............. ................ ... 141 T able 38 Time and Date .............. ................ ................
Prestige 662H/HW Series User’s Guide 36 T able 80 Configuring UPnP ............... ................ ................. ............ ................. ................ ... 252 T able 81 Log Settings ........ ................ ................ .........
Prestige 662H/HW Series User’s Guide 37 T able 123 Menu 15.1.1 First Set .............. ............. ................ ................ ............. ................ 349 T able 124 Menu 15.1.1.1 Editing/ Configuring an Individual Rule in a Set ....
Prestige 662H/HW Series User’s Guide 38 T able 3 Allowed IP A ddress Range By Class . ....... ............. ............ ................. ............ ....... 475 T able 4 “Natural” Masks ...... ................ ............. ................. .
Prestige 662H/HW Series User’s Guide 39 T able 46 Syslog Logs .. ................ ............. ................ ............. ................ ................ ............. 551 T able 47 RFC-2408 ISAKMP Payload T ypes .... ................. ......
Prestige 662H/HW Series User’s Guide Preface 40 Preface Congratulations on your p urchase of the Pres tige 662HW W ireless ADSL Security Gateway or the Prestige 662H ADSL Security Gateway .
Prestige 662H/HW Series User’s Guide 41 Preface Refer to the included CD for support documents. • Quick Start Guide The Quick S tart Guide is designed to help you get up and running right away . They contain connection information and instructions on getting st arted.
Prestige 662H/HW Series User’s Guide Introduction to DSL 42 Introduction to DSL DSL (Digital Subscriber Line) te chnology enhances the data ca pacity of the existing twisted- pair wire that runs betwee n the local telephone co mpany switching of fi ces and most homes and offices.
Prestige 662H/HW Series User’s Guide 43 Introduction to DSL.
Prestige 662H/HW Series User’s Guide Chapter 1 Getting To Kn ow Your Prestige 44 C HAPTER 1 Getting T o Know Y our Prestige This chapter describes the key fe atur es and applications of your Pr estige.
Prestige 662H/HW Series User’s Guide 45 Chapter 1 G etting To Know Your Pres tige Models ending in “1”, for example P restige 662HW -61, denote a d e vice that work s over the analog telephone system, POTS (P lain Old T elephone Service).
Prestige 662H/HW Series User’s Guide Chapter 1 Getting To Kn ow Your Prestige 46 Content Filtering Content filtering allows you to block access to fo rbidden Internet web sit es, schedule when the Prestige should perform the filtering and give trusted LAN IP addresses unfiltered Internet access.
Prestige 662H/HW Series User’s Guide 47 Chapter 1 G etting To Know Your Pres tige External Antenna The Prestige is equipped with an antenna conn ector and comes with a detachable 5dBi antenna to provide clear radio signal between th e wireless stations and the acce ss points.
Prestige 662H/HW Series User’s Guide Chapter 1 Getting To Kn ow Your Prestige 48 PPPoE Support (RFC2516) PPPoE (Point-to-Point Pro tocol over Ethernet) emulates a dial-up connection. It allows your ISP to use their existing netw ork configuration with newer broadband techn o logies such as ADSL.
Prestige 662H/HW Series User’s Guide 49 Chapter 1 G etting To Know Your Pres tige • Supports Multi-Mode standard (ANSI T1.413, Issue 2; G .dmt (G .992.1); G .lite (G992.2)). • TCP/IP (T ransmission Control Protocol/Internet Protocol) n e twork layer protocol.
Prestige 662H/HW Series User’s Guide Chapter 1 Getting To Kn ow Your Prestige 50 Multiplexing The Prestige supports VC-ba sed and LLC-based multiplexing.
Prestige 662H/HW Series User’s Guide 51 Chapter 1 G etting To Know Your Pres tige Housing Y our Prestige's compact and ven tilated housing minimizes space requirements making it easy to position anywhere in your busy office. 1.1.2 Applications for the Prestige Here are some example uses for which the Prestige is well suited.
Prestige 662H/HW Series User’s Guide Chapter 1 Getting To Kn ow Your Prestige 52 Figure 2 Firewall Application 1.1.3.1 LAN to LAN Application Y ou can use the Prestige to connect two geogr aphical ly dispersed networks over the ADSL line. A typical LAN-to-LAN application for your Prestige is shown as follows.
Prestige 662H/HW Series User’s Guide 53 Chapter 1 G etting To Know Your Pres tige.
Prestige 662H/HW Series User’s Guide Chapter 2 Introducing the Web Configur ator 54 C HAPTER 2 Introducing the W eb Configurator This chapter describes how to acces s and navigate the web configurator .
Prestige 662H/HW Series User’s Guide 55 Chapter 2 Introducing the Web Configurator Figure 4 Password Screen 6 It is highly recommended you change the de fault password! Enter a new password, retype it to confirm and click Apply ; alternatively click Ignor e to proceed to the main menu if you do not want to chang e the password now .
Prestige 662H/HW Series User’s Guide Chapter 2 Introducing the Web Configur ator 56 2 Press the RESET button for ten seconds or until the PWR/SYS LED begins to blink and then release it. When the PWR/SYS LED begins to blink, the defaults have b een restored and the Prestige restarts.
Prestige 662H/HW Series User’s Guide 57 Chapter 2 Introducing the Web Configurator T able 3 Web Config urator Scre ens Summ ary LINK SUB-LINK FUNCTION Wizard Setup Connection Setup Use these screens for initial co nfiguratio n including general setup, ISP parameters for In ternet Access and WAN IP/DNS Server/MAC address assignme nt.
Prestige 662H/HW Series User’s Guide Chapter 2 Introducing the Web Configur ator 58 Media Bandw idth Management Summary Use this screen to allocate an i nterface's outg oing capacity to specific types of traffic. Class Setup Use this screen to define a bandwidth class.
Prestige 662H/HW Series User’s Guide 59 Chapter 2 Introducing the Web Configurator.
Prestige 662H/HW Series User’s Guide Chapter 3 Wizard Setup for Internet Acces s 60 C HAPTER 3 W izard Setup for Internet Access This chapter pr ovides information on the W izard Se tup scr eens for Internet access in the web configurator .
Prestige 662H/HW Series User’s Guide 61 Chapter 3 Wiz ard Setup f or Internet Ac cess 3.1.1.4 RFC 1483 RFC 1483 describes two methods for Multipro tocol Encapsulation over A TM Adaptation Layer 5 (AAL5).
Prestige 662H/HW Series User’s Guide Chapter 3 Wizard Setup for Internet Acces s 62 Figure 7 Internet Access Wizard Setup: First Screen The following table describes the fields in this screen.
Prestige 662H/HW Series User’s Guide 63 Chapter 3 Wiz ard Setup f or Internet Ac cess If the ISP did not expl icitly give you an IP network n u mber , then most likely you have a sin gle user account and the ISP will assign you a d ynamic IP address when the connection is established.
Prestige 662H/HW Series User’s Guide Chapter 3 Wizard Setup for Internet Acces s 64 3.3.1.4 Private IP Addresses Every machine on the Internet must ha ve a unique address. If your ne tworks are isolate d from the Internet, for example, only between your two branch of fice s, you can assign any IP addresses to the hosts without problems.
Prestige 662H/HW Series User’s Guide 65 Chapter 3 Wiz ard Setup f or Internet Ac cess Figure 8 Internet Connection with PPPoE The following table describes the fields in this screen. Table 5 Internet Connection with PPPoE LABEL DESCRIPTION Service Name T ype the name of your PPPoE service here.
Prestige 662H/HW Series User’s Guide Chapter 3 Wizard Setup for Internet Acces s 66 Figure 9 Internet Connection with RFC 1483 The following table describes the fields in this screen. Table 6 Internet Connection with RFC 1483 LABEL DESCRIPTION IP Address This field is available if you select Routing in the Mode fiel d.
Prestige 662H/HW Series User’s Guide 67 Chapter 3 Wiz ard Setup f or Internet Ac cess Figure 10 Internet Connection with ENET ENCAP The following table describes the fields in this screen. Table 7 Internet Connection with ENET ENCAP LABEL DESCRIPTION IP Address A st atic IP add ress is a fixed IP that your ISP gives you.
Prestige 662H/HW Series User’s Guide Chapter 3 Wizard Setup for Internet Acces s 68 Figure 1 1 Internet Connect ion with PPPoA The following table describes the fields in this screen. Table 8 Internet Connection with PPPoA LABEL DESCRIPTION User Name Enter the lo gin name that your ISP gives y ou.
Prestige 662H/HW Series User’s Guide 69 Chapter 3 Wiz ard Setup f or Internet Ac cess 3.4.1 DHCP Setup DHCP (Dynamic Host Configuration Protocol , RFC 2131 and RFC 2132) allows indiv idual clients to obtain TCP/IP configuration at star t-up from a server .
Prestige 662H/HW Series User’s Guide Chapter 3 Wizard Setup for Internet Acces s 70 Figure 13 Internet Access Wizard Setup: LAN Configuration The following table describes the fields in this screen. 3.5 Internet Access Wizard Setup: Connection T est The Prestige automatically tests the connectio n to the computer(s) connected to the LAN ports.
Prestige 662H/HW Series User’s Guide 71 Chapter 3 Wiz ard Setup f or Internet Ac cess Figure 14 Internet Access Wizard Setup: Connection T ests 3.5.1 T est Y our Internet Connection Launch your web brows er and navigate to www .zyxel.com . Internet access is just the beginning.
Prestige 662H/HW Series User’s Guide Chapter 4 Wiza rd Setup fo r Media Ban dwidth Mana gement 72 C HAPTER 4 Wizard Setup for Media Bandwid th Management This chapter shows you how to configur e basic bandwidth management using the wiza rd scr eens.
Prestige 662H/HW Series User’s Guide 73 Chapter 4 Wizard Setup for Media Bandwidth Ma nagement 4.2 Media Bandwid th Management Setup 1 Click Media Bandwidth Mgnt. under Wizard Setup in the SITE MAP screen. FTP File Transfer Program enabl es fast transf er of files, including large files that may not be possible by e -mail.
Prestige 662H/HW Series User’s Guide Chapter 4 Wiza rd Setup fo r Media Ban dwidth Mana gement 74 Figure 15 Media Bandwid th Mgnt. Wiza rd Setup: First Scr een The following table describes the labels in this screen.
Prestige 662H/HW Series User’s Guide 75 Chapter 4 Wizard Setup for Media Bandwidth Ma nagement Figure 16 Media Bandwid th Mgnt. Wizard Setup: Se cond Screen The following table describes th e fields in this screen. 4.4 Media Bandwid th Mgnt. Wizard Setup: Finish W ell done! Y ou have finished configuration o f Media Bandwidth Manag ement.
Prestige 662H/HW Series User’s Guide Chapter 5 Password Setup 76 C HAPTER 5 Password Setup This chapter pr ovides information on the Password scr een. 5.1 Password Overview It is highly recommended that you ch ange the password for accessing the Prestige.
Prestige 662H/HW Series User’s Guide 77 Chapter 5 Password Setup.
Prestige 662H/HW Series User’s Guide Chapter 6 LAN Setup 78 C HAPTER 6 LAN Setup This chapter describes how to configur e LAN settings. 6.1 LAN Overview A Local Area Network (LAN) is a shared comm unication system to which many computers are attached.
Prestige 662H/HW Series User’s Guide 79 Chapter 6 LAN Setup 6.2 DNS Server Address DNS (Domain Name System) is for mapping a domain name to its corresponding IP address and vice versa. The DNS server is extremely impo rtant because without it, you must know the IP address of a machine before you can access it.
Prestige 662H/HW Series User’s Guide Chapter 6 LAN Setup 80 6.4 LAN TCP/IP The Prestige has built-in DHCP server capability that assigns IP addresses and DNS servers to systems that support DHCP client capability .
Prestige 662H/HW Series User’s Guide 81 Chapter 6 LAN Setup 6.4.4 Multicast T raditionally , IP packets are transmitted in one of either two ways - Unicast (1 sender - 1 recipient) or Broadcast (1 sender - everybody on the network). Multicast delivers IP packets to a group of host s on the network - not everybody and not just 1.
Prestige 662H/HW Series User’s Guide Chapter 6 LAN Setup 82 Figure 20 Any IP Example The Any IP fe ature does n ot apply to a computer using either a dynami c IP address or a static IP address that is in the same subnet as the Prestige’ s IP address.
Prestige 662H/HW Series User’s Guide 83 Chapter 6 LAN Setup After all the routing information is updated, the computer can access the Prestige and the Internet as if it is in the same subnet as the Prestige. 6.6 Configuring LAN Click LAN and LAN Setup to open the following screen.
Prestige 662H/HW Series User’s Guide Chapter 6 LAN Setup 84 The following table describes the fields in this screen. 6.7 Configuring S tatic DHCP This table allows you to assign IP addresses on the LAN to specific individual computers based on their MAC Addresses.
Prestige 662H/HW Series User’s Guide 85 Chapter 6 LAN Setup Every Ethernet device has a unique MAC (Med ia Access Control) addre ss. The MAC address is assigned at the factory and consists of six pairs of hexadec imal characters, for example, 00:A0:C5:00:00:02.
Prestige 662H/HW Series User’s Guide Chapter 7 DMZ 86 C HAPTER 7 DMZ This chapter describes how to configur e the Pr e stige’ s DMZ. 7.1 Introduction The DeMilitarized Zone (DMZ) auto-negotiating 10/100 Mbps E thernet port provides a way for public servers (W eb, e-mail, FTP , etc.
Prestige 662H/HW Series User’s Guide 87 Chapter 7 DMZ Figure 23 DMZ The following table describes the labels in this screen.. Table 16 DMZ LABEL DESCRIPTION DMZ TCP/IP IP Address T ype the IP address of your Presti ge’s DMZ port in dotted decimal notation.
Prestige 662H/HW Series User’s Guide Chapter 7 DMZ 88 Allow between DMZ and LAN Select this check box to forward NetBIOS packets from the LAN to the DMZ and from the DMZ to the LAN.
Prestige 662H/HW Series User’s Guide 89 Chapter 7 DMZ.
Prestige 662H/HW Series User’s Guide Chapter 8 Wireless LAN Setup 90 C HAPTER 8 W ireless LAN Setup This chapter discusses how to con figur e W ire less LAN on the Pr estige. 8.1 Introduction This section introduces the wireless LAN and some basic configurations.
Prestige 662H/HW Series User’s Guide 91 Chapter 8 Wireless LAN Setup 8.1.3 ESS ID An Extended Service Set (ESS) is a group of access points or wireless gateways connected to a wired LAN on the same subnet.
Prestige 662H/HW Series User’s Guide Chapter 8 Wireless LAN Setup 92 If the RT S / C T S value is greater than the Fragmentation Threshold value (see next), then the R TS (Request T o Send)/CTS (Clear to Send) ha ndshake will never occur as data frames will be fragmented befo re they reach RT S/ CT S s ize.
Prestige 662H/HW Series User’s Guide 93 Chapter 8 Wireless LAN Setup Figure 25 Prestige Wireless Security Levels If you do not enable any wireless security on y our Prestige, your network is accessible to any wireless networki ng device that is within range.
Prestige 662H/HW Series User’s Guide Chapter 8 Wireless LAN Setup 94 Click W ireless LAN , W ireless to open the Wir eless screen. Figure 26 Wirele ss LAN The following table describes the fields in this screen.
Prestige 662H/HW Series User’s Guide 95 Chapter 8 Wireless LAN Setup 8.5 Configuring MAC Filter The MAC filter screen allows you to configure the Prestige to give exclusive access to up to 32 devices (Allow Association) or exclude up to 32 devices from ac cessing the Prestige (Deny Association).
Prestige 662H/HW Series User’s Guide Chapter 8 Wireless LAN Setup 96 Figure 27 MAC Addres s Filter The following table describes the fields in this menu. Table 18 MAC Address F ilter LABEL DESCRIPTION Active Select Ye s from the drop down list box to enable MAC address fil tering.
Prestige 662H/HW Series User’s Guide 97 Chapter 8 Wireless LAN Setup 8.6 Network Authentication Y ou can set the Prestige a nd your network to auth enticate a wireless st ation before the wireless station can communicate with th e Prestige and the wired network to which the Prestige is connected.
Prestige 662H/HW Series User’s Guide Chapter 8 Wireless LAN Setup 98 • Access-Reject Sent by a RADIUS server rejecting access. • Access-Accept Sent by a RADIUS server allowing access. • Access-Challenge Sent by a RADIUS server requesting more information in order to allow access.
Prestige 662H/HW Series User’s Guide 99 Chapter 8 Wireless LAN Setup 3 The wireless station replies with identity info rmation, including username and password. 4 The RADIUS server checks the user informa tion against its user profile database and determines whether or not to au thenticate the wireless station.
Prestige 662H/HW Series User’s Guide Chapter 8 Wireless LAN Setup 100 By generating unique data encryption keys for ev ery data packet and by creating an integrity checking mechanism (MIC), TKIP makes it much more dif ficult to decode data on a W i-Fi network than WEP , making it dif ficult for an intruder to break into the network.
Prestige 662H/HW Series User’s Guide 101 Cha pter 8 Wireless LAN Setu p 2 The RADIUS server then checks the user's iden tification against its database and grants or denies network access accordingly .
Prestige 662H/HW Series User’s Guide Chapter 8 Wireless LAN Setup 102 8.1 1 Wireless Client WP A Supplicants A wireless client supplicant is the software that runs on an operating system instructing the wireless client how to use WP A.
Prestige 662H/HW Series User’s Guide 103 Cha pter 8 Wireless LAN Setu p 8.12.1 Authenticatio n Required: 802.1x Select Authentication Required in the Wireless Port Contr ol field and 802.1x in the Key Management Protocol field to display the next screen.
Prestige 662H/HW Series User’s Guide Chapter 8 Wireless LAN Setup 104 T able 21 Wireless LAN: 802.1x/WP A for 802.1x Protocol LABEL DESCRIPTION Wireless Port Control T o control wireless stations access to the wired network, sele ct a control method from the drop-down list box.
Prestige 662H/HW Series User’s Guide 105 Cha pter 8 Wireless LAN Setu p 8.12.2 Authenticat ion Required: WP A Select Authentication Required in the Wir eless Port Control field and WP A in the Key Management Protocol field to display the next screen.
Prestige 662H/HW Series User’s Guide Chapter 8 Wireless LAN Setup 106 8.12.3 Authenticatio n Required: WP A-PSK Select Authentication Required in t he Wireless Port Contr ol field and WP A-PSK in the Key Management Protocol field to display the next screen.
Prestige 662H/HW Series User’s Guide 107 Cha pter 8 Wireless LAN Setu p Figure 34 Wireless LAN: 802.1x/WP A for W P A-PSK Protocol The following table describes the labels not previously discussed. Table 23 Wireless LAN: 802.1x/WP A for W P A-PSK Protocol LABEL DESCRIPTION Key Management Protocol Choose WP A-PSK in th is field.
Prestige 662H/HW Series User’s Guide Chapter 8 Wireless LAN Setup 108 8.13 Configuring Local User Authentication By storing user profiles locally , your Prestige is able to authenticate wireless users without interacting with a network RADIUS server .
Prestige 662H/HW Series User’s Guide 109 Cha pter 8 Wireless LAN Setu p 8.14 Configuring RADIUS Once you enable the EAP authentication, you need to specify th e external sever for remote user authenticatio n and accounting. T o set up your Prestige’ s RADIUS server settings, click WIRELESS LAN , RADIU S .
Prestige 662H/HW Series User’s Guide Chapter 8 Wireless LAN Setup 110 Table 25 RADIUS LABEL DESCRIPTION Authentication Server Active Select Ye s from the drop-down list box to enable user authentication through an external authentication server .
Prestige 662H/HW Series User’s Guide 111 Cha pter 8 Wireless LAN Setu p.
Prestige 662H/HW Series User’s Guide Chapter 9 WAN Setup 112 C HAPTER 9 W AN Setup This chapter describes how to configur e W AN settings. 9.1 W AN Overview A W AN (W ide Area Network) is an outside conn ection to another network or the Internet. See Chapter 3, on page 6 0 for more information on th e fields in the W AN screens.
Prestige 662H/HW Series User’s Guide 113 Chapter 9 WAN Setup 9.3 PPPoE Encap sulation The Prestige supports PPPoE (Point-to-Point Protocol over Ethernet). PPPoE is an IETF Draft standard (RFC 2516) specifying how a personal computer (PC) interacts with a broadband modem (DSL, cable, wireless, etc.
Prestige 662H/HW Series User’s Guide Chapter 9 WAN Setup 114 Figure 37 Example of T ra ffic Shaping 9.5 Zero Configuration Internet Access Once you turn on and connect the Prestige to a telephone ja.
Prestige 662H/HW Series User’s Guide 115 Chapter 9 WAN Setup Figure 38 W AN Setup (PPPoE) The following table describes the fields in this screen. Table 26 WAN Se t u p LABEL DESCRIPTION Name Enter the name of your Internet Service Provider , e.g., MyISP .
Prestige 662H/HW Series User’s Guide Chapter 9 WAN Setup 116 Encapsulation Select th e method of encapsulatio n used by your ISP from the drop-down list box. Choices vary depending on the mode you select in th e Mode field. If you select Bridge in the Mode field, select either PPPoA or RFC 1483 .
Prestige 662H/HW Series User’s Guide 117 Chapter 9 WAN Setup 9.7 T raffic Redirect T raffic redirect forwards traffic to a backup gateway when the Prestige cannot connect to the Internet.
Prestige 662H/HW Series User’s Guide Chapter 9 WAN Setup 118 Figure 39 T raffic Redirect Example The following network topology allows you to avoid triangle route security issues when the backup gateway is co nnected to the LAN.
Prestige 662H/HW Series User’s Guide 119 Chapter 9 WAN Setup Figure 41 W AN Backup The following table describes the fields in this screen. Table 27 WAN Ba c k up LABEL DESCRIPTION Backup T ype Select the method that the Pr estige uses to check the DSL connection.
Prestige 662H/HW Series User’s Guide Chapter 9 WAN Setup 120 Recovery Interval When the Prestige is using a lower priority connection (usu ally a WAN backup connection), it periodically checks to whether or not it can use a higher priority connection.
Prestige 662H/HW Series User’s Guide 121 Chapter 9 WAN Setup 9.9 Configuring Advanced W AN Backup T o edit your Prestige’ s advanc ed W AN backup settings, click WA N , W AN Backup and then the Advanc ed Setup button. The sc reen appears as shown.
Prestige 662H/HW Series User’s Guide Chapter 9 WAN Setup 122 Table 28 Advanced W AN Backup LABEL DESCRIPTION Basic Login Name T ype the login name a ssigned by your ISP . Password T ype the password assigned by your ISP . Retype to Confirm T ype your password again to make sure that you have entered is correctly .
Prestige 662H/HW Series User’s Guide 123 Chapter 9 WAN Setup RIP V ersion The RIP V ersion field controls the format and the broad casting method of th e RIP packets that the Prestige sends (it recognizes both formats when receiving ). Choose RIP-1 , RIP-2B or RIP-2M .
Prestige 662H/HW Series User’s Guide Chapter 9 WAN Setup 124 9.10 A T Command Strings For regular telephone lines, the default "Dial" string tells the modem that the line uses tone dialing. " ATDT " is the command for a switch that requir es tone dialing.
Prestige 662H/HW Series User’s Guide 125 Chapter 9 WAN Setup Figure 43 Advanced Modem Setu p The following table describes the fields in this screen. Table 29 Advanced Mode m Setup LABEL DESCRIPTION A T Command St r in g s Dial T ype the A T Command string to make a call.
Prestige 662H/HW Series User’s Guide Chapter 9 WAN Setup 126 Retry Interval T ype a number of seconds for th e Prestige to wait b efore trying another call after a call has failed.
Prestige 662H/HW Series User’s Guide 127 Chapter 9 WAN Setup.
Prestige 662H/HW Series User’s Guide Chapter 10 Network Address Translation (NAT) Scr eens 128 C HAPTER 10 Network Address T ranslation (NA T) Screens This chapter discusses how to configure NA T on the Prestige .
Prestige 662H/HW Series User’s Guide 129 Chapter 10 Network Address Translation (NAT) Scree n s 10.1.2 What NA T Does In the simplest form, NA T changes the sour ce IP address in a packet received from a subscriber (the inside local address) to anothe r (the inside global address) before forwarding the packet to the W A N side.
Prestige 662H/HW Series User’s Guide Chapter 10 Network Address Translation (NAT) Scr eens 130 Figure 44 How NA T W orks 10.1.4 NA T Application The following figure illustrates a possible NA T application, wher e three inside LANs (logical LANs using IP Alias) behind the Prestige can communicate with three distinct W AN networks.
Prestige 662H/HW Series User’s Guide 131 Chapter 10 Network Address Translation (NAT) Scree n s • One to One : In One-to-One mode, the Prestige maps one local IP address to one global IP address. • Many to One : In Many-to-One mode, the Prestige maps multiple local IP addresses to one global IP address.
Prestige 662H/HW Series User’s Guide Chapter 10 Network Address Translation (NAT) Scr eens 132 • Choose Full Featur e if you have multiple public W AN IP addresses for your Prestige.
Prestige 662H/HW Series User’s Guide 133 Chapter 10 Network Address Translation (NAT) Scree n s 10.3.3 Configuring Servers Behind SUA (Example) Let's say you want to assign po rts 21-25 to one FTP , T elnet and SMTP server (A in the example), port 80 to another (B in the exam ple) and assign a default server IP address of 192.
Prestige 662H/HW Series User’s Guide Chapter 10 Network Address Translation (NAT) Scr eens 134 Figure 47 NA T Mode The following table describes the labels in this screen.
Prestige 662H/HW Series User’s Guide 135 Chapter 10 Network Address Translation (NAT) Scree n s Figure 48 Edit SUA/NA T Server Set The following table describes the fields in this screen. T able 34 Edit SUA/NA T Server Set LABEL DESCRIPTION S tart Port No.
Prestige 662H/HW Series User’s Guide Chapter 10 Network Address Translation (NAT) Scr eens 136 10.6 Configuring Address Mapping Ordering your rules is important because the Pr estige applies the rules in the order that you specify .
Prestige 662H/HW Series User’s Guide 137 Chapter 10 Network Address Translation (NAT) Scree n s 10.7 Editing an Address Mapping Rule T o edit an address mapping rule, click the rule’ s link in the NA T Addr ess Mapping Rules screen to display the screen sh own next.
Prestige 662H/HW Series User’s Guide Chapter 10 Network Address Translation (NAT) Scr eens 138 Table 36 Address Mapping Rule Edit LABEL DESCRIPTION Ty p e Choose the port mapping type from one of the following. • One-to-One : One-to-One mode maps one local IP address to o ne global IP address.
Prestige 662H/HW Series User’s Guide 139 Chapter 10 Network Address Translation (NAT) Scree n s.
Prestige 662H/HW Series User’s Guide Chapter 11 Dynamic DNS Setup 140 C HAPTER 11 Dynamic DNS Setup This chapter discusses how to configur e your Prestige to use Dynamic DNS.
Prestige 662H/HW Series User’s Guide 141 Chapter 1 1 Dynamic DNS Setup Figure 51 Dynamic DNS The following table describes the fields in this screen. Table 37 Dynamic DNS LABEL DESCRIPTION Active Select this check box to use dynamic DNS. Service Provider This is the name of your Dyn amic DNS service pr ovider .
Prestige 662H/HW Series User’s Guide Chapter 12 Time and Date 142 C HAPTER 12 T ime and Date This scr een is not available on all models. Us e this scr een to configur e the Pr estige’ s time and date settings. 12.1 Configuring T ime and Date T o change your Prestige’ s time and date, click Time And Date .
Prestige 662H/HW Series User’s Guide 143 Chapter 12 Time and Da te Table 38 T ime and Date LABEL DESCRIPTION T ime Server Use Protocol when Bootup Select the time service protocol that your time server sends w hen you turn on the Prestige.
Prestige 662H/HW Series User’s Guide Chapter 13 Firewalls 144 C HAPTER 13 Firewalls This chapter gives some backgr ound informa tion on firewall s and intr oduces the Pr estige fir ewall. 13.1 Firewall Overview Originally , the term fir ewall referred to a construction techni que designed to prevent the spread of fire from one room to another .
Prestige 662H/HW Series User’s Guide 145 Chapter 13 Firewalls Information hiding prevents the names of in ternal systems from being made known via DNS to outside systems, since the ap plication gateway is the only ho st whose name must be mad e known to outside systems.
Prestige 662H/HW Series User’s Guide Chapter 13 Firewalls 146 13.3.1 Denial of Service Att acks Figure 53 Prestige Firewall Application 13.4 Denial of Service Denials of Service (DoS) attacks are aimed at devices and networks w ith a connection to the Internet.
Prestige 662H/HW Series User’s Guide 147 Chapter 13 Firewalls 13.4.2 T ypes of DoS Atta cks There are four types of DoS attacks: 1 Those that exploit bugs in a TCP/IP implementation. 2 Those that exploit weaknesses in the TCP/IP specification. 3 Brute-force attacks that flood a network with useless data.
Prestige 662H/HW Series User’s Guide Chapter 13 Firewalls 148 Figure 54 Three-W ay Handshake Under normal circumstances, the applica tion that initiates a session sends a SYN (synchronize) packet to the receiving server .
Prestige 662H/HW Series User’s Guide 149 Chapter 13 Firewalls amount of ICMP echo request and response traffic. If a hacker chooses to spoof the source IP address of the ICMP echo request packet, th.
Prestige 662H/HW Series User’s Guide Chapter 13 Firewalls 150 13.4.2.3 T raceroute T raceroute is a utility used to determine th e path a packet takes between two endpoints. Sometimes when a packet filter firewall is conf igured incorrectly an at ta cker can traceroute the firewall gaining knowledge of the network topology inside the firewall.
Prestige 662H/HW Series User’s Guide 151 Chapter 13 Firewalls Figure 57 S tateful Inspection The previous figure shows the Prestige’ s default firewall rules in action as well as demonstrates how stateful inspection works. User A can initiate a T elnet session from within the LAN and responses to this request are allowe d.
Prestige 662H/HW Series User’s Guide Chapter 13 Firewalls 152 temporary entries might be modified, in order to permit only packets that a re valid for the current state o f the connection.
Prestige 662H/HW Series User’s Guide 153 Chapter 13 Firewalls If an initiation packet originates on the LAN, this means that someone is trying to make a connection from the LAN to the In ternet. Assuming that this is an acceptable part of the security policy (as is the case w ith the default policy), the connection will be allowed.
Prestige 662H/HW Series User’s Guide Chapter 13 Firewalls 154 Any protocol that operates in this way must be supported on a case-by-case bas is. Y ou can use the web configurator’ s Custom Ports feature to do this. 13.6 Guidelines for Enhancing Security with Y our Firewall • Change the default passwo rd via SMT or web conf igurator.
Prestige 662H/HW Series User’s Guide 155 Chapter 13 Firewalls • Upgrade your software regularly . Many old er versions of software, especially web browsers, have well known security d efici encies. When you upgrade to the latest versions, you get the latest patches and fixes.
Prestige 662H/HW Series User’s Guide Chapter 13 Firewalls 156 • The firewall provides e-mail service to notify you of routine reports and when alerts occur . 13.7.2.1 When T o Use The Firewall • T o prevent DoS attacks and prevent hackers cracking your network.
Prestige 662H/HW Series User’s Guide 157 Chapter 13 Firewalls.
Prestige 662H/HW Series User’s Guide Chapter 14 Firewall Configurat ion 158 C HAPTER 14 Firewall Configuration This chapter shows you how to enable and configur e the Pr estige fir ewall. 14.1 Access Methods The web configurator is, by far , the most co mprehensive firewall configuration tool your Prestige has to offer .
Prestige 662H/HW Series User’s Guide 159 Chapter 14 Firewall Configuration •W A N t o W A N / R o u t e r This prevents computers on the W AN from using the Prestige as a gateway to communicate with other computers on the W AN and/or managing the Prestige.
Prestige 662H/HW Series User’s Guide Chapter 14 Firewall Configurat ion 160 2 What direction of traffic does the rule apply to (refer to the Firewall P olicies Overview section)? 3 What IP services .
Prestige 662H/HW Series User’s Guide 161 Chapter 14 Firewall Configuration 14.3.3.4 Dest ination Address What is the connection’ s destination address; is it on the LAN, DMZ, W AN? Is it a single IP , a range of IPs or a sub net? 14.
Prestige 662H/HW Series User’s Guide Chapter 14 Firewall Configurat ion 162 Figure 59 W AN to LAN T raffic 14.4.3 Alert s Alerts are reports on events, such as attacks, that you may want to know about right away .
Prestige 662H/HW Series User’s Guide 163 Chapter 14 Firewall Configuration Figure 60 Firewall: Default Policy The following table describes the labels in this screen. Table 43 Firewall: Default Policy LABEL DESCRIPTION Firewall En abled Select this check box to activa te the firewa ll.
Prestige 662H/HW Series User’s Guide Chapter 14 Firewall Configurat ion 164 14.6 Rule Summary Click on Fire wall , then Rule Summary to bring up the following screen. This screen is a summary of the existing rules. Note the order in which the rules are listed.
Prestige 662H/HW Series User’s Guide 165 Chapter 14 Firewall Configuration 14.6.1 Configuring Firewall Rules Follow these directions to create a new rule.
Prestige 662H/HW Series User’s Guide Chapter 14 Firewall Configurat ion 166 Figure 62 Firewall: Edit Rule The following table describes the labels in this screen.
Prestige 662H/HW Series User’s Guide 167 Chapter 14 Firewall Configuration Table 45 Firewall: Edit Rule LABEL DESCRIPTION Active Select this option to ena ble this firewall rule. Action for Matched Packet Use the radio button to select whether to disca rd ( Block ) o r allow the passage of ( Forward ) packets that match this rule.
Prestige 662H/HW Series User’s Guide Chapter 14 Firewall Configurat ion 168 14.7 Customized Services Configure customized services and port numb ers not predefined by the Prestige. For a comprehensive list of port numbers and services, visit the IANA (Internet Assigned Number Authority) website.
Prestige 662H/HW Series User’s Guide 169 Chapter 14 Firewall Configuration Figure 64 Firewall: Configure Customized Services The following table describes the labels in this screen. 14.9 Example Firewall Rule The following Internet firewa ll rule example allows a hypot hetical “My Service” connection from the Internet.
Prestige 662H/HW Series User’s Guide Chapter 14 Firewall Configurat ion 170 Figure 65 Firewall Example: Rule Summary 3 In the Rule Summary screen, type the index number for where you want to put the rule. For example, if you type “6”, your new rule becomes number 6 and the previous rule 6 (i f there is one) becomes rule 7.
Prestige 662H/HW Series User’s Guide 171 Chapter 14 Firewall Configuration Figure 66 Firewall Example: Edit Ru le: Des tination Addres s 7 In the Edit Rule screen, click the Customized Servic es link to open the Customized Service screen.
Prestige 662H/HW Series User’s Guide Chapter 14 Firewall Configurat ion 172 Figure 68 Firewall Example: Edit Rule: Select Customized Services On completing the configuration procedure for this Inter.
Prestige 662H/HW Series User’s Guide 173 Chapter 14 Firewall Configuration screen should look like the following. Rule 2 allows a “My Service” connection fro m the W AN to IP addresses 10.0.0.10 through 10.0.0.15 on the LAN. Figure 69 Firewall Example: Rule Summary: My Service 14.
Prestige 662H/HW Series User’s Guide Chapter 14 Firewall Configurat ion 174 BOOTP_SERVER(UDP:67) DHCP Server . CU-SEEME(TCP/UDP:7648, 24032) A popular videocon ferencing solution from White Pines So ftware. DNS(UDP/TCP:53) Domain Name Server , a servi ce that matches web names (e.
Prestige 662H/HW Series User’s Guide 175 Chapter 14 Firewall Configuration 14.1 1 Anti-Probing If an outside user attempts to probe an unsupp orted port on your Prestige, an ICMP respon se packet is automatically returned. This allows the outside user to know the Prestige exists.
Prestige 662H/HW Series User’s Guide Chapter 14 Firewall Configurat ion 176 Figure 70 Firewall: Anti Probing The following table describes the labels in this screen. 14.12 Configuring Att ack Alert Attack alerts are the first defe nse against DOS attacks.
Prestige 662H/HW Series User’s Guide 177 Chapter 14 Firewall Configuration 14.12.1 Threshold V alues T une these para meters when some thing is not working and after y ou have checked the firewall counters. These default values sh ould work fine for most small offices.
Prestige 662H/HW Series User’s Guide Chapter 14 Firewall Configurat ion 178 Whenever the number of half-o pen sessions with the same destin ation host address rises a bove a threshold ( TCP Maximum .
Prestige 662H/HW Series User’s Guide 179 Chapter 14 Firewall Configuration One Minute High This is the rate of new half-open sessio ns that causes the firewall to start deleting half-open sessions.
Prestige 662H/HW Series User’s Guide Chapter 15 Content Filtering 180 C HAPTER 15 Content Filtering This chapter covers how to configur e content filtering. 15.1 Content Filtering Overview Internet content filtering allows you to create and enforce Internet access policies tailored to your needs.
Prestige 662H/HW Series User’s Guide 181 Chapter 15 Content Filtering Figure 72 Content Filter: Keyword The following table describes the labels in this screen. 15.3 Configuring the Schedule T o set the days and times for the Prestige to perform content filtering, click Cont ent Filter and Schedule .
Prestige 662H/HW Series User’s Guide Chapter 15 Content Filtering 182 Figure 73 Content Filter: Schedule The following table describes the labels in this screen. 15.4 Configuring T rusted Computers T o exclude a range of users on the LAN from content filtering on your Prestige, click Content Filter and Tr u s t e d .
Prestige 662H/HW Series User’s Guide 183 Chapter 15 Content Filtering Figure 74 Content Filter: T rusted The following table describes the labels in this screen.
Prestige 662H/HW Series User’s Guide Chapter 16 Content Access Control 184 C HAPTER 16 Content Access Control This chapter gives some backgr ound informa tion on Content Access Contr ol and explains how to get started with the Pr estige Content Access Control.
Prestige 662H/HW Series User’s Guide 185 Chapter 16 Conten t Access Control 16.2 Activating CAC an d Create User Group s From the Site Map , click Content Access Control and General to open the configuration screen. Use this screen to activate Content Access Control and set up the four user groups.
Prestige 662H/HW Series User’s Guide Chapter 16 Content Access Control 186 16.2.1 Configuring T ime Schedule T o set up the time schedule for each user group, click Edit under Tim e in the Control Access Control-General screen. A screen displays as shown next.
Prestige 662H/HW Series User’s Guide 187 Chapter 16 Conten t Access Control Figure 77 Control Access Control: Ge neral: T ime Scheduling The following table describes the labels in this screen.
Prestige 662H/HW Series User’s Guide Chapter 16 Content Access Control 188 16.2.2 Configuring Services T o customize services for e ach user group, click Edit under Se rvices for that user group in the Content Access Control: General screen.
Prestige 662H/HW Series User’s Guide 189 Chapter 16 Conten t Access Control 16.2.2.1 A vailable Services The A vailable Services list box in the Services screen displays some predefined services that the Prestige supports. The following table shows a list of services that can be configured.
Prestige 662H/HW Series User’s Guide Chapter 16 Content Access Control 190 MSN Messenger(TCP:1863) Microsoft Networks’ messenger servi ce uses this p rotocol. MUL TICAST(IGMP:0) Internet Group Multicast Pr otocol is used when sending packets to a specific group of hosts.
Prestige 662H/HW Series User’s Guide 191 Chapter 16 Conten t Access Control 16.2.3 Configuring Web Site Filters T o enable content filtering an d to configur e URL keyword blockin g for a user group, click Edit under We b B r o w s i n g in t he Content Access Control: General screen.
Prestige 662H/HW Series User’s Guide Chapter 16 Content Access Control 192 Figure 79 Content Access Contro l: G eneral: Web Site Filter.
Prestige 662H/HW Series User’s Guide 193 Chapter 16 Conten t Access Control The following table describes the labels in this screen. Table 58 Content Access Contro l: General: Web Site Filter LABEL .
Prestige 662H/HW Series User’s Guide Chapter 16 Content Access Control 194 Gambling Selecting this ca tegory excludes pages where a user can place a bet or participate in a betting pool (including lott eries) online.
Prestige 662H/HW Series User’s Guide 195 Chapter 16 Conten t Access Control Games Selecting this category excludes pages that provide in formation and support game playing or downloading, video game s, computer ga mes, electronic games, tips, and advice on games or how to obtain cheat codes.
Prestige 662H/HW Series User’s Guide Chapter 16 Content Access Control 196 Religion Selecting this category excludes pages that promote and provide information on conventional or unconventional relig ious or quasi-religious subjects, as well as churches, synagogues, o r othe r houses of worship.
Prestige 662H/HW Series User’s Guide 197 Chapter 16 Conten t Access Control 16.2.4 T esting Web Site Access Privileges T o check the acce ss restrictions of a web site, click Diagnose under W eb Br owsing in the Content Access Control: General screen.
Prestige 662H/HW Series User’s Guide Chapter 16 Content Access Control 198 Figure 80 Content Access Contro l: General: Diagnose The following table describes the labels in this screen.
Prestige 662H/HW Series User’s Guide 199 Chapter 16 Conten t Access Control Figure 81 Content Access Co ntro l: User Profiles The following table describes the labels in this screen. Table 60 Content Access Contro l: User Profiles LABEL DESCRIPTION Index This field displays the index numbe r .
Prestige 662H/HW Series User’s Guide Chapter 16 Content Access Control 200 16.4 User Online S t atus T o view the online status of each u ser , click Content Access Contro l in the Site Map screen and click Online S tatus to display the screen as shown.
Prestige 662H/HW Series User’s Guide 201 Chapter 16 Conten t Access Control 16.5 Content Access Control Logins The following sections describe the user and administrator login experience. 16.5.1 User Login 1 Once the initial configuration is complete, a computer on the network cannot gain Internet access without first logging into the Prestige.
Prestige 662H/HW Series User’s Guide Chapter 16 Content Access Control 202 16.5.2 Administrator Login The administrator can log into the system. • The administrator opens their browser and is di rected to the Prestige user login page (this is the same as the user login).
Prestige 662H/HW Series User’s Guide 203 Chapter 16 Conten t Access Control.
Prestige 662H/HW Series User’s Guide Chapter 17 Anti-Virus Packet Scan 204 C HAPTER 17 Anti-V irus Packet Scan This chapter intr oduces and shows you how to configur e the anti-virus packet scan. 17.1 Overview A computer virus is a small program designed to corrupt and/or alter the operati on of other legitimate programs.
Prestige 662H/HW Series User’s Guide 205 C hapter 17 Anti-Vir us Packet S can For maximum protection, you must ke ep the pattern file up-to-date. 17.2.1 Computer V irus Infection and Prevention The follow de scribes a sim plistic life cycle of a computer viru s.
Prestige 662H/HW Series User’s Guide Chapter 17 Anti-Virus Packet Scan 206 This is an Internet file transfer service th at operates on the Internet and over TCP/IP networks. A system running the FTP server acc epts commands from a system running an FTP client.
Prestige 662H/HW Series User’s Guide 207 C hapter 17 Anti-Vir us Packet S can 17.4 Anti-virus Packet Scan Configuration Click Anti V irus and Packet Scan to display th e configuration screen as shown next. Figure 86 Anti Virus: Packet Scan The following table describes the labels in this screen.
Prestige 662H/HW Series User’s Guide Chapter 17 Anti-Virus Packet Scan 208 17.5 Registration and Online Up date Use the Registration and V ir us Information Update screen to register for and activate the anti-virus packet scan feature on the Prestige.
Prestige 662H/HW Series User’s Guide 209 C hapter 17 Anti-Vir us Packet S can Figure 87 Anti Virus: Reg istration and V irus Information Update The following table describes the labels in this screen.
Prestige 662H/HW Series User’s Guide Chapter 17 Anti-Virus Packet Scan 210 17.5.1 Up dating th e Anti Virus Packet Scan Follow the steps below to update the virus scan on the Prestige manually . 1 In the Registration and V irus Information Update screen, click Update Now .
Prestige 662H/HW Series User’s Guide 211 C hapter 17 Anti-Vir us Packet S can.
Prestige 662H/HW Series User’s Guide Chapter 18 Introduction to IPSec 212 C HAPTER 18 Introduction to IPSec This chapter intr oduces the basics of IPSec VPNs. 18.1 VPN Overview A VPN (V irtual Private Network) provides sec ure communications betw een sites without the expense of leased site-to-site lines.
Prestige 662H/HW Series User’s Guide 213 Chapter 1 8 Introduc tion to IPSec Figure 90 Encryption and Decryption 18.1.3.2 Dat a Confidentiality The IPSec sender can encrypt packets befo re transmitting them across a network.
Prestige 662H/HW Series User’s Guide Chapter 18 Introduction to IPSec 214 Figure 91 IPSec Architecture 18.2.1 IPSec Algorithms The ESP (Encapsulating Security Payload) Protocol (RFC 2406) and AH (Au.
Prestige 662H/HW Series User’s Guide 215 Chapter 1 8 Introduc tion to IPSec Figure 92 T ransport and T unnel Mode IPSec Encapsulation 18.3.1 T ransport Mode Tr a n s p o r t mode is used to protect upper layer prot ocols and only af fects the da ta in the IP packet.
Prestige 662H/HW Series User’s Guide Chapter 18 Introduction to IPSec 216 NA T is incompatible with the AH protocol in both Tr a n s p o r t and T unnel mode. An IPSec VPN using the AH protocol digitally sig n s the outbound packet, both data p a yload and headers, with a hash value appe nded to the pack et.
Prestige 662H/HW Series User’s Guide 217 Chapter 1 8 Introduc tion to IPSec.
Prestige 662H/HW Series User’s Guide Chapter 19 VPN Screens 218 C HAPTER 19 VPN Screens This chapter intr oduces the VPN screens. See th e Logs chapter for information on viewing logs and the appendix for IPSec log descriptions.
Prestige 662H/HW Series User’s Guide 219 Chapter 19 VP N Screens 19.3 My IP Address My IP Address is the W AN IP address of the Prestige. The Prestige has to rebuild the VPN tunnel if the My IP Address changes after setup. The following applies if this field is configured as 0.
Prestige 662H/HW Series User’s Guide Chapter 19 VPN Screens 220 19.4 Secure Gateway Address Secure Gateway Address is the W AN IP address or domain name of the remote IPSec router (secure gateway). If the remote secure gateway has a static W AN IP address, enter it in the Secure Gateway Address field.
Prestige 662H/HW Series User’s Guide 221 Chapter 19 VP N Screens Figure 94 VPN Summary The following table describes the fields in this screen. Table 67 VPN Summ ary LABEL DESCRIPTION No. This is the VPN policy index number . Click a numbe r to edit VPN policies.
Prestige 662H/HW Series User’s Guide Chapter 19 VPN Screens 222 19.6 Keep Alive When you initiate an IPSec tunnel with keep alive enabled, the Prestige automatically renegotiates the tunnel when the I PSec SA lifetime period expires (see the IKE Phases section for more on the IPSec SA lifetime).
Prestige 662H/HW Series User’s Guide 223 Chapter 19 VP N Screens Figure 95 NA T Router Between IPSe c Routers Normally you cannot set up a VPN connecti on with a NA T router between the two IPSec routers because the NA T router c hanges the header of th e IPSec packet.
Prestige 662H/HW Series User’s Guide Chapter 19 VPN Screens 224 Figure 96 VPN Host using Intranet DNS Server Example If you do not sp ecify an Intran et DNS server on the remote network, th en the VP N host must use IP addresses to access the computers on the remote network.
Prestige 662H/HW Series User’s Guide 225 Chapter 19 VP N Screens 19.8.1 ID T ype and Content Examples T wo IPSec routers must have matching ID type and content configuration in order to set up a VPN tunnel. The two Prestiges in this ex ample can complete negotiation and establish a VPN tunnel.
Prestige 662H/HW Series User’s Guide Chapter 19 VPN Screens 226 The two Prestiges in this ex ample cannot complete their negotiation because Prestige B’ s Local ID type is IP , but Prestige A ’ s Peer ID type is set to E-mail . An “ID misma tched” message displays in the IPSEC LOG .
Prestige 662H/HW Series User’s Guide 227 Chapter 19 VP N Screens Figure 97 VPN IKE The following table describes the fields in this screen..
Prestige 662H/HW Series User’s Guide Chapter 19 VPN Screens 228 Table 72 VPN IKE LABEL DESCRIPTION IPSec Setup Active Select this check box to activate this VPN policy . Th is option determines whether a VPN rule is applied before a packet leaves the firewall.
Prestige 662H/HW Series User’s Guide 229 Chapter 19 VP N Screens End / Subnet Mask When the Loc al Address T ype field is configured to Single , this field is N/ A. When the Loca l Address T ype field is config ured to Range , enter the end (static) IP address, in a range of computers on the LAN behind your Prestige.
Prestige 662H/HW Series User’s Guide Chapter 19 VPN Screens 230 My IP Address Enter the WAN IP address of your Prestige. The VPN tunnel has to be rebuilt if this IP address changes. The following applies if this field is configured as 0.0.0.0 : The Prestige uses the current Prestige WAN IP address (static or dynamic) to set up the VPN tunnel.
Prestige 662H/HW Series User’s Guide 231 Chapter 19 VP N Screens 19.1 1 IKE Phases There are two phases to every IKE (Internet Key Exchange) ne gotiation – phase 1 (Authentication) and ph ase 2 (Key Exchange). A phase 1 exchange establishes an IKE SA and the second one uses that SA to negotiate SAs for IPSe c.
Prestige 662H/HW Series User’s Guide Chapter 19 VPN Screens 232 Figure 98 T wo Phases to Set Up the IPSec SA In phase 1 you must: • Choose a negotiation mode. • Authenticate the connection by entering a pre-shared key . • Choose an encryption algorithm.
Prestige 662H/HW Series User’s Guide 233 Chapter 19 VP N Screens • Main Mode ensures the highest level of security when the communi cating parties are negotiating authentication (phase 1). It u ses 6 messages in thr ee round trips: SA negotiation, Diffie-Hellman exchange and an exchange of nonces (a n once is a random number).
Prestige 662H/HW Series User’s Guide Chapter 19 VPN Screens 234 Figure 99 VPN IKE: Advanced Setup The following table describes the fields in this screen. Table 73 VPN IKE: Advanced Setup LABEL DESCRIPTION VPN - IKE Protocol Enter 1 for ICMP , 6 for TCP , 17 for UDP , etc.
Prestige 662H/HW Series User’s Guide 235 Chapter 19 VP N Screens End Enter a port number in this field to defin e a port range. This port number must be greater than that specified i n the previous fiel d. If Remote St art Port is left at 0, End will also remain at 0.
Prestige 662H/HW Series User’s Guide Chapter 19 VPN Screens 236 19.13 Manual Key Setup Manual key managemen t is useful if you have pro blems with IKE key managemen t. 19.13.1 Security Parameter Index (SPI) An SPI is used to distinguish dif ferent SAs te rminating at the same de stination and using the same IPSec protocol.
Prestige 662H/HW Series User’s Guide 237 Chapter 19 VP N Screens 19.14 Configuring Manual Key Y ou only configure VPN Manu al Key when you select Manual in the IPSec Key Mode field on the VPN IKE screen. This is the VPN Manual Key screen as shown next.
Prestige 662H/HW Series User’s Guide Chapter 19 VPN Screens 238 Table 74 VPN: Manual Key LABEL DESCRIPTION IPSec Setup Active Select this check box to activate this VPN policy . Name T ype up to 32 characters to ide ntify this VPN policy . Y ou may u se any character , including spaces, but the Prestige drops trailing spaces.
Prestige 662H/HW Series User’s Guide 239 Chapter 19 VP N Screens End / Subnet Mask Wh en the Remote Address T ype field is configured to Singl e , this field is N/A. When the Remote Address T ype field is configured to Range , enter the end (static) IP address, in a range of co mputers on the network behind the remote IPSec router .
Prestige 662H/HW Series User’s Guide Chapter 19 VPN Screens 240 19.15 V iewing SA Monitor Click VPN and Monitor to open the SA Monitor screen as shown. Use this screen to display and manage activ e VPN connections. A Security Association (SA) is the group of se cu rity settings related to a specific VPN tunnel.
Prestige 662H/HW Series User’s Guide 241 Chapter 19 VP N Screens 19.16 Configuring Global Setting T o change your Prestige’ s global settings, click VPN an d then Global Setting . The screen appears as shown. Figure 102 VPN: Global Setting The following table describes the fields in this screen.
Prestige 662H/HW Series User’s Guide Chapter 19 VPN Screens 242 19.17 T elecommuter VPN/IPSec Examples The following examples show how multiple telecommuters can make VPN connections to a single Prestige at headquarters. The telecomm uters use IPSec routers with dynamic W AN IP addresses.
Prestige 662H/HW Series User’s Guide 243 Chapter 19 VP N Screens 19.17.2 T elecommuters Usin g Unique VPN Rules Example In this example the telecommuters (A, B and C in the figure) use IPSec routers with domain names that are mapped to their dynamic W AN IP addresses (use Dynamic DNS to do this).
Prestige 662H/HW Series User’s Guide Chapter 19 VPN Screens 244 Figure 104 T elecommuters Using Uniq ue VPN Rules Example Table 78 T elecommuters Using Unique VPN Rules Example T ELECOMMUTERS HEADQUARTERS All T elecommuter Rules: All Headquarters Rules: My IP Address 0.
Prestige 662H/HW Series User’s Guide 245 Chapter 19 VP N Screens 19.18 VPN and Remote Management If a VPN tunnel uses T e lnet, FTP , WWW , then you should configure remo te management ( Remote Management ) to allow access for that service.
Prestige 662H/HW Series User’s Guide Chapter 20 Remote M anagement Configuration 246 C HAPTER 20 Remote Management Configuration This chapter pr ovides in formation on configur ing remote management.
Prestige 662H/HW Series User’s Guide 247 Chapter 20 Remote Ma nagement Configuration • A filter in SMT menu 3.1 (LAN) or in menu 1 1.5 (W AN) is applied to block a T elnet, FTP or W eb service. • Y ou have disabled that service in one of the remote management screens.
Prestige 662H/HW Series User’s Guide Chapter 20 Remote M anagement Configuration 248 20.4 W e b Y ou can use the Prestige’ s embedded web configur ator for configuration and file management . See the online help for details. 20.5 Configuring Remote Management Click Remote Management to open the following screen.
Prestige 662H/HW Series User’s Guide 249 Chapter 20 Remote Ma nagement Configuration.
Prestige 662H/HW Series User’s Guide Chapter 21 Universa l Plug-and-Play (UPnP) 250 C HAPTER 21 Universal Plug-and-Play (UPnP) This chapter intr oduces the UPnP feature in the web configurator .
Prestige 662H/HW Series User’s Guide 251 Chapter 21 Univer sal Plug-and-Play (UPnP) All UPnP-enabled devices may communicate freely with eac h other without additional configuration.
Prestige 662H/HW Series User’s Guide Chapter 21 Universa l Plug-and-Play (UPnP) 252 21.3 Inst alling UPnP in Windows Example This section shows ho w to install UPnP in W indows Me and W indows XP . Inst alling UPnP in Windows Me Follow the steps below to inst all the UPnP in W indows Me.
Prestige 662H/HW Series User’s Guide 253 Chapter 21 Univer sal Plug-and-Play (UPnP) Figure 108 Add/Remove Programs: Wind ows Setup: Communication 3 In the Communications window , select the Universal Plug and Play check bo x in the Components selection box.
Prestige 662H/HW Series User’s Guide Chapter 21 Universa l Plug-and-Play (UPnP) 254 Inst alling UPnP in Windows XP Follow the steps below to install the UPnP in Windows XP .
Prestige 662H/HW Series User’s Guide 255 Chapter 21 Univer sal Plug-and-Play (UPnP) Figure 1 1 1 Windows Optional Networking Com ponents Wizard 5 In the Networking Services window , select the Universal Plug and Play check box.
Prestige 662H/HW Series User’s Guide Chapter 21 Universa l Plug-and-Play (UPnP) 256 Figure 1 12 Networking Services 6 Click OK to go back to the W indows Optional Networking Component W izard window and click Next . 21.4 Using UPnP in Windows XP Example This section shows yo u how to use the UPnP feature in Wi ndows XP .
Prestige 662H/HW Series User’s Guide 257 Chapter 21 Univer sal Plug-and-Play (UPnP) Figure 1 13 Network Connections 3 In the Internet Connection Properties window , click Settings to see the port mappings there were automatically created.
Prestige 662H/HW Series User’s Guide Chapter 21 Universa l Plug-and-Play (UPnP) 258 Figure 1 14 Internet Connection Properties 4 Y ou may edit or delete the port mappings or click Add to manually add port mappings.
Prestige 662H/HW Series User’s Guide 259 Chapter 21 Univer sal Plug-and-Play (UPnP) Figure 1 15 Internet Connection Properties: Adva nced Settings Figure 1 16 Internet Connection Properties: Advanced Settings: Add 5 When the UP nP-enabled device is disconn ected from your computer , all port mappings will be deleted automatically .
Prestige 662H/HW Series User’s Guide Chapter 21 Universa l Plug-and-Play (UPnP) 260 Figure 1 17 System T r ay Icon 7 Double-click on the icon to display yo ur curr ent Internet co nnection status.
Prestige 662H/HW Series User’s Guide 261 Chapter 21 Univer sal Plug-and-Play (UPnP) Figure 1 19 Network Connections 4 An icon with the description for e ach UPnP-enabled device disp lays under Local Network . 5 Right-click on the icon for your Prestige and select Invoke .
Prestige 662H/HW Series User’s Guide Chapter 21 Universa l Plug-and-Play (UPnP) 262 Figure 120 Network Connections: My Network Places 6 Right-click on the icon for your Prestige and select Pr operties . A properties window displays with basic information about the Prestige.
Prestige 662H/HW Series User’s Guide 263 Chapter 21 Univer sal Plug-and-Play (UPnP).
Prestige 662H/HW Series User’s Guide Chapter 22 Logs Scree ns 264 C HAPTER 22 Logs Screens This chapter contains informa tion about configuring general log settings and viewing the Pr estige’ s logs. Refer to the appendix for example log messa ge e xplanations.
Prestige 662H/HW Series User’s Guide 265 Chapter 22 Log s Screens Figure 122 Log Settings The following table describes the fields in this screen. Table 81 Log Settings LABEL DESCRIPTION Address Info Mail Server Enter the server name or the IP address of the mail server for the e-mail addresses specified below .
Prestige 662H/HW Series User’s Guide Chapter 22 Logs Scree ns 266 22.3 Displaying the Logs Click Logs and then Vi e w L o g to open the Vie w L og s sc reen. Use the Vi e w L og s screen to see the logs for the categories that you selected in the Log Settings screen (see the Configuring Log Settings section ).
Prestige 662H/HW Series User’s Guide 267 Chapter 22 Log s Screens Figure 123 Vi ew Logs The following table describes the fields in this screen. 22.4 SMTP Error Messages If there are d iffic ulties in sendi ng e-mail the following error m essages appe ar .
Prestige 662H/HW Series User’s Guide Chapter 22 Logs Scree ns 268 22.4.1 Example E-mail Log An "End of Log" message displays for each ma il in which a complete log has been sent. The following is an example of a log sent by e-mail. • Y ou may edit the subject title.
Prestige 662H/HW Series User’s Guide 269 Chapter 22 Log s Screens.
Prestige 662H/HW Series User’s Guide Chapter 23 M edia Bandwidth Managemen t Advanced Setup 270 C HAPTER 23 Media Bandwid th Management Advanced Setup This chapter describes th e functions and ad vanced configuration of bandwidth managemen t.
Prestige 662H/HW Series User’s Guide 271 Chapter 23 Med ia Bandwidth Management Advanced Setu p that you configure child-classes with filters fo r any classes that you co nfigure without filters. The Prestige leaves the bandwidth budget allocate d and unused for a class that does not have a filter itself or child-classes with filters.
Prestige 662H/HW Series User’s Guide Chapter 23 M edia Bandwidth Managemen t Advanced Setup 272 Figure 126 Subnet-based Ba ndwidt h Management Example 23.
Prestige 662H/HW Series User’s Guide 273 Chapter 23 Med ia Bandwidth Management Advanced Setu p 23.5.1 Priority-based Scheduler W ith the priority-based scheduler , the Prestige forwards traffic from bandwidth classes according to the priorities that you assign to the bandwidth classes.
Prestige 662H/HW Series User’s Guide Chapter 23 M edia Bandwidth Managemen t Advanced Setup 274 23.6.2 Maximize Ba ndwid th Usag e Example Here is an example of a Prestige that has ma xi mized bandwidth usage ena bled on an interface. The first figure shows each bandwidth class’ s bandwidth bu dget and pr iority .
Prestige 662H/HW Series User’s Guide 275 Chapter 23 Med ia Bandwidth Management Advanced Setu p Figure 129 Maximize Bandwid th Usage Example 23.7 Bandwid th Borrowing Bandwidth borrowing allows a ch.
Prestige 662H/HW Series User’s Guide Chapter 23 M edia Bandwidth Managemen t Advanced Setup 276 Figure 130 Bandwidth Borrowing Example • The Bill class can borrow un used bandwidth from the Sales USA class because the Bill class has bandwidth borrowing enabled.
Prestige 662H/HW Series User’s Guide 277 Chapter 23 Med ia Bandwidth Management Advanced Setu p 23.7.2 Maximize Bandwid th Us age With Bandwid th Borrowing If you configure both maximiz e bandwidth usage (on the interface) and bandwidth bo rrowing (on individual child-classes), th e Prestige functions as follows.
Prestige 662H/HW Series User’s Guide Chapter 23 M edia Bandwidth Managemen t Advanced Setup 278 23.9 Configuring Class Setup The class se tup screen displays the configured band width classes by individual interface. Select an interface and click the buttons to pe rform the actions describe d next.
Prestige 662H/HW Series User’s Guide 279 Chapter 23 Med ia Bandwidth Management Advanced Setu p Figure 132 Media Bandwid th Management: Class Setup The following table describes the labels in this screen. 23.9.1 Media Bandwid th Mana gement Class Configuration Configure a bandwidth management class in the Class Configuration scre en.
Prestige 662H/HW Series User’s Guide Chapter 23 M edia Bandwidth Managemen t Advanced Setup 280 Figure 133 Media Bandwid th Management: Class Configuration The following table describes the labels i.
Prestige 662H/HW Series User’s Guide 281 Chapter 23 Med ia Bandwidth Management Advanced Setu p Service Y ou can select a predefined serv i ce instead of configuring th e Destination Port , Source Port and Protocol ID fields.
Prestige 662H/HW Series User’s Guide Chapter 23 M edia Bandwidth Managemen t Advanced Setup 282 23.9.2 Media Bandwid th Management St atistics Use the Media Bandwidth Management S tatistics screen to view network performance information. Click the S tatistics button in the Class Setup screen to open the St a t i s t i c s screen.
Prestige 662H/HW Series User’s Guide 283 Chapter 23 Med ia Bandwidth Management Advanced Setu p 23.10 Bandwid th Monitor T o view the Pres tige’ s bandwidt h usage and allotments, click Media Bandwidth Management , then Monitor . The screen appears as shown.
Prestige 662H/HW Series User’s Guide Chapter 24 Maintenance 284 C HAPTER 24 Maintenance This chapter displays system information such as ZyN OS firmwar e, port IP addresses and port traffic statistics.
Prestige 662H/HW Series User’s Guide 285 Chapter 24 Maintenance Figure 136 System S tatus The following table describes the fields in this screen. Table 91 System S tatus LABEL DESCRIPTION System S tatus System Name This is the name of your Pre stige.
Prestige 662H/HW Series User’s Guide Chapter 24 Maintenance 286 24.2.1 System St atistics Click Show S tatistics in the System S tatus scre en to open the following screen. Read-only information here includes port status and packet specific statistics.
Prestige 662H/HW Series User’s Guide 287 Chapter 24 Maintenance Figure 137 System S tatus: Show S tatistics The following table describes the fields in this screen. Table 92 System S tatus: Show S tatistics LABEL DESCRIPTION System up T ime This is the elapsed time the system has been up.
Prestige 662H/HW Series User’s Guide Chapter 24 Maintenance 288 24.3 DHCP T able Screen DHCP (Dynamic Host Configuration Protocol , RFC 2131 and RFC 2132) allows indiv idual clients to obtain TCP/IP configuration at star t-up from a server . Y ou can configure the Prestige as a DHCP server or disable it.
Prestige 662H/HW Series User’s Guide 289 Chapter 24 Maintenance 24.4 Any IP T able Screen Click Maintenance , Any IP . The Any IP table sho ws cu rrent read-only information (including the IP address and the MAC address) of all network devices that use the Any IP feature to communicate w ith the Prestige.
Prestige 662H/HW Series User’s Guide Chapter 24 Maintenance 290 Figure 140 Associa tion List The following table describes the fields in this screen. 24.6 Diagnostic Screens These read-only screens display information to help you identify proble ms with the Prestige.
Prestige 662H/HW Series User’s Guide 291 Chapter 24 Maintenance Figure 141 Diagnostic: General The following table describes the fields in this screen. 24.6.2 Diagnostic DSL Line Screen Click Diagnostic and then DSL Line to o pen the screen shown next.
Prestige 662H/HW Series User’s Guide Chapter 24 Maintenance 292 Figure 142 Diagnostic: DSL Line The following table describes the fields in this screen. Table 97 Diagnostic: DSL Line LABEL DESCRIPTION Reset ADSL Line Click this button to reinitialize the ADSL line.
Prestige 662H/HW Series User’s Guide 293 Chapter 24 Maintenance 24.7 Firmware Screen Find firmware at www .zyxel.com in a file that (usually) uses the system model name with a "*.bin" extension, e.g., "Prestige.bin". The upload process uses HTTP (Hypertext T ransfer Protocol) and may take up to two minutes.
Prestige 662H/HW Series User’s Guide Chapter 24 Maintenance 294 After you see the Firmware Upload in Pr ocess screen, wait two minutes before logging into the Prestige again. The Prestige automatically restarts in this time causing a temporary networ k disconnect.
Prestige 662H/HW Series User’s Guide 295 Chapter 24 Maintenance.
Prestige 662H/HW Series User’s Guide Chapter 25 Intro ducing the SMT 296 C HAPTER 25 Introducing the SMT This chapter explains how to ac cess and navigat e the System Management T erminal and giv es an overview of its menus.
Prestige 662H/HW Series User’s Guide 297 Chapter 25 In troducing the SMT Figure 146 Login Screen 25.1.3 Prestige SMT Menu Overview W e use the Prestige 662HW -61 SMT menus in this guide as an example. The SMT menus vary slightly for different Prestige models.
Prestige 662H/HW Series User’s Guide Chapter 25 Intro ducing the SMT 298 Several operations that you should be fam iliar with before you a ttempt to modify the configuration are listed in the table below . After you enter the password, the SMT di splays the main menu, as shown next.
Prestige 662H/HW Series User’s Guide 299 Chapter 25 In troducing the SMT 25.2.1 System Manage ment T erminal Interface Summary 25.3 Changing the System Password Change the P restige defau lt password by following the steps shown next. 1 Enter 23 in the main menu to display Menu 23 - System Securi ty .
Prestige 662H/HW Series User’s Guide Chapter 25 Intro ducing the SMT 300 Figure 148 Menu 23.1 Chang e Password 4 T ype your new system password in the New Password field (up to 30 characters), and press [ENTER] . 5 Re-type your new system password in the Retype to confirm field for confirmation and press [ENTER] .
Prestige 662H/HW Series User’s Guide 301 Chapter 25 In troducing the SMT.
Prestige 662H/HW Series User’s Guide Chapter 26 Menu 1 General Setup 302 C HAPTER 26 Menu 1 General Setup Menu 1 - General Setup contains administrative an d system-r elated information. 26.1 General Setup Menu 1 — General Setup contains administrative and system-related information (shown next).
Prestige 662H/HW Series User’s Guide 303 Chapter 26 Menu 1 General Setup Figure 149 Menu 1 General Setu p Fill in the required fields. Refer to the tabl e shown next for more information about these fields.
Prestige 662H/HW Series User’s Guide Chapter 26 Menu 1 General Setup 304 Figure 150 Menu 1.1 Configure Dyn amic DNS Follow the instructions in the next tabl e to configure dynamic DNS parameters. Menu 1.1 - Configure Dynamic DNS Service Provider= WWW.
Prestige 662H/HW Series User’s Guide 305 Chapter 26 Menu 1 General Setup.
Prestige 662H/HW Series User’s Guide Chapter 27 Menu 2 WAN Backup Setup 306 C HAPTER 27 Menu 2 W AN Backup Setup This chapter describes ho w to configur e traffic r edir ect an d dial-backup using menu 2 and 2.
Prestige 662H/HW Series User’s Guide 307 Chapter 27 Menu 2 WAN Backup Setup 27.2.1 T raffic Redirect Setup Configure parameters that determine when th e Prestige will forward W AN traffic to the backup gateway using Menu 2.1 — T raffic Redir ect Setup .
Prestige 662H/HW Series User’s Guide Chapter 27 Menu 2 WAN Backup Setup 308 27.3 Configuring Dial Backup Setup 1 From the main menu, enter 2 to open me nu 2. Then move the curs or to the Dial Backup field in 2 Menu 2 - W AN Backup Setup , pre ss the [SP ACE BAR] to select Ye s and then press [ENTER].
Prestige 662H/HW Series User’s Guide 309 Chapter 27 Menu 2 WAN Backup Setup 27.4 Advanced Dial Backup Setup T o edit the advanced setup for the dial backup port, move the cursor to the Edit Advanced Setup field in Menu 2.2 Dial Backup Setup , press the [SP ACE BAR] to select Ye s and then press [ENTER].
Prestige 662H/HW Series User’s Guide Chapter 27 Menu 2 WAN Backup Setup 310 Figure 154 Menu 2.2.1 Advanced Dial Backup Setup The following table describes fields in this menu.
Prestige 662H/HW Series User’s Guide 311 Chapter 27 Menu 2 WAN Backup Setup Drop T imeout (sec) Enter a number of seconds fo r the Prestige to wait before dropping the DTR signal if it does not receive a positive disconnect confirmatio n.
Prestige 662H/HW Series User’s Guide Chapter 28 Menu 3 LAN Setup 312 C HAPTER 28 Menu 3 LAN Setup This chapter covers how to configur e your wir ed Local Ar ea Network (LAN) settings. 28.1 LAN Setup This section describes how to configure the Ethernet using Menu 3 — LAN Setup .
Prestige 662H/HW Series User’s Guide 313 C hapter 28 Men u 3 LAN Setup 28.2 Protocol Dependent Ethernet Setup Depending on the proto cols for your applications, you need to co nfigure the respectiv e Ethernet Setup, as outlined below . • For TCP/IP Ethernet setup refer to the Internet Access Configuration section .
Prestige 662H/HW Series User’s Guide Chapter 28 Menu 3 LAN Setup 314 Figure 157 Menu 3.2 TCP/IP and DHCP Ethernet Se tup Follow the instructions in the following table on how to configure th e DHCP fields. Follow the instructions in the following tabl e to configure TCP/IP parameters for the Ethernet port.
Prestige 662H/HW Series User’s Guide 315 C hapter 28 Men u 3 LAN Setup IP Subnet Mask Y our Prestige will automatically calculate the su bnet mask based on the IP address that you assign. Unl ess you are implemen ting subnetting, use the subnet mask computed by the Prestige (refer to the IP Subnetting appendix for more information).
Prestige 662H/HW Series User’s Guide Chapter 29 Wireless LAN Setup 316 C HAPTER 29 W ireless LAN Setup This chapter covers how to configur e wir e less LAN se ttings in SMT menu 3.5. 29.1 Wireless LAN Overview Refer to the chapter on the wireless LAN scr eens for wireless LAN background information.
Prestige 662H/HW Series User’s Guide 317 Chapter 29 Wirele ss LAN Setup 29.2.1 Wireless LAN MAC Address Filter The next layer of security is MAC address filter . T o allow a wireless st ation to associate with the Prestige, enter the MAC address of the wireless LAN ada pter on that wireless station in the MAC address table.
Prestige 662H/HW Series User’s Guide Chapter 29 Wireless LAN Setup 318 Figure 159 Menu 3.5.1 WLAN MAC Address Filtering The following table describes the fields in this menu.
Prestige 662H/HW Series User’s Guide 319 Chapter 29 Wirele ss LAN Setup.
Prestige 662H/HW Series User’s Guide Chapter 30 Internet Access 320 C HAPTER 30 Internet Access This chapter shows you how to configur e th e LAN and W AN of your Prestige for Internet access .
Prestige 662H/HW Series User’s Guide 321 Chapter 30 Internet Access Figure 160 IP Alias Network Example Use menu 3.2.1 to co nfigure IP Alias on your Prestige.
Prestige 662H/HW Series User’s Guide Chapter 30 Internet Access 322 Figure 162 Menu 3.2.1 IP Alias Setup Follow the instructions in the following table to configure IP Alias parameters. 30.5 Route IP Setup The first step is to en able the IP routing in Menu 1 — General Setup .
Prestige 662H/HW Series User’s Guide 323 Chapter 30 Internet Access Figure 163 Menu 1 General Setu p 30.6 Internet Access Configuration Menu 4 allows you to enter the Internet Access information in one screen. Menu 4 is actually a simplified setup for one of t he remote nodes that you can access in menu 1 1 .
Prestige 662H/HW Series User’s Guide Chapter 30 Internet Access 324 . If all your settings are correct your Prestige shou ld connect automatically to the Internet. If the connection fails, note the error message that you receive on the screen and take the appropriate troubleshooting steps.
Prestige 662H/HW Series User’s Guide 325 Chapter 30 Internet Access.
Prestige 662H/HW Series User’s Guide Chapter 31 Remot e Node Configur ation 326 C HAPTER 31 Remote Node Configuration This chapter covers r emo te node configu ration. 31.1 Remote Node Setup Overview This section describes the protocol-independent parameters for a remote node.
Prestige 662H/HW Series User’s Guide 327 Chap ter 31 Remote Node Configuratio n Figure 165 Menu 1 1 Remote Node Setup 31.2.2 Encap sulation and Multiplexing Scenarios For Internet access you should use the encapsulation and multiple xing methods used by your ISP .
Prestige 662H/HW Series User’s Guide Chapter 31 Remot e Node Configur ation 328 Figure 166 Menu 1 1.1 Remote Node Profile In Menu 1 1 .1 – Remote Node Profile , fill in the fields as de scrib ed in the following table.
Prestige 662H/HW Series User’s Guide 329 Chap ter 31 Remote Node Configuratio n 31.2.3 Outgoing Au thentication Protocol For obvious reasons, you sho uld employ the strongest authentication protocol possible. However , some vendors’ implementation includ es specific authentication protocol in the user profile.
Prestige 662H/HW Series User’s Guide Chapter 31 Remot e Node Configur ation 330 31.3 Remote Node Network Layer Options For the TCP/IP parameters, perf orm the following steps to edit Menu 1 1.3 – Remote Node Network Layer Options as shown next. 1 In menu 1 1.
Prestige 662H/HW Series User’s Guide 331 Chap ter 31 Remote Node Configuratio n 31.3.1 My W AN Addr Sample IP Addresses The following figure uses sample IP addresses to help you understand the field of My W AN Addr in menu 1 1.
Prestige 662H/HW Series User’s Guide Chapter 31 Remot e Node Configur ation 332 Figure 168 Sample IP Addresses for a TC P/IP LAN-to-LAN Connection 31.4 Remote Node Filter Move the cu rs or to the Edit Filter Sets field in menu 1 1 .1, then press [SP ACE BAR] to select Ye s .
Prestige 662H/HW Series User’s Guide 333 Chap ter 31 Remote Node Configuratio n Figure 169 Menu 1 1.5 Remote Node Filter (RFC 1483 or ENET Encap sulation) Figure 170 Menu 1 1.5 Remote Node Filter (PPPoA or PPPoE Encapsulation) 31.5 Editing A TM Layer Options Follow the steps shown next to edit Menu 1 1.
Prestige 662H/HW Series User’s Guide Chapter 31 Remot e Node Configur ation 334 Figure 171 Menu 1 1.6 for VC-based Multiplexing 31.5.2 LLC-based Multiplexing or PPP Encap sulation For LLC-based multiplexing or PPP encapsulation, one VC ca rries multiple protocols with protocol identifyi ng information being contained in each packet header .
Prestige 662H/HW Series User’s Guide 335 Chap ter 31 Remote Node Configuratio n Figure 173 Menu 1 1.1 Remote Node Profile Move the cursor to the Edit Advance Options field, press [SP ACE BAR] to select Ye s , then press [ENTER] to display Menu 1 1.8 – Advance Setup Options .
Prestige 662H/HW Series User’s Guide Chapter 32 Static Route Setup 336 C HAPTER 32 S t atic Route Setup This chapter shows how to setup IP static ro utes. 32.1 IP S tatic Route Overview Stat ic routes tell the Prestige ro uting information that it cann ot learn automatically through other means.
Prestige 662H/HW Series User’s Guide 337 Chapter 32 Static Route Setup Figure 176 Menu 12 S tati c Route Setup From menu 12, select 1 to open Menu 12.1 — IP S tatic Route Setup (shown next). Figure 177 Menu 12.1 IP S tatic Route Setup Now , type the route number of a st atic route you want to configure.
Prestige 662H/HW Series User’s Guide Chapter 32 Static Route Setup 338 The following table describes the fields for Menu 12.1.1 – Edit IP S tatic Route Setup . Table 118 Menu12.1.1 Edit IP S tatic Route FIELD DESCRIPTION Route # This is the index number of the stat ic route that you chose in menu 12.
Prestige 662H/HW Series User’s Guide 339 Chapter 32 Static Route Setup.
Prestige 662H/HW Series User’s Guide Chapter 33 Bridgin g Setup 340 C HAPTER 33 Bridging Setup This chapter shows you how to configur e the bridging parameters of your Pr es tige.
Prestige 662H/HW Series User’s Guide 341 Chapter 33 Bridging Setup Figure 179 Menu 1 1.1 Remote Node Profile 3 Move the cursor to the Edit IP/Bridge field, then press [ SP ACE BAR ] to set the value to Ye s a nd press [E NTER] to edit Menu 1 1.3 – Remote Node Network Layer Options .
Prestige 662H/HW Series User’s Guide Chapter 33 Bridgin g Setup 342 33.2.2 Bridge St atic Route Setup Similar to network layer static routes, a bridging static route tells the Prestige the route to a node before a conn ection is established. Y ou c onfigure b ridge static routes in menu 12.
Prestige 662H/HW Series User’s Guide 343 Chapter 33 Bridging Setup.
Prestige 662H/HW Series User’s Guide Chapter 34 Network Address Translation (NAT) 344 C HAPTER 34 Network Address T ranslation (NA T) This chapter discusses how to configur e NA T on the Pr es tige.
Prestige 662H/HW Series User’s Guide 345 Chapter 34 Network Address Transla tion (NAT) Figure 182 Menu 4 Applying NA T for Internet Access The following figure shows how you apply NA T to the remote node in menu 1 1.1. 1 Enter 1 1 from the main menu.
Prestige 662H/HW Series User’s Guide Chapter 34 Network Address Translation (NAT) 346 34.3 NA T Setup Use the address mapping sets me nus and submenus to create the mapping table used to assign global addresses to computers on the LAN. Set 255 is used for SUA.
Prestige 662H/HW Series User’s Guide 347 Chapter 34 Network Address Transla tion (NAT) Figure 185 Menu 15.1 Addr ess Mapping Sets 34.3.1.1 SUA Address Mapping Set Enter 255 to display the next screen (see also secti on 27.1.1). The fields in t his menu cannot be changed.
Prestige 662H/HW Series User’s Guide Chapter 34 Network Address Translation (NAT) 348 34.3.1.2 User-Defined Address Mapping Set s Now let’ s look at option 1 in menu 15.1. En ter 1 to bring up this menu. W e’ll just look at the differences from the previous menu.
Prestige 662H/HW Series User’s Guide 349 Chapter 34 Network Address Transla tion (NAT) 34.3.1.3 Ordering Y our Rules Ordering your rules is important because the Pr estige applies the rules in the order that you specify . When a rule matches the c urrent pack et, the Prestige take s the corresponding action and the remaining rules are ignored.
Prestige 662H/HW Series User’s Guide Chapter 34 Network Address Translation (NAT) 350 Figure 188 Menu 15.1.1.1 Editing/Configuring a n Individual Rule in a Set The following table explains the fields in t his menu.
Prestige 662H/HW Series User’s Guide 351 Chapter 34 Network Address Transla tion (NAT) Figure 189 Menu 15.2 NA T Server Setup 3 Enter 1 to go to Menu 15.2.1 NA T Server Setup as follows. Figure 190 Menu 15.2.1 NA T Server Setup 4 Enter a port number in an unused St a r t P o r t N o field.
Prestige 662H/HW Series User’s Guide Chapter 34 Network Address Translation (NAT) 352 Figure 191 Multiple Servers Behind NA T Example 34.5 General NA T Examples The following are some exam ples of NA T configuration.
Prestige 662H/HW Series User’s Guide 353 Chapter 34 Network Address Transla tion (NAT) Figure 192 NA T Examp le 1 Figure 193 Menu 4 Internet Access & NA T Example From menu 4, choose the SUA Only option from the Network Address T ranslation field.
Prestige 662H/HW Series User’s Guide Chapter 34 Network Address Translation (NAT) 354 Figure 194 NA T Examp le 2 In this case, you do exactly as above (use the convenient pre-configured SUA Only set) and also go to menu 15.2 to specify the Inside Server behind the NA T as shown in the next figure.
Prestige 662H/HW Series User’s Guide 355 Chapter 34 Network Address Transla tion (NAT) Y ou also map your third IGA to the web serv er and mail server on the LAN. T ype Server allows you to specify multiple se rvers, of dif ferent types, to other computers behind NA T on the LAN.
Prestige 662H/HW Series User’s Guide Chapter 34 Network Address Translation (NAT) 356 Figure 197 Example 3: Menu 1 1.3 The following figures show how to configure the first rule Figure 198 Example 3: Menu 15.
Prestige 662H/HW Series User’s Guide 357 Chapter 34 Network Address Transla tion (NAT) Figure 199 Example 3: Final Menu 15.1.1 Now configure the IGA3 to map to our web server and mail server on the LAN. 1 Enter 15 from the main menu. 2 Enter 2 in Menu 15 - NA T Setup .
Prestige 662H/HW Series User’s Guide Chapter 34 Network Address Translation (NAT) 358 Figure 200 Example 3: Menu 15.2.1 34.5.4 Example 4: NA T Unfr iendly Application Programs Some applications do not support NA T Mapping using TCP or UDP port address translation.
Prestige 662H/HW Series User’s Guide 359 Chapter 34 Network Address Transla tion (NAT) Figure 202 Example 4: Menu 15.1.1.1 Address Mappin g Rule After you’ve configured your rule , you should be able to check the settings in menu 15.1.1 as shown next.
Prestige 662H/HW Series User’s Guide Chapter 35 Enabling the Firewall 360 C HAPTER 35 Enabling the Firewall This chapter shows you how to get started with the Pr estige fir ewall.
Prestige 662H/HW Series User’s Guide 361 Chapter 35 Enablin g the Firewall Figure 204 Menu 21.2 Firewa ll Setup Use the we b configurat or or the comm and in terpreter to configure the firewall rules Menu 21.2 - Firewall Setup The firewall protects against Denial of Service (DOS) attacks when it is active.
Prestige 662H/HW Series User’s Guide Chapter 36 Filter Configuration 362 C HAPTER 36 Filter Configuration This chapter shows you how to cr eate and apply filters. 36.1 About Filtering Y our Prestige uses filters to decide whether or no t to allow passage of a data packet and/or to make a call.
Prestige 662H/HW Series User’s Guide 363 Chapter 36 Filter Configuration Figure 206 Filter Rule Process Y ou can apply up to four filter sets to a partic ular port to block various types of packets. Because each filter set can have up to six rules, you can have a maximum of 24 rules active for a single port.
Prestige 662H/HW Series User’s Guide Chapter 36 Filter Configuration 364 36.2 Configuring a Filter Set for the Prestige T o configure a filter set, follow the steps shown next. 1 Enter 21 in the main menu to display Menu 21 – Filter and Fir ewall Setup .
Prestige 662H/HW Series User’s Guide 365 Chapter 36 Filter Configuration Figure 209 NetBIOS_LAN Filter Rules Summary Figure 210 IGMP Filter Rules Summary 36.3 Filter Rules Summary Menus The following tables briefly descri be the abbreviations used in menus 21.
Prestige 662H/HW Series User’s Guide Chapter 36 Filter Configuration 366 The protocol dependent filter rules abbreviation are listed as follows: 36.4 Configuring a Filter Rule T o configure a filter rule , type its number in Menu 21.1.x – Filter Rules Summary and press [ENTER] to open menu 21.
Prestige 662H/HW Series User’s Guide 367 Chapter 36 Filter Configuration 36.4.1 TCP/IP Filter Rule This section shows you how to configure a TCP/IP filter rule. TCP/IP rules allow you to base the rule on the fiel ds in the IP and the upper layer protocol, for example, UDP and TCP headers.
Prestige 662H/HW Series User’s Guide Chapter 36 Filter Configuration 368 The following figure illustrates th e logic flow of an IP filter. Port # T ype the destination port of the packets you want to fi lter . The field rang e is 0 to 65535. A 0 field i s ignored.
Prestige 662H/HW Series User’s Guide 369 Chapter 36 Filter Configuration Figure 212 Executing an IP Filter 36.4.2 Generic Filter Rule This section shows you how to co nfigure a generic filter rule. The purpose of generic rules is to allow you to filter non-IP packets.
Prestige 662H/HW Series User’s Guide Chapter 36 Filter Configuration 370 T o configure a generic rule select an empty filter set in menu 21, for example 5. Select Generic Filter Rule in the Filter T y pe field and press [ENTER] to open Menu 21.1.5.1 – Generic Filter Rule , as shown in th e following figure.
Prestige 662H/HW Series User’s Guide 371 Chapter 36 Filter Configuration 36.5 Filter T ypes and NA T There are two classes of filter rules, Generic Filter Device rules and Protocol Filter ( TCP/IP ) rules. Generic Filter rules act on the raw data from/ to LAN and W AN.
Prestige 662H/HW Series User’s Guide Chapter 36 Filter Configuration 372 Figure 215 Sample T elnet Filter 1 Enter 1 in the menu 21 to display Menu 21.1 — Fi lter Set Configuration . 2 Enter the index number of th e filter set you want to configure (in this case 6) .
Prestige 662H/HW Series User’s Guide 373 Chapter 36 Filter Configuration 2 Go to the Edit Filter Sets field, press [SP ACE BAR] to choose Ye s and press [ENTER]. This brings you to menu 11.5. Apply the ex ample filter set (for example, fi lter set 3) in this menu as shown in the next section.
Prestige 662H/HW Series User’s Guide Chapter 36 Filter Configuration 374 36.7.1 Ethernet T raffic Y ou seldom need to filter Ethernet traffic; however , the filter sets may be useful to block certain packets, reduce traffic and prevent secur ity breaches.
Prestige 662H/HW Series User’s Guide 375 Chapter 36 Filter Configuration.
Prestige 662H/HW Series User’s Guide Chapter 37 SNMP Configuration 376 C HAPTER 37 SNMP Configuration This chapter explains SNM P Configuration menu 22. 37.1 About SNMP Simple Network Management Protocol (SNM P) i s a protocol u sed for exchanging management information b etween network devices.
Prestige 662H/HW Series User’s Guide 377 Chapter 37 SNMP Configuration The managed devices cont ain object variables/ managed objects that define each piece of information to be collected ab out a device. Examples of vari ables include the number of packets received, node port status etc.
Prestige 662H/HW Series User’s Guide Chapter 37 SNMP Configuration 378 Figure 221 Menu 22 SNMP Configurat ion The following table describes the SNMP configuration parameters.
Prestige 662H/HW Series User’s Guide 379 Chapter 37 SNMP Configuration The port number is its interface index under the interface group. 5 authenticationFailure ( defined in RFC-1215 ) A trap is sent to the manager when receiving any SNMP gets or set s requirements with wrong community (password).
Prestige 662H/HW Series User’s Guide Chapter 38 System Security 380 C HAPTER 38 System Security This chapter describes how to configur e the system security on the Prestige. 38.1 System Security Y ou can configure the system passw ord.. 38.1.1 System Password Enter 23 in the main menu to display Menu 23 – System Security .
Prestige 662H/HW Series User’s Guide 381 Chapter 38 Syst em Security Figure 224 Menu 23.2 System Security: RADIUS Server The following table describes the fields in this menu. Menu 23.2 - System Security - RADIUS Server Authentication Server: Active= No Server Address= 10.
Prestige 662H/HW Series User’s Guide Chapter 38 System Security 382 38.1.3 IEEE802.1x The IEEE802.1x standards outline enhanced secur ity methods for both the authentication of wireless stations and en cryption key managemen t. Follow the steps below to enable EA P authentication on your Prestige.
Prestige 662H/HW Series User’s Guide 383 Chapter 38 Syst em Security Table 134 Menu 23.4 System Secur ity : IEEE802.1x FIELD DESCRIPTION Wireless Port Control Press [SP ACE BAR] and select a securi ty mode for the wireless LAN access.
Prestige 662H/HW Series User’s Guide Chapter 38 System Security 384 Once you enable user authenticatio n, you need to specify an exte rnal RADIUS server or create local user accounts on the Prestige for authentication.
Prestige 662H/HW Series User’s Guide 385 Chapter 38 Syst em Security Figure 227 Menu 14 Dial-in User Setup 2 T ype a number and press [ENTER] to edit the user profile. Figure 228 Menu 14.1 Edit Dial-in User The following table describes the fields in this menu.
Prestige 662H/HW Series User’s Guide Chapter 39 System Inform ation and Diagnosis 386 C HAPTER 39 System Information and Diagnosis This chapter covers the inform ation and diagnostic tools in SMT menu s 24.
Prestige 662H/HW Series User’s Guide 387 Chapter 39 System Information and Diagnosis T o get to System Stat us , type 24 to go to Menu 24 — System Maintenance. From this menu, type 1 . System S tatus . There are two commands in Menu 24.1 — System Maintenance — St a t u s .
Prestige 662H/HW Series User’s Guide Chapter 39 System Inform ation and Diagnosis 388 39.3 System Information T o get to the System Information: 1 Enter 24 to display Menu 24 — System Maintenance . 2 Enter 2 to display Menu 24.2 — System Information a nd Console Port Speed.
Prestige 662H/HW Series User’s Guide 389 Chapter 39 System Information and Diagnosis Figure 232 Menu 24.2.1 System Maintenance: In formation The following table describes the fields in this menu. 39.3.2 Console Port Speed Y ou can set up different port speeds for the console port through Menu 24.
Prestige 662H/HW Series User’s Guide Chapter 39 System Inform ation and Diagnosis 390 Figure 233 Menu 24.2.2 System Maintenance : Chang e Console Port Speed Once you change the Prestige console port speed , you must also set the speed parameter for the communication software you are using to connect to the Prestige.
Prestige 662H/HW Series User’s Guide 391 Chapter 39 System Information and Diagnosis Figure 235 Sample Error an d Informat ion Messages 39.4.2 Syslog and Accounting The Prestige uses the syslog fa cility to log the CDR (Call Deta il Record) and system messages to a syslog server.
Prestige 662H/HW Series User’s Guide Chapter 39 System Inform ation and Diagnosis 392 Figure 237 Syslog Example 1 - CDR SdcmdSyslogSend ( SYSLOG_CDR, SYSLOG _INFO, String); String = board xx line xx.
Prestige 662H/HW Series User’s Guide 393 Chapter 39 System Information and Diagnosis 39.5 Diagnostic The diagnostic facility allows you to test the di f ferent aspects of your Prestige to determine if it is working properly .
Prestige 662H/HW Series User’s Guide Chapter 39 System Inform ation and Diagnosis 394 The following table describes the diagnostic tests available in menu 24.4 for and the connections. Table 139 Menu 24.4 System Main tenance Menu: Diagnostic FIELD DESCRIPTION Reset xDSL Re-initialize the xDSL link to th e telephone company .
Prestige 662H/HW Series User’s Guide 395 Chapter 39 System Information and Diagnosis.
Prestige 662H/HW Series User’s Guide Chapter 40 Firmware and Confi guration File Maintenance 396 C HAPTER 40 Firmware and Configuration File Maintenance This chapter tells you how to ba ckup and r estore your configura tion file as well as upload new firmwar e an d configuratio n files.
Prestige 662H/HW Series User’s Guide 397 Chapter 40 Firmware and Con f iguration File Main tenance The following table is a summary . Please note that the internal filename refe rs to the filename o.
Prestige 662H/HW Series User’s Guide Chapter 40 Firmware and Confi guration File Maintenance 398 Figure 239 T elnet in Menu 24.5 40.2.2 Using the FTP Command from the Comman d Line 1 Launch the FTP client on your computer . 2 Enter “ open ”, followed by a space and the IP address of your Prestige.
Prestige 662H/HW Series User’s Guide 399 Chapter 40 Firmware and Con f iguration File Main tenance Figure 240 FTP Session Example 40.2.4 GUI-based FTP Clients The following table describes some of the commands that you may see in GUI-based FTP clients.
Prestige 662H/HW Series User’s Guide Chapter 40 Firmware and Confi guration File Maintenance 400 40.2.6 Backup Configuration Using TFTP The Prestige support s the up/downloading of the firmware and the configuration file using TFTP (T rivial File T ransfer Protocol) over LA N.
Prestige 662H/HW Series User’s Guide 401 Chapter 40 Firmware and Con f iguration File Main tenance Refer to the TFTP and FTP over W A N Management Limitations section to r e ad about configurations that disallow TFTP and FTP over W AN.
Prestige 662H/HW Series User’s Guide Chapter 40 Firmware and Confi guration File Maintenance 402 Figure 243 Backup Configuration Example 4 After a successful backup you will see the following screen. Pr ess any key to return to the SMT menu. Figure 244 Successful Backup Co nfirmation Screen 40.
Prestige 662H/HW Series User’s Guide 403 Chapter 40 Firmware and Con f iguration File Main tenance Figure 245 T elnet into Menu 24.6 1 Launch the FTP client on your computer . 2 Enter “ open ”, followed by a space and the IP address of your Prestige.
Prestige 662H/HW Series User’s Guide Chapter 40 Firmware and Confi guration File Maintenance 404 40.3.3 Restore V ia Console Port Restore configuration via console port by fol lowing the HyperT erminal procedure shown next. Procedures using other serial communicat i ons programs should be similar .
Prestige 662H/HW Series User’s Guide 405 Chapter 40 Firmware and Con f iguration File Main tenance Figure 250 Successful Restoration Confirmati on Screen 40.4 Uploading Firmware and Configuration Files This section shows yo u how to upload firmware and co nfiguration files.
Prestige 662H/HW Series User’s Guide Chapter 40 Firmware and Confi guration File Maintenance 406 Figure 252 T elnet Into Menu 24.7.2 System Maintenance T o upload the firmware and the configuration file, follow these examples 40.4.3 FTP File Upload Comman d from the DOS Prompt Example 1 Launch the FTP client on your computer .
Prestige 662H/HW Series User’s Guide 407 Chapter 40 Firmware and Con f iguration File Main tenance 40.4.4 FTP Session Exampl e of Firmware File Upload Figure 253 FTP Session Example of Firmware File Upload More commands (found in GUI-based FTP clie nts) are listed earlier in this chapter .
Prestige 662H/HW Series User’s Guide Chapter 40 Firmware and Confi guration File Maintenance 408 40.4.6 TFTP Upload Command Example The following is an example TFTP command: tftp [-i] host put firmware.
Prestige 662H/HW Series User’s Guide 409 Chapter 40 Firmware and Con f iguration File Main tenance 40.4.9 Example Xmodem Firmwa re Upload Using HyperT erminal Click T ransfer , then Send File to display the following screen.
Prestige 662H/HW Series User’s Guide Chapter 40 Firmware and Confi guration File Maintenance 410 3 Enter “atgo” to restart the Prestige. 40.4.1 1 Example Xmodem Configur ation Upload Using HyperT erminal Click T ransfer , then Send File to display the following screen.
Prestige 662H/HW Series User’s Guide 411 Chapter 40 Firmware and Con f iguration File Main tenance.
Prestige 662H/HW Series User’s Guide Chapter 41 System Maintenance 412 C HAPTER 41 System Maintenance This chapter leads you th r ough SMT menus 24.8 to 24 .10. 41.1 Command Interpreter Mode The Command Interpreter (CI) is a part of the ma in system firmware.
Prestige 662H/HW Series User’s Guide 413 Chapter 41 System M aintena nce 41.2 Call Control Support Call Control Support is only applicable when Encapsulation is set to PPPoE in menu 4 or menu 1 1 .1. The budget management func tion allows you to set a limit on the total outgoing call time of the Prestige within certain times.
Prestige 662H/HW Series User’s Guide Chapter 41 System Maintenance 414 Figure 261 Menu 24.9.1 System Maintenance: Budg et Management The total budget is the time li mit on the accumulated time for ou tgoing calls to a remo te node.
Prestige 662H/HW Series User’s Guide 415 Chapter 41 System M aintena nce Figure 262 Menu 24 System Maintenance Then enter 10 to go to Menu 24.10 System Maintena nce Time and Date Setting to update the time and date settings of your Pres tige as shown in th e following screen.
Prestige 662H/HW Series User’s Guide Chapter 41 System Maintenance 416 41.3.1 Resetting the T ime • The Prestige resets the time in three instances: • On leaving menu 24.10 after making changes. • When the Prestige starts up, if there is a timeserver co nfigured in menu 24.
Prestige 662H/HW Series User’s Guide 417 Chapter 41 System M aintena nce.
Prestige 662H/HW Series User’s Guide Chapter 42 Remo te Management 418 C HAPTER 42 Remote Management This chapter covers r emote manageme nt (SMT menu 24.1 1). 42.1 Remote Management Overview Remote management allows you to determ ine which services/protocols can access which Prestige interface (if any) from which computers.
Prestige 662H/HW Series User’s Guide 419 Chapter 42 Remote Manag ement Figure 264 Menu 24.1 1 Remote M anagemen t Control The following table describes the fields in this menu. 42.2.2 Remote Management Limit ations Remote management over LAN or W AN will not work when: • A filter in menu 3.
Prestige 662H/HW Series User’s Guide Chapter 42 Remo te Management 420 42.3 Remote Management and NA T When NA T is enabled: • Use the Prestige’ s W A N IP address when configuring from the W AN. • Use the Prestige’ s LAN IP address when configurin g from the LAN.
Prestige 662H/HW Series User’s Guide 421 Chapter 42 Remote Manag ement.
Prestige 662H/HW Series User’s Guide Chapter 43 IP Policy Routing 422 C HAPTER 43 IP Policy Routing This chapter covers setting and applyi ng policies used for IP r outing. 43.1 IP Policy Routing Overview T raditionally , routing is based on the destinatio n address only and the IAD takes the shortest path to forward a packet.
Prestige 662H/HW Series User’s Guide 423 Chapter 43 IP Policy Routing • routing the packet to a different gate way (and hence the outgoing interface). • setting the TO S and precedence fields in the IP header . IPPR follows the existing packet filtering facility of RAS in st yle and in impl ementation.
Prestige 662H/HW Series User’s Guide Chapter 43 IP Policy Routing 424 Figure 266 Menu 25.1 IP Routing Po licy Setup T ype a number from 1 to 6 to display Menu 25.1.1 – IP Rou ting Policy (see the next figure). This menu allows you to configure a policy rule.
Prestige 662H/HW Series User’s Guide 425 Chapter 43 IP Policy Routing Figure 267 Menu 25.1.1 IP Routing Policy The following table describes the fields in this menu.
Prestige 662H/HW Series User’s Guide Chapter 43 IP Policy Routing 426 43.5 Applying an IP Policy This section shows yo u where to apply the IP policies after you design them. 43.5.1 Ethernet IP Policies From Menu 3 — Ethernet Setup , type 2 to go to Menu 3.
Prestige 662H/HW Series User’s Guide 427 Chapter 43 IP Policy Routing Figure 268 Menu 3.2 TCP/IP and DHCP Ethernet Se tup Go to menu 1 1.3 (shown next) and type the number(s) of the IP Rout ing Policy set(s) as appropriate. Y ou ca n cascade up to four polic y sets by typing their numbers separated by commas.
Prestige 662H/HW Series User’s Guide Chapter 43 IP Policy Routing 428 Figure 270 Example of IP Policy Routing T o force packets coming from clients with IP addresses of 192.168.1.33 to 192.16 8.1.64 to be routed to the Internet via the W AN port of the Prestige, follow the steps as shown next.
Prestige 662H/HW Series User’s Guide 429 Chapter 43 IP Policy Routing 3 Create a rule in menu 25.1 for this set to route packets from any host ( IP=0.0.0.0 means any host) with protocol TCP and port FTP access through another gateway (192.168.1.100).
Prestige 662H/HW Series User’s Guide Chapter 44 Call Scheduling 430 C HAPTER 44 Call Scheduling Call scheduling (applicable for PPPoA or PPPoE encapsulation only) allows you to dictate when a r emote node should be called and for how long.
Prestige 662H/HW Series User’s Guide 431 Chapter 44 Call Scheduling T o setup a schedule set, select the schedule set you want to setup from menu 26 (1-12) and press [ENTER] to see Menu 26.1 — Schedule Set Setup as shown next. Figure 275 Menu 26.1 Schedule Set Setup If a connection has been already established, your Prestige will not drop it.
Prestige 662H/HW Series User’s Guide Chapter 44 Call Scheduling 432 Once your schedule sets are conf igured , you must then apply them to the desired remote node(s).
Prestige 662H/HW Series User’s Guide 433 Chapter 44 Call Scheduling.
Prestige 662H/HW Series User’s Guide Chapter 45 VPN/IPSec Setup 434 C HAPTER 45 VPN/IPSec Setup This chapter intr oduc es the VPN SMT menus. 45.1 VPN/IPSec Overview The VPN/IPSec main SMT menu has these main submenus: Define VPN policies in menu 27.
Prestige 662H/HW Series User’s Guide 435 Chapter 45 VPN/IPSec Setup Figure 278 Menu 27 VPN/IPSec Setup 45.2 IPSec Summary Screen T ype 1 in menu 27 and then press [ENTER] to display Menu 27.1 IPSec Summary . This is a summary read-only menu of your IPSec rules (t unnels).
Prestige 662H/HW Series User’s Guide Chapter 45 VPN/IPSec Setup 436 A Y signifies that this VPN rule is active. Local Addr St a r t When the Addr T ype field in Menu 27.1.1 IPSec Setup is configur ed to Sing le , this is a static IP address on the LAN behind your Prestige.
Prestige 662H/HW Series User’s Guide 437 Chapter 45 VPN/IPSec Setup 45.3 IPSec Setup Select Edit in the Select Command field; type the index number of a rule in the Select Rule field and press [ENTER] to edit the VPN using the menu shown next.
Prestige 662H/HW Series User’s Guide Chapter 45 VPN/IPSec Setup 438 Figure 280 Menu 27.1.1 IPSec Setup The following table describes the fields in this menu. Menu 27.1.1 – IPSec Setup Index= 1 Name= Taiwan Active= Yes Keep Alive= No Nat Traversal= No Local ID type= IP Conten t: My IP Addr= 0.
Prestige 662H/HW Series User’s Guide 439 Chapter 45 VPN/IPSec Setup Nat T raversal Press [SP ACE BAR] to choose either Ye s or No . Choose Ye s and press [ENTER] to enable NA T traversal. NA T trave rsal allows you to set up a VPN connection when there are NA T routers betwe en the two IPSec rout ers.
Prestige 662H/HW Series User’s Guide Chapter 45 VPN/IPSec Setup 440 DNS Server If there is a private DNS server that serv ices the VPN, type its IP address here. The Prestige assigns this additional DNS server to the Prestige's DHCP clients that have IP addresses in this IPSec ru le's range of local addresses.
Prestige 662H/HW Series User’s Guide 441 Chapter 45 VPN/IPSec Setup 45.4 IKE Setup T o edit this menu, the Key Manageme nt field in Menu 27.1.1 – IPSec Setup must be set to IKE . Move the cursor to the Edit Key Management Setup field in Menu 27.1.
Prestige 662H/HW Series User’s Guide Chapter 45 VPN/IPSec Setup 442 Figure 281 Menu 27.1.1.1 KE Setup The following table describes the fields in this menu.
Prestige 662H/HW Series User’s Guide 443 Chapter 45 VPN/IPSec Setup 45.5 Manual Setup Y ou only co nfigure Menu 27.1.1.2 – Manual Setup when you select Manual in the Key Management field in Menu 27.1.1 – IPSec Setup . Manual key mana gement is useful if you have problem s with IKE key management.
Prestige 662H/HW Series User’s Guide Chapter 45 VPN/IPSec Setup 444 Figure 282 Menu 27.1.1.2 Manual Setup The following table describes the fields in this menu.
Prestige 662H/HW Series User’s Guide 445 Chapter 45 VPN/IPSec Setup Authentication Algorithm Press [SP ACE BAR] to choose from MD5 or SHA1 and then press [ENTER]. Key Enter the authentication key to be used by IPSec if applicable. The key must be unique.
Prestige 662H/HW Series User’s Guide Chapter 46 SA Monitor 446 C HAPTER 46 SA Monitor This chapter teaches you how to manage yo ur SAs by using the SA M onitor in SMT menu 27.2. 46.1 SA Monitor Overview A Security Association (SA) is the group of se cu rity settings related to a specific VPN tunnel.
Prestige 662H/HW Series User’s Guide 447 Chapter 46 SA Monitor Figure 283 Menu 27.2 SA Monitor The following table describes the fields in this menu. Menu 27.2 - SA Monitor # Name Encap. IPSec ALgorithm --- -------------------------------- --------- ---------------- 001 Taiwan : 3.
Prestige 662H/HW Series User’s Guide Chapter 46 SA Monitor 448 Select Command Press [SP ACE BAR] to choose from Refresh , Disconnect , None , Next Page , or Previous Page and then press [ENTER]. Y ou must select a connection in the ne xt field when you choose the Disconnect command.
Prestige 662H/HW Series User’s Guide 449 Chapter 46 SA Monitor.
Prestige 662H/HW Series User’s Guide Chapter 47 Internal SPTGEN 450 C HAPTER 47 Internal SPTGEN 47.1 Internal SPTGEN Overview Internal SP TGEN (System Parame ter T able Generator) is a configuration text file useful for efficient configuration of multiple Prestiges.
Prestige 662H/HW Series User’s Guide 451 Chapter 47 Int ernal SPTGEN 47.2.1 Internal SPTGEN File Mo dification - Import ant Point s to Remember Each paramete r you enter must be pr eceded by one “=”sign and one spac e. Some parameters are dependent on othe rs.
Prestige 662H/HW Series User’s Guide Chapter 47 Internal SPTGEN 452 Figure 287 Internal SP TGEN FTP Download Example 47.4 Internal SPTGEN FTP Upload Example 1 Launch your FTP application. 2 Enter " bin ". The command “ bin ” sets the transfer mode to binary .
Prestige 662H/HW Series User’s Guide 453 Chapter 47 Int ernal SPTGEN.
Prestige 662H/HW Series User’s Guide Chapter 48 Troubleshooting 454 C HAPTER 48 T roubleshooting This chapter covers potential proble ms and the corresponding remedies.
Prestige 662H/HW Series User’s Guide 455 Chapter 48 Troublesh ooting 48.3 Problems with the DSL LED 48.4 Problems with the LAN Interface 48.5 Problems with the W AN Interface Table 157 Troubleshooting the DSL LED PROBLEM CORRECTIVE ACTION The DSL LED is off.
Prestige 662H/HW Series User’s Guide Chapter 48 Troubleshooting 456 48.6 Problems with Internet Access 48.7 Problems with the Password Table 160 Troubleshooting Internet Access PROBLEM CORRECTIVE ACTION I cannot access the Intern et. Make sure the Prestige is turned on and connected to the network.
Prestige 662H/HW Series User’s Guide 457 Chapter 48 Troublesh ooting 48.8 Problems with the W eb Configurator 48.9 Problems with Remote Management Table 162 Troubleshooting the Web Configurato r PROBLEM CORRECTIVE ACTION I cannot access the web configurator .
Prestige 662H/HW Series User’s Guide Appendix A C able Pin A ssignments 458 Appendix A Cable Pin Assignment s In a serial communications connection, gene rally a computer is DTE (Data T erminal Equipment) and a modem is DCE (Data Circuit- terminating Equipment).
Prestige 662H/HW Series User’s Guide 459 Appendix A Cable Pin Assignments Figure 2 Ethernet Cable Pin Assignment s.
Prestige 662H/HW Series User’s Guide Appendix B Sp litters and M icrofilters 460 Appendix B Splitters and Microfilters This appendix tells you how to install a POTS splitter or a telephone microfilter . Connecting a POTS Splitter When you use the Full Rate (G .
Prestige 662H/HW Series User’s Guide 461 Appen dix B Splitters and Microfilters 1 Connect a phone cable from the wall jack to the single jack end of the Y - Connector . 2 Connect a cable from the double jack end of the Y -Connector to th e “wall side” of the microfilter .
Prestige 662H/HW Series User’s Guide Appendix C Setting up Your Computer’s IP Address 462 Appendix C Setting up Y our Computer ’ s IP Address All computers must have a 10M or 100M Et hernet adapter card and TCP/IP installed.
Prestige 662H/HW Series User’s Guide 463 Appendix C Setting up Your Computer’s IP Address Figure 6 WIndows 95/98/Me: Network: Configuration Inst alling Component s The Network window Configuration tab displays a list of installed components. Y ou need a network adapter , the TCP/IP protocol and Client for Microso ft Networks.
Prestige 662H/HW Series User’s Guide Appendix C Setting up Your Computer’s IP Address 464 3 Select Microsoft from the list of manufacturers. 4 Select Client for Microsoft Networks from the list of network clients and then click OK . 5 Restart your computer so the changes you made take ef fect.
Prestige 662H/HW Series User’s Guide 465 Appendix C Setting up Your Computer’s IP Address Figure 8 Windows 95/98/Me: TCP/IP Properties: DNS Con figuration 4 Click the Gateway tab. • If you do no t know your gateway’ s IP address, remove previously installed gateways.
Prestige 662H/HW Series User’s Guide Appendix C Setting up Your Computer’s IP Address 466 Figure 9 Windows XP: S tart Menu 2 For W indows XP , click Network Connections . For W indows 2000/NT , click Network and Dial-up Connections . Figure 10 Windows XP: Control Panel 3 Right-click Local Area Connection and then click Pr operties .
Prestige 662H/HW Series User’s Guide 467 Appendix C Setting up Your Computer’s IP Address Figure 1 1 Windows XP: Control Panel: Ne twork Connections: Propertie s 4 Select Internet Protocol (TCP/IP) (under the Genera l tab in W in XP) and click Properties .
Prestige 662H/HW Series User’s Guide Appendix C Setting up Your Computer’s IP Address 468 • If you have a static IP address click Use the following IP Address and fill in the IP addr ess , Subnet mask , and Default gateway fields. Click Advanced .
Prestige 662H/HW Series User’s Guide 469 Appendix C Setting up Your Computer’s IP Address • Click Obtain D NS server address automatically if you do not know your DNS server IP addre ss(es).
Prestige 662H/HW Series User’s Guide Appendix C Setting up Your Computer’s IP Address 470 Figure 15 Macintosh OS 8/9: Apple Menu 2 Select Ethernet built-in from the Connect via list. Figure 16 Macintosh OS 8/9: TCP/IP 3 For dynamically assigned settings, select Using DHCP Server from the Configur e: list.
Prestige 662H/HW Series User’s Guide 471 Appendix C Setting up Your Computer’s IP Address 4 For statically assigned settings, do the following: •F r o m t h e Configure box, select Manually . • T ype your IP address in the IP Address bo x. • T ype your subnet mask in the Subnet mask box.
Prestige 662H/HW Series User’s Guide Appendix C Setting up Your Computer’s IP Address 472 Figure 18 Macintosh OS X: Network 4 For statically assigned settings, do the following: •F r o m t h e Configure box, select Manually . • T ype your IP address in the IP Address bo x.
Prestige 662H/HW Series User’s Guide 473 Appendix C Setting up Your Computer’s IP Address.
Prestige 662H/HW Series User’s Guide Appendix D IP Subnetting 474 Appendix D IP Subnetting IP Addressing Routers “route” based on the network number .
Prestige 662H/HW Series User’s Guide 475 Appendix D IP Subnettin g Since the first octet of a class “A” IP address must contain a “0”, the first octet of a class “A” address can have a valu e of 0 to 127.
Prestige 662H/HW Series User’s Guide Appendix D IP Subnetting 476 Since the mask is always a continuous number of ones begin ning from the left, fo llowed by a continuous number of zeros for the remainder of the 32 bit mask, you can si mply specify the number of ones instead of writing the value of each octet.
Prestige 662H/HW Series User’s Guide 477 Appendix D IP Subnettin g Divide the network 192.168.1. 0 into two separate subnets by converting one of th e host ID bits of the IP address to a network number bit. The “ borrowed” host ID bit can be either “0” or “1” thus giving two subnets; 19 2.
Prestige 662H/HW Series User’s Guide Appendix D IP Subnetting 478 Example: Four Subnet s The above exampl e illustrated using a 25-bit subne t mask to divide a class “C” address space into two subnets.
Prestige 662H/HW Series User’s Guide 479 Appendix D IP Subnettin g Example Eight Subnet s Similarly use a 27-bit mask to create 8 subnets (001 , 010, 01 1, 100, 101, 1 10). The following table shows class C IP ad dress last octet values for each subnet.
Prestige 662H/HW Series User’s Guide Appendix D IP Subnetting 480 Subnetting With Class A and Class B Networks. For class “A” and class “B” addresses the subnet ma sk also determines which bits are part of the network number and which are part of the host ID.
Prestige 662H/HW Series User’s Guide 481 Appendix D IP Subnettin g.
Prestige 662H/HW Series User’s Guide Appendix E PPPoE 482 Appendix E PPPoE PPPoE in Action An ADSL modem bridges a PPP session over Ethernet (PPP ov er Ethernet, RFC 2516) from your computer to an A TM PVC (Permanent V irt ual Circuit) whic h connects to a DSL Access Concentrator where th e PPP session terminates ( see Figure 19 ).
Prestige 662H/HW Series User’s Guide 483 Appendix E PPPoE Figure 19 Single-Computer per Router Hardware Configuration How PPPoE W orks The PPPoE driver makes the Ethernet appea r as a serial link to the computer and the computer runs PPP over it, while the modem bridges the Ethernet frames to the Access Concentrator (AC).
Prestige 662H/HW Series User’s Guide Appendix F Virtual Circuit Topology 484 Appendix F V irtual Circuit T opology A TM is a connection-oriented te chnology , meaning that it sets up virtual circuits over which end systems communi cate.
Prestige 662H/HW Series User’s Guide 485 Appendix F Virtual Circuit Topology.
Prestige 662H/HW Series User’s Guide Appendix G Wireless LAN and IEEE 802.11 486 Appendix G W ireless LAN and IEEE 802.1 1 A wireless LAN (WLAN) provides a fle xible data communications system that you can use to access various services (navigating the Internet, E-mail, printer services , etc.
Prestige 662H/HW Series User’s Guide 487 Appendix G Wireless LAN and IEEE 802.11 Ad-hoc Wireless LAN Configuration The simplest WLAN configuration is an inde pe ndent (Ad-hoc) WLAN that connects a set of computers with wireless nodes or stations (ST A), whic h is called a Basic Service Set (BSS).
Prestige 662H/HW Series User’s Guide Appendix G Wireless LAN and IEEE 802.11 488 Figure 23 ESS Provides C ampus-Wide Coverage.
Prestige 662H/HW Series User’s Guide 489 Appendix G Wireless LAN and IEEE 802.11.
Prestige 662H/HW Series User’s Guide Appendix H Wireless LAN With IEEE 802.1x 490 Appendix H Wireless LAN W ith IEEE 802.1x As wireless networks become po pular for both portable comp uting and corporate networks , security is now a priority . Security Flaws with IEEE 802.
Prestige 662H/HW Series User’s Guide 491 Append ix H Wireless LAN With IEEE 802.1x RADIUS Server Authentication Sequence The following figure depicts a typical wireless ne tw ork with a remote RADIUS server for user authentication using EAPOL (EAP Over LAN).
Prestige 662H/HW Series User’s Guide Appendix I Types of EAP Authentication 492 Appendix I T ypes of EAP Authentication This appendix discusses the five popular EAP authentication types: EAP-MD5 , EAP-TLS , EAP-TTLS , PEAP and LEAP . The type of authentication you use depends on the RADIUS server or the AP .
Prestige 662H/HW Series User’s Guide 493 Appendix I Types of EAP Authentication PEAP (Protected EAP) Like EAP-TTLS, server-side certific ate authentication is used to establish a secure connection, then use simple username and p assword methods through the secured co nnection to authenticate the clients, thus hiding client identity .
Prestige 662H/HW Series User’s Guide Appendix J Antenna Selection and Position ing Recommendation 494 Appendix J Antenna Selection and Positioning Recommendation An antenna couples RF signals onto air . A tran smitter within a wireless device sends an RF signal to the antenna, which propagates the signal through the air .
Prestige 662H/HW Series User’s Guide 495 Appendix J Antenna Sele ction and Positioning Recommendation • Omni-directional antennas send the RF signal out in all directions on a horizontal p lane. The covera ge area is torus -shaped (lik e a donut) which makes these antennas ideal for a room environment.
Prestige 662H/HW Series User’s Guide Appendix K 496 Appendix K myZyXEL.com Introduction myZyXEL.com is ZyXEL ’ s online services center where you can register your ZyXEL device. Y ou can also generate an activation key and serv ice set key that may be needed to use device- specific feature(s).
Prestige 662H/HW Series User’s Guide 497 Appendix K Figure 25 myZyXEL.com Logi n Screen Registering Y our ZyXEL Device 1 After you have created a myZyXEL.com account, log in and register your ZyXEL device by clicking the hyp erlink as shown in the ne xt screen.
Prestige 662H/HW Series User’s Guide Appendix K 498 Figure 26 Logged Into myZyXEL.com 2 Click Add in the next screen. Figure 27 Product Registration 3 The Add New Pr oduct screen displays.
Prestige 662H/HW Series User’s Guide 499 Appendix K Figure 28 Add New Product 8 Specify the purchase information and click Continue . Figure 29 Product Survey 9 Click Continue again. 10 After you have registered your ZyXEL device, you can view its registration details in the screen shown next.
Prestige 662H/HW Series User’s Guide Appendix K 500 Figure 30 Service Management Activating a Service The product is now reg istered but the related service(s) is not activated. Y ou need to activate the service(s) before you can use it on your ZyXEL device .
Prestige 662H/HW Series User’s Guide 501 Appendix K Congratulations! Y ou have successfully registered your ZyXEL device and activated a service at myZyXEL.com. Note: Y ou must then activat e the servic e(s) on your ZyXEL device via it s web configurator to start using the service(s).
Prestige 662H/HW Series User’s Guide Appendix L 502 Appendix L Windows 98/Me Requirement s for Anti- V irus Packet Scan Message Display W ith the anti-virus packet scan, when a virus is detected, an alert message is displa yed on Miscrosoft W indows-based operation systems only .
Prestige 662H/HW Series User’s Guide 503 Appendix L Figure 34 Windows 98: T ask Bar Properties 3 Double-click Programs and click St a r t U p . Figure 35 Windows 98: S tartUp 4 Right-click in the St a r t U p pane and click New , Shortcut . 5 A Create Shortcut window disp lays.
Prestige 662H/HW Series User’s Guide Appendix L 504 Figure 36 Windows 98: S tartup: Create Shortcut 6 Accept the default or specify a name for the shortcut and click Finish . Figure 37 Windows 9 8: S tartup: Sele ct a T itle for t he Program 7 A shortcut is created in the St a r t U p pane.
Prestige 662H/HW Series User’s Guide 505 Appendix L Figure 38 Windows 98: S tartu p: Shortcut Note: The WinPopup window displays after the computer finishes the st artup process.
Prestige 662H/HW Series User’s Guide Appendix M 506 Appendix M Example Internal SPTGEN Screens This appendix covers Prestig e Internal SP TGEN screens.
Prestige 662H/HW Series User’s Guide 507 Appendix M 30100008 = Input device filters Set 4 = 256 30100009 = Output protocol filters Set 1 = 256 30100010 = Output protocol filters Set 2 = 256 30100011.
Prestige 662H/HW Series User’s Guide Appendix M 508 30201004 = RIP Direction <0(None) | 1(Both) | 2(In Only) | 3(Out Only)> = 0 30201005 = Version <0(Rip-1) | 1(Rip-2B) |2(Rip-2M)> = 0 3.
Prestige 662H/HW Series User’s Guide 509 Appendix M 30201026 = IP Alias #2 Outgoing protocol filter s Set 4 = 256 */ Menu 3.5 Wireless LAN Setup (SMT Menu 3.
Prestige 662H/HW Series User’s Guide Appendix M 510 Table 21 Menu 4 Internet Access Setup (SMT Menu 4) / Menu 4 Internet Access Setup (SMT Menu 4) FIN FN PVA INPUT 40000000 = Configured <0(No) | .
Prestige 662H/HW Series User’s Guide 511 Appendix M 40000027 = ATM QoS Type <0(CBR) | (1 (UBR)> = 1 40000028 = Peak Cell Rate (PCR) = 0 40000029 = Sustain Cell Rate (SCR) = 0 40000030 = Maximu.
Prestige 662H/HW Series User’s Guide Appendix M 512 120103002 = IP S tatic Route set #3, Active <0(No) |1(Yes)> = 0 120103003 = IP S tatic Route set #3, Destination IP address = 0.0.0.0 120103004 = IP S tatic Route set #3, Destination IP subnetmask = 0 120103005 = IP S tatic Route set #3, Gateway = 0.
Prestige 662H/HW Series User’s Guide 513 Appendix M FIN FN P VA INPUT 120107001 = IP S tatic Route set #7, Name <Str> = 120107002 = IP S tatic Route set #7, Active <0(No) |1(Yes)> = 0 120107003 = IP S tatic Route set #7, Destination IP address = 0.
Prestige 662H/HW Series User’s Guide Appendix M 514 120110007 = IP S tatic Route set #10, Private <0(No) |1(Yes)> = 0 */ Menu 12.1.11 IP Static Route Setu p (SMT Menu 12.
Prestige 662H/HW Series User’s Guide 515 Appendix M 120114004 = IP Static Route set # 14, Destination IP subnetmask = 0 120114005 = IP S tatic Route set #14, Gateway = 0.0.0.0 120114006 = IP S tatic Route set #14, Metric = 0 120114007 = IP S tatic Route set #14, Private <0(No) |1(Yes)> = 0 */ Menu 12.
Prestige 662H/HW Series User’s Guide Appendix M 516 150000007 = SUA Server #3 Active <0(No) | 1(Yes)> = 0 150000008 = SUA Server #3 Protocol <0(All)|6(TCP)|17(U DP)> = 0 150000009 = SUA Server #3 Port Start = 0 150000010 = SUA Server #3 Port End = 0 150000011 = SUA Server #3 Local IP addre ss = 0.
Prestige 662H/HW Series User’s Guide 517 Appendix M 150000041 = SUA Server #9 Local IP addre ss = 0.0.0.0 150000042 = SUA Server #10 Active <0(No) | 1(Yes)> = 0 150000043 = SUA Server #10 Prot.
Prestige 662H/HW Series User’s Guide Appendix M 518 210101011 = IP Filter Set 1 ,Rule 1 Src Port Comp <0(none)|1(equal) |2(not equal)|3(less)|4( greater)> = 0 210101013 = IP Filter Set 1 ,Rule.
Prestige 662H/HW Series User’s Guide 519 Appendix M 210103007 = IP Filter Set 1 ,Rule 3 Dest Port Comp <0(none)|1(equal) |2(not equal)|3(less)|4( greater)> = 1 210103008 = IP Filter Set 1 ,Rule 3 Src IP address = 0.
Prestige 662H/HW Series User’s Guide Appendix M 520 210105002 = IP Filter Set 1 ,Rule 5 Active <0(No)|1 (Yes)> = 1 210105003 = IP Filter Set 1 ,Rule 5 Protocol = 17 210105004 = IP Filter Set 1,Rule 5 Dest IP address = 0.
Prestige 662H/HW Series User’s Guide 521 Appendix M 210106013 = IP Filter Set 1 ,Rule 6 Act Match <1(check next)|2(forward)| 3(drop)> = 3 210106014 = IP Filter Set 1 ,Rule 6 Act Not Match <1(check next)|2(forward)| 3(drop)> = 2 Table 24 Menu 21.
Prestige 662H/HW Series User’s Guide Appendix M 522 210202001 = IP Filter Set 2, Rule 2 Type <0(none)|2(TCP/IP)> = 2 210202002 = IP Filter Set 2, Rule 2 Active <0(No)|1(Yes)> = 1 210202003 = IP Filter Set 2, Rule 2 Protocol = 6 210202004 = IP Filter Set 2, Rule 2 Dest IP address = 0.
Prestige 662H/HW Series User’s Guide 523 Appendix M 210203011 = IP Filter Set 2, Rule 3 Src Port Comp <0(none)|1(equal)|2 (not equal)|3(less)|4(gr eater)> = 0 210203013 = IP Filter Set 2, Rule.
Prestige 662H/HW Series User’s Guide Appendix M 524 210205004 = IP Filter Set 2, Rule 5 Dest IP address = 0.0.0.0 210205005 = IP Filter Set 2, Rule 5 Dest Subnet Mask = 0 210205006 = IP Filter Set 2.
Prestige 662H/HW Series User’s Guide 525 Appendix M 210206013 = IP Filter Set 2,Rule 6 Act Match <1(check next)|2(forward)|3( drop)> = 3 210206014 = IP Filter Set 2,Rule 6 Act Not Match <1(check next)|2(forward)|3( drop)> = 2 */ Menu 23.
Prestige 662H/HW Series User’s Guide Appendix M 526 Command Examples The following are example Internal SP TGEN scr eens associated wi th the Prestige’ s command interpreter commands. 241100005 = FTP Server Access <0(all)|1(none)|2(L an)|3(Wan)> = 0 241100006 = FTP Server Secured IP address = 0.
Prestige 662H/HW Series User’s Guide 527 Appendix M.
Prestige 662H/HW Series User’s Guide Appendix N 528 Appendix N Command Interpreter The following describes how to use the comman d interpreter . Enter 24 in the main menu to bring up the system maintena nce menu. Enter 8 to go to Menu 24.8 - Command Interpr e ter Mode .
Prestige 662H/HW Series User’s Guide 529 Appendix N.
Prestige 662H/HW Series User’s Guide Appendix O 530 Appendix O Firewall Commands Sys Firewall Commands The following describes th e firewall commands. See Appendix N for information on the command structure. Each of these commands must be preceded by sys firewall when you use them.
Prestige 662H/HW Series User’s Guide 531 Appendix O.
Prestige 662H/HW Series User’s Guide Appendix P 532 Appendix P NetBIOS Filter Commands The following describes the NetB IOS packet filter commands. See Appendix N for information on the command structure.
Prestige 662H/HW Series User’s Guide 533 Appendix P The filter types and their defa ult settings are as follows. NetBIOS Filter Configuration Syntax:sys filter netbios config <ty pe> <on|of.
Prestige 662H/HW Series User’s Guide Appendix P 534 sys filter netbios config 3 on This command blocks IPSec NetBIOS packets. sys filter netbios config 4 off This command stops NetBIOS commands from initiating calls.
Prestige 662H/HW Series User’s Guide 535 Appendix P.
Prestige 662H/HW Series User’s Guide Appendix Q 536 Appendix Q Brute-Force Password Guessing Protection The following describes the c ommands for enablin g, disabling and configuring the brute-force password guessing protect ion m echanism for the password.
Prestige 662H/HW Series User’s Guide 537 Appendix Q.
Prestige 662H/HW Series User’s Guide Appendix R 538 Appendix R Boot Commands The BootModule A T commands execute from wi thin the router ’ s bootup software, when debug mode is selected before the main router firmware is start e d.
Prestige 662H/HW Series User’s Guide 539 Appendix R Figure 40 Boot Module Commands AT just answer OK ATHE print help ATBAx change baud rate. 1:38.4k, 2:19.
Prestige 662H/HW Series User’s Guide Appendix S 540 Appendix S Log Descriptions This appendix provides descrip tions of example log messages. Table 30 System Maintenance Logs LOG MESSAGE DESCRIPTION Time calibration is successful The router has adjusted its time based on informati on from the time server .
Prestige 662H/HW Series User’s Guide 541 Appendix S Configuration Change: PC = 0x%x, Task ID = 0x%x The router is saving configuration changes. Successful SSH login Someo ne has logged on to the router ’s SSH server . SSH login failed Someone has failed to log on to the router ’s SSH server .
Prestige 662H/HW Series User’s Guide Appendix S 542 Table 33 TCP Reset Logs LOG MESSAGE DESCRIPTION Under SYN flood attack, sent TCP RST The router sent a TCP reset packet when a host was u nder a SYN flood attack (the TCP incomplete count is per desti nation host.
Prestige 662H/HW Series User’s Guide 543 Appendix S Triangle route packet forwarded: ICMP The firewall allow ed a triangle route session to pass through. Packet without a NAT table entry blocked: ICMP The router blocked a packet that didn’t have a corresponding NA T table entry .
Prestige 662H/HW Series User’s Guide Appendix S 544 Table 38 UPnP Log s LOG MESSAGE DESCRIPTION UPnP pass through Firewall UPnP packets can pass through the firewall. Table 39 Content Filtering Logs LOG MESSAGE DESCRIPTION %s: Keyword blocking The content of a requested web p age ma tched a user defi ned keyword.
Prestige 662H/HW Series User’s Guide 545 Appendix S Table 40 Attack Logs LOG MESSAGE DESCRIPTION attack [ TCP | UDP | IGM P | ESP | GRE | OSPF ] The firewall detected a TC P/UDP/IGMP/ESP/GRE/OSPF attack. attack ICMP (type:%d, code:%d) The firewall detecte d an ICMP attack.
Prestige 662H/HW Series User’s Guide Appendix S 546 Table 41 IPSec Logs LOG MESSAGE DESCRIPTION Discard REPLAY packet The router received and discarded a packet with an incorrect sequence number . Inbound packet authentication failed The router received a packet that has been altered.
Prestige 662H/HW Series User’s Guide 547 Appendix S Cannot resolve Secure Gateway Addr for rule <%d> The router couldn’t resolve t he IP address from the domain name that was used for the secure gateway address.
Prestige 662H/HW Series User’s Guide Appendix S 548 XAUTH fail! Username: <Username> The router was not able to use extended authentication to authenticate the listed username. Rule[%d] Phase 1 negotiation mode mismatch The listed rule’s IKE phase 1 negotiation mode did not ma tch between the router and the peer .
Prestige 662H/HW Series User’s Guide 549 Appendix S Rule [%d] phase 2 mismatch The listed rule’s IKE phase 2 di d not match betwe en the router and the peer . Rule [%d] Phase 2 key length mismatch The listed rule’s IKE phase 2 key lengths (with the AES encryption algorithm) di d not match between the router and the peer .
Prestige 662H/HW Series User’s Guide Appendix S 550 Table 44 ACL Setting Notes P ACKET DIRECTION DIRECTION DESCRIPTION (L to W) LAN to W AN ACL set for packet s traveling from the LAN to the W AN. (W to L) W AN to LAN ACL set for p ackets traveling from the W AN to the LAN.
Prestige 662H/HW Series User’s Guide 551 Appendix S The following table shows RFC-2408 ISAKMP payload types that the log displays. Please refer to the RFC for detailed information on each type.
Prestige 662H/HW Series User’s Guide Appendix S 552 Log Commands Go to the command in terpreter interface ( Appendix N explains how to access and use the commands). Configuring What Y ou W ant the Prestige to Log 1 Use the sys logs load command to load the log setting buffer that allows you to configure which logs the Prestige is to record.
Prestige 662H/HW Series User’s Guide 553 Appendix S Use 0 to not record logs for that cate g ory , 1 to record only logs for that category , 2 to record only alerts for that category , and 3 to record both logs and alerts for that category . No t every parameter is available with every category .
Prestige 662H/HW Series User’s Guide 554 Index A Access methods 360 Address Assignment 79 Address mapping 136 Address Resolution Protocol (ARP) 82 ADSL standards 44 ADSL, what is it? 42 AH 214 AH (A.
Prestige 662H/HW Series User’s Guide 555 BW Budget 280 C CA 492 CAC 184 call back delay 31 1 Call filtering 362 Call filters Built-in 362 User-defined 362 Call Scheduling 43 0 Maximum Number of Sche.
Prestige 662H/HW Series User’s Guide 556 DeMilitarized Zone (DMZ) 48 Denial of Service 145 , 146 , 177 , 360 Destination Address 161 Device Filter rules 371 device model number 293 Device rule 371 D.
Prestige 662H/HW Series User’s Guide 557 Remote Node Filter 332 Remote Node Filters 374 Sample 372 SUA 371 TCP/IP Filter Rule 367 Filter Log 392 Filter Rule Process 363 Filter Rule Setup 366 Filter .
Prestige 662H/HW Series User’s Guide 558 Internal SPTGEN 450 FTP Upload Ex ample 452 Points to Remember 451 T ext File 450 Internal SPTGEN Screens 506 Internal SPTGEN screens 506 Internet Access 45 .
Prestige 662H/HW Series User’s Guide 559 MAC filter 95 Macro virus 204 Main Menu 298 maintenance 284 management idle timeout period 55 , 497 Management Information Ba se (MIB) 377 Manually Update Vi.
Prestige 662H/HW Series User’s Guide 560 POP3 132 , 146 , 14 7 Port Numbers 132 power 454 PPP (Point-to-Point Protocol) 97 PPP Encapsulation 334 PPP Log 393 PPP session over Ethernet (PPP over Ether.
Prestige 662H/HW Series User’s Guide 561 LAN to W AN 161 Logic 159 Predefined Services 173 Summary 164 S SA 212 , 44 0 SA life time 442 SA lifetime 446 SA Monitor 446 SA monitor 446 Sample IP Addres.
Prestige 662H/HW Series User’s Guide 562 System S tatus 387 System T imeout 24 7 , 420 T task bar properties 503 TCP Maximum Incomplete 177 , 178 TCP Security 152 TCP/IP 146 , 147 , 247 , 371 , 394 .
Prestige 662H/HW Series User’s Guide 563 WEP encryption 93 Wi-Fi Protected Access 99 Wi-Fi Protected Access (WP A) 47 WinPopup windo w 502 Wireless Client WP A Supp licants 102 Wireless LAN 316 , 48.
An important point after buying a device ZyXEL Communications 662HW Series (or even before the purchase) is to read its user manual. We should do this for several simple reasons:
If you have not bought ZyXEL Communications 662HW Series yet, this is a good time to familiarize yourself with the basic data on the product. First of all view first pages of the manual, you can find above. You should find there the most important technical data ZyXEL Communications 662HW Series - thus you can check whether the hardware meets your expectations. When delving into next pages of the user manual, ZyXEL Communications 662HW Series you will learn all the available features of the product, as well as information on its operation. The information that you get ZyXEL Communications 662HW Series will certainly help you make a decision on the purchase.
If you already are a holder of ZyXEL Communications 662HW Series, but have not read the manual yet, you should do it for the reasons described above. You will learn then if you properly used the available features, and whether you have not made any mistakes, which can shorten the lifetime ZyXEL Communications 662HW Series.
However, one of the most important roles played by the user manual is to help in solving problems with ZyXEL Communications 662HW Series. Almost always you will find there Troubleshooting, which are the most frequently occurring failures and malfunctions of the device ZyXEL Communications 662HW Series along with tips on how to solve them. Even if you fail to solve the problem, the manual will show you a further procedure – contact to the customer service center or the nearest service center
