Instruction/ maintenance manual of the product ADSL 2+ Gateway P-660HW-T1 ZyXEL Communications
Go to page of 465
P-660H/HW/W -T Series ADSL 2+ Gateway User ’ s Guide V ersion 3.40 6/2005.
P-660H/HW/W-T Series User’ Guide Copyright 2 Copyright Copyright © 2005 by ZyXEL Communications Corpo ration. The contents of this publication may not be reprod uced in any part or as a wh ole, tra.
P-660H/HW/W-T Series User’ Guide 3 Federal Communications Commission (FCC) Interference Statement Federal Communications Commission (FCC) Interference S t atement This device complies with Part 15 of FCC rul es. Operation is subject to the following two conditions: • This device may not cause harmful interference.
P-660H/HW/W-T Series User’ Guide Federal Com munications Commission ( FCC) Interf erence Statem ent 4 This transmitter must not be co-located or op erating in conj unction with any other an tenna or transmitter . ZyXEL Communications Corporation declared th at Prestige 660HW -T1 is limited in CH1~1 1 from 2400 to 2483 .
P-660H/HW/W-T Series User’ Guide 5 Safety Warnings Safety W arnings For your safety , be sure to read and fo llow all warning notices and instructions. • T o reduce the risk of fire, use only No. 26 A WG (American Wire Gauge) or lar ger telecommunication line cord.
P-660H/HW/W-T Series User’ Guide ZyXEL Limited Warranty 6 ZyXEL Limited W arranty ZyXEL warrants to the original en d user (purchaser) that this product is free from any defects in materials or workmansh ip for a period of up to tw o years from the date of purchase .
P-660H/HW/W-T Series User’ Guide 7 Customer Suppo rt Customer Support Please have the following information r eady when you contact customer support. • Product model and serial number . • W arranty Information. • Date that you received your de vice.
P-660H/HW/W-T Series User’ Guide Customer Support 8 UNITED KINGDOM support@zyxel.co.uk +44 (0) 1344 303044 08707 555779 (UK only) www .zyxel.co.uk ZyXEL Communications UK Ltd.,1 1 The Courtyard, Eastern Road, Bracknell, Berkshire, RG12 2XB, United Kingdom (UK) sales@zyxel.
P-660H/HW/W-T Series User’ Guide 9 Customer Suppo rt.
P-660H/HW/W-T Series User’ Guide Table of Contents 10 T able of Content s Copyright .................................................. .......................................... ...................... 2 Federal Communications Commissi on (FCC) Interference S t atement .
P-660H/HW/W-T Series User’ Guide 11 Table of Contents Chapter 3 Wizard Setup for Inte rnet Access ................................................................ ......... 54 3.1 Introduction ............................ ............. .............
P-660H/HW/W-T Series User’ Guide Table of Contents 12 5.8 Configuring Local User Au thenticat ion .................. ................ ............. ............... 85 5.9 Configuring RADIUS ... ................ ............. ................ .......
P-660H/HW/W-T Series User’ Guide 13 Table of Contents 7.4 Selecting the NA T Mode ....... ................ ................ ............. ................ ............. 107 7.5 Configuring SUA Server Set ........................... ................ .
P-660H/HW/W-T Series User’ Guide Table of Contents 14 Chapter 1 1 Firewall Configuration ....................................... ........................................... ....... 132 1 1 .1 Access Methods ......... ............. ................ .
P-660H/HW/W-T Series User’ Guide 15 Table of Contents 13.2 T elnet ................ ............. ................ ............. ............. ................ ............. .......... 159 13.3 FTP ............................ ............. ........
P-660H/HW/W-T Series User’ Guide Table of Contents 16 16.9 Configuring Summary ...................... ... ............. ............. ................ ............. ...188 16.10 Configuring Class Setup .................. ................ ...........
P-660H/HW/W-T Series User’ Guide 17 Table of Contents Chapter 21 Menu 3 LAN Setup .............. ..................................................... ............................ 222 21.1 LAN Setup ..................... ............. ..............
P-660H/HW/W-T Series User’ Guide Table of Contents 18 25.2 Configuration ................. ................ ............. ................ ............. ................ ....... 246 Chapter 26 Bridging Setup .................... ....................
P-660H/HW/W-T Series User’ Guide 19 Table of Contents 29.7 Applying Filters and Factory Defaults ............... ............. ................ ............. ...283 29.7.1 Ethernet T raffic . ............. ................ ................ .........
P-660H/HW/W-T Series User’ Guide Table of Contents 20 33.3 Restore Configuration ... ............. ................ ............. ................ ................ ....... 31 1 33.3.1 Restore Using FTP ........ ................ ............. .......
P-660H/HW/W-T Series User’ Guide 21 Table of Contents Chapter 38 T roubleshooting ....................................... .......................................... .................. 342 38.1 Problems S tarting Up the Prestige ....... .............
P-660H/HW/W-T Series User’ Guide Table of Contents 22 Command Usage ... ................ ............. ................ ............. ................ ............. ......... 386 Appendix G Firewall Commands .........................................
P-660H/HW/W-T Series User’ Guide 23 Table of Contents Appendix M Internal SPTGEN ................................................................................ .................. 430 Internal SPTGEN Overview ............. ................ ........
P-660H/HW/W-T Series User’ Guide List of Figure s 24 List of Figures Figure 1 Protected Internet A ccess Applications ............................ ................. ................ ... 46 Figure 2 LAN-to-LAN Applicat ion Example ........ ..........
P-660H/HW/W-T Series User’ Guide 25 List of Figures Figure 39 Multiple Servers Behind NA T Exampl e ........ ............. ................ ............. ............. 107 Figure 40 NA T Mode ....... ................ ............. ................ .
P-660H/HW/W-T Series User’ Guide List of Figure s 26 Figure 82 Network Connections: My Network Pl aces ............... ............. ............. ................ 174 Figure 83 Network Connections: My Network Pl aces: Properties: Ex ample .........
P-660H/HW/W-T Series User’ Guide 27 List of Figures Figure 125 Menu 1 1.1 Remote Node Profile ............ ............. ............. ................ ............. ... 238 Figure 126 Menu 1 1.3 Remote Node Network Layer Options ...................
P-660H/HW/W-T Series User’ Guide List of Figure s 28 Figure 168 NetBIOS_LAN Filter Rules Summary ................. ................ ............. ................ 275 Figure 169 IGMP Filter Rules Summary ..... ... ....... ................ ..........
P-660H/HW/W-T Series User’ Guide 29 List of Figures Figure 21 1 Menu 25 IP Routing Policy Setup .............. ................ ................ ................ ....... 329 Figure 212 Menu 25.1 IP Routing Policy Setup ........... ................ .
P-660H/HW/W-T Series User’ Guide List of Figure s 30 Figure 254 Red Hat 9.0: Restart Ethernet Card ...... ................ ............. ................ ............. 375 Figure 255 Red Hat 9.0: Checking TCP/IP Prope rties ............... .........
P-660H/HW/W-T Series User’ Guide 31 List of Figures.
P-660H/HW/W-T Series User’ Guide List of Tables 32 List of T ables T able 1 AD SL S t andards ............. ................ ................ ............. ................ ............. ............. 42 T able 2 Front Panel LED s .............. ...
P-660H/HW/W-T Series User’ Guide 33 List of Tables T able 39 Firewall: Edit R ule .. ................ ............. ................. ................ ................ ............. ... 1 40 T able 40 Customized Services .......................... .
P-660H/HW/W-T Series User’ Guide List of Tables 34 T able 82 Menu 3. 2.1 IP Alias Set up .................. ................. ................ ............. ................ ... 232 T able 83 Menu 4 Internet Access Setup ........ ............. .....
P-660H/HW/W-T Series User’ Guide 35 List of Tables T able 125 A llowed IP Address Range By Class .... ................ ................ ................ ............. 377 T able 126 “Natural” Mas ks ............ ............. ................ ..
P-660H/HW/W-T Series User’ Guide List of Tables 36 T able 168 Menu 15 SUA Server Setup (SMT Menu 15) .......................... ................ .......... 442 T able 169 Menu 21.1 Filter Set #1 (SMT Menu 21.1) ........ ................ ............
P-660H/HW/W-T Series User’ Guide 37 List of Tables.
P-660H/HW/W-T Series User’ Guide Preface 38 Preface Congratulations on y our purchase of t he P-660H/HW/W T series ADSL 2+ gateway . P-660W and P-660HW come with biult-in IEEE 802.
P-660H/HW/W-T Series User’ Guide 39 Preface • W eb Configurator Online Help Embedded web help for descriptions of individual screens and supplementary information. • ZyXEL Glossary and W eb Site Please refer to www .zyxel.com for a n online gl ossary of netw orking terms and additional support documentation.
P-660H/HW/W-T Series User’ Guide Introduction to DSL 40 Introduction to DSL DSL (Digital Subscriber Line) te chnology enhances the data ca pacity of the existing twisted- pair wire that runs betwee n the local telephone co mpany switching of fi ces and most homes and offices.
P-660H/HW/W-T Series User’ Guide 41 Introduction to DSL.
P-660H/HW/W-T Series User’ Guide Chapter 1 Getting To Kn ow Your Prestige 42 C HAPTER 1 Getting T o Know Y our Prestige This chapter describes the key features and applications of your Prestige .
P-660H/HW/W-T Series User’ Guide 43 Chapter 1 G etting To Know Your Pres tige Note: See the product specifications in t he appendix for deta iled features and standards support. High Speed Internet Access Y our Prestige ADSL/ADSL2/ADSL2+ router can support downstream transmission rates of up to 24Mbps and upst ream tran smission rates of 3 .
P-660H/HW/W-T Series User’ Guide Chapter 1 Getting To Kn ow Your Prestige 44 Universal Plug and Play (UPnP) Using the standard TCP/IP protocol, the Pr estige and other UPnP enable d devices can dynamically join a network, obtain an IP addr ess and convey its capab ilities to other devices on the network.
P-660H/HW/W-T Series User’ Guide 45 Chapter 1 G etting To Know Your Pres tige Packet Filters The Prestige's packet filtering functions a llows added network security and management. Housing Y our Prestige's compact and ven tilated housing minimizes space requirements making it easy to position anywhere in your busy office.
P-660H/HW/W-T Series User’ Guide Chapter 1 Getting To Kn ow Your Prestige 46 1.3 Applications for the Prestige Here are some example uses for which the Prestig e is well suited. App lication graphics shown are for the P-660W . 1.3.1 Protected Internet Access The Prestige is the ideal high-speed Internet acc ess solution.
P-660H/HW/W-T Series User’ Guide 47 Chapter 1 G etting To Know Your Pres tige The following table describes the LEDs. 1.5 Hardware Connection Refer to the Quick S tart Guide for in formation on hard ware connection. Table 2 Front Panel LEDs LED COLOR ST ATUS DESCRIPTION PWR/SYS Green On The Prestige is receiv i ng power and functioning properly .
P-660H/HW/W-T Series User’ Guide Chapter 2 Introducing the Web Configur ator 48 C HAPTER 2 Introducing the W eb Configurator This chapter describes how to access and navigate the web configurator .
P-660H/HW/W-T Series User’ Guide 49 Chapter 2 Introducing the Web Configurator Figure 3 Password Screen 6 It is highly recommended you change th e default password! Enter a new password between 1 an.
P-660H/HW/W-T Series User’ Guide Chapter 2 Introducing the Web Configur ator 50 2.1.3 Navigating the We b Configurator The following summarizes how to navigate the web configurator from th e SITE MAP screen. W e use the Prestige 660W -T1 web screens in this guide as an example.
P-660H/HW/W-T Series User’ Guide 51 Chapter 2 Introducing the Web Configurator Wireless LAN (P-660W / P- 660HW only) Wireless Use this screen to conf igure the wireless LAN se ttings. MAC Filter Use this screen to change MA C filter settings on the Prestige.
P-660H/HW/W-T Series User’ Guide Chapter 2 Introducing the Web Configur ator 52 2.2 Change Login Password It is highly recommended that you periodic ally change the password for accessing the Prestige.
P-660H/HW/W-T Series User’ Guide 53 Chapter 2 Introducing the Web Configurator T able 4 Passwo rd LABEL DESCRIPTION Old Password T ype the default password or the ex isting password you use to acces s the system in this field. New Password T ype the new password in this field.
P-660H/HW/W-T Series User’ Guide Chapter 3 Wizard Setup for Internet Acces s 54 C HAPTER 3 W izard Setup for Internet Access This chapter provides informatio n on the W izard Setup scree ns for Internet access in the web configurator .
P-660H/HW/W-T Series User’ Guide 55 Chapter 3 Wiz ard Setup f or Internet Ac cess 2 The next wizard screen varies depending on wh at mode and encapsulatio n type you use. All screens shown are with routing mode. Configure the fields and click Next to continue.
P-660H/HW/W-T Series User’ Guide Chapter 3 Wizard Setup for Internet Acces s 56 Figure 9 Internet Connection with RFC 1483 The following table describes the fields in this screen. Table 6 Internet Connection with PPPoE LABEL DESCRIPTION Service Name T ype the name of your PPPoE service here.
P-660H/HW/W-T Series User’ Guide 57 Chapter 3 Wiz ard Setup f or Internet Ac cess Figure 10 Internet Connection with ENET ENCAP The following table describes the fields in this screen. Back Click Back to go back to the first wizard screen. Next Click Next to continue to the next wizard screen.
P-660H/HW/W-T Series User’ Guide Chapter 3 Wizard Setup for Internet Acces s 58 Figure 1 1 Internet Connect ion w ith PPPoA The following table describes the fields in this screen. Table 9 Internet Connection with PPPoA LABEL DESCRIPTION User Name Enter the logi n name that your ISP gives you.
P-660H/HW/W-T Series User’ Guide 59 Chapter 3 Wiz ard Setup f or Internet Ac cess 3 V erify the settings in the screen shown next. T o change the LAN information on the Prestige, click Change LAN Configurations . Otherwise cli ck Save Settings to save the configuration and skip to the section 3.
P-660H/HW/W-T Series User’ Guide Chapter 3 Wizard Setup for Internet Acces s 60 The following table describes the fields in this screen. 4 The Prestige automatically tests the connectio n to the computer(s) connected to the LAN ports. T o test the connection from the Prestige to the ISP , click S tart Diagnose .
P-660H/HW/W-T Series User’ Guide 61 Chapter 3 Wiz ard Setup f or Internet Ac cess.
P-660H/HW/W-T Series User’ Guide Chapter 4 LAN Setup 62 C HAPTER 4 LAN Setup This chapter describes how to configure LAN settings. 4.1 LAN Overview A Local Area Network (LAN) is a shared comm unication system to which many computers are attached.
P-660H/HW/W-T Series User’ Guide 63 Chapter 4 LAN Setup 4.1.2 DHCP Setup DHCP (Dynamic Host Configuration Protocol , RFC 2131 and RFC 2132) allows in dividual clients to obtain TCP/IP configuration at star t-up from a server . Y ou can configure the Prestige as a DHCP server or disable it.
P-660H/HW/W-T Series User’ Guide Chapter 4 LAN Setup 64 There are two ways that an ISP disseminates the DNS serve r addresses. • The ISP tells you the DNS server addresses, us ually in the form of an information sheet, when you sign up. If your ISP gives you DNS server addresses, enter them in the DNS Server fields in the LAN Setup screen.
P-660H/HW/W-T Series User’ Guide 65 Chapter 4 LAN Setup 4.2.1.1 Private IP Addresses Every machine on the Internet must ha ve a unique address. If your ne tworks are isolate d from the Internet, for example, only between your two branch of fices, you can assign any IP addresses to the hosts without problems.
P-660H/HW/W-T Series User’ Guide Chapter 4 LAN Setup 66 4.2.3 Multicast T raditionally , IP packets are transmitted in one of either two ways - Unicast (1 sender - 1 recipient) or Broadcast (1 sender - everybody on the network). Multicast delivers IP packets to a group of host s on the networ k - not everybody and not just 1.
P-660H/HW/W-T Series User’ Guide 67 Chapter 4 LAN Setup Figure 16 Any IP Example The Any IP fe ature does n ot apply to a computer using either a dy namic IP address or a static IP address that is in the same subnet as the Prestige’ s IP addres s.
P-660H/HW/W-T Series User’ Guide Chapter 4 LAN Setup 68 4.3 Configuring LAN Click LAN to open the LAN Setup screen. See Section 4.1 on page 62 for background information.
P-660H/HW/W-T Series User’ Guide 69 Chapter 4 LAN Setup Size of Client IP Pool This field specifies the size or count of the IP address pool. Primary DNS Server Enter the IP addresses of the DNS se rvers. The DNS servers are passed to the DHCP clients along with the IP address and the subnet mask.
P-660H/HW/W-T Series User’ Guide Chapter 5 Wireless LAN 70 C HAPTER 5 W ireless LAN This chapter discusses how to configure the W i reless LAN screens for P-660HW or P-660W .
P-660H/HW/W-T Series User’ Guide 71 Chapter 5 Wireless LAN • Use RADIUS authentication if you have a RADIUS server . See the appendices for information on pro tocols used when a client authenticates with a RADIUS server via the Prestige. • Use the Local User Database if you have less than 32 wireless client s in your network.
P-660H/HW/W-T Series User’ Guide Chapter 5 Wireless LAN 72 Figure 18 Wirele ss LAN The following table describes the links in this screen. The following figure shows th e relative effectiveness of th ese wireless security methods available on your Prestige.
P-660H/HW/W-T Series User’ Guide 73 Chapter 5 Wireless LAN Figure 19 Wireless Secu rity Method s Note: Y ou must enable the same wireless securi ty settings on the Prestige and on all wireless clients that you w ant to associate with it.
P-660H/HW/W-T Series User’ Guide Chapter 5 Wireless LAN 74 Figure 20 Wireless Sc reen The following table describes the labels in this screen. Table 13 Wirel ess LAN LABEL DESCRIPTION Enable Wireless LAN Y ou shoul d configure some wireless security (see Fig ure 19 on page 73 ) when you enable the wireless LAN.
P-660H/HW/W-T Series User’ Guide 75 Chapter 5 Wireless LAN Note: If you are configuring the Prestige from a computer connecte d to the wireless LAN and you change the Prestige’s ESSID or security settings (see F igure 19 on page 73 ), you will lose your wirele ss connection when you p ress Apply to confirm.
P-660H/HW/W-T Series User’ Guide Chapter 5 Wireless LAN 76 Note: Be careful not to list your computer’s MAC address and set the Action field to Deny Association when managing the Prestige vi a a wireless conne ction. This would lock you out. Figure 21 MAC Filter The following table describes the fields in this menu.
P-660H/HW/W-T Series User’ Guide 77 Chapter 5 Wireless LAN 5.6 Introduction to WP A W i-Fi Protec ted Access (WP A) is a subset of th e IEEE 802.1 1i standard. WP A is preferred to WEP as WP A has user authe ntication and improv ed data encryption. See the appendix f or more information on WP A user authentication and WP A encryption.
P-660H/HW/W-T Series User’ Guide Chapter 5 Wireless LAN 78 Figure 22 WP A - PSK Authentication 5.6.2 WP A with RADIUS Application Example Y ou need the IP address, port number (default is 1812) and s hared secret of a RADIUS server . A WP A application example with an external RADIUS server looks as follows.
P-660H/HW/W-T Series User’ Guide 79 Chapter 5 Wireless LAN Figure 23 WP A with RADIUS Application Example2 5.6.3 Wireless Client WP A Supplicant s A wireless client supplicant is the software that runs on an operating system instructing the wireless client how to use WP A.
P-660H/HW/W-T Series User’ Guide Chapter 5 Wireless LAN 80 5.7.1 No Access Allowe d or Authentication Select No Access Allowed or No Authentication Required in the Wire less Port Control field. Figure 24 Wireless LAN: 802.1x/WP A: No Access Allowed Figure 25 Wireless LAN: 802.
P-660H/HW/W-T Series User’ Guide 81 Chapter 5 Wireless LAN • A computer with an IEEE 802.1 1 a/b/g wi rel ess LAN adapter and equipped with a web browser (with JavaScript enabled) and/or T e lnet. • A wireless station computer must be runn ing IEEE 802.
P-660H/HW/W-T Series User’ Guide Chapter 5 Wireless LAN 82 Note: Once you enable user auth entication, y ou need to specify an external RADIUS server or create local user account s on the Prestige for authentication.
P-660H/HW/W-T Series User’ Guide 83 Chapter 5 Wireless LAN See Section 5.6 on page 7 7 for more information. Figure 27 Wireless LAN: 802.1x/WP A: WP A The following table describes the labe ls not previously discussed. Table 17 Wireless LAN: 802.1x/WP A: WP A LABEL DESCRIPTION Key Management Protocol Choose WP A in this field.
P-660H/HW/W-T Series User’ Guide Chapter 5 Wireless LAN 84 5.7.4 Authentication Required: WP A-PSK Select Authentication Required in the Wireless Port Contr ol field and WP A-PSK in the Key Management Protocol field to display the next screen. See Section 5.
P-660H/HW/W-T Series User’ Guide 85 Chapter 5 Wireless LAN 5.8 Configuring Local User Authentication By storing user profiles locally , your Prestige is able to authenticate wireless users without interacting with a network RADIUS server . However , there is a limit on the number of users you may authentica te in this way .
P-660H/HW/W-T Series User’ Guide Chapter 5 Wireless LAN 86 Figure 29 Local User Database The following table describes th e fields in this screen. Table 19 Local User Database LABEL DESCRIPTION # This is the index number of a local user account. Active Se lect this check box to enable the user profile.
P-660H/HW/W-T Series User’ Guide 87 Chapter 5 Wireless LAN 5.9 Configuring RADIUS T o set up your Prestige’ s RADIUS server settings, click WIRELESS LAN , RADIUS . The screen appears as shown. Figure 30 RADIUS The following table describes th e fields in this screen.
P-660H/HW/W-T Series User’ Guide Chapter 5 Wireless LAN 88 Port Number The default port of the RADIUS server for accounting is 1813 . Y ou need not chan ge this value unless your network administrator instructs you to do so with additional information.
P-660H/HW/W-T Series User’ Guide 89 Chapter 5 Wireless LAN.
P-660H/HW/W-T Series User’ Guide Chapter 6 WAN Setup 90 C HAPTER 6 W AN Setup This chapter describes how to configure W AN settings. 6.1 W AN Overview A W AN (W ide Area Network) is an outside conn ection to another network or the Intern et. 6.1.1 Encap sulation Be sure to use the encapsulat ion method required by your IS P .
P-660H/HW/W-T Series User’ Guide 91 Chapter 6 WAN Setup 6.1.1.4 RFC 1483 RFC 1483 describes two methods for Multipro tocol Encapsulation over A TM Adaptation Layer 5 (AAL5).
P-660H/HW/W-T Series User’ Guide Chapter 6 WAN Setup 92 6.1.4.2 IP Assignment wi th RFC 1483 Encap sulation In this case the IP Address Assignment must be static with the same requirements for the IP Address an d ENET ENCAP Gateway fields a s stated above.
P-660H/HW/W-T Series User’ Guide 93 Chapter 6 WAN Setup For example, if the normal route has a metric of "1" and the traffic-redirect route has a metric of "2" and dial-backup route has a metric of "3", then the normal route acts as the primary default route.
P-660H/HW/W-T Series User’ Guide Chapter 6 WAN Setup 94 Peak Cell Rate (PCR) is the maximum rate at wh ich the sender can send cells. This parameter may be lower (but not hig her) than the maximum line speed. 1 A TM cell is 53 bytes (424 bits), so a maximum speed of 832Kbps gives a maximu m PCR of 1962 cells/sec.
P-660H/HW/W-T Series User’ Guide 95 Chapter 6 WAN Setup 6.6 The Main W AN Screen Click WA N in the navigation pane l to display the man WA N screen. See Section 6.1 on page 9 0 for more information. Figure 32 WA N The following table describes the links in this screen.
P-660H/HW/W-T Series User’ Guide Chapter 6 WAN Setup 96 Figure 33 W AN Setup (PPPoE) The following table describes th e fields in this screen. Table 22 WAN S e t u p LABEL DESCRIPTION Name Enter the name of your Internet Service Provider , e.g., MyISP .
P-660H/HW/W-T Series User’ Guide 97 Chapter 6 WAN Setup Encapsulation Selec t the method of encapsulatio n used by your ISP from the drop-down list box. Choices vary depending on the mode you select in th e Mode field. If you select Bridge in the Mode field, select either PPPoA or RFC 1483 .
P-660H/HW/W-T Series User’ Guide Chapter 6 WAN Setup 98 6.8 T raffic Redirect T raf fic redirect forwards traffic to a backup gateway when the Prestige cannot connect to the Internet.
P-660H/HW/W-T Series User’ Guide 99 Chapter 6 WAN Setup Figure 34 T raf fic Redirect Example The following network topology allows you to avoid triangle route security issues when the backup gateway is co nnected to the LAN.
P-660H/HW/W-T Series User’ Guide Chapter 6 WAN Setup 100 Figure 36 W AN Backup The following table describes th e fields in this screen. Table 23 WAN B a c k u p LABEL DESCRIPTION Backup T yp e Select the method that the Pr esti ge uses to check the DSL connection.
P-660H/HW/W-T Series User’ Guide 101 Chapter 6 WAN Setup T imeout T ype the numbe r of seconds (3 recommended) for your Prestige to wait for a ping response from one of the IP addresses in the Check W AN IP Address field before timing out the request.
P-660H/HW/W-T Series User’ Guide Chapter 7 Network Address Translatio n (NAT) Screens 102 C HAPTER 7 Network Address T ranslation (NA T) Screens This chapter discusses how to configure NA T on the Prestige.
P-660H/HW/W-T Series User’ Guide 103 Chapt er 7 Network Ad dress Transla tion (NAT) Scr eens 7.1.2 What NA T Does In the simplest form, NA T changes the sour ce IP address in a packet received from a subscriber (the inside local address) to anothe r (the inside global address) before forwarding the packet to the W AN side.
P-660H/HW/W-T Series User’ Guide Chapter 7 Network Address Translatio n (NAT) Screens 104 Figure 37 How NA T Works 7.1.4 NA T Application The following figure illustrates a possible NA T application, wher e three inside LANs (logical LANs using IP Alias) behind the Prestige can communicate with three distinct W AN networks.
P-660H/HW/W-T Series User’ Guide 105 Chapt er 7 Network Ad dress Transla tion (NAT) Scr eens 7.1.5 NA T Mapping T ypes NA T supports five types of IP/port mapping. They are: • One to One : In One-to-One mode, the Prestige maps one local IP address to one global IP address.
P-660H/HW/W-T Series User’ Guide Chapter 7 Network Address Translatio n (NAT) Screens 106 7.2 SUA (Single User Account) V ersus NA T SUA (Single User Account) is a ZyNOS implemen tation of a subset of NA T that supports two types of mapping, Many-to-One and Server .
P-660H/HW/W-T Series User’ Guide 107 Chapt er 7 Network Ad dress Transla tion (NAT) Scr eens 7.3.3 Configuring Ser vers Behind SUA (Example) Let's say you want to assign po rts 21-25 to one FTP , T elnet and SMTP server (A in the example), port 80 to another (B in the exam ple) and assign a default server IP address of 192.
P-660H/HW/W-T Series User’ Guide Chapter 7 Network Address Translatio n (NAT) Screens 108 Figure 40 NA T Mode The following table describes the labels in this screen.
P-660H/HW/W-T Series User’ Guide 109 Chapt er 7 Network Ad dress Transla tion (NAT) Scr eens Figure 41 Edit SUA/NA T Server Set The following table describes th e fields in this screen. T able 28 Edit S UA/NA T Server Set LABEL DESCRIPTION S t art Port No.
P-660H/HW/W-T Series User’ Guide Chapter 7 Network Address Translatio n (NAT) Screens 110 7.6 Configuring Address Mapping Rules Ordering your rules is important because the Pr estige applies the rules in the order that you specify .
P-660H/HW/W-T Series User’ Guide 111 Chapt er 7 Network Ad dress Transla tion (NAT) Scr eens 7.7 Editing an Address Mapping Rule T o edit an address mapping rule, c lick the rule’ s link in the NA T Address Mapping Rules screen to display the screen sh own next.
P-660H/HW/W-T Series User’ Guide Chapter 7 Network Address Translatio n (NAT) Screens 112 Figure 43 Edit Address Mapping Rule The following table describes th e fields in this screen. Table 30 Edit Address Ma pping Rule LABEL DESCRIPTION Ty p e Ch oose the port mapping type from one of the fo llowing.
P-660H/HW/W-T Series User’ Guide 113 Chapt er 7 Network Ad dress Transla tion (NAT) Scr eens Cancel Click Cancel to return to the pr eviously saved settings.
P-660H/HW/W-T Series User’ Guide Chapter 8 Dynamic DNS Setup 114 C HAPTER 8 Dynamic DNS Setup This chapter discusses how to configure your Prestige to use Dynamic DNS.
P-660H/HW/W-T Series User’ Guide 115 Chapter 8 Dynamic DNS Setup Figure 44 Dynamic DNS The following table describes th e fields in this screen. Table 31 Dynamic DNS LABEL DESCRIPTION Active Select this check box to use dynamic DNS. Service Provider This is the name of your Dyn amic DNS service pr ovider .
P-660H/HW/W-T Series User’ Guide Chapter 9 Time and Date 116 C HAPTER 9 T ime and Date This screen is not available on all models. Us e this screen to configur e the Prestige’ s time and date settings. 9.1 Configuring T ime and Date T o change your Prestige’ s time and date, click Time And Date .
P-660H/HW/W-T Series User’ Guide 117 Chapter 9 Time and Date Table 32 T ime a nd Date LABEL DESCRIPTION T ime Server Use Protocol when Bootup Select the time service protocol that your time server sends w hen you turn on the Prestige.
P-660H/HW/W-T Series User’ Guide Chapter 10 Firewalls 118 C HAPTER 10 Firewalls This chapter gives some backgr ound information on firewalls and introduces the Prestige firewall. 10.1 Firewall Overview Originally , the term fir ewall referred to a construction techni que designed to prevent the spread of fire from one room to another .
P-660H/HW/W-T Series User’ Guide 119 Chapter 10 Firewalls 10.2.2 Application-level Firewalls Application-level firewalls restrict access by serv ing as proxies for e xternal servers.
P-660H/HW/W-T Series User’ Guide Chapter 10 Firewalls 120 • The LAN (Local Area Network) port attache s to a network of compute rs, which needs security from the outside world. These computer s will have access to Internet services such as e-mail, FTP , and the W orld W ide W e b.
P-660H/HW/W-T Series User’ Guide 121 Chapter 10 Firewalls 10.4.2 T ypes of DoS Atta cks There are four types of DoS attacks: 1 Those that exploit bugs in a TCP/IP implementation. 2 Those that exploit weaknesses in the TCP/IP specification. 3 Brute-force attacks that flood a network with useless data.
P-660H/HW/W-T Series User’ Guide Chapter 10 Firewalls 122 Figure 47 Three-W ay Handshake Under normal circumstances, the applica tion that initiates a session sends a SYN (synchronize) packet to the receiving server .
P-660H/HW/W-T Series User’ Guide 123 Chapter 10 Firewalls (ICMP) echo request packets (pin gs). Since the destination IP address of each packet is the broadcast address of the network, the router will broadcast the ICMP echo request packet to all hosts on the network.
P-660H/HW/W-T Series User’ Guide Chapter 10 Firewalls 124 All SMTP commands are illegal except for tho se displayed in the following tables. 10.4.2.3 T raceroute T raceroute is a utility used to determine th e path a packet takes between two endpoints.
P-660H/HW/W-T Series User’ Guide 125 Chapter 10 Firewalls Figure 50 S tateful Inspection The previous figure shows the Prestige’ s default firewall rules in action as well as demonstrates how stateful inspection works. User A can initiate a T elnet session from within the LAN and responses to this request are allowe d.
P-660H/HW/W-T Series User’ Guide Chapter 10 Firewalls 126 temporary entries might be modified, in order to permit only packets that are valid for the current state o f the conn ection.
P-660H/HW/W-T Series User’ Guide 127 Chapter 10 Firewalls When the Prestige receives any subsequent packet (from the In ternet or from the LAN), its connection information is extracted and checked against the cache.
P-660H/HW/W-T Series User’ Guide Chapter 10 Firewalls 128 • Limit who can telnet into your router . • Don't enable any local service (such as SN MP or NTP) that you don't use. An y enabled service could present a potential sec urity risk.
P-660H/HW/W-T Series User’ Guide 129 Chapter 10 Firewalls • Always shred confidential in formation, particularly about your computer , before throwing it away . Some hackers dig through the trash of companies or individuals for information that might he lp them in an attack.
P-660H/HW/W-T Series User’ Guide Chapter 10 Firewalls 130 • A range of source an d destination IP address es as well as port numbers can be specified within one firewall rule making the fire wall a better choice when complex rules are required.
P-660H/HW/W-T Series User’ Guide 131 Chapter 10 Firewalls.
P-660H/HW/W-T Series User’ Guide Chapter 11 Firewall Configurat ion 132 C HAPTER 11 Firewall Configuration This chapter shows you how to enable and configure the Prestige firewall. 1 1.1 Access Methods The web configurator is, by far , the most co mprehensive firewall configuration tool your Prestige has to offer .
P-660H/HW/W-T Series User’ Guide 133 Chapter 11 Firewall Configuration Note: If you configure firewall rules wit hout a good underst anding of how they work, you might inadvertently introduce securi ty risks to the f irewall and to the protected network.
P-660H/HW/W-T Series User’ Guide Chapter 11 Firewall Configurat ion 134 4 Does a rule that allows Internet users acces s to resources on the LAN create a security vulnerability? For example, if FTP ports (TCP 20, 21) are al lowed from the Internet to t he LAN, Internet users may be able to connect to computers with running FTP servers.
P-660H/HW/W-T Series User’ Guide 135 Chapter 11 Firewall Configuration The default rule for W AN to LAN traffic bloc ks all incoming connections (W AN to LAN). If you wish to allow certain W AN users to have access to your LAN, you will need to create custom rules to allow it.
P-660H/HW/W-T Series User’ Guide Chapter 11 Firewall Configurat ion 136 1 1.6 Rule Summary Note: The ordering of your rule s is very import ant as rules are app lied in turn. Refer to Section 10.1 on page 1 18 for more information. Click on Fire wall , then Rule Summary to bring up the following screen.
P-660H/HW/W-T Series User’ Guide 137 Chapter 11 Firewall Configuration Figure 52 Firewall: Rule Summary The following table describes the labels in this screen.
P-660H/HW/W-T Series User’ Guide Chapter 11 Firewall Configurat ion 138 1 1.6.1 Configuring Firewall Rules Refer to Section 10.1 on page 1 18 for more information. Follow these directions to create a new rule. 1 In the Rule Summary screen, type the index number for where you want to put the rule.
P-660H/HW/W-T Series User’ Guide 139 Chapter 11 Firewall Configuration Figure 53 Firewall: Edit Rule The following table describes the labels in this screen.
P-660H/HW/W-T Series User’ Guide Chapter 11 Firewall Configurat ion 140 Table 39 Firewall: Edit Rule LABEL DESCRIPTION Active Select this option to ena ble this firewall rule. Action for Matched Packet Use the radio button to select whether to disca rd ( Block ) o r allow the passage of ( Forward ) packets that match this rule.
P-660H/HW/W-T Series User’ Guide 141 Chapter 11 Firewall Configuration 1 1.7 Customized Services Configure customized services and port numbers not predefined by the Prestige. For a comprehensive list of port numbers and services, visit the IANA (Internet Assigned Number Authority) website.
P-660H/HW/W-T Series User’ Guide Chapter 11 Firewall Configurat ion 142 Refer to Section 10.1 on page 1 18 for more information. Figure 55 Firewall: Configure Customized Services The following table describes the labels in this screen.
P-660H/HW/W-T Series User’ Guide 143 Chapter 11 Firewall Configuration Figure 56 Firewall Example: Rule Summary 3 In the Rule Summary screen, type the index number for where you want to put the rule. For example, if you type “6”, your new rule becomes number 6 and the previous rule 6 (i f there is one) becomes rule 7.
P-660H/HW/W-T Series User’ Guide Chapter 11 Firewall Configurat ion 144 Figure 57 Firewall Example: Edit Ru le: Des tination Addres s 7 In the Edit Rule screen, click the Customized Servic es link to open the Customized Service screen.
P-660H/HW/W-T Series User’ Guide 145 Chapter 11 Firewall Configuration Figure 59 Firewall Example: Edit Rule: Select Customized Services Note: Custom ports show up with an “*” before their names in the Services list b ox and the Rule Summary list box.
P-660H/HW/W-T Series User’ Guide Chapter 11 Firewall Configurat ion 146 Rule 2 allows a “My Service” connection fro m the W AN to IP addresses 10.0.0.10 through 10.0.0.15 on the LAN. Figure 60 Firewall Example: Rule Summary: My Service 1 1.10 Predefined Services The A vailable Services list box in the Edit Rule screen (see Section 1 1.
P-660H/HW/W-T Series User’ Guide 147 Chapter 11 Firewall Configuration CU-SEEME(TCP/UDP:7648, 24032) A popular videocon ferencing solution from White Pines So ftware. DNS(UDP/TCP:53) Domain Name Server , a service that matches web names (e.g. www .zyxel.
P-660H/HW/W-T Series User’ Guide Chapter 11 Firewall Configurat ion 148 1 1.1 1 Anti-Probing If an outside user attempts to probe an unsupp orted port on your Prestige, an ICMP respon se packet is automatically returned. This allows the outside user to know the Prestige exists.
P-660H/HW/W-T Series User’ Guide 149 Chapter 11 Firewall Configuration Figure 61 Firewall: Anti Probing The following table describes the labels in this screen. 1 1.12 DoS Thresholds For DoS attacks, the Prestige uses thresholds to dete rmine when to drop sessions that do not become fully established.
P-660H/HW/W-T Series User’ Guide Chapter 11 Firewall Configurat ion 150 1 1.12.1 Threshold V alues T une these parameters when some thing is not working and after y ou have checked the firewall counters. These default values sh ould work fine for most small offices.
P-660H/HW/W-T Series User’ Guide 151 Chapter 11 Firewall Configuration Whenever the number of half-o pen sessions with the same destin ation host address rises a bove a threshold ( TCP Maximum Incom.
P-660H/HW/W-T Series User’ Guide Chapter 11 Firewall Configurat ion 152 Table 44 Firewall: Thre shold LABEL DESCRIPTION DEF AUL T V ALUES Denial of Service Thresholds One Minute Low This is the rate of new half-open sessions that causes the firewall to stop deleting hal f-open sessions.
P-660H/HW/W-T Series User’ Guide 153 Chapter 11 Firewall Configuration Deny new connection request for Select this radio button and specify for how long the Prestige should block new connection requests when TCP Maximum Incomplete is reached. Enter the length of blocking time in minutes (between 1 and 256).
P-660H/HW/W-T Series User’ Guide Chapter 12 Content Filtering 154 C HAPTER 12 Content Filtering This chapter covers how to configure content filtering. 12.1 Content Filtering Overview Internet content filtering allows you to create and enforce Internet access policies tailored to your needs.
P-660H/HW/W-T Series User’ Guide 155 Chapter 12 Content Filtering 12.3 Configuring Keyword Blocking Use this screen to block sites containing certai n keywords in the URL. For example, if you enable the keyword "bad", the Prestige blocks all sites contai ning this keyword including the URL http://www .
P-660H/HW/W-T Series User’ Guide Chapter 12 Content Filtering 156 12.4 Configuring the Schedule T o set the days and times for the Prestige to perform content filtering, click Conten t Filter and Schedule . The screen appears as shown. Figure 65 Content Filter: Schedule The following table describes the labels in this screen.
P-660H/HW/W-T Series User’ Guide 157 Chapter 12 Content Filtering Figure 66 Content Filter: T rusted The following table describes the labels in this screen.
P-660H/HW/W-T Series User’ Guide Chapter 13 Remote M anagement Configura tion 158 C HAPTER 13 Remote Management Configuration This chapter provides information on config uring remote management.
P-660H/HW/W-T Series User’ Guide 159 Chapter 13 Remote Manag ement Configuration • A filter in SMT menu 3.1 (LAN) or in menu 1 1.5 (W AN) is applied to block a T elnet, FTP or W eb service. • Y ou have disabled that service in one of the remote management screens.
P-660H/HW/W-T Series User’ Guide Chapter 13 Remote M anagement Configura tion 160 13.3 FTP Y ou can upload and download Prestige firmware and configuration files using FTP . T o use this feature, your computer must have an FTP client. 13.4 W eb Y ou can use the Prestige’ s embedded web configur ator for configuration and file management.
P-660H/HW/W-T Series User’ Guide 161 Chapter 13 Remote Manag ement Configuration.
P-660H/HW/W-T Series User’ Guide Chapter 14 Universa l Plug-and-Play (UPnP) 162 C HAPTER 14 Universal Plug-and-Play (UPnP) This chapter introduces the UPnP feature in the web configura tor .
P-660H/HW/W-T Series User’ Guide 163 Chapter 14 Universa l Plug-and-Play (UPnP) 14.1.3 Cautions with UPnP The automated nature of NA T traversal applications in establishing their own services and opening firewall ports ma y present network security issues.
P-660H/HW/W-T Series User’ Guide Chapter 14 Universa l Plug-and-Play (UPnP) 164 14.3 Inst alling UPnP in Windows Example This section shows ho w to install UPnP in W indows Me and W indows XP . Inst alling UPnP in Windows Me Follow the steps below to inst all the UPnP in W indows Me.
P-660H/HW/W-T Series User’ Guide 165 Chapter 14 Universa l Plug-and-Play (UPnP) Figure 70 Add/Remove Programs: Windows Setup : Communication 3 In the Communications window , select the Universal Plug and Play check box in th e Components selection box.
P-660H/HW/W-T Series User’ Guide Chapter 14 Universa l Plug-and-Play (UPnP) 166 Inst alling UPnP in Windows XP Follow the steps below to install the UPnP in Windows XP .
P-660H/HW/W-T Series User’ Guide 167 Chapter 14 Universa l Plug-and-Play (UPnP) Figure 73 Windows Op tional Networ king Compon ents Wizard 5 In the Networking Services window , se lect the Universal Plug and Play check box.
P-660H/HW/W-T Series User’ Guide Chapter 14 Universa l Plug-and-Play (UPnP) 168 Figure 74 Networking Servic es 6 Click OK to go back to the W indows Optional Networking Component Wizard window and click Next . 14.4 Using UPnP in Windows XP Example This section shows yo u how to use the UPn P feature in W indows XP .
P-660H/HW/W-T Series User’ Guide 169 Chapter 14 Universa l Plug-and-Play (UPnP) Figure 75 Network Connections 3 In the Internet Connection Properties window , click Settings to see the port mappings there were automatically created.
P-660H/HW/W-T Series User’ Guide Chapter 14 Universa l Plug-and-Play (UPnP) 170 Figure 76 Internet Co nnection Prop erties 4 Y ou may edit or delete the port mappings or click Add to manually add port mappings.
P-660H/HW/W-T Series User’ Guide 171 Chapter 14 Universa l Plug-and-Play (UPnP) Figure 77 Internet Connection Properties: Advanced Settin gs Figure 78 Internet Connection Pr operties: Advanced Settings: Add 5 When the UP nP-enabled device is disco nnected from your computer , all port mappings will be deleted automatically .
P-660H/HW/W-T Series User’ Guide Chapter 14 Universa l Plug-and-Play (UPnP) 172 Figure 79 System T ray Icon 7 Double-click on the icon to display yo ur curr ent Internet co nnection sta tus.
P-660H/HW/W-T Series User’ Guide 173 Chapter 14 Universa l Plug-and-Play (UPnP) Figure 81 Network Connections 4 An icon with the description for e ach UPnP-enabled device disp lays under Local Network . 5 Right-click on the icon for your Prestige and select Invoke .
P-660H/HW/W-T Series User’ Guide Chapter 14 Universa l Plug-and-Play (UPnP) 174 Figure 82 Network Con nections: M y Network Places 6 Right-click on the icon for your Prestige and select Pr operties . A properties window displays with basic information about the Prestige.
P-660H/HW/W-T Series User’ Guide 175 Chapter 14 Universa l Plug-and-Play (UPnP).
P-660H/HW/W-T Series User’ Guide Chapter 15 Logs Scree ns 176 C HAPTER 15 Logs Screens This chapter contains inform ation about configuring genera l log settings and viewing the Prestige’ s logs. Refer to the appendix for example log message explanations.
P-660H/HW/W-T Series User’ Guide 177 Chapter 15 Log s Screens Figure 84 Log Settings The following table describes the fields in this screen. Table 51 Log Settings LABEL DESCRIPTION Address Info Mail Server Enter the server name or the IP address of the mail server for the e-mail addresses specified below .
P-660H/HW/W-T Series User’ Guide Chapter 15 Logs Scree ns 178 15.3 Displaying the Logs Click Logs and then Vi e w L o g to open the Vi e w L o g s screen. Use the Vi e w L o g s screen to see the logs for the categorie s that you selected in the Log Settings screen (s ee Section 15.
P-660H/HW/W-T Series User’ Guide 179 Chapter 15 Log s Screens Figure 85 Vi ew Logs The following table describes the fields in this screen. 15.4 SMTP Error Messages If there are d iffic ulties in se nding e-mail th e following erro r messages ap pear .
P-660H/HW/W-T Series User’ Guide Chapter 15 Logs Scree ns 180 15.4.1 Example E-mail Log An "End of Log" message displays for each ma il in which a complete log has been sent. The following is an example of a log sent by e-mail. • Y ou may edit the subject title.
P-660H/HW/W-T Series User’ Guide 181 Chapter 15 Log s Screens.
P-660H/HW/W-T Series User’ Guide Chapter 16 M edia Bandwidth Managemen t Advanced Setup 182 C HAPTER 16 Media Bandwid th Management Advanced Setup This chapter describes bandwidth manage ment with one level of child class.
P-660H/HW/W-T Series User’ Guide 183 Chapter 16 Med ia Bandwidth Management Adva nced Setup bandwidth filter. Y ou can co nfigure up to one ba ndwidth filter per bandwid th class. Y o u can also configure bandwidth classes without bandwidth filters.
P-660H/HW/W-T Series User’ Guide Chapter 16 M edia Bandwidth Managemen t Advanced Setup 184 Figure 88 Subnet-based Bandwid th Managemen t Example 16.
P-660H/HW/W-T Series User’ Guide 185 Chapter 16 Med ia Bandwidth Management Adva nced Setup 16.5 Scheduler The scheduler divides up an interface’ s bandwi dth among the bandwidth classes. The Prestige has two types of schedule r: fair ness-based and priority-based.
P-660H/HW/W-T Series User’ Guide Chapter 16 M edia Bandwidth Managemen t Advanced Setup 186 16.6.2 Maximize Ba ndwid th Usage Example Here is an example of a Prestige that has ma xi mized bandwidth usage ena bled on an interface. The first figure shows each bandwidth class’ s ba ndwidth budget an d pr iority .
P-660H/HW/W-T Series User’ Guide 187 Chapter 16 Med ia Bandwidth Management Adva nced Setup Figure 91 Maximize Bandwidth Usage Example 16.7 Bandwid th Borrowing Bandwidth borrowing allows a child -c.
P-660H/HW/W-T Series User’ Guide Chapter 16 M edia Bandwidth Managemen t Advanced Setup 188 4 The Prestige assigns any remainin g unbudgeted bandwid th to traf fic that does not match any of the bandwidth classes. 16.8 The Main Media Bandwid th Management Screen Click Media Bandwidth Mgnt.
P-660H/HW/W-T Series User’ Guide 189 Chapter 16 Med ia Bandwidth Management Adva nced Setup Figure 93 Media Bandwid th Manageme nt: Summary The following table describes the labels in this screen. Table 56 Media Bandwid th Manag ement: Summary LABEL DESCRIPTION LAN WLAN WA N These read-only labels represent the physical inte rfaces.
P-660H/HW/W-T Series User’ Guide Chapter 16 M edia Bandwidth Managemen t Advanced Setup 190 16.10 Configuring Class Setup The class se tup screen displays the configured band width classes by individual interface. Select an interface and click the buttons to pe rform the actions describe d next.
P-660H/HW/W-T Series User’ Guide 191 Chapter 16 Med ia Bandwidth Management Adva nced Setup T o add a child class, click Media Bandwidth Management , then Class Setup . Click the Add Child-Class button to open th e following screen. Figure 95 Media Bandwid th Management: Class Configuration The following table describes the labels in this screen.
P-660H/HW/W-T Series User’ Guide Chapter 16 M edia Bandwidth Managemen t Advanced Setup 192 Active Select the check box to have the Presti ge use th is bandwidth filter when it performs bandwidth management. Service Y ou can select a pred efined serv ice instead of co nfiguring the Destination Port , Source Port and Protocol ID fields.
P-660H/HW/W-T Series User’ Guide 193 Chapter 16 Med ia Bandwidth Management Adva nced Setup 16.10.2 Media Bandwid th Management St atistics Use the Media Bandwidth Management S tatistics screen to view network performance information. Click the S tatistics button in the Class Setup sc reen to open the St a t i s t i c s screen.
P-660H/HW/W-T Series User’ Guide Chapter 16 M edia Bandwidth Managemen t Advanced Setup 194 16.1 1 Bandwid th Monitor T o view the Prestige’ s bandwidt h usage and allotments, click Media Bandwidth Management , then Monitor . The screen appears as shown.
P-660H/HW/W-T Series User’ Guide 195 Chapter 16 Med ia Bandwidth Management Adva nced Setup.
P-660H/HW/W-T Series User’ Guide Chapter 17 Maintenance 196 C HAPTER 17 Maintenance This chapter displays system information such as ZyNOS firmware, port IP addresses and port traffic statistics.
P-660H/HW/W-T Series User’ Guide 197 Chapter 17 Maintenance Figure 98 System S tatus The following table describes th e fields in this screen. Table 62 System S tatus LABEL DESCRIPTION System S t atus System Name This is the name of your Prestige. It is for identification purposes.
P-660H/HW/W-T Series User’ Guide Chapter 17 Maintenance 198 17.2.1 System St atistics Click Show S tatistics in the System S tatus screen to open the following screen. Rea d-only information here includes port status and packet specific statistics. Also provided are "system up time" and "poll interval(s)".
P-660H/HW/W-T Series User’ Guide 199 Chapter 17 Maintenance Figure 99 System S tatus: Show S tatistics The following table describes th e fields in this screen. Table 63 System S tatus: Show S tatistics LABEL DESCRIPTION System up T ime This is the elapsed time the system has been up.
P-660H/HW/W-T Series User’ Guide Chapter 17 Maintenance 200 17.3 DHCP T able Screen DHCP (Dynamic Host Configuration Protocol , RFC 2131 and RFC 2132) allows in dividual clients to obtain TCP/IP configuration at star t-up from a server . Y ou can configure the Prestige as a DHCP server or disable it.
P-660H/HW/W-T Series User’ Guide 201 Chapter 17 Maintenance 17.4 Any IP T able Screen Click Maintenance , Any IP . The Any IP table sho ws cu rrent read-only information (including the IP address and the MAC address) of all network devices that use the Any IP feature to communicat e with the Prestige.
P-660H/HW/W-T Series User’ Guide Chapter 17 Maintenance 202 Figure 102 Associa tion List The following table describes th e fields in this screen. 17.6 Diagnostic Screens These read-only screens display information to help you identify proble ms with the Prestige.
P-660H/HW/W-T Series User’ Guide 203 Chapter 17 Maintenance Figure 103 Diagnostic: General The following table describes th e fields in this screen. 17.
P-660H/HW/W-T Series User’ Guide Chapter 17 Maintenance 204 Figure 104 Diagnostic: DSL Line The following table describes th e fields in this screen. Table 68 Diagnostic: DSL Line LABEL DESCRIPTION Reset ADSL Line Click this button to reinitialize the ADSL line.
P-660H/HW/W-T Series User’ Guide 205 Chapter 17 Maintenance 17.7 Firmware Upgrade Find firmware at www .zyxel.com in a file that (usually) uses the system model name with a.bin extension, for example, "Prestige.bi n". The upload proce ss uses HTTP (Hypertext T ransfer Protocol) and may take up to two minu tes.
P-660H/HW/W-T Series User’ Guide Chapter 17 Maintenance 206 The Prestige automatically restarts in this time causing a temporary networ k disconnect.
P-660H/HW/W-T Series User’ Guide 207 Chapter 17 Maintenance.
P-660H/HW/W-T Series User’ Guide Chapter 18 Intro ducing the SMT 208 C HAPTER 18 Introducing the SMT This chapter explains how to access and na viga te the System Management T erminal and gives an overview of its menus.
P-660H/HW/W-T Series User’ Guide 209 Chapter 18 In troducing the SMT Figure 108 Login Screen 18.1.3 Prestige SMT Menus Overview The following table gi ves you an overview o f your Prestige’ s various SMT menus. Enter Password: **** Table 70 SMT Menus Overview MENUS SUB MENUS 1 General Setup 1 .
P-660H/HW/W-T Series User’ Guide Chapter 18 Intro ducing the SMT 210 18.2 Navigating the SMT Interface The SMT (System Manage ment T erminal) is the interface that you use to configure y our Prestige. Several operations that you should be fam iliar with before you a ttempt to modify the configuration are listed in the table below .
P-660H/HW/W-T Series User’ Guide 211 Chapter 18 In troducing the SMT After you enter the password, the SMT di splays the main menu, as shown next. 18.2.1 System Manage ment T erminal Interface Summary Entering information T ype in or press [SP ACE BAR], then press [ENTER].
P-660H/HW/W-T Series User’ Guide Chapter 18 Intro ducing the SMT 212 18.3 Changing the System Password Change the P restige defa u lt password by following the steps show n next. 1 Enter 23 in the main menu to display Menu 23 - System Securi ty . 2 Enter 1 to display Menu 23.
P-660H/HW/W-T Series User’ Guide 213 Chapter 18 In troducing the SMT Note: Note that as yo u type a password, th e screen displays an “ * ” for each character you type.
P-660H/HW/W-T Series User’ Guide Chapter 19 Menu 1 General Setup 214 C HAPTER 19 Menu 1 General Setup Menu 1 - General Setup contains administra tive an d system-related information. 19.1 General Setup Menu 1 — General Setup contains administrative and system-related information (shown next).
P-660H/HW/W-T Series User’ Guide 215 Chapter 19 Menu 1 General Setup Figure 1 10 Menu 1 General Setu p Fill in the required fields. Refer to the tabl e shown next for more information about these fields. 19.2.1 Procedure to Configure Dynamic DNS Note: If you have a private W AN IP address, then you cannot use dynamic DNS.
P-660H/HW/W-T Series User’ Guide Chapter 19 Menu 1 General Setup 216 Figure 1 1 1 Menu 1.1 Configure Dynamic DNS Follow the instructions in the next tabl e to configure dynamic DNS parameters. Menu 1.1 - Configure Dynamic DNS Service Provider= WWW.DynDNS.
P-660H/HW/W-T Series User’ Guide 217 Chapter 19 Menu 1 General Setup.
P-660H/HW/W-T Series User’ Guide Chapter 20 Menu 2 WAN Backup Setup 218 C HAPTER 20 Menu 2 W AN Backup Setup This chapter describes how to co nfigure traffic redirect and dial-backup using me nu 2 and 2.1. 20.1 Introduction to W AN Backup Setup This chapter explains how to configure the Pr estige for traf fic redirect and dial backup connections.
P-660H/HW/W-T Series User’ Guide 219 Chapter 20 Menu 2 WAN Backup Setup 20.2.1 T raffic Redirect Setup Configure parameters that determine when th e Prestige will forward W AN traffic to the backup gateway using Menu 2.1 — T raffic Redir ect Setup .
P-660H/HW/W-T Series User’ Guide Chapter 20 Menu 2 WAN Backup Setup 220 Metric Th is field sets this route's prio rity among the routes the Prestige uses. The metric represents the "cost of transm ission". A router determine s the best route for transmission by choosing a path with th e lowest "cost".
P-660H/HW/W-T Series User’ Guide 221 Chapter 20 Menu 2 WAN Backup Setup.
P-660H/HW/W-T Series User’ Guide Chapter 21 Menu 3 LAN Setup 222 C HAPTER 21 Menu 3 LAN Setup This chapter covers how to configure your wired Local Area Network (LAN) settings. 21.1 LAN Setup This section describes how to configure the Ethernet using Menu 3 — LAN Setup .
P-660H/HW/W-T Series User’ Guide 223 C hapter 21 Men u 3 LAN Setup 21.2 Protocol Dependent Ethernet Setup Depending on the proto cols for your applications, you need to configure the respectiv e Ethernet Setup, as outlined below . • TCP/IP Ethernet setup • Bridging Ethernet setup 21.
P-660H/HW/W-T Series User’ Guide Chapter 21 Menu 3 LAN Setup 224 Follow the instructions in the following table on how to configure th e DHCP fields. Follow the instructions in the following tabl e to configure TCP/IP parameters for the Ethernet port.
P-660H/HW/W-T Series User’ Guide 225 C hapter 21 Men u 3 LAN Setup.
P-660H/HW/W-T Series User’ Guide Chapter 22 Wireless LAN Setup 226 C HAPTER 22 W ireless LAN Setup This chapter covers how to configure wireless LAN settings in SMT menu 3.5 for P-660HW and P-660W . 22.1 Wireless LAN Overview Refer to the chapter on the wireless LAN scr eens for wireless LAN background information.
P-660H/HW/W-T Series User’ Guide 227 Chapter 22 Wirele ss LAN Setup 22.2.1 Wireless LAN MAC Address Filter The next layer of security is MAC address filter . T o allow a wireless st ation to associate with the Prestige, enter the MAC address of the wireless LAN ada pter on that wireless station in the MAC address table.
P-660H/HW/W-T Series User’ Guide Chapter 22 Wireless LAN Setup 228 Figure 1 18 Menu 3.5.1 WLAN MAC Addr ess Filtering The following table describes the fields in this menu.
P-660H/HW/W-T Series User’ Guide 229 Chapter 22 Wirele ss LAN Setup.
P-660H/HW/W-T Series User’ Guide Chapter 23 Internet Access 230 C HAPTER 23 Internet Access This chapter shows you how to configure the LAN and W AN of your Prestige for Intern et access .
P-660H/HW/W-T Series User’ Guide 231 Chapter 23 Internet Access Figure 1 19 IP Alias Network Example Use menu 3.2.1 to co nfigure IP Alias on your Prestige.
P-660H/HW/W-T Series User’ Guide Chapter 23 Internet Access 232 Figure 121 Menu 3.2.1 IP Alias Setup Follow the instructions in the following table to configure IP Alias parameters. 23.5 Route IP Setup The first step is to en able the IP routing in Menu 1 — General Setup .
P-660H/HW/W-T Series User’ Guide 233 Chapter 23 Internet Access Figure 122 Menu 1 General Setu p 23.6 Internet Access Configuration Menu 4 allows you to enter the Internet Access information in one screen. Menu 4 is actually a simplified setup for one of t he remote nodes that you can access in menu 1 1.
P-660H/HW/W-T Series User’ Guide Chapter 23 Internet Access 234 . If all your settings are correct your Prestige shou ld connect automatically to the Internet. If the connection fails, note the error message that you receive on the screen and take the appropriate troubleshooting steps.
P-660H/HW/W-T Series User’ Guide 235 Chapter 23 Internet Access.
P-660H/HW/W-T Series User’ Guide Chapter 24 Remot e Node Configur ation 236 C HAPTER 24 Remote Node Configuration This chapter covers remo te node configuration. 24.1 Remote Node Setup Overview This section describes the protocol-independent parameters for a remote node.
P-660H/HW/W-T Series User’ Guide 237 Chap ter 24 Remote Node Configuratio n Figure 124 Menu 1 1 Remote Node Setup 24.2.2 Encap sulation and Multiplexing Scenarios For Internet access you should use the encapsulation and multiple xing methods used by your ISP .
P-660H/HW/W-T Series User’ Guide Chapter 24 Remot e Node Configur ation 238 Figure 125 Menu 1 1.1 Remote Node Profile In Menu 1 1.1 – Remote Node Profile , fill in the fields as describ ed in the following table.
P-660H/HW/W-T Series User’ Guide 239 Chap ter 24 Remote Node Configuratio n 24.2.3 Outgoing Au thentication Protocol For obvious reasons, you sho uld employ the strongest authentication protocol possible. However , some v endors’ implementation includ es specific authentication protocol in the user profile.
P-660H/HW/W-T Series User’ Guide Chapter 24 Remot e Node Configur ation 240 24.3 Remote Node Network Layer Options For the TCP/IP parameters, perf orm the following steps to edit Menu 1 1.3 – Remote Node Network Layer Options as shown next. 1 In menu 1 1.
P-660H/HW/W-T Series User’ Guide 241 Chap ter 24 Remote Node Configuratio n 24.3.1 My W AN Addr Sample IP Addresses The following figure uses sample IP addresses to help yo u understand the field of My W AN Addr in menu 1 1.3. My W AN Addr indicates the local Prestige W AN IP (172.
P-660H/HW/W-T Series User’ Guide Chapter 24 Remot e Node Configur ation 242 Figure 127 Sample IP Addresses for a TC P/IP LAN-to-LAN Connection 24.4 Remote Node Filter Move the cu rs or to the Edit Filter Sets field in menu 1 1.1, then press [SP ACE BAR] to select Ye s .
P-660H/HW/W-T Series User’ Guide 243 Chap ter 24 Remote Node Configuratio n Figure 129 Menu 1 1.5 Remote Node Filter (PPPoA or PPPoE Encapsulation) 24.5 Editing A TM Layer Options Follow the steps shown next to edit Menu 1 1.6 – Remote Node A TM Layer Options .
P-660H/HW/W-T Series User’ Guide Chapter 24 Remot e Node Configur ation 244 Figure 131 Menu 1 1.6 for LLC-based Multip lexing or PPP Encapsulation In this case, only one set of VPI and VCI numb ers need be specified for all protocols.
P-660H/HW/W-T Series User’ Guide 245 Chap ter 24 Remote Node Configuratio n Figure 133 Menu 1 1.8 Advance Setup Optio ns The following table describes the fields in this menu. Menu 11.8 - Advance Se tup Options PPPoE pass-through= No Press ENTER to Confirm or ESC to Cancel: T able 86 Menu 1 1.
P-660H/HW/W-T Series User’ Guide Chapter 25 Static Route Setup 246 C HAPTER 25 S t atic Route Setup This chapter shows how to setup IP static routes. 25.1 IP S t atic Route Overview Stat ic routes tell the Prestige ro uting information that i t cann ot learn automatically through other means.
P-660H/HW/W-T Series User’ Guide 247 Chapter 25 Static Route Setup Figure 135 Menu 12 S tatic Route Setup From menu 12, select 1 to open Menu 12.1 — IP S tatic Route Setup (shown next). Figure 136 Menu 12.1 IP S tatic Route Setu p Now , type the route number of a st atic route you want to configure.
P-660H/HW/W-T Series User’ Guide Chapter 25 Static Route Setup 248 The following table describes the fields for Menu 12.1.1 – Edit IP S tatic Route Setup . T able 87 Menu12.1.1 Edit IP S t atic Route FIELD DESCRIPTION Route # This is the index number of the stat ic route that you chose in menu 12.
P-660H/HW/W-T Series User’ Guide 249 Chapter 25 Static Route Setup.
P-660H/HW/W-T Series User’ Guide Chapter 26 Bridgin g Setup 250 C HAPTER 26 Bridging Setup This chapter shows you how to configure the bridgin g parameters of your Prestig e.
P-660H/HW/W-T Series User’ Guide 251 Chapter 26 Bridging Setup Figure 138 Menu 1 1.1 Remote Node Profile 3 Move the cursor to the Edit IP/Bridge field, then press [ SP ACE BAR ] to set the value to Ye s and pres s [ENTER] to edit Menu 1 1.3 – Remote Node Network Layer Options .
P-660H/HW/W-T Series User’ Guide Chapter 26 Bridgin g Setup 252 26.2.2 Bridge St atic Route Setup Similar to network layer static routes, a bridging static route tells the Prestige the route to a node before a conn ection is established. Y ou c onfigure b ridge static routes in menu 12.
P-660H/HW/W-T Series User’ Guide 253 Chapter 26 Bridging Setup.
P-660H/HW/W-T Series User’ Guide Chapter 27 Network Address Translation (NAT) 254 C HAPTER 27 Network Address T ranslation (NA T) This chapter discusses how to configure NA T on the Prestige. 27.1 Using NA T Y ou must create a firewall rule in addition to setting up SUA/NA T , to allow traffic from the W AN to be forwarded through the Prestige.
P-660H/HW/W-T Series User’ Guide 255 Chapter 27 Network Address Transla tion (NAT) Figure 141 Menu 4 Applying NA T for Internet Access The following figure shows how you ap ply NA T to the remote node in menu 1 1.
P-660H/HW/W-T Series User’ Guide Chapter 27 Network Address Translation (NAT) 256 27.3 NA T Setup Use the address mapping sets me nus and submenus to create the mapping table used to assign global addresses to computers on the LAN. Set 255 is used for SUA.
P-660H/HW/W-T Series User’ Guide 257 Chapter 27 Network Address Transla tion (NAT) Figure 144 Menu 15.1 Addr ess Mapping Sets 27.3.1.1 SUA Address Mapping Set Enter 255 to display th e next screen (see also Sect ion 27.1.1 on page 254 ). The fields in this menu cannot be changed.
P-660H/HW/W-T Series User’ Guide Chapter 27 Network Address Translation (NAT) 258 27.3.1.2 User-Defined Address Mapping Set s Now let’ s look at option 1 in menu 15.1. Enter 1 to bring up this menu. W e’ll just look at the differences from the previous menu.
P-660H/HW/W-T Series User’ Guide 259 Chapter 27 Network Address Transla tion (NAT) 27.3.1.3 Ordering Y our Rules Ordering your rules is important because the Pr estige applies the rules in the order that you specify . When a rule matches the current pack e t, the Prestige takes the corresponding action and the remaining rules are ignored.
P-660H/HW/W-T Series User’ Guide Chapter 27 Network Address Translation (NAT) 260 The following table explains the fields in t his menu. 27.4 Configuring a Server behind NA T Follow these steps to config ure a server behind NA T : 1 Enter 15 in the main menu to go to Menu 15 - NA T Setup .
P-660H/HW/W-T Series User’ Guide 261 Chapter 27 Network Address Transla tion (NAT) Figure 149 Menu 15.2.1 NA T Server Setup 4 Enter a port number in an unused St a r t P o r t N o field. T o forward only one port, enter it again in the End Port No field.
P-660H/HW/W-T Series User’ Guide Chapter 27 Network Address Translation (NAT) 262 27.5.1 Example 1: Internet Access Only In the following Internet access example, you only need one rule where your ILAs (Inside Local addresses) all map to one dynamic IGA (In side Global Address) assigned by your ISP .
P-660H/HW/W-T Series User’ Guide 263 Chapter 27 Network Address Transla tion (NAT) Figure 153 NA T Example 2 In this case, you do exactly as above (use the convenient pre-configured SUA Only set) and also go to menu 15.2 to specify the Inside Server behind the NA T as shown in the next figure.
P-660H/HW/W-T Series User’ Guide Chapter 27 Network Address Translation (NAT) 264 Map the other outgoing LAN traffic to IGA3 ( Many : 1 mapping). Y ou also map your third IGA to the web serv er and mail server on the LAN. T ype Server allows you to specify multiple se rvers, of dif ferent types, to other computers behind NA T on the LAN.
P-660H/HW/W-T Series User’ Guide 265 Chapter 27 Network Address Transla tion (NAT) Figure 156 Example 3: Menu 1 1.3 The following figures show how to configure the first rule Figure 157 Example 3: Menu 15.
P-660H/HW/W-T Series User’ Guide Chapter 27 Network Address Translation (NAT) 266 Figure 158 Example 3: Final Menu 15.1.1 Now configure the IGA3 to map to our web server and mail server on the LAN. 1 Enter 15 from the main menu. 2 Enter 2 in Menu 15 - NA T Setup .
P-660H/HW/W-T Series User’ Guide 267 Chapter 27 Network Address Transla tion (NAT) 27.5.4 Example 4: NA T Unfr iendly Application Programs Some applications do not support NA T Mapping using TCP or UDP port address translation.
P-660H/HW/W-T Series User’ Guide Chapter 27 Network Address Translation (NAT) 268 Figure 162 Example 4: Menu 15.1.1 Address Map ping Rules Menu 15.1.1 - Address Mapping Rules Set Name= Example4 Idx Local Start IP Local End IP Global Start IP G lobal End IP Type --- --------------- ------------ --------------- --------------- ---- 1.
P-660H/HW/W-T Series User’ Guide 269 Chapter 27 Network Address Transla tion (NAT).
P-660H/HW/W-T Series User’ Guide Chapter 28 Enabling the Firewall 270 C HAPTER 28 Enabling the Firewall This chapter shows you how to get started with the Prestige firewall.
P-660H/HW/W-T Series User’ Guide 271 Chapte r 28 Enabling the Firew all Figure 163 Menu 21.2 Firewa ll Setup Use the we b configura tor or the co mmand in terpreter to confi gure the firewall rules Menu 21.2 - Firewall Setup The firewall protects against Denial of Service (DOS) attacks w hen it is active.
P-660H/HW/W-T Series User’ Guide Chapter 29 Filter Configuration 272 C HAPTER 29 Filter Configuration This chapter shows you how to create and apply filters. 29.1 About Filtering Y our Prestige uses filters to deci de whether or not to allow passage of a data packet and/or to make a call.
P-660H/HW/W-T Series User’ Guide 273 Chapter 29 Filter Configuration Figure 165 Filter Rule Process Y ou can apply up to four filter sets to a partic ular port to block various types of packets. Because each filter set can have up to six rules, you can have a maximum of 24 rules active for a single port.
P-660H/HW/W-T Series User’ Guide Chapter 29 Filter Configuration 274 29.2 Configuring a Filter Set for the Prestige T o configure a filte r set, follow the steps shown next. 1 Enter 21 in the main menu to display Menu 21 – Filter and Fir ewall Setup .
P-660H/HW/W-T Series User’ Guide 275 Chapter 29 Filter Configuration Figure 168 NetBIOS_LAN Filter Rules Summary Figure 169 IGMP Filter Rules Summary 29.3 Filter Rules Summary Menus The following tables briefly descri be the abbreviations used in menus 21.
P-660H/HW/W-T Series User’ Guide Chapter 29 Filter Configuration 276 The protocol dependent filter rules abbreviation are listed as follows: 29.4 Configuring a Filter Rule T o configure a filter rule , type its number in Menu 21.1.x – Filter Rules Summary and press [ENTER] to open menu 21.
P-660H/HW/W-T Series User’ Guide 277 Chapter 29 Filter Configuration 29.4.1 TCP/IP Filter Rule This section shows you how to configure a TCP/IP filter rule. TCP/IP rules allow you to base the rule on the fiel ds in the IP and the up per layer protocol, for example, UDP and TCP headers.
P-660H/HW/W-T Series User’ Guide Chapter 29 Filter Configuration 278 The following figure illustrates th e logic flow of an IP filter. Port # T ype the destination po rt of the packets you want to filter . The field range is 0 to 65535. A 0 field i s ignored.
P-660H/HW/W-T Series User’ Guide 279 Chapter 29 Filter Configuration Figure 171 Executing an IP Filter 29.4.2 Generic Filter Rule This section shows you how to co nfigure a generic filter rule. The purpose of generic rules is to allow you to filter non-IP packets.
P-660H/HW/W-T Series User’ Guide Chapter 29 Filter Configuration 280 For generic rules, the Prestige treats a packe t as a byte stream as opposed to an IP packet. Y ou specify the portion of the packet to check with the Offset (from 0) and the Length fields, both in bytes.
P-660H/HW/W-T Series User’ Guide 281 Chapter 29 Filter Configuration 29.5 Filter T ypes and NA T There are two classes of filter rules, Generic Filter Device rules and Protocol Filter ( TCP/IP ) rules. Generic Filter rules act on the raw data from/ to LAN and W AN.
P-660H/HW/W-T Series User’ Guide Chapter 29 Filter Configuration 282 Figure 174 Sample T elnet Filter 1 Enter 1 in the menu 21 to display Menu 21. 1 — Filter Set Configuration . 2 Enter the index number of th e filter set you want to configure (in this case 6) .
P-660H/HW/W-T Series User’ Guide 283 Chapter 29 Filter Configuration 2 Go to the Edit Filter Sets field, press [SP ACE BAR] to choose Ye s and press [ENTER]. This brings you to menu 1 1.5. Apply the example filter set (for example, filter set 3) in this menu as shown in the next section.
P-660H/HW/W-T Series User’ Guide Chapter 29 Filter Configuration 284 29.7.1 Ethernet T raffic Y ou seldom need to filter Ethernet traffic; however , the filter sets may be useful to block certain packets, reduce traffic and prevent secur ity breaches.
P-660H/HW/W-T Series User’ Guide 285 Chapter 29 Filter Configuration.
P-660H/HW/W-T Series User’ Guide Chapter 30 SNMP Configuration 286 C HAPTER 30 SNMP Configuration This chapter explains SNMP Configuration menu 22. 30.1 About SNMP Simple Network Management Protocol (SNM P) i s a protocol u sed for ex changing management information b etween network devices.
P-660H/HW/W-T Series User’ Guide 287 Chapter 30 SNMP Configuration The managed devices cont ain object variables/ managed objects that define each piece of information to be collected ab out a device. Examples of vari ables include the number of packets received, node port status etc.
P-660H/HW/W-T Series User’ Guide Chapter 30 SNMP Configuration 288 Figure 180 Menu 22 SNMP Configurat ion The following table describes the SNMP configuration parameters.
P-660H/HW/W-T Series User’ Guide 289 Chapter 30 SNMP Configuration The port number is its interface index under the interface group. 5 authenticationFailure ( defined in RFC-1215 ) A trap is sent to the manager when receiving any SNMP gets or set s requirements with wrong community (password).
P-660H/HW/W-T Series User’ Guide Chapter 31 System Security 290 C HAPTER 31 System Security This chapter describes how to configur e the system security on the Prestige. 31.1 System Security Y ou can configure the system password. 31.1.1 System Password Enter 23 in the main menu to display Menu 23 – System Security .
P-660H/HW/W-T Series User’ Guide 291 Chapter 31 Syst em Security Figure 182 Menu 23.2 System Security: RADIUS Server The following table describes the fields in this menu. Menu 23.2 - System Security - RADIUS Server Authentication Server: Active= No Server Address= 10.
P-660H/HW/W-T Series User’ Guide Chapter 31 System Security 292 31.1.3 IEEE 802.1x The IEEE 802.1x standards outline enhanced security methods for both the authentication of wireless stations and en cryption key managemen t. Follow the steps below to enable EA P authentication on your Prestige.
P-660H/HW/W-T Series User’ Guide 293 Chapter 31 Syst em Security T able 103 Menu 23.4 System Security: IEEE 802.1x FIELD DESCRIPTION Wireless Port Control Press [SP ACE BAR] and select a securi ty mode for the wireless LAN access.
P-660H/HW/W-T Series User’ Guide Chapter 31 System Security 294 Once you enable user authenticatio n, you need to specify an exte rnal RADIUS server or create local user accounts on the Prestige for authentication.
P-660H/HW/W-T Series User’ Guide 295 Chapter 31 Syst em Security Figure 185 Menu 14 Dial-in User Setup 2 T ype a number and press [ENTER] to edit the user profile. Figure 186 Menu 14.1 Edit Dial-in User The following table describes the fields in this menu.
P-660H/HW/W-T Series User’ Guide Chapter 32 System Inform ation and Diagnosis 296 C HAPTER 32 System Information and Diagnosis This chapter covers the information and diag nostic tools in SMT menus 24.
P-660H/HW/W-T Series User’ Guide 297 Chapter 32 System Information and Diagnosis The following table describes the fields present in Menu 24.1 — System Maintenance — St a t u s which are read-only and meant for diagnostic purp oses. Figure 188 Menu 24.
P-660H/HW/W-T Series User’ Guide Chapter 32 System Inform ation and Diagnosis 298 32.3 System Information T o get to the System Information: 1 Enter 24 to display Menu 24 — System Maintenance . 2 Enter 2 to display Menu 24.2 — System In form ation and Console Port Speed .
P-660H/HW/W-T Series User’ Guide 299 Chapter 32 System Information and Diagnosis Figure 190 Menu 24.2.1 System Maintenance: In formation The following table describes the fields in this menu. 32.3.2 Console Port Speed Note: The console port is intern al and reserved for technician use only .
P-660H/HW/W-T Series User’ Guide Chapter 32 System Inform ation and Diagnosis 300 Figure 191 Menu 24.2.2 System Maintenance : Chang e Console Port S peed Once you change the Prestige console po rt speed , you must also set the speed parameter for the communication software you are using to connect to the Prestige.
P-660H/HW/W-T Series User’ Guide 301 Chapter 32 System Information and Diagnosis Figure 193 Sample Error an d Informat ion Messages 32.4.2 Syslog and Accounting The Prestige uses the syslog fa cility to log the CDR (Call Deta il Record) and system messages to a syslog server.
P-660H/HW/W-T Series User’ Guide Chapter 32 System Inform ation and Diagnosis 302 Figure 195 Syslog Example 1 - CDR SdcmdSyslogSend ( SYSLOG_CDR, SYSLOG _INFO, String); String = board xx line xx cha.
P-660H/HW/W-T Series User’ Guide 303 Chapter 32 System Information and Diagnosis 32.5 Diagnostic The diagnostic facility allows you to test the di f ferent aspects of your Prestige to determine if it is working properly .
P-660H/HW/W-T Series User’ Guide Chapter 32 System Inform ation and Diagnosis 304 The following table describes the diagnostic tests available in menu 24.4 for and the connections. T able 108 Menu 24.4 System Maintenance Menu: Diagnostic FIELD DESCRIPTION Reset xDSL R e-initialize the xDSL link to the tel ephone company .
P-660H/HW/W-T Series User’ Guide 305 Chapter 32 System Information and Diagnosis.
P-660H/HW/W-T Series User’ Guide Chapter 33 Firmware and Confi guration File Maintenance 306 C HAPTER 33 Firmware and Configuration File Maintenance This chapter tells y ou how to backup and restor e your configuration file as well as upload new firmware and configuration files.
P-660H/HW/W-T Series User’ Guide 307 Chapter 33 Firmware and Con figuration File Maintenance The following table is a summary . Please note that the internal filename refe rs to the filename on the .
P-660H/HW/W-T Series User’ Guide Chapter 33 Firmware and Confi guration File Maintenance 308 Figure 197 T elnet in Menu 24.5 33.2.2 Using the FTP Command from the Comman d Line 1 Launch the FTP client on your computer . 2 Enter “ open ”, followed by a space and the IP address of your Prestige.
P-660H/HW/W-T Series User’ Guide 309 Chapter 33 Firmware and Con figuration File Maintenance Figure 198 FTP Session Example 33.2.4 GUI-based FTP Clients The following table describes some of the commands that you may see in GUI-based FTP clients. 33.
P-660H/HW/W-T Series User’ Guide Chapter 33 Firmware and Confi guration File Maintenance 310 33.2.6 Backup Configuration Using TFTP The Prestige support s the up/downloading of the firmware and the configuration file using TFTP (T rivial File T ransfer Protocol) over LA N.
P-660H/HW/W-T Series User’ Guide 311 Chapter 33 Firmware and Con figuration File Maintenance Refer to Section 33.2.5 on page 309 to read about configurations that disallow TFTP and FTP over W AN. 33.3 Restore Configuration This section shows you how to restore a previ ously saved configuration.
P-660H/HW/W-T Series User’ Guide Chapter 33 Firmware and Confi guration File Maintenance 312 Figure 199 T elnet into Menu 24.6 1 Launch the FTP client on your computer . 2 Enter “ open ”, followed by a space and the IP address of your Prestige. 3 Press [ENTER] when prompted for a username.
P-660H/HW/W-T Series User’ Guide 313 Chapter 33 Firmware and Con figuration File Maintenance 33.4 Uploading Firmware and Configuration Files This section shows you how to upload firmware and configuratio n files. Y ou can upload configuration files by following the procedure in Section 33.
P-660H/HW/W-T Series User’ Guide Chapter 33 Firmware and Confi guration File Maintenance 314 Figure 202 T elnet Into Menu 24.7.2 System Maintenance T o upload the firmware and the configuration file, follow these examples 33.4.3 FTP File Upload Comman d from the DOS Prompt Example 1 Launch the FTP client on your computer .
P-660H/HW/W-T Series User’ Guide 315 Chapter 33 Firmware and Con figuration File Maintenance 33.4.4 FTP Session Exampl e of Firmware File Upload Figure 203 FTP Session Example of Firmware File Upload More commands (found in GUI-based FTP clie nts) are listed earlier in this chapter .
P-660H/HW/W-T Series User’ Guide Chapter 33 Firmware and Confi guration File Maintenance 316 33.4.6 TFTP Upload Command Example The following is an example TFTP command: tftp [-i] host put firmware.
P-660H/HW/W-T Series User’ Guide 317 Chapter 33 Firmware and Con figuration File Maintenance.
P-660H/HW/W-T Series User’ Guide Chapter 34 System Maintenance 318 C HAPTER 34 System Maintenance This chapter leads you through SM T menus 24.8 to 24. 10. 34.1 Command Interpreter Mode The Command Interpreter (CI) is a part of the ma in system firmware.
P-660H/HW/W-T Series User’ Guide 319 Chapter 34 Syst em Maint enance 34.2 Call Control Support Call Control Support is only applicable when Encapsulation is set to PPPoE in menu 4 or menu 1 1.1. The budget management func tion allows you to set a limit on the total outgoing call time of the Prestige within certain times.
P-660H/HW/W-T Series User’ Guide Chapter 34 System Maintenance 320 Figure 207 Menu 24.9.1 System Maintenance: Budg et Management The total budget is the time li mit on the accumulated time for ou tgoing calls to a remo te node. When this limit is reached, th e call will be dropped and further outgoing calls to that remote node will be blocked.
P-660H/HW/W-T Series User’ Guide 321 Chapter 34 Syst em Maint enance Figure 208 Menu 24 System Maintenance Then enter 10 to go to Menu 24.10 System Maintenance Time and Date S etting to update the time and date settings of your Pres tige as shown in th e following screen.
P-660H/HW/W-T Series User’ Guide Chapter 34 System Maintenance 322 34.3.1 Resetting the T ime • The Prestige resets the time in three instances: • On leaving menu 24.10 after making changes. • When the Prestige starts up, if there is a timeserver co nfigured in menu 24.
P-660H/HW/W-T Series User’ Guide 323 Chapter 34 Syst em Maint enance.
P-660H/HW/W-T Series User’ Guide Chapter 35 Remo te Management 324 C HAPTER 35 Remote Management This chapte r covers re mote mana gement (SM T menu 24. 11). 35.1 Remote Management Overview Remote management allows you to determ ine which services/protocols can access which Prestige interface (if any) from which computers.
P-660H/HW/W-T Series User’ Guide 325 Chapter 35 Remote Manageme nt Figure 210 Menu 24.1 1 Re mote Mana gement Co ntrol The following table describes the fields in this menu. 35.2.2 Remote Management Limit ations Remote management over LAN or W AN will not work when: • A filter in menu 3.
P-660H/HW/W-T Series User’ Guide Chapter 35 Remo te Management 326 35.3 Remote Management and NA T When NA T is en abled: • Use the Prestige’ s W AN IP address when configuring from the W AN. • Use the Prestige’ s LAN IP address when configuring from the LAN.
P-660H/HW/W-T Series User’ Guide 327 Chapter 35 Remote Manageme nt.
P-660H/HW/W-T Series User’ Guide Chapter 36 IP Policy Routing 328 C HAPTER 36 IP Policy Routing This chapter covers setting and appl ying policies used for IP routing. 36.1 IP Policy Routing Overview T raditionally , routing is based on the destinatio n address only and the IAD takes the shortest path to forward a packet.
P-660H/HW/W-T Series User’ Guide 329 Chapter 36 IP Policy Routing • routing the packet to a different gate way (and hence the outgoing interface). • setting the TO S and precedence fields in the IP header . IPPR follows the existing packet filtering facility of RAS in st yle and in impl ementation.
P-660H/HW/W-T Series User’ Guide Chapter 36 IP Policy Routing 330 Figure 212 Menu 25.1 IP Routing Po licy Setup T ype a number from 1 to 6 to display Menu 25.1.1 – IP Routing Policy (see the next figure). This menu allows you to configure a policy rule.
P-660H/HW/W-T Series User’ Guide 331 Chapter 36 IP Policy Routing Figure 213 Menu 25.1.1 IP Routing Policy The following table describes the fields in this menu.
P-660H/HW/W-T Series User’ Guide Chapter 36 IP Policy Routing 332 36.5 Applying an IP Policy This section shows yo u where to apply the IP policies after you design them. 36.5.1 Ethernet IP Policies From Menu 3 — Ethernet Setup , type 2 to go to Menu 3 .
P-660H/HW/W-T Series User’ Guide 333 Chapter 36 IP Policy Routing Figure 214 Menu 3.2 TCP/IP and DHCP Ethernet Se tup Go to menu 1 1.3 (shown next) and type the number(s) of the IP Rout ing Policy set( s) as appropriate. Y ou ca n cascade up to four polic y sets by typing their numbers separated by commas.
P-660H/HW/W-T Series User’ Guide Chapter 36 IP Policy Routing 334 Route 1 represents the default IP route and route 2 represents the configured IP route. Figure 216 Example of IP Policy Routing T o force packets coming from clients with IP addresses of 192.
P-660H/HW/W-T Series User’ Guide 335 Chapter 36 IP Policy Routing Figure 217 IP Routing Policy Example 1 Check Menu 25.1 — IP Routing Policy S etup to see if the rule is added correctly . 2 Create another policy set in menu 25. 3 Create a rule in menu 25.
P-660H/HW/W-T Series User’ Guide Chapter 36 IP Policy Routing 336 Figure 218 IP Routing Policy Example 4 Check Menu 25.1 — IP Routing Policy S etup to see if the rule is added correctly . 5 Apply both policy sets in menu 3.2 as sh own next. Figure 219 Applying IP Policies Example Menu 25.
P-660H/HW/W-T Series User’ Guide 337 Chapter 36 IP Policy Routing.
P-660H/HW/W-T Series User’ Guide Chapter 37 Call Scheduling 338 C HAPTER 37 Call Scheduling Call scheduling (applicable for PPPoA or PPPoE encapsulati on only) allows you to dictate when a remote node sho uld be called and for how long.
P-660H/HW/W-T Series User’ Guide 339 Chapter 37 Call Scheduling T o setup a schedule set, select the sc hedule set you want to setu p from menu 26 (1 -12) and press [ENTER] to see Menu 26.1 — Schedule Set Setup as shown next. Figure 221 Menu 26.1 Schedule Set Setup If a connection has been already established, your Prestige will not drop it.
P-660H/HW/W-T Series User’ Guide Chapter 37 Call Scheduling 340 Once your schedule sets are conf igured , you must then apply them to the desired remote node(s).
P-660H/HW/W-T Series User’ Guide 341 Chapter 37 Call Scheduling.
P-660H/HW/W-T Series User’ Guide Chapter 38 Troubleshooting 342 C HAPTER 38 T roubleshooting This chapter covers potential proble ms and the corresponding remed ies.
P-660H/HW/W-T Series User’ Guide 343 Chapter 38 Troublesh ooting 38.3 Problems with the W AN Table 120 Troubleshooting the WAN PROBLEM CORRECTIVE ACTION The DSL LED is off. Check the telephone wire and connections betwee n the Prestige DSL port and the wall jack.
P-660H/HW/W-T Series User’ Guide Chapter 38 Troubleshooting 344 38.4 Problems Accessing the Prestige 38.4.1 Pop-up Windows, Ja vaScript s and Java Permissions In order to use the web configurator you need to allow: • W eb browser pop-up windows from you r device.
P-660H/HW/W-T Series User’ Guide 345 Chapter 38 Troublesh ooting Figure 223 Pop-up Blocker Y ou can also chec k if pop-up blocking is disable d in the Pop-up Blocker section in the Privacy tab. 1 In Internet Explorer , select To o l s , Internet Options , Privacy .
P-660H/HW/W-T Series User’ Guide Chapter 38 Troubleshooting 346 Figure 225 Internet Options 3 T ype the IP address of your device (the we b page that you do not want to have blocked) with the prefix “http://”. For example, http://192.168.1.1. 4 Click Add to move the IP address to the list of Allowed sites .
P-660H/HW/W-T Series User’ Guide 347 Chapter 38 Troublesh ooting Figure 226 Pop-up Blocker Settings 5 Click Close to return to the Privacy screen. 6 Click Apply to save this setting. 38.4.1.2 JavaScript s If pages of the web configura tor do not display properly in Internet Explorer, check that JavaScripts are allowed.
P-660H/HW/W-T Series User’ Guide Chapter 38 Troubleshooting 348 Figure 227 Internet Options 2 Click the Custom Level... button. 3 Scroll down to Scripting . 4 Under Active scripting make sure that Enable is selected (the default). 5 Under Scripting of Java applets make sure that Enable is sele cted (the default).
P-660H/HW/W-T Series User’ Guide 349 Chapter 38 Troublesh ooting Figure 228 Security Settings - Java Scripting 38.4.1.3 Java Permissions 1 From Internet Explorer , click To o l s , Internet Options and then the Security tab. 2 Click the Custom Level.
P-660H/HW/W-T Series User’ Guide Chapter 38 Troubleshooting 350 Figure 229 Security Settings - Java 38.4.1.3.1 JA V A (Sun) 1 From Internet Explorer , click To o l s , Internet Options and then the Ad vanced tab. 2 make sure that Use Java 2 for <applet> u nder Java (Sun) is selected.
P-660H/HW/W-T Series User’ Guide 351 Chapter 38 Troublesh ooting Figure 230 Java (Sun) 38.4.2 ActiveX Controls in Internet Explorer If ActiveX is disabled, you will not be able to download ActiveX cont rols or to use T rend Micro Security Services. Make sure that ActiveX controls are allowed in Internet Explorer .
P-660H/HW/W-T Series User’ Guide Chapter 38 Troubleshooting 352 Figure 231 Internet Options Security 3 Scroll down to ActiveX controls and plug-ins . 4 Under Download signed ActiveX controls select the Prompt radio button. 5 Under Run ActiveX controls and plug-ins make sure the Enable radio button is selected.
P-660H/HW/W-T Series User’ Guide 353 Chapter 38 Troublesh ooting Figure 232 Security Setting ActiveX Controls.
P-660H/HW/W-T Series User’ Guide Appendix A 354 Appendix A Product S pecifications See also the Introduction ch apter for a general overv iew of the key featur es. S pecification T ables Table 122 Device Default IP Address 192.168.1 .1 Default Subnet Mask 255.
P-660H/HW/W-T Series User’ Guide 355 Appendix A Table 123 Firmware ADSL S t andards Multi-Mode standard (ANSI T1.413,Issu e 2; G .dmt(G .992.1); G .lite(G992.
P-660H/HW/W-T Series User’ Guide Appendix A 356 Firewall S tateful Packet Inspection. Prevent Denial of Service attacks such as Ping of Death, SYN Flood, LAND, Smurf etc .
P-660H/HW/W-T Series User’ Guide 357 Appendix A.
P-660H/HW/W-T Series User’ Guide Appendix B 358 A PPENDIX B W all-mounting Instructions Do the following to hang your Prestige on a wall. Note: See the product specifications appe ndix for the size of screws to use and how far apart to place them. 1 Locate a high posit ion on wall that is free of ob structions.
P-660H/HW/W-T Series User’ Guide 359 Appendix B.
P-660H/HW/W-T Series User’ Guide Appendix C 360 Appendix C Setting up Y our Computer ’ s IP Address All computers must have a 10M or 100M Et hernet adapter card and TCP/IP installed.
P-660H/HW/W-T Series User’ Guide 361 Appendix C Figure 233 WIndows 95/98 /Me: Networ k: Configura tion Inst alling Component s The Network window Configuration tab displays a list of installed components. Y ou need a network adapter , the TCP/IP protocol and Client for Microso ft Networks.
P-660H/HW/W-T Series User’ Guide Appendix C 362 3 Select Microsoft from the list of manufacturers. 4 Select Client for Microsoft Networks from the list of network clients and then click OK . 5 Restart your computer so the changes you made take ef fect.
P-660H/HW/W-T Series User’ Guide 363 Appendix C Figure 235 Windows 95/98/Me : TCP/IP Pr operties: DNS Configuration 4 Click the Gateway tab. • If you do not know your gateway’ s IP address, remove previously installed gateways. • If you have a gateway IP address, type it in the New gateway field and click Add .
P-660H/HW/W-T Series User’ Guide Appendix C 364 Figure 236 Windows XP: S tart Menu 2 In the Control Panel , double-click Network Connections ( Network and Dial-up Connections in W indows 2000/NT). Figure 237 Windows XP: Control Panel 3 Right-click Local Area Connection and then click Pr operties .
P-660H/HW/W-T Series User’ Guide 365 Appendix C Figure 238 Windows XP: Control Panel: Network Connections: Pro perties 4 Select Internet Protocol (TCP/IP) (under the Genera l tab in W in XP) and then click Properties .
P-660H/HW/W-T Series User’ Guide Appendix C 366 • Click Advanced . Figure 240 Windows XP: Internet Protocol (TCP/IP) Propert ies 6 If you do not know your gateway's IP address, remove any previously installed gateways in the IP Settings tab and click OK .
P-660H/HW/W-T Series User’ Guide 367 Appendix C Figure 241 Windows XP: Advanced TCP/IP Properties 7 In the Internet Protocol TCP/IP Pr operties window (the General tab in W indows XP): • Click Obtain DNS server address automatically if you do not know your DNS server IP address(es).
P-660H/HW/W-T Series User’ Guide Appendix C 368 Figure 242 Windows XP: Internet Protocol (TCP/IP) Propert ies 8 Click OK to close the Internet Protocol (TCP/IP) Pr operties window . 9 Click Close ( OK in W indows 2000/NT) to close the Local Area Connection Pr operties window .
P-660H/HW/W-T Series User’ Guide 369 Appendix C Figure 243 Macintosh OS 8/9: Apple Menu 2 Select Ethernet built-in from the Connect via list. Figure 244 Macintosh O S 8/9: TC P/IP 3 For dynamically assigned settings, select Using DHCP Server from the Configur e: list.
P-660H/HW/W-T Series User’ Guide Appendix C 370 4 For statically assigned settings, do the following: •F r o m t h e Configure box, select Manually . • T ype your IP address in the IP Address bo x. • T ype your subnet mask in the Subnet mask box.
P-660H/HW/W-T Series User’ Guide 371 Appendix C Figure 246 Macintosh O S X: Netw ork 4 For statically assigned settings, do the following: •F r o m t h e Configure box, select Manually . • T ype your IP address in the IP Address bo x. • T ype your subnet mask in the Subnet mask box.
P-660H/HW/W-T Series User’ Guide Appendix C 372 Note: Make sure you are logged in as the ro ot administrator . Using the K Desktop Environment (KDE) Follow the steps below to configure your computer IP address using the KDE. 1 Click the Red Hat button (located on the bottom left corner), select System Setting and click Network .
P-660H/HW/W-T Series User’ Guide 373 Appendix C • If you have a dynamic IP addres s click Automatically obtain IP address settings with and select dhcp from the drop down list. • If you have a static IP address click S tatically set IP Addresses and fill in the Address , Sub net mask , and Default Gateway Addr ess fields.
P-660H/HW/W-T Series User’ Guide Appendix C 374 1 Assuming that you have only one network card on the computer , locate the ifconfig - eth0 configuration file (where eth0 is the name of the Ethernet card). Open the configuration file with any plain text editor .
P-660H/HW/W-T Series User’ Guide 375 Appendix C Figure 254 Red Hat 9.0: Restart Eth ernet Card V erifying Settings Enter ifconfig in a terminal screen to ch eck your TCP/IP properties. Figure 255 Red Hat 9.0: Checking TCP/IP Properties [root@localhost init.
P-660H/HW/W-T Series User’ Guide Appendix D 376 Appendix D IP Subnetting IP Addressing Routers “route” based on the network number . The router that delivers the data pa cket to the correct destination host uses the host ID.
P-660H/HW/W-T Series User’ Guide 377 Appendix D Since the first octet of a class “A” IP address must contain a “0”, the first octet of a class “A” address can have a valu e of 0 to 127.
P-660H/HW/W-T Series User’ Guide Appendix D 378 Since the mask is always a continuous number of ones begin ning from the left, fo llowed by a continuous number of zeros for the remainder of the 32 bit mask, you can simply specify the number of ones instead of writing the value of each octet.
P-660H/HW/W-T Series User’ Guide 379 Appendix D Note: In the following chart s, shaded/bolded last o ctet bit values indicate host ID bit s “borrowed” to form network ID bits. The number of “borrowed” host ID bits determines the number of subnets you can have.
P-660H/HW/W-T Series User’ Guide Appendix D 380 Example: Four Subnet s The above exampl e illustrated using a 25-bit subne t mask to divide a class “C” address space into two subnets.
P-660H/HW/W-T Series User’ Guide 381 Appendix D Example Eight Subnet s Similarly use a 27-bit mask to create 8 subnets (001, 010, 01 1, 100, 101, 1 10). The following table shows class C IP ad dress last octet values for each subnet. The following table is a summary for class “C” subnet planning.
P-660H/HW/W-T Series User’ Guide Appendix D 382 Subnetting With Class A and Class B Networks. For class “A” and class “B” addresses the subnet ma sk also determines which bits are part of the network number and which are part of the h ost ID.
P-660H/HW/W-T Series User’ Guide 383 Appendix D.
P-660H/HW/W-T Series User’ Guide Appendix E 384 Appendix E Boot Commands The BootModule A T commands execute from wi thin the router ’ s bootup software, when debug mode is selected before the main router firmware is start ed.
P-660H/HW/W-T Series User’ Guide 385 Appendix E Figure 257 Boot Module Commands AT just answer OK ATHE print help ATBAx change baud rate. 1:38.4k, 2:19.
P-660H/HW/W-T Series User’ Guide Appendix F 386 Appendix F Command Interpreter The following describes how to use the comman d interpreter . Enter 24 in the main menu to bring up the system maintena nce menu. Enter 8 to go to Menu 24.8 - Command Interpr eter Mode .
P-660H/HW/W-T Series User’ Guide 387 Appendix F.
P-660H/HW/W-T Series User’ Guide Appendix G 388 Appendix G Firewall Commands The following describes the firewall commands. Table 138 Firewall Commands FUNCTION COMMAND DESCRIPTION Firewall Se tUp config edit firewall active <yes | no> This command turns the firewall on or off.
P-660H/HW/W-T Series User’ Guide 389 Appendix G config edit firewall e-mail return-addr <e-mail address> This command sets the source e-mail add ress of the firewall e-mails. config edit firewall e-mail email-to <e-mail address> This command sets the e-mail address to which the fire wall e-mails ar e sent.
P-660H/HW/W-T Series User’ Guide Appendix G 390 config edit firewall attack minute-low <0-255> This command sets the threshold of half-open sessions where the Prestige stops deleting half-opened sessions.
P-660H/HW/W-T Series User’ Guide 391 Appendix G Config edit firewall set <set #> log <yes | no> This command sets whether or not the Prestige creates logs for packet s that match the firewall’s default rule set.
P-660H/HW/W-T Series User’ Guide Appendix G 392 config edit firewall set <set #> rule <rule #> destaddr- range <start ip address> <end ip address> This command sets a rule to have the Prestige check for traffic going to this range of addresses.
P-660H/HW/W-T Series User’ Guide 393 Appendix G.
P-660H/HW/W-T Series User’ Guide Appendix H 394 Appendix H NetBIOS Filter Commands The following describes the Ne tBIOS packet filter commands. Introduction NetBIOS (Network Basic Input/Output System ) are TCP or UDP broadcast packets that enable a computer to connect to and communicate with a LAN.
P-660H/HW/W-T Series User’ Guide 395 Appendix H The filter types and their defa ult settings are as follows. NetBIOS Filter Configuration Syntax:sys filter netbios config <ty pe> <on|off>.
P-660H/HW/W-T Series User’ Guide Appendix H 396 sys filter netbios config 3 on This command blocks IPSec NetBIOS packets. sys filter netbios config 4 off This command stops NetBIOS commands from initiating calls.
P-660H/HW/W-T Series User’ Guide 397 Appendix H.
P-660H/HW/W-T Series User’ Guide Appendix I 398 Appendix I S plitters and Microfilters This appendix tells you how to install a POTS splitter or a telephone microfilter .
P-660H/HW/W-T Series User’ Guide 399 Appendix I 1 Connect a phone cable from the wall jack to the single jack end of the Y - Connector . 2 Connect a cable from the double jack end of the Y -Connector to th e “wall side” of the microfilter . 3 Connect another cable from the double jack end of the Y -Connec tor to the P restige.
P-660H/HW/W-T Series User’ Guide Appendix I 400.
P-660H/HW/W-T Series User’ Guide 401 Appendix I.
P-660H/HW/W-T Series User’ Guide Appendix J 402 Appendix J PPPoE PPPoE in Action An ADSL modem bridges a PPP session over Ethernet (PPP ov er Ethernet, RFC 2516) from your computer to an A TM PVC (Permanent V irt ual Circuit) which connects to a DSL Acce ss Concentrator where the PPP session terminates (see F igure 261 on p age 403 ).
P-660H/HW/W-T Series User’ Guide 403 Appendix J Figure 261 Single-Compute r per Router Hard ware Configuration How PPPoE W orks The PPPoE driver makes the Ethernet appea r as a serial link to the computer and the computer runs PPP over it, while the modem bridges the Ethernet frames to the Access Concentrator (AC).
P-660H/HW/W-T Series User’ Guide Appendix K 404 Appendix K Log Descriptions This appendix provides descrip tions of example log messages. Table 140 System Maintenance Logs LOG MESSAGE DESCRIPTION Time calibration is successful The router has adjusted its time based on informati on from the time server .
P-660H/HW/W-T Series User’ Guide 405 Appendix K Configuration Change: PC = 0x%x, Task ID = 0x%x The router is saving configuration changes. Successful SSH login Someone has logged on to the router ’s SSH server . SSH login failed Someone has failed to log on to the router ’s SSH server .
P-660H/HW/W-T Series User’ Guide Appendix K 406 Table 143 TCP Reset Lo gs LOG MESSAGE DESCRIPTION Under SYN flood attack, sent TCP RST The router sent a TCP reset packet when a host was u nder a SYN flood attack (the TCP incomplete count is per desti nation host.
P-660H/HW/W-T Series User’ Guide 407 Appendix K Table 145 ICMP Logs LOG MESSAGE DESCRIPTION Firewall default policy: ICMP <Packet Direction>, <type:%d>, <code:%d> ICMP access matched the default policy and was blocked or forwarded according to the user's setting.
P-660H/HW/W-T Series User’ Guide Appendix K 408 ppp:LCP Closing The PPP connection’s Link Control Protocol stage is closing. ppp:IPCP Closing The PPP connection’s Internet Protocol Control Protoc ol stage is closing. Table 148 UPnP Logs LOG MESSAGE DESCRIPTION UPnP pass through Firewall UPnP packets can pass through the firewall.
P-660H/HW/W-T Series User’ Guide 409 Appendix K Connecting to content filter server fail The connection to the external content fi ltering server failed.
P-660H/HW/W-T Series User’ Guide Appendix K 410 Table 151 IPSec Logs LOG MESSAGE DESCRIPTION Discard REPLAY packet The router re ceived and discarded a packet with an incorrect sequence number . Inbound packet authentication failed The router received a packet that has been altered.
P-660H/HW/W-T Series User’ Guide 411 Appendix K Cannot resolve Secure Gateway Addr for rule <%d> The router couldn’t resolve t he IP address from the domain name that was used for the secure gateway address.
P-660H/HW/W-T Series User’ Guide Appendix K 412 XAUTH fail! Username: <Username> The router was not able to use extended authentication to authenticate the listed username. Rule[%d] Phase 1 negotiation mode mismatch The listed rule’s IKE phase 1 negotiation mode did not ma tch between the router and the peer .
P-660H/HW/W-T Series User’ Guide 413 Appendix K Rule [%d] phase 2 mismatch The l isted rule’s IKE phase 2 di d not ma tch betwe en the router and the peer . Rule [%d] Phase 2 key length mismatch The listed rule’s IKE phase 2 key lengths (with the AES encryption algorithm) di d not match between the router and the peer .
P-660H/HW/W-T Series User’ Guide Appendix K 414 Rcvd data <size> too large! Max size allowed: <max size> The router received dire ctory data that was too large (the size is listed) from the LDAP server whose address and port are recorded in the Source field.
P-660H/HW/W-T Series User’ Guide 415 Appendix K 26 Database method failed. 27 Path was not verified. 28 Maximum path length reached. Table 155 802.1X Logs LOG MESSAGE DESCRIPTION Local User Database accepts user. A user was authenticated by the local user database.
P-660H/HW/W-T Series User’ Guide Appendix K 416 Table 156 ACL Setting Notes P ACKET DIRECTION DIRECTION DESCRIPTION (L to W) LAN to W AN ACL set for packet s traveling from the LAN to the W AN. (W to L) W AN to LAN ACL set for pa ckets traveling from the W AN to the LAN.
P-660H/HW/W-T Series User’ Guide 417 Appendix K The following table shows RFC-2408 ISAKMP payload types that the log displays. Please refer to the RFC for detailed information on each type.
P-660H/HW/W-T Series User’ Guide Appendix K 418 Log Commands Go to the command in terpreter interface. Configuring What Y ou W ant the Prestige to Log 1 Use the sys logs load command to load the log setting buffer that allows you to configure which logs the Prestige is to record.
P-660H/HW/W-T Series User’ Guide 419 Appendix K Use 0 to not record logs for that cate g ory , 1 to record only logs for that category , 2 to record only alerts for that category , and 3 to record both logs and alerts for that category . No t every parameter is available with every category .
P-660H/HW/W-T Series User’ Guide Appendix L 420 Appendix L Wireless LANs Wireless LAN T opologies This section discusses ad-hoc and in frastructure w ireless LAN topologies. Ad-hoc Wireless LAN Configuration The simplest WLAN configuration is an inde pendent (Ad-hoc) WLAN that connects a set of computers with wireless stations (A, B, C).
P-660H/HW/W-T Series User’ Guide 421 Appendix L Figure 266 Basic Service Set ESS An Extended Service Set (ESS) consists of a series of overlappi ng BSSs, each containing an access point, with each access point connected together by a wired network. This wired connection between APs is called a Distribution System (DS).
P-660H/HW/W-T Series User’ Guide Appendix L 422 Figure 267 Infrastructure WLAN Channel A channel is the radio frequency(ies) used by IEEE 802.1 1a/b/g wireless devices.
P-660H/HW/W-T Series User’ Guide 423 Appendix L Figure 268 RTS/ CT S When station A sends data to the AP , it migh t no t know that the station B is already using the channel.
P-660H/HW/W-T Series User’ Guide Appendix L 424 A large Fragmentation Thr eshold is reco mmended for networks not prone to interference while you should set a smaller thresh old for busy networks or ne tworks that are prone to interference.
P-660H/HW/W-T Series User’ Guide 425 Appendix L IEEE 802.1x In June 2001, the IEEE 802.1x st andard was designed to extend th e features of IEEE 802.1 1 to support extended authentication as well as providing additional accounting and control features.
P-660H/HW/W-T Series User’ Guide Appendix L 426 • Access-Challenge Sent by a RADIUS server requesting more information in order to allow access. The access point sends a proper response from the user and then sends another Access- Request message.
P-660H/HW/W-T Series User’ Guide 427 Appendix L EAP-TLS (T ransport Layer Security) W ith EAP-TLS, digital certifications are needed by both the server and the wireless stations for mutual authentication. The server presents a certificate to the client.
P-660H/HW/W-T Series User’ Guide Appendix L 428 For added security , certificate-based authen tications (EAP-TLS, EAP-TTLS and PEAP) use dynamic keys for data encryption. They are ofte n deployed in corp orate environments, but for public deployment, a simp le user name and p assword pair is more practical.
P-660H/HW/W-T Series User’ Guide 429 Appendix L The Message Integrity Check (MIC ) is designed to prevent an attacker from capturing data packets, altering them and resending them. The MIC provides a strong mathematical function in which the receiver and the transmitter each compute and then compare the MIC.
P-660H/HW/W-T Series User’ Guide Appendix M 430 A PPENDIX M Internal SPTGEN Internal SPTGEN Overview Internal SP TGEN (System Parame ter T able Generator) is a configuration text file useful for efficient configuration of multiple Prestiges.
P-660H/HW/W-T Series User’ Guide 431 Appendix M Some parameters are dependent on othe rs. For example, if you disable the Configur ed field in menu 1 (see Figure 269 on page 430 ), then you disable every field in this menu.
P-660H/HW/W-T Series User’ Guide Appendix M 432 Figure 272 Internal SP TGEN FTP Downl oad Exampl e Note: Y ou can rename your “ rom-t ” file when you save it to your computer but it must be named “ rom-t ” when you uplo ad it to your Prestige.
P-660H/HW/W-T Series User’ Guide 433 Appendix M The following ar e Internal SP TGEN screens asso ciated with the SMT scree ns of your Prestige. PV A Parameter V al ues Allowed INPUT An example of what you may enter * Applies to the Prestige.
P-660H/HW/W-T Series User’ Guide Appendix M 434 FIN FN PVA INPUT 30200001 = DHCP <0(None) | 1(Server) | 2(Relay)> = 0 30200002 = Client IP Pool Starting Address = 192.168.1.33 30200003 = Size of Client IP Pool = 32 30200004 = Primary DNS Server = 0.
P-660H/HW/W-T Series User’ Guide 435 Appendix M 30201008 = IP Alias #1 Incoming protocol filters Set 3 = 256 30201009 = IP Alias #1 Incoming protocol filters Set 4 = 256 30201010 = IP Alias #1 Outgo.
P-660H/HW/W-T Series User’ Guide Appendix M 436 30500004 = RTS Threshold <0 ~ 2432> = 2432 30500005 = FRAG. Threshold <256 ~ 2432> = 2432 30500006 = WEP <0(DISABLE) | 1(64-bit WEP) | .
P-660H/HW/W-T Series User’ Guide 437 Appendix M 40000002 = Active <0(No) | 1(Yes)> = 1 40000003 = ISP's Name = ChangeMe 40000004 = Encapsulation <2(PPPOE) | 3(RFC 1483)| 4(PPPoA )| 5(E.
P-660H/HW/W-T Series User’ Guide Appendix M 438 40000032= RIP Version <0(Rip-1) | 1(Rip-2B) |2(Rip-2M)> = 0 40000033= Nail ed-up Connection <0(No) |1(Yes)> = 0 Table 166 Menu 4 Internet Access Setup ( SMT Menu 4) (continued) Table 167 Menu 12 (SMT Menu 1 2) / Menu 12.
P-660H/HW/W-T Series User’ Guide 439 Appendix M / Menu 12.1.4 IP Static Route Setup (SMT Menu 12.1.4) FIN FN PVA INPUT 120104001 = IP Static Route set #4, Nam e <Str> = 120104002 = IP Static Route set #4, Act ive <0(No) |1(Yes)> = 0 120104003 = IP Static Route set #4, Des tination IP address = 0.
P-660H/HW/W-T Series User’ Guide Appendix M 440 120107006 = IP Static Route set #7, Metr ic = 0 120107007 = IP Static Route set #7, Priv ate <0(No) |1(Yes)> = 0 / Menu 12.
P-660H/HW/W-T Series User’ Guide 441 Appendix M 120111004 = IP Static Route set #11, Destination IP subnetmask = 0 120111005 = IP Static Route set #11, Ga teway = 0.0.0.0 120111006 = IP Static Route set #11, Me tric = 0 120111007 = IP Static Route set #11, Pr ivate <0(No) |1(Yes)> = 0 */ Menu 12.
P-660H/HW/W-T Series User’ Guide Appendix M 442 120115002 = IP Static Route set #15, Act ive <0(No) |1(Yes)> = 0 120115003 = IP Static Route set #15, Destination IP address = 0.0.0.0 120115004 = IP Static Route set #15, Destination IP subnetmask = 0 120115005 = IP Static Route set #15, Gat eway = 0.
P-660H/HW/W-T Series User’ Guide 443 Appendix M 150000014 = SUA Server #4 Port Start = 0 150000015 = SUA Server #4 Port End = 0 150000016 = SUA Server #4 Local IP address = 0.
P-660H/HW/W-T Series User’ Guide Appendix M 444 150000048 = SUA Server #11 Protocol <0(All)|6(TCP)|17(U DP)> = 0 150000049 = SUA Server #11 Port Start = 0 150000050 = SUA Server #11 Port End = 0 150000051 = SUA Server #11 Local IP address = 0.
P-660H/HW/W-T Series User’ Guide 445 Appendix M / Menu 21.1.1.2 set #1, rule #2 (SMT Menu 21.1.1.2) FIN FN PVA INPUT 210102001 = IP Filter Set 1,Rule 2 Type <2(TCP/IP)> = 2 210102002 = IP Filt.
P-660H/HW/W-T Series User’ Guide Appendix M 446 210103013 = IP Filter Set 1,Rule 3 Act Match <1(check next)|2(forward)| 3(drop) = 3 210103014 = IP Filter Set 1,Rule 3 Act Not Match <1(check next)|2(forward)| 3(drop) = 1 / Menu 21.1.1.4 set #1, rule #4 (SMT Menu 21.
P-660H/HW/W-T Series User’ Guide 447 Appendix M 210105009 = IP Filter Set 1,Rule 5 Src Subnet Mask = 0 210105010 = IP Filter Set 1,Rule 5 Src Port = 0 210105011 = IP Filter Set 1,Rule 5 Src Port Com.
P-660H/HW/W-T Series User’ Guide Appendix M 448 / Menu 21.1.2.1 Filter set #2, rule #1 (SMT Menu 21.1.2.1) FIN FN PVA INPUT 210201001 = IP Filter Set 2, Rule 1 Type <0(none)|2(TCP/IP)> = 2 210.
P-660H/HW/W-T Series User’ Guide 449 Appendix M 210202009 = IP Filter Set 2, Rule 2 Src Subnet Mask = 0 210202010 = IP Filter Set 2,Rule 2 Sr c Port = 0 210202011 = IP Filter Set 2, Rule 2 S rc Port.
P-660H/HW/W-T Series User’ Guide Appendix M 450 210204002 = IP Filter Set 2, Rule 4 Active <0(No)|1(Yes )> = 1 210204003 = IP Filter Set 2, Rule 4 Protocol = 17 210204004 = IP Filter Set 2, Rule 4 Dest IP address = 0.
P-660H/HW/W-T Series User’ Guide 451 Appendix M 210205011 = IP Filter Set 2, Rule 5 S rc Port Comp <0(none)|1(equal)|2 (not equal)|3(less)|4(gr eater)> = 0 210205013 = IP Filter Set 2, Rule 5 .
P-660H/HW/W-T Series User’ Guide Appendix M 452 Table 171 Menu 23 System Menus (SMT Me nu 23) */ Menu 23.1 System Password Setup ( SMT Menu 23.1) FIN FN PVA INPUT 230000000 = System Password = 1234 */ Menu 23.2 System security: radius server (SMT Menu 23.
P-660H/HW/W-T Series User’ Guide 453 Appendix M Command Examples The following are example Internal SP TGEN scr eens a ssociated with the Prestige’ s command interpreter commands.
P-660H/HW/W-T Series User’ Guide Appendix M 454 FIN FN PVA INPUT 990000001 = ADSL OPMD <0(etsi)|1(normal) |2(gdmt)|3(multimo de)> = 3 Table 173 Command Examples (continued) FIN FN PV A INPUT.
P-660H/HW/W-T Series User’ Guide 455 Appendix M.
P-660H/HW/W-T Series User’ Guide Index 456 Index Numerics 11 0 V A C 5 230V AC 5 A Abnormal Working Conditions 6 AC 5 Access methods 270 Accessories 5 Acts of God 6 Address Assignment 63 Address map.
P-660H/HW/W-T Series User’ Guide 457 Index Precedence 338 Precedence Example 338 CBR (Continuous Bit Rate) 97 CDR 302 CDR (Call Detail Record) 301 Certificate Authority 427 Certifications 4 change p.
P-660H/HW/W-T Series User’ Guide Index 458 Dynamic WEP key exchange 82 dynamic WEP key exchange 293 DYNDNS Wildcard 11 4 E EAP 70 EAP Authentication 426 EAP authentication 292 ECHO 106 Electric Shoc.
P-660H/HW/W-T Series User’ Guide 459 Index G Gas Pipes 5 Gateway 248 Gateway Node 252 General Setup 214 Generic filter 281 Germany , Cont act Infor mation 7 God, act of 6 H Half-Open Sessions 150 Ha.
P-660H/HW/W-T Series User’ Guide Index 460 Key management protocol 293 L Labor 6 LAN 297 LAN Setup 62 , 90 LAN TCP/IP 64 LAN to W AN Rules 134 LAND 121 , 122 Legal Rights 6 Liability 2 License 2 Lig.
P-660H/HW/W-T Series User’ Guide 461 Index O One-Minute High 150 Opening 5 Operating Condition 6 Operating frequency 227 Out-dated Warranty 6 Outlet 3 P Packet Error 297 Received 297 T ransmitted 29.
P-660H/HW/W-T Series User’ Guide Index 462 RADIUS 425 Configuring 87 Shared Secret Key 426 RADIUS Message T ypes 425 RADIUS Messages 425 RADIUS server 290 RAS 299 , 329 Rate Receiving 297 T ransmiss.
P-660H/HW/W-T Series User’ Guide 463 Index Shock, Electric 5 SMT Menu Overvi ew 209 SMTP 107 SMTP Error Messages 17 9 Smurf 122 , 123 SNMP 107 Community 288 Configuration 287 Get 287 GetNext 287 Man.
P-660H/HW/W-T Series User’ Guide Index 464 T raffic shaping 93 T ranslation 2 T ransmission Rates 43 TV T echnician 3 T ype of Service 328 , 330 , 331 , 332 U UBR (Unspecified Bit Rate) 97 UDP/ICMP .
P-660H/HW/W-T Series User’ Guide 465 Index X XMODEM protocol 307 Z Zero Configurati on Internet Access 43 Zero configuratio n Internet a ccess 94 ZyNOS 2 , 307 ZyNOS (ZyXEL Network Operating System).
An important point after buying a device ZyXEL Communications ADSL 2+ Gateway P-660HW-T1 (or even before the purchase) is to read its user manual. We should do this for several simple reasons:
If you have not bought ZyXEL Communications ADSL 2+ Gateway P-660HW-T1 yet, this is a good time to familiarize yourself with the basic data on the product. First of all view first pages of the manual, you can find above. You should find there the most important technical data ZyXEL Communications ADSL 2+ Gateway P-660HW-T1 - thus you can check whether the hardware meets your expectations. When delving into next pages of the user manual, ZyXEL Communications ADSL 2+ Gateway P-660HW-T1 you will learn all the available features of the product, as well as information on its operation. The information that you get ZyXEL Communications ADSL 2+ Gateway P-660HW-T1 will certainly help you make a decision on the purchase.
If you already are a holder of ZyXEL Communications ADSL 2+ Gateway P-660HW-T1, but have not read the manual yet, you should do it for the reasons described above. You will learn then if you properly used the available features, and whether you have not made any mistakes, which can shorten the lifetime ZyXEL Communications ADSL 2+ Gateway P-660HW-T1.
However, one of the most important roles played by the user manual is to help in solving problems with ZyXEL Communications ADSL 2+ Gateway P-660HW-T1. Almost always you will find there Troubleshooting, which are the most frequently occurring failures and malfunctions of the device ZyXEL Communications ADSL 2+ Gateway P-660HW-T1 along with tips on how to solve them. Even if you fail to solve the problem, the manual will show you a further procedure – contact to the customer service center or the nearest service center