Zyxel P-794M User Manual [ru]

Prestige 794M

SHDSL 4-Port Internet Security Gateway

User’s Guide

Version 1.00

10/2005

Edition 1

Prestige 794M User’s Guide

Copyright

The contents of this publication may not be reproduced in any part or as a whole, transcribed, stored in a retrieval system, translated into any language, or transmitted in any form or by any means, electronic, mechanical, magnetic, optical, chemical, photocopying, manual, or otherwise, without the prior written permission of ZyXEL Communications Corporation.

Disclaimer

ZyXEL does not assume any liability arising out of the application or use of any products, or software described herein. Neither does it convey any license under its patent rights nor the patent rights of others. ZyXEL further reserves the right to make changes in any products described herein without notice. This publication is subject to change without notice.

Trademarks

ZyNOS (ZyXEL Network Operating System) is a registered trademark of ZyXEL Communications, Inc. Other trademarks mentioned in this publication are used for identification purposes only and may be properties of their respective owners.

Prestige 794M User’s Guide

Federal Communications

Commission (FCC) Interference

Statement

This device complies with Part 15 of FCC rules. Operation is subject to the following two conditions:

• This device may not cause harmful interference.

• This device must accept any interference received, including interference that may cause undesired operations.

This equipment has been tested and found to comply with the limits for a Class B digital device pursuant to Part 15 of the FCC Rules. These limits are designed to provide reasonable protection against harmful interference in a commercial environment. This equipment generates, uses, and can radiate radio frequency energy, and if not installed and used in accordance with the instructions, may cause harmful interference to radio communications.

If this equipment does cause harmful interference to radio/television reception, which can be determined by turning the equipment off and on, the user is encouraged to try to correct the interference by one or more of the following measures:

• Reorient or relocate the receiving antenna.

• Increase the separation between the equipment and the receiver.

• Connect the equipment into an outlet on a circuit different from that to which the receiver is connected.

• Consult the dealer or an experienced radio/TV technician for help.

Notice 1

Changes or modifications not expressly approved by the party responsible for compliance could void the user's authority to operate the equipment.

Certifications

1 Go to www.zyxel.com.

2 Select your product from the drop-down list box on the

ZyXEL home page to go to that product's page.

3 Select the certification you wish to view from this page.

3 Federal Communications Commission (FCC) Interference Statement

Prestige 794M User’s Guide

Safety Warnings

For your safety, be sure to read and follow all warning notices and instructions.

• Do NOT open the device or unit. Opening or removing covers can expose you to dangerous high voltage points or other risks. ONLY qualified service personnel can service the device. Please contact your vendor for further information.

• Connect the power cord to the right supply voltage (110V AC in North America or 230V AC in Europe).

• Place connecting cables carefully so that no one will step on them or stumble over them. Do NOT allow anything to rest on the power cord and do NOT locate the product where anyone can walk on the power cord.

• If you wall mount your device, make sure that no electrical, gas or water pipes will be damaged.

• Do NOT install nor use your device during a thunderstorm. There may be a remote risk of electric shock from lightning.

• Do NOT expose your device to dampness, dust or corrosive liquids.

• Do NOT use this product near water, for example, in a wet basement or near a swimming pool.

• Make sure to connect the cables to the correct ports.

• Do NOT obstruct the device ventilation slots, as insufficient airflow may harm your device.

• Do NOT store things on the device.

• Connect ONLY suitable accessories to the device.

Safety Warnings 4

Prestige 794M User’s Guide

ZyXEL warrants to the original end user (purchaser) that this product is free from any defects in materials or workmanship for a period of up to two years from the date of purchase. During the warranty period, and upon proof of purchase, should the product have indications of failure due to faulty workmanship and/or materials, ZyXEL will, at its discretion, repair or replace the defective products or components without charge for either parts or labor, and to whatever extent it shall deem necessary to restore the product or components to proper operating condition. Any replacement will consist of a new or re-manufactured functionally equivalent product of equal value, and will be solely at the discretion of ZyXEL. This warranty shall not apply if the product is modified, misused, tampered with, damaged by an act of God, or subjected to abnormal working conditions.

Note

Repair or replacement, as provided under this warranty, is the exclusive remedy of the purchaser. This warranty is in lieu of all other warranties, express or implied, including any implied warranty of merchantability or fitness for a particular use or purpose. ZyXEL shall in no event be held liable for indirect or consequential damages of any kind of character to the purchaser.

ZyXEL Limited Warranty

To obtain the services of this warranty, contact ZyXEL's Service Center for your Return Material Authorization number (RMA). Products must be returned Postage Prepaid. It is recommended that the unit be insured when shipped. Any returned products without proof of purchase or those with an out-dated warranty will be repaired or replaced (at the discretion of ZyXEL) and the customer will be billed for parts and labor. All repaired or replaced products will be shipped by ZyXEL to the corresponding return address, Postage Paid. This warranty gives you specific legal rights, and you may also have other rights that vary from country to country.

Safety Warnings

1 To reduce the risk of fire, use only No. 26 AWG or larger telephone wire.

2 Do not use this product near water, for example, in a wet basement or near a swimming

pool.

3 Avoid using this product during an electrical storm. There may be a remote risk of

electric shock from lightening.

5 ZyXEL Limited Warranty

Prestige 794M User’s Guide

Customer Support

Please have the following information ready when you contact customer support.

• Product model and serial number.

• Warranty Information.

• Date that you received your device.

• Brief description of the problem and the steps you took to solve it.

METHOD

LOCATION

CORPORATE HEADQUARTERS (WORLDWIDE)

CZECH REPUBLIC

DENMARK

FINLAND

FRANCE

GERMANY

HUNGARY

KAZAKHSTAN

NORTH AMERICA

NORWAY

SUPPORT E-MAIL TELEPHONE

SALES E-MAIL FAX FTP SITE

support@zyxel.com.tw +886-3-578-3942 www.zyxel.com

sales@zyxel.com.tw +886-3-578-2439 ftp.zyxel.com

info@cz.zyxel.com +420-241-091-350 www.zyxel.cz ZyXEL Communications

info@cz.zyxel.com +420-241-091-359

support@zyxel.dk +45-39-55-07-00 www.zyxel.dk ZyXEL Communications A/S

sales@zyxel.dk +45-39-55-07-07

support@zyxel.fi +358-9-4780-8411 www.zyxel.fi ZyXEL Communications Oy

sales@zyxel.fi +358-9-4780 8448

info@zyxel.fr +33-4-72-52-97-97 www.zyxel.fr ZyXEL France

+33-4-72-52-19-20

support@zyxel.de +49-2405-6909-0 www.zyxel.de ZyXEL Deutschland GmbH.

sales@zyxel.de +49-2405-6909-99

support@zyxel.hu +36-1-3361649 www.zyxel.hu ZyXEL Hungary

info@zyxel.hu +36-1-3259100

http://zyxel.kz/support +7-3272-590-698 www.zyxel.kz ZyXEL Kazakhstan

sales@zyxel.kz +7-3272-590-689

support@zyxel.com 1-800-255-4101

+1-714-632-0882

sales@zyxel.com +1-714-632-0858 ftp.us.zyxel.com

support@zyxel.no +47-22-80-61-80 www.zyxel.no ZyXEL Communications A/S

sales@zyxel.no +47-22-80-61-81

WEB SITE

www.europe.zyxel.com

ftp.europe.zyxel.com

www.us.zyxel.com ZyXEL Communications Inc.

REGULAR MAIL

ZyXEL Communications Corp. 6 Innovation Road II

Science Park Hsinchu 300 Ta iw a n

Czech s.r.o. Modranská 621 143 01 Praha 4 - Modrany Ceská Republika

Columbusvej 2860 Soeborg Denmark

Malminkaari 10 00700 Helsinki Finland

1 rue des Vergers Bat. 1 / C 69760 Limonest France

Adenauerstr. 20/A2 D-52146 Wuerselen Germany

48, Zoldlomb Str. H-1025, Budapest Hungary

43, Dostyk ave.,Office 414 Dostyk Business Centre 050010, Almaty Republic of Kazakhstan

1130 N. Miller St. Anaheim CA 92806-2001 U.S.A.

Nils Hansens vei 13 0667 Oslo Norway

Customer Support 6

Prestige 794M User’s Guide

METHOD

LOCATION

POLAND

RUSSIA

SPAIN

SWEDEN

UKRAINE

UNITED KINGDOM

a. “+” is the (prefix) number you enter to make an international telephone call.

SUPPORT E-MAIL TELEPHONE

SALES E-MAIL FAX FTP SITE

info@pl.zyxel.com +48-22-5286603 www.pl.zyxel.com ZyXEL Communications

+48-22-5206701

http://zyxel.ru/support +7-095-542-89-29 www.zyxel.ru ZyXEL Russia

sales@zyxel.ru +7-095-542-89-25

support@zyxel.es +34-902-195-420 www.zyxel.es ZyXEL Communications

sales@zyxel.es +34-913-005-345

support@zyxel.se +46-31-744-7700 www.zyxel.se ZyXEL Communications A/S

sales@zyxel.se +46-31-744-7701

support@ua.zyxel.com +380-44-247-69-78 www.ua.zyxel.com ZyXEL Ukraine

sales@ua.zyxel.com +380-44-494-49-32

support@zyxel.co.uk +44-1344 303044

08707 555779 (UK only)

sales@zyxel.co.uk +44-1344 303034 ftp.zyxel.co.uk

WEB SITE

REGULAR MAIL

ul.Emilli Plater 53 00-113 Warszawa Poland

Ostrovityanova 37a Str. Moscow, 117279 Russia

Alejandro Villegas 33 1º, 28043 Madrid Spain

Sjöporten 4, 41764 Göteborg Sweden

13, Pimonenko Str. Kiev, 04050 Ukraine

www.zyxel.co.uk ZyXEL Communications UK

Ltd.,11 The Courtyard, Eastern Road, Bracknell, Berkshire, RG12 2XB, United Kingdom (UK)

7 Customer Support

Prestige 794M User’s Guide

Copyright ..................................................................................................................2

Federal Communications Commission (FCC) Interference Statement ............... 3

Safety Warnings ....................................................................................................... 4

ZyXEL Limited Warranty.......................................................................................... 5

Customer Support.................................................................................................... 6

Table of Contents ..................................................................................................... 8

List of Figures ........................................................................................................ 14

List of Tables .......................................................................................................... 16

Preface ....................................................................................................................18

Chapter 1

Introduction ...........................................................................................................20

1.1 About Your Prestige ..........................................................................................20

1.2 Features ............................................................................................................20

1.3 Applications .......................................................................................................22

1.3.1 Internet Access .........................................................................................22

1.3.2 Firewall for Secure Broadband Internet Access .......................................23

1.3.3 VPN Application ........................................................................................23

1.3.4 LAN-to-LAN Application ............................................................................23

1.4 Hardware Connection ........................................................................................24

1.4.1 Front Panel .............................................................................................24

1.5 Rear Panel ........................................................................................................25

Chapter 2

The Web Configurator ........................................................................................... 26

2.1 Overview ............................................................................................................26

2.2 Accessing the Web Configurator .......................................................................26

2.3 Resetting the Prestige .......................................................................................27

2.3.1 Procedure To Use The Reset Button ........................................................27

2.4 Navigating the Web Configurator .......................................................................27

2.4.1 The Status Screen ...................................................................................27

2.5 System Status ...................................................................................................28

2.6 ARP Table .........................................................................................................29

Table of Contents 8

Prestige 794M User’s Guide

2.6.1 How ARP Works .....................................................................................29

2.7 Routing Table ...................................................................................................30

2.7.1 PPTP Status ...........................................................................................31

2.7.2 IPSec Status ...........................................................................................31

2.7.3 L2TP Status ............................................................................................32

2.7.4 Email Status ............................................................................................33

2.7.5 Event Log ................................................................................................33

2.7.6 Error Log .................................................................................................34

2.7.7 NAT Sessions .........................................................................................35

2.8 Internet Access Quick Start Setup ...................................................................35

2.8.1 Auto Scan ...............................................................................................37

Chapter 3

LAN .........................................................................................................................38

3.1 Overview ............................................................................................................38

3.2 LAN TCP/IP ........................................................................................................38

3.2.1 Factory LAN Defaults ...............................................................................38

3.2.2 IP Address and Subnet Mask ...................................................................38

3.2.3 RIP ............................................................................................................39

3.3 The Ethernet Screen ..........................................................................................39

3.4 Ethernet Client Filter .........................................................................................40

3.4.1 Ethernet Client Filter Candidates .............................................................41

3.5 Port Setting .......................................................................................................42

3.6 DHCP .................................................................................................................43

3.6.1 IP Pool Setup ............................................................................................43

3.6.2 DNS Servers .............................................................................................43

3.6.3 DHCP Setup .............................................................................................43

3.6.4 DHCP Relay Agent ...................................................................................46

3.6.3.1 Disable DHCP ................................................................................44

3.6.3.2 DHCP Server Setup ........................................................................44

Chapter 4

WAN......................................................................................................................... 48

4.1 Overview ............................................................................................................48

4.1.1 Encapsulation Types .................................................................................48

4.1.1.1 RFC 1483 .......................................................................................48

4.1.1.2 PPPoE .............................................................................................48

4.1.1.3 PPPoA .............................................................................................49

4.1.1.4 IPoA ................................................................................................49

4.2 ISP .....................................................................................................................49

4.2.1 Edit Settings .............................................................................................50

4.2.1.1 Advanced PPP Options ...................................................................51

4.2.2 Change Connection Type .........................................................................53

9 Table of Contents

Prestige 794M User’s Guide

4.3 DNS ...................................................................................................................54

4.4 SHDSL Parameters ............................................................................................55

Chapter 5

System .................................................................................................................... 58

5.1 Overview ............................................................................................................58

5.2 Time Zone ..........................................................................................................58

5.3 Remote Access ..................................................................................................59

5.4 Firmware Upgrade ............................................................................................60

5.5 Backup/Restore ................................................................................................60

5.6 Restart Router ....................................................................................................61

5.7 User Management ..............................................................................................62

5.7.1 Create a New User Account .....................................................................62

Chapter 6

Firewall....................................................................................................................64

6.1 Overview ...........................................................................................................64

6.2 Types of Firewalls ..............................................................................................64

6.2.1 Packet Filtering Firewalls ..........................................................................64

6.2.2 Application-level Firewalls ........................................................................64

6.2.3 Stateful Inspection Firewalls .....................................................................65

6.3 General Settings ................................................................................................66

6.4 Packet Filter .......................................................................................................67

6.4.1 Add a New TCP/UDP Packet Filter ..........................................................69

6.4.2 Add a New Raw Packet Filter ...................................................................70

6.5 Intrusion Detection .............................................................................................71

6.6 URL Filter ...........................................................................................................73

6.6.1 Keywords Filtering ...................................................................................74

6.6.2 Domain Filtering .......................................................................................75

6.7 Firewall Log .......................................................................................................76

Chapter 7

VPN..........................................................................................................................78

7.1 Overview ............................................................................................................78

7.2 PPTP ..................................................................................................................78

7.2.1 PPTP Summary .......................................................................................78

7.2.2 Creating a PPTP VPN Rule ......................................................................79

7.2.2.1 Remote Access Connection ..........................................................79

7.2.2.2 LAN to LAN Connection .................................................................81

7.3 IPSec ..................................................................................................................83

7.3.1 AH (Authentication Header) .....................................................................83

7.3.2 ESP (Encapsulating Security Payload) ....................................................83

7.3.3 Perfect Forward Secrecy (PFS) ...............................................................84

Table of Contents 10

Prestige 794M User’s Guide

7.3.4 Pre-Shared Key ........................................................................................84

7.3.5 IPSec VPN Summary ..............................................................................84

7.3.6 IPSec VPN Configuration ........................................................................85

7.4 L2TP ..................................................................................................................87

7.4.1 Creating a New L2TP Rule .......................................................................88

7.5 VPN Example ....................................................................................................93

7.5.1 Example: Remote PPTP VPN Dial-in Connection ....................................93

7.5.2 Example: Remote PPTP VPN Dial-out Connection ..................................94

Chapter 8

QoS (Quality of Service) ........................................................................................ 96

8.1 Overview ............................................................................................................96

8.1.1 Prioritization .............................................................................................96

8.2 IP Throttling ......................................................................................................98

8.3 QoS Example ...................................................................................................100

8.3.1 Example Prioritization with QoS ............................................................100

8.3.2 Rate Limiting with IP Throttling Example ...............................................101

8.4 Time Schedule ................................................................................................101

8.4.1 Configuring a Time Schedule .................................................................102

7.4.1.1 Remote Access L2TP Connection .................................................88

7.4.1.2 LAN to LAN L2TP Connection .......................................................90

Chapter 9

Static Route ..........................................................................................................104

9.1 Overview .........................................................................................................104

9.2 Configuration ....................................................................................................104

Chapter 10

Dynamic DNS........................................................................................................ 106

10.1 Overview ........................................................................................................106

10.1.1 Configuration ........................................................................................106

Chapter 11

Check Emails........................................................................................................108

11.1 Overview ........................................................................................................108

11.2 Configuring .....................................................................................................108

Chapter 12

Device Management............................................................................................. 110

12.1 Overview .......................................................................................................110

12.1.1 Universal Plug and Play (UPnP) ...........................................................110

12.1.1.1 How do I know if I'm using UPnP? .............................................. 110

12.1.1.2 Cautions with UPnP .................................................................... 110

11 Table of Contents

Prestige 794M User’s Guide

12.1.2 SNMP .................................................................................................. 110

12.1.2.1 SNMPv3 ..................................................................................... 111

12.1.2.2 SNMP Traps and MIBs .............................................................. 112

12.2 The Device Management Screen ................................................................... 112

12.3 IGMP ............................................................................................................. 115

Index...................................................................................................................... 116

Table of Contents 12

Prestige 794M User’s Guide

13 Table of Contents

Prestige 794M User’s Guide

List of Figures

Figure 1 Application: Internet Access .................................................................... 22

Figure 2 Application: Firewall ................................................................................ 23

Figure 3 Application: VPN ..................................................................................... 23

Figure 4 Application: LAN-to-LAN ......................................................................... 24

Figure 5 Front Panel: LEDs ................................................................................... 24

Figure 6 Rear Panel ............................................................................................. 25

Figure 7 Web Configurator: Login ......................................................................... 26

Figure 8 Web Configurator: Status ....................................................................... 27

Figure 9 Status: ARP Table ................................................................................... 29

Figure 10 Status: Routing Table ............................................................................ 30

Figure 11 Status: PPTP Status .............................................................................. 31

Figure 12 Status: IPSec Status ............................................................................. 31

Figure 13 Status: L2TP Status .............................................................................. 32

Figure 14 Status: Email Status ............................................................................. 33

Figure 15 Event Log .............................................................................................. 34

Figure 16 Status: Error Log ................................................................................... 34

Figure 17 Status: NAT Session ............................................................................. 35

Figure 18 Quick Start ............................................................................................ 36

Figure 19 Quick Start: Auto Scan ......................................................................... 37

Figure 20 LAN: Ethernet ....................................................................................... 40

Figure 21 LAN: Ethernet Client Filter .................................................................... 41

Figure 22 LAN: Ethernet Client Filter: Active PC in LAN ....................................... 41

Figure 23 LAN: Port Setting .................................................................................. 42

Figure 24 LAN: DHCP Server ............................................................................... 44

Figure 25 LAN: DHCP Server: Disable ................................................................. 44

Figure 26 LAN: DHCP Server: DHCP ................................................................... 45

Figure 27 LAN: DHCP Server: DHCP: Fixed Host ................................................ 46

Figure 28 LAN: DHCP Server: DHCP Relay Agent .............................................. 47

Figure 29 WAN: ISP .............................................................................................. 49

Figure 30 WAN: ISP: Edit ..................................................................................... 50

Figure 31 WAN: Edit: Advanced PPP Options ...................................................... 52

Figure 32 ISP: Change Connection Type .............................................................. 53

Figure 33 ISP: Change Connection Type Settings (RFC 1483 Routed) ............... 54

Figure 34 DNS ...................................................................................................... 55

Figure 35 SHDSL ................................................................................................... 55

Figure 36 System: Time Zone ............................................................................... 58

Figure 37 System: Remote Access ...................................................................... 59

Figure 38 System: Firmware Upgrade .................................................................. 60

List of Figures 14

Prestige 794M User’s Guide

Figure 39 System: Firmware Upgrade: Progress .................................................. 60

Figure 40 System: Firmware Upgrade: Device Configuration Option ................... 60

Figure 41 System: Configuration Backup/Restore ................................................ 61

Figure 42 System: Restart .................................................................................... 61

Figure 43 System: User Management .................................................................. 62

Figure 44 System: User Management: Edit Account ............................................ 63

Figure 45 Firewall: General Settings ..................................................................... 66

Figure 46 Firewall: Packet Filter ............................................................................ 68

Figure 47 Firewall: Packet Filters: Add TCP/UDP Filter ........................................ 69

Figure 48 Firewall: Packet Filters: Add Raw Filter ................................................ 70

Figure 49 Firewall: Intrusion Detection .................................................................. 72

Figure 50 Firewall: URL Filter ............................................................................... 74

Figure 51 Firewall: URL Filter: Keywords Filtering ................................................ 75

Figure 52 Firewall: URL Filter: Domains Filtering ................................................. 75

Figure 53 Firewall: Firewall Logs .......................................................................... 76

Figure 54 VPN: PPTP ........................................................................................... 78

Figure 55 VPN: PPTP ........................................................................................... 79

Figure 56 VPN: PPTP: Remote Access ............................................................... 79

Figure 57 VPN: PPTP: LAN to LAN Connection .................................................. 81

Figure 58 IPSec Summary ................................................................................... 84

Figure 59 IPSec: Create ........................................................................................ 85

Figure 60 VPN: L2TP ............................................................................................ 87

Figure 61 VPN: L2TP: Create ............................................................................... 88

Figure 62 L2TP: Remote Access Connection ....................................................... 88

Figure 63 L2TP: LAN to LAN Connection ............................................................. 91

Figure 64 Remote PPTP VPN Dial-in Network Example ...................................... 93

Figure 65 Remote PPTP VPN Dial-In Configuration Example .............................. 94

Figure 66 PPTP: Remote VPN Dial-out Access .................................................... 94

Figure 67 PPTP VPN Example: Configuration for the Office ................................ 95

Figure 68 QoS: Prioritization ................................................................................. 97

Figure 69 QoS: Outbound IP Throttling ................................................................. 99

Figure 70 QoS Network Example .......................................................................... 100

Figure 71 QoS: Prioritization Example .................................................................. 100

Figure 72 Rating Limiting with IP Throttling Example ........................................... 101

Figure 73 Configuration: Time Schedule ............................................................... 102

Figure 74 Configuration: Time Schedule: Edit ........................................................ 102

Figure 75 Static Route: Network Example ] ........................................................... 104

Figure 76 Advanced: Static Route ......................................................................... 104

Figure 77 Advanced: Dynamic DNS .................................................................... 106

Figure 78 Advanced: Check Emails ....................................................................... 108

Figure 79 SNMP Management Model ................................................................... 111

Figure 80 Advanced: Device Management ........................................................... 113

Figure 81 Advanced: IGMP ................................................................................... 115

15 List of Figures

Prestige 794M User’s Guide

List of Tables

Table 1 Front Panel: LEDs .................................................................................... 24

Table 2 Rear Panel ................................................................................................ 25

Table 3 Status ........................................................................................................ 28

Table 4 Status: ARP Table ..................................................................................... 30

Table 5 Status: Routing Table ................................................................................ 30

Table 6 Status: PPTP Status ................................................................................. 31

Table 7 Status: IPSec Status ................................................................................. 32

Table 8 Status: L2TP Status .................................................................................. 32

Table 9 Status: Email Status .................................................................................. 33

Table 10 Status: Error Log ..................................................................................... 34

Table 11 Status: NAT Session ............................................................................... 35

Table 12 Quick Start .............................................................................................. 36

Table 13 LAN: Ethernet ......................................................................................... 40

Table 14 LAN: Ethernet Client Filter ...................................................................... 41

Table 15 LAN: Ethernet Client Filter: Active PC in LAN ........................................ 42

Table 16 LAN: Port Setting .................................................................................... 42

Table 17 LAN: DHCP Server ................................................................................. 44

Table 18 LAN: DHCP Server: DHCP ..................................................................... 45

Table 19 LAN: DHCP Server: DHCP: Fixed Host ................................................. 46

Table 20 LAN: DHCP Server: DHCP Relay Agent ................................................ 47

Table 21 WAN: ISP ................................................................................................ 49

Table 22 WAN: ISP: Edit (PPPoE) ........................................................................ 50

Table 23 WAN: Edit: Advanced PPP Options ........................................................ 52

Table 24 DNS ........................................................................................................ 55

Table 25 SHDSL .................................................................................................... 56

Table 26 System: Time Zone ................................................................................. 59

Table 27 System: User Management .................................................................... 62

Table 28 System: User Management: Edit Account .............................................. 63

Table 29 Firewall: General Settings ...................................................................... 66

Table 30 Pre-defined Port Filter ............................................................................ 67

Table 31 Firewall: Packet Filter ............................................................................. 68

Table 32 Firewall: Packet Filters: Add TCP/UDP Filter ......................................... 69

Table 33 Firewall: Packet Filters: Add Raw Filter .................................................. 70

Table 34 IDS: Detectable Attacks ........................................................................ 71

Table 35 Firewall: Intrusion Detection ................................................................... 73

Table 36 Firewall: URL Filter ................................................................................. 74

Table 37 Firewall: URL Filter: Keywords Filtering ................................................. 75

Table 38 Firewall: URL Filter: Domains Filtering ................................................... 76

List of Tables 16

Prestige 794M User’s Guide

Table 39 Firewall: Firewall Logs ............................................................................ 76

Table 40 VPN: PPTP ............................................................................................. 79

Table 41 VPN: PPTP: Remote Access .................................................................. 80

Table 42 VPN PPTP: LAN to LAN Connection ...................................................... 81

Table 43 ESP and AH ........................................................................................... 83

Table 44 VPN Rules (IKE): Add Policy .................................................................. 85

Table 45 VPN: PPTP ............................................................................................. 87

Table 46 VPN: L2TP: Create: Remote Access Connection .................................. 89

Table 47 VPN: L2TP: Create: LAN to LAN ............................................................ 91

Table 48 Remote PPTP VPN Dial-In Configuration Example ................................ 94

Table 49 Remote PPTP VPN Dial-In Configuration Example ................................ 95

Table 50 QoS: Prioritization ................................................................................... 97

Table 51 DSCP Mapping ....................................................................................... 98

Table 52 QoS: Outbound/Inbound IP Throttling .................................................... 99

Table 53 Rate Limiting with IP Throttling Example ................................................ 101

Table 54 Configuration: Time Schedule ................................................................ 102

Table 55 Configuration: Time Schedule: Edit ........................................................ 103

Table 56 Advanced: Static Route .......................................................................... 105

Table 57 Advanced: Dynamic DNS ....................................................................... 107

Table 58 Advanced: Check Emails ........................................................................ 108

Table 59 MIBs and Attributes ................................................................................ 112

Table 60 Advanced: Device Management ............................................................. 113

Table 61 Advanced: IGMP .................................................................................... 115

17 List of Tables

Prestige 794M User’s Guide

Preface

Congratulations on your purchase of the Prestige 794M.

Note: Register your product online to receive e-mail notices of firmware upgrades and

information at North American products.

Your Prestige is easy to install and configure.

About This User's Guide

This manual is designed to guide you through the configuration of your Prestige for its various applications using the web-based configurator.

1.1 About Your Prestige

Your Prestige integrates high-speed 10/100Mbps auto-negotiating LAN interface(s) and a high-speed SHDSL port into a single package. The Prestige is ideal for high-speed Internet browsing and making LAN-to-LAN connections to remote networks. The Prestige is also an SHDSL router.

By integrating SHDSL and NAT, the Prestige provides ease of installation and Internet access. The Prestige is also a complete security solution with a robust firewall and content filtering.

Prestige 794M User’s Guide

CHAPTER 1

Introduction

1.2 Features

The following sections describe the features of the Prestige.

Multi-Mode Standard

Your Prestige supports symmetric data rates of up to 4.6Mbps. It also supports rate management that allows subscribers to select a speed to fit their needs and budgets. The Prestige uses the ITU standard PAM16 Line Code, complies with G.991.2 and G.994.1 standards.

10/100M Auto-negotiating Ethernet/Fast Ethernet Interface(s)

This auto-negotiation feature allows the Prestige to detect the speed of incoming transmissions and adjust appropriately without manual intervention. It allows data transfer of either 10 Mbps or 100 Mbps in either half-duplex or full-duplex mode depending on your Ethernet network.

4-Port Switch

A combination of switch and router makes your Prestige a cost-effective and viable network solution. You can connect up to four computers to the Prestige without the cost of a hub. Use a hub to add more than four computers to your LAN.

Encapsulation

The Prestige supports PPPoA (RFC 2364 - PPP over ATM Adaptation Layer 5), RFC 1483 encapsulation over ATM, MAC encapsulated routing (ENET encapsulation), IPoA (RFC1577) as well as PPP over Ethernet (RFC 2516).

Chapter 1 Introduction 20

Prestige 794M User’s Guide

Multiplexing

The Prestige supports VC-based and LLC-based multiplexing.

Full Network Management

The embedded web configurator is an all-platform web-based utility that allows you to easily access the Prestige’s management settings. Most functions of the Prestige are also configurable via the CLI (Command Line Interface) over a telnet/console connection.

Universal Plug and Play (UPnP)

Using the standard TCP/IP protocol, the Prestige and other UPnP enabled devices can dynamically join a network, obtain an IP address and convey its capabilities to other devices on the network.

Network Address Translation (NAT)

Network Address Translation (NAT) allows the translation of an Internet protocol address used within one network (for example a private IP address used in a local network) to a different IP address known within the Internet).

another network (for example a public IP address used on

Firewall

The Prestige is a stateful inspection firewall with DoS (Denial of Service) protection. By default, when the firewall is activated, all incoming traffic from the WAN to the LAN is blocked unless it is initiated from the LAN. The Prestige firewall supports TCP/UDP inspection, DoS detection and prevention, real time alerts, reports and logs.

Content Filtering

The Prestige can block web features such as ActiveX controls, Java applets and cookies, as well as disable web proxies. The Prestige can block or allow access to web sites that you specify. The Prestige can also block access to web sites containing keywords that you specify. You can define time periods and days during which content filtering is enabled and include or exclude a range of users on the LAN from content filtering.

Packet Filtering

The packet filtering mechanism blocks unwanted traffic from entering/leaving your network.

Dynamic DNS (DDNS)

With Dynamic DNS support, you can have a static hostname alias for a dynamic IP address, allowing the host to be more easily accessible from various locations on the Internet. You must register for this service with a Dynamic DNS service provider.

21 Chapter 1 Introduction

Prestige 794M User’s Guide

VPN

Establish a Virtual Private Network (VPN) to connect with business partners and branch offices using data encryption and the Internet to provide secure communications without the expense of leased site-to-site lines. The Prestige VPN is based on the IPSec standard and is fully interoperable with other IPSec-based VPN products.

DHCP (Dynamic Host Configuration Protocol)

DHCP (Dynamic Host Configuration Protocol) allows the individual client computers to obtain the TCP/IP configuration at start-up from a centralized DHCP server. The Prestige has built-in DHCP server capability, disabled by default, which means it can assign IP addresses, an IP default gateway and DNS servers to all systems that support the DHCP client.

SNMP

SNMP (Simple Network Management Protocol) is a protocol used for exchanging management information between network devices. SNMP is a member of the TCP/IP protocol suite. Your Prestige supports SNMP agent functionality, which allows a manager station to manage and monitor the Prestige through the network.

Firmware Upgradeable

The firmware of the Prestige can be upgraded via the web configurator.

1.3 Applications

Here are some examples of what you can do with your Prestige.

1.3.1 Internet Access

The Prestige is the ideal high-speed Internet access solution. Your Prestige supports the TCP/ IP protocol, which the Internet uses exclusively. It is compatible with all major DSL DSLAM (Digital Subscriber Line Access Multiplexer) providers. A DSLAM is a rack of DSL line cards with data multiplexed into a backbone network interface/connection (for example, T1, OC3, DS3, ATM or Frame Relay). Think of it as the equivalent of a modem rack for SHDSL.

Figure 1 Application: Internet Access

Chapter 1 Introduction 22

Prestige 794M User’s Guide

1.3.2 Firewall for Secure Broadband Internet Access

The Prestige provides protection from attacks by Internet hackers. By default, the firewall blocks all incoming traffic from the WAN. The firewall supports TCP/UDP inspection and DoS (Denial of Services) detection and prevention, as well as real time alerts, reports and logs.

Figure 2 Application: Firewall

1.3.3 VPN Application

The Prestige’s VPN feature makes it an ideal cost-effective way to connect branch offices and business partners over the Internet without the need (and expense) for leased lines between sites. VPN ensures the privacy and integrity of your data transmissions.

Figure 3 Application: VPN

1.3.4 LAN-to-LAN Application

You can use the Prestige to connect two geographically dispersed networks over the SHDSL line. A typical LAN-to-LAN application for your Prestige is shown as follows.

23 Chapter 1 Introduction

Figure 4 Application: LAN-to-LAN

1.4 Hardware Connection

Refer to the Quick Start Guide for more information on hardware connection and initial setup using the Quick Start screen.

1.4.1 Front Panel

Prestige 794M User’s Guide

The following figure shows the front panel LEDs.

Figure 5 Front Panel: LEDs

The following table describes the LEDs.

Table 1 Front Panel: LEDs

LED COLOR STATUS DESCRIPTION

PWR Green On The Prestige is turned on.

Off The Prestige is turned off.

SYS Green On The Prestige is ready and working properly.

Flashing The Prestige is starting up or rebooting.

Off The Prestige is not ready.

Chapter 1 Introduction 24

Prestige 794M User’s Guide

Table 1 Front Panel: LEDs (continued)

LED COLOR STATUS DESCRIPTION

LAN 1..4 Orange On The Prestige has a successful 10Mbps Ethernet connection.

Green On The Prestige has a successful 100Mbps Ethernet connection.

LINE 1, 2 Green On The Prestige has a successful SHDSL link.

1.5 Rear Panel

The following figure shows the rear panel of the Prestige.

Figure 6 Rear Panel

Flashing The 10M LAN is sending or receiving packets.

Flashing The 100M LAN is sending or receiving packets.

Off The LAN is not connected.

Off The SHDSL link is down or not connected.

The following table describes the ports.

Table 2 Rear Panel

LABEL DESCRIPTION

LAN 1..4 (RJ-45 connector)

CONSOLE Only connect this port if you want to configure the Prestige via console port.

LINE 1..2 Connect to a telephone jack using the included telephone cable.

RESET You only need to use this button if you’ve forgotten the Prestige’s password. It

PWR Connect to a power source using only the included power adaptor for your region.

Power Switch After you’ve made the connections and connect the power adaptor to a power

Connect a computer to this port with an Ethernet cable. This port is autonegotiating (can connect at 10 or 100Mbps) and auto-crossover (automatically adjust to straight-through or crossover Ethernet cable).

Connect one end of the console cable to the console port of the Prestige and the other end to a serial port (COM1, COM2 or other COM port) on your computer. Your computer should have a terminal emulation communications program (such as HyperTerminal) set to VT100 terminal emulation, no parity, 8 data bits, 1 stop bit, no flow control and 9600 bps port speed.

returns the Prestige to the factory defaults. Press this button is for less than three seconds to restart the Prestige. Press this button in for more than six seconds to reset the Prestige to the factory

default settings.

supply, push in the power button to turn on the Prestige.

25 Chapter 1 Introduction

This chapter introduces the web configurator and describes the Quick Start screen.

2.1 Overview

The embedded web configurator (eWC) allows you to manage the Prestige from anywhere through a browser such as Microsoft Internet Explorer or Netscape Navigator. Use Internet Explorer 6.0 and later or Netscape Navigator 7.0 and later versions with JavaScript enabled. It is recommended that you set your screen resolution to 1024 by 768 pixels. The screens you see in the web configurator may vary somewhat from the ones shown in this document due to differences between individual firmware versions.

Prestige 794M User’s Guide

CHAPTER 2

The Web Configurator

2.2 Accessing the Web Configurator

1 Make sure your Prestige hardware is properly connected and prepare your computer/

computer network to connect to the Prestige (refer to the Quick Start Guide).

2 Make sure the IP addresses of your computer and the Prestige are in the same range.

Refer to the appendix on setting up your computer IP address for more information.

3 Launch your web browser and type "192.168.1.1" as the URL.

4 Enter the username (“admin” is the default) and the password (“1234” is the default).

5 Click OK to log in.

Figure 7 Web Configurator: Login

6 You should now see the HOME screen.

Note: The management session automatically times out when the time period expires

(default 180 seconds or 3 minutes). Simply log back into the Prestige if this happens to you. You can change this timeout in the Device Management screen (see

Chapter 2 The Web Configurator 26

Section 12.2 on page 112).

Prestige 794M User’s Guide

2.3 Resetting the Prestige

If you forget your password or cannot access the web configurator, you will need to reload the factory-default configuration file or use the RESET button on the Prestige. Uploading this configuration file replaces the current configuration file with the factory-default configuration file. This means that you will lose all configurations that you had previously and the password will be reset to 1234, also.

2.3.1 Procedure To Use The Reset Button

1 Make sure the PWR LED is on before you begin this procedure.

2 Press the RESET button for more than six seconds, and then release it. If the SYS LED

begins to blink, the defaults have been restored and the Prestige restarts.

2.4 Navigating the Web Configurator

The following summarizes how to navigate the web configurator from the HOME screen.

2.4.1 The Status Screen

The following screen shows the Status screen. This is the first screen that displays every time you access the web configurator.

Figure 8 Web Configurator: Status

• Click the links in the navigation panel to configure the Prestige features.

• Click the SAVE CONFIG button to save the current settings to the Prestige.

27 Chapter 2 The Web Configurator

• Click the RESTART button to reboot the Prestige.

• Click the LOGOUT button at any time to exit the web configurator.

2.5 System Status

Display the Status screen (see Figure 8 on page 27) to view general system information. The following table describes the labels in this screen.

Table 3 Status

LABEL DESCRIPTION

Device Information

Model Name This field displays the model number of your Prestige.

Host Name This field displays the host name of the Prestige for identification purposes. Click

System Up-Time This field displays the time (in the format of hh:mm:ss) since the Prestige was last

Current TIme This field displays the system time. Click this label to display the Time Zone

Hardware Version This is the hardware version associated with your Prestige.

Software Version This is the firmware version the Prestige is currently using.

MAC Address This is the MAC (Media Access Control) or Ethernet address unique to your

Home URL Click this link to go to the ZyXEL company web site.

LAN

IP Address This is the IP address (in dotted decimal notation) on the LAN. Click the label to

Subnet Mask This is the subnet mask (in dotted decimal notation) on the LAN.

DHCP Server This field displays the LAN DNCP server status. Click the label to display the

WAN

ipwan This field displays the type of WAN interface. Click this label to display the WAN

VPI/VCI This field displays the VCI (Virtual Circuit Identifier) and VPI (Virtual Path Identifier)

Primary DNS This field displays the primary DNS server IP address (in dotted decimal notation).

Port Status

Port This field displays interface name (Ethernet or SHDSL). Click a label to display the

Connected This field displays a check to indicate that a port is up. Otherwise a cross is

Stat istics

Prestige 794M User’s Guide

this label to display the Host Name screen.

restarted.

screen. Click Sync Now to synchronize the system time to the time server specified in the

Time Zone screen.

Prestige.

display the Ethernet screen.

DHCP Server screen.

Connection screen.

numbers.

Click this label to display the DNS screen.

Port Setting or the SHDSL screen.

displayed.

Chapter 2 The Web Configurator 28

Prestige 794M User’s Guide

Table 3 Status (continued)

LABEL DESCRIPTION

RFC1483 WAN Link

Ethernet This field displays the number of packets received/transmitted. Click this label to

SAVE CONFIG Click SAVE CONFIG to save the changes.

RESTART Click RESTART to reboot the device. All unsaved changes will be lost.

LOGOUT Click LOGOUT to exit from the web configurator. All unsaved changes will be lost.

This field displays the VCI and VPI number and the number of packets received/ transmitted. Click this label to display detailed information.

display detailed information.

2.6 ARP Table

Address Resolution Protocol (ARP) is a protocol for mapping an Internet Protocol address (IP address) to a physical machine address, also known as a Media Access Control (MAC) address, on the local area network. An IP (version 4) address is 32 bits long. In an Ethernet LAN, MAC addresses are 48 bits long. The ARP table maintains an association between each MAC address and its corresponding IP address.

2.6.1 How ARP Works

When an incoming packet destined for a host device on a local area network arrives at the device, the device's ARP program looks in the ARP table and, if it finds the address, sends it to the device. If no entry is found for the IP address, ARP broadcasts the request to all the devices on the LAN. The device fills in its own MAC and IP address in the sender address fields, and puts the known IP address of the target in the target IP address field. In addition, the device puts all ones in the target MAC field (FF.FF.FF.FF.FF.FF is the Ethernet broadcast address). The replying device (which is either the IP address of the device being sought or the router that knows the way) replaces the broadcast address with the target's MAC address, swaps the sender and target pairs, and unicasts the answer directly back to the requesting machine. ARP updates the ARP table for future reference and then sends the packet to the MAC address that replied.

To view the ARP table, click Status and ARP Table in the navigation panel.

Figure 9 Status: ARP Table

29 Chapter 2 The Web Configurator

The following table describes the labels in this screen.

Table 4 Status: ARP Table

LABEL DESCRIPTION

IP Address This is the learned IP address of a device connected to a switch port with

MAC Address This is the MAC address of the device with corresponding IP address above.

Interface This is the interface name on the Prestige to which a device is connected.

Stat ic This shows whether the MAC address is dynamic (learned by the Prestige) or

2.7 Routing Table

The routing table contains the route information to the network(s) that the Prestige can reach. The Prestige automatically updates the routing table with the RIP information received from other Ethernet devices.

Prestige 794M User’s Guide

corresponding MAC address below.

static (manually entered).

Click Status and Routing Ta ble in the navigation panel to display the Routing Table screen.

Figure 10 Status: Routing Table

The following table describes the labels in this screen.

Table 5 Status: Routing Table

LABEL DESCRIPTION

Routing Table

Valid This field indicates whether a routing status is successful.

Destination This field displays the IP address of a destination network.

Netmask This field displays the subnet mask of a destination network.

Gateway/Interface This field displays the IP address of a gateway or the interface name on the

Prestige this route uses.

Cost This field displays the cost (or hope count) for this route.

RIP Routing Table

Destination This field displays the IP address of a destination network.

Netmask This field displays the subnet mask of a destination network.

Chapter 2 The Web Configurator 30

+ 89 hidden pages