ZyXEL Prestige 2602H, Prestige 2602HW User Guide

Download

Prestige 2602H Series

ADSL VoIP IAD

Prestige 2602HW Series

802.11g Wireless ADSL VoIP IAD

User’s Guide

Version 3.40

5/2005

Prestige 2602H/HW Series User’s Guide

Copyright

The contents of this publication may not be reproduced in any part or as a whole, transcribed, stored in a retrieval system, translated into any language, or transmitted in any form or by any means, electronic, mechanical, magnetic, optical, chemical, photocopying, manual, or otherwise, without the prior written permission of ZyXEL Communications Corporation.

Disclaimer

ZyXEL does not assume any liability arising out of the application or use of any products, or software described herein. Neither does it convey any license under its patent rights nor the patent rights of others. ZyXEL further reserves the right to make changes in any products described herein without notice. This publication is subject to change without notice.

Trademarks

ZyNOS (ZyXEL Network Operating System) is a registered trademark of ZyXEL Communications, Inc. Other trademarks mentioned in this publication are used for identification purposes only and may be properties of their respective owners.

Prestige 2602H/HW Series User’s Guide

Federal Communications

Commission (FCC) Interference

Statement

This device complies with Part 15 of FCC rules. Operation is subject to the following two conditions:

• This device may not cause harmful interference.

• This device must accept any interference received, including interference that may cause undesired operations.

This equipment has been tested and found to comply with the limits for a Class B digital device pursuant to Part 15 of the FCC Rules. These limits are designed to provide reasonable protection against harmful interference in a commercial environment. This equipment generates, uses, and can radiate radio frequency energy, and if not installed and used in accordance with the instructions, may cause harmful interference to radio communications.

If this equipment does cause harmful interference to radio/television reception, which can be determined by turning the equipment off and on, the user is encouraged to try to correct the interference by one or more of the following measures:

• Reorient or relocate the receiving antenna.

• Increase the separation between the equipment and the receiver.

• Connect the equipment into an outlet on a circuit different from that to which the receiver is connected.

• Consult the dealer or an experienced radio/TV technician for help.

Notice 1

Changes or modifications not expressly approved by the party responsible for compliance could void the user's authority to operate the equipment.

Note: Antenna Warning! This device meets ETSI and FCC certification requirements

when using the included antenna(s). Only use the included antenna(s).

This Class B digital apparatus complies with Canadian ICES-003.

Cet appareil numérique de la classe B est conforme à la norme NMB-003 du Canada.

Certifications

www.zyxel.com

Go to

4 Federal Communications Commission (FCC) Interference Statement

Prestige 2602H/HW Series User’s Guide

1 Select your product from the drop-down list box on the ZyXEL home page to go to that

product's page.

2 Select the certification you wish to view from this page.

Federal Communications Commission (FCC) Interference Statement 5

Prestige 2602H/HW Series User’s Guide

For your safety, be sure to read and follow all warning notices and instructions.

• To reduce the risk of fire, use only No. 26 AWG (American Wire Gauge) or larger telecommunication line cord.

• Do NOT open the device or unit. Opening or removing covers can expose you to dangerous high voltage points or other risks. ONLY qualified service personnel can service the device. Please contact your vendor for further information.

• Use ONLY the dedicated power supply for your device. Connect the power cord or power adaptor to the right supply voltage (110V AC in North America or 230V AC in Europe).

• Do NOT use the device if the power supply is damaged as it might cause electrocution.

• If the power supply is damaged, remove it from the power outlet.

• Do NOT attempt to repair the power supply. Contact your local vendor to order a new power supply.

• Place connecting cables carefully so that no one will step on them or stumble over them. Do NOT allow anything to rest on the power cord and do NOT locate the product where anyone can walk on the power cord.

• If you wall mount your device, make sure that no electrical, gas or water pipes will be damaged.

• Do NOT install nor use your device during a thunderstorm. There may be a remote risk of electric shock from lightning.

• Do NOT expose your device to dampness, dust or corrosive liquids.

• Do NOT use this product near water, for example, in a wet basement or near a swimming pool.

• Make sure to connect the cables to the correct ports.

• Do NOT obstruct the device ventilation slots, as insufficient airflow may harm your device.

• Do NOT store things on the device.

• Connect ONLY suitable accessories to the device.

Safety Warnings

6 Safety Warnings

Prestige 2602H/HW Series User’s Guide

ZyXEL Limited Warranty

ZyXEL warrants to the original end user (purchaser) that this product is free from any defects in materials or workmanship for a period of up to two years from the date of purchase. During the warranty period, and upon proof of purchase, should the product have indications of failure due to faulty workmanship and/or materials, ZyXEL will, at its discretion, repair or replace the defective products or components without charge for either parts or labor, and to whatever extent it shall deem necessary to restore the product or components to proper operating condition. Any replacement will consist of a new or re-manufactured functionally equivalent product of equal value, and will be solely at the discretion of ZyXEL. This warranty shall not apply if the product is modified, misused, tampered with, damaged by an act of God, or subjected to abnormal working conditions.

Note

Repair or replacement, as provided under this warranty, is the exclusive remedy of the purchaser. This warranty is in lieu of all other warranties, express or implied, including any implied warranty of merchantability or fitness for a particular use or purpose. ZyXEL shall in no event be held liable for indirect or consequential damages of any kind of character to the purchaser.

To obtain the services of this warranty, contact ZyXEL's Service Center for your Return Material Authorization number (RMA). Products must be returned Postage Prepaid. It is recommended that the unit be insured when shipped. Any returned products without proof of purchase or those with an out-dated warranty will be repaired or replaced (at the discretion of ZyXEL) and the customer will be billed for parts and labor. All repaired or replaced products will be shipped by ZyXEL to the corresponding return address, Postage Paid. This warranty gives you specific legal rights, and you may also have other rights that vary from country to country.

ZyXEL Limited Warranty 7

Prestige 2602H/HW Series User’s Guide

Please have the following information ready when you contact customer support.

• Product model and serial number.

• Warranty Information.

• Date that you received your device.

• Brief description of the problem and the steps you took to solve it.

Customer Support

METHOD

LOCATION

CORPORATE HEADQUARTERS (WORLDWIDE)

CZECH REPUBLIC

DENMARK

FINLAND

FRANCE

GERMANY

NORTH AMERICA

NORWAY

SPAIN

SWEDEN

SUPPORT E-MAIL TELEPHONE

SALES E-MAIL FAX FTP SITE

support@zyxel.com.tw +886-3-578-3942 www.zyxel.com

sales@zyxel.com.tw +886-3-578-2439 ftp.zyxel.com

info@cz.zyxel.com +420 241 091 350 www.zyxel.cz ZyXEL Communications

info@cz.zyxel.com +420 241 091 359

support@zyxel.dk +45 39 55 07 00 www.zyxel.dk ZyXEL Communications A/S

sales@zyxel.dk +45 39 55 07 07

support@zyxel.fi +358-9-4780-8411 www.zyxel.fi ZyXEL Communications Oy

sales@zyxel.fi +358-9-4780 8448

i nf o @z y xe l .f r + 3 3 ( 0 )4 72 52 97 97 w ww .z y xe l . fr Z yX E L Fr a nc e

+33 (0)4 72 52 19 20

support@zyxel.de +49-2405-6909-0 www.zyxel.de ZyXEL Deutschland GmbH.

sales@zyxel.de +49-2405-6909-99

support@zyxel.com +1-800-255-4101

+1-714-632-0882

sales@zyxel.com +1-714-632-0858 ftp.us.zyxel.com

support@zyxel.no +47 22 80 61 80 www.zyxel.no ZyXEL Communications A/S

sales@zyxel.no +47 22 80 61 81

support@zyxel.es +34 902 195 420 www.zyxel.es ZyXEL Communications

sales@zyxel.es +34 913 005 345

support@zyxel.se +46 31 744 7700 www.zyxel.se ZyXEL Communications A/S

sales@zyxel.se +46 31 744 7701

WEB SITE

www.europe.zyxel.com

ftp.europe.zyxel.com

www.us.zyxel.com ZyXEL Communications Inc.

REGULAR MAIL

ZyXEL Communications Corp. 6 Innovation Road II

Sc ien ce P ar k Hsinchu 300 Ta i w a n

Czech s.r.o. Modranská 621 143 01 Praha 4 - Modrany Ceská Republika

Col um bu sv ej 5 2860 Soeborg Denmark

Mal mi nk aa ri 10 00700 Helsinki Finland

1 ru e d e s V er ge r s Ba t. 1 / C 69760 Limonest France

Adenauerstr. 20/A2 D-52146 Wuerselen Germany

1130 N. Miller St. Anaheim

CA 92806-2001 U.S.A.

Ni ls H ans en s ve i 13 0667 Oslo Norway

Alejandro Villegas 33 1º, 28043 Madrid Spa i n

Sjöporten 4, 41764 Göteborg Sweden

8 Customer Support

Prestige 2602H/HW Series User’s Guide

METHOD

LOCATION

UNITED KINGDOM

SUPPORT E-MAIL TELEPHONE

SALES E-MAIL FAX FTP SITE

support@zyxel.co.uk +44 (0) 1344 303044

08707 555779 (UK only)

sales@zyxel.co.uk +44 (0) 1344 303034 ftp.zyxel.co.uk

WEB SITE

www.zyxel.co.uk ZyXEL Communications UK

a. “+” is the (prefix) number you enter to make an international telephone call.

REGULAR MAIL

Ltd.,11 The Courtyard, Eastern Road, Bracknell, Berkshire, RG12 2XB, United Kingdom (UK)

Customer Support 9

Prestige 2602H/HW Series User’s Guide

10 Customer Support

Prestige 2602H/HW Series User’s Guide

Copyright .................................................................................................................. 3

Federal Communications Commission (FCC) Interference Statement ............... 4

Safety Warnings ....................................................................................................... 6

ZyXEL Limited Warranty.......................................................................................... 7

Customer Support.................................................................................................... 8

Table of Contents ................................................................................................... 11

List of Figures ........................................................................................................ 29

List of Tables .......................................................................................................... 37

Preface .................................................................................................................... 43

Introduction to DSL................................................................................................ 45

Chapter 1

Getting To Know Your Prestige............................................................................. 47

1.1 Introducing the Prestige .....................................................................................47

1.1.1 Features of the Prestige ...........................................................................48

1.1.1.1 P2602HW Wireless Features ..........................................................52

1.2 Applications for the Prestige ..............................................................................53

1.2.1 Internet Access .........................................................................................53

1.2.1.1 Internet Single User Account ..........................................................54

1.2.2 Making Calls via Internet Telephony Service Provider ..............................54

1.2.3 Make Peer-to-peer Calls ...........................................................................54

1.2.4 Firewall for Secure Broadband Internet Access .......................................55

1.2.5 LAN to LAN Application ............................................................................55

1.2.6 Front Panel LEDs .....................................................................................56

Chapter 2

Introducing the Web Configurator........................................................................ 59

2.1 Web Configurator Overview ...............................................................................59

2.1.1 Accessing the Prestige Web Configurator ................................................59

2.1.2 Resetting the Prestige ..............................................................................60

2.1.2.1 Using The Reset Button ..................................................................60

2.1.3 Navigating the Prestige Web Configurator ...............................................61

Table of Contents 11

Prestige 2602H/HW Series User’s Guide

Chapter 3

Wizard Setup .......................................................................................................... 65

3.1 Wizard Setup Introduction ..................................................................................65

3.1.1 Wizard Setup: First Screen .......................................................................65

3.1.2 Wizard Setup: Second Screen ..................................................................66

3.1.3 Wizard Setup: Third Screen ......................................................................70

3.1.4 Internet Access Wizard Setup: Fourth Screen ..........................................72

3.1.5 Wizard Setup: Connection Test ................................................................74

3.1.5.1 Test Your Internet Connection .........................................................75

3.2 Media Bandwidth Management Wizard .............................................................75

3.2.1 Predefined Media Bandwidth Management Services ...............................76

3.2.2 Media Bandwidth Management Setup: First Screen ................................76

3.2.3 Media Bandwidth Mgnt. Wizard Setup: Second Screen ...........................77

3.2.4 Media Bandwidth Mgnt. Wizard Setup: Finish ..........................................78

3.3 Password Setup .................................................................................................79

3.3.1 Configuring Password ...............................................................................79

Chapter 4

LAN Setup............................................................................................................... 81

4.1 LAN Overview ....................................................................................................81

4.1.1 LANs, WANs and the Prestige ..................................................................81

4.1.2 DHCP Setup .............................................................................................81

4.1.2.1 IP Pool Setup ..................................................................................82

4.2 DNS Server Address ..........................................................................................82

4.3 DNS Server Address Assignment ......................................................................82

4.4 LAN TCP/IP ........................................................................................................83

4.4.1 Factory LAN Defaults ................................................................................83

4.5 LAN TCP/IP ........................................................................................................83

4.5.1 IP Address and Subnet Mask ...................................................................83

4.5.1.1 Private IP Addresses .......................................................................84

4.5.2 RIP Setup .................................................................................................84

4.5.3 Multicast ....................................................................................................85

4.6 Any IP .................................................................................................................85

4.6.1 How Any IP Works ....................................................................................86

4.7 Configuring LAN .................................................................................................87

4.8 Configuring Static DHCP ....................................................................................89

Chapter 5

Wireless LAN (P2602HW Models)......................................................................... 91

5.1 Introduction ........................................................................................................91

5.2 Wireless Security Overview ...............................................................................91

5.2.1 Encryption .................................................................................................91

5.2.2 Authentication ...........................................................................................91

12 Table of Contents

Prestige 2602H/HW Series User’s Guide

5.2.3 Restricted Access .....................................................................................92

5.2.4 Hide Prestige Identity ................................................................................92

5.2.5 Configuring Wireless LAN on the Prestige ...............................................92

5.3 Configuring the Wireless Screen ........................................................................93

5.3.1 WEP Encryption ........................................................................................93

5.4 Configuring MAC Filters .....................................................................................95

5.5 Introduction to WPA ...........................................................................................97

5.5.1 WPA-PSK Application Example ................................................................97

5.5.2 WPA with RADIUS Application Example ..................................................98

5.5.3 Wireless Client WPA Supplicants ............................................................99

5.6 Configuring IEEE 802.1x and WPA ....................................................................99

5.6.1 Authentication Required: 802.1x .............................................................100

5.6.2 Authentication Required: WPA ...............................................................102

5.6.3 Authentication Required: WPA-PSK .......................................................104

5.7 Configuring Local User Authentication .............................................................105

5.8 Configuring RADIUS ........................................................................................106

Chapter 6

WAN Setup............................................................................................................ 109

6.1 WAN Overview .................................................................................................109

6.1.1 Encapsulation .........................................................................................109

6.1.1.1 ENET ENCAP ...............................................................................109

6.1.1.2 PPP over Ethernet ........................................................................109

6.1.1.3 PPPoA ...........................................................................................109

6.1.1.4 RFC 1483 ...................................................................................... 110

6.1.2 Multiplexing ............................................................................................. 110

6.1.2.1 VC-based Multiplexing .................................................................. 110

6.1.2.2 LLC-based Multiplexing ................................................................. 110

6.1.3 VPI and VCI ............................................................................................110

6.1.4 IP Address Assignment ..........................................................................110

6.1.4.1 IP Assignment with PPPoA or PPPoE Encapsulation ................... 110

6.1.4.2 IP Assignment with RFC 1483 Encapsulation ............................... 111

6.1.4.3 IP Assignment with ENET ENCAP Encapsulation ........................ 111

6.1.5 Nailed-Up Connection (PPP) .................................................................. 111

6.2 Metric .............................................................................................................. 111

6.3 PPPoE Encapsulation ...................................................................................... 112

6.4 Traffic Shaping .................................................................................................112

6.5 Zero Configuration Internet Access .................................................................. 113

6.6 Configuring WAN Setup ...................................................................................113

6.7 Traffic Redirect .................................................................................................116

6.8 Configuring WAN Backup ................................................................................. 117

Table of Contents 13

Prestige 2602H/HW Series User’s Guide

Chapter 7

Network Address Translation (NAT) Screens.................................................... 121

7.1 NAT Overview ..................................................................................................121

7.1.1 NAT Definitions .......................................................................................121

7.1.2 What NAT Does ......................................................................................122

7.1.3 How NAT Works .....................................................................................122

7.1.4 NAT Application ......................................................................................123

7.1.5 NAT Mapping Types ...............................................................................123

7.2 SUA (Single User Account) Versus NAT ..........................................................124

7.3 SUA Server ......................................................................................................125

7.3.1 Default Server IP Address ......................................................................125

7.3.2 Port Forwarding: Services and Port Numbers ........................................125

7.3.3 Configuring Servers Behind SUA (Example) ..........................................126

7.4 Selecting the NAT Mode ..................................................................................126

7.5 Configuring SUA Server ...................................................................................127

7.6 Configuring Address Mapping ..........................................................................129

7.7 Editing an Address Mapping Rule ....................................................................130

Chapter 8

Introduction to VoIP ............................................................................................. 133

8.1 Introduction to VoIP ..........................................................................................133

8.2 SIP ..................................................................................................................133

8.2.1 SIP Identities ...........................................................................................133

8.2.1.1 SIP Number ...................................................................................133

8.2.1.2 SIP Service Domain ......................................................................134

8.2.2 SIP Call Progression ...............................................................................134

8.2.3 SIP Servers .............................................................................................134

8.2.3.1 SIP User Agent .............................................................................135

8.2.3.2 SIP Proxy Server ...........................................................................135

8.2.3.3 SIP Redirect Server ......................................................................136

8.2.3.4 SIP Register Server ......................................................................137

8.2.4 RTP .........................................................................................................137

8.3 SIP ALG ...........................................................................................................137

8.4 Pulse Code Modulation ....................................................................................137

8.5 Voice Coding ....................................................................................................138

8.5.1 G.711 .......................................................................................................138

8.5.2 G.729 ......................................................................................................138

8.6 PSTN Call Setup Signaling ..............................................................................138

8.7 MWI (Message Waiting Indication) ...................................................................138

Chapter 9

Voice Screens ....................................................................................................... 139

9.1 Voice Screens Introduction ..............................................................................139

14 Table of Contents

Prestige 2602H/HW Series User’s Guide

9.2 SIP Settings Configuration ...............................................................................139

9.3 Advanced Voice Settings Configuration ...........................................................140

9.4 Quality of Service (QoS) ..................................................................................143

9.4.1 Type Of Service (ToS) .............................................................................143

9.4.2 DiffServ ...................................................................................................143

9.4.2.1 DSCP and Per-Hop Behavior ........................................................143

9.4.3 VLAN ......................................................................................................143

9.5 QoS Configuration ............................................................................................144

9.6 Phone ...............................................................................................................145

9.6.1 Voice Activity Detection/Silence Suppression .........................................145

9.6.2 Comfort Noise Generation ......................................................................145

9.6.3 Echo Cancellation ...................................................................................145

9.7 Phone Configuration ........................................................................................145

9.8 Speed Dial ........................................................................................................147

9.8.1 Peer-to-Peer Calls ..................................................................................147

9.9 Speed Dial Configuration .................................................................................147

9.10 Lifeline (Prestige 2602HL/HWL) .....................................................................149

9.11 Lifeline Configuration (Prestige 2602HL/HWL) ..............................................149

9.12 Supplementary Phone Services Overview .....................................................150

9.12.1 The Flash Key .......................................................................................151

9.12.2 Europe Type Supplementary Phone Services ......................................151

9.12.2.1 European Call Hold .....................................................................151

9.12.2.2 European Call Waiting ................................................................152

9.12.2.3 European Call Transfer ...............................................................152

9.12.2.4 European Three-Way Conference ..............................................152

9.12.3 USA Type Supplementary Services ......................................................153

9.12.3.1 USA Call Hold .............................................................................153

9.12.3.2 USA Call Waiting ........................................................................153

9.12.3.3 USA Call Transfer .......................................................................153

9.12.3.4 USA Three-Way Conference .......................................................153

9.13 Common Phone Port Configuration ...............................................................154

9.14 Call Forward Configuration ............................................................................155

Chapter 10

Phone Usage ........................................................................................................ 159

10.1 Dialing a Telephone Number ..........................................................................159

10.2 Using Speed Dial to Dial a Telephone Number ..............................................159

10.3 Internal Calls ..................................................................................................159

10.4 Checking the Prestige’s IP Address ...............................................................159

10.5 Auto Firmware Upgrade .................................................................................160

Table of Contents 15

Prestige 2602H/HW Series User’s Guide

Chapter 11

Dynamic DNS Setup............................................................................................. 161

11.1 Dynamic DNS .................................................................................................161

11.1.1 DYNDNS Wildcard ................................................................................161

11.2 Configuring Dynamic DNS .............................................................................161

Chapter 12

Time and Date....................................................................................................... 163

12.1 Pre-defined NTP Time Servers List ................................................................163

12.2 Configuring Time and Date ............................................................................163

Chapter 13

Firewalls................................................................................................................ 167

13.1 Firewall Overview ...........................................................................................167

13.2 Types of Firewalls ..........................................................................................167

13.2.1 Packet Filtering Firewalls ......................................................................167

13.2.2 Application-level Firewalls ....................................................................167

13.2.3 Stateful Inspection Firewalls ................................................................168

13.3 Introduction to ZyXEL’s Firewall .....................................................................168

13.3.1 Denial of Service Attacks ......................................................................169

13.4 Denial of Service ............................................................................................169

13.4.1 Basics ...................................................................................................169

13.4.2 Types of DoS Attacks ...........................................................................170

13.4.2.1 ICMP Vulnerability ......................................................................172

13.4.2.2 Illegal Commands (NetBIOS and SMTP) ....................................172

13.4.2.3 Traceroute ...................................................................................173

13.5 Stateful Inspection ..........................................................................................173

13.5.1 Stateful Inspection Process ..................................................................174

13.5.2 Stateful Inspection and the Prestige .....................................................175

13.5.3 TCP Security .........................................................................................175

13.5.4 UDP/ICMP Security ..............................................................................176

13.5.5 Upper Layer Protocols ..........................................................................176

13.6 Guidelines for Enhancing Security with Your Firewall ....................................176

13.6.1 Security In General ...............................................................................177

13.7 Packet Filtering Vs Firewall ............................................................................178

13.7.1 Packet Filtering: ....................................................................................178

13.7.1.1 When To Use Filtering .................................................................178

13.7.2 Firewall .................................................................................................178

13.7.2.1 When To Use The Firewall ..........................................................178

Chapter 14

Firewall Configuration ......................................................................................... 181

14.1 Access Methods .............................................................................................181

16 Table of Contents

Prestige 2602H/HW Series User’s Guide

14.2 Firewall Policies Overview .............................................................................181

14.3 Rule Logic Overview ......................................................................................182

14.3.1 Rule Checklist .......................................................................................182

14.3.2 Security Ramifications ..........................................................................182

14.3.3 Key Fields For Configuring Rules .........................................................183

14.3.3.1 Action ..........................................................................................183

14.3.3.2 Service ........................................................................................183

14.3.3.3 Source Address ...........................................................................183

14.3.3.4 Destination Address ....................................................................183

14.4 Connection Direction Example .......................................................................183

14.4.1 LAN to WAN Rules ...............................................................................184

14.4.2 WAN to LAN Rules ...............................................................................184

14.4.3 Alerts .....................................................................................................185

14.5 Configuring Basic Firewall Settings ................................................................185

14.6 Rule Summary ...............................................................................................186

14.6.1 Configuring Firewall Rules ....................................................................188

14.7 Customized Services .....................................................................................191

14.8 Creating/Editing A Customized Service .........................................................191

14.9 Example Firewall Rule ...................................................................................192

14.10 Predefined Services .....................................................................................196

14.11 Anti-Probing ..................................................................................................198

14.12 DoS Thresholds ...........................................................................................199

14.12.1 Threshold Values ................................................................................200

14.12.2 Half-Open Sessions ............................................................................200

14.12.2.1 TCP Maximum Incomplete and Blocking Time .........................200

Chapter 15

Content Filtering .................................................................................................. 203

15.1 Content Filtering Overview .............................................................................203

15.2 Configuring Keyword Blocking .......................................................................203

15.3 Configuring the Schedule ..............................................................................204

15.4 Configuring Trusted Computers .....................................................................205

Chapter 16

Introduction to IPSec ........................................................................................... 207

16.1 VPN Overview ................................................................................................207

16.1.1 IPSec ....................................................................................................207

16.1.2 Security Association .............................................................................207

16.1.3 Other Terminology ................................................................................207

16.1.3.1 Encryption ...................................................................................207

16.1.3.2 Data Confidentiality .....................................................................208

16.1.3.3 Data Integrity ...............................................................................208

16.1.3.4 Data Origin Authentication ..........................................................208

Table of Contents 17

Prestige 2602H/HW Series User’s Guide

16.1.4 VPN Applications ..................................................................................208

16.2 IPSec Architecture .........................................................................................209

16.2.1 IPSec Algorithms ..................................................................................209

16.2.2 Key Management ..................................................................................209

16.3 Encapsulation .................................................................................................209

16.3.1 Transport Mode ....................................................................................210

16.3.2 Tunnel Mode ........................................................................................210

16.4 IPSec and NAT ...............................................................................................210

Chapter 17

VPN Screens......................................................................................................... 213

17.1 VPN/IPSec Overview .....................................................................................213

17.2 IPSec Algorithms ............................................................................................213

17.2.1 AH (Authentication Header) Protocol ...................................................213

17.2.2 ESP (Encapsulating Security Payload) Protocol .................................214

17.3 My IP Address ................................................................................................214

17.4 Secure Gateway Address ..............................................................................215

17.4.1 Dynamic Secure Gateway Address ......................................................215

17.5 VPN Summary Screen ...................................................................................215

17.6 Keep Alive ......................................................................................................217

17.7 Remote DNS Server ......................................................................................217

17.8 NAT Traversal ................................................................................................218

17.8.1 NAT Traversal Configuration .................................................................219

17.9 ID Type and Content ......................................................................................219

17.9.1 ID Type and Content Examples ............................................................220

17.10 Pre-Shared Key ............................................................................................221

17.11 Editing VPN Policies .....................................................................................221

17.12 IKE Phases .................................................................................................226

17.12.1 Negotiation Mode ................................................................................228

17.12.2 Diffie-Hellman (DH) Key Groups .........................................................228

17.12.3 Perfect Forward Secrecy (PFS) .........................................................228

17.13 Configuring Advanced IKE Settings .............................................................228

17.14 Manual Key Setup ........................................................................................231

17.14.1 Security Parameter Index (SPI) .........................................................231

17.15 Configuring Manual Key ...............................................................................232

17.16 Viewing SA Monitor ......................................................................................235

17.17 Configuring Global Setting ...........................................................................237

17.18 Telecommuter VPN/IPSec Examples ...........................................................237

17.18.1 Telecommuters Sharing One VPN Rule Example ..............................237

17.18.2 Telecommuters Using Unique VPN Rules Example ...........................238

17.19 VPN and Remote Management ...................................................................240

18 Table of Contents

Prestige 2602H/HW Series User’s Guide

Chapter 18

Remote Management Configuration .................................................................. 241

18.1 Remote Management Overview .....................................................................241

18.1.1 Remote Management Limitations .........................................................241

18.1.2 Remote Management and NAT ............................................................242

18.1.3 System Timeout ...................................................................................242

18.2 Telnet ..............................................................................................................242

18.3 FTP ................................................................................................................242

18.4 Web ................................................................................................................243

18.5 Configuring Remote Management .................................................................243

Chapter 19

Universal Plug-and-Play (UPnP) ......................................................................... 245

19.1 Introducing Universal Plug and Play ..............................................................245

19.1.1 How do I know if I'm using UPnP? ........................................................245

19.1.2 NAT Traversal .......................................................................................245

19.1.3 Cautions with UPnP ..............................................................................245

19.2 UPnP and ZyXEL ...........................................................................................246

19.2.1 Configuring UPnP .................................................................................246

19.3 Installing UPnP in Windows Example ............................................................247

19.4 Using UPnP in Windows XP Example ...........................................................251

Chapter 20

Logs Screens........................................................................................................ 259

20.1 Logs Overview ...............................................................................................259

20.1.1 Alerts and Logs .....................................................................................259

20.2 Configuring Log Settings ................................................................................259

20.3 Displaying the Logs ........................................................................................262

20.4 SMTP Error Messages ...................................................................................262

20.4.1 Example E-mail Log ..............................................................................263

Chapter 21

Media Bandwidth Management Advanced Setup.............................................. 265

21.1 Bandwidth Management Advanced Setup Overview .....................................265

21.2 Bandwidth Classes and Filters .......................................................................265

21.3 Proportional Bandwidth Allocation .................................................................266

21.4 Bandwidth Management Usage Examples ....................................................266

21.4.1 Application-based Bandwidth Management Example ..........................266

21.4.2 Subnet-based Bandwidth Management Example .................................266

21.4.3 Application and Subnet-based Bandwidth Management Example .......267

21.5 Scheduler .......................................................................................................268

21.5.1 Priority-based Scheduler ......................................................................268

21.5.2 Fairness-based Scheduler ....................................................................268

Table of Contents 19

Prestige 2602H/HW Series User’s Guide

21.6 Maximize Bandwidth Usage ...........................................................................268

21.6.1 Reserving Bandwidth for Non-Bandwidth Class Traffic ........................268

21.6.2 Maximize Bandwidth Usage Example ..................................................269

21.7 Bandwidth Borrowing .....................................................................................270

21.7.1 Bandwidth Borrowing Example .............................................................270

21.7.2 Maximize Bandwidth Usage With Bandwidth Borrowing ......................271

21.8 Configuring Summary ....................................................................................271

21.9 Configuring Class Setup ................................................................................273

21.9.1 Media Bandwidth Management Class Configuration ............................274

21.9.2 Media Bandwidth Management Statistics .............................................276

21.10 Bandwidth Monitor ......................................................................................277

Chapter 22

Maintenance ......................................................................................................... 279

22.1 Maintenance Overview ...................................................................................279

22.2 System Status Screen ....................................................................................279

22.2.1 System Statistics ...................................................................................282

22.3 DHCP Table Screen .......................................................................................283

22.4 Any IP Table Screen .......................................................................................284

22.5 Wireless Screen .............................................................................................285

22.5.1 Association List .....................................................................................285

22.6 Diagnostic Screens ........................................................................................286

22.6.1 Diagnostic General Screen ...................................................................286

22.6.2 Diagnostic DSL Line Screen .................................................................286

22.7 Firmware Screen ............................................................................................288

Chapter 23

Introducing the SMT ............................................................................................291

23.1 Introduction to the SMT ..................................................................................291

23.1.1 Procedure for SMT Configuration via Telnet .........................................291

23.1.2 Entering Password ................................................................................291

23.2 Navigating the SMT Interface .........................................................................292

23.2.1 System Management Terminal Interface Summary ..............................293

23.2.2 SMT Menus Overview ..........................................................................294

23.3 Changing the System Password ....................................................................295

Chapter 24

Menu 1 General Setup ......................................................................................... 297

24.1 General Setup ................................................................................................297

24.2 Procedure To Configure Menu 1 ....................................................................297

24.2.1 Procedure to Configure Dynamic DNS .................................................298

20 Table of Contents

Prestige 2602H/HW Series User’s Guide

Chapter 25

Menu 2 WAN Backup Setup ................................................................................ 301

25.1 Introduction to WAN Backup Setup ................................................................301

25.2 Configuring WAN Backup in Menu 2 ..............................................................301

25.2.1 Traffic Redirect Setup ...........................................................................302

Chapter 26

Menu 3 LAN Setup ...............................................................................................305

26.1 LAN Setup ......................................................................................................305

26.1.1 General Ethernet Setup ........................................................................305

26.2 Protocol Dependent Ethernet Setup ..............................................................305

26.3 TCP/IP Ethernet Setup and DHCP ................................................................306

Chapter 27

Wireless LAN Setup ............................................................................................. 309

27.1 Wireless LAN Overview .................................................................................309

27.2 Wireless LAN Setup .......................................................................................309

27.2.1 Wireless LAN MAC Address Filter ........................................................310

Chapter 28

Internet Access .................................................................................................... 313

28.1 Internet Access Overview ..............................................................................313

28.2 IP Policies ......................................................................................................313

28.3 IP Alias ...........................................................................................................313

28.4 IP Alias Setup .................................................................................................314

28.5 Route IP Setup ...............................................................................................315

28.6 Internet Access Configuration ........................................................................316

Chapter 29

Remote Node Configuration ............................................................................... 319

29.1 Remote Node Setup Overview .......................................................................319

29.2 Remote Node Setup .......................................................................................319

29.2.1 Remote Node Profile ............................................................................319

29.2.2 Encapsulation and Multiplexing Scenarios ...........................................320

29.2.2.1 Scenario 1: One VC, Multiple Protocols ......................................320

29.2.2.2 Scenario 2: One VC, One Protocol (IP) ......................................320

29.2.2.3 Scenario 3: Multiple VCs .............................................................320

29.2.3 Outgoing Authentication Protocol .........................................................322

29.3 Remote Node Network Layer Options ...........................................................323

29.3.1 My WAN Addr Sample IP Addresses ...................................................324

29.4 Remote Node Filter ........................................................................................325

29.5 Editing ATM Layer Options ............................................................................326

29.5.1 VC-based Multiplexing (non-PPP Encapsulation) ................................326

Table of Contents 21

Prestige 2602H/HW Series User’s Guide

29.5.2 LLC-based Multiplexing or PPP Encapsulation ....................................327

29.5.3 Advance Setup Options ........................................................................327

Chapter 30

Static Route Setup ............................................................................................... 329

30.1 IP Static Route Overview ...............................................................................329

30.2 Configuration ..................................................................................................329

Chapter 31

Bridging Setup ..................................................................................................... 333

31.1 Bridging in General ........................................................................................333

31.2 Bridge Ethernet Setup ....................................................................................333

31.2.1 Remote Node Bridging Setup ...............................................................333

31.2.2 Bridge Static Route Setup .....................................................................335

Chapter 32

Network Address Translation (NAT)................................................................... 337

32.1 Using NAT ......................................................................................................337

32.1.1 SUA (Single User Account) Versus NAT ..............................................337

32.2 Applying NAT .................................................................................................337

32.3 NAT Setup ......................................................................................................339

32.3.1 Address Mapping Sets ..........................................................................339

32.3.1.1 SUA Address Mapping Set .........................................................340

32.3.1.2 User-Defined Address Mapping Sets ..........................................341

32.3.1.3 Ordering Your Rules ....................................................................341

32.4 Configuring a Server Behind NAT ..................................................................343

32.5 General NAT Examples ..................................................................................344

32.5.1 Example 1: Internet Access Only ..........................................................345

32.5.2 Example 2: Internet Access with an Inside Server ...............................345

32.5.3 Example 3: Multiple Public IP Addresses With Inside Servers .............346

32.5.4 Example 4: NAT Unfriendly Application Programs ...............................350

Chapter 33

Enabling the Firewall ...........................................................................................353

33.1 Remote Management and the Firewall ..........................................................353

33.2 Access Methods .............................................................................................353

33.3 Enabling the Firewall ......................................................................................353

Chapter 34

Filter Configuration.............................................................................................. 355

34.1 About Filtering ................................................................................................355

34.1.1 The Filter Structure of the Prestige .......................................................356

34.2 Configuring a Filter Set for the Prestige .........................................................357

22 Table of Contents

Prestige 2602H/HW Series User’s Guide

34.3 Filter Rules Summary Menus .........................................................................358

34.4 Configuring a Filter Rule ................................................................................359

34.4.1 TCP/IP Filter Rule .................................................................................360

34.4.2 Generic Filter Rule ................................................................................362

34.5 Filter Types and NAT .....................................................................................364

34.6 Example Filter ................................................................................................364

34.7 Applying Filters and Factory Defaults ............................................................366

34.7.1 Ethernet Traffic .....................................................................................367

34.7.2 Remote Node Filters .............................................................................367

Chapter 35

SNMP Configuration ............................................................................................ 369

35.1 About SNMP ..................................................................................................369

35.2 Supported MIBs ............................................................................................370

35.3 SNMP Configuration ......................................................................................370

35.4 SNMP Traps ...................................................................................................371

Chapter 36

System Security ................................................................................................... 373

36.1 System Security .............................................................................................373

36.1.1 System Password .................................................................................373

36.1.2 Configuring External RADIUS Server ...................................................373

36.1.3 IEEE802.1x ...........................................................................................375

36.2 Creating User Accounts on the Prestige ........................................................377

Chapter 37

System Information and Diagnosis .................................................................... 379

37.1 Overview ........................................................................................................379

37.2 System Status ................................................................................................379

37.3 System Information ........................................................................................381

37.3.1 System Information ...............................................................................381

37.3.2 Console Port Speed ..............................................................................382

37.4 Log and Trace ................................................................................................383

37.4.1 Viewing Error Log .................................................................................383

37.4.2 Syslog and Accounting .........................................................................384

37.5 Diagnostic ......................................................................................................386

Chapter 38

Firmware and Configuration File Maintenance ................................................. 389

38.1 Filename Conventions ...................................................................................389

38.2 Backup Configuration .....................................................................................390

38.2.1 Backup Configuration ...........................................................................390

38.2.2 Using the FTP Command from the Command Line ..............................391

Table of Contents 23

Prestige 2602H/HW Series User’s Guide

38.2.3 Example of FTP Commands from the Command Line .........................391

38.2.4 GUI-based FTP Clients .........................................................................392

38.2.5 TFTP and FTP over WAN Management Limitations .............................392

38.2.6 Backup Configuration Using TFTP .......................................................393

38.2.7 TFTP Command Example ....................................................................393

38.2.8 GUI-based TFTP Clients ......................................................................393

38.3 Restore Configuration ....................................................................................394

38.3.1 Restore Using FTP ...............................................................................394

38.3.2 Restore Using FTP Session Example ..................................................395

38.4 Uploading Firmware and Configuration Files .................................................396

38.4.1 Firmware File Upload ............................................................................396

38.4.2 Configuration File Upload .....................................................................396

38.4.3 FTP File Upload Command from the DOS Prompt Example ................397

38.4.4 FTP Session Example of Firmware File Upload ...................................398

38.4.5 TFTP File Upload ..................................................................................398

38.4.6 TFTP Upload Command Example ........................................................399

Chapter 39

System Maintenance............................................................................................ 401

39.1 Command Interpreter Mode ...........................................................................401

39.2 Call Control Support .......................................................................................402

39.2.1 Budget Management ............................................................................402

39.3 Time and Date Setting ....................................................................................403

39.3.1 Resetting the Time ................................................................................404

Chapter 40

Remote Management ........................................................................................... 407

40.1 Remote Management Overview .....................................................................407

40.2 Remote Management .....................................................................................407

40.2.1 Remote Management Setup .................................................................407

40.2.2 Remote Management Limitations .........................................................408

40.3 Remote Management and NAT ......................................................................409

40.4 System Timeout .............................................................................................409

Chapter 41

IP Policy Routing.................................................................................................. 411

41.1 IP Policy Routing Overview ............................................................................ 411

41.2 Benefits of IP Policy Routing .......................................................................... 411

41.3 Routing Policy ................................................................................................411

41.4 IP Routing Policy Setup .................................................................................412

41.5 Applying an IP Policy .....................................................................................415

41.5.1 Ethernet IP Policies ..............................................................................415

41.6 IP Policy Routing Example .............................................................................416

24 Table of Contents

Prestige 2602H/HW Series User’s Guide

Chapter 42

Call Scheduling .................................................................................................... 419

42.1 Introduction ....................................................................................................419

Chapter 43

VPN/IPSec Setup .................................................................................................. 423

43.1 VPN/IPSec Overview .....................................................................................423

43.2 IPSec Summary Screen .................................................................................424

43.3 IPSec Setup ...................................................................................................426

43.4 IKE Setup .......................................................................................................430

43.5 Manual Setup .................................................................................................432

43.5.1 Active Protocol ......................................................................................432

43.5.2 Security Parameter Index (SPI) ............................................................432

Chapter 44

SA Monitor ............................................................................................................ 435

44.1 SA Monitor Overview .....................................................................................435

44.2 Using SA Monitor ...........................................................................................435

Chapter 45

Troubleshooting ................................................................................................... 439

45.1 Problems Starting Up the Prestige .................................................................439

45.2 Problems with the LAN ...................................................................................439

45.3 Problems with the WAN .................................................................................440

45.4 Problems Accessing the Prestige ..................................................................441

45.4.1 Pop-up Windows, JavaScripts and Java Permissions ..........................441

45.4.1.1 Internet Explorer Pop-up Blockers ..............................................442

45.4.1.2 JavaScripts ..................................................................................445

45.4.1.3 Java Permissions ........................................................................447

45.5 Telephone Problems ......................................................................................449

Appendix A

Product Specifications ....................................................................................... 451

Prestige 2602H/HW Series Power Adaptor Specifications .................................... 455

Appendix B

Setting up Your Computer’s IP Address............................................................ 457

Windows 95/98/Me................................................................................................. 457

Configuring ...................................................................................................... 459

Verifying Settings............................................................................................. 460

Windows 2000/NT/XP ............................................................................................ 460

Verifying Settings............................................................................................. 464

Table of Contents 25

Prestige 2602H/HW Series User’s Guide

Macintosh OS 8/9................................................................................................... 465

Verifying Settings............................................................................................. 466

Macintosh OS X ..................................................................................................... 466

Verifying Settings............................................................................................. 468

Appendix C

IP Subnetting ........................................................................................................ 469

IP Addressing......................................................................................................... 469

IP Classes .............................................................................................................. 469

Subnet Masks ........................................................................................................ 470

Subnetting .............................................................................................................. 470

Example: Two Subnets .......................................................................................... 471

Example: Four Subnets.......................................................................................... 473

Example Eight Subnets.......................................................................................... 474

Subnetting With Class A and Class B Networks. ................................................... 475

Appendix D

PPPoE ................................................................................................................... 477

PPPoE in Action..................................................................................................... 477

Benefits of PPPoE.................................................................................................. 477

Traditional Dial-up Scenario................................................................................... 477

How PPPoE Works ................................................................................................ 478

Prestige as a PPPoE Client ................................................................................... 478

Appendix E

Wireless LANs ...................................................................................................... 479

Wireless LAN Topologies ....................................................................................... 479

Ad-hoc Wireless LAN Configuration ................................................................ 479

BSS.................................................................................................................. 479

ESS.................................................................................................................. 480

Channel.................................................................................................................. 481

RTS/CTS................................................................................................................ 481

Fragmentation Threshold ....................................................................................... 482

Preamble Type....................................................................................................... 483

IEEE 802.1x ........................................................................................................... 484

RADIUS.................................................................................................................. 484

Types of RADIUS Messages ........................................................................... 484

Types of Authentication.......................................................................................... 485

EAP-MD5 (Message-Digest Algorithm 5) ........................................................ 485

EAP-TLS (Transport Layer Security) ............................................................... 486

EAP-TTLS (Tunneled Transport Layer Service) .............................................. 486

PEAP (Protected EAP) .................................................................................... 486

26 Table of Contents

Prestige 2602H/HW Series User’s Guide

LEAP................................................................................................................ 486

Dynamic WEP Key Exchange ......................................................................... 486

WPA ....................................................................................................................... 487

User Authentication ........................................................................................ 487

Encryption ....................................................................................................... 487

Security Parameters Summary .............................................................................. 488

Appendix F

Triangle Route ...................................................................................................... 489

The Ideal Setup...................................................................................................... 489

The “Triangle Route” Problem................................................................................ 489

The “Triangle Route” Solutions .............................................................................. 490

IP Aliasing .............................................................................................................. 490

Gateways on the WAN Side................................................................................... 491

Appendix G

Internal SPTGEN .................................................................................................. 493

Internal SPTGEN Overview ................................................................................... 493

The Configuration Text File Format ........................................................................ 493

Internal SPTGEN File Modification - Important Points to Remember.............. 493

Internal SPTGEN FTP Download Example............................................................ 494

Internal SPTGEN FTP Upload Example ................................................................ 495

Command Examples.............................................................................................. 516

Appendix H

Command Interpreter........................................................................................... 519

Command Syntax................................................................................................... 519

Command Usage ................................................................................................... 519

Appendix I

Firewall Commands ............................................................................................. 521

Sys Firewall Commands ........................................................................................ 521

Appendix J

Boot Commands ..................................................................................................523

Appendix K

Log Descriptions.................................................................................................. 525

Log Commands...................................................................................................... 534

Configuring What You Want the Prestige to Log ............................................. 534

Displaying Logs ............................................................................................... 535

Log Command Example......................................................................................... 536

Table of Contents 27

Prestige 2602H/HW Series User’s Guide

Index...................................................................................................................... 537

28 Table of Contents

Prestige 2602H/HW Series User’s Guide

List of Figures

Figure 1 Prestige Internet Access Application ....................................................... 54

Figure 2 Internet Telephony Service Provider Application ..................................... 54

Figure 3 Peer-to-peer Calling ................................................................................. 55

Figure 4 Firewall Application .................................................................................. 55

Figure 5 Prestige LAN-to-LAN Application ............................................................. 56

Figure 6 P2602H-C Series Front Panel ................................................................. 56

Figure 7 P2602HW-C Series Front Panel .............................................................. 56

Figure 8 Password Screen ..................................................................................... 60

Figure 9 Change Password at Login ...................................................................... 60

Figure 10 Web Configurator SITE MAP Screen ................................................... 62

Figure 11 Wizard Setup: First Screen .................................................................... 65

Figure 12 Internet Connection with PPPoE ............................................................ 67

Figure 13 Internet Connection with RFC 1483 ...................................................... 68

Figure 14 Internet Connection with ENET ENCAP ................................................ 68

Figure 15 Internet Connection with PPPoA ............................................................ 69

Figure 16 Wizard Setup: Third Screen .................................................................. 71

Figure 17 Internet Access Wizard Setup: Fourth Screen ....................................... 73

Figure 18 Wizard Setup: LAN Configuration .......................................................... 74

Figure 19 Wizard Setup: Connection Tests ............................................................ 75

Figure 20 Media Bandwidth Mgnt. Wizard Setup: First Screen ............................. 77

Figure 21 Media Bandwidth Mgnt. Wizard Setup: Second Screen (all services

selected) ....................................................................................... 78

Figure 22 Media Bandwidth Mgnt. Wizard Setup: Finish ....................................... 79

Figure 23 Password ............................................................................................... 79

Figure 24 LAN and WAN IP Addresses ................................................................. 81

Figure 25 Any IP Example ..................................................................................... 86

Figure 26 LAN Setup .............................................................................................. 87

Figure 27 LAN: Static DHCP .................................................................................. 89

Figure 28 Wireless Security Methods .................................................................... 93

Figure 29 Wireless Screen ..................................................................................... 94

Figure 30 MAC Address Filter ................................................................................ 96

Figure 31 WPA - PSK Authentication ..................................................................... 98

Figure 32 WPA with RADIUS Application Example2 .............................................. 99

Figure 33 Wireless LAN: 802.1x/WPA: No Access Allowed ................................... 100

Figure 34 Wireless LAN: 802.1x/WPA: No Authentication ..................................... 100

Figure 35 Wireless LAN: 802.1x/WPA: 802.1xl ...................................................... 101

Figure 36 Wireless LAN: 802.1x/WPA: WPA .......................................................... 103

Figure 37 Wireless LAN: 802.1x/WPA:WPA-PSK .................................................. 104

List of Figures 29

Prestige 2602H/HW Series User’s Guide

Figure 38 Local User Database ............................................................................. 105

Figure 39 RADIUS ................................................................................................. 106

Figure 40 Example of Traffic Shaping .................................................................... 113

Figure 41 WAN Setup (PPPoE) ............................................................................. 114

Figure 42 Traffic Redirect Example ........................................................................ 117

Figure 43 Traffic Redirect LAN Setup .................................................................... 117

Figure 44 WAN Backup .......................................................................................... 118

Figure 45 How NAT Works ..................................................................................... 123

Figure 46 NAT Application With IP Alias ................................................................ 123

Figure 47 Multiple Servers Behind NAT Example .................................................. 126

Figure 48 NAT Mode .............................................................................................. 127

Figure 49 Edit SUA/NAT Server Set ...................................................................... 128

Figure 50 Address Mapping Rules ......................................................................... 129

Figure 51 Address Mapping Rule Edit ................................................................... 130

Figure 52 SIP User Agent ...................................................................................... 135

Figure 53 SIP Proxy Server ................................................................................... 136

Figure 54 SIP Redirect Server ............................................................................... 137

Figure 55 SIP Settings ........................................................................................... 139

Figure 56 Voice Advanced Setup ........................................................................... 141

Figure 57 DiffServ: Differentiated Service Field ..................................................... 143

Figure 58 QoS ........................................................................................................ 144

Figure 59 Phone ..................................................................................................... 146

Figure 60 Speed Dial .............................................................................................. 148

Figure 61 Lifeline ................................................................................................... 150

Figure 62 Phone Port Common ............................................................................. 154

Figure 63 Voice Call Forward ................................................................................. 156

Figure 64 Dynamic DNS ........................................................................................ 162

Figure 65 Time and Date ........................................................................................ 164

Figure 66 Prestige Firewall Application .................................................................. 169

Figure 67 Three-Way Handshake .......................................................................... 171

Figure 68 SYN Flood .............................................................................................. 171

Figure 69 Smurf Attack .......................................................................................... 172

Figure 70 Stateful Inspection .................................................................................. 174

Figure 71 LAN to WAN Traffic ................................................................................ 184

Figure 72 WAN to LAN Traffic ................................................................................ 184

Figure 73 Firewall: Default Policy ........................................................................... 185

Figure 74 Firewall: Rule Summary ........................................................................ 187

Figure 75 Firewall: Edit Rule .................................................................................. 189

Figure 76 Firewall: Customized Services ............................................................... 191

Figure 77 Firewall: Configure Customized Services .............................................. 192

Figure 78 Firewall Example: Rule Summary .......................................................... 193

Figure 79 Firewall Example: Edit Rule: Destination Address ................................ 194

Figure 80 Edit Custom Port Example ..................................................................... 194

30 List of Figures

Prestige 2602H/HW Series User’s Guide

Figure 81 Firewall Example: Edit Rule: Select Customized Services .................... 195

Figure 82 Firewall Example: Rule Summary: My Service ..................................... 196

Figure 83 Firewall: Anti Probing ............................................................................. 199

Figure 84 Firewall: Threshold ................................................................................. 201

Figure 85 Content Filter: Keyword ......................................................................... 204

Figure 86 Content Filter: Schedule ........................................................................ 205

Figure 87 Content Filter: Trusted ........................................................................... 206

Figure 88 Encryption and Decryption ..................................................................... 208

Figure 89 IPSec Architecture ................................................................................. 209

Figure 90 Transport and Tunnel Mode IPSec Encapsulation ................................. 210

Figure 91 IPSec Summary Fields .......................................................................... 215

Figure 92 VPN Summary ....................................................................................... 216

Figure 93 VPN Host using Intranet DNS Server Example ..................................... 218

Figure 94 NAT Router Between IPSec Routers ..................................................... 218

Figure 95 VPN IKE ................................................................................................. 222

Figure 96 Two Phases to Set Up the IPSec SA ..................................................... 227

Figure 97 VPN IKE: Advanced Setup .................................................................... 229

Figure 98 VPN: Manual Key ................................................................................... 232

Figure 99 VPN: SA Monitor .................................................................................... 236

Figure 100 VPN: Global Setting ............................................................................. 237

Figure 101 Telecommuters Sharing One VPN Rule Example ................................ 238

Figure 102 Telecommuters Using Unique VPN Rules Example ............................ 239

Figure 103 Telnet Configuration on a TCP/IP Network .......................................... 242

Figure 104 Remote Management .......................................................................... 243

Figure 105 Configuring UPnP ................................................................................ 246

Figure 106 Add/Remove Programs: Windows Setup: Communication .................. 248

Figure 107 Add/Remove Programs: Windows Setup: Communication: Components

248

Figure 108 Network Connections ........................................................................... 249

Figure 109 Windows Optional Networking Components Wizard ........................... 250

Figure 110 Networking Services ............................................................................ 251

Figure 111 Network Connections ........................................................................... 252

Figure 112 Internet Connection Properties ........................................................... 253

Figure 113 Internet Connection Properties: Advanced Settings ............................ 254

Figure 114 Internet Connection Properties: Advanced Settings: Add .................... 254

Figure 115 System Tray Icon ................................................................................. 255

Figure 116 Internet Connection Status ................................................................... 255

Figure 117 Network Connections ........................................................................... 256

Figure 118 Network Connections: My Network Places .......................................... 257

Figure 119 Network Connections: My Network Places: Properties: Example ........ 257

Figure 120 Log Settings ......................................................................................... 260

Figure 121 View Logs ............................................................................................ 262

Figure 122 E-mail Log Example ............................................................................. 264

List of Figures 31

Prestige 2602H/HW Series User’s Guide

Figure 123 Application-based Bandwidth Management Example .......................... 266

Figure 124 Subnet-based Bandwidth Management Example ................................ 267

Figure 125 Application and Subnet-based Bandwidth Management Example ...... 267

Figure 126 Bandwidth Allotment Example ............................................................. 269

Figure 127 Maximize Bandwidth Usage Example .................................................. 270

Figure 128 Bandwidth Borrowing Example ............................................................ 271

Figure 129 Media Bandwidth Management: Summary .......................................... 272

Figure 130 Media Bandwidth Management: Class Setup ...................................... 273

Figure 131 Media Bandwidth Management: Class Configuration .......................... 274

Figure 132 Media Bandwidth Management Statistics ........................................... 277

Figure 133 Media Bandwidth Management: Monitor ............................................ 278

Figure 134 System Status ...................................................................................... 280

Figure 135 System Status: Show Statistics ............................................................ 282

Figure 136 DHCP Table ......................................................................................... 284

Figure 137 Any IP Table ......................................................................................... 284

Figure 138 Association List .................................................................................... 285

Figure 139 Diagnostic: General ............................................................................. 286

Figure 140 Diagnostic: DSL Line ........................................................................... 287

Figure 141 Firmware Upgrade ............................................................................... 288

Figure 142 Network Temporarily Disconnected ..................................................... 289

Figure 143 Error Message ..................................................................................... 289

Figure 144 Login Screen ........................................................................................ 292

Figure 145 Menu 23.1 Change Password .............................................................. 296

Figure 146 Menu 1 General Setup ......................................................................... 298

Figure 147 Menu 1.1 Configure Dynamic DNS ..................................................... 299

Figure 148 Menu 2 WAN Backup Setup ................................................................ 301

Figure 149 Menu 2.1Traffic Redirect Setup ............................................................ 302

Figure 150 Menu 3 LAN Setup ............................................................................... 305

Figure 151 Menu 3.1 LAN Port Filter Setup ........................................................... 305

Figure 152 Menu 3.2 TCP/IP and DHCP Ethernet Setup ...................................... 306

Figure 153 Menu 3.5 - Wireless LAN Setup .......................................................... 309

Figure 154 Menu 3.5.1 WLAN MAC Address Filtering ........................................... 311

Figure 155 IP Alias Network Example .................................................................... 314

Figure 156 Menu 3.2 TCP/IP and DHCP Setup .................................................... 314

Figure 157 Menu 3.2.1 IP Alias Setup ................................................................... 315

Figure 158 Menu 1 General Setup ......................................................................... 316

Figure 159 Menu 4 Internet Access Setup ............................................................. 316

Figure 160 Menu 11 Remote Node Setup .............................................................. 320

Figure 161 Menu 11.1 Remote Node Profile ......................................................... 321

Figure 162 Menu 11.3 Remote Node Network Layer Options ............................... 323

Figure 163 Sample IP Addresses for a TCP/IP LAN-to-LAN Connection .............. 325

Figure 164 Menu 11.5 Remote Node Filter (RFC 1483 or ENET Encapsulation) .. 326

Figure 165 Menu 11.5 Remote Node Filter (PPPoA or PPPoE Encapsulation) .... 326

32 List of Figures

Prestige 2602H/HW Series User’s Guide

Figure 166 Menu 11.6 for VC-based Multiplexing .................................................. 327

Figure 167 Menu 11.6 for LLC-based Multiplexing or PPP Encapsulation ............. 327

Figure 168 Menu 11.1 Remote Node Profile .......................................................... 328

Figure 169 Menu 11.8 Advance Setup Options ..................................................... 328

Figure 170 Sample Static Routing Topology .......................................................... 329

Figure 171 Menu 12 Static Route Setup ................................................................ 330

Figure 172 Menu 12.1 IP Static Route Setup ......................................................... 330

Figure 173 Menu12.1.1 Edit IP Static Route .......................................................... 330

Figure 174 Menu 11.1 Remote Node Profile .......................................................... 334

Figure 175 Menu 11.3 Remote Node Network Layer Options ............................... 334

Figure 176 Menu 12.3.1 Edit Bridge Static Route .................................................. 335

Figure 177 Menu 4 Applying NAT for Internet Access ........................................... 338

Figure 178 Applying NAT in Menus 4 & 11.3 .......................................................... 338

Figure 179 Menu 15 NAT Setup ........................................................................... 339

Figure 180 Menu 15.1 Address Mapping Sets ....................................................... 340

Figure 181 Menu 15.1.255 SUA Address Mapping Rules ..................................... 340

Figure 182 Menu 15.1.1 First Set ........................................................................... 341

Figure 183 Menu 15.1.1.1 Editing/Configuring an Individual Rule in a Set ........... 342

Figure 184 Menu 15.2 NAT Server Setup .............................................................. 343

Figure 185 Menu 15.2 NAT Server Setup .............................................................. 344

Figure 186 Multiple Servers Behind NAT Example ................................................ 344

Figure 187 NAT Example 1 .................................................................................... 345

Figure 188 Menu 4 Internet Access & NAT Example ............................................. 345

Figure 189 NAT Example 2 .................................................................................... 346

Figure 190 Menu 15.2.1 Specifying an Inside Server ............................................ 346

Figure 191 NAT Example 3 .................................................................................... 347

Figure 192 Example 3: Menu 11.3 ......................................................................... 348

Figure 193 Example 3: Menu 15.1.1.1 ................................................................... 348

Figure 194 Example 3: Final Menu 15.1.1 ............................................................. 349

Figure 195 Example 3: Menu 15.2 ......................................................................... 350

Figure 196 NAT Example 4 .................................................................................... 350

Figure 197 Example 4: Menu 15.1.1.1 Address Mapping Rule .............................. 351

Figure 198 Example 4: Menu 15.1.1 Address Mapping Rules ............................... 351

Figure 199 Menu 21.2 Firewall Setup .................................................................... 354

Figure 200 Outgoing Packet Filtering Process ....................................................... 355

Figure 201 Filter Rule Process ............................................................................... 356

Figure 202 Menu 21 Filter Set Configuration ......................................................... 357

Figure 203 NetBIOS_WAN Filter Rules Summary ................................................ 357

Figure 204 NetBIOS_LAN Filter Rules Summary ................................................. 358

Figure 205 IGMP Filter Rules Summary ............................................................... 358

Figure 206 Menu 21.1.x.x TCP/IP Filter Rule ........................................................ 360

Figure 207 Executing an IP Filter ........................................................................... 362

Figure 208 Menu 21.1.5.1 Generic Filter Rule ...................................................... 363

List of Figures 33

Prestige 2602H/HW Series User’s Guide

Figure 209 Protocol and Device Filter Sets ............................................................ 364

Figure 210 Sample Telnet Filter ............................................................................. 365

Figure 211 Menu 21.1.6.1 Sample Filter ............................................................... 365

Figure 212 Menu 21.1.6.1 Sample Filter Rules Summary ..................................... 366

Figure 213 Filtering Ethernet Traffic ....................................................................... 367

Figure 214 Filtering Remote Node Traffic .............................................................. 367

Figure 215 SNMP Management Model .................................................................. 369

Figure 216 Menu 22 SNMP Configuration ............................................................. 371

Figure 217 Menu 23 – System Security ................................................................. 373

Figure 218 Menu 23 System Security .................................................................... 373

Figure 219 Menu 23.2 System Security: RADIUS Server ...................................... 374

Figure 220 Menu 23 System Security .................................................................... 375

Figure 221 Menu 23.4 System Security: IEEE802.1x ............................................ 375

Figure 222 Menu 14 Dial-in User Setup ................................................................. 378

Figure 223 Menu 14.1 Edit Dial-in User ................................................................. 378

Figure 224 Menu 24 System Maintenance ............................................................ 379

Figure 225 Menu 24.1 System Maintenance: Status ............................................. 380

Figure 226 Menu 24.2 System Information and Console Port Speed .................... 381

Figure 227 Menu 24.2.1 System Maintenance: Information .................................. 382

Figure 228 Menu 24.2.2 System Maintenance: Change Console Port Speed ....... 383

Figure 229 Menu 24.3 System Maintenance: Log and Trace ................................ 383

Figure 230 Sample Error and Information Messages ............................................ 384

Figure 231 Menu 24.3.2 System Maintenance: Syslog and Accounting ................ 384

Figure 232 Syslog Example ................................................................................... 385

Figure 233 Menu 24.4 System Maintenance: Diagnostic ....................................... 386

Figure 234 Telnet in Menu 24.5 .............................................................................. 391

Figure 235 FTP Session Example ......................................................................... 392

Figure 236 Telnet into Menu 24.6 ........................................................................... 395

Figure 237 Restore Using FTP Session Example .................................................. 395

Figure 238 Telnet Into Menu 24.7.1 Upload System Firmware ............................. 396

Figure 239 Telnet Into Menu 24.7.2 System Maintenance .................................... 397

Figure 240 FTP Session Example of Firmware File Upload .................................. 398

Figure 241 Command Mode in Menu 24 ................................................................ 401

Figure 242 Valid Commands .................................................................................. 401

Figure 243 Menu 24.9 System Maintenance: Call Control ..................................... 402

Figure 244 Menu 24.9.1 System Maintenance: Budget Management ................... 402

Figure 245 Menu 24 System Maintenance ............................................................ 403

Figure 246 Menu 24.10 System Maintenance: Time and Date Setting .................. 404

Figure 247 Menu 24.11 Remote Management Control .......................................... 408

Figure 248 Menu 25 IP Routing Policy Setup ........................................................ 412

Figure 249 Menu 25.1 IP Routing Policy Setup ..................................................... 413

Figure 250 Menu 25.1.1 IP Routing Policy ............................................................. 414

Figure 251 Menu 3.2 TCP/IP and DHCP Ethernet Setup ...................................... 416

34 List of Figures

Prestige 2602H/HW Series User’s Guide

Figure 252 Menu 11.3 Remote Node Network Layer Options ............................... 416

Figure 253 Example of IP Policy Routing .............................................................. 417

Figure 254 IP Routing Policy Example ................................................................... 417

Figure 255 IP Routing Policy Example ................................................................... 418

Figure 256 Applying IP Policies Example .............................................................. 418

Figure 257 Menu 26 Schedule Setup ..................................................................... 419

Figure 258 Menu 26.1 Schedule Set Setup .......................................................... 420

Figure 259 Applying Schedule Set(s) to a Remote Node (PPPoE) ....................... 421

Figure 260 VPN SMT Menu Tree ........................................................................... 423

Figure 261 Menu 27 VPN/IPSec Setup .................................................................. 424

Figure 262 Menu 27.1 IPSec Summary ................................................................. 424

Figure 263 Menu 27.1.1 IPSec Setup .................................................................... 427

Figure 264 Menu 27.1.1.1KE Setup ....................................................................... 431

Figure 265 Menu 27.1.1.2 Manual Setup ............................................................... 433

Figure 266 Menu 27.2 SA Monitor ......................................................................... 436

Figure 267 Pop-up Blocker .................................................................................... 442

Figure 268 Internet Options .................................................................................. 443

Figure 269 Internet Options ................................................................................... 444

Figure 270 Pop-up Blocker Settings ...................................................................... 445

Figure 271 Internet Options ................................................................................... 446

Figure 272 Security Settings - Java Scripting ........................................................ 447

Figure 273 Security Settings - Java ....................................................................... 448

Figure 274 Java (Sun) ............................................................................................ 449

Figure 275 Ethernet Cable Pin Assignments ......................................................... 454

Figure 276 Prestige 2602HW-L DSL Port Pin Assignments .................................. 455

Figure 277 WIndows 95/98/Me: Network: Configuration ........................................ 458

Figure 278 Windows 95/98/Me: TCP/IP Properties: IP Address ............................ 459

Figure 279 Windows 95/98/Me: TCP/IP Properties: DNS Configuration ............... 460

Figure 280 Windows XP: Start Menu ..................................................................... 461

Figure 281 Windows XP: Control Panel ................................................................. 461

Figure 282 Windows XP: Control Panel: Network Connections: Properties .......... 462

Figure 283 Windows XP: Local Area Connection Properties ................................. 462

Figure 284 Windows XP: Advanced TCP/IP Settings ............................................ 463

Figure 285 Windows XP: Internet Protocol (TCP/IP) Properties ............................ 464

Figure 286 Macintosh OS 8/9: Apple Menu ........................................................... 465

Figure 287 Macintosh OS 8/9: TCP/IP ................................................................... 466

Figure 288 Macintosh OS X: Apple Menu .............................................................. 467

Figure 289 Macintosh OS X: Network .................................................................... 467

Figure 290 Single-Computer per Router Hardware Configuration ......................... 478

Figure 291 Prestige as a PPPoE Client ................................................................. 478

Figure 292 Peer-to-Peer Communication in an Ad-hoc Network ........................... 479

Figure 293 Basic Service Set ................................................................................. 480

Figure 294 Infrastructure WLAN ............................................................................ 481

List of Figures 35

Prestige 2602H/HW Series User’s Guide

Figure 295 RTS/CTS ............................................................................................. 482

Figure 296 Ideal Setup ........................................................................................... 489

Figure 297 “Triangle Route” Problem ..................................................................... 490

Figure 298 IP Alias ................................................................................................. 490

Figure 299 Gateways on the WAN Side ................................................................. 491

Figure 300 Configuration Text File Format: Column Descriptions .......................... 493

Figure 301 Invalid Parameter Entered: Command Line Example .......................... 494

Figure 302 Valid Parameter Entered: Command Line Example ............................. 494

Figure 303 Internal SPTGEN FTP Download Example ........................................ 495

Figure 304 Internal SPTGEN FTP Upload Example .............................................. 495

Figure 305 Option to Enter Debug Mode ............................................................... 523

Figure 306 Boot Module Commands ..................................................................... 524

Figure 307 Displaying Log Categories Example .................................................... 534

Figure 308 Displaying Log Parameters Example ................................................... 535

Figure 309 Log Command Example ...................................................................... 536

36 List of Figures

Prestige 2602H/HW Series User’s Guide

List of Tables

Table 1 Models Covered ....................................................................................... 47

Table 2 ADSL Standards ....................................................................................... 48

Table 3 IEEE 802.11g ............................................................................................ 52

Table 4 P2602H/HW-C Series Front Panel LEDs ................................................. 56

Table 5 Web Configurator Screens Summary ....................................................... 62

Table 6 Wizard Setup: First Screen ....................................................................... 66

Table 7 Internet Connection with PPPoE ............................................................. 67

Table 8 Internet Connection with RFC 1483 ......................................................... 68

Table 9 Internet Connection with ENET ENCAP ................................................... 69

Table 10 Internet Connection with PPPoA ............................................................ 70

Table 11 Wizard Setup: Voice Configuration ......................................................... 71

Table 12 Wizard Setup: LAN Configuration ........................................................... 74

Table 13 Media Bandwidth Mgnt. Wizard Setup: Services .................................... 76

Table 14 Media Bandwidth Mgnt. Wizard Setup: First Screen .............................. 77

Table 15 Media Bandwidth Mgnt. Wizard Setup: Second Screen ......................... 78

Table 16 Password ................................................................................................ 79

Table 17 LAN Setup .............................................................................................. 88

Table 18 LAN: Static DHCP ................................................................................... 89

Table 19 Wireless LAN .......................................................................................... 94

Table 20 MAC Address Filter ................................................................................ 96

Table 21 Wireless LAN: 802.1x/WPA: No Access/Authentication ......................... 100

Table 22 Wireless LAN: 802.1x/WPA: 802.1x ....................................................... 101

Table 23 Wireless LAN: 802.1x/WPA: WPA .......................................................... 103

Table 24 Wireless LAN: 802.1x/WPA: WPA-PSK .................................................. 104

Table 25 Local User Database .............................................................................. 105

Table 26 RADIUS .................................................................................................. 106

Table 27 WAN Setup ............................................................................................. 114

Table 28 WAN Backup .......................................................................................... 118

Table 29 NAT Definitions ....................................................................................... 121

Table 30 NAT Mapping Types ............................................................................... 124

Table 31 Services and Port Numbers .................................................................... 125

Table 32 NAT Mode ............................................................................................... 127

Table 33 Edit SUA/NAT Server Set ....................................................................... 128

Table 34 Address Mapping Rules ......................................................................... 129

Table 35 Address Mapping Rule Edit .................................................................... 131

Table 36 SIP Call Progression .............................................................................. 134

Table 37 SIP Settings ............................................................................................ 140

Table 38 Voice Advanced Setup ........................................................................... 141

List of Tables 37

Prestige 2602H/HW Series User’s Guide

Table 39 QoS ........................................................................................................ 144

Table 40 Phone ..................................................................................................... 146

Table 41 Speed Dial .............................................................................................. 148

Table 42 Lifeline .................................................................................................... 150

Table 43 European Flash Key Commands ............................................................ 151

Table 44 USA Flash Key Commands .................................................................... 153

Table 45 Voice Common ....................................................................................... 154

Table 46 Voice Call Forward ................................................................................. 156

Table 47 Dynamic DNS ......................................................................................... 162

Table 48 Pre-defined NTP Time Servers ............................................................... 163

Table 49 Time and Date ........................................................................................ 164

Table 50 Common IP Ports ................................................................................... 170

Table 51 ICMP Commands That Trigger Alerts ..................................................... 172

Table 52 Legal NetBIOS Commands .................................................................... 172

Table 53 Legal SMTP Commands ....................................................................... 173

Table 54 Firewall: Default Policy ........................................................................... 185

Table 55 Rule Summary ........................................................................................ 187

Table 56 Firewall: Edit Rule ................................................................................... 190

Table 57 Customized Services .............................................................................. 191

Table 58 Firewall: Configure Customized Services ............................................... 192

Table 59 Predefined Services .............................................................................. 196

Table 60 Firewall: Anti Probing .............................................................................. 199

Table 61 Firewall: Threshold ................................................................................. 201

Table 62 Content Filter: Keyword .......................................................................... 204

Table 63 Content Filter: Schedule ......................................................................... 205

Table 64 Content Filter: Trusted ............................................................................ 206

Table 65 VPN and NAT ......................................................................................... 211

Table 66 AH and ESP ........................................................................................... 214

Table 67 VPN Summary ........................................................................................ 216

Table 68 Local ID Type and Content Fields .......................................................... 220

Table 69 Peer ID Type and Content Fields ........................................................... 220

Table 70 Matching ID Type and Content Configuration Example .......................... 220

Table 71 Mismatching ID Type and Content Configuration Example .................... 221

Table 72 VPN IKE ................................................................................................. 223

Table 73 VPN IKE: Advanced Setup ..................................................................... 229

Table 74 VPN: Manual Key ................................................................................... 233

Table 75 VPN: SA Monitor .................................................................................... 236

Table 76 VPN: Global Setting ................................................................................ 237

Table 77 Telecommuters Sharing One VPN Rule Example .................................. 238

Table 78 Telecommuters Using Unique VPN Rules Example ............................... 239

Table 79 Remote Management ............................................................................. 243

Table 80 Configuring UPnP ................................................................................... 247

Table 81 Log Settings ............................................................................................ 261

38 List of Tables

Prestige 2602H/HW Series User’s Guide

Table 82 View Logs ............................................................................................... 262

Table 83 SMTP Error Messages ........................................................................... 263

Table 84 Application and Subnet-based Bandwidth Management Example ......... 267

Table 85 Media Bandwidth Management: Summary ............................................. 272

Table 86 Media Bandwidth Management: Class Setup ......................................... 273

Table 87 Media Bandwidth Management: Class Configuration ............................. 274

Table 88 Services and Port Numbers .................................................................... 276

Table 89 Media Bandwidth Management Statistics ............................................... 277

Table 90 Media Bandwidth Management: Monitor ................................................ 278

Table 91 System Status ......................................................................................... 281

Table 92 System Status: Show Statistics .............................................................. 282

Table 93 DHCP Table ............................................................................................ 284

Table 94 Any IP Table ........................................................................................... 284

Table 95 Association List ....................................................................................... 285

Table 96 Diagnostic: General ................................................................................ 286

Table 97 Diagnostic: DSL Line .............................................................................. 287

Table 98 Firmware Upgrade .................................................................................. 288

Table 99 Navigating the SMT Interface ................................................................. 292

Table 100 SMT Main Menu ................................................................................... 293

Table 101 Main Menu Summary ........................................................................... 293

Table 102 SMT Menus Overview .......................................................................... 294

Table 103 Menu 1 General Setup ......................................................................... 298

Table 104 Menu 1.1 Configure Dynamic DNS ...................................................... 299

Table 105 Menu 2 WAN Backup Setup ................................................................. 301

Table 106 Menu 2.1Traffic Redirect Setup ............................................................ 302

Table 107 DHCP Ethernet Setup .......................................................................... 306

Table 108 TCP/IP Ethernet Setup ......................................................................... 307

Table 109 Menu 3.5 - Wireless LAN Setup ........................................................... 309

Table 110 Menu 3.5.1 WLAN MAC Address Filtering ........................................... 311

Table 111 Menu 3.2.1 IP Alias Setup ..................................................................... 315

Table 112 Menu 4 Internet Access Setup .............................................................. 317

Table 113 Menu 11.1 Remote Node Profile ........................................................... 321

Table 114 Menu 11.3 Remote Node Network Layer Options ................................ 323

Table 115 Menu 11.8 Advance Setup Options ...................................................... 328

Table 116 Menu12.1.1 Edit IP Static Route ........................................................... 331

Table 117 Remote Node Network Layer Options: Bridge Fields ........................... 334

Table 118 Menu 12.3.1 Edit Bridge Static Route ................................................... 335

Table 119 Applying NAT in Menus 4 & 11.3 .......................................................... 339

Table 120 SUA Address Mapping Rules ............................................................... 340

Table 121 Menu 15.1.1 First Set ........................................................................... 342

Table 122 Menu 15.1.1.1 Editing/Configuring an Individual Rule in a Set ............ 342

Table 123 Abbreviations Used in the Filter Rules Summary Menu ....................... 358

Table 124 Rule Abbreviations Used ...................................................................... 359

List of Tables 39

Prestige 2602H/HW Series User’s Guide

Table 125 Menu 21.1.x.x TCP/IP Filter Rule ......................................................... 360

Table 126 Menu 21.1.5.1 Generic Filter Rule ........................................................ 363

Table 127 Filter Sets Table .................................................................................... 366

Table 128 Menu 22 SNMP Configuration .............................................................. 371

Table 129 SNMP Traps ......................................................................................... 371

Table 130 Ports and Permanent Virtual Circuits .................................................... 372

Table 131 Menu 23.2 System Security: RADIUS Server ...................................... 374

Table 132 Menu 23.4 System Security: IEEE802.1x ............................................. 376

Table 133 Menu 14.1 Edit Dial-in User .................................................................. 378

Table 134 Menu 24.1 System Maintenance: Status .............................................. 380

Table 135 Menu 24.2.1 System Maintenance: Information ................................... 382

Table 136 Menu 24.3.2 System Maintenance: Syslog and Accounting ................ 384

Table 137 Menu 24.4 System Maintenance Menu: Diagnostic ............................. 387

Table 138 Filename Conventions .......................................................................... 390

Table 139 General Commands for GUI-based FTP Clients .................................. 392

Table 140 General Commands for GUI-based TFTP Clients ................................ 394

Table 141 Menu 24.9.1 System Maintenance: Budget Management .................... 403

Table 142 Menu 24.10 System Maintenance: Time and Date Setting ................. 404

Table 143 Menu 24.11 Remote Management Control ........................................... 408

Table 144 Menu 25.1 IP Routing Policy Setup ...................................................... 413

Table 145 Menu 25.1.1 IP Routing Policy ............................................................. 414

Table 146 Menu 26.1 Schedule Set Setup ............................................................ 420

Table 147 Menu 27.1 IPSec Summary .................................................................. 424

Table 148 Menu 27.1.1 IPSec Setup .................................................................... 427

Table 149 Menu 27.1.1.1 IKE Setup ..................................................................... 431

Table 150 Active Protocol: Encapsulation and Security Protocol .......................... 432

Table 151 Menu 27.1.1.2 Manual Setup ............................................................... 433

Table 152 Menu 27.2 SA Monitor .......................................................................... 436

Table 153 Troubleshooting Starting Up Your Prestige ........................................... 439

Table 154 Troubleshooting the LAN ...................................................................... 439

Table 155 Troubleshooting the WAN ..................................................................... 440

Table 156 Troubleshooting Accessing the Prestige .............................................. 441

Table 157 Troubleshooting Telephone .................................................................. 449

Table 158 Device Specifications ............................................................................ 451

Table 159 Firmware Specifications ........................................................................ 452

Table 160 Prestige 2602H/HW Series Power Adaptor Specifications ................... 455

Table 161 Classes of IP Addresses ...................................................................... 469

Table 162 Allowed IP Address Range By Class .................................................... 470

Table 163 “Natural” Masks ................................................................................... 470

Table 164 Alternative Subnet Mask Notation ........................................................ 471

Table 165 Two Subnets Example .......................................................................... 471

Table 166 Subnet 1 ............................................................................................... 472

Table 167 Subnet 2 ............................................................................................... 472

40 List of Tables

Prestige 2602H/HW Series User’s Guide

Table 168 Subnet 1 ............................................................................................... 473

Table 169 Subnet 2 ............................................................................................... 473

Table 170 Subnet 3 ............................................................................................... 473

Table 171 Subnet 4 ............................................................................................... 474

Table 172 Eight Subnets ....................................................................................... 474

Table 173 Class C Subnet Planning ...................................................................... 474

Table 174 Class B Subnet Planning ...................................................................... 475

Table 175 IEEE 802.11g ........................................................................................ 483

Table 176 Comparison of EAP Authentication Types ............................................ 487

Table 177 Wireless Security Relational Matrix ...................................................... 488

Table 178 Abbreviations Used in the Example Internal SPTGEN Screens Table . 495

Table 179 Menu 1 General Setup (SMT Menu 1) ................................................. 496

Table 180 Menu 3 (SMT Menu 3 ) ......................................................................... 496

Table 181 Menu 4 Internet Access Setup (SMT Menu 4) ..................................... 499

Table 182 Menu 12 (SMT Menu 12) ...................................................................... 501

Table 183 Menu 15 SUA Server Setup (SMT Menu 15) ....................................... 505

Table 184 Menu 21.1 Filter Set #1 (SMT Menu 21.1) ........................................... 507

Table 185 Menu 21.1 Filer Set #2, (SMT Menu 21.1) .......................................... 510

Table 186 Menu 23 System Menus (SMT Menu 23) ............................................. 515

Table 187 Menu 24.11 Remote Management Control (SMT Menu 24.11) ............ 516

Table 188 Command Examples ............................................................................ 516

Table 189 Sys Firewall Commands ....................................................................... 521

Table 190 System Maintenance Logs ................................................................... 525

Table 191 System Error Logs ................................................................................ 526

Table 192 Access Control Logs ............................................................................. 526

Table 193 TCP Reset Logs ................................................................................... 527

Table 194 Packet Filter Logs ................................................................................. 527

Table 195 ICMP Logs ............................................................................................ 527

Table 196 CDR Logs ............................................................................................. 528

Table 197 PPP Logs .............................................................................................. 528

Table 198 UPnP Logs ........................................................................................... 529

Table 199 Content Filtering Logs .......................................................................... 529

Table 200 Attack Logs ........................................................................................... 529

Table 201 802.1X Logs ......................................................................................... 530

Table 202 ACL Setting Notes ................................................................................ 531

Table 203 ICMP Notes .......................................................................................... 531

Table 204 Syslog Logs .......................................................................................... 532

Table 205 SIP Logs ............................................................................................... 532

Table 206 RTP Logs .............................................................................................. 533

Table 207 FSM Logs: Caller Side .......................................................................... 533

Table 208 FSM Logs: Callee Side ......................................................................... 533

Table 209 Lifeline Logs ......................................................................................... 533

Table 210 RFC-2408 ISAKMP Payload Types ...................................................... 534

List of Tables 41

Prestige 2602H/HW Series User’s Guide

42 List of Tables

Prestige 2602H/HW Series User’s Guide

Preface

Congratulations on your purchase of the Prestige 2602HW Series ADSL VoIP IAD with

802.11g Wireless.

Note: Register your product online to receive e-mail notices of firmware upgrades and

information at North American products.

Your Prestige is easy to install and configure.

About This User's Guide

This manual is designed to guide you through the configuration of your Prestige for its various applications. The web configurator parts of this guide contain background information on features configurable by web configurator. The SMT parts of this guide contain background information solely on features not configurable by web configurator.

www.zyxel.com for global products, or at www.us.zyxel.com for

Note: Use the web configurator, System Management Terminal (SMT) or command

interpreter interface to configure your Prestige. Not all features can be configured through all interfaces.

Introduction to DSL

DSL (Digital Subscriber Line) technology enhances the data capacity of the existing twistedpair wire that runs between the local telephone company switching offices and most homes and offices. While the wire itself can handle higher frequencies, the telephone switching equipment is designed to cut off signals above 4,000 Hz to filter noise off the voice line, but now everybody is searching for ways to get more bandwidth to improve access to the Web hence DSL technologies.

There are actually seven types of DSL service, ranging in speeds from 16 Kbits/sec to 52 Mbits/sec. The services are either symmetrical (traffic flows at the same speed in both directions), or asymmetrical (the downstream capacity is higher than the upstream capacity). Asymmetrical services (ADSL) are suitable for Internet users because more information is usually downloaded than uploaded. For example, a simple button click in a web browser can start an extended download that includes graphics and text.

Introduction to DSL 45

Prestige 2602H/HW Series User’s Guide

As data rates increase, the carrying distance decreases. That means that users who are beyond a certain distance from the telephone company’s central office may not be able to obtain the higher speeds.

A DSL connection is a point-to-point dedicated circuit, meaning that the link is always up and there is no dialing required.

Introduction to ADSL

It is an asymmetrical technology, meaning that the downstream data rate is much higher than the upstream data rate. As mentioned, this works well for a typical Internet session in which more information is downloaded, for example, from Web servers, than is uploaded. ADSL operates in a frequency range that is above the frequency range of voice services, so the two systems can operate over the same cable.

46 Introduction to DSL

Prestige 2602H/HW Series User’s Guide

CHAPTER 1

Getting To Know Your Prestige

This chapter describes the key features and applications of your Prestige.

1.1 Introducing the Prestige

The Prestige 2602H/HL/HW/HWL-C are ADSL VoIP IADs (Integrated Access Device) with a built-in switch. They combine high-speed Internet access and Voice over IP (VoIP) communication capabilities. They allow you to use a traditional analog telephone to make Internet calls. By integrating DSL and NAT, the Prestige provides ease of installation and Internet access. The Prestige is also a complete security solution with a robust firewall and content filtering.

At the time of writing, this guide covers the following Prestige models (this guide abbreviates “Prestige” to “P” in the model name as in P2602H for example).

Table 1 Models Covered

P2602H-61C P2602HW-61C P2602HL-61C P2602HWL-61C

P2602H-63C P2602HW-63C P2602HL-63C P2602HWL-63C

P2602H-67C P2602HW-67C P2602HL-67C P2602HWL-67C

In the Prestige product name, “H” denotes an integrated 4-port hub and “W” denotes wireless functionality. The P2602HW has an embedded mini-PCI module for IEEE 802.11g wireless LAN connectivity.

Note: All wireless features in this guide pertain to the P2602HW/HWL series only.

“L” denotes models that include the PSTN (Public Switched Telephone Network) lifeline feature. PSTN lifeline lets you have VoIP phone service and PSTN phone service at the same time.

Models ending in “1”, for example P2602HW-61, denote a device that works over the analog telephone system, POTS (Plain Old Telephone Service). Models ending in “3” denote a device that works over ISDN (Integrated Services Digital Network). Models ending in “7” denote a device that works over T-ISDN (UR-2).

Note: Only use firmware for your Prestige’s specific model. Refer to the label on the

bottom of your Prestige.

Chapter 1 Getting To Know Your Prestige 47

Prestige 2602H/HW Series User’s Guide

The built-in Ethernet switch consists of four auto-negotiating 10/100BASE-T, auto-crossover RJ-45 ports (either a crossover or straight-through Ethernet cable can be used) for connecting to your local computers.

Note: The Prestige is ideal for high-speed Internet browsing and making LAN-to-LAN

connections to remote networks. The Prestige is an ADSL router compatible with the ADSL/ADSL2/ADSL2+ standards. Maximum data rates attainable by the Prestige for each standard are shown in the next table.

Table 2 ADSL Standards

STANDARD UPSTREAM DATA RATE DOWNSTREAM DATA RATE

ADSL

ADSL2

ADSL2+

832 kbps 8 Mbps

1 Mbps 12 Mbps

1 Mbps 24 Mbps

Note: The standard your ISP supports determines the maximum upstream and

downstream speeds attainable. Actual speeds attained also depend on the distance from your ISP, line quality, etc.

The web browser-based Graphical User Interface (GUI) provides easy management.

1.1.1 Features of the Prestige

The following sections describe the features of the Prestige.

Built-in Switch

The 10/100 Mbps auto-negotiating Ethernet ports allow the Prestige to detect the speed of incoming transmissions and adjust appropriately without manual intervention. It allows data transfer of either 10 Mbps or 100 Mbps in either half-duplex or full-duplex mode depending on your Ethernet network. The ports are also auto-crossover (MDI/MDI-X) meaning they automatically adjust to either a crossover or straight-through Ethernet cable.

High Speed Internet Access

Your Prestige ADSL/ADSL2/ADSL2+ router can support downstream transmission rates of up to 24Mbps and upstream transmission rates of 1 Mbps. Actual speeds attained depend on ISP DSLAM environment.

PSTN Lifeline (“L” Models Only)

The Prestige “L” models allow you to connect a PSTN line. You can receive incoming PSTN phone calls even while someone else connected to the Prestige is making VoIP phone calls. You can dial a (prefix) number to make an outgoing PSTN call. You can still make PSTN phone calls if the Prestige loses power.

48 Chapter 1 Getting To Know Your Prestige

Prestige 2602H/HW Series User’s Guide

Zero Configuration Internet Access

Once you connect and turn on the Prestige, it automatically detects the Internet connection settings (such as the VCI/VPI numbers and the encapsulation method) from the ISP and makes the necessary configuration changes. In cases where additional account information (such as an Internet account user name and password) is required or the Prestige cannot connect to the ISP, you will be redirected to web screen(s) for information input or troubleshooting.

Any IP

The Any IP feature allows a computer to access the Internet and the Prestige without changing the network settings (such as IP address and subnet mask) of the computer, when the IP addresses of the computer and the Prestige are not in the same subnet.

Auto-provisioning

Your voice service provider can automatically update your Prestige’s configuration via an auto-provisioning server.

Auto Firmware Upgrade

The Prestige gives you the option to upgrade to a newer firmware version if it finds one during auto-provisioning. Your voice service provider must have an auto-provisioning server and a server set up with firmware in order for this feature to work.

Firewall

The Prestige is a stateful inspection firewall with DoS (Denial of Service) protection. By default, when the firewall is activated, all incoming traffic from the WAN to the LAN is blocked unless it is initiated from the LAN. The Prestige firewall supports TCP/UDP inspection, DoS detection and prevention, real time alerts, reports and logs.

Note: You can configure most features of the Prestige via SMT but we recommend

you configure the firewall and content filters using the web configurator.

IPSec VPN Capability

Establish a Virtual Private Network (VPN) to connect with business partners and branch offices using data encryption and the Internet to provide secure communications without the expense of leased site-to-site lines. The Prestige VPN is based on the IPSec standard and is fully interoperable with other IPSec-based VPN products.

The Prestige supports up to 20 simultaneous IPSec connections.

Network Address Translation (NAT)

Network Address Translation (NAT) allows the translation of an Internet protocol address used within one network (for example a private IP address used in a local network) to a different IP address known within another network (for example a public IP address used on the Internet).

Chapter 1 Getting To Know Your Prestige 49

Prestige 2602H/HW Series User’s Guide

Content Filtering

Content filtering allows you to block access to Internet web sites that contain key words (that you specify) in the URL. You can also schedule when the Prestige should perform the filtering and give trusted LAN IP addresses unfiltered Internet access.

REN

A Ringer Equivalence Number is used to determine the number of devices that may be connected to the telephone line. The Prestige can support three devices per telephone port.

Dynamic Jitter Buffer

The Prestige has a built-in adaptive, buffer that helps to smooth out the variations in delay (jitter) for voice traffic. This helps ensure good voice quality for your conversations.

Multiple SIP Accounts

The Prestige allows you to simultaneously use multiple voice (SIP) accounts and assign them to one or both telephone ports.

Multiple Voice Channels

The Prestige can simultaneously handle multiple voice channels (telephone calls). Additionally you can answer an incoming phone call on a VoIP account, even while someone else is using the account for a phone call.

Voice Activity Detection/Silence Suppression

Voice Activity Detection (VAD) reduces the bandwidth that a call uses by not transmitting when you are not speaking.

Comfort Noise Generation

The Prestige generates background noise to fill moments of silence when the other device in a call stops transmitting because the other party is not speaking (as total silence could easily be mistaken for a lost connection).

Echo Cancellation

The Prestige supports G.168, an ITU-T standard for eliminating the echo caused by the sound of your voice reverberating in the telephone receiver while you talk.

QoS (Quality of Service)

Quality of Service (QoS) mechanisms help to provide better service on a per-flow basis. The Prestige supports Type of Service (ToS) tagging and Differentiated Services (DiffServ) tagging. This allows the Prestige to tag voice frames so they can be prioritized over the network.

50 Chapter 1 Getting To Know Your Prestige

Prestige 2602H/HW Series User’s Guide

SIP ALG

The Prestige 2602HW is a SIP Application Layer Gateway (ALG). It allows VoIP calls to pass through NAT for devices behind the Prestige (such as a SIP-based VoIP software application on a computer).

Traffic Redirect

Traffic redirect forwards WAN traffic to a backup gateway when the Prestige cannot connect to the Internet, thus acting as an auxiliary if your regular WAN connection fails.

Universal Plug and Play (UPnP)

Using the standard TCP/IP protocol, the Prestige and other UPnP enabled devices can dynamically join a network, obtain an IP address and convey its capabilities to other devices on the network.

PPPoE Support (RFC2516)

PPPoE (Point-to-Point Protocol over Ethernet) emulates a dial-up connection. It allows your ISP to use their existing network configuration with newer broadband technologies such as ADSL. The PPPoE driver on the Prestige is transparent to the computers on the LAN, which see only Ethernet and are not aware of PPPoE thus saving you from having to manage PPPoE clients on individual computers.

Dynamic DNS Support

With Dynamic DNS support, you can have a static hostname alias for a dynamic IP address, allowing the host to be more easily accessible from various locations on the Internet. You must register for this service with a Dynamic DNS service provider.

DHCP

DHCP (Dynamic Host Configuration Protocol) allows the individual clients (computers) to obtain the TCP/IP configuration at start-up from a centralized DHCP server. The Prestige has built-in DHCP server capability enabled by default. It can assign IP addresses, an IP default gateway and DNS servers to DHCP clients. The Prestige can now also act as a surrogate DHCP server (DHCP Relay) where it relays IP address assignment from the actual real DHCP server to the clients.

Multiple PVC (Permanent Virtual Circuits) Support

Your Prestige supports up to 8 PVC’s.

IP Alias

IP Alias allows you to partition a physical network into logical networks over the same Ethernet interface. The Prestige supports three logical LAN interfaces via its single physical Ethernet interface with the Prestige itself as the gateway for each LAN network.

Chapter 1 Getting To Know Your Prestige 51

Prestige 2602H/HW Series User’s Guide

IP Policy Routing (IPPR)

Traditionally, routing is based on the destination address only and the router takes the shortest path to forward a packet. IP Policy Routing (IPPR) provides a mechanism to override the default routing behavior and alter the packet forwarding based on the policy defined by the network administrator.

Other PPPoE Features

• PPPoE idle time out

• PPPoE dial on demand

Packet Filters

The Prestige's packet filtering function allows added network security and management.

Ease of Installation

Your Prestige is designed for quick, intuitive and easy installation.

Housing

Your Prestige's compact and ventilated housing minimizes space requirements making it easy to position anywhere in your busy office.

1.1.1.1 P2602HW Wireless Features

IEEE 802.11g Wireless LAN

IEEE 802.11g is fully compatible with the IEEE 802.11b standard. This means an IEEE

802.11b radio card can interface directly with an IEEE 802.11g access point (and vice versa) at 11 Mbps or lower depending on range. IEEE 802.11g has several intermediate rate steps between the maximum and minimum data rates. The IEEE 802.11g data rate and modulation are as follows:

Table 3 IEEE 802.11g

DATA RATE (MBPS) MODULATION

1 DBPSK (Differential Binary Phase Shift Keyed)

2 DQPSK (Differential Quadrature Phase Shift Keying)

5.5 / 11 CCK (Complementary Code Keying)

6/9/12/18/24/36/48/54 OFDM (Orthogonal Frequency Division Multiplexing)

Note: The Prestige may be prone to RF (Radio Frequency) interference from other

2.4 GHz devices such as microwave ovens, wireless phones, Bluetooth enabled devices, and other wireless LANs.

52 Chapter 1 Getting To Know Your Prestige

Prestige 2602H/HW Series User’s Guide

External Antenna

The Prestige is equipped with an antenna connector and comes with a detachable 5dBi antenna to provide clear radio signal between the wireless stations and the access points.

Wireless LAN MAC Address Filtering

Your Prestige can check the MAC addresses of wireless stations against a list of allowed or denied MAC addresses.

WEP Encryption

WEP (Wired Equivalent Privacy) encrypts data frames before transmitting over the wireless network to help keep network communications private.

Wi-Fi Protected Access

Wi-Fi Protected Access (WPA) is a subset of the IEEE 802.11i security standard. Key differences between WPA and WEP are user authentication and improved data encryption.

1.2 Applications for the Prestige

Here are some example uses for which the Prestige is well suited.

1.2.1 Internet Access

The Prestige is the ideal high-speed Internet access solution. Your Prestige supports the TCP/ IP protocol, which the Internet uses exclusively. It is compatible with all major ADSL DSLAM (Digital Subscriber Line Access Multiplexer) providers. A DSLAM is a rack of ADSL line cards with data multiplexed into a backbone network interface/connection (for example, T1, OC3, DS3, ATM or Frame Relay). Think of it as the equivalent of a modem rack for ADSL. In addition, the Prestige allows wireless clients access to your network resources. A typical Internet access application is shown below.

Chapter 1 Getting To Know Your Prestige 53

Prestige 2602H/HW Series User’s Guide

Figure 1 Prestige Internet Access Application

1.2.1.1 Internet Single User Account

For a SOHO (Small Office/Home Office) environment, your Prestige offers the Single User Account (SUA) feature that allows multiple users on the LAN (Local Area Network) to access the Internet concurrently for the cost of a single IP address

1.2.2 Making Calls via Internet Telephony Service Provider

In a home or small office environment, you can use the Prestige to make and receive VoIP telephone calls through an Internet Telephony Service Provider (ITSP).

The following figure shows a basic example of how you would make a VoIP call through an ITSP. You use your analog phone (A in the figure) and the Prestige (B) changes the call into VoIP. The Prestige then sends your call to the Internet and the ITSP’s SIP server. The VoIP call server forwards calls to PSTN phones (E) through a trunking gateway (D) to the PSTN network. The VoIP call server forwards calls to IP phones (F) through the Internet.

Figure 2 Internet Telephony Service Provider Application

1.2.3 Make Peer-to-peer Calls

Use the Prestige to make a call to the recipient’s IP address without using a SIP proxy server Peer-to-peer calls are also called “Point to Point” or “IP-to-IP” calls. You must know the peer’s IP address in order to do this.

54 Chapter 1 Getting To Know Your Prestige

Prestige 2602H/HW Series User’s Guide

The following figure shows a basic example of how you would make a peer-to-peer VoIP call. You use your analog phone (A in the figure) and the Prestige (B) changes the call into VoIP. The Prestige then sends your call through the Internet to the peer VoIP device (C).

Figure 3 Peer-to-peer Calling

1.2.4 Firewall for Secure Broadband Internet Access

The Prestige provides protection from attacks by Internet hackers. By default, the firewall blocks all incoming traffic from the WAN. The firewall supports TCP/UDP inspection and DoS (Denial of Services) detection and prevention, as well as real time alerts, reports and logs.

Figure 4 Firewall Application

1.2.5 LAN to LAN Application

You can use the Prestige to connect two geographically dispersed networks over the ADSL line. A typical LAN-to-LAN application for your Prestige is shown as follows.

Chapter 1 Getting To Know Your Prestige 55

Prestige 2602H/HW Series User’s Guide

Figure 5 Prestige LAN-to-LAN Application

1.2.6 Front Panel LEDs

Figure 6 P2602H-C Series Front Panel

Figure 7 P2602HW-C Series Front Panel

The following table describes the LEDs.

Table 4 P2602H/HW-C Series Front Panel LEDs

LED COLOR STATUS DESCRIPTION

PWR/SYS Green On The Prestige is receiving power and functioning properly.

Blinking The Prestige is rebooting and performing a self-test.

Red On Power to the Prestige is too low.

None Off The system is not ready or has malfunctioned.

56 Chapter 1 Getting To Know Your Prestige

Prestige 2602H/HW Series User’s Guide

Table 4 P2602H/HW-C Series Front Panel LEDs (continued)

LED COLOR STATUS DESCRIPTION

LAN 1-4 Green On The Prestige has a successful Ethernet connection.

Blinking The Prestige is sending/receiving data.

None Off The LAN is not connected.

WLAN (W models only)

DSL Green On The Prestige has a DSL connection.

INTERNET Green On The Prestige has an IP connection but no traffic.

PHONE 1, 2 Green On A SIP account is registered for the phone port.

Green On The Prestige is ready, but is not sending/receiving data

through the wireless LAN.

Blinking The Prestige is sending/receiving data through the wireless

LAN.

None Off The wireless LAN is not ready or has failed.

Blinking The Prestige is initializing the DSL line.

None Off The DSL link is down.

The Prestige has a WAN IP address (either static or assigned by a DHCP server), PPP negotiation was successfully completed (if used) and the DSL connection is up.

Blinking The Prestige is sending or receiving IP traffic.

Red On The Prestige attempted to make an IP connection but failed.

Possible causes are no response from a DHCP server, no PPPoE response, PPPoE authentication failed).

None Off The Prestige does not have an IP connection

Blinking A telephone connected to the phone port has its receiver off

of the hook or there is an incoming call.

None Off The phone port does not have a SIP account registered.

Refer to the Quick Start Guide for information on hardware connections.

Chapter 1 Getting To Know Your Prestige 57

Prestige 2602H/HW Series User’s Guide

58 Chapter 1 Getting To Know Your Prestige

Introducing the Web

This chapter describes how to access and navigate the web configurator.

2.1 Web Configurator Overview

The web configurator is an HTML-based management interface that allows easy Prestige setup and management via Internet browser. Use Internet Explorer 6.0 and later or Netscape Navigator 7.0 and later versions. The recommended screen resolution is 1024 by 768 pixels.

Prestige 2602H/HW Series User’s Guide

CHAPTER 2

Configurator

In order to use the web configurator you need to allow:

• Web browser pop-up windows from your device. Web pop-up blocking is enabled by default in Windows XP SP (Service Pack) 2.

• JavaScripts (enabled by default).

• Java permissions (enabled by default).

See the Troubleshooting chapter if you need to make sure these functions are allowed in Internet Explorer.

2.1.1 Accessing the Prestige Web Configurator

1 Make sure your Prestige hardware is properly connected (refer to the Quick Start Guide).

2 Prepare your computer/computer network to connect to the Prestige (refer to the Quick

Start Guide).

3 Launch your web browser.

4 Type "192.168.1.1" as the URL.

5 An Enter Network Password window displays. Enter the user name (“admin” is the

default), password (“1234” is the default). Click Login to proceed to a screen asking you to change your password. Click Reset to revert to the default password in the password field

Chapter 2 Introducing the Web Configurator 59

Prestige 2602H/HW Series User’s Guide

Figure 8 Password Screen

6 It is highly recommended you change the default password. Enter a new password, retype

it to confirm and click Apply; alternatively click Ignore to proceed to the main menu if you do not want to change the password now.

Figure 9 Change Password at Login

7 You should now see the SITE MAP screen.

Note: The Prestige automatically times out after five minutes of inactivity. Simply log

back into the Prestige if this happens to you.

2.1.2 Resetting the Prestige

If you forget your password or cannot access the web configurator, you will need to use the RESET button at the back of the Prestige to reload the factory-default configuration file. This means that you will lose all configurations that you had previously and the password will be reset to “1234”.

2.1.2.1 Using The Reset Button

1 Make sure the PWR/SYS LED is on (not blinking).

2 Press the RESET button for ten seconds or until the PWR/SYS LED begins to blink and

then release it. When the PWR/SYS LED begins to blink, the defaults have been restored and the Prestige restarts.

60 Chapter 2 Introducing the Web Configurator

Prestige 2602H/HW Series User’s Guide

2.1.3 Navigating the Prestige Web Configurator

The following summarizes how to navigate the web configurator from the SITE MAP screen. We use the Prestige 2602HW-61 web screens in this guide as an example. Screens vary slightly for different Prestige models.

• Click Wizard Setup to begin a series of screens to configure your Prestige for the first time.

• Click a link under Advanced Setup to configure advanced Prestige features.

• Click a link under Maintenance to see Prestige performance statistics, upload firmware and back up, restore or upload a configuration file.

• Click Site Map to go to the Site Map screen.

• Click Logout in the navigation panel when you have finished a Prestige management session.

Chapter 2 Introducing the Web Configurator 61

Prestige 2602H/HW Series User’s Guide

Figure 10 Web Configurator SITE MAP Screen

Note: Click the icon (located in the top right corner of most screens) to view

embedded help.

Table 5 Web Configurator Screens Summary

LINK SUB-LINK FUNCTION

Wizard Setup Connection

Setup

Media Bandwidth Mgnt

Advanced Setup

Password Use this screen to change your password.

LAN LAN Setup Use this screen to configure LAN DHCP and TCP/IP settings.

Static DHCP Use this screen to configure static DHCP IP and MAC

Wireless LAN

WAN WAN Setup Use this screen to change the Prestige’s WAN remote node

NAT SUA Only Use this screen to configure servers behind the Prestige.

Wireless Use this screen to configure the wireless LAN settings.

MAC Filter Use this screen to change MAC filter settings on the Prestige

802.1X/WPA Use this screen to configure the Prestige’s WLAN authentication

Local User Database

RADIUS Use this screen to use an external server to authenticate

WAN Backup Use this screen to configure your traffic redirect properties and

Full Feature Use this screen to configure network address translation

Use these screens for initial configuration including general setup, ISP parameters for Internet Access and WAN IP/DNS Server/MAC address assignment.

Use these screens to set up bandwidth control quickly.

addresses.

and security settings.

Use this screen to set up built-in user profiles for wireless client authentication.

wireless clients.

settings.

WAN backup settings.

mapping rules.

62 Chapter 2 Introducing the Web Configurator

Prestige 2602H/HW Series User’s Guide

Table 5 Web Configurator Screens Summary (continued)

LINK SUB-LINK FUNCTION

Voice SIP Settings Use this screen to configure your Prestige’s Session Initiation

Protocol settings.

QoS Use this screen to configure your Prestige’s Quality of Service

settings.

Phone Use this screen to configure your Prestige’s phone settings.

Speed Dial Use this screen to configure speed dial for SIP phone numbers

Lifeline Use this screen to configure your Prestige’s settings for PSTN

Common Use this screen to configure general phone port settings.

Call Forward Use this screen to configure call-forwarding.

Dynamic DNS Use this screen to set up dynamic DNS.

Time and Date Use this screen to change your Prestige’s time and date.

Firewall Default Policy Use this screen to activate/deactivate the firewall and the

Rule Summary This screen shows a summary of the firewall rules, and allows

Anti Probing Use this screen to change your anti-probing settings.

Threshold Use this screen to configure the threshold for DoS attacks.

Content Filter Keyword Use this screen to block sites containing certain keywords in the

Schedule Use this screen to set the days and times for the Prestige to

Trusted Use this screen to exclude a range of users on the LAN from

VPN Setup

Monitor

Global Setting

Remote Management

UPnP Use this screen to enable UPnP on the Prestige.

Logs Log Settings Use this screen to change your Prestige’s log settings.

View Log Use this screen to view the logs for the categories that you

Media Bandwidth Management

Maintenance

System Status This screen contains administrative and system-related

Summary Use this screen to allocate an interface's outgoing capacity to

Class Setup Use this screen to define a bandwidth class.

Monitor Use this screen to view bandwidth class statistics.

that you call often.

calls (Prestige 2602HW-L only).

direction of network traffic to which to apply the rule.

you to edit/add a firewall rule.

URL.

perform content filtering.

content filtering on your Prestige.

Use this screen to configure VPN connections and view the rule summary.

Use this screen to display and manage active VPN connections.

Use this screen to allow NetBIOS packets through the VPN connections.

Use this screen to configure through which interface(s) and from which IP address(es) users can use Telnet/FTP/Web services to manage the Prestige.

selected.

specific types of traffic.

information.

Chapter 2 Introducing the Web Configurator 63

Prestige 2602H/HW Series User’s Guide

Table 5 Web Configurator Screens Summary (continued)

LINK SUB-LINK FUNCTION

DHCP Table This screen displays DHCP (Dynamic Host Configuration

Any IP Table This screen lists the devices that are using the Any IP feature to

Wireless LAN Association List This screen displays the MAC address(es) of the wireless

Diagnostic General These screens display information to help you identify problems

DSL Line These screens display information to help you identify problems

Firmware Use this screen to upload firmware to your Prestige

Protocol) related information and is READ-ONLY.

communicate with the Prestige.

stations that are currently logged in to the network.

with the Prestige general connection.

with the DSL line.

64 Chapter 2 Introducing the Web Configurator

This chapter provides information on the Wizard Setup screens for Internet access and VoIP in the web configurator.

3.1 Wizard Setup Introduction

Use the Wizard Setup screens to configure your system for Internet access and Voice with the information provided by your ISP and voice service provider. Your ISP may have already configured some of the fields in the wizard screens for you.

Note: See the advanced menu chapters for background information on these fields.

Prestige 2602H/HW Series User’s Guide

CHAPTER 3

Wizard Setup

3.1.1 Wizard Setup: First Screen

In the SITE MAP screen click Wizard Setup to display the first wizard screen.

Figure 11 Wizard Setup: First Screen

Chapter 3 Wizard Setup 65

Prestige 2602H/HW Series User’s Guide

The following table describes the fields in this screen.

Table 6 Wizard Setup: First Screen

LABEL DESCRIPTION

Mode From the Mode drop-down list box, select Routing (default) if your ISP allows

multiple computers to share an Internet account. Otherwise select Bridge.

Encapsulation Select the encapsulation type your ISP uses from the Encapsulation drop-down list

box. Choices vary depending on what you select in the Mode field. If you select Bridge in the Mode field, select either PPPoA or RFC 1483. If you select Routing in the Mode field, select PPPoA, RFC 1483, ENET ENCAP or

PPPoE.

Multiplex Select the multiplexing method used by your ISP from the Multiplex drop-down list

box either VC-based or LLC-based.

Virtual Circuit IDVPI (Virtual Path Identifier) and VCI (Virtual Channel Identifier) define a virtual circuit.

VPI Enter the VPI assigned to you. This field may already be configured.

VCI Enter the VCI assigned to you. This field may already be configured.

Next Click this button to go to the next wizard screen. The next wizard screen you see

Refer to the appendix for more information.

depends on what protocol you chose above. Click on the protocol link to see the next wizard screen for that protocol.

3.1.2 Wizard Setup: Second Screen

The second wizard screen varies depending on what mode and encapsulation type you use. All screens shown are with routing mode. Configure the fields and click Next to continue.

66 Chapter 3 Wizard Setup

Figure 12 Internet Connection with PPPoE

Prestige 2602H/HW Series User’s Guide

The following table describes the fields in this screen.

Table 7 Internet Connection with PPPoE

LABEL DESCRIPTION

Service Name Type the name of your PPPoE service here.

User Name Enter the user name exactly as your ISP assigned. If assigned a name in the form

user@domain where domain identifies a service name, then enter both components

exactly as given.

Password Enter the password associated with the user name above.

IP Address A static IP address is a fixed IP that your ISP gives you. A dynamic IP address is not

Connection Select Connect on Demand when you don't want the connection up all the time and

Network Address Translation

Back Click Back to go back to the first wizard screen.

Next Click Next to continue to the next wizard screen.

fixed; the ISP assigns you a different one each time you connect to the Internet. Select Obtain an IP Address Automatically if you have a dynamic IP address;

otherwise select Static IP Address and type your ISP assigned IP address in the text box below.

specify an idle time-out (in seconds) in the Max. Idle Timeout field. The default setting selects Connection on Demand with 0 as the idle time-out, which means the Internet session will not timeout.

Select Nailed-Up Connection when you want your connection up all the time. The Prestige will try to bring up the connection automatically if it is disconnected.

The schedule rule(s) in SMT menu 26 has priority over your Connection settings.

Select None, SUA Only or Full Feature from the drop-sown list box. Refer to the NAT chapter for more details.

Chapter 3 Wizard Setup 67

Prestige 2602H/HW Series User’s Guide

Figure 13 Internet Connection with RFC 1483

The following table describes the fields in this screen.

Table 8 Internet Connection with RFC 1483

LABEL DESCRIPTION

IP Address This field is available if you select Routing in the Mode field.

Type your ISP assigned IP address in this field.

Network Address Translation

Back Click Back to go back to the first wizard screen.

Next Click Next to continue to the next wizard screen.

Select None, SUA Only or Full Feature from the drop-sown list box. Refer to

Chapter 7 on page 121 for more details.

Figure 14 Internet Connection with ENET ENCAP

The following table describes the fields in this screen.

68 Chapter 3 Wizard Setup

Prestige 2602H/HW Series User’s Guide

Table 9 Internet Connection with ENET ENCAP

LABEL DESCRIPTION

IP Address A static IP address is a fixed IP that your ISP gives you. A dynamic IP address is not

fixed; the ISP assigns you a different one each time you connect to the Internet. Select Obtain an IP Address Automatically if you have a dynamic IP address;

otherwise select Static IP Address and type your ISP assigned IP address in the IP Address text box below.

Subnet Mask Enter a subnet mask in dotted decimal notation.

Refer to the appendix on IP subnettig to calculate a subnet mask If you are implementing subnetting.

ENET ENCAP Gateway

Network Address Translation

Back Click Back to go back to the first wizard screen.

Next Click Next to continue to the next wizard screen.

You must specify a gateway IP address (supplied by your ISP) when you use ENET ENCAP in the Encapsulation field in the previous screen.

Select None, SUA Only or Full Feature from the drop-sown list box. Refer to the NAT chapter for more details.

Figure 15 Internet Connection with PPPoA

The following table describes the fields in this screen.

Chapter 3 Wizard Setup 69

Prestige 2602H/HW Series User’s Guide

Table 10 Internet Connection with PPPoA

LABEL DESCRIPTION

User Name Enter the login name that your ISP gives you.

Password Enter the password associated with the user name above.

IP Address This option is available if you select Routing in the Mode field.

A static IP address is a fixed IP that your ISP gives you. A dynamic IP address is not fixed; the ISP assigns you a different one each time you connect to the Internet.

Click Obtain an IP Address Automatically if you have a dynamic IP address; otherwise click Static IP Address and type your ISP assigned IP address in the IP Address text box below.

Connection Select Connect on Demand when you don't want the connection up all the time and

specify an idle time-out (in seconds) in the Max. Idle Timeout field. The default setting selects Connection on Demand with 0 as the idle time-out, which means the Internet session will not timeout.

Select Nailed-Up Connection when you want your connection up all the time. The Prestige will try to bring up the connection automatically if it is disconnected.

The schedule rule(s) in SMT menu 26 has priority over your Connection settings.

Network Address Translation

Back Click Back to go back to the first wizard screen.

Next Click Next to continue to the next wizard screen.

This option is available if you select Routing in the Mode field. Select None, SUA Only or Full Feature from the drop-sown list box. Refer to

7 on page 121

Chapter

for more details.

3.1.3 Wizard Setup: Third Screen

Use this screen to configure the voice settings (for the Prestige’s SIP account one) with the information from your voice service provider.

70 Chapter 3 Wizard Setup

Figure 16 Wizard Setup: Third Screen

Prestige 2602H/HW Series User’s Guide

Table 11 Wizard Setup: Voice Configuration

LABEL DESCRIPTION

Active Select this check box to have the Prestige use this SIP account. Clear the

check box to have the Prestige not use this SIP account.

SIP Number Enter your SIP number in this field (use the number or text that comes before

the @ symbol in a full SIP URI). You can use up to 127 ASCII characters.

SIP Local Port Use this field to configure the Prestige’s listening port for SIP. Leave this field

SIP Server Address Type the IP address of the SIP server in this field. It doesn’t matter whether

SIP Server Port Enter the SIP server’s listening port for SIP in this field. Leave this field set to

SIP Service Domain Enter the SIP service domain name in this field (the domain name that comes

Authentication User ID This is the user name for registering this SIP account with the SIP register

set to the default if you were not given a local port number for SIP.

the SIP server is a proxy, redirect or register server.

the default if your VoIP service provider did not give you a server port number for SIP.

Enter the SIP register server’s address in this field.

If you were not given a register server address, then enter the address

from the SIP Server Address field again here.

If you were not given a register server port, then enter the port from the

SIP Server Port field again here.

after the @ symbol in a full SIP URI). You can use up to 127 ASCII Extended set characters.

server. Type the user name exactly as it was given to you. You can use up to 95 ASCII characters.

Chapter 3 Wizard Setup 71

Prestige 2602H/HW Series User’s Guide

Table 11 Wizard Setup: Voice Configuration (continued)

LABEL DESCRIPTION

Authentication Password

Send Caller ID Select this check box to show identification information when you make VoIP

Back Click Back to go back to the previous screen.

Next Click Next to continue to the next wizard screen.

Type the password associated with the user name above. You can use up to 95 ASCII Extended set characters.

phone calls. Clear the check box to not show identification information when you make VoIP phone calls.

3.1.4 Internet Access Wizard Setup: Fourth Screen

Verify the settings in the screen shown next. To change the LAN information on the Prestige, click Change LAN Configurations. Otherwise click Save Settings to save the configuration and skip to the section 3.13.

72 Chapter 3 Wizard Setup

Prestige 2602H/HW Series User’s Guide

Figure 17 Internet Access Wizard Setup: Fourth Screen

If you want to change your Prestige LAN settings, click Change LAN Configuration to display the screen as shown next.

Chapter 3 Wizard Setup 73

Prestige 2602H/HW Series User’s Guide

Figure 18 Wizard Setup: LAN Configuration

The following table describes the fields in this screen.

Table 12 Wizard Setup: LAN Configuration

LABEL DESCRIPTION

LAN IP Address Enter the IP address of your Prestige in dotted decimal notation, for example,

192.168.1.1 (factory default). If you changed the Prestige's LAN IP address, you must use the new IP

address if you want to access the web configurator again.

LAN Subnet Mask Enter a subnet mask in dotted decimal notation.

DHCP

DHCP Server From the DHCP Server drop-down list box, select On to allow your Prestige to

assign IP addresses, an IP default gateway and DNS servers to computer systems that support the DHCP client. Select Off to disable DHCP server.

When DHCP server is used, set the following items:

Client IP Pool Starting Address

Size of Client IP Pool This field specifies the size or count of the IP address pool.

Primary DNS Server Enter the IP addresses of the DNS servers. The DNS servers are passed to

Secondary DNS Server As above.

Back Click Back to go back to the previous screen.

Finish Click Finish to save the settings and proceed to the next wizard screen.

This field specifies the first of the contiguous addresses in the IP address pool.

the DHCP clients along with the IP address and the subnet mask.

3.1.5 Wizard Setup: Connection Test

The Prestige automatically tests the connection to the computer(s) connected to the LAN ports. To test the connection from the Prestige to the ISP and the VoIP service provider, click Start Diagnose. Otherwise click Return to Main Menu to go back to the Site Map screen.

74 Chapter 3 Wizard Setup

Figure 19 Wizard Setup: Connection Tests

3.1.5.1 Test Your Internet Connection

Prestige 2602H/HW Series User’s Guide

Launch your web browser and navigate to beginning. Refer to the rest of this User’s Guide for more detailed information on the complete range of Prestige features. If you cannot access the Internet, open the web configurator again to confirm that the Internet settings you configured in the Wizard Setup are correct.

www.zyxel.com. Internet access is just the

3.2 Media Bandwidth Management Wizard

The media bandwidth management wizard allows you to configure bandwidth classes based on an application (or service). You can allocate specific amounts of bandwidth capacity (bandwidth budgets) to different bandwidth classes.

The Prestige applies bandwidth management to traffic that it forwards out through an interface. The Prestige does not control the bandwidth of traffic that comes into an interface.

Bandwidth management applies to all traffic flowing out of the Prestige through the interface, regardless of the traffic's source.

Traffic redirect or IP alias may cause LAN-to-LAN traffic to pass through the Prestige and be managed by bandwidth management.

Chapter 3 Wizard Setup 75

Prestige 2602H/HW Series User’s Guide

3.2.1 Predefined Media Bandwidth Management Services

The following is a description of the services that you can select and to which you can apply media bandwidth management using the Wizard Setup screens.

Table 13 Media Bandwidth Mgnt. Wizard Setup: Services

SERVICE DESCRIPTION

Xbox Live This is Microsoft’s online gaming service that lets you play multiplayer Xbox games

on the Internet via broadband technology. Xbox Live uses port 3074.

VoIP (SIP) Sending voice signals over the Internet is called Voice over IP or VoIP. Session

FTP File Transfer Program enables fast transfer of files, including large files that may

E-Mail Electronic mail consists of messages sent through a computer network to specific

eMule These programs use advanced file sharing applications relying on central servers

WWW The World Wide Web (WWW) is an Internet system to distribute graphical, hyper-

Initiated Protocol (SIP) is an internationally recognized standard for implementing VoIP. SIP is an application-layer control (signaling) protocol that handles the setting up, altering and tearing down of voice and multimedia sessions over the Internet.

SIP is transported primarily over UDP but can also be transported over TCP, using the default port number 5060.

not be possible by e-mail. FTP uses port number 21.

groups or individuals. Here are some default ports for e-mail: POP3 - port 110 IMAP - port 143 SMTP - port 25 HTTP - port 80

to search for files. They use default port 4662.

linked information, based on Hyper Text Transfer Protocol (HTTP) - a client/server protocol for the World Wide Web. The Web is not synonymous with the Internet; rather, it is just one service on the Internet. Other services on the Internet include Internet Relay Chat and Newsgroups. The Web is accessed through use of a browser.

3.2.2 Media Bandwidth Management Setup: First Screen

In the SITE MAP screen click Media Bandwidth Magnt. to display the first media bandwidth management wizard screen.

76 Chapter 3 Wizard Setup

Prestige 2602H/HW Series User’s Guide

Figure 20 Media Bandwidth Mgnt. Wizard Setup: First Screen

The following table describes the labels in this screen.

Table 14 Media Bandwidth Mgnt. Wizard Setup: First Screen

LABEL DESCRIPTION

Active Select the Active check box to have the Prestige apply bandwidth management

to traffic going out through the Prestige’s WAN, LAN or WLAN port.

Select the service to apply bandwidth management.

Next Click Next to continue.

These check boxes are applicable when you select the Active check box above. Create bandwidth management classes by selecting services from the list

provided.

• XBox Live

•VoIP (SIP)

•FTP

•E-Mail

•eMule

•WWW Refer to

Table 13 on page 76 for more information.

3.2.3 Media Bandwidth Mgnt. Wizard Setup: Second Screen

The Prestige automatically creates the bandwidth class for each service you select. You may set the priority for each bandwidth class in the second wizard screen.

Chapter 3 Wizard Setup 77

Prestige 2602H/HW Series User’s Guide

Figure 21 Media Bandwidth Mgnt. Wizard Setup: Second Screen (all services selected)

The following table describes the fields in this screen.

Table 15 Media Bandwidth Mgnt. Wizard Setup: Second Screen

LABEL DESCRIPTION

Service These fields display the service(s) selected in the previous screen.

Priority Select High, Mid or Low priority for each service to have your Prestige use a priority

for traffic that matches that service. If the rules set up in this wizard are changed in ADVANCED - Media Bandwidth

Mgnt. - Class Setup, then the service priority radio button will be set to Others. The Class Configuration screens allow you to edit these rule configurations (see

Section 21.9 on page 273 for more information).

Back Click Back to return to the previous screen.

Finish Click Finish to complete and save the bandwidth management setup.

3.2.4 Media Bandwidth Mgnt. Wizard Setup: Finish

Well done! You have finished configuration of Media Bandwidth Management. You may now continue configuring your device.

Click Return to Main Menu to return to the Site Map screen.

78 Chapter 3 Wizard Setup

Figure 22 Media Bandwidth Mgnt. Wizard Setup: Finish

3.3 Password Setup

It is highly recommended that you change the password for accessing the Prestige.

3.3.1 Configuring Password

To change your Prestige’s password (recommended), click Password in the Site Map screen.

Figure 23 Password

Prestige 2602H/HW Series User’s Guide

The following table describes the fields in this screen.

Table 16 Password

LABEL DESCRIPTION

Old Password Type the default password or the existing password you use to access the system

in this field.

New Password Type the new password in this field.

Retype to Confirm Type the new password again in this field.

Apply Click Apply to save your changes back to the Prestige.

Cancel Click Cancel to begin configuring this screen afresh.

Chapter 3 Wizard Setup 79

Prestige 2602H/HW Series User’s Guide

80 Chapter 3 Wizard Setup

This chapter describes how to configure LAN settings.

4.1 LAN Overview

A Local Area Network (LAN) is a shared communication system to which many computers are attached. A LAN is a computer network limited to the immediate area, usually the same building or floor of a building. The LAN screens can help you configure a LAN DHCP server and manage IP addresses.

4.1.1 LANs, WANs and the Prestige

Prestige 2602H/HW Series User’s Guide

CHAPTER 4

LAN Setup

The actual physical connection determines whether the Prestige ports are LAN or WAN ports. There are two separate IP networks, one inside the LAN network and the other outside the WAN network as shown next.

Figure 24 LAN and WAN IP Addresses

4.1.2 DHCP Setup

DHCP (Dynamic Host Configuration Protocol, RFC 2131 and RFC 2132) allows individual clients to obtain TCP/IP configuration at start-up from a server. You can configure the Prestige as a DHCP server or disable it. When configured as a server, the Prestige provides the TCP/IP configuration for the clients. If you turn DHCP service off, you must have another DHCP server on your LAN, or else the computer must be manually configured.

Chapter 4 LAN Setup 81

Prestige 2602H/HW Series User’s Guide

4.1.2.1 IP Pool Setup

The Prestige is pre-configured with a pool of IP addresses for the DHCP clients (DHCP Pool). See the product specifications in the appendices. Do not assign static IP addresses from the DHCP pool to your LAN computers.

4.2 DNS Server Address

DNS (Domain Name System) is for mapping a domain name to its corresponding IP address and vice versa. The DNS server is extremely important because without it, you must know the IP address of a machine before you can access it. The DNS server addresses that you enter in the DHCP setup are passed to the client machines along with the assigned IP address and subnet mask.

There are two ways that an ISP disseminates the DNS server addresses. The first is for an ISP to tell a customer the DNS server addresses, usually in the form of an information sheet, when s/he signs up. If your ISP gives you the DNS server addresses, enter them in the DNS Server fields in DHCP Setup, otherwise, leave them blank.

Some ISP’s choose to pass the DNS servers using the DNS server extensions of PPP IPCP (IP Control Protocol) after the connection is up. If your ISP did not give you explicit DNS servers, chances are the DNS servers are conveyed through IPCP negotiation. The Prestige supports the IPCP DNS server extensions through the DNS proxy feature.

If the Primary and Secondary DNS Server fields in the LAN Setup screen are not specified, for instance, left as 0.0.0.0, the Prestige tells the DHCP clients that it itself is the DNS server. When a computer sends a DNS query to the Prestige, the Prestige forwards the query to the real DNS server learned through IPCP and relays the response back to the computer.

Please note that DNS proxy works only when the ISP uses the IPCP DNS server extensions. It does not mean you can leave the DNS servers out of the DHCP setup under all circumstances. If your ISP gives you explicit DNS servers, make sure that you enter their IP addresses in the LAN Setup screen. This way, the Prestige can pass the DNS servers to the computers and the computers can query the DNS server directly without the Prestige’s intervention.

4.3 DNS Server Address Assignment

Use DNS (Domain Name System) to map a domain name to its corresponding IP address and vice versa. The DNS server is extremely important because without it, you must know the IP address of a computer before you can access it.

There are two ways that an ISP disseminates the DNS server addresses.

82 Chapter 4 LAN Setup

• The ISP tells you the DNS server addresses, usually in the form of an information sheet, when you sign up. If your ISP gives you DNS server addresses, enter them in the DNS Server fields in DHCP Setup.

• The Prestige acts as a DNS proxy when the Primary and Secondary DNS Server fields are left blank in the LAN Setup screen.

4.4 LAN TCP/IP

The Prestige has built-in DHCP server capability that assigns IP addresses and DNS servers to systems that support DHCP client capability.

4.4.1 Factory LAN Defaults

The LAN parameters of the Prestige are preset in the factory with the following values:

• IP address of 192.168.1.1 with subnet mask of 255.255.255.0 (24 bits)

• DHCP server enabled with 32 client IP addresses starting from 192.168.1.33.

Prestige 2602H/HW Series User’s Guide

These parameters should work for the majority of installations. If your ISP gives you explicit DNS server address(es), read the embedded web configurator help regarding what fields need to be configured.

4.5 LAN TCP/IP

The Prestige has built-in DHCP server capability that assigns IP addresses and DNS servers to systems that support DHCP client capability.

4.5.1 IP Address and Subnet Mask

Similar to the way houses on a street share a common street name, so too do computers on a LAN share one common network number.

Where you obtain your network number depends on your particular situation. If the ISP or your network administrator assigns you a block of registered IP addresses, follow their instructions in selecting the IP addresses and the subnet mask.

If the ISP did not explicitly give you an IP network number, then most likely you have a single user account and the ISP will assign you a dynamic IP address when the connection is established. If this is the case, it is recommended that you select a network number from

192.168.0.0 to 192.168.255.0 and you must enable the Network Address Translation (NAT) feature of the Prestige. The Internet Assigned Number Authority (IANA) reserved this block of addresses specifically for private use; please do not use any other number unless you are

Chapter 4 LAN Setup 83

Prestige 2602H/HW Series User’s Guide

told otherwise. Let's say you select 192.168.1.0 as the network number; which covers 254 individual addresses, from 192.168.1.1 to 192.168.1.254 (zero and 255 are reserved). In other words, the first three numbers specify the network number while the last number identifies an individual computer on that network.

Once you have decided on the network number, pick an IP address that is easy to remember, for instance, 192.168.1.1, for your Prestige, but make sure that no other device on your network is using that IP address.

The subnet mask specifies the network number portion of an IP address. Your Prestige will compute the subnet mask automatically based on the IP address that you entered. You don't need to change the subnet mask computed by the Prestige unless you are instructed to do otherwise.

4.5.1.1 Private IP Addresses

Every machine on the Internet must have a unique address. If your networks are isolated from the Internet, for example, only between your two branch offices, you can assign any IP addresses to the hosts without problems. However, the Internet Assigned Numbers Authority (IANA) has reserved the following three blocks of IP addresses specifically for private networks:

• 10.0.0.0 — 10.255.255.255

• 172.16.0.0 — 172.31.255.255

• 192.168.0.0 — 192.168.255.255

You can obtain your IP address from the IANA, from an ISP or it can be assigned from a private network. If you belong to a small organization and your Internet access is through an ISP, the ISP can provide you with the Internet addresses for your local networks. On the other hand, if you are part of a much larger organization, you should consult your network administrator for the appropriate IP addresses.

Note: Regardless of your particular situation, do not create an arbitrary IP address;

always follow the guidelines above. For more information on address assignment, please refer to RFC 1597, Address Allocation for Private Internets and RFC 1466, Guidelines for Management of IP Address Space.

4.5.2 RIP Setup

RIP (Routing Information Protocol) allows a router to exchange routing information with other routers. The RIP Direction field controls the sending and receiving of RIP packets. When set to:

• Both - the Prestige will broadcast its routing table periodically and incorporate the RIP information that it receives.

• In Only - the Prestige will not send any RIP packets but will accept all RIP packets received.

84 Chapter 4 LAN Setup

• Out Only - the Prestige will send out RIP packets but will not accept any RIP packets received.

• None - the Prestige will not send any RIP packets and will ignore any RIP packets received.

The Version field controls the format and the broadcasting method of the RIP packets that the Prestige sends (it recognizes both formats when receiving). RIP-1 is universally supported; but RIP-2 carries more information. RIP-1 is probably adequate for most networks, unless you have an unusual network topology.

Both RIP-2B and RIP-2M sends the routing data in RIP-2 format; the difference being that

RIP-2B uses subnet broadcasting while RIP-2M uses multicasting.

4.5.3 Multicast

Traditionally, IP packets are transmitted in one of either two ways - Unicast (1 sender - 1 recipient) or Broadcast (1 sender - everybody on the network). Multicast delivers IP packets to a group of hosts on the network - not everybody and not just 1.

Prestige 2602H/HW Series User’s Guide

IGMP (Internet Group Multicast Protocol) is a network-layer protocol used to establish membership in a Multicast group - it is not used to carry user data. IGMP version 2 (RFC

2236) is an improvement over version 1 (RFC 1112) but IGMP version 1 is still in wide use. If you would like to read more detailed information about interoperability between IGMP version 2 and version 1, please see sections 4 and 5 of RFC 2236. The class D IP address is used to identify host groups and can be in the range 224.0.0.0 to 239.255.255.255. The address

224.0.0.0 is not assigned to any group and is used by IP multicast computers. The address

224.0.0.1 is used for query messages and is assigned to the permanent group of all IP hosts (including gateways). All hosts must join the 224.0.0.1 group in order to participate in IGMP. The address 224.0.0.2 is assigned to the multicast routers group.

The Prestige supports both IGMP version 1 (IGMP-v1) and IGMP version 2 (IGMP-v2). At start up, the Prestige queries all directly connected networks to gather group membership. After that, the Prestige periodically updates this information. IP multicasting can be enabled/ disabled on the Prestige LAN and/or WAN interfaces in the web configurator (LAN; WA N ). Select None to disable IP multicasting on these interfaces.

4.6 Any IP

Traditionally, you must set the IP addresses and the subnet masks of a computer and the Prestige to be in the same subnet to allow the computer to access the Internet (through the Prestige). In cases where your computer is required to use a static IP address in another network, you may need to manually configure the network settings of the computer every time you want to access the Internet via the Prestige.

Chapter 4 LAN Setup 85

Prestige 2602H/HW Series User’s Guide

With the Any IP feature and NAT enabled, the Prestige allows a computer to access the Internet without changing the network settings (such as IP address and subnet mask) of the computer, when the IP addresses of the computer and the Prestige are not in the same subnet. Whether a computer is set to use a dynamic or static (fixed) IP address, you can simply connect the computer to the Prestige and access the Internet.

The following figure depicts a scenario where a computer is set to use a static private IP address in the corporate environment. In a residential house where a Prestige is installed, you can still use the computer to access the Internet without changing the network settings, even when the IP addresses of the computer and the Prestige are not in the same subnet.

Figure 25 Any IP Example

The Any IP feature does not apply to a computer using either a dynamic IP address or a static IP address that is in the same subnet as the Prestige’s IP address.

Note: You must enable NAT/SUA to use the Any IP feature on the Prestige.

4.6.1 How Any IP Works

Address Resolution Protocol (ARP) is a protocol for mapping an Internet Protocol address (IP address) to a physical machine address, also known as a Media Access Control or MAC address, on the local area network. IP routing table is defined on IP Ethernet devices (the Prestige) to decide which hop to use, to help forward data along to its specified destination.

The following lists out the steps taken, when a computer tries to access the Internet for the first time through the Prestige.

1 When a computer (which is in a different subnet) first attempts to access the Internet, it

sends packets to its default gateway (which is not the Prestige) by looking at the MAC address in its ARP table.

2 When the computer cannot locate the default gateway, an ARP request is broadcast on the

LAN.

86 Chapter 4 LAN Setup

3 The Prestige receives the ARP request and replies to the computer with its own MAC

address.

4 The computer updates the MAC address for the default gateway to the ARP table. Once

the ARP table is updated, the computer is able to access the Internet through the Prestige.

5 When the Prestige receives packets from the computer, it creates an entry in the IP

routing table so it can properly forward packets intended for the computer.

After all the routing information is updated, the computer can access the Prestige and the Internet as if it is in the same subnet as the Prestige.

4.7 Configuring LAN

Click LAN and LAN Setup to open the following screen.

Figure 26 LAN Setup

Prestige 2602H/HW Series User’s Guide

Chapter 4 LAN Setup 87

Prestige 2602H/HW Series User’s Guide

The following table describes the fields in this screen.

Table 17 LAN Setup

LABEL DESCRIPTION

DHCP

DHCP If set to Server, your Prestige can assign IP addresses, an IP default gateway

and DNS servers to Windows 95, Windows NT and other systems that support the DHCP client.

If set to None, the DHCP server will be disabled. If set to Relay, the Prestige acts as a surrogate DHCP server and relays DHCP

requests and responses between the remote server and the clients. Enter the IP address of the actual, remote DHCP server in the Remote DHCP Server field in this case.

When DHCP is used, the following items need to be set:

Client IP Pool Starting Address

Size of Client IP Pool

Primary DNS Server Enter the IP addresses of the DNS servers. The DNS servers are passed to the

Secondary DNS Server

Remote DHCP Server

TCP/IP

IP Address Enter the IP address of your Prestige in dotted decimal notation, for example,

IP Subnet Mask Type the subnet mask assigned to you by your ISP (if given).

RIP Direction Select the RIP direction from None, Both, In Only and Out Only.

RIP Version Select the RIP version from RIP-1, RIP-2B and RIP-2M.

Multicast IGMP (Internet Group Multicast Protocol) is a network-layer protocol used to

Any IP Setup Select the Active checkbox to enable the Any IP feature. This allows a computer

Back Click Back to return to the previous screen.

Apply Click Apply to save your changes back to the Prestige.

Cancel Click Cancel to begin configuring this screen afresh.

This field specifies the first of the contiguous addresses in the IP address pool.

This field specifies the size or count of the IP address pool.

DHCP clients along with the IP address and the subnet mask.

As above.

If Relay is selected in the DHCP field above then enter the IP address of the actual remote DHCP server here.

192.168.1.1 (factory default).

establish membership in a multicast group. The Prestige supports both IGMP version 1 (IGMP-v1) and IGMP-v2. Select None to disable it.

to access the Internet without changing the network settings (such as IP address and subnet mask) of the computer, even when the IP addresses of the computer and the Prestige are not in the same subnet.

When you disable the Any IP feature, only computers with dynamic IP addresses or static IP addresses in the same subnet as the Prestige’s LAN IP address can connect to the Prestige or access the Internet through the Prestige.

88 Chapter 4 LAN Setup

4.8 Configuring Static DHCP

This table allows you to assign IP addresses on the LAN to specific individual computers based on their MAC Addresses.

Every Ethernet device has a unique MAC (Media Access Control) address. The MAC address is assigned at the factory and consists of six pairs of hexadecimal characters, for example, 00:A0:C5:00:00:02.

To change your Prestige’s static DHCP settings, click LAN, then the Static DHCP tab. The screen appears as shown.

Figure 27 LAN: Static DHCP

Prestige 2602H/HW Series User’s Guide

The following table describes the labels in this screen.

Table 18 LAN: Static DHCP

LABEL DESCRIPTION

# This is the index number of the Static IP table entry (row).

MAC Address Type the MAC address (with colons) of a computer on your LAN.

IP Address This field specifies the size, or count of the IP address pool.

Back Click Back to return to the previous screen.

Apply Click Apply to save your changes back to the Prestige.

Cancel Click Cancel to begin configuring this screen afresh.

Chapter 4 LAN Setup 89

Prestige 2602H/HW Series User’s Guide

90 Chapter 4 LAN Setup

Prestige 2602H/HW Series User’s Guide

CHAPTER 5

Wireless LAN (P2602HW Models)

This chapter discusses how to configure Wireless LAN.

5.1 Introduction

A wireless LAN can be as simple as two computers with wireless LAN adapters communicating in a peer-to-peer network or as complex as a number of computers with wireless LAN adapters communicating through access points which bridge network traffic to the wired LAN.

Note: See the WLAN appendix for more detailed information on WLANs.

5.2 Wireless Security Overview

Wireless security is vital to your network to protect wireless communication between wireless stations, access points and the wired network.

Wireless security methods available on the Prestige are data encryption, wireless client authentication, restricting access by device MAC address and hiding the Prestige identity.

5.2.1 Encryption

• Use WPA security if you have WPA-aware wireless clients and a RADIUS server. WPA has user authentication and improved data encryption over WEP.

• Use WPA-PSK if you have WPA-aware wireless clients but no RADIUS server.

• If you don’t have WPA-aware wireless clients, then use WEP key encrypting. A higher bit key offers better security at a throughput trade-off. You can use Passphrase to automatically generate 64-bit or 128-bit WEP keys or manually enter 64-bit, 128-bit or 256-bit WEP keys.

5.2.2 Authentication

WPA has user authentication and you can also configure IEEE 802.1x to use the built-in database (Local User Database) or a RADIUS server to authenticate wireless clients before joining your network.

• Use RADIUS authentication if you have a RADIUS server. See the appendices for information on protocols used when a client authenticates with a RADIUS server via the Prestige.

Chapter 5 Wireless LAN (P2602HW Models) 91

Prestige 2602H/HW Series User’s Guide

• Use the Local User Database if you have less than 32 wireless clients in your network. The Prestige uses MD5 encryption when a client authenticates with the Local User Database

5.2.3 Restricted Access

The MAC Filter screen allows you to configure the AP to give exclusive access to devices (Allow Association) or exclude them from accessing the AP (Deny Association).

5.2.4 Hide Prestige Identity

If you hide the ESSID, then the Prestige cannot be seen when a wireless client scans for local APs. The trade-off for the extra security of “hiding” the Prestige may be inconvenience for some valid WLAN clients. If you don’t hide the ESSID, at least you should change the default one.

5.2.5 Configuring Wireless LAN on the Prestige

1 Configure the ESSID

and WEP in the Wireless screen. If you

configure WEP, you can’t configure WPA or WPA-PSK.

2 Use the MAC Filter

screen to restrict access to your wireless network by MAC address.

3 Configure WPA or

WPA-PSK in the

802.1x/WPA screen. You can also configure 802.1x wireless client authentication in the 802.1x/WPA screen.

4 Configure the RADIUS authentication database settings in the RADIUS screen.

5 Configure the built-in authentication database in the Local User Database screen.

The following figure shows the relative effectiveness of these wireless security methods available on your Prestige.

92 Chapter 5 Wireless LAN (P2602HW Models)

Prestige 2602H/HW Series User’s Guide

Figure 28 Wireless Security Methods

Note: You must enable the same wireless security settings on the Prestige and on all

wireless clients that you want to associate with it.

If you do not enable any wireless security on your Prestige, your network is accessible to any wireless networking device that is within range.

5.3 Configuring the Wireless Screen

5.3.1 WEP Encryption

WEP encryption scrambles the data transmitted between the wireless stations and the access points to keep network communications private. It encrypts unicast and multicast communications in a network. Both the wireless stations and the access points must use the same WEP key.

Your Prestige allows you to configure up to four 64-bit, 128-bit or 256-bit WEP keys but only one key can be enabled at any one time.

In order to configure and enable WEP encryption; click Wireless LAN and Wireless to the display the Wireless screen.

Chapter 5 Wireless LAN (P2602HW Models) 93

Prestige 2602H/HW Series User’s Guide

Figure 29 Wireless Screen

The following table describes the labels in this screen.

Table 19 Wireless LAN

LABEL DESCRIPTION

Enable Wireless LAN

ESSID The ESSID (Extended Service Set IDentification) is a unique name to identify the

Hide ESSID Select Yes to hide the ESSID so a station cannot obtain the ESSID through AP

Channel ID The radio frequency used by IEEE 802.11 b or g wireless devices is called a

RTS/CTS Threshold

Fragmentation Threshold

You should configure some wireless security (see Figure 28 on page 93) when you enable the wireless LAN. Select the check box to enable the wireless LAN.

Prestige in the wireless LAN. Wireless stations associating to the Prestige must have the same ESSID.

Enter a descriptive name of up to 32 printable characters (including spaces; alphabetic characters are case-sensitive).

scanning. Select No to make the ESSID visible so a station can obtain the ESSID through AP

scanning.

channel. Select a channel from the drop-down list box.

The RTS (Request To Send) threshold (number of bytes) is for enabling RTS/CTS. Data with its frame size larger than this value will perform the RTS/CTS handshake. Setting this value to be larger than the maximum MSDU (MAC service data unit) size turns off RTS/CTS. Setting this value to zero turns on RTS/CTS.

Select the check box to change the default value and enter a new value between 0 and 2432.

This is the threshold (number of bytes) for the fragmentation boundary for directed messages. It is the maximum data fragment size that can be sent.

Select the check box to change the default value and enter a value between 256 and 2432.

94 Chapter 5 Wireless LAN (P2602HW Models)

Prestige 2602H/HW Series User’s Guide

Table 19 Wireless LAN (continued)

LABEL DESCRIPTION

You won’t see the following WEP-related fields if you have WPA or WPA-PSK enabled.

WEP Encryption WEP (Wired Equivalent Privacy) encrypts data frames before transmitting over the

Key 1 to Key 4 The WEP keys are used to encrypt data. Both the Prestige and the wireless stations

Back Click Back to go to the main wireless LAN setup screen.

Apply Click Apply to save your changes back to the Prestige.

Cancel Click Cancel to begin configuring this screen afresh.

wireless network. Select Disable to allow all wireless stations to communicate with the access points

without any data encryption. Select 64-bit WEP, 128-bit WEP or 256-bit WEP to use data encryption.

must use the same WEP key for data transmission. If you want to manually set the WEP keys, enter the key in the field provided. If you chose 64-bit WEP, then enter any 5 ASCII characters or 10 hexadecimal

characters ("0-9", "A-F"). If you chose 128-bit WEP, then enter 13 ASCII characters or 26 hexadecimal

characters ("0-9", "A-F"). If you chose 256-bit WEP, then enter 29 ASCII characters or 58 hexadecimal

characters ("0-9", "A-F"). The values for the WEP keys must be set up exactly the same on all wireless

devices in the same wireless LAN. You must configure all four keys, but only one key can be used at any one time. The

default key is key 1.

Note: If you are configuring the Prestige from a computer connected to the wireless

LAN and you change the Prestige’s ESSID or security settings (see

on page 93

), you will lose your wireless connection when you press Apply to confirm. You must then change the wireless settings of your computer to match the Prestige’s new settings.

5.4 Configuring MAC Filters

Every Ethernet device has a unique MAC (Media Access Control) address. The MAC address is assigned at the factory and consists of six pairs of hexadecimal characters, for example, 00:A0:C5:00:00:02. You need to know the MAC addresses of the devices to configure this screen. To change your Prestige’s MAC filter settings, click Wireless LAN, MAC Filter to open the MAC Filter screen. The screen appears as shown.

Note: Be careful not to list your computer’s MAC address and set the Action field to

Deny Association when managing the Prestige via a wireless connection.

This would lock you out.

Figure 28

Chapter 5 Wireless LAN (P2602HW Models) 95

Prestige 2602H/HW Series User’s Guide

Figure 30 MAC Address Filter

The following table describes the fields in this menu.

Table 20 MAC Address Filter

LABEL DESCRIPTION

Active Select Yes from the drop down list box to enable MAC address filtering.

Action Define the filter action for the list of MAC addresses in the MAC Address table.

Select Deny Association to block access to the router, MAC addresses not listed will be allowed to access the Prestige. Select Allow Association to permit access to the router, MAC addresses not listed will be denied access to the Prestige.

MAC Address Enter the MAC addresses in a valid MAC address format, that is, six hexadecimal

Back Click Back to go to the main wireless LAN setup screen.

96 Chapter 5 Wireless LAN (P2602HW Models)

character pairs, for example, 12:34:56:78:9a:bc of the wireless stations that are allowed or denied access to the Prestige in these address fields.

Table 20 MAC Address Filter (continued)

LABEL DESCRIPTION

Apply Click Apply to save your changes back to the Prestige.

Cancel Click Cancel to begin configuring this screen afresh.

5.5 Introduction to WPA

Wi-Fi Protected Access (WPA) is a subset of the IEEE 802.11i standard. WPA is preferred to WEP as WPA has user authentication and improved data encryption. See the appendix for more information on WPA user authentication and WPA encryption.

If you don’t have an external RADIUS server, you should use WPA-PSK (WPA-Pre-Shared Key). WPA-PSK only requires a single (identical) password entered into each WLAN member. As long as the passwords match, a client will be granted access to a WLAN.

Note: You can’t use the Local User Database for authentication when you select

WPA.

Prestige 2602H/HW Series User’s Guide

5.5.1 WPA-PSK Application Example

A WPA-PSK application looks as follows.

1 First enter identical passwords into the AP and all wireless clients. The Pre-Shared Key

(PSK) must be between 8 and 63 printable characters (including spaces; alphabetic characters are case-sensitive).

2 The AP checks each client’s password and (only) allows it to join the network if the

passwords match.

3 The AP derives and distributes keys to the wireless clients.

4 The AP and wireless clients use the TKIP encryption process to encrypt data exchanged

between them.

Chapter 5 Wireless LAN (P2602HW Models) 97

Prestige 2602H/HW Series User’s Guide

Figure 31 WPA - PSK Authentication

5.5.2 WPA with RADIUS Application Example

You need the IP address, port number (default is 1812) and shared secret of a RADIUS server. A WPA application example with an external RADIUS server looks as follows. "A" is the RADIUS server. "DS" is the distribution system (wired link to the LAN).

1 The AP passes the wireless client’s authentication request to the RADIUS server.

2 The RADIUS server then checks the user's identification against its database and grants

or denies network access accordingly.

3 The RADIUS server distributes a Pairwise Master Key (PMK) key to the AP that then

sets up a key hierarchy and management system, using the pair-wise key to dynamically generate unique data encryption keys to encrypt every data packet that is wirelessly transmitted between the AP and the wireless clients

98 Chapter 5 Wireless LAN (P2602HW Models)

Figure 32 WPA with RADIUS Application Example2

Prestige 2602H/HW Series User’s Guide

5.5.3 Wireless Client WPA Supplicants

A wireless client supplicant is the software that runs on an operating system instructing the wireless client how to use WPA. At the time of writing, the most widely available supplicants are the WPA patch for Windows XP, Funk Software's Odyssey client, and Meetinghouse Data Communications' AEGIS client.

The Windows XP patch is a free download that adds WPA capability to Windows XP's builtin "Zero Configuration" wireless client. However, you must run Windows XP to use it.

5.6 Configuring IEEE 802.1x and WPA

To change your Prestige’s authentication settings, click the Wireless LAN link under Advanced Setup and then the 802.1x/WPA tab. The screen varies by the key management protocol you select.

You see the next screens when you select No Access Allowed or No Authentication Required in the Wireless Port Control field.

Chapter 5 Wireless LAN (P2602HW Models) 99

Prestige 2602H/HW Series User’s Guide

Figure 33 Wireless LAN: 802.1x/WPA: No Access Allowed

Figure 34 Wireless LAN: 802.1x/WPA: No Authentication

The following table describes the label in these screens.

Table 21 Wireless LAN: 802.1x/WPA: No Access/Authentication

LABEL DESCRIPTION

Wireless Port Control

Back Click Back to go to the main wireless LAN setup screen.

Apply Click Apply to save your changes back to the Prestige.

Cancel Click Cancel to begin configuring this screen afresh.

To control wireless station access to the wired network, select a control method from the drop-down list box. Choose from No Access Allowed, No Authentication

Required and Authentication Required. No Access Allowed blocks all wireless stations access to the wired network. No Authentication Required allows all wireless stations access to the wired network

without entering usernames and passwords. This is the default setting. Authentication Required means that all wireless stations have to enter usernames

and passwords before access to the wired network is allowed. Select Authentication Required to configure Key Management Protocol and other

related fields.

5.6.1 Authentication Required: 802.1x

You need the following for IEEE 802.1x authentication.

• A computer with an IEEE 802.11 a/b/g wireless LAN adapter and equipped with a web browser (with JavaScript enabled) and/or Telnet.

100 Chapter 5 Wireless LAN (P2602HW Models)

ZyXEL Prestige 2602H, Prestige 2602HW User Guide

Specifications and Main Features

Frequently Asked Questions

User Manual

Prestige 2602H Series

Prestige 2602HW Series

Copyright

4 Federal Communications Commission (FCC) Interference Statement

Safety Warnings

ZyXEL Limited Warranty

Customer Support

Table of Contents

List of Figures

List of Tables

Preface

Introduction to DSL

Getting To Know Your Prestige

1.1 Introducing the Prestige

1.1.1 Features of the Prestige

1.1.1.1 P2602HW Wireless Features

1.2 Applications for the Prestige

1.2.1 Internet Access

1.2.1.1 Internet Single User Account

1.2.2 Making Calls via Internet Telephony Service Provider

1.2.3 Make Peer-to-peer Calls

1.2.4 Firewall for Secure Broadband Internet Access

1.2.5 LAN to LAN Application

1.2.6 Front Panel LEDs

2.1 Web Configurator Overview

2.1.1 Accessing the Prestige Web Configurator

2.1.2 Resetting the Prestige

2.1.2.1 Using The Reset Button

2.1.3 Navigating the Prestige Web Configurator

3.1 Wizard Setup Introduction

Wizard Setup

3.1.1 Wizard Setup: First Screen

3.1.2 Wizard Setup: Second Screen

3.1.3 Wizard Setup: Third Screen

3.1.4 Internet Access Wizard Setup: Fourth Screen

3.1.5 Wizard Setup: Connection Test

3.1.5.1 Test Your Internet Connection

3.2 Media Bandwidth Management Wizard

3.2.1 Predefined Media Bandwidth Management Services

3.2.2 Media Bandwidth Management Setup: First Screen

3.2.3 Media Bandwidth Mgnt. Wizard Setup: Second Screen

3.2.4 Media Bandwidth Mgnt. Wizard Setup: Finish

3.3 Password Setup

3.3.1 Configuring Password

4.1 LAN Overview

4.1.1 LANs, WANs and the Prestige

LAN Setup

4.1.2 DHCP Setup

4.1.2.1 IP Pool Setup

4.2 DNS Server Address

4.3 DNS Server Address Assignment

4.4 LAN TCP/IP

4.4.1 Factory LAN Defaults

4.5 LAN TCP/IP

4.5.1 IP Address and Subnet Mask

4.5.1.1 Private IP Addresses

4.5.2 RIP Setup

4.5.3 Multicast

4.6 Any IP

4.6.1 How Any IP Works

4.7 Configuring LAN

4.8 Configuring Static DHCP

Wireless LAN (P2602HW Models)

5.1 Introduction

5.2 Wireless Security Overview

5.2.1 Encryption

5.2.2 Authentication

5.2.3 Restricted Access

5.2.4 Hide Prestige Identity

5.2.5 Configuring Wireless LAN on the Prestige

5.3 Configuring the Wireless Screen

5.3.1 WEP Encryption

5.4 Configuring MAC Filters

5.5 Introduction to WPA

5.5.1 WPA-PSK Application Example

5.5.2 WPA with RADIUS Application Example