ZyXEL Prestige 2602H, Prestige 2602HW User Guide

Prestige 2602H Series

ADSL VoIP IAD

Prestige 2602HW Series

802.11g Wireless ADSL VoIP IAD
User’s Guide
Version 3.40
5/2005
Prestige 2602H/HW Series User’s Guide

Copyright

Copyright © 2005 by ZyXEL Communications Corporation.
The contents of this publication may not be reproduced in any part or as a whole, transcribed, stored in a retrieval system, translated into any language, or transmitted in any form or by any means, electronic, mechanical, magnetic, optical, chemical, photocopying, manual, or otherwise, without the prior written permission of ZyXEL Communications Corporation.
Published by ZyXEL Communications Corporation. All rights reserved.
Disclaimer
ZyXEL does not assume any liability arising out of the application or use of any products, or software described herein. Neither does it convey any license under its patent rights nor the patent rights of others. ZyXEL further reserves the right to make changes in any products described herein without notice. This publication is subject to change without notice.
Trademarks
ZyNOS (ZyXEL Network Operating System) is a registered trademark of ZyXEL Communications, Inc. Other trademarks mentioned in this publication are used for identification purposes only and may be properties of their respective owners.
Prestige 2602H/HW Series User’s Guide
Federal Communications
Commission (FCC) Interference
Statement
This device complies with Part 15 of FCC rules. Operation is subject to the following two conditions:
• This device may not cause harmful interference.
• This device must accept any interference received, including interference that may cause undesired operations.
This equipment has been tested and found to comply with the limits for a Class B digital device pursuant to Part 15 of the FCC Rules. These limits are designed to provide reasonable protection against harmful interference in a commercial environment. This equipment generates, uses, and can radiate radio frequency energy, and if not installed and used in accordance with the instructions, may cause harmful interference to radio communications.
If this equipment does cause harmful interference to radio/television reception, which can be determined by turning the equipment off and on, the user is encouraged to try to correct the interference by one or more of the following measures:
• Reorient or relocate the receiving antenna.
• Increase the separation between the equipment and the receiver.
• Connect the equipment into an outlet on a circuit different from that to which the receiver is connected.
• Consult the dealer or an experienced radio/TV technician for help.
Notice 1
Changes or modifications not expressly approved by the party responsible for compliance could void the user's authority to operate the equipment.
Note: Antenna Warning! This device meets ETSI and FCC certification requirements
when using the included antenna(s). Only use the included antenna(s).
This Class B digital apparatus complies with Canadian ICES-003.
Cet appareil numérique de la classe B est conforme à la norme NMB-003 du Canada.
Certifications
www.zyxel.com
Go to

4 Federal Communications Commission (FCC) Interference Statement

Prestige 2602H/HW Series User’s Guide
1 Select your product from the drop-down list box on the ZyXEL home page to go to that
product's page.
2 Select the certification you wish to view from this page.
Federal Communications Commission (FCC) Interference Statement 5
Prestige 2602H/HW Series User’s Guide
For your safety, be sure to read and follow all warning notices and instructions.
• To reduce the risk of fire, use only No. 26 AWG (American Wire Gauge) or larger telecommunication line cord.
• Do NOT open the device or unit. Opening or removing covers can expose you to dangerous high voltage points or other risks. ONLY qualified service personnel can service the device. Please contact your vendor for further information.
• Use ONLY the dedicated power supply for your device. Connect the power cord or power adaptor to the right supply voltage (110V AC in North America or 230V AC in Europe).
• Do NOT use the device if the power supply is damaged as it might cause electrocution.
• If the power supply is damaged, remove it from the power outlet.
• Do NOT attempt to repair the power supply. Contact your local vendor to order a new power supply.
• Place connecting cables carefully so that no one will step on them or stumble over them. Do NOT allow anything to rest on the power cord and do NOT locate the product where anyone can walk on the power cord.
• If you wall mount your device, make sure that no electrical, gas or water pipes will be damaged.
• Do NOT install nor use your device during a thunderstorm. There may be a remote risk of electric shock from lightning.
• Do NOT expose your device to dampness, dust or corrosive liquids.
• Do NOT use this product near water, for example, in a wet basement or near a swimming pool.
• Make sure to connect the cables to the correct ports.
• Do NOT obstruct the device ventilation slots, as insufficient airflow may harm your device.
• Do NOT store things on the device.
• Connect ONLY suitable accessories to the device.

Safety Warnings

6 Safety Warnings
Prestige 2602H/HW Series User’s Guide

ZyXEL Limited Warranty

ZyXEL warrants to the original end user (purchaser) that this product is free from any defects in materials or workmanship for a period of up to two years from the date of purchase. During the warranty period, and upon proof of purchase, should the product have indications of failure due to faulty workmanship and/or materials, ZyXEL will, at its discretion, repair or replace the defective products or components without charge for either parts or labor, and to whatever extent it shall deem necessary to restore the product or components to proper operating condition. Any replacement will consist of a new or re-manufactured functionally equivalent product of equal value, and will be solely at the discretion of ZyXEL. This warranty shall not apply if the product is modified, misused, tampered with, damaged by an act of God, or subjected to abnormal working conditions.
Note
Repair or replacement, as provided under this warranty, is the exclusive remedy of the purchaser. This warranty is in lieu of all other warranties, express or implied, including any implied warranty of merchantability or fitness for a particular use or purpose. ZyXEL shall in no event be held liable for indirect or consequential damages of any kind of character to the purchaser.
To obtain the services of this warranty, contact ZyXEL's Service Center for your Return Material Authorization number (RMA). Products must be returned Postage Prepaid. It is recommended that the unit be insured when shipped. Any returned products without proof of purchase or those with an out-dated warranty will be repaired or replaced (at the discretion of ZyXEL) and the customer will be billed for parts and labor. All repaired or replaced products will be shipped by ZyXEL to the corresponding return address, Postage Paid. This warranty gives you specific legal rights, and you may also have other rights that vary from country to country.
Prestige 2602H/HW Series User’s Guide
Please have the following information ready when you contact customer support.
• Product model and serial number.
• Warranty Information.
• Date that you received your device.
• Brief description of the problem and the steps you took to solve it.

Customer Support

METHOD
LOCATION
CORPORATE HEADQUARTERS (WORLDWIDE)
CZECH REPUBLIC
DENMARK
FINLAND
FRANCE
GERMANY
NORTH AMERICA
NORWAY
SPAIN
SWEDEN
SUPPORT E-MAIL TELEPHONE
SALES E-MAIL FAX FTP SITE
support@zyxel.com.tw +886-3-578-3942 www.zyxel.com
sales@zyxel.com.tw +886-3-578-2439 ftp.zyxel.com
info@cz.zyxel.com +420 241 091 350 www.zyxel.cz ZyXEL Communications
info@cz.zyxel.com +420 241 091 359
support@zyxel.dk +45 39 55 07 00 www.zyxel.dk ZyXEL Communications A/S
sales@zyxel.dk +45 39 55 07 07
support@zyxel.fi +358-9-4780-8411 www.zyxel.fi ZyXEL Communications Oy
sales@zyxel.fi +358-9-4780 8448
i nf o @z y xe l .f r + 3 3 ( 0 )4 72 52 97 97 w ww .z y xe l . fr Z yX E L Fr a nc e
+33 (0)4 72 52 19 20
support@zyxel.de +49-2405-6909-0 www.zyxel.de ZyXEL Deutschland GmbH.
sales@zyxel.de +49-2405-6909-99
support@zyxel.com +1-800-255-4101
+1-714-632-0882
sales@zyxel.com +1-714-632-0858 ftp.us.zyxel.com
support@zyxel.no +47 22 80 61 80 www.zyxel.no ZyXEL Communications A/S
sales@zyxel.no +47 22 80 61 81
support@zyxel.es +34 902 195 420 www.zyxel.es ZyXEL Communications
sales@zyxel.es +34 913 005 345
support@zyxel.se +46 31 744 7700 www.zyxel.se ZyXEL Communications A/S
sales@zyxel.se +46 31 744 7701
A
WEB SITE
www.europe.zyxel.com
ftp.europe.zyxel.com
www.us.zyxel.com ZyXEL Communications Inc.
REGULAR MAIL
ZyXEL Communications Corp. 6 Innovation Road II
Sc ien ce P ar k Hsinchu 300 Ta i w a n
Czech s.r.o. Modranská 621 143 01 Praha 4 - Modrany Ceská Republika
Col um bu sv ej 5 2860 Soeborg Denmark
Mal mi nk aa ri 10 00700 Helsinki Finland
1 ru e d e s V er ge r s Ba t. 1 / C 69760 Limonest France
Adenauerstr. 20/A2 D-52146 Wuerselen Germany
1130 N. Miller St. Anaheim
CA 92806-2001 U.S.A.
Ni ls H ans en s ve i 13 0667 Oslo Norway
Alejandro Villegas 33 1º, 28043 Madrid Spa i n
Sjöporten 4, 41764 Göteborg Sweden
8 Customer Support
Prestige 2602H/HW Series User’s Guide
METHOD
LOCATION
UNITED KINGDOM
SUPPORT E-MAIL TELEPHONE
SALES E-MAIL FAX FTP SITE
support@zyxel.co.uk +44 (0) 1344 303044
08707 555779 (UK only)
sales@zyxel.co.uk +44 (0) 1344 303034 ftp.zyxel.co.uk
A
WEB SITE
www.zyxel.co.uk ZyXEL Communications UK
a. “+” is the (prefix) number you enter to make an international telephone call.
REGULAR MAIL
Ltd.,11 The Courtyard, Eastern Road, Bracknell, Berkshire, RG12 2XB, United Kingdom (UK)
Prestige 2602H/HW Series User’s Guide
10 Customer Support
Prestige 2602H/HW Series User’s Guide

Table of Contents

Copyright .................................................................................................................. 3
Federal Communications Commission (FCC) Interference Statement ............... 4
Safety Warnings ....................................................................................................... 6
ZyXEL Limited Warranty.......................................................................................... 7
Customer Support.................................................................................................... 8
Table of Contents ................................................................................................... 11
List of Figures ........................................................................................................ 29
List of Tables .......................................................................................................... 37
Preface .................................................................................................................... 43
Introduction to DSL................................................................................................ 45
Chapter 1
Getting To Know Your Prestige............................................................................. 47
1.1 Introducing the Prestige .....................................................................................47
1.1.1 Features of the Prestige ...........................................................................48
1.1.1.1 P2602HW Wireless Features ..........................................................52
1.2 Applications for the Prestige ..............................................................................53
1.2.1 Internet Access .........................................................................................53
1.2.1.1 Internet Single User Account ..........................................................54
1.2.2 Making Calls via Internet Telephony Service Provider ..............................54
1.2.3 Make Peer-to-peer Calls ...........................................................................54
1.2.4 Firewall for Secure Broadband Internet Access .......................................55
1.2.5 LAN to LAN Application ............................................................................55
1.2.6 Front Panel LEDs .....................................................................................56
Chapter 2
Introducing the Web Configurator........................................................................ 59
2.1 Web Configurator Overview ...............................................................................59
2.1.1 Accessing the Prestige Web Configurator ................................................59
2.1.2 Resetting the Prestige ..............................................................................60
2.1.2.1 Using The Reset Button ..................................................................60
2.1.3 Navigating the Prestige Web Configurator ...............................................61
Table of Contents 11
Prestige 2602H/HW Series User’s Guide
Chapter 3
Wizard Setup .......................................................................................................... 65
3.1 Wizard Setup Introduction ..................................................................................65
3.1.1 Wizard Setup: First Screen .......................................................................65
3.1.2 Wizard Setup: Second Screen ..................................................................66
3.1.3 Wizard Setup: Third Screen ......................................................................70
3.1.4 Internet Access Wizard Setup: Fourth Screen ..........................................72
3.1.5 Wizard Setup: Connection Test ................................................................74
3.1.5.1 Test Your Internet Connection .........................................................75
3.2 Media Bandwidth Management Wizard .............................................................75
3.2.1 Predefined Media Bandwidth Management Services ...............................76
3.2.2 Media Bandwidth Management Setup: First Screen ................................76
3.2.3 Media Bandwidth Mgnt. Wizard Setup: Second Screen ...........................77
3.2.4 Media Bandwidth Mgnt. Wizard Setup: Finish ..........................................78
3.3 Password Setup .................................................................................................79
3.3.1 Configuring Password ...............................................................................79
Chapter 4
LAN Setup............................................................................................................... 81
4.1 LAN Overview ....................................................................................................81
4.1.1 LANs, WANs and the Prestige ..................................................................81
4.1.2 DHCP Setup .............................................................................................81
4.1.2.1 IP Pool Setup ..................................................................................82
4.2 DNS Server Address ..........................................................................................82
4.3 DNS Server Address Assignment ......................................................................82
4.4 LAN TCP/IP ........................................................................................................83
4.4.1 Factory LAN Defaults ................................................................................83
4.5 LAN TCP/IP ........................................................................................................83
4.5.1 IP Address and Subnet Mask ...................................................................83
4.5.1.1 Private IP Addresses .......................................................................84
4.5.2 RIP Setup .................................................................................................84
4.5.3 Multicast ....................................................................................................85
4.6 Any IP .................................................................................................................85
4.6.1 How Any IP Works ....................................................................................86
4.7 Configuring LAN .................................................................................................87
4.8 Configuring Static DHCP ....................................................................................89
Chapter 5
Wireless LAN (P2602HW Models)......................................................................... 91
5.1 Introduction ........................................................................................................91
5.2 Wireless Security Overview ...............................................................................91
5.2.1 Encryption .................................................................................................91
5.2.2 Authentication ...........................................................................................91
12 Table of Contents
Prestige 2602H/HW Series User’s Guide
5.2.3 Restricted Access .....................................................................................92
5.2.4 Hide Prestige Identity ................................................................................92
5.2.5 Configuring Wireless LAN on the Prestige ...............................................92
5.3 Configuring the Wireless Screen ........................................................................93
5.3.1 WEP Encryption ........................................................................................93
5.4 Configuring MAC Filters .....................................................................................95
5.5 Introduction to WPA ...........................................................................................97
5.5.1 WPA-PSK Application Example ................................................................97
5.5.2 WPA with RADIUS Application Example ..................................................98
5.5.3 Wireless Client WPA Supplicants ............................................................99
5.6 Configuring IEEE 802.1x and WPA ....................................................................99
5.6.1 Authentication Required: 802.1x .............................................................100
5.6.2 Authentication Required: WPA ...............................................................102
5.6.3 Authentication Required: WPA-PSK .......................................................104
5.7 Configuring Local User Authentication .............................................................105
5.8 Configuring RADIUS ........................................................................................106
Chapter 6
WAN Setup............................................................................................................ 109
6.1 WAN Overview .................................................................................................109
6.1.1 Encapsulation .........................................................................................109
6.1.1.1 ENET ENCAP ...............................................................................109
6.1.1.2 PPP over Ethernet ........................................................................109
6.1.1.3 PPPoA ...........................................................................................109
6.1.1.4 RFC 1483 ...................................................................................... 110
6.1.2 Multiplexing ............................................................................................. 110
6.1.2.1 VC-based Multiplexing .................................................................. 110
6.1.2.2 LLC-based Multiplexing ................................................................. 110
6.1.3 VPI and VCI ............................................................................................110
6.1.4 IP Address Assignment ..........................................................................110
6.1.4.1 IP Assignment with PPPoA or PPPoE Encapsulation ................... 110
6.1.4.2 IP Assignment with RFC 1483 Encapsulation ............................... 111
6.1.4.3 IP Assignment with ENET ENCAP Encapsulation ........................ 111
6.1.5 Nailed-Up Connection (PPP) .................................................................. 111
6.2 Metric .............................................................................................................. 111
6.3 PPPoE Encapsulation ...................................................................................... 112
6.4 Traffic Shaping .................................................................................................112
6.5 Zero Configuration Internet Access .................................................................. 113
6.6 Configuring WAN Setup ...................................................................................113
6.7 Traffic Redirect .................................................................................................116
6.8 Configuring WAN Backup ................................................................................. 117
Table of Contents 13
Prestige 2602H/HW Series User’s Guide
Chapter 7
Network Address Translation (NAT) Screens.................................................... 121
7.1 NAT Overview ..................................................................................................121
7.1.1 NAT Definitions .......................................................................................121
7.1.2 What NAT Does ......................................................................................122
7.1.3 How NAT Works .....................................................................................122
7.1.4 NAT Application ......................................................................................123
7.1.5 NAT Mapping Types ...............................................................................123
7.2 SUA (Single User Account) Versus NAT ..........................................................124
7.3 SUA Server ......................................................................................................125
7.3.1 Default Server IP Address ......................................................................125
7.3.2 Port Forwarding: Services and Port Numbers ........................................125
7.3.3 Configuring Servers Behind SUA (Example) ..........................................126
7.4 Selecting the NAT Mode ..................................................................................126
7.5 Configuring SUA Server ...................................................................................127
7.6 Configuring Address Mapping ..........................................................................129
7.7 Editing an Address Mapping Rule ....................................................................130
Chapter 8
Introduction to VoIP ............................................................................................. 133
8.1 Introduction to VoIP ..........................................................................................133
8.2 SIP ..................................................................................................................133
8.2.1 SIP Identities ...........................................................................................133
8.2.1.1 SIP Number ...................................................................................133
8.2.1.2 SIP Service Domain ......................................................................134
8.2.2 SIP Call Progression ...............................................................................134
8.2.3 SIP Servers .............................................................................................134
8.2.3.1 SIP User Agent .............................................................................135
8.2.3.2 SIP Proxy Server ...........................................................................135
8.2.3.3 SIP Redirect Server ......................................................................136
8.2.3.4 SIP Register Server ......................................................................137
8.2.4 RTP .........................................................................................................137
8.3 SIP ALG ...........................................................................................................137
8.4 Pulse Code Modulation ....................................................................................137
8.5 Voice Coding ....................................................................................................138
8.5.1 G.711 .......................................................................................................138
8.5.2 G.729 ......................................................................................................138
8.6 PSTN Call Setup Signaling ..............................................................................138
8.7 MWI (Message Waiting Indication) ...................................................................138
Chapter 9
Voice Screens ....................................................................................................... 139
9.1 Voice Screens Introduction ..............................................................................139
14 Table of Contents
Prestige 2602H/HW Series User’s Guide
9.2 SIP Settings Configuration ...............................................................................139
9.3 Advanced Voice Settings Configuration ...........................................................140
9.4 Quality of Service (QoS) ..................................................................................143
9.4.1 Type Of Service (ToS) .............................................................................143
9.4.2 DiffServ ...................................................................................................143
9.4.2.1 DSCP and Per-Hop Behavior ........................................................143
9.4.3 VLAN ......................................................................................................143
9.5 QoS Configuration ............................................................................................144
9.6 Phone ...............................................................................................................145
9.6.1 Voice Activity Detection/Silence Suppression .........................................145
9.6.2 Comfort Noise Generation ......................................................................145
9.6.3 Echo Cancellation ...................................................................................145
9.7 Phone Configuration ........................................................................................145
9.8 Speed Dial ........................................................................................................147
9.8.1 Peer-to-Peer Calls ..................................................................................147
9.9 Speed Dial Configuration .................................................................................147
9.10 Lifeline (Prestige 2602HL/HWL) .....................................................................149
9.11 Lifeline Configuration (Prestige 2602HL/HWL) ..............................................149
9.12 Supplementary Phone Services Overview .....................................................150
9.12.1 The Flash Key .......................................................................................151
9.12.2 Europe Type Supplementary Phone Services ......................................151
9.12.2.1 European Call Hold .....................................................................151
9.12.2.2 European Call Waiting ................................................................152
9.12.2.3 European Call Transfer ...............................................................152
9.12.2.4 European Three-Way Conference ..............................................152
9.12.3 USA Type Supplementary Services ......................................................153
9.12.3.1 USA Call Hold .............................................................................153
9.12.3.2 USA Call Waiting ........................................................................153
9.12.3.3 USA Call Transfer .......................................................................153
9.12.3.4 USA Three-Way Conference .......................................................153
9.13 Common Phone Port Configuration ...............................................................154
9.14 Call Forward Configuration ............................................................................155
Chapter 10
Phone Usage ........................................................................................................ 159
10.1 Dialing a Telephone Number ..........................................................................159
10.2 Using Speed Dial to Dial a Telephone Number ..............................................159
10.3 Internal Calls ..................................................................................................159
10.4 Checking the Prestige’s IP Address ...............................................................159
10.5 Auto Firmware Upgrade .................................................................................160
Table of Contents 15
Prestige 2602H/HW Series User’s Guide
Chapter 11
Dynamic DNS Setup............................................................................................. 161
11.1 Dynamic DNS .................................................................................................161
11.1.1 DYNDNS Wildcard ................................................................................161
11.2 Configuring Dynamic DNS .............................................................................161
Chapter 12
Time and Date....................................................................................................... 163
12.1 Pre-defined NTP Time Servers List ................................................................163
12.2 Configuring Time and Date ............................................................................163
Chapter 13
Firewalls................................................................................................................ 167
13.1 Firewall Overview ...........................................................................................167
13.2 Types of Firewalls ..........................................................................................167
13.2.1 Packet Filtering Firewalls ......................................................................167
13.2.2 Application-level Firewalls ....................................................................167
13.2.3 Stateful Inspection Firewalls ................................................................168
13.3 Introduction to ZyXEL’s Firewall .....................................................................168
13.3.1 Denial of Service Attacks ......................................................................169
13.4 Denial of Service ............................................................................................169
13.4.1 Basics ...................................................................................................169
13.4.2 Types of DoS Attacks ...........................................................................170
13.4.2.1 ICMP Vulnerability ......................................................................172
13.4.2.2 Illegal Commands (NetBIOS and SMTP) ....................................172
13.4.2.3 Traceroute ...................................................................................173
13.5 Stateful Inspection ..........................................................................................173
13.5.1 Stateful Inspection Process ..................................................................174
13.5.2 Stateful Inspection and the Prestige .....................................................175
13.5.3 TCP Security .........................................................................................175
13.5.4 UDP/ICMP Security ..............................................................................176
13.5.5 Upper Layer Protocols ..........................................................................176
13.6 Guidelines for Enhancing Security with Your Firewall ....................................176
13.6.1 Security In General ...............................................................................177
13.7 Packet Filtering Vs Firewall ............................................................................178
13.7.1 Packet Filtering: ....................................................................................178
13.7.1.1 When To Use Filtering .................................................................178
13.7.2 Firewall .................................................................................................178
13.7.2.1 When To Use The Firewall ..........................................................178
Chapter 14
Firewall Configuration ......................................................................................... 181
14.1 Access Methods .............................................................................................181
16 Table of Contents
Prestige 2602H/HW Series User’s Guide
14.2 Firewall Policies Overview .............................................................................181
14.3 Rule Logic Overview ......................................................................................182
14.3.1 Rule Checklist .......................................................................................182
14.3.2 Security Ramifications ..........................................................................182
14.3.3 Key Fields For Configuring Rules .........................................................183
14.3.3.1 Action ..........................................................................................183
14.3.3.2 Service ........................................................................................183
14.3.3.3 Source Address ...........................................................................183
14.3.3.4 Destination Address ....................................................................183
14.4 Connection Direction Example .......................................................................183
14.4.1 LAN to WAN Rules ...............................................................................184
14.4.2 WAN to LAN Rules ...............................................................................184
14.4.3 Alerts .....................................................................................................185
14.5 Configuring Basic Firewall Settings ................................................................185
14.6 Rule Summary ...............................................................................................186
14.6.1 Configuring Firewall Rules ....................................................................188
14.7 Customized Services .....................................................................................191
14.8 Creating/Editing A Customized Service .........................................................191
14.9 Example Firewall Rule ...................................................................................192
14.10 Predefined Services .....................................................................................196
14.11 Anti-Probing ..................................................................................................198
14.12 DoS Thresholds ...........................................................................................199
14.12.1 Threshold Values ................................................................................200
14.12.2 Half-Open Sessions ............................................................................200
14.12.2.1 TCP Maximum Incomplete and Blocking Time .........................200
Chapter 15
Content Filtering .................................................................................................. 203
15.1 Content Filtering Overview .............................................................................203
15.2 Configuring Keyword Blocking .......................................................................203
15.3 Configuring the Schedule ..............................................................................204
15.4 Configuring Trusted Computers .....................................................................205
Chapter 16
Introduction to IPSec ........................................................................................... 207
16.1 VPN Overview ................................................................................................207
16.1.1 IPSec ....................................................................................................207
16.1.2 Security Association .............................................................................207
16.1.3 Other Terminology ................................................................................207
16.1.3.1 Encryption ...................................................................................207
16.1.3.2 Data Confidentiality .....................................................................208
16.1.3.3 Data Integrity ...............................................................................208
16.1.3.4 Data Origin Authentication ..........................................................208
Table of Contents 17
Prestige 2602H/HW Series User’s Guide
16.1.4 VPN Applications ..................................................................................208
16.2 IPSec Architecture .........................................................................................209
16.2.1 IPSec Algorithms ..................................................................................209
16.2.2 Key Management ..................................................................................209
16.3 Encapsulation .................................................................................................209
16.3.1 Transport Mode ....................................................................................210
16.3.2 Tunnel Mode ........................................................................................210
16.4 IPSec and NAT ...............................................................................................210
Chapter 17
VPN Screens......................................................................................................... 213
17.1 VPN/IPSec Overview .....................................................................................213
17.2 IPSec Algorithms ............................................................................................213
17.2.1 AH (Authentication Header) Protocol ...................................................213
17.2.2 ESP (Encapsulating Security Payload) Protocol .................................214
17.3 My IP Address ................................................................................................214
17.4 Secure Gateway Address ..............................................................................215
17.4.1 Dynamic Secure Gateway Address ......................................................215
17.5 VPN Summary Screen ...................................................................................215
17.6 Keep Alive ......................................................................................................217
17.7 Remote DNS Server ......................................................................................217
17.8 NAT Traversal ................................................................................................218
17.8.1 NAT Traversal Configuration .................................................................219
17.9 ID Type and Content ......................................................................................219
17.9.1 ID Type and Content Examples ............................................................220
17.10 Pre-Shared Key ............................................................................................221
17.11 Editing VPN Policies .....................................................................................221
17.12 IKE Phases .................................................................................................226
17.12.1 Negotiation Mode ................................................................................228
17.12.2 Diffie-Hellman (DH) Key Groups .........................................................228
17.12.3 Perfect Forward Secrecy (PFS) .........................................................228
17.13 Configuring Advanced IKE Settings .............................................................228
17.14 Manual Key Setup ........................................................................................231
17.14.1 Security Parameter Index (SPI) .........................................................231
17.15 Configuring Manual Key ...............................................................................232
17.16 Viewing SA Monitor ......................................................................................235
17.17 Configuring Global Setting ...........................................................................237
17.18 Telecommuter VPN/IPSec Examples ...........................................................237
17.18.1 Telecommuters Sharing One VPN Rule Example ..............................237
17.18.2 Telecommuters Using Unique VPN Rules Example ...........................238
17.19 VPN and Remote Management ...................................................................240
18 Table of Contents
Prestige 2602H/HW Series User’s Guide
Chapter 18
Remote Management Configuration .................................................................. 241
18.1 Remote Management Overview .....................................................................241
18.1.1 Remote Management Limitations .........................................................241
18.1.2 Remote Management and NAT ............................................................242
18.1.3 System Timeout ...................................................................................242
18.2 Telnet ..............................................................................................................242
18.3 FTP ................................................................................................................242
18.4 Web ................................................................................................................243
18.5 Configuring Remote Management .................................................................243
Chapter 19
Universal Plug-and-Play (UPnP) ......................................................................... 245
19.1 Introducing Universal Plug and Play ..............................................................245
19.1.1 How do I know if I'm using UPnP? ........................................................245
19.1.2 NAT Traversal .......................................................................................245
19.1.3 Cautions with UPnP ..............................................................................245
19.2 UPnP and ZyXEL ...........................................................................................246
19.2.1 Configuring UPnP .................................................................................246
19.3 Installing UPnP in Windows Example ............................................................247
19.4 Using UPnP in Windows XP Example ...........................................................251
Chapter 20
Logs Screens........................................................................................................ 259
20.1 Logs Overview ...............................................................................................259
20.1.1 Alerts and Logs .....................................................................................259
20.2 Configuring Log Settings ................................................................................259
20.3 Displaying the Logs ........................................................................................262
20.4 SMTP Error Messages ...................................................................................262
20.4.1 Example E-mail Log ..............................................................................263
Chapter 21
Media Bandwidth Management Advanced Setup.............................................. 265
21.1 Bandwidth Management Advanced Setup Overview .....................................265
21.2 Bandwidth Classes and Filters .......................................................................265
21.3 Proportional Bandwidth Allocation .................................................................266
21.4 Bandwidth Management Usage Examples ....................................................266
21.4.1 Application-based Bandwidth Management Example ..........................266
21.4.2 Subnet-based Bandwidth Management Example .................................266
21.4.3 Application and Subnet-based Bandwidth Management Example .......267
21.5 Scheduler .......................................................................................................268
21.5.1 Priority-based Scheduler ......................................................................268
21.5.2 Fairness-based Scheduler ....................................................................268
Table of Contents 19
Prestige 2602H/HW Series User’s Guide
21.6 Maximize Bandwidth Usage ...........................................................................268
21.6.1 Reserving Bandwidth for Non-Bandwidth Class Traffic ........................268
21.6.2 Maximize Bandwidth Usage Example ..................................................269
21.7 Bandwidth Borrowing .....................................................................................270
21.7.1 Bandwidth Borrowing Example .............................................................270
21.7.2 Maximize Bandwidth Usage With Bandwidth Borrowing ......................271
21.8 Configuring Summary ....................................................................................271
21.9 Configuring Class Setup ................................................................................273
21.9.1 Media Bandwidth Management Class Configuration ............................274
21.9.2 Media Bandwidth Management Statistics .............................................276
21.10 Bandwidth Monitor ......................................................................................277
Chapter 22
Maintenance ......................................................................................................... 279
22.1 Maintenance Overview ...................................................................................279
22.2 System Status Screen ....................................................................................279
22.2.1 System Statistics ...................................................................................282
22.3 DHCP Table Screen .......................................................................................283
22.4 Any IP Table Screen .......................................................................................284
22.5 Wireless Screen .............................................................................................285
22.5.1 Association List .....................................................................................285
22.6 Diagnostic Screens ........................................................................................286
22.6.1 Diagnostic General Screen ...................................................................286
22.6.2 Diagnostic DSL Line Screen .................................................................286
22.7 Firmware Screen ............................................................................................288
Chapter 23
Introducing the SMT ............................................................................................291
23.1 Introduction to the SMT ..................................................................................291
23.1.1 Procedure for SMT Configuration via Telnet .........................................291
23.1.2 Entering Password ................................................................................291
23.2 Navigating the SMT Interface .........................................................................292
23.2.1 System Management Terminal Interface Summary ..............................293
23.2.2 SMT Menus Overview ..........................................................................294
23.3 Changing the System Password ....................................................................295
Chapter 24
Menu 1 General Setup ......................................................................................... 297
24.1 General Setup ................................................................................................297
24.2 Procedure To Configure Menu 1 ....................................................................297
24.2.1 Procedure to Configure Dynamic DNS .................................................298
20 Table of Contents
Prestige 2602H/HW Series User’s Guide
Chapter 25
Menu 2 WAN Backup Setup ................................................................................ 301
25.1 Introduction to WAN Backup Setup ................................................................301
25.2 Configuring WAN Backup in Menu 2 ..............................................................301
25.2.1 Traffic Redirect Setup ...........................................................................302
Chapter 26
Menu 3 LAN Setup ...............................................................................................305
26.1 LAN Setup ......................................................................................................305
26.1.1 General Ethernet Setup ........................................................................305
26.2 Protocol Dependent Ethernet Setup ..............................................................305
26.3 TCP/IP Ethernet Setup and DHCP ................................................................306
Chapter 27
Wireless LAN Setup ............................................................................................. 309
27.1 Wireless LAN Overview .................................................................................309
27.2 Wireless LAN Setup .......................................................................................309
27.2.1 Wireless LAN MAC Address Filter ........................................................310
Chapter 28
Internet Access .................................................................................................... 313
28.1 Internet Access Overview ..............................................................................313
28.2 IP Policies ......................................................................................................313
28.3 IP Alias ...........................................................................................................313
28.4 IP Alias Setup .................................................................................................314
28.5 Route IP Setup ...............................................................................................315
28.6 Internet Access Configuration ........................................................................316
Chapter 29
Remote Node Configuration ............................................................................... 319
29.1 Remote Node Setup Overview .......................................................................319
29.2 Remote Node Setup .......................................................................................319
29.2.1 Remote Node Profile ............................................................................319
29.2.2 Encapsulation and Multiplexing Scenarios ...........................................320
29.2.2.1 Scenario 1: One VC, Multiple Protocols ......................................320
29.2.2.2 Scenario 2: One VC, One Protocol (IP) ......................................320
29.2.2.3 Scenario 3: Multiple VCs .............................................................320
29.2.3 Outgoing Authentication Protocol .........................................................322
29.3 Remote Node Network Layer Options ...........................................................323
29.3.1 My WAN Addr Sample IP Addresses ...................................................324
29.4 Remote Node Filter ........................................................................................325
29.5 Editing ATM Layer Options ............................................................................326
29.5.1 VC-based Multiplexing (non-PPP Encapsulation) ................................326
Table of Contents 21
Prestige 2602H/HW Series User’s Guide
29.5.2 LLC-based Multiplexing or PPP Encapsulation ....................................327
29.5.3 Advance Setup Options ........................................................................327
Chapter 30
Static Route Setup ............................................................................................... 329
30.1 IP Static Route Overview ...............................................................................329
30.2 Configuration ..................................................................................................329
Chapter 31
Bridging Setup ..................................................................................................... 333
31.1 Bridging in General ........................................................................................333
31.2 Bridge Ethernet Setup ....................................................................................333
31.2.1 Remote Node Bridging Setup ...............................................................333
31.2.2 Bridge Static Route Setup .....................................................................335
Chapter 32
Network Address Translation (NAT)................................................................... 337
32.1 Using NAT ......................................................................................................337
32.1.1 SUA (Single User Account) Versus NAT ..............................................337
32.2 Applying NAT .................................................................................................337
32.3 NAT Setup ......................................................................................................339
32.3.1 Address Mapping Sets ..........................................................................339
32.3.1.1 SUA Address Mapping Set .........................................................340
32.3.1.2 User-Defined Address Mapping Sets ..........................................341
32.3.1.3 Ordering Your Rules ....................................................................341
32.4 Configuring a Server Behind NAT ..................................................................343
32.5 General NAT Examples ..................................................................................344
32.5.1 Example 1: Internet Access Only ..........................................................345
32.5.2 Example 2: Internet Access with an Inside Server ...............................345
32.5.3 Example 3: Multiple Public IP Addresses With Inside Servers .............346
32.5.4 Example 4: NAT Unfriendly Application Programs ...............................350
Chapter 33
Enabling the Firewall ...........................................................................................353
33.1 Remote Management and the Firewall ..........................................................353
33.2 Access Methods .............................................................................................353
33.3 Enabling the Firewall ......................................................................................353
Chapter 34
Filter Configuration.............................................................................................. 355
34.1 About Filtering ................................................................................................355
34.1.1 The Filter Structure of the Prestige .......................................................356
34.2 Configuring a Filter Set for the Prestige .........................................................357
22 Table of Contents
Prestige 2602H/HW Series User’s Guide
34.3 Filter Rules Summary Menus .........................................................................358
34.4 Configuring a Filter Rule ................................................................................359
34.4.1 TCP/IP Filter Rule .................................................................................360
34.4.2 Generic Filter Rule ................................................................................362
34.5 Filter Types and NAT .....................................................................................364
34.6 Example Filter ................................................................................................364
34.7 Applying Filters and Factory Defaults ............................................................366
34.7.1 Ethernet Traffic .....................................................................................367
34.7.2 Remote Node Filters .............................................................................367
Chapter 35
SNMP Configuration ............................................................................................ 369
35.1 About SNMP ..................................................................................................369
35.2 Supported MIBs ............................................................................................370
35.3 SNMP Configuration ......................................................................................370
35.4 SNMP Traps ...................................................................................................371
Chapter 36
System Security ................................................................................................... 373
36.1 System Security .............................................................................................373
36.1.1 System Password .................................................................................373
36.1.2 Configuring External RADIUS Server ...................................................373
36.1.3 IEEE802.1x ...........................................................................................375
36.2 Creating User Accounts on the Prestige ........................................................377
Chapter 37
System Information and Diagnosis .................................................................... 379
37.1 Overview ........................................................................................................379
37.2 System Status ................................................................................................379
37.3 System Information ........................................................................................381
37.3.1 System Information ...............................................................................381
37.3.2 Console Port Speed ..............................................................................382
37.4 Log and Trace ................................................................................................383
37.4.1 Viewing Error Log .................................................................................383
37.4.2 Syslog and Accounting .........................................................................384
37.5 Diagnostic ......................................................................................................386
Chapter 38
Firmware and Configuration File Maintenance ................................................. 389
38.1 Filename Conventions ...................................................................................389
38.2 Backup Configuration .....................................................................................390
38.2.1 Backup Configuration ...........................................................................390
38.2.2 Using the FTP Command from the Command Line ..............................391
Table of Contents 23
Prestige 2602H/HW Series User’s Guide
38.2.3 Example of FTP Commands from the Command Line .........................391
38.2.4 GUI-based FTP Clients .........................................................................392
38.2.5 TFTP and FTP over WAN Management Limitations .............................392
38.2.6 Backup Configuration Using TFTP .......................................................393
38.2.7 TFTP Command Example ....................................................................393
38.2.8 GUI-based TFTP Clients ......................................................................393
38.3 Restore Configuration ....................................................................................394
38.3.1 Restore Using FTP ...............................................................................394
38.3.2 Restore Using FTP Session Example ..................................................395
38.4 Uploading Firmware and Configuration Files .................................................396
38.4.1 Firmware File Upload ............................................................................396
38.4.2 Configuration File Upload .....................................................................396
38.4.3 FTP File Upload Command from the DOS Prompt Example ................397
38.4.4 FTP Session Example of Firmware File Upload ...................................398
38.4.5 TFTP File Upload ..................................................................................398
38.4.6 TFTP Upload Command Example ........................................................399
Chapter 39
System Maintenance............................................................................................ 401
39.1 Command Interpreter Mode ...........................................................................401
39.2 Call Control Support .......................................................................................402
39.2.1 Budget Management ............................................................................402
39.3 Time and Date Setting ....................................................................................403
39.3.1 Resetting the Time ................................................................................404
Chapter 40
Remote Management ........................................................................................... 407
40.1 Remote Management Overview .....................................................................407
40.2 Remote Management .....................................................................................407
40.2.1 Remote Management Setup .................................................................407
40.2.2 Remote Management Limitations .........................................................408
40.3 Remote Management and NAT ......................................................................409
40.4 System Timeout .............................................................................................409
Chapter 41
IP Policy Routing.................................................................................................. 411
41.1 IP Policy Routing Overview ............................................................................ 411
41.2 Benefits of IP Policy Routing .......................................................................... 411
41.3 Routing Policy ................................................................................................411
41.4 IP Routing Policy Setup .................................................................................412
41.5 Applying an IP Policy .....................................................................................415
41.5.1 Ethernet IP Policies ..............................................................................415
41.6 IP Policy Routing Example .............................................................................416
24 Table of Contents
Prestige 2602H/HW Series User’s Guide
Chapter 42
Call Scheduling .................................................................................................... 419
42.1 Introduction ....................................................................................................419
Chapter 43
VPN/IPSec Setup .................................................................................................. 423
43.1 VPN/IPSec Overview .....................................................................................423
43.2 IPSec Summary Screen .................................................................................424
43.3 IPSec Setup ...................................................................................................426
43.4 IKE Setup .......................................................................................................430
43.5 Manual Setup .................................................................................................432
43.5.1 Active Protocol ......................................................................................432
43.5.2 Security Parameter Index (SPI) ............................................................432
Chapter 44
SA Monitor ............................................................................................................ 435
44.1 SA Monitor Overview .....................................................................................435
44.2 Using SA Monitor ...........................................................................................435
Chapter 45
Troubleshooting ................................................................................................... 439
45.1 Problems Starting Up the Prestige .................................................................439
45.2 Problems with the LAN ...................................................................................439
45.3 Problems with the WAN .................................................................................440
45.4 Problems Accessing the Prestige ..................................................................441
45.4.1 Pop-up Windows, JavaScripts and Java Permissions ..........................441
45.4.1.1 Internet Explorer Pop-up Blockers ..............................................442
45.4.1.2 JavaScripts ..................................................................................445
45.4.1.3 Java Permissions ........................................................................447
45.5 Telephone Problems ......................................................................................449
Appendix A
Product Specifications ....................................................................................... 451
Prestige 2602H/HW Series Power Adaptor Specifications .................................... 455
Appendix B
Setting up Your Computer’s IP Address............................................................ 457
Windows 95/98/Me................................................................................................. 457
Configuring ...................................................................................................... 459
Verifying Settings............................................................................................. 460
Windows 2000/NT/XP ............................................................................................ 460
Verifying Settings............................................................................................. 464
Table of Contents 25
Prestige 2602H/HW Series User’s Guide
Macintosh OS 8/9................................................................................................... 465
Verifying Settings............................................................................................. 466
Macintosh OS X ..................................................................................................... 466
Verifying Settings............................................................................................. 468
Appendix C
IP Subnetting ........................................................................................................ 469
IP Addressing......................................................................................................... 469
IP Classes .............................................................................................................. 469
Subnet Masks ........................................................................................................ 470
Subnetting .............................................................................................................. 470
Example: Two Subnets .......................................................................................... 471
Example: Four Subnets.......................................................................................... 473
Example Eight Subnets.......................................................................................... 474
Subnetting With Class A and Class B Networks. ................................................... 475
Appendix D
PPPoE ................................................................................................................... 477
PPPoE in Action..................................................................................................... 477
Benefits of PPPoE.................................................................................................. 477
Traditional Dial-up Scenario................................................................................... 477
How PPPoE Works ................................................................................................ 478
Prestige as a PPPoE Client ................................................................................... 478
Appendix E
Wireless LANs ...................................................................................................... 479
Wireless LAN Topologies ....................................................................................... 479
Ad-hoc Wireless LAN Configuration ................................................................ 479
BSS.................................................................................................................. 479
ESS.................................................................................................................. 480
Channel.................................................................................................................. 481
RTS/CTS................................................................................................................ 481
Fragmentation Threshold ....................................................................................... 482
Preamble Type....................................................................................................... 483
IEEE 802.1x ........................................................................................................... 484
RADIUS.................................................................................................................. 484
Types of RADIUS Messages ........................................................................... 484
Types of Authentication.......................................................................................... 485
EAP-MD5 (Message-Digest Algorithm 5) ........................................................ 485
EAP-TLS (Transport Layer Security) ............................................................... 486
EAP-TTLS (Tunneled Transport Layer Service) .............................................. 486
PEAP (Protected EAP) .................................................................................... 486
26 Table of Contents
Prestige 2602H/HW Series User’s Guide
LEAP................................................................................................................ 486
Dynamic WEP Key Exchange ......................................................................... 486
WPA ....................................................................................................................... 487
User Authentication ........................................................................................ 487
Encryption ....................................................................................................... 487
Security Parameters Summary .............................................................................. 488
Appendix F
Triangle Route ...................................................................................................... 489
The Ideal Setup...................................................................................................... 489
The “Triangle Route” Problem................................................................................ 489
The “Triangle Route” Solutions .............................................................................. 490
IP Aliasing .............................................................................................................. 490
Gateways on the WAN Side................................................................................... 491
Appendix G
Internal SPTGEN .................................................................................................. 493
Internal SPTGEN Overview ................................................................................... 493
The Configuration Text File Format ........................................................................ 493
Internal SPTGEN File Modification - Important Points to Remember.............. 493
Internal SPTGEN FTP Download Example............................................................ 494
Internal SPTGEN FTP Upload Example ................................................................ 495
Command Examples.............................................................................................. 516
Appendix H
Command Interpreter........................................................................................... 519
Command Syntax................................................................................................... 519
Command Usage ................................................................................................... 519
Appendix I
Firewall Commands ............................................................................................. 521
Sys Firewall Commands ........................................................................................ 521
Appendix J
Boot Commands ..................................................................................................523
Appendix K
Log Descriptions.................................................................................................. 525
Log Commands...................................................................................................... 534
Configuring What You Want the Prestige to Log ............................................. 534
Displaying Logs ............................................................................................... 535
Log Command Example......................................................................................... 536
Table of Contents 27
Prestige 2602H/HW Series User’s Guide
Index...................................................................................................................... 537
28 Table of Contents
Prestige 2602H/HW Series User’s Guide

List of Figures

Figure 1 Prestige Internet Access Application ....................................................... 54
Figure 2 Internet Telephony Service Provider Application ..................................... 54
Figure 3 Peer-to-peer Calling ................................................................................. 55
Figure 4 Firewall Application .................................................................................. 55
Figure 5 Prestige LAN-to-LAN Application ............................................................. 56
Figure 6 P2602H-C Series Front Panel ................................................................. 56
Figure 7 P2602HW-C Series Front Panel .............................................................. 56
Figure 8 Password Screen ..................................................................................... 60
Figure 9 Change Password at Login ...................................................................... 60
Figure 10 Web Configurator SITE MAP Screen ................................................... 62
Figure 11 Wizard Setup: First Screen .................................................................... 65
Figure 12 Internet Connection with PPPoE ............................................................ 67
Figure 13 Internet Connection with RFC 1483 ...................................................... 68
Figure 14 Internet Connection with ENET ENCAP ................................................ 68
Figure 15 Internet Connection with PPPoA ............................................................ 69
Figure 16 Wizard Setup: Third Screen .................................................................. 71
Figure 17 Internet Access Wizard Setup: Fourth Screen ....................................... 73
Figure 18 Wizard Setup: LAN Configuration .......................................................... 74
Figure 19 Wizard Setup: Connection Tests ............................................................ 75
Figure 20 Media Bandwidth Mgnt. Wizard Setup: First Screen ............................. 77
Figure 21 Media Bandwidth Mgnt. Wizard Setup: Second Screen (all services
selected) ....................................................................................... 78
Figure 22 Media Bandwidth Mgnt. Wizard Setup: Finish ....................................... 79
Figure 23 Password ............................................................................................... 79
Figure 24 LAN and WAN IP Addresses ................................................................. 81
Figure 25 Any IP Example ..................................................................................... 86
Figure 26 LAN Setup .............................................................................................. 87
Figure 27 LAN: Static DHCP .................................................................................. 89
Figure 28 Wireless Security Methods .................................................................... 93
Figure 29 Wireless Screen ..................................................................................... 94
Figure 30 MAC Address Filter ................................................................................ 96
Figure 31 WPA - PSK Authentication ..................................................................... 98
Figure 32 WPA with RADIUS Application Example2 .............................................. 99
Figure 33 Wireless LAN: 802.1x/WPA: No Access Allowed ................................... 100
Figure 34 Wireless LAN: 802.1x/WPA: No Authentication ..................................... 100
Figure 35 Wireless LAN: 802.1x/WPA: 802.1xl ...................................................... 101
Figure 36 Wireless LAN: 802.1x/WPA: WPA .......................................................... 103
Figure 37 Wireless LAN: 802.1x/WPA:WPA-PSK .................................................. 104
List of Figures 29
Prestige 2602H/HW Series User’s Guide
Figure 38 Local User Database ............................................................................. 105
Figure 39 RADIUS ................................................................................................. 106
Figure 40 Example of Traffic Shaping .................................................................... 113
Figure 41 WAN Setup (PPPoE) ............................................................................. 114
Figure 42 Traffic Redirect Example ........................................................................ 117
Figure 43 Traffic Redirect LAN Setup .................................................................... 117
Figure 44 WAN Backup .......................................................................................... 118
Figure 45 How NAT Works ..................................................................................... 123
Figure 46 NAT Application With IP Alias ................................................................ 123
Figure 47 Multiple Servers Behind NAT Example .................................................. 126
Figure 48 NAT Mode .............................................................................................. 127
Figure 49 Edit SUA/NAT Server Set ...................................................................... 128
Figure 50 Address Mapping Rules ......................................................................... 129
Figure 51 Address Mapping Rule Edit ................................................................... 130
Figure 52 SIP User Agent ...................................................................................... 135
Figure 53 SIP Proxy Server ................................................................................... 136
Figure 54 SIP Redirect Server ............................................................................... 137
Figure 55 SIP Settings ........................................................................................... 139
Figure 56 Voice Advanced Setup ........................................................................... 141
Figure 57 DiffServ: Differentiated Service Field ..................................................... 143
Figure 58 QoS ........................................................................................................ 144
Figure 59 Phone ..................................................................................................... 146
Figure 60 Speed Dial .............................................................................................. 148
Figure 61 Lifeline ................................................................................................... 150
Figure 62 Phone Port Common ............................................................................. 154
Figure 63 Voice Call Forward ................................................................................. 156
Figure 64 Dynamic DNS ........................................................................................ 162
Figure 65 Time and Date ........................................................................................ 164
Figure 66 Prestige Firewall Application .................................................................. 169
Figure 67 Three-Way Handshake .......................................................................... 171
Figure 68 SYN Flood .............................................................................................. 171
Figure 69 Smurf Attack .......................................................................................... 172
Figure 70 Stateful Inspection .................................................................................. 174
Figure 71 LAN to WAN Traffic ................................................................................ 184
Figure 72 WAN to LAN Traffic ................................................................................ 184
Figure 73 Firewall: Default Policy ........................................................................... 185
Figure 74 Firewall: Rule Summary ........................................................................ 187
Figure 75 Firewall: Edit Rule .................................................................................. 189
Figure 76 Firewall: Customized Services ............................................................... 191
Figure 77 Firewall: Configure Customized Services .............................................. 192
Figure 78 Firewall Example: Rule Summary .......................................................... 193
Figure 79 Firewall Example: Edit Rule: Destination Address ................................ 194
Figure 80 Edit Custom Port Example ..................................................................... 194
30 List of Figures
Prestige 2602H/HW Series User’s Guide
Figure 81 Firewall Example: Edit Rule: Select Customized Services .................... 195
Figure 82 Firewall Example: Rule Summary: My Service ..................................... 196
Figure 83 Firewall: Anti Probing ............................................................................. 199
Figure 84 Firewall: Threshold ................................................................................. 201
Figure 85 Content Filter: Keyword ......................................................................... 204
Figure 86 Content Filter: Schedule ........................................................................ 205
Figure 87 Content Filter: Trusted ........................................................................... 206
Figure 88 Encryption and Decryption ..................................................................... 208
Figure 89 IPSec Architecture ................................................................................. 209
Figure 90 Transport and Tunnel Mode IPSec Encapsulation ................................. 210
Figure 91 IPSec Summary Fields .......................................................................... 215
Figure 92 VPN Summary ....................................................................................... 216
Figure 93 VPN Host using Intranet DNS Server Example ..................................... 218
Figure 94 NAT Router Between IPSec Routers ..................................................... 218
Figure 95 VPN IKE ................................................................................................. 222
Figure 96 Two Phases to Set Up the IPSec SA ..................................................... 227
Figure 97 VPN IKE: Advanced Setup .................................................................... 229
Figure 98 VPN: Manual Key ................................................................................... 232
Figure 99 VPN: SA Monitor .................................................................................... 236
Figure 100 VPN: Global Setting ............................................................................. 237
Figure 101 Telecommuters Sharing One VPN Rule Example ................................ 238
Figure 102 Telecommuters Using Unique VPN Rules Example ............................ 239
Figure 103 Telnet Configuration on a TCP/IP Network .......................................... 242
Figure 104 Remote Management .......................................................................... 243
Figure 105 Configuring UPnP ................................................................................ 246
Figure 106 Add/Remove Programs: Windows Setup: Communication .................. 248
Figure 107 Add/Remove Programs: Windows Setup: Communication: Components
248
Figure 108 Network Connections ........................................................................... 249
Figure 109 Windows Optional Networking Components Wizard ........................... 250
Figure 110 Networking Services ............................................................................ 251
Figure 111 Network Connections ........................................................................... 252
Figure 112 Internet Connection Properties ........................................................... 253
Figure 113 Internet Connection Properties: Advanced Settings ............................ 254
Figure 114 Internet Connection Properties: Advanced Settings: Add .................... 254
Figure 115 System Tray Icon ................................................................................. 255
Figure 116 Internet Connection Status ................................................................... 255
Figure 117 Network Connections ........................................................................... 256
Figure 118 Network Connections: My Network Places .......................................... 257
Figure 119 Network Connections: My Network Places: Properties: Example ........ 257
Figure 120 Log Settings ......................................................................................... 260
Figure 121 View Logs ............................................................................................ 262
Figure 122 E-mail Log Example ............................................................................. 264
List of Figures 31
Prestige 2602H/HW Series User’s Guide
Figure 123 Application-based Bandwidth Management Example .......................... 266
Figure 124 Subnet-based Bandwidth Management Example ................................ 267
Figure 125 Application and Subnet-based Bandwidth Management Example ...... 267
Figure 126 Bandwidth Allotment Example ............................................................. 269
Figure 127 Maximize Bandwidth Usage Example .................................................. 270
Figure 128 Bandwidth Borrowing Example ............................................................ 271
Figure 129 Media Bandwidth Management: Summary .......................................... 272
Figure 130 Media Bandwidth Management: Class Setup ...................................... 273
Figure 131 Media Bandwidth Management: Class Configuration .......................... 274
Figure 132 Media Bandwidth Management Statistics ........................................... 277
Figure 133 Media Bandwidth Management: Monitor ............................................ 278
Figure 134 System Status ...................................................................................... 280
Figure 135 System Status: Show Statistics ............................................................ 282
Figure 136 DHCP Table ......................................................................................... 284
Figure 137 Any IP Table ......................................................................................... 284
Figure 138 Association List .................................................................................... 285
Figure 139 Diagnostic: General ............................................................................. 286
Figure 140 Diagnostic: DSL Line ........................................................................... 287
Figure 141 Firmware Upgrade ............................................................................... 288
Figure 142 Network Temporarily Disconnected ..................................................... 289
Figure 143 Error Message ..................................................................................... 289
Figure 144 Login Screen ........................................................................................ 292
Figure 145 Menu 23.1 Change Password .............................................................. 296
Figure 146 Menu 1 General Setup ......................................................................... 298
Figure 147 Menu 1.1 Configure Dynamic DNS ..................................................... 299
Figure 148 Menu 2 WAN Backup Setup ................................................................ 301
Figure 149 Menu 2.1Traffic Redirect Setup ............................................................ 302
Figure 150 Menu 3 LAN Setup ............................................................................... 305
Figure 151 Menu 3.1 LAN Port Filter Setup ........................................................... 305
Figure 152 Menu 3.2 TCP/IP and DHCP Ethernet Setup ...................................... 306
Figure 153 Menu 3.5 - Wireless LAN Setup .......................................................... 309
Figure 154 Menu 3.5.1 WLAN MAC Address Filtering ........................................... 311
Figure 155 IP Alias Network Example .................................................................... 314
Figure 156 Menu 3.2 TCP/IP and DHCP Setup .................................................... 314
Figure 157 Menu 3.2.1 IP Alias Setup ................................................................... 315
Figure 158 Menu 1 General Setup ......................................................................... 316
Figure 159 Menu 4 Internet Access Setup ............................................................. 316
Figure 160 Menu 11 Remote Node Setup .............................................................. 320
Figure 161 Menu 11.1 Remote Node Profile ......................................................... 321
Figure 162 Menu 11.3 Remote Node Network Layer Options ............................... 323
Figure 163 Sample IP Addresses for a TCP/IP LAN-to-LAN Connection .............. 325
Figure 164 Menu 11.5 Remote Node Filter (RFC 1483 or ENET Encapsulation) .. 326
Figure 165 Menu 11.5 Remote Node Filter (PPPoA or PPPoE Encapsulation) .... 326
32 List of Figures
Prestige 2602H/HW Series User’s Guide
Figure 166 Menu 11.6 for VC-based Multiplexing .................................................. 327
Figure 167 Menu 11.6 for LLC-based Multiplexing or PPP Encapsulation ............. 327
Figure 168 Menu 11.1 Remote Node Profile .......................................................... 328
Figure 169 Menu 11.8 Advance Setup Options ..................................................... 328
Figure 170 Sample Static Routing Topology .......................................................... 329
Figure 171 Menu 12 Static Route Setup ................................................................ 330
Figure 172 Menu 12.1 IP Static Route Setup ......................................................... 330
Figure 173 Menu12.1.1 Edit IP Static Route .......................................................... 330
Figure 174 Menu 11.1 Remote Node Profile .......................................................... 334
Figure 175 Menu 11.3 Remote Node Network Layer Options ............................... 334
Figure 176 Menu 12.3.1 Edit Bridge Static Route .................................................. 335
Figure 177 Menu 4 Applying NAT for Internet Access ........................................... 338
Figure 178 Applying NAT in Menus 4 & 11.3 .......................................................... 338
Figure 179 Menu 15 NAT Setup ........................................................................... 339
Figure 180 Menu 15.1 Address Mapping Sets ....................................................... 340
Figure 181 Menu 15.1.255 SUA Address Mapping Rules ..................................... 340
Figure 182 Menu 15.1.1 First Set ........................................................................... 341
Figure 183 Menu 15.1.1.1 Editing/Configuring an Individual Rule in a Set ........... 342
Figure 184 Menu 15.2 NAT Server Setup .............................................................. 343
Figure 185 Menu 15.2 NAT Server Setup .............................................................. 344
Figure 186 Multiple Servers Behind NAT Example ................................................ 344
Figure 187 NAT Example 1 .................................................................................... 345
Figure 188 Menu 4 Internet Access & NAT Example ............................................. 345
Figure 189 NAT Example 2 .................................................................................... 346
Figure 190 Menu 15.2.1 Specifying an Inside Server ............................................ 346
Figure 191 NAT Example 3 .................................................................................... 347
Figure 192 Example 3: Menu 11.3 ......................................................................... 348
Figure 193 Example 3: Menu 15.1.1.1 ................................................................... 348
Figure 194 Example 3: Final Menu 15.1.1 ............................................................. 349
Figure 195 Example 3: Menu 15.2 ......................................................................... 350
Figure 196 NAT Example 4 .................................................................................... 350
Figure 197 Example 4: Menu 15.1.1.1 Address Mapping Rule .............................. 351
Figure 198 Example 4: Menu 15.1.1 Address Mapping Rules ............................... 351
Figure 199 Menu 21.2 Firewall Setup .................................................................... 354
Figure 200 Outgoing Packet Filtering Process ....................................................... 355
Figure 201 Filter Rule Process ............................................................................... 356
Figure 202 Menu 21 Filter Set Configuration ......................................................... 357
Figure 203 NetBIOS_WAN Filter Rules Summary ................................................ 357
Figure 204 NetBIOS_LAN Filter Rules Summary ................................................. 358
Figure 205 IGMP Filter Rules Summary ............................................................... 358
Figure 206 Menu 21.1.x.x TCP/IP Filter Rule ........................................................ 360
Figure 207 Executing an IP Filter ........................................................................... 362
Figure 208 Menu 21.1.5.1 Generic Filter Rule ...................................................... 363
List of Figures 33
Prestige 2602H/HW Series User’s Guide
Figure 209 Protocol and Device Filter Sets ............................................................ 364
Figure 210 Sample Telnet Filter ............................................................................. 365
Figure 211 Menu 21.1.6.1 Sample Filter ............................................................... 365
Figure 212 Menu 21.1.6.1 Sample Filter Rules Summary ..................................... 366
Figure 213 Filtering Ethernet Traffic ....................................................................... 367
Figure 214 Filtering Remote Node Traffic .............................................................. 367
Figure 215 SNMP Management Model .................................................................. 369
Figure 216 Menu 22 SNMP Configuration ............................................................. 371
Figure 217 Menu 23 – System Security ................................................................. 373
Figure 218 Menu 23 System Security .................................................................... 373
Figure 219 Menu 23.2 System Security: RADIUS Server ...................................... 374
Figure 220 Menu 23 System Security .................................................................... 375
Figure 221 Menu 23.4 System Security: IEEE802.1x ............................................ 375
Figure 222 Menu 14 Dial-in User Setup ................................................................. 378
Figure 223 Menu 14.1 Edit Dial-in User ................................................................. 378
Figure 224 Menu 24 System Maintenance ............................................................ 379
Figure 225 Menu 24.1 System Maintenance: Status ............................................. 380
Figure 226 Menu 24.2 System Information and Console Port Speed .................... 381
Figure 227 Menu 24.2.1 System Maintenance: Information .................................. 382
Figure 228 Menu 24.2.2 System Maintenance: Change Console Port Speed ....... 383
Figure 229 Menu 24.3 System Maintenance: Log and Trace ................................ 383
Figure 230 Sample Error and Information Messages ............................................ 384
Figure 231 Menu 24.3.2 System Maintenance: Syslog and Accounting ................ 384
Figure 232 Syslog Example ................................................................................... 385
Figure 233 Menu 24.4 System Maintenance: Diagnostic ....................................... 386
Figure 234 Telnet in Menu 24.5 .............................................................................. 391
Figure 235 FTP Session Example ......................................................................... 392
Figure 236 Telnet into Menu 24.6 ........................................................................... 395
Figure 237 Restore Using FTP Session Example .................................................. 395
Figure 238 Telnet Into Menu 24.7.1 Upload System Firmware ............................. 396
Figure 239 Telnet Into Menu 24.7.2 System Maintenance .................................... 397
Figure 240 FTP Session Example of Firmware File Upload .................................. 398
Figure 241 Command Mode in Menu 24 ................................................................ 401
Figure 242 Valid Commands .................................................................................. 401
Figure 243 Menu 24.9 System Maintenance: Call Control ..................................... 402
Figure 244 Menu 24.9.1 System Maintenance: Budget Management ................... 402
Figure 245 Menu 24 System Maintenance ............................................................ 403
Figure 246 Menu 24.10 System Maintenance: Time and Date Setting .................. 404
Figure 247 Menu 24.11 Remote Management Control .......................................... 408
Figure 248 Menu 25 IP Routing Policy Setup ........................................................ 412
Figure 249 Menu 25.1 IP Routing Policy Setup ..................................................... 413
Figure 250 Menu 25.1.1 IP Routing Policy ............................................................. 414
Figure 251 Menu 3.2 TCP/IP and DHCP Ethernet Setup ...................................... 416
34 List of Figures
Prestige 2602H/HW Series User’s Guide
Figure 252 Menu 11.3 Remote Node Network Layer Options ............................... 416
Figure 253 Example of IP Policy Routing .............................................................. 417
Figure 254 IP Routing Policy Example ................................................................... 417
Figure 255 IP Routing Policy Example ................................................................... 418
Figure 256 Applying IP Policies Example .............................................................. 418
Figure 257 Menu 26 Schedule Setup ..................................................................... 419
Figure 258 Menu 26.1 Schedule Set Setup .......................................................... 420
Figure 259 Applying Schedule Set(s) to a Remote Node (PPPoE) ....................... 421
Figure 260 VPN SMT Menu Tree ........................................................................... 423
Figure 261 Menu 27 VPN/IPSec Setup .................................................................. 424
Figure 262 Menu 27.1 IPSec Summary ................................................................. 424
Figure 263 Menu 27.1.1 IPSec Setup .................................................................... 427
Figure 264 Menu 27.1.1.1KE Setup ....................................................................... 431
Figure 265 Menu 27.1.1.2 Manual Setup ............................................................... 433
Figure 266 Menu 27.2 SA Monitor ......................................................................... 436
Figure 267 Pop-up Blocker .................................................................................... 442
Figure 268 Internet Options .................................................................................. 443
Figure 269 Internet Options ................................................................................... 444
Figure 270 Pop-up Blocker Settings ...................................................................... 445
Figure 271 Internet Options ................................................................................... 446
Figure 272 Security Settings - Java Scripting ........................................................ 447
Figure 273 Security Settings - Java ....................................................................... 448
Figure 274 Java (Sun) ............................................................................................ 449
Figure 275 Ethernet Cable Pin Assignments ......................................................... 454
Figure 276 Prestige 2602HW-L DSL Port Pin Assignments .................................. 455
Figure 277 WIndows 95/98/Me: Network: Configuration ........................................ 458
Figure 278 Windows 95/98/Me: TCP/IP Properties: IP Address ............................ 459
Figure 279 Windows 95/98/Me: TCP/IP Properties: DNS Configuration ............... 460
Figure 280 Windows XP: Start Menu ..................................................................... 461
Figure 281 Windows XP: Control Panel ................................................................. 461
Figure 282 Windows XP: Control Panel: Network Connections: Properties .......... 462
Figure 283 Windows XP: Local Area Connection Properties ................................. 462
Figure 284 Windows XP: Advanced TCP/IP Settings ............................................ 463
Figure 285 Windows XP: Internet Protocol (TCP/IP) Properties ............................ 464
Figure 286 Macintosh OS 8/9: Apple Menu ........................................................... 465
Figure 287 Macintosh OS 8/9: TCP/IP ................................................................... 466
Figure 288 Macintosh OS X: Apple Menu .............................................................. 467
Figure 289 Macintosh OS X: Network .................................................................... 467
Figure 290 Single-Computer per Router Hardware Configuration ......................... 478
Figure 291 Prestige as a PPPoE Client ................................................................. 478
Figure 292 Peer-to-Peer Communication in an Ad-hoc Network ........................... 479
Figure 293 Basic Service Set ................................................................................. 480
Figure 294 Infrastructure WLAN ............................................................................ 481
List of Figures 35
Prestige 2602H/HW Series User’s Guide
Figure 295 RTS/CTS ............................................................................................. 482
Figure 296 Ideal Setup ........................................................................................... 489
Figure 297 “Triangle Route” Problem ..................................................................... 490
Figure 298 IP Alias ................................................................................................. 490
Figure 299 Gateways on the WAN Side ................................................................. 491
Figure 300 Configuration Text File Format: Column Descriptions .......................... 493
Figure 301 Invalid Parameter Entered: Command Line Example .......................... 494
Figure 302 Valid Parameter Entered: Command Line Example ............................. 494
Figure 303 Internal SPTGEN FTP Download Example ........................................ 495
Figure 304 Internal SPTGEN FTP Upload Example .............................................. 495
Figure 305 Option to Enter Debug Mode ............................................................... 523
Figure 306 Boot Module Commands ..................................................................... 524
Figure 307 Displaying Log Categories Example .................................................... 534
Figure 308 Displaying Log Parameters Example ................................................... 535
Figure 309 Log Command Example ...................................................................... 536
36 List of Figures
Prestige 2602H/HW Series User’s Guide

List of Tables

Table 1 Models Covered ....................................................................................... 47
Table 2 ADSL Standards ....................................................................................... 48
Table 3 IEEE 802.11g ............................................................................................ 52
Table 4 P2602H/HW-C Series Front Panel LEDs ................................................. 56
Table 5 Web Configurator Screens Summary ....................................................... 62
Table 6 Wizard Setup: First Screen ....................................................................... 66
Table 7 Internet Connection with PPPoE ............................................................. 67
Table 8 Internet Connection with RFC 1483 ......................................................... 68
Table 9 Internet Connection with ENET ENCAP ................................................... 69
Table 10 Internet Connection with PPPoA ............................................................ 70
Table 11 Wizard Setup: Voice Configuration ......................................................... 71
Table 12 Wizard Setup: LAN Configuration ........................................................... 74
Table 13 Media Bandwidth Mgnt. Wizard Setup: Services .................................... 76
Table 14 Media Bandwidth Mgnt. Wizard Setup: First Screen .............................. 77
Table 15 Media Bandwidth Mgnt. Wizard Setup: Second Screen ......................... 78
Table 16 Password ................................................................................................ 79
Table 17 LAN Setup .............................................................................................. 88
Table 18 LAN: Static DHCP ................................................................................... 89
Table 19 Wireless LAN .......................................................................................... 94
Table 20 MAC Address Filter ................................................................................ 96
Table 21 Wireless LAN: 802.1x/WPA: No Access/Authentication ......................... 100
Table 22 Wireless LAN: 802.1x/WPA: 802.1x ....................................................... 101
Table 23 Wireless LAN: 802.1x/WPA: WPA .......................................................... 103
Table 24 Wireless LAN: 802.1x/WPA: WPA-PSK .................................................. 104
Table 25 Local User Database .............................................................................. 105
Table 26 RADIUS .................................................................................................. 106
Table 27 WAN Setup ............................................................................................. 114
Table 28 WAN Backup .......................................................................................... 118
Table 29 NAT Definitions ....................................................................................... 121
Table 30 NAT Mapping Types ............................................................................... 124
Table 31 Services and Port Numbers .................................................................... 125
Table 32 NAT Mode ............................................................................................... 127
Table 33 Edit SUA/NAT Server Set ....................................................................... 128
Table 34 Address Mapping Rules ......................................................................... 129
Table 35 Address Mapping Rule Edit .................................................................... 131
Table 36 SIP Call Progression .............................................................................. 134
Table 37 SIP Settings ............................................................................................ 140
Table 38 Voice Advanced Setup ........................................................................... 141
List of Tables 37
Prestige 2602H/HW Series User’s Guide
Table 39 QoS ........................................................................................................ 144
Table 40 Phone ..................................................................................................... 146
Table 41 Speed Dial .............................................................................................. 148
Table 42 Lifeline .................................................................................................... 150
Table 43 European Flash Key Commands ............................................................ 151
Table 44 USA Flash Key Commands .................................................................... 153
Table 45 Voice Common ....................................................................................... 154
Table 46 Voice Call Forward ................................................................................. 156
Table 47 Dynamic DNS ......................................................................................... 162
Table 48 Pre-defined NTP Time Servers ............................................................... 163
Table 49 Time and Date ........................................................................................ 164
Table 50 Common IP Ports ................................................................................... 170
Table 51 ICMP Commands That Trigger Alerts ..................................................... 172
Table 52 Legal NetBIOS Commands .................................................................... 172
Table 53 Legal SMTP Commands ....................................................................... 173
Table 54 Firewall: Default Policy ........................................................................... 185
Table 55 Rule Summary ........................................................................................ 187
Table 56 Firewall: Edit Rule ................................................................................... 190
Table 57 Customized Services .............................................................................. 191
Table 58 Firewall: Configure Customized Services ............................................... 192
Table 59 Predefined Services .............................................................................. 196
Table 60 Firewall: Anti Probing .............................................................................. 199
Table 61 Firewall: Threshold ................................................................................. 201
Table 62 Content Filter: Keyword .......................................................................... 204
Table 63 Content Filter: Schedule ......................................................................... 205
Table 64 Content Filter: Trusted ............................................................................ 206
Table 65 VPN and NAT ......................................................................................... 211
Table 66 AH and ESP ........................................................................................... 214
Table 67 VPN Summary ........................................................................................ 216
Table 68 Local ID Type and Content Fields .......................................................... 220
Table 69 Peer ID Type and Content Fields ........................................................... 220
Table 70 Matching ID Type and Content Configuration Example .......................... 220
Table 71 Mismatching ID Type and Content Configuration Example .................... 221
Table 72 VPN IKE ................................................................................................. 223
Table 73 VPN IKE: Advanced Setup ..................................................................... 229
Table 74 VPN: Manual Key ................................................................................... 233
Table 75 VPN: SA Monitor .................................................................................... 236
Table 76 VPN: Global Setting ................................................................................ 237
Table 77 Telecommuters Sharing One VPN Rule Example .................................. 238
Table 78 Telecommuters Using Unique VPN Rules Example ............................... 239
Table 79 Remote Management ............................................................................. 243
Table 80 Configuring UPnP ................................................................................... 247
Table 81 Log Settings ............................................................................................ 261
38 List of Tables
Prestige 2602H/HW Series User’s Guide
Table 82 View Logs ............................................................................................... 262
Table 83 SMTP Error Messages ........................................................................... 263
Table 84 Application and Subnet-based Bandwidth Management Example ......... 267
Table 85 Media Bandwidth Management: Summary ............................................. 272
Table 86 Media Bandwidth Management: Class Setup ......................................... 273
Table 87 Media Bandwidth Management: Class Configuration ............................. 274
Table 88 Services and Port Numbers .................................................................... 276
Table 89 Media Bandwidth Management Statistics ............................................... 277
Table 90 Media Bandwidth Management: Monitor ................................................ 278
Table 91 System Status ......................................................................................... 281
Table 92 System Status: Show Statistics .............................................................. 282
Table 93 DHCP Table ............................................................................................ 284
Table 94 Any IP Table ........................................................................................... 284
Table 95 Association List ....................................................................................... 285
Table 96 Diagnostic: General ................................................................................ 286
Table 97 Diagnostic: DSL Line .............................................................................. 287
Table 98 Firmware Upgrade .................................................................................. 288
Table 99 Navigating the SMT Interface ................................................................. 292
Table 100 SMT Main Menu ................................................................................... 293
Table 101 Main Menu Summary ........................................................................... 293
Table 102 SMT Menus Overview .......................................................................... 294
Table 103 Menu 1 General Setup ......................................................................... 298
Table 104 Menu 1.1 Configure Dynamic DNS ...................................................... 299
Table 105 Menu 2 WAN Backup Setup ................................................................. 301
Table 106 Menu 2.1Traffic Redirect Setup ............................................................ 302
Table 107 DHCP Ethernet Setup .......................................................................... 306
Table 108 TCP/IP Ethernet Setup ......................................................................... 307
Table 109 Menu 3.5 - Wireless LAN Setup ........................................................... 309
Table 110 Menu 3.5.1 WLAN MAC Address Filtering ........................................... 311
Table 111 Menu 3.2.1 IP Alias Setup ..................................................................... 315
Table 112 Menu 4 Internet Access Setup .............................................................. 317
Table 113 Menu 11.1 Remote Node Profile ........................................................... 321
Table 114 Menu 11.3 Remote Node Network Layer Options ................................ 323
Table 115 Menu 11.8 Advance Setup Options ...................................................... 328
Table 116 Menu12.1.1 Edit IP Static Route ........................................................... 331
Table 117 Remote Node Network Layer Options: Bridge Fields ........................... 334
Table 118 Menu 12.3.1 Edit Bridge Static Route ................................................... 335
Table 119 Applying NAT in Menus 4 & 11.3 .......................................................... 339
Table 120 SUA Address Mapping Rules ............................................................... 340
Table 121 Menu 15.1.1 First Set ........................................................................... 342
Table 122 Menu 15.1.1.1 Editing/Configuring an Individual Rule in a Set ............ 342
Table 123 Abbreviations Used in the Filter Rules Summary Menu ....................... 358
Table 124 Rule Abbreviations Used ...................................................................... 359
List of Tables 39
Prestige 2602H/HW Series User’s Guide
Table 125 Menu 21.1.x.x TCP/IP Filter Rule ......................................................... 360
Table 126 Menu 21.1.5.1 Generic Filter Rule ........................................................ 363
Table 127 Filter Sets Table .................................................................................... 366
Table 128 Menu 22 SNMP Configuration .............................................................. 371
Table 129 SNMP Traps ......................................................................................... 371
Table 130 Ports and Permanent Virtual Circuits .................................................... 372
Table 131 Menu 23.2 System Security: RADIUS Server ...................................... 374
Table 132 Menu 23.4 System Security: IEEE802.1x ............................................. 376
Table 133 Menu 14.1 Edit Dial-in User .................................................................. 378
Table 134 Menu 24.1 System Maintenance: Status .............................................. 380
Table 135 Menu 24.2.1 System Maintenance: Information ................................... 382
Table 136 Menu 24.3.2 System Maintenance: Syslog and Accounting ................ 384
Table 137 Menu 24.4 System Maintenance Menu: Diagnostic ............................. 387
Table 138 Filename Conventions .......................................................................... 390
Table 139 General Commands for GUI-based FTP Clients .................................. 392
Table 140 General Commands for GUI-based TFTP Clients ................................ 394
Table 141 Menu 24.9.1 System Maintenance: Budget Management .................... 403
Table 142 Menu 24.10 System Maintenance: Time and Date Setting ................. 404
Table 143 Menu 24.11 Remote Management Control ........................................... 408
Table 144 Menu 25.1 IP Routing Policy Setup ...................................................... 413
Table 145 Menu 25.1.1 IP Routing Policy ............................................................. 414
Table 146 Menu 26.1 Schedule Set Setup ............................................................ 420
Table 147 Menu 27.1 IPSec Summary .................................................................. 424
Table 148 Menu 27.1.1 IPSec Setup .................................................................... 427
Table 149 Menu 27.1.1.1 IKE Setup ..................................................................... 431
Table 150 Active Protocol: Encapsulation and Security Protocol .......................... 432
Table 151 Menu 27.1.1.2 Manual Setup ............................................................... 433
Table 152 Menu 27.2 SA Monitor .......................................................................... 436
Table 153 Troubleshooting Starting Up Your Prestige ........................................... 439
Table 154 Troubleshooting the LAN ...................................................................... 439
Table 155 Troubleshooting the WAN ..................................................................... 440
Table 156 Troubleshooting Accessing the Prestige .............................................. 441
Table 157 Troubleshooting Telephone .................................................................. 449
Table 158 Device Specifications ............................................................................ 451
Table 159 Firmware Specifications ........................................................................ 452
Table 160 Prestige 2602H/HW Series Power Adaptor Specifications ................... 455
Table 161 Classes of IP Addresses ...................................................................... 469
Table 162 Allowed IP Address Range By Class .................................................... 470
Table 163 “Natural” Masks ................................................................................... 470
Table 164 Alternative Subnet Mask Notation ........................................................ 471
Table 165 Two Subnets Example .......................................................................... 471
Table 166 Subnet 1 ............................................................................................... 472
Table 167 Subnet 2 ............................................................................................... 472
40 List of Tables
Prestige 2602H/HW Series User’s Guide
Table 168 Subnet 1 ............................................................................................... 473
Table 169 Subnet 2 ............................................................................................... 473
Table 170 Subnet 3 ............................................................................................... 473
Table 171 Subnet 4 ............................................................................................... 474
Table 172 Eight Subnets ....................................................................................... 474
Table 173 Class C Subnet Planning ...................................................................... 474
Table 174 Class B Subnet Planning ...................................................................... 475
Table 175 IEEE 802.11g ........................................................................................ 483
Table 176 Comparison of EAP Authentication Types ............................................ 487
Table 177 Wireless Security Relational Matrix ...................................................... 488
Table 178 Abbreviations Used in the Example Internal SPTGEN Screens Table . 495
Table 179 Menu 1 General Setup (SMT Menu 1) ................................................. 496
Table 180 Menu 3 (SMT Menu 3 ) ......................................................................... 496
Table 181 Menu 4 Internet Access Setup (SMT Menu 4) ..................................... 499
Table 182 Menu 12 (SMT Menu 12) ...................................................................... 501
Table 183 Menu 15 SUA Server Setup (SMT Menu 15) ....................................... 505
Table 184 Menu 21.1 Filter Set #1 (SMT Menu 21.1) ........................................... 507
Table 185 Menu 21.1 Filer Set #2, (SMT Menu 21.1) .......................................... 510
Table 186 Menu 23 System Menus (SMT Menu 23) ............................................. 515
Table 187 Menu 24.11 Remote Management Control (SMT Menu 24.11) ............ 516
Table 188 Command Examples ............................................................................ 516
Table 189 Sys Firewall Commands ....................................................................... 521
Table 190 System Maintenance Logs ................................................................... 525
Table 191 System Error Logs ................................................................................ 526
Table 192 Access Control Logs ............................................................................. 526
Table 193 TCP Reset Logs ................................................................................... 527
Table 194 Packet Filter Logs ................................................................................. 527
Table 195 ICMP Logs ............................................................................................ 527
Table 196 CDR Logs ............................................................................................. 528
Table 197 PPP Logs .............................................................................................. 528
Table 198 UPnP Logs ........................................................................................... 529
Table 199 Content Filtering Logs .......................................................................... 529
Table 200 Attack Logs ........................................................................................... 529
Table 201 802.1X Logs ......................................................................................... 530
Table 202 ACL Setting Notes ................................................................................ 531
Table 203 ICMP Notes .......................................................................................... 531
Table 204 Syslog Logs .......................................................................................... 532
Table 205 SIP Logs ............................................................................................... 532
Table 206 RTP Logs .............................................................................................. 533
Table 207 FSM Logs: Caller Side .......................................................................... 533
Table 208 FSM Logs: Callee Side ......................................................................... 533
Table 209 Lifeline Logs ......................................................................................... 533
Table 210 RFC-2408 ISAKMP Payload Types ...................................................... 534
List of Tables 41
Prestige 2602H/HW Series User’s Guide
42 List of Tables
Prestige 2602H/HW Series User’s Guide

Preface

Congratulations on your purchase of the Prestige 2602HW Series ADSL VoIP IAD with
802.11g Wireless.
Note: Register your product online to receive e-mail notices of firmware upgrades and
information at North American products.
Your Prestige is easy to install and configure.
About This User's Guide
This manual is designed to guide you through the configuration of your Prestige for its various applications. The web configurator parts of this guide contain background information on features configurable by web configurator. The SMT parts of this guide contain background information solely on features not configurable by web configurator.
www.zyxel.com for global products, or at www.us.zyxel.com for
Note: Use the web configurator, System Management Terminal (SMT) or command
interpreter interface to configure your Prestige. Not all features can be configured through all interfaces.
Related Documentation
• Supporting Disk
Refer to the included CD for support documents.
• Quick Start Guide
The Quick Start Guide is designed to help you get up and running right away. They contain connection information and instructions on getting started.
• Web Configurator Online Help
Embedded web help for descriptions of individual screens and supplementary information.
• ZyXEL Glossary and Web Site
Please refer to www.zyxel.com support documentation.
for an online glossary of networking terms and additional
User Guide Feedback
Help us help you. E-mail all User Guide-related comments, questions or suggestions for improvement to techwriters@zyxel.com.tw or send regular mail to The Technical Writing Team, ZyXEL Communications Corp., 6 Innovation Road II, Science-Based Industrial Park, Hsinchu, 300, Taiwan. Thank you.
Preface 43
Prestige 2602H/HW Series User’s Guide
Syntax Conventions
• “Enter” means for you to type one or more characters. “Select” or “Choose” means for you to use one predefined choices.
• The SMT menu titles and labels are in Bold Times New Roman font. Predefined field choices are in Bold Arial font. Command and arrow keys are enclosed in square brackets. [ENTER] means the Enter, or carriage return key; [ESC] means the Escape key and [SPACE BAR] means the Space Bar.
• Mouse action sequences are denoted using a comma. For example, “click the Apple icon, Control Panels and then Modem” means first click the Apple icon, then point your mouse pointer to Control Panels and then click Modem.
• “e.g.,” is a shorthand for “for instance”, and “i.e.,” means “that is” or “in other words”.
• The Prestige 2602HW series may be referred to as the Prestige in this user’s guide. This refers to both models (ADSL over POTS and ADSL over ISDN) unless specifically identified.
44 Preface
Graphics Icons Key
Prestige Computer Notebook Computer
Server Switch Router
Telephone DSLAM Trunking Gateway
Prestige 2602H/HW Series User’s Guide
Firewall Wireless Signal

Introduction to DSL

DSL (Digital Subscriber Line) technology enhances the data capacity of the existing twisted­pair wire that runs between the local telephone company switching offices and most homes and offices. While the wire itself can handle higher frequencies, the telephone switching equipment is designed to cut off signals above 4,000 Hz to filter noise off the voice line, but now everybody is searching for ways to get more bandwidth to improve access to the Web ­hence DSL technologies.
There are actually seven types of DSL service, ranging in speeds from 16 Kbits/sec to 52 Mbits/sec. The services are either symmetrical (traffic flows at the same speed in both directions), or asymmetrical (the downstream capacity is higher than the upstream capacity). Asymmetrical services (ADSL) are suitable for Internet users because more information is usually downloaded than uploaded. For example, a simple button click in a web browser can start an extended download that includes graphics and text.
Introduction to DSL 45
Prestige 2602H/HW Series User’s Guide
As data rates increase, the carrying distance decreases. That means that users who are beyond a certain distance from the telephone company’s central office may not be able to obtain the higher speeds.
A DSL connection is a point-to-point dedicated circuit, meaning that the link is always up and there is no dialing required.
Introduction to ADSL
It is an asymmetrical technology, meaning that the downstream data rate is much higher than the upstream data rate. As mentioned, this works well for a typical Internet session in which more information is downloaded, for example, from Web servers, than is uploaded. ADSL operates in a frequency range that is above the frequency range of voice services, so the two systems can operate over the same cable.
46 Introduction to DSL
Prestige 2602H/HW Series User’s Guide
CHAPTER 1

Getting To Know Your Prestige

This chapter describes the key features and applications of your Prestige.

1.1 Introducing the Prestige

The Prestige 2602H/HL/HW/HWL-C are ADSL VoIP IADs (Integrated Access Device) with a built-in switch. They combine high-speed Internet access and Voice over IP (VoIP) communication capabilities. They allow you to use a traditional analog telephone to make Internet calls. By integrating DSL and NAT, the Prestige provides ease of installation and Internet access. The Prestige is also a complete security solution with a robust firewall and content filtering.
At the time of writing, this guide covers the following Prestige models (this guide abbreviates “Prestige” to “P” in the model name as in P2602H for example).
Table 1 Models Covered
P2602H-61C P2602HW-61C P2602HL-61C P2602HWL-61C
P2602H-63C P2602HW-63C P2602HL-63C P2602HWL-63C
P2602H-67C P2602HW-67C P2602HL-67C P2602HWL-67C
In the Prestige product name, “H” denotes an integrated 4-port hub and “W” denotes wireless functionality. The P2602HW has an embedded mini-PCI module for IEEE 802.11g wireless LAN connectivity.
Note: All wireless features in this guide pertain to the P2602HW/HWL series only.
“L” denotes models that include the PSTN (Public Switched Telephone Network) lifeline feature. PSTN lifeline lets you have VoIP phone service and PSTN phone service at the same time.
Models ending in “1”, for example P2602HW-61, denote a device that works over the analog telephone system, POTS (Plain Old Telephone Service). Models ending in “3” denote a device that works over ISDN (Integrated Services Digital Network). Models ending in “7” denote a device that works over T-ISDN (UR-2).
Note: Only use firmware for your Prestige’s specific model. Refer to the label on the
bottom of your Prestige.
Chapter 1 Getting To Know Your Prestige 47
Prestige 2602H/HW Series User’s Guide
The built-in Ethernet switch consists of four auto-negotiating 10/100BASE-T, auto-crossover RJ-45 ports (either a crossover or straight-through Ethernet cable can be used) for connecting to your local computers.
Note: The Prestige is ideal for high-speed Internet browsing and making LAN-to-LAN
connections to remote networks. The Prestige is an ADSL router compatible with the ADSL/ADSL2/ADSL2+ standards. Maximum data rates attainable by the Prestige for each standard are shown in the next table.
Table 2 ADSL Standards
STANDARD UPSTREAM DATA RATE DOWNSTREAM DATA RATE
ADSL
ADSL2
ADSL2+
832 kbps 8 Mbps
1 Mbps 12 Mbps
1 Mbps 24 Mbps
Note: The standard your ISP supports determines the maximum upstream and
downstream speeds attainable. Actual speeds attained also depend on the distance from your ISP, line quality, etc.
The web browser-based Graphical User Interface (GUI) provides easy management.

1.1.1 Features of the Prestige

The following sections describe the features of the Prestige.
Built-in Switch
The 10/100 Mbps auto-negotiating Ethernet ports allow the Prestige to detect the speed of incoming transmissions and adjust appropriately without manual intervention. It allows data transfer of either 10 Mbps or 100 Mbps in either half-duplex or full-duplex mode depending on your Ethernet network. The ports are also auto-crossover (MDI/MDI-X) meaning they automatically adjust to either a crossover or straight-through Ethernet cable.
High Speed Internet Access
Your Prestige ADSL/ADSL2/ADSL2+ router can support downstream transmission rates of up to 24Mbps and upstream transmission rates of 1 Mbps. Actual speeds attained depend on ISP DSLAM environment.
PSTN Lifeline (“L” Models Only)
The Prestige “L” models allow you to connect a PSTN line. You can receive incoming PSTN phone calls even while someone else connected to the Prestige is making VoIP phone calls. You can dial a (prefix) number to make an outgoing PSTN call. You can still make PSTN phone calls if the Prestige loses power.
48 Chapter 1 Getting To Know Your Prestige
Prestige 2602H/HW Series User’s Guide
Zero Configuration Internet Access
Once you connect and turn on the Prestige, it automatically detects the Internet connection settings (such as the VCI/VPI numbers and the encapsulation method) from the ISP and makes the necessary configuration changes. In cases where additional account information (such as an Internet account user name and password) is required or the Prestige cannot connect to the ISP, you will be redirected to web screen(s) for information input or troubleshooting.
Any IP
The Any IP feature allows a computer to access the Internet and the Prestige without changing the network settings (such as IP address and subnet mask) of the computer, when the IP addresses of the computer and the Prestige are not in the same subnet.
Auto-provisioning
Your voice service provider can automatically update your Prestige’s configuration via an auto-provisioning server.
Auto Firmware Upgrade
The Prestige gives you the option to upgrade to a newer firmware version if it finds one during auto-provisioning. Your voice service provider must have an auto-provisioning server and a server set up with firmware in order for this feature to work.
Firewall
The Prestige is a stateful inspection firewall with DoS (Denial of Service) protection. By default, when the firewall is activated, all incoming traffic from the WAN to the LAN is blocked unless it is initiated from the LAN. The Prestige firewall supports TCP/UDP inspection, DoS detection and prevention, real time alerts, reports and logs.
Note: You can configure most features of the Prestige via SMT but we recommend
you configure the firewall and content filters using the web configurator.
IPSec VPN Capability
Establish a Virtual Private Network (VPN) to connect with business partners and branch offices using data encryption and the Internet to provide secure communications without the expense of leased site-to-site lines. The Prestige VPN is based on the IPSec standard and is fully interoperable with other IPSec-based VPN products.
The Prestige supports up to 20 simultaneous IPSec connections.
Network Address Translation (NAT)
Network Address Translation (NAT) allows the translation of an Internet protocol address used within one network (for example a private IP address used in a local network) to a different IP address known within another network (for example a public IP address used on the Internet).
Chapter 1 Getting To Know Your Prestige 49
Prestige 2602H/HW Series User’s Guide
Content Filtering
Content filtering allows you to block access to Internet web sites that contain key words (that you specify) in the URL. You can also schedule when the Prestige should perform the filtering and give trusted LAN IP addresses unfiltered Internet access.
REN
A Ringer Equivalence Number is used to determine the number of devices that may be connected to the telephone line. The Prestige can support three devices per telephone port.
Dynamic Jitter Buffer
The Prestige has a built-in adaptive, buffer that helps to smooth out the variations in delay (jitter) for voice traffic. This helps ensure good voice quality for your conversations.
Multiple SIP Accounts
The Prestige allows you to simultaneously use multiple voice (SIP) accounts and assign them to one or both telephone ports.
Multiple Voice Channels
The Prestige can simultaneously handle multiple voice channels (telephone calls). Additionally you can answer an incoming phone call on a VoIP account, even while someone else is using the account for a phone call.
Voice Activity Detection/Silence Suppression
Voice Activity Detection (VAD) reduces the bandwidth that a call uses by not transmitting when you are not speaking.
Comfort Noise Generation
The Prestige generates background noise to fill moments of silence when the other device in a call stops transmitting because the other party is not speaking (as total silence could easily be mistaken for a lost connection).
Echo Cancellation
The Prestige supports G.168, an ITU-T standard for eliminating the echo caused by the sound of your voice reverberating in the telephone receiver while you talk.
QoS (Quality of Service)
Quality of Service (QoS) mechanisms help to provide better service on a per-flow basis. The Prestige supports Type of Service (ToS) tagging and Differentiated Services (DiffServ) tagging. This allows the Prestige to tag voice frames so they can be prioritized over the network.
50 Chapter 1 Getting To Know Your Prestige
Prestige 2602H/HW Series User’s Guide
SIP ALG
The Prestige 2602HW is a SIP Application Layer Gateway (ALG). It allows VoIP calls to pass through NAT for devices behind the Prestige (such as a SIP-based VoIP software application on a computer).
Traffic Redirect
Traffic redirect forwards WAN traffic to a backup gateway when the Prestige cannot connect to the Internet, thus acting as an auxiliary if your regular WAN connection fails.
Universal Plug and Play (UPnP)
Using the standard TCP/IP protocol, the Prestige and other UPnP enabled devices can dynamically join a network, obtain an IP address and convey its capabilities to other devices on the network.
PPPoE Support (RFC2516)
PPPoE (Point-to-Point Protocol over Ethernet) emulates a dial-up connection. It allows your ISP to use their existing network configuration with newer broadband technologies such as ADSL. The PPPoE driver on the Prestige is transparent to the computers on the LAN, which see only Ethernet and are not aware of PPPoE thus saving you from having to manage PPPoE clients on individual computers.
Dynamic DNS Support
With Dynamic DNS support, you can have a static hostname alias for a dynamic IP address, allowing the host to be more easily accessible from various locations on the Internet. You must register for this service with a Dynamic DNS service provider.
DHCP
DHCP (Dynamic Host Configuration Protocol) allows the individual clients (computers) to obtain the TCP/IP configuration at start-up from a centralized DHCP server. The Prestige has built-in DHCP server capability enabled by default. It can assign IP addresses, an IP default gateway and DNS servers to DHCP clients. The Prestige can now also act as a surrogate DHCP server (DHCP Relay) where it relays IP address assignment from the actual real DHCP server to the clients.
Multiple PVC (Permanent Virtual Circuits) Support
Your Prestige supports up to 8 PVC’s.
IP Alias
IP Alias allows you to partition a physical network into logical networks over the same Ethernet interface. The Prestige supports three logical LAN interfaces via its single physical Ethernet interface with the Prestige itself as the gateway for each LAN network.
Chapter 1 Getting To Know Your Prestige 51
Prestige 2602H/HW Series User’s Guide
IP Policy Routing (IPPR)
Traditionally, routing is based on the destination address only and the router takes the shortest path to forward a packet. IP Policy Routing (IPPR) provides a mechanism to override the default routing behavior and alter the packet forwarding based on the policy defined by the network administrator.
Other PPPoE Features
• PPPoE idle time out
• PPPoE dial on demand
Packet Filters
The Prestige's packet filtering function allows added network security and management.
Ease of Installation
Your Prestige is designed for quick, intuitive and easy installation.
Housing
Your Prestige's compact and ventilated housing minimizes space requirements making it easy to position anywhere in your busy office.
1.1.1.1 P2602HW Wireless Features
IEEE 802.11g Wireless LAN
IEEE 802.11g is fully compatible with the IEEE 802.11b standard. This means an IEEE
802.11b radio card can interface directly with an IEEE 802.11g access point (and vice versa) at 11 Mbps or lower depending on range. IEEE 802.11g has several intermediate rate steps between the maximum and minimum data rates. The IEEE 802.11g data rate and modulation are as follows:
Table 3 IEEE 802.11g
DATA RATE (MBPS) MODULATION
1 DBPSK (Differential Binary Phase Shift Keyed)
2 DQPSK (Differential Quadrature Phase Shift Keying)
5.5 / 11 CCK (Complementary Code Keying)
6/9/12/18/24/36/48/54 OFDM (Orthogonal Frequency Division Multiplexing)
Note: The Prestige may be prone to RF (Radio Frequency) interference from other
2.4 GHz devices such as microwave ovens, wireless phones, Bluetooth enabled devices, and other wireless LANs.
52 Chapter 1 Getting To Know Your Prestige
Prestige 2602H/HW Series User’s Guide
External Antenna
The Prestige is equipped with an antenna connector and comes with a detachable 5dBi antenna to provide clear radio signal between the wireless stations and the access points.
Wireless LAN MAC Address Filtering
Your Prestige can check the MAC addresses of wireless stations against a list of allowed or denied MAC addresses.
WEP Encryption
WEP (Wired Equivalent Privacy) encrypts data frames before transmitting over the wireless network to help keep network communications private.
Wi-Fi Protected Access
Wi-Fi Protected Access (WPA) is a subset of the IEEE 802.11i security standard. Key differences between WPA and WEP are user authentication and improved data encryption.

1.2 Applications for the Prestige

Here are some example uses for which the Prestige is well suited.

1.2.1 Internet Access

The Prestige is the ideal high-speed Internet access solution. Your Prestige supports the TCP/ IP protocol, which the Internet uses exclusively. It is compatible with all major ADSL DSLAM (Digital Subscriber Line Access Multiplexer) providers. A DSLAM is a rack of ADSL line cards with data multiplexed into a backbone network interface/connection (for example, T1, OC3, DS3, ATM or Frame Relay). Think of it as the equivalent of a modem rack for ADSL. In addition, the Prestige allows wireless clients access to your network resources. A typical Internet access application is shown below.
Chapter 1 Getting To Know Your Prestige 53
Prestige 2602H/HW Series User’s Guide
Figure 1 Prestige Internet Access Application
1.2.1.1 Internet Single User Account
For a SOHO (Small Office/Home Office) environment, your Prestige offers the Single User Account (SUA) feature that allows multiple users on the LAN (Local Area Network) to access the Internet concurrently for the cost of a single IP address

1.2.2 Making Calls via Internet Telephony Service Provider

In a home or small office environment, you can use the Prestige to make and receive VoIP telephone calls through an Internet Telephony Service Provider (ITSP).
The following figure shows a basic example of how you would make a VoIP call through an ITSP. You use your analog phone (A in the figure) and the Prestige (B) changes the call into VoIP. The Prestige then sends your call to the Internet and the ITSP’s SIP server. The VoIP call server forwards calls to PSTN phones (E) through a trunking gateway (D) to the PSTN network. The VoIP call server forwards calls to IP phones (F) through the Internet.
Figure 2 Internet Telephony Service Provider Application

1.2.3 Make Peer-to-peer Calls

Use the Prestige to make a call to the recipient’s IP address without using a SIP proxy server Peer-to-peer calls are also called “Point to Point” or “IP-to-IP” calls. You must know the peer’s IP address in order to do this.
54 Chapter 1 Getting To Know Your Prestige
Prestige 2602H/HW Series User’s Guide
The following figure shows a basic example of how you would make a peer-to-peer VoIP call. You use your analog phone (A in the figure) and the Prestige (B) changes the call into VoIP. The Prestige then sends your call through the Internet to the peer VoIP device (C).
Figure 3 Peer-to-peer Calling

1.2.4 Firewall for Secure Broadband Internet Access

The Prestige provides protection from attacks by Internet hackers. By default, the firewall blocks all incoming traffic from the WAN. The firewall supports TCP/UDP inspection and DoS (Denial of Services) detection and prevention, as well as real time alerts, reports and logs.
Figure 4 Firewall Application

1.2.5 LAN to LAN Application

You can use the Prestige to connect two geographically dispersed networks over the ADSL line. A typical LAN-to-LAN application for your Prestige is shown as follows.
Chapter 1 Getting To Know Your Prestige 55
Prestige 2602H/HW Series User’s Guide
Figure 5 Prestige LAN-to-LAN Application

1.2.6 Front Panel LEDs

Figure 6 P2602H-C Series Front Panel
Figure 7 P2602HW-C Series Front Panel
The following table describes the LEDs.
Table 4 P2602H/HW-C Series Front Panel LEDs
LED COLOR STATUS DESCRIPTION
PWR/SYS Green On The Prestige is receiving power and functioning properly.
Blinking The Prestige is rebooting and performing a self-test.
Red On Power to the Prestige is too low.
None Off The system is not ready or has malfunctioned.
56 Chapter 1 Getting To Know Your Prestige
Prestige 2602H/HW Series User’s Guide
Table 4 P2602H/HW-C Series Front Panel LEDs (continued)
LED COLOR STATUS DESCRIPTION
LAN 1-4 Green On The Prestige has a successful Ethernet connection.
Blinking The Prestige is sending/receiving data.
None Off The LAN is not connected.
WLAN (W models only)
DSL Green On The Prestige has a DSL connection.
INTERNET Green On The Prestige has an IP connection but no traffic.
PHONE 1, 2 Green On A SIP account is registered for the phone port.
Green On The Prestige is ready, but is not sending/receiving data
through the wireless LAN.
Blinking The Prestige is sending/receiving data through the wireless
LAN.
None Off The wireless LAN is not ready or has failed.
Blinking The Prestige is initializing the DSL line.
None Off The DSL link is down.
The Prestige has a WAN IP address (either static or assigned by a DHCP server), PPP negotiation was successfully completed (if used) and the DSL connection is up.
Blinking The Prestige is sending or receiving IP traffic.
Red On The Prestige attempted to make an IP connection but failed.
Possible causes are no response from a DHCP server, no PPPoE response, PPPoE authentication failed).
None Off The Prestige does not have an IP connection
Blinking A telephone connected to the phone port has its receiver off
of the hook or there is an incoming call.
None Off The phone port does not have a SIP account registered.
Refer to the Quick Start Guide for information on hardware connections.
Chapter 1 Getting To Know Your Prestige 57
Prestige 2602H/HW Series User’s Guide
58 Chapter 1 Getting To Know Your Prestige
Introducing the Web
This chapter describes how to access and navigate the web configurator.

2.1 Web Configurator Overview

The web configurator is an HTML-based management interface that allows easy Prestige setup and management via Internet browser. Use Internet Explorer 6.0 and later or Netscape Navigator 7.0 and later versions. The recommended screen resolution is 1024 by 768 pixels.
Prestige 2602H/HW Series User’s Guide
CHAPTER 2
Configurator
In order to use the web configurator you need to allow:
• Web browser pop-up windows from your device. Web pop-up blocking is enabled by default in Windows XP SP (Service Pack) 2.
• JavaScripts (enabled by default).
• Java permissions (enabled by default).
See the Troubleshooting chapter if you need to make sure these functions are allowed in Internet Explorer.

2.1.1 Accessing the Prestige Web Configurator

1 Make sure your Prestige hardware is properly connected (refer to the Quick Start Guide).
2 Prepare your computer/computer network to connect to the Prestige (refer to the Quick
Start Guide).
3 Launch your web browser.
4 Type "192.168.1.1" as the URL.
5 An Enter Network Password window displays. Enter the user name (“admin” is the
default), password (“1234” is the default). Click Login to proceed to a screen asking you to change your password. Click Reset to revert to the default password in the password field
Chapter 2 Introducing the Web Configurator 59
Prestige 2602H/HW Series User’s Guide
Figure 8 Password Screen
6 It is highly recommended you change the default password. Enter a new password, retype
it to confirm and click Apply; alternatively click Ignore to proceed to the main menu if you do not want to change the password now.
Figure 9 Change Password at Login
7 You should now see the SITE MAP screen.
Note: The Prestige automatically times out after five minutes of inactivity. Simply log
back into the Prestige if this happens to you.

2.1.2 Resetting the Prestige

If you forget your password or cannot access the web configurator, you will need to use the RESET button at the back of the Prestige to reload the factory-default configuration file. This means that you will lose all configurations that you had previously and the password will be reset to “1234”.
2.1.2.1 Using The Reset Button
1 Make sure the PWR/SYS LED is on (not blinking).
2 Press the RESET button for ten seconds or until the PWR/SYS LED begins to blink and
then release it. When the PWR/SYS LED begins to blink, the defaults have been restored and the Prestige restarts.
60 Chapter 2 Introducing the Web Configurator
Prestige 2602H/HW Series User’s Guide

2.1.3 Navigating the Prestige Web Configurator

The following summarizes how to navigate the web configurator from the SITE MAP screen. We use the Prestige 2602HW-61 web screens in this guide as an example. Screens vary slightly for different Prestige models.
• Click Wizard Setup to begin a series of screens to configure your Prestige for the first time.
• Click a link under Advanced Setup to configure advanced Prestige features.
• Click a link under Maintenance to see Prestige performance statistics, upload firmware and back up, restore or upload a configuration file.
• Click Site Map to go to the Site Map screen.
• Click Logout in the navigation panel when you have finished a Prestige management session.
Chapter 2 Introducing the Web Configurator 61
Prestige 2602H/HW Series User’s Guide
Figure 10 Web Configurator SITE MAP Screen
Note: Click the icon (located in the top right corner of most screens) to view
embedded help.
Table 5 Web Configurator Screens Summary
LINK SUB-LINK FUNCTION
Wizard Setup Connection
Setup
Media Bandwidth Mgnt
Advanced Setup
Password Use this screen to change your password.
LAN LAN Setup Use this screen to configure LAN DHCP and TCP/IP settings.
Static DHCP Use this screen to configure static DHCP IP and MAC
Wireless LAN
WAN WAN Setup Use this screen to change the Prestige’s WAN remote node
NAT SUA Only Use this screen to configure servers behind the Prestige.
Wireless Use this screen to configure the wireless LAN settings.
MAC Filter Use this screen to change MAC filter settings on the Prestige
802.1X/WPA Use this screen to configure the Prestige’s WLAN authentication
Local User Database
RADIUS Use this screen to use an external server to authenticate
WAN Backup Use this screen to configure your traffic redirect properties and
Full Feature Use this screen to configure network address translation
Use these screens for initial configuration including general setup, ISP parameters for Internet Access and WAN IP/DNS Server/MAC address assignment.
Use these screens to set up bandwidth control quickly.
addresses.
and security settings.
Use this screen to set up built-in user profiles for wireless client authentication.
wireless clients.
settings.
WAN backup settings.
mapping rules.
62 Chapter 2 Introducing the Web Configurator
Prestige 2602H/HW Series User’s Guide
Table 5 Web Configurator Screens Summary (continued)
LINK SUB-LINK FUNCTION
Voice SIP Settings Use this screen to configure your Prestige’s Session Initiation
Protocol settings.
QoS Use this screen to configure your Prestige’s Quality of Service
settings.
Phone Use this screen to configure your Prestige’s phone settings.
Speed Dial Use this screen to configure speed dial for SIP phone numbers
Lifeline Use this screen to configure your Prestige’s settings for PSTN
Common Use this screen to configure general phone port settings.
Call Forward Use this screen to configure call-forwarding.
Dynamic DNS Use this screen to set up dynamic DNS.
Time and Date Use this screen to change your Prestige’s time and date.
Firewall Default Policy Use this screen to activate/deactivate the firewall and the
Rule Summary This screen shows a summary of the firewall rules, and allows
Anti Probing Use this screen to change your anti-probing settings.
Threshold Use this screen to configure the threshold for DoS attacks.
Content Filter Keyword Use this screen to block sites containing certain keywords in the
Schedule Use this screen to set the days and times for the Prestige to
Trusted Use this screen to exclude a range of users on the LAN from
VPN Setup
Monitor
Global Setting
Remote Management
UPnP Use this screen to enable UPnP on the Prestige.
Logs Log Settings Use this screen to change your Prestige’s log settings.
View Log Use this screen to view the logs for the categories that you
Media Bandwidth Management
Maintenance
System Status This screen contains administrative and system-related
Summary Use this screen to allocate an interface's outgoing capacity to
Class Setup Use this screen to define a bandwidth class.
Monitor Use this screen to view bandwidth class statistics.
that you call often.
calls (Prestige 2602HW-L only).
direction of network traffic to which to apply the rule.
you to edit/add a firewall rule.
URL.
perform content filtering.
content filtering on your Prestige.
Use this screen to configure VPN connections and view the rule summary.
Use this screen to display and manage active VPN connections.
Use this screen to allow NetBIOS packets through the VPN connections.
Use this screen to configure through which interface(s) and from which IP address(es) users can use Telnet/FTP/Web services to manage the Prestige.
selected.
specific types of traffic.
information.
Chapter 2 Introducing the Web Configurator 63
Prestige 2602H/HW Series User’s Guide
Table 5 Web Configurator Screens Summary (continued)
LINK SUB-LINK FUNCTION
DHCP Table This screen displays DHCP (Dynamic Host Configuration
Any IP Table This screen lists the devices that are using the Any IP feature to
Wireless LAN Association List This screen displays the MAC address(es) of the wireless
Diagnostic General These screens display information to help you identify problems
DSL Line These screens display information to help you identify problems
Firmware Use this screen to upload firmware to your Prestige
Protocol) related information and is READ-ONLY.
communicate with the Prestige.
stations that are currently logged in to the network.
with the Prestige general connection.
with the DSL line.
64 Chapter 2 Introducing the Web Configurator
This chapter provides information on the Wizard Setup screens for Internet access and VoIP in the web configurator.

3.1 Wizard Setup Introduction

Use the Wizard Setup screens to configure your system for Internet access and Voice with the information provided by your ISP and voice service provider. Your ISP may have already configured some of the fields in the wizard screens for you.
Note: See the advanced menu chapters for background information on these fields.
Prestige 2602H/HW Series User’s Guide
CHAPTER 3

Wizard Setup

3.1.1 Wizard Setup: First Screen

In the SITE MAP screen click Wizard Setup to display the first wizard screen.
Figure 11 Wizard Setup: First Screen
Chapter 3 Wizard Setup 65
Prestige 2602H/HW Series User’s Guide
The following table describes the fields in this screen.
Table 6 Wizard Setup: First Screen
LABEL DESCRIPTION
Mode From the Mode drop-down list box, select Routing (default) if your ISP allows
multiple computers to share an Internet account. Otherwise select Bridge.
Encapsulation Select the encapsulation type your ISP uses from the Encapsulation drop-down list
box. Choices vary depending on what you select in the Mode field. If you select Bridge in the Mode field, select either PPPoA or RFC 1483. If you select Routing in the Mode field, select PPPoA, RFC 1483, ENET ENCAP or
PPPoE.
Multiplex Select the multiplexing method used by your ISP from the Multiplex drop-down list
box either VC-based or LLC-based.
Virtual Circuit IDVPI (Virtual Path Identifier) and VCI (Virtual Channel Identifier) define a virtual circuit.
VPI Enter the VPI assigned to you. This field may already be configured.
VCI Enter the VCI assigned to you. This field may already be configured.
Next Click this button to go to the next wizard screen. The next wizard screen you see
Refer to the appendix for more information.
depends on what protocol you chose above. Click on the protocol link to see the next wizard screen for that protocol.

3.1.2 Wizard Setup: Second Screen

The second wizard screen varies depending on what mode and encapsulation type you use. All screens shown are with routing mode. Configure the fields and click Next to continue.
66 Chapter 3 Wizard Setup
Figure 12 Internet Connection with PPPoE
Prestige 2602H/HW Series User’s Guide
The following table describes the fields in this screen.
Table 7 Internet Connection with PPPoE
LABEL DESCRIPTION
Service Name Type the name of your PPPoE service here.
User Name Enter the user name exactly as your ISP assigned. If assigned a name in the form
user@domain where domain identifies a service name, then enter both components
exactly as given.
Password Enter the password associated with the user name above.
IP Address A static IP address is a fixed IP that your ISP gives you. A dynamic IP address is not
Connection Select Connect on Demand when you don't want the connection up all the time and
Network Address Translation
Back Click Back to go back to the first wizard screen.
Next Click Next to continue to the next wizard screen.
fixed; the ISP assigns you a different one each time you connect to the Internet. Select Obtain an IP Address Automatically if you have a dynamic IP address;
otherwise select Static IP Address and type your ISP assigned IP address in the text box below.
specify an idle time-out (in seconds) in the Max. Idle Timeout field. The default setting selects Connection on Demand with 0 as the idle time-out, which means the Internet session will not timeout.
Select Nailed-Up Connection when you want your connection up all the time. The Prestige will try to bring up the connection automatically if it is disconnected.
The schedule rule(s) in SMT menu 26 has priority over your Connection settings.
Select None, SUA Only or Full Feature from the drop-sown list box. Refer to the NAT chapter for more details.
Chapter 3 Wizard Setup 67
Prestige 2602H/HW Series User’s Guide
Figure 13 Internet Connection with RFC 1483
The following table describes the fields in this screen.
Table 8 Internet Connection with RFC 1483
LABEL DESCRIPTION
IP Address This field is available if you select Routing in the Mode field.
Type your ISP assigned IP address in this field.
Network Address Translation
Back Click Back to go back to the first wizard screen.
Next Click Next to continue to the next wizard screen.
Select None, SUA Only or Full Feature from the drop-sown list box. Refer to
Chapter 7 on page 121 for more details.
Figure 14 Internet Connection with ENET ENCAP
The following table describes the fields in this screen.
68 Chapter 3 Wizard Setup
Prestige 2602H/HW Series User’s Guide
Table 9 Internet Connection with ENET ENCAP
LABEL DESCRIPTION
IP Address A static IP address is a fixed IP that your ISP gives you. A dynamic IP address is not
fixed; the ISP assigns you a different one each time you connect to the Internet. Select Obtain an IP Address Automatically if you have a dynamic IP address;
otherwise select Static IP Address and type your ISP assigned IP address in the IP Address text box below.
Subnet Mask Enter a subnet mask in dotted decimal notation.
Refer to the appendix on IP subnettig to calculate a subnet mask If you are implementing subnetting.
ENET ENCAP Gateway
Network Address Translation
Back Click Back to go back to the first wizard screen.
Next Click Next to continue to the next wizard screen.
You must specify a gateway IP address (supplied by your ISP) when you use ENET ENCAP in the Encapsulation field in the previous screen.
Select None, SUA Only or Full Feature from the drop-sown list box. Refer to the NAT chapter for more details.
Figure 15 Internet Connection with PPPoA
The following table describes the fields in this screen.
Chapter 3 Wizard Setup 69
Prestige 2602H/HW Series User’s Guide
Table 10 Internet Connection with PPPoA
LABEL DESCRIPTION
User Name Enter the login name that your ISP gives you.
Password Enter the password associated with the user name above.
IP Address This option is available if you select Routing in the Mode field.
A static IP address is a fixed IP that your ISP gives you. A dynamic IP address is not fixed; the ISP assigns you a different one each time you connect to the Internet.
Click Obtain an IP Address Automatically if you have a dynamic IP address; otherwise click Static IP Address and type your ISP assigned IP address in the IP Address text box below.
Connection Select Connect on Demand when you don't want the connection up all the time and
specify an idle time-out (in seconds) in the Max. Idle Timeout field. The default setting selects Connection on Demand with 0 as the idle time-out, which means the Internet session will not timeout.
Select Nailed-Up Connection when you want your connection up all the time. The Prestige will try to bring up the connection automatically if it is disconnected.
The schedule rule(s) in SMT menu 26 has priority over your Connection settings.
Network Address Translation
Back Click Back to go back to the first wizard screen.
Next Click Next to continue to the next wizard screen.
This option is available if you select Routing in the Mode field. Select None, SUA Only or Full Feature from the drop-sown list box. Refer to
7 on page 121
Chapter
for more details.

3.1.3 Wizard Setup: Third Screen

Use this screen to configure the voice settings (for the Prestige’s SIP account one) with the information from your voice service provider.
70 Chapter 3 Wizard Setup
Figure 16 Wizard Setup: Third Screen
Prestige 2602H/HW Series User’s Guide
Table 11 Wizard Setup: Voice Configuration
LABEL DESCRIPTION
Active Select this check box to have the Prestige use this SIP account. Clear the
check box to have the Prestige not use this SIP account.
SIP Number Enter your SIP number in this field (use the number or text that comes before
the @ symbol in a full SIP URI). You can use up to 127 ASCII characters.
SIP Local Port Use this field to configure the Prestige’s listening port for SIP. Leave this field
SIP Server Address Type the IP address of the SIP server in this field. It doesn’t matter whether
SIP Server Port Enter the SIP server’s listening port for SIP in this field. Leave this field set to
REGISTER Server Address
REGISTER Server Port Enter the SIP register server’s listening port for SIP in this field.
SIP Service Domain Enter the SIP service domain name in this field (the domain name that comes
Authentication User ID This is the user name for registering this SIP account with the SIP register
set to the default if you were not given a local port number for SIP.
the SIP server is a proxy, redirect or register server.
the default if your VoIP service provider did not give you a server port number for SIP.
Enter the SIP register server’s address in this field.
If you were not given a register server address, then enter the address
from the SIP Server Address field again here.
If you were not given a register server port, then enter the port from the
SIP Server Port field again here.
after the @ symbol in a full SIP URI). You can use up to 127 ASCII Extended set characters.
server. Type the user name exactly as it was given to you. You can use up to 95 ASCII characters.
Chapter 3 Wizard Setup 71
Prestige 2602H/HW Series User’s Guide
Table 11 Wizard Setup: Voice Configuration (continued)
LABEL DESCRIPTION
Authentication Password
Send Caller ID Select this check box to show identification information when you make VoIP
Back Click Back to go back to the previous screen.
Next Click Next to continue to the next wizard screen.
Type the password associated with the user name above. You can use up to 95 ASCII Extended set characters.
phone calls. Clear the check box to not show identification information when you make VoIP phone calls.

3.1.4 Internet Access Wizard Setup: Fourth Screen

Verify the settings in the screen shown next. To change the LAN information on the Prestige, click Change LAN Configurations. Otherwise click Save Settings to save the configuration and skip to the section 3.13.
72 Chapter 3 Wizard Setup
Prestige 2602H/HW Series User’s Guide
Figure 17 Internet Access Wizard Setup: Fourth Screen
If you want to change your Prestige LAN settings, click Change LAN Configuration to display the screen as shown next.
Chapter 3 Wizard Setup 73
Prestige 2602H/HW Series User’s Guide
Figure 18 Wizard Setup: LAN Configuration
The following table describes the fields in this screen.
Table 12 Wizard Setup: LAN Configuration
LABEL DESCRIPTION
LAN IP Address Enter the IP address of your Prestige in dotted decimal notation, for example,
192.168.1.1 (factory default). If you changed the Prestige's LAN IP address, you must use the new IP
address if you want to access the web configurator again.
LAN Subnet Mask Enter a subnet mask in dotted decimal notation.
DHCP
DHCP Server From the DHCP Server drop-down list box, select On to allow your Prestige to
assign IP addresses, an IP default gateway and DNS servers to computer systems that support the DHCP client. Select Off to disable DHCP server.
When DHCP server is used, set the following items:
Client IP Pool Starting Address
Size of Client IP Pool This field specifies the size or count of the IP address pool.
Primary DNS Server Enter the IP addresses of the DNS servers. The DNS servers are passed to
Secondary DNS Server As above.
Back Click Back to go back to the previous screen.
Finish Click Finish to save the settings and proceed to the next wizard screen.
This field specifies the first of the contiguous addresses in the IP address pool.
the DHCP clients along with the IP address and the subnet mask.

3.1.5 Wizard Setup: Connection Test

The Prestige automatically tests the connection to the computer(s) connected to the LAN ports. To test the connection from the Prestige to the ISP and the VoIP service provider, click Start Diagnose. Otherwise click Return to Main Menu to go back to the Site Map screen.
74 Chapter 3 Wizard Setup
Figure 19 Wizard Setup: Connection Tests
3.1.5.1 Test Your Internet Connection
Prestige 2602H/HW Series User’s Guide
Launch your web browser and navigate to beginning. Refer to the rest of this User’s Guide for more detailed information on the complete range of Prestige features. If you cannot access the Internet, open the web configurator again to confirm that the Internet settings you configured in the Wizard Setup are correct.
www.zyxel.com. Internet access is just the

3.2 Media Bandwidth Management Wizard

The media bandwidth management wizard allows you to configure bandwidth classes based on an application (or service). You can allocate specific amounts of bandwidth capacity (bandwidth budgets) to different bandwidth classes.
The Prestige applies bandwidth management to traffic that it forwards out through an interface. The Prestige does not control the bandwidth of traffic that comes into an interface.
Bandwidth management applies to all traffic flowing out of the Prestige through the interface, regardless of the traffic's source.
Traffic redirect or IP alias may cause LAN-to-LAN traffic to pass through the Prestige and be managed by bandwidth management.
Chapter 3 Wizard Setup 75
Prestige 2602H/HW Series User’s Guide

3.2.1 Predefined Media Bandwidth Management Services

The following is a description of the services that you can select and to which you can apply media bandwidth management using the Wizard Setup screens.
Table 13 Media Bandwidth Mgnt. Wizard Setup: Services
SERVICE DESCRIPTION
Xbox Live This is Microsoft’s online gaming service that lets you play multiplayer Xbox games
on the Internet via broadband technology. Xbox Live uses port 3074.
VoIP (SIP) Sending voice signals over the Internet is called Voice over IP or VoIP. Session
FTP File Transfer Program enables fast transfer of files, including large files that may
E-Mail Electronic mail consists of messages sent through a computer network to specific
eMule These programs use advanced file sharing applications relying on central servers
WWW The World Wide Web (WWW) is an Internet system to distribute graphical, hyper-
Initiated Protocol (SIP) is an internationally recognized standard for implementing VoIP. SIP is an application-layer control (signaling) protocol that handles the setting up, altering and tearing down of voice and multimedia sessions over the Internet.
SIP is transported primarily over UDP but can also be transported over TCP, using the default port number 5060.
not be possible by e-mail. FTP uses port number 21.
groups or individuals. Here are some default ports for e-mail: POP3 - port 110 IMAP - port 143 SMTP - port 25 HTTP - port 80
to search for files. They use default port 4662.
linked information, based on Hyper Text Transfer Protocol (HTTP) - a client/server protocol for the World Wide Web. The Web is not synonymous with the Internet; rather, it is just one service on the Internet. Other services on the Internet include Internet Relay Chat and Newsgroups. The Web is accessed through use of a browser.

3.2.2 Media Bandwidth Management Setup: First Screen

In the SITE MAP screen click Media Bandwidth Magnt. to display the first media bandwidth management wizard screen.
76 Chapter 3 Wizard Setup
Prestige 2602H/HW Series User’s Guide
Figure 20 Media Bandwidth Mgnt. Wizard Setup: First Screen
The following table describes the labels in this screen.
Table 14 Media Bandwidth Mgnt. Wizard Setup: First Screen
LABEL DESCRIPTION
Active Select the Active check box to have the Prestige apply bandwidth management
to traffic going out through the Prestige’s WAN, LAN or WLAN port.
Select the service to apply bandwidth management.
Next Click Next to continue.
These check boxes are applicable when you select the Active check box above. Create bandwidth management classes by selecting services from the list
provided.
XBox Live
•VoIP (SIP)
•FTP
•E-Mail
•eMule
•WWW Refer to
Table 13 on page 76 for more information.

3.2.3 Media Bandwidth Mgnt. Wizard Setup: Second Screen

The Prestige automatically creates the bandwidth class for each service you select. You may set the priority for each bandwidth class in the second wizard screen.
Chapter 3 Wizard Setup 77
Prestige 2602H/HW Series User’s Guide
Figure 21 Media Bandwidth Mgnt. Wizard Setup: Second Screen (all services selected)
The following table describes the fields in this screen.
Table 15 Media Bandwidth Mgnt. Wizard Setup: Second Screen
LABEL DESCRIPTION
Service These fields display the service(s) selected in the previous screen.
Priority Select High, Mid or Low priority for each service to have your Prestige use a priority
for traffic that matches that service. If the rules set up in this wizard are changed in ADVANCED - Media Bandwidth
Mgnt. - Class Setup, then the service priority radio button will be set to Others. The Class Configuration screens allow you to edit these rule configurations (see
Section 21.9 on page 273 for more information).
Back Click Back to return to the previous screen.
Finish Click Finish to complete and save the bandwidth management setup.

3.2.4 Media Bandwidth Mgnt. Wizard Setup: Finish

Well done! You have finished configuration of Media Bandwidth Management. You may now continue configuring your device.
Click Return to Main Menu to return to the Site Map screen.
78 Chapter 3 Wizard Setup
Figure 22 Media Bandwidth Mgnt. Wizard Setup: Finish

3.3 Password Setup

It is highly recommended that you change the password for accessing the Prestige.

3.3.1 Configuring Password

To change your Prestige’s password (recommended), click Password in the Site Map screen.
Figure 23 Password
Prestige 2602H/HW Series User’s Guide
The following table describes the fields in this screen.
Table 16 Password
LABEL DESCRIPTION
Old Password Type the default password or the existing password you use to access the system
in this field.
New Password Type the new password in this field.
Retype to Confirm Type the new password again in this field.
Apply Click Apply to save your changes back to the Prestige.
Cancel Click Cancel to begin configuring this screen afresh.
Chapter 3 Wizard Setup 79
Prestige 2602H/HW Series User’s Guide
80 Chapter 3 Wizard Setup
This chapter describes how to configure LAN settings.

4.1 LAN Overview

A Local Area Network (LAN) is a shared communication system to which many computers are attached. A LAN is a computer network limited to the immediate area, usually the same building or floor of a building. The LAN screens can help you configure a LAN DHCP server and manage IP addresses.

4.1.1 LANs, WANs and the Prestige

Prestige 2602H/HW Series User’s Guide
CHAPTER 4

LAN Setup

The actual physical connection determines whether the Prestige ports are LAN or WAN ports. There are two separate IP networks, one inside the LAN network and the other outside the WAN network as shown next.
Figure 24 LAN and WAN IP Addresses

4.1.2 DHCP Setup

DHCP (Dynamic Host Configuration Protocol, RFC 2131 and RFC 2132) allows individual clients to obtain TCP/IP configuration at start-up from a server. You can configure the Prestige as a DHCP server or disable it. When configured as a server, the Prestige provides the TCP/IP configuration for the clients. If you turn DHCP service off, you must have another DHCP server on your LAN, or else the computer must be manually configured.
Chapter 4 LAN Setup 81
Prestige 2602H/HW Series User’s Guide
4.1.2.1 IP Pool Setup
The Prestige is pre-configured with a pool of IP addresses for the DHCP clients (DHCP Pool). See the product specifications in the appendices. Do not assign static IP addresses from the DHCP pool to your LAN computers.

4.2 DNS Server Address

DNS (Domain Name System) is for mapping a domain name to its corresponding IP address and vice versa. The DNS server is extremely important because without it, you must know the IP address of a machine before you can access it. The DNS server addresses that you enter in the DHCP setup are passed to the client machines along with the assigned IP address and subnet mask.
There are two ways that an ISP disseminates the DNS server addresses. The first is for an ISP to tell a customer the DNS server addresses, usually in the form of an information sheet, when s/he signs up. If your ISP gives you the DNS server addresses, enter them in the DNS Server fields in DHCP Setup, otherwise, leave them blank.
Some ISP’s choose to pass the DNS servers using the DNS server extensions of PPP IPCP (IP Control Protocol) after the connection is up. If your ISP did not give you explicit DNS servers, chances are the DNS servers are conveyed through IPCP negotiation. The Prestige supports the IPCP DNS server extensions through the DNS proxy feature.
If the Primary and Secondary DNS Server fields in the LAN Setup screen are not specified, for instance, left as 0.0.0.0, the Prestige tells the DHCP clients that it itself is the DNS server. When a computer sends a DNS query to the Prestige, the Prestige forwards the query to the real DNS server learned through IPCP and relays the response back to the computer.
Please note that DNS proxy works only when the ISP uses the IPCP DNS server extensions. It does not mean you can leave the DNS servers out of the DHCP setup under all circumstances. If your ISP gives you explicit DNS servers, make sure that you enter their IP addresses in the LAN Setup screen. This way, the Prestige can pass the DNS servers to the computers and the computers can query the DNS server directly without the Prestige’s intervention.

4.3 DNS Server Address Assignment

Use DNS (Domain Name System) to map a domain name to its corresponding IP address and vice versa. The DNS server is extremely important because without it, you must know the IP address of a computer before you can access it.
There are two ways that an ISP disseminates the DNS server addresses.
82 Chapter 4 LAN Setup
• The ISP tells you the DNS server addresses, usually in the form of an information sheet, when you sign up. If your ISP gives you DNS server addresses, enter them in the DNS Server fields in DHCP Setup.
• The Prestige acts as a DNS proxy when the Primary and Secondary DNS Server fields are left blank in the LAN Setup screen.

4.4 LAN TCP/IP

The Prestige has built-in DHCP server capability that assigns IP addresses and DNS servers to systems that support DHCP client capability.

4.4.1 Factory LAN Defaults

The LAN parameters of the Prestige are preset in the factory with the following values:
• IP address of 192.168.1.1 with subnet mask of 255.255.255.0 (24 bits)
• DHCP server enabled with 32 client IP addresses starting from 192.168.1.33.
Prestige 2602H/HW Series User’s Guide
These parameters should work for the majority of installations. If your ISP gives you explicit DNS server address(es), read the embedded web configurator help regarding what fields need to be configured.

4.5 LAN TCP/IP

The Prestige has built-in DHCP server capability that assigns IP addresses and DNS servers to systems that support DHCP client capability.

4.5.1 IP Address and Subnet Mask

Similar to the way houses on a street share a common street name, so too do computers on a LAN share one common network number.
Where you obtain your network number depends on your particular situation. If the ISP or your network administrator assigns you a block of registered IP addresses, follow their instructions in selecting the IP addresses and the subnet mask.
If the ISP did not explicitly give you an IP network number, then most likely you have a single user account and the ISP will assign you a dynamic IP address when the connection is established. If this is the case, it is recommended that you select a network number from
192.168.0.0 to 192.168.255.0 and you must enable the Network Address Translation (NAT) feature of the Prestige. The Internet Assigned Number Authority (IANA) reserved this block of addresses specifically for private use; please do not use any other number unless you are
Chapter 4 LAN Setup 83
Prestige 2602H/HW Series User’s Guide
told otherwise. Let's say you select 192.168.1.0 as the network number; which covers 254 individual addresses, from 192.168.1.1 to 192.168.1.254 (zero and 255 are reserved). In other words, the first three numbers specify the network number while the last number identifies an individual computer on that network.
Once you have decided on the network number, pick an IP address that is easy to remember, for instance, 192.168.1.1, for your Prestige, but make sure that no other device on your network is using that IP address.
The subnet mask specifies the network number portion of an IP address. Your Prestige will compute the subnet mask automatically based on the IP address that you entered. You don't need to change the subnet mask computed by the Prestige unless you are instructed to do otherwise.
4.5.1.1 Private IP Addresses
Every machine on the Internet must have a unique address. If your networks are isolated from the Internet, for example, only between your two branch offices, you can assign any IP addresses to the hosts without problems. However, the Internet Assigned Numbers Authority (IANA) has reserved the following three blocks of IP addresses specifically for private networks:
• 10.0.0.0 — 10.255.255.255
• 172.16.0.0 — 172.31.255.255
• 192.168.0.0 — 192.168.255.255
You can obtain your IP address from the IANA, from an ISP or it can be assigned from a private network. If you belong to a small organization and your Internet access is through an ISP, the ISP can provide you with the Internet addresses for your local networks. On the other hand, if you are part of a much larger organization, you should consult your network administrator for the appropriate IP addresses.
Note: Regardless of your particular situation, do not create an arbitrary IP address;
always follow the guidelines above. For more information on address assignment, please refer to RFC 1597, Address Allocation for Private Internets and RFC 1466, Guidelines for Management of IP Address Space.

4.5.2 RIP Setup

RIP (Routing Information Protocol) allows a router to exchange routing information with other routers. The RIP Direction field controls the sending and receiving of RIP packets. When set to:
Both - the Prestige will broadcast its routing table periodically and incorporate the RIP information that it receives.
In Only - the Prestige will not send any RIP packets but will accept all RIP packets received.
84 Chapter 4 LAN Setup
Out Only - the Prestige will send out RIP packets but will not accept any RIP packets received.
None - the Prestige will not send any RIP packets and will ignore any RIP packets received.
The Version field controls the format and the broadcasting method of the RIP packets that the Prestige sends (it recognizes both formats when receiving). RIP-1 is universally supported; but RIP-2 carries more information. RIP-1 is probably adequate for most networks, unless you have an unusual network topology.
Both RIP-2B and RIP-2M sends the routing data in RIP-2 format; the difference being that
RIP-2B uses subnet broadcasting while RIP-2M uses multicasting.

4.5.3 Multicast

Traditionally, IP packets are transmitted in one of either two ways - Unicast (1 sender - 1 recipient) or Broadcast (1 sender - everybody on the network). Multicast delivers IP packets to a group of hosts on the network - not everybody and not just 1.
Prestige 2602H/HW Series User’s Guide
IGMP (Internet Group Multicast Protocol) is a network-layer protocol used to establish membership in a Multicast group - it is not used to carry user data. IGMP version 2 (RFC
2236) is an improvement over version 1 (RFC 1112) but IGMP version 1 is still in wide use. If you would like to read more detailed information about interoperability between IGMP version 2 and version 1, please see sections 4 and 5 of RFC 2236. The class D IP address is used to identify host groups and can be in the range 224.0.0.0 to 239.255.255.255. The address
224.0.0.0 is not assigned to any group and is used by IP multicast computers. The address
224.0.0.1 is used for query messages and is assigned to the permanent group of all IP hosts (including gateways). All hosts must join the 224.0.0.1 group in order to participate in IGMP. The address 224.0.0.2 is assigned to the multicast routers group.
The Prestige supports both IGMP version 1 (IGMP-v1) and IGMP version 2 (IGMP-v2). At start up, the Prestige queries all directly connected networks to gather group membership. After that, the Prestige periodically updates this information. IP multicasting can be enabled/ disabled on the Prestige LAN and/or WAN interfaces in the web configurator (LAN; WA N ). Select None to disable IP multicasting on these interfaces.

4.6 Any IP

Traditionally, you must set the IP addresses and the subnet masks of a computer and the Prestige to be in the same subnet to allow the computer to access the Internet (through the Prestige). In cases where your computer is required to use a static IP address in another network, you may need to manually configure the network settings of the computer every time you want to access the Internet via the Prestige.
Chapter 4 LAN Setup 85
Prestige 2602H/HW Series User’s Guide
With the Any IP feature and NAT enabled, the Prestige allows a computer to access the Internet without changing the network settings (such as IP address and subnet mask) of the computer, when the IP addresses of the computer and the Prestige are not in the same subnet. Whether a computer is set to use a dynamic or static (fixed) IP address, you can simply connect the computer to the Prestige and access the Internet.
The following figure depicts a scenario where a computer is set to use a static private IP address in the corporate environment. In a residential house where a Prestige is installed, you can still use the computer to access the Internet without changing the network settings, even when the IP addresses of the computer and the Prestige are not in the same subnet.
Figure 25 Any IP Example
The Any IP feature does not apply to a computer using either a dynamic IP address or a static IP address that is in the same subnet as the Prestige’s IP address.
Note: You must enable NAT/SUA to use the Any IP feature on the Prestige.

4.6.1 How Any IP Works

Address Resolution Protocol (ARP) is a protocol for mapping an Internet Protocol address (IP address) to a physical machine address, also known as a Media Access Control or MAC address, on the local area network. IP routing table is defined on IP Ethernet devices (the Prestige) to decide which hop to use, to help forward data along to its specified destination.
The following lists out the steps taken, when a computer tries to access the Internet for the first time through the Prestige.
1 When a computer (which is in a different subnet) first attempts to access the Internet, it
sends packets to its default gateway (which is not the Prestige) by looking at the MAC address in its ARP table.
2 When the computer cannot locate the default gateway, an ARP request is broadcast on the
LAN.
86 Chapter 4 LAN Setup
3 The Prestige receives the ARP request and replies to the computer with its own MAC
address.
4 The computer updates the MAC address for the default gateway to the ARP table. Once
the ARP table is updated, the computer is able to access the Internet through the Prestige.
5 When the Prestige receives packets from the computer, it creates an entry in the IP
routing table so it can properly forward packets intended for the computer.
After all the routing information is updated, the computer can access the Prestige and the Internet as if it is in the same subnet as the Prestige.

4.7 Configuring LAN

Click LAN and LAN Setup to open the following screen.
Figure 26 LAN Setup
Prestige 2602H/HW Series User’s Guide
Chapter 4 LAN Setup 87
Prestige 2602H/HW Series User’s Guide
The following table describes the fields in this screen.
Table 17 LAN Setup
LABEL DESCRIPTION
DHCP
DHCP If set to Server, your Prestige can assign IP addresses, an IP default gateway
and DNS servers to Windows 95, Windows NT and other systems that support the DHCP client.
If set to None, the DHCP server will be disabled. If set to Relay, the Prestige acts as a surrogate DHCP server and relays DHCP
requests and responses between the remote server and the clients. Enter the IP address of the actual, remote DHCP server in the Remote DHCP Server field in this case.
When DHCP is used, the following items need to be set:
Client IP Pool Starting Address
Size of Client IP Pool
Primary DNS Server Enter the IP addresses of the DNS servers. The DNS servers are passed to the
Secondary DNS Server
Remote DHCP Server
TCP/IP
IP Address Enter the IP address of your Prestige in dotted decimal notation, for example,
IP Subnet Mask Type the subnet mask assigned to you by your ISP (if given).
RIP Direction Select the RIP direction from None, Both, In Only and Out Only.
RIP Version Select the RIP version from RIP-1, RIP-2B and RIP-2M.
Multicast IGMP (Internet Group Multicast Protocol) is a network-layer protocol used to
Any IP Setup Select the Active checkbox to enable the Any IP feature. This allows a computer
Back Click Back to return to the previous screen.
Apply Click Apply to save your changes back to the Prestige.
Cancel Click Cancel to begin configuring this screen afresh.
This field specifies the first of the contiguous addresses in the IP address pool.
This field specifies the size or count of the IP address pool.
DHCP clients along with the IP address and the subnet mask.
As above.
If Relay is selected in the DHCP field above then enter the IP address of the actual remote DHCP server here.
192.168.1.1 (factory default).
establish membership in a multicast group. The Prestige supports both IGMP version 1 (IGMP-v1) and IGMP-v2. Select None to disable it.
to access the Internet without changing the network settings (such as IP address and subnet mask) of the computer, even when the IP addresses of the computer and the Prestige are not in the same subnet.
When you disable the Any IP feature, only computers with dynamic IP addresses or static IP addresses in the same subnet as the Prestige’s LAN IP address can connect to the Prestige or access the Internet through the Prestige.
88 Chapter 4 LAN Setup

4.8 Configuring Static DHCP

This table allows you to assign IP addresses on the LAN to specific individual computers based on their MAC Addresses.
Every Ethernet device has a unique MAC (Media Access Control) address. The MAC address is assigned at the factory and consists of six pairs of hexadecimal characters, for example, 00:A0:C5:00:00:02.
To change your Prestige’s static DHCP settings, click LAN, then the Static DHCP tab. The screen appears as shown.
Figure 27 LAN: Static DHCP
Prestige 2602H/HW Series User’s Guide
The following table describes the labels in this screen.
Table 18 LAN: Static DHCP
LABEL DESCRIPTION
# This is the index number of the Static IP table entry (row).
MAC Address Type the MAC address (with colons) of a computer on your LAN.
IP Address This field specifies the size, or count of the IP address pool.
Back Click Back to return to the previous screen.
Apply Click Apply to save your changes back to the Prestige.
Cancel Click Cancel to begin configuring this screen afresh.
Chapter 4 LAN Setup 89
Prestige 2602H/HW Series User’s Guide
90 Chapter 4 LAN Setup
Prestige 2602H/HW Series User’s Guide
CHAPTER 5

Wireless LAN (P2602HW Models)

This chapter discusses how to configure Wireless LAN.

5.1 Introduction

A wireless LAN can be as simple as two computers with wireless LAN adapters communicating in a peer-to-peer network or as complex as a number of computers with wireless LAN adapters communicating through access points which bridge network traffic to the wired LAN.
Note: See the WLAN appendix for more detailed information on WLANs.

5.2 Wireless Security Overview

Wireless security is vital to your network to protect wireless communication between wireless stations, access points and the wired network.
Wireless security methods available on the Prestige are data encryption, wireless client authentication, restricting access by device MAC address and hiding the Prestige identity.

5.2.1 Encryption

• Use WPA security if you have WPA-aware wireless clients and a RADIUS server. WPA has user authentication and improved data encryption over WEP.
• Use WPA-PSK if you have WPA-aware wireless clients but no RADIUS server.
• If you don’t have WPA-aware wireless clients, then use WEP key encrypting. A higher bit key offers better security at a throughput trade-off. You can use Passphrase to automatically generate 64-bit or 128-bit WEP keys or manually enter 64-bit, 128-bit or 256-bit WEP keys.

5.2.2 Authentication

WPA has user authentication and you can also configure IEEE 802.1x to use the built-in database (Local User Database) or a RADIUS server to authenticate wireless clients before joining your network.
• Use RADIUS authentication if you have a RADIUS server. See the appendices for information on protocols used when a client authenticates with a RADIUS server via the Prestige.
Chapter 5 Wireless LAN (P2602HW Models) 91
Prestige 2602H/HW Series User’s Guide
• Use the Local User Database if you have less than 32 wireless clients in your network. The Prestige uses MD5 encryption when a client authenticates with the Local User Database

5.2.3 Restricted Access

The MAC Filter screen allows you to configure the AP to give exclusive access to devices (Allow Association) or exclude them from accessing the AP (Deny Association).

5.2.4 Hide Prestige Identity

If you hide the ESSID, then the Prestige cannot be seen when a wireless client scans for local APs. The trade-off for the extra security of “hiding” the Prestige may be inconvenience for some valid WLAN clients. If you don’t hide the ESSID, at least you should change the default one.

5.2.5 Configuring Wireless LAN on the Prestige

1 Configure the ESSID
and WEP in the Wireless screen. If you
configure WEP, you can’t configure WPA or WPA-PSK.
2 Use the MAC Filter
screen to restrict access to your wireless network by MAC address.
3 Configure WPA or
WPA-PSK in the
802.1x/WPA screen. You can also configure 802.1x wireless client authentication in the 802.1x/WPA screen.
4 Configure the RADIUS authentication database settings in the RADIUS screen.
5 Configure the built-in authentication database in the Local User Database screen.
The following figure shows the relative effectiveness of these wireless security methods available on your Prestige.
92 Chapter 5 Wireless LAN (P2602HW Models)
Prestige 2602H/HW Series User’s Guide
Figure 28 Wireless Security Methods
Note: You must enable the same wireless security settings on the Prestige and on all
wireless clients that you want to associate with it.
If you do not enable any wireless security on your Prestige, your network is accessible to any wireless networking device that is within range.

5.3 Configuring the Wireless Screen

5.3.1 WEP Encryption

WEP encryption scrambles the data transmitted between the wireless stations and the access points to keep network communications private. It encrypts unicast and multicast communications in a network. Both the wireless stations and the access points must use the same WEP key.
Your Prestige allows you to configure up to four 64-bit, 128-bit or 256-bit WEP keys but only one key can be enabled at any one time.
In order to configure and enable WEP encryption; click Wireless LAN and Wireless to the display the Wireless screen.
Chapter 5 Wireless LAN (P2602HW Models) 93
Prestige 2602H/HW Series User’s Guide
Figure 29 Wireless Screen
The following table describes the labels in this screen.
Table 19 Wireless LAN
LABEL DESCRIPTION
Enable Wireless LAN
ESSID The ESSID (Extended Service Set IDentification) is a unique name to identify the
Hide ESSID Select Yes to hide the ESSID so a station cannot obtain the ESSID through AP
Channel ID The radio frequency used by IEEE 802.11 b or g wireless devices is called a
RTS/CTS Threshold
Fragmentation Threshold
You should configure some wireless security (see Figure 28 on page 93) when you enable the wireless LAN. Select the check box to enable the wireless LAN.
Prestige in the wireless LAN. Wireless stations associating to the Prestige must have the same ESSID.
Enter a descriptive name of up to 32 printable characters (including spaces; alphabetic characters are case-sensitive).
scanning. Select No to make the ESSID visible so a station can obtain the ESSID through AP
scanning.
channel. Select a channel from the drop-down list box.
The RTS (Request To Send) threshold (number of bytes) is for enabling RTS/CTS. Data with its frame size larger than this value will perform the RTS/CTS handshake. Setting this value to be larger than the maximum MSDU (MAC service data unit) size turns off RTS/CTS. Setting this value to zero turns on RTS/CTS.
Select the check box to change the default value and enter a new value between 0 and 2432.
This is the threshold (number of bytes) for the fragmentation boundary for directed messages. It is the maximum data fragment size that can be sent.
Select the check box to change the default value and enter a value between 256 and 2432.
94 Chapter 5 Wireless LAN (P2602HW Models)
Prestige 2602H/HW Series User’s Guide
Table 19 Wireless LAN (continued)
LABEL DESCRIPTION
You won’t see the following WEP-related fields if you have WPA or WPA-PSK enabled.
WEP Encryption WEP (Wired Equivalent Privacy) encrypts data frames before transmitting over the
Key 1 to Key 4 The WEP keys are used to encrypt data. Both the Prestige and the wireless stations
Back Click Back to go to the main wireless LAN setup screen.
Apply Click Apply to save your changes back to the Prestige.
Cancel Click Cancel to begin configuring this screen afresh.
wireless network. Select Disable to allow all wireless stations to communicate with the access points
without any data encryption. Select 64-bit WEP, 128-bit WEP or 256-bit WEP to use data encryption.
must use the same WEP key for data transmission. If you want to manually set the WEP keys, enter the key in the field provided. If you chose 64-bit WEP, then enter any 5 ASCII characters or 10 hexadecimal
characters ("0-9", "A-F"). If you chose 128-bit WEP, then enter 13 ASCII characters or 26 hexadecimal
characters ("0-9", "A-F"). If you chose 256-bit WEP, then enter 29 ASCII characters or 58 hexadecimal
characters ("0-9", "A-F"). The values for the WEP keys must be set up exactly the same on all wireless
devices in the same wireless LAN. You must configure all four keys, but only one key can be used at any one time. The
default key is key 1.
Note: If you are configuring the Prestige from a computer connected to the wireless
LAN and you change the Prestige’s ESSID or security settings (see
on page 93
), you will lose your wireless connection when you press Apply to confirm. You must then change the wireless settings of your computer to match the Prestige’s new settings.

5.4 Configuring MAC Filters

Every Ethernet device has a unique MAC (Media Access Control) address. The MAC address is assigned at the factory and consists of six pairs of hexadecimal characters, for example, 00:A0:C5:00:00:02. You need to know the MAC addresses of the devices to configure this screen. To change your Prestige’s MAC filter settings, click Wireless LAN, MAC Filter to open the MAC Filter screen. The screen appears as shown.
Note: Be careful not to list your computer’s MAC address and set the Action field to
Deny Association when managing the Prestige via a wireless connection.
This would lock you out.
Figure 28
Chapter 5 Wireless LAN (P2602HW Models) 95
Prestige 2602H/HW Series User’s Guide
Figure 30 MAC Address Filter
The following table describes the fields in this menu.
Table 20 MAC Address Filter
LABEL DESCRIPTION
Active Select Yes from the drop down list box to enable MAC address filtering.
Action Define the filter action for the list of MAC addresses in the MAC Address table.
Select Deny Association to block access to the router, MAC addresses not listed will be allowed to access the Prestige. Select Allow Association to permit access to the router, MAC addresses not listed will be denied access to the Prestige.
MAC Address Enter the MAC addresses in a valid MAC address format, that is, six hexadecimal
Back Click Back to go to the main wireless LAN setup screen.
96 Chapter 5 Wireless LAN (P2602HW Models)
character pairs, for example, 12:34:56:78:9a:bc of the wireless stations that are allowed or denied access to the Prestige in these address fields.
Table 20 MAC Address Filter (continued)
LABEL DESCRIPTION
Apply Click Apply to save your changes back to the Prestige.
Cancel Click Cancel to begin configuring this screen afresh.

5.5 Introduction to WPA

Wi-Fi Protected Access (WPA) is a subset of the IEEE 802.11i standard. WPA is preferred to WEP as WPA has user authentication and improved data encryption. See the appendix for more information on WPA user authentication and WPA encryption.
If you don’t have an external RADIUS server, you should use WPA-PSK (WPA-Pre-Shared Key). WPA-PSK only requires a single (identical) password entered into each WLAN member. As long as the passwords match, a client will be granted access to a WLAN.
Note: You can’t use the Local User Database for authentication when you select
WPA.
Prestige 2602H/HW Series User’s Guide

5.5.1 WPA-PSK Application Example

A WPA-PSK application looks as follows.
1 First enter identical passwords into the AP and all wireless clients. The Pre-Shared Key
(PSK) must be between 8 and 63 printable characters (including spaces; alphabetic characters are case-sensitive).
2 The AP checks each client’s password and (only) allows it to join the network if the
passwords match.
3 The AP derives and distributes keys to the wireless clients.
4 The AP and wireless clients use the TKIP encryption process to encrypt data exchanged
between them.
Chapter 5 Wireless LAN (P2602HW Models) 97
Prestige 2602H/HW Series User’s Guide
Figure 31 WPA - PSK Authentication

5.5.2 WPA with RADIUS Application Example

You need the IP address, port number (default is 1812) and shared secret of a RADIUS server. A WPA application example with an external RADIUS server looks as follows. "A" is the RADIUS server. "DS" is the distribution system (wired link to the LAN).
1 The AP passes the wireless client’s authentication request to the RADIUS server.
2 The RADIUS server then checks the user's identification against its database and grants
or denies network access accordingly.
3 The RADIUS server distributes a Pairwise Master Key (PMK) key to the AP that then
sets up a key hierarchy and management system, using the pair-wise key to dynamically generate unique data encryption keys to encrypt every data packet that is wirelessly transmitted between the AP and the wireless clients
98 Chapter 5 Wireless LAN (P2602HW Models)
Figure 32 WPA with RADIUS Application Example2
Prestige 2602H/HW Series User’s Guide

5.5.3 Wireless Client WPA Supplicants

A wireless client supplicant is the software that runs on an operating system instructing the wireless client how to use WPA. At the time of writing, the most widely available supplicants are the WPA patch for Windows XP, Funk Software's Odyssey client, and Meetinghouse Data Communications' AEGIS client.
The Windows XP patch is a free download that adds WPA capability to Windows XP's built­in "Zero Configuration" wireless client. However, you must run Windows XP to use it.

5.6 Configuring IEEE 802.1x and WPA

To change your Prestige’s authentication settings, click the Wireless LAN link under Advanced Setup and then the 802.1x/WPA tab. The screen varies by the key management protocol you select.
You see the next screens when you select No Access Allowed or No Authentication Required in the Wireless Port Control field.
Chapter 5 Wireless LAN (P2602HW Models) 99
Prestige 2602H/HW Series User’s Guide
Figure 33 Wireless LAN: 802.1x/WPA: No Access Allowed
Figure 34 Wireless LAN: 802.1x/WPA: No Authentication
The following table describes the label in these screens.
Table 21 Wireless LAN: 802.1x/WPA: No Access/Authentication
LABEL DESCRIPTION
Wireless Port Control
Back Click Back to go to the main wireless LAN setup screen.
Apply Click Apply to save your changes back to the Prestige.
Cancel Click Cancel to begin configuring this screen afresh.
To control wireless station access to the wired network, select a control method from the drop-down list box. Choose from No Access Allowed, No Authentication
Required and Authentication Required. No Access Allowed blocks all wireless stations access to the wired network. No Authentication Required allows all wireless stations access to the wired network
without entering usernames and passwords. This is the default setting. Authentication Required means that all wireless stations have to enter usernames
and passwords before access to the wired network is allowed. Select Authentication Required to configure Key Management Protocol and other
related fields.

5.6.1 Authentication Required: 802.1x

You need the following for IEEE 802.1x authentication.
• A computer with an IEEE 802.11 a/b/g wireless LAN adapter and equipped with a web browser (with JavaScript enabled) and/or Telnet.
100 Chapter 5 Wireless LAN (P2602HW Models)
Loading...