The contents of this publication may not be reproduced in any part or as a whole, transcribed,
stored in a retrieval system, translated into any language, or transmitted in any form or by any
means, electronic, mechanical, magnetic, optical, chemical, photocopying, manual, or
otherwise, without the prior written permission of ZyXEL Communications Corporation.
Published by ZyXEL Communications Corporation. All rights reserved.
Disclaimer
ZyXEL does not assume any liability arising out of the application or use of any products, or
software described herein. Neither does it convey any license under its patent rights nor the
patent rights of others. ZyXEL further reserves the right to make changes in any products
described herein without notice. This publication is subject to change without notice.
Trademarks
ZyNOS (ZyXEL Network Operating System) is a registered trademark of ZyXEL
Communications, Inc. Other trademarks mentioned in this publication are used for
identification purposes only and may be properties of their respective owners.
Copyright3
Page 4
P-334WT User’s Guide
Federal Communications
Commission (FCC) Interference
Statement
This device complies with Part 15 of FCC rules. Operation is subject to the following two
conditions:
• This device may not cause harmful interference.
• This device must accept any interference received, including interference that may cause
undesired operations.
This equipment has been tested and found to comply with the limits for a Class B digital
device pursuant to Part 15 of the FCC Rules. These limits are designed to provide reasonable
protection against harmful interference in a commercial environment. This equipment
generates, uses, and can radiate radio frequency energy, and if not installed and used in
accordance with the instructions, may cause harmful interference to radio communications.
If this equipment does cause harmful interference to radio/television reception, which can be
determined by turning the equipment off and on, the user is encouraged to try to correct the
interference by one or more of the following measures:
• Reorient or relocate the receiving antenna.
• Increase the separation between the equipment and the receiver.
• Connect the equipment into an outlet on a circuit different from that to which the receiver
is connected.
• Consult the dealer or an experienced radio/TV technician for help.
Notice 1
Changes or modifications not expressly approved by the party responsible for compliance
could void the user's authority to operate the equipment.
This Class B digital apparatus complies with Canadian ICES-003.
Cet appareil numérique de la classe B est conforme à la norme NMB-003 du Canada.
Certifications
1 Go to www.zyxel.com.
2 Select your product from the drop-down list box on the ZyXEL home page to go to that
product's page.
3 Select the certification you wish to view from this page.
4 Federal Communications Commission (FCC) Interference Statement
Page 5
P-334WT User’s Guide
Safety Warnings
For your safety, be sure to read and follow all warning notices and instructions.
• To reduce the risk of fire, use only No. 26 AWG (American Wire Gauge) or larger
telecommunication line cord.
• Do NOT open the device or unit. Opening or removing covers can expose you to
dangerous high voltage points or other risks. ONLY qualified service personnel can
service the device. Please contact your vendor for further information.
• Use ONLY the dedicated power supply for your device. Connect the power cord or
power adaptor to the right supply voltage (110V AC in North America or 230V AC in
Europe).
• Do NOT use the device if the power supply is damaged as it might cause electrocution.
• If the power supply is damaged, remove it from the power outlet.
• Do NOT attempt to repair the power supply. Contact your local vendor to order a new
power supply.
• Place connecting cables carefully so that no one will step on them or stumble over them.
Do NOT allow anything to rest on the power cord and do NOT locate the product where
anyone can walk on the power cord.
• If you wall mount your device, make sure that no electrical, gas or water pipes will be
damaged.
• Do NOT install nor use your device during a thunderstorm. There may be a remote risk of
electric shock from lightning.
• Do NOT expose your device to dampness, dust or corrosive liquids.
• Do NOT use this product near water, for example, in a wet basement or near a swimming
pool.
• Make sure to connect the cables to the correct ports.
• Do NOT obstruct the device ventilation slots, as insufficient airflow may harm your
device.
• Do NOT store things on the device.
• Connect ONLY suitable accessories to the device.
Safety Warnings5
Page 6
P-334WT User’s Guide
ZyXEL warrants to the original end user (purchaser) that this product is free from any defects
in materials or workmanship for a period of up to two years from the date of purchase. During
the warranty period, and upon proof of purchase, should the product have indications of failure
due to faulty workmanship and/or materials, ZyXEL will, at its discretion, repair or replace the
defective products or components without charge for either parts or labor, and to whatever
extent it shall deem necessary to restore the product or components to proper operating
condition. Any replacement will consist of a new or re-manufactured functionally equivalent
product of equal or higher value, and will be solely at the discretion of ZyXEL. This warranty
shall not apply if the product has been modified, misused, tampered with, damaged by an act
of God, or subjected to abnormal working conditions.
Note
Repair or replacement, as provided under this warranty, is the exclusive remedy of the
purchaser. This warranty is in lieu of all other warranties, express or implied, including any
implied warranty of merchantability or fitness for a particular use or purpose. ZyXEL shall in
no event be held liable for indirect or consequential damages of any kind to the purchaser.
ZyXEL Limited Warranty
To obtain the services of this warranty, contact ZyXEL's Service Center for your Return
Material Authorization number (RMA). Products must be returned Postage Prepaid. It is
recommended that the unit be insured when shipped. Any returned products without proof of
purchase or those with an out-dated warranty will be repaired or replaced (at the discretion of
ZyXEL) and the customer will be billed for parts and labor. All repaired or replaced products
will be shipped by ZyXEL to the corresponding return address, Postage Paid. This warranty
gives you specific legal rights, and you may also have other rights that vary from country to
country.
Registration
Register your product online to receive e-mail notices of firmware upgrades and information
www.zyxel.com for global products, or at www.us.zyxel.com for North American products.
at
6 ZyXEL Limited Warranty
Page 7
P-334WT User’s Guide
Customer Support
Please have the following information ready when you contact customer support.
• Product model and serial number.
• Warranty Information.
• Date that you received your device.
• Brief description of the problem and the steps you took to solve it.
Congratulations on your purchase of the P-334WT, 802.11g Wireless Broadband Router with
Firewall. This manual is designed to guide you through the configuration of your Prestige for
its various applications.
Note: Use the web configurator, System Management Terminal (SMT) or command
interpreter interface to configure your Prestige. Not all features can be
configured through all interfaces.
This manual may refer to the P-334WT, 802.11g Wireless Broadband Router with Firewall as
the Prestige.
About This User's Guide
This User’s Guide is designed to guide you through the configuration of your Prestige using
the web configurator or the SMT. The web configurator parts of this guide contain
background information on features configurable by web configurator. The SMT parts of this
guide contain background information solely on features not configurable by web configurator
Note: Use the web configurator, System Management Terminal (SMT) or command
interpreter interface to configure your Prestige. Not all features can be
configured through all interfaces.
Related Documentation
• Supporting Disk
Refer to the included CD for support documents.
• Compact Guide
The Compact Guide is designed to help you get up and running right away. They contain
connection information and instructions on getting started.
• Web Configurator Online Help
Embedded web help for descriptions of individual screens and supplementary
information.
• ZyXEL Glossary and Web Site
Please refer to www.zyxel.com for an online glossary of networking terms and additional
support documentation.
User Guide Feedback
Help us help you! E-mail all User Guide-related comments, questions or suggestions for
improvement to techwriters@zyxel.com.tw or send regular mail to The Technical Writing
Team, ZyXEL Communications Corp., 6 Innovation Road II, Science-Based Industrial Park,
Hsinchu, 300, Taiwan. Thank you!
Preface37
Page 38
P-334WT User’s Guide
Syntax Conventions
• “Enter” means for you to type one or more characters. “Select” or “Choose” means for
you to use one predefined choice.
• The SMT menu titles and labels are in Bold Times New Roman font. Predefined field
choices are in Bold Arial font. Command and arrow keys are enclosed in square
brackets. [ENTER] means the Enter, or carriage return key; [ESC] means the Escape key
and [SPACE BAR] means the Space Bar.
• Mouse action sequences are denoted using a comma. For example, “In Windows, click
Start, Settings and then Control Panel” means first click the Start button, then point
your mouse pointer to Settings and then click Control Panel.
• “e.g.,” is a shorthand for “for instance”, and “i.e.,” means “that is” or “in other words”.
Graphics Icons Key
PrestigeComputerNotebook computer
ServerDSLAMFirewall
ModemSwitchRouter
38 Preface
Page 39
Getting to Know Your Prestige
This chapter introduces the main features and applications of the Prestige.
1.1 Prestige Overview
The Prestige is the ideal secure wireless firewall router for all data passing between the
Internet and LAN’s.
By integrating NAT, firewall, media bandwidth management and VPN capability, ZyXEL’s
Prestige is a complete security solution that protects your Intranet and efficiently manages data
traffic on your network.
P-334WT User’s Guide
CHAPTER 1
The embedded web configurator is easy to operate.
In the Prestige product name, “W” denotes wireless functionality. The P-334WT has an
embedded mini-PCI module for 802.11g Wireless LAN connectivity.
Note: Only use firmware for your Prestige’s specific model.
1.2 Prestige Features
The following sections describe Prestige features.
This auto-negotiation feature allows the Prestige to detect the speed of incoming transmissions
and adjust appropriately without manual intervention. It allows data transfer of either 10 Mbps
or 100 Mbps in either half-duplex or full-duplex mode depending on your Ethernet network.
Auto-negotiation allows data transfer of 100 Mbps in full-duplex mode
Auto-crossover 10/100 Mbps Ethernet Interface(s)
These interfaces automatically adjust to either a crossover or straight-through Ethernet cable.
Chapter 1 Getting to Know Your Prestige39
Page 40
P-334WT User’s Guide
4-Port Switch
A combination of switch and router makes your Prestige a cost-effective and viable network
solution. You can add up to four computers to the Prestige without the cost of a hub. Add more
than four computers to your LAN by using a hub.
Reset Button
The Prestige reset button is built into the rear panel. Use this button to restore the factory
default password to 1234; IP address to 192.168.1.1, subnet mask to 255.255.255.0 and DHCP
server enabled with a pool of 32 IP addresses starting at 192.168.1.33.
1.2.2 Non-Physical Features
Bandwidth Management
ZyXEL’s Bandwidth Management allows you to specify bandwidth classes based on an
application and/or subnet. You can allocate specific amounts of bandwidth capacity
(bandwidth budgets) to different bandwidth classes.
Trend Micro Security Services
TMSS (Trend Micro Security Services) identifies vulnerabilities and protects computers
and networks that have Internet connections. TMSS is enabled by default on the Prestige
but you must register at the TMSS web page. After you register, you can configure TMSS
using the Prestige web configurator.
IPSec VPN Capability
Establish a Virtual Private Network (VPN) to connect with business partners and branch
offices using data encryption and the Internet to provide secure communications without the
expense of leased site-to-site lines. The Prestige VPN is based on the IPSec standard and is
fully interoperable with other IPSec-based VPN products.
Firewall
The Prestige is a stateful inspection firewall with DoS (Denial of Service) protection. By
default, when the firewall is activated, all incoming traffic from the WAN to the LAN is
blocked unless it is initiated from the LAN. The Prestige firewall supports TCP/UDP
inspection, DoS detection and prevention, real time alerts, reports and logs.
Content Filtering
The Prestige can also block access to web sites containing keywords that you specify. You can
define time periods and days during which content filtering is enabled and include or exclude a
range of users on the LAN from content filtering.
40 Chapter 1 Getting to Know Your Prestige
Page 41
P-334WT User’s Guide
Packet Filtering
The packet filtering mechanism blocks unwanted traffic from entering/leaving your network.
Time and Date
The Prestige allows you to get the current time and date from an external server when you turn
on your Prestige. You can also set the time manually.
Universal Plug and Play (UPnP)
Using the standard TCP/IP protocol, the Prestige and other UPnP enabled devices can
dynamically join a network, obtain an IP address and convey its capabilities to other devices
on the network.
Call Scheduling
Configure call time periods to restrict and allow access for users on remote nodes.
PPPoE
PPPoE facilitates the interaction of a host with an Internet modem to achieve access to highspeed data networks via a familiar "dial-up networking" user interface.
PPTP Encapsulation
Point-to-Point Tunneling Protocol (PPTP) is a network protocol that enables secure transfer of
data from a remote client to a private server, creating a Virtual Private Network (VPN) using a
TCP/IP-based network.
PPTP supports on-demand, multi-protocol and virtual private networking over public
networks, such as the Internet. The Prestige supports one PPTP server connection at any given
time.
Dynamic DNS Support
With Dynamic DNS (Domain Name System) support, you can have a static hostname alias for
a dynamic IP address, allowing the host to be more easily accessible from various locations on
the Internet. You must register for this service with a Dynamic DNS service provider.
IP Multicast
Deliver IP packets to a specific group of hosts using IP multicast. IGMP (Internet Group
Management Protocol) is the protocol used to support multicast groups. The latest version is
version 2 (see RFC 2236); the Prestige supports both versions 1 and 2.
Chapter 1 Getting to Know Your Prestige41
Page 42
P-334WT User’s Guide
IP Alias
IP Alias allows you to partition a physical network into logical networks over the same
Ethernet interface. The Prestige supports three logical LAN interfaces via its single physical
Ethernet LAN interface with the Prestige itself as the gateway for each LAN network.
SNMP
SNMP (Simple Network Management Protocol) is a protocol used for exchanging
management information between network devices. SNMP is a member of the TCP/IP
protocol suite. Your Prestige supports SNMP agent functionality, which allows a manager
station to manage and monitor the Prestige through the network. The Prestige supports SNMP
version one (SNMPv1) and version two (SNMPv2).
Network Address Translation (NAT)
Network Address Translation (NAT) allows the translation of an Internet protocol address
used within one network (for example a private IP address used in a local network) to a
different IP address known within another network (for example a public IP address used on
the Internet).
Traffic Redirect
Traffic Redirect forwards WAN traffic to a backup gateway on the LAN when the Prestige
cannot connect to the Internet, thus acting as an auxiliary backup when your regular WAN
connection fails.
Port Forwarding
Use this feature to forward incoming service requests to a server on your local network. You
may enter a single port number or a range of port numbers to be forwarded, and the local IP
address of the desired server.
DHCP (Dynamic Host Configuration Protocol)
DHCP (Dynamic Host Configuration Protocol) allows the individual client computers to
obtain the TCP/IP configuration at start-up from a centralized DHCP server. The Prestige has
built-in DHCP server capability, enabled by default, which means it can assign IP addresses,
an IP default gateway and DNS servers to all systems that support the DHCP client.
Any IP
The Any IP feature allows a computer to access the Internet without changing the network
settings (such as IP address and subnet mask) of the computer, when the IP addresses of the
computer and the Prestige are not in the same subnet.
42 Chapter 1 Getting to Know Your Prestige
Page 43
P-334WT User’s Guide
Full Network Management
The embedded web configurator is an all-platform web-based utility that allows you to easily
access the Prestige’s management settings and configure the firewall. Most functions of the
Prestige are also software configurable via the SMT (System Management Terminal)
interface. The SMT is a menu-driven interface that you can access over a telnet connection.
RoadRunner Support
In addition to standard cable modem services, the Prestige supports Time Warner’s
RoadRunner Service.
Logging and Tracing
• Built-in message logging and packet tracing.
• Unix syslog facility support.
• Firewall logs.
• Content filtering logs.
Upgrade Prestige Firmware via LAN
The firmware of the Prestige can be upgraded via the LAN (refer to the Maintenance-ToolsFirmware screen).
Embedded FTP and TFTP Servers
The Prestige’s embedded FTP and TFTP Servers enable fast firmware upgrades as well as
configuration file backups and restoration.
1.2.3 Wireless Features
Wireless LAN
The Prestige supports the IEEE 802.11g standard, which is fully compatible with the IEEE
802.11b standard, meaning that you can have both IEEE 802.11b and IEEE 802.11g wireless
clients in the same wireless network.
Note: The P-334WT may be prone to RF (Radio Frequency) interference from other
2.4 GHz devices such as microwave ovens, wireless phones, Bluetooth
enabled devices, and other wireless LANs.
Wi-Fi Protected Access
Wi-Fi Protected Access (WPA) is a subset of the IEEE 802.11i security specification standard.
Key differences between WPA and WEP are user authentication and improved data
encryption.
Chapter 1 Getting to Know Your Prestige43
Page 44
P-334WT User’s Guide
WPA(2)
Wi-Fi Protected Access (WPA) is a subset of the IEEE 802.11i standard. WPA 2 (IEEE
802.11i) is a wireless security standard that defines stronger encryption, authentication and
key management than WPA.
Key differences between WPA(2) and WEP are improved data encryption and user
authentication.
Antenna
The Prestige is equipped with a 2dBi fixed antenna to provide clear radio signal between the
wireless stations and the access points.
Wireless LAN MAC Address Filtering
Your Prestige can check the MAC addresses of wireless stations against a list of allowed or
denied MAC addresses.
WEP Encryption
WEP (Wired Equivalent Privacy) encrypts data frames before transmitting over the wireless
network to help keep network communications private.
OTIST (One Touch Intelligent Security Technology)
OTIST allows your Prestige to assign its ESSID and security settings (WEP or WPA-PSK) to
the ZyXEL wireless adapters that support OTIST and are within transmission range. The
ZyXEL wireless adapters must also have OTIST enabled.
G-Plus
G-plus is an enhancement to the IEEE 802.11g wireless standard. It increases wireless
transmission speeds by allowing larger frames to be sent.
Wireless List
With the wireless list, you can see the list of the wireless stations that are currently using the
Prestige to access your wired network.
Wireless LAN Channel Usage
The Wireless Channel Usage displays whether the radio channels are used by other wireless
devices within the transmission range of the Prestige. This allows you to select the channel
with minimum interference for your Prestige.
44 Chapter 1 Getting to Know Your Prestige
Page 45
P-334WT User’s Guide
1.3 Applications for the Prestige
Here are some examples of what you can do with your Prestige.
1.3.1 Secure Broadband Internet Access via Cable or DSL Modem
You can connect a cable modem, DSL or wireless modem to the Prestige for broadband
Internet access via an Ethernet or a wireless port on the modem. The Prestige guarantees not
only high speed Internet access, but secure internal network protection and traffic management
as well.
Figure 1 Secure Internet Access via Cable, DSL or Wireless Modem
1.3.2 VPN Application
Prestige VPN is an ideal cost-effective way to connect branch offices and business partners
over the Internet without the need (and expense) for leased lines between sites.
Chapter 1 Getting to Know Your Prestige45
Page 46
P-334WT User’s Guide
Figure 2 VPN Application
1.3.3 Wireless LAN Application
Add a wireless LAN to your existing network without expensive network cables. Wireless
stations can move freely anywhere in the coverage area and use resources on the wired
network.
Figure 3 Internet Access Application Example
46 Chapter 1 Getting to Know Your Prestige
Page 47
1.3.4 Front Panel LEDs
Figure 4 P-334WT Front Panel
The following table describes the LEDs.
Table 1 Front Panel LEDs
LEDCOLORSTATUSDESCRIPTION
PWRGreenOnThe Prestige is receiving power and functioning
RedOnPower to the Prestige is too low.
NoneOffThe Prestige is not receiving power.
LAN 1-4GreenOnThe Prestige has a successful 10Mb Ethernet
AmberOnThe Prestige has a successful 100Mb Ethernet
NoneOffThe LAN is not connected.
WANGreenOnThe Prestige has a successful 10Mb WAN connection.
AmberOnThe Prestige has a successful 100Mb Ethernet
NoneOffThe WAN connection is not ready, or has failed.
WLANGreenOnThe Prestige is ready, but is not sending/receiving data
NoneOffThe wireless LAN is not ready or has failed.
OTISTGreen Blinking OTIST is in progress
NoneOffOTIST is not activated or WLAN settings are manually
P-334WT User’s Guide
properly.
Blinking The Prestige is performing testing.
connection.
Blinking The Prestige is sending/receiving data.
connection.
Blinking The Prestige is sending/receiving data.
BlinkingThe Prestige is sending/receiving data.
connection.
BlinkingThe Prestige is sending/receiving data.
through the wireless LAN.
BlinkingThe Prestige is sending/receiving data through the
wireless LAN.
OnOTIST is activated and the wireless security settings are
given to a wireless client. The LED remains on unless
the WLAN settings are changed.
configured after OTIST is successful.
Chapter 1 Getting to Know Your Prestige47
Page 48
P-334WT User’s Guide
48 Chapter 1 Getting to Know Your Prestige
Page 49
Introducing the Web
This chapter describes how to access the Prestige web configurator and provides an overview
of its screens.
2.1 Web Configurator Overview
The web configurator is an HTML-based management interface that allows easy Prestige
setup and management via Internet browser. Use Internet Explorer 6.0 and later or Netscape
Navigator 7.0 and later versions. The recommended screen resolution is 1024 by 768 pixels.
P-334WT User’s Guide
CHAPTER 2
Configurator
In order to use the web configurator you need to allow:
• Web browser pop-up windows from your device. Web pop-up blocking is enabled by
default in Windows XP SP (Service Pack) 2.
• JavaScripts (enabled by default).
• Java permissions (enabled by default).
Refer to the Troubleshooting chapter to see how to make sure these functions are allowed in
Internet Explorer.
2.2 Accessing the Prestige Web Configurator
1 Make sure your Prestige hardware is properly connected and prepare your computer/
computer network to connect to the Prestige (refer to the Quick Start Guide).
2 Launch your web browser.
3 Type "192.168.1.1" as the URL.
4 Type "1234" (default) as the password and click Login. In some versions, the default
password appears automatically - if this is the case, click Login.
5 You should see a screen asking you to change your password (highly recommended) as
shown next. Type a new password (and retype it to confirm) and click Apply or click
Ignore.
Chapter 2 Introducing the Web Configurator49
Page 50
P-334WT User’s Guide
Figure 5 Change Password Screen
Note: The management session automatically times out when the time period set in
the Administrator Inactivity Timer field expires (default five minutes). Simply
log back into the Prestige if this happens to you.
2.3 Resetting the Prestige
If you forget your password or cannot access the web configurator, you will need to use the
RESET button at the back of the Prestige to reload the factory-default configuration file. This
means that you will lose all configurations that you had previously and the password will be
reset to “1234”.
2.3.1 Procedure to Use the Reset Button
1 Make sure the PWR LED is on (not blinking).
2 Press the RESET button for ten seconds or until the PWR LED begins to blink and then
release it. When the PWR LED begins to blink, the defaults have been restored and the
Prestige restarts.
2.4 Navigating the Prestige Web Configurator
The following summarizes how to navigate the web configurator from the Status screen.
50 Chapter 2 Introducing the Web Configurator
Page 51
Figure 6 Web Configurator Status Screen
P-334WT User’s Guide
The following table describes the icons shown in the Status screen.
Table 2 Status Screen Icon Key
ICONDESCRIPTION
Select a language from the drop-down list box to have the web configurator display in that
language.
Click this icon to open a web help page relevant to the screen you are currently
configuring.
Click this icon to open the setup wizard. The Prestige has a connection wizard and a
bandwidth management wizard.
Click this icon to view copyright and a link for related product information.
Click this icon at any time to exit the web configurator.
Chapter 2 Introducing the Web Configurator51
Page 52
P-334WT User’s Guide
Table 2 Status Screen Icon Key
ICONDESCRIPTION
Select a number of seconds or None from the drop-down list box to refresh all screen
statistics automatically at the end of every time interval or to not refresh the screen
statistics.
Click this button to refresh the status screen statistics.
The following table describes the labels shown in the Status screen.
Table 3 Web Configurator Status Screen
LABELDESCRIPTION
Device Information
System NameThis is the System Name you enter in the Maintenance, System, General screen. It
is for identification purposes.
Firmware VersionThis is the ZyNOS Firmware version and the date created. ZyNOS is ZyXEL's
WAN Information
- IP AddressThis shows the WAN port’s IP address.
- IP Subnet MaskThis shows the WAN port’s subnet mask.
- DHCPThis shows the WAN port’s DHCP role - Client or None.
LAN Information
- IP AddressThis shows the LAN port’s IP address.
- IP Subnet MaskThis shows the LAN port’s subnet mask.
- DHCPThis shows the LAN port’s DHCP role - Server, Relay or None.
WLAN Information
- Name(SSID)This shows a descriptive name used to identify the Prestige in the wireless LAN.
- ChannelThis shows the channel number which the Prestige uses over the wireless LAN.
- Security ModeThis shows the level of wireless security the Prestige is using.
System Status
System UptimeThis is the total time the Prestige has been on.
Current Date/TimeThis field displays your Prestige’s present
System Resource
- CPU UsageThis number shows how many kilobytes of the heap memory the Prestige is using.
- Memory UsageThis number shows the Prestige's total heap memory (in kilobytes).
proprietary Network Operating System design.
date and time along with the difference
from the Greenwich Mean Time (GMT) zone. The difference from GMT is based on
the time zone. It is also adjusted for Daylight Saving Time if you set the Prestige to
use it.
Heap memory refers to the memory that is not used by ZyNOS (ZyXEL Network
Operating System) and is thus available for running processes like NAT, VPN and the
firewall.
The bar displays what percent of the Prestige's heap memory is in use. The bar turns
from green to red when the maximum is being approached.
The bar displays what percent of the Prestige's heap memory is in use. The bar turns
from green to red when the maximum is being approached.
52 Chapter 2 Introducing the Web Configurator
Page 53
P-334WT User’s Guide
Table 3 Web Configurator Status Screen
LABELDESCRIPTION
Interface Status
InterfaceThis displays the Prestige port types. The port types are: WAN, LAN and WLAN.
StatusFor the LAN and WAN ports, this field displays Down (line is down) or Up (line is up
RateFor the LAN ports, this displays the port speed and duplex setting or N/A when the
Summary
Any IP TableUse this screen to view a list of IP addresses and MAC addresses of computers,
DHCP TableUse this screen to view current DHCP client information.
Parental Control Statistics Use this screen to view a record of attempted entries to web pages or actual entries
VPN MonitorUse this screen to display active VPN connections.
BW MGNT MonitorUse this screen to view the Prestige’s bandwidth usage and allotments.
Packet StatisticsUse this screen to view port status and packet specific statistics.
Port IsolationUse this screen to view the port isolation settings and status.
WLAN Station StatusUse this screen to view the wireless stations that are currently associated to the
or connected).
For the WLAN, it displays Up when the WLAN is enabled or Down when the WLAN is
disabled.
line is disconnected.
For the WAN port, it displays the port speed and duplex setting if you’re using
Ethernet encapsulation and Idle (line (ppp) idle), Dial (starting to trigger a call) and Drop (dropping a call) if you're using PPPoE or PPTP encapsulation. This field
displays N/A when the line is disconnected.
For the WLAN, it displays the transmission rate when the WLAN is enabled and N/A
when the WLAN is disabled.
which are not in the same subnet as the Prestige.
to web pages from a list of website categories.
Prestige.
2.4.1 Navigation Panel
After you enter the password, use the sub-menus on the navigation panel to configure Prestige
features.
The following table describes the sub-menus.
Table 4 Screens Summary
LINKTABFUNCTION
StatusThis screen shows the Prestige’s general device, system and interface
status information. Use this screen to access the wizard, and summary
statistics tables.
Network
Chapter 2 Introducing the Web Configurator53
Page 54
P-334WT User’s Guide
Table 4 Screens Summary
LINKTABFUNCTION
Wireless LANGeneralUse this screen to configure wireless LAN.
OTISTThis screen allows you to assign wireless clients the Prestige’s wireless
MAC FilterUse the MAC filter screen to configure the Prestige to block access to
AdvancedThis screen allows you to configure your Prestige roaming capabilities.
QoSWMM QoS allows you to prioritize wireless traffic according to the delivery
WANInternet
Connection
AdvancedUse this screen to configure DNS servers and other advanced properties.
Traffic RedirectUse this screen to configure your traffic redirect properties and parameters.
LANIPUse this screen to configure LAN settings.
IP AliasUse this screen to partition your LAN interface into subnets.
AdvancedUse this screen to enable Any IP and other advanced properties.
DHCP ServerGeneralUse this screen to enable the Prestige’s DHCP server and to have DNS
Static DHCPUse this screen to assign IP addresses on the LAN to specific individual
Client ListUse this screen to view current DHCP client information and to always
NATGeneralUse this screen to enable NAT.
Port ForwardingUse this screen to configureservers behind the Prestige.
Trigger PortUse this screen to change your Prestige’s port triggering settings.
Security
FirewallGeneralUse this screen to activate/deactivate the firewall.
ServicesThis screen shows a summary of the firewall rules, and allows you to edit/
Content FilterFilterUse this screen to block certain web features and sites containing certain
ScheduleUse this screen to set the days and times for the Prestige to perform content
VPNSummaryUse this screen to view the rule summary.
Rule SetupUse this screen to configure VPN connections.
SA Monitor Use this screen to display and manage active VPN connections.
Global SettingUse this screen to allow NetBIOS through an IPSec tunnel.
security settings.
devices or block the devices from accessing the Prestige.
requirements of the individual and applications.
This screen allows you to configure ISP parameters, WAN IP address
assignment and the WAN MAC address.
servers assigned by the DHCP server.
computers based on their MAC addresses.
assign an IP address to a MAC address (and host name).
add a firewall rule.
keywords in the URL.
filtering.
54 Chapter 2 Introducing the Web Configurator
Page 55
P-334WT User’s Guide
Table 4 Screens Summary
LINKTABFUNCTION
TMSSGeneralUse this screen to enable or disable TMSS.
Exception ListUse this screen to decide which computers in the network you can apply
Virus ProtectionUse this screen to check the computers in the network for Trend Micro
Parental ControlUse this screen to allow a parent (LAN administrator) to control a LAN
Port IsolationUse this screen to decide in what situation a port will be separated from
Management
Static RouteStatic Route
Rules
Bandwidth
MGMT
Remote MGMT WWWUse this screen to configure through which interface(s) and from which IP
UPnPGeneralUse this screen to enable UPnP on the Prestige.
Maintenance
SystemGeneralThis screen contains administrative.
LogsView LogUse this screen to view the logs for the categories that you selected.
ToolsFirmwareUse this screen to upload firmware to your Prestige.
ConfigurationUse this screen to enable bandwidth management on an interface and edit
MonitorUse this screen to view the Prestige’s bandwidth usage and allotments.
TELNETUse this screen to configure through which interface(s) and from which IP
FTPUse this screen to configure through which interface(s) and from which IP
SNMPUse this screen to configure your Prestige’s settings for Simple Network
DNSUse this screen to configure through which interface(s) and from which IP
SecurityUse this screen to change your anti-probing settings.
Dynamic DNSUse this screen to set up dynamic DNS.
Time SettingUse this screen to change your Prestige’s time and date.
Log SettingsUse this screen to change your Prestige’s log settings.
ConfigurationUse this screen to backup and restore the configuration or reset the factory
RestartThis screen allows you to reboot the Prestige without turning the power off.
TMSS.
Internet Security.
user's Internet access privileges by blocking specified website categories.
other ports and/or allow the ports to bypass port isolation checking.
Use this screen to configure IP static routes.
a corresponding rule.
address(es) users can use HTTP to manage the Prestige.
address(es) users can use Telnet to manage the Prestige.
address(es) users can use FTP to access the Prestige.
Management Protocol management.
address(es) users can send DNS queries to the Prestige.
defaults to your Prestige.
2.4.2 Summary: Any IP Table
Click the Any IP Table (Details...) hyperlink in the Status screen. The Any IP table shows
current read-only information (including the IP address and the MAC address) of all network
devices that use the Any IP feature to communicate with the Prestige.
Chapter 2 Introducing the Web Configurator55
Page 56
P-334WT User’s Guide
Figure 7 Summary: Any IP Table
The following table describes the labels in this screen.
Table 5 Summary: Any IP Table
LABEL DESCRIPTION
#This field displays the index number.
IP AddressThis field displays the IP address of the network device.
MAC AddressThis field displays the MAC (Media Access Control) address of the computer with
RefreshClick Refresh to update this screen.
the displayed IP address.
Every Ethernet device has a unique MAC address. The MAC address is assigned at
the factory and consists of six pairs of hexadecimal characters, for example,
00:A0:C5:00:00:02.
2.4.3 Summary: DHCP Table
DHCP (Dynamic Host Configuration Protocol, RFC 2131 and RFC 2132) allows individual
clients to obtain TCP/IP configuration at start-up from a server. You can configure the Prestige
as a DHCP server or disable it. When configured as a server, the Prestige provides the TCP/IP
configuration for the clients. If DHCP service is disabled, you must have another DHCP server
on your LAN, or else the computer must be manually configured.
Click the DHCP Table (Details...) hyperlink in the Status screen. Read-only information here
relates to your DHCP status. The DHCP table shows current DHCP client information
(including IP Address, Host Name and MAC Address) of all network clients using the
Prestige’s DHCP server.
Figure 8 Summary: DHCP Table
56 Chapter 2 Introducing the Web Configurator
Page 57
The following table describes the labels in this screen.
Table 6 Summary: DHCP Table
LABEL DESCRIPTION
# This is the index number of the host computer.
IP AddressThis field displays the IP address relative to the # field listed above.
Host Name This field displays the computer host name.
MAC AddressThis field shows the MAC address of the computer with the name in the Host Name
field.
Every Ethernet device has a unique MAC (Media Access Control) address. The MAC
address is assigned at the factory and consists of six pairs of hexadecimal characters,
for example, 00:A0:C5:00:00:02.
RefreshClick Refresh to renew the screen.
2.4.4 Summary: Parental Controls Statistics
Click the Parental Control Statistics (Details...) hyperlink in the Status screen. This screen
shows the current parental control mode and displays a record of attempted entries to web
pages or actual entries to web pages from a list of categories.
P-334WT User’s Guide
2.4.4.1 General Control Mode and Per-User Control Mode
General control mode is the simplest way to configure Parental Control. In general control
mode, the same restrictions apply to all network users.
Per-user control mode allows you to give different restrictions to each user of your network. In
Per-user control mode, all users must log in before accessing the Internet.
Chapter 2 Introducing the Web Configurator57
Page 58
P-334WT User’s Guide
Figure 9 Summary: Parental Control Statistics
The following table describes the labels in this screen.
Table 7 Summary: Parental Control Statistics
LABELDESCRIPTION
Control ModeThis displays the current parental control mode (General Control or Per-User
UsernameThis field displays only when you enable the per-user control mode.
CategoryAll parental control categories are displayed as shown.
Access Attempts This field displays the number of attempts that have been made to access web
Actual Accesses This field displays the number of times access has been made to web page(s) from
ResetClick Reset to clear all of the fields in this screen.
RefreshClick Refresh to renew the statistics screen.
Control).
This is the name of the user (you configured in the Parental Control screen)
allowed to access the Internet and view the unrestricted web content using the
Prestige as a gateway.
page(s) from a category of web pages that you have selected in the Parental Control screen.
a category of web pages that you have not selected in the Parental Control screen
or that have been accesses by exempted computers.
58 Chapter 2 Introducing the Web Configurator
Page 59
2.4.5 Summary: VPN Monitor
Click the VPN Monitor (Details...) hyperlink in the Status screen. Read-only information
here includes encapsulation mode and security protocol.
Figure 10 Summary: VPN Monitor
The following table describes the labels in this screen.
Table 8 Summary: VPN Monitor
P-334WT User’s Guide
TABL EDESCRIPTION
#This is the security association index number.
NameThis field displays the identification name for this VPN policy.
EncapsulationThis field displays Tun nel or Transport mode.
IPSec AlgorithmThis field displays the security protocols used for an SA.
Both AH and ESP increase Prestige processing requirements and
communications latency (delay).
RefreshClick Refresh to renew the screen.
2.4.6 Summary: Bandwidth Management Monitor
Select the BW MGMT Monitor (Details...) hyperlink in Status screen. View the bandwidth
usage of the WAN configured bandwidth rules. This is also shown as bandwidth usage over
the bandwidth budget for each rule. The gray section of the bar represents the percentage of
unused bandwidth and the orange color represents the percentage of bandwidth in use.
Chapter 2 Introducing the Web Configurator59
Page 60
P-334WT User’s Guide
Figure 11 Summary: BW MGMT Monitor
2.4.7 Summary: Packet Statistics
Click the Packet Statistics (Details...) hyperlink in the Status screen. Read-only information
here includes port status and packet specific statistics. Also provided are "system up time" and
"poll interval(s)". The Poll Interval(s) field is configurable.
Figure 12 Summary: Packet Statistics
60 Chapter 2 Introducing the Web Configurator
Page 61
P-334WT User’s Guide
The following table describes the labels in this screen.
Table 9 Summary: Packet Statistics
LABELDESCRIPTION
PortThis is the WAN, LAN or WLAN port.
Status For the LAN ports, this displays the port speed and duplex setting or Down when
the line is disconnected.
For the WAN port, it displays the port speed and duplex setting if you’re using
Ethernet encapsulation and Idle (line (ppp) idle), Dial (starting to trigger a call)
and Drop (dropping a call) if you're using PPPoE or PPTP encapsulation. This
field displays Down when the line is disconnected.
For the WLAN, it displays the transmission rate when the WLAN is enabled and
Down when the WLAN is disabled.
TxPkts This is the number of transmitted packets on this port.
RxPkts This is the number of received packets on this port.
Collisions This is the number of collisions on this port.
Tx B/s This displays the transmission speed in bytes per second on this port.
Rx B/sThis displays the reception speed in bytes per second on this port.
Up Time This is the total amount of time the line has been up.
System Up TimeThis is the total time the Prestige has been on.
Poll Interval(s)Enter the time interval for refreshing statistics in this field.
Set IntervalClick this button to apply the new poll interval you entered in the Poll Interval(s)
field.
StopClick Stop to stop refreshing statistics, click Stop.
2.4.8 Summary: Port Isolation
Click the Port Isolation (Details...) hyperlink in the Status screen to view the port isolation
status and settings on each port.
Chapter 2 Introducing the Web Configurator61
Page 62
P-334WT User’s Guide
Figure 13 Summary: Port Isolation
The following table describes the labels in this screen.
Table 10 Summary: Wireless Association List
LABELDESCRIPTION
PortThis is the LAN or WLAN port.
BypassThis displays whether port isolation is performed on the port.
IsolatedThis displays whether the port is separated and the network or computer(s)
connected to the port cannot communicate with other network or computer(s)
connected to other port(s).
MAC AddressThis displays the MAC address(es) of the computer(s) which is infected by
viruses or vulnerable according to the selected categories.
CategoryThis displays the reason why the port is isolated.
RefreshClick Refresh to redisplay the current screen.
2.4.9 Summary: Wireless Station Status
Click the WLAN Station Status (Details...) hyperlink in the Status screen. View the wireless
stations that are currently associated to the Prestige in the Association List screen.
2.4.9.1 WMM QoS
WMM (Wi-Fi MultiMedia) QoS (Quality of Service) ensures quality of service in wireless
networks for multimedia applications.
WMM allows you to prioritize wireless traffic according to the delivery requirements of the
individual and applications.
WMM is a part of the IEEE 802.11e QoS enhancement to certified Wi-Fi wireless networks.
62 Chapter 2 Introducing the Web Configurator
Page 63
P-334WT User’s Guide
Figure 14 Summary: Wireless Association List
The following table describes the labels in this screen.
Tabl e 11 Summary: Wireless Association List
LABELDESCRIPTION
# This is the index number of an associated wireless station.
MAC Address This field displays the MAC address of an associated wireless station.
QoS This field displays whether WMM (Wi-Fi MultiMedia) QoS (Quality of Service)
priority is applied to traffic between the Prestige and the wireless station.
Association TimeThis field displays the time a wireless station first associated with the Prestige.
RefreshClick Refresh to redisplay the current screen.
Chapter 2 Introducing the Web Configurator63
Page 64
P-334WT User’s Guide
64 Chapter 2 Introducing the Web Configurator
Page 65
This chapter provides information on the Wizard setup screens in the web configurator.
3.1 Wizard Setup
The web configurator’s Wizard setup helps you configure your device to access the Internet.
Refer to your ISP (Internet Service Provider) checklist in the Quick Start Guide to know what
to enter in each field. Leave a field blank if you don’t have that information.
1 After you access the Prestige Web configurator, click the Go to Wizard setup hyperlink.
You can click the Go to Advanced setup hyperlink to skip this wizard setup and
configure advanced features.
P-334WT User’s Guide
CHAPTER 3
Connection Wizard
Figure 15 Select Wizard or Advanced Mode
2 Choose your language from the drop-down list box.
3 Click the Next button to proceed to the next screen.
Chapter 3 Connection Wizard65
Page 66
P-334WT User’s Guide
Figure 16 Select a Language
4 Read the on-screen information and click Next.
Figure 17 Welcome to the Connection Wizard
3.2 Connection Wizard: STEP 1: System Information
System Information contains administrative and system-related information.
3.2.1 System Name
System Name is for identification purposes. However, because some ISPs check this name
you should enter your computer's "Computer Name".
• In Windows 95/98 click Start, Settings, Control Panel, Network. Click the
Identification tab, note the entry for the Computer Name field and enter it as the System Name.
• In Windows 2000, click Start, Settings and Control Panel and then double-click
System. Click the Network Identification tab and then the Properties button. Note the
entry for the Computer name field and enter it as the System Name.
• In Windows XP, click Start, My Computer, View system information and then click
the Computer Name tab. Note the entry in the Full computer name field and enter it as
the Prestige System Name.
66 Chapter 3 Connection Wizard
Page 67
3.2.2 Domain Name
The Domain Name entry is what is propagated to the DHCP clients on the LAN. If you leave
this blank, the domain name obtained by DHCP from the ISP is used. While you must enter
the host name (System Name) on each individual computer, the domain name can be assigned
from the Prestige via DHCP.
Click Next to configure the Prestige for Internet access.
Figure 18 Wizard Step 1: System Information
P-334WT User’s Guide
The following table describes the labels in this screen.
Table 12 Wizard Step 1: System Information
LABELDESCRIPTION
System NameSystem Name is a unique name to identify the Prestige in an Ethernet network. Enter a
descriptive name. This name can be up to 30 alphanumeric characters long. Spaces
are not allowed, but dashes "-" and underscores "_" are accepted.
Domain Name Type the domain name (if you know it) here. If you leave this field blank, the ISP may
assign a domain name via DHCP. The domain name entered by you is given priority
over the ISP assigned domain name.
BackClick Back to display the previous screen.
NextClick Next to proceed to the next screen.
ExitClick Exit to close the wizard screen without saving.
3.3 Connection Wizard: STEP 2: Wireless LAN
Set up your wireless LAN using the following screen.
Chapter 3 Connection Wizard67
Page 68
P-334WT User’s Guide
Figure 19 Wizard Step 2: Wireless LAN
The following table describes the labels in this screen.
Table 13 Wizard Step 2: Wireless LAN
LABELDESCRIPTION
Name(SSID)Enter a descriptive name (up to 32 printable 7-bit ASCII characters) for the wireless
Channel
Selection
SecuritySelect a Security level from the drop-down list box.
BackClick Back to display the previous screen.
NextClick Next to proceed to the next screen.
ExitClick Exit to close the wizard screen without saving.
LAN.
If you change this field on the Prestige, make sure all wireless stations use the same
SSID in order to access the network.
The range of radio frequencies used by IEEE 802.11b/g wireless devices is called a
channel. Select a channel ID that is not already in use by a neighboring device.
Choose Auto to use OTIST to generate a pre-shared key and only if your wireless
clients support OTIST. If you choose this option, skip directly to section
Choose None to have no wireless LAN security configured. If you do not enable any
wireless security on your Prestige, your network is accessible to any wireless
networking device that is within range. If you choose this option, skip directly to section
3.3.3.
Choose Basic security if you want to configure WEP Encryption parameters. If you
choose this option, go directly to section
Choose Extend (WPA-PSK or WPA2-PSK) security to configure a Pre-Shared Key.
Choose this option only if your wireless clients support WPA-PSK or WPA2-PSK
respectively. If you choose this option, skip directly to section
3.3.1.
3.3.2.
3.3.3.
Note: The wireless stations and Prestige must use the same SSID, channel ID and
WEP encryption key (if WEP is enabled), WPA-PSK (if WPA-PSK is enabled)
or WPA2-PSK (if WPA2-PSK is enabled) for wireless communication.
3.3.1 Basic(WEP) Security
Choose Basic(WEP) to setup WEP Encryption parameters.
68 Chapter 3 Connection Wizard
Page 69
Figure 20 Wizard Step 2: Basic(WEP) Security
P-334WT User’s Guide
The following table describes the labels in this screen.
Table 14 Wizard Step 2: Basic(WEP) Security
LABELDESCRIPTION
PassphraseType a Passphrase (up to 32 printable characters) and click Generate. The Prestige
WEP
Encryption
Key 1 to Key 4 The WEP keys are used to encrypt data. Both the Prestige and the wireless stations
automatically generates a WEP key.
Select 64-bit WEP, 128-bit WEP or 256-bit WEP to allow data encryption.
ASCII Select this option in order to enter ASCII characters as the WEP keys.
HEX Select this option to enter hexadecimal characters as the WEP keys.
The preceding “0x” is entered automatically.
must use the same WEP key for data transmission.
If you chose 64-bit WEP, then enter any 5 ASCII characters or 10 hexadecimal
characters ("0-9", "A-F").
If you chose 128-bit WEP, then enter 13 ASCII characters or 26 hexadecimal
characters ("0-9", "A-F").
If you chose 256-bit WEP, then enter 29 ASCII characters or 58 hexadecimal
characters ("0-9", "A-F").
You must configure at least one key, only one key can be activated at any one time.
The default key is key 1.
Chapter 3 Connection Wizard69
Page 70
P-334WT User’s Guide
Table 14 Wizard Step 2: Basic(WEP) Security
LABELDESCRIPTION
BackClick Back to display the previous screen.
NextClick Next to proceed to the next screen.
ExitClick Exit to close the wizard screen without saving.
3.3.2 Extend(WPA-PSK or WPA2-PSK) Security
Choose Extend(WPA-PSK) or Extend(WPA2-PSK) security in the Wireless LAN setup
screen to set up a Pre-Shared Key.
Figure 21 Wizard Step 2: Extend(WPA-PSK or WPA2-PSK) Security
The following table describes the labels in this screen.
Table 15 Wizard Step 2: Extend(WPA-PSK or WPA2-PSK) Security
LABELDESCRIPTION
Pre-Shared
Key
BackClick Back to display the previous screen.
NextClick Next to proceed to the next screen.
ExitClick Exit to close the wizard screen without saving.
3.3.3 OTIST
The following screen allows you to enable Prestige One-Touch Intelligent Security
Technology (OTIST). One-Touch Intelligent Security Technology (OTIST) allows your
Prestige to assign wireless clients the Prestige’s SSID and static WEP or WPA-PSK
encryption settings. The wireless client must also support OTIST and have OTIST enabled.
See
Type from 8 to 63 case-sensitive ASCII characters. You can set up the most secure
wireless connection by configuring WPA in the wireless LAN screens. You need to
configure an authentication server to do this.
Section 4.5 on page 99 for more information.
70 Chapter 3 Connection Wizard
Page 71
Figure 22 Wizard Step 2: OTIST
P-334WT User’s Guide
The following table describes the labels in this screen.
Table 16 Wizard Step 2: OTIST
LABELDESCRIPTION
Do you want to
enable OTIST?
Setup KeyThe default OTIST Setup Key is “01234567”. This key can be changed in the
Back
Next
ExitClick Exit to close the wizard screen without saving.
Select the Yes radio button and click Next to proceed with the setup wizard and
enable OTIST only when you click Finish in the final wizard screen.
Click No and then Next to proceed to the following screen.
web configurator. Be sure to use the same OTIST Setup Key on the Prestige
and wireless clients.
Click Back to display the previous screen.
Click Next to proceed to the next screen.
Refer to the chapter on wireless LAN for more information.
3.4 Connection Wizard: STEP 3: Internet Configuration
The Prestige offers three Internet connection types. They are Ethernet, PPP over Ethernet or
PPTP. The wizard attempts to detect which WAN connection type you are using. If the wizard
does not detect a connection type, you must select one from the drop-down list box. Check
with your ISP to make sure you use the correct type.
Chapter 3 Connection Wizard71
Page 72
P-334WT User’s Guide
This wizard screen varies according to the connection type that you select.
Figure 23 Wizard Step 3: ISP Parameters.
The following table describes the labels in this screen,
Table 17 Wizard Step 3: ISP Parameters
CONNECTION TYPEDESCRIPTION
EthernetSelect the Ethernet option when the WAN port is used as a regular Ethernet.
PPPoE
PPTPSelect the PPTP option for a dial-up connection.
Select the PPP over Ethernet option for a dial-up connection. If your ISP
gave you a an IP address and/or subnet mask, then select PPTP.
3.4.1 Ethernet Connection
Choose Ethernet when the WAN port is used as a regular Ethernet.
Figure 24 Wizard Step 3: Ethernet Connection
72 Chapter 3 Connection Wizard
Page 73
3.4.2 PPPoE Connection
Point-to-Point Protocol over Ethernet (PPPoE) functions as a dial-up connection. PPPoE is an
IETF (Internet Engineering Task Force) standard specifying how a host personal computer
interacts with a broadband modem (for example DSL, cable, wireless, etc.) to achieve access
to high-speed data networks.
For the service provider, PPPoE offers an access and authentication method that works with
existing access control systems (for instance, RADIUS).
One of the benefits of PPPoE is the ability to let end users access one of multiple network
services, a function known as dynamic service selection. This enables the service provider to
easily create and offer new IP services for specific users.
Operationally, PPPoE saves significant effort for both the subscriber and the ISP/carrier, as it
requires no specific configuration of the broadband modem at the subscriber’s site.
By implementing PPPoE directly on the Prestige (rather than individual computers), the
computers on the LAN do not need PPPoE software installed, since the Prestige does that part
of the task. Furthermore, with NAT, all of the LAN's computers will have Internet access.
P-334WT User’s Guide
Refer to the appendix for more information on PPPoE.
Figure 25 Wizard Step 3: PPPoE Connection
The following table describes the labels in this screen.
Table 18 Wizard Step 3: PPPoE Connection
LABELDESCRIPTION
ISP Parameter for Internet Access
Connection Type
Service Name Type the name of your service provider.
User NameType the user name given to you by your ISP.
Password Type the password associated with the user name above.
Chapter 3 Connection Wizard73
Select the PPP over Ethernet option for a dial-up connection.
Page 74
P-334WT User’s Guide
Table 18 Wizard Step 3: PPPoE Connection
LABELDESCRIPTION
BackClick Back to return to the previous screen.
NextClick Next to continue.
ExitClick Exit to close the wizard screen without saving.
3.4.3 PPTP Connection
Point-to-Point Tunneling Protocol (PPTP) is a network protocol that enables transfers of data
from a remote client to a private server, creating a Virtual Private Network (VPN) using TCP/
IP-based networks.
PPTP supports on-demand, multi-protocol, and virtual private networking over public
networks, such as the Internet.
Refer to the appendix for more information on PPTP.
Note: The Prestige supports one PPTP server connection at any given time.
Figure 26 Wizard Step 3: PPTP Connection
74 Chapter 3 Connection Wizard
Page 75
P-334WT User’s Guide
The following table describes the fields in this screen
Table 19 Wizard Step 3: PPTP Connection
LABELDESCRIPTION
ISP Parameters for Internet Access
Connection TypeSelect PPTP from the drop-down list box. To configure a PPTP client, you must
configure the User Name and Password fields for a PPP connection and the
PPTP parameters for a PPTP connection.
User NameType the user name given to you by your ISP.
PasswordType the password associated with the User Name above.
PPTP Configuration
Get automatically
from ISP
Use fixed IP
address
My IP AddressType the (static) IP address assigned to you by your ISP.
My IP Subnet
Mask
Server IP AddressType the IP address of the PPTP server.
Connection ID/
Name
BackClick Back to return to the previous screen.
NextClick Next to continue.
ExitClick Exit to close the wizard screen without saving.
Select this radio button if your ISP did not assign you a fixed IP address.
Select this radio button, provided by your ISP to give the Prestige a fixed, unique
IP address.
Type the subnet mask assigned to you by your ISP (if given).
Enter the connection ID or connection name in this field. It must follow the "c:id"
and "n:name" format. For example, C:12 or N:My ISP.
This field is optional and depends on the requirements of your ISP.
3.4.4 Your IP Address
The following wizard screen allows you to assign a fixed IP address or give the Prestige an
automatically assigned IP address depending on your ISP.
Figure 27 Wizard Step 3: Your IP Address
Chapter 3 Connection Wizard75
Page 76
P-334WT User’s Guide
The following table describes the labels in this screen
Table 20 Wizard Step 3: Your IP Address
LABELDESCRIPTION
Get automatically from
your ISP
Use fixed IP address
provided by your ISP
BackClick Back to return to the previous screen.
NextClick Next to continue.
ExitClick Exit to close the wizard screen without saving.
Select this option If your ISP did not assign you a fixed IP address. This is
the default selection. If you choose this option, skip directly to section
Select this option if you were given IP address and/or DNS server settings
by the ISP. The fixed IP address should be in the same subnet as your
broadband modem or router.
3.4.5 WAN IP Address Assignment
Every computer on the Internet must have a unique IP address. If your networks are isolated
from the Internet, for instance, only between your two branch offices, you can assign any IP
addresses to the hosts without problems. However, the Internet Assigned Numbers Authority
(IANA) has reserved the following three blocks of IP addresses specifically for private
networks.
Table 21 Private IP Address Ranges
10.0.0.0-10.255.255.255
172.16.0.0-172.31.255.255
192.168.0.0-192.168.255.255
3.4.9.
You can obtain your IP address from the IANA, from an ISP or have it assigned by a private
network. If you belong to a small organization and your Internet access is through an ISP, the
ISP can provide you with the Internet addresses for your local networks. On the other hand, if
you are part of a much larger organization, you should consult your network administrator for
the appropriate IP addresses.
Note: Regardless of your particular situation, do not create an arbitrary IP address;
always follow the guidelines above. For more information on address
assignment, please refer to RFC 1597, Address Allocation for Private Internets
and RFC 1466, Guidelines for Management of IP Address Space.
3.4.6 IP Address and Subnet Mask
Similar to the way houses on a street share a common street name, so too do computers on a
LAN share one common network number.
Where you obtain your network number depends on your particular situation. If the ISP or
your network administrator assigns you a block of registered IP addresses, follow their
instructions in selecting the IP addresses and the subnet mask.
76 Chapter 3 Connection Wizard
Page 77
If the ISP did not explicitly give you an IP network number, then most likely you have a single
user account and the ISP will assign you a dynamic IP address when the connection is
established. The Internet Assigned Number Authority (IANA) reserved this block of addresses
specifically for private use; please do not use any other number unless you are told otherwise.
Let's say you select 192.168.1.0 as the network number; which covers 254 individual
addresses, from 192.168.1.1 to 192.168.1.254 (zero and 255 are reserved). In other words, the
first three numbers specify the network number while the last number identifies an individual
computer on that network.
Once you have decided on the network number, pick an IP address that is easy to remember,
for instance, 192.168.1.1, for your Prestige, but make sure that no other device on your
network is using that IP address.
The subnet mask specifies the network number portion of an IP address. Your Prestige will
compute the subnet mask automatically based on the IP address that you entered. You don't
need to change the subnet mask computed by the Prestige unless you are instructed to do
otherwise.
3.4.7 DNS Server Address Assignment
P-334WT User’s Guide
Use DNS (Domain Name System) to map a domain name to its corresponding IP address and
vice versa, for instance, the IP address of www.zyxel.com is 204.217.0.2. The DNS server is
extremely important because without it, you must know the IP address of a computer before
you can access it.
The Prestige can get the DNS server addresses in the following ways.
1 The ISP tells you the DNS server addresses, usually in the form of an information sheet,
when you sign up. If your ISP gives you DNS server addresses, enter them in the DNS Server fields in the Wizard and/or DHCP Server screen.
2 If the ISP did not give you DNS server information, leave the DNS Server fields set to
0.0.0.0 in the Wizard screen and/or set to From ISP in the DHCP Server screen for the
ISP to dynamically assign the DNS server IP addresses.
3.4.8 WAN IP and DNS Server Address Assignment
The following wizard screen allows you to assign a fixed WAN IP address and DNS server
addresses.
Chapter 3 Connection Wizard77
Page 78
P-334WT User’s Guide
Figure 28 Wizard Step 3: WAN IP and DNS Server Addresses
The following table describes the labels in this screen
Table 22 Wizard Step 3: WAN IP and DNS Server Addresses
LABELDESCRIPTION
WAN IP Address Assignment
My WAN IP AddressEnter your WAN IP address in this field. The WAN IP address should be in
My WAN IP Subnet MaskEnter the IP subnet mask in this field.
Gateway IP Address Enter the gateway IP address in this field.
System DNS Server Address Assignment (if applicable)
DNS (Domain Name System) is for mapping a domain name to its corresponding IP address and vice
versa. The DNS server is extremely important because without it, you must know the IP address of a
computer before you can access it. The Prestige uses a system DNS server (in the order you specify
here) to resolve domain names for VPN, DDNS and the time server.
First DNS Server
Second DNS Server
Third DNS Server
BackClick Back to return to the previous screen.
NextClick Next to continue.
ExitClick Exit to close the wizard screen without saving.
the same subnet as your DSL/Cable modem or router.
Enter the DNS server's IP address in the fields provided.
If you do not configure a system DNS server, you must use IP addresses
when configuring VPN, DDNS and the time server.
78 Chapter 3 Connection Wizard
Page 79
3.4.9 WAN MAC Address
Every Ethernet device has a unique MAC (Media Access Control) address. The MAC address
is assigned at the factory and consists of six pairs of hexadecimal characters, for example,
00:A0:C5:00:00:02.
Table 23 Example of Network Properties for LAN Servers with Fixed IP Addresses
Choose an IP address192.168.1.2-192.168.1.32; 192.168.1.65-192.168.1.254.
Subnet mask 255.255.255.0
Gateway (or default route)192.168.1.1(Prestige LAN IP)
This screen allows users to configure the WAN port's MAC address by either using the
Prestige’s MAC address, copying the MAC address from a computer on your LAN or
manually entering a MAC address. Once it is successfully configured, the address will be
copied to the "rom" file (ZyNOS configuration file). It will not change unless you change the
setting or upload a different "rom" file. It is advisable to clone the MAC address from a
computer on your LAN even if your ISP does not presently require MAC address
authentication.
P-334WT User’s Guide
Figure 29 Wizard Step 3: WAN MAC Address
The following table describes the fields in this screen.
Table 24 Wizard Step 3: WAN MAC Address
LABELDESCRIPTION
Factory DefaultSelect Factory Default to use the factory assigned default MAC address.
Clone the
computer’s MAC
address
Set WAN MAC
Address
Select this option and enter the IP address of the computer on the LAN whose
MAC you are cloning. It is advisable to clone the MAC address from a computer
on your LAN even if your ISP does not presently require MAC address
authentication.
Select this option and enter the MAC address you want to use.
Chapter 3 Connection Wizard79
Page 80
P-334WT User’s Guide
Table 24 Wizard Step 3: WAN MAC Address
LABELDESCRIPTION
BackClick Back to return to the previous screen.
NextClick Next to continue.
ExitClick Exit to close the wizard screen without saving.
Bandwidth management allows you to control the amount of bandwidth going out through the
Prestige’s WAN, LAN or WLAN port and prioritize the distribution of the bandwidth
according to the traffic type. This helps keep one service from using all of the available
bandwidth and shutting out other users.
Figure 30 Wizard Step 4: Bandwidth Management
The following fields describe the label in this screen.
Table 25 Wizard Step 4: Bandwidth Management
LABELDESCRIPTION
Enable BM for all traffic
automatically
BackClick Back to return to the previous screen.
NextClick Next to continue.
ExitClick Exit to close the wizard screen without saving.
Select the check box to have the Prestige apply bandwidth management to
traffic going out through the Prestige’s WAN, LAN or WLAN port. Bandwidth
is allocated according to the traffic type automatically. Real-time packets,
such as VoIP traffic always get higher priority.
3.6 Connection Wizard Complete
Click Apply to save your configuration.
80 Chapter 3 Connection Wizard
Page 81
P-334WT User’s Guide
Figure 31 Connection Wizard Save
Follow the on-screen instructions and click Finish to complete the wizard setup.
Figure 32 Connection Wizard Complete
Well done! You have successfully set up your Prestige to operate on your network and access
the Internet.
Chapter 3 Connection Wizard81
Page 82
P-334WT User’s Guide
82 Chapter 3 Connection Wizard
Page 83
This chapter discusses how to configure Wireless LAN.
4.1 Introduction
A wireless LAN can be as simple as two computers with wireless LAN adapters
communicating in a peer-to-peer network or as complex as a number of computers with
wireless LAN adapters communicating through access points which bridge network traffic to
the wired LAN.
Note: See the WLAN appendix for more detailed information on WLANs.
P-334WT User’s Guide
CHAPTER 4
Wireless LAN
4.2 Wireless Security Overview
Wireless security is vital to your network to protect wireless communication between wireless
stations, access points and the wired network.
Wireless security methods available on the Prestige are data encryption, wireless client
authentication, restricting access by device MAC address and hiding the Prestige identity.
4.2.1 Encryption
• Use WPA(2) security if you have WPA(2)-aware wireless clients and a RADIUS server.
WPA has user authentication and improved data encryption over WEP.
• Use WPA(2)-PSK if you have WPA(2)-aware wireless clients but no RADIUS server.
• If you don’t have WPA(2)-aware wireless clients, then use WEP key encrypting. A
higher bit key offers better security at a throughput trade-off. You can use passphrase to
automatically generate 64-bit or 128-bit WEP keys or manually enter 64-bit, 128-bit or
256-bit WEP keys.
4.2.2 Authentication
WPA has user authentication and you can also configure IEEE 802.1x to use a RADIUS server
to authenticate wireless clients before joining your network.
• Use RADIUS authentication if you have a RADIUS server. See the appendices for
information on protocols used when a client authenticates with a RADIUS server via the
Prestige.
Chapter 4 Wireless LAN83
Page 84
P-334WT User’s Guide
4.2.3 Restricted Access
The MAC Filter screen allows you to configure the AP to give exclusive access to devices
(Allow) or exclude them from accessing the AP (Deny).
4.2.4 Hide Prestige Identity
If you hide the ESSID, then the Prestige cannot be seen when a wireless client scans for local
APs. The trade-off for the extra security of “hiding” the Prestige may be inconvenient for
some valid WLAN clients.
4.2.5 G-plus
G-plus is an enhancement to the IEEE 802.11g wireless standard. G-plus combines multiple
frames into a larger frame size. This increases wireless transmission speeds by allowing larger
frames (up to 4 KB) to be sent.
Note: G-plus speed applies only to unicast traffic (not broadcast or multicast). G-plus
is automatically disabled if wireless transmission speeds fall below 11 Mbps.
4.2.6 Using OTIST
To automatically configure the wireless security settings and set the wireless client to use the
same SSID and WEP or WPA-PSK settings, use the OTIST setup wizard or the advanced
wireless OTIST screen.
To manually configure the security setting, enter the WEP or WPA-PSK keys and SSID in the
wireless screen. After that, you can enter the same settings in the wireless client or run OTIST
to have the wireless client acquire the SSID and key automatically.
If you change the SSID or the keys after OTIST, you need to run OTIST again or enter them
manually in the wireless client.
Note: You must activate and start OTIST on both the Prestige and the wireless client
at the same time.
See the wireless client Quick Start Guide for information on wireless client
OTIST setup. For more information on OTIST see
Section 4.5.1 on page 100.
4.3 Configuring Wireless LAN on the Prestige
1 Configure the SSID and WEP in the Wireless screen. If you configure WEP, you can’t
configure WPA or WPA-PSK.
2 Use the MAC Filter screen to restrict access to your wireless network by MAC address.
3 Configure the RADIUS authentication database settings in the Wireless screen.
84 Chapter 4 Wireless LAN
Page 85
P-334WT User’s Guide
4 If you have OTIST-enabled clients, configure OTIST in the OTIST screen. OTIST
transfers device SSID and WEP or WPA-PSK key settings (if enabled) to wireless
clients.
The following figure shows the relative effectiveness of these wireless security methods
available on your Prestige.
Table 26 Wireless Security Levels
Security LevelSecurity Type
Least Secure
Most Secure
Unique SSID (Default)
Unique SSID with Hide SSID Enabled
MAC Address Filtering
WEP Encryption
IEEE802.1x EAP with RADIUS Server Authentication
Wi-Fi Protected Access (WPA)
WPA2
Note: You must enable the same wireless security settings on the Prestige and on all
wireless clients that you want to associate with it.
4.4 General Wireless LAN Screen
Note: If you are configuring the Prestige from a computer connected to the wireless
LAN and you change the Prestige’s SSID, channel or security settings, you will
lose your wireless connection when you press Apply to confirm. You must then
change the wireless settings of your computer to match the Prestige’s new
settings.
Click the Wireless LAN link under Network to open the Wireless screen.
Figure 33 Wireless
Chapter 4 Wireless LAN85
Page 86
P-334WT User’s Guide
The following table describes the general wireless LAN labels in this screen.
Table 27 Wireless
LABELDESCRIPTION
Enable
Wireless LAN
Name(SSID)(Service Set IDentity) The SSID identifies the Service Set with which a wireless
Hide SSIDSelect this check box to hide the SSID in the outgoing beacon frame so a station
Channel
Selection
ApplyClick Apply to save your changes back to the Prestige.
ResetClick Reset to reload the previous configuration for this screen.
See the rest of this chapter for information on the other labels in this screen.
4.4.1 No Security
Select No Security to allow wireless stations to communicate with the access points without
any data encryption.
Note: If you do not enable any wireless security on your Prestige, your network is
accessible to any wireless networking device that is within range.
Click the check box to activate wireless LAN.
station is associated. Wireless stations associating to the access point (AP) must
have the same SSID. Enter a descriptive name (up to 32 printable 7-bit ASCII
characters) for the wireless LAN.
cannot obtain the SSID through scanning using a site survey tool.
Set the operating frequency/channel depending on your particular region.
Select a channel from the drop-down list box.
Refer to the Connection Wizard chapter for more information on channels.
Figure 34 Wireless: No Security
86 Chapter 4 Wireless LAN
Page 87
The following table describes the labels in this screen.
Table 28 Wireless No Security
LABELDESCRIPTION
Security ModeChoose No Security from the drop-down list box.
ApplyClick Apply to save your changes back to the Prestige.
ResetClick Reset to reload the previous configuration for this screen.
4.4.2 WEP Encryption
WEP encryption scrambles the data transmitted between the wireless stations and the access
points to keep network communications private. It encrypts unicast and multicast
communications in a network. Both the wireless stations and the access points must use the
same WEP key.
Your Prestige allows you to configure up to four 64-bit, 128-bit or 256-bit WEP keys but only
one key can be enabled at any one time.
P-334WT User’s Guide
In order to configure and enable WEP encryption; click Wireless LAN and Wireless to the
display the Wireless General screen.
4.4.3 Static WEP Encryption
In order to configure and enable WEP encryption; click the Wireless LAN link under
Network to display the Wireless General screen. Select Static WEP from the Security
Mode list.
Chapter 4 Wireless LAN87
Page 88
P-334WT User’s Guide
Figure 35 Wireless: Static WEP Encryption
The following table describes the wireless LAN security labels in this screen.
Table 29 Wireless: Static WEP Encryption
LABELDESCRIPTION
PassphraseEnter a Passphrase (up to 32 printable characters) and clicking Generate. The
Prestige automatically generates a WEP key.
WEP
Encryption
Authentication
Method
ASCIISelect this option in order to enter ASCII characters as WEP key.
HexSelect this option in order to enter hexadecimal characters as a WEP key.
Key 1 to Key 4The WEP keys are used to encrypt data. Both the Prestige and the wireless stations
ApplyClick Apply to save your changes back to the Prestige.
ResetClick Reset to reload the previous configuration for this screen.
Select 64-bit WEP, 128-bit WEP or 256-bit WEP to enable data encryption.
This field is activated when you select 64-bit WEP, 128-bit WEP or 256-bit WEP in
the WEP Encryption field.
Select Auto, Open System or Shared Key from the drop-down list box.
The preceding "0x", that identifies a hexadecimal key, is entered automatically.
must use the same WEP key for data transmission.
If you chose 64-bit WEP, then enter any 5 ASCII characters or 10 hexadecimal
characters ("0-9", "A-F").
If you chose 128-bit WEP, then enter 13 ASCII characters or 26 hexadecimal
characters ("0-9", "A-F").
If you chose 256-bit WEP, then enter 29 ASCII characters or 58 hexadecimal
characters ("0-9", "A-F").
You must configure at least one key, only one key can be activated at any one time.
The default key is key 1.
88 Chapter 4 Wireless LAN
Page 89
4.4.4 Introduction to WPA and WPA2
Wi-Fi Protected Access (WPA) is a subset of the IEEE 802.11i standard. WPA is preferred to
WEP as WPA has user authentication and improved data encryption. WPA improves data
encryption by using Temporal Key Integrity Protocol (TKIP), Message Integrity Check (MIC)
and IEEE 802.1x. WPA2 uses Advanced Encryption Standard (AES) to offer stronger
encryption than WPA. See the appendix for more information on WPA user authentication and
WPA encryption.
If both an AP and the wireless clients support WPA2 and you have an external RADIUS
server, use WPA2 for stronger data encryption. If you don't have an external RADIUS server,
you should use WPA2-PSK (WPA2-Pre-Shared Key) that only requires a single (identical)
password entered into each access point, wireless gateway and wireless client. As long as the
passwords match, a wireless client will be granted access to a WLAN.
4.4.5 WPA(2)-PSK Application Example
A WPA(2)-PSK application looks as follows.
P-334WT User’s Guide
1 First enter identical passwords into the AP and all wireless clients. The Pre-Shared Key
(PSK) must consist of between 8 and 63 ASCII characters (including spaces and
symbols).
2 The AP checks each wireless client's password and (only) allows it to join the network if
the password matches.
3 The AP derives and distributes keys to the wireless clients.
4 The AP and wireless clients use the TKIP or AES encryption process to encrypt data
exchanged between them.
Figure 36 WPA(2)-PSK Authentication
4.4.6 WPA-PSK/WPA2-PSK Authentication Screen
Click the Wireless LAN link under Network to display the Wireless General screen.
Chapter 4 Wireless LAN89
Page 90
P-334WT User’s Guide
Figure 37 Wireless: WPA-PSK/WPA2-PSK
The following table describes the labels in this screen.
Table 30 Wireless: WPA-PSK/WPA2-PSK
LABELDESCRIPTION
WPA CompatibleThis check box is available only when you select WPA2-PSK or WPA2 in the
Pre-Shared Key The encryption mechanisms used for WPA/WPA2 and WPA-PSK/WPA2-PSK are
ReAuthentication
Timer (in seconds)
Security Mode field.
Select the check box to have both WPA2 and WPA wireless clients be able to
communicate with the Prestige even when the Prestige is using WPA2-PSK or
WPA2.
the same. The only difference between the two is that WPA-PSK/WPA2-PSK uses
a simple common password, instead of user-specific credentials.
Type a pre-shared key from 8 to 63 case-sensitive ASCII characters (including
spaces and symbols).
Specify how often wireless stations have to resend usernames and passwords in
order to stay connected. Enter a time interval between 10 and 9999 seconds. The
default time interval is 1800 seconds (30 minutes).
Note: If wireless station authentication is done using a RADIUS
server, the reauthentication timer on the RADIUS server has
priority.
Idle TimeoutThe Prestige automatically disconnects a wireless station from the wired network
after a period of inactivity. The wireless station needs to enter the username and
password again before access to the wired network is allowed. The default time
interval is 3600 seconds (or 1 hour).
90 Chapter 4 Wireless LAN
Page 91
Table 30 Wireless: WPA-PSK/WPA2-PSK
LABELDESCRIPTION
P-334WT User’s Guide
Group Key Update
Time r
ApplyClick Apply to save your changes back to the Prestige.
ResetClick Reset to reload the previous configuration for this screen.
The Group Key Update Timer is the rate at which the AP (if using WPA-PSK/WPA2-PSK key management) or RADIUS server (if using WPA/WPA2 key
management) sends a new group key out to all clients. The re-keying process is
the WPA/WPA2 equivalent of automatically changing the WEP key for an AP and
all stations in a WLAN on a periodic basis. Setting of the Group Key Update
Timer is also supported in WPA-PSK/WPA2-PSK mode. The Prestige default is
1800 seconds (30 minutes).
4.4.7 Wireless Client WPA Supplicants
A wireless client supplicant is the software that runs on an operating system instructing the
wireless client how to use WPA. At the time of writing, the most widely available supplicant is
the WPA patch for Windows XP, Funk Software's Odyssey client.
The Funk Software's Odyssey client is bundled free (at the time of writing) with the Prestige
client adaptor(s). This adds WPA capability to Windows XP's built-in "Zero Configuration"
wireless client.
4.4.8 WPA(2) with RADIUS Application Example
You need the IP address of the RADIUS server, its port number (default is 1812), and the
RADIUS shared secret. A WPA(2) application example with an external RADIUS server
looks as follows. "A" is the RADIUS server. "DS" is the distribution system.
1 The AP passes the wireless client's authentication request to the RADIUS server.
2 The RADIUS server then checks the user's identification against its database and grants
or denies network access accordingly.
3 The RADIUS server distributes a Pairwise Master Key (PMK) key to the AP that then
sets up a key hierarchy and management system, using the pair-wise key to dynamically
generate unique data encryption keys to encrypt every data packet that is wirelessly
communicated between the AP and the wireless clients.
Chapter 4 Wireless LAN91
Page 92
P-334WT User’s Guide
Figure 38 WPA(2) with RADIUS Application Example
4.4.9 WPA/WPA2 Authentication Screen
Click the Wireless LAN link under Network to display the Wireless General screen.
Figure 39 Wireless: WPA/WPA2
92 Chapter 4 Wireless LAN
Page 93
P-334WT User’s Guide
The following table describes the labels in this screen.
Table 31 Wireless: WPA/WPA2
LABELDESCRIPTION
WPA CompatibleThis check box is available only when you select WPA2-PSK or WPA2 in the
Security Mode field.
Select the check box to have both WPA2 and WPA wireless clients be able to
communicate with the Prestige even when the Prestige is using WPA2-PSK or
WPA2.
ReAuthentication
Timer (in seconds)
Specify how often wireless stations have to resend usernames and passwords in
order to stay connected. Enter a time interval between 10 and 9999 seconds. The
default time interval is 1800 seconds (30 minutes).
Note: If wireless station authentication is done using a RADIUS
server, the reauthentication timer on the RADIUS server
has priority.
Idle TimeoutThe Prestige automatically disconnects a wireless station from the wired network
after a period of inactivity. The wireless station needs to enter the username and
password again before access to the wired network is allowed. The default time
interval is 3600 seconds (or 1 hour).
Group Key Update
Timer
Authentication Server
IP AddressEnter the IP address of the external authentication server in dotted decimal
Port NumberEnter the port number of the external authentication server. The default port
Shared SecretEnter a password (up to 31 alphanumeric characters) as the key to be shared
Accounting Server
ActiveSelect Yes from the drop down list box to enable user accounting through an
IP AddressEnter the IP address of the external accounting server in dotted decimal notation.
Port NumberEnter the port number of the external accounting server. The default port number
Shared SecretEnter a password (up to 31 alphanumeric characters) as the key to be shared
The Group Key Update Timer is the rate at which the AP (if using WPA-PSK/WPA2-PSK key management) or RADIUS server (if using WPA/WPA2 key
management) sends a new group key out to all clients. The re-keying process is
the WPA/WPA2 equivalent of automatically changing the WEP key for an AP and
all stations in a WLAN on a periodic basis. Setting of the Group Key Update
Timer is also supported in WPA-PSK/WPA2-PSK mode. The Prestige default is
1800 seconds (30 minutes).
notation.
number is 1812.
You need not change this value unless your network administrator instructs you
to do so with additional information.
between the external authentication server and the Prestige.
The key must be the same on the external authentication server and your
Prestige. The key is not sent over the network.
external authentication server.
is 1813.
You need not change this value unless your network administrator instructs you
to do so with additional information.
between the external accounting server and the Prestige.
The key must be the same on the external accounting server and your Prestige.
The key is not sent over the network.
Chapter 4 Wireless LAN93
Page 94
P-334WT User’s Guide
Table 31 Wireless: WPA/WPA2
LABELDESCRIPTION
ApplyClick Apply to save your changes back to the Prestige.
ResetClick Reset to reload the previous configuration for this screen.
4.4.10 IEEE 802.1x Overview
You need the following for IEEE 802.1x authentication.
• A computer with an IEEE 802.11 a/b/g wireless LAN adapter and equipped with a web
browser (with JavaScript enabled) and/or Telnet.
• A wireless station computer must be running IEEE 802.1x-compliant software. Not all
Windows operating systems support IEEE 802.1x (see the Microsoft web site for details).
For other operating systems, see their documentation. If your operating system does not
support IEEE 802.1x, then you may need to install IEEE 802.1x client software.
• An optional network RADIUS server for remote user authentication and accounting.
4.4.11 IEEE 802.1x and Dynamic WEP Key Exchange
In order to configure and enable IEEE 802.1x and dynamic WEP key exchange; click the
Wireless LAN link under Network to display the Wireless General screen. Select 802.1x +
Dynamic WEP from the Security Mode list.
Figure 40 Wireless: 802.1x and Dynamic WEP
94 Chapter 4 Wireless LAN
Page 95
The following table describes the labels in this screen.
Table 32 Wireless: 802.1x and Dynamic WEP
LABELDESCRIPTION
P-334WT User’s Guide
ReAuthentication
Timer (in seconds)
Specify how often wireless stations have to resend usernames and passwords in
order to stay connected. Enter a time interval between 10 and 9999 seconds. The
default time interval is 1800 seconds (30 minutes).
Note: If wireless station authentication is done using a RADIUS
server, the reauthentication timer on the RADIUS server
has priority.
Idle TimeoutThe Prestige automatically disconnects a wireless station from the wired network
Dynamic WEP Key
Exchange
Authentication Server
IP AddressEnter the IP address of the external authentication server in dotted decimal
Port NumberEnter the port number of the external authentication server. The default port
Shared SecretEnter a password (up to 31 alphanumeric characters) as the key to be shared
Accounting Server
ActiveSelect Yes from the drop down list box to enable user accounting through an
IP AddressEnter the IP address of the external accounting server in dotted decimal notation.
Port NumberEnter the port number of the external accounting server. The default port number
Shared SecretEnter a password (up to 31 alphanumeric characters) as the key to be shared
ApplyClick Apply to save your changes back to the Prestige.
ResetClick Reset to reload the previous configuration for this screen.
after a period of inactivity. The wireless station needs to enter the username and
password again before access to the wired network is allowed. The default time
interval is 3600 seconds (or 1 hour).
Select 64-bit WEP or 128-bit WEP to enable data encryption. Up to 32 stations
can access the Prestige when you configure dynamic WEP key exchange.
notation.
number is 1812.
You need not change this value unless your network administrator instructs you
to do so with additional information.
between the external authentication server and the Prestige.
The key must be the same on the external authentication server and your
Prestige. The key is not sent over the network.
external authentication server.
is 1813.
You need not change this value unless your network administrator instructs you
to do so with additional information.
between the external accounting server and the Prestige.
The key must be the same on the external accounting server and your Prestige.
The key is not sent over the network.
4.4.12 IEEE 802.1x and Static WEP Key Exchange
In order to configure and enable IEEE 802.1x and static WEP key exchange; click the
Wireless LAN link under Network to display the Wireless General screen. Select 802.1x +
Static WEP from the Security Mode list.
Chapter 4 Wireless LAN95
Page 96
P-334WT User’s Guide
Figure 41 Wireless: 802.1x and Static WEP
The following table describes the labels in this screen.
Table 33 Wireless: 802.1x and Static WEP
LABELDESCRIPTION
PassphraseEnter a Passphrase (up to 32 printable characters) and clicking Generate. The
WEP EncryptionSelect 64-bit WEP, 128-bit WEP or 256-bit WEP to enable data encryption.
Authentication
Method
ASCIISelect this option in order to enter ASCII characters as the WEP keys.
HexSelect this option in order to enter hexadecimal characters as the WEP keys. The
96 Chapter 4 Wireless LAN
Prestige automatically generates a WEP key.
This field is activated when you select 64-bit WEP, 128-bit WEP or 256-bit WEP
in the WEP Encryption field. Select Auto, Open System or Shared Key from the
drop-down list box.
preceding "0x", that identifies a hexadecimal key, is entered automatically.
Page 97
P-334WT User’s Guide
Table 33 Wireless: 802.1x and Static WEP
LABELDESCRIPTION
Key 1 to Key 4The WEP keys are used to encrypt data. Both the Prestige and the wireless
stations must use the same WEP key for data transmission.
If you chose 64-bit WEP, then enter any 5 ASCII characters or 10 hexadecimal
characters ("0-9", "A-F").
If you chose 128-bit WEP, then enter 13 ASCII characters or 26 hexadecimal
characters ("0-9", "A-F").
If you chose 256-bit WEP, then enter 29 ASCII characters or 58 hexadecimal
characters ("0-9", "A-F").
You must configure at least one key, only one key can be activated at any one
time. The default key is key 1.
ReAuthentication
Timer (in seconds)
Specify how often wireless stations have to reenter usernames and passwords in
order to stay connected. Enter a time interval between 10 and 9999 seconds. The
default time interval is 1800 seconds (30 minutes).
Note: If wireless station authentication is done using a RADIUS
server, the reauthentication timer on the RADIUS server has
priority.
Idle TimeoutThe Prestige automatically disconnects a wireless station from the wired network
after a period of inactivity. The wireless station needs to enter the username and
password again before access to the wired network is allowed. The default time
interval is 3600 seconds (or 1 hour).
Authentication Server
IP AddressEnter the IP address of the external authentication server in dotted decimal
notation.
Port NumberEnter the port number of the external authentication server. The default port
Shared SecretEnter a password (up to 31 alphanumeric characters) as the key to be shared
Accounting Server
ActiveSelect Yes from the drop down list box to enable user accounting through an
IP AddressEnter the IP address of the external accounting server in dotted decimal notation.
Port NumberEnter the port number of the external accounting server. The default port number
Shared SecretEnter a password (up to 31 alphanumeric characters) as the key to be shared
ApplyClick Apply to save your changes back to the Prestige.
ResetClick Reset to reload the previous configuration for this screen.
number is 1812.
You need not change this value unless your network administrator instructs you
to do so with additional information.
between the external authentication server and the Prestige.
The key must be the same on the external authentication server and your
Prestige. The key is not sent over the network.
external authentication server.
is 1813.
You need not change this value unless your network administrator instructs you
to do so with additional information.
between the external accounting server and the Prestige.
The key must be the same on the external accounting server and your Prestige.
The key is not sent over the network.
Chapter 4 Wireless LAN97
Page 98
P-334WT User’s Guide
4.4.13 IEEE 802.1x + no WEP
In order to configure and enable 802.1x; click the Wireless LAN link under Network to
display the Wireless General screen. Select 802.1x + No WEP from the Security Mode list.
Figure 42 Wireless: 802.1x
The following table describes the labels in this screen.
Table 34 Wireless: 802.1x and No WEP
LABELDESCRIPTION
ReAuthentication
Timer (in seconds)
Specify how often wireless stations have to reenter usernames and passwords in
order to stay connected. Enter a time interval between 10 and 9999 seconds. The
default time interval is 1800 seconds (30 minutes).
Note: If wireless station authentication is done using a RADIUS
server, the reauthentication timer on the RADIUS server has
priority.
Idle TimeoutThe Prestige automatically disconnects a wireless station from the wired network
after a period of inactivity. The wireless station needs to enter the username and
password again before access to the wired network is allowed. The default time
interval is 3600 seconds (or 1 hour).
Authentication Server
IP AddressEnter the IP address of the external authentication server in dotted decimal
notation.
Port NumberEnter the port number of the external authentication server. The default port
number is 1812.
You need not change this value unless your network administrator instructs you
to do so with additional information.
98 Chapter 4 Wireless LAN
Page 99
P-334WT User’s Guide
Table 34 Wireless: 802.1x and No WEP
LABELDESCRIPTION
Shared SecretEnter a password (up to 31 alphanumeric characters) as the key to be shared
between the external authentication server and the Prestige.
The key must be the same on the external authentication server and your
Prestige. The key is not sent over the network.
Accounting Server
ActiveSelect Yes from the drop down list box to enable user accounting through an
IP AddressEnter the IP address of the external accounting server in dotted decimal notation.
Port NumberEnter the port number of the external accounting server. The default port number
Shared SecretEnter a password (up to 31 alphanumeric characters) as the key to be shared
ApplyClick Apply to save your changes back to the Prestige.
ResetClick Reset to reload the previous configuration for this screen.
external authentication server.
is 1813.
You need not change this value unless your network administrator instructs you
to do so with additional information.
between the external accounting server and the Prestige.
The key must be the same on the external accounting server and your Prestige.
The key is not sent over the network.
4.5 OTIST
OTIST (One-Touch Intelligent Security Technology) allows your Prestige to set the wireless
client to use the same wireless settings as the Prestige.
Note: The wireless client must support OTIST and have OTIST enabled.
The following are the wireless settings that the Prestige assigns to the wireless client if OTIST
is enabled on both devices and the OTIST setup keys are the same.
•SSID
• Security (WEP or WPA-PSK)
Note: This will replace the pre-configured wireless settings on the wireless clients.
Click the Wireless LAN link under Network and then the OTIST tab. The following screen
displays.
Chapter 4 Wireless LAN99
Page 100
P-334WT User’s Guide
Figure 43 OTIST
The following table describes the labels in this screen.
Table 35 OTIST
LABELDESCRIPTION
Setup KeyType an OTIST Setup Key of exactly eight ASCII characters in length.
Yes!If you want to configure your own WPA-PSK and have OTIST use that WPA-
The default OTIST setup key is "01234567".
Note: If you change the OTIST setup key here, you must also
make the same change on the wireless client(s).
PSK, you must:
•Configure a WPA-PSK in the Wireless General screen.
•Clear the Ye s! checkbox in the OTIST screen and click Apply.
Star tClick Start to encrypt the wireless security data using the setup key and have
4.5.1 Activating OTIST
After you click Start, a dialog box displays the security mode and the WEP key or pre-shared
key depending on which mode is configured. Click OK to proceed with the OTIST setup.
Note: If you already have a WPA-PSK configured in the
Wireless General screen, and you run OTIST with Yes!
selected, OTIST will not replace the WPA-PSK. Clear the
checkbox in the OTIST screen.
If you want OTIST to automatically generate a WPA-PSK, you must:
•Change your security to None in the Wireless General screen.
•Select the Yes! checkbox in the OTIST screen and click Apply.
•The wireless screen displays an auto generated WPA-PSK and is now in
WPA-PSK security mode.
The WPA-PSK security settings are assigned to the wireless client when you
start OTIST.
the Prestige set the wireless station to use the same wireless settings as the
Prestige. You must also activate and start OTIST on the wireless station at the
same time.
The process takes three minutes to complete.
100 Chapter 4 Wireless LAN
Loading...
+ hidden pages
You need points to download manuals.
1 point = 1 manual.
You can buy points or you can get point for every manual you upload.