ZyXEL Prestige 334WT User Guide

P-334WT

802.11g Wireless Broadband Router with Firewall

User’s Guide

Version 3.60

1/2006

P-334WT User’s Guide

Copyright

Copyright © 2006 by ZyXEL Communications Corporation.

The contents of this publication may not be reproduced in any part or as a whole, transcribed,
stored in a retrieval system, translated into any language, or transmitted in any form or by any
means, electronic, mechanical, magnetic, optical, chemical, photocopying, manual, or
otherwise, without the prior written permission of ZyXEL Communications Corporation.

Published by ZyXEL Communications Corporation. All rights reserved.

Disclaimer

ZyXEL does not assume any liability arising out of the application or use of any products, or
software described herein. Neither does it convey any license under its patent rights nor the
patent rights of others. ZyXEL further reserves the right to make changes in any products
described herein without notice. This publication is subject to change without notice.

Trademarks

ZyNOS (ZyXEL Network Operating System) is a registered trademark of ZyXEL
Communications, Inc. Other trademarks mentioned in this publication are used for
identification purposes only and may be properties of their respective owners.

Copyright 3

P-334WT User’s Guide

Federal Communications

Commission (FCC) Interference

Statement

This device complies with Part 15 of FCC rules. Operation is subject to the following two
conditions:

• This device may not cause harmful interference.

• This device must accept any interference received, including interference that may cause
undesired operations.

This equipment has been tested and found to comply with the limits for a Class B digital
device pursuant to Part 15 of the FCC Rules. These limits are designed to provide reasonable
protection against harmful interference in a commercial environment. This equipment
generates, uses, and can radiate radio frequency energy, and if not installed and used in
accordance with the instructions, may cause harmful interference to radio communications.

If this equipment does cause harmful interference to radio/television reception, which can be
determined by turning the equipment off and on, the user is encouraged to try to correct the
interference by one or more of the following measures:

• Reorient or relocate the receiving antenna.

• Increase the separation between the equipment and the receiver.

• Connect the equipment into an outlet on a circuit different from that to which the receiver
is connected.

• Consult the dealer or an experienced radio/TV technician for help.

Notice 1

Changes or modifications not expressly approved by the party responsible for compliance
could void the user's authority to operate the equipment.

This Class B digital apparatus complies with Canadian ICES-003.

Cet appareil numérique de la classe B est conforme à la norme NMB-003 du Canada.

Certifications

1 Go to www.zyxel.com.

2 Select your product from the drop-down list box on the ZyXEL home page to go to that

product's page.

3 Select the certification you wish to view from this page.

4 Federal Communications Commission (FCC) Interference Statement

P-334WT User’s Guide

Safety Warnings

For your safety, be sure to read and follow all warning notices and instructions.

• To reduce the risk of fire, use only No. 26 AWG (American Wire Gauge) or larger
telecommunication line cord.

• Do NOT open the device or unit. Opening or removing covers can expose you to
dangerous high voltage points or other risks. ONLY qualified service personnel can
service the device. Please contact your vendor for further information.

• Use ONLY the dedicated power supply for your device. Connect the power cord or
power adaptor to the right supply voltage (110V AC in North America or 230V AC in
Europe).

• Do NOT use the device if the power supply is damaged as it might cause electrocution.

• If the power supply is damaged, remove it from the power outlet.

• Do NOT attempt to repair the power supply. Contact your local vendor to order a new
power supply.

• Place connecting cables carefully so that no one will step on them or stumble over them.
Do NOT allow anything to rest on the power cord and do NOT locate the product where
anyone can walk on the power cord.

• If you wall mount your device, make sure that no electrical, gas or water pipes will be
damaged.

• Do NOT install nor use your device during a thunderstorm. There may be a remote risk of
electric shock from lightning.

• Do NOT expose your device to dampness, dust or corrosive liquids.

• Do NOT use this product near water, for example, in a wet basement or near a swimming
pool.

• Make sure to connect the cables to the correct ports.

• Do NOT obstruct the device ventilation slots, as insufficient airflow may harm your
device.

• Do NOT store things on the device.

• Connect ONLY suitable accessories to the device.

Safety Warnings 5

P-334WT User’s Guide

ZyXEL warrants to the original end user (purchaser) that this product is free from any defects
in materials or workmanship for a period of up to two years from the date of purchase. During
the warranty period, and upon proof of purchase, should the product have indications of failure
due to faulty workmanship and/or materials, ZyXEL will, at its discretion, repair or replace the
defective products or components without charge for either parts or labor, and to whatever
extent it shall deem necessary to restore the product or components to proper operating
condition. Any replacement will consist of a new or re-manufactured functionally equivalent
product of equal or higher value, and will be solely at the discretion of ZyXEL. This warranty
shall not apply if the product has been modified, misused, tampered with, damaged by an act
of God, or subjected to abnormal working conditions.

Note

Repair or replacement, as provided under this warranty, is the exclusive remedy of the
purchaser. This warranty is in lieu of all other warranties, express or implied, including any
implied warranty of merchantability or fitness for a particular use or purpose. ZyXEL shall in
no event be held liable for indirect or consequential damages of any kind to the purchaser.

ZyXEL Limited Warranty

To obtain the services of this warranty, contact ZyXEL's Service Center for your Return
Material Authorization number (RMA). Products must be returned Postage Prepaid. It is
recommended that the unit be insured when shipped. Any returned products without proof of
purchase or those with an out-dated warranty will be repaired or replaced (at the discretion of
ZyXEL) and the customer will be billed for parts and labor. All repaired or replaced products
will be shipped by ZyXEL to the corresponding return address, Postage Paid. This warranty
gives you specific legal rights, and you may also have other rights that vary from country to
country.

Registration

Register your product online to receive e-mail notices of firmware upgrades and information

www.zyxel.com for global products, or at www.us.zyxel.com for North American products.

at

6 ZyXEL Limited Warranty

P-334WT User’s Guide

Customer Support

Please have the following information ready when you contact customer support.

• Product model and serial number.

• Warranty Information.

• Date that you received your device.

• Brief description of the problem and the steps you took to solve it.

METHOD

LOCATION

CORPORATE
HEADQUARTERS
(WORLDWIDE)

CZECH REPUBLIC

DENMARK

FINLAND

FRANCE

GERMANY

HUNGARY

KAZAKHSTAN

NORTH AMERICA

NORWAY

SUPPORT E-MAIL TELEPHONE

SALES E-MAIL FAX FTP SITE

support@zyxel.com.tw +886-3-578-3942 www.zyxel.com

sales@zyxel.com.tw +886-3-578-2439 ftp.zyxel.com

info@cz.zyxel.com +420-241-091-350 www.zyxel.cz ZyXEL Communications

info@cz.zyxel.com +420-241-091-359

support@zyxel.dk +45-39-55-07-00 www.zyxel.dk ZyXEL Communications A/S

sales@zyxel.dk +45-39-55-07-07

support@zyxel.fi +358-9-4780-8411 www.zyxel.fi ZyXEL Communications Oy

sales@zyxel.fi +358-9-4780 8448

info@zyxel.fr +33-4-72-52-97-97 www.zyxel.fr ZyXEL France

+33-4-72-52-19-20

support@zyxel.de +49-2405-6909-0 www.zyxel.de ZyXEL Deutschland GmbH.

sales@zyxel.de +49-2405-6909-99

support@zyxel.hu +36-1-3361649 www.zyxel.hu ZyXEL Hungary

info@zyxel.hu +36-1-3259100

http://zyxel.kz/support +7-3272-590-698 www.zyxel.kz ZyXEL Kazakhstan

sales@zyxel.kz +7-3272-590-689

support@zyxel.com 1-800-255-4101

+1-714-632-0882

sales@zyxel.com +1-714-632-0858 ftp.us.zyxel.com

support@zyxel.no +47-22-80-61-80 www.zyxel.no ZyXEL Communications A/S

sales@zyxel.no +47-22-80-61-81

A

WEB SITE

www.europe.zyxel.com

ftp.europe.zyxel.com

www.us.zyxel.com ZyXEL Communications Inc.

REGULAR MAIL

ZyXEL Communications Corp.
6 Innovation Road II

Science Park
Hsinchu 300
Ta iw a n

Czech s.r.o.
Modranská 621
143 01 Praha 4 - Modrany
Ceská Republika

Columbusvej
2860 Soeborg
Denmark

Malminkaari 10
00700 Helsinki
Finland

1 rue des Vergers
Bat. 1 / C
69760 Limonest
France

Adenauerstr. 20/A2 D-52146
Wuerselen
Germany

48, Zoldlomb Str.
H-1025, Budapest
Hungary

43, Dostyk ave.,Office 414
Dostyk Business Centre
050010, Almaty
Republic of Kazakhstan

1130 N. Miller St.
Anaheim
CA 92806-2001
U.S.A.

Nils Hansens vei 13
0667 Oslo
Norway

Customer Support 7

P-334WT User’s Guide

METHOD

LOCATION

POLAND

RUSSIA

SPAIN

SWEDEN

UKRAINE

UNITED KINGDOM

A. “+” is the (prefix) number you enter to make an international telephone call.

SUPPORT E-MAIL TELEPHONE

SALES E-MAIL FAX FTP SITE

info@pl.zyxel.com +48-22-5286603 www.pl.zyxel.com ZyXEL Communications

+48-22-5206701

http://zyxel.ru/support +7-095-542-89-29 www.zyxel.ru ZyXEL Russia

sales@zyxel.ru +7-095-542-89-25

support@zyxel.es +34-902-195-420 www.zyxel.es ZyXEL Communications

sales@zyxel.es +34-913-005-345

support@zyxel.se +46-31-744-7700 www.zyxel.se ZyXEL Communications A/S

sales@zyxel.se +46-31-744-7701

support@ua.zyxel.com +380-44-247-69-78 www.ua.zyxel.com ZyXEL Ukraine

sales@ua.zyxel.com +380-44-494-49-32

support@zyxel.co.uk +44-1344 303044

08707 555779 (UK only)

sales@zyxel.co.uk +44-1344 303034 ftp.zyxel.co.uk

A

WEB SITE

REGULAR MAIL

ul.Emilli Plater 53
00-113 Warszawa
Poland

Ostrovityanova 37a Str.
Moscow, 117279
Russia

Alejandro Villegas 33
1º, 28043 Madrid
Spain

Sjöporten 4, 41764 Göteborg
Sweden

13, Pimonenko Str.
Kiev, 04050
Ukraine

www.zyxel.co.uk ZyXEL Communications UK

Ltd.,11 The Courtyard,
Eastern Road, Bracknell,
Berkshire, RG12 2XB,
United Kingdom (UK)

8 Customer Support

P-334WT User’s Guide

Table of Contents

Copyright ..................................................................................................................3

Federal Communications Commission (FCC) Interference Statement ............... 4

Safety Warnings ....................................................................................................... 5

ZyXEL Limited Warranty.......................................................................................... 6

Customer Support.................................................................................................... 7

Table of Contents .....................................................................................................9

Preface ....................................................................................................................37

Chapter 1

Getting to Know Your Prestige ............................................................................. 39

1.1 Prestige Overview ..............................................................................................39

1.2 Prestige Features ...............................................................................................39

1.2.1 Physical Features .....................................................................................39

1.2.2 Non-Physical Features .............................................................................40

1.2.3 Wireless Features .....................................................................................43

1.3 Applications for the Prestige ..............................................................................45

1.3.1 Secure Broadband Internet Access via Cable or DSL Modem .................45

1.3.2 VPN Application ........................................................................................45

1.3.3 Wireless LAN Application .........................................................................46

1.3.4 Front Panel LEDs .....................................................................................47

Chapter 2

Introducing the Web Configurator........................................................................ 49

2.1 Web Configurator Overview ...............................................................................49

2.2 Accessing the Prestige Web Configurator .........................................................49

2.3 Resetting the Prestige ........................................................................................50

2.3.1 Procedure to Use the Reset Button ..........................................................50

2.4 Navigating the Prestige Web Configurator ......................................................50

2.4.1 Navigation Panel .......................................................................................53

2.4.2 Summary: Any IP Table ..........................................................................55

2.4.3 Summary: DHCP Table ...........................................................................56

2.4.4 Summary: Parental Controls Statistics ...................................................57

2.4.4.1 General Control Mode and Per-User Control Mode ........................57

2.4.5 Summary: VPN Monitor ..........................................................................59

2.4.6 Summary: Bandwidth Management Monitor ...........................................59

Table of Contents 9

P-334WT User’s Guide

Chapter 3

Connection Wizard................................................................................................. 65

3.1 Wizard Setup ......................................................................................................65

3.2 Connection Wizard: STEP 1: System Information .............................................66

3.3 Connection Wizard: STEP 2: Wireless LAN .......................................................67

3.4 Connection Wizard: STEP 3: Internet Configuration ..........................................71

3.5 Connection Wizard: STEP 4: Bandwidth management ......................................80

3.6 Connection Wizard Complete ............................................................................80

2.4.7 Summary: Packet Statistics .......................................................................60

2.4.8 Summary: Port Isolation ...........................................................................61

2.4.9 Summary: Wireless Station Status .........................................................62

2.4.9.1 WMM QoS .......................................................................................62

3.2.1 System Name ...........................................................................................66

3.2.2 Domain Name ...........................................................................................67

3.3.1 Basic(WEP) Security .................................................................................68

3.3.2 Extend(WPA-PSK or WPA2-PSK) Security ...............................................70

3.3.3 OTIST ........................................................................................................70

3.4.1 Ethernet Connection .................................................................................72

3.4.2 PPPoE Connection ...................................................................................73

3.4.3 PPTP Connection .....................................................................................74

3.4.4 Your IP Address .........................................................................................75

3.4.5 WAN IP Address Assignment ...................................................................76

3.4.6 IP Address and Subnet Mask ...................................................................76

3.4.7 DNS Server Address Assignment .............................................................77

3.4.8 WAN IP and DNS Server Address Assignment .........................................77

3.4.9 WAN MAC Address ...................................................................................79

Chapter 4

Wireless LAN .......................................................................................................... 83

4.1 Introduction ........................................................................................................83

4.2 Wireless Security Overview ...............................................................................83

4.2.1 Encryption .................................................................................................83

4.2.2 Authentication ...........................................................................................83

4.2.3 Restricted Access .....................................................................................84

4.2.4 Hide Prestige Identity ................................................................................84

4.2.5 G-plus .......................................................................................................84

4.2.6 Using OTIST .............................................................................................84

4.3 Configuring Wireless LAN on the Prestige .........................................................84

4.4 General Wireless LAN Screen .......................................................................85

4.4.1 No Security ...............................................................................................86

4.4.2 WEP Encryption ........................................................................................87

4.4.3 Static WEP Encryption ..............................................................................87

10 Table of Contents

P-334WT User’s Guide

4.4.4 Introduction to WPA and WPA2 ................................................................89

4.4.5 WPA(2)-PSK Application Example ...........................................................89

4.4.6 WPA-PSK/WPA2-PSK Authentication Screen ..........................................89

4.4.7 Wireless Client WPA Supplicants .............................................................91

4.4.8 WPA(2) with RADIUS Application Example ..............................................91

4.4.9 WPA/WPA2 Authentication Screen ...........................................................92

4.4.10 IEEE 802.1x Overview ............................................................................94

4.4.11 IEEE 802.1x and Dynamic WEP Key Exchange .....................................94

4.4.12 IEEE 802.1x and Static WEP Key Exchange ..........................................95

4.4.13 IEEE 802.1x + no WEP ..........................................................................98

4.5 OTIST .................................................................................................................99

4.5.1 Activating OTIST .....................................................................................100

4.6 MAC Filter ........................................................................................................101

4.7 Wireless LAN Advanced Screen ......................................................................102

4.8 WMM QoS ........................................................................................................104

4.8.1 WMM QoS Example ...............................................................................104

4.8.2 WMM QoS Priorities ...............................................................................105

4.8.3 Services ..................................................................................................105

4.9 QoS Screen ......................................................................................................107

4.9.1 ToS (Type of Service) and WMM QoS ....................................................107

4.10 Application Priority Configuration Screen .......................................................109

Chapter 5

WAN........................................................................................................................111

5.1 WAN Overview ................................................................................................. 111

5.2 TCP/IP Priority (Metric) .................................................................................... 111

5.3 WAN MAC Address .......................................................................................... 111

5.4 WAN ISP Screen ..............................................................................................112

5.4.1 Ethernet Encapsulation ........................................................................... 112

5.4.2 PPPoE Encapsulation .............................................................................113

5.4.3 PPTP Encapsulation ...............................................................................116

5.5 Advanced WAN Screen .................................................................................... 119

5.6 Traffic Redirect .................................................................................................121

5.7 Traffic Redirect Screen .....................................................................................122

Chapter 6

LAN........................................................................................................................123

6.1 LAN Overview ..................................................................................................123

6.1.1 IP Pool Setup ..........................................................................................123

6.1.2 System DNS Servers ..............................................................................123

6.2 LAN TCP/IP ......................................................................................................123

6.2.1 Factory LAN Defaults ..............................................................................123

6.2.2 IP Address and Subnet Mask .................................................................124

Table of Contents 11

P-334WT User’s Guide

6.3 Any IP ...............................................................................................................125

6.4 IP Screen .........................................................................................................126

6.5 LAN IP Alias ....................................................................................................127

6.6 Advanced LAN Screen .....................................................................................128

Chapter 7

DHCP Server......................................................................................................... 131

7.1 DHCP ...............................................................................................................131

7.2 DHCP Screen ...................................................................................................131

7.3 Static DHCP Screen .........................................................................................132

7.4 Client List Screen .............................................................................................133

Chapter 8

Network Address Translation (NAT)...................................................................135

6.2.3 RIP Setup ...............................................................................................124

6.2.4 Multicast ..................................................................................................124

6.3.1 How Any IP Works ..................................................................................126

8.1 NAT Overview ...............................................................................................135

8.1.1 NAT Definitions .......................................................................................135

8.1.2 What NAT Does ......................................................................................136

8.1.3 How NAT Works .....................................................................................136

8.1.4 NAT Application ......................................................................................137

8.1.5 NAT Mapping Types ...............................................................................137

8.2 Using NAT ........................................................................................................138

8.2.1 SUA (Single User Account) Versus NAT ................................................138

8.3 SUA Server ......................................................................................................138

8.3.1 Default Server IP Address ......................................................................139

8.3.2 Port Forwarding: Services and Port Numbers ........................................139

8.3.3 Configuring Servers Behind SUA (Example) ..........................................140

8.4 General NAT Screen ........................................................................................140

8.5 Port Forwarding Screen ...................................................................................141

8.5.1 Port Forwarding Rule Setup ..................................................................143

8.6 Trigger Port Forwarding ...................................................................................143

8.6.1 Trigger Port Forwarding Example ...........................................................144

8.6.2 Two Points To Remember About Trigger Ports .......................................144

8.7 Trigger Port Forwarding Screen .......................................................................145

Chapter 9

Firewall..................................................................................................................147

9.1 Introduction to Firewall .....................................................................................147

9.1.1 What is a Firewall? .................................................................................147

9.1.2 Stateful Inspection Firewall. ....................................................................147

9.1.3 About the Prestige Firewall .....................................................................147

12 Table of Contents

P-334WT User’s Guide

9.1.4 Guidelines For Enhancing Security With Your Firewall ..........................148

9.2 General Firewall Screen ...................................................................................148

9.3 Services Screen ..............................................................................................149

Chapter 10

Content Filtering ................................................................................................. 153

10.1 Introduction to Content Filtering .....................................................................153

10.2 Restrict Web Features ...................................................................................153

10.3 Days and Times .............................................................................................153

10.4 Filter Screen ...................................................................................................153

10.5 Schedule ........................................................................................................155

10.6 Customizing Keyword Blocking URL Checking ..............................................156

10.6.1 Domain Name or IP Address URL Checking ........................................156

10.6.2 Full Path URL Checking .......................................................................156

10.6.3 File Name URL Checking .....................................................................157

Chapter 11

Introduction to IPSec ........................................................................................... 159

11.1 VPN Overview ................................................................................................159

11.1.1 IPSec ....................................................................................................159

11.1.2 Security .................................................................................................159

11.1.3 Other Terminology .................................................................................159

11.1.3.1 Encryption ....................................................................................159

11.1.3.2 Data Confidentiality .....................................................................160

11.1.3.3 Data Integrity ...............................................................................160

11.1.3.4 Data Origin Authentication ...........................................................160

11.1.4 VPN Applications ..................................................................................160

11.2 IPSec Architecture ..........................................................................................160

11.2.1 IPSec Algorithms ..................................................................................161

11.2.2 Key Management ..................................................................................161

11.3 Encapsulation .................................................................................................161

11.3.1 Transport Mode .....................................................................................162

11.3.2 Tunnel Mode .........................................................................................162

11.4 IPSec and NAT ...............................................................................................162

Chapter 12

VPN Screens.......................................................................................................165

12.1 VPN/IPSec Overview .....................................................................................165

12.2 IPSec Algorithms ............................................................................................165

12.2.1 AH (Authentication Header) Protocol ....................................................165

12.2.2 ESP (Encapsulating Security Payload) Protocol ..................................165

12.3 My IP Address ................................................................................................166

12.4 Secure Gateway Address ..............................................................................166

Table of Contents 13

P-334WT User’s Guide

12.5 VPN Summary Screen ...................................................................................167

12.6 Keep Alive ......................................................................................................168

12.7 NAT Traversal ................................................................................................169

12.8 ID Type and Content ......................................................................................170

12.9 Pre-Shared Key ..............................................................................................172

12.10 VPN Rules ....................................................................................................172

12.11 IKE Phases ..................................................................................................176

12.12 Advanced Rule Setup Screen ......................................................................178

12.13 Manual Key ..................................................................................................182

12.14 Manual Key Screen ......................................................................................183

12.15 SA Monitor Screen .......................................................................................185

12.16 Global Setting Screen ..................................................................................186

12.17 Telecommuter VPN/IPSec Examples ...........................................................187

12.18 VPN and Remote Management ...................................................................189

12.4.1 Dynamic Secure Gateway Address ......................................................167

12.7.1 NAT Traversal Configuration .................................................................169

12.7.2 Remote DNS Server .............................................................................169

12.8.1 ID Type and Content Examples ............................................................171

12.11.1 Negotiation Mode ................................................................................177

12.11.2 Diffie-Hellman (DH) Key Groups .........................................................177

12.11.3 Perfect Forward Secrecy (PFS) ..........................................................177

12.13.1 Security Parameter Index (SPI) ..........................................................182

12.17.1 Telecommuters Sharing One VPN Rule Example ..............................187

12.17.2 Telecommuters Using Unique VPN Rules Example ...........................188

Chapter 13

Trend Micro Home Network Security (TMSS) ....................................................191

13.1 Trend Micro Home Network Security Overview .............................................191

13.2 Installing the Trend Micro Dashboard ............................................................192

13.2.1 Installing the Trend Micro Dashboard: Troubleshooting ........................193

13.3 Activating Your Free Services ........................................................................194

13.3.1 Registering a Trend Micro Customer Account.......................................195

13.3.2 Installing Trend Micro Internet Security .................................................197

13.3.3 Registering Trend Micro Internet Security .............................................200

13.4 TMSS Settings ...............................................................................................201

13.4.1 TMSS General Screen ..........................................................................201

13.4.2 Exception List Screen ..........................................................................202

13.4.3 Virus Protection Screen .......................................................................204

13.4.4 Parental Control Screen ......................................................................205

13.4.4.1 General Control Mode and Per-User Control Mode ....................205

13.4.4.2 Parents Override Password ........................................................206

13.4.5 Configuring an Access Profile in General Control Mode ......................208

13.4.6 Configuring a Schedule ........................................................................209

14 Table of Contents

P-334WT User’s Guide

13.4.7 Configuring the User List in Per-User Mode .........................................210

13.4.8 Content Blocking Categories .................................................................211

13.5 Port Isolation .................................................................................................212

Chapter 14

Static Route Screens ...........................................................................................215

14.1 Static Route Overview ....................................................................................215

14.2 IP Static Route Screen ...................................................................................215

14.2.1 Static Route Setup Screen ...................................................................216

Chapter 15

Bandwidth Management......................................................................................219

15.1 Bandwidth Management Overview ...............................................................219

15.2 Application-based Bandwidth Management ...................................................219

15.3 Subnet-based Bandwidth Management .........................................................219

15.4 Application and Subnet-based Bandwidth Management ...............................220

15.5 Bandwidth Management Priorities ................................................................221

15.6 Predefined Bandwidth Management Services ...............................................221

15.6.1 Services and Port Numbers ..................................................................222

15.7 Default Bandwidth Management Classes and Priorities ................................224

15.8 Bandwidth Management General Configuration ...........................................224

15.9 Bandwidth Management Advanced Configuration ........................................225

15.9.1 Rule Configuration with the Pre-defined Service ................................227

15.9.2 Rule Configuration with the User-defined Service ..............................228

15.10 Bandwidth Management Monitor ..............................................................229

Chapter 16

Remote Management Screens ............................................................................ 231

16.1 Remote Management Overview .....................................................................231

16.1.1 Remote Management Limitations .........................................................231

16.1.2 Remote Management and NAT ............................................................232

16.1.3 System Timeout ...................................................................................232

16.2 WWW Screen ..............................................................................................232

16.3 Telnet ..............................................................................................................233

16.4 Telnet Screen .................................................................................................233

16.5 FTP Screen ....................................................................................................234

16.6 SNMP .............................................................................................................235

16.6.1 Supported MIBs ....................................................................................237

16.6.2 SNMP Traps .........................................................................................237

16.7 SNMP Screen ................................................................................................237

16.8 DNS Screen ................................................................................................238

16.9 Security Screen ............................................................................................239

Table of Contents 15

P-334WT User’s Guide

Chapter 17

UPnP...................................................................................................................... 241

17.1 Universal Plug and Play Overview ................................................................241

17.2 UPnP and ZyXEL ...........................................................................................242

17.3 UPnP Screen .................................................................................................242

17.4 Installing UPnP in Windows Example ............................................................243

17.5 Using UPnP in Windows XP Example ...........................................................245

Chapter 18

System .................................................................................................................. 251

17.1.1 How Do I Know If I'm Using UPnP? ......................................................241

17.1.2 NAT Traversal .......................................................................................241

17.1.3 Cautions with UPnP ..............................................................................241

17.4.1 Installing UPnP in Windows Me ............................................................243

17.4.2 Installing UPnP in Windows XP ............................................................244

17.5.1 Auto-discover Your UPnP-enabled Network Device .............................246

17.5.2 Web Configurator Easy Access ............................................................247

17.5.3 Web Configurator Easy Access ............................................................248

18.1 System Overview ...........................................................................................251

18.2 System General Screen ...............................................................................251

18.3 Dynamic DNS .................................................................................................252

18.3.1 DynDNS Wildcard .................................................................................252

18.4 Dynamic DNS Screen ....................................................................................252

18.5 Time Setting Screen .......................................................................................254

Chapter 19

Logs....................................................................................................................... 257

19.1 View Log .......................................................................................................257

19.2 Log Settings ...................................................................................................258

Chapter 20

Tools ...................................................................................................................... 261

20.1 Firmware Upload Screen ...............................................................................261

20.2 Configuration Screen .....................................................................................262

20.2.1 Backup Configuration ...........................................................................263

20.2.2 Restore Configuration ...........................................................................263

20.2.3 Back to Factory Defaults .......................................................................264

20.3 Restart Screen ...............................................................................................265

Chapter 21

Introducing the SMT ............................................................................................267

21.1 SMT Introduction ............................................................................................267

21.1.1 Procedure for SMT Configuration via Telnet .........................................267

16 Table of Contents

P-334WT User’s Guide

21.1.2 Entering Password ................................................................................267

21.1.3 Prestige SMT Menu Overview ..............................................................268

21.2 Navigating the SMT Interface .........................................................................269

21.2.1 System Management Terminal Interface Summary ..............................271

21.3 Changing the System Password ....................................................................271

Chapter 22

Menu 1 General Setup ......................................................................................... 273

22.1 General Setup ................................................................................................273

22.2 Procedure To Configure Menu 1 ....................................................................273

22.2.1 Procedure to Configure Dynamic DNS .................................................275

Chapter 23

Menu 2 WAN Setup ..............................................................................................277

23.1 WAN Setup .....................................................................................................277

Chapter 24

Menu 3 LAN Setup ...............................................................................................279

24.1 LAN Setup ......................................................................................................279

24.1.1 General Ethernet Setup ........................................................................279

24.2 Protocol Dependent Ethernet Setup ..............................................................280

24.3 TCP/IP Ethernet Setup and DHCP ................................................................280

24.3.1 IP Alias Setup .......................................................................................282

24.4 Wireless LAN Setup .......................................................................................283

24.4.1 Configuring MAC Address Filter ...........................................................285

24.4.2 Configuring Roaming on the Prestige ...................................................286

Chapter 25

Internet Access .................................................................................................... 287

25.1 Introduction to Internet Access Setup ............................................................287

25.2 Ethernet Encapsulation ..................................................................................287

25.3 Configuring the PPTP Client ..........................................................................289

25.4 Configuring the PPPoE Client ........................................................................289

25.5 Basic Setup Complete ....................................................................................290

Chapter 26

Remote Node Configuration ...............................................................................291

26.1 Introduction to Remote Node Setup ...............................................................291

26.2 Remote Node Profile Setup ...........................................................................291

26.2.1 Ethernet Encapsulation .........................................................................291

26.2.2 PPPoE Encapsulation ...........................................................................293

26.2.2.1 Outgoing Authentication Protocol ................................................293

26.2.2.2 Nailed-Up Connection .................................................................294

Table of Contents 17

P-334WT User’s Guide

26.3 Edit IP .............................................................................................................295

26.4 Remote Node Filter ........................................................................................297

Chapter 27

Static Route Setup ...............................................................................................301

27.1 IP Static Route Setup .....................................................................................301

Chapter 28

Network Address Translation (NAT)...................................................................303

28.1 Using NAT ......................................................................................................303

28.2 Applying NAT .................................................................................................303

28.3 NAT Setup ......................................................................................................305

28.4 Configuring a Server behind NAT ..................................................................309

28.5 General NAT Examples ..................................................................................310

28.6 Configuring Trigger Port Forwarding .............................................................316

26.2.3 PPTP Encapsulation .............................................................................294

26.4.1 Traffic Redirect Setup ...........................................................................298

28.1.1 SUA (Single User Account) Versus NAT ..............................................303

28.3.1 Address Mapping Sets ..........................................................................305

28.3.1.1 User-Defined Address Mapping Sets ..........................................306

28.3.1.2 Ordering Your Rules ....................................................................307

28.5.1 Example 1: Internet Access Only ..........................................................310

28.5.2 Example 2: Internet Access with an Inside Server ............................... 311

28.5.3 Example 3: Multiple Public IP Addresses With Inside Servers .............312

28.5.4 Example 4: NAT Unfriendly Application Programs ...............................315

Chapter 29

Enabling the Firewall ...........................................................................................319

29.1 Remote Management and the Firewall ..........................................................319

29.2 Access Methods .............................................................................................319

29.3 Enabling the Firewall ......................................................................................319

Chapter 30

Filter Configuration..............................................................................................321

30.1 Introduction to Filters ......................................................................................321

30.1.1 The Filter Structure of the Prestige .......................................................322

30.2 Configuring a Filter Set ..................................................................................323

30.2.1 Configuring a Filter Rule .......................................................................325

30.2.2 Configuring a TCP/IP Filter Rule ..........................................................325

30.2.3 Configuring a Generic Filter Rule .........................................................328

30.3 Example Filter ................................................................................................330

30.4 Filter Types and NAT ......................................................................................332

30.5 Firewall Versus Filters ....................................................................................333

18 Table of Contents

P-334WT User’s Guide

30.6 Applying a Filter ............................................................................................333

30.6.1 Applying LAN Filters .............................................................................333

30.6.2 Applying Remote Node Filters ..............................................................334

Chapter 31

SNMP Configuration ............................................................................................335

31.1 About SNMP ..................................................................................................335

31.2 Supported MIBs ............................................................................................336

31.3 SNMP Configuration ......................................................................................336

31.4 SNMP Traps ...................................................................................................337

Chapter 32

System Security ...................................................................................................339

32.1 System Security .............................................................................................339

32.2 System Password ..........................................................................................339

32.3 Configuring External RADIUS Server ............................................................339

32.4 IEEE 802.1x ...................................................................................................341

Chapter 33

System Information and Diagnosis .................................................................... 343

33.1 System Status ................................................................................................343

33.2 System Information ........................................................................................345

33.2.1 System Information ...............................................................................345

33.2.2 Console Port Speed ..............................................................................346

33.3 Log and Trace ................................................................................................346

33.3.1 Syslog Logging .....................................................................................346

33.3.1.1 CDR ............................................................................................348

33.3.1.2 Packet triggered ..........................................................................348

33.3.1.3 Filter log .....................................................................................349

33.3.1.4 PPP log ......................................................................................349

33.3.1.5 Firewall log ..................................................................................350

33.3.2 Call-Triggering Packet ..........................................................................350

33.4 Diagnostic ......................................................................................................351

33.4.1 WAN DHCP ..........................................................................................352

Chapter 34

Firmware and Configuration File Maintenance ................................................. 355

34.1 Filename Conventions ...................................................................................355

34.2 Backup Configuration .....................................................................................356

34.2.1 Backup Configuration ...........................................................................356

34.2.2 Using the FTP Command from the Command Line ..............................357

34.2.3 Example of FTP Commands from the Command Line .........................357

34.2.4 GUI-based FTP Clients .........................................................................357

Table of Contents 19

P-334WT User’s Guide

34.3 Restore Configuration ....................................................................................359

34.4 Uploading Firmware and Configuration Files .................................................361

Chapter 35

System Maintenance............................................................................................ 365

34.2.5 TFTP and FTP over WAN Management Limitations .............................358

34.2.6 Backup Configuration Using TFTP .......................................................358

34.2.7 TFTP Command Example ....................................................................358

34.2.8 GUI-based TFTP Clients ......................................................................359

34.3.1 Restore Using FTP ...............................................................................359

34.3.2 Restore Using FTP Session Example ..................................................360

34.4.1 Firmware File Upload ............................................................................361

34.4.2 Configuration File Upload .....................................................................361

34.4.3 FTP File Upload Command from the DOS Prompt Example ................362

34.4.4 FTP Session Example of Firmware File Upload ...................................363

34.4.5 TFTP File Upload ..................................................................................363

34.4.6 TFTP Upload Command Example ........................................................363

35.1 Command Interpreter Mode ...........................................................................365

35.1.1 Command Syntax .................................................................................365

35.1.2 Command Usage ..................................................................................366

35.2 Call Control Support .......................................................................................366

35.2.1 Budget Management ............................................................................366

35.2.2 Call History ...........................................................................................367

35.3 Time and Date Setting ....................................................................................368

35.3.1 Resetting the Time ................................................................................370

Chapter 36

Remote Management ........................................................................................... 371

36.1 Remote Management .....................................................................................371

36.1.1 Remote Management Limitations .........................................................372

Chapter 37

Call Scheduling ....................................................................................................373

37.1 Introduction to Call Scheduling ......................................................................373

Chapter 38

VPN/IPSec Setup .................................................................................................. 377

38.1 VPN/IPSec Overview .....................................................................................377

38.2 IPSec Summary Screen .................................................................................378

38.3 IKE Setup .......................................................................................................383

38.4 Manual Setup .................................................................................................384

38.4.1 Active Protocol ......................................................................................385

38.4.2 Security Parameter Index (SPI) ............................................................385

20 Table of Contents

P-334WT User’s Guide

Chapter 39

SA Monitor ............................................................................................................ 387

39.1 SA Monitor Overview .....................................................................................387

39.2 Using SA Monitor ...........................................................................................387

Chapter 40

Troubleshooting ................................................................................................... 389

40.1 Problems Starting Up the Prestige .................................................................389

40.2 Problems with the LAN ...................................................................................389

40.3 Problems with the WAN .................................................................................390

40.4 Problems Accessing the Prestige ..................................................................391

40.5 Problems with Restricted Web Pages and Keyword Blocking .......................391

40.5.1 Pop-up Windows, JavaScripts and Java Permissions ..........................392

40.5.1.1 Internet Explorer Pop-up Blockers ..............................................393

40.5.1.2 JavaScripts ..................................................................................396

40.5.1.3 Java Permissions ........................................................................398

40.5.2 ActiveX Controls in Internet Explorer ....................................................400

Appendix A

Setting up Your Computer’s IP Address............................................................ 403

40.5.3 Verifying Settings ..................................................................................418

Appendix B

IP Subnetting ........................................................................................................ 419

Appendix C

PPPoE ................................................................................................................... 427

Appendix D

PPTP...................................................................................................................... 429

Appendix E

Wireless LANs ...................................................................................................... 433

Appendix F

Log Descriptions.................................................................................................. 443

Appendix G

Wall-mounting Instructions................................................................................. 459

Table of Contents 21

P-334WT User’s Guide

22 Table of Contents

P-334WT User’s Guide

List of Figures

Figure 1 Secure Internet Access via Cable, DSL or Wireless Modem ................................ 45

Figure 2 VPN Application .................................................................................................... 46

Figure 3 Internet Access Application Example .................................................................... 46

Figure 4 P-334WT Front Panel ........................................................................................... 47

Figure 5 Change Password Screen .................................................................................... 50

Figure 6 Web Configurator Status Screen .......................................................................... 51

Figure 7 Summary: Any IP Table ........................................................................................ 56

Figure 8 Summary: DHCP Table ......................................................................................... 56

Figure 9 Summary: Parental Control Statistics ................................................................... 58

Figure 10 Summary: VPN Monitor ...................................................................................... 59

Figure 11 Summary: BW MGMT Monitor ............................................................................ 60

Figure 12 Summary: Packet Statistics ................................................................................ 60

Figure 13 Summary: Port Isolation ...................................................................................... 62

Figure 14 Summary: Wireless Association List ................................................................... 63

Figure 15 Select Wizard or Advanced Mode ....................................................................... 65

Figure 16 Select a Language .............................................................................................. 66

Figure 17 Welcome to the Connection Wizard .................................................................... 66

Figure 18 Wizard Step 1: System Information ..................................................................... 67

Figure 19 Wizard Step 2: Wireless LAN .............................................................................. 68

Figure 20 Wizard Step 2: Basic(WEP) Security .................................................................. 69

Figure 21 Wizard Step 2: Extend(WPA-PSK or WPA2-PSK) Security ................................ 70

Figure 22 Wizard Step 2: OTIST ......................................................................................... 71

Figure 23 Wizard Step 3: ISP Parameters. ......................................................................... 72

Figure 24 Wizard Step 3: Ethernet Connection ................................................................... 72

Figure 25 Wizard Step 3: PPPoE Connection ..................................................................... 73

Figure 26 Wizard Step 3: PPTP Connection ....................................................................... 74

Figure 27 Wizard Step 3: Your IP Address .......................................................................... 75

Figure 28 Wizard Step 3: WAN IP and DNS Server Addresses .......................................... 78

Figure 29 Wizard Step 3: WAN MAC Address .................................................................... 79

Figure 30 Wizard Step 4: Bandwidth Management ............................................................ 80

Figure 31 Connection Wizard Save ................................................................................... 81

Figure 32 Connection Wizard Complete ............................................................................. 81

Figure 33 Wireless ............................................................................................................. 85

Figure 34 Wireless: No Security .......................................................................................... 86

Figure 35 Wireless: Static WEP Encryption ........................................................................ 88

Figure 36 WPA(2)-PSK Authentication ............................................................................... 89

List of Figures 23

P-334WT User’s Guide

Figure 37 Wireless: WPA-PSK/WPA2-PSK ......................................................................... 90

Figure 38 WPA(2) with RADIUS Application Example ........................................................ 92

Figure 39 Wireless: WPA/WPA2 ......................................................................................... 92

Figure 40 Wireless: 802.1x and Dynamic WEP .................................................................. 94

Figure 41 Wireless: 802.1x and Static WEP ....................................................................... 96

Figure 42 Wireless: 802.1x ................................................................................................. 98

Figure 43 OTIST ................................................................................................................. 100

Figure 44 OTIST Start ......................................................................................................... 101

Figure 45 OTIST Process ................................................................................................... 101

Figure 46 MAC Address Filter ............................................................................................. 102

Figure 47 Advanced ............................................................................................................ 103

Figure 48 QoS ..................................................................................................................... 108

Figure 49 Application Priority Configuration ........................................................................ 109

Figure 50 Ethernet Encapsulation ....................................................................................... 112

Figure 51 PPPoE Encapsulation ......................................................................................... 114

Figure 52 PPTP Encapsulation ........................................................................................... 117

Figure 53 Advanced ............................................................................................................ 119

Figure 54 Traffic Redirect WAN Setup ................................................................................ 121

Figure 55 Traffic Redirect LAN Setup ................................................................................. 121

Figure 56 WAN: Traffic Redirect .......................................................................................... 122

Figure 57 Any IP Example Application ................................................................................ 125

Figure 58 LAN IP ................................................................................................................. 126

Figure 59 LAN IP Alias ........................................................................................................ 127

Figure 60 Advanced ............................................................................................................ 129

Figure 61 General ............................................................................................................... 131

Figure 62 Static DHCP ........................................................................................................ 133

Figure 63 Client List ............................................................................................................ 134

Figure 64 How NAT Works .................................................................................................. 136

Figure 65 NAT Application With IP Alias ............................................................................. 137

Figure 66 Multiple Servers Behind NAT Example ............................................................... 140

Figure 67 NAT General ....................................................................................................... 141

Figure 68 Port Forwarding .................................................................................................. 142

Figure 69 Port Forwarding Rule Setup ................................................................................ 143

Figure 70 Trigger Port Forwarding Process: Example ........................................................ 144

Figure 71 Trigger Port .........................................................................................................145

Figure 72 General ............................................................................................................... 148

Figure 73 Services .............................................................................................................. 150

Figure 74 Content Filter Disabled ....................................................................................... 153

Figure 75 Content Filter: Filter ............................................................................................ 154

Figure 76 Content Filter: Schedule ..................................................................................... 155

Figure 77 Encryption and Decryption .................................................................................. 160

Figure 78 IPSec Architecture .............................................................................................. 161

Figure 79 Transport and Tunnel Mode IPSec Encapsulation .............................................. 162

24 List of Figures

P-334WT User’s Guide

Figure 80 IPSec Summary Fields ....................................................................................... 167

Figure 81 VPN Summary .................................................................................................... 167

Figure 82 NAT Router Between IPSec Routers .................................................................. 169

Figure 83 VPN Host using Intranet DNS Server Example .................................................. 170

Figure 84 Mismatching ID Type and Content Configuration Example ................................ 172

Figure 85 VPN Rule Setup .................................................................................................. 173

Figure 86 Two Phases to Set Up the IPSec SA .................................................................. 176

Figure 87 Advanced Rule Setup ......................................................................................... 178

Figure 88 Rule Setup with Manual Key ............................................................................... 183

Figure 89 SA Monitor .......................................................................................................... 186

Figure 90 Global Setting ..................................................................................................... 186

Figure 91 Telecommuters Sharing One VPN Rule Example ............................................... 188

Figure 92 Telecommuters Using Unique VPN Rules Example ........................................... 189

Figure 93 TMSS First Time Access ..................................................................................... 192

Figure 94 Security Warning Message Box .......................................................................... 192

Figure 95 Trend Micro Dashboard) ..................................................................................... 193

Figure 96 Dashboard Service Summary Screen ................................................................. 195

Figure 97 3 Steps Screen .................................................................................................... 196

Figure 98 Account Registration Screen .............................................................................. 196

Figure 99 Download Now Screen ....................................................................................... 198

Figure 100 Registration Information Screen ....................................................................... 199

Figure 101 Trend Micro Internet Security Registration Screen ........................................... 200

Figure 102 TMSS General Screen ...................................................................................... 201

Figure 103 Exception List Screen ....................................................................................... 203

Figure 104 Virus Protection Screen .................................................................................... 204

Figure 105 Parental Control Screen: General Control Mode .............................................. 206

Figure 106 Parental Control Screen: Per-User Control Mode ............................................. 207

Figure 107 General Mode: Edit Category ........................................................................... 209

Figure 108 General Mode: Edit Schedule ........................................................................... 210

Figure 109 Per-User Control Mode: Edit User List .............................................................. 211

Figure 110 Port Isolation Example ...................................................................................... 213

Figure 111 Port Isolation ..................................................................................................... 213

Figure 112 Example of Static Routing Topology .................................................................. 215

Figure 113 IP Static Route .................................................................................................. 216

Figure 114 Static Route Setup ............................................................................................ 217

Figure 115 Subnet-based Bandwidth Management Example ............................................. 220

Figure 116 Bandwidth Management: General ..................................................................... 225

Figure 117 Bandwidth Management: Advanced ................................................................. 226

Figure 118 Bandwidth Management Rule Configuration: Pre-defined Service ................... 227

Figure 119 Bandwidth Management Rule Configuration: User-defined Service ................. 228

Figure 120 Bandwidth Management: Monitor ..................................................................... 229

Figure 121 WWW Remote Management ............................................................................ 232

Figure 122 Telnet Configuration on a TCP/IP Network ....................................................... 233

List of Figures 25

P-334WT User’s Guide

Figure 123 Telnet Remote Management ............................................................................. 234

Figure 124 FTP Remote Management ................................................................................ 234

Figure 125 SNMP Management Model ............................................................................... 236

Figure 126 SNMP Remote Management ............................................................................ 237

Figure 127 DNS Remote Management ............................................................................... 238

Figure 128 Security Remote Management ......................................................................... 239

Figure 129 Configuring UPnP ............................................................................................. 242

Figure 130 System General ............................................................................................... 251

Figure 131 Dynamic DNS ................................................................................................... 253

Figure 132 Time Setting ...................................................................................................... 254

Figure 133 View Log ........................................................................................................... 257

Figure 134 Log Settings ...................................................................................................... 259

Figure 135 Maintenance Firmware Upload ......................................................................... 261

Figure 136 Upload Warning ................................................................................................ 262

Figure 137 Network Temporarily Disconnected .................................................................. 262

Figure 138 Upload Error Message ...................................................................................... 262

Figure 139 Configuration ..................................................................................................... 263

Figure 140 Configuration Restore Successful ..................................................................... 264

Figure 141 Temporarily Disconnected ................................................................................. 264

Figure 142 Configuration Restore Error .............................................................................. 264

Figure 143 System Restart ................................................................................................. 265

Figure 144 Login Screen ..................................................................................................... 267

Figure 145 SMT Main Menu ................................................................................................ 270

Figure 146 Menu 23 System Password .............................................................................. 272

Figure 147 Menu 1 General Setup. ..................................................................................... 274

Figure 148 Menu 1.1 Configure Dynamic DNS .................................................................. 275

Figure 149 Menu 2 WAN Setu ............................................................................................ 277

Figure 150 Menu 3 LAN Setup ............................................................................................ 279

Figure 151 Menu 3.1 LAN Port Filter Setup. ....................................................................... 279

Figure 152 Menu 3.2 TCP/IP and DHCP Ethernet Setup ................................................... 280

Figure 153 Physical Network & Partitioned Logical Networks ............................................ 282

Figure 154 Menu 3.2.1: IP Alias Setup ............................................................................... 282

Figure 155 Menu 3.5: Wireless LAN Setup ......................................................................... 283

Figure 156 Menu 3.5.1: WLAN MAC Address Filter ........................................................... 285

Figure 157 Menu 3.5.2: Roaming Configuration ................................................................. 286

Figure 158 Menu 4 Internet Access Setup .......................................................................... 287

Figure 159 Internet Access Setup (PPTP) ......................................................................... 289

Figure 160 Internet Access Setup (PPPoE) ........................................................................ 290

Figure 161 Menu 11.1 Remote Node Profile for Ethernet Encapsulation ............................ 292

Figure 162 Menu 11.1 Remote Node Profile for PPPoE Encapsulation .............................. 293

Figure 163 Menu 11.1 Remote Node Profile for PPTP Encapsulation ................................ 295

Figure 164 Menu 11.3 Remote Node Network Layer Options for Ethernet Encapsulation . 296

Figure 165 Menu 11.5: Remote Node Filter (Ethernet Encapsulation) ................................ 297

26 List of Figures

P-334WT User’s Guide

Figure 166 Menu 11.5: Remote Node Filter (PPPoE or PPTP Encapsulation) ................... 298

Figure 167 Menu 11.6: Traffic Redirect Setup .................................................................... 298

Figure 168 Menu 12 IP Static Route Setup ........................................................................ 301

Figure 169 Menu12.1 Edit IP Static Route .......................................................................... 301

Figure 170 Menu 4: Applying NAT for Internet Access ....................................................... 304

Figure 171 Menu 11.3 Applying NAT to the Remote Node ................................................. 304

Figure 172 Menu 15 NAT Setup .......................................................................................... 305

Figure 173 Menu 15.1 Address Mapping Sets .................................................................... 305

Figure 174 Menu 15.1.255 SUA Address Mapping Rules ................................................. 306

Figure 175 Menu 15.1.1 First Set ........................................................................................ 307

Figure 176 Menu 15.1.1.1 Editing/Configuring an Individual Rule in a Set ......................... 308

Figure 177 Menu 15.2.1 NAT Server Setup ........................................................................ 309

Figure 178 Multiple Servers Behind NAT Example ............................................................. 310

Figure 179 NAT Example 1 ................................................................................................. 310

Figure 180 Menu 4 Internet Access & NAT Example ......................................................... 311

Figure 181 NAT Example 2 ................................................................................................. 311

Figure 182 Menu 15.2.1 Specifying an Inside Server ......................................................... 312

Figure 183 NAT Example 3 ................................................................................................. 313

Figure 184 NAT Example 3: Menu 11.3 .............................................................................. 313

Figure 185 Example 3: Menu 15.1.1.1 ............................................................................... 314

Figure 186 Example 3: Final Menu 15.1.1 .......................................................................... 314

Figure 187 Example 3: Menu 15.2 ...................................................................................... 315

Figure 188 NAT Example 4 ................................................................................................. 315

Figure 189 Example 4: Menu 15.1.1.1 Address Mapping Rule. .......................................... 316

Figure 190 Example 4: Menu 15.1.1 Address Mapping Rules ............................................ 316

Figure 191 Menu 15.3 Trigger Port Setup ........................................................................... 317

Figure 192 Menu 21.2 Firewall Setup ................................................................................. 320

Figure 193 Outgoing Packet Filtering Process .................................................................... 321

Figure 194 Filter Rule Process ............................................................................................ 323

Figure 195 Menu 21: Filter and Firewall Setup ................................................................... 324

Figure 196 Menu 21.1: Filter Set Configuration .................................................................. 324

Figure 197 Menu 21.1.1.1 TCP/IP Filter Rule. .................................................................... 326

Figure 198 Executing an IP Filter ........................................................................................ 328

Figure 199 Menu 21.1.4.1 Generic Filter Rule .................................................................... 329

Figure 200 Telnet Filter Example ........................................................................................ 330

Figure 201 Example Filter: Menu 21.1.3.1 .......................................................................... 331

Figure 202 Example Filter Rules Summary: Menu 21.1.3 .................................................. 332

Figure 203 Protocol and Device Filter Sets ......................................................................... 333

Figure 204 Filtering LAN Traffic .......................................................................................... 333

Figure 205 Filtering Remote Node Traffic ........................................................................... 334

Figure 206 SNMP Management Model ............................................................................... 335

Figure 207 Menu 22 SNMP Configuration .......................................................................... 336

Figure 208 Menu 23 System Security ................................................................................. 339

List of Figures 27

P-334WT User’s Guide

Figure 209 Menu 23.2 System Security : RADIUS Server .................................................. 340

Figure 210 Menu 23.4 System Security : IEEE802.1x ........................................................ 341

Figure 211 Menu 24 System Maintenance .......................................................................... 343

Figure 212 Menu 24.1 System Maintenance : Status ......................................................... 344

Figure 213 Menu 24.2 System Information and Console Port Speed ............................... 345

Figure 214 Menu 24.2.1 System Maintenance : Information ............................................. 345

Figure 215 Menu 24.2.2 System Maintenance : Change Console Port Speed ................... 346

Figure 216 Menu 24.3.2 System Maintenance : Syslog Logging ........................................ 347

Figure 217 Call-Triggering Packet Example ........................................................................ 351

Figure 218 Menu 24.4 System Maintenance : Diagnostic ................................................... 352

Figure 219 LAN & WAN DHCP ........................................................................................... 352

Figure 220 Telnet in Menu 24.5 ........................................................................................... 356

Figure 221 FTP Session Example ...................................................................................... 357

Figure 222 Telnet into Menu 24.6. ....................................................................................... 360

Figure 223 Restore Using FTP Session Example ............................................................... 360

Figure 224 Telnet Into Menu 24.7.1 Upload System Firmware ........................................... 361

Figure 225 Telnet Into Menu 24.7.2 System Maintenance . ................................................ 362

Figure 226 FTP Session Example of Firmware File Upload ............................................... 363

Figure 227 Command Mode in Menu 24 ............................................................................. 365

Figure 228 Valid Commands ............................................................................................... 366

Figure 229 Menu 24.9 System Maintenance : Call Control ................................................. 366

Figure 230 Budget Management ......................................................................................... 367

Figure 231 Menu 24.9.2 - Call History ................................................................................ 368

Figure 232 Menu 24: System Maintenance ....................................................................... 369

Figure 233 Menu 24.10 System Maintenance: Time and Date Setting ............................... 369

Figure 234 Menu 24.11 – Remote Management Control .................................................... 371

Figure 235 Menu 26 Schedule Setup .................................................................................. 373

Figure 236 Menu 26.1 Schedule Set Setup ....................................................................... 374

Figure 237 Applying Schedule Set(s) to a Remote Node (PPPoE) .................................... 375

Figure 238 VPN SMT Menu Tree ........................................................................................ 377

Figure 239 Menu 27 VPN/IPSec Setup ............................................................................... 377

Figure 240 Menu 27 ............................................................................................................ 378

Figure 241 Menu 27.1.1 IPSec Setup ................................................................................. 380

Figure 242 Menu 27.1.1.1 IKE Setup .................................................................................. 383

Figure 243 Menu 27.1.1.2 Manual Setup ............................................................................ 385

Figure 244 Menu 27.2 SA Monitor ...................................................................................... 387

Figure 245 Pop-up Blocker ................................................................................................. 393

Figure 246 Internet Options ............................................................................................... 394

Figure 247 Internet Options ................................................................................................ 395

Figure 248 Pop-up Blocker Settings ................................................................................... 396

Figure 249 Internet Options ................................................................................................ 397

Figure 250 Security Settings - Java Scripting ..................................................................... 398

Figure 251 Security Settings - Java .................................................................................... 399

28 List of Figures

P-334WT User’s Guide

Figure 252 Java (Sun) ......................................................................................................... 400

Figure 253 Internet Options Security .................................................................................. 401

Figure 254 Security Setting ActiveX Controls ..................................................................... 402

Figure 255 WIndows 95/98/Me: Network: Configuration ..................................................... 404

Figure 256 Windows 95/98/Me: TCP/IP Properties: IP Address ......................................... 405

Figure 257 Windows 95/98/Me: TCP/IP Properties: DNS Configuration ............................ 406

Figure 258 Windows XP: Start Menu .................................................................................. 407

Figure 259 Windows XP: Control Panel .............................................................................. 407

Figure 260 Windows XP: Control Panel: Network Connections: Properties ....................... 408

Figure 261 Windows XP: Local Area Connection Properties .............................................. 408

Figure 262 Windows XP: Internet Protocol (TCP/IP) Properties ......................................... 409

Figure 263 Windows XP: Advanced TCP/IP Properties ...................................................... 410

Figure 264 Windows XP: Internet Protocol (TCP/IP) Properties ......................................... 411

Figure 265 Macintosh OS 8/9: Apple Menu ........................................................................ 412

Figure 266 Macintosh OS 8/9: TCP/IP ................................................................................ 412

Figure 267 Macintosh OS X: Apple Menu ........................................................................... 413

Figure 268 Macintosh OS X: Network ................................................................................. 414

Figure 269 Red Hat 9.0: KDE: Network Configuration: Devices ........................................ 415

Figure 270 Red Hat 9.0: KDE: Ethernet Device: General ................................................. 415

Figure 271 Red Hat 9.0: KDE: Network Configuration: DNS ............................................. 416

Figure 272 Red Hat 9.0: KDE: Network Configuration: Activate ................................. 416

Figure 273 Red Hat 9.0: Dynamic IP Address Setting in ifconfig-eth0 .............................. 417

Figure 274 Red Hat 9.0: Static IP Address Setting in ifconfig-eth0 .................................. 417

Figure 275 Red Hat 9.0: DNS Settings in resolv.conf ...................................................... 417

Figure 276 Red Hat 9.0: Restart Ethernet Card ................................................................ 418

Figure 277 Red Hat 9.0: Checking TCP/IP Properties ...................................................... 418

Figure 278 Single-Computer per Router Hardware Configuration ...................................... 428

Figure 279 Prestige as a PPPoE Client .............................................................................. 428

Figure 280 Transport PPP frames over Ethernet ............................................................... 429

Figure 281 PPTP Protocol Overview .................................................................................. 430

Figure 282 Example Message Exchange between Computer and an ANT ........................ 431

Figure 283 Peer-to-Peer Communication in an Ad-hoc Network ........................................ 433

Figure 284 Basic Service Set .............................................................................................. 434

Figure 285 Infrastructure WLAN ......................................................................................... 435

Figure 286 RTS/CTS .......................................................................................................... 436

Figure 287 Displaying Log Categories Example ................................................................. 457

Figure 288 Displaying Log Parameters Example ................................................................ 457

Figure 289 Wall-mounting Example .................................................................................... 459

List of Figures 29

P-334WT User’s Guide

30 List of Figures

P-334WT User’s Guide

List of Tables

Table 1 Front Panel LEDs .................................................................................................. 47

Table 2 Status Screen Icon Key ......................................................................................... 51

Table 3 Web Configurator Status Screen ........................................................................... 52

Table 4 Screens Summary ................................................................................................. 53

Table 5 Summary: Any IP Table ......................................................................................... 56

Table 6 Summary: DHCP Table ......................................................................................... 57

Table 7 Summary: Parental Control Statistics .................................................................... 58

Table 8 Summary: VPN Monitor ......................................................................................... 59

Table 9 Summary: Packet Statistics ................................................................................... 61

Table 10 Summary: Wireless Association List ................................................................... 62

Table 11 Summary: Wireless Association List .................................................................... 63

Table 12 Wizard Step 1: System Information ..................................................................... 67

Table 13 Wizard Step 2: Wireless LAN .............................................................................. 68

Table 14 Wizard Step 2: Basic(WEP) Security ................................................................... 69

Table 15 Wizard Step 2: Extend(WPA-PSK or WPA2-PSK) Security ................................. 70

Table 16 Wizard Step 2: OTIST .......................................................................................... 71

Table 17 Wizard Step 3: ISP Parameters ........................................................................... 72

Table 18 Wizard Step 3: PPPoE Connection ..................................................................... 73

Table 19 Wizard Step 3: PPTP Connection ........................................................................ 75

Table 20 Wizard Step 3: Your IP Address .......................................................................... 76

Table 21 Private IP Address Ranges ................................................................................. 76

Table 22 Wizard Step 3: WAN IP and DNS Server Addresses .......................................... 78

Table 23 Example of Network Properties for LAN Servers with Fixed IP Addresses ......... 79

Table 24 Wizard Step 3: WAN MAC Address ..................................................................... 79

Table 25 Wizard Step 4: Bandwidth Management ............................................................. 80

Table 26 Wireless Security Levels ..................................................................................... 85

Table 27 Wireless ............................................................................................................... 86

Table 28 Wireless No Security ........................................................................................... 87

Table 29 Wireless: Static WEP Encryption ......................................................................... 88

Table 30 Wireless: WPA-PSK/WPA2-PSK ......................................................................... 90

Table 31 Wireless: WPA/WPA2 .......................................................................................... 93

Table 32 Wireless: 802.1x and Dynamic WEP ................................................................... 95

Table 33 Wireless: 802.1x and Static WEP ........................................................................ 96

Table 34 Wireless: 802.1x and No WEP ............................................................................ 98

Table 35 OTIST .................................................................................................................. 100

Table 36 MAC Address Filter ............................................................................................. 102

List of Tables 31

P-334WT User’s Guide

Table 37 Advanced .............................................................................................................103

Table 38 WMM QoS Priorities ............................................................................................ 105

Table 39 Commonly Used Services ................................................................................... 105

Table 40 QoS ..................................................................................................................... 108

Table 41 Application Priority Configuration ........................................................................ 109

Table 42 Ethernet Encapsulation ....................................................................................... 112

Table 43 PPPoE Encapsulation ......................................................................................... 115

Table 44 PPTP Encapsulation ............................................................................................ 118

Table 45 Advanced .............................................................................................................120

Table 46 Traffic Redirect .................................................................................................... 122

Table 47 LAN IP ................................................................................................................. 127

Table 48 LAN IP Alias ........................................................................................................ 128

Table 49 Advanced .............................................................................................................129

Table 50 General ................................................................................................................ 132

Table 51 Static DHCP ......................................................................................................... 133

Table 52 Client List ............................................................................................................. 134

Table 53 NAT Definitions .................................................................................................... 135

Table 54 NAT Mapping Types ............................................................................................ 138

Table 55 Services and Port Numbers ................................................................................. 140

Table 56 NAT General ........................................................................................................ 141

Table 57 Port Forwarding ................................................................................................... 142

Table 58 Port Forwarding Rule Setup ................................................................................ 143

Table 59 Trigger Port .......................................................................................................... 145

Table 60 Firewall General .................................................................................................. 149

Table 61 Firewall Services ................................................................................................. 150

Table 62 Content Filter: Filter ............................................................................................. 154

Table 63 Content Filter: Schedule ...................................................................................... 156

Table 64 VPN and NAT ...................................................................................................... 163

Table 65 AH and ESP ........................................................................................................ 166

Table 66 VPN Summary ..................................................................................................... 168

Table 67 Local ID Type and Content Fields ....................................................................... 171

Table 68 Peer ID Type and Content Fields ........................................................................ 171

Table 69 Matching ID Type and Content Configuration Example ....................................... 171

Table 70 VPN Rule Setup .................................................................................................. 173

Table 71 Advanced Rule Setup .......................................................................................... 179

Table 72 Rule Setup with Manual Key ............................................................................... 183

Table 73 SA Monitor ...........................................................................................................186

Table 74 Global Setting ...................................................................................................... 187

Table 75 Telecommuter and Headquarters Configuration Example ................................... 187

Table 76 Internet Explorer Default Security Settings .......................................................... 194

Table 77 Settings: General Screen .................................................................................... 202

Table 78 Settings: Exception List Screen ........................................................................... 203

Table 79 Settings: Virus Protection Screen ........................................................................ 204

32 List of Tables

P-334WT User’s Guide

Table 80 Settings: Parental Control Screen ....................................................................... 207

Table 81 Content Blocking Categories ............................................................................... 211

Table 82 Port Isolation ........................................................................................................ 213

Table 83 IP Static Route ..................................................................................................... 216

Table 84 Static Route Setup ............................................................................................... 217

Table 85 Application and Subnet-based Bandwidth Management Example ...................... 220

Table 86 Bandwidth Management Priorities ....................................................................... 221

Table 87 Media Bandwidth Management Setup: Services ................................................. 221

Table 88 Commonly Used Services ................................................................................... 222

Table 89 Bandwidth Management Priority with Default Classes ........................................ 224

Table 90 Bandwidth Management: General ....................................................................... 225

Table 91 Bandwidth Management: Advanced .................................................................... 226

Table 92 Bandwidth Management Rule Configuration: Pre-defined Service ..................... 228

Table 93 Bandwidth Management Rule Configuration: User-defined Service ................... 229

Table 94 WWW Remote Management ............................................................................... 233

Table 95 Telnet Remote Management ............................................................................... 234

Table 96 FTP Remote Management .................................................................................. 235

Table 97 SNMP Traps ........................................................................................................ 237

Table 98 SNMP Remote Management ............................................................................... 238

Table 99 DNS Remote Management ................................................................................. 239

Table 100 Security Remote Management .......................................................................... 240

Table 101 Configuring UPnP .............................................................................................. 242

Table 102 System General ................................................................................................. 251

Table 103 Dynamic DNS .................................................................................................... 253

Table 104 Time Setting ...................................................................................................... 254

Table 105 View Logs .......................................................................................................... 258

Table 106 Log Settings ....................................................................................................... 259

Table 107 Maintenance Firmware Upload .......................................................................... 261

Table 108 Maintenance Restore Configuration .................................................................. 263

Table 109 SMT Menus Overview ....................................................................................... 268

Table 110 Main Menu Commands ...................................................................................... 269

Table 111 Main Menu Summary ......................................................................................... 271

Table 112 Menu 1 General Setup ....................................................................................... 274

Table 113 Menu 1.1 Configure Dynamic DNS .................................................................... 275

Table 114 Menu 2 WAN Setup ........................................................................................... 277

Table 115 DHCP Ethernet Setup Fields ............................................................................. 280

Table 116 Menu 3.2: LAN TCP/IP Setup Fields ................................................................. 281

Table 117 Menu 3.2.1: IP Alias Setup ................................................................................ 282

Table 118 Menu 3.5: Wireless LAN Setup .......................................................................... 284

Table 119 Menu 3.5.1: WLAN MAC Address Filter ............................................................ 285

Table 120 Menu 3.5.2: Roaming Configuration .................................................................. 286

Table 121 Internet Access Setup (Ethernet ....................................................................... 288

Table 122 New Fields in Menu 4 (PPTP) Screen ............................................................... 289

List of Tables 33

P-334WT User’s Guide

Table 123 New Fields in Menu 4 (PPPoE) screen ............................................................. 290

Table 124 Menu 11.1 Remote Node Profile for Ethernet Encapsulation ............................ 292

Table 125 Fields in Menu 11.1 (PPPoE Encapsulation Specific) ....................................... 294

Table 126 Menu 11.1 Remote Node Profile for PPTP Encapsulation ................................ 295

Table 127 Remote Node Network Layer Options ............................................................... 296

Table 128 Menu 11.6 Traffic Redirect Setup ...................................................................... 298

Table 129 Menu12.1 Edit IP Static Route ........................................................................... 302

Table 130 Applying NAT in Menus 4 & 11.3 ....................................................................... 305

Table 131 Menu 15.1.255 SUA Address Mapping Rules ................................................... 306

Table 132 Menu 15.1.1 First Set ........................................................................................ 307

Table 133 Menu 15.1.1.1 Editing/Configuring an Individual Rule in a Set ......................... 308

Table 134 Menu 15.3 Trigger Port Setup ........................................................................... 317

Table 135 Abbreviations Used in the Filter Rules Summary Menu .................................... 324

Table 136 Rule Abbreviations Used ................................................................................... 325

Table 137 Menu 21.1.x.x TCP/IP Filter Rule ...................................................................... 326

Table 138 Menu 21.1.x.x Generic Filter Rule Menu Fields ................................................ 329

Table 139 Menu 22 SNMP Configuration ........................................................................... 337

Table 140 SNMP Traps ...................................................................................................... 337

Table 141 Ports and Permanent Virtual Circuits ................................................................. 338

Table 142 Menu 23.2 System Security : RADIUS Server .................................................. 340

Table 143 Menu 23.4 System Security : IEEE802.1x ......................................................... 341

Table 144 System Maintenance: Status Menu Fields ........................................................ 344

Table 145 Menu 24.2.1 System Maintenance : Information ............................................... 346

Table 146 Menu 24.3.2 System Maintenance : Syslog and Accounting ............................ 347

Table 147 System Maintenance Menu Diagnostic ............................................................. 352

Table 148 Filename Conventions ....................................................................................... 356

Table 149 General Commands for GUI-based FTP Clients ............................................... 357

Table 150 General Commands for GUI-based TFTP Clients ............................................. 359

Table 151 Menu 24.9.1 - Budget Management .................................................................. 367

Table 152 Call History Fields .............................................................................................. 368

Table 153 Time and Date Setting Fields ............................................................................ 370

Table 154 Menu 24.11 – Remote Management Control ..................................................... 372

Table 155 Menu 26.1 Schedule Set Setup ......................................................................... 374

Table 156 Menu 27.1 IPSec Summary ............................................................................... 378

Table 157 Menu 27.1.1 IPSec Setup .................................................................................. 380

Table 158 Menu 27.1.1.1 IKE Setup .................................................................................. 383

Table 159 Active Protocol: Encapsulation and Security Protocol ....................................... 385

Table 160 Menu 27.1.1.2 Manual Setup ............................................................................ 385

Table 161 Menu 27.2 SA Monitor ....................................................................................... 388

Table 162 Troubleshooting Starting Up Your Prestige ........................................................ 389

Table 163 Troubleshooting the LAN ................................................................................... 389

Table 164 Troubleshooting the WAN .................................................................................. 390

Table 165 Troubleshooting Accessing the Prestige ........................................................... 391

34 List of Tables

P-334WT User’s Guide

Table 166 Troubleshooting Restricted Web Pages and Keyword Blocking ........................ 391

Table 167 Troubleshooting the Password .......................................................................... 392

Table 168 Troubleshooting Telnet ...................................................................................... 392

Table 169 Classes of IP Addresses ................................................................................... 419

Table 170 Allowed IP Address Range By Class ................................................................. 420

Table 171 “Natural” Masks ................................................................................................ 420

Table 172 Alternative Subnet Mask Notation ..................................................................... 421

Table 173 Two Subnets Example ....................................................................................... 421

Table 174 Subnet 1 ............................................................................................................422

Table 175 Subnet 2 ............................................................................................................422

Table 176 Subnet 1 ............................................................................................................423

Table 177 Subnet 2 ............................................................................................................423

Table 178 Subnet 3 ............................................................................................................423

Table 179 Subnet 4 ............................................................................................................424

Table 180 Eight Subnets .................................................................................................... 424

Table 181 Class C Subnet Planning ................................................................................... 424

Table 182 Class B Subnet Planning ................................................................................... 425

Table 183 IEEE 802.11g ..................................................................................................... 437

Table 184 Comparison of EAP Authentication Types ......................................................... 441

Table 185 Wireless Security Relational Matrix ................................................................... 442

Table 186 System Maintenance Logs ................................................................................ 443

Table 187 System Error Logs ............................................................................................. 444

Table 188 Access Control Logs .......................................................................................... 444

Table 189 TCP Reset Logs ................................................................................................ 445

Table 190 Packet Filter Logs .............................................................................................. 445

Table 191 ICMP Logs ......................................................................................................... 446

Table 192 CDR Logs .......................................................................................................... 446

Table 193 PPP Logs ........................................................................................................... 446

Table 194 UPnP Logs ........................................................................................................ 447

Table 195 Content Filtering Logs ....................................................................................... 447

Table 196 Attack Logs ........................................................................................................ 448

Table 197 IPSec Logs ........................................................................................................ 449

Table 198 IKE Logs ............................................................................................................449

Table 199 PKI Logs ............................................................................................................452

Table 200 Certificate Path Verification Failure Reason Codes ........................................... 453

Table 201 802.1X Logs ...................................................................................................... 454

Table 202 ACL Setting Notes ............................................................................................. 455

Table 203 ICMP Notes ....................................................................................................... 455

Table 204 Syslog Logs ....................................................................................................... 456

Table 205 RFC-2408 ISAKMP Payload Types ................................................................... 456

List of Tables 35

P-334WT User’s Guide

36 List of Tables

P-334WT User’s Guide

Preface

Congratulations on your purchase of the P-334WT, 802.11g Wireless Broadband Router with
Firewall. This manual is designed to guide you through the configuration of your Prestige for
its various applications.

Note: Use the web configurator, System Management Terminal (SMT) or command

interpreter interface to configure your Prestige. Not all features can be
configured through all interfaces.

This manual may refer to the P-334WT, 802.11g Wireless Broadband Router with Firewall as
the Prestige.

About This User's Guide

This User’s Guide is designed to guide you through the configuration of your Prestige using
the web configurator or the SMT. The web configurator parts of this guide contain
background information on features configurable by web configurator. The SMT parts of this
guide contain background information solely on features not configurable by web configurator

Note: Use the web configurator, System Management Terminal (SMT) or command

interpreter interface to configure your Prestige. Not all features can be
configured through all interfaces.

Related Documentation

• Supporting Disk

Refer to the included CD for support documents.

• Compact Guide

The Compact Guide is designed to help you get up and running right away. They contain
connection information and instructions on getting started.

• Web Configurator Online Help

Embedded web help for descriptions of individual screens and supplementary
information.

• ZyXEL Glossary and Web Site

Please refer to www.zyxel.com for an online glossary of networking terms and additional
support documentation.

User Guide Feedback

Help us help you! E-mail all User Guide-related comments, questions or suggestions for
improvement to techwriters@zyxel.com.tw or send regular mail to The Technical Writing
Team, ZyXEL Communications Corp., 6 Innovation Road II, Science-Based Industrial Park,
Hsinchu, 300, Taiwan. Thank you!

Preface 37

P-334WT User’s Guide

Syntax Conventions

• “Enter” means for you to type one or more characters. “Select” or “Choose” means for
you to use one predefined choice.

• The SMT menu titles and labels are in Bold Times New Roman font. Predefined field
choices are in Bold Arial font. Command and arrow keys are enclosed in square
brackets. [ENTER] means the Enter, or carriage return key; [ESC] means the Escape key
and [SPACE BAR] means the Space Bar.

• Mouse action sequences are denoted using a comma. For example, “In Windows, click
Start, Settings and then Control Panel” means first click the Start button, then point
your mouse pointer to Settings and then click Control Panel.

• “e.g.,” is a shorthand for “for instance”, and “i.e.,” means “that is” or “in other words”.

Graphics Icons Key

Prestige Computer Notebook computer

Server DSLAM Firewall

Modem Switch Router

38 Preface

Getting to Know Your Prestige

This chapter introduces the main features and applications of the Prestige.

1.1 Prestige Overview

The Prestige is the ideal secure wireless firewall router for all data passing between the
Internet and LAN’s.

By integrating NAT, firewall, media bandwidth management and VPN capability, ZyXEL’s
Prestige is a complete security solution that protects your Intranet and efficiently manages data
traffic on your network.

P-334WT User’s Guide

CHAPTER 1

The embedded web configurator is easy to operate.

In the Prestige product name, “W” denotes wireless functionality. The P-334WT has an
embedded mini-PCI module for 802.11g Wireless LAN connectivity.

Note: Only use firmware for your Prestige’s specific model.

1.2 Prestige Features

The following sections describe Prestige features.

1.2.1 Physical Features

10/100 Mbps Auto-negotiating Ethernet/Fast Ethernet Interface(s)

This auto-negotiation feature allows the Prestige to detect the speed of incoming transmissions
and adjust appropriately without manual intervention. It allows data transfer of either 10 Mbps
or 100 Mbps in either half-duplex or full-duplex mode depending on your Ethernet network.

Auto-negotiation allows data transfer of 100 Mbps in full-duplex mode

Auto-crossover 10/100 Mbps Ethernet Interface(s)

These interfaces automatically adjust to either a crossover or straight-through Ethernet cable.

Chapter 1 Getting to Know Your Prestige 39

P-334WT User’s Guide

4-Port Switch

A combination of switch and router makes your Prestige a cost-effective and viable network
solution. You can add up to four computers to the Prestige without the cost of a hub. Add more
than four computers to your LAN by using a hub.

Reset Button

The Prestige reset button is built into the rear panel. Use this button to restore the factory
default password to 1234; IP address to 192.168.1.1, subnet mask to 255.255.255.0 and DHCP
server enabled with a pool of 32 IP addresses starting at 192.168.1.33.

1.2.2 Non-Physical Features

Bandwidth Management

ZyXEL’s Bandwidth Management allows you to specify bandwidth classes based on an
application and/or subnet. You can allocate specific amounts of bandwidth capacity
(bandwidth budgets) to different bandwidth classes.

Trend Micro Security Services

TMSS (Trend Micro Security Services) identifies vulnerabilities and protects computers
and networks that have Internet connections. TMSS is enabled by default on the Prestige
but you must register at the TMSS web page. After you register, you can configure TMSS
using the Prestige web configurator.

IPSec VPN Capability

Establish a Virtual Private Network (VPN) to connect with business partners and branch
offices using data encryption and the Internet to provide secure communications without the
expense of leased site-to-site lines. The Prestige VPN is based on the IPSec standard and is
fully interoperable with other IPSec-based VPN products.

Firewall

The Prestige is a stateful inspection firewall with DoS (Denial of Service) protection. By
default, when the firewall is activated, all incoming traffic from the WAN to the LAN is
blocked unless it is initiated from the LAN. The Prestige firewall supports TCP/UDP
inspection, DoS detection and prevention, real time alerts, reports and logs.

Content Filtering

The Prestige can also block access to web sites containing keywords that you specify. You can
define time periods and days during which content filtering is enabled and include or exclude a
range of users on the LAN from content filtering.

40 Chapter 1 Getting to Know Your Prestige

P-334WT User’s Guide

Packet Filtering

The packet filtering mechanism blocks unwanted traffic from entering/leaving your network.

Time and Date

The Prestige allows you to get the current time and date from an external server when you turn
on your Prestige. You can also set the time manually.

Universal Plug and Play (UPnP)

Using the standard TCP/IP protocol, the Prestige and other UPnP enabled devices can
dynamically join a network, obtain an IP address and convey its capabilities to other devices
on the network.

Call Scheduling

Configure call time periods to restrict and allow access for users on remote nodes.

PPPoE

PPPoE facilitates the interaction of a host with an Internet modem to achieve access to high­speed data networks via a familiar "dial-up networking" user interface.

PPTP Encapsulation

Point-to-Point Tunneling Protocol (PPTP) is a network protocol that enables secure transfer of
data from a remote client to a private server, creating a Virtual Private Network (VPN) using a
TCP/IP-based network.

PPTP supports on-demand, multi-protocol and virtual private networking over public
networks, such as the Internet. The Prestige supports one PPTP server connection at any given
time.

Dynamic DNS Support

With Dynamic DNS (Domain Name System) support, you can have a static hostname alias for
a dynamic IP address, allowing the host to be more easily accessible from various locations on
the Internet. You must register for this service with a Dynamic DNS service provider.

IP Multicast

Deliver IP packets to a specific group of hosts using IP multicast. IGMP (Internet Group
Management Protocol) is the protocol used to support multicast groups. The latest version is
version 2 (see RFC 2236); the Prestige supports both versions 1 and 2.

Chapter 1 Getting to Know Your Prestige 41

P-334WT User’s Guide

IP Alias

IP Alias allows you to partition a physical network into logical networks over the same
Ethernet interface. The Prestige supports three logical LAN interfaces via its single physical
Ethernet LAN interface with the Prestige itself as the gateway for each LAN network.

SNMP

SNMP (Simple Network Management Protocol) is a protocol used for exchanging
management information between network devices. SNMP is a member of the TCP/IP
protocol suite. Your Prestige supports SNMP agent functionality, which allows a manager
station to manage and monitor the Prestige through the network. The Prestige supports SNMP
version one (SNMPv1) and version two (SNMPv2).

Network Address Translation (NAT)

Network Address Translation (NAT) allows the translation of an Internet protocol address
used within one network (for example a private IP address used in a local network) to a
different IP address known within another network (for example a public IP address used on
the Internet).

Traffic Redirect

Traffic Redirect forwards WAN traffic to a backup gateway on the LAN when the Prestige
cannot connect to the Internet, thus acting as an auxiliary backup when your regular WAN
connection fails.

Port Forwarding

Use this feature to forward incoming service requests to a server on your local network. You
may enter a single port number or a range of port numbers to be forwarded, and the local IP
address of the desired server.

DHCP (Dynamic Host Configuration Protocol)

DHCP (Dynamic Host Configuration Protocol) allows the individual client computers to
obtain the TCP/IP configuration at start-up from a centralized DHCP server. The Prestige has
built-in DHCP server capability, enabled by default, which means it can assign IP addresses,
an IP default gateway and DNS servers to all systems that support the DHCP client.

Any IP

The Any IP feature allows a computer to access the Internet without changing the network
settings (such as IP address and subnet mask) of the computer, when the IP addresses of the
computer and the Prestige are not in the same subnet.

42 Chapter 1 Getting to Know Your Prestige

P-334WT User’s Guide

Full Network Management

The embedded web configurator is an all-platform web-based utility that allows you to easily
access the Prestige’s management settings and configure the firewall. Most functions of the
Prestige are also software configurable via the SMT (System Management Terminal)
interface. The SMT is a menu-driven interface that you can access over a telnet connection.

RoadRunner Support

In addition to standard cable modem services, the Prestige supports Time Warner’s
RoadRunner Service.

Logging and Tracing

• Built-in message logging and packet tracing.

• Unix syslog facility support.

• Firewall logs.

• Content filtering logs.

Upgrade Prestige Firmware via LAN

The firmware of the Prestige can be upgraded via the LAN (refer to the Maintenance-Tools­Firmware screen).

Embedded FTP and TFTP Servers

The Prestige’s embedded FTP and TFTP Servers enable fast firmware upgrades as well as
configuration file backups and restoration.

1.2.3 Wireless Features

Wireless LAN

The Prestige supports the IEEE 802.11g standard, which is fully compatible with the IEEE

802.11b standard, meaning that you can have both IEEE 802.11b and IEEE 802.11g wireless
clients in the same wireless network.

Note: The P-334WT may be prone to RF (Radio Frequency) interference from other

2.4 GHz devices such as microwave ovens, wireless phones, Bluetooth
enabled devices, and other wireless LANs.

Wi-Fi Protected Access

Wi-Fi Protected Access (WPA) is a subset of the IEEE 802.11i security specification standard.
Key differences between WPA and WEP are user authentication and improved data
encryption.

Chapter 1 Getting to Know Your Prestige 43

P-334WT User’s Guide

WPA(2)

Wi-Fi Protected Access (WPA) is a subset of the IEEE 802.11i standard. WPA 2 (IEEE

802.11i) is a wireless security standard that defines stronger encryption, authentication and
key management than WPA.

Key differences between WPA(2) and WEP are improved data encryption and user
authentication.

Antenna

The Prestige is equipped with a 2dBi fixed antenna to provide clear radio signal between the
wireless stations and the access points.

Wireless LAN MAC Address Filtering

Your Prestige can check the MAC addresses of wireless stations against a list of allowed or
denied MAC addresses.

WEP Encryption

WEP (Wired Equivalent Privacy) encrypts data frames before transmitting over the wireless
network to help keep network communications private.

OTIST (One Touch Intelligent Security Technology)

OTIST allows your Prestige to assign its ESSID and security settings (WEP or WPA-PSK) to
the ZyXEL wireless adapters that support OTIST and are within transmission range. The
ZyXEL wireless adapters must also have OTIST enabled.

G-Plus

G-plus is an enhancement to the IEEE 802.11g wireless standard. It increases wireless
transmission speeds by allowing larger frames to be sent.

Wireless List

With the wireless list, you can see the list of the wireless stations that are currently using the
Prestige to access your wired network.

Wireless LAN Channel Usage

The Wireless Channel Usage displays whether the radio channels are used by other wireless
devices within the transmission range of the Prestige. This allows you to select the channel
with minimum interference for your Prestige.

44 Chapter 1 Getting to Know Your Prestige

P-334WT User’s Guide

1.3 Applications for the Prestige

Here are some examples of what you can do with your Prestige.

1.3.1 Secure Broadband Internet Access via Cable or DSL Modem

You can connect a cable modem, DSL or wireless modem to the Prestige for broadband
Internet access via an Ethernet or a wireless port on the modem. The Prestige guarantees not
only high speed Internet access, but secure internal network protection and traffic management
as well.

Figure 1 Secure Internet Access via Cable, DSL or Wireless Modem

1.3.2 VPN Application

Prestige VPN is an ideal cost-effective way to connect branch offices and business partners
over the Internet without the need (and expense) for leased lines between sites.

Chapter 1 Getting to Know Your Prestige 45

P-334WT User’s Guide

Figure 2 VPN Application

1.3.3 Wireless LAN Application

Add a wireless LAN to your existing network without expensive network cables. Wireless
stations can move freely anywhere in the coverage area and use resources on the wired
network.

Figure 3 Internet Access Application Example

46 Chapter 1 Getting to Know Your Prestige

1.3.4 Front Panel LEDs

Figure 4 P-334WT Front Panel

The following table describes the LEDs.

Table 1 Front Panel LEDs

LED COLOR STATUS DESCRIPTION

PWR Green On The Prestige is receiving power and functioning

Red On Power to the Prestige is too low.

None Off The Prestige is not receiving power.

LAN 1-4 Green On The Prestige has a successful 10Mb Ethernet

Amber On The Prestige has a successful 100Mb Ethernet

None Off The LAN is not connected.

WAN Green On The Prestige has a successful 10Mb WAN connection.

Amber On The Prestige has a successful 100Mb Ethernet

None Off The WAN connection is not ready, or has failed.

WLAN Green On The Prestige is ready, but is not sending/receiving data

None Off The wireless LAN is not ready or has failed.

OTIST Green Blinking OTIST is in progress

None Off OTIST is not activated or WLAN settings are manually

P-334WT User’s Guide

properly.

Blinking The Prestige is performing testing.

connection.

Blinking The Prestige is sending/receiving data.

connection.

Blinking The Prestige is sending/receiving data.

Blinking The Prestige is sending/receiving data.

connection.

Blinking The Prestige is sending/receiving data.

through the wireless LAN.

Blinking The Prestige is sending/receiving data through the

wireless LAN.

On OTIST is activated and the wireless security settings are

given to a wireless client. The LED remains on unless
the WLAN settings are changed.

configured after OTIST is successful.

Chapter 1 Getting to Know Your Prestige 47

P-334WT User’s Guide

48 Chapter 1 Getting to Know Your Prestige

Introducing the Web

This chapter describes how to access the Prestige web configurator and provides an overview
of its screens.

2.1 Web Configurator Overview

The web configurator is an HTML-based management interface that allows easy Prestige
setup and management via Internet browser. Use Internet Explorer 6.0 and later or Netscape
Navigator 7.0 and later versions. The recommended screen resolution is 1024 by 768 pixels.

P-334WT User’s Guide

CHAPTER 2

Configurator

In order to use the web configurator you need to allow:

• Web browser pop-up windows from your device. Web pop-up blocking is enabled by
default in Windows XP SP (Service Pack) 2.

• JavaScripts (enabled by default).

• Java permissions (enabled by default).

Refer to the Troubleshooting chapter to see how to make sure these functions are allowed in
Internet Explorer.

2.2 Accessing the Prestige Web Configurator

1 Make sure your Prestige hardware is properly connected and prepare your computer/

computer network to connect to the Prestige (refer to the Quick Start Guide).

2 Launch your web browser.

3 Type "192.168.1.1" as the URL.

4 Type "1234" (default) as the password and click Login. In some versions, the default

password appears automatically - if this is the case, click Login.

5 You should see a screen asking you to change your password (highly recommended) as

shown next. Type a new password (and retype it to confirm) and click Apply or click
Ignore.

Chapter 2 Introducing the Web Configurator 49

P-334WT User’s Guide

Figure 5 Change Password Screen

Note: The management session automatically times out when the time period set in

the Administrator Inactivity Timer field expires (default five minutes). Simply
log back into the Prestige if this happens to you.

2.3 Resetting the Prestige

If you forget your password or cannot access the web configurator, you will need to use the
RESET button at the back of the Prestige to reload the factory-default configuration file. This
means that you will lose all configurations that you had previously and the password will be
reset to “1234”.

2.3.1 Procedure to Use the Reset Button

1 Make sure the PWR LED is on (not blinking).

2 Press the RESET button for ten seconds or until the PWR LED begins to blink and then

release it. When the PWR LED begins to blink, the defaults have been restored and the
Prestige restarts.

2.4 Navigating the Prestige Web Configurator

The following summarizes how to navigate the web configurator from the Status screen.

50 Chapter 2 Introducing the Web Configurator

Figure 6 Web Configurator Status Screen

P-334WT User’s Guide

The following table describes the icons shown in the Status screen.

Table 2 Status Screen Icon Key

ICON DESCRIPTION

Select a language from the drop-down list box to have the web configurator display in that
language.

Click this icon to open a web help page relevant to the screen you are currently
configuring.

Click this icon to open the setup wizard. The Prestige has a connection wizard and a
bandwidth management wizard.

Click this icon to view copyright and a link for related product information.

Click this icon at any time to exit the web configurator.

Chapter 2 Introducing the Web Configurator 51

P-334WT User’s Guide

Table 2 Status Screen Icon Key

ICON DESCRIPTION

Select a number of seconds or None from the drop-down list box to refresh all screen
statistics automatically at the end of every time interval or to not refresh the screen
statistics.

Click this button to refresh the status screen statistics.

The following table describes the labels shown in the Status screen.

Table 3 Web Configurator Status Screen

LABEL DESCRIPTION

Device Information

System Name This is the System Name you enter in the Maintenance, System, General screen. It

is for identification purposes.

Firmware Version This is the ZyNOS Firmware version and the date created. ZyNOS is ZyXEL's

WAN Information

- IP Address This shows the WAN port’s IP address.

- IP Subnet Mask This shows the WAN port’s subnet mask.

- DHCP This shows the WAN port’s DHCP role - Client or None.

LAN Information

- IP Address This shows the LAN port’s IP address.

- IP Subnet Mask This shows the LAN port’s subnet mask.

- DHCP This shows the LAN port’s DHCP role - Server, Relay or None.

WLAN Information

- Name(SSID) This shows a descriptive name used to identify the Prestige in the wireless LAN.

- Channel This shows the channel number which the Prestige uses over the wireless LAN.

- Security Mode This shows the level of wireless security the Prestige is using.

System Status

System Uptime This is the total time the Prestige has been on.

Current Date/Time This field displays your Prestige’s present

System Resource

- CPU Usage This number shows how many kilobytes of the heap memory the Prestige is using.

- Memory Usage This number shows the Prestige's total heap memory (in kilobytes).

proprietary Network Operating System design.

date and time along with the difference

from the Greenwich Mean Time (GMT) zone. The difference from GMT is based on
the time zone. It is also adjusted for Daylight Saving Time if you set the Prestige to
use it.

Heap memory refers to the memory that is not used by ZyNOS (ZyXEL Network
Operating System) and is thus available for running processes like NAT, VPN and the
firewall.

The bar displays what percent of the Prestige's heap memory is in use. The bar turns
from green to red when the maximum is being approached.

The bar displays what percent of the Prestige's heap memory is in use. The bar turns
from green to red when the maximum is being approached.

52 Chapter 2 Introducing the Web Configurator

P-334WT User’s Guide

Table 3 Web Configurator Status Screen

LABEL DESCRIPTION

Interface Status

Interface This displays the Prestige port types. The port types are: WAN, LAN and WLAN.

Status For the LAN and WAN ports, this field displays Down (line is down) or Up (line is up

Rate For the LAN ports, this displays the port speed and duplex setting or N/A when the

Summary

Any IP Table Use this screen to view a list of IP addresses and MAC addresses of computers,

DHCP Table Use this screen to view current DHCP client information.

Parental Control Statistics Use this screen to view a record of attempted entries to web pages or actual entries

VPN Monitor Use this screen to display active VPN connections.

BW MGNT Monitor Use this screen to view the Prestige’s bandwidth usage and allotments.

Packet Statistics Use this screen to view port status and packet specific statistics.

Port Isolation Use this screen to view the port isolation settings and status.

WLAN Station Status Use this screen to view the wireless stations that are currently associated to the

or connected).
For the WLAN, it displays Up when the WLAN is enabled or Down when the WLAN is

disabled.

line is disconnected.
For the WAN port, it displays the port speed and duplex setting if you’re using

Ethernet encapsulation and Idle (line (ppp) idle), Dial (starting to trigger a call) and
Drop (dropping a call) if you're using PPPoE or PPTP encapsulation. This field
displays N/A when the line is disconnected.

For the WLAN, it displays the transmission rate when the WLAN is enabled and N/A
when the WLAN is disabled.

which are not in the same subnet as the Prestige.

to web pages from a list of website categories.

Prestige.

2.4.1 Navigation Panel

After you enter the password, use the sub-menus on the navigation panel to configure Prestige
features.

The following table describes the sub-menus.

Table 4 Screens Summary

LINK TAB FUNCTION

Status This screen shows the Prestige’s general device, system and interface

status information. Use this screen to access the wizard, and summary
statistics tables.

Network

Chapter 2 Introducing the Web Configurator 53

P-334WT User’s Guide

Table 4 Screens Summary

LINK TAB FUNCTION

Wireless LAN General Use this screen to configure wireless LAN.

OTIST This screen allows you to assign wireless clients the Prestige’s wireless

MAC Filter Use the MAC filter screen to configure the Prestige to block access to

Advanced This screen allows you to configure your Prestige roaming capabilities.

QoS WMM QoS allows you to prioritize wireless traffic according to the delivery

WAN Internet

Connection

Advanced Use this screen to configure DNS servers and other advanced properties.

Traffic Redirect Use this screen to configure your traffic redirect properties and parameters.

LAN IP Use this screen to configure LAN settings.

IP Alias Use this screen to partition your LAN interface into subnets.

Advanced Use this screen to enable Any IP and other advanced properties.

DHCP Server General Use this screen to enable the Prestige’s DHCP server and to have DNS

Static DHCP Use this screen to assign IP addresses on the LAN to specific individual

Client List Use this screen to view current DHCP client information and to always

NAT General Use this screen to enable NAT.

Port Forwarding Use this screen to configure servers behind the Prestige.

Trigger Port Use this screen to change your Prestige’s port triggering settings.

Security

Firewall General Use this screen to activate/deactivate the firewall.

Services This screen shows a summary of the firewall rules, and allows you to edit/

Content Filter Filter Use this screen to block certain web features and sites containing certain

Schedule Use this screen to set the days and times for the Prestige to perform content

VPN Summary Use this screen to view the rule summary.

Rule Setup Use this screen to configure VPN connections.

SA Monitor Use this screen to display and manage active VPN connections.

Global Setting Use this screen to allow NetBIOS through an IPSec tunnel.

security settings.

devices or block the devices from accessing the Prestige.

requirements of the individual and applications.

This screen allows you to configure ISP parameters, WAN IP address
assignment and the WAN MAC address.

servers assigned by the DHCP server.

computers based on their MAC addresses.

assign an IP address to a MAC address (and host name).

add a firewall rule.

keywords in the URL.

filtering.

54 Chapter 2 Introducing the Web Configurator

P-334WT User’s Guide

Table 4 Screens Summary

LINK TAB FUNCTION

TMSS General Use this screen to enable or disable TMSS.

Exception List Use this screen to decide which computers in the network you can apply

Virus Protection Use this screen to check the computers in the network for Trend Micro

Parental Control Use this screen to allow a parent (LAN administrator) to control a LAN

Port Isolation Use this screen to decide in what situation a port will be separated from

Management

Static Route Static Route

Rules

Bandwidth
MGMT

Remote MGMT WWW Use this screen to configure through which interface(s) and from which IP

UPnP General Use this screen to enable UPnP on the Prestige.

Maintenance

System General This screen contains administrative.

Logs View Log Use this screen to view the logs for the categories that you selected.

Tools Firmware Use this screen to upload firmware to your Prestige.

Configuration Use this screen to enable bandwidth management on an interface and edit

Monitor Use this screen to view the Prestige’s bandwidth usage and allotments.

TELNET Use this screen to configure through which interface(s) and from which IP

FTP Use this screen to configure through which interface(s) and from which IP

SNMP Use this screen to configure your Prestige’s settings for Simple Network

DNS Use this screen to configure through which interface(s) and from which IP

Security Use this screen to change your anti-probing settings.

Dynamic DNS Use this screen to set up dynamic DNS.

Time Setting Use this screen to change your Prestige’s time and date.

Log Settings Use this screen to change your Prestige’s log settings.

Configuration Use this screen to backup and restore the configuration or reset the factory

Restart This screen allows you to reboot the Prestige without turning the power off.

TMSS.

Internet Security.

user's Internet access privileges by blocking specified website categories.

other ports and/or allow the ports to bypass port isolation checking.

Use this screen to configure IP static routes.

a corresponding rule.

address(es) users can use HTTP to manage the Prestige.

address(es) users can use Telnet to manage the Prestige.

address(es) users can use FTP to access the Prestige.

Management Protocol management.

address(es) users can send DNS queries to the Prestige.

defaults to your Prestige.

2.4.2 Summary: Any IP Table

Click the Any IP Table (Details...) hyperlink in the Status screen. The Any IP table shows
current read-only information (including the IP address and the MAC address) of all network
devices that use the Any IP feature to communicate with the Prestige.

Chapter 2 Introducing the Web Configurator 55

P-334WT User’s Guide

Figure 7 Summary: Any IP Table

The following table describes the labels in this screen.

Table 5 Summary: Any IP Table

LABEL DESCRIPTION

# This field displays the index number.

IP Address This field displays the IP address of the network device.

MAC Address This field displays the MAC (Media Access Control) address of the computer with

Refresh Click Refresh to update this screen.

the displayed IP address.
Every Ethernet device has a unique MAC address. The MAC address is assigned at

the factory and consists of six pairs of hexadecimal characters, for example,
00:A0:C5:00:00:02.

2.4.3 Summary: DHCP Table

DHCP (Dynamic Host Configuration Protocol, RFC 2131 and RFC 2132) allows individual
clients to obtain TCP/IP configuration at start-up from a server. You can configure the Prestige
as a DHCP server or disable it. When configured as a server, the Prestige provides the TCP/IP
configuration for the clients. If DHCP service is disabled, you must have another DHCP server
on your LAN, or else the computer must be manually configured.

Click the DHCP Table (Details...) hyperlink in the Status screen. Read-only information here
relates to your DHCP status. The DHCP table shows current DHCP client information
(including IP Address, Host Name and MAC Address) of all network clients using the
Prestige’s DHCP server.

Figure 8 Summary: DHCP Table

56 Chapter 2 Introducing the Web Configurator

The following table describes the labels in this screen.

Table 6 Summary: DHCP Table

LABEL DESCRIPTION

# This is the index number of the host computer.

IP Address This field displays the IP address relative to the # field listed above.

Host Name This field displays the computer host name.

MAC Address This field shows the MAC address of the computer with the name in the Host Name

field.
Every Ethernet device has a unique MAC (Media Access Control) address. The MAC

address is assigned at the factory and consists of six pairs of hexadecimal characters,
for example, 00:A0:C5:00:00:02.

Refresh Click Refresh to renew the screen.

2.4.4 Summary: Parental Controls Statistics

Click the Parental Control Statistics (Details...) hyperlink in the Status screen. This screen
shows the current parental control mode and displays a record of attempted entries to web
pages or actual entries to web pages from a list of categories.

P-334WT User’s Guide

2.4.4.1 General Control Mode and Per-User Control Mode

General control mode is the simplest way to configure Parental Control. In general control
mode, the same restrictions apply to all network users.

Per-user control mode allows you to give different restrictions to each user of your network. In
Per-user control mode, all users must log in before accessing the Internet.

Chapter 2 Introducing the Web Configurator 57

P-334WT User’s Guide

Figure 9 Summary: Parental Control Statistics

The following table describes the labels in this screen.

Table 7 Summary: Parental Control Statistics

LABEL DESCRIPTION

Control Mode This displays the current parental control mode (General Control or Per-User

Username This field displays only when you enable the per-user control mode.

Category All parental control categories are displayed as shown.

Access Attempts This field displays the number of attempts that have been made to access web

Actual Accesses This field displays the number of times access has been made to web page(s) from

Reset Click Reset to clear all of the fields in this screen.

Refresh Click Refresh to renew the statistics screen.

Control).

This is the name of the user (you configured in the Parental Control screen)
allowed to access the Internet and view the unrestricted web content using the
Prestige as a gateway.

page(s) from a category of web pages that you have selected in the Parental
Control screen.

a category of web pages that you have not selected in the Parental Control screen
or that have been accesses by exempted computers.

58 Chapter 2 Introducing the Web Configurator

2.4.5 Summary: VPN Monitor

Click the VPN Monitor (Details...) hyperlink in the Status screen. Read-only information
here includes encapsulation mode and security protocol.

Figure 10 Summary: VPN Monitor

The following table describes the labels in this screen.

Table 8 Summary: VPN Monitor

P-334WT User’s Guide

TABL E DESCRIPTION

# This is the security association index number.

Name This field displays the identification name for this VPN policy.

Encapsulation This field displays Tun nel or Transport mode.

IPSec Algorithm This field displays the security protocols used for an SA.

Both AH and ESP increase Prestige processing requirements and
communications latency (delay).

Refresh Click Refresh to renew the screen.

2.4.6 Summary: Bandwidth Management Monitor

Select the BW MGMT Monitor (Details...) hyperlink in Status screen. View the bandwidth
usage of the WAN configured bandwidth rules. This is also shown as bandwidth usage over
the bandwidth budget for each rule. The gray section of the bar represents the percentage of
unused bandwidth and the orange color represents the percentage of bandwidth in use.

Chapter 2 Introducing the Web Configurator 59

P-334WT User’s Guide

Figure 11 Summary: BW MGMT Monitor

2.4.7 Summary: Packet Statistics

Click the Packet Statistics (Details...) hyperlink in the Status screen. Read-only information
here includes port status and packet specific statistics. Also provided are "system up time" and
"poll interval(s)". The Poll Interval(s) field is configurable.

Figure 12 Summary: Packet Statistics

60 Chapter 2 Introducing the Web Configurator

P-334WT User’s Guide

The following table describes the labels in this screen.

Table 9 Summary: Packet Statistics

LABEL DESCRIPTION

Port This is the WAN, LAN or WLAN port.

Status For the LAN ports, this displays the port speed and duplex setting or Down when

the line is disconnected.
For the WAN port, it displays the port speed and duplex setting if you’re using

Ethernet encapsulation and Idle (line (ppp) idle), Dial (starting to trigger a call)
and Drop (dropping a call) if you're using PPPoE or PPTP encapsulation. This
field displays Down when the line is disconnected.

For the WLAN, it displays the transmission rate when the WLAN is enabled and
Down when the WLAN is disabled.

TxPkts This is the number of transmitted packets on this port.

RxPkts This is the number of received packets on this port.

Collisions This is the number of collisions on this port.

Tx B/s This displays the transmission speed in bytes per second on this port.

Rx B/s This displays the reception speed in bytes per second on this port.

Up Time This is the total amount of time the line has been up.

System Up Time This is the total time the Prestige has been on.

Poll Interval(s) Enter the time interval for refreshing statistics in this field.

Set Interval Click this button to apply the new poll interval you entered in the Poll Interval(s)

field.

Stop Click Stop to stop refreshing statistics, click Stop.

2.4.8 Summary: Port Isolation

Click the Port Isolation (Details...) hyperlink in the Status screen to view the port isolation
status and settings on each port.

Chapter 2 Introducing the Web Configurator 61

P-334WT User’s Guide

Figure 13 Summary: Port Isolation

The following table describes the labels in this screen.

Table 10 Summary: Wireless Association List

LABEL DESCRIPTION

Port This is the LAN or WLAN port.

Bypass This displays whether port isolation is performed on the port.

Isolated This displays whether the port is separated and the network or computer(s)

connected to the port cannot communicate with other network or computer(s)
connected to other port(s).

MAC Address This displays the MAC address(es) of the computer(s) which is infected by

viruses or vulnerable according to the selected categories.

Category This displays the reason why the port is isolated.

Refresh Click Refresh to redisplay the current screen.

2.4.9 Summary: Wireless Station Status

Click the WLAN Station Status (Details...) hyperlink in the Status screen. View the wireless
stations that are currently associated to the Prestige in the Association List screen.

2.4.9.1 WMM QoS

WMM (Wi-Fi MultiMedia) QoS (Quality of Service) ensures quality of service in wireless
networks for multimedia applications.

WMM allows you to prioritize wireless traffic according to the delivery requirements of the
individual and applications.

WMM is a part of the IEEE 802.11e QoS enhancement to certified Wi-Fi wireless networks.

62 Chapter 2 Introducing the Web Configurator

P-334WT User’s Guide

Figure 14 Summary: Wireless Association List

The following table describes the labels in this screen.

Tabl e 11 Summary: Wireless Association List

LABEL DESCRIPTION

# This is the index number of an associated wireless station.

MAC Address This field displays the MAC address of an associated wireless station.

QoS This field displays whether WMM (Wi-Fi MultiMedia) QoS (Quality of Service)

priority is applied to traffic between the Prestige and the wireless station.

Association Time This field displays the time a wireless station first associated with the Prestige.

Refresh Click Refresh to redisplay the current screen.

Chapter 2 Introducing the Web Configurator 63

P-334WT User’s Guide

64 Chapter 2 Introducing the Web Configurator

This chapter provides information on the Wizard setup screens in the web configurator.

3.1 Wizard Setup

The web configurator’s Wizard setup helps you configure your device to access the Internet.
Refer to your ISP (Internet Service Provider) checklist in the Quick Start Guide to know what
to enter in each field. Leave a field blank if you don’t have that information.

1 After you access the Prestige Web configurator, click the Go to Wizard setup hyperlink.

You can click the Go to Advanced setup hyperlink to skip this wizard setup and
configure advanced features.

P-334WT User’s Guide

CHAPTER 3

Connection Wizard

Figure 15 Select Wizard or Advanced Mode

2 Choose your language from the drop-down list box.

3 Click the Next button to proceed to the next screen.

Chapter 3 Connection Wizard 65

P-334WT User’s Guide

Figure 16 Select a Language

4 Read the on-screen information and click Next.

Figure 17 Welcome to the Connection Wizard

3.2 Connection Wizard: STEP 1: System Information

System Information contains administrative and system-related information.

3.2.1 System Name

System Name is for identification purposes. However, because some ISPs check this name
you should enter your computer's "Computer Name".

• In Windows 95/98 click Start, Settings, Control Panel, Network. Click the
Identification tab, note the entry for the Computer Name field and enter it as the System
Name.

• In Windows 2000, click Start, Settings and Control Panel and then double-click
System. Click the Network Identification tab and then the Properties button. Note the
entry for the Computer name field and enter it as the System Name.

• In Windows XP, click Start, My Computer, View system information and then click
the Computer Name tab. Note the entry in the Full computer name field and enter it as
the Prestige System Name.

66 Chapter 3 Connection Wizard

3.2.2 Domain Name

The Domain Name entry is what is propagated to the DHCP clients on the LAN. If you leave
this blank, the domain name obtained by DHCP from the ISP is used. While you must enter
the host name (System Name) on each individual computer, the domain name can be assigned
from the Prestige via DHCP.

Click Next to configure the Prestige for Internet access.

Figure 18 Wizard Step 1: System Information

P-334WT User’s Guide

The following table describes the labels in this screen.

Table 12 Wizard Step 1: System Information

LABEL DESCRIPTION

System Name System Name is a unique name to identify the Prestige in an Ethernet network. Enter a

descriptive name. This name can be up to 30 alphanumeric characters long. Spaces
are not allowed, but dashes "-" and underscores "_" are accepted.

Domain Name Type the domain name (if you know it) here. If you leave this field blank, the ISP may

assign a domain name via DHCP. The domain name entered by you is given priority
over the ISP assigned domain name.

Back Click Back to display the previous screen.

Next Click Next to proceed to the next screen.

Exit Click Exit to close the wizard screen without saving.

3.3 Connection Wizard: STEP 2: Wireless LAN

Set up your wireless LAN using the following screen.

Chapter 3 Connection Wizard 67

P-334WT User’s Guide

Figure 19 Wizard Step 2: Wireless LAN

The following table describes the labels in this screen.

Table 13 Wizard Step 2: Wireless LAN

LABEL DESCRIPTION

Name(SSID) Enter a descriptive name (up to 32 printable 7-bit ASCII characters) for the wireless

Channel
Selection

Security Select a Security level from the drop-down list box.

Back Click Back to display the previous screen.

Next Click Next to proceed to the next screen.

Exit Click Exit to close the wizard screen without saving.

LAN.
If you change this field on the Prestige, make sure all wireless stations use the same

SSID in order to access the network.

The range of radio frequencies used by IEEE 802.11b/g wireless devices is called a
channel. Select a channel ID that is not already in use by a neighboring device.

Choose Auto to use OTIST to generate a pre-shared key and only if your wireless
clients support OTIST. If you choose this option, skip directly to section

Choose None to have no wireless LAN security configured. If you do not enable any
wireless security on your Prestige, your network is accessible to any wireless
networking device that is within range. If you choose this option, skip directly to section

3.3.3.

Choose Basic security if you want to configure WEP Encryption parameters. If you
choose this option, go directly to section

Choose Extend (WPA-PSK or WPA2-PSK) security to configure a Pre-Shared Key.
Choose this option only if your wireless clients support WPA-PSK or WPA2-PSK
respectively. If you choose this option, skip directly to section

3.3.1.

3.3.2.

3.3.3.

Note: The wireless stations and Prestige must use the same SSID, channel ID and

WEP encryption key (if WEP is enabled), WPA-PSK (if WPA-PSK is enabled)
or WPA2-PSK (if WPA2-PSK is enabled) for wireless communication.

3.3.1 Basic(WEP) Security

Choose Basic(WEP) to setup WEP Encryption parameters.

68 Chapter 3 Connection Wizard

Figure 20 Wizard Step 2: Basic(WEP) Security

P-334WT User’s Guide

The following table describes the labels in this screen.

Table 14 Wizard Step 2: Basic(WEP) Security

LABEL DESCRIPTION

Passphrase Type a Passphrase (up to 32 printable characters) and click Generate. The Prestige

WEP
Encryption

Key 1 to Key 4 The WEP keys are used to encrypt data. Both the Prestige and the wireless stations

automatically generates a WEP key.

Select 64-bit WEP, 128-bit WEP or 256-bit WEP to allow data encryption.

ASCII Select this option in order to enter ASCII characters as the WEP keys.

HEX Select this option to enter hexadecimal characters as the WEP keys.

The preceding “0x” is entered automatically.

must use the same WEP key for data transmission.
If you chose 64-bit WEP, then enter any 5 ASCII characters or 10 hexadecimal

characters ("0-9", "A-F").
If you chose 128-bit WEP, then enter 13 ASCII characters or 26 hexadecimal

characters ("0-9", "A-F").
If you chose 256-bit WEP, then enter 29 ASCII characters or 58 hexadecimal

characters ("0-9", "A-F").
You must configure at least one key, only one key can be activated at any one time.

The default key is key 1.

Chapter 3 Connection Wizard 69

P-334WT User’s Guide

Table 14 Wizard Step 2: Basic(WEP) Security

LABEL DESCRIPTION

Back Click Back to display the previous screen.

Next Click Next to proceed to the next screen.

Exit Click Exit to close the wizard screen without saving.

3.3.2 Extend(WPA-PSK or WPA2-PSK) Security

Choose Extend(WPA-PSK) or Extend(WPA2-PSK) security in the Wireless LAN setup
screen to set up a Pre-Shared Key.

Figure 21 Wizard Step 2: Extend(WPA-PSK or WPA2-PSK) Security

The following table describes the labels in this screen.

Table 15 Wizard Step 2: Extend(WPA-PSK or WPA2-PSK) Security

LABEL DESCRIPTION

Pre-Shared
Key

Back Click Back to display the previous screen.

Next Click Next to proceed to the next screen.

Exit Click Exit to close the wizard screen without saving.

3.3.3 OTIST

The following screen allows you to enable Prestige One-Touch Intelligent Security
Technology (OTIST). One-Touch Intelligent Security Technology (OTIST) allows your
Prestige to assign wireless clients the Prestige’s SSID and static WEP or WPA-PSK
encryption settings. The wireless client must also support OTIST and have OTIST enabled.
See

Type from 8 to 63 case-sensitive ASCII characters. You can set up the most secure
wireless connection by configuring WPA in the wireless LAN screens. You need to
configure an authentication server to do this.

Section 4.5 on page 99 for more information.

70 Chapter 3 Connection Wizard

Figure 22 Wizard Step 2: OTIST

P-334WT User’s Guide

The following table describes the labels in this screen.

Table 16 Wizard Step 2: OTIST

LABEL DESCRIPTION

Do you want to
enable OTIST?

Setup Key The default OTIST Setup Key is “01234567”. This key can be changed in the

Back

Next

Exit Click Exit to close the wizard screen without saving.

Select the Yes radio button and click Next to proceed with the setup wizard and
enable OTIST only when you click Finish in the final wizard screen.

Click No and then Next to proceed to the following screen.

web configurator. Be sure to use the same OTIST Setup Key on the Prestige
and wireless clients.

Click Back to display the previous screen.

Click Next to proceed to the next screen.

Refer to the chapter on wireless LAN for more information.

3.4 Connection Wizard: STEP 3: Internet Configuration

The Prestige offers three Internet connection types. They are Ethernet, PPP over Ethernet or
PPTP. The wizard attempts to detect which WAN connection type you are using. If the wizard

does not detect a connection type, you must select one from the drop-down list box. Check
with your ISP to make sure you use the correct type.

Chapter 3 Connection Wizard 71

P-334WT User’s Guide

This wizard screen varies according to the connection type that you select.

Figure 23 Wizard Step 3: ISP Parameters.

The following table describes the labels in this screen,

Table 17 Wizard Step 3: ISP Parameters

CONNECTION TYPE DESCRIPTION

Ethernet Select the Ethernet option when the WAN port is used as a regular Ethernet.

PPPoE

PPTP Select the PPTP option for a dial-up connection.

Select the PPP over Ethernet option for a dial-up connection. If your ISP
gave you a an IP address and/or subnet mask, then select PPTP.

3.4.1 Ethernet Connection

Choose Ethernet when the WAN port is used as a regular Ethernet.

Figure 24 Wizard Step 3: Ethernet Connection

72 Chapter 3 Connection Wizard

3.4.2 PPPoE Connection

Point-to-Point Protocol over Ethernet (PPPoE) functions as a dial-up connection. PPPoE is an
IETF (Internet Engineering Task Force) standard specifying how a host personal computer
interacts with a broadband modem (for example DSL, cable, wireless, etc.) to achieve access
to high-speed data networks.

For the service provider, PPPoE offers an access and authentication method that works with
existing access control systems (for instance, RADIUS).

One of the benefits of PPPoE is the ability to let end users access one of multiple network
services, a function known as dynamic service selection. This enables the service provider to
easily create and offer new IP services for specific users.

Operationally, PPPoE saves significant effort for both the subscriber and the ISP/carrier, as it
requires no specific configuration of the broadband modem at the subscriber’s site.

By implementing PPPoE directly on the Prestige (rather than individual computers), the
computers on the LAN do not need PPPoE software installed, since the Prestige does that part
of the task. Furthermore, with NAT, all of the LAN's computers will have Internet access.

P-334WT User’s Guide

Refer to the appendix for more information on PPPoE.

Figure 25 Wizard Step 3: PPPoE Connection

The following table describes the labels in this screen.

Table 18 Wizard Step 3: PPPoE Connection

LABEL DESCRIPTION

ISP Parameter for Internet Access

Connection Type

Service Name Type the name of your service provider.

User Name Type the user name given to you by your ISP.

Password Type the password associated with the user name above.

Chapter 3 Connection Wizard 73

Select the PPP over Ethernet option for a dial-up connection.

P-334WT User’s Guide

Table 18 Wizard Step 3: PPPoE Connection

LABEL DESCRIPTION

Back Click Back to return to the previous screen.

Next Click Next to continue.

Exit Click Exit to close the wizard screen without saving.

3.4.3 PPTP Connection

Point-to-Point Tunneling Protocol (PPTP) is a network protocol that enables transfers of data
from a remote client to a private server, creating a Virtual Private Network (VPN) using TCP/
IP-based networks.

PPTP supports on-demand, multi-protocol, and virtual private networking over public
networks, such as the Internet.

Refer to the appendix for more information on PPTP.

Note: The Prestige supports one PPTP server connection at any given time.

Figure 26 Wizard Step 3: PPTP Connection

74 Chapter 3 Connection Wizard

P-334WT User’s Guide

The following table describes the fields in this screen

Table 19 Wizard Step 3: PPTP Connection

LABEL DESCRIPTION

ISP Parameters for Internet Access

Connection Type Select PPTP from the drop-down list box. To configure a PPTP client, you must

configure the User Name and Password fields for a PPP connection and the
PPTP parameters for a PPTP connection.

User Name Type the user name given to you by your ISP.

Password Type the password associated with the User Name above.

PPTP Configuration

Get automatically
from ISP

Use fixed IP
address

My IP Address Type the (static) IP address assigned to you by your ISP.

My IP Subnet
Mask

Server IP Address Type the IP address of the PPTP server.

Connection ID/
Name

Back Click Back to return to the previous screen.

Next Click Next to continue.

Exit Click Exit to close the wizard screen without saving.

Select this radio button if your ISP did not assign you a fixed IP address.

Select this radio button, provided by your ISP to give the Prestige a fixed, unique
IP address.

Type the subnet mask assigned to you by your ISP (if given).

Enter the connection ID or connection name in this field. It must follow the "c:id"
and "n:name" format. For example, C:12 or N:My ISP.

This field is optional and depends on the requirements of your ISP.

3.4.4 Your IP Address

The following wizard screen allows you to assign a fixed IP address or give the Prestige an
automatically assigned IP address depending on your ISP.

Figure 27 Wizard Step 3: Your IP Address

Chapter 3 Connection Wizard 75

P-334WT User’s Guide

The following table describes the labels in this screen

Table 20 Wizard Step 3: Your IP Address

LABEL DESCRIPTION

Get automatically from
your ISP

Use fixed IP address
provided by your ISP

Back Click Back to return to the previous screen.

Next Click Next to continue.

Exit Click Exit to close the wizard screen without saving.

Select this option If your ISP did not assign you a fixed IP address. This is
the default selection. If you choose this option, skip directly to section

Select this option if you were given IP address and/or DNS server settings
by the ISP. The fixed IP address should be in the same subnet as your
broadband modem or router.

3.4.5 WAN IP Address Assignment

Every computer on the Internet must have a unique IP address. If your networks are isolated
from the Internet, for instance, only between your two branch offices, you can assign any IP
addresses to the hosts without problems. However, the Internet Assigned Numbers Authority
(IANA) has reserved the following three blocks of IP addresses specifically for private
networks.

Table 21 Private IP Address Ranges

10.0.0.0 - 10.255.255.255

172.16.0.0 - 172.31.255.255

192.168.0.0 - 192.168.255.255

3.4.9.

You can obtain your IP address from the IANA, from an ISP or have it assigned by a private
network. If you belong to a small organization and your Internet access is through an ISP, the
ISP can provide you with the Internet addresses for your local networks. On the other hand, if
you are part of a much larger organization, you should consult your network administrator for
the appropriate IP addresses.

Note: Regardless of your particular situation, do not create an arbitrary IP address;

always follow the guidelines above. For more information on address
assignment, please refer to RFC 1597, Address Allocation for Private Internets
and RFC 1466, Guidelines for Management of IP Address Space.

3.4.6 IP Address and Subnet Mask

Similar to the way houses on a street share a common street name, so too do computers on a
LAN share one common network number.

Where you obtain your network number depends on your particular situation. If the ISP or
your network administrator assigns you a block of registered IP addresses, follow their
instructions in selecting the IP addresses and the subnet mask.

76 Chapter 3 Connection Wizard

If the ISP did not explicitly give you an IP network number, then most likely you have a single
user account and the ISP will assign you a dynamic IP address when the connection is
established. The Internet Assigned Number Authority (IANA) reserved this block of addresses
specifically for private use; please do not use any other number unless you are told otherwise.
Let's say you select 192.168.1.0 as the network number; which covers 254 individual
addresses, from 192.168.1.1 to 192.168.1.254 (zero and 255 are reserved). In other words, the
first three numbers specify the network number while the last number identifies an individual
computer on that network.

Once you have decided on the network number, pick an IP address that is easy to remember,
for instance, 192.168.1.1, for your Prestige, but make sure that no other device on your
network is using that IP address.

The subnet mask specifies the network number portion of an IP address. Your Prestige will
compute the subnet mask automatically based on the IP address that you entered. You don't
need to change the subnet mask computed by the Prestige unless you are instructed to do
otherwise.

3.4.7 DNS Server Address Assignment

P-334WT User’s Guide

Use DNS (Domain Name System) to map a domain name to its corresponding IP address and
vice versa, for instance, the IP address of www.zyxel.com is 204.217.0.2. The DNS server is
extremely important because without it, you must know the IP address of a computer before
you can access it.

The Prestige can get the DNS server addresses in the following ways.

1 The ISP tells you the DNS server addresses, usually in the form of an information sheet,

when you sign up. If your ISP gives you DNS server addresses, enter them in the DNS
Server fields in the Wizard and/or DHCP Server screen.

2 If the ISP did not give you DNS server information, leave the DNS Server fields set to

0.0.0.0 in the Wizard screen and/or set to From ISP in the DHCP Server screen for the

ISP to dynamically assign the DNS server IP addresses.

3.4.8 WAN IP and DNS Server Address Assignment

The following wizard screen allows you to assign a fixed WAN IP address and DNS server
addresses.

Chapter 3 Connection Wizard 77

P-334WT User’s Guide

Figure 28 Wizard Step 3: WAN IP and DNS Server Addresses

The following table describes the labels in this screen

Table 22 Wizard Step 3: WAN IP and DNS Server Addresses

LABEL DESCRIPTION

WAN IP Address Assignment

My WAN IP Address Enter your WAN IP address in this field. The WAN IP address should be in

My WAN IP Subnet Mask Enter the IP subnet mask in this field.

Gateway IP Address Enter the gateway IP address in this field.

System DNS Server Address Assignment (if applicable)
DNS (Domain Name System) is for mapping a domain name to its corresponding IP address and vice

versa. The DNS server is extremely important because without it, you must know the IP address of a
computer before you can access it. The Prestige uses a system DNS server (in the order you specify
here) to resolve domain names for VPN, DDNS and the time server.

First DNS Server
Second DNS Server
Third DNS Server

Back Click Back to return to the previous screen.

Next Click Next to continue.

Exit Click Exit to close the wizard screen without saving.

the same subnet as your DSL/Cable modem or router.

Enter the DNS server's IP address in the fields provided.
If you do not configure a system DNS server, you must use IP addresses

when configuring VPN, DDNS and the time server.

78 Chapter 3 Connection Wizard

3.4.9 WAN MAC Address

Every Ethernet device has a unique MAC (Media Access Control) address. The MAC address
is assigned at the factory and consists of six pairs of hexadecimal characters, for example,
00:A0:C5:00:00:02.

Table 23 Example of Network Properties for LAN Servers with Fixed IP Addresses

Choose an IP address 192.168.1.2-192.168.1.32; 192.168.1.65-192.168.1.254.

Subnet mask 255.255.255.0

Gateway (or default route) 192.168.1.1(Prestige LAN IP)

This screen allows users to configure the WAN port's MAC address by either using the
Prestige’s MAC address, copying the MAC address from a computer on your LAN or
manually entering a MAC address. Once it is successfully configured, the address will be
copied to the "rom" file (ZyNOS configuration file). It will not change unless you change the
setting or upload a different "rom" file. It is advisable to clone the MAC address from a
computer on your LAN even if your ISP does not presently require MAC address
authentication.

P-334WT User’s Guide

Figure 29 Wizard Step 3: WAN MAC Address

The following table describes the fields in this screen.

Table 24 Wizard Step 3: WAN MAC Address

LABEL DESCRIPTION

Factory Default Select Factory Default to use the factory assigned default MAC address.

Clone the
computer’s MAC
address

Set WAN MAC
Address

Select this option and enter the IP address of the computer on the LAN whose
MAC you are cloning. It is advisable to clone the MAC address from a computer
on your LAN even if your ISP does not presently require MAC address
authentication.

Select this option and enter the MAC address you want to use.

Chapter 3 Connection Wizard 79

P-334WT User’s Guide

Table 24 Wizard Step 3: WAN MAC Address

LABEL DESCRIPTION

Back Click Back to return to the previous screen.

Next Click Next to continue.

Exit Click Exit to close the wizard screen without saving.

3.5 Connection Wizard: STEP 4: Bandwidth management

Bandwidth management allows you to control the amount of bandwidth going out through the
Prestige’s WAN, LAN or WLAN port and prioritize the distribution of the bandwidth
according to the traffic type. This helps keep one service from using all of the available
bandwidth and shutting out other users.

Figure 30 Wizard Step 4: Bandwidth Management

The following fields describe the label in this screen.

Table 25 Wizard Step 4: Bandwidth Management

LABEL DESCRIPTION

Enable BM for all traffic
automatically

Back Click Back to return to the previous screen.

Next Click Next to continue.

Exit Click Exit to close the wizard screen without saving.

Select the check box to have the Prestige apply bandwidth management to
traffic going out through the Prestige’s WAN, LAN or WLAN port. Bandwidth
is allocated according to the traffic type automatically. Real-time packets,
such as VoIP traffic always get higher priority.

3.6 Connection Wizard Complete

Click Apply to save your configuration.

80 Chapter 3 Connection Wizard

P-334WT User’s Guide

Figure 31 Connection Wizard Save

Follow the on-screen instructions and click Finish to complete the wizard setup.

Figure 32 Connection Wizard Complete

Well done! You have successfully set up your Prestige to operate on your network and access
the Internet.

Chapter 3 Connection Wizard 81

P-334WT User’s Guide

82 Chapter 3 Connection Wizard

This chapter discusses how to configure Wireless LAN.

4.1 Introduction

A wireless LAN can be as simple as two computers with wireless LAN adapters
communicating in a peer-to-peer network or as complex as a number of computers with
wireless LAN adapters communicating through access points which bridge network traffic to
the wired LAN.

Note: See the WLAN appendix for more detailed information on WLANs.

P-334WT User’s Guide

CHAPTER 4

Wireless LAN

4.2 Wireless Security Overview

Wireless security is vital to your network to protect wireless communication between wireless
stations, access points and the wired network.

Wireless security methods available on the Prestige are data encryption, wireless client
authentication, restricting access by device MAC address and hiding the Prestige identity.

4.2.1 Encryption

• Use WPA(2) security if you have WPA(2)-aware wireless clients and a RADIUS server.
WPA has user authentication and improved data encryption over WEP.

• Use WPA(2)-PSK if you have WPA(2)-aware wireless clients but no RADIUS server.

• If you don’t have WPA(2)-aware wireless clients, then use WEP key encrypting. A
higher bit key offers better security at a throughput trade-off. You can use passphrase to
automatically generate 64-bit or 128-bit WEP keys or manually enter 64-bit, 128-bit or
256-bit WEP keys.

4.2.2 Authentication

WPA has user authentication and you can also configure IEEE 802.1x to use a RADIUS server
to authenticate wireless clients before joining your network.

• Use RADIUS authentication if you have a RADIUS server. See the appendices for
information on protocols used when a client authenticates with a RADIUS server via the
Prestige.

Chapter 4 Wireless LAN 83

P-334WT User’s Guide

4.2.3 Restricted Access

The MAC Filter screen allows you to configure the AP to give exclusive access to devices
(Allow) or exclude them from accessing the AP (Deny).

4.2.4 Hide Prestige Identity

If you hide the ESSID, then the Prestige cannot be seen when a wireless client scans for local
APs. The trade-off for the extra security of “hiding” the Prestige may be inconvenient for
some valid WLAN clients.

4.2.5 G-plus

G-plus is an enhancement to the IEEE 802.11g wireless standard. G-plus combines multiple
frames into a larger frame size. This increases wireless transmission speeds by allowing larger
frames (up to 4 KB) to be sent.

Note: G-plus speed applies only to unicast traffic (not broadcast or multicast). G-plus

is automatically disabled if wireless transmission speeds fall below 11 Mbps.

4.2.6 Using OTIST

To automatically configure the wireless security settings and set the wireless client to use the
same SSID and WEP or WPA-PSK settings, use the OTIST setup wizard or the advanced
wireless OTIST screen.

To manually configure the security setting, enter the WEP or WPA-PSK keys and SSID in the
wireless screen. After that, you can enter the same settings in the wireless client or run OTIST
to have the wireless client acquire the SSID and key automatically.

If you change the SSID or the keys after OTIST, you need to run OTIST again or enter them
manually in the wireless client.

Note: You must activate and start OTIST on both the Prestige and the wireless client

at the same time.

See the wireless client Quick Start Guide for information on wireless client
OTIST setup. For more information on OTIST see

Section 4.5.1 on page 100.

4.3 Configuring Wireless LAN on the Prestige

1 Configure the SSID and WEP in the Wireless screen. If you configure WEP, you can’t

configure WPA or WPA-PSK.

2 Use the MAC Filter screen to restrict access to your wireless network by MAC address.

3 Configure the RADIUS authentication database settings in the Wireless screen.

84 Chapter 4 Wireless LAN

P-334WT User’s Guide

4 If you have OTIST-enabled clients, configure OTIST in the OTIST screen. OTIST

transfers device SSID and WEP or WPA-PSK key settings (if enabled) to wireless
clients.

The following figure shows the relative effectiveness of these wireless security methods
available on your Prestige.

Table 26 Wireless Security Levels

Security Level Security Type

Least Secure

Most Secure

Unique SSID (Default)

Unique SSID with Hide SSID Enabled

MAC Address Filtering

WEP Encryption

IEEE802.1x EAP with RADIUS Server Authentication

Wi-Fi Protected Access (WPA)

WPA2

Note: You must enable the same wireless security settings on the Prestige and on all

wireless clients that you want to associate with it.

4.4 General Wireless LAN Screen

Note: If you are configuring the Prestige from a computer connected to the wireless

LAN and you change the Prestige’s SSID, channel or security settings, you will
lose your wireless connection when you press Apply to confirm. You must then
change the wireless settings of your computer to match the Prestige’s new
settings.

Click the Wireless LAN link under Network to open the Wireless screen.

Figure 33 Wireless

Chapter 4 Wireless LAN 85

P-334WT User’s Guide

The following table describes the general wireless LAN labels in this screen.

Table 27 Wireless

LABEL DESCRIPTION

Enable
Wireless LAN

Name(SSID) (Service Set IDentity) The SSID identifies the Service Set with which a wireless

Hide SSID Select this check box to hide the SSID in the outgoing beacon frame so a station

Channel
Selection

Apply Click Apply to save your changes back to the Prestige.

Reset Click Reset to reload the previous configuration for this screen.

See the rest of this chapter for information on the other labels in this screen.

4.4.1 No Security

Select No Security to allow wireless stations to communicate with the access points without
any data encryption.

Note: If you do not enable any wireless security on your Prestige, your network is

accessible to any wireless networking device that is within range.

Click the check box to activate wireless LAN.

station is associated. Wireless stations associating to the access point (AP) must
have the same SSID. Enter a descriptive name (up to 32 printable 7-bit ASCII
characters) for the wireless LAN.

cannot obtain the SSID through scanning using a site survey tool.

Set the operating frequency/channel depending on your particular region.
Select a channel from the drop-down list box.
Refer to the Connection Wizard chapter for more information on channels.

Figure 34 Wireless: No Security

86 Chapter 4 Wireless LAN

The following table describes the labels in this screen.

Table 28 Wireless No Security

LABEL DESCRIPTION

Security Mode Choose No Security from the drop-down list box.

Apply Click Apply to save your changes back to the Prestige.

Reset Click Reset to reload the previous configuration for this screen.

4.4.2 WEP Encryption

WEP encryption scrambles the data transmitted between the wireless stations and the access
points to keep network communications private. It encrypts unicast and multicast
communications in a network. Both the wireless stations and the access points must use the
same WEP key.

Your Prestige allows you to configure up to four 64-bit, 128-bit or 256-bit WEP keys but only
one key can be enabled at any one time.

P-334WT User’s Guide

In order to configure and enable WEP encryption; click Wireless LAN and Wireless to the
display the Wireless General screen.

4.4.3 Static WEP Encryption

In order to configure and enable WEP encryption; click the Wireless LAN link under
Network to display the Wireless General screen. Select Static WEP from the Security
Mode list.

Chapter 4 Wireless LAN 87

P-334WT User’s Guide

Figure 35 Wireless: Static WEP Encryption

The following table describes the wireless LAN security labels in this screen.

Table 29 Wireless: Static WEP Encryption

LABEL DESCRIPTION

Passphrase Enter a Passphrase (up to 32 printable characters) and clicking Generate. The

Prestige automatically generates a WEP key.

WEP
Encryption

Authentication
Method

ASCII Select this option in order to enter ASCII characters as WEP key.

Hex Select this option in order to enter hexadecimal characters as a WEP key.

Key 1 to Key 4 The WEP keys are used to encrypt data. Both the Prestige and the wireless stations

Apply Click Apply to save your changes back to the Prestige.

Reset Click Reset to reload the previous configuration for this screen.

Select 64-bit WEP, 128-bit WEP or 256-bit WEP to enable data encryption.

This field is activated when you select 64-bit WEP, 128-bit WEP or 256-bit WEP in
the WEP Encryption field.

Select Auto, Open System or Shared Key from the drop-down list box.

The preceding "0x", that identifies a hexadecimal key, is entered automatically.

must use the same WEP key for data transmission.
If you chose 64-bit WEP, then enter any 5 ASCII characters or 10 hexadecimal

characters ("0-9", "A-F").
If you chose 128-bit WEP, then enter 13 ASCII characters or 26 hexadecimal

characters ("0-9", "A-F").
If you chose 256-bit WEP, then enter 29 ASCII characters or 58 hexadecimal

characters ("0-9", "A-F").
You must configure at least one key, only one key can be activated at any one time.

The default key is key 1.

88 Chapter 4 Wireless LAN

4.4.4 Introduction to WPA and WPA2

Wi-Fi Protected Access (WPA) is a subset of the IEEE 802.11i standard. WPA is preferred to
WEP as WPA has user authentication and improved data encryption. WPA improves data
encryption by using Temporal Key Integrity Protocol (TKIP), Message Integrity Check (MIC)
and IEEE 802.1x. WPA2 uses Advanced Encryption Standard (AES) to offer stronger
encryption than WPA. See the appendix for more information on WPA user authentication and
WPA encryption.

If both an AP and the wireless clients support WPA2 and you have an external RADIUS
server, use WPA2 for stronger data encryption. If you don't have an external RADIUS server,
you should use WPA2-PSK (WPA2-Pre-Shared Key) that only requires a single (identical)
password entered into each access point, wireless gateway and wireless client. As long as the
passwords match, a wireless client will be granted access to a WLAN.

4.4.5 WPA(2)-PSK Application Example

A WPA(2)-PSK application looks as follows.

P-334WT User’s Guide

1 First enter identical passwords into the AP and all wireless clients. The Pre-Shared Key

(PSK) must consist of between 8 and 63 ASCII characters (including spaces and
symbols).

2 The AP checks each wireless client's password and (only) allows it to join the network if

the password matches.

3 The AP derives and distributes keys to the wireless clients.

4 The AP and wireless clients use the TKIP or AES encryption process to encrypt data

exchanged between them.

Figure 36 WPA(2)-PSK Authentication

4.4.6 WPA-PSK/WPA2-PSK Authentication Screen

Click the Wireless LAN link under Network to display the Wireless General screen.

Chapter 4 Wireless LAN 89

P-334WT User’s Guide

Figure 37 Wireless: WPA-PSK/WPA2-PSK

The following table describes the labels in this screen.

Table 30 Wireless: WPA-PSK/WPA2-PSK

LABEL DESCRIPTION

WPA Compatible This check box is available only when you select WPA2-PSK or WPA2 in the

Pre-Shared Key The encryption mechanisms used for WPA/WPA2 and WPA-PSK/WPA2-PSK are

ReAuthentication
Timer (in seconds)

Security Mode field.
Select the check box to have both WPA2 and WPA wireless clients be able to

communicate with the Prestige even when the Prestige is using WPA2-PSK or
WPA2.

the same. The only difference between the two is that WPA-PSK/WPA2-PSK uses
a simple common password, instead of user-specific credentials.

Type a pre-shared key from 8 to 63 case-sensitive ASCII characters (including
spaces and symbols).

Specify how often wireless stations have to resend usernames and passwords in
order to stay connected. Enter a time interval between 10 and 9999 seconds. The
default time interval is 1800 seconds (30 minutes).

Note: If wireless station authentication is done using a RADIUS

server, the reauthentication timer on the RADIUS server has
priority.

Idle Timeout The Prestige automatically disconnects a wireless station from the wired network

after a period of inactivity. The wireless station needs to enter the username and
password again before access to the wired network is allowed. The default time
interval is 3600 seconds (or 1 hour).

90 Chapter 4 Wireless LAN

Table 30 Wireless: WPA-PSK/WPA2-PSK

LABEL DESCRIPTION

P-334WT User’s Guide

Group Key Update
Time r

Apply Click Apply to save your changes back to the Prestige.

Reset Click Reset to reload the previous configuration for this screen.

The Group Key Update Timer is the rate at which the AP (if using WPA-PSK/
WPA2-PSK key management) or RADIUS server (if using WPA/WPA2 key
management) sends a new group key out to all clients. The re-keying process is
the WPA/WPA2 equivalent of automatically changing the WEP key for an AP and
all stations in a WLAN on a periodic basis. Setting of the Group Key Update

Timer is also supported in WPA-PSK/WPA2-PSK mode. The Prestige default is
1800 seconds (30 minutes).

4.4.7 Wireless Client WPA Supplicants

A wireless client supplicant is the software that runs on an operating system instructing the
wireless client how to use WPA. At the time of writing, the most widely available supplicant is
the WPA patch for Windows XP, Funk Software's Odyssey client.

The Funk Software's Odyssey client is bundled free (at the time of writing) with the Prestige
client adaptor(s). This adds WPA capability to Windows XP's built-in "Zero Configuration"
wireless client.

4.4.8 WPA(2) with RADIUS Application Example

You need the IP address of the RADIUS server, its port number (default is 1812), and the
RADIUS shared secret. A WPA(2) application example with an external RADIUS server
looks as follows. "A" is the RADIUS server. "DS" is the distribution system.

1 The AP passes the wireless client's authentication request to the RADIUS server.

2 The RADIUS server then checks the user's identification against its database and grants

or denies network access accordingly.

3 The RADIUS server distributes a Pairwise Master Key (PMK) key to the AP that then

sets up a key hierarchy and management system, using the pair-wise key to dynamically
generate unique data encryption keys to encrypt every data packet that is wirelessly
communicated between the AP and the wireless clients.

Chapter 4 Wireless LAN 91

P-334WT User’s Guide

Figure 38 WPA(2) with RADIUS Application Example

4.4.9 WPA/WPA2 Authentication Screen

Click the Wireless LAN link under Network to display the Wireless General screen.

Figure 39 Wireless: WPA/WPA2

92 Chapter 4 Wireless LAN

P-334WT User’s Guide

The following table describes the labels in this screen.

Table 31 Wireless: WPA/WPA2

LABEL DESCRIPTION

WPA Compatible This check box is available only when you select WPA2-PSK or WPA2 in the

Security Mode field.

Select the check box to have both WPA2 and WPA wireless clients be able to
communicate with the Prestige even when the Prestige is using WPA2-PSK or
WPA2.

ReAuthentication
Timer (in seconds)

Specify how often wireless stations have to resend usernames and passwords in
order to stay connected. Enter a time interval between 10 and 9999 seconds. The
default time interval is 1800 seconds (30 minutes).

Note: If wireless station authentication is done using a RADIUS

server, the reauthentication timer on the RADIUS server
has priority.

Idle Timeout The Prestige automatically disconnects a wireless station from the wired network

after a period of inactivity. The wireless station needs to enter the username and
password again before access to the wired network is allowed. The default time
interval is 3600 seconds (or 1 hour).

Group Key Update
Timer

Authentication Server

IP Address Enter the IP address of the external authentication server in dotted decimal

Port Number Enter the port number of the external authentication server. The default port

Shared Secret Enter a password (up to 31 alphanumeric characters) as the key to be shared

Accounting Server

Active Select Yes from the drop down list box to enable user accounting through an

IP Address Enter the IP address of the external accounting server in dotted decimal notation.

Port Number Enter the port number of the external accounting server. The default port number

Shared Secret Enter a password (up to 31 alphanumeric characters) as the key to be shared

The Group Key Update Timer is the rate at which the AP (if using WPA-PSK/
WPA2-PSK key management) or RADIUS server (if using WPA/WPA2 key
management) sends a new group key out to all clients. The re-keying process is
the WPA/WPA2 equivalent of automatically changing the WEP key for an AP and
all stations in a WLAN on a periodic basis. Setting of the Group Key Update

Timer is also supported in WPA-PSK/WPA2-PSK mode. The Prestige default is
1800 seconds (30 minutes).

notation.

number is 1812.
You need not change this value unless your network administrator instructs you

to do so with additional information.

between the external authentication server and the Prestige.
The key must be the same on the external authentication server and your

Prestige. The key is not sent over the network.

external authentication server.

is 1813.
You need not change this value unless your network administrator instructs you

to do so with additional information.

between the external accounting server and the Prestige.
The key must be the same on the external accounting server and your Prestige.

The key is not sent over the network.

Chapter 4 Wireless LAN 93

P-334WT User’s Guide

Table 31 Wireless: WPA/WPA2

LABEL DESCRIPTION

Apply Click Apply to save your changes back to the Prestige.

Reset Click Reset to reload the previous configuration for this screen.

4.4.10 IEEE 802.1x Overview

You need the following for IEEE 802.1x authentication.

• A computer with an IEEE 802.11 a/b/g wireless LAN adapter and equipped with a web
browser (with JavaScript enabled) and/or Telnet.

• A wireless station computer must be running IEEE 802.1x-compliant software. Not all
Windows operating systems support IEEE 802.1x (see the Microsoft web site for details).
For other operating systems, see their documentation. If your operating system does not
support IEEE 802.1x, then you may need to install IEEE 802.1x client software.

• An optional network RADIUS server for remote user authentication and accounting.

4.4.11 IEEE 802.1x and Dynamic WEP Key Exchange

In order to configure and enable IEEE 802.1x and dynamic WEP key exchange; click the

Wireless LAN link under Network to display the Wireless General screen. Select 802.1x +
Dynamic WEP from the Security Mode list.

Figure 40 Wireless: 802.1x and Dynamic WEP

94 Chapter 4 Wireless LAN

The following table describes the labels in this screen.

Table 32 Wireless: 802.1x and Dynamic WEP

LABEL DESCRIPTION

P-334WT User’s Guide

ReAuthentication
Timer (in seconds)

Specify how often wireless stations have to resend usernames and passwords in
order to stay connected. Enter a time interval between 10 and 9999 seconds. The
default time interval is 1800 seconds (30 minutes).

Note: If wireless station authentication is done using a RADIUS

server, the reauthentication timer on the RADIUS server
has priority.

Idle Timeout The Prestige automatically disconnects a wireless station from the wired network

Dynamic WEP Key
Exchange

Authentication Server

IP Address Enter the IP address of the external authentication server in dotted decimal

Port Number Enter the port number of the external authentication server. The default port

Shared Secret Enter a password (up to 31 alphanumeric characters) as the key to be shared

Accounting Server

Active Select Yes from the drop down list box to enable user accounting through an

IP Address Enter the IP address of the external accounting server in dotted decimal notation.

Port Number Enter the port number of the external accounting server. The default port number

Shared Secret Enter a password (up to 31 alphanumeric characters) as the key to be shared

Apply Click Apply to save your changes back to the Prestige.

Reset Click Reset to reload the previous configuration for this screen.

after a period of inactivity. The wireless station needs to enter the username and
password again before access to the wired network is allowed. The default time
interval is 3600 seconds (or 1 hour).

Select 64-bit WEP or 128-bit WEP to enable data encryption. Up to 32 stations
can access the Prestige when you configure dynamic WEP key exchange.

notation.

number is 1812.
You need not change this value unless your network administrator instructs you

to do so with additional information.

between the external authentication server and the Prestige.
The key must be the same on the external authentication server and your

Prestige. The key is not sent over the network.

external authentication server.

is 1813.
You need not change this value unless your network administrator instructs you

to do so with additional information.

between the external accounting server and the Prestige.
The key must be the same on the external accounting server and your Prestige.

The key is not sent over the network.

4.4.12 IEEE 802.1x and Static WEP Key Exchange

In order to configure and enable IEEE 802.1x and static WEP key exchange; click the

Wireless LAN link under Network to display the Wireless General screen. Select 802.1x +
Static WEP from the Security Mode list.

Chapter 4 Wireless LAN 95

P-334WT User’s Guide

Figure 41 Wireless: 802.1x and Static WEP

The following table describes the labels in this screen.

Table 33 Wireless: 802.1x and Static WEP

LABEL DESCRIPTION

Passphrase Enter a Passphrase (up to 32 printable characters) and clicking Generate. The

WEP Encryption Select 64-bit WEP, 128-bit WEP or 256-bit WEP to enable data encryption.

Authentication
Method

ASCII Select this option in order to enter ASCII characters as the WEP keys.

Hex Select this option in order to enter hexadecimal characters as the WEP keys. The

96 Chapter 4 Wireless LAN

Prestige automatically generates a WEP key.

This field is activated when you select 64-bit WEP, 128-bit WEP or 256-bit WEP
in the WEP Encryption field. Select Auto, Open System or Shared Key from the
drop-down list box.

preceding "0x", that identifies a hexadecimal key, is entered automatically.

P-334WT User’s Guide

Table 33 Wireless: 802.1x and Static WEP

LABEL DESCRIPTION

Key 1 to Key 4 The WEP keys are used to encrypt data. Both the Prestige and the wireless

stations must use the same WEP key for data transmission.
If you chose 64-bit WEP, then enter any 5 ASCII characters or 10 hexadecimal

characters ("0-9", "A-F").
If you chose 128-bit WEP, then enter 13 ASCII characters or 26 hexadecimal

characters ("0-9", "A-F").
If you chose 256-bit WEP, then enter 29 ASCII characters or 58 hexadecimal

characters ("0-9", "A-F").
You must configure at least one key, only one key can be activated at any one

time. The default key is key 1.

ReAuthentication
Timer (in seconds)

Specify how often wireless stations have to reenter usernames and passwords in
order to stay connected. Enter a time interval between 10 and 9999 seconds. The
default time interval is 1800 seconds (30 minutes).

Note: If wireless station authentication is done using a RADIUS

server, the reauthentication timer on the RADIUS server has
priority.

Idle Timeout The Prestige automatically disconnects a wireless station from the wired network

after a period of inactivity. The wireless station needs to enter the username and
password again before access to the wired network is allowed. The default time
interval is 3600 seconds (or 1 hour).

Authentication Server

IP Address Enter the IP address of the external authentication server in dotted decimal

notation.

Port Number Enter the port number of the external authentication server. The default port

Shared Secret Enter a password (up to 31 alphanumeric characters) as the key to be shared

Accounting Server

Active Select Yes from the drop down list box to enable user accounting through an

IP Address Enter the IP address of the external accounting server in dotted decimal notation.

Port Number Enter the port number of the external accounting server. The default port number

Shared Secret Enter a password (up to 31 alphanumeric characters) as the key to be shared

Apply Click Apply to save your changes back to the Prestige.

Reset Click Reset to reload the previous configuration for this screen.

number is 1812.
You need not change this value unless your network administrator instructs you

to do so with additional information.

between the external authentication server and the Prestige.
The key must be the same on the external authentication server and your

Prestige. The key is not sent over the network.

external authentication server.

is 1813.
You need not change this value unless your network administrator instructs you

to do so with additional information.

between the external accounting server and the Prestige.
The key must be the same on the external accounting server and your Prestige.

The key is not sent over the network.

Chapter 4 Wireless LAN 97

P-334WT User’s Guide

4.4.13 IEEE 802.1x + no WEP

In order to configure and enable 802.1x; click the Wireless LAN link under Network to
display the Wireless General screen. Select 802.1x + No WEP from the Security Mode list.

Figure 42 Wireless: 802.1x

The following table describes the labels in this screen.

Table 34 Wireless: 802.1x and No WEP

LABEL DESCRIPTION

ReAuthentication
Timer (in seconds)

Specify how often wireless stations have to reenter usernames and passwords in
order to stay connected. Enter a time interval between 10 and 9999 seconds. The
default time interval is 1800 seconds (30 minutes).

Note: If wireless station authentication is done using a RADIUS

server, the reauthentication timer on the RADIUS server has
priority.

Idle Timeout The Prestige automatically disconnects a wireless station from the wired network

after a period of inactivity. The wireless station needs to enter the username and
password again before access to the wired network is allowed. The default time
interval is 3600 seconds (or 1 hour).

Authentication Server

IP Address Enter the IP address of the external authentication server in dotted decimal

notation.

Port Number Enter the port number of the external authentication server. The default port

number is 1812.
You need not change this value unless your network administrator instructs you

to do so with additional information.

98 Chapter 4 Wireless LAN

P-334WT User’s Guide

Table 34 Wireless: 802.1x and No WEP

LABEL DESCRIPTION

Shared Secret Enter a password (up to 31 alphanumeric characters) as the key to be shared

between the external authentication server and the Prestige.
The key must be the same on the external authentication server and your

Prestige. The key is not sent over the network.

Accounting Server

Active Select Yes from the drop down list box to enable user accounting through an

IP Address Enter the IP address of the external accounting server in dotted decimal notation.

Port Number Enter the port number of the external accounting server. The default port number

Shared Secret Enter a password (up to 31 alphanumeric characters) as the key to be shared

Apply Click Apply to save your changes back to the Prestige.

Reset Click Reset to reload the previous configuration for this screen.

external authentication server.

is 1813.
You need not change this value unless your network administrator instructs you

to do so with additional information.

between the external accounting server and the Prestige.
The key must be the same on the external accounting server and your Prestige.

The key is not sent over the network.

4.5 OTIST

OTIST (One-Touch Intelligent Security Technology) allows your Prestige to set the wireless
client to use the same wireless settings as the Prestige.

Note: The wireless client must support OTIST and have OTIST enabled.

The following are the wireless settings that the Prestige assigns to the wireless client if OTIST
is enabled on both devices and the OTIST setup keys are the same.

•SSID

• Security (WEP or WPA-PSK)

Note: This will replace the pre-configured wireless settings on the wireless clients.

Click the Wireless LAN link under Network and then the OTIST tab. The following screen
displays.

Chapter 4 Wireless LAN 99

P-334WT User’s Guide

Figure 43 OTIST

The following table describes the labels in this screen.

Table 35 OTIST

LABEL DESCRIPTION

Setup Key Type an OTIST Setup Key of exactly eight ASCII characters in length.

Yes! If you want to configure your own WPA-PSK and have OTIST use that WPA-

The default OTIST setup key is "01234567".

Note: If you change the OTIST setup key here, you must also

make the same change on the wireless client(s).

PSK, you must:

• Configure a WPA-PSK in the Wireless General screen.

• Clear the Ye s! checkbox in the OTIST screen and click Apply.

Star t Click Start to encrypt the wireless security data using the setup key and have

4.5.1 Activating OTIST

After you click Start, a dialog box displays the security mode and the WEP key or pre-shared
key depending on which mode is configured. Click OK to proceed with the OTIST setup.

Note: If you already have a WPA-PSK configured in the

Wireless General screen, and you run OTIST with Yes!

selected, OTIST will not replace the WPA-PSK. Clear the
checkbox in the OTIST screen.

If you want OTIST to automatically generate a WPA-PSK, you must:

• Change your security to None in the Wireless General screen.

• Select the Yes! checkbox in the OTIST screen and click Apply.

• The wireless screen displays an auto generated WPA-PSK and is now in
WPA-PSK security mode.

The WPA-PSK security settings are assigned to the wireless client when you
start OTIST.

the Prestige set the wireless station to use the same wireless settings as the
Prestige. You must also activate and start OTIST on the wireless station at the
same time.

The process takes three minutes to complete.

100 Chapter 4 Wireless LAN