Zyxel PRESTIGE 335, prestige-335wt user manual

Download

P-335

Firewall Router with Print Server

P-335WT

802.11g Wireless Firewall Router with Print Server

User’s Guide

Version 3.60

12/2004

P-335 Series User’s Guide

Copyright

The contents of this publication may not be reproduced in any part or as a whole, transcribed, stored in a retrieval system, translated into any language, or transmitted in any form or by any means, electronic, mechanical, magnetic, optical, chemical, photocopying, manual, or otherwise, without the prior written permission of ZyXEL Communications Corporation.

Disclaimer

ZyXEL does not assume any liability arising out of the application or use of any products, or software described herein. Neither does it convey any license under its patent rights nor the patent rights of others. ZyXEL further reserves the right to make changes in any products described herein without notice. This publication is subject to change without notice.

Trademarks

ZyNOS (ZyXEL Network Operating System) is a registered trademark of ZyXEL Communications, Inc. Other trademarks mentioned in this publication are used for identification purposes only and may be properties of their respective owners.

P-335 Series User’s Guide

Federal Communications

Commission (FCC) Interference

Statement

This device complies with Part 15 of FCC rules. Operation is subject to the following two conditions:

• This device may not cause harmful interference.

• This device must accept any interference received, including interference that may cause undesired operations.

This equipment has been tested and found to comply with the limits for a Class B digital device pursuant to Part 15 of the FCC Rules. These limits are designed to provide reasonable protection against harmful interference in a commercial environment. This equipment generates, uses, and can radiate radio frequency energy, and if not installed and used in accordance with the instructions, may cause harmful interference to radio communications.

If this equipment does cause harmful interference to radio/television reception, which can be determined by turning the equipment off and on, the user is encouraged to try to correct the interference by one or more of the following measures:

• Reorient or relocate the receiving antenna.

• Increase the separation between the equipment and the receiver.

• Connect the equipment into an outlet on a circuit different from that to which the receiver is connected.

• Consult the dealer or an experienced radio/TV technician for help.

Notice 1

Changes or modifications not expressly approved by the party responsible for compliance could void the user's authority to operate the equipment.

Certifications

Go to www.zyxel.com

1 Select your product from the drop-down list box on the ZyXEL home page to go to that

product's page.

2 Select the certification you wish to view from this page

4 Federal Communications Commission (FCC) Interference Statement

P-335 Series User’s Guide

Federal Communications Commission (FCC) Interference Statement 5

P-335 Series User’s Guide

ZyXEL warrants to the original end user (purchaser) that this product is free from any defects in materials or workmanship for a period of up to two years from the date of purchase. During the warranty period, and upon proof of purchase, should the product have indications of failure due to faulty workmanship and/or materials, ZyXEL will, at its discretion, repair or replace the defective products or components without charge for either parts or labor, and to whatever extent it shall deem necessary to restore the product or components to proper operating condition. Any replacement will consist of a new or re-manufactured functionally equivalent product of equal value, and will be solely at the discretion of ZyXEL. This warranty shall not apply if the product is modified, misused, tampered with, damaged by an act of God, or subjected to abnormal working conditions.

Note

Repair or replacement, as provided under this warranty, is the exclusive remedy of the purchaser. This warranty is in lieu of all other warranties, express or implied, including any implied warranty of merchantability or fitness for a particular use or purpose. ZyXEL shall in no event be held liable for indirect or consequential damages of any kind of character to the purchaser.

ZyXEL Limited Warranty

To obtain the services of this warranty, contact ZyXEL's Service Center for your Return Material Authorization number (RMA). Products must be returned Postage Prepaid. It is recommended that the unit be insured when shipped. Any returned products without proof of purchase or those with an out-dated warranty will be repaired or replaced (at the discretion of ZyXEL) and the customer will be billed for parts and labor. All repaired or replaced products will be shipped by ZyXEL to the corresponding return address, Postage Paid. This warranty gives you specific legal rights, and you may also have other rights that vary from country to country.

Safety Warnings

1 To reduce the risk of fire, use only No. 26 AWG or larger telephone wire.

2 Do not use this product near water, for example, in a wet basement or near a swimming

pool.

3 Avoid using this product during an electrical storm. There may be a remote risk of

electric shock from lightening.

This product has been designed for the WLAN 2.4 GHz network throughout the EC region and Switzerland, with restrictions in France.

6 ZyXEL Limited Warranty

P-335 Series User’s Guide

Customer Support

Please have the following information ready when you contact customer support.

• Product model and serial number.

• Warranty Information.

• Date that you received your device.

• Brief description of the problem and the steps you took to solve it.

METHOD

LOCATION

WORLDWIDE

NORTH AMERICA

GERMANY

FRANCE

SPAIN

DENMARK

NORWAY

SWEDEN

FINLAND

SUPPORT E-MAIL TELEPHONE

SALES E-MAIL FAX FTP SITE

support@zyxel.com.tw +886-3-578-3942 www.zyxel.com

sales@zyxel.com.tw +886-3-578-2439 ftp.zyxel.com

support@zyxel.com +1-800-255-4101

+1-714-632-0882

sales@zyxel.com +1-714-632-0858 ftp.us.zyxel.com

support@zyxel.de +49-2405-6909-0 www.zyxel.de ZyXEL Deutschland GmbH.

sales@zyxel.de +49-2405-6909-99

info@zyxel.fr +33 (0)4 72 52 97 97 www.zyxel.fr Z yX E L F r an c e

+33 (0)4 72 52 19 20

support@zyxel.es +34 902 195 420 www.zyxel.es Z yX E L C o m m un i c a t i o n s

sales@zyxel.es +34 913 005 345

support@zyxel.dk +45 39 55 07 00 www.zyxel.dk Z y X E L C o m m u n i c a t i o n s A / S

sales@zyxel.dk +45 39 55 07 07

support@zyxel.no +47 22 80 61 80 www.zyxel.no Z y X E L C o m m u n i c a t i o n s A / S

sales@zyxel.no +47 22 80 61 81

support@zyxel.se +46 31 744 7700 www.zyxel.se ZyXEL Communications A/S

sales@zyxel.se +46 31 744 7701

support@zyxel.fi +358 9 4780 8411 www.zyxel.fi Z yXEL Comm un i cations O y

sales@zyxel.fi +358 9 4780 8448

WEB SITE

REGULAR MAIL

ZyXEL Communications Corp.

www.europe.zyxel.com

ftp.europe.zyxel.com

www.us.zyxel.com ZyXEL Communications Inc.

6 Innov ati on Roa d II Sc ience Park Hs inchu 3 00 Ta iw a n

1130 N. Miller St. Ana hei m

CA 92806- 2001 U.S.A.

Adenauerstr. 20/A2 D-52146 Wuerselen Germany

1 rue de s Ve rg er s Ba t. 1 / C 69760 Limonest France

A l e j a n d r o V i l l e g a s 3 3 1 º , 2 8 0 4 3 M a d r i d Spain

Col um bu sv ej 5 2860 Soeborg Denmark

Ni ls Hansens vei 13 0667 Oslo Norway

Sjöporten 4, 41764 Göteborg Sweden

Mal mi nk aa ri 10 00700 Helsinki Finland

Customer Support 7

P-335 Series User’s Guide

a. “+” is the (prefix) number you enter to make an international telephone call.

8 Customer Support

P-335 Series User’s Guide

Copyright .................................................................................................................. 3

Federal Communications Commission (FCC) Interference Statement ............... 4

ZyXEL Limited Warranty.......................................................................................... 6

Customer Support.................................................................................................... 7

Preface .................................................................................................................... 37

Chapter 1

Getting to Know Your Prestige ............................................................................. 41

1.1 Prestige Internet Security Gateway Overview ....................................................41

1.2 Prestige Features ...............................................................................................41

1.2.1 Physical Features .....................................................................................41

1.2.1.1 USB Port .........................................................................................41

1.2.1.2 OTIST Button (P-335WT only) ........................................................41

1.2.1.3 10/100M Auto-negotiating Ethernet/Fast Ethernet Interface(s) .......41

1.2.1.4 Auto-crossover 10/100 Mbps Ethernet Interface(s) .........................42

1.2.1.5 4-Port Switch ...................................................................................42

1.2.1.6 Time and Date .................................................................................42

1.2.1.7 Reset Button ...................................................................................42

1.2.2 Non-Physical Features .............................................................................42

1.2.2.1 Print Server .....................................................................................42

1.2.2.2 OTIST (P-335WT only) ...................................................................42

1.2.2.3 Media Bandwidth Management .......................................................42

1.2.2.4 Trend Micro Security Services ........................................................42

1.2.2.5 IPSec VPN Capability ......................................................................43

1.2.2.6 Firewall ............................................................................................43

1.2.2.7 IEEE 802.1x Network Security (P-335WT only) ..............................43

1.2.2.8 Content Filtering ..............................................................................43

1.2.2.9 Brute-Force Password Guessing Protection ...................................43

1.2.2.10 802.11b Wireless LAN Standard (P-335WT only) .........................43

1.2.2.11 802.11g Wireless LAN Standard (P-335WT only) .........................44

1.2.2.12 Packet Filtering .............................................................................44

1.2.2.13 Universal Plug and Play (UPnP) ...................................................44

1.2.2.14 Call Scheduling .............................................................................44

P-335 Series User’s Guide

1.3 Applications for the Prestige ..............................................................................47

1.3.1 Print Server Application ............................................................................47

1.3.2 Secure Broadband Internet Access via Cable or DSL Modem .................47

1.3.3 VPN Application ........................................................................................48

1.3.4 Wireless LAN Application (P-335WT only) ...............................................48

1.2.2.15 PPPoE ...........................................................................................44

1.2.2.16 PPTP Encapsulation .....................................................................45

1.2.2.17 Dynamic DNS Support ..................................................................45

1.2.2.18 IP Multicast ....................................................................................45

1.2.2.19 IP Alias ..........................................................................................45

1.2.2.20 SNMP ............................................................................................45

1.2.2.21 Network Address Translation (NAT) ..............................................45

1.2.2.22 Traffic Redirect ..............................................................................45

1.2.2.23 Port Forwarding .............................................................................46

1.2.2.24 DHCP (Dynamic Host Configuration Protocol) ..............................46

1.2.2.25 Any IP ............................................................................................46

1.2.2.26 Full Network Management ............................................................46

1.2.2.27 RoadRunner Support ....................................................................46

1.2.2.28 Logging and Tracing ......................................................................46

1.2.2.29 Upgrade Prestige Firmware via LAN .............................................46

1.2.2.30 Embedded FTP and TFTP Servers ...............................................46

1.2.2.31 Wireless Association List (P-335WT only) ....................................47

1.2.2.32 Wireless LAN Channel Usage (P-335WT only) ............................47

Chapter 2

Introducing the Web Configurator........................................................................ 51

2.1 Web Configurator Overview ...............................................................................51

2.2 Accessing the Prestige Web Configurator .........................................................51

2.3 Resetting the Prestige ........................................................................................52

2.3.1 Procedure To Use The Reset Button ........................................................52

2.3.2 Navigating the Prestige Web Configurator ...............................................52

2.3.3 Navigation Panel .......................................................................................53

Chapter 3

Wizard Setup .......................................................................................................... 57

3.1 Wizard Setup Overview ......................................................................................57

3.2 Wizard Setup: General Setup and System Name ..............................................57

3.2.1 Domain Name ...........................................................................................57

3.3 Wizard Setup: Wireless LAN (P-335WT only) ....................................................58

3.3.1 Wizard Setup : Wireless LAN : Basic Security ..........................................59

3.3.2 Wizard Setup : Wireless LAN : Extended Security ...................................61

3.4 Wizard Setup : Wireless LAN : OTIST (P-335WT only) .....................................61

3.5 Wizard Setup : Internet Access ..........................................................................63

P-335 Series User’s Guide

3.5.1 Ethernet ....................................................................................................63

3.5.2 PPPoE Encapsulation ...............................................................................64

3.5.3 PPTP Encapsulation .................................................................................65

3.6 Wizard Setup : WAN ..........................................................................................67

3.6.1 WAN IP Address Assignment ...................................................................67

3.6.2 IP Address and Subnet Mask ...................................................................67

3.6.3 DNS Server Address Assignment .............................................................68

3.6.4 WAN MAC Address ..................................................................................68

3.7 Wizard Setup : Complete ...................................................................................71

Chapter 4

Media Bandwidth Management Setup.................................................................. 73

4.1 Media Bandwidth Management Setup Overview ...............................................73

4.2 Media Bandwidth Management Setup ...............................................................73

4.3 Media Bandwidth Management Setup : Services ..............................................74

4.4 Media Bandwidth Management Setup : Service Priority ....................................75

4.5 Media Bandwidth Management Setup Complete ...............................................76

Chapter 5

System Screens ..................................................................................................... 77

5.1 System Overview ...............................................................................................77

5.2 Configuring General Setup .................................................................................77

5.3 Dynamic DNS .....................................................................................................79

5.3.1 DynDNS Wildcard .....................................................................................79

5.4 Configuring Dynamic DNS .................................................................................79

5.5 Configuring Password ........................................................................................81

5.6 Configuring Time Setting ....................................................................................81

Chapter 6

LAN Screens........................................................................................................... 85

6.1 LAN Overview ....................................................................................................85

6.2 DHCP Setup .......................................................................................................85

6.2.1 IP Pool Setup ............................................................................................85

6.2.2 System DNS Servers ................................................................................85

6.3 LAN TCP/IP ........................................................................................................85

6.3.1 Factory LAN Defaults ................................................................................85

6.3.2 IP Address and Subnet Mask ...................................................................86

6.3.3 RIP Setup .................................................................................................86

6.3.4 Multicast ....................................................................................................86

6.4 Any IP .................................................................................................................87

6.4.1 How Any IP Works ....................................................................................88

6.5 Configuring IP ....................................................................................................88

6.6 Configuring Static DHCP ....................................................................................91

P-335 Series User’s Guide

6.7 Configuring IP Alias ............................................................................................92

Chapter 7

Wireless Configuration and Roaming .................................................................. 95

7.1 Wireless LAN Overview .....................................................................................95

7.1.1 IBSS ..........................................................................................................95

7.1.2 BSS ...........................................................................................................95

7.1.3 ESS ...........................................................................................................96

7.2 Wireless LAN Basics ..........................................................................................97

7.2.1 RTS/CTS .................................................................................................97

7.2.2 Fragmentation Threshold ..........................................................................98

7.3 Configuring Wireless ..........................................................................................99

7.4 Configuring Roaming .......................................................................................101

7.4.1 Requirements for Roaming .....................................................................102

Chapter 8

Wireless Security ..................................................................... 105

8.1 Wireless Security Overview .............................................................................105

8.2 Security Parameters Summary ........................................................................107

8.3 WEP Overview .................................................................................................108

8.3.1 Data Encryption .....................................................................................108

8.3.1.1 Authentication ...............................................................................108

8.3.2 Preamble Type ........................................................................................109

8.4 Configuring WEP Encryption ............................................................................109

8.5 Introduction to WPA ......................................................................................... 111

8.5.1 User Authentication ............................................................................... 111

8.5.2 Encryption .............................................................................................. 112

8.5.3 WPA-PSK Application Example .............................................................. 112

8.6 Configuring WPA-PSK Authentication ..............................................................113

8.7 Wireless Client WPA Supplicants .....................................................................115

8.8 Introduction to RADIUS ................................................................................... 115

8.8.1 Types of RADIUS Messages .................................................................. 116

8.8.1.1 Access-Challenge ......................................................................... 116

8.8.1.2 Accounting-Request ......................................................................116

8.8.1.3 Accounting-Response ................................................................... 116

8.8.1.4 EAP Authentication Overview .......................................................116

8.8.2 WPA with RADIUS Application Example ................................................117

8.9 Configuring WPA Authentication ......................................................................118

8.10 802.1x Overview ............................................................................................121

8.11 Dynamic WEP Key Exchange ........................................................................121

8.12 Configuring 802.1x and Dynamic WEP Key Exchange ..................................122

8.13 Configuring 802.1x and Static WEP Key Exchange .......................................125

8.14 Configuring 802.1x .........................................................................................128

P-335 Series User’s Guide

8.15 MAC Filter ......................................................................................................131

8.16 One-Touch Intelligent Security Technology ....................................................133

8.17 Prestige OTIST Configuration ........................................................................133

8.17.1 OTIST button ........................................................................................133

8.17.2 Web Configurator ..................................................................................133

8.18 Wireless Client OTIST Configuration .............................................................135

8.18.1 Manual ..................................................................................................135

8.18.2 Automatic ..............................................................................................136

Chapter 9

WAN Screens........................................................................................................ 137

9.1 WAN Overview .................................................................................................137

9.2 TCP/IP Priority (Metric) ....................................................................................137

9.3 Configuring Route ............................................................................................137

9.4 Configuring WAN ISP .......................................................................................138

9.4.1 Ethernet Encapsulation ...........................................................................138

9.4.2 PPPoE Encapsulation .............................................................................139

9.4.3 PPTP Encapsulation ...............................................................................142

9.5 Configuring WAN IP .........................................................................................144

9.6 Configuring WAN MAC .....................................................................................147

9.7 Traffic Redirect .................................................................................................148

9.8 Configuring Traffic Redirect ..............................................................................149

Chapter 10

Network Address Translation (NAT) Screens.................................................... 153

10.1 NAT Overview ................................................................................................153

10.1.1 NAT Definitions .....................................................................................153

10.1.2 What NAT Does ....................................................................................154

10.1.3 How NAT Works ...................................................................................154

10.1.4 NAT Application ....................................................................................155

10.1.5 NAT Mapping Types .............................................................................155

10.2 Using NAT ......................................................................................................157

10.2.1 SUA (Single User Account) Versus NAT ..............................................157

10.3 SUA Server ....................................................................................................157

10.3.1 Default Server IP Address ....................................................................157

10.3.2 Port Forwarding: Services and Port Numbers ......................................158

10.3.3 Configuring Servers Behind SUA (Example) ........................................159

10.4 Configuring SUA Server ................................................................................159

10.5 Configuring Address Mapping ........................................................................161

10.5.1 Configuring Address Mapping ..............................................................162

10.6 Trigger Port Forwarding .................................................................................164

10.6.1 Trigger Port Forwarding Example .........................................................164

10.6.2 Two Points To Remember About Trigger Ports .....................................165

P-335 Series User’s Guide

10.7 Configuring Trigger Port Forwarding ..............................................................165

Chapter 11

Static Route Screens ........................................................................................... 167

11.1 Static Route Overview ....................................................................................167

11.2 Configuring IP Static Route ............................................................................167

11.2.1 Configuring Route Entry ........................................................................168

Chapter 12

UPnP...................................................................................................................... 171

12.1 Universal Plug and Play Overview ................................................................171

12.1.1 How Do I Know If I'm Using UPnP? ......................................................171

12.1.2 NAT Traversal .......................................................................................171

12.1.3 Cautions with UPnP ..............................................................................171

12.2 UPnP and ZyXEL ...........................................................................................172

12.3 Configuring UPnP ..........................................................................................172

12.4 Installing UPnP in Windows Example ............................................................173

12.4.1 Installing UPnP in Windows Me ............................................................174

12.4.2 Installing UPnP in Windows XP ............................................................175

12.5 Using UPnP in Windows XP Example ...........................................................176

12.5.1 Auto-discover Your UPnP-enabled Network Device .............................177

12.5.2 Web Configurator Easy Access ............................................................178

12.5.3 Web Configurator Easy Access ............................................................179

Chapter 13

Trend Micro Security Services ............................................................................ 181

13.1 Trend Micro Security Service Overview .........................................................181

13.2 Configuring Service Settings ..........................................................................181

13.3 Virus Protection ..............................................................................................183

13.4 Configuring Virus Protection ..........................................................................183

13.5 Parental Controls ...........................................................................................185

13.6 Parental Controls Configuration .....................................................................185

13.6.1 Parental Controls Statistics ...................................................................189

Chapter 14

Firewall.................................................................................................................. 191

14.1 Introduction ....................................................................................................191

14.1.1 What is a Firewall? ...............................................................................191

14.1.2 Stateful Inspection Firewall. ..................................................................191

14.1.3 About the Prestige Firewall ...................................................................191

14.1.4 Guidelines For Enhancing Security With Your Firewall ........................192

14.2 Firewall Settings Screen ................................................................................192

14.3 The Firewall, NAT and Remote Management ................................................194

P-335 Series User’s Guide

14.3.1 LAN-to-WAN rules ................................................................................194

14.3.2 WAN-to-LAN rules ................................................................................195

14.4 Services ........................................................................................................195

Chapter 15

Content Filtering ................................................................................................. 199

15.1 Introduction to Content Filtering .....................................................................199

15.2 Restrict Web Features ...................................................................................199

15.3 Days and Times .............................................................................................199

15.4 Configure Content Filtering ............................................................................199

15.5 Customizing Keyword Blocking URL Checking ..............................................202

15.5.1 Domain Name or IP Address URL Checking ........................................202

15.5.2 Full Path URL Checking .......................................................................202

15.5.3 File Name URL Checking .....................................................................202

Chapter 16

Remote Management Screens ............................................................................ 205

16.1 Remote Management Overview .....................................................................205

16.1.1 Remote Management Limitations .........................................................205

16.1.2 Remote Management and NAT ............................................................206

16.1.3 System Timeout ...................................................................................206

16.2 Configuring WWW ..........................................................................................206

16.3 Configuring Telnet ..........................................................................................207

16.4 Configuring TELNET ......................................................................................208

16.5 Configuring FTP .............................................................................................209

16.6 SNMP .............................................................................................................210

16.6.1 Supported MIBs .................................................................................... 211

16.6.2 SNMP Traps .........................................................................................211

16.6.3 Configuring SNMP ................................................................................211

16.7 Configuring DNS ............................................................................................213

16.8 Configuring Security .......................................................................................214

Chapter 17

Introduction to IPSec ........................................................................................... 217

17.1 VPN Overview ................................................................................................217

17.1.1 IPSec ....................................................................................................217

17.1.2 Security Association .............................................................................217

17.1.3 Other Terminology ................................................................................217

17.1.3.1 Encryption ...................................................................................217

17.1.3.2 Data Confidentiality .....................................................................218

17.1.3.3 Data Integrity ...............................................................................218

17.1.3.4 Data Origin Authentication ..........................................................218

17.1.4 VPN Applications ..................................................................................218

P-335 Series User’s Guide

17.2 IPSec Architecture .........................................................................................218

17.2.1 IPSec Algorithms ..................................................................................219

17.2.2 Key Management ..................................................................................219

17.3 Encapsulation .................................................................................................219

17.3.1 Transport Mode ....................................................................................220

17.3.2 Tunnel Mode .........................................................................................220

17.4 IPSec and NAT ...............................................................................................220

Chapter 18

VPN Screens....................................................................................................... 223

18.1 VPN/IPSec Overview .....................................................................................223

18.2 IPSec Algorithms ............................................................................................223

18.2.1 AH (Authentication Header) Protocol ....................................................223

18.2.2 ESP (Encapsulating Security Payload) Protocol ..................................223

18.3 My IP Address ................................................................................................224

18.4 Secure Gateway Address ..............................................................................224

18.4.1 Dynamic Secure Gateway Address ......................................................225

18.5 Summary Screen ...........................................................................................225

18.6 Keep Alive ......................................................................................................227

18.7 NAT Traversal ................................................................................................227

18.7.1 NAT Traversal Configuration .................................................................227

18.7.2 Remote DNS Server .............................................................................228

18.8 ID Type and Content ......................................................................................229

18.8.1 ID Type and Content Examples ............................................................230

18.9 Pre-Shared Key ..............................................................................................230

18.10 Editing VPN Rules ........................................................................................231

18.11 IKE Phases ..................................................................................................234

18.11.1 Negotiation Mode ................................................................................235

18.11.2 Diffie-Hellman (DH) Key Groups .........................................................236

18.11.3 Perfect Forward Secrecy (PFS) ..........................................................236

18.12 Configuring Advanced IKE Settings .............................................................236

18.13 Manual Key Setup ........................................................................................241

18.13.1 Security Parameter Index (SPI) ..........................................................242

18.14 Configuring Manual Key ...............................................................................242

18.15 Viewing SA Monitor ......................................................................................245

18.16 Configuring Global Setting ...........................................................................246

18.17 Telecommuter VPN/IPSec Examples ...........................................................247

18.17.1 Telecommuters Sharing One VPN Rule Example ..............................247

18.17.2 Telecommuters Using Unique VPN Rules Example ...........................248

18.18 VPN and Remote Management ...................................................................249

P-335 Series User’s Guide

Chapter 19

Centralized Logs .................................................................................................. 251

19.1 View Log ........................................................................................................251

19.2 Log Settings ...................................................................................................252

Chapter 20

Print Server........................................................................................................... 257

20.1 Print Server Overview ....................................................................................257

20.2 Prestige Print Server ......................................................................................257

20.2.1 Installation Requirements .....................................................................257

20.3 Prestige Print Server Configuration ................................................................258

Chapter 21

Media Bandwidth Management........................................................................... 259

21.1 Bandwidth Management Overview ................................................................259

21.1.1 Application-based Bandwidth Management Example ..........................259

21.1.2 Subnet-based Bandwidth Management Example .................................260

21.1.3 Application and Subnet-based Bandwidth Management Example .......260

21.1.4 Bandwidth Usage Example ...................................................................261

21.1.5 Bandwidth Management Priorities ........................................................263

21.1.6 Bandwidth Management Services ........................................................263

21.1.6.1 Xbox Live ....................................................................................263

21.1.6.2 VoIP (SIP) ..................................................................................264

21.1.6.3 FTP .............................................................................................264

21.1.6.4 E-Mail ..........................................................................................264

21.1.6.5 eMule/eDonkey ...........................................................................264

21.1.6.6 WWW ..........................................................................................264

21.1.7 Services ................................................................................................265

21.2 Configuration Screen .....................................................................................266

21.3 Editing Bandwidth Management Rules ..........................................................268

21.3.1 Bandwidth Borrowing ...........................................................................268

21.4 Configuring Bandwidth Management Rules and Services .............................269

21.5 Monitor Screen ...............................................................................................270

Chapter 22

Maintenance ......................................................................................................... 273

22.1 Maintenance Overview ...................................................................................273

22.2 Status Screen .................................................................................................273

22.2.1 System Statistics ...................................................................................275

22.3 DHCP Table Screen .......................................................................................275

22.4 Any IP Table ...................................................................................................276

22.5 Association List ..............................................................................................277

22.6 F/W Upload Screen ........................................................................................278

P-335 Series User’s Guide

22.7 Configuration Screen .....................................................................................281

22.7.1 Backup Configuration ...........................................................................282

22.7.2 Restore Configuration ..........................................................................283

22.7.3 Back to Factory Defaults .......................................................................284

22.8 Restart Screen ...............................................................................................284

Chapter 23

Introducing the SMT ............................................................................................287

23.1 SMT Introduction ............................................................................................287

23.1.1 Procedure for SMT Configuration via Telnet .........................................287

23.1.2 Entering Password ................................................................................287

23.1.3 Prestige SMT Menu Overview ..............................................................288

23.2 Navigating the SMT Interface .........................................................................289

23.2.1 System Management Terminal Interface Summary ..............................290

23.3 Changing the System Password ....................................................................291

Chapter 24

Menu 1 General Setup ......................................................................................... 293

24.1 General Setup ................................................................................................293

24.2 Procedure To Configure Menu 1 ....................................................................293

24.2.1 Procedure to Configure Dynamic DNS .................................................295

Chapter 25

Menu 2 WAN Setup .............................................................................................. 297

25.1 Introduction to WAN .......................................................................................297

25.2 WAN Setup .....................................................................................................297

Chapter 26

Menu 3 LAN Setup ...............................................................................................299

26.1 LAN Setup ......................................................................................................299

26.1.1 General Ethernet Setup ........................................................................299

26.2 Protocol Dependent Ethernet Setup ..............................................................300

26.3 TCP/IP Ethernet Setup and DHCP ................................................................300

26.3.1 IP Alias Setup .......................................................................................302

26.4 Wireless LAN Setup (P-335WT only) .............................................................303

26.4.1 Configuring MAC Address Filter ...........................................................305

26.4.2 Configuring Roaming on the Prestige ...................................................307

Chapter 27

Internet Access .................................................................................................... 309

27.1 Introduction to Internet Access Setup ............................................................309

27.2 Ethernet Encapsulation ..................................................................................309

27.3 Configuring the PPTP Client .......................................................................... 311

P-335 Series User’s Guide

27.4 Configuring the PPPoE Client ........................................................................311

27.5 Basic Setup Complete ....................................................................................312

Chapter 28

Remote Node Configuration ............................................................................... 313

28.1 Introduction to Remote Node Setup ...............................................................313

28.2 Remote Node Profile Setup ...........................................................................313

28.2.1 Ethernet Encapsulation .........................................................................313

28.2.2 PPPoE Encapsulation ...........................................................................315

28.2.2.1 Outgoing Authentication Protocol ................................................315

28.2.2.2 Nailed-Up Connection .................................................................316

28.2.3 PPTP Encapsulation .............................................................................316

28.3 Edit IP .............................................................................................................317

28.4 Remote Node Filter ........................................................................................319

28.4.1 Traffic Redirect Setup ...........................................................................320

Chapter 29

Static Route Setup ............................................................................................... 323

29.1 IP Static Route Setup .....................................................................................323

Chapter 30

Network Address Translation (NAT)................................................................... 325

30.1 Using NAT ......................................................................................................325

30.1.1 SUA (Single User Account) Versus NAT ..............................................325

30.2 Applying NAT .................................................................................................325

30.3 NAT Setup ......................................................................................................327

30.3.1 Address Mapping Sets ..........................................................................328

30.3.1.1 User-Defined Address Mapping Sets ..........................................329

30.3.1.2 Ordering Your Rules ....................................................................330

30.4 Configuring a Server behind NAT ..................................................................332

30.5 General NAT Examples ..................................................................................333

30.5.1 Example 1: Internet Access Only ..........................................................333

30.5.2 Example 2: Internet Access with an Inside Server ...............................334

30.5.3 Example 3: Multiple Public IP Addresses With Inside Servers .............335

30.5.4 Example 4: NAT Unfriendly Application Programs ...............................338

30.6 Configuring Trigger Port Forwarding .............................................................339

Chapter 31

Enabling the Firewall ........................................................................................... 341

31.1 Remote Management and the Firewall ..........................................................341

31.2 Access Methods .............................................................................................341

31.3 Enabling the Firewall ......................................................................................341

P-335 Series User’s Guide

Chapter 32

Filter Configuration.............................................................................................. 343

32.1 Introduction to Filters ......................................................................................343

32.1.1 The Filter Structure of the Prestige .......................................................344

32.2 Configuring a Filter Set ..................................................................................345

32.2.1 Configuring a Filter Rule .......................................................................346

32.2.2 Configuring a TCP/IP Filter Rule ..........................................................347

32.2.3 Configuring a Generic Filter Rule .........................................................349

32.3 Example Filter ................................................................................................351

32.4 Filter Types and NAT ......................................................................................353

32.5 Firewall Versus Filters ....................................................................................354

32.6 Applying a Filter ............................................................................................354

32.6.1 Applying LAN Filters .............................................................................354

32.6.2 Applying Remote Node Filters ..............................................................355

Chapter 33

SNMP Configuration ............................................................................................ 357

33.1 About SNMP ..................................................................................................357

33.2 Supported MIBs ............................................................................................358

33.3 SNMP Configuration ......................................................................................358

33.4 SNMP Traps ...................................................................................................359

Chapter 34

System Security ................................................................................................... 361

34.1 System Security .............................................................................................361

34.1.1 System Password .................................................................................361

34.1.2 Configuring External RADIUS Server ...................................................361

34.1.3 802.1x ...................................................................................................363

Chapter 35

System Information and Diagnosis .................................................................... 367

35.1 System Status ................................................................................................367

35.2 System Information ........................................................................................369

35.2.1 System Information ...............................................................................369

35.2.2 Console Port Speed ..............................................................................370

35.3 Log and Trace ................................................................................................370

35.3.1 Syslog Logging .....................................................................................370

35.3.1.1 CDR ............................................................................................372

35.3.1.2 Packet triggered ..........................................................................374

35.3.1.3 Filter log .....................................................................................374

35.3.1.4 PPP log ......................................................................................374

35.3.1.5 Firewall log ..................................................................................375

35.3.2 Call-Triggering Packet ..........................................................................375

P-335 Series User’s Guide

35.4 Diagnostic ......................................................................................................376

35.4.1 WAN DHCP ..........................................................................................377

Chapter 36

Firmware and Configuration File Maintenance ................................................. 379

36.1 Filename Conventions ...................................................................................379

36.2 Backup Configuration .....................................................................................380

36.2.1 Backup Configuration ...........................................................................380

36.2.2 Using the FTP Command from the Command Line ..............................381

36.2.3 Example of FTP Commands from the Command Line .........................382

36.2.4 GUI-based FTP Clients .........................................................................382

36.2.5 TFTP and FTP over WAN Management Limitations .............................382

36.2.6 Backup Configuration Using TFTP .......................................................383

36.2.7 TFTP Command Example ....................................................................383

36.2.8 GUI-based TFTP Clients ......................................................................384

36.3 Restore Configuration ....................................................................................384

36.3.1 Restore Using FTP ...............................................................................384

36.3.2 Restore Using FTP Session Example ..................................................386

36.4 Uploading Firmware and Configuration Files .................................................386

36.4.1 Firmware File Upload ............................................................................386

36.4.2 Configuration File Upload .....................................................................387

36.4.3 FTP File Upload Command from the DOS Prompt Example ................387

36.4.4 FTP Session Example of Firmware File Upload ...................................388

36.4.5 TFTP File Upload ..................................................................................388

36.4.6 TFTP Upload Command Example ........................................................389

Chapter 37

System Maintenance............................................................................................ 391

37.1 Command Interpreter Mode ...........................................................................391

37.1.1 Command Syntax .................................................................................391

37.1.2 Command Usage ..................................................................................392

37.2 Call Control Support .......................................................................................392

37.2.1 Budget Management ............................................................................392

37.2.2 Call History ...........................................................................................393

37.3 Time and Date Setting ....................................................................................394

37.3.1 Resetting the Time ................................................................................396

Chapter 38

Remote Management ........................................................................................... 397

38.1 Remote Management .....................................................................................397

38.1.1 Remote Management Limitations .........................................................398

P-335 Series User’s Guide

Chapter 39

Call Scheduling .................................................................................................... 401

39.1 Introduction to Call Scheduling ......................................................................401

Chapter 40

VPN/IPSec Setup .................................................................................................. 405

40.1 VPN/IPSec Overview .....................................................................................405

40.2 IPSec Summary Screen .................................................................................406

40.3 IKE Setup .......................................................................................................412

40.4 Manual Setup .................................................................................................414

Chapter 41

SA Monitor ............................................................................................................ 417

41.1 SA Monitor Overview .....................................................................................417

41.2 Using SA Monitor ...........................................................................................417

40.4.0.1 Active Protocol ............................................................................415

40.4.0.2 Security Parameter Index (SPI) ..................................................415

Appendix A

Troubleshooting................................................................................................... 421

Appendix B

PPPoE ................................................................................................................... 423

Appendix C

PPTP......................................................................................................................425

Appendix D

Print Server........................................................................................................... 429

Appendix E

Print Server Specifications .................................................................................451

Appendix F

NetBIOS Filter Commands .................................................................................. 453

Appendix G

Log Descriptions.................................................................................................. 455

Appendix H

Setting up Your Computer’s IP Address............................................................ 457

Appendix I

Wireless LAN and IEEE 802.11 ...........................................................................469

Appendix J

Wireless LAN With IEEE 802.1x .......................................................................... 473

P-335 Series User’s Guide

Appendix K

Types of EAP Authentication.............................................................................. 475

Appendix L

Antenna Selection and Positioning Recommendation..................................... 477

Appendix M

Brute-Force Password Guessing Protection..................................................... 479

Appendix N

TMSS ..................................................................................................................... 481

Appendix O

Triangle Route ...................................................................................................... 485

P-335 Series User’s Guide

List of Figures

Figure 1 Prestige Print Server Application .......................................................................... 47

Figure 2 Secure Internet Access via Cable, DSL or Wireless Modem ................................ 48

Figure 3 VPN Application .................................................................................................... 48

Figure 4 Internet Access Application Example .................................................................... 49

Figure 5 Change Password Screen .................................................................................... 52

Figure 6 The MAIN MENU Screen of the Web Configurator ............................................... 53

Figure 7 Wizard Setup : General ......................................................................................... 58

Figure 8 Wizard Setup : Wireless LAN ................................................................................ 58

Figure 9 Wizard Setup : Wireless LAN : Basic Security ...................................................... 60

Figure 10 Wizard Setup : Wireless LAN : Extended Security ............................................. 61

Figure 11 Wizard Setup : Wireless LAN : OTIST ................................................................ 62

Figure 12 Wizard Setup : Internet Access : Ethernet Encapsulation .................................. 63

Figure 13 Wizard Setup : Internet Access : PPPoE Encapsulation .................................... 65

Figure 14 Wizard Setup : Internet Access : PPTP Encapsulation ....................................... 66

Figure 15 Wizard Setup : WAN ........................................................................................... 69

Figure 16 Wizard Setup : WAN IP and DNS Server Address Assignment .......................... 70

Figure 17 Wizard Setup : WAN MAC Address .................................................................... 71

Figure 18 Wizard Setup : Complete .................................................................................... 72

Figure 19 Media Bandwidth Management Setup ............................................................... 74

Figure 20 Media Bandwidth Management Setup : Services ............................................... 75

Figure 21 Media Bandwidth Management Setup : Service Priority ..................................... 76

Figure 22 Media Bandwidth Management Setup : Complete .............................................. 76

Figure 23 System General Setup ....................................................................................... 78

Figure 24 DDNS .................................................................................................................. 80

Figure 25 Password ............................................................................................................ 81

Figure 26 Time Setting ........................................................................................................ 82

Figure 27 Any IP Example Application ................................................................................ 87

Figure 28 LAN IP ................................................................................................................. 89

Figure 29 Static DHCP ........................................................................................................ 92

Figure 30 IP Alias ................................................................................................................ 93

Figure 31 IBSS (Ad-hoc) Wireless LAN .............................................................................. 95

Figure 32 Basic Service set ................................................................................................ 96

Figure 33 Extended Service Set ......................................................................................... 97

Figure 34 RTS/CTS ............................................................................................................ 98

Figure 35 Wireless ............................................................................................................. 100

Figure 36 Roaming Example ............................................................................................... 102

P-335 Series User’s Guide

Figure 37 Roaming ..............................................................................................................103

Figure 38 Prestige Wireless Security Levels ....................................................................... 105

Figure 39 Wireless: No Security .......................................................................................... 106

Figure 40 WEP Authentication Steps .................................................................................. 108

Figure 41 Wireless: Static WEP Encryption ........................................................................ 110

Figure 42 WPA - PSK Authentication .................................................................................. 113

Figure 43 Wireless: WPA-PSK ............................................................................................ 114

Figure 44 EAP Authentication ............................................................................................. 117

Figure 45 WPA with RADIUS Application Example ............................................................ 118

Figure 46 Wireless: WPA .................................................................................................... 119

Figure 47 Wireless: 802.1x and Dynamic WEP .................................................................. 123

Figure 48 Wireless: 802.1x and Static WEP ....................................................................... 126

Figure 49 Wireless: 802.1x ................................................................................................. 129

Figure 50 MAC Address Filter ............................................................................................. 132

Figure 51 OTIST ................................................................................................................. 134

Figure 52 OTIST Start ......................................................................................................... 134

Figure 53 OTIST Process ................................................................................................... 135

Figure 54 WAN: Route ........................................................................................................ 138

Figure 55 Ethernet Encapsulation ....................................................................................... 139

Figure 56 PPPoE Encapsulation ......................................................................................... 141

Figure 57 PPTP Encapsulation ........................................................................................... 143

Figure 58 WAN: IP .............................................................................................................145

Figure 59 MAC Setup .......................................................................................................... 147

Figure 60 Traffic Redirect WAN Setup ................................................................................ 148

Figure 61 Traffic Redirect LAN Setup ................................................................................. 149

Figure 62 WAN: Traffic Redirect .......................................................................................... 150

Figure 63 How NAT Works .................................................................................................. 155

Figure 64 NAT Application With IP Alias ............................................................................. 155

Figure 65 Multiple Servers Behind NAT Example ............................................................... 159

Figure 66 SUA/NAT Setup .................................................................................................. 160

Figure 67 Address Mapping ................................................................................................ 161

Figure 68 Address Mapping Rule ........................................................................................ 163

Figure 69 Trigger Port Forwarding Process: Example ........................................................ 164

Figure 70 Trigger Port .........................................................................................................166

Figure 71 Example of Static Routing Topology ................................................................... 167

Figure 72 Static Route .........................................................................................................168

Figure 73 Static Route: Edit ................................................................................................ 169

Figure 74 Configuring UPnP ............................................................................................... 173

Figure 75 Service Settings .................................................................................................. 182

Figure 76 Virus Protection ................................................................................................... 184

Figure 77 Parental Controls License Status ........................................................................ 186

Figure 78 Parental Controls ................................................................................................ 187

Figure 79 Parental Controls Statistics ................................................................................. 190

P-335 Series User’s Guide

Figure 80 Firewall: Settings ................................................................................................. 193

Figure 81 Firewall Rule Directions ...................................................................................... 194

Figure 82 Firewall: Service .................................................................................................. 196

Figure 83 Content Filter ...................................................................................................... 200

Figure 84 Remote Management: WWW ............................................................................. 207

Figure 85 Telnet Configuration on a TCP/IP Network ......................................................... 208

Figure 86 Remote Management: Telnet .............................................................................. 208

Figure 87 Remote Management: FTP ................................................................................. 209

Figure 88 SNMP Management Model ................................................................................. 210

Figure 89 Remote Management: SNMP ............................................................................. 212

Figure 90 Remote Management: DNS ................................................................................ 213

Figure 91 Security ............................................................................................................... 214

Figure 92 Encryption and Decryption .................................................................................. 218

Figure 93 IPSec Architecture .............................................................................................. 219

Figure 94 Transport and Tunnel Mode IPSec Encapsulation .............................................. 220

Figure 95 IPSec Summary Fields ....................................................................................... 225

Figure 96 VPN: Summary ................................................................................................... 226

Figure 97 NAT Router Between IPSec Routers .................................................................. 227

Figure 98 VPN Host using Intranet DNS Server Example .................................................. 228

Figure 99 Mismatching ID Type and Content Configuration Example ................................ 230

Figure 100 VPN: Rule Setup (Basic) ................................................................................... 231

Figure 101 Two Phases to Set Up the IPSec SA ................................................................ 235

Figure 102 VPN IKE: Advanced .......................................................................................... 237

Figure 103 Setup: Manual ................................................................................................... 243

Figure 104 SA Monitor ........................................................................................................ 246

Figure 105 VPN: Global Setting .......................................................................................... 247

Figure 106 Telecommuters Sharing One VPN Rule Example ............................................. 248

Figure 107 Telecommuters Using Unique VPN Rules Example ......................................... 249

Figure 108 View Logs ......................................................................................................... 252

Figure 109 Log Settings ...................................................................................................... 254

Figure 110 Configuring Print Server Screen ....................................................................... 258

Figure 111 Application-based Bandwidth Management Example ....................................... 260

Figure 112 Subnet-based Bandwidth Management Example ............................................. 260

Figure 113 Application and Subnet-based Bandwidth Management Example .................... 261

Figure 114 Bandwidth Usage Example ............................................................................... 262

Figure 115 Maximize Bandwidth Usage Example ............................................................... 263

Figure 116 Bandwidth Management Configuration ............................................................. 267

Figure 117 Bandwidth Management Edit ............................................................................ 269

Figure 118 Bandwidth Management Monitor ...................................................................... 271

Figure 119 Maintenance Status ........................................................................................... 274

Figure 120 Maintenance System Statistics ......................................................................... 275

Figure 121 Maintenance DHCP Table ................................................................................. 276

Figure 122 Maintenance Any IP .......................................................................................... 277

P-335 Series User’s Guide

Figure 123 Maintenance Association List .......................................................................... 278

Figure 124 Maintenance Firmware Upload ......................................................................... 279

Figure 125 Upload Warning ................................................................................................ 280

Figure 126 Network Temporarily Disconnected .................................................................. 280

Figure 127 Upload Error Message ...................................................................................... 281

Figure 128 Maintenance Configuration ............................................................................... 282

Figure 129 Configuration Restore Successful ..................................................................... 283

Figure 130 Temporarily Disconnected ................................................................................. 284

Figure 131 Configuration Restore Error .............................................................................. 284

Figure 132 System Restart ................................................................................................. 285

Figure 133 Login Screen ..................................................................................................... 288

Figure 134 SMT Menu Overview ........................................................................................ 288

Figure 135 SMT Main Menu ................................................................................................ 290

Figure 136 Menu 23: System Security ................................................................................ 291

Figure 137 Menu 23 System Password .............................................................................. 291

Figure 138 Menu 1 General Setup. ..................................................................................... 294

Figure 139 Menu 1.1 Configure Dynamic DNS .................................................................. 295

Figure 140 Menu 2 WAN Setup .......................................................................................... 297

Figure 141 Menu 3 LAN Setup ............................................................................................ 299

Figure 142 Menu 3.1 LAN Port Filter Setup. ....................................................................... 299

Figure 143 Menu 3.2 TCP/IP and DHCP Ethernet Setup ................................................... 300

Figure 144 Physical Network & Partitioned Logical Networks ............................................ 302

Figure 145 Menu 3.2.1: IP Alias Setup ............................................................................... 302

Figure 146 Menu 3.5 Wireless LAN Setup .......................................................................... 304

Figure 147 Menu 3.5 Wireless LAN Setup ......................................................................... 306

Figure 148 Menu 3.5.1 WLAN MAC Address Filter ............................................................ 307

Figure 149 Menu 3.5 Wireless LAN Setup .......................................................................... 308

Figure 150 Menu 3.5.2 Roaming Configuration .................................................................. 308

Figure 151 Menu 4 Internet Access Setup .......................................................................... 309

Figure 152 Internet Access Setup (PPTP) ......................................................................... 311

Figure 153 Internet Access Setup (PPPoE) ........................................................................ 312

Figure 154 Menu 11.1 Remote Node Profile for Ethernet Encapsulation ............................ 314

Figure 155 Menu 11.1 Remote Node Profile for PPPoE Encapsulation .............................. 315

Figure 156 Menu 11.1 Remote Node Profile for PPTP Encapsulation ................................ 317

Figure 157 Menu 11.3 Remote Node Network Layer Options for Ethernet Encapsulation . 318

Figure 158 Menu 11.5: Remote Node Filter (Ethernet Encapsulation) ................................ 320

Figure 159 Menu 11.5: Remote Node Filter (PPPoE or PPTP Encapsulation) ................... 320

Figure 160 Menu 11.6: Traffic Redirect Setup .................................................................... 321

Figure 161 Menu 12 IP Static Route Setup ........................................................................ 323

Figure 162 Menu12.1 Edit IP Static Route .......................................................................... 323

Figure 163 Menu 4 Applying NAT for Internet Access ........................................................ 326

Figure 164 Menu 11.3 Applying NAT to the Remote Node ................................................. 327

Figure 165 Menu 15 NAT Setup .......................................................................................... 328

P-335 Series User’s Guide

Figure 166 Menu 15.1 Address Mapping Sets .................................................................... 328

Figure 167 Menu 15.1.255 SUA Address Mapping Rules ................................................. 328

Figure 168 Menu 15.1.1 First Set ........................................................................................ 330

Figure 169 Menu 15.1.1.1 Editing/Configuring an Individual Rule in a Set ......................... 331

Figure 170 Menu 15.2.1 NAT Server Setup ........................................................................ 332

Figure 171 Multiple Servers Behind NAT Example ............................................................. 333

Figure 172 NAT Example 1 ................................................................................................. 333

Figure 173 Menu 4 Internet Access & NAT Example ......................................................... 334

Figure 174 NAT Example 2 ................................................................................................. 334

Figure 175 Menu 15.2.1 Specifying an Inside Server ......................................................... 335

Figure 176 NAT Example 3 ................................................................................................. 336

Figure 177 NAT Example 3: Menu 11.3 .............................................................................. 336

Figure 178 Example 3: Menu 15.1.1.1 ............................................................................... 337

Figure 179 Example 3: Final Menu 15.1.1 .......................................................................... 337

Figure 180 Example 3: Menu 15.2 ...................................................................................... 338

Figure 181 NAT Example 4 ................................................................................................. 338

Figure 182 Example 4: Menu 15.1.1.1 Address Mapping Rule. .......................................... 339

Figure 183 Example 4: Menu 15.1.1 Address Mapping Rules ............................................ 339

Figure 184 Menu 15.3 Trigger Port Setup ........................................................................... 340

Figure 185 Menu 21.2 Firewall Setup ................................................................................. 342

Figure 186 Outgoing Packet Filtering Process .................................................................... 343

Figure 187 Filter Rule Process ............................................................................................ 344

Figure 188 Menu 21: Filter and Firewall Setup ................................................................... 345

Figure 189 Menu 21.1: Filter Set Configuration .................................................................. 345

Figure 190 Menu 21.1.1.1 TCP/IP Filter Rule. .................................................................... 347

Figure 191 Executing an IP Filter ........................................................................................ 349

Figure 192 Menu 21.1.4.1 Generic Filter Rule .................................................................... 350

Figure 193 Telnet Filter Example ........................................................................................ 351

Figure 194 Example Filter: Menu 21.1.3.1 .......................................................................... 352

Figure 195 Example Filter Rules Summary: Menu 21.1.3 .................................................. 353

Figure 196 Protocol and Device Filter Sets ......................................................................... 354

Figure 197 Filtering LAN Traffic .......................................................................................... 355

Figure 198 Filtering Remote Node Traffic ........................................................................... 355

Figure 199 SNMP Management Model ............................................................................... 357

Figure 200 Menu 22 SNMP Configuration .......................................................................... 359

Figure 201 Menu 23 System Security ................................................................................. 361

Figure 202 Menu 23 System Security ................................................................................. 361

Figure 203 Menu 23.2 System Security : RADIUS Server .................................................. 362

Figure 204 Menu 23 System Security ................................................................................. 363

Figure 205 Menu 23.4 System Security : IEEE802.1x ........................................................ 364

Figure 206 Menu 24 System Maintenance ......................................................................... 367

Figure 207 Menu 24.1 System Maintenance : Status ......................................................... 368

Figure 208 Menu 24.2 System Information and Console Port Speed ............................... 369

P-335 Series User’s Guide

Figure 209 Menu 24.2.1 System Maintenance : Information ............................................. 369

Figure 210 Menu 24.2.2 System Maintenance : Change Console Port Speed ................... 370

Figure 211 Menu 24.3.2 System Maintenance : Syslog Logging ........................................ 370

Figure 212 Syslog Example ................................................................................................ 372

Figure 213 Call-Triggering Packet Example ........................................................................ 376

Figure 214 Menu 24.4 System Maintenance : Diagnostic ................................................... 377

Figure 215 LAN & WAN DHCP ........................................................................................... 377

Figure 216 Telnet in Menu 24.5 ........................................................................................... 381

Figure 217 FTP Session Example ...................................................................................... 382

Figure 218 Telnet into Menu 24.6. ....................................................................................... 385

Figure 219 Restore Using FTP Session Example ............................................................... 386

Figure 220 Telnet Into Menu 24.7.1 Upload System Firmware ........................................... 387

Figure 221 Telnet Into Menu 24.7.2 System Maintenance . ................................................ 387

Figure 222 FTP Session Example of Firmware File Upload ............................................... 388

Figure 223 Command Mode in Menu 24 ............................................................................. 391

Figure 224 Valid Commands ............................................................................................... 392

Figure 225 Menu 24.9 System Maintenance : Call Control ................................................. 392

Figure 226 Budget Management ......................................................................................... 393

Figure 227 Menu 24.9.2 - Call History ................................................................................ 393

Figure 228 Menu 24: System Maintenance ....................................................................... 394

Figure 229 Menu 24.10 System Maintenance: Time and Date Setting ............................... 395

Figure 230 Menu 24.11 – Remote Management Control .................................................... 398

Figure 231 Menu 26 Schedule Setup .................................................................................. 401

Figure 232 Menu 26.1 Schedule Set Setup ....................................................................... 402

Figure 233 Applying Schedule Set(s) to a Remote Node (PPPoE) .................................... 403

Figure 234 VPN SMT Menu Tree ........................................................................................ 405

Figure 235 Menu 27 VPN/IPSec Setup ............................................................................... 406

Figure 236 Menu 27 ............................................................................................................ 406

Figure 237 Menu 27.1.1 IPSec Setup ................................................................................. 409

Figure 238 Menu 27.1.1.1 IKE Setup .................................................................................. 413

Figure 239 Menu 27.1.1.2 Manual Setup ............................................................................ 415

Figure 240 Menu 27.2 SA Monitor ...................................................................................... 418

Figure 241 Single-Computer per Router Hardware Configuration ...................................... 424

Figure 242 Prestige as a PPPoE Client .............................................................................. 424

Figure 243 Transport PPP frames over Ethernet ............................................................... 425

Figure 244 PPTP Protocol Overview .................................................................................. 426

Figure 245 Example Message Exchange between Computer and an ANT ........................ 427

Figure 246 Network Print Server Setup Wizard .................................................................. 430

Figure 247 Network Print Server Setup Wizard : Welcome ................................................ 431

Figure 248 Network Print Server Setup Wizard : Select A Print Server .............................. 432

Figure 249 Network Print Server Setup Wizard : Change Settings ..................................... 433

Figure 250 Network Print Server Setup Wizard : Select A Printer ...................................... 434

Figure 251 Add Printer Help ................................................................................................ 434

P-335 Series User’s Guide

Figure 252 Network Print Server Setup Wizard : Summary ................................................ 435

Figure 253 Network Print Server Setup Wizard : Installation Complete .............................. 435

Figure 254 .......................................................................................................................... 436

Figure 255 Network Print Monitor Setup : Welcome ........................................................... 437

Figure 256 Network Print Monitor Setup : Location ............................................................ 437

Figure 257 Network Print Monitor Setup : Complete ........................................................... 438

Figure 258 Printers Screen ................................................................................................. 438

Figure 259 Add Printer Wizard Welcome Screen ............................................................... 439

Figure 260 Local Printer Screen ......................................................................................... 439

Figure 261 Select Printer Port Screen ................................................................................ 440

Figure 262 Add Standard TCP/IP Printer Port Screen ........................................................ 440

Figure 263 Add Port Screen ................................................................................................ 441

Figure 264 Additional Port Information Screen ................................................................... 441

Figure 265 Port Settings Screen ......................................................................................... 442

Figure 266 Add Standard TCP/IP Printer Port Complete .................................................... 442

Figure 267 Add Printer Screen ............................................................................................ 443

Figure 268 Use Existing Driver Screen ............................................................................... 443

Figure 269 Name Your Printer Screen ................................................................................ 444

Figure 270 Printer Sharing Screen ..................................................................................... 444

Figure 271 Location and Comment Screen ........................................................................ 445

Figure 272 Print Test Page Screen ..................................................................................... 445

Figure 273 Add Printer Wizard Complete ........................................................................... 446

Figure 274 Macintosh HD ................................................................................................... 446

Figure 275 Macintosh HD folder ......................................................................................... 446

Figure 276 Applications Folder ........................................................................................... 447

Figure 277 Utilities Folder ................................................................................................... 447

Figure 278 Printer List Folder .............................................................................................. 447

Figure 279 Printer Configuration ......................................................................................... 448

Figure 280 Printer Model ..................................................................................................... 448

Figure 281 Print Server ....................................................................................................... 449

Figure 282 WIndows 95/98/Me: Network: Configuration ..................................................... 458

Figure 283 Windows 95/98/Me: TCP/IP Properties: IP Address ......................................... 459

Figure 284 Windows 95/98/Me: TCP/IP Properties: DNS Configuration ............................ 460

Figure 285 Windows XP: Start Menu .................................................................................. 461

Figure 286 Windows XP: Control Panel .............................................................................. 461

Figure 287 Windows XP: Control Panel: Network Connections: Properties ....................... 462

Figure 288 Windows XP: Local Area Connection Properties .............................................. 462

Figure 289 Windows XP: Advanced TCP/IP Settings ......................................................... 463

Figure 290 Windows XP: Internet Protocol (TCP/IP) Properties ......................................... 464

Figure 291 Macintosh OS 8/9: Apple Menu ........................................................................ 465

Figure 292 Macintosh OS 8/9: TCP/IP ................................................................................ 466

Figure 293 Macintosh OS X: Apple Menu ........................................................................... 466

Figure 294 Macintosh OS X: Network ................................................................................. 467

P-335 Series User’s Guide

Figure 295 Peer-to-Peer Communication in an Ad-hoc Network ........................................ 470

Figure 296 ESS Provides Campus-Wide Coverage ........................................................... 471

Figure 297 Sequences for EAP MD5–Challenge Authentication ........................................ 474

Figure 298 Enable TMSS ................................................................................................... 481

Figure 299 TMSS Welcome Screen .................................................................................... 482

Figure 300 Download ActiveX Control ................................................................................ 482

Figure 301 Home Network Security Services Dashboard ................................................... 483

Figure 302 Ideal Setup ........................................................................................................ 485

Figure 303 “Triangle Route” Problem .................................................................................. 486

Figure 304 IP Alias .............................................................................................................. 487

Figure 305 Gateways on the WAN Side .............................................................................. 487

P-335 Series User’s Guide

List of Tables

Table 1 IEEE 802.11b ......................................................................................................... 44

Table 2 IEEE 802.11g ......................................................................................................... 44

Table 3 Screens Summary ................................................................................................. 54

Table 4 Wizard Setup : Wireless LAN ................................................................................ 58

Table 5 Wizard Setup : Wireless LAN Setup : Basic Security ............................................ 60

Table 6 Wizard Setup : Wireless LAN : Extended Security ................................................ 61

Table 7 Wizard Setup : Wireless LAN : OTIST ................................................................... 62

Table 8 Wizard Setup : Internet Access : Ethernet Encapsulation ..................................... 63

Table 9 Wizard Setup : Internet Access : PPPoE Encapsulation ....................................... 65

Table 10 Wizard Setup : Internet Access : PPTP Encapsulation ....................................... 66

Table 11 Private IP Address Ranges .................................................................................. 67

Table 12 Example of Network Properties for LAN Servers with Fixed IP Addresses ......... 69

Table 13 Wizard Setup : WAN ............................................................................................ 69

Table 14 Wizard Setup : WAN IP and DNS Server Address Assignment .......................... 70

Table 15 Wizard Setup : WAN MAC Address ..................................................................... 71

Table 16 Media Bandwidth Management Setup ................................................................. 74

Table 17 Media Bandwidth Management Setup : Services ................................................ 75

Table 18 Media Bandwidth Management Setup : Service Priority ..................................... 76

Table 19 System General Setup ........................................................................................ 78

Table 20 DDNS .................................................................................................................. 80

Table 21 Password .............................................................................................................81

Table 22 Time Setting ........................................................................................................ 82

Table 23 LAN IP ................................................................................................................. 89

Table 24 Static DHCP ......................................................................................................... 92

Table 25 IP Alias ................................................................................................................ 93

Table 26 Wireless ............................................................................................................... 100

Table 27 Roaming ..............................................................................................................103

Table 28 Wireless No Security ........................................................................................... 106

Table 29 Wireless Security Relational Matrix ..................................................................... 107

Table 30 Wireless: Static WEP Encryption ......................................................................... 110

Table 31 Wireless: WPA-PSK ............................................................................................ 114

Table 32 Wireless: WPA ..................................................................................................... 120

Table 33 Wireless: 802.1x and Dynamic WEP ................................................................... 124

Table 34 Wireless: 802.1x and Static WEP ........................................................................ 127

Table 35 Wireless: 802.1x and No WEP ............................................................................ 130

Table 36 MAC Address Filter ............................................................................................. 132

P-335 Series User’s Guide

Table 37 OTIST .................................................................................................................. 134

Table 38 WAN: Route ......................................................................................................... 138

Table 39 Ethernet Encapsulation ....................................................................................... 139

Table 40 PPPoE Encapsulation ......................................................................................... 141

Table 41 PPTP Encapsulation ............................................................................................ 143

Table 42 WAN: IP ............................................................................................................... 145

Table 43 Traffic Redirect .................................................................................................... 150

Table 44 NAT Definitions .................................................................................................... 153

Table 45 NAT Mapping Types ............................................................................................ 156

Table 46 Services and Port Numbers ................................................................................. 158

Table 47 SUA/NAT Setup ................................................................................................... 160

Table 48 Address Mapping ................................................................................................. 161

Table 49 Address Mapping Rule ........................................................................................ 163

Table 50 Trigger Port .......................................................................................................... 166

Table 51 Static Route .........................................................................................................168

Table 52 Static Route: Edit ................................................................................................. 169

Table 53 Configuring UPnP ................................................................................................ 173

Table 54 Service Settings ................................................................................................... 182

Table 55 Virus Protection ................................................................................................... 184

Table 56 Parental Controls ................................................................................................. 187

Table 57 Parental Controls Statistics .................................................................................. 190

Table 58 Firewall: Settings ................................................................................................. 193

Table 59 Firewall: Service .................................................................................................. 196

Table 60 Content Filter .......................................................................................................201

Table 61 Remote Management: WWW .............................................................................. 207

Table 62 Remote Management: Telnet .............................................................................. 208

Table 63 Remote Management: FTP ................................................................................. 209

Table 64 SNMP Traps ........................................................................................................ 211

Table 65 Remote Management: SNMP .............................................................................. 212

Table 66 Remote Management: DNS ................................................................................ 213

Table 67 Security ................................................................................................................ 214

Table 68 VPN and NAT ...................................................................................................... 221

Table 69 AH and ESP ........................................................................................................ 224

Table 70 VPN: Summary .................................................................................................... 226

Table 71 Local ID Type and Content Fields ....................................................................... 229

Table 72 Peer ID Type and Content Fields ........................................................................ 229

Table 73 Matching ID Type and Content Configuration Example ....................................... 230

Table 74 VPN: Rule Setup (Basic) ..................................................................................... 231

Table 75 VPN IKE: Advanced ............................................................................................ 238

Table 76 Rule Setup: Manual ............................................................................................. 243

Table 77 SA Monitor ...........................................................................................................246

Table 78 VPN: Global Setting ............................................................................................. 247

Table 79 Telecommuter and Headquarters Configuration Example ................................... 248

P-335 Series User’s Guide

Table 80 View Logs ............................................................................................................252

Table 81 Log Settings .........................................................................................................255

Table 82 Configuring Print Server ...................................................................................... 258

Table 83 Application and Subnet-based Bandwidth Management Example ...................... 261

Table 84 Media Mandwidth Management Priorities ........................................................... 263

Table 85 Commonly Used Services ................................................................................... 265

Table 86 Bandwidth Management Configuration ............................................................... 268

Table 87 Bandwidth Management Edit ............................................................................... 269

Table 88 Maintenance Status ............................................................................................. 274

Table 89 Maintenance System Statistics ............................................................................ 275

Table 90 Maintenance DHCP Table ................................................................................... 276

Table 91 Maintenance Any IP ............................................................................................ 277

Table 92 Maintenance Association List .............................................................................. 278

Table 93 Maintenance Firmware Upload ............................................................................ 279

Table 94 Maintenance Restore Configuration .................................................................... 283

Table 95 Main Menu Commands ....................................................................................... 289

Table 96 Main Menu Summary .......................................................................................... 290

Table 97 Menu 1 General Setup ........................................................................................ 294

Table 98 Menu 1.1 Configure Dynamic DNS ..................................................................... 295

Table 99 Menu 2 WAN Setup ............................................................................................. 297

Table 100 DHCP Ethernet Setup Fields ............................................................................. 300

Table 101 Menu 3.2: LAN TCP/IP Setup Fields ................................................................. 301

Table 102 Menu 3.2.1: IP Alias Setup ................................................................................ 302

Table 103 Menu 3.5 Wireless LAN Setup .......................................................................... 304

Table 104 Menu 3.5.1 WLAN MAC Address Filter ............................................................. 307

Table 105 Roaming Configuration ...................................................................................... 308

Table 106 Internet Access Setup (Ethernet ....................................................................... 309

Table 107 New Fields in Menu 4 (PPTP) Screen ............................................................... 311

Table 108 New Fields in Menu 4 (PPPoE) screen ............................................................. 312

Table 109 Menu 11.1 Remote Node Profile for Ethernet Encapsulation ............................ 314

Table 110 Fields in Menu 11.1 (PPPoE Encapsulation Specific) ........................................ 316

Table 111 Menu 11.1 Remote Node Profile for PPTP Encapsulation ................................. 317

Table 112 Remote Node Network Layer Options ............................................................... 318

Table 113 Menu 11.6: Traffic Redirect Setup ...................................................................... 321

Table 114 Menu12.1 Edit IP Static Route ........................................................................... 323

Table 115 Applying NAT in Menus 4 & 11.3 ....................................................................... 327

Table 116 SUA Address Mapping Rules ............................................................................ 328

Table 117 Menu 15.1.1 First Set ........................................................................................ 330

Table 118 Menu 15.1.1.1 Editing/Configuring an Individual Rule in a Set .......................... 331

Table 119 Menu 15.3 Trigger Port Setup ............................................................................ 340

Table 120 Abbreviations Used in the Filter Rules Summary Menu .................................... 345

Table 121 Rule Abbreviations Used ................................................................................... 346

Table 122 TCP/IP Filter Rule .............................................................................................. 347

P-335 Series User’s Guide

Table 123 Generic Filter Rule Menu Fields ........................................................................ 350

Table 124 Menu 22 SNMP Configuration ........................................................................... 359

Table 125 SNMP Traps ...................................................................................................... 359

Table 126 Ports and Permanent Virtual Circuits ................................................................. 360

Table 127 Menu 23.2 System Security : RADIUS Server .................................................. 362

Table 128 Menu 23.4 System Security : IEEE802.1x ......................................................... 364

Table 129 System Maintenance: Status Menu Fields ........................................................ 368

Table 130 Menu 24.2.1 System Maintenance : Information ............................................... 369

Table 131 Menu 24.3.2 System Maintenance : Syslog and Accounting ............................ 370

Table 132 System Maintenance Menu Diagnostic ............................................................. 377

Table 133 Filename Conventions ....................................................................................... 380

Table 134 General Commands for GUI-based FTP Clients ............................................... 382

Table 135 General Commands for GUI-based TFTP Clients ............................................. 384

Table 136 Menu 24.9.1 - Budget Management .................................................................. 393

Table 137 Call History Fields .............................................................................................. 394

Table 138 Time and Date Setting Fields ............................................................................ 395

Table 139 Menu 24.11 – Remote Management Control ..................................................... 398

Table 140 Menu 26.1 Schedule Set Setup ......................................................................... 402

Table 141 Menu 27.1 IPSec Summary ............................................................................... 406

Table 142 Menu 27.1.1 IPSec Setup .................................................................................. 409

Table 143 Menu 27.1.1.1 IKE Setup .................................................................................. 413

Table 144 Active Protocol: Encapsulation and Security Protocol ....................................... 415

Table 145 Menu 27.1.1.2 Manual Setup ............................................................................ 415

Table 146 Menu 27.2 SA Monitor ....................................................................................... 418

Table 147 Troubleshooting ................................................................................................. 421

Table 148 Troubleshooting the Password .......................................................................... 422

Table 149 Troubleshooting Telnet ...................................................................................... 422

Table 150 Print Server Interface ......................................................................................... 451

Table 151 Print Server Requirements and Specifications .................................................. 451

Table 152 Compatible USB Printers ................................................................................... 452

Table 153 NetBIOS Filter Default Settings ......................................................................... 454

Table 154 System Error logs .............................................................................................. 455

Table 155 System Maintenance Logs ................................................................................ 455

Table 156 UPnP Logs ........................................................................................................ 456

Table 157 ICMP Type and Code Explanations ................................................................... 456

Table 158 Comparison of EAP Authentication Types ......................................................... 476

Table 159 Brute-Force Password Guessing Protection Commands .................................. 479

P-335 Series User’s Guide

Preface

Congratulations on your purchase of the P-335, Firewall Router with Print Server or the P-335WT, 802.11g Wireless Firewall Router with Print Server. This manual is designed to guide you through the configuration of your Prestige for its various applications.

Note: Use the web configurator, System Management Terminal (SMT) or command interpreter interface to configure your Prestige. Not all features can be configured through all interfaces.

Some parts of this manual relate to the Wireless Broadband Router. This manual may refer to the P-335, P-335WT, Firewall Router with Print Server or 802.11g Wireless Firewall Router with Print Server as the Prestige.

Note: Register your product online to receive e-mail notices of firmware upgrades and information at www.zyxel.com products, or at www.us.zyxel.com

for North American products.

for global

About This User's Guide

This User’s Guide is designed to guide you through the configuration of your Prestige using the web configurator or the SMT. The web configurator parts of this guide contain background information on features configurable by web configurator. The SMT parts of this guide contain background information solely on features not configurable by web configurator

Note: Use the web configurator, System Management Terminal (SMT) or command interpreter interface to configure your Prestige. Not all features can be configured through all interfaces.

Getting to Know Your Prestige

This chapter introduces the main features and applications of the Prestige.

1.1 Prestige Internet Security Gateway Overview

The Prestige is the ideal secure gateway for all data passing between the Internet and LAN’s.

By integrating NAT, firewall, media bandwidth management and VPN capability, ZyXEL’s Prestige is a complete security solution that protects your Intranet and efficiently manages data traffic on your network.

The embedded web configurator is easy to operate.

1.2 Prestige Features

The following sections describe Prestige features..

1.2.1 Physical Features

1.2.1.1 USB Port

The Prestige uses a USB 1.1 port to connect to a printer with a USB interface. Printers that use USB 1.0 are also compatible. Computers on the LAN use the printer by sending print requests to the print server in the Prestige.

1.2.1.2 OTIST Button (P-335WT only)

Use this button to activate OTIST (One-Touch Intelligent Security Technology). OTIST allows your Prestige to assign wireless clients the Prestige’s SSID and static WEP or WPAPSK encryption settings. The wireless client must also support OTIST and have OTIST enabled.

1.2.1.3 10/100M Auto-negotiating Ethernet/Fast Ethernet Interface(s)

This auto-negotiation feature allows the Prestige to detect the speed of incoming transmissions and adjust appropriately without manual intervention. It allows data transfer of either 10 Mbps or 100 Mbps in either half-duplex or full-duplex mode depending on your Ethernet network.

Chapter 1 Getting to Know Your Prestige 41

P-335 Series User’s Guide

1.2.1.4 Auto-crossover 10/100 Mbps Ethernet Interface(s)

These interfaces automatically adjust to either a crossover or straight-through Ethernet cable.

1.2.1.5 4-Port Switch

A combination of switch and router makes your Prestige a cost-effective and viable network solution. You can add up to four computers to the Prestige without the cost of a hub. Add more than four computers to your LAN by using a hub.

1.2.1.6 Time and Date

The Prestige allows you to get the current time and date from an external server when you turn on your Prestige. You can also set the time manually.

1.2.1.7 Reset Button

The Prestige reset button is built into the rear panel. Use this button to restore the factory default password to 1234; IP address to 192.168.1.1, subnet mask to 255.255.255.0 and DHCP server enabled with a pool of 32 IP addresses starting at 192.168.1.33.

1.2.2 Non-Physical Features

1.2.2.1 Print Server

The Prestige has a built-in print server that allows computers on the LAN to share a USB printer. This eliminates the need to assign a dedicated computer as a print server or have a standalone print server device.

1.2.2.2 OTIST (P-335WT only)

One-Touch Intelligent Security Technology (OTIST) allows your Prestige to give wireless clients the Prestige’s security settings.The wireless client must also support OTIST. The Prestige’s OTIST feature supports static WEP or WPA-PSK encryption security settings.

1.2.2.3 Media Bandwidth Management

ZyXEL’s Media Bandwidth Management allows you to specify bandwidth classes based on an application and/or subnet. You can allocate specific amounts of bandwidth capacity (bandwidth budgets) to different bandwidth classes.

1.2.2.4 Trend Micro Security Services

Trend Micro Security Services (TMSS) are a range of services designed to address the security needs of computers on a network that access the Internet via broadband routers. Computers that are connected to the Internet via broadband connection increase the risk of attacks such as viruses, hackers, spyware and spam.

42 Chapter 1 Getting to Know Your Prestige

When TMSS is enabled you can configure how often the TMSS Web page displays and select the computers in your network that you want this service to apply.

1.2.2.5 IPSec VPN Capability

Establish a Virtual Private Network (VPN) to connect with business partners and branch offices using data encryption and the Internet to provide secure communications without the expense of leased site-to-site lines. The Prestige VPN is based on the IPSec standard and is fully interoperable with other IPSec-based VPN products.

1.2.2.6 Firewall

The Prestige is a stateful inspection firewall with DoS (Denial of Service) protection. By default, when the firewall is activated, all incoming traffic from the WAN to the LAN is blocked unless it is initiated from the LAN. The Prestige firewall supports TCP/UDP inspection, DoS detection and prevention, real time alerts, reports and logs.

1.2.2.7 IEEE 802.1x Network Security (P-335WT only)

The Prestige supports the IEEE 802.1x standard to enhance user authentication. Use the builtin user profile database to authenticate up to 32 users using MD5 encryption. Use an EAPcompatible RADIUS (RFC2138, 2139 - Remote Authentication Dial In User Service) server to authenticate a limitless number of users using EAP (Extensible Authentication Protocol). EAP is an authentication protocol that supports multiple types of authentication.

P-335 Series User’s Guide

1.2.2.8 Content Filtering

The Prestige can also block access to web sites containing keywords that you specify. You can define time periods and days during which content filtering is enabled and include or exclude a range of users on the LAN from content filtering.

1.2.2.9 Brute-Force Password Guessing Protection

The Prestige has a special protection mechanism to discourage brute-force password guessing attacks on the Prestige’s management interfaces. You can specify a wait-time that must expire before entering a fourth password after three incorrect passwords have been entered. Please see the appendices for details about this feature.

1.2.2.10 802.11b Wireless LAN Standard (P-335WT only)

The Prestige, complies with the 802.11b wireless standard.

Chapter 1 Getting to Know Your Prestige 43

P-335 Series User’s Guide

The 802.11b data rate and corresponding modulation techniques are as follows. The modulation technique defines how bits are encoded onto radio waves.

Table 1 IEEE 802.11b

DATA RATE (KBPS) MODULATION

1 DBPSK (Differential Binary Phase Shift Keyed)

2 DQPSK (Differential Quadrature Phase Shift Keying)

5.5 / 11 CCK (Complementary Code Keying)

Note: The Prestige may be prone to RF (Radio Frequency) interference from other 2.4 GHz devices such as microwave ovens, wireless phones, Bluetooth enabled devices, and other wireless LANs

1.2.2.11 802.11g Wireless LAN Standard (P-335WT only)

The Prestige, complies with the 802.11g wireless standard and is also fully compatible with the 802.11b standard. This means an 802.11b radio card can interface directly with an 802.11g device (and vice versa) at 11 Mbps or lower depending on range. 802.11g has several intermediate rate steps between the maximum and minimum data rates. The 802.11g data rate and modulation are as follows:

Table 2 IEEE 802.11g

DATA RATE (MBPS) MODULATION

6/9/12/18/24/36/48/54 OFDM (Orthogonal Frequency Division Multiplexing)

1.2.2.12 Packet Filtering

The packet filtering mechanism blocks unwanted traffic from entering/leaving your network.

1.2.2.13 Universal Plug and Play (UPnP)

Using the standard TCP/IP protocol, the Prestige and other UPnP enabled devices can dynamically join a network, obtain an IP address and convey its capabilities to other devices on the network.

1.2.2.14 Call Scheduling

Configure call time periods to restrict and allow access for users on remote nodes.

1.2.2.15 PPPoE

PPPoE facilitates the interaction of a host with an Internet modem to achieve access to highspeed data networks via a familiar "dial-up networking" user interface.

44 Chapter 1 Getting to Know Your Prestige

1.2.2.16 PPTP Encapsulation

Point-to-Point Tunneling Protocol (PPTP) is a network protocol that enables secure transfer of data from a remote client to a private server, creating a Virtual Private Network (VPN) using a TCP/IP-based network.

PPTP supports on-demand, multi-protocol and virtual private networking over public networks, such as the Internet. The Prestige supports one PPTP server connection at any given time.

1.2.2.17 Dynamic DNS Support

With Dynamic DNS (Domain Name System) support, you can have a static hostname alias for a dynamic IP address, allowing the host to be more easily accessible from various locations on the Internet. You must register for this service with a Dynamic DNS service provider.

1.2.2.18 IP Multicast

Deliver IP packets to a specific group of hosts using IP multicast. IGMP (Internet Group Management Protocol) is the protocol used to support multicast groups. The latest version is version 2 (see RFC 2236); the Prestige supports both versions 1 and 2.

P-335 Series User’s Guide

1.2.2.19 IP Alias

IP Alias allows you to partition a physical network into logical networks over the same Ethernet interface. The Prestige supports three logical LAN interfaces via its single physical Ethernet LAN interface with the Prestige itself as the gateway for each LAN network.

1.2.2.20 SNMP

SNMP (Simple Network Management Protocol) is a protocol used for exchanging management information between network devices. SNMP is a member of the TCP/IP protocol suite. Your Prestige supports SNMP agent functionality, which allows a manager station to manage and monitor the Prestige through the network. The Prestige supports SNMP version one (SNMPv1) and version two (SNMPv2).

1.2.2.21 Network Address Translation (NAT)

Network Address Translation (NAT) allows the translation of an Internet protocol address used within one network (for example a private IP address used in a local network) to a different IP address known within another network (for example a public IP address used on the Internet).

1.2.2.22 Traffic Redirect

Traffic Redirect forwards WAN traffic to a backup gateway on the LAN when the Prestige cannot connect to the Internet, thus acting as an auxiliary backup when your regular WAN connection fails.

Chapter 1 Getting to Know Your Prestige 45

P-335 Series User’s Guide

1.2.2.23 Port Forwarding

Use this feature to forward incoming service requests to a server on your local network. You may enter a single port number or a range of port numbers to be forwarded, and the local IP address of the desired server.

1.2.2.24 DHCP (Dynamic Host Configuration Protocol)

DHCP (Dynamic Host Configuration Protocol) allows the individual client computers to obtain the TCP/IP configuration at start-up from a centralized DHCP server. The Prestige has built-in DHCP server capability, enabled by default, which means it can assign IP addresses, an IP default gateway and DNS servers to all systems that support the DHCP client.

1.2.2.25 Any IP

The Any IP feature allows a computer to access the Internet without changing the network settings (such as IP address and subnet mask) of the computer, when the IP addresses of the computer and the Prestige are not in the same subnet.

1.2.2.26 Full Network Management

The embedded web configurator is an all-platform web-based utility that allows you to easily access the Prestige’s management settings and configure the firewall. Most functions of the Prestige are also software configurable via the SMT (System Management Terminal) interface. The SMT is a menu-driven interface that you can access over a telnet connection.

1.2.2.27 RoadRunner Support

In addition to standard cable modem services, the Prestige supports Time Warner’s RoadRunner Service.

1.2.2.28 Logging and Tracing

• Built-in message logging and packet tracing.

• Unix syslog facility support.

• Firewall logs.

• Content filtering logs.

1.2.2.29 Upgrade Prestige Firmware via LAN

The firmware of the Prestige can be upgraded via the LAN (refer to Maintenance- F/W Upload Screen).

1.2.2.30 Embedded FTP and TFTP Servers

The Prestige’s embedded FTP and TFTP Servers enable fast firmware upgrades as well as configuration file backups and restoration.

46 Chapter 1 Getting to Know Your Prestige

1.2.2.31 Wireless Association List (P-335WT only)

With the Wireless Association List, you can see the list of the wireless stations that are currently using the Prestige to access your wired network.

1.2.2.32 Wireless LAN Channel Usage (P-335WT only)

The Wireless Channel Usage displays whether the radio channels are used by other wireless devices within the transmission range of the Prestige. This allows you to select the channel with minimum interference for your Prestige.

1.3 Applications for the Prestige

Here are some examples of what you can do with your Prestige.

1.3.1 Print Server Application

P-335 Series User’s Guide

The following figure shows how you can setup your printer to operate on a LAN using the Prestige as a router and print server.

Figure 1 Prestige Print Server Application

Computers

USB Printer

Prestige

1.3.2 Secure Broadband Internet Access via Cable or DSL Modem

You can connect a cable modem, DSL or wireless modem to the Prestige for broadband Internet access via an Ethernet or a wireless port on the modem. The Prestige guarantees not only high speed Internet access, but secure internal network protection and traffic management as well.

Chapter 1 Getting to Know Your Prestige 47

P-335 Series User’s Guide

Figure 2 Secure Internet Access via Cable, DSL or Wireless Modem

1.3.3 VPN Application

Prestige VPN is an ideal cost-effective way to connect branch offices and business partners over the Internet without the need (and expense) for leased lines between sites.

Figure 3 VPN Application

1.3.4 Wireless LAN Application (P-335WT only)

Add a wireless LAN to your existing network without expensive network cables. Wireless stations can move freely anywhere in the coverage area and use resources on the wired network.

48 Chapter 1 Getting to Know Your Prestige

Figure 4 Internet Access Application Example

P-335 Series User’s Guide

Chapter 1 Getting to Know Your Prestige 49

P-335 Series User’s Guide

50 Chapter 1 Getting to Know Your Prestige

Introducing the Web

This chapter describes how to access the Prestige web configurator and provides an overview of its screens.

2.1 Web Configurator Overview

The embedded web configurator allows you to manage the Prestige from anywhere through a browser such as Microsoft Internet Explorer or Netscape Navigator. Use Internet Explorer 6.0 and later or Netscape Navigator 7.0 and later versions with JavaScript enabled. It is recommended that you set your screen resolution to 1024 by 768 pixels. The screens you see in the web configurator may vary somewhat from the ones shown in this document due to differences between individual Prestige models or firmware versions.

P-335 Series User’s Guide

CHAPTER 2

Configurator

2.2 Accessing the Prestige Web Configurator

1 Make sure your Prestige hardware is properly connected and prepare your computer/

computer network to connect to the Prestige (refer to the Quick Start Guide).

2 Launch your web browser.

3 Type "192.168.1.1" as the URL.

4 Type "1234" (default) as the password and click Login. In some versions, the default

password appears automatically - if this is the case, click Login.

5 You should see a screen asking you to change your password (highly recommended) as

shown next. Type a new password (and retype it to confirm) and click Apply or click Ignore.

Chapter 2 Introducing the Web Configurator 51

P-335 Series User’s Guide

Figure 5 Change Password Screen

You should now see the MAIN MENU screen)

Note: The management session automatically times out when the time period set in the Administrator Inactivity Timer field expires (default five minutes). Simply log back into the Prestige if this happens to you

2.3 Resetting the Prestige

If you forget your password or cannot access the web configurator, you will need to use the RESET button at the back of the Prestige to reload the factory-default configuration file. This means that you will lose all configurations that you had previously and the password will be reset to “1234”.

2.3.1 Procedure To Use The Reset Button

1 Make sure the PWR LED is on (not blinking).

2 Press the RESET button for ten seconds or until the PWR LED begins to blink and then

release it. When the PWR LED begins to blink, the defaults have been restored and the Prestige restarts.

2.3.2 Navigating the Prestige Web Configurator

The following summarizes how to navigate the web configurator from the SITE MAP screen.

• Click WIZARD for initial configuration including general setup, Wireless LAN Setup, ISP parameters for Internet Access and WAN IP/DNS Server/MAC address assignment.

• Click a link under ADVANCED to configure advanced Prestige features.

• Click BW SETUP for initial configuration of media bandwidth management.

52 Chapter 2 Introducing the Web Configurator

P-335 Series User’s Guide

• Click to view the web configurator in the language of your choice.

• Click LOGOUT at any time to exit the web configurator.

• Click MAINTENANCE to view information about your Prestige or upgrade configuration/firmware files. Maintenance includes Status (Statistics), DHCP Ta bl e, F/ W (firmware) Upload, Configuration (Backup, Restore, Defaults) and Restart.

Figure 6 The MAIN MENU Screen of the Web Configurator

2.3.3 Navigation Panel

After you enter the password, use the sub-menus on the navigation panel to configure Prestige features.

Chapter 2 Introducing the Web Configurator 53

P-335 Series User’s Guide

The following table describes the sub-menus.

Table 3 Screens Summary

LINK TAB FUNCTION

WIZARD SETUP Use these screens for initial configuration including general

BANDWIDTH SETUP

SYSTEM General This screen contains administrative and system-related

LAN IP Use this screen to configure LAN DHCP, TCP/IP settings and to

WIRELESS (P-335WT only)

WAN Route This screen allows you to configure route priority.

SUA/NAT SUA Server Use this screen to configure servers behind the Prestige.

STATIC ROUTE IP Static Route Use this screen to configure IP static routes.

FIREWALL Settings Use this screen to activate/deactivate the firewall and log packets

CONTENT FILTER

setup, Wireless LAN setup, ISP parameters for Internet Access and WAN IP/DNS Server/MAC address assignment.

Use these screens for initial configuration of media bandwidth management.

information.

DDNS Use this screen to set up dynamic DNS.

Password Use this screen to change your password.

Time Zone Use this screen to change your Prestige’s time and date.

enable Any IP.

Static DHCP Use this screen to assign IP addresses on the LAN to specific

IP Alias Use this screen to partition your LAN interface into subnets.

Wireless Use this screen to configure wireless LAN.

MAC Filter Use the MAC filter screen to configure the Prestige to block

Roaming This screen allows you to configure your Prestige roaming

OTIST This screen allows you to assign wireless clients the Prestige’s

WAN ISP Use this screen to change your Prestige’s WAN ISP settings.

WAN IP Use this screen to change your Prestige’s WAN IP settings.

WAN MAC Use this screen to change your Prestige’s WAN MAC settings.

Traffic Redirect Use this screen to configure your traffic redirect properties and

Address Mapping

Trigger Port Use this screen to change your Prestige’s trigger port settings.

Services Use this screen to enable service blocking (LAN to WAN firewall

Filter This screen allows you to block sites containing certain keywords

individual computers based on their MAC Addresses.

access to devices or block the devices from accessing the Prestige.

capabilities.

wireless security settings.

parameters.

Use this screen to configure network address translation mapping rules.

related to firewall rules.

rules).

in the URL and set the days and times for the Prestige to perform content filtering.

54 Chapter 2 Introducing the Web Configurator

P-335 Series User’s Guide

Table 3 Screens Summary

LINK TAB FUNCTION

REMOTE MGMT TELNET Use this screen to configure through which interface(s) and from

which IP address(es) users can use Telnet to manage the Prestige.

FTP Use this screen to configure through which interface(s) and from

which IP address(es) users can use FTP to access the Prestige.

WWW Use this screen to configure through which interface(s) and from

SNMP Use this screen to configure your Prestige’s settings for Simple

DNS Use this screen to configure through which interface(s) and from

Security Use this screen to change your anti-probing settings.

VPN Summary Use this screen to view the rule summary.

Rule Setup Use this screen to configure VPN connections.

SA Monitor Use this screen to display and manage active VPN connections.

Global Setting Use this screen to allow NetBIOS packets through the VPN

UPnP UPnP Use this screen to enable UPnP on the Prestige.

TMSS Service Settings Use this screen to decide which computers in the network you

Antivirus Protection

Parental Controls

LOGS View Log Use this screen to view the logs for the categories that you

Log Settings Use this screen to change your Prestige’s log settings.

PRINT SERVER Use this screen to view the printer and printer port name and to

BW MGMT Configuration Use this screen to configure your Prestige’s settings for Media

Monitor View the bandwidth usage of the LAN, WAN and WLAN

which IP address(es) users can use HTTP to manage the Prestige.

Network Management Protocol management.

which IP address(es) users can send DNS queries to the Prestige.

connections.

can apply TMSS.

This screen allows you to check the computers in the network for Trend Micro Internet Security.

This screen allows a parent (LAN administrator) to control a LAN user's Internet access privileges by blocking specified website categories.

selected.

monitor the printer status.

Bandwidth Management.

configured bandwidth rules.

Chapter 2 Introducing the Web Configurator 55

P-335 Series User’s Guide

Table 3 Screens Summary

LINK TAB FUNCTION

MAINTENANCE Status This screen contains administrative and system-related

LOGOUT Click this label to exit the web configurator.

information.

DHCP Table This screen displays DHCP (Dynamic Host Configuration

Protocol) related information and is READ-ONLY.

Any IP Use this screen to allow a computer to access the Internet

without changing the network settings of the computer, when the IP addresses of the computer and the Prestige are not in the same subnet.

F/W Upload Use this screen to upload firmware to your Prestige.

Configuration Use this screen to backup and restore the configuration or reset

the factory defaults to your Prestige.

Restart This screen allows you to reboot the Prestige without turning the

power off.

56 Chapter 2 Introducing the Web Configurator

P-335 Series User’s Guide

CHAPTER 3

Wizard Setup

This chapter provides information on the Wizard Setup screens in the web configurator.

3.1 Wizard Setup Overview

The web configurator’s Wizard Setup helps you configure your device to access the Internet. The second screen has three variations depending on what encapsulation type you use. Refer to your ISP (Internet Service Provider) checklist in the Quick Start Guide to know what to enter in each field. Leave a field blank if you don’t have that information.

3.2 Wizard Setup: General Setup and System Name

General Setup contains administrative and system-related information. System Name is for identification purposes. However, because some ISPs check this name you should enter your computer's "Computer Name".

• In Windows 95/98 click Start, Settings, Control Panel, Network. Click the Identification tab, note the entry for the Computer Name field and enter it as the System Name.

• In Windows 2000, click Start, Settings and Control Panel and then double-click System. Click the Network Identification tab and then the Properties button. Note the entry for the Computer name field and enter it as the System Name.

• In Windows XP, click Start, My Computer, View system information and then click the Computer Name tab. Note the entry in the Full computer name field and enter it as the Prestige System Name.

3.2.1 Domain Name

The Domain Name entry is what is propagated to the DHCP clients on the LAN. If you leave this blank, the domain name obtained by DHCP from the ISP is used. While you must enter the host name (System Name) on each individual computer, the domain name can be assigned from the Prestige via DHCP.

Click Next to configure the Prestige for Internet access.

Chapter 3 Wizard Setup 57

P-335 Series User’s Guide

Figure 7 Wizard Setup : General

3.3 Wizard Setup: Wireless LAN (P-335WT only)

Set up your wireless LAN using the following screen.

Figure 8 Wizard Setup : Wireless LAN

The following table describes the labels in this screen.

Table 4 Wizard Setup : Wireless LAN

LABEL DESCRIPTION

Name(SSID) Enter a descriptive name (up to 32 printable 7-bit ASCII characters) for the wireless

LAN. If you change this field on the Prestige, make sure all wireless stations use the same

SSID in order to access the network.

Choose Channel ID

To manually set the Prestige to use a channel, select a channel from the drop-down list box.

58 Chapter 3 Wizard Setup

P-335 Series User’s Guide

Table 4 Wizard Setup : Wireless LAN

LABEL DESCRIPTION

Security The Security can be selected as auto, none, basic or extended.

Choose Auto to use WPA-PSK security with a default Pre-Shared Key and proceed to another wireless LAN setup screen where you can enable OTIST. Choose this option only if your wireless clients support WPA-PSK.

Choose None to have no wireless LAN security configured and proceed to another wireless LAN setup screen where you can enable OTIST.

Choose Basic(WEP) security if you want to configure WEP Encryption parameters. Choose Extend(WPA-PSK) security to configure a Pre-Shared Key. The third screen varies depending on which security level you select.

Back Click Back to display the previous screen.

Next Click Next to proceed to the next screen.

Note: The wireless stations and Prestige must use the same SSID, channel ID and WEP encryption key (if WEP is enabled) or WPA-PSK (if WPA-PSK is enabled) for wireless communication.

3.3.1 Wizard Setup : Wireless LAN : Basic Security

Choose Basic(WEP) to setup WEP Encryption parameters.

Chapter 3 Wizard Setup 59

P-335 Series User’s Guide

Figure 9 Wizard Setup : Wireless LAN : Basic Security

The following table describes the labels in this screen.

Table 5 Wizard Setup : Wireless LAN Setup : Basic Security

LABEL DESCRIPTION

Passphrase Enter a Passphrase (up to 32 printable characters) and clicking Generate. The

WEP Encryption

Key 1 to Key 4 The WEP keys are used to encrypt data. Both the Prestige and the wireless stations

Back Click Back to display the previous screen.

Next Click Next to proceed to the next screen.

Prestige automatically generates a WEP key.

Select 64-bit WEP, 128-bit WEP or 256-bit WEP to allow data encryption.

ASCII Select this option in order to enter ASCII characters as the WEP keys.

HEX Select this option to enter hexadecimal characters as the WEP keys.

The preceding “0x” is entered automatically.

must use the same WEP key for data transmission. If you chose 64-bit WEP, then enter any 5 ASCII characters or 10 hexadecimal

characters ("0-9", "A-F"). If you chose 128-bit WEP, then enter 13 ASCII characters or 26 hexadecimal

characters ("0-9", "A-F"). If you chose 256-bit WEP, then enter 29 ASCII characters or 58 hexadecimal

characters ("0-9", "A-F"). You must configure at least one key, only one key can be activated at any one time.

The default key is key 1.

60 Chapter 3 Wizard Setup

P-335 Series User’s Guide

3.3.2 Wizard Setup : Wireless LAN : Extended Security

Choose Extend(WPA-PSK) security in the Wireless LAN Setup screen to set up a Pre- Shared Key.

Figure 10 Wizard Setup : Wireless LAN : Extended Security

The following table describes the labels in this screen.

Table 6 Wizard Setup : Wireless LAN : Extended Security

LABEL DESCRIPTION

Pre-Shared Key

Back Click Back to display the previous screen.

Next Click Next to proceed to the next screen.

Type from 8 to 63 case-sensitive ASCII characters. You can set up the most secure wireless connection by configuring WPA in the advanced wireless screen. You need to configure an authentication server to do this.

3.4 Wizard Setup : Wireless LAN : OTIST (P-335WT only)

The following screen allows you to enable Prestige One-Touch Intelligent Security Technology (OTIST). One-Touch Intelligent Security Technology (OTIST) allows your Prestige to assign wireless clients the Prestige’s SSID and static WEP or WPA-PSK encryption settings. The wireless client must also support OTIST and have OTIST enabled. See Prestige OTIST Configuration on page 133 for more information.

Chapter 3 Wizard Setup 61

P-335 Series User’s Guide

Figure 11 Wizard Setup : Wireless LAN : OTIST

The following table describes the labels in this screen.

Table 7 Wizard Setup : Wireless LAN : OTIST

LABEL DESCRIPTION

Do you want to enable OneTouch Intelligent Security Technology now?

Setup Key The default OTIST Setup Key is “01234567”. This key can be changed in the web

Back Click Back to display the previous screen.

Next Click Next to proceed to the next screen.

Finish Click Finish to enable OTIST and complete the wizard setup.

Select the Yes radio button and click Finish to enable One-Touch Intelligent Security Technology (OTIST), complete the wizard setup and save your configuration.

Select the Yes radio button and click Next to proceed with the setup wizard and enable OTIST only when you click Finish in the final wizard screen.

Click No and then Next to proceed to the following screen. Click No and then Finish to complete the wizard setup and save your configuration.

configurator. Be sure to use the same OTIST Setup Key on the Prestige and wireless clients.

Refer to the chapter on wireless LAN for more information.

62 Chapter 3 Wizard Setup

3.5 Wizard Setup : Internet Access

The Prestige offers three choices of encapsulation. They are Ethernet, PPP over Ethernet or PPTP.

3.5.1 Ethernet

Choose Ethernet when the WAN port is used as a regular Ethernet.

Figure 12 Wizard Setup : Internet Access : Ethernet Encapsulation

P-335 Series User’s Guide

The following table describes the labels in this screen.

Table 8 Wizard Setup : Internet Access : Ethernet Encapsulation

LABEL DESCRIPTION

ISP Parameters for Internet Access

Encapsulation You must choose the Ethernet option when the WAN port is used as a regular

Service Type Choose from Standard, Tels tra (RoadRunner Telstra authentication method), RR-

User Name Type the user name given to you by your ISP.

Password Type the password associated with the user name above.

Relogin Every (min)

Back Click Back to return to the previous screen.

Next Click Next to continue.

Ethernet. Otherwise, choose PPP over Ethernet or PPTP for a dial-up connection.

Manager (Roadrunner Manager authentication method), RR-Toshiba (Roadrunner Toshiba authentication method) or Telia Login.

The following fields are not applicable (N/A) for the Standard service type.

Type the authentication server IP address here if your ISP gave you one.

the domain name of the Telia login server, for example “login1.telia.com”.

This field only applies when you select Telia Login in the Service Type field. The Telia server logs the Prestige out if the Prestige does not log in periodically. Type the number of minutes from 1 to 59 (30 default) for the Prestige to wait between logins.

Chapter 3 Wizard Setup 63

P-335 Series User’s Guide

3.5.2 PPPoE Encapsulation

Point-to-Point Protocol over Ethernet (PPPoE) functions as a dial-up connection. PPPoE is an IETF (Internet Engineering Task Force) draft standard specifying how a host personal computer interacts with a broadband modem (for example DSL, cable, wireless, etc.) to achieve access to high-speed data networks.

For the service provider, PPPoE offers an access and authentication method that works with existing access control systems (for instance, Radius). For the user, PPPoE provides a login and authentication method that the existing Microsoft Dial-Up Networking software can activate, and therefore requires no new learning or procedures for Windows users.

One of the benefits of PPPoE is the ability to let end users access one of multiple network services, a function known as dynamic service selection. This enables the service provider to easily create and offer new IP services for specific users.

Operationally, PPPoE saves significant effort for both the subscriber and the ISP/carrier, as it requires no specific configuration of the broadband modem at the subscriber’s site.

By implementing PPPoE directly on the Prestige (rather than individual computers), the computers on the LAN do not need PPPoE software installed, since the Prestige does that part of the task. Furthermore, with NAT, all of the LAN's computers will have Internet access.

Refer to the appendix for more information on PPPoE.

64 Chapter 3 Wizard Setup

Figure 13 Wizard Setup : Internet Access : PPPoE Encapsulation

The following table describes the labels in this screen.

Table 9 Wizard Setup : Internet Access : PPPoE Encapsulation

P-335 Series User’s Guide

LABEL DESCRIPTION

ISP Parameter for Internet Access

Encapsulation Choose PPP over Ethernet from the pull-down list box. PPPoE forms a dial-up

connection.

Service Name Type the name of your service provider.

User Name Type the user name given to you by your ISP.

Password Type the password associated with the user name above.

Nailed-Up Connection

Idle Timeout Type the time in seconds that elapses before the router automatically disconnects

Next Click Next to continue.

Back Click Back to return to the previous screen.

Select Nailed-Up Connection if you do not want the connection to time out.

from the PPPoE server. The default time is 100 seconds.

3.5.3 PPTP Encapsulation

Point-to-Point Tunneling Protocol (PPTP) is a network protocol that enables transfers of data from a remote client to a private server, creating a Virtual Private Network (VPN) using TCP/ IP-based networks.

PPTP supports on-demand, multi-protocol, and virtual private networking over public networks, such as the Internet.

Chapter 3 Wizard Setup 65

P-335 Series User’s Guide

Refer to the appendix for more information on PPTP.

Figure 14 Wizard Setup : Internet Access : PPTP Encapsulation

Note: The PRESTIGE supports one PPTP server connection at

any given time.

The following table describes the fields in this screen

Table 10 Wizard Setup : Internet Access : PPTP Encapsulation

LABEL DESCRIPTION

ISP Parameters for Internet Access

Encapsulation Select PPTP from the drop-down list box.

User Name Type the user name given to you by your ISP.

Password Type the password associated with the User Name above.

Nailed-Up Connection

Idle Timeout Type the time in seconds that elapses before the router automatically disconnects

PPTP Configuration

My IP Address Type the (static) IP address assigned to you by your ISP.

My IP Subnet Mask Type the subnet mask assigned to you by your ISP (if given).

Server IP Address Type the IP address of the PPTP server.

66 Chapter 3 Wizard Setup

Select Nailed-Up Connection if you do not want the connection to time out.

from the PPTP server. The default is 100 seconds.

Table 10 Wizard Setup : Internet Access : PPTP Encapsulation

LABEL DESCRIPTION

P-335 Series User’s Guide

Connection ID/ Name

Back Click Back to return to the previous screen.

Next Click Next to continue.

Enter the connection ID or connection name in this field. It must follow the "c:id" and "n:name" format. For example, C:12 or N:My ISP.

This field is optional and depends on the requirements of your ISP.

3.6 Wizard Setup : WAN

These wizard screens allow you to configure WAN IP address assignment, DNS server address assignment and the WAN MAC address.

3.6.1 WAN IP Address Assignment

Every computer on the Internet must have a unique IP address. If your networks are isolated from the Internet, for instance, only between your two branch offices, you can assign any IP addresses to the hosts without problems. However, the Internet Assigned Numbers Authority (IANA) has reserved the following three blocks of IP addresses specifically for private networks.

Table 11 Private IP Address Ranges

10.0.0.0 - 10.255.255.255

172.16.0.0 - 172.31.255.255

192.168.0.0 - 192.168.255.255

You can obtain your IP address from the IANA, from an ISP or have it assigned by a private network. If you belong to a small organization and your Internet access is through an ISP, the ISP can provide you with the Internet addresses for your local networks. On the other hand, if you are part of a much larger organization, you should consult your network administrator for the appropriate IP addresses.

Note: Regardless of your particular situation, do not create an arbitrary IP address; always follow the guidelines above. For more information on address assignment, please refer to RFC 1597, Address Allocation for Private Internets and RFC 1466, Guidelines for Management of IP Address Space.

3.6.2 IP Address and Subnet Mask

Similar to the way houses on a street share a common street name, so too do computers on a LAN share one common network number.

Chapter 3 Wizard Setup 67

P-335 Series User’s Guide

Where you obtain your network number depends on your particular situation. If the ISP or your network administrator assigns you a block of registered IP addresses, follow their instructions in selecting the IP addresses and the subnet mask.

If the ISP did not explicitly give you an IP network number, then most likely you have a single user account and the ISP will assign you a dynamic IP address when the connection is established. The Internet Assigned Number Authority (IANA) reserved this block of addresses specifically for private use; please do not use any other number unless you are told otherwise. Let's say you select 192.168.1.0 as the network number; which covers 254 individual addresses, from 192.168.1.1 to 192.168.1.254 (zero and 255 are reserved). In other words, the first three numbers specify the network number while the last number identifies an individual computer on that network.

Once you have decided on the network number, pick an IP address that is easy to remember, for instance, 192.168.1.1, for your Prestige, but make sure that no other device on your network is using that IP address.

The subnet mask specifies the network number portion of an IP address. Your Prestige will compute the subnet mask automatically based on the IP address that you entered. You don't need to change the subnet mask computed by the Prestige unless you are instructed to do otherwise.

3.6.3 DNS Server Address Assignment

Use DNS (Domain Name System) to map a domain name to its corresponding IP address and vice versa, for instance, the IP address of www.zyxel.com is 204.217.0.2. The DNS server is extremely important because without it, you must know the IP address of a computer before you can access it.

The Prestige can get the DNS server addresses in the following ways.

1 The ISP tells you the DNS server addresses, usually in the form of an information sheet,

when you sign up. If your ISP gives you DNS server addresses, enter them in the DNS Server fields in DHCP Setup.

2 If the ISP did not give you DNS server information, leave the DNS Server fields in

DHCP Setup set to 0.0.0.0 for the ISP to dynamically assign the DNS server IP addresses.

3.6.4 WAN MAC Address

Every Ethernet device has a unique MAC (Media Access Control) address. The MAC address is assigned at the factory and consists of six pairs of hexadecimal characters, for example, 00:A0:C5:00:00:02.

68 Chapter 3 Wizard Setup

P-335 Series User’s Guide

You can configure the WAN port's MAC address by either using the factory default or cloning the MAC address from a computer on your LAN. Once it is successfully configured, the address will be copied to the "rom" file (ZyNOS configuration file). It will not change unless you change the setting or upload a different "rom" file.

Table 12 Example of Network Properties for LAN Servers with Fixed IP Addresses

Choose an IP address 192.168.1.2-192.168.1.32; 192.168.1.65-192.168.1.254.

Subnet mask 255.255.255.0

Gateway (or default route) 192.168.1.1(Prestige LAN IP)

The following wizard screen allows you to assign a fixed IP address or give the Prestige an automatically assigned IP address depending on your ISP.

Figure 15 Wizard Setup : WAN

The following table describes the labels in this screen

Table 13 Wizard Setup : WAN

LABEL DESCRIPTION

Get automatically from ISP(default)

Use fixed IP address Select this option If the ISP assigned a fixed IP address. Select Use fixed

Back Click Back to return to the previous screen.

Next Click Next to continue.

Select this option If your ISP did not assign you a fixed IP address. This is the default selection.

IP address to give the Prestige a fixed, unique IP address. The fixed IP address should be in the same subnet as your broadband modem or router.

Select Use fixed IP address in the previous wizard screen and click Next to view the following screen. Fill in the fields and click Next to continue.

Chapter 3 Wizard Setup 69

P-335 Series User’s Guide

Figure 16 Wizard Setup : WAN IP and DNS Server Address Assignment

The following table describes the labels in this screen

Table 14 Wizard Setup : WAN IP and DNS Server Address Assignment

LABEL DESCRIPTION

WAN IP Address Assignment

My WAN IP Address Enter the IP address of your Prestige in dotted decimal notation.

If you change the Prestige’s IP address, you must use the new IP address if you want to access the web configurator again.

Remote IP Address Enter a Remote IP Address appropriate to your network.

Remote IP Subnet Mask Enter the Remote IP Subnet Mask of the neighboring device, if you know

it. If you do not, leave the Remote IP Subnet Mask field as 0.0.0.0.

System DNS Server Address Assignment (if applicable) DNS (Domain Name System) is for mapping a domain name to its corresponding IP address and vice

versa. The DNS server is extremely important because without it, you must know the IP address of a computer before you can access it. The Prestige uses a system DNS server (in the order you specify here) to resolve domain names for VPN, DDNS and the time server.

First DNS Server

Second DNS Server

Third DNS Server

Select From ISP if your ISP dynamically assigns DNS server information (and the Prestige's WAN IP address). The field to the right displays the (read-only) DNS server IP address that the ISP assigns.

Select User-Defined if you have the IP address of a DNS server. Enter the DNS server's IP address in the field to the right.

Select None if you do not want to configure DNS servers. If you do not configure a system DNS server, you must use IP addresses when configuring VPN, DDNS and the time server.

70 Chapter 3 Wizard Setup

P-335 Series User’s Guide

Table 14 Wizard Setup : WAN IP and DNS Server Address Assignment

LABEL DESCRIPTION

Back Click Back to return to the previous screen.

Next Click Next to continue.

Select Get automatically from ISP (Default) in the first WAN wizard setup screen and click Next to view the following WAN MAC Address screen. Click Next to go to the final wizard

setup screen.

Figure 17 Wizard Setup : WAN MAC Address

The following table describes the labels in this screen

Table 15 Wizard Setup : WAN MAC Address

LABEL DESCRIPTION

WAN MAC Address The MAC address field allows you to configure the WAN port's MAC

Factory Default Select this option to use the factory assigned default MAC Address.

Spoof this Computer's MAC address - IP Address

Back Click Back to return to the previous screen.

Next Click Next to continue.

Address by either using the factory default or cloning the MAC address from a computer on your LAN.

Select this option and enter the IP address of the computer on the LAN whose MAC you are cloning. Once it is successfully configured, the address will be copied to the rom file (ZyNOS configuration file). It will not change unless you change the setting or upload a different rom file. It is advisable to clone the MAC address from a computer on your LAN even if your ISP does not presently require MAC address authentication.

3.7 Wizard Setup : Complete

Follow the on-screen instructions and click Finish to complete the wizard setup and save your configuration.

Chapter 3 Wizard Setup 71

P-335 Series User’s Guide

Figure 18 Wizard Setup : Complete

Well done! You have successfully set up your Prestige to operate on your network and access the Internet

72 Chapter 3 Wizard Setup

P-335 Series User’s Guide

CHAPTER 4

Media Bandwidth Management

This chapter provides information on the bandwidth management setup screens in the web configurator.

4.1 Media Bandwidth Management Setup Overview

The web configurator’s BW SETUP allows you to specify bandwidth classes based on an application and/or subnet. You can allocate specific amounts of bandwidth capacity (bandwidth budgets) to different bandwidth classes.

Setup

The Prestige applies bandwidth management to traffic that it forwards out through the LAN, WAN and WLAN interfaces regardless of the traffic's source. For example, bandwidth management can be applied to the following situations:a LAN user surfing the Web or a LAN user downloading from a server behind the Prestige.

The Prestige does not control the bandwidth of traffic that comes into these interfaces.

Traffic redirect or IP alias may cause LAN-to-LAN traffic to pass through the Prestige and be managed by bandwidth management.

4.2 Media Bandwidth Management Setup

Click BM SETUP in the main menu to display the first wizard screen.

Chapter 4 Media Bandwidth Management Setup 73

P-335 Series User’s Guide

Figure 19 Media Bandwidth Management Setup

The following fields describe the label in this screen.

Table 16 Media Bandwidth Management Setup

LABEL DESCRIPTION

Active Select the Active check box to have the Prestige apply bandwidth

Managed Bandwidth (Kbps)

Next Click Next to continue.

management to traffic going out through the Prestige’s WAN, LAN or WLAN port.

Enter the amount of Managed Bandwidth in kbps (2 to 100,000) that you want to allocate for traffic. 20 kbps to 20,000 kbps is recommended. The recommendation is to set this speed to be equal to or less than the speed of the broadband device connected to the WAN port.

For example, set the speed to 1000 Kbps (or less) if the broadband device connected to the WAN port has an upstream speed of 1000 Kbps.

4.3 Media Bandwidth Management Setup : Services

Use the second wizard screen to select the services that you want to apply bandwidth management.

74 Chapter 4 Media Bandwidth Management Setup

Figure 20 Media Bandwidth Management Setup : Services

The following table describes the labels in this screen.

P-335 Series User’s Guide

Table 17 Media Bandwidth Management Setup : Services

LABEL DESCRIPTION

Choose Channel ID

Back Click Back to display the previous screen.

Next Click Next to proceed to the next screen.

Create bandwidth management classes by selecting services from the list provided.

• XBox Live

•VoIP (SIP)

•FTP

•E-Mail

• eMule/eDonkey

•WWW For a detailed description of these services, see the Media Bandwidth Management

chapter.

4.4 Media Bandwidth Management Setup : Service Priority

Use the following wizard screen to select the priorities that you want to apply to the services listed.

Chapter 4 Media Bandwidth Management Setup 75

P-335 Series User’s Guide

Figure 21 Media Bandwidth Management Setup : Service Priority

The following table describes the fields in this screen.

Table 18 Media Bandwidth Management Setup : Service Priority

LABELS DESCRIPTION

Service These fields display the services selected in the previous screen.

Priority Select High, Mid or Low priority for each service to have your Prestige use a

priority for traffic that matches that service. If the rules set up in this wizard are changed in ADVANCED - BW MGMT -

Configuration, then the service priority radio button will be set to Others. The ADVANCED - BW MGMT - Configuration - Edit configuration screens allow

you to edit these rule configurations.

Back Click Back to return to the previous screen.

Finish Click Finish to complete and save the bandwidth management setup.

4.5 Media Bandwidth Management Setup Complete

Well done! You have finished configuration of Media Bandwidth Management. You may now continue configuring your device.

Figure 22 Media Bandwidth Management Setup : Complete

76 Chapter 4 Media Bandwidth Management Setup

This chapter provides information on the System screens.

5.1 System Overview

See the Wizard Setup chapter for more information on the next few screens.

5.2 Configuring General Setup

Click SYSTEM to open the General screen.

P-335 Series User’s Guide

CHAPTER 5

System Screens

Chapter 5 System Screens 77

P-335 Series User’s Guide

Figure 23 System General Setup

The following table describes the labels in this screen.

Table 19 System General Setup

LABEL DESCRIPTION

System Name System Name is a unique name to identify the Prestige in an Ethernet network.. It

Domain Name Enter the domain name (if you know it) here. If you leave this field blank, the ISP

Administrator Inactivity Timer

System DNS Servers (if applicable) DNS (Domain Name System) is for mapping a domain name to its corresponding IP address and vice

is recommended you enter your computer’s “Computer name” in this field (see the Wizard Setup chapter for how to find your computer’s name). This name can be up to 30 alphanumeric characters long. Spaces are not allowed, but dashes “-” and underscores "_" are accepted.

may assign a domain name via DHCP. The domain name entered by you is given priority over the ISP assigned domain

name.

Type how many minutes a management session (either via the web configurator or SMT) can be left idle before the session times out. The default is 5 minutes. After it times out you have to log in with your password again. Very long idle timeouts may have security risks. A value of "0" means a management session never times out, no matter how long it has been left idle (not recommended).

78 Chapter 5 System Screens

Table 19 System General Setup

LABEL DESCRIPTION

P-335 Series User’s Guide

First DNS Server Second DNS Server Third DNS Server

Apply Click Apply to save your changes back to the Prestige.

Reset Click Reset to begin configuring this screen afresh.

5.3 Dynamic DNS

Dynamic DNS allows you to update your current dynamic IP address with one or many dynamic DNS services so that anyone can contact you (in NetMeeting, CU-SeeMe, etc.). You can also access your FTP server or Web site on your own computer using a domain name (for instance myhost.dhs.org, where myhost is a name of your choice) that will never change instead of using an IP address that changes each time you reconnect. Your friends or relatives will always be able to call you even if they don't know your IP address.

Select From ISP if your ISP dynamically assigns DNS server information (and the Prestige's WAN IP address). The field below displays the (read-only) DNS server IP address that the ISP assigns.

Select User-Defined if you have the IP address of a DNS server. Enter the DNS server's IP address in the field below. If you chose User-Defined, but leave the IP address set to 0.0.0.0, User-Defined changes to None after you click Apply. If you set a second choice to User-Defined, and enter the same IP address, the second User-Defined changes to None after you click Apply.

Select None if you do not want to configure DNS servers. If you do not configure a system DNS server, you must use IP addresses when configuring VPN, DDNS and the time server.

First of all, you need to have registered a dynamic DNS account with www.dyndns.org. This is for people with a dynamic IP from their ISP or DHCP server that would still like to have a domain name. The Dynamic DNS service provider will give you a password or key.

5.3.1 DynDNS Wildcard

Enabling the wildcard feature for your host causes *.yourhost.dyndns.org to be aliased to the same IP address as yourhost.dyndns.org. This feature is useful if you want to be able to use, for example, www.yourhost.dyndns.org and still reach your hostname.

Note: If you have a private WAN IP address, then you cannot use Dynamic DNS.

5.4 Configuring Dynamic DNS

To change your Prestige’s DDNS, click SYSTEM, then the DDNS tab. The screen appears as shown.

Chapter 5 System Screens 79

P-335 Series User’s Guide

Figure 24 DDNS

The following table describes the labels in this screen.

Table 20 DDNS

LABEL DESCRIPTION

Enable DDNS Select this check box to use dynamic DNS.

Service Provider Select the name of your Dynamic DNS service provider.

DDNS Type Select the type of service that you are registered for from your Dynamic DNS

service provider.

Host Names 1~3 Enter the host names in the three fields provided. You can specify up to two

host names in each field separated by a comma (",").

User Name Enter your user name.

Password Enter the password assigned to you.

Enable Wildcard Option Select the check box to enable DynDNS Wildcard.

Enable off line option This option is available when CustomDNS is selected in the DDNS Type

IP Address Update Policy:

Use WAN IP Address Select this option to update the IP address of the host name(s) to the WAN IP

DDNS server auto detect IP Address

field. Check with your Dynamic DNS service provider to have traffic redirected to a URL (that you can specify) while you are off line.

address.

Select this option to update the IP address of the host name(s) automatically by the DDNS server. It is recommended that you select this option.

80 Chapter 5 System Screens

Table 20 DDNS

LABEL DESCRIPTION

P-335 Series User’s Guide

Use specified IP Address

Apply Click Apply to save your changes back to the Prestige.

Reset Click Reset to begin configuring this screen afresh.

Type the IP address of the host name(s). Use this if you have a static IP address.

5.5 Configuring Password

To change your Prestige’s password (recommended), click SYSTEM, then the Password tab. The screen appears as shown. This screen allows you to change the Prestige’s password.

Figure 25 Password

The following table describes the labels in this screen.

Table 21 Password

LABEL DESCRIPTION

Old Password Type the default password or the existing password you use to access the

system in this field.

New Password Type the new password in this field.

Retype to Confirm Type the new password again in this field.

Apply Click Apply to save your changes back to the Prestige.

Reset Click Reset to begin configuring this screen afresh.

5.6 Configuring Time Setting

To change your Prestige’s time and date, click SYSTEM, then the Time Setting tab. The screen appears as shown. Use this screen to configure the Prestige’s time based on your local time zone.

Chapter 5 System Screens 81

P-335 Series User’s Guide

Figure 26 Time Setting

The following table describes the labels in this screen.

Table 22 Time Setting

LABEL DESCRIPTION

Time Protocol Select the time service protocol that your time server sends when you turn on

Time Server Address

Current Time This field displays the time of your Prestige.

New Time This field displays the last updated time from the time server.

the Prestige. Not all time servers support all protocols, so you may have to check with your ISP/network administrator or use trial and error to find a protocol that works.

The main difference between them is the format.

Daytime (RFC 867) format is day/month/year/time zone of the server. Time (RFC 868) format displays a 4-byte integer giving the total number of

seconds since 1970/1/1 at 0:0:0. The default, NTP (RFC 1305), is similar to Time (RFC 868). Select None to enter the time and date manually.

Enter the IP address or URL (up to 20 extended ASCII characters in length) of your time server. Check with your ISP/network administrator if you are unsure of this information.

Each time you reload this page, the Prestige synchronizes the time with the time server.

When you select None in the Time Protocol field, enter the new time in this field and then click Apply.

82 Chapter 5 System Screens

P-335 Series User’s Guide

Table 22 Time Setting

LABEL DESCRIPTION

Current Date This field displays the date of your Prestige.

Each time you reload this page, the Prestige synchronizes the time with the time server.

New Date This field displays the last updated date from the time server.

When you select None in the Time Protocol field, enter the new date in this field and then click Apply.

Time Zone Choose the Time Zone of your location. This will set the time difference between

your time zone and Greenwich Mean Time (GMT).

Daylight Savings Select this option if you use daylight savings time. Daylight saving is a period

Start Date Enter the month and day that your daylight-savings time starts on if you selected

End Date Enter the month and day that your daylight-savings time ends on if you selected

Apply Click Apply to save your changes back to the Prestige.

Reset Click Reset to begin configuring this screen afresh.

from late spring to early fall when many countries set their clocks ahead of normal local time by one hour to give more daytime light in the evening.

Daylight Savings.

Chapter 5 System Screens 83

P-335 Series User’s Guide

84 Chapter 5 System Screens

This chapter describes how to configure LAN settings.

6.1 LAN Overview

Local Area Network (LAN) is a shared communication system to which many computers are attached. The LAN screens can help you configure a LAN DHCP server, manage IP addresses, and partition your physical network into logical networks.

6.2 DHCP Setup

P-335 Series User’s Guide

CHAPTER 6

LAN Screens

DHCP (Dynamic Host Configuration Protocol, RFC 2131 and RFC 2132) allows individual clients to obtain TCP/IP configuration at start-up from a server. You can configure the Prestige as a DHCP server or disable it. When configured as a server, the Prestige provides the TCP/IP configuration for the clients. If DHCP service is disabled, you must have another DHCP server on your LAN, or else the computer must be manually configured.

6.2.1 IP Pool Setup

The Prestige is pre-configured with a pool of 32 IP addresses starting from 192.168.1.33 to

192.168.1.64. This configuration leaves 31 IP addresses (excluding the Prestige itself) in the lower range for other server computers, for instance, servers for mail, FTP, TFTP, web, etc., that you may have.

6.2.2 System DNS Servers

Refer to the IP Address and Subnet Mask section in the Wizard Setup chapter.

6.3 LAN TCP/IP

The Prestige has built-in DHCP server capability that assigns IP addresses and DNS servers to systems that support DHCP client capability.

6.3.1 Factory LAN Defaults

The LAN parameters of the Prestige are preset in the factory with the following values:

Chapter 6 LAN Screens 85

P-335 Series User’s Guide

• IP address of 192.168.1.1 with subnet mask of 255.255.255.0 (24 bits)

• DHCP server enabled with 32 client IP addresses starting from 192.168.1.33.

These parameters should work for the majority of installations. If your ISP gives you explicit DNS server address(es), read the embedded web configurator help regarding what fields need to be configured.

6.3.2 IP Address and Subnet Mask

Refer to the IP Address and Subnet Mask section in the Wizard Setup chapter for this information.

6.3.3 RIP Setup

RIP (Routing Information Protocol, RFC 1058 and RFC 1389) allows a router to exchange routing information with other routers. RIP Direction controls the sending and receiving of RIP packets. When set to Both or Out Only, the Prestige will broadcast its routing table periodically. When set to Both or In Only, it will incorporate the RIP information that it receives; when set to None, it will not send any RIP packets and will ignore any RIP packets received.

RIP Version controls the format and the broadcasting method of the RIP packets that the Prestige sends (it recognizes both formats when receiving). RIP-1 is universally supported; but RIP-2 carries more information. RIP-1 is probably adequate for most networks, unless you have an unusual network topology.

Both RIP-2B and RIP-2M send routing data in RIP-2 format; the difference being that RIP- 2B uses subnet broadcasting while RIP-2M uses multicasting. Multicasting can reduce the load on non-router machines since they generally do not listen to the RIP multicast address and so will not receive the RIP packets. However, if one router uses multicasting, then all routers on your network must use multicasting, also.

By default, RIP Direction is set to Both and RIP Version to RIP-1.

6.3.4 Multicast

Traditionally, IP packets are transmitted in one of either two ways - Unicast (1 sender - 1 recipient) or Broadcast (1 sender - everybody on the network). Multicast delivers IP packets to a group of hosts on the network - not everybody and not just 1.

IGMP (Internet Group Multicast Protocol) is a network-layer protocol used to establish membership in a Multicast group - it is not used to carry user data. IGMP version 2 (RFC

2236) is an improvement over version 1 (RFC 1112) but IGMP version 1 is still in wide use. If you would like to read more detailed information about interoperability between IGMP version 2 and version 1, please see sections 4 and 5 of RFC 2236. The class D IP address is used to identify host groups and can be in the range 224.0.0.0 to 239.255.255.255. The address

86 Chapter 6 LAN Screens

224.0.0.0 is not assigned to any group and is used by IP multicast computers. The address

224.0.0.1 is used for query messages and is assigned to the permanent group of all IP hosts (including gateways). All hosts must join the 224.0.0.1 group in order to participate in IGMP. The address 224.0.0.2 is assigned to the multicast routers group.

The Prestige supports both IGMP version 1 (IGMP-v1) and IGMP version 2 (IGMP-v2). At start up, the Prestige queries all directly connected networks to gather group membership. After that, the Prestige periodically updates this information. IP multicasting can be enabled/ disabled on the Prestige LAN and/or WAN interfaces in the web configurator (LAN; WA N ). Select None to disable IP multicasting on these interfaces.

6.4 Any IP

Traditionally, you must set the IP addresses and the subnet masks of a computer and the Prestige to be in the same subnet to allow the computer to access the Internet (through the Prestige). In cases where your computer is required to use a static IP address in another network, you may need to manually configure the network settings of the computer every time you want to access the Internet via the Prestige.

P-335 Series User’s Guide

With the Any IP feature and NAT enabled, the Prestige allows a computer to access the Internet without changing the network settings (such as IP address and subnet mask) of the computer, when the IP addresses of the computer and the Prestige are not in the same subnet. Whether a computer is set to use a dynamic or static (fixed) IP address, you can simply connect the computer to the Prestige and access the Internet.

The following figure depicts a scenario where a computer is set to use a static private IP address in the corporate environment. In a residential house where a Prestige is installed, you can still use the computer to access the Internet without changing the network settings, even when the IP addresses of the computer and the Prestige are not in the same subnet.

Figure 27 Any IP Example Application

Chapter 6 LAN Screens 87

P-335 Series User’s Guide

The Any IP feature does not apply to a computer using either a dynamic IP address or a static IP address that is in the same subnet as the Prestige’s IP address.

6.4.1 How Any IP Works

Address Resolution Protocol (ARP) is a protocol for mapping an Internet Protocol address (IP address) to a physical machine address, also known as a Media Access Control or MAC address, on the local area network. IP routing table is defined on IP Ethernet devices (the Prestige) to decide which hop to use,

The following lists out the steps taken, when a computer tries to access the Internet for the first time through the Prestige.

1 When a computer (which is in a different subnet) first attempts to access the Internet, it

sends packets to its default gateway (which is not the Prestige) by looking at the MAC address in its ARP table.

Note: You must enable NAT to use the Any IP feature on the Prestige

to help forward data along to its specified destination.

2 When the computer cannot locate the default gateway, an ARP request is broadcast on the

LAN.

3 The Prestige receives the ARP request and replies to the computer with its own MAC

address.

4 The computer updates the MAC address for the default gateway to the ARP table. Once

the ARP table is updated, the computer is able to access the Internet through the Prestige.

5 When the Prestige receives packets from the computer, it creates an entry in the IP

routing table so it can properly forward packets intended for the computer.

After all the routing information is updated, the computer can access the Prestige and the Internet as if it is in the same subnet as the Prestige.

6.5 Configuring IP

Click LAN to open the IP screen.

88 Chapter 6 LAN Screens

Figure 28 LAN IP

P-335 Series User’s Guide

The following table describes the labels in this screen.

Table 23 LAN IP

LABEL DESCRIPTION

DHCP Server DHCP (Dynamic Host Configuration Protocol, RFC 2131 and RFC 2132) allows

IP Pool Starting Address

Pool Size This field specifies the size, or count of the IP address pool.

Chapter 6 LAN Screens 89

individual clients (computers) to obtain TCP/IP configuration at startup from a server. Leave the DHCP Server check box selected unless your ISP instructs you to do otherwise. Clear it to disable the Prestige acting as a DHCP server. When configured as a server, the Prestige provides TCP/IP configuration for the clients. If not, DHCP service is disabled and you must have another DHCP server on your LAN, or else the computers must be manually configured. When set as a server, fill in the following four fields.

This field specifies the first of the contiguous addresses in the IP address pool.

P-335 Series User’s Guide

Table 23 LAN IP

LABEL DESCRIPTION

DNS Servers Assigned by DHCP Server The Prestige passes a DNS (Domain Name System) server IP address (in the order you specify here)

to the DHCP clients. The Prestige only passes this information to the LAN DHCP clients when you select the DHCP Server check box. When you clear the DHCP Server check box, DHCP service is disabled and you must have another DHCP sever on your LAN, or else the computers must have their DNS server addresses manually configured.

First DNS Server Second DNS Server Third DNS Server

LAN TCP/IP

IP Address Type the IP address of your Prestige in dotted decimal notation 192.168.1.1

IP Subnet Mask The subnet mask specifies the network number portion of an IP address. Your

RIP Direction RIP (Routing Information Protocol, RFC1058 and RFC 1389) allows a router to

RIP Version The RIP Version field controls the format and the broadcasting method of the

Multicast Select IGMP V-1 or IGMP V-2 or None. IGMP (Internet Group Multicast Protocol)

Select From ISP if your ISP dynamically assigns DNS server information (and the Prestige's WAN IP address). The field to the right displays the (read-only) DNS server IP address that the ISP assigns.

Select User-Defined if you have the IP address of a DNS server. Enter the DNS server's IP address in the field to the right. If you chose User-Defined, but leave the IP address set to 0.0.0.0, User-Defined changes to None after you click Apply. If you set a second choice to User-Defined, and enter the same IP address, the second User-Defined changes to None after you click Apply.

Select DNS Relay to have the Prestige act as a DNS proxy. The Prestige's LAN IP address displays in the field to the right (read-only). The Prestige tells the DHCP clients on the LAN that the Prestige itself is the DNS server. When a computer on the LAN sends a DNS query to the Prestige, the Prestige forwards the query to the Prestige's system DNS server (configured in the SYSTEM General screen) and relays the response back to the computer. You can only select DNS Relay for one of the three servers; if you select DNS Relay for a second or third DNS server, that choice changes to None after you click Apply.

Select None if you do not want to configure DNS servers. If you do not configure a DNS server, you must know the IP address of a computer in order to access it.

(factory default).

Prestige will automatically calculate the subnet mask based on the IP address that you assign. Unless you are implementing subnetting, use the subnet mask computed by the Prestige 255.255.255.0.

exchange routing information with other routers. The RIP Direction field controls the sending and receiving of RIP packets. Select the RIP direction from Both/In Only/Out Only/None. When set to Both or Out Only, the Prestige will broadcast its routing table periodically. When set to Both or In Only, it will incorporate the RIP information that it receives; when set to None, it will not send any RIP packets and will ignore any RIP packets received. Both is the default.

RIP packets that the Prestige sends (it recognizes both formats when receiving). RIP-1 is universally supported but RIP-2 carries more information. RIP-1 is probably adequate for most networks, unless you have an unusual network topology. Both RIP-2B and RIP-2M sends the routing data in RIP-2 format; the difference being that RIP-2B uses subnet broadcasting while RIP-2M uses multicasting. Multicasting can reduce the load on non-router machines since they generally do not listen to the RIP multicast address and so will not receive the RIP packets. However, if one router uses multicasting, then all routers on your network must use multicasting, also. By default, RIP direction is set to Both and the Version set to RIP-1.

is a network-layer protocol used to establish membership in a Multicast group - it is not used to carry user data. IGMP version 2 (RFC 2236) is an improvement over version 1 (RFC 1112) but IGMP version 1 is still in wide use. If you would like to read more detailed information about interoperability between IGMP version 2 and version 1, please see sections 4 and 5 of RFC 2236.

90 Chapter 6 LAN Screens

P-335 Series User’s Guide

Table 23 LAN IP

LABEL DESCRIPTION

Any IP Setup

Active

Windows Networking (NetBIOS over TCP/IP): NetBIOS (Network Basic Input/Output System) are TCP or UDP broadcast packets that enable a computer to connect to and communicate with a LAN. For some dial-up services such as PPPoE or PPTP, NetBIOS packets cause unwanted calls. However it may sometimes be necessary to allow NetBIOS packets to pass through to the WAN in order to find a computer on the WAN.

Allow between LAN and WAN

Apply Click Apply to save your changes back to the Prestige.

Reset Click Reset to begin configuring this screen afresh.

Select this option to activate the Any-IP feature. This allows a computer to access the Internet without changing the network settings (such as IP address and subnet mask) of the computer, even when the IP addresses of the computer and the Prestige are not in the same subnet. When you disable the Any-IP feature, only computers with dynamic IP addresses

or static IP addresses in the same subnet as the Prestige’s LAN IP address can connect to the Prestige or access the Internet through the Prestige.

Select this check box to forward NetBIOS packets from the LAN to the WAN and from the WAN to the LAN. If your firewall is enabled with the default policy set to block WAN to LAN traffic, you also need to enable the default WAN to LAN firewall rule that forwards NetBIOS traffic.

Clear this check box to block all NetBIOS packets going from the LAN to the WAN and from the WAN to the LAN.

6.6 Configuring Static DHCP

This table allows you to assign IP addresses on the LAN to specific individual computers based on their MAC Addresses.

Every Ethernet device has a unique MAC (Media Access Control) address. The MAC address is assigned at the factory and consists of six pairs of hexadecimal characters, for example, 00:A0:C5:00:00:02.

To change your Prestige’s Static DHCP settings, click LAN, then the Static DHCP tab. The screen appears as shown.

Chapter 6 LAN Screens 91

P-335 Series User’s Guide

Figure 29 Static DHCP

The following table describes the labels in this screen.

Table 24 Static DHCP

LABEL DESCRIPTION

# This is the index number of the Static IP table entry (row).

MAC Address Type the MAC address (with colons) of a computer on your LAN.

IP Address This field specifies the size, or count of the IP address pool.

Apply Click Apply to save your changes back to the Prestige.

Reset Click Reset to begin configuring this screen afresh.

6.7 Configuring IP Alias

IP Alias allows you to partition a physical network into different logical networks over the same Ethernet interface. The Prestige supports three logical LAN interfaces via its single physical Ethernet interface with the Prestige itself as the gateway for each LAN network.

To change your Prestige’s IP Alias settings, click LAN, then the IP Alias tab. The screen appears as shown.

92 Chapter 6 LAN Screens

Figure 30 IP Alias

P-335 Series User’s Guide

The following table describes the labels in this screen.

Table 25 IP Alias

LABEL DESCRIPTION

IP Alias 1,2 Select the check box to configure another LAN network for the Prestige.

IP Address Enter the IP address of your Prestige in dotted decimal notation.

IP Subnet Mask Your Prestige will automatically calculate the subnet mask based on the IP

address that you assign. Unless you are implementing subnetting, use the subnet mask computed by the Prestige.

RIP Direction RIP (Routing Information Protocol, RFC1058 and RFC 1389) allows a router to

RIP Version The RIP Version field controls the format and the broadcasting method of the

Apply Click Apply to save your changes back to the Prestige.

Reset Click Reset to begin configuring this screen afresh.

Chapter 6 LAN Screens 93

P-335 Series User’s Guide

94 Chapter 6 LAN Screens

Wireless Configuration and

This chapter discusses how to configure the Wireless and Roaming screens on the Prestige. This chapter applies to the P-335WT only.

7.1 Wireless LAN Overview

This section introduces the wireless LAN(WLAN) and some basic scenarios.

7.1.1 IBSS

P-335 Series User’s Guide

CHAPTER 7

Roaming

An Independent Basic Service Set (IBSS), also called an Ad-hoc network, is the simplest WLAN configuration. An IBSS is defined as two or more computers with wireless adapters within range of each other that from an independent (wireless) network without the need of an access point (AP).

Figure 31 IBSS (Ad-hoc) Wireless LAN

7.1.2 BSS

A Basic Service Set (BSS) exists when all communications between wireless stations or between a wireless station and a wired network client go through one access point (AP).

Intra-BSS traffic is traffic between wireless stations in the BSS. When Intra-BSS is enabled, wireless station A and B can access the wired network and communicate with each other. When Intra-BSS is disabled, wireless station A and B can still access the wired network but cannot communicate with each other.

Chapter 7 Wireless Configuration and Roaming 95

P-335 Series User’s Guide

Figure 32 Basic Service set

7.1.3 ESS

An Extended Service Set (ESS) consists of a series of overlapping BSSs, each containing an access point, with each access point connected together by a wired network. This wired connection between APs is called a Distribution System (DS). An ESSID (ESS IDentification) uniquely identifies each ESS. All access points and their associated wireless stations within the same ESS must have the same ESSID in order to communicate.

96 Chapter 7 Wireless Configuration and Roaming

Figure 33 Extended Service Set

P-335 Series User’s Guide

7.2 Wireless LAN Basics

Refer also to the Wizard Setup chapter for more background information on Wireless LAN features, such as channels.

7.2.1 RTS/CTS

A hidden node occurs when two stations are within range of the same access point, but are not within range of each other. The following figure illustrates a hidden node. Both stations (STA) are within range of the access point (AP) or wireless gateway, but out-of-range of each other, so they cannot “hear” each other, that is they do not know if the channel is currently being used. Therefore, they are considered hidden from each other.

Chapter 7 Wireless Configuration and Roaming 97

P-335 Series User’s Guide

Figure 34 RTS/CTS

When station A sends data to the Prestige, it might not know that station B is already using the channel. If these two stations send data at the same time, collisions may occur when both sets of data arrive at the AP at the same time, resulting in a loss of messages for both stations.

RTS/CTS is designed to prevent collisions due to hidden nodes. An RTS/CTS defines the biggest size data frame you can send before an RTS (Request To Send)/CTS (Clear to Send) handshake is invoked.

When a data frame exceeds the RTS/CTS value you set (between 0 to 2432 bytes), the station that wants to transmit this frame must first send an RTS (Request To Send) message to the AP for permission to send it. The AP then responds with a CTS (Clear to Send) message to all other stations within its range to notify them to defer their transmission. It also reserves and confirms with the requesting station the time frame for the requested transmission.

Stations can send frames smaller than the specified RTS/CTS directly to the AP without the RTS (Request To Send)/CTS (Clear to Send) handshake.

You should only configure RTS/CTS if the possibility of hidden nodes exists on your network and the “cost” of resending large frames is more than the extra network overhead involved in the RTS (Request To Send)/CTS (Clear to Send) handshake.

If the RTS/CTS value is greater than the Fragmentation Threshold value (see next), then the RTS (Request To Send)/CTS (Clear to Send) handshake will never occur as data frames will be fragmented before they reach RTS/CTS size.

Note: Enabling the RTS Threshold causes redundant network overhead that could negatively affect the throughput performance instead of providing a remedy.

Note:

7.2.2 Fragmentation Threshold

A Fragmentation Threshold is the maximum data fragment size that can be sent in the wireless network before the Prestige will fragment the packet into smaller data frames.

98 Chapter 7 Wireless Configuration and Roaming

A large Fragmentation Threshold is recommended for networks not prone to interference while you should set a smaller threshold for busy networks or networks that are prone to interference.

If the Fragmentation Threshold value is smaller than the RTS/CTS value (see previously) you set, then the RTS (Request To Send)/CTS (Clear to Send) handshake will never occur as data frames will be fragmented before they reach RTS/CTS size.

7.3 Configuring Wireless

Note: f you are configuring the Prestige from a computer

connected to the wireless LAN and you change the Prestige’s SSID or WEP settings, you will lose your wireless connection when you press Apply to confirm. You must then change the wireless settings of your computer to match the Prestige’s new settings.

Click the WIRELESS link under ADVANCED to open the Wireless screen.

P-335 Series User’s Guide

Chapter 7 Wireless Configuration and Roaming 99

P-335 Series User’s Guide

Figure 35 Wireless

The following table describes the general wireless LAN labels in this screen.

Table 26 Wireless

LABEL DESCRIPTION

Enable Wireless LAN

Name(SSID) (Service Set IDentity) The SSID identifies the Service Set with which a wireless

Click the check box to activate wireless LAN.

station is associated. Wireless stations associating to the access point (AP) must have the same SSID. Enter a descriptive name (up to 32 printable 7-bit ASCII characters) for the wireless LAN.

Note: If you are configuring the Prestige from a computer connected to the wireless LAN and you change the Prestige’s SSID or WEP settings, you will lose your wireless connection when you press Apply to confirm. You must then change the wireless settings of your computer to match the Prestige’s new settings.

100 Chapter 7 Wireless Configuration and Roaming

Zyxel PRESTIGE 335, prestige-335wt user manual

Specifications and Main Features

Frequently Asked Questions

User Manual

User’s Guide

Copyright

4 Federal Communications Commission (FCC) Interference Statement

ZyXEL Limited Warranty

Customer Support

Table of Contents

List of Figures

List of Tables

Preface

Getting to Know Your Prestige

1.1 Prestige Internet Security Gateway Overview

1.2 Prestige Features

1.2.1 Physical Features

1.2.1.1 USB Port

1.2.1.2 OTIST Button (P-335WT only)

1.2.1.3 10/100M Auto-negotiating Ethernet/Fast Ethernet Interface(s)

1.2.1.4 Auto-crossover 10/100 Mbps Ethernet Interface(s)

1.2.1.5 4-Port Switch

1.2.1.6 Time and Date

1.2.1.7 Reset Button

1.2.2 Non-Physical Features

1.2.2.1 Print Server

1.2.2.2 OTIST (P-335WT only)

1.2.2.3 Media Bandwidth Management

1.2.2.4 Trend Micro Security Services

1.2.2.5 IPSec VPN Capability

1.2.2.6 Firewall

1.2.2.7 IEEE 802.1x Network Security (P-335WT only)

1.2.2.8 Content Filtering

1.2.2.9 Brute-Force Password Guessing Protection

1.2.2.10 802.11b Wireless LAN Standard (P-335WT only)

1.2.2.11 802.11g Wireless LAN Standard (P-335WT only)

1.2.2.12 Packet Filtering

1.2.2.13 Universal Plug and Play (UPnP)

1.2.2.14 Call Scheduling

1.2.2.15 PPPoE

1.2.2.16 PPTP Encapsulation

1.2.2.17 Dynamic DNS Support

1.2.2.18 IP Multicast

1.2.2.19 IP Alias

1.2.2.20 SNMP

1.2.2.21 Network Address Translation (NAT)

1.2.2.22 Traffic Redirect

1.2.2.23 Port Forwarding

1.2.2.24 DHCP (Dynamic Host Configuration Protocol)

1.2.2.25 Any IP

1.2.2.26 Full Network Management

1.2.2.27 RoadRunner Support

1.2.2.28 Logging and Tracing

1.2.2.29 Upgrade Prestige Firmware via LAN

1.2.2.30 Embedded FTP and TFTP Servers

1.2.2.31 Wireless Association List (P-335WT only)

1.2.2.32 Wireless LAN Channel Usage (P-335WT only)

1.3 Applications for the Prestige

1.3.1 Print Server Application

1.3.2 Secure Broadband Internet Access via Cable or DSL Modem

1.3.3 VPN Application

1.3.4 Wireless LAN Application (P-335WT only)

2.1 Web Configurator Overview

2.2 Accessing the Prestige Web Configurator

2.3 Resetting the Prestige

2.3.1 Procedure To Use The Reset Button

2.3.2 Navigating the Prestige Web Configurator

2.3.3 Navigation Panel

Wizard Setup

3.1 Wizard Setup Overview

3.2 Wizard Setup: General Setup and System Name

3.2.1 Domain Name

3.3 Wizard Setup: Wireless LAN (P-335WT only)

3.3.1 Wizard Setup : Wireless LAN : Basic Security

3.3.2 Wizard Setup : Wireless LAN : Extended Security

3.4 Wizard Setup : Wireless LAN : OTIST (P-335WT only)

3.5 Wizard Setup : Internet Access

3.5.1 Ethernet

3.5.2 PPPoE Encapsulation

3.5.3 PPTP Encapsulation