Page 1
Prestige 650 Series
ADSL Router
User's Guide
Version 3.40
February 2004
Page 2
Prestige 650 Series User’s Guide
Copyright
Copyright © 2003 by ZyXEL Communications Corporation.
The contents of this publication may not be reproduced in any part or as a whole, transcribed, stored in a
retrieval system, translated into any language, or transmitted in any form or by any means, electronic,
mechanical, magnetic, optical, chemical, photocopying, manual, or otherwise, without the prior written
permission of ZyXEL Communications Corporation.
Published by ZyXEL Communications Corporation. All rights reserved.
Disclaimer
ZyXEL does not assume any liability arising out of the application or use of any products, or software
described herein. Neither does it convey any license under its patent rights nor the patent rights of others.
ZyXEL further reserves the right to make changes in any products described herein without notice. This
publication is subject to change without notice.
Trademarks
ZyNOS (ZyXEL Network Operating System) is a registered trademark of ZyXEL Communications, Inc.
Other trademarks mentioned in this publication are used for identification purposes only and may be
properties of their respective owners.
ii Copyright
Page 3
Prestige 650 Series User’s Guide
Federal Communications Commission
(FCC) Interference Statement
This device complies with Part 15 of FCC rules. Operation is subject to the following two conditions:
• This device may not cause harmful interference.
• This device must accept any interference received, including interference that may cause undesired
operations.
This equipment has been tested and found to comply with the limits for a Class B digital device pursuant to
Part 15 of the FCC Rules. These limits are designed to provide reasonable protection against harmful
interference in a commercial environment. This equipment generates, uses, and can radiate radio frequency
energy, and if not installed and used in accordance with the instructions, may cause harmful interference to
radio communications.
If this equipment does cause harmful interference to radio/television reception, which can be determined by
turning the equipment off and on, the user is encouraged to try to correct the interference by one or more of
the following measures:
1. Reorient or relocate the receiving antenna.
2. Increase the separation between the equipment and the receiver.
3. Connect the equipment into an outlet on a circuit different from that to which the receiver is connected.
4. Consult the dealer or an experienced radio/TV technician for help.
Notice 1
Changes or modifications not expressly approved by the party responsible for compliance could void the
user's authority to operate the equipment.
Certifications
1. Go to www.zyxel.com
2. Select your product from the drop-down list box on the ZyXEL home page to go to that product's page.
3. Select the certification you wish to view from this page
FCC Statement iii
Page 4
Prestige 650 Series User’s Guide
ZyXEL Limited Warranty
ZyXEL warrants to the original end user (purchaser) that this product is free from any defects in materials
or workmanship for a period of up to two years from the date of purchase. During the warranty period, and
upon proof of purchase, should the product have indications of failure due to faulty workmanship and/or
materials, ZyXEL will, at its discretion, repair or replace the defective products or components without
charge for either parts or labor, and to whatever extent it shall deem necessary to restore the product or
components to proper operating condition. Any replacement will consist of a new or re-manufactured
functionally equivalent product of equal value, and will be solely at the discretion of ZyXEL. This warranty
shall not apply if the product is modified, misused, tampered with, damaged by an act of God, or subjected
to abnormal working conditions.
Note
Repair or replacement, as provided under this warranty, is the exclusive remedy of the purchaser. This
warranty is in lieu of all other warranties, express or implied, including any implied warranty of
merchantability or fitness for a particular use or purpose. ZyXEL shall in no event be held liable for indirect
or consequential damages of any kind of character to the purchaser.
To obtain the services of this warranty, contact ZyXEL's Service Center for your Return Material
Authorization number (RMA). Products must be returned Postage Prepaid. It is recommended that the unit
be insured when shipped. Any returned products without proof of purchase or those with an out-dated
warranty will be repaired or replaced (at the discretion of ZyXEL) and the customer will be billed for parts
and labor. All repaired or replaced products will be shipped by ZyXEL to the corresponding return address,
Postage Paid. This warranty gives you specific legal rights, and you may also have other rights that vary
from country to country.
Safety Warnings
1. To reduce the risk of fire, use only No. 26 AWG or larger telephone wire.
2. Do not use this product near water, for example, in a wet basement or near a swimming pool.
3. Avoid using this product during an electrical storm. There may be a remote risk of electric shock from
lightening.
iv ZyXEL Warranty
Page 5
Prestige 650 Series User’s Guide
Customer Support
Please have the following information ready when you contact customer support.
• Product model and serial number.
• Warranty Information.
• Date that you received your device.
• Brief description of the problem and the steps you took to solve it.
LOCATION
AMERICA
METHOD
E-MAIL
SUPPORT/SALES
support@zyxel.com.tw
sales@zyxel.com.tw
support@zyxel.com +1-800-255-4101 www.us.zyxel.com NORTH
sales@zyxel.com
support@zyxel.dk +45-3955-0700 www.zyxel.dk SCANDINAVIA
sales@zyxel.dk
support@zyxel.de +49-2405-6909-0 www.zyxel.de GERMANY
sales@zyxel.de
+886-3-578-2439
+1-714-632-0858 ftp.us.zyxel.com
+45-3955-0707 ftp.zyxel.dk
+49-2405-6909-99
TELEPHONE/FAX WEB SITE/ FTP SITE REGULAR MAIL
+886-3-578-3942 WORLDWIDE
www.zyxel.com
www.europe.zyxel.com
ftp.zyxel.com
ftp.europe.zyxel.com
ZyXEL Communications Corp.,
6 Innovation Road II, ScienceBased Industrial Park, Hsinchu
300, Taiwan.
ZyXEL Communications Inc.,
1130 N. Miller St.
Anaheim, CA 92806, U.S.A.
ZyXEL Communications A/S,
Columbusvej 5, 2860 Soeborg,
Denmark.
ZyXEL Deutschland GmbH.
Adenauerstr. 20/A2 D-52146
Wuerselen, Germany
Customer Support v
Page 6
Prestige 650 Series User’s Guide
Table of Contents
Copyright......................................................................................................................................................... ii
Federal Communications Commission (FCC) Interference Statement.....................................................iii
ZyXEL Limited Warranty ............................................................................................................................ iv
Customer Support........................................................................................................................................... v
List of Figures ..............................................................................................................................................xiv
List of Tables ................................................................................................................................................ xxi
List of Charts .............................................................................................................................................. xxv
Preface ........................................................................................................................................................ xxvi
Introduction to DSL.................................................................................................................................xxviii
Getting Started.................................................................................................................................................I
Chapter 1 Getting To Know Your Prestige ................................................................................................ 1-1
1.1 Introducing the Prestige 650 Series ...........................................................................................1-1
1.2 Features of the Prestige..............................................................................................................1-2
1.3 Applications for the Prestige...................................................................................................... 1-7
Chapter 2 Introducing the Web Configurator ..........................................................................................2-1
2.1 Web Configurator Overview...................................................................................................... 2-1
2.2 Accessing the Prestige Web Configurator .................................................................................2-1
2.3 Navigating the Prestige Web Configurator................................................................................2-2
2.4 Configuring Password................................................................................................................2-3
2.5 Resetting the Prestige.................................................................................................................2-4
Chapter 3 Wizard Setup.............................................................................................................................. 3-1
3.1 Wizard Setup Introduction......................................................................................................... 3-1
3.2 Encapsulation.............................................................................................................................3-1
3.3 Multiplexing...............................................................................................................................3-2
3.4 VPI and VCI ..............................................................................................................................3-2
3.5 Wizard Setup Configuration: First Screen .................................................................................3-2
3.6 IP Address and Subnet Mask .....................................................................................................3-4
3.7 IP Address Assignment.............................................................................................................. 3-4
3.8 Nailed-Up Connection (PPP) ..................................................................................................... 3-6
3.9 NAT ...........................................................................................................................................3-6
3.10 Wizard Setup Configuration: Second Screen............................................................................. 3-6
3.11 DHCP Setup.............................................................................................................................3-12
3.12 Wizard Setup Configuration: Third Screen..............................................................................3-13
3.13 Wizard Setup Configuration: Connection Tests.......................................................................3-15
3.14 Test Your Internet Connection.................................................................................................3-16
LAN, Wireless LAN and WAN ..................................................................................................................... II
Chapter 4 LAN Setup.................................................................................................................................. 4-1
4.1 LAN Overview ..........................................................................................................................4-1
4.2 DNS Server Address..................................................................................................................4-1
vi Table of Contents
Page 7
Prestige 650 Series User’s Guide
4.3 DNS Server Address Assignment ..............................................................................................4-2
4.4 LAN TCP/IP ..............................................................................................................................4-2
4.5 Configuring LAN .......................................................................................................................4-4
Chapter 5 Wireless LAN Setup...................................................................................................................5-1
5.1 Wireless LAN Overview............................................................................................................5-1
5.2 Levels of Security ......................................................................................................................5-3
5.3 Data Encryption with WEP ........................................................................................................5-4
5.4 Inserting a PCMCIA Wireless LAN Card..................................................................................5-4
5.5 Configuring Wireless LAN ........................................................................................................5-4
5.6 Configuring MAC Filter.............................................................................................................5-7
5.7 802.1x Overview........................................................................................................................5-9
5.8 Introduction to RADIUS ............................................................................................................5-9
5.9 Configuring 802.1x ..................................................................................................................5-11
5.10 Configuring Local User Authentication ...................................................................................5-13
5.11 Configuring RADIUS ..............................................................................................................5-15
Chapter 6 WAN Setup .................................................................................................................................6-1
6.1 WAN Overview .........................................................................................................................6-1
6.2 PPPoE Encapsulation .................................................................................................................6-1
6.3 PPTP Encapsulation ...................................................................................................................6-1
6.4 Traffic Shaping...........................................................................................................................6-2
6.5 Configuring WAN Setup............................................................................................................6-3
NAT, Dynamic DNS and Time Zone........................................................................................................... III
Chapter 7 Network Address Translation (NAT)........................................................................................7-1
7.1 NAT Overview...........................................................................................................................7-1
7.2 SUA (Single User Account) Versus NAT..................................................................................7-4
7.3 SUA Server ................................................................................................................................7-5
7.4 Selecting the NAT Mode............................................................................................................7-7
7.5 Configuring SUA Server............................................................................................................7-8
7.6 Configuring Address Mapping.................................................................................................7-10
7.7 Editing an Address Mapping Rule ...........................................................................................7-12
Chapter 8 Dynamic DNS Setup...................................................................................................................8-1
8.1 Dynamic DNS ............................................................................................................................8-1
8.2 Configuring Dynamic DNS........................................................................................................8-1
Chapter 9 Time and Date Setup..................................................................................................................9-1
9.1 Configuring Time Zone..............................................................................................................9-1
Firewall and Content Filter......................................................................................................................... IV
Chapter 10 Firewalls..................................................................................................................................10-1
10.1 Firewall Overview....................................................................................................................10-1
10.2 Types of Firewalls....................................................................................................................10-1
10.3 Introduction to ZyXEL’s Firewall............................................................................................10-2
10.4 Denial of Service......................................................................................................................10-3
Table of Contents vii
Page 8
Prestige 650 Series User’s Guide
10.5 Stateful Inspection ...................................................................................................................10-7
10.6 Guidelines for Enhancing Security with Your Firewall......................................................... 10-11
10.7 Packet Filtering Vs Firewall ..................................................................................................10-12
Chapter 11 Firewall Configuration .......................................................................................................... 11-1
11.1 Remote Management and the Firewall ....................................................................................11-1
11.2 Enabling the Firewall...............................................................................................................11-1
11.3 Configuring E-mail Alerts .......................................................................................................11-2
11.4 Attack Alert..............................................................................................................................11-3
Chapter 12 Creating Custom Rules .........................................................................................................12-1
12.1 Rules Overview........................................................................................................................12-1
12.2 Rule Logic Overview...............................................................................................................12-1
12.3 Connection Direction............................................................................................................... 12-3
12.4 Logs .........................................................................................................................................12-4
12.5 Rule Summary .........................................................................................................................12-6
12.6 Predefined Services..................................................................................................................12-8
12.7 Creating/Editing Firewall Rules.............................................................................................12-11
12.8 Timeout.................................................................................................................................. 12-14
Chapter 13 Customized Services ..............................................................................................................13-1
13.1 Introduction to Customized Services ....................................................................................... 13-1
13.2 Creating/Editing A Customized Service .................................................................................. 13-2
13.3 Example Custom Service Firewall Rule ..................................................................................13-3
Chapter 14 Content Filtering....................................................................................................................14-1
14.1 Content Filtering Overview .....................................................................................................14-1
14.2 Configuring Keyword Blocking...............................................................................................14-1
14.3 Configuring the Schedule ........................................................................................................14-3
14.4 Configuring Trusted Computers ..............................................................................................14-4
14.5 Configuring Logs..................................................................................................................... 14-5
VPN/IPSec ...................................................................................................................................................... V
Chapter 15 Introduction to IPSec.............................................................................................................15-1
15.1 VPN Overview.........................................................................................................................15-1
15.2 IPSec Architecture ...................................................................................................................15-3
15.3 Encapsulation........................................................................................................................... 15-5
15.4 IPSec and NAT ........................................................................................................................ 15-5
Chapter 16 VPN Screens ........................................................................................................................... 16-1
16.1 VPN/IPSec Overview ..............................................................................................................16-1
16.2 IPSec Algorithms.....................................................................................................................16-1
16.3 My IP Address .........................................................................................................................16-2
16.4 Secure Gateway Address .........................................................................................................16-2
16.5 VPN Summary Screen............................................................................................................. 16-3
16.6 Keep Alive ............................................................................................................................... 16-5
16.7 ID Type and Content................................................................................................................16-5
viii Table of Contents
Page 9
Prestige 650 Series User’s Guide
16.8 Pre-Shared Key ........................................................................................................................16-7
16.9 Editing VPN Policies ...............................................................................................................16-7
16.10 IKE Phases .............................................................................................................................16-13
16.11 Configuring Advanced IKE Settings......................................................................................16-15
16.12 Manual Key Setup..................................................................................................................16-19
16.13 Configuring Manual Key .......................................................................................................16-20
16.14 Viewing SA Monitor ..............................................................................................................16-24
16.15 Configuring Global Setting ....................................................................................................16-26
16.16 Configuring IPSec Logs .........................................................................................................16-27
16.17 Telecommuter VPN/IPSec Examples ....................................................................................16-31
16.18 VPN and Remote Management..............................................................................................16-33
Remote Management, UPnP and Logs....................................................................................................... VI
Chapter 17 Remote Management Configuration....................................................................................17-1
17.1 Remote Management Overview...............................................................................................17-1
17.2 Telnet .......................................................................................................................................17-2
17.3 FTP...........................................................................................................................................17-2
17.4 Web ..........................................................................................................................................17-3
17.5 Configuring Remote Management ...........................................................................................17-3
Chapter 18 Universal Plug-and-Play (UPnP) ..........................................................................................18-1
18.1 Universal Plug and Play Overview ..........................................................................................18-1
18.2 UPnP and ZyXEL ....................................................................................................................18-2
18.3 Installing UPnP in Windows Example.....................................................................................18-3
18.4 Using UPnP in Windows XP Example ....................................................................................18-5
Chapter 19 Logs Screens ...........................................................................................................................19-1
19.1 Logs Overview.........................................................................................................................19-1
19.2 Configuring Log Settings .........................................................................................................19-1
19.3 Displaying the Logs .................................................................................................................19-4
19.4 SMTP Error Messages .............................................................................................................19-5
Bandwidth Management ............................................................................................................................VII
Chapter 20 Bandwidth Management .......................................................................................................20-1
20.1 Bandwidth Management Overview..........................................................................................20-1
20.2 Bandwidth Classes and Filters .................................................................................................20-1
20.3 Proportional Bandwidth Allocation..........................................................................................20-2
20.4 Bandwidth Management Usage Examples...............................................................................20-2
20.5 Scheduler..................................................................................................................................20-4
20.6 Maximize Bandwidth Usage ....................................................................................................20-4
20.7 Bandwidth Borrowing..............................................................................................................20-7
20.8 Configuring Summary..............................................................................................................20-9
20.9 Configuring Class Setup.........................................................................................................20-11
20.10 Configuring Monitor ..............................................................................................................20-17
Maintenance .............................................................................................................................................. VIII
Table of Contents ix
Page 10
Prestige 650 Series User’s Guide
Chapter 21 Maintenance...........................................................................................................................21-1
21.1 Maintenance Overview ............................................................................................................21-1
21.2 System Status Screen............................................................................................................... 21-1
21.3 DHCP Table Screen................................................................................................................. 21-6
21.4 Wireless Screens ...................................................................................................................... 21-7
21.5 Diagnostic Screens................................................................................................................... 21-9
21.6 Firmware Screen.................................................................................................................... 21-12
21.7 Configuration Screen .............................................................................................................21-14
SMT General Configuration........................................................................................................................IX
Chapter 22 Introducing the SMT............................................................................................................. 22-1
22.1 SMT Introduction ....................................................................................................................22-1
22.2 Navigating the SMT Interface..................................................................................................22-4
22.3 Changing the System Password............................................................................................... 22-6
Chapter 23 General Setup.........................................................................................................................23-1
23.1 General Setup...........................................................................................................................23-1
23.2 Configuring Menu 1.................................................................................................................23-1
Chapter 24 LAN Setup.............................................................................................................................. 24-1
24.1 LAN Setup ............................................................................................................................... 24-1
24.2 Protocol Dependent Ethernet Setup......................................................................................... 24-2
24.3 TCP/IP Ethernet Setup and DHCP...........................................................................................24-2
Chapter 25 Wireless LAN Setup...............................................................................................................25-1
25.1 Wireless LAN Overview..........................................................................................................25-1
25.2 Inserting a PCMCIA Wireless LAN Card ...............................................................................25-1
25.3 Wireless LAN Setup ................................................................................................................25-1
Chapter 26 Internet Access ....................................................................................................................... 26-1
26.1 Internet Access Overview ........................................................................................................26-1
26.2 IP Policies ................................................................................................................................26-1
26.3 IP Alias ....................................................................................................................................26-1
26.4 IP Alias Setup ..........................................................................................................................26-2
26.5 Route IP Setup .........................................................................................................................26-4
26.6 Internet Access Configuration .................................................................................................26-5
Chapter 27 Remote Node Configuration .................................................................................................27-1
27.1 Remote Node Setup Overview.................................................................................................27-1
27.2 Remote Node Setup .................................................................................................................27-1
27.3 Metric....................................................................................................................................... 27-5
27.4 Remote Node Network Layer Options.....................................................................................27-6
27.5 Remote Node Filter.................................................................................................................. 27-9
27.6 Editing ATM Layer Options.................................................................................................. 27-13
27.7 Traffic Redirect...................................................................................................................... 27-14
Chapter 28 Static Route Setup..................................................................................................................28-1
28.1 IP Static Route Overview.........................................................................................................28-1
x Table of Contents
Page 11
Prestige 650 Series User’s Guide
28.2 Configuring an IP static route ..................................................................................................28-2
Chapter 29 Bridging Setup........................................................................................................................29-1
29.1 Bridging Overview...................................................................................................................29-1
29.2 Bridge Ethernet Setup ..............................................................................................................29-1
Chapter 30 Network Address Translation (NAT) ....................................................................................30-1
30.1 NAT Overview.........................................................................................................................30-1
30.2 Applying NAT .........................................................................................................................30-1
30.3 NAT Setup ...............................................................................................................................30-3
30.4 Configuring a Server behind NAT ...........................................................................................30-9
30.5 General NAT Examples .........................................................................................................30-11
SMT Advanced Management........................................................................................................................ X
Chapter 31 Filter Configuration...............................................................................................................31-1
31.1 About Filtering.........................................................................................................................31-1
31.2 Configuring a Filter Set for the Prestige 650H and the Prestige 650HW.................................31-4
31.3 Configuring a Filter Set for the Prestige 650R and the Prestige 650R-E .................................31-6
31.4 Configuring a Filter Rule .........................................................................................................31-9
31.5 Filter Types and NAT ............................................................................................................31-16
31.6 Example Filter........................................................................................................................31-16
31.7 Applying Filters and Factory Defaults ...................................................................................31-19
Chapter 32 Enabling the Firewall.............................................................................................................32-1
32.1 Remote Management and the Firewall.....................................................................................32-1
32.2 Access Methods .......................................................................................................................32-1
32.3 Enabling the Firewall ...............................................................................................................32-1
32.4 Viewing Firewall Log ..............................................................................................................32-2
Chapter 33 SNMP Configuration .............................................................................................................33-1
33.1 SNMP Overview ......................................................................................................................33-1
33.2 Supported MIBs .......................................................................................................................33-2
33.3 SNMP Configuration ...............................................................................................................33-2
33.4 SNMP Traps.............................................................................................................................33-4
Chapter 34 System Security ......................................................................................................................34-1
34.1 System Security Overview.......................................................................................................34-1
34.2 Creating User Accounts on the Prestige...................................................................................34-5
Chapter 35 System Information and Diagnosis.......................................................................................35-1
35.1 System Maintenance Overview................................................................................................35-1
35.2 System Status ...........................................................................................................................35-1
35.3 System Information..................................................................................................................35-3
35.4 Log and Trace ..........................................................................................................................35-5
35.5 Diagnostic ................................................................................................................................35-8
Chapter 36 Firmware and Configuration File Maintenance..................................................................36-1
36.1 Filename Conventions..............................................................................................................36-1
36.2 Backup Configuration ..............................................................................................................36-2
Table of Contents xi
Page 12
Prestige 650 Series User’s Guide
36.3 Restore Configuration..............................................................................................................36-7
36.4 Uploading Firmware and Configuration Files .......................................................................36-10
Chapter 37 System Maintenance.............................................................................................................. 37-1
37.1 Command Interpreter Mode Overview....................................................................................37-1
37.2 Call Control Support................................................................................................................ 37-2
37.3 Time and Date Setting .............................................................................................................37-4
Chapter 38 Remote Management.............................................................................................................38-1
38.1 Remote Management Overview...............................................................................................38-1
38.2 Configuring Remote Management........................................................................................... 38-1
38.3 Remote Management and NAT ...............................................................................................38-3
38.4 System Timeout ....................................................................................................................... 38-3
Chapter 39 IP Policy Routing ...................................................................................................................39-1
39.1 IP Policy Routing Overview ....................................................................................................39-1
39.2 Benefits of IP Policy Routing ..................................................................................................39-1
39.3 Routing Policy .........................................................................................................................39-1
39.4 IP Routing Policy Setup........................................................................................................... 39-2
39.5 Applying an IP Policy..............................................................................................................39-5
39.6 IP Policy Routing Example...................................................................................................... 39-7
Chapter 40 Call Scheduling ......................................................................................................................40-1
40.1 Call Scheduling Overview .......................................................................................................40-1
SMT VPN/IPSec and Internal SPTGEN.....................................................................................................XI
Chapter 41 VPN/IPSec Setup....................................................................................................................41-1
41.1 VPN/IPSec Overview ..............................................................................................................41-1
41.2 IPSec Summary Screen............................................................................................................41-2
41.3 IPSec Setup.............................................................................................................................. 41-5
41.4 IKE Setup...............................................................................................................................41-11
41.5 Manual Setup .........................................................................................................................41-13
Chapter 42 SA Monitor ............................................................................................................................. 42-1
42.1 SA Monitor Overview..............................................................................................................42-1
42.2 Using SA Monitor.................................................................................................................... 42-1
42.3 Viewing IPSec Log.................................................................................................................. 42-3
Chapter 43 Internal SPTGEN ..................................................................................................................43-1
43.1 Internal SPTGEN Overview ....................................................................................................43-1
43.2 The Configuration Text File Format........................................................................................43-1
43.3 Internal SPTGEN FTP Download Example ............................................................................43-3
43.4 Internal SPTGEN FTP Upload Example .................................................................................43-4
Appendices and Index ................................................................................................................................XII
Appendix A Troubleshooting...................................................................................................................... A-1
A.1 Using LEDs to Diagnose Problems ..........................................................................................A-1
A.2 Console Port.............................................................................................................................. A-2
A.3 Telnet ........................................................................................................................................A-2
xii Table of Contents
Page 13
Prestige 650 Series User’s Guide
A.4 Web Configurator......................................................................................................................A-3
A.5 Login Username and Password.................................................................................................A-4
A.6 LAN Interface ...........................................................................................................................A-4
A.7 WAN Interface..........................................................................................................................A-5
A.8 Internet Access..........................................................................................................................A-5
A.9 Remote Management ................................................................................................................A-6
A.10 Remote Node Connection .........................................................................................................A-7
Appendix B IP Subnetting.......................................................................................................................... B-1
Appendix C Wireless LAN and IEEE 802.11............................................................................................C-1
Appendix D PPPoE .....................................................................................................................................D-1
Appendix E Virtual Circuit Topology........................................................................................................ E-1
Appendix F Setting up Your Computer’s IP Address............................................................................... F-1
Appendix G Splitters and Microfilters..................................................................................................... G-1
Appendix H Log Descriptions................................................................................................................... H-1
Appendix I Power Adaptor Specifications .................................................................................................I-1
I.1 Prestige 650R-E1/-E3/-E7 ADSL Router................................................................................... I-1
I.2 Prestige 650R-11 ADSL Router................................................................................................. I-2
I.3 Prestige 650R-13/-17 ADSL Ethernet Router............................................................................ I-3
I.4 Prestige 650R-31/-33 ADSL over ISDN Router........................................................................ I-4
I.5 Prestige 650H-11/-13 ADSL Router with 4-Port Ethernet Switch............................................. I-5
I.6 Prestige 650HW-11/-13 ADSL Router with 4-Port Ethernet Switch/Wireless LAN................. I-6
I.7 Prestige 650HW-31/-33/-37; Prestige 650H-31/-33/-37 ADSL Router with 4-port
Switch/Wireless..................................................................................................................................... I-7
I.8 Prestige 650H-E1/3/7 ADSL Router with 4-port Switch........................................................... I-8
Appendix J Index .........................................................................................................................................J-1
Table of Contents xiii
Page 14
Prestige 650 Series User’s Guide
List of Figures
Figure 1-1 Prestige Internet Access Application.............................................................................................1-8
Figure 1-2 Prestige LAN-to-LAN Application ...............................................................................................1-8
Figure 2-1 Password Screen ...........................................................................................................................2-1
Figure 2-2 Web Configurator SITE MAP Screen ........................................................................................... 2-2
Figure 2-3 Password .......................................................................................................................................2-3
Figure 2-4 Example Xmodem Upload............................................................................................................2-5
Figure 3-1 Wizard Screen 1 ............................................................................................................................3-3
Figure 3-2 Internet Connection with PPPoA ..................................................................................................3-7
Figure 3-3 Internet Connection with RFC 1483 .............................................................................................3-9
Figure 3-4 Internet Connection with ENET ENCAP....................................................................................3-10
Figure 3-5 Internet Connection with PPPoE................................................................................................. 3-11
Figure 3-6 Wizard Screen 3 ..........................................................................................................................3-13
Figure 3-7 Wizard : LAN Configuration.......................................................................................................3-14
Figure 3-8 Wizard Screen 4 ..........................................................................................................................3-15
Figure 4-1 LAN and WAN IP Addresses ........................................................................................................4-1
Figure 4-2 LAN ..............................................................................................................................................4-4
Figure 5-1 RTS/CTS .......................................................................................................................................5-2
Figure 5-2 Prestige Wireless Security Levels .................................................................................................5-3
Figure 5-3 Wireless......................................................................................................................................... 5-5
Figure 5-4 MAC Address Filter......................................................................................................................5-8
Figure 5-5 EAP Authentication..................................................................................................................... 5-11
Figure 5-6 802.1x..........................................................................................................................................5-11
Figure 5-7 Local User Database ...................................................................................................................5-14
Figure 5-8 RADIUS......................................................................................................................................5-16
Figure 6-1 Example of Traffic Shaping ..........................................................................................................6-2
Figure 6-2 Internet Access Setup.......................................................................................................................6-3
Figure 7-1 How NAT Works...........................................................................................................................7-2
Figure 7-2 NAT Application With IP Alias.....................................................................................................7-3
Figure 7-3 Multiple Servers Behind NAT Example........................................................................................7-7
Figure 7-4 NAT Mode.....................................................................................................................................7-7
Figure 7-5 Edit SUA/NAT Server Set.............................................................................................................7-9
Figure 7-6 Address Mapping Rules ..............................................................................................................7-11
Figure 7-7 Address Mapping Rule Edit ........................................................................................................7-12
Figure 8-1 DDNS............................................................................................................................................8-2
Figure 9-1 Time and Date ...............................................................................................................................9-1
Figure 10-1 Prestige Firewall Application....................................................................................................10-3
Figure 10-2 Three-Way Handshake ..............................................................................................................10-5
Figure 10-3 SYN Flood ................................................................................................................................10-5
Figure 10-4 Smurf Attack .............................................................................................................................10-6
xiv List of Figures
Page 15
Prestige 650 Series User’s Guide
Figure 10-5 Stateful Inspection.................................................................................................................... 10-8
Figure 11-1 Enabling the Firewall.................................................................................................................11-1
Figure 11-2 E-mail........................................................................................................................................11-2
Figure 11-3 Alert ...........................................................................................................................................11-6
Figure 12-1 LAN to WAN Traffic................................................................................................................ 12-3
Figure 12-2 WAN to LAN Traffic................................................................................................................ 12-4
Figure 12-3 Firewall Logs............................................................................................................................ 12-5
Figure 12-4 Firewall Rules Summary: First Screen..................................................................................... 12-7
Figure 12-5 Creating/Editing A Firewall Rule ........................................................................................... 12-12
Figure 12-6 Adding/Editing Source and Destination Addresses ................................................................ 12-14
Figure 12-7 Timeout................................................................................................................................... 12-15
Figure 13-1 Customized Services ................................................................................................................ 13-1
Figure 13-2 Creating/Editing A Customized Service ................................................................................... 13-2
Figure 13-3 Edit Rule Example.................................................................................................................... 13-3
Figure 13-4 Configure Source IP Example .................................................................................................. 13-4
Figure 13-5 Customized Service for MyService Example........................................................................... 13-4
Figure 13-6 Syslog Rule Configuration Example........................................................................................ 13-5
Figure 13-7 Rule Summary Example........................................................................................................... 13-6
Figure 14-1 Content Filter: Keyword........................................................................................................... 14-2
Figure 14-2 Content Filter: Schedule........................................................................................................... 14-3
Figure 14-3 Content Filter: Trusted.............................................................................................................. 14-4
Figure 14-4 Content Filter Logs................................................................................................................... 14-5
Figure 15-1 Encryption and Decryption....................................................................................................... 15-2
Figure 15-2 VPN Application ...................................................................................................................... 15-3
Figure 15-3 IPSec Architecture.................................................................................................................... 15-4
Figure 15-4 Transport and Tunnel Mode IPSec Encapsulation.................................................................... 15-5
Figure 16-1 IPSec Summary Fields ............................................................................................................. 16-3
Figure 16-2 VPN Summary ......................................................................................................................... 16-4
Figure 16-3 VPN IKE .................................................................................................................................. 16-8
Figure 16-4 Two Phases to Set Up the IPSec SA....................................................................................... 16-13
Figure 16-5 VPN IKE: Advanced .............................................................................................................. 16-16
Figure 16-6 VPN Manual Key ................................................................................................................... 16-20
Figure 16-7 SA Monitor............................................................................................................................. 16-25
Figure 16-8 Global Setting......................................................................................................................... 16-26
Figure 16-9 VPN Logs............................................................................................................................... 16-27
Figure 16-10 Telecommuters Sharing One VPN Rule Example................................................................ 16-31
Figure 16-11 Telecommuters Using Unique VPN Rules Example ............................................................ 16-32
Figure 17-1 Telnet Configuration on a TCP/IP Network ............................................................................. 17-2
Figure 17-2 Remote Management................................................................................................................ 17-3
Figure 18-1 Configuring UPnP .................................................................................................................... 18-2
Figure 19-1 Log Settings.............................................................................................................................. 19-2
List of Figures xv
Page 16
Prestige 650 Series User’s Guide
Figure 19-2 View Logs .................................................................................................................................19-4
Figure 19-3 E-mail Log Example .................................................................................................................19-6
Figure 20-1 Application-based Bandwidth Management Example ..............................................................20-2
Figure 20-2 Subnet-based Bandwidth Management Example...................................................................... 20-3
Figure 20-3 Application and Subnet-based Bandwidth Management Example............................................20-4
Figure 20-4 Bandwidth Allotment Example .................................................................................................20-5
Figure 20-5 Maximize Bandwidth Usage Example......................................................................................20-6
Figure 20-6 Bandwidth Borrowing Example................................................................................................20-8
Figure 20-7 Bandwidth Manager: Summary ..............................................................................................20-10
Figure 20-8 Bandwidth Manager: Class Setup ...........................................................................................20-12
Figure 20-9 Bandwidth Manager: Class Configuration..............................................................................20-13
Figure 20-10 Bandwidth Management Statistics........................................................................................20-16
Figure 20-11 Bandwidth Manager Monitor ................................................................................................20-17
Figure 21-1 System Status............................................................................................................................21-2
Figure 21-2 System Status: Show Statistics..................................................................................................21-4
Figure 21-3 DHCP Table ..............................................................................................................................21-6
Figure 21-4 Association List.........................................................................................................................21-7
Figure 21-5 Channel Usage Table.................................................................................................................21-8
Figure 21-6 Diagnostic .................................................................................................................................21-9
Figure 21-7 Diagnostic General..................................................................................................................21-10
Figure 21-8 Diagnostic DSL Line...............................................................................................................21-11
Figure 21-9 Firmware Upgrade ..................................................................................................................21-13
Figure 21-10 Network Temporarily Disconnected......................................................................................21-14
Figure 21-11 Error Message .......................................................................................................................21-14
Figure 21-12 Backup Configuration ...........................................................................................................21-15
Figure 21-13 Restore Configuration ........................................................................................................... 21-15
Figure 21-14 Configuration Upload Successful..........................................................................................21-16
Figure 21-15 Network Temporarily Disconnected......................................................................................21-16
Figure 21-16 Configuration Upload Error ..................................................................................................21-17
Figure 21-17 Back to Factory Default ........................................................................................................21-17
Figure 21-18 Reset Warning Message ........................................................................................................21-18
Figure 22-1 Login Screen .............................................................................................................................22-2
Figure 22-2 Prestige P650H/HW-31SMT Menu Overview..........................................................................22-3
Figure 22-3 SMT Main Menu for P650H/HW-31 ........................................................................................22-5
Figure 22-4 Menu 23 System Password .......................................................................................................22-6
Figure 23-1 Menu 1 General Setup...............................................................................................................23-2
Figure 23-2 Menu 1.1 Configure Dynamic DNS..........................................................................................23-3
Figure 24-1 Menu 3 LAN Setup...................................................................................................................24-1
Figure 24-2 Menu 3.1 LAN Port Filter Setup...............................................................................................24-1
Figure 24-3 Menu 3.2 TCP/IP and DHCP Ethernet Setup............................................................................24-2
Figure 25-1 Menu 3.5 - Wireless LAN Setup...............................................................................................25-2
xvi List of Figures
Page 17
Prestige 650 Series User’s Guide
Figure 25-2 Menu 3.5.1 WLAN MAC Address Filtering ............................................................................ 25-4
Figure 26-1 Physical Network ..................................................................................................................... 26-2
Figure 26-2 Partitioned Logical Networks................................................................................................... 26-2
Figure 26-3 Menu 3.2 TCP/IP and DHCP Setup.......................................................................................... 26-3
Figure 26-4 Menu 3.2.1 IP Alias Setup ........................................................................................................ 26-3
Figure 26-5 Menu 1 General Setup.............................................................................................................. 26-4
Figure 26-6 Menu 4 Internet Access Setup .................................................................................................. 26-5
Figure 27-1 Menu 11 Remote Node Setup................................................................................................... 27-2
Figure 27-2 Menu 11.1 Remote Node Profile.............................................................................................. 27-3
Figure 27-3 Menu 11.3 Remote Node Network Layer Options................................................................... 27-7
Figure 27-4 Sample IP Addresses for a TCP/IP LAN-to-LAN Connection................................................. 27-9
Figure 27-5 Menu 11.5 Remote Node Filter (RFC 1483 or ENET Encapsulation) ................................... 27-10
Figure 27-6 Menu 11.5 Remote Node Filter (PPPoA or PPPoE Encapsulation)........................................ 27-10
Figure 27-7 Internet Security ......................................................................................................................27-11
Figure 27-8 Menu 21- Filer Set Configuration (P650R and P650R-E)...................................................... 27-12
Figure 27-9 Menu 21.11- WebSet 11 ......................................................................................................... 27-12
Figure 27-10 Menu 21.12- WebSet 12 ....................................................................................................... 27-12
Figure 27-11 Menu 11.6 for VC-based Multiplexing................................................................................. 27-13
Figure 27-12 Menu 11.6 for LLC-based Multiplexing or PPP Encapsulation ........................................... 27-14
Figure 27-13 Traffic Redirect Setup Example ........................................................................................... 27-14
Figure 27-14 Traffic Redirect LAN Setup ................................................................................................. 27-15
Figure 27-15 Menu 11.1 – Remote Node Profile....................................................................................... 27-16
Figure 27-16 Menu 11.7 Traffic Redirect Setup......................................................................................... 27-17
Figure 28-1 Sample Static Routing Topology .............................................................................................. 28-1
Figure 28-2 Menu 12 Static Route Setup..................................................................................................... 28-2
Figure 28-3 Menu 12.1 IP Static Route Setup (P650H/HW) ....................................................................... 28-2
Figure 28-4 Menu12.1.1 Edit IP Static Route.............................................................................................. 28-3
Figure 29-1 Menu 11.1 Remote Node Profile.............................................................................................. 29-2
Figure 29-2 Menu 11.3 Remote Node Network Layer Options................................................................... 29-2
Figure 29-3 Menu 12.3 Bridge Static Route Setup ...................................................................................... 29-3
Figure 29-4 Menu 12.3.1 Edit Bridge Static Route...................................................................................... 29-3
Figure 30-1 Menu 4 Applying NAT for Internet Access .............................................................................. 30-2
Figure 30-2 Menu 11.3 Applying NAT to the Remote Node ....................................................................... 30-3
Figure 30-3 Menu 15 NAT Setup................................................................................................................. 30-4
Figure 30-4 Menu 15.1 Address Mapping Sets............................................................................................ 30-4
Figure 30-5 Menu 15.1.255 SUA Address Mapping Rules.......................................................................... 30-5
Figure 30-6 Menu 15.1.1 ACL Default Set .................................................................................................. 30-6
Figure 30-7 Menu 15.1.1.1 Editing/Configuring an Individual Rule in a Set.............................................. 30-8
Figure 30-8 Menu 15.2 NAT Server Setup................................................................................................... 30-9
Figure 30-9 Menu 15.2.1 NAT Server Setup.............................................................................................. 30-10
Figure 30-10 Multiple Servers Behind NAT Example ................................................................................30-11
List of Figures xvii
Page 18
Prestige 650 Series User’s Guide
Figure 30-11 NAT Example 1..................................................................................................................... 30-12
Figure 30-12 Menu 4 Internet Access & NAT Example .............................................................................30-12
Figure 30-13 NAT Example 2.....................................................................................................................30-13
Figure 30-14 Menu 15.2.1 Specifying an Inside Server .............................................................................30-13
Figure 30-15 NAT Example 3.....................................................................................................................30-14
Figure 30-16 Example 3: Menu 11.3 .......................................................................................................... 30-15
Figure 30-17 Example 3: Menu 15.1.1.1 ....................................................................................................30-15
Figure 30-18 Example 3: Final Menu 15.1.1..............................................................................................30-16
Figure 30-19 NAT Example 4.....................................................................................................................30-17
Figure 30-20 Example 4: Menu 15.1.1.1 Address Mapping Rule...............................................................30-18
Figure 30-21 Example 4: Menu 15.1.1 Address Mapping Rules ................................................................ 30-18
Figure 31-1 Outgoing Packet Filtering Process ............................................................................................ 31-2
Figure 31-2 Filter Rule Process ....................................................................................................................31-3
Figure 31-3 Menu 21.1 Filter Set Configuration (P650H/HW)....................................................................31-4
Figure 31-4 NetBIOS_WAN Filter Rules Summary.....................................................................................31-5
Figure 31-5 NetBIOS_LAN Filter Rules Summary......................................................................................31-5
Figure 31-6 IGMP Filter Rules Summary.....................................................................................................31-5
Figure 31-7 Menu 21 Filter Set Configuration (P650R and P650R-E).........................................................31-6
Figure 31-8 TELNET_WAN Filter Rules Summary.....................................................................................31-7
Figure 31-9 PPPoE Filter Rules Summary ...................................................................................................31-7
Figure 31-10 FTP_WAN Filter Rules Summary........................................................................................... 31-7
Figure 31-11 Menu 21.1.x.1 TCP/IP Filter Rule.........................................................................................31-10
Figure 31-12 Executing an IP Filter............................................................................................................31-13
Figure 31-13 Menu 21.1.6.1 Generic Filter Rule .......................................................................................31-14
Figure 31-14 Protocol and Device Filter Sets.............................................................................................31-16
Figure 31-15 Sample Telnet Filter ..............................................................................................................31-17
Figure 31-16 Menu 21.1.6.1 Sample Filter.................................................................................................31-18
Figure 31-17 Menu 21.1.6 Sample Filter Rules Summary .........................................................................31-19
Figure 31-18 Filtering Ethernet Traffic.......................................................................................................31-20
Figure 31-19 Filtering Remote Node Traffic ..............................................................................................31-21
Figure 32-1 Menu 21.2 Firewall Setup.........................................................................................................32-2
Figure 32-2 Firewall Log Example...............................................................................................................32-2
Figure 33-1 SNMP Management Model.......................................................................................................33-1
Figure 33-2 Menu 22 SNMP Configuration .................................................................................................33-3
Figure 34-1 Menu 23 System Security .........................................................................................................34-1
Figure 34-2 Menu 23 System Security .........................................................................................................34-1
Figure 34-3 Menu 23.2 System Security : RADIUS Server.........................................................................34-2
Figure 34-4 Menu 23 System Security .........................................................................................................34-3
Figure 34-5 Menu 23.4 System Security : IEEE802.1x................................................................................34-4
Figure 34-6 Menu 14 Dial-in User Setup......................................................................................................34-6
Figure 34-7 Menu 14.1 Edit Dial-in User.....................................................................................................34-6
xviii List of Figures
Page 19
Prestige 650 Series User’s Guide
Figure 35-1 Menu 24 System Maintenance ................................................................................................. 35-1
Figure 35-2 Menu 24.1 System Maintenance : Status.................................................................................. 35-2
Figure 35-3 Menu 24.2 System Information and Console Port Speed......................................................... 35-3
Figure 35-4 Menu 24.2.1 System Maintenance : Information ..................................................................... 35-4
Figure 35-5 Menu 24.2.2 System Maintenance : Change Console Port Speed............................................ 35-5
Figure 35-6 Menu 24.3 System Maintenance : Log and Trace .................................................................... 35-5
Figure 35-7 Sample Error and Information Messages ................................................................................. 35-6
Figure 35-8 Menu 24.3.2 System Maintenance : Syslog and Accounting.................................................... 35-6
Figure 35-9 Menu 24.4 System Maintenance : Diagnostic.......................................................................... 35-9
Figure 36-1 Telnet in Menu 24.5.................................................................................................................. 36-3
Figure 36-2 FTP Session Example............................................................................................................... 36-4
Figure 36-3 Menu 24.5 System Maintenance - Backup Configuration........................................................ 36-6
Figure 36-4 Menu 24.5 System Maintenance – Starting Xmodem Download Screen................................. 36-6
Figure 36-5 Backup Configuration Example ............................................................................................... 36-7
Figure 36-6 Successful Backup Confirmation Screen.................................................................................. 36-7
Figure 36-7 Telnet into Menu 24.6............................................................................................................... 36-8
Figure 36-8 Restore Using FTP Session Example ....................................................................................... 36-9
Figure 36-9 System Maintenance – Restore Configuration ......................................................................... 36-9
Figure 36-10 System Maintenance – Starting Xmodem Download Screen................................................. 36-9
Figure 36-11 Restore Configuration Example ........................................................................................... 36-10
Figure 36-12 Successful Restoration Confirmation Screen ....................................................................... 36-10
Figure 36-13 Telnet Into Menu 24.7.1 Upload System Firmware...............................................................36-11
Figure 36-14 Telnet Into Menu 24.7.2 System Maintenance ......................................................................36-11
Figure 36-15 FTP Session Example of Firmware File Upload .................................................................. 36-12
Figure 36-16 Menu 24.7.1 as seen using the Console Port ........................................................................ 36-14
Figure 36-17 Example Xmodem Upload ................................................................................................... 36-14
Figure 36-18 Menu 24.7.2 as seen using the Console Port ........................................................................ 36-15
Figure 36-19 Example Xmodem Upload ................................................................................................... 36-16
Figure 37-1 Command Mode in Menu 24.................................................................................................... 37-1
Figure 37-2 Valid Commands ...................................................................................................................... 37-2
Figure 37-3 Menu 24.9 System Maintenance : Call Control........................................................................ 37-2
Figure 37-4 Menu 24.9.1 Budget Management ........................................................................................... 37-3
Figure 37-5 Menu 24 System Maintenance ................................................................................................. 37-4
Figure 37-6 Menu 24.10 System Maintenance: Time and Date Setting....................................................... 37-4
Figure 38-1 Menu 24.11 Remote Management Control............................................................................... 38-2
Figure 39-1 Menu 25 IP Routing Policy Setup ............................................................................................ 39-2
Figure 39-2 Menu 25.1 IP Routing Policy Setup ......................................................................................... 39-3
Figure 39-3 Menu 25.1.1 IP Routing Policy ................................................................................................ 39-4
Figure 39-4 Menu 3.2 TCP/IP and DHCP Ethernet Setup ........................................................................... 39-6
Figure 39-5 Menu 11.3 Remote Node Network Layer Options................................................................... 39-6
Figure 39-6 Example of IP Policy Routing.................................................................................................. 39-7
List of Figures xix
Page 20
Prestige 650 Series User’s Guide
Figure 39-7 IP Routing Policy Example.......................................................................................................39-8
Figure 39-8 IP Routing Policy Example.......................................................................................................39-9
Figure 39-9 Applying IP Policies Example...................................................................................................39-9
Figure 40-1 Menu 26 Schedule Setup...........................................................................................................40-1
Figure 40-2 Menu 26.1 Schedule Set Setup..................................................................................................40-2
Figure 40-3 Applying Schedule Set(s) to a Remote Node (PPPoE)..............................................................40-4
Figure 41-1 VPN SMT Menu Tree ...............................................................................................................41-1
Figure 41-2 Menu 27 VPN/IPSec Setup.......................................................................................................41-2
Figure 41-3 Menu 27.1 IPSec Summary.......................................................................................................41-2
Figure 41-4 Menu 27.1.1 IPSec Setup..........................................................................................................41-6
Figure 41-5 Menu 27.1.1.1 IKE Setup............................................................................................................ 41-11
Figure 41-6 Menu 27.1.1.2 Manual Setup ..................................................................................................41-14
Figure 42-1 Menu 27.2 SA Monitor .............................................................................................................42-1
Figure 42-2 Example VPN Initiator IPSec Log ............................................................................................42-3
Figure 43-1 Configuration Text File Format: Column Descriptions.............................................................43-2
Figure 43-2 Invalid Parameter Entered: Command Line Example...............................................................43-3
Figure 43-3 Valid Parameter Entered: Command Line Example..................................................................43-3
Figure 43-4 Internal SPTGEN FTP Download Example.............................................................................. 43-3
Figure 43-5 Internal SPTGEN FTP Upload Example...................................................................................43-4
xx List of Figures
Page 21
Prestige 650 Series User’s Guide
List of Tables
Table 1-1 Model Specific Features................................................................................................................. 1-2
Table 2-1 Password ........................................................................................................................................ 2-3
Table 3-1 Wizard Screen 1 ............................................................................................................................. 3-3
Table 3-2 Internet Connection with PPPoA ................................................................................................... 3-7
Table 3-3 Internet Connection with RFC 1483 .............................................................................................. 3-9
Table 3-4 Internet Connection with ENET ENCAP..................................................................................... 3-10
Table 3-5 Internet Connection with PPPoE.................................................................................................. 3-12
Table 3-6 Wizard : LAN Configuration ....................................................................................................... 3-14
Table 4-1 LAN ............................................................................................................................................... 4-4
Table 5-1 Wireless.......................................................................................................................................... 5-5
Table 5-2 MAC Address Filter....................................................................................................................... 5-9
Table 5-3 802.1x .......................................................................................................................................... 5-12
Table 5-4 Local User Database .................................................................................................................... 5-15
Table 5-5 RADIUS....................................................................................................................................... 5-16
Table 6-1 Internet Access Setup ....................................................................................................................... 6-4
Table 7-1 NAT Definitions............................................................................................................................. 7-1
Table 7-2 NAT Mapping Types...................................................................................................................... 7-4
Table 7-3 Services and Port Numbers............................................................................................................ 7-6
Table 7-4 NAT Mode ..................................................................................................................................... 7-8
Table 7-5 Edit SUA/NAT Server Set.............................................................................................................. 7-9
Table 7-6 Address Mapping Rules ................................................................................................................7-11
Table 7-7 Address Mapping Rule Edit ......................................................................................................... 7-13
Table 8-1 DDNS............................................................................................................................................. 8-2
Table 9-1 Time and Date................................................................................................................................ 9-2
Table 10-1 Common IP Ports....................................................................................................................... 10-4
Table 10-2 ICMP Commands That Trigger Alerts ....................................................................................... 10-6
Table 10-3 Legal NetBIOS Commands ....................................................................................................... 10-7
Table 10-4 Legal SMTP Commands ............................................................................................................ 10-7
Table 11-1 E-mail..........................................................................................................................................11-2
Table 11-2 Alert.............................................................................................................................................11-6
Table 12-1 Firewall Logs ............................................................................................................................. 12-5
Table 12-2 Firewall Rules Summary: First Screen....................................................................................... 12-8
Table 12-3 Predefined Services.................................................................................................................... 12-9
Table 12-4 Creating/Editing A Firewall Rule............................................................................................. 12-12
Table 12-5 Adding/Editing Source and Destination Addresses.................................................................. 12-14
Table 12-6 Timeout .................................................................................................................................... 12-15
Table 13-1 Customized Services.................................................................................................................. 13-2
Table 13-2 Creating/Editing A Customized Service..................................................................................... 13-3
Table 14-1 Content Filter: Keyword ............................................................................................................ 14-2
List of Tables xxi
Page 22
Prestige 650 Series User’s Guide
Table 14-2 Content Filter: Schedule .............................................................................................................14-4
Table 14-3 Content Filter: Trusted................................................................................................................14-4
Table 14-4 Content Filter Logs.....................................................................................................................14-6
Table 15-1 VPN and NAT............................................................................................................................. 15-6
Table 16-1 AH and ESP................................................................................................................................16-2
Table 16-2 VPN Summary............................................................................................................................16-4
Table 16-3 Local ID Type and Content Fields ..............................................................................................16-6
Table 16-4 Peer ID Type and Content Fields ................................................................................................16-6
Table 16-5 Matching ID Type and Content Configuration Example ............................................................16-7
Table 16-6 Mismatching ID Type and Content Configuration Example.......................................................16-7
Table 16-7 VPN IKE.....................................................................................................................................16-9
Table 16-8 VPN IKE: Advanced.................................................................................................................16-16
Table 16-9 VPN Manual Key .....................................................................................................................16-21
Table 16-10 SA Monitor .............................................................................................................................16-25
Table 16-11 Global Setting.........................................................................................................................16-26
Table 16-12 VPN Logs ...............................................................................................................................16-27
Table 16-13 Sample IKE Key Exchange Logs ...........................................................................................16-28
Table 16-14 Sample IPSec Logs During Packet Transmission...................................................................16-29
Table 16-15 RFC-2408 ISAKMP Payload Types .......................................................................................16-30
Table 16-16 Telecommuters Sharing One VPN Rule Example ..................................................................16-31
Table 16-17 Telecommuters Using Unique VPN Rules Example...............................................................16-32
Table 17-1 Remote Management..................................................................................................................17-3
Table 18-1 Configuring UPnP ......................................................................................................................18-2
Table 19-1 Log Settings................................................................................................................................19-3
Table 19-2 View Logs...................................................................................................................................19-5
Table 19-3 SMTP Error Messages ................................................................................................................19-5
Table 20-1 Application and Subnet-based Bandwidth Management Example .............................................20-3
Table 20-2 Bandwidth Manager: Summary ................................................................................................ 20-10
Table 20-3 Bandwidth Manager: Class Setup.............................................................................................20-12
Table 20-4 Bandwidth Manager: Class Configuration................................................................................20-14
Table 20-5 Services and Port Numbers.......................................................................................................20-15
Table 20-6 Bandwidth Management Statistics............................................................................................20-16
Table 20-7 Bandwidth Manager Monitor....................................................................................................20-17
Table 21-1 System Status..............................................................................................................................21-3
Table 21-2 System Status: Show Statistics ...................................................................................................21-5
Table 21-3 DHCP Table................................................................................................................................21-7
Table 21-4 Association List ..........................................................................................................................21-8
Table 21-5 Channel Usage Table ..................................................................................................................21-9
Table 21-6 Diagnostic General ...................................................................................................................21-10
Table 21-7 Diagnostic DSL Line ................................................................................................................21-12
Table 21-8 Firmware Upgrade....................................................................................................................21-13
xxii List of Tables
Page 23
Prestige 650 Series User’s Guide
Table 21-9 Restore Configuration.............................................................................................................. 21-16
Table 22-1 Main Menu Commands.............................................................................................................. 22-4
Table 22-2 Main Menu Summary for P650H/HW-31 .................................................................................. 22-5
Table 23-1 Menu 1 General Setup................................................................................................................ 23-2
Table 23-2 Menu 1.1 Configure Dynamic DNS........................................................................................... 23-3
Table 24-1 DHCP Ethernet Setup Menu Fields............................................................................................ 24-3
Table 24-2 TCP/IP Ethernet Setup Menu Fields .......................................................................................... 24-3
Table 25-1 Wireless LAN Setup Field Description...................................................................................... 25-2
Table 25-2 Menu 3.5.1 WLAN MAC Address Filtering.............................................................................. 25-4
Table 26-1 Menu 3.2.1 IP Alias Setup.......................................................................................................... 26-4
Table 26-2 Menu 4 Internet Access Setup.................................................................................................... 26-5
Table 27-1 Menu 11.1 Remote Node Profile................................................................................................ 27-3
Table 27-2 Menu 11.3 Remote Node Network Layer Options..................................................................... 27-7
Table 27-3 Menu 11.1 – Remote Node Profile (Traffic Redirect Field)..................................................... 27-16
Table 27-4 Menu 11.7 Traffic Redirect Setup ............................................................................................ 27-17
Table 28-1 Menu12.1.1 Edit IP Static Route................................................................................................ 28-3
Table 29-1 Menu 11.3 Remote Node Network Layer Options : Bridge Fields ............................................ 29-3
Table 29-2 Menu 12.3.1 Edit Bridge Static Route ....................................................................................... 29-4
Table 30-1 Applying NAT in Menus 4 & 11.3 ............................................................................................. 30-3
Table 30-2 SUA Address Mapping Rules .................................................................................................... 30-5
Table 30-3 Menu 15.1.1 First Set................................................................................................................. 30-7
Table 30-4 Menu 15.1.1.1 Editing/Configuring an Individual Rule in a Set................................................ 30-8
Table 31-1 Abbreviations Used in the Filter Rules Summary Menu............................................................ 31-8
Table 31-2 Rule Abbreviations Used ........................................................................................................... 31-8
Table 31-3 Menu 21.1.x.1 TCP/IP Filter Rule ........................................................................................... 31-10
Table 31-4 Menu 21.1.6.1 Generic Filter Rule........................................................................................... 31-15
Table 31-5 Filter Sets Table ....................................................................................................................... 31-20
Table 32-1 Firewall Logs ............................................................................................................................. 32-3
Table 33-1 Menu 22 SNMP Configuration .................................................................................................. 33-3
Table 33-2 SNMP Traps............................................................................................................................... 33-4
Table 33-3 Ports and Interface Types ........................................................................................................... 33-4
Table 34-1 Menu 23.2 System Security : RADIUS Server.......................................................................... 34-2
Table 34-2 Menu 23.4 System Security : IEEE802.1x................................................................................. 34-4
Table 34-3 Menu 14.1 Edit Dial-in User...................................................................................................... 34-6
Table 35-1 Menu 24.1 System Maintenance : Status ................................................................................... 35-2
Table 35-2 Menu 24.2.1 System Maintenance : Information....................................................................... 35-4
Table 35-3 Menu 24.3.2 System Maintenance : Syslog and Accounting..................................................... 35-7
Table 35-4 Menu 24.4 System Maintenance Menu : Diagnostic ................................................................. 35-9
Table 36-1 Filename Conventions................................................................................................................ 36-2
Table 36-2 General Commands for GUI-based FTP Clients........................................................................ 36-4
Table 36-3 General Commands for GUI-based TFTP Clients ..................................................................... 36-6
List of Tables xxiii
Page 24
Prestige 650 Series User’s Guide
Table 37-1 Menu 24.9.1 Budget Management..............................................................................................37-3
Table 37-2 Menu 24.10 System Maintenance: Time and Date Setting ......................................................... 37-5
Table 38-1 Menu 24.11 Remote Management Control.................................................................................38-2
Table 39-1 Menu 25.1 IP Routing Policy Setup............................................................................................39-3
Table 39-2 Menu 25.1.1 IP Routing Policy...................................................................................................39-4
Table 40-1 Menu 26.1 Schedule Set Setup ...................................................................................................40-2
Table 41-1 Menu 27.1 IPSec Summary ........................................................................................................41-2
Table 41-2 Menu 27.1.1 IPSec Setup............................................................................................................41-6
Table 41-3 Menu 27.1.1.1 IKE Setup .............................................................................................................41-11
Table 41-4 Active Protocol: Encapsulation and Security Protocol .............................................................41-13
Table 41-5 Menu 27.1.1.2 Manual Setup....................................................................................................41-14
Table 42-1 Menu 27.2 SA Monitor ...............................................................................................................42-2
xxiv List of Tables
Page 25
Prestige 650 Series User’s Guide
List of Charts
Chart A-1 Troubleshooting Power LED.........................................................................................................A-1
Chart A-2 Troubleshooting LAN LED...........................................................................................................A-1
Chart A-3 Troubleshooting DSL LED............................................................................................................A-2
Chart A-4 Troubleshooting Console Port.......................................................................................................A-2
Chart A-5 Troubleshooting Telnet ..................................................................................................................A-2
Chart A-6 Troubleshooting Web Configurator ...............................................................................................A-3
Chart A-7 Troubleshooting Internet Browser Display ...................................................................................A-4
Chart A-8 Troubleshooting Login Username and Password ..........................................................................A-4
Chart A-9 Troubleshooting LAN Interface ....................................................................................................A-4
Chart A-10 Troubleshooting ADSL Connection ............................................................................................A-5
Chart A-11 Troubleshooting WAN Interface..................................................................................................A-5
Chart A-12 Troubleshooting Internet Access .................................................................................................A-5
Chart A-13 Troubleshooting Internet Connection..........................................................................................A-6
Chart A-14 Troubleshooting Remote Management........................................................................................A-6
Chart A-15 Troubleshooting Connecting to a Remote Node or ISP...............................................................A-7
Chart B-1 Classes of IP Addresses .................................................................................................................B-1
Chart B-2 Allowed IP Address Range By Class.............................................................................................B-2
Chart B-3 “Natural” Masks............................................................................................................................ B-2
Chart B-4 Alternative Subnet Mask Notation ................................................................................................B-3
Chart B-5 Subnet 1.........................................................................................................................................B-4
Chart B-6 Subnet 2.........................................................................................................................................B-4
Chart B-7 Subnet 1.........................................................................................................................................B-5
Chart B-8 Subnet 2.........................................................................................................................................B-5
Chart B-9 Subnet 3.........................................................................................................................................B-5
Chart B-10 Subnet 4.......................................................................................................................................B-6
Chart B-11 Eight Subnets...............................................................................................................................B-6
Chart B-12 Class C Subnet Planning .............................................................................................................B-6
Chart B-13 Class B Subnet Planning .............................................................................................................B-7
Chart H-1 System Maintenance Logs ............................................................................................................H-1
Chart H-2 UPnP Logs ....................................................................................................................................H-2
Chart H-3 Attack Logs...................................................................................................................................H-2
Chart H-4 Access Logs ..................................................................................................................................H-3
Chart H-5 TCP Reset Logs.............................................................................................................................H-4
Chart H-6 ICMP Notes...................................................................................................................................H-4
List of Tables xxv
Page 26
Prestige 650 Series User’s Guide
Preface
Congratulations on your purchase from the Prestige 650 ADSL Router series.
Your Prestige is easy to install and configure. Use the web configurator, System Management Terminal
(SMT) or command interpreter interface to configure your Prestige. Not all features can be configured
through all interfaces.
Don’t forget to register your product online for free future product updates and
information at www.zyxel.com for global products, or at www.us.zyxel.com for
North American products.
About This User's Guide
This manual is designed to guide you through the configuration of your Prestige for its various applications.
The web configurator parts of this guide contain background information on features configurable by web
configurator. The SMT parts of this guide contain background information solely on features not
configurable by web configurator.
Related Documentation
Supporting Disk
Refer to the included CD for support documents.
Compact Guide or Read Me First
The Prestige 650H, Prestige 650HW and Prestige 650H-E come with a Compact Guide. The
Prestige 650R/M and Prestige 650R-E use a Read Me First. Both of them are designed to help you
get up and running right away. They contain connection information and instructions on getting
started. The Compact Guide contains additional information on the Wizard and key feature
configuration.
Web Configurator Online Help
Embedded web help for descriptions of individual screens and supplementary information.
ZyXEL Glossary and Web Site
Please refer to www.zyxel.com
documentation.
Syntax Conventions
for an online glossary of networking terms and additional support
• “Enter” means for you to type one or more characters. “Select” or “Choose” means for you to use one
predefined choices.
• The SMT menu titles and labels are in Bold Times New Roman font. Predefined field choices are in
Bold Arial font. Command and arrow keys are enclosed in square brackets. [ENTER] means the
Enter, or carriage return key; [ESC] means the Escape key and [SPACE BAR] means the Space Bar.
xxvi Preface
Page 27
Prestige 650 Series User’s Guide
• Mouse action sequences are denoted using a comma. For example, “click the Apple icon, Control
Panels and then Modem” means first click the Apple icon, then point your mouse pointer to Control
Panels and then click Modem.
• For brevity’s sake, we will use “e.g.,” as a shorthand for “for instance”, and “i.e.,” for “that is” or “in
other words” throughout this manual.
• The Prestige 650 series may be referred to as the Prestige in this user’s guide. This refers to both
models (ADSL over POTS and ADSL over ISDN) unless specifically identified.
• The Prestige models with wireless features will be referred to as the Prestige 650H/HW.
The following section offers some background information on DSL. Skip to
Chapter 1 if you wish to begin working with your router right away.
User Guide Feedback
Help us help you. E-mail all User Guide-related comments, questions or suggestions for improvement to
techwriters@zyxel.com.tw or send regular mail to The Technical Writing Team, ZyXEL Communications
Corp., 6 Innovation Road II, Science-Based Industrial Park, Hsinchu, 300, Taiwan. Thank you.
Preface xxvii
Page 28
Prestige 650 Series User’s Guide
Introduction to DSL
DSL (Digital Subscriber Line) technology enhances the data capacity of the existing twisted-pair wire that
runs between the local telephone company switching offices and most homes and offices. While the wire
itself can handle higher frequencies, the telephone switching equipment is designed to cut off signals above
4,000 Hz to filter noise off the voice line, but now everybody is searching for ways to get more bandwidth to
improve access to the Web - hence DSL technologies.
There are actually seven types of DSL service, ranging in speeds from 16 Kbits/sec to 52 Mbits/sec. The
services are either symmetrical (traffic flows at the same speed in both directions), or asymmetrical (the
downstream capacity is higher than the upstream capacity). Asymmetrical services (ADSL) are suitable for
Internet users because more information is usually downloaded than uploaded. For example, a simple button
click in a web browser can start an extended download that includes graphics and text.
As data rates increase, the carrying distance decreases. That means that users who are beyond a certain
distance from the telephone company’s central office may not be able to obtain the higher speeds.
A DSL connection is a point-to-point dedicated circuit, meaning that the link is always up and there is no
dialing required.
What is ADSL?
It is an asymmetrical technology, meaning that the downstream data rate is much higher than the upstream
data rate. As mentioned, this works well for a typical Internet session in which more information is
downloaded, for example, from Web servers, than is uploaded. ADSL operates in a frequency range that is
above the frequency range of voice services, so the two systems can operate over the same cable.
xxviii What is DSL?
Page 29
Getting Started
Part I:
Getting Started
This part is structured as a step-by-step guide to help you access your Prestige. It covers key
features and applications, accessing the web configurator, password setup and configuring the
wizard screens for initial setup.
I
Page 30
Page 31
Prestige 650 Series User’s Guide
Chapter 1
Getting To Know Your Prestige
This chapter describes the key features and applications of your Prestige.
1.1 Introducing the Prestige 650 Series
Your Prestige integrates a high-speed 10/100Mbps auto-negotiating LAN interface(s) and a high-speed
ADSL port into a single package. The Prestige is ideal for high-speed Internet browsing and making LAN-toLAN connections to remote networks. By integrating DSL and NAT, the Prestige provides super-fast Internet
access to multiple users at minimum cost.
Models included in this series at the time of writing are:
P650R series
P650R-E series
P650H series
P650H-E series
P650HW series
P650R/M-T series
“R” denotes a “router”, “M” denotes a “bridge”, “H” denotes an integrated 4-port switch (hub), and “W”
denotes an included wireless card. The Prestige 650H and Prestige 650HW provide wireless LAN
connectivity allowing users to enjoy the convenience and mobility of working anywhere within the coverage
area. The Prestige 650HW includes a wireless LAN card, but the Prestige 650H doesn’t
Models ending in “1”, for example P650R-11 or P650R-E1, denote a device that works over the analog
telephone system, POTS (Plain Old Telephone Service). Models ending in “3” denote a device that works
over ISDN (Integrated Synchronous Digital System). Models ending in “7” denote a device that works over
T-ISDN (UR-2).
Only use firmware for your Prestige’s specific model. Refer to the label on the
bottom of your Prestige.
The web browser-based Graphical User Interface provides easy management.
Getting To Know Your Prestige 1-1
Page 32
Prestige 650 Series User’s Guide
1.2 Features of the Prestige
The following sections describe the features of the Prestige series. Features vary by Prestige model. This
table lists the key features of the Prestige series. Refer to the feature descriptions below for more details.
Some features are not available in every model. Refer to the Model Specific
Features table to see what features are specific to your Prestige model.
Table 1-1 Model Specific Features
PRESTIGE MODEL
FEATURES
Wireless Slot O
Wireless Card
Four-Port Switch
Console Port O
P650R P650R-E
P650R-TX P650M-TX P650H/HW P650H-E
optional
O O
O
Auto-crossover 10/100 Mbps
Ethernet LAN
Reset Button O O
Power Switch O O
IEEE 802.1x Network Security
Traffic Redirect O
Firewall
Content Filter
VPN
Bandwidth Management
IP Policy Routing O O
UPnP O O
Remote Management O O
Centralized Logs
Table Key: An “O” in a model’s column shows that the model has the specified feature. A number
specific to an individual model may alternately be displayed. The information in this table was correct
at the time of writing, although it may be subject to change.
O O
O O
O O
O O
O
O
O O
O O
O O
O
O O
O O
O
O
O
O O
O O
O O
O
1-2 Getting To Know Your Prestige
Page 33
Prestige 650 Series User’s Guide
Four-Port Switch
A combination of switch and router makes your Prestige a cost-effective and viable network solution. You
can connect up to four computers to the LAN ports on you Prestige without the cost of a hub.
High Speed Internet Access
Your Prestige ADSL router can support downstream transmission rates of up to 8Mbps and upstream
transmission rates of 832 Kbps. Prestige with ADSL over POTS also supports rate management.
IEEE 802.11b 11Mbps Wireless LAN
The 11 Mbps wireless LAN provides mobility and a fast network environment for small and home offices.
Computers with wireless LAN Ethernet adapters can connect to the local area network without any wiring
efforts and enjoy reliable high-speed connectivity. This feature is not available on all models.
PPPoE Support (RFC2516)
PPPoE (Point-to-Point Protocol over Ethernet) emulates a dial-up connection. It allows your ISP to use their
existing network configuration with newer broadband technologies such as ADSL. The PPPoE driver on the
Prestige is transparent to the computers on the LAN, which see only Ethernet and are not aware of PPPoE
thus saving you from having to manage PPPoE clients on individual computers.
IEEE 802.1x Network Security
The Prestige supports the IEEE 802.1x standard to enhance user authentication. Use the built-in user profile
database to authenticate up to 32 users using MD5 encryption. Use an EAP-compatible RADIUS (RFC2138,
2139 - Remote Authentication Dial In User Service) server to authenticate a limitless number of users using
EAP (Extensible Authentication Protocol). EAP is an authentication protocol that supports multiple types of
authentication.
Network Address Translation (NAT)
Network Address Translation (NAT) allows the translation of an Internet protocol address used within one
network (for example a private IP address used in a local network) to a different IP address known
within another network (for example a public IP address used on the Internet).
Traffic Redirect
Traffic Redirect forwards WAN traffic to a backup gateway on the LAN when the Prestige cannot connect to
the Internet, thus acting as an auxiliary backup when your regular WAN connection fails.
Firewall
The Prestige is a stateful inspection firewall with DoS (Denial of Service) protection. By default, when the
firewall is activated, all incoming traffic from the WAN to the LAN is blocked unless it is initiated from the
Getting To Know Your Prestige 1-3
Page 34
Prestige 650 Series User’s Guide
LAN. The Prestige firewall supports TCP/UDP inspection, DoS detection and prevention, real time alerts,
reports and logs.
IPSec VPN Capability
Establish a Virtual Private Network (VPN) to connect with business partners and branch offices using data
encryption and the Internet to provide secure communications without the expense of leased site-to-site lines.
The Prestige VPN is based on the IPSec standard and is fully interoperable with other IPSec-based VPN
products.
Bandwidth Management
Bandwidth management allows you to allocate network resources according to defined policies. This policybased bandwidth allocation helps your network to better handle real-time applications such as Voice-over-IP
(VoIP).
Universal Plug and Play (UPnP)
Using the standard TCP/IP protocol, the Prestige and other UPnP enabled devices can dynamically join a
network, obtain an IP address and convey its capabilities to other devices on the network.
10/100M Auto-negotiation Ethernet/Fast Ethernet Interface
This auto-negotiation feature allows the Prestige to detect the speed of incoming transmissions and adjust
appropriately without manual intervention. It allows data transfer of either 10 Mbps or 100 Mbps in either
half-duplex or full-duplex mode depending on your Ethernet network.
Dynamic DNS Support
With Dynamic DNS support, you can have a static hostname alias for a dynamic IP address, allowing the
host to be more easily accessible from various locations on the Internet. You must register for this service
with a Dynamic DNS client.
Multiple PVC (Permanent Virtual Circuits) Support
Your Prestige supports up to 8 PVC’s.
ADSL Standards
♦ Full-Rate (ANSI T1.413, Issue 2; G.dmt (G.992.1) with line rate support of up to 8 Mbps
downstream and 832 Kbps upstream.
♦ G.lite (G.992.2) with line rate support of up to 1.5Mbps downstream and 512Kbps upstream.
♦ Supports Multi-Mode standard (ANSI T1.413, Issue 2; G.dmt (G.992.1); G.994.1 and G.996.1 (for
ISDN only); G.991.1;G.lite (G992.2)).
1-4 Getting To Know Your Prestige
Page 35
Prestige 650 Series User’s Guide
♦ Supports OAM F4/F5 loop-back, AIS and RDI OAM cells.
♦ ATM Forum UNI 3.1/4.0 PVC.
♦ Supports up to 8 PVCs (UBR, CBR, VBR).
♦ Multiple Protocols over AAL5 (RFC 1483).
♦ PPP over AAL5 (RFC 2364).
♦ PPP over Ethernet (RFC 2516).
DHCP Support
DHCP (Dynamic Host Configuration Protocol) allows individual clients (computers) to obtain TCP/IP
configuration at start-up from a centralized DHCP server. The Prestige has built-in DHCP server capability
enabled by default. It can assign IP addresses, an IP default gateway and DNS servers to DHCP clients. The
Prestige can now also act as a surrogate DHCP server (DHCP Relay) where it relays IP address assignment
from the actual real DHCP server to the clients.
IP Alias
IP Alias allows you to partition a physical network into logical networks over the same Ethernet interface.
The Prestige supports three logical LAN interfaces via its single physical Ethernet interface with the Prestige
itself as the gateway for each LAN network.
IP Policy Routing (IPPR)
Traditionally, routing is based on the destination address only and the router takes the shortest path to
forward a packet. IP Policy Routing (IPPR) provides a mechanism to override the default routing behavior
and alter the packet forwarding based on the policy defined by the network administrator.
Protocol Support
PPP (Point-to-Point Protocol) link layer protocol.
♦
o PPP over PAP (RFC 1334).
o PPP over CHAP (RFC 1994).
♦ TCP/IP (Transmission Control Protocol/Internet Protocol) network layer protocol.
♦ Transparently bridging for unsupported network layer protocols.
♦ RIP I/RIP II
♦ IGMP Proxy
♦ ICMP support
♦ MIB II support (RFC 1213)
Getting To Know Your Prestige 1-5
Page 36
Prestige 650 Series User’s Guide
♦ PPPoE feature
o PPPoE idle time out
o PPPoE dial on demand
Networking Compatibility
Your Prestige is compatible with major ADSL DSLAM (Digital Subscriber Line Access Multiplexer)
providers.
Multiplexing
The Prestige Series supports VC-based and LLC-based multiplexing.
Encapsulation
The Prestige series supports PPPoA (RFC 2364 - PPP over ATM Adaptation Layer 5), RFC 1483
encapsulation over ATM, MAC encapsulated routing (ENET Encapsulation) as well as PPP over Ethernet
(RFC 2516).
Network Management
♦ Menu driven SMT (System Management Terminal) management
♦ Embedded Web Configurator
♦ CLI (Command Line Interpreter)
♦ Remote SMT session via Telnet
♦ SNMP manageable
♦ Local SMT session via console port
♦ DHCP Server/Client
♦ Built-in Diagnostic Tools
♦ Syslog
♦ TFTP/FTP server, firmware upgrade and configuration backup/support supported
Diagnostics Capabilities
♦ The Prestige can perform self-diagnostic tests. These tests check the integrity of the following
circuitry:
• FLASH memory
1-6 Getting To Know Your Prestige
Page 37
Prestige 650 Series User’s Guide
• ADSL circuitry
• RAM
• LAN port
Filters
The Prestige's packet filtering functions allows added network security and management.
Ease of Installation
Your Prestige is designed for quick, intuitive and easy installation.
Housing
Your Prestige's all new compact and ventilated housing minimizes space requirements making it easy to
position anywhere in your busy office.
1.3 Applications for the Prestige
Here are some example uses for which the Prestige is well suited.
1.3.1 Internet Access
The Prestige is the ideal high-speed Internet access solution. Your Prestige supports the TCP/IP protocol,
which the Internet uses exclusively. It is compatible with all major ADSL DSLAM (Digital Subscriber Line
Access Multiplexer) providers. A DSLAM is a rack of ADSL line cards with data multiplexed into a
backbone network interface/connection (for example, T1, OC3, DS3, ATM or Frame Relay). Think of it as
the equivalent of a modem rack for ADSL. In addition, for Prestige 650H/HW, you can insert an optional
wireless PCMICA card into the Prestige and allow wireless stations access to your network resources. A
typical Internet access application is shown below.
Getting To Know Your Prestige 1-7
Page 38
Prestige 650 Series User’s Guide
ATM
Figure 1-1 Prestige Internet Access Application
1.3.2 LAN to LAN Application
You can use the Prestige to connect two geographically dispersed networks over the ADSL line. A typical
LAN-to-LAN application for your Prestige is shown as follows.
Figure 1-2 Prestige LAN-to-LAN Application
1-8 Getting To Know Your Prestige
Page 39
Prestige 650 Series User’s Guide
Chapter 2
Introducing the Web Configurator
This chapter describes how to access and navigate the web configurator.
2.1 Web Configurator Overview
The embedded web configurator (ewc) allows you to manage the Prestige from anywhere through a browser
such as Microsoft Internet Explorer or Netscape Navigator. Use Internet Explorer 6.0 and later or Netscape
Navigator 7.0 and later versions with JavaScript enabled. It is recommended that you set your screen
resolution to 1024 by 768 pixels
2.2 Accessing the Prestige Web Configurator
Step 1. Make sure your Prestige hardware is properly connected (refer to the Compact Guide or Read
Me First).
Step 2. Prepare your computer/computer network to connect to the Prestige (refer to the Compact
Guide or Read Me First).
Step 3. Launch your web browser.
Step 4. Type "192.168.1.1" as the URL.
Step 5. An Enter Network Password window displays. Enter the user name (“admin” is the default),
password (“1234” is the default) and click OK.
Figure 2-1 Password Screen
Introducing the Web Configurator 2-1
Page 40
Prestige 650 Series User’s Guide
Step 6. You should now see the Site Map screen.
The Prestige automatically times out after five minutes of inactivity. Simply log
back into the Prestige if this happens to you.
2.3 Navigating the Prestige Web Configurator
The following summarizes how to navigate the web configurator from the Site Map screen. We use the
Prestige 650H/HW-31 web screens in this guide as an example. Screens vary slightly for different Prestige
models.
Select a language from the Language drop-down list box.
Click Wizard Setup to begin a series of screens to configure your Prestige for the first time.
Click a link under Advanced Setup to configure advanced Prestige features.
Click a link under Maintenance to see Prestige performance statistics, upload firmware and back up,
restore or upload a configuration file.
Click SITE MAP to go to the Site Map screen.
Click Logout in the navigation panel when you have finished a Prestige management session.
Wizard Setup
Navigation panel
Logout
Figure 2-2 Web Configurator SITE MAP Screen
2-2 Introducing the Web Configurator
Page 41
Prestige 650 Series User’s Guide
Click the HELP icon (located in the top right corner of most screens) to view
embedded help.
2.4 Configuring Password
It is highly recommended that you change the password for accessing the Prestige.
To change your Prestige’s password, click Advanced Setup and then Password. The screen appears as
shown.
Figure 2-3 Password
The following table describes the labels in this screen.
Table 2-1 Password
LABEL DESCRIPTION
Old Password Type the default password or the existing password you use to access the system
in this field.
New Password Type the new password in this field.
Retype to Confirm Type the new password again in this field.
Apply
Cancel
Click Apply to save your changes back to the Prestige.
Click Cancel to begin configuring this screen afresh.
Introducing the Web Configurator 2-3
Page 42
Prestige 650 Series User’s Guide
2.5 Resetting the Prestige
If you forget your password or cannot access the Prestige, you will need to reload the factory-default
configuration file or use the RESET button on the back of the Prestige. Uploading this configuration file
replaces the current configuration file with the factory-default configuration file. This means that you will
lose all configurations that you had previously and the speed of the console port will be reset to the default of
9600bps with 8 data bit, no parity, one stop bit and flow control set to none. The password will be reset to
“1234”, also.
2.5.1 Using The Reset Button
Step 1. Make sure the SYS LED is on (not blinking).
Step 2. Press the RESET button for five seconds, and then release it. When the SYS LED begins to
blink, the defaults have been restored and the Prestige restarts.
2.5.2 Uploading a Configuration File Via Console Port
This method is only applicable to Prestige models with a console port.
Step 1. Download the default configuration file from the ZyXEL FTP site, unzip it and save it in a folder.
Step 2. Turn off the Prestige, begin a terminal emulation software session and turn on the Prestige again.
When you see the message "Press Any key to enter Debug Mode within 3 seconds", press any
key to enter debug mode.
Step 3. Enter "atlc" after "Enter Debug Mode" message.
Step 4. Wait for "Starting XMODEM upload" message before activating Xmodem upload on your
terminal. This is an example Xmodem configuration upload using HyperTerminal.
Step 5. Click Transfer, then Send File to display the following screen.
2-4 Introducing the Web Configurator
Page 43
Prestige 650 Series User’s Guide
Figure 2-4 Example Xmodem Upload
Step 6. After successful firmware upload, enter "atgo" to restart the router.
Type the configuration file’s
location, or click Browse to
search for it.
Choose the Xmodem
protocol.
Then click Send.
Introducing the Web Configurator 2-5
Page 44
Page 45
Prestige 650 Series User’s Guide
Chapter 3
Wizard Setup
This chapter provides information on the Wizard Setup screens in the web configurator.
3.1 Wizard Setup Introduction
Use the Wizard Setup screens to configure your system for Internet access settings and fill in the fields with
the information in the Internet Account Information table of the Compact Guide or Read Me First. Your ISP
may have already configured some of the fields in the wizard screens for you.
3.2 Encapsulation
Be sure to use the encapsulation method required by your ISP. The Prestige supports the following methods.
3.2.1 ENET ENCAP
The MAC Encapsulated Routing Link Protocol (ENET ENCAP) is only implemented with the IP network
protocol. IP packets are routed between the Ethernet interface and the WAN interface and then formatted so
that they can be understood in a bridged environment. For instance, it encapsulates routed Ethernet frames
into bridged ATM cells. ENET ENCAP requires that you specify a gateway IP address in the Ethernet
Encapsulation Gateway field in the second wizard screen. You can get this information from your ISP.
3.2.2 PPP over Ethernet
PPPoE provides access control and billing functionality in a manner similar to dial-up services using PPP.
The Prestige bridges a PPP session over Ethernet (PPP over Ethernet, RFC 2516) from your computer to an
ATM PVC (Permanent Virtual Circuit) which connects to ADSL Access Concentrator where the PPP session
terminates. One PVC can support any number of PPP sessions from your LAN. For more information on
PPPoE, see the appendix.
3.2.3 PPPoA
PPPoA stands for Point to Point Protocol over ATM Adaptation Layer 5 (AAL5). It provides access control
and billing functionality in a manner similar to dial-up services using PPP. The Prestige encapsulates the PPP
session based on RFC1483 and sends it through an ATM PVC (Permanent Virtual Circuit) to the Internet
Service Provider's (ISP) DSLAM (digital access multiplexer). Please refer to RFC 2364 for more information
on PPPoA. Refer to RFC 1661 for more information on PPP.
Wizard Setup 3-1
Page 46
Prestige 650 Series User’s Guide
3.2.4 RFC 1483
RFC 1483 describes two methods for Multiprotocol Encapsulation over ATM Adaptation Layer 5 (AAL5).
The first method allows multiplexing of multiple protocols over a single ATM virtual circuit (LLC-based
multiplexing) and the second method assumes that each protocol is carried over a separate ATM virtual
circuit (VC-based multiplexing). Please refer to the RFC for more detailed information.
3.3 Multiplexing
There are two conventions to identify what protocols the virtual circuit (VC) is carrying. Be sure to use the
multiplexing method required by your ISP.
3.3.1 VC-based Multiplexing
In this case, by prior mutual agreement, each protocol is assigned to a specific virtual circuit; for example,
VC1 carries IP, etc. VC-based multiplexing may be dominant in environments where dynamic creation of
large numbers of ATM VCs is fast and economical.
3.3.2 LLC-based Multiplexing
In this case one VC carries multiple protocols with protocol identifying information being contained in each
packet header. Despite the extra bandwidth and processing overhead, this method may be advantageous if it
is not practical to have a separate VC for each carried protocol, for example, if charging heavily depends on
the number of simultaneous VCs.
3.4 VPI and VCI
Be sure to use the correct Virtual Path Identifier (VPI) and Virtual Channel Identifier (VCI) numbers
assigned to you. The valid range for the VPI is 0 to 255 and for the VCI is 32 to 65535 (0 to 31 is reserved
for local management of ATM traffic). Please see the appendix for more information.
3.5 Wizard Setup Configuration: First Screen
In the SITE MAP screen click Wizard Setup to display the first wizard screen.
3-2 Wizard Setup
Page 47
Figure 3-1 Wizard Screen 1
The following table describes the labels in this screen.
Table 3-1 Wizard Screen 1
Prestige 650 Series User’s Guide
LABEL DESCRIPTION
Mode
Encapsulation
Multiplex
Virtual Circuit
ID
From the Mode drop-down list box, select Routing (default) if your ISP allows multiple
computers to share an Internet account. Otherwise select Bridge.
Select the encapsulation type your ISP uses from the Encapsulation drop-down list box.
Choices vary depending on what you select in the Mode field.
If you select Bridge in the Mode field, select either PPPoA or RFC 1483.
If you select Routing in the Mode field, select PPPoA, RFC 1483, ENET ENCAP or PPPoE.
Select the multiplexing method used by your ISP from the Multiplex drop-down list box either
VC-based or LLC-based.
VPI (Virtual Path Identifier) and VCI (Virtual Channel Identifier) define a virtual circuit. Refer to
the appendix for more information.
VPI Enter the VPI assigned to you. This field may already be configured.
VCI Enter the VCI assigned to you. This field may already be configured.
Wizard Setup 3-3
Page 48
Prestige 650 Series User’s Guide
Table 3-1 Wizard Screen 1
LABEL DESCRIPTION
Next Click this button to go to the next wizard screen. The next wizard screen you see depends on
what protocol you chose above. Click on the protocol link to see the next wizard screen for
that protocol.
3.6 IP Address and Subnet Mask
Similar to the way houses on a street share a common street name, so too do computers on a LAN share one
common network number.
Where you obtain your network number depends on your particular situation. If the ISP or your network
administrator assigns you a block of registered IP addresses, follow their instructions in selecting the IP
addresses and the subnet mask.
If the ISP did not explicitly give you an IP network number, then most likely you have a single user account
and the ISP will assign you a dynamic IP address when the connection is established. If this is the case, it is
recommended that you select a network number from 192.168.0.0 to 192.168.255.0 and you must enable the
Network Address Translation (NAT) feature of the Prestige. The Internet Assigned Number Authority
(IANA) reserved this block of addresses specifically for private use; please do not use any other number
unless you are told otherwise. Let's say you select 192.168.1.0 as the network number; which covers 254
individual addresses, from 192.168.1.1 to 192.168.1.254 (zero and 255 are reserved). In other words, the first
three numbers specify the network number while the last number identifies an individual computer on that
network.
Once you have decided on the network number, pick an IP address that is easy to remember, for instance,
192.168.1.1, for your Prestige, but make sure that no other device on your network is using that IP address.
The subnet mask specifies the network number portion of an IP address. Your Prestige will compute the
subnet mask automatically based on the IP address that you entered. You don't need to change the subnet
mask computed by the Prestige unless you are instructed to do otherwise.
3.7 IP Address Assignment
A static IP is a fixed IP that your ISP gives you. A dynamic IP is not fixed; the ISP assigns you a different
one each time. The Single User Account feature can be enabled or disabled if you have either a dynamic or
static IP. However the encapsulation method assigned influences your choices for IP address and ENET
ENCAP Gateway.
3-4 Wizard Setup
Page 49
Prestige 650 Series User’s Guide
3.7.1 IP Assignment with PPPoA or PPPoE Encapsulation
If you have a dynamic IP, then the IP Address and ENET ENCAP Gateway fields are not applicable (N/A). If
you have a static IP, then you only need to fill in the IP Address field and not the ENET ENCAP Gateway
field.
3.7.2 IP Assignment with RFC 1483 Encapsulation
In this case the IP Address Assignment must be static with the same requirements for the IP Address and
ENET ENCAP Gateway fields as stated above.
3.7.3 IP Assignment with ENET ENCAP Encapsulation
In this case you can have either a static or dynamic IP. For a static IP you must fill in all the IP Address and
ENET ENCAP Gateway fields as supplied by your ISP. However for a dynamic IP, the Prestige acts as a
DHCP client on the WAN port and so the IP Address and ENET ENCAP Gateway fields are not applicable
(N/A) as the DHCP server assigns them to the Prestige.
3.7.4 Private IP Addresses
Every machine on the Internet must have a unique address. If your networks are isolated from the Internet,
for example, only between your two branch offices, you can assign any IP addresses to the hosts without
problems. However, the Internet Assigned Numbers Authority (IANA) has reserved the following three
blocks of IP addresses specifically for private networks:
10.0.0.0 — 10.255.255.255
172.16.0.0 — 172.31.255.255
192.168.0.0 — 192.168.255.255
You can obtain your IP address from the IANA, from an ISP or it can be assigned from a private network. If
you belong to a small organization and your Internet access is through an ISP, the ISP can provide you with
the Internet addresses for your local networks. On the other hand, if you are part of a much larger
organization, you should consult your network administrator for the appropriate IP addresses.
Regardless of your particular situation, do not create an arbitrary IP address;
always follow the guidelines above. For more information on address assignment,
please refer to RFC 1597, Address Allocation for Private Internets and RFC 1466,
Guidelines for Management of IP Address Space.
Wizard Setup 3-5
Page 50
Prestige 650 Series User’s Guide
3.8 Nailed-Up Connection (PPP)
A nailed-up connection is a dial-up line where the connection is always up regardless of traffic demand. The
Prestige does two things when you specify a nailed-up connection. The first is that idle timeout is disabled.
The second is that the Prestige will try to bring up the connection when turned on and whenever the
connection is down. A nailed-up connection can be very expensive for obvious reasons.
Do not specify a nailed-up connection unless your telephone company offers flat-rate service or you need a
constant connection and the cost is of no concern
3.9 NAT
NAT (Network Address Translation - NAT, RFC 1631) is the translation of the IP address of a host in a
packet, for example, the source address of an outgoing packet, used within one network to a different IP
address known within another network.
3.10 Wizard Setup Configuration: Second Screen
The second wizard screen varies depending on what mode and encapsulation type you use. All screens shown
are with routing mode. Configure the fields and click Next to continue.
3.10.1 PPPoA
Select PPPoA from the Encapsulation drop-down list box in the first wizard screen to display the screen as
shown.
3-6 Wizard Setup
Page 51
Prestige 650 Series User’s Guide
Figure 3-2 Internet Connection with PPPoA
The following table describes the labels in this screen.
Table 3-2 Internet Connection with PPPoA
LABEL DESCRIPTION
User Name Enter the user name exactly as your ISP assigned. If assigned a name in the form
user@domain
as given.
Password Enter the password associated with the user name above.
where domain identifies a service name, then enter both components exactly
Wizard Setup 3-7
Page 52
Prestige 650 Series User’s Guide
Table 3-2 Internet Connection with PPPoA
LABEL DESCRIPTION
IP Address
Connection
Network
Address
Translation
This option is available if you select Routing in the Mode field.
A static IP address is a fixed IP that your ISP gives you. A dynamic IP address is not fixed;
the ISP assigns you a different one each time you connect to the Internet. The Single User
Account feature can be used with either a dynamic or static IP address.
Click Obtain an IP Address Automatically if you have a dynamic IP address; otherwise
click Static IP Address and type your ISP assigned IP address in the IP Address text box
below.
Select Connect on Demand when you don't want the connection up all the time and specify
an idle time-out (in seconds) in the Max. Idle Timeout field. The default setting selects
Connection on Demand with 0 as the idle time-out, which means the Internet session will
not timeout.
Select Nailed-Up Connection when you want your connection up all the time. The Prestige
will try to bring up the connection automatically if it is disconnected.
The schedule rule(s) in SMT menu 26 has priority over your Connection settings.
This option is available if you select Routing in the Mode field.
Network Address Translation (NAT) allows the translation of an Internet protocol address
used within one network (for example a private IP address used in a local network) to a
different IP address known within another network (for example a public IP address used on
the Internet).
Choose SUA Only if you have a single public IP address. SUA (Single User Account) is a
subset of NAT that maps one public IP address to many private IP addresses.
Choose Full Feature if you have multiple public IP addresses. When you select Full Feature,
you must use the NAT address mapping rules screen to configure at least one address
mapping set. Full Feature mapping types include: One-to-One, Many-to-One (SUA), Many-
to-Many Overload, Many-to-Many No Overload and Server.
Choose None to disable NAT. Refer to the NAT chapter for more details.
Back
Next
Click Back to go back to the first wizard screen.
Click Next to continue to the next wizard screen.
3-8 Wizard Setup
Page 53
Prestige 650 Series User’s Guide
3.10.2 RFC 1483
Select RFC 1483 from the Encapsulation drop-down list box in the first wizard screen to display the screen
as shown.
Figure 3-3 Internet Connection with RFC 1483
The following table describes the labels in this screen.
Table 3-3 Internet Connection with RFC 1483
LABEL DESCRIPTION
IP Address
Network Address
Translation
Back
Next
This field is available if you select Routing in the Mode field.
Type your ISP assigned IP address in this field.
Select None, SUA Only or Full Feature from the drop-sown list box. Refer to the NAT
chapter for more details.
Click Back to go back to the first wizard screen.
Click Next to continue to the next wizard screen.
3.10.3 ENET ENCAP
Select ENET ENCAP from the Encapsulation drop-down list box in the first wizard screen to display the
screen as shown.
Wizard Setup 3-9
Page 54
Prestige 650 Series User’s Guide
Figure 3-4 Internet Connection with ENET ENCAP
The following table describes the labels in this screen.
Table 3-4 Internet Connection with ENET ENCAP
LABEL DESCRIPTION
IP Address A static IP address is a fixed IP that your ISP gives you. A dynamic IP address is not
fixed; the ISP assigns you a different one each time you connect to the Internet. The
Single User Account feature can be used with either a dynamic or static IP address.
Select Obtain an IP Address Automatically if you have a dynamic IP address;
otherwise select Static IP Address and type your ISP assigned IP address in the IP
Address text box below.
Subnet Mask Enter a subnet mask in dotted decimal notation.
Refer to the IP Subnetting appendix to calculate a subnet mask If you are implementing
subnetting.
ENET ENCAP
Gateway
You must specify a gateway IP address (supplied by your ISP) when you use ENET
ENCAP in the Encapsulation field in the previous screen.
3-10 Wizard Setup
Page 55
Table 3-4 Internet Connection with ENET ENCAP
LABEL DESCRIPTION
Prestige 650 Series User’s Guide
Network Address
Translation
Back
Next
Select None, SUA Only or Full Feature from the drop-sown list box. Refer to the NAT
chapter for more details.
Click Back to go back to the first wizard screen.
Click Next to continue to the next wizard screen.
3.10.4 PPPoE
Select PPPoE from the Encapsulation drop-down list box in the first wizard screen to display the screen as
shown.
Figure 3-5 Internet Connection with PPPoE
The following table describes the labels in this screen.
Wizard Setup 3-11
Page 56
Prestige 650 Series User’s Guide
Table 3-5 Internet Connection with PPPoE
LABEL DESCRIPTION
Service Name Type the name of your PPPoE service here.
User Name
Password Enter the password associated with the user name above.
IP Address A static IP address is a fixed IP that your ISP gives you. A dynamic IP address is not fixed;
Connection
Network
Address
Translation
Configure User Name and Password fields for PPPoA and PPPoE encapsulation only.
Enter the user name exactly as your ISP assigned. If assigned a name in the form
user@domain
as given.
the ISP assigns you a different one each time you connect to the Internet. The Single User
Account feature can be used with either a dynamic or static IP address.
Select Obtain an IP Address Automatically if you have a dynamic IP address; otherwise
select Static IP Address and type your ISP assigned IP address in the IP Address text box
below.
Select Connect on Demand when you don't want the connection up all the time and specify
an idle time-out (in seconds) in the Max. Idle Timeout field. The default setting selects
Connection on Demand with 0 as the idle time-out, which means the Internet session will
not timeout.
Select Nailed-Up Connection when you want your connection up all the time. The Prestige
will try to bring up the connection automatically if it is disconnected.
The schedule rule(s) in SMT menu 26 has priority over your Connection settings.
Select None, SUA Only or Full Feature from the drop-sown list box. Refer to the NAT
chapter for more details.
where domain identifies a service name, then enter both components exactly
Back
Next
Click Back to go back to the first wizard screen.
Click Next to continue to the next wizard screen.
3.11 DHCP Setup
DHCP (Dynamic Host Configuration Protocol, RFC 2131 and RFC 2132) allows individual clients to obtain
TCP/IP configuration at start-up from a server. You can configure the Prestige as a DHCP server or disable
it. When configured as a server, the Prestige provides the TCP/IP configuration for the clients. If you turn
3-12 Wizard Setup
Page 57
Prestige 650 Series User’s Guide
DHCP service off, you must have another DHCP server on your LAN, or else the computer must be
manually configured.
3.11.1 IP Pool Setup
The Prestige is pre-configured with a pool of 32 IP addresses starting from 192.168.1.33 to 192.168.1.64 for
the client machines. This leaves 31 IP addresses, 192.168.1.2 to 192.168.1.32 (excluding the Prestige itself
which has a default IP of 192.168.1.1) for other server machines, for example, server for mail, FTP, telnet,
web, etc., that you may have.
3.12 Wizard Setup Configuration: Third Screen
Verify the settings in the screen shown next. To change the LAN information on the Prestige, click Change
LAN Configurations. Otherwise click Save Settings to save the configuration and skip to section 3.13.
Figure 3-6 Wizard Screen 3
If you want to change your Prestige LAN settings, click Change LAN Configuration to display the screen
as shown next.
Wizard Setup 3-13
Page 58
Prestige 650 Series User’s Guide
Figure 3-7 Wizard : LAN Configuration
The following table describes the labels in this screen.
Table 3-6 Wizard : LAN Configuration
LABEL DESCRIPTION
LAN IP Address Enter the IP address of your Prestige in dotted decimal notation, for example,
192.168.1.1 (factory default).
If you changed the Prestige's LAN IP address, you must use
the new IP address if you want to access the web
configurator again.
LAN Subnet Mask Enter a subnet mask in dotted decimal notation.
DHCP
DHCP Server
From the DHCP Server drop-down list box, select On to allow your Prestige to
assign IP addresses, an IP default gateway and DNS servers to computer systems
that support the DHCP client. Select Off to disable DHCP server.
When DHCP server is used, set the following items:
3-14 Wizard Setup
Page 59
Prestige 650 Series User’s Guide
Table 3-6 Wizard : LAN Configuration
LABEL DESCRIPTION
Client IP Pool Starting
Address
Size of Client IP Pool This field specifies the size or count of the IP address pool.
Primary DNS Server Enter the IP addresses of the DNS servers. The DNS servers are passed to the
Secondary DNS Server As above.
Back
Finish
This field specifies the first of the contiguous addresses in the IP address pool.
DHCP clients along with the IP address and the subnet mask.
Click Back to go back to the previous screen.
Click Finish to save the settings and proceed to the next wizard screen.
3.13 Wizard Setup Configuration: Connection Tests
The Prestige automatically tests the connection to the computer(s) connected to the LAN ports. To test the
connection from the Prestige to the ISP, click Start Diagnose. Otherwise click Return to Main Menu to go
back to the Site Map screen.
Figure 3-8 Wizard Screen 4
Wizard Setup 3-15
Page 60
Prestige 650 Series User’s Guide
3.14 Test Your Internet Connection
Launch your web browser and navigate to www.zyxel.com. Internet access is just the beginning. Refer to the
rest of this User’s Guide for more detailed information on the complete range of Prestige features. If you
cannot access the Internet, open the web configurator again to confirm that the Internet settings you
configured in the Wizard Setup are correct.
3-16 Wizard Setup
Page 61
LAN, Wireless LAN and WAN
Part II:
LAN, Wireless LAN and WAN
This part covers the LAN (Local Area Network), wireless LAN and WAN setup.
II
Page 62
Page 63
Prestige 650 Series User’s Guide
Chapter 4
LAN Setup
This chapter describes how to configure LAN settings.
4.1 LAN Overview
A Local Area Network (LAN) is a shared communication system to which many computers are attached. A
LAN is a computer network limited to the immediate area, usually the same building or floor of a building.
The LAN screens can help you configure a LAN DHCP server and manage IP addresses.
4.1.1 LANs, WANs and the Prestige
The actual physical connection determines whether the Prestige ports are LAN or WAN ports. There are two
separate IP networks, one inside, the LAN network; the other outside: the WAN network as shown next:
Figure 4-1 LAN and WAN IP Addresses
4.2 DNS Server Address
DNS (Domain Name System) is for mapping a domain name to its corresponding IP address and vice versa.
The DNS server is extremely important because without it, you must know the IP address of a machine
before you can access it. The DNS server addresses that you enter in the DHCP setup are passed to the client
machines along with the assigned IP address and subnet mask.
LAN Setup 4-1
Page 64
Prestige 650 Series User’s Guide
There are two ways that an ISP disseminates the DNS server addresses. The first is for an ISP to tell a
customer the DNS server addresses, usually in the form of an information sheet, when s/he signs up. If your
ISP gives you the DNS server addresses, enter them in the DNS Server fields in DHCP Setup, otherwise,
leave them blank.
Some ISP’s choose to pass the DNS servers using the DNS server extensions of PPP IPCP (IP Control
Protocol) after the connection is up. If your ISP did not give you explicit DNS servers, chances are the DNS
servers are conveyed through IPCP negotiation. The Prestige supports the IPCP DNS server extensions
through the DNS proxy feature.
If the Primary and Secondary DNS Server fields in DHCP Setup are not specified, for instance, left as
0.0.0.0, the Prestige tells the DHCP clients that it itself is the DNS server. When a computer sends a DNS
query to the Prestige, the Prestige forwards the query to the real DNS server learned through IPCP and relays
the response back to the computer.
Please note that DNS proxy works only when the ISP uses the IPCP DNS server extensions. It does not
mean you can leave the DNS servers out of the DHCP setup under all circumstances. If your ISP gives you
explicit DNS servers, make sure that you enter their IP addresses in the DHCP Setup menu. This way, the
Prestige can pass the DNS servers to the computers and the computers can query the DNS server directly
without the Prestige’s intervention.
4.3 DNS Server Address Assignment
Use DNS (Domain Name System) to map a domain name to its corresponding IP address and vice versa. The
DNS server is extremely important because without it, you must know the IP address of a computer before
you can access it.
There are two ways that an ISP disseminates the DNS server addresses.
1. The ISP tells you the DNS server addresses, usually in the form of an information sheet, when you sign
up. If your ISP gives you DNS server addresses, enter them in the DNS Server fields in DHCP Setup.
2. Leave the DNS Server fields in DHCP Setup blank (for example 0.0.0.0). The Prestige acts as a DNS
proxy when this field is blank.
4.4 LAN TCP/IP
The Prestige has built-in DHCP server capability that assigns IP addresses and DNS servers to systems that
support DHCP client capability.
4.4.1 Factory LAN Defaults
The LAN parameters of the Prestige are preset in the factory with the following values:
IP address of 192.168.1.1 with subnet mask of 255.255.255.0 (24 bits)
DHCP server enabled with 32 client IP addresses starting from 192.168.1.33.
4-2 LAN Setup
Page 65
Prestige 650 Series User’s Guide
These parameters should work for the majority of installations. If your ISP gives you explicit DNS server
address(es), read the embedded web configurator help regarding what fields need to be configured.
4.4.2 IP Address and Subnet Mask
Refer to the IP Address and Subnet Mask section in the Wizard Setup chapter for this information.
4.4.3 RIP Setup
RIP (Routing Information Protocol) allows a router to exchange routing information with other routers. The
RIP Direction field controls the sending and receiving of RIP packets. When set to:
1. Both - the Prestige will broadcast its routing table periodically and incorporate the RIP information that
it receives.
2. In Only - the Prestige will not send any RIP packets but will accept all RIP packets received.
3. Out Only - the Prestige will send out RIP packets but will not accept any RIP packets received.
4. None - the Prestige will not send any RIP packets and will ignore any RIP packets received.
The Version field controls the format and the broadcasting method of the RIP packets that the Prestige sends
(it recognizes both formats when receiving). RIP-1 is universally supported; but RIP-2 carries more
information. RIP-1 is probably adequate for most networks, unless you have an unusual network topology.
Both RIP-2B and RIP-2M sends the routing data in RIP-2 format; the difference being that RIP-2B uses
subnet broadcasting while RIP-2M uses multicasting.
4.4.4 Multicast
Traditionally, IP packets are transmitted in one of either two ways - Unicast (1 sender - 1 recipient) or
Broadcast (1 sender - everybody on the network). Multicast delivers IP packets to a group of hosts on the
network - not everybody and not just 1.
IGMP (Internet Group Multicast Protocol) is a network-layer protocol used to establish membership in a
Multicast group - it is not used to carry user data. IGMP version 2 (RFC 2236) is an improvement over
version 1 (RFC 1112) but IGMP version 1 is still in wide use. If you would like to read more detailed
information about interoperability between IGMP version 2 and version 1, please see sections 4 and 5 of
RFC 2236. The class D IP address is used to identify host groups and can be in the range 224.0.0.0 to
239.255.255.255. The address 224.0.0.0 is not assigned to any group and is used by IP multicast computers.
The address 224.0.0.1 is used for query messages and is assigned to the permanent group of all IP hosts
(including gateways). All hosts must join the 224.0.0.1 group in order to participate in IGMP. The address
224.0.0.2 is assigned to the multicast routers group.
The Prestige supports both IGMP version 1 (IGMP-v1) and IGMP version 2 (IGMP-v2). At start up, the
Prestige queries all directly connected networks to gather group membership. After that, the Prestige
periodically updates this information. IP multicasting can be enabled/disabled on the Prestige LAN and/or
WAN interfaces in the web configurator (LAN; WAN). Select None to disable IP multicasting on these
interfaces.
LAN Setup 4-3
Page 66
Prestige 650 Series User’s Guide
4.5 Configuring LAN
Click LAN to open the following screen.
Figure 4-2 LAN
The following table describes the labels in this screen.
Table 4-1 LAN
LABEL DESCRIPTION
DHCP
4-4 LAN Setup
Page 67
Prestige 650 Series User’s Guide
Table 4-1 LAN
LABEL DESCRIPTION
DHCP
Client IP Pool Starting
Address
Size of Client IP Pool This field specifies the size or count of the IP address pool.
Primary DNS Server Enter the IP addresses of the DNS servers. The DNS servers are passed to the
Secondary DNS Server As above.
Remote DHCP Server
TCP/IP
IP Address Enter the IP address of your Prestige in dotted decimal notation, for example,
If set to Server, your Prestige can assign IP addresses, an IP default gateway
and DNS servers to Windows 95, Windows NT and other systems that support
the DHCP client.
If set to None, the DHCP server will be disabled.
If set to Relay, the Prestige acts as a surrogate DHCP server and relays DHCP
requests and responses between the remote server and the clients. Enter the IP
address of the actual, remote DHCP server in the Remote DHCP Server field in
this case.
When DHCP is used, the following items need to be set:
This field specifies the first of the contiguous addresses in the IP address pool.
DHCP clients along with the IP address and the subnet mask.
If Relay is selected in the DHCP field above then enter the IP address of the
actual remote DHCP server here.
192.168.1.1 (factory default).
IP Subnet Mask Type the subnet mask assigned to you by your ISP (if given).
RIP Direction
RIP Version
Multicast IGMP (Internet Group Multicast Protocol) is a network-layer protocol used to
Apply Click this button to save these settings back to the Prestige.
Cancel Click this button to reset the fields in this screen.
Select the RIP direction from None, Both, In Only and Out Only.
Select the RIP version from RIP-1, RIP-2B and RIP-2M.
establish membership in a multicast group. The Prestige supports both IGMP
version 1 (IGMP-v1) and IGMP-v2. Select None to disable it.
LAN Setup 4-5
Page 68
Page 69
Prestige 650 Series User’s Guide
Chapter 5
Wireless LAN Setup
This chapter discusses how to configure Wireless LAN on the Prestige. This chapter is only
applicable to the Prestige 650H and Prestige 650HW.
5.1 Wireless LAN Overview
This section introduces the wireless LAN and some basic configurations. Wireless LANs can be as simple as
two computers with wireless LAN cards communicating in a peer-to-peer network or as complex as a
number of computers with wireless LAN cards communicating through access points which bridge network
traffic to the wired LAN.
The WLAN screens are only available when a WLAN card is installed.
5.1.1 Additional Installation Requirements for Using 802.1x
A computer with an IEEE 802.11b wireless LAN card and equipped with a web browser (with
JavaScript enabled) and/or Telnet.
A wireless station computer must be running IEEE 802.1x-compliant software. Currently, this is
offered in Windows XP.
An optional network RADIUS server for remote user authentication and accounting.
5.1.2 Channel
A channel is the radio frequency(ies) used by IEEE 802.11b wireless devices. Channels available depend on
your geographical area. You may have a choice of channels (for your region) so you should use a different
channel than an adjacent AP (access point) to reduce interference. Interference occurs when radio signals
from different access points overlap causing interference and degrading performance.
Adjacent channels partially overlap however. To avoid interference due to overlap, your AP should be on a
channel at least five channels away from a channel that an adjacent AP is using. For example, if your region
has 11 channels and an adjacent AP is using channel 1, then you need to select a channel between 6 or 11.
5.1.3 ESS ID
An Extended Service Set (ESS) is a group of access points or wireless gateways connected to a wired LAN
on the same subnet. An ESS ID uniquely identifies each set. All access points or wireless gateways and their
associated wireless stations in the same set must have the same ESSID.
Wireless LAN Setup 5-1
Page 70
Prestige 650 Series User’s Guide
5.1.4 RTS/CTS
A hidden node occurs when two stations are within range of the same access point, but are not within range
of each other. The following figure illustrates a hidden node. Both stations (STA) are within range of the
access point (AP) or wireless gateway, but out-of-range of each other, so they cannot “hear” each other, that
is they do not know if the channel is currently being used. Therefore, they are considered hidden from each
other.
Figure 5-1 RTS/CTS
When station A sends data to the Prestige, it might not know that the station B is already using the channel. If
these two stations send data at the same time, collisions may occur when both sets of data arrive at the AP at
the same time, resulting in a loss of messages for both stations.
RTS/CTS is designed to prevent collisions due to hidden nodes. An RTS/CTS defines the biggest size data
frame you can send before an RTS (Request To Send)/CTS (Clear to Send) handshake is invoked.
When a data frame exceeds the RTS/CTS value you set (between 0 to 2432 bytes), the station that wants to
transmit this frame must first send an RTS (Request To Send) message to the AP for permission to send it.
The AP then responds with a CTS (Clear to Send) message to all other stations within its range to notify
them to defer their transmission. It also reserves and confirms with the requesting station the time frame for
the requested transmission.
Stations can send frames smaller than the specified RTS/CTS directly to the AP without the RTS (Request
To Send)/CTS (Clear to Send) handshake.
You should only configure RTS/CTS if the possibility of hidden nodes exists on your network and the “cost”
of resending large frames is more than the extra network overhead involved in the RTS (Request To
Send)/CTS (Clear to Send) handshake.
If the RTS/CTS value is greater than the Fragmentation Threshold value (see next), then the RTS (Request
To Send)/CTS (Clear to Send) handshake will never occur as data frames will be fragmented before they
reach RTS/CTS size.
5-2 Wireless LAN Setup
Page 71
Prestige 650 Series User’s Guide
Enabling the RTS Threshold causes redundant network overhead that could
negatively affect the throughput performance instead of providing a remedy.
5.1.5 Fragmentation Threshold
A Fragmentation Threshold is the maximum data fragment size (between 256 and 2432 bytes) that can be
sent in the wireless network before the Prestige will fragment the packet into smaller data frames.
A large Fragmentation Threshold is recommended for networks not prone to interference while you should
set a smaller threshold for busy networks or networks that are prone to interference.
If the Fragmentation Threshold value is smaller than the RTS/CTS value (see previously) you set then the
RTS (Request To Send)/CTS (Clear to Send) handshake will never occur as data frames will be fragmented
before they reach RTS/CTS size.
5.2 Levels of Security
Wireless security is vital to your network to protect wireless communication between wireless stations,
access points and the wired network.
The figure below shows the possible wireless security levels on your Prestige. The highest security level
relies on EAP (Extensible Authentication Protocol) for authentication and utilizes dynamic WEP key
exchange. It requires interaction with a RADIUS (Remote Authentication Dial-In User Service) server either
on the WAN or your LAN to provide authentication service for wireless stations.
Figure 5-2 Prestige Wireless Security Levels
If you do not enable any wireless security on your Prestige, your network is accessible to any wireless
networking device that is within range.
Use the Prestige web configurator to configurator to set up your wireless LAN security settings. Refer to the
chapter on using the Prestige web configurator to see how to access the web configurator.
Wireless LAN Setup 5-3
Page 72
Prestige 650 Series User’s Guide
5.3 Data Encryption with WEP
WEP encryption scrambles the data transmitted between the wireless stations and the access points to keep
network communications private. It encrypts unicast and multicast communications in a network. Both the
wireless stations and the access points must use the same WEP key for data encryption and decryption.
Your Prestige allows you to configure up to four 64-bit or 128-bit WEP keys but only one key can be enabled
at any one time.
5.4 Inserting a PCMCIA Wireless LAN Card
Use a ZyAIR series wireless LAN PCMCIA card to add wireless LAN capabilities.
Step 1. Turn off the Prestige.
Never insert or remove a wireless LAN card when the Prestige is turned on.
Step 2. Locate the slot labeled Wireless LAN on the Prestige.
Step 3. With its pin connector facing the slot and the LED side facing upwards, slide the ZyAIR wireless
LAN card into the slot.
Never force, bend or twist the wireless LAN card into the slot.
Step 4. Turn on the Prestige. The WLAN LED should turn on.
5.5 Configuring Wireless LAN
If you are configuring the Prestige from a computer connected to the wireless LAN
and you change the Prestige’s ESSID or WEP settings, you will lose your wireless
connection when you press Apply to confirm. You must then change the wireless
settings of your computer to match the Prestige’s new settings.
Click Wireless LAN, Wireless to open the Wireless screen.
5-4 Wireless LAN Setup
Page 73
Prestige 650 Series User’s Guide
Figure 5-3 Wireless
The following table describes the labels in this screen.
Table 5-1 Wireless
LABEL DESCRIPTION
ESSID The ESSID (Extended Service Set Identification) is a unique name to identify the Prestige in
the wireless LAN. Wireless stations associating to the Prestige must have the same ESSID.
Enter a descriptive name (up to 32 characters).
Wireless LAN Setup 5-5
Page 74
Prestige 650 Series User’s Guide
Table 5-1 Wireless
LABEL DESCRIPTION
Hide ESSID
Channel ID The range of radio frequencies used by IEEE 802.11b wireless devices is called a channel.
RTS/CTS
Threshold
Fragmentation
Threshold
WEP
Encryption
Key 1 to Key
4
Select Yes to hide the ESSID in so a station cannot obtain the ESSID through passive
scanning.
Select No to make the ESSID visible so a station can obtain the ESSID through passive
scanning.
Select a channel from the drop-down list box.
The RTS (Request To Send) threshold (number of bytes) for enabling RTS/CTS handshake.
Data with its frame size larger than this value will perform the RTS/CTS handshake. Setting
this attribute to be larger than the maximum MSDU (MAC service data unit) size turns off the
RTS/CTS handshake. Setting this attribute to zero turns on the RTS/CTS handshake.
Enter a value between 0 and 2432.
The threshold (number of bytes) for the fragmentation boundary for directed messages. It is
the maximum data fragment size that can be sent.
Enter a value between 256 and 2432.
WEP (Wired Equivalent Privacy) encrypts data frames before transmitting over the wireless
network.
Select Disable to allow all wireless computers to communicate with the access points
without any data encryption.
Select 64-bit WEP or 128-bit WEP to use data encryption.
The WEP keys are used to encrypt data. Both the Prestige and the wireless stations must
use the same WEP key for data transmission.
If you chose 64-bit WEP, then enter any 5 ASCII characters or 10 hexadecimal characters
("0-9", "A-F").
If you chose 128-bit WEP, then enter 13 ASCII characters or 26 hexadecimal characters ("09", "A-F").
You must configure all four keys, but only one key can be activated at any one time. The
default key is key 1.
Back
Apply
Cancel
Click Back to go to the main wireless LAN setup screen.
Click Apply to save your changes back to the Prestige.
Click Cancel to begin configuring this screen afresh.
5-6 Wireless LAN Setup
Page 75
Prestige 650 Series User’s Guide
5.6 Configuring MAC Filter
The MAC filter screen allows you to configure the Prestige to give exclusive access to up to 32 devices
(Allow Association) or exclude up to 32 devices from accessing the Prestige (Deny Association). Every
Ethernet device has a unique MAC (Media Access Control) address. The MAC address is assigned at the
factory and consists of six pairs of hexadecimal characters, for example, 00:A0:C5:00:00:02. You need to
know the MAC address of the devices to configure this screen.
To change your Prestige’s MAC filter settings, click Wireless LAN, MAC Filter to open the MAC Filter
screen. The screen appears as shown.
.
Wireless LAN Setup 5-7
Page 76
Prestige 650 Series User’s Guide
Figure 5-4 MAC Address Filter
The following table describes the labels in this menu.
5-8 Wireless LAN Setup
Page 77
Prestige 650 Series User’s Guide
Table 5-2 MAC Address Filter
LABEL DESCRIPTION
Active
Action Define the filter action for the list of MAC addresses in the MAC address filter table.
MAC
Address
Back
Apply
Cancel
Select Yes from the drop down list box to enable MAC address filtering.
Select Deny Association to block access to the router, MAC addresses not listed will be
allowed to access the router. Select Allow Association to permit access to the router,
MAC addresses not listed will be denied access to the router.
Enter the MAC addresses (in XX:XX:XX:XX:XX:XX format) of the wireless station that are
allowed or denied access to the Prestige in these address fields.
Click Back to go to the main wireless LAN setup screen.
Click Apply to save your changes back to the Prestige.
Click Cancel to begin configuring this screen afresh.
5.7 802.1x Overview
The IEEE 802.1x standard outlines enhanced security methods for both the authentication of wireless stations
and encryption key management. Authentication can be done using the local user database internal to the
Prestige (authenticate up to 32 users) or an external RADIUS server for an unlimited number of users.
5.8 Introduction to RADIUS
RADIUS is based on a client-sever model that supports authentication and accounting, where access point is
the client and the server is the RADIUS server. The RADIUS server handles the following tasks among
others:
• Authentication
Determines the identity of the users.
• Accounting
Keeps track of the client’s network activity.
RADIUS user is a simple package exchange in which your Prestige acts as a message relay between the
wireless station and the network RADIUS server.
Types of RADIUS Messages
The following types of RADIUS messages are exchanged between the access point and the RADIUS server
for user authentication:
Wireless LAN Setup 5-9
Page 78
Prestige 650 Series User’s Guide
• Access-Request
Sent by an access point requesting authentication.
• Access-Reject
Sent by a RADIUS server rejecting access.
• Access-Accept
Sent by a RADIUS server allowing access.
• Access-Challenge
Sent by a RADIUS server requesting more information in order to allow access. The access point
sends a proper response from the user and then sends another Access-Request message.
The following types of RADIUS messages are exchanged between the access point and the RADIUS server
for user accounting:
• Accounting-Request
Sent by the access point requesting accounting.
• Accounting-Response
Sent by the RADIUS server to indicate that it has started or stopped accounting.
In order to ensure network security, the access point and the RADIUS server use a shared secret key, which
is a password, they both know. The key is not sent over the network. In addition to the shared key, password
information exchanged is also encrypted to protect the wired network from unauthorized access.
5.8.1 EAP Authentication Overview
EAP (Extensible Authentication Protocol) is an authentication protocol that runs on top of the IEEE802.1x
transport mechanism in order to support multiple types of user authentication. By using EAP to interact with
an EAP-compatible RADIUS server, the access point helps a wireless station and a RADIUS server perform
authentication.
The type of authentication you use depends on the RADIUS server or the AP. The Prestige supports EAPTLS, EAP-TTLS and DEAP with RADIUS. Refer to the Types of EAP Authentication appendix for
descriptions on the four common types.
Your Prestige supports EAP-MD5 (Message-Digest Algorithm 5) with the local user database and RADIUS.
The following figure shows an overview of authentication when you specify a RADIUS server on your
access point.
5-10 Wireless LAN Setup
Page 79
Prestige 650 Series User’s Guide
Figure 5-5 EAP Authentication
The details below provide a general description of how IEEE 802.1x EAP authentication works. For an
example list of EAP-MD5 authentication steps, see the IEEE 802.1x appendix.
Step 1. The wireless station sends a “start” message to the Prestige.
Step 2. The Prestige sends a “request identity” message to the wireless station for identity information.
Step 3. The wireless station replies with identity information, including username and password.
Step 4. The RADIUS server checks the user information against its user profile database and determines
whether or not to authenticate the wireless station.
5.9 Configuring 802.1x
To change your Prestige’s authentication settings, click Wireless LAN, 802.1x. The screen appears as
shown.
Figure 5-6 802.1x
The following table describes the labels in this screen.
Wireless LAN Setup 5-11
Page 80
Prestige 650 Series User’s Guide
Table 5-3 802.1x
LABEL DESCRIPTION
Wireless Port
Control
ReAuthentication
Timer
To control wireless stations access to the wired network, select a control method from
the drop-down list box. Choose from No Authentication Required, Authentication
Required and No Access Allowed.
No Authentication Required allows all wireless stations access to the wired network
without entering user names and passwords. This is the default setting.
Authentication Required means that all wireless stations have to enter user names
and passwords before access to the wired network is allowed.
No Access Allowed blocks all wireless stations access to the wired network.
Specify how often wireless stations have to re-enter user names and passwords in
order to stay connected. This field is activated only when you select Authentication
Required in the Wireless Port Control field.
Enter a time interval between 10 and 9999 seconds. The default time interval is 1800
seconds (30 minutes).
If wireless station authentication is done using a RADIUS
server, the reauthentication timer on the RADIUS server has
priority.
Idle Timeout The Prestige automatically disconnects a wireless station from the wired network after
a period of inactivity. The wireless station needs to enter the user name and password
again before access to the wired network is allowed.
This field is activated only when you select Authentication Required in the Wireless
Port Control field. The default time interval is 3600 seconds (1 hour).
5-12 Wireless LAN Setup
Page 81
Table 5-3 802.1x
LABEL DESCRIPTION
Prestige 650 Series User’s Guide
Authentication
Databases
Back
Apply
Cancel
This field is activated only when you select Authentication Required in the Wireless
Port Control field.
The authentication database contains wireless station login information. The local user
database is the built-in database on the Prestige. The RADIUS is an external server.
Use this drop-down list box to select which database the Prestige should use (first) to
authenticate a wireless station.
Before you specify the priority, make sure you have set up the corresponding
database(s) correctly.
Select Local User Database Only to have the Prestige just check the built-in user
database on the Prestige for a wireless station's user name and password.
Select RADIUS Only to have the Prestige just check the user database on the
specified RADIUS server for a wireless station's user name and password.
Select Local first, then RADIUS to have the Prestige first check the user database on
the Prestige for a wireless station's user name and password. If the user name is not
found, the Prestige checks the user database on the specified RADIUS server.
Select RADIUS first, then Local to have the Prestige first check the user database on
the specified RADIUS server for a wireless station's user name and password. When
the user name is not found or password does not match in the RADIUS server, the
Prestige will not check the local user database and the authentication fails. If the
Prestige cannot reach the RADIUS server, then the Prestige checks the local user
database on the Prestige.
Click Back to go to the main wireless LAN setup screen.
Click Apply to save these settings back to the Prestige.
Click Cancel to begin configuring this screen again.
5.10 Configuring Local User Authentication
By storing user profiles locally, your Prestige is able to authenticate wireless users without interacting with a
network RADIUS server. However, there is a limit on the number of users you may authenticate in this way.
To change your Prestige’s local user database, click Wireless LAN, Local User Database. The screen
appears as shown.
Wireless LAN Setup 5-13
Page 82
Prestige 650 Series User’s Guide
Figure 5-7 Local User Database
5-14 Wireless LAN Setup
Page 83
Prestige 650 Series User’s Guide
The following table describes the labels in this screen.
Table 5-4 Local User Database
LABEL DESCRIPTION
#
Active Select this check box to enable the user profile.
User Name Enter the user name of the user profile.
Password Enter a password up to 31 characters long for this user profile.
Back
Apply
Cancel
This is the index number of a local user account.
Click Back to go to the main wireless LAN setup screen.
Click Apply to save these settings back to the Prestige.
Click Cancel to begin configuring this screen again.
5.11 Configuring RADIUS
Once you enable the EAP authentication, you need to specify the external sever for remote user
authentication and accounting.
To set up your Prestige’s RADIUS server settings, click WIRELESS LAN, RADIUS. The screen appears as
shown.
Wireless LAN Setup 5-15
Page 84
Prestige 650 Series User’s Guide
Figure 5-8 RADIUS
The following table describes the labels in this screen.
Table 5-5 RADIUS
LABEL DESCRIPTION
Authentication Server
Active
Server IP Address Enter the IP address of the external authentication server in dotted decimal
Port Number
Select Yes from the drop-down list box to enable user authentication through an
external authentication server.
notation.
The default port of the RADIUS server for authentication is 1812.
You need not change this value unless your network administrator instructs you
to do so with additional information.
5-16 Wireless LAN Setup
Page 85
Prestige 650 Series User’s Guide
Table 5-5 RADIUS
LABEL DESCRIPTION
Shared Secret Enter a password (up to 31 alphanumeric characters) as the key to be shared
between the external authentication server and the access points.
The key is not sent over the network. This key must be the same on the external
authentication server and Prestige.
Accounting Server
Active
Server IP Address Enter the IP address of the external accounting server in dotted decimal notation.
Port Number
Shared Secret Enter a password (up to 31 alphanumeric characters) as the key to be shared
Back
Apply
Cancel
Select Yes from the drop-down list box to enable user authentication through an
external accounting server.
The default port of the RADIUS server for accounting is 1813.
You need not change this value unless your network administrator instructs you
to do so with additional information.
between the external accounting server and the access points.
The key is not sent over the network. This key must be the same on the external
accounting server and the Prestige.
Click Back to go to the main wireless LAN setup screen.
Click Apply to save these settings back to the Prestige.
Click Cancel to begin configuring this screen again.
Wireless LAN Setup 5-17
Page 86
Page 87
Prestige 650 Series User’s Guide
Chapter 6
WAN Setup
This chapter describes how to configure WAN settings.
6.1 WAN Overview
A WAN (Wide Area Network) is an outside connection to another network or the Internet.
See the Wizard Setup chapter for more information on the fields in the WAN screens.
6.2 PPPoE Encapsulation
The Prestige supports PPPoE (Point-to-Point Protocol over Ethernet). PPPoE is an IETF Draft standard (RFC
2516) specifying how a personal computer (PC) interacts with a broadband modem (DSL, cable, wireless,
etc.) connection. The PPPoE option is for a dial-up connection using PPPoE.
For the service provider, PPPoE offers an access and authentication method that works with existing access
control systems (for example Radius). PPPoE provides a login and authentication method that the existing
Microsoft Dial-Up Networking software can activate, and therefore requires no new learning or procedures
for Windows users.
One of the benefits of PPPoE is the ability to let you access one of multiple network services, a function
known as dynamic service selection. This enables the service provider to easily create and offer new IP
services for individuals.
Operationally, PPPoE saves significant effort for both you and the ISP or carrier, as it requires no specific
configuration of the broadband modem at the customer site.
By implementing PPPoE directly on the Prestige (rather than individual computers), the computers on the
LAN do not need PPPoE software installed, since the Prestige does that part of the task. Furthermore, with
NAT, all of the LANs’ computers will have access.
6.3 PPTP Encapsulation
Point-to-Point Tunneling Protocol (PPTP) is a network protocol that enables secure transfer of data from a
remote client to a private server, creating a Virtual Private Network (VPN) using TCP/IP-based networks.
PPTP supports on-demand, multi-protocol and virtual private networking over public networks, such as the
Internet.
WAN Setup 6-1
Page 88
Prestige 650 Series User’s Guide
6.4 Traffic Shaping
Traffic Shaping is an agreement between the carrier and the subscriber to regulate the average rate and
fluctuations of data transmission over an ATM network. This agreement helps eliminate congestion, which is
important for transmission of real time data such as audio and video connections.
Peak Cell Rate (PCR) is the maximum rate at which the sender can send cells. This parameter may be lower
(but not higher) than the maximum line speed. 1 ATM cell is 53 bytes (424 bits), so a maximum speed of
832Kbps gives a maximum PCR of 1962 cells/sec. This rate is not guaranteed because it is dependent on the
line speed.
Sustained Cell Rate (SCR) is the mean cell rate of each bursty traffic source. It specifies the maximum
average rate at which cells can be sent over the virtual connection. SCR may not be greater than the PCR.
Maximum Burst Size (MBS) is the maximum number of cells that can be sent at the PCR. After MBS is
reached, cell rates fall below SCR until cell rate averages to the SCR again. At this time, more cells (up to
the MBS) can be sent at the PCR again.
If the PCR, SCR or MBS is set to the default of “0”, the system will assign a
maximum value that correlates to your upstream line rate.
The following figure illustrates the relationship between PCR, SCR and MBS.
Figure 6-1 Example of Traffic Shaping
6-2 WAN Setup
Page 89
Prestige 650 Series User’s Guide
6.5 Configuring WAN Setup
To change your Prestige’s WAN remote node settings, click WAN. The screen differs by the encapsulation.
Figure 6-2 Internet Access Setup
WAN Setup 6-3
Page 90
Prestige 650 Series User’s Guide
The following table describes the labels in this screen.
Table 6-1 Internet Access Setup
LABEL DESCRIPTION
Name Enter the name of your Internet Service Provider, e.g., MyISP. This information is for
identification purposes only.
Mode
Encapsulation Select the method of encapsulation used by your ISP from the drop-down list box.
Multiplex Select the method of multiplexing used by your ISP from the drop-down list. Choices
Virtual Circuit ID VPI (Virtual Path Identifier) and VCI (Virtual Channel Identifier) define a virtual circuit.
ATM QoS Type
Cell Rate Cell rate configuration often helps eliminate traffic congestion that slows transmission of
Select Routing (default) from the drop-down list box if your ISP allows multiple
computers to share an Internet account. Otherwise select Bridge.
Choices vary depending on the mode you select in the Mode field.
If you select Bridge in the Mode field, select either PPPoA or RFC 1483.
If you select Routing in the Mode field, select PPPoA, RFC 1483, ENET ENCAP or
PPPoE.
are VC or LLC.
Refer to the appendix for more information.
VPI The valid range for the VPI is 0 to 255. Enter the VPI assigned to you.
VCI The valid range for the VCI is 32 to 65535 (0 to 31 is reserved for local management of
ATM traffic). Enter the VCI assigned to you.
Select CBR (Continuous Bit Rate) to specify fixed (always-on) bandwidth for voice or
data traffic. Select UBR (Unspecified Bit Rate) for applications that are non-time
sensitive, such as e-mail. Select VBR (Variable Bit Rate) for bursty traffic and
bandwidth sharing with other applications.
VBR is not available on all models.
real time data such as audio and video connections.
Peak Cell Rate Divide the DSL line rate (bps) by 424 (the size of an ATM cell) to find the Peak Cell
Rate (PCR). This is the maximum rate at which the sender can send cells. Type the
PCR here.
Sustain Cell Rate The Sustain Cell Rate (SCR) sets the average cell rate (long-term) that can be
transmitted. Type the SCR, which must be less than the PCR.
6-4 WAN Setup
Page 91
Prestige 650 Series User’s Guide
Table 6-1 Internet Access Setup
LABEL DESCRIPTION
Maximum Burst Size Maximum Burst Size (MBS) refers to the maximum number of cells that can be sent at
the peak rate. Type the MBS, which is less than 65535.
Login Information (PPPoA and PPPoE encapsulation only)
Service Name (PPPoE only) Type the name of your PPPoE service here.
User Name Enter the user name exactly as your ISP assigned. If assigned a name in the form
user@domain
exactly as given.
Password Enter the password associated with the user name above.
IP Address A static IP address is a fixed IP that your ISP gives you. A dynamic IP address is not
fixed; the ISP assigns you a different one each time you connect to the Internet. The
Single User Account feature can be used with either a dynamic or static IP address.
Select Obtain an IP Address Automatically if you have a dynamic IP address;
otherwise select Static IP Address and type your ISP assigned IP address in the IP
Address field below.
where domain identifies a service name, then enter both components
IP Address Enter the static IP address provided.
For remote node setup, enter the IP address in the same subnet
as the remote node.
Connection
(PPPoA and PPPoE
encapsulation only)
Nailed-Up
Connection
Connect on Demand
Max Idle Timeout
The schedule rule(s) in SMT menu 26 have priority over your Connection settings.
Select Nailed-Up Connection when you want your connection up all the time. The
Prestige will try to bring up the connection automatically if it is disconnected.
Select Connect on Demand when you don't want the connection up all the time and
specify an idle time-out in the Max Idle Timeout field.
Specify an idle time-out in the Max Idle Timeout field when you select Connect on
Demand. The default setting is 0, which means the Internet session will not timeout.
WAN Setup 6-5
Page 92
Prestige 650 Series User’s Guide
Table 6-1 Internet Access Setup
LABEL DESCRIPTION
Subnet Mask
(ENET ENCAP
encapsulation only)
ENET ENCAP
Gateway
(ENET ENCAP
encapsulation only)
Back
Apply
Cancel
Enter a subnet mask in dotted decimal notation.
Refer to the Subnetting appendix in the to calculate a subnet mask If you are
implementing subnetting.
You must specify a gateway IP address (supplied by your ISP) when you select ENET
ENCAP in the Encapsulation field.
Click Back to return to the previous screen.
Click Apply to save the changes.
Click Cancel to begin configuring this screen afresh.
6-6 WAN Setup
Page 93
NAT, Dynamic DNS and Time Zone
Part III:
NAT, Dynamic DNS and Time Zone
This part covers NAT (Network Address Translation), dynamic DNS (Domain Name Sever) and
Time Zone setup.
III
Page 94
Page 95
Prestige 650 Series User’s Guide
Chapter 7
Network Address Translation (NAT)
This chapter discusses how to configure NAT on the Prestige.
7.1 NAT Overview
NAT (Network Address Translation - NAT, RFC 1631) is the translation of the IP address of a host in a
packet, for example, the source address of an outgoing packet, used within one network to a different IP
address known within another network.
7.1.1 NAT Definitions
Inside/outside denotes where a host is located relative to the Prestige, for example, the computers of your
subscribers are the inside hosts, while the web servers on the Internet are the outside hosts.
Global/local denotes the IP address of a host in a packet as the packet traverses a router, for example, the
local address refers to the IP address of a host when the packet is in the local network, while the global
address refers to the IP address of the host when the same packet is traveling in the WAN side.
Note that inside/outside refers to the location of a host, while global/local refers to the IP address of a host
used in a packet. Thus, an inside local address (ILA) is the IP address of an inside host in a packet when the
packet is still in the local network, while an inside global address (IGA) is the IP address of the same inside
host when the packet is on the WAN side. The following table summarizes this information.
Table 7-1 NAT Definitions
ITEM DESCRIPTION
Inside This refers to the host on the LAN.
Outside This refers to the host on the WAN.
Local This refers to the packet address (source or destination) as the packet travels on the LAN.
Global This refers to the packet address (source or destination) as the packet travels on the WAN.
NAT never changes the IP address (either local or global) of an outside host.
7.1.2 What NAT Does
In the simplest form, NAT changes the source IP address in a packet received from a subscriber (the inside
local address) to another (the inside global address) before forwarding the packet to the WAN side. When
the response comes back, NAT translates the destination address (the inside global address) back to the inside
NAT 7-1
Page 96
Prestige 650 Series User’s Guide
local address before forwarding it to the original inside host. Note that the IP address (either local or global)
of an outside host is never changed.
The global IP addresses for the inside hosts can be either static or dynamically assigned by the ISP. In
addition, you can designate servers, for example, a web server and a telnet server, on your local network and
make them accessible to the outside world. With no servers defined, your Prestige filters out all incoming
inquiries, thus preventing intruders from probing your network. For more information on IP address
translation, refer to RFC 1631, The IP Network Address Translator (NAT).
7.1.3 How NAT Works
Each packet has two addresses – a source address and a destination address. For outgoing packets, the ILA
(Inside Local Address) is the source address on the LAN, and the IGA (Inside Global Address) is the source
address on the WAN. For incoming packets, the ILA is the destination address on the LAN, and the IGA is
the destination address on the WAN. NAT maps private (local) IP addresses to globally unique ones required
for communication with hosts on other networks. It replaces the original IP source address (and TCP or UDP
source port numbers for Many-to-One and Many-to-Many Overload NAT mapping) in each packet and then
forwards it to the Internet. The Prestige keeps track of the original addresses and port numbers so incoming
reply packets can have their original values restored. The following figure illustrates this.
Figure 7-1 How NAT Works
7.1.4 NAT Application
The following figure illustrates a possible NAT application, where three inside LANs (logical LANs using IP
Alias) behind the Prestige can communicate with three distinct WAN networks. More examples follow at the
end of this chapter.
7-2 NAT
Page 97
Prestige 650 Series User’s Guide
Figure 7-2 NAT Application With IP Alias
7.1.5 NAT Mapping Types
NAT supports five types of IP/port mapping. They are:
1. One to One: In One-to-One mode, the Prestige maps one local IP address to one global IP address.
2. Many to One: In Many-to-One mode, the Prestige maps multiple local IP addresses to one global IP
address. This is equivalent to SUA (for instance, PAT, port address translation), ZyXEL’s Single User
Account feature that previous ZyXEL routers supported (the SUA Only option in today’s routers).
3. Many to Many Overload: In Many-to-Many Overload mode, the Prestige maps the multiple local IP
addresses to shared global IP addresses.
4. Many-to-Many No Overload:
address to a unique global IP address.
NAT 7-3
In Many-to-Many No Overload mode, the Prestige maps each local IP
Page 98
Prestige 650 Series User’s Guide
5. Server: This type allows you to specify inside servers of different services behind the NAT to be
accessible to the outside world.
Port numbers do not change for One-to-One and Many-to-Many No Overload NAT
mapping types.
The following table summarizes these types.
Table 7-2 NAT Mapping Types
TYPE IP MAPPING SMT ABBREVIATION
One-to-One ILA1ÅÆ IGA1 1:1
Many-to-One (SUA/PAT) ILA1ÅÆ IGA1
ILA2ÅÆ IGA1
…
Many-to-Many Overload ILA1ÅÆ IGA1
ILA2ÅÆ IGA2
ILA3ÅÆ IGA1
ILA4ÅÆ IGA2
…
Many-to-Many No Overload ILA1ÅÆ IGA1
ILA2ÅÆ IGA2
ILA3ÅÆ IGA3
…
Server Server 1 IPÅÆ IGA1
Server 2 IPÅÆ IGA1
Server 3 IPÅÆ IGA1
M:1
M:M Ov
M:M No OV
Server
7.2 SUA (Single User Account) Versus NAT
SUA (Single User Account) is a ZyNOS implementation of a subset of NAT that supports two types of
mapping, Many-to-One and Server. The Prestige also supports Full Feature NAT to map multiple global
IP addresses to multiple private LAN IP addresses of clients or servers using mapping types as outlined in
Table 7-2.
7-4 NAT
Page 99
Prestige 650 Series User’s Guide
1. Choose SUA Only if you have just one public WAN IP address for your Prestige.
2. Choose Full Feature if you have multiple public WAN IP addresses for your Prestige.
7.3 SUA Server
A SUA server set is a list of inside (behind NAT on the LAN) servers, for example, web or FTP, that you can
make visible to the outside world even though SUA makes your whole inside network appear as a single
computer to the outside world.
You may enter a single port number or a range of port numbers to be forwarded, and the local IP address of
the desired server. The port number identifies a service; for example, web service is on port 80 and FTP on
port 21. In some cases, such as for unknown services or where one server can support more than one service
(for example both FTP and web service), it might be better to specify a range of port numbers. You can
allocate a server IP address that corresponds to a port or a range of ports.
Many residential broadband ISP accounts do not allow you to run any server processes (such as a Web or
FTP server) from your location. Your ISP may periodically check for servers and may suspend your account
if it discovers any active services at your location. If you are unsure, refer to your ISP.
Default Server IP Address
In addition to the servers for specified services, NAT supports a default server IP address. A default server
receives packets from ports that are not specified in this screen.
If you do not assign an IP address in Server Set 1 (default server), the Prestige
discards all packets received for ports that are not specified here or in the remote
management setup.
7.3.1 Port Forwarding: Services and Port Numbers
A NAT server set is a list of inside (behind NAT on the LAN) servers, for example, web or FTP, that you can
make accessible to the outside world even though NAT makes your whole inside network appear as a single
machine to the outside world.
Use the SUA Server page to forward incoming service requests to the server(s) on your local network. You
may enter a single port number or a range of port numbers to be forwarded, and the local IP address of the
desired server. The port number identifies a service; for example, web service is on port 80 and FTP on port
21. In some cases, such as for unknown services or where one server can support more than one service (for
example both FTP and web service), it might be better to specify a range of port numbers.
In addition to the servers for specified services, NAT supports a default server. A service request that does
not have a server explicitly designated for it is forwarded to the default server. If the default is not defined,
the service request is simply discarded.
NAT 7-5
Page 100
Prestige 650 Series User’s Guide
Many residential broadband ISP accounts do not allow you to run any server
processes (such as a Web or FTP server) from your location. Your ISP may
periodically check for servers and may suspend your account if it discovers any
active services at your location. If you are unsure, refer to your ISP.
The most often used port numbers are shown in the following table. Please refer to RFC 1700 for further
information about port numbers.
Table 7-3 Services and Port Numbers
SERVICES PORT NUMBER
ECHO 7
FTP (File Transfer Protocol) 21
SMTP (Simple Mail Transfer Protocol) 25
DNS (Domain Name System) 53
Finger 79
HTTP (Hyper Text Transfer protocol or WWW, Web) 80
POP3 (Post Office Protocol) 110
NNTP (Network News Transport Protocol) 119
SNMP (Simple Network Management Protocol) 161
SNMP trap 162
PPTP (Point-to-Point Tunneling Protocol) 1723
7.3.2 Configuring Servers Behind SUA (Example)
Let's say you want to assign ports 22-25 to one server, port 80 to another and assign a default server IP
address of 192.168.1.35 as shown in the next figure.
7-6 NAT
Loading...