ZyXEL Communications iQP User Manual

Download

P-660R/H-D Series

ADSL 2+ Gateway

User’s Guide

Version 3.40

11/2005

Edition 1

P-660R/H-D Series User’s Guide

Copyright

The contents of this publication may not be reproduced in any part or as a whole, transcribed, stored in a retrieval system, translated into any language, or transmitted in any form or by any means, electronic, mechanical, magnetic, optical, chemical, photocopying, manual, or otherwise, without the prior written permission of ZyXEL Communications Corporation.

Disclaimer

ZyXEL does not assume any liability arising out of the application or use of any products, or software described herein. Neither does it convey any license under its patent rights nor the patent rights of others. ZyXEL further reserves the right to make changes in any products described herein without notice. This publication is subject to change without notice.

Trademarks

ZyNOS (ZyXEL Network Operating System) is a registered trademark of ZyXEL Communications, Inc. Other trademarks mentioned in this publication are used for identification purposes only and may be properties of their respective owners.

P-660R/H-D Series User’s Guide

Federal Communications

Commission (FCC) Interference

Statement

This device complies with Part 15 of FCC rules. Operation is subject to the following two conditions:

• This device may not cause harmful interference.

• This device must accept any interference received, including interference that may cause undesired operations.

This equipment has been tested and found to comply with the limits for a Class B digital device pursuant to Part 15 of the FCC Rules. These limits are designed to provide reasonable protection against harmful interference in a residential installation. This equipment generates, uses, and can radiate radio frequency energy, and if not installed and used in accordance with the instructions, may cause harmful interference to radio communications. However, there is no guarantee that interference will not occur in a particular installation

If this equipment does cause harmful interference to radio/television reception, which can be determined by turning the equipment off and on, the user is encouraged to try to correct the interference by one or more of the following measures:

• Reorient or relocate the receiving antenna.

• Increase the separation between the equipment and the receiver.

• Connect the equipment into an outlet on a circuit different from that to which the receiver is connected.

• Consult the dealer or an experienced radio/TV technician for help.

This Class B digital apparatus complies with Canadian ICES-003.

Cet appareil numérique de la classe B est conforme à la norme NMB-003 du Canada.

FCC Caution

Any changes or modifications not expressly approved by the party responsible for compliance could void the user's authority to operate this equipment.

3 Federal Communications Commission (FCC) Interference Statement

P-660R/H-D Series User’s Guide

Certifications

1 Go to www.zyxel.com

2 Select your product from the drop-down list box on the ZyXEL home page to go to that

product's page.

3 Select the certification you wish to view from this page.

Federal Communications Commission (FCC) Interference Statement 4

P-660R/H-D Series User’s Guide

For your safety, be sure to read and follow all warning notices and instructions.

• To reduce the risk of fire, use only No. 26 AWG (American Wire Gauge) or larger telecommunication line cord.

• Do NOT open the device or unit. Opening or removing covers can expose you to dangerous high voltage points or other risks. ONLY qualified service personnel can service the device. Please contact your vendor for further information.

• Use ONLY the dedicated power supply for your device. Connect the power cord or power adaptor to the right supply voltage (110V AC in North America or 230V AC in Europe).

• Do NOT use the device if the power supply is damaged as it might cause electrocution.

• If the power supply is damaged, remove it from the power outlet.

• Do NOT attempt to repair the power supply. Contact your local vendor to order a new power supply.

• Place connecting cables carefully so that no one will step on them or stumble over them. Do NOT allow anything to rest on the power cord and do NOT locate the product where anyone can walk on the power cord.

• If you wall mount your device, make sure that no electrical, gas or water pipes will be damaged.

• Do NOT install nor use your device during a thunderstorm. There may be a remote risk of electric shock from lightning.

• Do NOT expose your device to dampness, dust or corrosive liquids.

• Do NOT use this product near water, for example, in a wet basement or near a swimming pool.

• Make sure to connect the cables to the correct ports.

• Do NOT obstruct the device ventilation slots, as insufficient airflow may harm your device.

• Do NOT store things on the device.

• Connect ONLY suitable accessories to the device.

Safety Warnings

5 Safety Warnings

P-660R/H-D Series User’s Guide

ZyXEL Limited Warranty

ZyXEL warrants to the original end user (purchaser) that this product is free from any defects in materials or workmanship for a period of up to two years from the date of purchase. During the warranty period, and upon proof of purchase, should the product have indications of failure due to faulty workmanship and/or materials, ZyXEL will, at its discretion, repair or replace the defective products or components without charge for either parts or labor, and to whatever extent it shall deem necessary to restore the product or components to proper operating condition. Any replacement will consist of a new or re-manufactured functionally equivalent product of equal value, and will be solely at the discretion of ZyXEL. This warranty shall not apply if the product is modified, misused, tampered with, damaged by an act of God, or subjected to abnormal working conditions.

Note

Repair or replacement, as provided under this warranty, is the exclusive remedy of the purchaser. This warranty is in lieu of all other warranties, express or implied, including any implied warranty of merchantability or fitness for a particular use or purpose. ZyXEL shall in no event be held liable for indirect or consequential damages of any kind of character to the purchaser.

To obtain the services of this warranty, contact ZyXEL's Service Center for your Return Material Authorization number (RMA). Products must be returned Postage Prepaid. It is recommended that the unit be insured when shipped. Any returned products without proof of purchase or those with an out-dated warranty will be repaired or replaced (at the discretion of ZyXEL) and the customer will be billed for parts and labor. All repaired or replaced products will be shipped by ZyXEL to the corresponding return address, Postage Paid. This warranty gives you specific legal rights, and you may also have other rights that vary from country to country.

ZyXEL Limited Warranty 6

P-660R/H-D Series User’s Guide

Please have the following information ready when you contact customer support.

• Product model and serial number.

• Warranty Information.

• Date that you received your device.

• Brief description of the problem and the steps you took to solve it.

Customer Support

METHOD

LOCATION

CORPORATE HEADQUARTERS (WORLDWIDE)

CZECH REPUBLIC

DENMARK

FINLAND

FRANCE

GERMANY

HUNGARY

KAZAKHSTAN

NORTH AMERICA

NORWAY

SUPPORT E-MAIL TELEPHONE

SALES E-MAIL FAX FTP SITE

support@zyxel.com.tw +886-3-578-3942 www.zyxel.com

sales@zyxel.com.tw +886-3-578-2439 ftp.zyxel.com

info@cz.zyxel.com +420-241-091-350 www.zyxel.cz ZyXEL Communications

info@cz.zyxel.com +420-241-091-359

support@zyxel.dk +45-39-55-07-00 www.zyxel.dk ZyXEL Communications A/S

sales@zyxel.dk +45-39-55-07-07

support@zyxel.fi +358-9-4780-8411 www.zyxel.fi ZyXEL Communications Oy

sales@zyxel.fi +358-9-4780 8448

info@zyxel.fr +33-4-72-52-97-97 www.zyxel.fr ZyXEL France

+33-4-72-52-19-20

support@zyxel.de +49-2405-6909-0 www.zyxel.de ZyXEL Deutschland GmbH.

sales@zyxel.de +49-2405-6909-99

support@zyxel.hu +36-1-3361649 www.zyxel.hu ZyXEL Hungary

info@zyxel.hu +36-1-3259100

http://zyxel.kz/support +7-3272-590-698 www.zyxel.kz ZyXEL Kazakhstan

sales@zyxel.kz +7-3272-590-689

support@zyxel.com 1-800-255-4101

+1-714-632-0882

sales@zyxel.com +1-714-632-0858 ftp.us.zyxel.com

support@zyxel.no +47-22-80-61-80 www.zyxel.no ZyXEL Communications A/S

sales@zyxel.no +47-22-80-61-81

WEB SITE

www.europe.zyxel.com

ftp.europe.zyxel.com

www.us.zyxel.com ZyXEL Communications Inc.

REGULAR MAIL

ZyXEL Communications Corp. 6 Innovation Road II

Science Park Hsinchu 300 Ta iw a n

Czech s.r.o. Modranská 621 143 01 Praha 4 - Modrany Ceská Republika

Columbusvej 2860 Soeborg Denmark

Malminkaari 10 00700 Helsinki Finland

1 rue des Vergers Bat. 1 / C 69760 Limonest France

Adenauerstr. 20/A2 D-52146 Wuerselen Germany

48, Zoldlomb Str. H-1025, Budapest Hungary

43, Dostyk ave.,Office 414 Dostyk Business Centre 050010, Almaty Republic of Kazakhstan

1130 N. Miller St. Anaheim CA 92806-2001 U.S.A.

Nils Hansens vei 13 0667 Oslo Norway

7 Customer Support

P-660R/H-D Series User’s Guide

METHOD

LOCATION

POLAND

RUSSIA

SPAIN

SWEDEN

UKRAINE

UNITED KINGDOM

A. “+” is the (prefix) number you enter to make an international telephone call.

SUPPORT E-MAIL TELEPHONE

SALES E-MAIL FAX FTP SITE

info@pl.zyxel.com +48-22-5286603 www.pl.zyxel.com ZyXEL Communications

+48-22-5206701

http://zyxel.ru/support +7-095-542-89-29 www.zyxel.ru ZyXEL Russia

sales@zyxel.ru +7-095-542-89-25

support@zyxel.es +34-902-195-420 www.zyxel.es ZyXEL Communications

sales@zyxel.es +34-913-005-345

support@zyxel.se +46-31-744-7700 www.zyxel.se ZyXEL Communications A/S

sales@zyxel.se +46-31-744-7701

support@ua.zyxel.com +380-44-247-69-78 www.ua.zyxel.com ZyXEL Ukraine

sales@ua.zyxel.com +380-44-494-49-32

support@zyxel.co.uk +44-1344 303044

08707 555779 (UK only)

sales@zyxel.co.uk +44-1344 303034 ftp.zyxel.co.uk

WEB SITE

REGULAR MAIL

ul.Emilli Plater 53 00-113 Warszawa Poland

Ostrovityanova 37a Str. Moscow, 117279 Russia

Alejandro Villegas 33 1º, 28043 Madrid Spain

Sjöporten 4, 41764 Göteborg Sweden

13, Pimonenko Str. Kiev, 04050 Ukraine

www.zyxel.co.uk ZyXEL Communications UK

Ltd.,11 The Courtyard, Eastern Road, Bracknell, Berkshire, RG12 2XB, United Kingdom (UK)

Customer Support 8

P-660R/H-D Series User’s Guide

9 Customer Support

P-660R/H-D Series User’s Guide

Copyright .................................................................................................................. 2

Federal Communications Commission (FCC) Interference Statement ............... 3

Safety Warnings ....................................................................................................... 5

ZyXEL Limited Warranty.......................................................................................... 6

Customer Support.................................................................................................... 7

Table of Contents ................................................................................................... 10

List of Figures ........................................................................................................ 24

List of Tables .......................................................................................................... 32

Preface .................................................................................................................... 36

Chapter 1

Getting To Know Your Prestige............................................................................. 38

1.1 Introducing the Prestige .....................................................................................38

1.2 Features .............................................................................................................38

1.3 Applications for the Prestige ..............................................................................41

1.3.1 Protected Internet Access .........................................................................42

1.3.2 LAN to LAN Application ............................................................................42

1.4 Front Panel LEDs ...............................................................................................42

1.5 Hardware Connection ........................................................................................43

Chapter 2

Introducing the Web Configurator........................................................................ 44

2.1 Web Configurator Overview ...............................................................................44

2.1.1 Accessing the Web Configurator ..............................................................44

2.1.2 Resetting the Prestige ..............................................................................45

2.1.2.1 Using the Reset Button ...................................................................45

2.1.3 Navigating the Web Configurator ..............................................................45

2.2 Change Login Password ...................................................................................48

Chapter 3

Wizard Setup for Internet Access.........................................................................50

3.1 Introduction ........................................................................................................50

3.1.1 Internet Access Wizard Setup ..................................................................50

Table of Contents 10

P-660R/H-D Series User’s Guide

Chapter 4

Wizard Setup for Media Bandwidth Management ............................................... 58

4.1 Introduction ........................................................................................................58

4.1.1 Predefined Media Bandwidth Management Services ...............................58

4.2 Media Bandwidth Management Setup ...............................................................59

Chapter 5

LAN Setup............................................................................................................... 62

5.1 LAN Overview ...................................................................................................62

5.1.1 LANs, WANs and the Prestige ..................................................................62

5.1.2 DHCP Setup .............................................................................................63

5.1.2.1 IP Pool Setup ..................................................................................63

5.1.3 DNS Server Address ................................................................................63

5.1.4 DNS Server Address Assignment .............................................................63

5.2 LAN TCP/IP ........................................................................................................64

5.2.1 IP Address and Subnet Mask ...................................................................64

5.2.1.1 Private IP Addresses .......................................................................65

5.2.2 RIP Setup .................................................................................................65

5.2.3 Multicast ....................................................................................................66

5.2.4 Any IP .......................................................................................................66

5.2.4.1 How Any IP Works ..........................................................................67

5.3 Configuring LAN ................................................................................................68

Chapter 6

WAN Setup.............................................................................................................. 70

6.1 WAN Overview ..................................................................................................70

6.1.1 Encapsulation ...........................................................................................70

6.1.1.1 ENET ENCAP .................................................................................70

6.1.1.2 PPP over Ethernet ..........................................................................70

6.1.1.3 PPPoA .............................................................................................70

6.1.1.4 RFC 1483 ........................................................................................71

6.1.2 Multiplexing ...............................................................................................71

6.1.2.1 VC-based Multiplexing ....................................................................71

6.1.2.2 LLC-based Multiplexing ...................................................................71

6.1.3 VPI and VCI ..............................................................................................71

6.1.4 IP Address Assignment ............................................................................71

6.1.4.1 IP Assignment with PPPoA or PPPoE Encapsulation .....................71

6.1.4.2 IP Assignment with RFC 1483 Encapsulation .................................72

6.1.4.3 IP Assignment with ENET ENCAP Encapsulation ..........................72

6.1.5 Nailed-Up Connection (PPP) ....................................................................72

6.1.6 NAT ...........................................................................................................72

6.2 Metric ................................................................................................................72

6.3 PPPoE Encapsulation ........................................................................................73

11 Table of Contents

P-660R/H-D Series User’s Guide

6.4 Traffic Shaping ...................................................................................................73

6.5 Zero Configuration Internet Access ....................................................................74

6.6 The Main WAN Screen ......................................................................................74

6.7 Configuring WAN Setup ....................................................................................75

6.8 Traffic Redirect ..................................................................................................78

6.9 Configuring WAN Backup ..................................................................................79

Chapter 7

Network Address Translation (NAT) Screens...................................................... 82

7.1 NAT Overview ...................................................................................................82

7.1.1 NAT Definitions .........................................................................................82

7.1.2 What NAT Does ........................................................................................83

7.1.3 How NAT Works .......................................................................................83

7.1.4 NAT Application ........................................................................................84

7.1.5 NAT Mapping Types .................................................................................84

7.2 SUA (Single User Account) Versus NAT ............................................................85

7.3 SUA Server ........................................................................................................85

7.3.1 Default Server IP Address ........................................................................86

7.3.2 Port Forwarding: Services and Port Numbers ..........................................86

7.3.3 Configuring Servers Behind SUA (Example) ............................................87

7.4 Selecting the NAT Mode ...................................................................................87

7.5 Configuring SUA Server Set .............................................................................88

7.6 Configuring Address Mapping Rules .................................................................90

7.7 Editing an Address Mapping Rule .....................................................................91

Chapter 8

Dynamic DNS Setup............................................................................................... 94

8.1 Dynamic DNS Overview ...................................................................................94

8.1.1 DYNDNS Wildcard ....................................................................................94

8.2 Configuring Dynamic DNS ................................................................................94

Chapter 9

Time and Date......................................................................................................... 96

9.1 Configuring Time and Date ...............................................................................96

Chapter 10

Firewalls.................................................................................................................. 98

10.1 Firewall Overview ............................................................................................98

10.2 Types of Firewalls ............................................................................................98

10.2.1 Packet Filtering Firewalls ........................................................................98

10.2.2 Application-level Firewalls ......................................................................99

10.2.3 Stateful Inspection Firewalls ..................................................................99

10.3 Introduction to ZyXEL’s Firewall .......................................................................99

Table of Contents 12

P-660R/H-D Series User’s Guide

10.3.1 Denial of Service Attacks ......................................................................100

10.4 Denial of Service ............................................................................................100

10.4.1 Basics ...................................................................................................100

10.4.2 Types of DoS Attacks ...........................................................................101

10.4.2.1 ICMP Vulnerability ......................................................................103

10.4.2.2 Illegal Commands (NetBIOS and SMTP) ....................................103

10.4.2.3 Traceroute ...................................................................................104

10.5 Stateful Inspection ..........................................................................................104

10.5.1 Stateful Inspection Process ..................................................................105

10.5.2 Stateful Inspection and the Prestige .....................................................106

10.5.3 TCP Security .........................................................................................106

10.5.4 UDP/ICMP Security ..............................................................................107

10.5.5 Upper Layer Protocols ..........................................................................107

10.6 Guidelines for Enhancing Security with Your Firewall ....................................107

10.6.1 Security In General ...............................................................................108

10.7 Packet Filtering Vs Firewall ............................................................................109

10.7.1 Packet Filtering: ....................................................................................109

10.7.1.1 When To Use Filtering .................................................................109

10.7.2 Firewall .................................................................................................109

10.7.2.1 When To Use The Firewall ..........................................................109

Chapter 11

Firewall Configuration ......................................................................................... 112

11.1 Access Methods .............................................................................................112

11.2 Firewall Policies Overview ............................................................................. 112

11.3 Rule Logic Overview .....................................................................................113

11.3.1 Rule Checklist ....................................................................................... 113

11.3.2 Security Ramifications ..........................................................................113

11.3.3 Key Fields For Configuring Rules .........................................................114

11.3.3.1 Action ........................................................................................... 114

11.3.3.2 Service ......................................................................................... 114

11.3.3.3 Source Address ...........................................................................114

11.3.3.4 Destination Address ....................................................................114

11.4 Connection Direction ......................................................................................114

11.4.1 LAN to WAN Rules ................................................................................114

11.4.2 Alerts .....................................................................................................115

11.5 Configuring Default Firewall Policy .............................................................. 115

11.6 Rule Summary ..............................................................................................116

11.6.1 Configuring Firewall Rules ..................................................................118

11.7 Customized Services .....................................................................................121

11.8 Configuring A Customized Service ...............................................................121

11.9 Example Firewall Rule ....................................................................................122

11.10 Predefined Services .....................................................................................126

13 Table of Contents

P-660R/H-D Series User’s Guide

11.11 Anti-Probing .................................................................................................128

11.12 DoS Thresholds ...........................................................................................129

11.12.1 Threshold Values ................................................................................130

11.12.2 Half-Open Sessions ............................................................................130

11.12.2.1 TCP Maximum Incomplete and Blocking Time ..........................130

11.12.3 Configuring Firewall Thresholds .........................................................131

Chapter 12

Content Filtering .................................................................................................. 134

12.1 Content Filtering Overview ............................................................................134

12.2 The Main Content Filter Screen .....................................................................134

12.3 Configuring Keyword Blocking .....................................................................135

12.4 Configuring the Schedule .............................................................................136

12.5 Configuring Trusted Computers ...................................................................136

Chapter 13

Remote Management Configuration .................................................................. 138

13.1 Remote Management Overview ....................................................................138

13.1.1 Remote Management Limitations .........................................................138

13.1.2 Remote Management and NAT ............................................................139

13.1.3 System Timeout ...................................................................................139

13.2 Telnet ..............................................................................................................139

13.3 FTP ................................................................................................................140

13.4 Web ................................................................................................................140

13.5 Configuring Remote Management ................................................................140

Chapter 14

Universal Plug-and-Play (UPnP) ......................................................................... 142

14.1 Introducing Universal Plug and Play .............................................................142

14.1.1 How do I know if I'm using UPnP? ........................................................142

14.1.2 NAT Traversal .......................................................................................142

14.1.3 Cautions with UPnP ..............................................................................143

14.2 UPnP and ZyXEL ...........................................................................................143

14.2.1 Configuring UPnP ................................................................................143

14.3 Installing UPnP in Windows Example ............................................................144

14.4 Using UPnP in Windows XP Example ...........................................................147

Chapter 15

Logs Screens........................................................................................................ 154

15.1 Logs Overview ..............................................................................................154

15.1.1 Alerts and Logs .....................................................................................154

15.2 Configuring Log Settings ...............................................................................154

15.3 Displaying the Logs .......................................................................................156

Table of Contents 14

P-660R/H-D Series User’s Guide

15.4 SMTP Error Messages ...................................................................................157

15.4.1 Example E-mail Log ..............................................................................158

Chapter 16

Media Bandwidth Management Advanced Setup.............................................. 160

16.1 Media Bandwidth Management Overview .....................................................160

16.2 Bandwidth Classes and Filters .......................................................................161

16.3 Proportional Bandwidth Allocation .................................................................161

16.4 Application-based Bandwidth Management ...................................................161

16.5 Subnet-based Bandwidth Management .........................................................161

16.6 Application and Subnet-based Bandwidth Management ...............................162

16.7 Scheduler .......................................................................................................162

16.7.1 Priority-based Scheduler ......................................................................162

16.7.2 Fairness-based Scheduler ....................................................................163

16.7.3 Maximize Bandwidth Usage .................................................................163

16.7.4 Reserving Bandwidth for Non-Bandwidth Class Traffic ........................163

16.7.5 Maximize Bandwidth Usage Example ..................................................164

16.7.5.1 Priority-based Allotment of Unused and Unbudgeted Bandwidth 164

16.7.5.2 Fairness-based Allotment of Unused and Unbudgeted Bandwidth ...

16.8 Bandwidth Borrowing .....................................................................................165

16.8.1 Bandwidth Borrowing Example .............................................................166

16.9 Maximize Bandwidth Usage With Bandwidth Borrowing ................................166

16.10 The Main Media Bandwidth Management Screen ......................................166

16.11 Configuring Summary ..................................................................................167

16.12 Configuring Class Setup ............................................................................168

16.12.1 DiffServ ...............................................................................................169

16.12.1.1 DSCP and Per-Hop Behavior ....................................................169

16.12.2 Media Bandwidth Management Class Configuration ........................170

16.12.3 Media Bandwidth Management Statistics .........................................173

16.13 Bandwidth Monitor ....................................................................................174

165

Chapter 17

Maintenance ......................................................................................................... 176

17.1 Maintenance Overview ...................................................................................176

17.2 System Status Screen ...................................................................................176

17.2.1 System Statistics ...................................................................................178

17.3 DHCP Table Screen ......................................................................................179

17.4 Any IP Table Screen ......................................................................................180

17.5 Diagnostic Screens .......................................................................................181

17.5.1 General Diagnostic ..............................................................................181

17.5.2 DSL Line Diagnostic ...........................................................................182

17.6 Firmware Upgrade ........................................................................................183

15 Table of Contents

P-660R/H-D Series User’s Guide

Chapter 18

Introducing the SMT ............................................................................................ 186

18.1 SMT Introduction ............................................................................................186

18.1.1 Procedure for SMT Configuration via Telnet .........................................186

18.1.2 Entering Password ................................................................................186

18.1.3 Prestige SMT Menus Overview ............................................................187

18.2 Navigating the SMT Interface .........................................................................188

18.2.1 System Management Terminal Interface Summary ..............................189

18.3 Changing the System Password ....................................................................190

Chapter 19

Menu 1 General Setup ......................................................................................... 192

19.1 General Setup ................................................................................................192

19.2 Procedure to Configure Menu 1 .....................................................................192

19.2.1 Procedure to Configure Dynamic DNS .................................................193

Chapter 20

Menu 2 WAN Backup Setup ................................................................................ 196

20.1 Introduction to WAN Backup Setup ................................................................196

20.2 Configuring Dial Backup in Menu 2 ................................................................196

20.2.1 Traffic Redirect Setup ...........................................................................197

Chapter 21

Menu 3 LAN Setup ............................................................................................... 200

21.1 LAN Setup ......................................................................................................200

21.1.1 General Ethernet Setup ........................................................................200

21.2 Protocol Dependent Ethernet Setup ..............................................................201

21.3 TCP/IP Ethernet Setup and DHCP ................................................................201

Chapter 22

Internet Access .................................................................................................... 204

22.1 Internet Access Overview ..............................................................................204

22.2 IP Policies ......................................................................................................204

22.3 IP Alias ...........................................................................................................204

22.4 IP Alias Setup .................................................................................................205

22.5 Route IP Setup ...............................................................................................206

22.6 Internet Access Configuration ........................................................................207

Chapter 23

Remote Node Configuration ...............................................................................210

23.1 Remote Node Setup Overview .......................................................................210

23.2 Remote Node Setup .......................................................................................210

23.2.1 Remote Node Profile ............................................................................210

Table of Contents 16

P-660R/H-D Series User’s Guide

23.2.2 Encapsulation and Multiplexing Scenarios ........................................... 211

23.2.2.1 Scenario 1: One VC, Multiple Protocols ......................................211

23.2.2.2 Scenario 2: One VC, One Protocol (IP) ......................................211

23.2.2.3 Scenario 3: Multiple VCs ............................................................. 211

23.2.3 Outgoing Authentication Protocol .........................................................213

23.3 Remote Node Network Layer Options ...........................................................213

23.3.1 My WAN Addr Sample IP Addresses ...................................................215

23.4 Remote Node Filter ........................................................................................216

23.4.1 Web Configurator Internet Security Filter Rules ...................................217

23.4.2 Web Configurator Filter Sets ................................................................217

23.5 Editing ATM Layer Options ............................................................................219

23.5.1 VC-based Multiplexing (non-PPP Encapsulation) ................................219

23.5.2 LLC-based Multiplexing or PPP Encapsulation ....................................219

23.5.3 Advance Setup Options ........................................................................220

Chapter 24

Static Route Setup ............................................................................................... 222

24.1 IP Static Route Overview ...............................................................................222

24.2 Configuration ..................................................................................................222

Chapter 25

Bridging Setup ..................................................................................................... 226

25.1 Bridging in General ........................................................................................226

25.2 Bridge Ethernet Setup ....................................................................................226

25.2.1 Remote Node Bridging Setup ...............................................................226

25.2.2 Bridge Static Route Setup .....................................................................228

Chapter 26

Network Address Translation (NAT)................................................................... 230

26.1 Using NAT ......................................................................................................230

26.1.1 SUA (Single User Account) Versus NAT ..............................................230

26.2 Applying NAT .................................................................................................230

26.3 NAT Setup ......................................................................................................232

26.3.1 Address Mapping Sets ..........................................................................232

26.3.1.1 SUA Address Mapping Set .........................................................233

26.3.1.2 User-Defined Address Mapping Sets ..........................................234

26.3.1.3 Ordering Your Rules ....................................................................235

26.4 Configuring a Server behind NAT ..................................................................236

26.5 General NAT Examples ..................................................................................237

26.5.1 Example 1: Internet Access Only ..........................................................238

26.5.2 Example 2: Internet Access with an Inside Server ...............................238

26.5.3 Example 3: Multiple Public IP Addresses With Inside Servers .............239

26.5.4 Example 4: NAT Unfriendly Application Programs ...............................243

17 Table of Contents

P-660R/H-D Series User’s Guide

Chapter 27

Enabling the Firewall ........................................................................................... 246

27.1 Remote Management and the Firewall ..........................................................246

27.2 Access Methods .............................................................................................246

27.3 Enabling the Firewall ......................................................................................246

Chapter 28

Filter Configuration.............................................................................................. 248

28.1 About Filtering ................................................................................................248

28.1.1 The Filter Structure of the Prestige .......................................................249

28.2 Configuring a Filter Set for the Prestige .........................................................250

28.3 Filter Rules Summary Menus .........................................................................251

28.4 Configuring a Filter Rule ................................................................................252

28.4.1 TCP/IP Filter Rule .................................................................................253

28.4.2 Generic Filter Rule ................................................................................255

28.5 Filter Types and NAT .....................................................................................257

28.6 Example Filter ................................................................................................257

28.7 Applying Filters and Factory Defaults ............................................................259

28.7.1 Ethernet Traffic .....................................................................................260

28.7.2 Remote Node Filters .............................................................................260

Chapter 29

SNMP Configuration ............................................................................................ 262

29.1 About SNMP ..................................................................................................262

29.2 Supported MIBs ............................................................................................263

29.3 SNMP Configuration ......................................................................................263

29.4 SNMP Traps ...................................................................................................264

Chapter 30

System Information and Diagnosis .................................................................... 266

30.1 Overview ........................................................................................................266

30.2 System Status ................................................................................................266

30.3 System Information ........................................................................................268

30.3.1 System Information ...............................................................................268

30.3.2 Console Port Speed ..............................................................................269

30.4 Log and Trace ................................................................................................270

30.4.1 Viewing Error Log .................................................................................270

30.4.2 Syslog and Accounting .........................................................................271

30.5 Diagnostic ......................................................................................................273

Chapter 31

Firmware and Configuration File Maintenance ................................................. 276

31.1 Filename Conventions ...................................................................................276

Table of Contents 18

P-660R/H-D Series User’s Guide

31.2 Backup Configuration .....................................................................................277

31.2.1 Backup Configuration ...........................................................................277

31.2.2 Using the FTP Command from the Command Line ..............................278

31.2.3 Example of FTP Commands from the Command Line .........................278

31.2.4 GUI-based FTP Clients .........................................................................279

31.2.5 TFTP and FTP over WAN Management Limitations .............................279

31.2.6 Backup Configuration Using TFTP .......................................................280

31.2.7 TFTP Command Example ....................................................................280

31.2.8 GUI-based TFTP Clients ......................................................................280

31.3 Restore Configuration ....................................................................................281

31.3.1 Restore Using FTP ...............................................................................281

31.3.2 Restore Using FTP Session Example ..................................................282

31.4 Uploading Firmware and Configuration Files .................................................283

31.4.1 Firmware File Upload ............................................................................283

31.4.2 Configuration File Upload .....................................................................283

31.4.3 FTP File Upload Command from the DOS Prompt Example ................284

31.4.4 FTP Session Example of Firmware File Upload ...................................285

31.4.5 TFTP File Upload ..................................................................................285

31.4.6 TFTP Upload Command Example ........................................................286

Chapter 32

System Maintenance............................................................................................ 288

32.1 Command Interpreter Mode ...........................................................................288

32.2 Call Control Support .......................................................................................289

32.2.1 Budget Management ............................................................................289

32.3 Time and Date Setting ....................................................................................290

32.3.1 Resetting the Time ................................................................................291

Chapter 33

Remote Management ........................................................................................... 294

33.1 Remote Management Overview .....................................................................294

33.2 Remote Management .....................................................................................294

33.2.1 Remote Management Setup .................................................................294

33.2.2 Remote Management Limitations .........................................................295

33.3 Remote Management and NAT ......................................................................296

33.4 System Timeout .............................................................................................296

Chapter 34

IP Policy Routing.................................................................................................. 298

34.1 IP Policy Routing Overview ............................................................................298

34.2 Benefits of IP Policy Routing ..........................................................................298

34.3 Routing Policy ................................................................................................298

34.4 IP Routing Policy Setup .................................................................................299

19 Table of Contents

P-660R/H-D Series User’s Guide

34.5 Applying an IP Policy .....................................................................................302

34.5.1 Ethernet IP Policies ..............................................................................302

34.6 IP Policy Routing Example .............................................................................303

Chapter 35

Call Scheduling ....................................................................................................308

35.1 Introduction ....................................................................................................308

Chapter 36

Troubleshooting ................................................................................................... 312

36.1 Problems Starting Up the Prestige .................................................................312

36.2 Problems with the LAN ...................................................................................312

36.3 Problems with the WAN .................................................................................313

36.4 Problems Accessing the Prestige ..................................................................314

36.4.1 Pop-up Windows, JavaScripts and Java Permissions ..........................314

36.4.1.1 Internet Explorer Pop-up Blockers ..............................................314

36.4.1.2 JavaScripts ..................................................................................317

36.4.1.3 Java Permissions ........................................................................319

36.4.2 ActiveX Controls in Internet Explorer ....................................................321

Appendix A

Product Specifications .......................................................................................324

Appendix B

About ADSL .......................................................................................................... 328

Introduction to DSL ................................................................................................ 328

ADSL Overview...................................................................................................... 328

Advantages of ADSL.............................................................................................. 328

Appendix C

Virtual Circuit Topology ...................................................................................... 330

Appendix D

Wall-mounting Instructions................................................................................. 332

Appendix E

Setting up Your Computer’s IP Address............................................................ 334

Windows 95/98/Me................................................................................................. 334

Windows 2000/NT/XP ............................................................................................ 337

Macintosh OS 8/9................................................................................................... 342

Macintosh OS X ..................................................................................................... 344

Linux....................................................................................................................... 345

Figure 240 Verifying Settings ...........................................................................349

Table of Contents 20

P-660R/H-D Series User’s Guide

Appendix F

IP Subnetting ........................................................................................................ 350

IP Addressing......................................................................................................... 350

IP Classes .............................................................................................................. 350

Subnet Masks ........................................................................................................ 351

Subnetting .............................................................................................................. 351

Example: Two Subnets .......................................................................................... 352

Example: Four Subnets.......................................................................................... 354

Example Eight Subnets.......................................................................................... 355

Subnetting With Class A and Class B Networks. ................................................... 356

Appendix G

Boot Commands .................................................................................................. 358

Appendix H

Command Interpreter........................................................................................... 360

Command Syntax................................................................................................... 360

Command Usage ................................................................................................... 360

Appendix I

Firewall Commands ............................................................................................. 362

Appendix J

Splitters and Microfilters ..................................................................................... 368

Connecting a POTS Splitter ................................................................................... 368

Telephone Microfilters ............................................................................................ 368

Prestige With ISDN ................................................................................................ 369

Appendix K

PPPoE ................................................................................................................... 370

PPPoE in Action..................................................................................................... 370

Benefits of PPPoE.................................................................................................. 370

Traditional Dial-up Scenario................................................................................... 370

How PPPoE Works ................................................................................................ 371

Prestige as a PPPoE Client ................................................................................... 371

Appendix L

Internal SPTGEN .................................................................................................. 372

Internal SPTGEN Overview ................................................................................... 372

The Configuration Text File Format ........................................................................ 372

Internal SPTGEN FTP Download Example............................................................ 373

Internal SPTGEN FTP Upload Example ................................................................ 374

21 Table of Contents

P-660R/H-D Series User’s Guide

Command Examples.............................................................................................. 395

Appendix M

Log Descriptions..................................................................................................396

Log Commands...................................................................................................... 410

Log Command Example......................................................................................... 411

Index...................................................................................................................... 412

Table of Contents 22

P-660R/H-D Series User’s Guide

23 Table of Contents

P-660R/H-D Series User’s Guide

List of Figures

Figure 1 Protected Internet Access Applications ................................................................ 42

Figure 2 LAN-to-LAN Application Example ......................................................................... 42

Figure 3 Front Panel ...........................................................................................................43

Figure 4 Password Screen .................................................................................................. 44

Figure 5 Change Password at Login ................................................................................... 45

Figure 6 Web Configurator: Site Map Screen ................................................................... 46

Figure 7 Password ..............................................................................................................48

Figure 8 Internet Access Wizard Setup: ISP Parameters ................................................... 50

Figure 9 Internet Connection with PPPoE ........................................................................... 51

Figure 10 Internet Connection with RFC 1483 ................................................................... 52

Figure 11 Internet Connection with ENET ENCAP ............................................................. 53

Figure 12 Internet Connection with PPPoA ......................................................................... 54

Figure 13 Internet Access Wizard Setup: Third Screen ...................................................... 55

Figure 14 Internet Access Wizard Setup: LAN Configuration ............................................ 55

Figure 15 Internet Access Wizard Setup: Connection Tests ............................................... 56

Figure 16 Media Bandwidth Mgnt. Wizard Setup ................................................................ 59

Figure 17 Media Bandwidth Mgnt. Wizard Setup: Second Screen .................................... 60

Figure 18 Media Bandwidth Mgnt. Wizard Setup: Finish ................................................... 61

Figure 19 LAN and WAN IP Addresses .............................................................................. 62

Figure 20 Any IP Example .................................................................................................. 67

Figure 21 LAN Setup ........................................................................................................... 68

Figure 22 Example of Traffic Shaping ................................................................................. 74

Figure 23 WAN ................................................................................................................... 75

Figure 24 WAN Setup (PPPoE) .......................................................................................... 76

Figure 25 Traffic Redirect Example ..................................................................................... 79

Figure 26 Traffic Redirect LAN Setup ................................................................................. 79

Figure 27 WAN Backup ....................................................................................................... 80

Figure 28 How NAT Works .................................................................................................. 83

Figure 29 NAT Application With IP Alias ............................................................................. 84

Figure 30 Multiple Servers Behind NAT Example ............................................................... 87

Figure 31 NAT Mode ........................................................................................................... 87

Figure 32 Edit SUA/NAT Server Set ................................................................................... 89

Figure 33 Address Mapping Rules ...................................................................................... 90

Figure 34 Edit Address Mapping Rule .............................................................................. 91

Figure 35 Dynamic DNS ..................................................................................................... 95

Figure 36 Time and Date ..................................................................................................... 96

Figure 37 Prestige Firewall Application ............................................................................... 100

Figure 38 Three-Way Handshake ....................................................................................... 102

List of Figures 24

P-660R/H-D Series User’s Guide

Figure 39 SYN Flood ........................................................................................................... 102

Figure 40 Smurf Attack ....................................................................................................... 103

Figure 41 Stateful Inspection ............................................................................................... 105

Figure 42 Firewall: Default Policy ........................................................................................ 116

Figure 43 Firewall: Rule Summary ..................................................................................... 117

Figure 44 Firewall: Edit Rule ............................................................................................... 119

Figure 45 Firewall: Customized Services ............................................................................ 121

Figure 46 Firewall: Configure Customized Services ........................................................... 122

Figure 47 Firewall Example: Rule Summary ....................................................................... 123

Figure 48 Firewall Example: Edit Rule: Destination Address ............................................. 124

Figure 49 Edit Custom Port Example .................................................................................. 124

Figure 50 Firewall Example: Edit Rule: Select Customized Services ................................. 125

Figure 51 Firewall Example: Rule Summary: My Service .................................................. 126

Figure 52 Firewall: Anti Probing .......................................................................................... 129

Figure 53 Firewall: Threshold .............................................................................................. 131

Figure 54 Content Filtering ................................................................................................. 134

Figure 55 Content Filter: Keyword ...................................................................................... 135

Figure 56 Content Filter: Schedule ..................................................................................... 136

Figure 57 Content Filter: Trusted ........................................................................................ 137

Figure 58 Telnet Configuration on a TCP/IP Network ......................................................... 139

Figure 59 Remote Management ......................................................................................... 140

Figure 60 Configuring UPnP ............................................................................................... 143

Figure 61 Add/Remove Programs: Windows Setup: Communication ................................. 145

Figure 62 Add/Remove Programs: Windows Setup: Communication: Components .......... 145

Figure 63 Network Connections .......................................................................................... 146

Figure 64 Windows Optional Networking Components Wizard .......................................... 146

Figure 65 Networking Services ........................................................................................... 147

Figure 66 Network Connections .......................................................................................... 148

Figure 67 Internet Connection Properties .......................................................................... 149

Figure 68 Internet Connection Properties: Advanced Settings ........................................... 150

Figure 69 Internet Connection Properties: Advanced Settings: Add ................................... 150

Figure 70 System Tray Icon ................................................................................................ 151

Figure 71 Internet Connection Status .................................................................................. 151

Figure 72 Network Connections .......................................................................................... 152

Figure 73 Network Connections: My Network Places ......................................................... 153

Figure 74 Network Connections: My Network Places: Properties: Example ....................... 153

Figure 75 Log Settings ........................................................................................................ 155

Figure 76 View Logs ........................................................................................................... 157

Figure 77 E-mail Log Example ............................................................................................ 158

Figure 78 Subnet-based Bandwidth Management Example ............................................... 162

Figure 79 Media Bandwidth Mgnt. ..................................................................................... 167

Figure 80 Media Bandwidth Management: Summary ......................................................... 167

Figure 81 Media Bandwidth Management: Class Setup ..................................................... 169

25 List of Figures

P-660R/H-D Series User’s Guide

Figure 82 DiffServ: Differentiated Service Field .................................................................. 170

Figure 83 Media Bandwidth Management: Class Configuration ......................................... 171

Figure 84 Media Bandwidth Management Statistics .......................................................... 173

Figure 85 Media Bandwidth Management: Monitor ........................................................... 174

Figure 86 System Status ..................................................................................................... 177

Figure 87 System Status: Show Statistics ........................................................................... 178

Figure 88 DHCP Table ........................................................................................................ 180

Figure 89 Any IP Table ........................................................................................................ 180

Figure 90 Diagnostic: General ............................................................................................ 181

Figure 91 Diagnostic: DSL Line .......................................................................................... 182

Figure 92 Firmware Upgrade .............................................................................................. 184

Figure 93 Network Temporarily Disconnected .................................................................... 184

Figure 94 Error Message .................................................................................................... 185

Figure 95 Login Screen ....................................................................................................... 186

Figure 96 SMT Main Menu .................................................................................................. 189

Figure 97 Menu 23 System Password ................................................................................ 190

Figure 98 Menu 1 General Setup ........................................................................................ 193

Figure 99 Menu 1.1 Configure Dynamic DNS .................................................................... 194

Figure 100 Menu 2 WAN Backup Setup ............................................................................. 196

Figure 101 Menu 2.1Traffic Redirect Setup ......................................................................... 197

Figure 102 Menu 3 LAN Setup ............................................................................................ 200

Figure 103 Menu 3.1 LAN Port Filter Setup ........................................................................ 200

Figure 104 Menu 3.2 TCP/IP and DHCP Ethernet Setup ................................................... 201

Figure 105 IP Alias Network Example ................................................................................. 205

Figure 106 Menu 3.2 TCP/IP and DHCP Setup ................................................................. 205

Figure 107 Menu 3.2.1 IP Alias Setup ................................................................................ 206

Figure 108 Menu 1 General Setup ...................................................................................... 207

Figure 109 Menu 4 Internet Access Setup .......................................................................... 207

Figure 110 Menu 11 Remote Node Setup ........................................................................... 211

Figure 111 Menu 11.1 Remote Node Profile ...................................................................... 212

Figure 112 Menu 11.3 Remote Node Network Layer Options ............................................. 214

Figure 113 Sample IP Addresses for a TCP/IP LAN-to-LAN Connection ........................... 216

Figure 114 Menu 11.5 Remote Node Filter (RFC 1483 or ENET Encapsulation) ............... 216

Figure 115 Menu 11.5 Remote Node Filter (PPPoA or PPPoE Encapsulation) ................. 217

Figure 116 Internet Security ................................................................................................ 217

Figure 117 Menu 21 Filer Set Configuration ....................................................................... 218

Figure 118 Menu 21.11 WebSet 11 ..................................................................................... 218

Figure 119 Menu 21.12 WebSet 12 .................................................................................... 218

Figure 120 Menu 11.6 for VC-based Multiplexing ............................................................... 219

Figure 121 Menu 11.6 for LLC-based Multiplexing or PPP Encapsulation .......................... 220

Figure 122 Menu 11.1 Remote Node Profile ....................................................................... 220

Figure 123 Menu 11.8 Advance Setup Options .................................................................. 221

Figure 124 Sample Static Routing Topology ....................................................................... 222

List of Figures 26

P-660R/H-D Series User’s Guide

Figure 125 Menu 12 Static Route Setup ............................................................................. 223

Figure 126 Menu 12.1 IP Static Route Setup ...................................................................... 223

Figure 127 Menu12.1.1 Edit IP Static Route ....................................................................... 223

Figure 128 Menu 11.1 Remote Node Profile ....................................................................... 227

Figure 129 Menu 11.3 Remote Node Network Layer Options ............................................ 227

Figure 130 Menu 12.3.1 Edit Bridge Static Route ............................................................... 228

Figure 131 Menu 4 Applying NAT for Internet Access ........................................................ 231

Figure 132 Applying NAT in Menus 4 & 11.3 ....................................................................... 231

Figure 133 Menu 15 NAT Setup ........................................................................................ 232

Figure 134 Menu 15.1 Address Mapping Sets .................................................................... 233

Figure 135 Menu 15.1.255 SUA Address Mapping Rules .................................................. 233

Figure 136 Menu 15.1.1 First Set ........................................................................................ 234

Figure 137 Menu 15.1.1.1 Editing/Configuring an Individual Rule in a Set ........................ 235

Figure 138 Menu 15.2 NAT Server Setup ........................................................................... 236

Figure 139 Menu 15.2.1 NAT Server Setup ........................................................................ 237

Figure 140 Multiple Servers Behind NAT Example ............................................................. 237

Figure 141 NAT Example 1 ................................................................................................. 238

Figure 142 Menu 4 Internet Access & NAT Example .......................................................... 238

Figure 143 NAT Example 2 ................................................................................................. 239

Figure 144 Menu 15.2.1 Specifying an Inside Server ......................................................... 239

Figure 145 NAT Example 3 ................................................................................................. 240

Figure 146 Example 3: Menu 11.3 ...................................................................................... 241

Figure 147 Example 3: Menu 15.1.1.1 ................................................................................ 241

Figure 148 Example 3: Final Menu 15.1.1 .......................................................................... 242

Figure 149 Example 3: Menu 15.2.1 ................................................................................... 242

Figure 150 NAT Example 4 ................................................................................................. 243

Figure 151 Example 4: Menu 15.1.1.1 Address Mapping Rule ........................................... 243

Figure 152 Example 4: Menu 15.1.1 Address Mapping Rules ............................................ 244

Figure 153 Menu 21.2 Firewall Setup ................................................................................. 247

Figure 154 Outgoing Packet Filtering Process .................................................................... 248

Figure 155 Filter Rule Process ............................................................................................ 249

Figure 156 Menu 21 Filter Set Configuration ...................................................................... 250

Figure 157 NetBIOS_WAN Filter Rules Summary ............................................................. 250

Figure 158 NetBIOS_LAN Filter Rules Summary .............................................................. 251

Figure 159 IGMP Filter Rules Summary ............................................................................ 251

Figure 160 Menu 21.1.x.1 TCP/IP Filter Rule ..................................................................... 253

Figure 161 Executing an IP Filter ........................................................................................ 255

Figure 162 Menu 21.1.5.1 Generic Filter Rule ................................................................... 256

Figure 163 Protocol and Device Filter Sets ......................................................................... 257

Figure 164 Sample Telnet Filter .......................................................................................... 258

Figure 165 Menu 21.1.6.1 Sample Filter ............................................................................ 258

Figure 166 Menu 21.1.6.1 Sample Filter Rules Summary .................................................. 259

Figure 167 Filtering Ethernet Traffic .................................................................................... 260

27 List of Figures

P-660R/H-D Series User’s Guide

Figure 168 Filtering Remote Node Traffic ........................................................................... 260

Figure 169 SNMP Management Model ............................................................................... 262

Figure 170 Menu 22 SNMP Configuration .......................................................................... 264

Figure 171 Menu 24 System Maintenance ......................................................................... 266

Figure 172 Menu 24.1 System Maintenance : Status ......................................................... 267

Figure 173 Menu 24.2 System Information and Console Port Speed ................................. 268

Figure 174 Menu 24.2.1 System Maintenance: Information ............................................... 269

Figure 175 Menu 24.2.2 System Maintenance : Change Console Port Speed ................... 270

Figure 176 Menu 24.3 System Maintenance: Log and Trace ............................................. 270

Figure 177 Sample Error and Information Messages ......................................................... 271

Figure 178 Menu 24.3.2 System Maintenance: Syslog and Accounting ............................. 271

Figure 179 Syslog Example ................................................................................................ 272

Figure 180 Menu 24.4 System Maintenance : Diagnostic ................................................... 273

Figure 181 Telnet in Menu 24.5 ........................................................................................... 278

Figure 182 FTP Session Example ...................................................................................... 279

Figure 183 Telnet into Menu 24.6 ........................................................................................ 282

Figure 184 Restore Using FTP Session Example ............................................................... 282

Figure 185 Telnet Into Menu 24.7.1 Upload System Firmware .......................................... 283

Figure 186 Telnet Into Menu 24.7.2 System Maintenance ................................................. 284

Figure 187 FTP Session Example of Firmware File Upload ............................................... 285

Figure 188 Command Mode in Menu 24 ............................................................................. 288

Figure 189 Valid Commands ............................................................................................... 288

Figure 190 Menu 24.9 System Maintenance: Call Control .................................................. 289

Figure 191 Menu 24.9.1 System Maintenance: Budget Management ................................ 289

Figure 192 Menu 24 System Maintenance ......................................................................... 290

Figure 193 Menu 24.10 System Maintenance: Time and Date Setting ............................... 291

Figure 194 Menu 24.11 Remote Management Control ....................................................... 295

Figure 195 Menu 25 IP Routing Policy Setup ..................................................................... 299

Figure 196 Menu 25.1 IP Routing Policy Setup .................................................................. 300

Figure 197 Menu 25.1.1 IP Routing Policy .......................................................................... 301

Figure 198 Menu 3.2 TCP/IP and DHCP Ethernet Setup ................................................... 303

Figure 199 Menu 11.3 Remote Node Network Layer Options ............................................ 303

Figure 200 Example of IP Policy Routing ........................................................................... 304

Figure 201 IP Routing Policy Example ................................................................................ 304

Figure 202 IP Routing Policy Example ................................................................................ 305

Figure 203 Applying IP Policies Example ........................................................................... 306

Figure 204 Menu 26 Schedule Setup .................................................................................. 308

Figure 205 Menu 26.1 Schedule Set Setup ....................................................................... 309

Figure 206 Applying Schedule Set(s) to a Remote Node (PPPoE) .................................... 310

Figure 207 Pop-up Blocker ................................................................................................. 315

Figure 208 Internet Options ............................................................................................... 315

Figure 209 Internet Options ................................................................................................ 316

Figure 210 Pop-up Blocker Settings ................................................................................... 317

List of Figures 28

P-660R/H-D Series User’s Guide

Figure 211 Internet Options ................................................................................................. 318

Figure 212 Security Settings - Java Scripting ..................................................................... 319

Figure 213 Security Settings - Java .................................................................................... 320

Figure 214 Java (Sun) ......................................................................................................... 321

Figure 215 Internet Options Security .................................................................................. 322

Figure 216 Security Setting ActiveX Controls ..................................................................... 323

Figure 217 Virtual Circuit Topology ..................................................................................... 330

Figure 218 Wall-mounting Example .................................................................................... 332

Figure 219 WIndows 95/98/Me: Network: Configuration ..................................................... 335

Figure 220 Windows 95/98/Me: TCP/IP Properties: IP Address ......................................... 336

Figure 221 Windows 95/98/Me: TCP/IP Properties: DNS Configuration ............................ 337

Figure 222 Windows XP: Start Menu .................................................................................. 338

Figure 223 Windows XP: Control Panel .............................................................................. 338

Figure 224 Windows XP: Control Panel: Network Connections: Properties ....................... 339

Figure 225 Windows XP: Local Area Connection Properties .............................................. 339

Figure 226 Windows XP: Internet Protocol (TCP/IP) Properties ......................................... 340

Figure 227 Windows XP: Advanced TCP/IP Properties ...................................................... 341

Figure 228 Windows XP: Internet Protocol (TCP/IP) Properties ......................................... 342

Figure 229 Macintosh OS 8/9: Apple Menu ........................................................................ 343

Figure 230 Macintosh OS 8/9: TCP/IP ................................................................................ 343

Figure 231 Macintosh OS X: Apple Menu ........................................................................... 344

Figure 232 Macintosh OS X: Network ................................................................................. 345

Figure 233 Red Hat 9.0: KDE: Network Configuration: Devices ........................................ 346

Figure 234 Red Hat 9.0: KDE: Ethernet Device: General ................................................. 346

Figure 235 Red Hat 9.0: KDE: Network Configuration: DNS ............................................. 347

Figure 236 Red Hat 9.0: KDE: Network Configuration: Activate ................................. 347

Figure 237 Red Hat 9.0: Dynamic IP Address Setting in ifconfig-eth0 .............................. 348

Figure 238 Red Hat 9.0: Static IP Address Setting in ifconfig-eth0 .................................. 348

Figure 239 Red Hat 9.0: DNS Settings in resolv.conf ...................................................... 348

Figure 240 Red Hat 9.0: Restart Ethernet Card ................................................................ 349

Figure 241 Red Hat 9.0: Checking TCP/IP Properties ...................................................... 349

Figure 242 Option to Enter Debug Mode ............................................................................ 358

Figure 243 Boot Module Commands .................................................................................. 359

Figure 244 Connecting a POTS Splitter .............................................................................. 368

Figure 245 Connecting a Microfilter .................................................................................... 369

Figure 246 Prestige with ISDN ............................................................................................ 369

Figure 247 Single-Computer per Router Hardware Configuration ...................................... 371

Figure 248 Prestige as a PPPoE Client .............................................................................. 371

Figure 249 Configuration Text File Format: Column Descriptions ....................................... 372

Figure 250 Invalid Parameter Entered: Command Line Example ....................................... 373

Figure 251 Valid Parameter Entered: Command Line Example ......................................... 373

Figure 252 Internal SPTGEN FTP Download Example ..................................................... 374

Figure 253 Internal SPTGEN FTP Upload Example ........................................................... 374

29 List of Figures

P-660R/H-D Series User’s Guide

Figure 254 Displaying Log Categories Example ................................................................. 410

Figure 255 Displaying Log Parameters Example ................................................................ 410

List of Figures 30

P-660R/H-D Series User’s Guide

31 List of Figures

P-660R/H-D Series User’s Guide

List of Tables

Table 1 ADSL Standards .................................................................................................... 38

Table 2 Model Specific Features ........................................................................................ 39

Table 3 Front Panel LEDs .................................................................................................. 43

Table 4 Web Configurator Screens Summary .................................................................... 46

Table 5 Password ............................................................................................................... 48

Table 6 Internet Access Wizard Setup: ISP Parameters .................................................... 51

Table 7 Internet Connection with PPPoE .......................................................................... 52

Table 8 Internet Connection with RFC 1483 ...................................................................... 52

Table 9 Internet Connection with ENET ENCAP ................................................................ 53

Table 10 Internet Connection with PPPoA ......................................................................... 54

Table 11 Internet Access Wizard Setup: LAN Configuration .............................................. 56

Table 12 Media Bandwidth Mgnt. Wizard Setup: Services ................................................. 58

Table 13 Media Bandwidth Mgnt. Wizard Setup: First Screen ........................................... 60

Table 14 Media Bandwidth Mgnt. Wizard Setup: Second Screen ...................................... 60

Table 15 LAN Setup ........................................................................................................... 68

Table 16 WAN .................................................................................................................... 75

Table 17 WAN Setup .......................................................................................................... 76

Table 18 WAN Backup ....................................................................................................... 80

Table 19 NAT Definitions .................................................................................................... 82

Table 20 NAT Mapping Types ............................................................................................ 85

Table 21 Services and Port Numbers ................................................................................. 86

Table 22 NAT Mode ............................................................................................................ 88

Table 23 Edit SUA/NAT Server Set .................................................................................... 89

Table 24 Address Mapping Rules ...................................................................................... 90

Table 25 Edit Address Mapping Rule ................................................................................. 92

Table 26 Dynamic DNS ...................................................................................................... 95

Table 27 Time and Date ..................................................................................................... 97

Table 28 Common IP Ports ................................................................................................ 101

Table 29 ICMP Commands That Trigger Alerts .................................................................. 103

Table 30 Legal NetBIOS Commands ................................................................................. 103

Table 31 Legal SMTP Commands .................................................................................... 104

Table 32 Firewall: Default Policy ........................................................................................ 116

Table 33 Rule Summary ..................................................................................................... 117

Table 34 Firewall: Edit Rule ................................................................................................ 120

Table 35 Customized Services ........................................................................................... 121

Table 36 Firewall: Configure Customized Services ............................................................ 122

Table 37 Predefined Services ........................................................................................... 126

Table 38 Firewall: Anti Probing ........................................................................................... 129

List of Tables 32

P-660R/H-D Series User’s Guide

Table 39 Firewall: Threshold .............................................................................................. 132

Table 40 ............................................................................................................................. 134

Table 41 Content Filter: Keyword ....................................................................................... 135

Table 42 Content Filter: Schedule ...................................................................................... 136

Table 43 Content Filter: Trusted ......................................................................................... 137

Table 44 Remote Management .......................................................................................... 140

Table 45 Configuring UPnP ................................................................................................ 144

Table 46 Log Settings .........................................................................................................155

Table 47 View Logs ............................................................................................................157

Table 48 SMTP Error Messages ........................................................................................ 157

Table 49 Application and Subnet-based Bandwidth Management Example ...................... 162

Table 50 Maximize Bandwidth Usage Example ................................................................. 164

Table 51 Priority-based Allotment of Unused and Unbudgeted Bandwidth Example ......... 164

Table 52 Fairness-based Allotment of Unused and Unbudgeted Bandwidth Example ...... 165

Table 53 Bandwidth Borrowing Example ............................................................................ 166

Table 54 Media Bandwidth Mgnt. ....................................................................................... 167

Table 55 Media Bandwidth Management: Summary .......................................................... 168

Table 56 Media Bandwidth Management: Class Setup ...................................................... 169

Table 57 Media Bandwidth Management: Class Configuration .......................................... 171

Table 58 Services and Port Numbers ................................................................................. 173

Table 59 Media Bandwidth Management Statistics ............................................................ 174

Table 60 Media Bandwidth Management: Monitor ............................................................. 175

Table 61 System Status ...................................................................................................... 177

Table 62 System Status: Show Statistics ........................................................................... 179

Table 63 DHCP Table ......................................................................................................... 180

Table 64 Any IP Table ........................................................................................................ 180

Table 65 Diagnostic: General ............................................................................................. 182

Table 66 Diagnostic: DSL Line ........................................................................................... 183

Table 67 Firmware Upgrade ............................................................................................... 184

Table 68 SMT Menus Overview ......................................................................................... 187

Table 69 Navigating the SMT Interface .............................................................................. 188

Table 70 Main Menu Summary .......................................................................................... 189

Table 71 Menu 1 General Setup ........................................................................................ 193

Table 72 Menu 1.1 Configure Dynamic DNS ..................................................................... 194

Table 73 Menu 2 WAN Backup Setup ................................................................................ 196

Table 74 Menu 2.1Traffic Redirect Setup ........................................................................... 197

Table 75 DHCP Ethernet Setup ......................................................................................... 202

Table 76 TCP/IP Ethernet Setup ........................................................................................ 202

Table 77 Menu 3.2.1 IP Alias Setup ................................................................................... 206

Table 78 Menu 4 Internet Access Setup ............................................................................ 208

Table 79 Menu 11.1 Remote Node Profile ......................................................................... 212

Table 80 Menu 11.3 Remote Node Network Layer Options ............................................... 214

Table 81 Menu 11.8 Advance Setup Options ..................................................................... 221

33 List of Tables

P-660R/H-D Series User’s Guide

Table 82 Menu12.1.1 Edit IP Static Route .......................................................................... 224

Table 83 Remote Node Network Layer Options: Bridge Fields .......................................... 227

Table 84 Menu 12.3.1 Edit Bridge Static Route .................................................................. 228

Table 85 Applying NAT in Menus 4 & 11.3 ......................................................................... 232

Table 86 SUA Address Mapping Rules .............................................................................. 233

Table 87 Menu 15.1.1 First Set .......................................................................................... 235

Table 88 Menu 15.1.1.1 Editing/Configuring an Individual Rule in a Set ........................... 236

Table 89 Abbreviations Used in the Filter Rules Summary Menu ...................................... 251

Table 90 Rule Abbreviations Used ..................................................................................... 252

Table 91 Menu 21.1.x.1 TCP/IP Filter Rule ........................................................................ 253

Table 92 Menu 21.1.5.1 Generic Filter Rule ....................................................................... 256

Table 93 Filter Sets Table ................................................................................................... 259

Table 94 Menu 22 SNMP Configuration ............................................................................. 264

Table 95 SNMP Traps ........................................................................................................ 264

Table 96 Ports and Permanent Virtual Circuits ................................................................... 265

Table 97 Menu 24.1 System Maintenance: Status ............................................................. 267

Table 98 Menu 24.2.1 System Maintenance: Information .................................................. 269

Table 99 Menu 24.3.2 System Maintenance : Syslog and Accounting .............................. 271

Table 100 Menu 24.4 System Maintenance Menu: Diagnostic .......................................... 274

Table 101 Filename Conventions ....................................................................................... 277

Table 102 General Commands for GUI-based FTP Clients ............................................... 279

Table 103 General Commands for GUI-based TFTP Clients ............................................. 281

Table 104 Menu 24.9.1 System Maintenance: Budget Management ................................. 290

Table 105 Menu 24.10 System Maintenance: Time and Date Setting .............................. 291

Table 106 Menu 24.11 Remote Management Control ........................................................ 295

Table 107 Menu 25.1 IP Routing Policy Setup ................................................................... 300

Table 108 Menu 25.1.1 IP Routing Policy .......................................................................... 301

Table 109 Menu 26.1 Schedule Set Setup ......................................................................... 309

Table 110 Troubleshooting Starting Up Your Prestige ........................................................ 312

Table 111 Troubleshooting the LAN ................................................................................... 312

Table 112 Troubleshooting the WAN .................................................................................. 313

Table 113 Troubleshooting Accessing the Prestige ............................................................ 314

Table 114 Device ................................................................................................................ 324

Table 115 Firmware ............................................................................................................325

Table 116 Classes of IP Addresses .................................................................................... 350

Table 117 Allowed IP Address Range By Class ................................................................. 351

Table 118 “Natural” Masks ................................................................................................ 351

Table 119 Alternative Subnet Mask Notation ..................................................................... 352

Table 120 Two Subnets Example ....................................................................................... 352

Table 121 Subnet 1 ............................................................................................................353

Table 122 Subnet 2 ............................................................................................................353

Table 123 Subnet 1 ............................................................................................................354

Table 124 Subnet 2 ............................................................................................................354

List of Tables 34

P-660R/H-D Series User’s Guide

Table 125 Subnet 3 ............................................................................................................354

Table 126 Subnet 4 ............................................................................................................355

Table 127 Eight Subnets .................................................................................................... 355

Table 128 Class C Subnet Planning ................................................................................... 355

Table 129 Class B Subnet Planning ................................................................................... 356

Table 130 Firewall Commands ........................................................................................... 362

Table 131 Abbreviations Used in the Example Internal SPTGEN Screens Table .............. 375

Table 132 Menu 1 General Setup (SMT Menu 1) .............................................................. 375

Table 133 Menu 3 (SMT Menu 3 ) ...................................................................................... 375

Table 134 Menu 4 Internet Access Setup (SMT Menu 4) .................................................. 378

Table 135 Menu 12 (SMT Menu 12) ................................................................................... 379

Table 136 Menu 15 SUA Server Setup (SMT Menu 15) .................................................... 383

Table 137 Menu 21.1 Filter Set #1 (SMT Menu 21.1) ........................................................ 385

Table 138 Menu 21.1 Filer Set #2, (SMT Menu 21.1) ........................................................ 389

Table 139 Menu 23 System Menus (SMT Menu 23) .......................................................... 393

Table 140 Menu 24.11 Remote Management Control (SMT Menu 24.11) ......................... 394

Table 141 Command Examples ......................................................................................... 395

Table 142 System Maintenance Logs ................................................................................ 396

Table 143 System Error Logs ............................................................................................. 397

Table 144 Access Control Logs .......................................................................................... 397

Table 145 TCP Reset Logs ................................................................................................ 398

Table 146 Packet Filter Logs .............................................................................................. 398

Table 147 ICMP Logs ......................................................................................................... 399

Table 148 CDR Logs .......................................................................................................... 399

Table 149 PPP Logs ........................................................................................................... 399

Table 150 UPnP Logs ........................................................................................................ 400

Table 151 Content Filtering Logs ....................................................................................... 400

Table 152 Attack Logs ........................................................................................................ 401

Table 153 IPSec Logs ........................................................................................................ 402

Table 154 IKE Logs ............................................................................................................402

Table 155 PKI Logs ............................................................................................................405

Table 156 Certificate Path Verification Failure Reason Codes ........................................... 406

Table 157 802.1X Logs ...................................................................................................... 407

Table 158 ACL Setting Notes ............................................................................................. 408

Table 159 ICMP Notes ....................................................................................................... 408

Table 160 Syslog Logs ....................................................................................................... 409

Table 161 RFC-2408 ISAKMP Payload Types ................................................................... 409

35 List of Tables

P-660R/H-D Series User’s Guide

Preface

Congratulations on your purchase of the P-660R/H-D series ADSL 2+ gateway. The P-660H has a 4-port switch that allows you to connect up to 4 computers to the Prestige without purchasing a switch/hub.

Note: Register your product online to receive e-mail notices of firmware upgrades and

information at www.zyxel.com for global products, or at www.us.zyxel.com for North American products.

About This User's Guide

This manual is designed to guide you through the configuration of your Prestige for its various applications. The web configurator parts of this guide contain background information on features configurable by web configurator. The SMT parts of this guide contain background information solely on features not configurable by web configurator.

Note: Use the web configurator, System Management Terminal (SMT) or command

interpreter interface to configure your Prestige. Not all features can be configured through all interfaces.

Syntax Conventions

• “Enter” means for you to type one or more characters. “Select” or “Choose” means for you to use one predefined choices.

• The SMT menu titles and labels are in Bold Times New Roman font. Predefined field choices are in Bold Arial font. Command and arrow keys are enclosed in square brackets. [ENTER] means the Enter, or carriage return key; [ESC] means the Escape key and [SPACE BAR] means the Space Bar.

• Mouse action sequences are denoted using a comma. For example, “In Windows, click Start, Settings and then Control Panel” means first click the Start button, then point your mouse pointer to Settings and then click Control Panel.

• “e.g.,” is a shorthand for “for instance”, and “i.e.,” means “that is” or “in other words”.

• The P-600R/H-D series may be referred to as the “Prestige” in this User’s Guide.

• Application graphics and screen shoots shown are for the P-660H-D model unless otherwise specified.

Getting To Know Your Prestige

This chapter describes the key features and applications of your Prestige.

1.1 Introducing the Prestige

The Prestige is an ADSL2+ gateway that allows super-fast, secure Internet access over analog (POTS) or digital (ISDN) telephone lines (depending on your model).

In the Prestige product name, “R” denotes a router with one Ethernet port, “H” denotes an integrated 4-port switch (hub).

Models ending in “1”, for example P-660H-D1, denote a device that works over the analog telephone system, POTS (Plain Old Telephone Service). Models ending in “3” denote a device that works over ISDN (Integrated Services Digital Network). Models ending in “7” denote a device that works over T-ISDN (UR-2).

Note: Only use firmware for your Prestige’s specific model. Refer to the label on the

bottom of your Prestige.

The DSL RJ-11 (ADSL over POTS models) or RJ-45 (ADSL over ISDN models) connects to your ADSL-enabled telephone line. The Prestige is compatible with the ADSL/ADSL2/ ADSL2+ standards. Maximum data rates attainable by the Prestige for each standard are shown in the next table.

Table 1 ADSL Standards

DATA RATE STANDARD UPSTREAM DOWNSTREAM

ADSL

ADSL2

ADSL2+

Note: The standard your ISP supports determines the maximum upstream and

downstream speeds attainable. Actual speeds attained also depend on the distance from your ISP, line quality, etc.

832 kbps 8Mbps

3.5Mbps 12Mbps

3.5Mbps 24Mbps

1.2 Features

The following table lists model specific features.

Chapter 1 Getting To Know Your Prestige 38

P-660R/H-D Series User’s Guide

Note: See the product specifications in the appendix for detailed features and

standards support.

Table 2 Model Specific Features

MODEL FEATURE

Integrated 4-port Switch O

Firewall O

Meida Bandwidth Management O

Content Filtering O

Internet Security Filtering O

Centralized Logs O

P-660R-D P660H-D

Table Key: An O in a mode’s column shows that the device mode has the specified feature. The information in this table was correct at the time of writing, although it may be subject to change.

High Speed Internet Access

Your Prestige ADSL/ADSL2/ADSL2+ router can support downstream transmission rates of up to 24Mbps and upstream transmission rates of 3.5Mbps. Actual speeds attained depend on the ADSL service you subscribed to, distance from your ISP, line quality, etc.

Zero Configuration Internet Access

Once you connect and turn on the Prestige, it automatically detects the Internet connection settings (such as the VCI/VPI numbers and the encapsulation method) from the ISP and makes the necessary configuration changes. In cases where additional account information (such as an Internet account user name and password) is required or the Prestige cannot connect to the ISP, you will be redirected to web screen(s) for information input or troubleshooting.

Any IP

The Any IP feature allows a computer to access the Internet and the Prestige without changing the network settings (such as IP address and subnet mask) of the computer, when the IP addresses of the computer and the Prestige are not in the same subnet.

Firewall

The Prestige is a stateful inspection firewall with DoS (Denial of Service) protection. By default, when the firewall is activated, all incoming traffic from the WAN to the LAN is blocked unless it is initiated from the LAN. The Prestige firewall supports TCP/UDP inspection, DoS detection and prevention, real time alerts, reports and logs.

39 Chapter 1 Getting To Know Your Prestige

P-660R/H-D Series User’s Guide

Content Filtering

Content filtering allows you to block access to forbidden Internet web sites, schedule when the Prestige should perform the filtering and give trusted LAN IP addresses unfiltered Internet access.

Traffic Redirect

Traffic redirect forwards WAN traffic to a backup gateway when the Prestige cannot connect to the Internet, thus acting as an auxiliary if your regular WAN connection fails.

Media Bandwidth Management

ZyXEL’s Media Bandwidth Management allows you to specify bandwidth classes based on an application and/or subnet. You can allocate specific amounts of bandwidth capacity (bandwidth budgets) to different bandwidth classes.

Universal Plug and Play (UPnP)

Using the standard TCP/IP protocol, the Prestige and other UPnP enabled devices can dynamically join a network, obtain an IP address and convey its capabilities to other devices on the network.

PPPoE (RFC2516)

PPPoE (Point-to-Point Protocol over Ethernet) emulates a dial-up connection. It allows your ISP to use their existing network configuration with newer broadband technologies such as ADSL. The PPPoE driver on the Prestige is transparent to the computers on the LAN, which see only Ethernet and are not aware of PPPoE thus saving you from having to manage PPPoE clients on individual computers. The Prestige also includes PPPoE idle time-out (the PPPoE connection terminates after a period of no traffic that you configure) and PPPoE Dial-onDemand (the PPPoE connection is brought up only when an Internet access request is made).

Network Address Translation (NAT)

Network Address Translation (NAT) allows the translation of an Internet protocol address used within one network (for example a private IP address used in a local network) to a different IP address known within another network (for example a public IP address used on the Internet).

Dynamic DNS Support

With Dynamic DNS support, you can have a static hostname alias for a dynamic IP address, allowing the host to be more easily accessible from various locations on the Internet. You must register for this service with a Dynamic DNS service provider.

Chapter 1 Getting To Know Your Prestige 40

P-660R/H-D Series User’s Guide

DHCP

DHCP (Dynamic Host Configuration Protocol) allows the individual clients (computers) to obtain the TCP/IP configuration at start-up from a centralized DHCP server. The Prestige has built-in DHCP server capability enabled by default. It can assign IP addresses, an IP default gateway and DNS servers to DHCP clients. The Prestige can now also act as a surrogate DHCP server (DHCP Relay) where it relays IP address assignment from the actual real DHCP server to the clients.

IP Alias

IP Alias allows you to partition a physical network into logical networks over the same Ethernet interface. The Prestige supports three logical LAN interfaces via its single physical Ethernet interface with the Prestige itself as the gateway for each LAN network.

IP Policy Routing (IPPR)

Traditionally, routing is based on the destination address only and the router takes the shortest path to forward a packet. IP Policy Routing (IPPR) provides a mechanism to override the default routing behavior and alter the packet forwarding based on the policy defined by the network administrator.

Packet Filters

The Prestige's packet filtering functions allows added network security and management.

Housing

Your Prestige's compact and ventilated housing minimizes space requirements making it easy to position anywhere in your busy office.

4-Port Switch

A combination of switch and router makes your Prestige a cost-effective and viable network solution. You can connect up to four computers to the Prestige without the cost of a hub. Use a hub to add more than four computers to your LAN.

1.3 Applications for the Prestige

Here are some example uses for which the Prestige is well suited. Application graphics shown are for the P-660H-D.

41 Chapter 1 Getting To Know Your Prestige

1.3.1 Protected Internet Access

The Prestige is the ideal high-speed Internet access solution. It is compatible with all major ADSL DSLAM (Digital Subscriber Line Access Multiplexer) providers and supports the ADSL standards as shown in Table 1 on page 38.

The Prestige provides protection from attacks by Internet hackers. By default, the firewall blocks all incoming traffic from the WAN. The firewall supports TCP/UDP inspection and DoS (Denial of Services) detection and prevention, as well as real time alerts, reports and logs.

Figure 1 Protected Internet Access Applications

P-660R/H-D Series User’s Guide

1.3.2 LAN to LAN Application

You can use the Prestige to connect two geographically dispersed networks over the ADSL line. A typical LAN-to-LAN application example is shown as follows.

Figure 2 LAN-to-LAN Application Example

1.4 Front Panel LEDs

The following figure shows the front panel LEDs.

Chapter 1 Getting To Know Your Prestige 42

P-660R/H-D Series User’s Guide

Figure 3 Front Panel

The following table describes the LEDs.

Table 3 Front Panel LEDs

LED COLOR STATUS DESCRIPTION

PWR/SYS Green On The Prestige is receiving power and functioning properly.

Red On Power to the Prestige is too low.

LAN 10/100M (P-660H-D)

LAN 10/100M (P-660R-D)

DSL Green On The DSL line is up.

INTERNET Green On The Internet connection is up.

Green On The Prestige has a successful 10/100Mbps Ethernet

Green On The Prestige has a successful 10Mbps Ethernet connection.

Amber On The Prestige has a successful 100Mbps Ethernet connection.

Blinking The Prestige is rebooting or performing diagnostics.

Off The system is not ready or has malfunctioned.

connection.

Blinking The Prestige is sending/receiving data.

Off The LAN is not connected.

Blinking The Prestige is receiving or sending data.

Off The LAN is not connected.

Blinking The Prestige is initializing the DSL line .

Off The DSL line is down.

Blinking The Prestige is sending/receiving data.

Off The Internet connection is down.

1.5 Hardware Connection

Refer to the Quick Start Guide for information on hardware connection.

43 Chapter 1 Getting To Know Your Prestige

Introducing the Web

This chapter describes how to access and navigate the web configurator.

2.1 Web Configurator Overview

The web configurator is an HTML-based management interface that allows easy Prestige setup and management via Internet browser. Use Internet Explorer 6.0 and later or Netscape Navigator 7.0 and later versions. The recommended screen resolution is 1024 by 768 pixels.

P-660R/H-D Series User’s Guide

CHAPTER 2

Configurator

In order to use the web configurator you need to allow:

• Web browser pop-up windows from your device. Web pop-up blocking is enabled by default in Windows XP SP (Service Pack) 2.

• JavaScripts (enabled by default).

• Java permissions (enabled by default).

See the chapter on troubleshooting if you need to make sure these functions are allowed in Internet Explorer.

2.1.1 Accessing the Web Configurator

1 Make sure your Prestige hardware is properly connected (refer to the Quick Start Guide).

2 Prepare your computer/computer network to connect to the Prestige (refer to the Quick

Start Guide).

3 Launch your web browser.

4 Type "192.168.1.1" as the URL.

5 A window displays as shown.The Password field already contains the default password

“1234”. Click Login to proceed to a screen asking you to change your password or click Cancel to revert to the default password.

Figure 4 Password Screen

Chapter 2 Introducing the Web Configurator 44

P-660R/H-D Series User’s Guide

6 It is highly recommended you change the default password! Enter a new password

between 1 and 30 characters, retype it to confirm and click Apply; alternatively click Ignore to proceed to the main menu if you do not want to change the password now.

Note: If you do not change the password at least once, the following screen appears

every time you log in.

Figure 5 Change Password at Login

7 You should now see the SITE MAP screen.

Note: The Prestige automatically times out after five minutes of inactivity. Simply log

back into the Prestige if this happens to you.

2.1.2 Resetting the Prestige

If you forget your password or cannot access the web configurator, you will need to use the RESET button at the back of the Prestige to reload the factory-default configuration file. This means that you will lose all configurations that you had previously and the password will be reset to “1234”.

2.1.2.1 Using the Reset Button

1 Make sure the PWR/SYS LED is on (not blinking).

2 Press the RESET button for ten seconds or until the PWR/SYS LED begins to blink and

then release it. When the PWR/SYS LED begins to blink, the defaults have been restored and the Prestige restarts.

2.1.3 Navigating the Web Configurator

The following summarizes how to navigate the web configurator from the SITE MAP screen. We use the P-660H-D1 web screens in this guide as an example. Screens vary slightly for different Prestige models.

• Click Wizard Setup to begin a series of screens to configure your Prestige for the first time.

• Click a link under Advanced Setup to configure advanced Prestige features.

45 Chapter 2 Introducing the Web Configurator

P-660R/H-D Series User’s Guide

• Click a link under Maintenance to see Prestige performance statistics, upload firmware and back up, restore or upload a configuration file.

• Click Site Map to go to the Site Map screen.

• Click Logout in the navigation panel when you have finished a Prestige management session.

Figure 6 Web Configurator: Site Map Screen

Note: Click the icon (located in the top right corner of most screens) to view

embedded help.

Table 4 Web Configurator Screens Summary

LINK SUB-LINK FUNCTION

Wizard Setup Wizard Setup Use these screens for initial configuration including general

setup, ISP parameters for Internet Access and WAN IP/DNS Server/MAC address assignment.

Media Bandwidth Mgnt. (P-660H-D only)

Advanced Setup

Password Use this screen to change your password.

LAN Use this screen to configure LAN DHCP and TCP/IP settings.

WAN WAN Setup Use this screen to change the Prestige’s WAN remote node

WAN Backup Use this screen to configure your traffic redirect properties and

NAT SUA Only Use this screen to configure servers behind the Prestige.

Full Feature Use this screen to configure network address translation

Security (P-660R-D only)

Dynamic DNS Use this screen to set up dynamic DNS.

Time and Date Use this screen to change your Prestige’s time and date.

Use these screens to limit bandwidth usage by application.

settings.

WAN backup settings.

mapping rules.

Use this screen to configure Internet security and apply the predefined filter rules.

Chapter 2 Introducing the Web Configurator 46

P-660R/H-D Series User’s Guide

Table 4 Web Configurator Screens Summary (continued)

LINK SUB-LINK FUNCTION

Firewall (P-660H-D only)

Content Filter (P-660H-D only)

Remote Management

UPnP Use this screen to enable UPnP on the Prestige.

Logs (P-660H-D only)

Media Bandwidth Management (P-660H-D only)

Maintenance

System Status This screen contains administrative and system-related

DHCP Table This screen displays DHCP (Dynamic Host Configuration

Any IP Table Use this screen to view the IP and MAC addresses of LAN

Diagnostic General These screens display information to help you identify problems

Firmware Use this screen to upload firmware to your Prestige

LOGOUT Click Logout to exit the web configurator.

Default Policy Use this screen to activate/deactivate the firewall and the

direction of network traffic to which to apply the rule.

Rule Summary This screen shows a summary of the firewall rules, and allows

you to edit/add a firewall rule.

Anti Probing Use this screen to change your anti-probing settings.

Threshold Use this screen to configure the threshold for DoS attacks.

Keyword Use this screen to block sites containing certain keywords in the

URL.

Schedule Use this screen to set the days and times for the Prestige to

perform content filtering.

Trusted Use this screen to exclude a range of users on the LAN from

content filtering on your Prestige.

Use this screen to configure through which interface(s) and from which IP address(es) users can use Telnet/FTP/Web to manage the Prestige.

Log Settings Use this screen to change your Prestige’s log settings.

View Log Use this screen to view the logs for the categories that you

selected.

Summary Use this screen to assign bandwidth limits to specific types of

traffic.

Class Setup Use this screen to define a bandwidth class.

Monitor Use this screen to view bandwidth class statistics.

information.

Protocol) related information and is READ-ONLY.

computers communicating with the Prestige.

with the Prestige general connection.

DSL Line These screens display information to help you identify problems

with the DSL line.

47 Chapter 2 Introducing the Web Configurator

2.2 Change Login Password

It is highly recommended that you periodically change the password for accessing the Prestige. If you didn’t change the default one after you logged in or you want to change to a new password again, then click Password in the Site Map screen to display the screen as shown next.

Figure 7 Password

P-660R/H-D Series User’s Guide

The following table describes the fields in this screen.

Table 5 Password

LABEL DESCRIPTION

Old Password Type the default password or the existing password you use to access the system

in this field.

New Password Type the new password in this field.

Retype to Confirm Type the new password again in this field.

Apply Click Apply to save your changes back to the Prestige.

Cancel Click Cancel to begin configuring this screen afresh.

Chapter 2 Introducing the Web Configurator 48

P-660R/H-D Series User’s Guide

49 Chapter 2 Introducing the Web Configurator

P-660R/H-D Series User’s Guide

CHAPTER 3

Wizard Setup for Internet Access

This chapter provides information on the Wizard Setup screens for Internet access in the web configurator.

3.1 Introduction

Use the Wizard Setup screens to configure your system for Internet access with the information given to you by your ISP.

Note: See the advanced menu chapters for background information on these fields.

3.1.1 Internet Access Wizard Setup

1 In the SITE MAP screen click Wizard Setup to display the first wizard screen.

Figure 8 Internet Access Wizard Setup: ISP Parameters

The following table describes the fields in this screen.

Chapter 3 Wizard Setup for Internet Access 50

P-660R/H-D Series User’s Guide

Table 6 Internet Access Wizard Setup: ISP Parameters

LABEL DESCRIPTION

Mode From the Mode drop-down list box, select Routing (default) if your ISP allows

multiple computers to share an Internet account. Otherwise select Bridge.

Encapsulation Select the encapsulation type your ISP uses from the Encapsulation drop-down list

box. Choices vary depending on what you select in the Mode field. If you select Bridge in the Mode field, select either PPPoA or RFC 1483. If you select Routing in the Mode field, select PPPoA, RFC 1483, ENET ENCAP or

PPPoE.

Multiplex Select the multiplexing method used by your ISP from the Multiplex drop-down list

box either VC-based or LLC-based.

Virtual Circuit IDVPI (Virtual Path Identifier) and VCI (Virtual Channel Identifier) define a virtual circuit.

VPI Enter the VPI assigned to you. This field may already be configured.

VCI Enter the VCI assigned to you. This field may already be configured.

Next Click this button to go to the next wizard screen. The next wizard screen you see

Refer to the appendix for more information.

depends on what protocol you chose above. Click on the protocol link to see the next wizard screen for that protocol.

2 The next wizard screen varies depending on what mode and encapsulation type you use.

All screens shown are with routing mode. Configure the fields and click Next to continue.

Figure 9 Internet Connection with PPPoE

The following table describes the fields in this screen.

51 Chapter 3 Wizard Setup for Internet Access

P-660R/H-D Series User’s Guide

Table 7 Internet Connection with PPPoE

LABEL DESCRIPTION

Service Name Type the name of your PPPoE service here.

User Name Enter the user name exactly as your ISP assigned. If assigned a name in the form

user@domain where domain identifies a service name, then enter both components exactly as given.

Password Enter the password associated with the user name above.

IP Address A static IP address is a fixed IP that your ISP gives you. A dynamic IP address is not

fixed; the ISP assigns you a different one each time you connect to the Internet. Select Obtain an IP Address Automatically if you have a dynamic IP address;

otherwise select Static IP Address and type your ISP assigned IP address in the text box below.

Connection Select Connect on Demand when you don't want the connection up all the time and

specify an idle time-out (in seconds) in the Max. Idle Timeout field. The default setting selects Connection on Demand with 0 as the idle time-out, which means the Internet session will not timeout.

Select Nailed-Up Connection when you want your connection up all the time. The Prestige will try to bring up the connection automatically if it is disconnected.

The schedule rule(s) in SMT menu 26 has priority over your Connection settings.

Network Address Translation

Back Click Back to go back to the first wizard screen.

Next Click Next to continue to the next wizard screen.

Select None, SUA Only or Full Feature from the drop-sown list box. Refer to the NAT chapter for more details.

Figure 10 Internet Connection with RFC 1483

The following table describes the fields in this screen.

Table 8 Internet Connection with RFC 1483

LABEL DESCRIPTION

IP Address This field is available if you select Routing in the Mode field.

Type your ISP assigned IP address in this field.

Network Address Translation

Select None, SUA Only or Full Feature from the drop-down list box. Refer to the NAT chapter for more details.

Chapter 3 Wizard Setup for Internet Access 52

P-660R/H-D Series User’s Guide

Table 8 Internet Connection with RFC 1483 (continued)

LABEL DESCRIPTION

Back Click Back to go back to the first wizard screen.

Next Click Next to continue to the next wizard screen.

Figure 11 Internet Connection with ENET ENCAP

The following table describes the fields in this screen.

Table 9 Internet Connection with ENET ENCAP

LABEL DESCRIPTION

IP Address A static IP address is a fixed IP that your ISP gives you. A dynamic IP address is not

fixed; the ISP assigns you a different one each time you connect to the Internet. Select Obtain an IP Address Automatically if you have a dynamic IP address;

otherwise select Static IP Address and type your ISP assigned IP address in the IP Address text box below.

Subnet Mask Enter a subnet mask in dotted decimal notation.

Refer to the appendices to calculate a subnet mask If you are implementing subnetting.

ENET ENCAP Gateway

Network Address Translation

Back Click Back to go back to the first wizard screen.

Next Click Next to continue to the next wizard screen.

You must specify a gateway IP address (supplied by your ISP) when you use ENET ENCAP in the Encapsulation field in the previous screen.

Select None, SUA Only or Full Feature from the drop-sown list box. Refer to the NAT chapter for more details.

53 Chapter 3 Wizard Setup for Internet Access

Figure 12 Internet Connection with PPPoA

P-660R/H-D Series User’s Guide

The following table describes the fields in this screen.

Table 10 Internet Connection with PPPoA

LABEL DESCRIPTION

User Name Enter the login name that your ISP gives you.

Password Enter the password associated with the user name above.

IP Address This option is available if you select Routing in the Mode field.

A static IP address is a fixed IP that your ISP gives you. A dynamic IP address is not fixed; the ISP assigns you a different one each time you connect to the Internet.

Click Obtain an IP Address Automatically if you have a dynamic IP address; otherwise click Static IP Address and type your ISP assigned IP address in the IP Address text box below.

Connection Select Connect on Demand when you don't want the connection up all the time and

specify an idle time-out (in seconds) in the Max. Idle Timeout field. The default setting selects Connection on Demand with 0 as the idle time-out, which means the Internet session will not timeout.

Select Nailed-Up Connection when you want your connection up all the time. The Prestige will try to bring up the connection automatically if it is disconnected.

The schedule rule(s) in SMT menu 26 has priority over your Connection settings.

Network Address Translation

Back Click Back to go back to the first wizard screen.

Next Click Next to continue to the next wizard screen.

This option is available if you select Routing in the Mode field. Select None, SUA Only or Full Feature from the drop-sown list box. Refer to the NAT

chapter for more details.

Chapter 3 Wizard Setup for Internet Access 54

P-660R/H-D Series User’s Guide

3 Verify the settings in the screen shown next. To change the LAN information on the

Prestige, click Change LAN Configurations. Otherwise click Save Settings to save the configuration and skip to the section 3.13.

Figure 13 Internet Access Wizard Setup: Third Screen

If you want to change your Prestige LAN settings, click Change LAN Configuration to display the screen as shown next.

Figure 14 Internet Access Wizard Setup: LAN Configuration

55 Chapter 3 Wizard Setup for Internet Access

P-660R/H-D Series User’s Guide

The following table describes the fields in this screen.

Table 11 Internet Access Wizard Setup: LAN Configuration

LABEL DESCRIPTION

LAN IP Address Enter the IP address of your Prestige in dotted decimal notation, for example,

192.168.1.1 (factory default). If you changed the Prestige's LAN IP address, you must use the new IP

address if you want to access the web configurator again.

LAN Subnet Mask Enter a subnet mask in dotted decimal notation.

DHCP

DHCP Server From the DHCP Server drop-down list box, select On to allow your Prestige to

Client IP Pool Starting Address

Size of Client IP Pool This field specifies the size or count of the IP address pool.

Primary DNS Server Enter the IP addresses of the DNS servers. The DNS servers are passed to

Secondary DNS Server As above.

Back Click Back to go back to the previous screen.

Finish Click Finish to save the settings and proceed to the next wizard screen.

assign IP addresses, an IP default gateway and DNS servers to computer systems that support the DHCP client. Select Off to disable DHCP server.

When DHCP server is used, set the following items:

This field specifies the first of the contiguous addresses in the IP address pool.

the DHCP clients along with the IP address and the subnet mask.

4 The Prestige automatically tests the connection to the computer(s) connected to the LAN

ports. To test the connection from the Prestige to the ISP, click Start Diagnose. Otherwise click Return to Main Menu to go back to the Site Map screen.

Figure 15 Internet Access Wizard Setup: Connection Tests

5 Launch your web browser and navigate to www.zyxel.com. Internet access is just the

beginning. Refer to the rest of this guide for more detailed information on the complete range of Prestige features. If you cannot access the Internet, open the web configurator again to confirm that the Internet settings you configured in the Wizard Setup are correct.

Chapter 3 Wizard Setup for Internet Access 56

P-660R/H-D Series User’s Guide

57 Chapter 3 Wizard Setup for Internet Access

This chapter shows you how to configure basic bandwidth management using the wizard screens. This chapter applies to the P-660H-D.

4.1 Introduction

The web configurator’s Media Bandwidth Magnt. screens under Wizard Setup allows you to specify bandwidth classes based on an application (or service). You can allocate specific amounts of bandwidth capacity (bandwidth budgets) to different bandwidth classes.

P-660R/H-D Series User’s Guide

CHAPTER 4

Wizard Setup for Media

Bandwidth Management

The Prestige applies bandwidth management to traffic that it forwards out through an interface. The Prestige does not control the bandwidth of traffic that comes into an interface.

Bandwidth management applies to all traffic flowing out of the Prestige through the interface, regardless of the traffic's source.

Traffic redirect or IP alias may cause LAN-to-LAN traffic to pass through the Prestige and be managed by bandwidth management.

4.1.1 Predefined Media Bandwidth Management Services

The following is a description of the services that you can select and to which you can apply media bandwidth management using the Wizard Setup screens.

Table 12 Media Bandwidth Mgnt. Wizard Setup: Services

SERVICE DESCRIPTION

Xbox Live This is Microsoft’s online gaming service that lets you play multiplayer Xbox games

VoIP (SIP) Sending voice signals over the Internet is called Voice over IP or VoIP. Session

FTP File Transfer Program enables fast transfer of files, including large files that may

on the Internet via broadband technology. Xbox Live uses port 3074.

Initiated Protocol (SIP) is an internationally recognized standard for implementing VoIP. SIP is an application-layer control (signaling) protocol that handles the setting up, altering and tearing down of voice and multimedia sessions over the Internet.

SIP is transported primarily over UDP but can also be transported over TCP, using the default port number 5060.

not be possible by e-mail. FTP uses port number 21.

Chapter 4 Wizard Setup for Media Bandwidth Management 58

P-660R/H-D Series User’s Guide

Table 12 Media Bandwidth Mgnt. Wizard Setup: Services (continued)

SERVICE DESCRIPTION

E-Mail Electronic mail consists of messages sent through a computer network to specific

groups or individuals. Here are some default ports for e-mail: POP3 - port 110 IMAP - port 143 SMTP - port 25 HTTP - port 80

eMule These programs use advanced file sharing applications relying on central servers

to search for files. They use default port 4662.

WWW The World Wide Web (WWW) is an Internet system to distribute graphical, hyper-

linked information, based on Hyper Text Transfer Protocol (HTTP) - a client/server protocol for the World Wide Web. The Web is not synonymous with the Internet; rather, it is just one service on the Internet. Other services on the Internet include Internet Relay Chat and Newsgroups. The Web is accessed through use of a browser.

4.2 Media Bandwidth Management Setup

1 Click Media Bandwidth Mgnt. under Wizard Setup in the SITE MAP screen.

Figure 16 Media Bandwidth Mgnt. Wizard Setup

59 Chapter 4 Wizard Setup for Media Bandwidth Management

P-660R/H-D Series User’s Guide

The following table describes the labels in this screen.

Table 13 Media Bandwidth Mgnt. Wizard Setup: First Screen

LABEL DESCRIPTION

Active Select the Active check box to have the Prestige apply bandwidth management

to traffic going out through the Prestige’s WAN or LAN port.

Select the service to apply bandwidth management.

Next Click Next to continue.

These checkboxes are applicable when you select the Active check box above. Create bandwidth management classes by selecting services from the list

provided.

• XBox Live

•VoIP (SIP)

•FTP

•E-Mail

•eMule

•WWW Refer to Table 14 on page 60 for more information.

2 The Prestige automatically creates the bandwidth class for each service you select. You

may set the priority for each bandwidth class in the second wizard screen.

Figure 17 Media Bandwidth Mgnt. Wizard Setup: Second Screen

The following table describes the fields in this screen.

Table 14 Media Bandwidth Mgnt. Wizard Setup: Second Screen

LABEL DESCRIPTION

Service These fields display the service(s) selected in the previous screen.

Priority Select High, Mid or Low priority for each service to have your Prestige use a priority

for traffic that matches that service. Select Others if you want to specify the service priority level in the Advanced Setup

- Media Bandwidth Mgnt. screen. If the rules set up in this wizard are changed in Advanced Setup - Media Bandwidth

Mgnt. - Class Configuration, then the service priority radio button will be set to Others.

The Class Configuration screen allow you to edit these rule configurations.

Chapter 4 Wizard Setup for Media Bandwidth Management 60

P-660R/H-D Series User’s Guide

Table 14 Media Bandwidth Mgnt. Wizard Setup: Second Screen

LABEL DESCRIPTION

Back Click Back to return to the previous screen.

Finish Click Finish to complete and save the bandwidth management setup.

3 Well done! You have finished configuration of Media Bandwidth Management. You may

now continue configuring your device.

Click Return to Main Menu to return to the Site Map screen.

Figure 18 Media Bandwidth Mgnt. Wizard Setup: Finish

61 Chapter 4 Wizard Setup for Media Bandwidth Management

This chapter describes how to configure LAN settings.

5.1 LAN Overview

A Local Area Network (LAN) is a shared communication system to which many computers are attached. A LAN is a computer network limited to the immediate area, usually the same building or floor of a building. The LAN screens can help you configure a LAN DHCP server and manage IP addresses.

See Section 5.3 on page 68 to configure the LAN screens.

P-660R/H-D Series User’s Guide

CHAPTER 5

LAN Setup

5.1.1 LANs, WANs and the Prestige

The actual physical connection determines whether the Prestige ports are LAN or WAN ports. There are two separate IP networks, one inside the LAN network and the other outside the WAN network as shown next.

Figure 19 LAN and WAN IP Addresses

Chapter 5 LAN Setup 62

P-660R/H-D Series User’s Guide

5.1.2 DHCP Setup

DHCP (Dynamic Host Configuration Protocol, RFC 2131 and RFC 2132) allows individual clients to obtain TCP/IP configuration at start-up from a server. You can configure the Prestige as a DHCP server or disable it. When configured as a server, the Prestige provides the TCP/IP configuration for the clients. If you turn DHCP service off, you must have another DHCP server on your LAN, or else the computer must be manually configured.

5.1.2.1 IP Pool Setup

The Prestige is pre-configured with a pool of IP addresses for the DHCP clients (DHCP Pool). See the product specifications in the appendices. Do not assign static IP addresses from the DHCP pool to your LAN computers.

5.1.3 DNS Server Address

DNS (Domain Name System) is for mapping a domain name to its corresponding IP address and vice versa. The DNS server is extremely important because without it, you must know the IP address of a machine before you can access it. The DNS server addresses that you enter in the DHCP setup are passed to the client machines along with the assigned IP address and subnet mask.

There are two ways that an ISP disseminates the DNS server addresses. The first is for an ISP to tell a customer the DNS server addresses, usually in the form of an information sheet, when s/he signs up. If your ISP gives you the DNS server addresses, enter them in the DNS Server fields in DHCP Setup, otherwise, leave them blank.

Some ISP’s choose to pass the DNS servers using the DNS server extensions of PPP IPCP (IP Control Protocol) after the connection is up. If your ISP did not give you explicit DNS servers, chances are the DNS servers are conveyed through IPCP negotiation. The Prestige supports the IPCP DNS server extensions through the DNS proxy feature.

If the Primary and Secondary DNS Server fields in the LAN Setup screen are not specified, for instance, left as 0.0.0.0, the Prestige tells the DHCP clients that it itself is the DNS server. When a computer sends a DNS query to the Prestige, the Prestige forwards the query to the real DNS server learned through IPCP and relays the response back to the computer.

Please note that DNS proxy works only when the ISP uses the IPCP DNS server extensions. It does not mean you can leave the DNS servers out of the DHCP setup under all circumstances. If your ISP gives you explicit DNS servers, make sure that you enter their IP addresses in the LAN Setup screen. This way, the Prestige can pass the DNS servers to the computers and the computers can query the DNS server directly without the Prestige’s intervention.

5.1.4 DNS Server Address Assignment

Use DNS (Domain Name System) to map a domain name to its corresponding IP address and vice versa. The DNS server is extremely important because without it, you must know the IP address of a computer before you can access it.

63 Chapter 5 LAN Setup

There are two ways that an ISP disseminates the DNS server addresses.

• The ISP tells you the DNS server addresses, usually in the form of an information sheet, when you sign up. If your ISP gives you DNS server addresses, enter them in the DNS Server fields in the LAN Setup screen.

• The Prestige acts as a DNS proxy when the Primary and Secondary DNS Server fields are left blank in the LAN Setup screen.

5.2 LAN TCP/IP

The Prestige has built-in DHCP server capability that assigns IP addresses and DNS servers to systems that support DHCP client capability.

5.2.1 IP Address and Subnet Mask

Similar to the way houses on a street share a common street name, so too do computers on a LAN share one common network number.

P-660R/H-D Series User’s Guide

Where you obtain your network number depends on your particular situation. If the ISP or your network administrator assigns you a block of registered IP addresses, follow their instructions in selecting the IP addresses and the subnet mask.

If the ISP did not explicitly give you an IP network number, then most likely you have a single user account and the ISP will assign you a dynamic IP address when the connection is established. If this is the case, it is recommended that you select a network number from

192.168.0.0 to 192.168.255.0 and you must enable the Network Address Translation (NAT) feature of the Prestige. The Internet Assigned Number Authority (IANA) reserved this block of addresses specifically for private use; please do not use any other number unless you are told otherwise. Let's say you select 192.168.1.0 as the network number; which covers 254 individual addresses, from 192.168.1.1 to 192.168.1.254 (zero and 255 are reserved). In other words, the first three numbers specify the network number while the last number identifies an individual computer on that network.

Once you have decided on the network number, pick an IP address that is easy to remember, for instance, 192.168.1.1, for your Prestige, but make sure that no other device on your network is using that IP address.

The subnet mask specifies the network number portion of an IP address. Your Prestige will compute the subnet mask automatically based on the IP address that you entered. You don't need to change the subnet mask computed by the Prestige unless you are instructed to do otherwise.

Chapter 5 LAN Setup 64

P-660R/H-D Series User’s Guide

5.2.1.1 Private IP Addresses

Every machine on the Internet must have a unique address. If your networks are isolated from the Internet, for example, only between your two branch offices, you can assign any IP addresses to the hosts without problems. However, the Internet Assigned Numbers Authority (IANA) has reserved the following three blocks of IP addresses specifically for private networks:

• 10.0.0.0 — 10.255.255.255

• 172.16.0.0 — 172.31.255.255

• 192.168.0.0 — 192.168.255.255

You can obtain your IP address from the IANA, from an ISP or it can be assigned from a private network. If you belong to a small organization and your Internet access is through an ISP, the ISP can provide you with the Internet addresses for your local networks. On the other hand, if you are part of a much larger organization, you should consult your network administrator for the appropriate IP addresses.

Note: Regardless of your particular situation, do not create an arbitrary IP address;

always follow the guidelines above. For more information on address assignment, please refer to RFC 1597, Address Allocation for Private Internets and RFC 1466, Guidelines for Management of IP Address Space.

5.2.2 RIP Setup

RIP (Routing Information Protocol) allows a router to exchange routing information with other routers. The RIP Direction field controls the sending and receiving of RIP packets. When set to:

• Both - the Prestige will broadcast its routing table periodically and incorporate the RIP information that it receives.

• In Only - the Prestige will not send any RIP packets but will accept all RIP packets received.

• Out Only - the Prestige will send out RIP packets but will not accept any RIP packets received.

• None - the Prestige will not send any RIP packets and will ignore any RIP packets received.

The Version field controls the format and the broadcasting method of the RIP packets that the Prestige sends (it recognizes both formats when receiving). RIP-1 is universally supported; but RIP-2 carries more information. RIP-1 is probably adequate for most networks, unless you have an unusual network topology.

Both RIP-2B and RIP-2M sends the routing data in RIP-2 format; the difference being that RIP-2B uses subnet broadcasting while RIP-2M uses multicasting.

65 Chapter 5 LAN Setup

5.2.3 Multicast

Traditionally, IP packets are transmitted in one of either two ways - Unicast (1 sender - 1 recipient) or Broadcast (1 sender - everybody on the network). Multicast delivers IP packets to a group of hosts on the network - not everybody and not just 1.

IGMP (Internet Group Multicast Protocol) is a network-layer protocol used to establish membership in a Multicast group - it is not used to carry user data. IGMP version 2 (RFC

2236) is an improvement over version 1 (RFC 1112) but IGMP version 1 is still in wide use. If you would like to read more detailed information about interoperability between IGMP version 2 and version 1, please see sections 4 and 5 of RFC 2236. The class D IP address is used to identify host groups and can be in the range 224.0.0.0 to 239.255.255.255. The address

224.0.0.0 is not assigned to any group and is used by IP multicast computers. The address

224.0.0.1 is used for query messages and is assigned to the permanent group of all IP hosts (including gateways). All hosts must join the 224.0.0.1 group in order to participate in IGMP. The address 224.0.0.2 is assigned to the multicast routers group.

The Prestige supports both IGMP version 1 (IGMP-v1) and IGMP version 2 (IGMP-v2). At start up, the Prestige queries all directly connected networks to gather group membership. After that, the Prestige periodically updates this information. IP multicasting can be enabled/ disabled on the Prestige LAN and/or WAN interfaces in the web configurator (LAN; WA N ). Select None to disable IP multicasting on these interfaces.

P-660R/H-D Series User’s Guide

5.2.4 Any IP

Traditionally, you must set the IP addresses and the subnet masks of a computer and the Prestige to be in the same subnet to allow the computer to access the Internet (through the Prestige). In cases where your computer is required to use a static IP address in another network, you may need to manually configure the network settings of the computer every time you want to access the Internet via the Prestige.

With the Any IP feature and NAT enabled, the Prestige allows a computer to access the Internet without changing the network settings (such as IP address and subnet mask) of the computer, when the IP addresses of the computer and the Prestige are not in the same subnet. Whether a computer is set to use a dynamic or static (fixed) IP address, you can simply connect the computer to the Prestige and access the Internet.

The following figure depicts a scenario where a computer is set to use a static private IP address in the corporate environment. In a residential house where a Prestige is installed, you can still use the computer to access the Internet without changing the network settings, even when the IP addresses of the computer and the Prestige are not in the same subnet.

Chapter 5 LAN Setup 66

P-660R/H-D Series User’s Guide

Figure 20 Any IP Example

The Any IP feature does not apply to a computer using either a dynamic IP address or a static IP address that is in the same subnet as the Prestige’s IP address.

Note: You must enable NAT/SUA to use the Any IP feature on the Prestige.

5.2.4.1 How Any IP Works

Address Resolution Protocol (ARP) is a protocol for mapping an Internet Protocol address (IP address) to a physical machine address, also known as a Media Access Control or MAC address, on the local area network. IP routing table is defined on IP Ethernet devices (the Prestige) to decide which hop to use,

The following lists out the steps taken, when a computer tries to access the Internet for the first time through the Prestige.

1 When a computer (which is in a different subnet) first attempts to access the Internet, it

sends packets to its default gateway (which is not the Prestige) by looking at the MAC address in its ARP table.

2 When the computer cannot locate the default gateway, an ARP request is broadcast on the

LAN.

3 The Prestige receives the ARP request and replies to the computer with its own MAC

address.

4 The computer updates the MAC address for the default gateway to the ARP table. Once

the ARP table is updated, the computer is able to access the Internet through the Prestige.

to help forward data along to its specified destination.

5 When the Prestige receives packets from the computer, it creates an entry in the IP

routing table so it can properly forward packets intended for the computer.

After all the routing information is updated, the computer can access the Prestige and the Internet as if it is in the same subnet as the Prestige.

67 Chapter 5 LAN Setup

5.3 Configuring LAN

Click LAN to open the LAN Setup screen. See Section 5.1 on page 62 for background information.

Figure 21 LAN Setup

P-660R/H-D Series User’s Guide

The following table describes the fields in this screen.

Table 15 LAN Setup

LABEL DESCRIPTION

DHCP

DHCP If set to Server, your Prestige can assign IP addresses, an IP default gateway

and DNS servers to Windows 95, Windows NT and other systems that support the DHCP client.

If set to None, the DHCP server will be disabled. If set to Relay, the Prestige acts as a surrogate DHCP server and relays DHCP

requests and responses between the remote server and the clients. Enter the IP address of the actual, remote DHCP server in the Remote DHCP Server field in this case.

When DHCP is used, the following items need to be set:

Client IP Pool Starting Address

Chapter 5 LAN Setup 68

This field specifies the first of the contiguous addresses in the IP address pool.

P-660R/H-D Series User’s Guide

Table 15 LAN Setup (continued)

LABEL DESCRIPTION

Size of Client IP Pool

Primary DNS Server Enter the IP addresses of the DNS servers. The DNS servers are passed to the

Secondary DNS Server

Remote DHCP Server

TCP/IP

IP Address Enter the IP address of your Prestige in dotted decimal notation, for example,

IP Subnet Mask Type the subnet mask assigned to you by your ISP (if given).

RIP Direction Select the RIP direction from None, Both, In Only and Out Only.

RIP Version Select the RIP version from RIP-1, RIP-2B and RIP-2M.

Multicast IGMP (Internet Group Multicast Protocol) is a network-layer protocol used to

Any IP Setup Select the Active check box to enable the Any IP feature. This allows a computer

Apply Click Apply to save your changes back to the Prestige.

Cancel Click Cancel to begin configuring this screen afresh.

This field specifies the size or count of the IP address pool.

DHCP clients along with the IP address and the subnet mask.

As above.

If Relay is selected in the DHCP field above then enter the IP address of the actual remote DHCP server here.

192.168.1.1 (factory default).

establish membership in a multicast group. The Prestige supports both IGMP version 1 (IGMP-v1) and IGMP-v2. Select None to disable it.

to access the Internet without changing the network settings (such as IP address and subnet mask) of the computer, even when the IP addresses of the computer and the Prestige are not in the same subnet.

When you disable the Any IP feature, only computers with dynamic IP addresses or static IP addresses in the same subnet as the Prestige’s LAN IP address can connect to the Prestige or access the Internet through the Prestige.

69 Chapter 5 LAN Setup

This chapter describes how to configure WAN settings.

6.1 WAN Overview

A WAN (Wide Area Network) is an outside connection to another network or the Internet.

6.1.1 Encapsulation

Be sure to use the encapsulation method required by your ISP. The Prestige supports the following methods.

P-660R/H-D Series User’s Guide

CHAPTER 6

WAN Setup

6.1.1.1 ENET ENCAP

The MAC Encapsulated Routing Link Protocol (ENET ENCAP) is only implemented with the IP network protocol. IP packets are routed between the Ethernet interface and the WAN interface and then formatted so that they can be understood in a bridged environment. For instance, it encapsulates routed Ethernet frames into bridged ATM cells. ENET ENCAP requires that you specify a gateway IP address in the ENET ENCAP Gateway field in the second wizard screen. You can get this information from your ISP.

6.1.1.2 PPP over Ethernet

PPPoE provides access control and billing functionality in a manner similar to dial-up services using PPP. The Prestige bridges a PPP session over Ethernet (PPP over Ethernet, RFC 2516) from your computer to an ATM PVC (Permanent Virtual Circuit) which connects to ADSL Access Concentrator where the PPP session terminates. One PVC can support any number of PPP sessions from your LAN. For more information on PPPoE, see the appendices.

6.1.1.3 PPPoA

PPPoA stands for Point to Point Protocol over ATM Adaptation Layer 5 (AAL5). A PPPoA connection functions like a dial-up Internet connection. The Prestige encapsulates the PPP session based on RFC1483 and sends it through an ATM PVC (Permanent Virtual Circuit) to the Internet Service Provider’s (ISP) DSLAM (digital access multiplexer). Please refer to RFC 2364 for more information on PPPoA. Refer to RFC 1661 for more information on PPP.

Chapter 6 WAN Setup 70

P-660R/H-D Series User’s Guide

6.1.1.4 RFC 1483

RFC 1483 describes two methods for Multiprotocol Encapsulation over ATM Adaptation Layer 5 (AAL5). The first method allows multiplexing of multiple protocols over a single ATM virtual circuit (LLC-based multiplexing) and the second method assumes that each protocol is carried over a separate ATM virtual circuit (VC-based multiplexing). Please refer to the RFC for more detailed information.

6.1.2 Multiplexing

There are two conventions to identify what protocols the virtual circuit (VC) is carrying. Be sure to use the multiplexing method required by your ISP.

6.1.2.1 VC-based Multiplexing

In this case, by prior mutual agreement, each protocol is assigned to a specific virtual circuit; for example, VC1 carries IP, etc. VC-based multiplexing may be dominant in environments where dynamic creation of large numbers of ATM VCs is fast and economical.

6.1.2.2 LLC-based Multiplexing

In this case one VC carries multiple protocols with protocol identifying information being contained in each packet header. Despite the extra bandwidth and processing overhead, this method may be advantageous if it is not practical to have a separate VC for each carried protocol, for example, if charging heavily depends on the number of simultaneous VCs.

6.1.3 VPI and VCI

Be sure to use the correct Virtual Path Identifier (VPI) and Virtual Channel Identifier (VCI) numbers assigned to you. The valid range for the VPI is 0 to 255 and for the VCI is 32 to 65535 (0 to 31 is reserved for local management of ATM traffic). Please see the appendix for more information.

6.1.4 IP Address Assignment

A static IP is a fixed IP that your ISP gives you. A dynamic IP is not fixed; the ISP assigns you a different one each time. The Single User Account feature can be enabled or disabled if you have either a dynamic or static IP. However the encapsulation method assigned influences your choices for IP address and ENET ENCAP gateway.

6.1.4.1 IP Assignment with PPPoA or PPPoE Encapsulation

If you have a dynamic IP, then the IP Address and ENET ENCAP Gateway fields are not applicable (N/A). If you have a static IP, then you only need to fill in the IP Address field and not the ENET ENCAP Gateway field.

71 Chapter 6 WAN Setup

6.1.4.2 IP Assignment with RFC 1483 Encapsulation

In this case the IP Address Assignment must be static with the same requirements for the IP Address and ENET ENCAP Gateway fields as stated above.

6.1.4.3 IP Assignment with ENET ENCAP Encapsulation

In this case you can have either a static or dynamic IP. For a static IP you must fill in all the IP Address and ENET ENCAP Gateway fields as supplied by your ISP. However for a dynamic IP, the Prestige acts as a DHCP client on the WAN port and so the IP Address and ENET ENCAP Gateway fields are not applicable (N/A) as the DHCP server assigns them to

the Prestige.

6.1.5 Nailed-Up Connection (PPP)

A nailed-up connection is a dial-up line where the connection is always up regardless of traffic demand. The Prestige does two things when you specify a nailed-up connection. The first is that idle timeout is disabled. The second is that the Prestige will try to bring up the connection when turned on and whenever the connection is down. A nailed-up connection can be very expensive for obvious reasons.

P-660R/H-D Series User’s Guide

Do not specify a nailed-up connection unless your telephone company offers flat-rate service or you need a constant connection and the cost is of no concern

6.1.6 NAT

NAT (Network Address Translation - NAT, RFC 1631) is the translation of the IP address of a host in a packet, for example, the source address of an outgoing packet, used within one network to a different IP address known within another network.

6.2 Metric

The metric represents the "cost of transmission". A router determines the best route for transmission by choosing a path with the lowest "cost". RIP routing uses hop count as the measurement of cost, with a minimum of "1" for directly connected networks. The number must be between "1" and "15"; a number greater than "15" means the link is down. The smaller the number, the lower the "cost".

The metric sets the priority for the Prestige’s routes to the Internet. If any two of the default routes have the same metric, the Prestige uses the following pre-defined priorities:

• Normal route: designated by the ISP (see Section 6.7 on page 75)

• Traffic-redirect route (see Section 6.8 on page 78)

• WAN-backup route, also called dial-backup (see Section 6.9 on page 79)

Chapter 6 WAN Setup 72

P-660R/H-D Series User’s Guide

For example, if the normal route has a metric of "1" and the traffic-redirect route has a metric of "2" and dial-backup route has a metric of "3", then the normal route acts as the primary default route. If the normal route fails to connect to the Internet, the Prestige tries the trafficredirect route next. In the same manner, the Prestige uses the dial-backup route if the trafficredirect route also fails.

If you want the dial-backup route to take first priority over the traffic-redirect route or even the normal route, all you need to do is set the dial-backup route’s metric to "1" and the others to "2" (or greater).

IP Policy Routing overrides the default routing behavior and takes priority over all of the routes mentioned above.

6.3 PPPoE Encapsulation

The Prestige supports PPPoE (Point-to-Point Protocol over Ethernet). PPPoE is an IETF Draft standard (RFC 2516) specifying how a personal computer (PC) interacts with a broadband modem (DSL, cable, wireless, etc.) connection. The PPPoE option is for a dial-up connection using PPPoE.

For the service provider, PPPoE offers an access and authentication method that works with existing access control systems (for example Radius).

One of the benefits of PPPoE is the ability to let you access one of multiple network services, a function known as dynamic service selection. This enables the service provider to easily create and offer new IP services for individuals.

Operationally, PPPoE saves significant effort for both you and the ISP or carrier, as it requires no specific configuration of the broadband modem at the customer site.

By implementing PPPoE directly on the Prestige (rather than individual computers), the computers on the LAN do not need PPPoE software installed, since the Prestige does that part of the task. Furthermore, with NAT, all of the LANs’ computers will have access.

6.4 Traffic Shaping

Traffic Shaping is an agreement between the carrier and the subscriber to regulate the average rate and fluctuations of data transmission over an ATM network. This agreement helps eliminate congestion, which is important for transmission of real time data such as audio and video connections.

Peak Cell Rate (PCR) is the maximum rate at which the sender can send cells. This parameter may be lower (but not higher) than the maximum line speed. 1 ATM cell is 53 bytes (424 bits), so a maximum speed of 832Kbps gives a maximum PCR of 1962 cells/sec. This rate is not guaranteed because it is dependent on the line speed.

73 Chapter 6 WAN Setup

P-660R/H-D Series User’s Guide

Sustained Cell Rate (SCR) is the mean cell rate of each bursty traffic source. It specifies the maximum average rate at which cells can be sent over the virtual connection. SCR may not be greater than the PCR.

Maximum Burst Size (MBS) is the maximum number of cells that can be sent at the PCR. After MBS is reached, cell rates fall below SCR until cell rate averages to the SCR again. At this time, more cells (up to the MBS) can be sent at the PCR again.

If the PCR, SCR or MBS is set to the default of "0", the system will assign a maximum value that correlates to your upstream line rate.

The following figure illustrates the relationship between PCR, SCR and MBS.

Figure 22 Example of Traffic Shaping

6.5 Zero Configuration Internet Access

Once you turn on and connect the Prestige to a telephone jack, it automatically detects the Internet connection settings (such as the VCI/VPI numbers and the encapsulation method) from the ISP and makes the necessary configuration changes. In cases where additional account information (such as an Internet account user name and password) is required or the Prestige cannot connect to the ISP, you will be redirected to web screen(s) for information input or troubleshooting.

Zero configuration for Internet access is disable when

• the Prestige is in bridge mode

• you set the Prestige to use a static (fixed) WAN IP address.

6.6 The Main WAN Screen

Click WA N in the navigation panel to display the man WA N screen.

See Section 6.1 on page 70 for more information.

Chapter 6 WAN Setup 74

P-660R/H-D Series User’s Guide

Figure 23 WAN

The following table describes the links in this screen.

Table 16 WAN

LINK DESCRIPTION

WAN Setup Click this link to go to the screen where you can configure your Prestige for an Internet

connection.

WAN Backup Click this link to go to the screen where you can configure WAN backup connections

(traffic redirect and dial backup).

6.7 Configuring WAN Setup

To change your Prestige’s WAN remote node settings, click WA N and WAN Setup. The screen differs by the encapsulation.

See Section 6.1 on page 70 for more information.

75 Chapter 6 WAN Setup

Figure 24 WAN Setup (PPPoE)

P-660R/H-D Series User’s Guide

The following table describes the fields in this screen.

Table 17 WAN Setup

LABEL DESCRIPTION

Name Enter the name of your Internet Service Provider, e.g., MyISP. This information is

for identification purposes only.

Mode Select Routing (default) from the drop-down list box if your ISP allows multiple

computers to share an Internet account. Otherwise select Bridge.

Chapter 6 WAN Setup 76

P-660R/H-D Series User’s Guide

Table 17 WAN Setup (continued)

LABEL DESCRIPTION

Encapsulation Select the method of encapsulation used by your ISP from the drop-down list

Multiplex Select the method of multiplexing used by your ISP from the drop-down list.

Virtual Circuit ID VPI (Virtual Path Identifier) and VCI (Virtual Channel Identifier) define a virtual

VPI The valid range for the VPI is 0 to 255. Enter the VPI assigned to you.

VCI The valid range for the VCI is 32 to 65535 (0 to 31 is reserved for local

ATM QoS Type Select CBR (Continuous Bit Rate) to specify fixed (always-on) bandwidth for

Cell Rate Cell rate configuration often helps eliminate traffic congestion that slows

Peak Cell Rate Divide the DSL line rate (bps) by 424 (the size of an ATM cell) to find the Peak

Sustain Cell Rate The Sustain Cell Rate (SCR) sets the average cell rate (long-term) that can be

Maximum Burst Size Maximum Burst Size (MBS) refers to the maximum number of cells that can be

box. Choices vary depending on the mode you select in the Mode field. If you select Bridge in the Mode field, select either PPPoA or RFC 1483. If you select Routing in the Mode field, select PPPoA, RFC 1483, ENET

ENCAP or PPPoE.

Choices are VC or LLC.

circuit. Refer to the appendix for more information.

management of ATM traffic). Enter the VCI assigned to you.

voice or data traffic. Select UBR (Unspecified Bit Rate) for applications that are non-time sensitive, such as e-mail. Select VBR (Variable Bit Rate) for bursty traffic and bandwidth sharing with other applications.

transmission of real time data such as audio and video connections.

Cell Rate (PCR). This is the maximum rate at which the sender can send cells. Type the PCR here.

transmitted. Type the SCR, which must be less than the PCR. Note that system default is 0 cells/sec.

sent at the peak rate. Type the MBS, which is less than 65535.

Service Name (PPPoE only) Type the name of your PPPoE service here.

User Name Enter the user name exactly as your ISP assigned. If assigned a name in the

form user@domain where domain identifies a service name, then enter both components exactly as given.

Password Enter the password associated with the user name above.

IP Address This option is available if you select Routing in the Mode field.

A static IP address is a fixed IP that your ISP gives you. A dynamic IP address is not fixed; the ISP assigns you a different one each time you connect to the Internet.

Select Obtain an IP Address Automatically if you have a dynamic IP address; otherwise select Static IP Address and type your ISP assigned IP address in the IP Address field below.

Connection (PPPoA and PPPoE

encapsulation only)

Nailed-Up Connection

Connect on Demand Select Connect on Demand when you don't want the connection up all the time

The schedule rule(s) in SMT menu 26 have priority over your Connection settings.

Select Nailed-Up Connection when you want your connection up all the time. The Prestige will try to bring up the connection automatically if it is disconnected.

and specify an idle time-out in the Max Idle Timeout field.

77 Chapter 6 WAN Setup

P-660R/H-D Series User’s Guide

Table 17 WAN Setup (continued)

LABEL DESCRIPTION

Max Idle Timeout Specify an idle time-out in the Max Idle Timeout field when you select Connect

on Demand. The default setting is 0, which means the Internet session will not

timeout.

PPPoE Passthrough (PPPoE

encapsulation only)

Subnet Mask (ENET ENCAP

encapsulation only)

ENET ENCAP Gateway

(ENET ENCAP encapsulation only)

Zero Configuration This feature is not applicable/available when you configure the Prestige to use a

Back Click Back to return to the previous screen.

Apply Click Apply to save the changes.

Cancel Click Cancel to begin configuring this screen afresh.

This field is available when you select PPPoE encapsulation. In addition to the Prestige's built-in PPPoE client, you can enable PPPoE pass

through to allow up to ten hosts on the LAN to use PPPoE client software on their computers to connect to the ISP via the Prestige. Each host can have a separate account and a public WAN IP address.

PPPoE pass through is an alternative to NAT for application where NAT is not appropriate.

Disable PPPoE pass through if you do not need to allow hosts on the LAN to use PPPoE client software on their computers to connect to the ISP.

Enter a subnet mask in dotted decimal notation. Refer to the appendices to calculate a subnet mask If you are implementing

subnetting.

You must specify a gateway IP address (supplied by your ISP) when you select ENET ENCAP in the Encapsulation field

static WAN IP address or in bridge mode. Select Yes to set the Prestige to automatically detect the Internet connection

settings (such as the VCI/VPI numbers and the encapsulation method) from the ISP and make the necessary configuration changes.

Select No to disable this feature. You must manually configure the Prestige for Internet access.

6.8 Traffic Redirect

Traffic redirect forwards traffic to a backup gateway when the Prestige cannot connect to the Internet. An example is shown in the figure below.

Chapter 6 WAN Setup 78

P-660R/H-D Series User’s Guide

Figure 25 Traffic Redirect Example

The following network topology allows you to avoid triangle route security issues when the backup gateway is connected to the LAN. Use IP alias to configure the LAN into two or three logical networks with the Prestige itself as the gateway for each LAN network. Put the protected LAN in one subnet (Subnet 1 in the following figure) and the backup gateway in another subnet (Subnet 2). Configure filters that allow packets from the protected LAN (Subnet 1) to the backup gateway (Subnet 2).

Figure 26 Traffic Redirect LAN Setup

6.9 Configuring WAN Backup

To change your Prestige’s WAN backup settings, click WA N, then WAN Backup. The screen appears as shown.

79 Chapter 6 WAN Setup

Figure 27 WAN Backup

P-660R/H-D Series User’s Guide

The following table describes the fields in this screen.

Table 18 WAN Backup

LABEL DESCRIPTION

Backup Type Select the method that the Prestige uses to check the DSL connection.

Select DSL Link to have the Prestige check if the connection to the DSLAM is up. Select ICMP to have the Prestige periodically ping the IP addresses configured in the Check WAN IP Address fields.

Check WAN IP Address1-3

Configure this field to test your Prestige's WAN accessibility. Type the IP address of a reliable nearby computer (for example, your ISP's DNS server address).

Note: If you activate either traffic redirect or dial backup, you must

configure at least one IP address here.

When using a WAN backup connection, the Prestige periodically pings the addresses configured here and uses the other WAN backup connection (if configured) if there is no response.

Fail Tolerance Type the number of times (2 recommended) that your Prestige may ping the IP

addresses configured in the Check WAN IP Address field without getting a response before switching to a WAN backup connection (or a different WAN backup connection).

Recovery Interval When the Prestige is using a lower priority connection (usually a WAN backup

connection), it periodically checks to whether or not it can use a higher priority connection.

Type the number of seconds (30 recommended) for the Prestige to wait between checks. Allow more time if your destination IP address handles lots of traffic.

Chapter 6 WAN Setup 80

P-660R/H-D Series User’s Guide

Table 18 WAN Backup (continued)

LABEL DESCRIPTION

Timeout Type the number of seconds (3 recommended) for your Prestige to wait for a ping

response from one of the IP addresses in the Check WAN IP Address field before timing out the request. The WAN connection is considered "down" after the Prestige times out the number of times specified in the Fail Tolerance field. Use a higher value in this field if your network is busy or congested.

Traffic Redirect Traffic redirect forwards traffic to a backup gateway when the Prestige cannot

connect to the Internet.

Active Select this check box to have the Prestige use traffic redirect if the normal WAN

connection goes down.

Note: If you activate traffic redirect, you must configure at least one

Metric This field sets this route's priority among the routes the Prestige uses.

Backup Gateway Type the IP address of your backup gateway in dotted decimal notation. The

Prestige automatically forwards traffic to this IP address if the Prestige's Internet connection terminates.

Back Click Back to return to the previous screen.

Apply Click Apply to save the changes.

Cancel Click Cancel to begin configuring this screen afresh.

Check WAN IP Address.

81 Chapter 6 WAN Setup

Network Address Translation

This chapter discusses how to configure NAT on the Prestige.

7.1 NAT Overview

P-660R/H-D Series User’s Guide

CHAPTER 7

(NAT) Screens

7.1.1 NAT Definitions

Inside/outside denotes where a host is located relative to the Prestige, for example, the computers of your subscribers are the inside hosts, while the web servers on the Internet are the outside hosts.

Global/local denotes the IP address of a host in a packet as the packet traverses a router, for example, the local address refers to the IP address of a host when the packet is in the local network, while the global address refers to the IP address of the host when the same packet is traveling in the WAN side.

Note that inside/outside refers to the location of a host, while global/local refers to the IP address of a host used in a packet. Thus, an inside local address (ILA) is the IP address of an inside host in a packet when the packet is still in the local network, while an inside global address (IGA) is the IP address of the same inside host when the packet is on the WAN side. The following table summarizes this information.

Table 19 NAT Definitions

ITEM DESCRIPTION

Inside This refers to the host on the LAN.

Outside This refers to the host on the WAN.

Local This refers to the packet address (source or destination) as the packet travels on the

LAN.

Global This refers to the packet address (source or destination) as the packet travels on the

WAN.

NAT never changes the IP address (either local or global) of an outside host.

Chapter 7 Network Address Translation (NAT) Screens 82

P-660R/H-D Series User’s Guide

7.1.2 What NAT Does

In the simplest form, NAT changes the source IP address in a packet received from a subscriber (the inside local address) to another (the inside global address) before forwarding the packet to the WAN side. When the response comes back, NAT translates the destination address (the inside global address) back to the inside local address before forwarding it to the original inside host. Note that the IP address (either local or global) of an outside host is never changed.

The global IP addresses for the inside hosts can be either static or dynamically assigned by the ISP. In addition, you can designate servers, for example, a web server and a telnet server, on your local network and make them accessible to the outside world. If you do not define any servers (for Many-to-One and Many-to-Many Overload mapping – see Table 20 on page 85), NAT offers the additional benefit of firewall protection. With no servers defined, your Prestige filters out all incoming inquiries, thus preventing intruders from probing your network. For more information on IP address translation, refer to RFC 1631, The IP Network Address Translator (NAT).

7.1.3 How NAT Works

Each packet has two addresses – a source address and a destination address. For outgoing packets, the ILA (Inside Local Address) is the source address on the LAN, and the IGA (Inside Global Address) is the source address on the WAN. For incoming packets, the ILA is the destination address on the LAN, and the IGA is the destination address on the WAN. NAT maps private (local) IP addresses to globally unique ones required for communication with hosts on other networks. It replaces the original IP source address (and TCP or UDP source port numbers for Many-to-One and Many-to-Many Overload NAT mapping) in each packet and then forwards it to the Internet. The Prestige keeps track of the original addresses and port numbers so incoming reply packets can have their original values restored. The following figure illustrates this.

Figure 28 How NAT Works

83 Chapter 7 Network Address Translation (NAT) Screens

7.1.4 NAT Application

The following figure illustrates a possible NAT application, where three inside LANs (logical LANs using IP Alias) behind the Prestige can communicate with three distinct WAN networks. More examples follow at the end of this chapter.

Figure 29 NAT Application With IP Alias

P-660R/H-D Series User’s Guide

7.1.5 NAT Mapping Types

NAT supports five types of IP/port mapping. They are:

• One to One: In One-to-One mode, the Prestige maps one local IP address to one global IP address.

• Many to One: In Many-to-One mode, the Prestige maps multiple local IP addresses to one global IP address. This is equivalent to SUA (for instance, PAT, port address translation), ZyXEL’s Single User Account feature that previous ZyXEL routers supported (the SUA Only option in today’s routers).

• Many to Many Overload: In Many-to-Many Overload mode, the Prestige maps the multiple local IP addresses to shared global IP addresses.

• Many-to-Many No Overload: each local IP address to a unique global IP address.

• Server: This type allows you to specify inside servers of different services behind the NAT to be accessible to the outside world.

Chapter 7 Network Address Translation (NAT) Screens 84

In Many-to-Many No Overload mode, the Prestige maps

P-660R/H-D Series User’s Guide

Port numbers do NOT change for One-to-One and Many-to-Many No Overload NAT mapping types.

The following table summarizes these types.

Table 20 NAT Mapping Types

TYPE IP MAPPING SMT ABBREVIATION

One-to-One ILA1ÅÆ IGA1 1-1

Many-to-One (SUA/PAT) ILA1ÅÆ IGA1

Many-to-Many Overload ILA1ÅÆ IGA1

Many-to-Many No Overload ILA1ÅÆ IGA1

Server Server 1 IPÅÆ IGA1

M-1 ILA2ÅÆ IGA1 …

M-M O+ ILA2ÅÆ IGA2 ILA3ÅÆ IGA1 ILA4ÅÆ IGA2 …

M-M N+ ILA2ÅÆ IGA2 ILA3ÅÆ IGA3 …

Server+ Server 2 IPÅÆ IGA1 Server 3 IPÅÆ IGA1

7.2 SUA (Single User Account) Versus NAT

SUA (Single User Account) is a ZyNOS implementation of a subset of NAT that supports two types of mapping, Many-to-One and Server. The Prestige also supports Full Feature NAT to map multiple global IP addresses to multiple private LAN IP addresses of clients or servers using mapping types as outlined in Table 20 on page 85.

• Choose SUA Only if you have just one public WAN IP address for your Prestige.

• Choose Full Feature if you have multiple public WAN IP addresses for your Prestige.

7.3 SUA Server

A SUA server set is a list of inside (behind NAT on the LAN) servers, for example, web or FTP, that you can make visible to the outside world even though SUA makes your whole inside network appear as a single computer to the outside world.

85 Chapter 7 Network Address Translation (NAT) Screens

You may enter a single port number or a range of port numbers to be forwarded, and the local IP address of the desired server. The port number identifies a service; for example, web service is on port 80 and FTP on port 21. In some cases, such as for unknown services or where one server can support more than one service (for example both FTP and web service), it might be better to specify a range of port numbers. You can allocate a server IP address that corresponds to a port or a range of ports.

Many residential broadband ISP accounts do not allow you to run any server processes (such as a Web or FTP server) from your location. Your ISP may periodically check for servers and may suspend your account if it discovers any active services at your location. If you are unsure, refer to your ISP.

7.3.1 Default Server IP Address

In addition to the servers for specified services, NAT supports a default server IP address. A default server receives packets from ports that are not specified in this screen.

If you do not assign an IP address in Server Set 1 (default server) the Prestige discards all packets received for ports that are not specified here or in the remote management setup.

P-660R/H-D Series User’s Guide

7.3.2 Port Forwarding: Services and Port Numbers

The most often used port numbers are shown in the following table. Please refer to RFC 1700 for further information about port numbers.

Table 21 Services and Port Numbers

SERVICES PORT NUMBER

ECHO 7

FTP (File Transfer Protocol) 21

SMTP (Simple Mail Transfer Protocol) 25

DNS (Domain Name System) 53

Finger 79

HTTP (Hyper Text Transfer protocol or WWW, Web) 80

POP3 (Post Office Protocol) 110

NNTP (Network News Transport Protocol) 119

SNMP (Simple Network Management Protocol) 161

SNMP trap 162

PPTP (Point-to-Point Tunneling Protocol) 1723

Chapter 7 Network Address Translation (NAT) Screens 86

P-660R/H-D Series User’s Guide

7.3.3 Configuring Servers Behind SUA (Example)

Let's say you want to assign ports 21-25 to one FTP, Telnet and SMTP server (A in the example), port 80 to another (B in the example) and assign a default server IP address of

192.168.1.35 to a third (C in the example). You assign the LAN IP addresses and the ISP assigns the WAN IP address. The NAT network appears as a single host on the Internet.

IP address assigned by ISP.

Figure 30 Multiple Servers Behind NAT Example

7.4 Selecting the NAT Mode

You must create a firewall rule in addition to setting up SUA/NAT, to allow traffic from the WAN to be forwarded through the Prestige. Click NAT to open the following screen.

Figure 31 NAT Mode

87 Chapter 7 Network Address Translation (NAT) Screens

The following table describes the labels in this screen.

Table 22 NAT Mode

LABEL DESCRIPTION

None Select this radio button to disable NAT.

SUA Only Select this radio button if you have just one public WAN IP address for your Prestige.

The Prestige uses Address Mapping Set 1 in the NAT - Edit SUA/NAT Server Set screen.

Edit Details Click this link to go to the NAT - Edit SUA/NAT Server Set screen.

Full Feature Select this radio button if you have multiple public WAN IP addresses for your Prestige.

Edit Details Click this link to go to the NAT - Address Mapping Rules screen.

Enable SIP ALG

Apply Click Apply to save your configuration.

Select the Enable SIP ALG checkbox to allow SIP sessions to pass through the Prestige. SIP is a signaling protocol used in VoIP (Voice over IP), the sending of voice signals over Internet Protocol.

7.5 Configuring SUA Server Set

P-660R/H-D Series User’s Guide

If you do not assign an IP address in Server Set 1 (default server) the Prestige discards all packets received for ports that are not specified here or in the remote management setup.

Click NAT, select SUA Only and click Edit Details to open the following screen.

See Section 7.3 on page 85 for more information. See Table 21 on page 86 for port numbers commonly used for particular services.

Chapter 7 Network Address Translation (NAT) Screens 88

P-660R/H-D Series User’s Guide

Figure 32 Edit SUA/NAT Server Set

The following table describes the fields in this screen.

Table 23 Edit SUA/NAT Server Set

LABEL DESCRIPTION

Start Port No. Enter a port number in this field.

To forward only one port, enter the port number again in the End Port No. field. To forward a series of ports, enter the start port number here and the end port

number in the End Port No. field.

End Port No. Enter a port number in this field.

To forward only one port, enter the port number again in the Start Port No. field above and then enter it again in this field.

To forward a series of ports, enter the last port number in a series that begins with the port number in the Start Port No. field above.

Server IP Address Enter your server IP address in this field.

Save Click Save to save your changes back to the Prestige.

Cancel Click Cancel to return to the previous configuration.

89 Chapter 7 Network Address Translation (NAT) Screens

7.6 Configuring Address Mapping Rules

Ordering your rules is important because the Prestige applies the rules in the order that you specify. When a rule matches the current packet, the Prestige takes the corresponding action and the remaining rules are ignored. If there are any empty rules before your new configured rule, your configured rule will be pushed up by that number of empty rules. For example, if you have already configured rules 1 to 6 in your current set and now you configure rule number 9. In the set summary screen, the new rule will be rule 7, not 9. Now if you delete rule 4, rules 5 to 7 will be pushed up by 1 rule, so old rules 5, 6 and 7 become new rules 4, 5 and 6.

To change your Prestige’s address mapping settings, click NAT, Select Full Feature and click Edit Details to open the following screen.

Figure 33 Address Mapping Rules

P-660R/H-D Series User’s Guide

The following table describes the fields in this screen.

Table 24 Address Mapping Rules

LABEL DESCRIPTION

Local Start IP This is the starting Inside Local IP Address (ILA). Local IP addresses are N/A for

Server port mapping.

Local End IP This is the end Inside Local IP Address (ILA). If the rule is for all local IP addresses,

Global Start IP This is the starting Inside Global IP Address (IGA). Enter 0.0.0.0 here if you have a

Global End IP This is the ending Inside Global IP Address (IGA). This field is N/A for One-to-one,

Chapter 7 Network Address Translation (NAT) Screens 90

then this field displays 0.0.0.0 as the Local Start IP address and 255.255.255.255 as the Local End IP address. This field is N/A for One-to-one and Server mapping types.

dynamic IP address from your ISP. You can only do this for Many-to-One and

Server mapping types.

Many-to-One and Server mapping types.

P-660R/H-D Series User’s Guide

Table 24 Address Mapping Rules (continued)

LABEL DESCRIPTION

Type 1-1: One-to-one mode maps one local IP address to one global IP address. Note that

port numbers do not change for the One-to-one NAT mapping type. M-1: Many-to-One mode maps multiple local IP addresses to one global IP address.

This is equivalent to SUA (i.e., PAT, port address translation), ZyXEL's Single User Account feature that previous ZyXEL routers supported only.

M-M Ov (Overload): Many-to-Many Overload mode maps multiple local IP addresses to shared global IP addresses.

MM No (No Overload): Many-to-Many No Overload mode maps each local IP address to unique global IP addresses.

Server: This type allows you to specify inside servers of different services behind the NAT to be accessible to the outside world.

Back Click Back to return to the NAT Mode screen.

7.7 Editing an Address Mapping Rule

To edit an address mapping rule, click the rule’s link in the NAT Address Mapping Rules screen to display the screen shown next.

Figure 34 Edit Address Mapping Rule

91 Chapter 7 Network Address Translation (NAT) Screens

P-660R/H-D Series User’s Guide

The following table describes the fields in this screen.

Table 25 Edit Address Mapping Rule

LABEL DESCRIPTION

Type Choose the port mapping type from one of the following.

• One-to-One: One-to-One mode maps one local IP address to one global IP address. Note that port numbers do not change for One-to-one NAT mapping type.

• Many-to-One: Many-to-One mode maps multiple local IP addresses to one global IP address. This is equivalent to SUA (i.e., PAT, port address translation), ZyXEL's Single User Account feature that previous ZyXEL routers supported only.

• Many-to-Many Overload: Many-to-Many Overload mode maps multiple local IP addresses to shared global IP addresses.

• Many-to-Many No Overload: Many-to-Many No Overload mode maps each local IP address to unique global IP addresses.

• Server: This type allows you to specify inside servers of different services behind the NAT to be accessible to the outside world.

Local Start IP This is the starting local IP address (ILA). Local IP addresses are N/A for Server port

mapping.

Local End IP This is the end local IP address (ILA). If your rule is for all local IP addresses, then

enter 0.0.0.0 as the Local Start IP address and 255.255.255.255 as the Local End IP address.

This field is N/A for One-to-One and Server mapping types.

Global Start IP This is the starting global IP address (IGA). Enter 0.0.0.0 here if you have a dynamic

IP address from your ISP.

Global End IP This is the ending global IP address (IGA). This field is N/A for One-to-One, Many-

to-One and Server mapping types.

Server Mapping Set

Edit Details Click this link to go to the NAT - Edit SUA/NAT Server Set screen to edit a server

Apply Click Apply to save your changes back to the Prestige.

Cancel Click Cancel to return to the previously saved settings.

Delete Click Delete to exit this screen without saving.

Only available when Type is set to Server. Select a number from the drop-down menu to choose a server set from the NAT -

Address Mapping Rules screen.

set that you have selected in the Server Mapping Set field.

Chapter 7 Network Address Translation (NAT) Screens 92

P-660R/H-D Series User’s Guide

93 Chapter 7 Network Address Translation (NAT) Screens

Dynamic DNS Setup

This chapter discusses how to configure your Prestige to use Dynamic DNS.

8.1 Dynamic DNS Overview

Dynamic DNS allows you to update your current dynamic IP address with one or many dynamic DNS services so that anyone can contact you (in NetMeeting, CU-SeeMe, etc.). You can also access your FTP server or Web site on your own computer using a domain name (for instance myhost.dhs.org, where myhost is a name of your choice) that will never change instead of using an IP address that changes each time you reconnect. Your friends or relatives will always be able to call you even if they don't know your IP address.

P-660R/H-D Series User’s Guide

CHAPTER 8

First of all, you need to have registered a dynamic DNS account with www.dyndns.org. This is for people with a dynamic IP from their ISP or DHCP server that would still like to have a domain name. The Dynamic DNS service provider will give you a password or key.

8.1.1 DYNDNS Wildcard

Enabling the wildcard feature for your host causes *.yourhost.dyndns.org to be aliased to the same IP address as yourhost.dyndns.org. This feature is useful if you want to be able to use, for example, www.yourhost.dyndns.org and still reach your hostname.

If you have a private WAN IP address, then you cannot use Dynamic DNS.

See Section 8.2 on page 94 for configuration instruction.

8.2 Configuring Dynamic DNS

To change your Prestige’s DDNS, click Dynamic DNS. The screen appears as shown.

See Section 8.1 on page 94 for more information.

Chapter 8 Dynamic DNS Setup 94

P-660R/H-D Series User’s Guide

Figure 35 Dynamic DNS

The following table describes the fields in this screen.

Table 26 Dynamic DNS

LABEL DESCRIPTION

Active Select this check box to use dynamic DNS.

Service Provider This is the name of your Dynamic DNS service provider.

Host Names Type the domain name assigned to your Prestige by your Dynamic DNS provider.

E-mail Address Type your e-mail address.

User Type your user name.

Password Type the password assigned to you.

Enable Wildcard Select the check box to enable DYNDNS Wildcard.

Apply Click Apply to save your changes back to the Prestige.

Cancel Click Cancel to begin configuring this screen afresh.

95 Chapter 8 Dynamic DNS Setup

This screen is not available on all models. Use this screen to configure the Prestige’s time and date settings.

9.1 Configuring Time and Date

To change your Prestige’s time and date, click Time And Date. The screen appears as shown. Use this screen to configure the Prestige’s time based on your local time zone.

Figure 36 Time and Date

P-660R/H-D Series User’s Guide

CHAPTER 9

Time and Date

The following table describes the fields in this screen.

Chapter 9 Time and Date 96

P-660R/H-D Series User’s Guide

Table 27 Time and Date

LABEL DESCRIPTION

Time Server

Use Protocol when Bootup

IP Address or URL Enter the IP address or URL of your time server. Check with your ISP/network

Time and Date Choose the time zone of your location. This will set the time difference between

Daylight Savings Select this option if you use daylight savings time. Daylight saving is a period from

Start Date Enter the month and day that your daylight-savings time starts on if you selected

End Date Enter the month and day that your daylight-savings time ends on if you selected

Synchronize system clock with Time Server now.

Date

Current Date This field displays the date of your Prestige.

New Date (yyyymm-dd)

Time

Current Time This field displays the time of your Prestige.

New Time This field displays the last updated time from the time server.

Apply Click Apply to save your changes back to the Prestige.

Cancel Click Cancel to begin configuring this screen afresh.

Select the time service protocol that your time server sends when you turn on the Prestige. Not all time servers support all protocols, so you may have to check with your ISP/network administrator or use trial and error to find a protocol that works.

The main difference between them is the format.

Daytime (RFC 867) format is day/month/year/time zone of the server. Time (RFC 868) format displays a 4-byte integer giving the total number of

seconds since 1970/1/1 at 0:0:0. NTP (RFC 1305) is similar to Time (RFC 868). Select None to enter the time and date manually.

administrator if you are unsure of this information.

your time zone and Greenwich Mean Time (GMT).

late spring to early fall when many countries set their clocks ahead of normal local time by one hour to give more daytime light in the evening.

Daylight Savings.

Select this option to have your Prestige use the time server (that you configured above) to set its internal system clock.

Please wait for up to 60 seconds while the Prestige locates the time server. If the Prestige cannot find the time server, please check the time server protocol and its IP address. If the IP address was entered correctly, try pinging it for example to test the connection.

Each time you reload this page, the Prestige synchronizes the time with the time server.

This field displays the last updated date from the time server. When you select None in the Use Protocol when Bootup field, enter the new

date in this field and then click Apply.

Each time you reload this page, the Prestige synchronizes the time with the time server.

When you select None in the Use Protocol when Bootup field, enter the new time in this field and then click Apply.

97 Chapter 9 Time and Date

This chapter gives some background information on firewalls and introduces the Prestige firewall. This chapter applies to the P-660H-D.

10.1 Firewall Overview

Originally, the term firewall referred to a construction technique designed to prevent the spread of fire from one room to another. The networking term “firewall” is a system or group of systems that enforces an access-control policy between two networks. It may also be defined as a mechanism used to protect a trusted network from an untrusted network. Of course, firewalls cannot solve every security problem. A firewall is one of the mechanisms used to establish a network security perimeter in support of a network security policy. It should never be the only mechanism or method employed. For a firewall to guard effectively, you must design and deploy it appropriately. This requires integrating the firewall into a broad information-security policy. In addition, specific policies must be implemented within the firewall itself.

P-660R/H-D Series User’s Guide

CHAPTER 10

Firewalls

Refer to Section 11.5 on page 115 to configure default firewall settings.

Refer to Section 11.6 on page 116 to view firewall rules.

Refer to Section 11.6.1 on page 118 to configure firewall rules.

Refer to Section 11.7 on page 121 to configure a custom service.

Refer to Section 11.12.3 on page 131 to configure firewall thresholds.

10.2 Types of Firewalls

There are three main types of firewalls:

• Packet Filtering Firewalls

• Application-level Firewalls

• Stateful Inspection Firewalls

10.2.1 Packet Filtering Firewalls

Packet filtering firewalls restrict access based on the source/destination computer network address of a packet and the type of application.

Chapter 10 Firewalls 98

P-660R/H-D Series User’s Guide

10.2.2 Application-level Firewalls

Application-level firewalls restrict access by serving as proxies for external servers. Since they use programs written for specific Internet services, such as HTTP, FTP and telnet, they can evaluate network packets for valid application-specific data. Application-level gateways have a number of general advantages over the default mode of permitting application traffic directly to internal hosts:

Information hiding prevents the names of internal systems from being made known via DNS to outside systems, since the application gateway is the only host whose name must be made known to outside systems.

Robust authentication and logging pre-authenticates application traffic before it reaches internal hosts and causes it to be logged more effectively than if it were logged with standard host logging. Filtering rules at the packet filtering router can be less complex than they would be if the router needed to filter application traffic and direct it to a number of specific systems. The router need only allow application traffic destined for the application gateway and reject the rest.

10.2.3 Stateful Inspection Firewalls

Stateful inspection firewalls restrict access by screening data packets against defined access rules. They make access control decisions based on IP address and protocol. They also "inspect" the session data to assure the integrity of the connection and to adapt to dynamic protocols. These firewalls generally provide the best speed and transparency, however, they may lack the granular application level access control or caching that some proxies support. See Section 10.5 on page 104 for more information on stateful inspection.

Firewalls, of one type or another, have become an integral part of standard security solutions for enterprises.

10.3 Introduction to ZyXEL’s Firewall

The Prestige firewall is a stateful inspection firewall and is designed to protect against Denial of Service attacks when activated (in SMT menu 21.2 or in the web configurator). The Prestige’s purpose is to allow a private Local Area Network (LAN) to be securely connected to the Internet. The Prestige can be used to prevent theft, destruction and modification of data, as well as log events, which may be important to the security of your network. The Prestige also has packet filtering capabilities.

The Prestige is installed between the LAN and the Internet. This allows it to act as a secure gateway for all data passing between the Internet and the LAN.

The Prestige has one DSL/ISDN port and one Ethernet LAN port, which physically separate the network into two areas.

• The DSL/ISDN port connects to the Internet.

99 Chapter 10 Firewalls

ZyXEL Communications iQP User Manual

Specifications and Main Features

Frequently Asked Questions

User Manual

Copyright

3 Federal Communications Commission (FCC) Interference Statement

Safety Warnings

ZyXEL Limited Warranty

Customer Support

Table of Contents

List of Figures

List of Tables

Preface

Getting To Know Your Prestige

1.1 Introducing the Prestige

1.2 Features

1.3 Applications for the Prestige

1.3.1 Protected Internet Access

1.3.2 LAN to LAN Application

1.4 Front Panel LEDs

1.5 Hardware Connection

2.1 Web Configurator Overview

2.1.1 Accessing the Web Configurator

2.1.2 Resetting the Prestige

2.1.2.1 Using the Reset Button

2.1.3 Navigating the Web Configurator

Wizard Setup for Internet Access

3.1 Introduction

3.1.1 Internet Access Wizard Setup

4.1 Introduction

4.1.1 Predefined Media Bandwidth Management Services

4.2 Media Bandwidth Management Setup

LAN Setup

5.1.1 LANs, WANs and the Prestige

5.1.2 DHCP Setup

5.1.2.1 IP Pool Setup

5.1.3 DNS Server Address

5.1.4 DNS Server Address Assignment

5.2 LAN TCP/IP

5.2.1 IP Address and Subnet Mask

5.2.1.1 Private IP Addresses

5.2.2 RIP Setup

5.2.3 Multicast

5.2.4 Any IP

5.2.4.1 How Any IP Works

6.1.1 Encapsulation

WAN Setup

6.1.1.1 ENET ENCAP

6.1.1.2 PPP over Ethernet

6.1.1.3 PPPoA

6.1.1.4 RFC 1483

6.1.2 Multiplexing

6.1.2.1 VC-based Multiplexing

6.1.2.2 LLC-based Multiplexing

6.1.3 VPI and VCI

6.1.4 IP Address Assignment

6.1.4.1 IP Assignment with PPPoA or PPPoE Encapsulation

6.1.4.2 IP Assignment with RFC 1483 Encapsulation

6.1.4.3 IP Assignment with ENET ENCAP Encapsulation

6.1.5 Nailed-Up Connection (PPP)

6.1.6 NAT

6.2 Metric

6.3 PPPoE Encapsulation

6.4 Traffic Shaping

6.5 Zero Configuration Internet Access

7.1.1 NAT Definitions

7.1.2 What NAT Does

7.1.3 How NAT Works

7.1.4 NAT Application

7.1.5 NAT Mapping Types

7.2 SUA (Single User Account) Versus NAT

7.3 SUA Server

7.3.1 Default Server IP Address

7.3.2 Port Forwarding: Services and Port Numbers

7.3.3 Configuring Servers Behind SUA (Example)

Dynamic DNS Setup

8.1.1 DYNDNS Wildcard

Time and Date

Firewalls

10.2 Types of Firewalls