ZyXEL Communications P-334W User Manual

Download

Prestige 334W

802.11g Wireless Broadband Router with Firewall

User’s Guide

Version 3.60

May 2004

Prestige 334W User’s Guide

The contents of this publication may not be reproduced in any part or as a whole, transcribed, stored in a retrieval system, translated into any language, or transmitted in any form or by any means, electronic, mechanical, magnetic, optical, chemical, photocopying, manual, or otherwise, without the prior written permission of ZyXEL Communications Corporation. Published by ZyXEL Communications Corporation. All rights reserved.

Disclaimer

ZyXEL does not assume any liability arising out of the application or use of any products, or software described herein. Neither does it convey any license under its patent rights nor the patent rights of others. ZyXEL further reserves the right to make changes in any products described herein without notice.

This publication is subject to change without notice.

Trademarks

Trademarks mentioned in this publication are used for identification purposes only and may be properties of their respective owners.

ii Copyright

Prestige 334W User’s Guide

Federal Communications Commission (FCC)

Interference Statement

This device complies with Part 15 of FCC rules. Operation is subject to the following two conditions: This device may not cause harmful interference. This device must accept any interference received, including interference that may cause undesired operations. This equipment has been tested and found to comply with the limits for a CLASS B digital device pursuant to Part 15 of the FCC Rules. These limits are designed to provide reasonable protection against harmful interference in a commercial environment. This equipment generates, uses, and can radiate radio frequency energy, and if not installed and used in accordance with the instructions, may cause harmful interference to radio communications. If this equipment does cause harmful interference to radio/television reception, which can be determined by turning the equipment off and on, the user is encouraged to try to correct the interference by one or more of the following measures: Reorient or relocate the receiving antenna. Increase the separation between the equipment and the receiver. Connect the equipment into an outlet on a circuit different from that to which the receiver is connected. Consult the dealer or an experienced radio/TV technician for help.

Notice 1

Changes or modifications not expressly approved by the party responsible for compliance could void the user's authority to operate the equipment.

This product has been designed for the WLAN 2.4Ghz network throughout the EC region and Switzerland, with restrictions in France !

Certifications

1. Go to www.zyxel.com.

2. Select your product from the drop-down list box on the ZyXEL home page to go to that product's page.

3. Select the certification you wish to view from this page.

FCC iii

Prestige 334W User’s Guide

Information for Canadian Users

The Industry Canada label identifies certified equipment. This certification means that the equipment meets certain telecommunications network protective, operation, and safety requirements. The Industry Canada does not guarantee that the equipment will operate to a user's satisfaction. Before installing this equipment, users should ensure that it is permissible to be connected to the facilities of the local telecommunications company. The equipment must also be installed using an acceptable method of connection. In some cases, the company's inside wiring associated with a single line individual service may be extended by means of a certified connector assembly. The customer should be aware that the compliance with the above conditions may not prevent degradation of service in some situations. Repairs to certified equipment should be made by an authorized Canadian maintenance facility designated by the supplier. Any repairs or alterations made by the user to this equipment, or equipment malfunctions, may give the telecommunications company cause to request the user to disconnect the equipment. For their own protection, users should ensure that the electrical ground connections of the power utility, telephone lines, and internal metallic water pipe system, if present, are connected together. This precaution may be particularly important in rural areas.

Caution

Users should not attempt to make such connections themselves, but should contact the appropriate electrical inspection authority, or electrician, as appropriate.

Note

This digital apparatus does not exceed the class A limits for radio noise emissions from digital apparatus set out in the radio interference regulations of Industry Canada.

iv Information for Canadian Users

Prestige 334W User’s Guide

ZyXEL Limited Warranty

ZyXEL warrants to the original end user (purchaser) that this product is free from any defects in materials or workmanship for a period of up to two years from the date of purchase. During the warranty period, and upon proof of purchase, should the product have indications of failure due to faulty workmanship and/or materials, ZyXEL will, at its discretion, repair or replace the defective products or components without charge for either parts or labor, and to whatever extent it shall deem necessary to restore the product or components to proper operating condition. Any replacement will consist of a new or re-manufactured functionally equivalent product of equal value, and will be solely at the discretion of ZyXEL. This warranty shall not apply if the product is modified, misused, tampered with, damaged by an act of God, or subjected to abnormal working conditions.

NOTE

Repair or replacement, as provided under this warranty, is the exclusive remedy of the purchaser. This warranty is in lieu of all other warranties, express or implied, including any implied warranty of merchantability or fitness for a particular use or purpose. ZyXEL shall in no event be held liable for indirect or consequential damages of any kind of character to the purchaser. To obtain the services of this warranty, contact ZyXEL's Service Center for your Return Material Authorization number (RMA). Products must be returned Postage Prepaid. It is recommended that the unit be insured when shipped. Any returned products without proof of purchase or those with an out-dated warranty will be repaired or replaced (at the discretion of ZyXEL) and the customer will be billed for parts and labor. All repaired or replaced products will be shipped by ZyXEL to the corresponding return address, Postage Paid. This warranty gives you specific legal rights, and you may also have other rights that vary from country to country.

Online Registration

www.us.zyxel.com for North American products.

Warranty v

for global products, or at

Prestige 334W User’s Guide

Customer Support

When you contact your customer support representative please have the following information ready: Please have the following information ready when you contact customer support.

• Product model and serial number.

• Warranty Information.

• Date that you received your device.

• Brief description of the problem and the steps you took to solve it.

REGULAR MAIL

ZyXEL Communications Corp. 6 Innovation Road II Science Park Hsinchu 300 Taiwan

ZyXEL Communications Inc. 1130 N. Miller St. Anaheim CA 92806-2001 U.S.A.

ZyXEL Deutschland GmbH. Adenauerstr. 20/A2 D-52146 Wuerselen Germany

1 rue des Vergers Bat. 1 / C 69760 Limonest France

Alejandro Villegas 33 1º, 28043 Madrid Spain

ZyXEL Communications A/S Columbusvej 5 2860 Soeborg Denmark

ZyXEL Communications A/S Nils Hansens vei 13 0667 Oslo Norway

LOCATION

WORLDWIDE

AMERICA

SUPPORT E-MAIL TELEPHONE1 WEB SITE METHOD

SALES E-MAIL FAX1 FTP SITE

support@zyxel.com.tw +886-3-578-3942 www.zyxel.com

sales@zyxel.com.tw

support@zyxel.com +1-800-255-4101

sales@zyxel.com

support@zyxel.de +49-2405-6909-0 www.zyxel.de GERMANY

sales@zyxel.de

support@zyxel.es +34 902 195 420 SPAIN

sales@zyxel.es

support@zyxel.dk +45 39 55 07 00 www.zyxel.dk DENMARK

sales@zyxel.dk

support@zyxel.no +47 22 80 61 80 www.zyxel.no NORWAY

sales@zyxel.no

+886-3-578-2439 ftp.europe.zyxel.com

+1-714-632-0882

+1-714-632-0858 ftp.us.zyxel.com

+49-2405-6909-99

+33 (0)4 72 52 97 97 FRANCE info@zyxel.fr

+33 (0)4 72 52 19 20

+34 913 005 345

+45 39 55 07 07

+47 22 80 61 81

www.europe.zyxel.com

ftp.zyxel.com

www.us.zyxel.com NORTH

www.zyxel.fr ZyXEL France

www.zyxel.es

ZyXEL Communications

“+” is the (prefix) number you enter to make an international telephone call.

vi Customer Support

Prestige 334W User’s Guide

LOCATION

SUPPORT E-MAIL TELEPHONE1 WEB SITE METHOD

SALES E-MAIL FAX1 FTP SITE

support@zyxel.se +46 31 744 7700 www.zyxel.se SWEDEN

sales@zyxel.se

support@zyxel.fi +358-9-4780-8411 www.zyxel.fi FINLAND

sales@zyxel.fi

+46 31 744 7701

+358-9-4780 8448

REGULAR MAIL

ZyXEL Communications A/S Sjöporten 4, 41764 Göteborg Sweden

ZyXEL Communications Oy Malminkaari 10 00700 Helsinki Finland

Customer Support vii

Prestige 334W User’s Guide

Table of Contents

Copyright......................................................................................................................................................ii

Federal Communications Commission (FCC) Interference Statement................................................. iii

Information for Canadian Users ...............................................................................................................iv

ZyXEL Limited Warranty ..........................................................................................................................v

Customer Support ......................................................................................................................................vi

List of Figures ...........................................................................................................................................xxi

List of Tables ..........................................................................................................................................xxvii

Preface .....................................................................................................................................................xxxi

Getting Started ................................................................................................................................................. I

Chapter 1 Getting to Know Your Prestige ................................................................................................. 1-1

1.1 Prestige Internet Security Gateway Overview........................................................................... 1-1

1.2 Prestige Features .......................................................................................................................... 1-1

1.2.1 Physical Features.................................................................................................................... 1-1

1.2.2 Non-Physical Features............................................................................................................ 1-2

1.3 Applications for the Prestige ....................................................................................................... 1-5

1.3.1 Secure Broadband Internet Access via Cable or DSL Modem............................................... 1-6

1.3.2 VPN Application.................................................................................................................... 1-6

1.3.3 Internet Access Application ................................................................................................... 1-7

Chapter 2 Introducing the Web Configurator........................................................................................... 2-1

2.1 Web Configurator Overview.......................................................................................................2-1

2.2 Accessing the Prestige Web Configurator .................................................................................. 2-1

2.3 Resetting the Prestige................................................................................................................... 2-2

2.3.1 Procedure To Use The Reset Button ...................................................................................... 2-2

2.3.2 Navigation Panel .................................................................................................................... 2-3

Chapter 3 Wizard Setup.............................................................................................................................. 3-1

3.1 Wizard Setup Overview............................................................................................................... 3-1

3.2 Wizard Setup: General Setup and System Name...................................................................... 3-1

3.2.1 Domain Name ........................................................................................................................ 3-1

3.3 Wizard Setup: Screen 2 ............................................................................................................... 3-2

3.4 Wizard Setup: Screen 3 ............................................................................................................... 3-3

3.5 Wizard Setup: Screen 4 ............................................................................................................... 3-5

3.5.1 Ethernet .................................................................................................................................. 3-5

3.5.2 PPPoE Encapsulation.............................................................................................................3-7

3.5.3 PPTP Encapsulation............................................................................................................... 3-9

3.6 Wizard Setup: Screen 5 ............................................................................................................. 3-10

3.6.1 WAN IP Address Assignment.............................................................................................. 3-10

3.6.2 IP Address and Subnet Mask ............................................................................................... 3-11

3.6.3 DNS Server Address Assignment ........................................................................................ 3-11

Table of Contents ix

Prestige 334W User’s Guide

3.6.4 WAN MAC Address.............................................................................................................3-12

3.7 Basic Setup Complete .................................................................................................................3-14

Chapter 4 Media Bandwidth Management Setup......................................................................................4-1

4.1 Media Bandwidth Management Setup Overview ......................................................................4-1

4.2 Media Bandwidth Management Setup 1.....................................................................................4-1

4.3 Media Bandwidth Management Setup 2.....................................................................................4-2

4.4 Media Bandwidth Management Setup 3: ...................................................................................4-3

4.5 Media Bandwidth Management Setup Complete ......................................................................4-4

System, LAN, WLAN and WAN.................................................................................................................... II

Chapter 5 System Screens............................................................................................................................5-1

5.1 System Overview...........................................................................................................................5-1

5.2 Configuring General Setup .......................................................................................................... 5-1

5.3 Dynamic DNS ................................................................................................................................ 5-3

5.3.1 DynDNS Wildcard..................................................................................................................5-3

5.4 Configuring Dynamic DNS ..........................................................................................................5-3

5.5 Configuring Password .................................................................................................................. 5-5

5.6 Configuring Time Zone ................................................................................................................5-6

Chapter 6 LAN Screens................................................................................................................................6-1

6.1 LAN Overview...............................................................................................................................6-1

6.2 DHCP Setup ..................................................................................................................................6-1

6.2.1 IP Pool Setup ..........................................................................................................................6-1

6.2.2 System DNS Servers...............................................................................................................6-1

6.3 LAN TCP/IP..................................................................................................................................6-1

6.3.1 Factory LAN Defaults.............................................................................................................6-1

6.3.2 IP Address and Subnet Mask ..................................................................................................6-2

6.3.3 RIP Setup ................................................................................................................................ 6-2

6.3.4 Multicast .................................................................................................................................6-2

6.4 Any IP ............................................................................................................................................6-3

6.4.1 How Any IP Works.................................................................................................................6-4

6.5 Configuring IP...............................................................................................................................6-4

6.6 Configuring Static DHCP.............................................................................................................6-8

6.7 Configuring IP Alias .....................................................................................................................6-9

Chapter 7 Wireless Configuration and Roaming.......................................................................................7-1

7.1 Wireless LAN Overview...............................................................................................................7-1

7.1.1 IBSS........................................................................................................................................7-1

7.1.2 BSS .........................................................................................................................................7-1

7.1.3 ESS .........................................................................................................................................7-2

7.2 Wireless LAN Basics.....................................................................................................................7-3

7.2.1 RTS/CTS.................................................................................................................................7-3

7.2.2 Fragmentation Threshold........................................................................................................7-4

7.3 Configuring Wireless ....................................................................................................................7-5

x Table of Contents

Prestige 334W User’s Guide

7.4 Configuring Roaming .................................................................................................................. 7-6

7.4.1 Requirements for Roaming .................................................................................................... 7-8

Chapter 8 Wireless Security........................................................................................................................ 8-1

8.1 Wireless Security Overview......................................................................................................... 8-1

8.2 Security Parameters Summary ................................................................................................... 8-3

8.3 WEP Overview ............................................................................................................................. 8-4

8.3.1 Data Encryption ..................................................................................................................... 8-4

8.3.2 Authentication........................................................................................................................ 8-4

8.3.3 Preamble Type ....................................................................................................................... 8-6

8.4 Configuring WEP Encryption..................................................................................................... 8-6

8.5 Introduction to WPA.................................................................................................................... 8-8

8.5.1 User Authentication ............................................................................................................... 8-9

8.5.2 Encryption.............................................................................................................................. 8-9

8.5.3 WPA-PSK Application Example ........................................................................................... 8-9

8.6 Configuring WPA-PSK Authentication.................................................................................... 8-10

8.7 Wireless Client WPA Supplicants ............................................................................................. 8-13

8.7.1 WPA with RADIUS Application Example .......................................................................... 8-13

8.8 Configuring WPA Authentication............................................................................................. 8-14

8.9 802.1x Overview ......................................................................................................................... 8-16

8.10 Dynamic WEP Key Exchange ............................................................................................... 8-17

8.11 Configuring 802.1x and Dynamic WEP Key Exchange .......................................................... 8-17

8.12 Configuring 802.1x and Static WEP Key Exchange ............................................................ 8-19

8.13 Configuring 802.1x................................................................................................................. 8-23

8.14 MAC Filter.............................................................................................................................. 8-25

8.15 Introduction to Local User Database.................................................................................... 8-27

8.16 Configuring Local User Database......................................................................................... 8-28

8.17 Introduction to RADIUS ....................................................................................................... 8-29

8.17.1 EAP Authentication Overview............................................................................................. 8-30

8.18 Configuring RADIUS............................................................................................................. 8-31

Chapter 9 WAN Screens .............................................................................................................................. 9-1

9.1 WAN Overview ............................................................................................................................. 9-1

9.2 TCP/IP Priority (Metric) ............................................................................................................. 9-1

9.3 Configuring Route........................................................................................................................ 9-1

9.4 Configuring WAN ISP ................................................................................................................. 9-2

9.4.1 Ethernet Encapsulation........................................................................................................... 9-2

9.4.2 PPPoE Encapsulation.............................................................................................................9-4

9.4.3 PPTP Encapsulation............................................................................................................... 9-6

9.5 Configuring WAN IP.................................................................................................................... 9-7

9.6 Configuring WAN MAC .............................................................................................................9-11

9.7 Traffic Redirect .......................................................................................................................... 9-12

9.8 Configuring Traffic Redirect..................................................................................................... 9-13

Table of Contents xi

Prestige 334W User’s Guide

SUA/NAT and Static Route .......................................................................................................................... III

Chapter 10 Network Address Translation (NAT) Screens.......................................................................10-1

10.1 NAT Overview.........................................................................................................................10-1

10.1.1 NAT Definitions ...................................................................................................................10-1

10.1.2 What NAT Does ...................................................................................................................10-2

10.1.3 How NAT Works.................................................................................................................. 10-2

10.1.4 NAT Application ..................................................................................................................10-3

10.1.5 NAT Mapping Types ............................................................................................................ 10-4

10.2 Using NAT ...............................................................................................................................10-6

10.2.1 SUA (Single User Account) Versus NAT ............................................................................10-6

10.3 SUA Server ..............................................................................................................................10-6

10.3.1 Port Forwarding: Services and Port Numbers.......................................................................10-6

10.3.2 Configuring Servers Behind SUA (Example).......................................................................10-7

10.4 Configuring SUA Server.........................................................................................................10-8

10.5 Configuring Address Mapping.............................................................................................10-10

10.6 Trigger Port Forwarding......................................................................................................10-13

10.6.1 Trigger Port Forwarding Example ......................................................................................10-14

10.6.2 Two Points To Remember About Trigger Ports .................................................................10-14

10.7 Configuring Trigger Port Forwarding ................................................................................ 10-14

Chapter 11 Static Route Screens................................................................................................................ 11-1

11. 1 Static Route Overview ................................................................................................................11-1

11. 2 Configuring IP Static Route ....................................................................................................... 11-1

11.2.1 Configuring Route Entry.......................................................................................................11-2

UPnP and Firewall.........................................................................................................................................IV

Chapter 12 UPnP ........................................................................................................................................ 12-1

12.1 Universal Plug and Play Overview ........................................................................................12-1

12.1.1 How Do I Know If I'm Using UPnP? ...................................................................................12-1

12.1.2 NAT Traversal ...................................................................................................................... 12-1

12.1.3 Cautions with UPnP..............................................................................................................12-2

12.2 UPnP and ZyXEL ...................................................................................................................12-2

12.3 Configuring UPnP...................................................................................................................12-2

12.4 Installing UPnP in Windows Example ..................................................................................12-4

12.4.1 Installing UPnP in Windows Me ..........................................................................................12-4

12.4.2 Installing UPnP in Windows XP...........................................................................................12-4

12.5 Using UPnP in Windows XP Example...................................................................................12-6

12.5.1 Auto-discover Your UPnP-enabled Network Device ...........................................................12-6

12.5.2 Web Configurator Easy Access ............................................................................................12-8

Chapter 13 Firewall....................................................................................................................................13-1

13.1 Introduction.............................................................................................................................13-1

13.1.1 Guidelines For Enhancing Security With Your Firewall......................................................13-2

13.2 Firewall Settings Screen .........................................................................................................13-3

xii Table of Contents

Prestige 334W User’s Guide

13.3 The Firewall, NAT and Remote Management ..................................................................... 13-5

13.3.1 LAN-to-WAN rules ............................................................................................................. 13-5

13.3.2 WAN-to-LAN rules ............................................................................................................. 13-5

13.4 Configuring Content Filtering .............................................................................................. 13-6

13.5 Services.................................................................................................................................... 13-8

Remote Management and VPN/IPSec........................................................................................................... V

Chapter 14 Remote Management Screens............................................................................................... 14-1

14.1 Remote Management Overview............................................................................................ 14-1

14.1.1 Remote Management Limitations ........................................................................................ 14-2

14.1.2 Remote Management and NAT............................................................................................ 14-2

14.1.3 System Timeout ................................................................................................................... 14-2

14.2 Configuring WWW................................................................................................................ 14-2

14.3 Configuring Telnet ................................................................................................................. 14-4

14.4 Configuring TELNET............................................................................................................ 14-4

14.5 Configuring FTP .................................................................................................................... 14-6

14.6 SNMP ...................................................................................................................................... 14-7

14.6.1 Supported MIBs ................................................................................................................... 14-9

14.6.2 SNMP Traps......................................................................................................................... 14-9

14.6.3 Configuring SNMP ............................................................................................................ 14-10

14.7 Configuring DNS...................................................................................................................14-11

14.8 Configuring Security............................................................................................................14-13

Chapter 15 Introduction to IPSec............................................................................................................. 15-1

15.1 VPN Overview ........................................................................................................................ 15-1

15.1.1 IPSec .................................................................................................................................... 15-1

15.1.2 Security Association............................................................................................................. 15-1

15.1.3 Other Terminology...............................................................................................................15-1

15.1.4 VPN Applications ................................................................................................................15-2

15.2 IPSec Architecture.................................................................................................................. 15-3

15.2.1 IPSec Algorithms ................................................................................................................. 15-3

15.2.2 Key Management ................................................................................................................. 15-4

15.3 Encapsulation ......................................................................................................................... 15-4

15.3.1 Transport Mode.................................................................................................................... 15-4

15.3.2 Tunnel Mode ........................................................................................................................ 15-4

15.4 IPSec and NAT ....................................................................................................................... 15-5

Chapter 16 VPN Screens ........................................................................................................................... 16-1

16.1 VPN/IPSec Overview ............................................................................................................. 16-1

16.2 IPSec Algorithms.................................................................................................................... 16-1

16.2.1 AH (Authentication Header) Protocol.................................................................................. 16-1

16.2.2 ESP (Encapsulating Security Payload) Protocol.................................................................. 16-2

16.3 My IP Address ........................................................................................................................ 16-2

16.4 Secure Gateway Address........................................................................................................ 16-2

Table of Contents xiii

Prestige 334W User’s Guide

16.4.1 Dynamic Secure Gateway Address.......................................................................................16-3

16.5 Summary Screen ..................................................................................................................... 16-3

16.6 Keep Alive................................................................................................................................16-5

16.7 NAT Traversal .........................................................................................................................16-6

16.7.1 NAT Traversal Configuration............................................................................................... 16-6

16.7.2 Remote DNS Server..............................................................................................................16-7

16.8 ID Type and Content...............................................................................................................16-8

16.8.1 ID Type and Content Examples............................................................................................16-9

16.9 Pre-Shared Key.....................................................................................................................16-10

16.10 Editing VPN Rules ................................................................................................................16-10

16.11 IKE Phases.............................................................................................................................16-15

16.11.1 Negotiation Mode ...........................................................................................................16-17

16.11.2 Diffie-Hellman (DH) Key Groups .................................................................................. 16-17

16.11.3 Perfect Forward Secrecy (PFS).......................................................................................16-18

16.12 Configuring Advanced IKE Settings ...................................................................................16-18

16.13 Manual Key Setup ................................................................................................................16-25

16.13.1 Security Parameter Index (SPI).......................................................................................16-25

16.14 Configuring Manual Key .....................................................................................................16-26

16.15 Viewing SA Monitor..............................................................................................................16-30

16.16 Configuring Global Setting .................................................................................................. 16-32

16.17 Telecommuter VPN/IPSec Examples...................................................................................16-33

16.17.1 Telecommuters Sharing One VPN Rule Example..........................................................16-33

16.17.2 Telecommuters Using Unique VPN Rules Example ......................................................16-34

16.18 VPN and Remote Management ...........................................................................................16-36

Logs, Media Bandwidth Management and Maintenance...........................................................................VI

Chapter 17 Centralized Logs.....................................................................................................................17-1

17.1 View Log .................................................................................................................................. 17-1

17.2 Log Settings .............................................................................................................................17-2

Chapter 18 Media Bandwidth Management ............................................................................................18-1

18.1 Bandwidth Management Overview.......................................................................................18-1

18.1.1 Application-based Bandwidth Management Example ..........................................................18-1

18.1.2 Subnet-based Bandwidth Management Example..................................................................18-2

18.1.3 Application and Subnet-based Bandwidth Management Example .......................................18-2

18.1.4 Bandwidth Usage Example................................................................................................... 18-3

18.1.5 Bandwidth Management Priorities........................................................................................18-4

18.1.6 Bandwidth Management Services.........................................................................................18-5

18.1.7 Services.................................................................................................................................18-6

18.2 Configuration Screen..............................................................................................................18-8

18.3 Editing Bandwidth Management Rules ..............................................................................18-11

18.3.1 Bandwidth Borrowing.........................................................................................................18-11

18.4 Configuring Bandwidth Management Rules and Services................................................ 18-11

xiv Table of Contents

Prestige 334W User’s Guide

18.5 Monitor Screen..................................................................................................................... 18-13

Chapter 19 Maintenance ........................................................................................................................... 19-1

19.1 Maintenance Overview .......................................................................................................... 19-1

19.2 Status Screen........................................................................................................................... 19-1

19.2.1 System Statistics................................................................................................................... 19-2

19.3 DHCP Table Screen................................................................................................................ 19-4

19.4 Any IP Table ........................................................................................................................... 19-5

19.5 Association List....................................................................................................................... 19-5

19.6 F/W Upload Screen ................................................................................................................ 19-6

19.7 Configuration Screen............................................................................................................. 19-8

19.7.1 Backup Configuration .......................................................................................................... 19-9

19.7.2 Restore Configuration .......................................................................................................... 19-9

19.7.3 Back to Factory Defaults.................................................................................................... 19-11

19.8 Restart Screen........................................................................................................................19-11

SMT General Configuration ....................................................................................................................... VII

Chapter 20 Introducing the SMT ............................................................................................................. 20-1

20.1 SMT Introduction .................................................................................................................. 20-1

20.1.1 Procedure for SMT Configuration via Console Port............................................................ 20-1

20.1.2 Procedure for SMT Configuration via Telnet ...................................................................... 20-1

20.1.3 Entering Password................................................................................................................ 20-1

20.1.4 Prestige SMT Menu Overview............................................................................................. 20-2

20.2 Navigating the SMT Interface............................................................................................... 20-3

20.2.1 System Management Terminal Interface Summary ............................................................. 20-5

20.3 Changing the System Password ............................................................................................ 20-6

Chapter 21 Menu 1 General Setup ........................................................................................................... 21-1

21.1 General Setup ......................................................................................................................... 21-1

21.2 Procedure To Configure Menu 1........................................................................................... 21-1

21.2.1 Procedure to Configure Dynamic DNS................................................................................ 21-3

Chapter 22 Menu 2 WAN Setup................................................................................................................ 22-1

22.1 Introduction to WAN.............................................................................................................. 22-1

22.2 WAN Setup.............................................................................................................................. 22-1

Chapter 23 Menu 3 LAN Setup ................................................................................................................ 23-1

23.1 LAN Setup .............................................................................................................................. 23-1

23.1.1 General Ethernet Setup......................................................................................................... 23-1

23.2 Protocol Dependent Ethernet Setup ..................................................................................... 23-2

23.3 TCP/IP Ethernet Setup and DHCP ...................................................................................... 23-2

23.3.1 IP Alias Setup....................................................................................................................... 23-4

23.4 Wireless LAN Setup............................................................................................................... 23-6

23.4.1 Configuring MAC Address Filter......................................................................................... 23-9

23.4.2 Configuring Roaming on the Prestige................................................................................ 23-11

Chapter 24 Internet Access ....................................................................................................................... 24-1

Table of Contents xv

Prestige 334W User’s Guide

24.1 Introduction to Internet Access Setup...................................................................................24-1

24.2 Ethernet Encapsulation..........................................................................................................24-1

24.3 Configuring the PPTP Client .................................................................................................24-3

24.4 Configuring the PPPoE Client...............................................................................................24-4

24.5 Basic Setup Complete .............................................................................................................24-5

Chapter 25 Remote Node Configuration ..................................................................................................25-1

25.1 Introduction to Remote Node Setup......................................................................................25-1

25.2 Remote Node Profile Setup ....................................................................................................25-1

25.2.1 Ethernet Encapsulation .........................................................................................................25-1

25.2.2 PPPoE Encapsulation............................................................................................................25-4

25.2.3 PPTP Encapsulation..............................................................................................................25-6

25.3 Edit IP ...................................................................................................................................... 25-7

25.4 Remote Node Filter.................................................................................................................25-9

25.4.1 Traffic Redirect Setup.........................................................................................................25-10

Chapter 26 Static Route Setup...................................................................................................................26-1

26.1 IP Static Route Setup ..............................................................................................................26-1

Chapter 27 Dial-in User Setup...................................................................................................................27-1

27.1 Dial-in User Setup...................................................................................................................27-1

Chapter 28 Network Address Translation (NAT)..................................................................................... 28-1

28.1 Using NAT ...............................................................................................................................28-1

28.1.1 SUA (Single User Account) Versus NAT ............................................................................28-1

28.2 Applying NAT..........................................................................................................................28-1

28.3 NAT Setup................................................................................................................................28-3

28.3.1 Address Mapping Sets ..........................................................................................................28-4

28.4 Configuring a Server behind NAT.........................................................................................28-9

28.5 General NAT Examples........................................................................................................28-10

28.5.1 Example 1: Internet Access Only........................................................................................28-10

28.5.2 Example 2: Internet Access with an Inside Server..............................................................28-11

28.5.3 Example 3: Multiple Public IP Addresses With Inside Servers..........................................28-12

28.5.4 Example 4: NAT Unfriendly Application Programs...........................................................28-16

28.6 Configuring Trigger Port Forwarding ................................................................................ 28-18

Chapter 29 Enabling the Firewall .............................................................................................................29-1

29.1 Remote Management and the Firewall .................................................................................29-1

29.2 Access Methods .......................................................................................................................29-1

29.3 Enabling the Firewall..............................................................................................................29-1

SMT Advanced Management.....................................................................................................................VIII

Chapter 30 Filter Configuration................................................................................................................30-1

30.1 Introduction to Filters ............................................................................................................30-1

30.1.1 The Filter Structure of the Prestige .......................................................................................30-2

30.2 Configuring a Filter Set.......................................................................................................... 30-4

30.2.1 Configuring a Filter Rule ......................................................................................................30-6

xvi Table of Contents

Prestige 334W User’s Guide

30.2.2 Configuring a TCP/IP Filter Rule ........................................................................................ 30-6

30.2.3 Configuring a Generic Filter Rule...................................................................................... 30-11

30.3 Example Filter ...................................................................................................................... 30-13

30.4 Filter Types and NAT ........................................................................................................... 30-15

30.5 Firewall Versus Filters .........................................................................................................30-16

30.6 Applying a Filter .................................................................................................................. 30-16

30.6.1 Applying LAN Filters ........................................................................................................ 30-17

30.6.2 Applying Remote Node Filters........................................................................................... 30-17

Chapter 31 SNMP Configuration ............................................................................................................. 31-1

31.1 About SNMP........................................................................................................................... 31-1

31.2 Supported MIBs ..................................................................................................................... 31-2

31.3 SNMP Configuration ............................................................................................................. 31-2

31.4 SNMP Traps............................................................................................................................ 31-4

Chapter 32 System Security ...................................................................................................................... 32-1

32.1 System Security ...................................................................................................................... 32-1

32.1.1 System Password.................................................................................................................. 32-1

32.1.2 Configuring External RADIUS Server................................................................................. 32-1

32.1.3 802.1x................................................................................................................................... 32-3

Chapter 33 System Information and Diagnosis....................................................................................... 33-1

33.1 System Status.......................................................................................................................... 33-1

33.2 System Information................................................................................................................ 33-3

33.2.1 System Information..............................................................................................................33-3

33.2.2 Console Port Speed ..............................................................................................................33-4

33.3 Log and Trace......................................................................................................................... 33-5

33.3.1 Syslog Logging .................................................................................................................... 33-5

33.3.2 Call-Triggering Packet......................................................................................................... 33-8

33.4 Diagnostic................................................................................................................................ 33-9

33.4.1 WAN DHCP....................................................................................................................... 33-10

Chapter 34 Firmware and Configuration File Maintenance.................................................................. 34-1

34.1 Filename Conventions............................................................................................................34-1

34.2 Backup Configuration............................................................................................................34-2

34.2.1 Backup Configuration .......................................................................................................... 34-3

34.2.2 Using the FTP Command from the Command Line............................................................. 34-3

34.2.3 Example of FTP Commands from the Command Line........................................................ 34-4

34.2.4 GUI-based FTP Clients ........................................................................................................ 34-4

34.2.5 TFTP and FTP over WAN Management Limitations .......................................................... 34-4

34.2.6 Backup Configuration Using TFTP ..................................................................................... 34-5

34.2.7 TFTP Command Example.................................................................................................... 34-5

34.2.8 GUI-based TFTP Clients...................................................................................................... 34-6

34.3 Restore Configuration............................................................................................................ 34-6

34.3.1 Restore Using FTP ...............................................................................................................34-7

Table of Contents xvii

Prestige 334W User’s Guide

34.3.2 Restore Using FTP Session Example....................................................................................34-8

34.4 Uploading Firmware and Configuration Files .....................................................................34-8

34.4.1 Firmware File Upload...........................................................................................................34-8

34.4.2 Configuration File Upload ....................................................................................................34-9

34.4.3 FTP File Upload Command from the DOS Prompt Example.............................................34-10

34.4.4 FTP Session Example of Firmware File Upload.................................................................34-10

34.4.5 TFTP File Upload ...............................................................................................................34-10

34.4.6 TFTP Upload Command Example......................................................................................34-11

Chapter 35 System Maintenance...............................................................................................................35-1

35.1 Command Interpreter Mode..................................................................................................35-1

35.1.1 Command Syntax..................................................................................................................35-1

35.1.2 Command Usage...................................................................................................................35-2

35.2 Call Control Support ..............................................................................................................35-2

35.2.1 Budget Management .............................................................................................................35-3

35.2.2 Call History...........................................................................................................................35-4

35.3 Time and Date Setting ............................................................................................................35-4

35.3.1 Resetting the Time ................................................................................................................ 35-6

Chapter 36 Remote Management..............................................................................................................36-1

36.1 Remote Management .............................................................................................................. 36-1

36.1.1 Remote Management Limitations......................................................................................... 36-2

Chapter 37 Call Scheduling .......................................................................................................................37-1

37.1 Introduction to Call Scheduling.............................................................................................37-1

SMT VPN/IPSec.............................................................................................................................................IX

Chapter 38 VPN/IPSec Setup.....................................................................................................................38-1

38.1 VPN/IPSec Overview..............................................................................................................38-1

38.2 IPSec Summary Screen ..........................................................................................................38-2

38.3 IPSec Setup..............................................................................................................................38-5

38.4 IKE Setup ..............................................................................................................................38-10

38.5 Manual Setup ........................................................................................................................38-13

38.5.1 Active Protocol ...................................................................................................................38-13

38.5.2 Security Parameter Index (SPI)...........................................................................................38-13

Chapter 39 SA Monitor .............................................................................................................................. 39-1

39.1 SA Monitor Overview.............................................................................................................39-1

39.2 Using SA Monitor....................................................................................................................39-1

Appendices and Index ....................................................................................................................................X

Appendix A PPPoE ......................................................................................................................................A-1

Appendix B PPTP........................................................................................................................................ B-1

Appendix C NetBIOS Filter Commands ...................................................................................................C-1

Appendix D Log Descriptions.....................................................................................................................D-1

Appendix E Setting up Your Computer’s IP Address............................................................................... E-1

Appendix F Wireless LAN and IEEE 802.11 ............................................................................................. F-1

xviii Table of Contents

Prestige 334W User’s Guide

Appendix G Wireless LAN With IEEE 802.1x ......................................................................................... G-1

Appendix H Types of EAP Authentication................................................................................................ H-1

Appendix I Antenna Selection and Positioning Recommendation............................................................I-1

Appendix J Brute-Force Password Guessing Protection.......................................................................... J-1

Appendix K Triangle Route ....................................................................................................................... K-1

Appendix L Index.........................................................................................................................................L-1

Table of Contents xix

Prestige 334W User’s Guide

List of Figures

Figure 1-1 Secure Internet Access via Cable, DSL or Wireless Modem........................................................ 1-6

Figure 1-2 VPN Application .......................................................................................................................... 1-6

Figure 1-3 Internet Access Application Example........................................................................................... 1-7

Figure 2-1 Change Password Screen.............................................................................................................. 2-1

Figure 2-2 The MAIN MENU Screen of the Web Configurator.................................................................... 2-3

Figure 3-1 Wizard 1: General Setup............................................................................................................... 3-2

Figure 3-2 Wizard 2: Wireless LAN Setup .................................................................................................... 3-2

Figure 3-3 Wizard 3: Wireless LAN Setup: Basic Security ........................................................................... 3-4

Figure 3-4 Wizard 3: Wireless LAN Setup: Extend Security......................................................................... 3-5

Figure 3-5 Wizard 4: Ethernet Encapsulation ................................................................................................ 3-6

Figure 3-6 Wizard 4: PPPoE Encapsulation................................................................................................... 3-8

Figure 3-7 Wizard 4: PPTP Encapsulation..................................................................................................... 3-9

Figure 3-8 Wizard 5: WAN Setup ................................................................................................................ 3-13

Figure 3-9 Wizard Finish ............................................................................................................................. 3-15

Figure 4-1 Media Bandwidth Management Setup 1 ...................................................................................... 4-1

Figure 4-2 Media Bandwidth Management Setup 2: Services....................................................................... 4-2

Figure 4-3 Media Bandwidth Management Setup 3: Service Priority ........................................................... 4-3

Figure 4-4 Media Bandwidth Management Setup 4: Finish .......................................................................... 4-4

Figure 5-1 System General Setup .................................................................................................................. 5-1

Figure 5-2 DDNS........................................................................................................................................... 5-4

Figure 5-3 Password....................................................................................................................................... 5-6

Figure 5-4 Time Setting ................................................................................................................................. 5-7

Figure 6-1 Any IP Example Application ........................................................................................................ 6-3

Figure 6-2 IP .................................................................................................................................................. 6-5

Figure 6-3 Static DHCP ................................................................................................................................. 6-8

Figure 6-4 IP Alias ......................................................................................................................................... 6-9

Figure 7-1 IBSS (Ad-hoc) Wireless LAN...................................................................................................... 7-1

Figure 7-2 Basic Service set........................................................................................................................... 7-2

Figure 7-3 Extended Service Set.................................................................................................................... 7-3

Figure 7-4 RTS/CTS ...................................................................................................................................... 7-4

Figure 7-5 Wireless ........................................................................................................................................ 7-5

Figure 7-6 Roaming Example........................................................................................................................ 7-7

Figure 7-7 Roaming ....................................................................................................................................... 7-8

Figure 8-1 Prestige Wireless Security Levels ................................................................................................ 8-1

Figure 8-2 Wireless: No Security................................................................................................................... 8-2

Figure 8-3 WEP Authentication Steps............................................................................................................ 8-5

Figure 8-4 Wireless: Static WEP Encryption ................................................................................................. 8-7

Figure 8-5 WPA - PSK Authentication......................................................................................................... 8-10

List of Figures xxi

Prestige 334W User’s Guide

Figure 8-6 Wireless: WPA-PSK....................................................................................................................8-11

Figure 8-7 WPA with RADIUS Application Example..................................................................................8-14

Figure 8-8 Wireless: WPA ............................................................................................................................8-15

Figure 8-9 Wireless: 802.1x and Dynamic WEP ..........................................................................................8-18

Figure 8-10 Wireless: 802.1x and Static WEP..............................................................................................8-20

Figure 8-11 Wireless: 802.1x ........................................................................................................................8-23

Figure 8-12 MAC Address Filter..................................................................................................................8-26

Figure 8-13 Local User Database .................................................................................................................8-28

Figure 8-14 EAP Authentication...................................................................................................................8-30

Figure 8-15 RADIUS....................................................................................................................................8-31

Figure 9-1 WAN: Route ....................................................................................................................................9-2

Figure 9-2 Ethernet Encapsulation ....................................................................................................................9-3

Figure 9-3 PPPoE Encapsulation.......................................................................................................................9-5

Figure 9-4 PPTP Encapsulation.........................................................................................................................9-6

Figure 9-5 WAN: IP .........................................................................................................................................9-8

Figure 9-6 MAC Setup ...................................................................................................................................9-11

Figure 9-7 Traffic Redirect WAN Setup .......................................................................................................9-12

Figure 9-8 Traffic Redirect LAN Setup ........................................................................................................9-12

Figure 9-9 WAN: Traffic Redirect................................................................................................................... 9-13

Figure 10-1 How NAT Works.......................................................................................................................10-3

Figure 10-2 NAT Application With IP Alias ................................................................................................. 10-4

Figure 10-3 Multiple Servers Behind NAT Example.................................................................................... 10-8

Figure 10-4 SUA/NAT Setup........................................................................................................................10-9

Figure 10-5 Address Mapping ....................................................................................................................10-11

Figure 10-6 Address Mapping Edit............................................................................................................. 10-12

Figure 10-7 Trigger Port Forwarding Process: Example ............................................................................10-14

Figure 10-8 Trigger Port.............................................................................................................................10-15

Figure 11-1 Example of Static Routing Topology ........................................................................................ 11-1

Figure 11-2 Static Route............................................................................................................................... 11-2

Figure 11-3 Static Route: Edit ......................................................................................................................11-3

Figure 12-1 Configuring UPnP.....................................................................................................................12-3

Figure 13-1 Firewall: Settings ......................................................................................................................13-3

Figure 13-2 Firewall Rule Directions ...........................................................................................................13-5

Figure 13-3 Firewall: Filter...........................................................................................................................13-7

Figure 13-4 Firewall: Service .......................................................................................................................13-9

Figure 14-1 Remote Management: WWW ................................................................................................... 14-3

Figure 14-2 Telnet Configuration on a TCP/IP Network ..............................................................................14-4

Figure 14-3 Remote Management: Telnet.....................................................................................................14-5

Figure 14-4 Remote Management: FTP .......................................................................................................14-6

Figure 14-5 SNMP Management Model.......................................................................................................14-8

Figure 14-6 Remote Management: SNMP..................................................................................................14-10

xxii List of Figures

Prestige 334W User’s Guide

Figure 14-7 Remote Management: DNS.................................................................................................... 14-12

Figure 14-8 Security................................................................................................................................... 14-13

Figure 15-1 Encryption and Decryption....................................................................................................... 15-2

Figure 15-2 IPSec Architecture.................................................................................................................... 15-3

Figure 15-3 Transport and Tunnel Mode IPSec Encapsulation.................................................................... 15-4

Figure 16-1 IPSec Summary Fields ............................................................................................................. 16-3

Figure 16-2 VPN: Summary ........................................................................................................................ 16-4

Figure 16-3 NAT Router Between IPSec Routers........................................................................................ 16-6

Figure 16-4 VPN Host using Intranet DNS Server Example....................................................................... 16-7

Figure 16-5 VPN: Rule Setup (Basic).........................................................................................................16-11

Figure 16-6 Two Phases to Set Up the IPSec SA....................................................................................... 16-16

Figure 16-7 VPN IKE: Advanced .............................................................................................................. 16-19

Figure 16-8 Rule Setup: Manual................................................................................................................ 16-27

Figure 16-9 SA Monitor............................................................................................................................. 16-31

Figure 16-10 VPN: Global Setting............................................................................................................. 16-32

Figure 16-11 Telecommuters Sharing One VPN Rule Example ................................................................ 16-34

Figure 16-12 Telecommuters Using Unique VPN Rules Example ............................................................ 16-35

Figure 17-1 View Logs................................................................................................................................. 17-1

Figure 17-2 Log Settings.............................................................................................................................. 17-3

Figure 18-1 Application-based Bandwidth Management Example.............................................................. 18-2

Figure 18-2 Subnet-based Bandwidth Management Example ..................................................................... 18-2

Figure 18-3 Application and Subnet-based Bandwidth Management Example........................................... 18-3

Figure 18-4 Bandwidth Usage Example ...................................................................................................... 18-3

Figure 18-5 Maximize Bandwidth Usage Example ..................................................................................... 18-4

Figure 18-6 Bandwidth Management Configuration ................................................................................... 18-9

Figure 18-7 Bandwidth Management Edit..................................................................................................18-11

Figure 18-8 Bandwidth Management Monitor........................................................................................... 18-14

Figure 19-1 Maintenance Status................................................................................................................... 19-1

Figure 19-2 Maintenance System Statistics ................................................................................................. 19-3

Figure 19-3 Maintenance DHCP Table ........................................................................................................ 19-4

Figure 19-4 Maintenance Any IP ................................................................................................................. 19-5

Figure 19-5 Maintenance Association List................................................................................................... 19-6

Figure 19-6 Maintenance Firmware Upload................................................................................................ 19-6

Figure 19-7 Upload Warning........................................................................................................................ 19-7

Figure 19-8 Network Temporarily Disconnected......................................................................................... 19-7

Figure 19-9 Upload Error Message.............................................................................................................. 19-8

Figure 19-10 Maintenance Configuration.................................................................................................... 19-9

Figure 19-11 Configuration Restore Successful......................................................................................... 19-10

Figure 19-12 Temporarily Disconnected.................................................................................................... 19-10

Figure 19-13 Configuration Restore Error..................................................................................................19-11

Figure 19-14 Factory Defaults ....................................................................................................................19-11

List of Figures xxiii

Prestige 334W User’s Guide

Figure 19-15 System Restart.......................................................................................................................19-12

Figure 20-1 Login Screen .............................................................................................................................20-2

Figure 20-2 SMT Menu Overview ...............................................................................................................20-3

Figure 20-3 SMT Main Menu.......................................................................................................................20-5

Figure 20-4 Menu 23 System Password .......................................................................................................20-6

Figure 21-1 Menu 1 General Setup...............................................................................................................21-2

Figure 21-2 Menu 1.1 Configure Dynamic DNS..........................................................................................21-4

Figure 22-1 Menu 2 WAN Setup ..................................................................................................................22-1

Figure 23-1 Menu 3 LAN Setup...................................................................................................................23-1

Figure 23-2 Menu 3.1 LAN Port Filter Setup...............................................................................................23-1

Figure 23-3 Menu 3.2 TCP/IP and DHCP Ethernet Setup............................................................................23-2

Figure 23-4 Physical Network & Partitioned Logical Networks..................................................................23-5

Figure 23-5 Menu 3.2.1: IP Alias Setup........................................................................................................23-5

Figure 23-6 Menu 3.5 Wireless LAN Setup .................................................................................................23-7

Figure 23-7 Menu 3.5 Wireless LAN Setup .................................................................................................23-9

Figure 23-8 Menu 3.5.1 WLAN MAC Address Filter ................................................................................23-10

Figure 23-9 Menu 3.5 Wireless LAN Setup ...............................................................................................23-11

Figure 23-10 Menu 3.5.2 Roaming Configuration .....................................................................................23-12

Figure 24-1 Menu 4 Internet Access Setup...................................................................................................24-1

Figure 24-2 Internet Access Setup (PPTP) ...................................................................................................24-4

Figure 24-3 Internet Access Setup (PPPoE) .................................................................................................24-5

Figure 25-1 Menu 11.1 Remote Node Profile for Ethernet Encapsulation ...................................................25-2

Figure 25-2 Menu 11.1 Remote Node Profile for PPPoE Encapsulation......................................................25-4

Figure 25-3 Menu 11.1 Remote Node Profile for PPTP Encapsulation........................................................25-6

Figure 25-4 Menu 11.3 Remote Node Network Layer Options for Ethernet Encapsulation ........................25-7

Figure 25-5 Menu 11.5: Remote Node Filter (Ethernet Encapsulation) .......................................................25-9

Figure 25-6 Menu 11.5: Remote Node Filter (PPPoE or PPTP Encapsulation) .........................................25-10

Figure 25-7 Menu 11.6: Traffic Redirect Setup ..........................................................................................25-10

Figure 26-1 Menu 12 IP Static Route Setup .................................................................................................26-1

Figure 26-2 Menu12.1 Edit IP Static Route..................................................................................................26-2

Figure 27-1 Menu 14- Dial-in User Setup .................................................................................................... 27-1

Figure 27-2 Menu 14.1- Edit Dial-in User....................................................................................................27-1

Figure 28-1 Menu 4 Applying NAT for Internet Access ...............................................................................28-2

Figure 28-2 Menu 11.3 Applying NAT to the Remote Node ........................................................................28-3

Figure 28-3 Menu 15 NAT Setup..................................................................................................................28-4

Figure 28-4 Menu 15.1 Address Mapping Sets.............................................................................................28-4

Figure 28-5 Menu 15.1.255 SUA Address Mapping Rules ..........................................................................28-5

Figure 28-6 Menu 15.1.1 First Set................................................................................................................28-6

Figure 28-7 Menu 15.1.1.1 Editing/Configuring an Individual Rule in a Set...............................................28-8

Figure 28-8 Menu 15.2.1 NAT Server Setup ................................................................................................28-9

Figure 28-9 Multiple Servers Behind NAT Example.................................................................................. 28-10

xxiv List of Figures

Prestige 334W User’s Guide

Figure 28-10 NAT Example 1 .................................................................................................................... 28-10

Figure 28-11 Menu 4 Internet Access & NAT Example..............................................................................28-11

Figure 28-12 NAT Example 2 .....................................................................................................................28-11

Figure 28-13 Menu 15.2.1 Specifying an Inside Server............................................................................. 28-12

Figure 28-14 NAT Example 3 .................................................................................................................... 28-13

Figure 28-15 Example 3: Menu 11.3.......................................................................................................... 28-14

Figure 28-16 Example 3: Menu 15.1.1.1 ................................................................................................... 28-14

Figure 28-17 Example 3: Final Menu 15.1.1 ............................................................................................. 28-15

Figure 28-18 NAT Example 4 .................................................................................................................... 28-16

Figure 28-19 Example 4: Menu 15.1.1.1 Address Mapping Rule.............................................................. 28-17

Figure 28-20 Example 4: Menu 15.1.1 Address Mapping Rules ............................................................... 28-17

Figure 28-21 Menu 15.3 Trigger Port Setup .............................................................................................. 28-18

Figure 29-1 Menu 21.2 Firewall Setup ........................................................................................................ 29-2

Figure 30-1 Outgoing Packet Filtering Process ........................................................................................... 30-2

Figure 30-2 Filter Rule Process.................................................................................................................... 30-3

Figure 30-4 Menu 21: Filter and Firewall Setup.......................................................................................... 30-4

Figure 30-5 Menu 21.1: Filter Set Configuration......................................................................................... 30-4

Figure 30-6 Menu 21.1.1.1 TCP/IP Filter Rule............................................................................................ 30-7

Figure 30-7 Executing an IP Filter............................................................................................................. 30-10

Figure 30-8 Menu 21.1.4.1 Generic Filter Rule..........................................................................................30-11

Figure 30-9 Telnet Filter Example ............................................................................................................. 30-13

Figure 30-10 Example Filter: Menu 21.1.3.1............................................................................................. 30-14

Figure 30-11 Example Filter Rules Summary: Menu 21.1.3...................................................................... 30-15

Figure 30-12 Protocol and Device Filter Sets ............................................................................................ 30-16

Figure 30-13 Filtering LAN Traffic ........................................................................................................... 30-17

Figure 30-14 Filtering Remote Node Traffic ............................................................................................. 30-18

Figure 31-1 SNMP Management Model...................................................................................................... 31-1

Figure 31-2 Menu 22 SNMP Configuration................................................................................................. 31-3

Figure 32-1 Menu 23 System Security......................................................................................................... 32-1

Figure 32-2 Menu 23 System Security......................................................................................................... 32-1

Figure 32-3 Menu 23.2 System Security : RADIUS Server ........................................................................ 32-2

Figure 32-4 Menu 23 System Security......................................................................................................... 32-3

Figure 32-5 Menu 23.4 System Security : IEEE802.1x............................................................................... 32-4

Figure 33-1 Menu 24 System Maintenance ................................................................................................. 33-1

Figure 33-2 Menu 24.1 System Maintenance : Status.................................................................................. 33-2

Figure 33-3 Menu 24.2 System Information and Console Port Speed......................................................... 33-3

Figure 33-4 Menu 24.2.1 System Maintenance : Information ..................................................................... 33-4

Figure 33-5 Menu 24.2.2 System Maintenance : Change Console Port Speed............................................ 33-5

Figure 33-6 Menu 24.3.2 System Maintenance : Syslog Logging ............................................................... 33-5

Figure 33-7 Call-Triggering Packet Example .............................................................................................. 33-9

Figure 33-8 Menu 24.4 System Maintenance : Diagnostic........................................................................ 33-10

List of Figures xxv

Prestige 334W User’s Guide

Figure 33-9 LAN & WAN DHCP...............................................................................................................33-10

Figure 34-1 Telnet in Menu 24.5 ..................................................................................................................34-3

Figure 34-2 FTP Session Example................................................................................................................34-4

Figure 34-3 Telnet into Menu 24.6 ...............................................................................................................34-7

Figure 34-4 Restore Using FTP Session Example........................................................................................34-8

Figure 34-5 Telnet Into Menu 24.7.1 Upload System Firmware ..................................................................34-9

Figure 34-6 Telnet Into Menu 24.7.2 System Maintenance ..........................................................................34-9

Figure 34-7 FTP Session Example of Firmware File Upload.....................................................................34-10

Figure 35-1 Command Mode in Menu 24 ....................................................................................................35-1

Figure 35-2 Valid Commands .......................................................................................................................35-2

Figure 35-3 Menu 24.9 System Maintenance : Call Control ........................................................................35-2

Figure 35-4 Budget Management .................................................................................................................35-3

Figure 35-5 Call History...............................................................................................................................35-4

Figure 35-6 Menu 24: System Maintenance.................................................................................................35-5

Figure 35-7 Menu 24.10 System Maintenance: Time and Date Setting .......................................................35-5

Figure 36-1 Menu 24.11 – Remote Management Control ............................................................................36-1

Figure 37-1 Menu 26 Schedule Setup...........................................................................................................37-1

Figure 37-2 Menu 26.1 Schedule Set Setup..................................................................................................37-2

Figure 37-3 Applying Schedule Set(s) to a Remote Node (PPPoE)..............................................................37-4

Figure 38-1 VPN SMT Menu Tree ...............................................................................................................38-1

Figure 38-2 Menu 27 VPN/IPSec Setup.......................................................................................................38-2

Figure 38-3 Menu 27.1 IPSec Summary.......................................................................................................38-2

Figure 38-4 Menu 27.1.1 IPSec Setup..........................................................................................................38-6

Figure 38-5 Menu 27.1.1.1 IKE Setup............................................................................................................ 38-11

Figure 38-6 Menu 27.1.1.2 Manual Setup .................................................................................................. 38-14

Figure 39-1 Menu 27.2 SA Monitor .............................................................................................................39-1

xxvi List of Figures

Prestige 334W User’s Guide

List of Tables

Table 2-1 Screens Summary........................................................................................................................... 2-3

Table 3-1 Wizard 2: Wireless LAN Setup...................................................................................................... 3-3

Table 3-2 Wizard 3: Wireless LAN Setup: Basic Security............................................................................. 3-4

Table 3-3 Wizard 3: Wireless LAN Setup: Extend Security .......................................................................... 3-5

Table 3-4 Wizard 4: Ethernet Encapsulation.................................................................................................. 3-6

Table 3-5 Wizard 4: PPPoE Encapsulation .................................................................................................... 3-8

Table 3-6 Wizard 4: PPTP Encapsulation .................................................................................................... 3-10

Table 3-7 Private IP Address Ranges ............................................................................................................3-11

Table 3-8 Example of Network Properties for LAN Servers with Fixed IP Addresses................................ 3-12

Table 3-9 Wizard 5: WAN Setup .................................................................................................................. 3-13

Table 4-1 Media Bandwidth Management Setup 1........................................................................................ 4-2

Table 4-2 Media Bandwidth Management Setup 2: Services......................................................................... 4-3

Table 4-3 Media Bandwidth Management Setup 3: Service Priority............................................................. 4-4

Table 5-1 System General Setup.................................................................................................................... 5-2

Table 5-2 DDNS............................................................................................................................................. 5-4

Table 5-3 Password ........................................................................................................................................ 5-6

Table 5-4 Time Setting................................................................................................................................... 5-7

Table 6-1 IP.................................................................................................................................................... 6-5

Table 6-2 Static DHCP................................................................................................................................... 6-9

Table 6-3 IP Alias......................................................................................................................................... 6-10

Table 7-1 Wireless.......................................................................................................................................... 7-5

Table 7-2 Roaming......................................................................................................................................... 7-8

Table 8-1 Wireless: No Security..................................................................................................................... 8-2

Table 8-2 Wireless Security Relational Matrix .............................................................................................. 8-3

Table 8-3 Wireless: Static WEP Encryption................................................................................................... 8-7

Table 8-4 Wireless: WPA-PSK......................................................................................................................8-11

Table 8-5 Wireless: WPA ............................................................................................................................. 8-15

Table 8-6 Wireless: 802.1x and Dynamic WEP........................................................................................... 8-18

Table 8-7 Wireless: 802.1x and Static WEP................................................................................................. 8-20

Table 8-8 Wireless: 802.1x and No WEP..................................................................................................... 8-24

Table 8-9 MAC Address Filter..................................................................................................................... 8-26

Table 8-10 Local User Database .................................................................................................................. 8-29

Table 8-11 RADIUS..................................................................................................................................... 8-31

Table 9-1 WAN: Route..................................................................................................................................... 9-2

Table 9-2 Ethernet Encapsulation..................................................................................................................... 9-3

Table 9-3 PPPoE Encapsulation ....................................................................................................................... 9-5

Table 9-4 PPTP Encapsulation ......................................................................................................................... 9-7

Table 9-5 WAN: IP .......................................................................................................................................... 9-8

List of Tables xxvii

Prestige 334W User’s Guide

Table 9-6 WAN: Traffic Redirect ....................................................................................................................9-13

Table 10-1 NAT Definitions..........................................................................................................................10-1

Table 10-2 NAT Mapping Types...................................................................................................................10-5

Table 10-3 Services and Port Numbers.........................................................................................................10-7

Table 10-4 SUA/NAT Setup .........................................................................................................................10-9

Table 10-5 Address Mapping...................................................................................................................... 10-11

Table 10-6 Address Mapping Edit ..............................................................................................................10-13

Table 10-7 Trigger Port...............................................................................................................................10-15

Table 11-1 Static Route................................................................................................................................. 11-2

Table 11-2 Static Route: Edit ........................................................................................................................11-3

Table 12-1 Configuring UPnP ......................................................................................................................12-3

Table 13-1 Firewall: Settings........................................................................................................................13-3

Table 13-2 Firewall: Filter ............................................................................................................................13-7

Table 13-3 Firewall: Service.........................................................................................................................13-9

Table 14-1 Remote Management: WWW.....................................................................................................14-3

Table 14-2 Remote Management: Telnet ......................................................................................................14-5

Table 14-3 Remote Management: FTP.........................................................................................................14-6

Table 14-4 SNMP Traps................................................................................................................................14-9

Table 14-5 Remote Management: SNMP ................................................................................................... 14-11

Table 14-6 Remote Management: DNS......................................................................................................14-12

Table 14-7 Security..................................................................................................................................... 14-13

Table 15-1 VPN and NAT............................................................................................................................. 15-5

Table 16-1 AH and ESP................................................................................................................................16-2

Table 16-2 VPN: Summary...........................................................................................................................16-4

Table 16-3 Local ID Type and Content Fields ..............................................................................................16-8

Table 16-4 Peer ID Type and Content Fields ................................................................................................16-9

Table 16-5 Matching ID Type and Content Configuration Example ............................................................16-9

Table 16-6 Mismatching ID Type and Content Configuration Example.......................................................16-9

Table 16-7 VPN: Rule Setup (Basic) ..........................................................................................................16-12

Table 16-8 VPN IKE: Advanced.................................................................................................................16-20

Table 16-9 Rule Setup: Manual ..................................................................................................................16-28

Table 16-10 SA Monitor .............................................................................................................................16-31

Table 16-11 VPN: Global Setting ...............................................................................................................16-32

Table 16-12 Telecommuter and Headquarters Configuration Example ......................................................16-33

Table 17-1 View Logs...................................................................................................................................17-2

Table 17-2 log Settings .................................................................................................................................17-4

Table 18-1 Application and Subnet-based Bandwidth Management Example ............................................. 18-2

Table 18-2 Media Bandwidth Management Priorities ..................................................................................18-5

Table 18-3 Commonly Used Services...........................................................................................................18-6

Table 18-4 Bandwidth Management Configuration....................................................................................18-10

Table 18-5 Bandwidth Management Edit ...................................................................................................18-12

xxviii List of Tables

Prestige 334W User’s Guide

Table 19-1 Maintenance Status .................................................................................................................... 19-2

Table 19-2 Maintenance System Statistics................................................................................................... 19-3

Table 19-3 Maintenance DHCP Table.......................................................................................................... 19-4

Table 19-4 Maintenance Any IP................................................................................................................... 19-5

Table 19-5 Maintenance Association List .................................................................................................... 19-6

Table 19-6 Maintenance Firmware Upload.................................................................................................. 19-7

Table 19-7 Maintenance Restore Configuration ........................................................................................ 19-10

Table 20-1 Main Menu Commands.............................................................................................................. 20-4

Table 20-2 Main Menu Summary ................................................................................................................ 20-5

Table 21-1 Menu 1 General Setup................................................................................................................ 21-2

Table 21-2 Menu 1.1 Configure Dynamic DNS........................................................................................... 21-4

Table 22-1 Menu 2 WAN Setup ................................................................................................................... 22-1

Table 23-1 Menu 3.2: DHCP Ethernet Setup Fields .................................................................................... 23-2

Table 23-2 Menu 3.2: LAN TCP/IP Setup Fields ........................................................................................ 23-4

Table 23-3 Menu 3.2.1: IP Alias Setup......................................................................................................... 23-6

Table 23-4 Menu 3.5 Wireless LAN Setup .................................................................................................. 23-7

Table 23-5 Menu 3.5.1 WLAN MAC Address Filter ................................................................................. 23-10

Table 23-6 Menu 3.5.2 Roaming Configuration ........................................................................................ 23-12

Table 24-1 Menu 4: Internet Access Setup (Ethernet)................................................................................. 24-2

Table 24-2 New Fields in Menu 4 (PPTP) Screen ....................................................................................... 24-4

Table 24-3 New Fields in Menu 4 (PPPoE) screen...................................................................................... 24-5

Table 25-1 Menu 11.1 Remote Node Profile for Ethernet Encapsulation.................................................... 25-2

Table 25-2 Fields in Menu 11.1 (PPPoE Encapsulation Specific) ............................................................... 25-5

Table 25-3 Menu 11.1 Remote Node Profile for PPTP Encapsulation......................................................... 25-6

Table 25-4 Remote Node Network Layer Options....................................................................................... 25-7

Table 25-5 Menu 11.6: Traffic Redirect Setup ........................................................................................... 25-10

Table 26-1 Menu12.1 Edit IP Static Route................................................................................................... 26-2

Table 27-1 Menu 14.1- Edit Dial-in User..................................................................................................... 27-2

Table 28-1 Applying NAT in Menus 4 & 11.3 ............................................................................................. 28-3

Table 28-2 SUA Address Mapping Rules .................................................................................................... 28-5

Table 28-3 Menu 15.1.1 First Set................................................................................................................. 28-7

Table 28-4 Menu 15.1.1.1 Editing/Configuring an Individual Rule in a Set................................................ 28-8

Table 28-5 Menu 15.3 Trigger Port Setup.................................................................................................. 28-18

Table 30-1 Abbreviations Used in the Filter Rules Summary Menu............................................................ 30-5

Table 30-2 Rule Abbreviations Used ........................................................................................................... 30-6

Table 30-3 TCP/IP Filter Rule...................................................................................................................... 30-7

Table 30-4 Generic Filter Rule Menu Fields...............................................................................................30-11

Table 31-1 Menu 22 SNMP Configuration .................................................................................................. 31-3

Table 31-2 SNMP Traps............................................................................................................................... 31-4

Table 31-3 Ports and Permanent Virtual Circuits ......................................................................................... 31-4

Table 32-1 Menu 23.2 System Security : RADIUS Server.......................................................................... 32-2

List of Tables xxix

Prestige 334W User’s Guide

Table 32-2 Menu 23.4 System Security : IEEE802.1x .................................................................................32-4

Table 33-1 System Maintenance: Status Menu Fields ..................................................................................33-2

Table 33-2 Menu 24.2.1 System Maintenance : Information........................................................................33-4

Table 33-3 Menu 24.3.2 System Maintenance : Syslog and Accounting......................................................33-5

Table 33-4 System Maintenance Menu Diagnostic ....................................................................................33-11

Table 34-1 Filename Conventions ................................................................................................................ 34-2

Table 34-2 General Commands for GUI-based FTP Clients ........................................................................34-4

Table 34-3 General Commands for GUI-based TFTP Clients ......................................................................34-6

Table 35-1 Budget Management...................................................................................................................35-3

Table 35-2 Call History Fields......................................................................................................................35-4

Table 35-3 Time and Date Setting Fields......................................................................................................35-6

Table 36-1 Menu 24.11 – Remote Management Control.............................................................................. 36-2

Table 37-1 Menu 26.1 Schedule Set Setup ...................................................................................................37-2

Table 38-1 Menu 27.1 IPSec Summary ........................................................................................................38-2

Table 38-2 Menu 27.1.1 IPSec Setup............................................................................................................38-6

Table 38-3 Menu 27.1.1.1 IKE Setup .............................................................................................................38-11

Table 38-4 Active Protocol: Encapsulation and Security Protocol .............................................................38-13

Table 38-5 Menu 27.1.1.2 Manual Setup....................................................................................................38-14

Table 39-1 Menu 27.2 SA Monitor ............................................................................................................... 39-2

Table C-1 NetBIOS Filter Default Settings ...................................................................................................C-2

xxx List of Tables

Prestige 334W User’s Guide

Preface

About This User's Manual

Congratulations on your purchase of the Prestige 334 802.11g Wireless Broadband Router with Firewall. This manual is designed to guide you through the configuration of your Prestige for its various applications.

Use the web configurator, System Management Terminal (SMT) or command

interpreter interface to configure your Prestige. Not all features can be configured

through all interfaces.

The web configurator parts of this guide contain background information on features configurable by the web configurator and the SMT. The SMT parts of this guide contain background information solely on features not configurable by the web configurator.

This manual may refer to the Prestige 334W or 802.11g Wireless Broadband Router with Firewall as the Prestige.

related information and is READ-ONLY.

Any IP Use this screen to allow a computer to access the Internet without

changing the network settings of the computer, when the IP addresses of the computer and the Prestige are not in the same subnet.

F/W Upload Use this screen to upload firmware to your Prestige.

Configuration Use this screen to backup and restore the configuration or reset the

factory defaults to your Prestige.

Restart This screen allows you to reboot the Prestige without turning the

power off.

2-6 Introducing the Web Configurator

Prestige 334W User’s Guide

Chapter 3

Wizard Setup

This chapter provides information on the Wizard Setup screens in the web configurator.

3.1 Wizard Setup Overview

The web configurator’s setup wizard helps you configure your device to access the Internet. The second screen has three variations depending on what encapsulation type you use. Refer to your ISP checklist in the Quick Start Guide to know what to enter in each field. Leave a field blank if you don’t have that information.

3.2 Wizard Setup: General Setup and System Name

General Setup contains administrative and system-related information. System Name is for identification purposes. However, because some ISPs check this name you should enter your computer's "Computer Name".

• In Windows 95/98 click Start, Settings, Control Panel, Network. Click the Identification tab, note the entry for the Computer Name field and enter it as the System Name.

• In Windows 2000, click Start, Settings and Control Panel and then double-click System. Click the Network Identification tab and then the Properties button. Note the entry for the Computer name field and enter it as the System Name.

• In Windows XP, click Start, My Computer, View system information and then click the Computer Name tab. Note the entry in the Full computer name field and enter it as the Prestige System Name.

3.2.1 Domain Name

The Domain Name entry is what is propagated to the DHCP clients on the LAN. If you leave this blank, the domain name obtained by DHCP from the ISP is used. While you must enter the host name (System Name) on each individual computer, the domain name can be assigned from the Prestige via DHCP. Click Next to configure the Prestige for Internet access.

Wizard Setup 3-1

Prestige 334W User’s Guide

Figure 3-1 Wizard 1: General Setup

3.3 Wizard Setup: Screen 2

Set up your wireless LAN using the second wizard screen.

Figure 3-2 Wizard 2: Wireless LAN Setup

The following table describes the fields in this screen.

3-2 Wizard Setup

Table 3-1 Wizard 2: Wireless LAN Setup

LABEL DESCRIPTION

Prestige 334W User’s Guide

ESSID

Choose Channel ID

Back

Enter a descriptive name (up to 32 printable 7-bit ASCII characters) for the wireless LAN.

If you change this field on the Prestige, make sure all wireless stations use the same ESSID in order to access the network.

To manually set the Prestige to use a channel, select a channel from the drop-down list box.

The level of Security can be selected as none, basic or extended. Choose No security to have no wireless LAN security configured and proceed to the ISP Parameters for Internet Access screen.

Choose Basic security if you want to configure WEP Encryption parameters.

Choose Extend security to configure a Pre-Shared Key.

The third screen varies depending on which security level you select.

Click Back to display the previous screen.

Click Next to proceed to the next screen.

The wireless stations and Prestige must use the same ESSID, channel ID and WEP

encryption key (if WEP is enabled) for wireless communication.

3.4 Wizard Setup: Screen 3

If you choose Basic, you can setup WEP Encryption parameters.

Wizard Setup 3-3

Prestige 334W User’s Guide

Figure 3-3 Wizard 3: Wireless LAN Setup: Basic Security

The following table describes the labels in this screen.

Table 3-2 Wizard 3: Wireless LAN Setup: Basic Security

WEP Encryption

Key 1 to Key 4

Back

Select 64-bit WEP or 128-bit WEP to allow data encryption.

ASCII Select this option in order to enter ASCII characters as the WEP keys.

HEX Select this option to enter hexadecimal characters as the WEP keys.

The preceding “0x” is entered automatically.

The WEP keys are used to encrypt data. Both the Prestige and the wireless stations must use the same WEP key for data transmission.

If you chose 64-bit WEP, then enter any 5 ASCII characters or 10 hexadecimal characters ("0-9", "A-F"). If you chose 128-bit WEP, then enter 13 ASCII characters or 26 hexadecimal characters ("0-9", "A-F").

You must configure all four keys, but only one key can be activated at any one time. The default key is key 1.

Click Back to display the previous screen.

Click Next to proceed to the next screen.

3-4 Wizard Setup

Prestige 334W User’s Guide

If you choose Extend security in the Wireless LAN Setup screen, you can set up a Pre-Shared Key.

Figure 3-4 Wizard 3: Wireless LAN Setup: Extend Security

The following table describes the labels in this screen.

Table 3-3 Wizard 3: Wireless LAN Setup: Extend Security

Pre-Shared Key

Back

Type from 8 to 31 case-sensitive ASCII characters or from 16 to 62 hexadecimal ("0-9", "AF") characters. You must precede a hexadecimal key with a "0x” (zero x), which is not counted as part of the 16 to 62-character range for the key.

Click Back to display the previous screen.

Click Next to proceed to the next screen.

Refer to the chapter on wireless LAN for more information.

3.5 Wizard Setup: Screen 4

The Prestige offers three choices of encapsulation. They are Ethernet, PPP over Ethernet or PPTP.

3.5.1 Ethernet

Choose Ethernet when the WAN port is used as a regular Ethernet.

Wizard Setup 3-5

Prestige 334W User’s Guide

Figure 3-5 Wizard 4: Ethernet Encapsulation

The following table describes the fields in this screen.

Table 3-4 Wizard 4: Ethernet Encapsulation

LABEL DESCRIPTION

ISP Parameters for Internet Access Encapsulation

Service Type

User Name Type the user name given to you by your ISP.

Password Type the password associated with the user name above.

You must choose the Ethernet option when the WAN port is used as a regular Ethernet. Otherwise, choose PPP over Ethernet or PPTP for a dial-up connection.

Choose from Standard, Telstra (RoadRunner Telstra authentication method), RR- Manager (Roadrunner Manager authentication method), RR-Toshiba (Roadrunner Toshiba authentication method) or Telia Login.

The following fields are not applicable (N/A) for the Standard service type.

Type the authentication server IP address here if your ISP gave you one.

This field only applies when you select Telia Login in the Service Type field. Type the domain name of the Telia login server, for example “login1.telia.com”.

3-6 Wizard Setup

Prestige 334W User’s Guide

Table 3-4 Wizard 4: Ethernet Encapsulation

LABEL DESCRIPTION

Relogin Every (min)

Back

This field only applies when you select Telia Login in the Service Type field. The Telia server logs the Prestige out if the Prestige does not log in periodically. Type the number of minutes from 1 to 59 (30 default) for the Prestige to wait between logins.

Click Back to return to the previous screen.

Click Next to continue.

3.5.2 PPPoE Encapsulation

Point-to-Point Protocol over Ethernet (PPPoE) functions as a dial-up connection. PPPoE is an IETF (Internet Engineering Task Force) draft standard specifying how a host personal computer interacts with a broadband modem (for example DSL, cable, wireless, etc.) to achieve access to high-speed data networks. For the service provider, PPPoE offers an access and authentication method that works with existing access control systems (for instance, Radius). For the user, PPPoE provides a login and authentication method that the existing Microsoft Dial-Up Networking software can activate, and therefore requires no new learning or procedures for Windows users. One of the benefits of PPPoE is the ability to let end users access one of multiple network services, a function known as dynamic service selection. This enables the service provider to easily create and offer new IP services for specific users. Operationally, PPPoE saves significant effort for both the subscriber and the ISP/carrier, as it requires no specific configuration of the broadband modem at the subscriber’s site. By implementing PPPoE directly on the Prestige (rather than individual computers), the computers on the LAN do not need PPPoE software installed, since the Prestige does that part of the task. Furthermore, with NAT, all of the LAN's computers will have Internet access. Refer to the appendix for more information on PPPoE.

Wizard Setup 3-7

Prestige 334W User’s Guide

Figure 3-6 Wizard 4: PPPoE Encapsulation

The following table describes the fields in this screen.

Table 3-5 Wizard 4: PPPoE Encapsulation

LABEL DESCRIPTION

ISP Parameter for Internet Access

Encapsulation

Service Name Type the name of your service provider. User Name Type the user name given to you by your ISP. Password Type the password associated with the user name above.

Nailed-Up Connection

Idle Timeout Type the time in seconds that elapses before the router automatically disconnects from

Choose PPP over Ethernet from the pull-down list box. PPPoE forms a dial-up connection.

Select Nailed-Up Connection if you do not want the connection to time out.

the PPPoE server. The default time is 100 seconds.

Click Next to continue.

3-8 Wizard Setup

Prestige 334W User’s Guide

Table 3-5 Wizard 4: PPPoE Encapsulation

LABEL DESCRIPTION

Back

Click Back to return to the previous screen.

3.5.3 PPTP Encapsulation

Point-to-Point Tunneling Protocol (PPTP) is a network protocol that enables transfers of data from a remote client to a private server, creating a Virtual Private Network (VPN) using TCP/IP-based networks. PPTP supports on-demand, multi-protocol, and virtual private networking over public networks, such as the Internet. Refer to the appendix for more information on PPTP.

The PRESTIGE supports one PPTP server connection at any given time.

Figure 3-7 Wizard 4: PPTP Encapsulation

The following table describes the fields in this screen.

Wizard Setup 3-9

Prestige 334W User’s Guide

Table 3-6 Wizard 4: PPTP Encapsulation

LABEL DESCRIPTION

ISP Parameters for Internet Access

Encapsulation

User Name Type the user name given to you by your ISP.

Password Type the password associated with the User Name above.

Nailed-Up Connection

Idle Timeout Type the time in seconds that elapses before the router automatically disconnects

PPTP Configuration

My IP Address Type the (static) IP address assigned to you by your ISP.

My IP Subnet Mask

Server IP Address Type the IP address of the PPTP server.

Connection ID/Name

Back

Select PPTP from the drop-down list box.

Select Nailed-Up Connection if you do not want the connection to time out.

from the PPTP server. The default is 100 seconds.

Type the subnet mask assigned to you by your ISP (if given).

Enter the connection ID or connection name in this field. It must follow the "c:id" and "n:name" format. For example, C:12 or N:My ISP. This field is optional and depends on the requirements of your ISP.

Click Back to return to the previous screen.

Click Next to continue.

3.6 Wizard Setup: Screen 5

The fifth wizard screen allows you to configure WAN IP address assignment, DNS server address assignment and the WAN MAC address.

3.6.1 WAN IP Address Assignment

Every computer on the Internet must have a unique IP address. If your networks are isolated from the Internet, for instance, only between your two branch offices, you can assign any IP addresses to the hosts without problems. However, the Internet Assigned Numbers Authority (IANA) has reserved the following three blocks of IP addresses specifically for private networks.

3-10 Wizard Setup

Prestige 334W User’s Guide

Table 3-7 Private IP Address Ranges

10.0.0.0 - 10.255.255.255

172.16.0.0 - 172.31.255.255

192.168.0.0 - 192.168.255.255

You can obtain your IP address from the IANA, from an ISP or have it assigned by a private network. If you belong to a small organization and your Internet access is through an ISP, the ISP can provide you with the Internet addresses for your local networks. On the other hand, if you are part of a much larger organization, you should consult your network administrator for the appropriate IP addresses.

Regardless of your particular situation, do not create an arbitrary IP address;

always follow the guidelines above. For more information on address assignment,

please refer to RFC 1597, Address Allocation for Private Internets and RFC 1466,

Guidelines for Management of IP Address Space.

3.6.2 IP Address and Subnet Mask

Similar to the way houses on a street share a common street name, so too do computers on a LAN share one common network number. Where you obtain your network number depends on your particular situation. If the ISP or your network administrator assigns you a block of registered IP addresses, follow their instructions in selecting the IP addresses and the subnet mask. If the ISP did not explicitly give you an IP network number, then most likely you have a single user account and the ISP will assign you a dynamic IP address when the connection is established. The Internet Assigned Number Authority (IANA) reserved this block of addresses specifically for private use; please do not use any other number unless you are told otherwise. Let's say you select 192.168.1.0 as the network number; which covers 254 individual addresses, from 192.168.1.1 to 192.168.1.254 (zero and 255 are reserved). In other words, the first three numbers specify the network number while the last number identifies an individual computer on that network. Once you have decided on the network number, pick an IP address that is easy to remember, for instance,

192.168.1.1, for your Prestige, but make sure that no other device on your network is using that IP address.

The subnet mask specifies the network number portion of an IP address. Your Prestige will compute the subnet mask automatically based on the IP address that you entered. You don't need to change the subnet mask computed by the Prestige unless you are instructed to do otherwise.

3.6.3 DNS Server Address Assignment

Use DNS (Domain Name System) to map a domain name to its corresponding IP address and vice versa, for instance, the IP address of www.zyxel.com is 204.217.0.2. The DNS server is extremely important because without it, you must know the IP address of a computer before you can access it.

Wizard Setup 3-11

Prestige 334W User’s Guide

The Prestige can get the DNS server addresses in the following ways.

1. The ISP tells you the DNS server addresses, usually in the form of an information sheet, when you sign up. If your ISP gives you DNS server addresses, enter them in the DNS Server fields in DHCP Setup.

2. If the ISP did not give you DNS server information, leave the DNS Server fields in DHCP Setup set to

0.0.0.0 for the ISP to dynamically assign the DNS server IP addresses.

3.6.4 WAN MAC Address

Every Ethernet device has a unique MAC (Media Access Control) address. The MAC address is assigned at the factory and consists of six pairs of hexadecimal characters, for example, 00:A0:C5:00:00:02. You can configure the WAN port's MAC address by either using the factory default or cloning the MAC address from a computer on your LAN. Once it is successfully configured, the address will be copied to the "rom" file (ZyNOS configuration file). It will not change unless you change the setting or upload a different "rom" file.

ZyXEL recommends you clone the MAC address from a computer on your LAN

even if your ISP does not require MAC address authentication.

Table 3-8 Example of Network Properties for LAN Servers with Fixed IP Addresses

Choose an IP address 192.168.1.2-192.168.1.32; 192.168.1.65-192.168.1.254.

Subnet mask 255.255.255.0

Gateway (or default route) 192.168.1.1(Prestige LAN IP)

The fifth wizard screen varies according to the type of encapsulation that you select in the third wizard screen.

3-12 Wizard Setup

Prestige 334W User’s Guide

Figure 3-8 Wizard 5: WAN Setup

The following table describes the fields in this screen.

Table 3-9 Wizard 5: WAN Setup

LABEL DESCRIPTION

WAN IP Address Assignment

Get automatically from

Use fixed IP address Select this option If the ISP assigned a fixed IP address.

My WAN IP Address

Select this option If your ISP did not assign you a fixed IP address. This is the

ISP

default selection.

Enter your WAN IP address in this field if you selected Use Fixed IP Address.

Wizard Setup 3-13

Prestige 334W User’s Guide

Table 3-9 Wizard 5: WAN Setup

LABEL DESCRIPTION

System DNS Server Address Assignment (if applicable) DNS (Domain Name System) is for mapping a domain name to its corresponding IP address and vice versa. The DNS server is extremely important because without it, you must know the IP address of a computer before you can access it. The Prestige uses a system DNS server (in the order you specify here) to resolve domain names for VPN, DDNS and the time server.

First DNS Server

Second DNS Server

Third DNS Server

WAN MAC Address The MAC address field allows you to configure the WAN port's MAC Address by

Factory Default Select this option to use the factory assigned default MAC Address.

Spoof this Computer's

MAC address - IP

Address

Back

Select From ISP if your ISP dynamically assigns DNS server information (and the Prestige's WAN IP address). The field to the right displays the (read-only) DNS server IP address that the ISP assigns.

Select User-Defined if you have the IP address of a DNS server. Enter the DNS server's IP address in the field to the right.

Select None if you do not want to configure DNS servers. If you do not configure a system DNS server, you must use IP addresses when configuring VPN, DDNS and the time server.

either using the factory default or cloning the MAC address from a computer on your LAN.

Select this option and enter the IP address of the computer on the LAN whose MAC you are cloning. Once it is successfully configured, the address will be copied to the rom file (ZyNOS configuration file). It will not change unless you change the setting or upload a different rom file. It is advisable to clone the MAC address from a computer on your LAN even if your ISP does not presently require MAC address authentication.

Click Back to return to the previous screen.

Click Next to continue.

3.7 Basic Setup Complete

Click Back to return to the previous screen or click Finish to complete and save the wizard setup.

3-14 Wizard Setup

Prestige 334W User’s Guide

Figure 3-9 Wizard Finish

Well done! You have successfully set up your Prestige to operate on your network and access the Internet.

Wizard Setup 3-15

Prestige 334W User’s Guide

Chapter 4

Media Bandwidth Management Setup

This chapter provides information on the bandwidth management setup screens in the web

configurator.

4.1 Media Bandwidth Management Setup Overview

The web configurator’s BW SETUP allows you to specify bandwidth classes based on an application and/or subnet. You can allocate specific amounts of bandwidth capacity (bandwidth budgets) to different bandwidth classes. The Prestige applies bandwidth management to traffic that it forwards out through an interface. The Prestige does not control the bandwidth of traffic that comes into an interface. Bandwidth management applies to all traffic flowing out of the router through the interface, regardless of the traffic's source. Traffic redirect or IP alias may cause LAN-to-LAN traffic to pass through the Prestige and be managed by bandwidth management.

4.2 Media Bandwidth Management Setup 1

Click BM SETUP in the main menu to display the first wizard screen.

Figure 4-1 Media Bandwidth Management Setup 1

Bandwidth Management Setup 4-1

Prestige 334W User’s Guide

Table 4-1 Media Bandwidth Management Setup 1

LABEL DESCRIPTION

Active

Managed Bandwidth

(Kbps)

Select the Active check box to have the Prestige apply bandwidth management to traffic going out through the Prestige’s WAN, LAN or WLAN port.

Enter the amount of Managed Bandwidth in kbps (2 to 100,000) that you want to allocate for traffic. 20 kbps to 20,000 kbps is recommended. The recommendation is to set this speed to be equal to or less than the speed of the broadband device connected to the WAN port.

For example, set the speed to 1000 Kbps (or less) if the broadband device connected to the WAN port has an upstream speed of 1000 Kbps.

Click Next to continue.

4.3 Media Bandwidth Management Setup 2

Use the second wizard screen to select the services that you want to apply bandwidth management.

Figure 4-2 Media Bandwidth Management Setup 2: Services

The following table describes the fields in this screen.

4-2 Bandwidth Management Setup

Table 4-2 Media Bandwidth Management Setup 2: Services

LABEL DESCRIPTION

Prestige 334W User’s Guide

Choose Channel ID

Create bandwidth management classes by selecting services from the list provided.

 XBox Live  VoIP (SIP)  FTP  E-Mail  eMule/eDonkey

 WWW

For a detailed description of these services, see the Media Bandwidth Management

Back

chapter.

Click Back to display the previous screen.

Click Next to proceed to the next screen.

Refer to the chapter on Media Bandwidth Management for more information.

4.4 Media Bandwidth Management Setup 3:

Use the third wizard screen to select the priorities that you want to apply to the services listed.

Figure 4-3 Media Bandwidth Management Setup 3: Service Priority

The following table describes the fields in this screen.

Bandwidth Management Setup 4-3

Prestige 334W User’s Guide

Table 4-3 Media Bandwidth Management Setup 3: Service Priority

LABEL DESCRIPTION

Service These fields display the services selected in the previous screen. Priority

Back

Finish

Select High, Mid or Low priority for each service to have your Prestige use a priority for traffic that matches that service.

If the rules set up in this wizard are changed in ADVANCED - BW MGMT - Configuration, then the service priority radio button will be set to Others.

The ADVANCED - BW MGMT - Configuration - Edit configuration screens allow you to edit these rule configurations.

Click Back to return to the previous screen.

Click Finish to complete and save the bandwidth management setup.

4.5 Media Bandwidth Management Setup Complete

Well done! You have finished configuration of Media Bandwidth Management. You may now continue configuring your device.

Figure 4-4 Media Bandwidth Management Setup 4: Finish

4-4 Bandwidth Management Setup

System, LAN, WLAN and WAN

Part II:

System, LAN, WLAN and WAN

This part covers configuration of the system, LAN, WLAN and WAN screens.

System Screens

This chapter provides information on the System screens.

5.1 System Overview

See the Wizard Setup chapter for more information on the next few screens.

5.2 Configuring General Setup

Click SYSTEM to open the General screen.

Prestige 334W User’s Guide

Chapter 5

Figure 5-1 System General Setup

System Screens 5-1

Prestige 334W User’s Guide

The following table describes the labels in this screen.

Table 5-1 System General Setup

LABEL DESCRIPTION

System Name Choose a descriptive name for identification purposes. It is recommended you enter

your computer’s “Computer name” in this field (see the Wizard Setup chapter for how to find your computer’s name). This name can be up to 30 alphanumeric characters long. Spaces are not allowed, but dashes “-” and underscores "_" are accepted.

Domain Name Enter the domain name (if you know it) here. If you leave this field blank, the ISP may

assign a domain name via DHCP.

The domain name entered by you is given priority over the ISP assigned domain name.

Administrator Inactivity Timer

System DNS Servers (if applicable) DNS (Domain Name System) is for mapping a domain name to its corresponding IP address and vice versa. The DNS server is extremely important because without it, you must know the IP address of a computer before you can access it. The Prestige uses a system DNS server (in the order you specify here) to resolve domain names for VPN, DDNS and the time server.

First DNS Server

Second DNS Server

Third DNS Server

Apply

Reset

Type how many minutes a management session (either via the web configurator or SMT) can be left idle before the session times out. The default is 5 minutes. After it times out you have to log in with your password again. Very long idle timeouts may have security risks. A value of "0" means a management session never times out, no matter how long it has been left idle (not recommended).

Select From ISP if your ISP dynamically assigns DNS server information (and the Prestige's WAN IP address). The field below displays the (read-only) DNS server IP address that the ISP assigns.

Select User-Defined if you have the IP address of a DNS server. Enter the DNS server's IP address in the field below. If you chose User-Defined, but leave the IP address set to 0.0.0.0, User-Defined changes to None after you click Apply. If you set a second choice to User-Defined, and enter the same IP address, the second User- Defined changes to None after you click Apply.

Select None if you do not want to configure DNS servers. If you do not configure a system DNS server, you must use IP addresses when configuring VPN, DDNS and the time server.

Click Apply to save your changes back to the Prestige.

Click Reset to begin configuring this screen afresh.

5-2 System Screens

Prestige 334W User’s Guide

5.3 Dynamic DNS

Dynamic DNS allows you to update your current dynamic IP address with one or many dynamic DNS services so that anyone can contact you (in NetMeeting, CU-SeeMe, etc.). You can also access your FTP server or Web site on your own computer using a domain name (for instance myhost.dhs.org, where myhost is a name of your choice) that will never change instead of using an IP address that changes each time you reconnect. Your friends or relatives will always be able to call you even if they don't know your IP address.

First of all, you need to have registered a dynamic DNS account with www.dyndns.org. This is for people with a dynamic IP from their ISP or DHCP server that would still like to have a domain name. The Dynamic DNS service provider will give you a password or key.

5.3.1 DynDNS Wildcard

Enabling the wildcard feature for your host causes *.yourhost.dyndns.org to be aliased to the same IP address as yourhost.dyndns.org. This feature is useful if you want to be able to use, for example, www.yourhost.dyndns.org and still reach your hostname.

If you have a private WAN IP address, then you cannot use Dynamic DNS.

5.4 Configuring Dynamic DNS

To change your Prestige’s DDNS, click SYSTEM, then the DDNS tab. The screen appears as shown.

System Screens 5-3

Prestige 334W User’s Guide

Figure 5-2 DDNS

The following table describes the labels in this screen.

Table 5-2 DDNS

LABEL DESCRIPTION

Active Select this check box to use dynamic DNS.

Service Provider Select the name of your Dynamic DNS service provider.

DDNS Type Select the type of service that you are registered for from your Dynamic DNS

service provider.

5-4 System Screens

Prestige 334W User’s Guide

Table 5-2 DDNS

LABEL DESCRIPTION

Host Names 1~3 Enter the host names in the three fields provided. You can specify up to two host

names in each field separated by a comma (",").

User Enter your user name.

Password Enter the password assigned to you.

Enable Wildcard Select the check box to enable DynDNS Wildcard.

Off Line

Edit Update IP Address:

Server Auto Detect Select this option to update the IP address of the host name(s) automatically by

User Specify Select this option to update the IP address of the host name(s) to the IP address

IP Addr

Apply

Reset

This option is available when CustomDNS is selected in the DDNS Type field. Check with your Dynamic DNS service provider to have traffic redirected to a URL (that you can specify) while you are off line.

the DDNS server. It is recommended that you select this option.

specified below. Use this option if you have a static IP address.

Enter the IP address if you select the User Specify option.

Click Apply to save your changes back to the Prestige.

Click Reset to begin configuring this screen afresh.

5.5 Configuring Password

To change your Prestige’s password (recommended), click SYSTEM, then the Password tab. The screen appears as shown. This screen allows you to change the Prestige’s password.

System Screens 5-5

Prestige 334W User’s Guide

Figure 5-3 Password

The following table describes the labels in this screen.

Table 5-3 Password

LABEL DESCRIPTION

Old Password Type the default password or the existing password you use to access the system

in this field.

New Password Type the new password in this field.

Retype to Confirm Type the new password again in this field.

Apply

Reset

Click Apply to save your changes back to the Prestige.

Click Reset to begin configuring this screen afresh.

5.6 Configuring Time Zone

To change your Prestige’s time and date, click SYSTEM, then the Time Zone tab. The screen appears as shown. Use this screen to configure the Prestige’s time based on your local time zone.

5-6 System Screens

Prestige 334W User’s Guide

Figure 5-4 Time Setting

The following table describes the labels in this screen.

Table 5-4 Time Setting

LABEL DESCRIPTION

Use Time Server when Bootup

Select the time service protocol that your time server sends when you turn on the Prestige. Not all time servers support all protocols, so you may have to check with your ISP/network administrator or use trial and error to find a protocol that works.

The main difference between them is the format.

Daytime (RFC 867) format is day/month/year/time zone of the server. Time (RFC 868) format displays a 4-byte integer giving the total number of seconds

since 1970/1/1 at 0:0:0. The default, NTP (RFC 1305), is similar to Time (RFC 868). Select None to enter the time and date manually.

System Screens 5-7

Prestige 334W User’s Guide

Table 5-4 Time Setting

LABEL DESCRIPTION

Time Server IP Address

Current Time This field displays the time of your Prestige.

New Time This field displays the last updated time from the time server.

Current Date This field displays the date of your Prestige.

New Date This field displays the last updated date from the time server.

Time Zone Choose the Time Zone of your location. This will set the time difference between

Daylight Savings Select this option if you use daylight savings time. Daylight saving is a period from

Start Date Enter the month and day that your daylight-savings time starts on if you selected

End Date Enter the month and day that your daylight-savings time ends on if you selected

Apply

Reset

Enter the IP address of your time server. Check with your ISP/network administrator if you are unsure of this information.

Each time you reload this page, the Prestige synchronizes the time with the time server.

When you select None in the Time Protocol field, enter the new time in this field and then click Apply.

Each time you reload this page, the Prestige synchronizes the time with the time server.

When you select None in the Time Protocol field, enter the new date in this field and then click Apply.

your time zone and Greenwich Mean Time (GMT).

late spring to early fall when many countries set their clocks ahead of normal local time by one hour to give more daytime light in the evening.

Daylight Savings.

Click Apply to save your changes back to the Prestige.

Click Reset to begin configuring this screen afresh.

5-8 System Screens

Prestige 334W User’s Guide

Chapter 6

LAN Screens

This chapter describes how to configure LAN settings.

6.1 LAN Overview

Local Area Network (LAN) is a shared communication system to which many computers are attached. The LAN screens can help you configure a LAN DHCP server, manage IP addresses, and partition your physical network into logical networks.

6.2 DHCP Setup

DHCP (Dynamic Host Configuration Protocol, RFC 2131 and RFC 2132) allows individual clients to obtain TCP/IP configuration at start-up from a server. You can configure the Prestige as a DHCP server or disable it. When configured as a server, the Prestige provides the TCP/IP configuration for the clients. If DHCP service is disabled, you must have another DHCP server on your LAN, or else the computer must be manually configured.

6.2.1 IP Pool Setup

The Prestige is pre-configured with a pool of 32 IP addresses starting from 192.168.1.33 to 192.168.1.64. This configuration leaves 31 IP addresses (excluding the Prestige itself) in the lower range for other server computers, for instance, servers for mail, FTP, TFTP, web, etc., that you may have.

6.2.2 System DNS Servers

Refer to the IP Address and Subnet Mask section in the Wizard Setup chapter.

6.3 LAN TCP/IP

The Prestige has built-in DHCP server capability that assigns IP addresses and DNS servers to systems that support DHCP client capability.

6.3.1 Factory LAN Defaults

The LAN parameters of the Prestige are preset in the factory with the following values:

 IP address of 192.168.1.1 with subnet mask of 255.255.255.0 (24 bits)  DHCP server enabled with 32 client IP addresses starting from 192.168.1.33.

LAN Screens 6-1

Prestige 334W User’s Guide

These parameters should work for the majority of installations. If your ISP gives you explicit DNS server address(es), read the embedded web configurator help regarding what fields need to be configured.

6.3.2 IP Address and Subnet Mask

Refer to the IP Address and Subnet Mask section in the Wizard Setup chapter for this information.

6.3.3 RIP Setup

RIP (Routing Information Protocol, RFC 1058 and RFC 1389) allows a router to exchange routing information with other routers. RIP Direction controls the sending and receiving of RIP packets. When set to Both or Out Only, the Prestige will broadcast its routing table periodically. When set to Both or In Only, it will incorporate the RIP information that it receives; when set to None, it will not send any RIP packets and will ignore any RIP packets received.

RIP Version controls the format and the broadcasting method of the RIP packets that the Prestige sends (it recognizes both formats when receiving). RIP-1 is universally supported; but RIP-2 carries more information. RIP-1 is probably adequate for most networks, unless you have an unusual network topology.

Both RIP-2B and RIP-2M send routing data in RIP-2 format; the difference being that RIP-2B uses subnet broadcasting while RIP-2M uses multicasting. Multicasting can reduce the load on non-router machines since they generally do not listen to the RIP multicast address and so will not receive the RIP packets. However, if one router uses multicasting, then all routers on your network must use multicasting, also.

By default, RIP Direction is set to Both and RIP Version to RIP-1.

6.3.4 Multicast

Traditionally, IP packets are transmitted in one of either two ways - Unicast (1 sender - 1 recipient) or Broadcast (1 sender - everybody on the network). Multicast delivers IP packets to a group of hosts on the network - not everybody and not just 1.

IGMP (Internet Group Multicast Protocol) is a network-layer protocol used to establish membership in a Multicast group - it is not used to carry user data. IGMP version 2 (RFC 2236) is an improvement over version 1 (RFC 1112) but IGMP version 1 is still in wide use. If you would like to read more detailed information about interoperability between IGMP version 2 and version 1, please see sections 4 and 5 of RFC 2236. The class D IP address is used to identify host groups and can be in the range 224.0.0.0 to

239.255.255.255. The address 224.0.0.0 is not assigned to any group and is used by IP multicast computers.

The address 224.0.0.1 is used for query messages and is assigned to the permanent group of all IP hosts (including gateways). All hosts must join the 224.0.0.1 group in order to participate in IGMP. The address

224.0.0.2 is assigned to the multicast routers group.

The Prestige supports both IGMP version 1 (IGMP-v1) and IGMP version 2 (IGMP-v2). At start up, the Prestige queries all directly connected networks to gather group membership. After that, the Prestige periodically updates this information. IP multicasting can be enabled/disabled on the Prestige LAN and/or WAN interfaces in the web configurator (LAN; WAN). Select None to disable IP multicasting on these interfaces.

6-2 LAN Screens

Prestige 334W User’s Guide

6.4 Any IP

Traditionally, you must set the IP addresses and the subnet masks of a computer and the Prestige to be in the same subnet to allow the computer to access the Internet (through the Prestige). In cases where your computer is required to use a static IP address in another network, you may need to manually configure the network settings of the computer every time you want to access the Internet via the Prestige.

With the Any IP feature and NAT enabled, the Prestige allows a computer to access the Internet without changing the network settings (such as IP address and subnet mask) of the computer, when the IP addresses of the computer and the Prestige are not in the same subnet. Whether a computer is set to use a dynamic or static (fixed) IP address, you can simply connect the computer to the Prestige and access the Internet.

The following figure depicts a scenario where a computer is set to use a static private IP address in the corporate environment. In a residential house where a Prestige is installed, you can still use the computer to access the Internet without changing the network settings, even when the IP addresses of the computer and the Prestige are not in the same subnet.

Figure 6-1 Any IP Example Application

The Any IP feature does not apply to a computer using either a dynamic IP address or a static IP address that is in the same subnet as the Prestige’s IP address.

LAN Screens 6-3

Prestige 334W User’s Guide

You must enable NAT/SUA to use the Any IP feature on the Prestige.

6.4.1 How Any IP Works

Address Resolution Protocol (ARP) is a protocol for mapping an Internet Protocol address (IP address) to a physical machine address, also known as a Media Access Control or MAC address, on the local area network. IP routing table is defined on IP Ethernet devices (the Prestige) to decide which hop to use, forward data along to its specified destination.

The following lists out the steps taken, when a computer tries to access the Internet for the first time through the Prestige.

Step 1. When a computer (which is in a different subnet) first attempts to access the Internet, it sends

packets to its default gateway (which is not the Prestige) by looking at the MAC address in its ARP table.

Step 2. When the computer cannot locate the default gateway, an ARP request is broadcast on the LAN. Step 3. The Prestige receives the ARP request and replies to the computer with its own MAC address. Step 4. The computer updates the MAC address for the default gateway to the ARP table. Once the ARP

table is updated, the computer is able to access the Internet through the Prestige.

Step 5. When the Prestige receives packets from the computer, it creates an entry in the IP routing table so it

can properly forward packets intended for the computer.

After all the routing information is updated, the computer can access the Prestige and the Internet as if it is in the same subnet as the Prestige.

to help

6.5 Configuring IP

Click LAN to open the IP screen.

6-4 LAN Screens

Prestige 334W User’s Guide

Figure 6-2 IP

The following table describes the fields in this screen.

Table 6-1 IP

LABEL DESCRIPTION

DHCP Server DHCP (Dynamic Host Configuration Protocol, RFC 2131 and RFC 2132) allows

individual clients (computers) to obtain TCP/IP configuration at startup from a server. Leave the DHCP Server check box selected unless your ISP instructs you to do otherwise. Clear it to disable the Prestige acting as a DHCP server. When configured as a server, the Prestige provides TCP/IP configuration for the clients. If not, DHCP service is disabled and you must have another DHCP server on your LAN, or else the computers must be manually configured. When set as a server, fill in the following four fields.

IP Pool Starting

Address

This field specifies the first of the contiguous addresses in the IP address pool.

LAN Screens 6-5

Prestige 334W User’s Guide

Table 6-1 IP

LABEL DESCRIPTION

Pool Size This field specifies the size, or count of the IP address pool.

DNS Servers Assigned by DHCP Server

The Prestige passes a DNS (Domain Name System) server IP address (in the order you specify here) to the DHCP clients. The Prestige only passes this information to the LAN DHCP clients when you select the DHCP Server check box. When you clear the DHCP Server check box, DHCP service is disabled and you must have another DHCP sever on your LAN, or else the computers must have their DNS server addresses manually configured.

First DNS Server Second DNS Server Third DNS Server

LAN TCP/IP

IP Address Type the IP address of your Prestige in dotted decimal notation 192.168.1.1 (factory

IP Subnet Mask The subnet mask specifies the network number portion of an IP address. Your

Select From ISP if your ISP dynamically assigns DNS server information (and the Prestige's WAN IP address). The field to the right displays the (read-only) DNS server IP address that the ISP assigns.

Select User-Defined if you have the IP address of a DNS server. Enter the DNS server's IP address in the field to the right. If you chose User-Defined, but leave the IP address set to 0.0.0.0, User-Defined changes to None after you click Apply. If you set a second choice to User-Defined, and enter the same IP address, the second User-Defined changes to None after you click Apply.

Select DNS Relay to have the Prestige act as a DNS proxy. The Prestige's LAN IP address displays in the field to the right (read-only). The Prestige tells the DHCP clients on the LAN that the Prestige itself is the DNS server. When a computer on the LAN sends a DNS query to the Prestige, the Prestige forwards the query to the Prestige's system DNS server (configured in the SYSTEM General screen) and relays the response back to the computer. You can only select DNS Relay for one of the three servers; if you select DNS Relay for a second or third DNS server, that choice changes to None after you click Apply.

Select None if you do not want to configure DNS servers. If you do not configure a DNS server, you must know the IP address of a computer in order to access it.

default).

Prestige will automatically calculate the subnet mask based on the IP address that you assign. Unless you are implementing subnetting, use the subnet mask computed by the Prestige 255.255.255.0.

6-6 LAN Screens

Prestige 334W User’s Guide

Table 6-1 IP

LABEL DESCRIPTION

RIP Direction RIP (Routing Information Protocol, RFC1058 and RFC 1389) allows a router to

exchange routing information with other routers. The RIP Direction field controls the sending and receiving of RIP packets. Select the RIP direction from Both/In Only/Out Only/None. When set to Both or Out Only, the Prestige will broadcast its routing table periodically. When set to Both or In Only, it will incorporate the RIP information that it receives; when set to None, it will not send any RIP packets and will ignore any RIP packets received. Both is the default.

RIP Version

Multicast

Any IP Setup

Active Select this option to activate the Any-IP feature. This allows a computer to access

Windows Networking (NetBIOS over TCP/IP): NetBIOS (Network Basic Input/Output System) are TCP or UDP broadcast packets that enable a computer to connect to and communicate with a LAN. For some dialup services such as PPPoE or PPTP, NetBIOS packets cause unwanted calls. However it may sometimes be necessary to allow NetBIOS packets to pass through to the WAN in order to find a computer on the WAN.

The RIP Version field controls the format and the broadcasting method of the RIP packets that the Prestige sends (it recognizes both formats when receiving). RIP-1 is universally supported but RIP-2 carries more information. RIP-1 is probably adequate for most networks, unless you have an unusual network topology. Both

RIP-2B and RIP-2M sends the routing data in RIP-2 format; the difference being that RIP-2B uses subnet broadcasting while RIP-2M uses multicasting. Multicasting can

reduce the load on non-router machines since they generally do not listen to the RIP multicast address and so will not receive the RIP packets. However, if one router uses multicasting, then all routers on your network must use multicasting, also. By default, RIP direction is set to Both and the Version set to RIP-1.

Select IGMP V-1 or IGMP V-2 or None. IGMP (Internet Group Multicast Protocol) is a network-layer protocol used to establish membership in a Multicast group - it is not used to carry user data. IGMP version 2 (RFC 2236) is an improvement over version 1 (RFC 1112) but IGMP version 1 is still in wide use. If you would like to read more detailed information about interoperability between IGMP version 2 and version 1, please see sections 4 and 5 of RFC 2236.

the Internet without changing the network settings (such as IP address and subnet mask) of the computer, even when the IP addresses of the computer and the Prestige are not in the same subnet.

When you disable the Any-IP feature, only computers with dynamic IP addresses or static IP addresses in the same subnet as the Prestige’s LAN IP address can connect to the Prestige or access the Internet through the Prestige.

LAN Screens 6-7

Prestige 334W User’s Guide

Table 6-1 IP

LABEL DESCRIPTION

Allow from LAN to

WAN

Apply

Reset

Select this check box to forward NetBIOS packets from the LAN to the WAN and from the WAN to the LAN. If your firewall is enabled with the default policy set to block WAN to LAN traffic, you also need to enable the default WAN to LAN firewall rule that forwards NetBIOS traffic.

Clear this check box to block all NetBIOS packets going from the LAN to the WAN and from the WAN to the LAN.

Click Apply to save your changes back to the Prestige.

Click Reset to begin configuring this screen afresh.

6.6 Configuring Static DHCP

This table allows you to assign IP addresses on the LAN to specific individual computers based on their MAC Addresses.

Every Ethernet device has a unique MAC (Media Access Control) address. The MAC address is assigned at the factory and consists of six pairs of hexadecimal characters, for example, 00:A0:C5:00:00:02.

To change your Prestige’s Static DHCP settings, click LAN, then the Static DHCP tab. The screen appears as shown.

Figure 6-3 Static DHCP

The following table describes the labels in this screen.

6-8 LAN Screens

Prestige 334W User’s Guide

Table 6-2 Static DHCP

LABEL DESCRIPTION

MAC Address Type the MAC address (with colons) of a computer on your LAN.

IP Address This field specifies the size, or count of the IP address pool.

Apply

Reset

This is the index number of the Static IP table entry (row).

Click Apply to save your changes back to the Prestige.

Click Reset to begin configuring this screen afresh.

6.7 Configuring IP Alias

IP Alias allows you to partition a physical network into different logical networks over the same Ethernet interface. The Prestige supports three logical LAN interfaces via its single physical Ethernet interface with the Prestige itself as the gateway for each LAN network.

To change your Prestige’s IP Alias settings, click LAN, then the IP Alias tab. The screen appears as shown.

Figure 6-4 IP Alias

The following table describes the labels in this screen.

LAN Screens 6-9

Prestige 334W User’s Guide

Table 6-3 IP Alias

LABEL DESCRIPTION

IP Alias 1,2 Select the check box to configure another LAN network for the Prestige.

IP Address Enter the IP address of your Prestige in dotted decimal notation.

IP Subnet Mask Your Prestige will automatically calculate the subnet mask based on the IP address

that you assign. Unless you are implementing subnetting, use the subnet mask computed by the Prestige.

RIP Direction RIP (Routing Information Protocol, RFC1058 and RFC 1389) allows a router to

RIP Version

Apply

Reset

RIP-2B and RIP-2M sends the routing data in RIP-2 format; the difference being that RIP-2B uses subnet broadcasting while RIP-2M uses multicasting. Multicasting can

Click Apply to save your changes back to the Prestige.

Click Reset to begin configuring this screen afresh.

6-10 LAN Screens

Prestige 334W User’s Guide

Chapter 7

Wireless Configuration and Roaming

This chapter discusses how to configure the Wireless and Roaming screens on the Prestige.

7.1 Wireless LAN Overview

This section introduces the wireless LAN(WLAN) and some basic scenarios.

7.1.1 IBSS

An Independent Basic Service Set (IBSS), also called an Ad-hoc network, is the simplest WLAN configuration. An IBSS is defined as two or more computers with wireless adapters within range of each other that from an independent (wireless) network without the need of an access point (AP).

Figure 7-1 IBSS (Ad-hoc) Wireless LAN

7.1.2 BSS

A Basic Service Set (BSS) exists when all communications between wireless stations or between a wireless station and a wired network client go through one access point (AP).

Intra-BSS traffic is traffic between wireless stations in the BSS. When Intra-BSS is enabled, wireless station A and B can access the wired network and communicate with each other. When Intra-BSS is disabled, wireless station A and B can still access the wired network but cannot communicate with each other.

Wireless Configuration and Roaming 7-1

Prestige 334W User’s Guide

Figure 7-2 Basic Service set

7.1.3 ESS

An Extended Service Set (ESS) consists of a series of overlapping BSSs, each containing an access point, with each access point connected together by a wired network. This wired connection between APs is called a Distribution System (DS). An ESSID (ESS IDentification) uniquely identifies each ESS. All access points and their associated wireless stations within the same ESS must have the same ESSID in order to communicate.

7-2 Wireless Configuration and Roaming

Prestige 334W User’s Guide

Figure 7-3 Extended Service Set

7.2 Wireless LAN Basics

Refer also to the Wizard Setup chapter for more background information on Wireless LAN features, such as channels.

7.2.1 RTS/CTS

A hidden node occurs when two stations are within range of the same access point, but are not within range of each other. The following figure illustrates a hidden node. Both stations (STA) are within range of the access point (AP) or wireless gateway, but out-of-range of each other, so they cannot “hear” each other, that is they do not know if the channel is currently being used. Therefore, they are considered hidden from each other.

Wireless Configuration and Roaming 7-3

Prestige 334W User’s Guide

Stations A and B do not hear each other. They can hear the Prestige.

Figure 7-4 RTS/CTS

When station A sends data to the Prestige, it might not know that station B is already using the channel. If these two stations send data at the same time, collisions may occur when both sets of data arrive at the AP at the same time, resulting in a loss of messages for both stations.

RTS/CTS is designed to prevent collisions due to hidden nodes. An RTS/CTS defines the biggest size data frame you can send before an RTS (Request To Send)/CTS (Clear to Send) handshake is invoked.

When a data frame exceeds the RTS/CTS value you set (between 0 to 2432 bytes), the station that wants to transmit this frame must first send an RTS (Request To Send) message to the AP for permission to send it. The AP then responds with a CTS (Clear to Send) message to all other stations within its range to notify them to defer their transmission. It also reserves and confirms with the requesting station the time frame for the requested transmission.

Stations can send frames smaller than the specified RTS/CTS directly to the AP without the RTS (Request To Send)/CTS (Clear to Send) handshake.

You should only configure RTS/CTS if the possibility of hidden nodes exists on your network and the “cost” of resending large frames is more than the extra network overhead involved in the RTS (Request To Send)/CTS (Clear to Send) handshake.

If the RTS/CTS value is greater than the Fragmentation Threshold value (see next), then the RTS (Request To Send)/CTS (Clear to Send) handshake will never occur as data frames will be fragmented before they reach RTS/CTS size.

Enabling the RTS Threshold causes redundant network overhead that could negatively affect the throughput performance instead of providing a remedy.

7.2.2 Fragmentation Threshold

A Fragmentation Threshold is the maximum data fragment size (between 256 and 2432 bytes) that can be sent in the wireless network before the Prestige will fragment the packet into smaller data frames.

7-4 Wireless Configuration and Roaming

Prestige 334W User’s Guide

A large Fragmentation Threshold is recommended for networks not prone to interference while you should set a smaller threshold for busy networks or networks that are prone to interference.

If the Fragmentation Threshold value is smaller than the RTS/CTS value (see previously) you set, then the RTS (Request To Send)/CTS (Clear to Send) handshake will never occur as data frames will be fragmented before they reach RTS/CTS size.

7.3 Configuring Wireless

If you are configuring the Prestige from a computer connected to the wireless LAN

and you change the Prestige’s ESSID or WEP settings, you will lose your wireless

connection when you press Apply to confirm. You must then change the wireless

settings of your computer to match the Prestige’s new settings.

Click the WIRELESS link under ADVANCED to open the Wireless screen.

Figure 7-5 Wireless

The following table describes the general wireless LAN labels in this screen.

Table 7-1 Wireless

LABEL DESCRIPTION

Enable Wireless LAN

Click the check box to activate wireless LAN.

Wireless Configuration and Roaming 7-5

Prestige 334W User’s Guide

Table 7-1 Wireless

LABEL DESCRIPTION

ESSID (Extended Service Set IDentity) The ESSID identifies the Service Set with which a

wireless station is associated. Wireless stations associating to the access point (AP) must have the same ESSID. Enter a descriptive name (up to 32 printable 7-bit ASCII characters) for the wireless LAN.

If you are configuring the Prestige from a computer connected to

the wireless LAN and you change the Prestige’s ESSID or WEP settings, you will lose your wireless connection when you press Apply to confirm. You must then change the wireless settings of

your computer to match the Prestige’s new settings.

Hide ESSID Select this check box to hide the ESSID in the outgoing beacon frame so a station cannot

obtain the ESSID through passive scanning using a site survey tool.

Choose Channel ID

RTS/CTS Threshold

Fragmentation Threshold

Apply

Reset

Set the operating frequency/channel depending on your particular region.

Select a channel from the drop-down list box.

Refer to the Wizard Setup chapter for more information on channels.

Enter a value between 0 and 2432. The default is 2432.

Enter a value between 256 and 2432. The default is 2432. It is the maximum data fragment size that can be sent.

Click Apply to save your changes back to the Prestige.

Click Reset to reload the previous configuration for this screen.

See the Wireless Security chapter for information on the other labels in this screen.

7.4 Configuring Roaming

A wireless station is a device with an IEEE 802.11mode compliant wireless adapter. An access point (AP) acts as a bridge between the wireless and wired networks. An AP creates its own wireless coverage area. A wireless station can associate with a particular access point only if it is within the access point’s coverage area.

In a network environment with multiple access points, wireless stations are able to switch from one access point to another as they move between the coverage areas. This is roaming. As the wireless station moves from place to place, it is responsible for choosing the most appropriate access point depending on the signal strength, network utilization or other factors.

7-6 Wireless Configuration and Roaming

Prestige 334W User’s Guide

The roaming feature on the access points allows the access points to relay information about the wireless stations to each other. When a wireless station moves from a coverage area to another, it scans and uses the channel of a new access point, which then informs the access points on the LAN about the change. The new information is then propagated to the other access points on the LAN. An example is shown in Figure 7-6.

If the roaming feature is not enabled on the access points, information is not communicated between the access points when a wireless station moves between coverage areas. The wireless station may not be able to communicate with other wireless stations on the network and vice versa.

Figure 7-6 Roaming Example

The steps below describe the roaming process.

Step 1. As wireless station Y moves from the coverage area of access point P1 to that of access point

P2, it scans and uses the signal of access point P2.

Step 2. Access point P2 acknowledges the presence of wireless station Y and relays this information to

access point P1 through the wired LAN.

Step 3. Access point P1 updates the new position of wireless station. Step 4. Wireless station Y sends a request to access point P2 for re-authentication.

Wireless Configuration and Roaming 7-7

Prestige 334W User’s Guide

7.4.1 Requirements for Roaming

The following requirements must be met in order for wireless stations to roam between the coverage areas.

1. All the access points must be on the same subnet and configured with the same ESSID.

2. If IEEE 802.1x user authentication is enabled and to be done locally on the access point, the new access point must have the user profile for the wireless station.

3. The adjacent access points should use different radio channels when their coverage areas overlap.

4. All access points must use the same port number to relay roaming information.

5. The access points must be connected to the Ethernet and be able to get IP addresses from a DHCP server if using dynamic IP address assignment.

To enable roaming on your Prestige, click the WIRELESS link under ADVANCED and then the Roaming tab. The screen appears as shown.

Figure 7-7 Roaming

The following table describes the labels in this screen.

Table 7-2 Roaming

LABEL DESCRIPTION

Active

Select Yes from the drop-down list box to enable roaming on the Prestige if you have two or more Prestiges on the same subnet.

All APs on the same subnet and the wireless stations must have

the same ESSID to allow roaming.

7-8 Wireless Configuration and Roaming

Prestige 334W User’s Guide

Table 7-2 Roaming

LABEL DESCRIPTION

Port Enter the port number to communicate roaming information between APs. The port

number must be the same on all APs. The default is 3517. Make sure this port is not used by other services.

Apply

Reset

Click Apply to save your changes back to the Prestige.

Click Reset to reload the previous configuration for this screen.

Wireless Configuration and Roaming 7-9

Prestige 334W User’s Guide

Chapter 8

Wireless Security

This Chapter describes how to use the MAC Filter, 802.1x, Local User Database and RADIUS to

configure wireless security on your Prestige.

8.1 Wireless Security Overview

Wireless security is vital to your network to protect wireless communication between wireless stations, access points and the wired network.

The figure below shows the possible wireless security levels on your Prestige. EAP (Extensible Authentication Protocol) is used for authentication and utilizes dynamic WEP key exchange. It requires interaction with a RADIUS (Remote Authentication Dial-In User Service) server either on the WAN or your LAN to provide authentication service for wireless stations.

Figure 8-1 Prestige Wireless Security Levels

If you do not enable any wireless security on your Prestige, your network is accessible to any wireless networking device that is within range.

Select No Security to allow wireless stations to communicate with the access points without any data encryption.

Wireless Security 8-1

Prestige 334W User’s Guide

Figure 8-2 Wireless: No Security

The following table describes the labels in this screen.

Table 8-1 Wireless: No Security

LABEL DESCRIPTION

Security Choose from one of the security features listed in the drop-down box.

 No Security

 Static WEP

 WPA-PSK

 WPA

 802.1x + Dynamic WEP

 802.1x + Static WEP

 802.1x + No WEP

Preamble

Select a preamble type from the drop-down list menu. Choices are Long, Short and Dynamic. The default setting is Long.

See the section on preamble for more information.

8-2 Wireless Security

ZyXEL Communications P-334W User Manual

Specifications and Main Features

Frequently Asked Questions

User Manual