ZyXEL Communications P-335WT User Manual

Download

P-335

Firewall Router with Print Server

P-335WT

802.11g Wireless Firewall Router with Print Server

User’s Guide

Version 3.60

4/2005

P-335 Series User’s Guide

Copyright

The contents of this publication may not be reproduced in any part or as a whole, transcribed, stored in a retrieval system, translated into any language, or transmitted in any form or by any means, electronic, mechanical, magnetic, optical, chemical, photocopying, manual, or otherwise, without the prior written permission of ZyXEL Communications Corporation.

Disclaimer

ZyXEL does not assume any liability arising out of the application or use of any products, or software described herein. Neither does it convey any license under its patent rights nor the patent rights of others. ZyXEL further reserves the right to make changes in any products described herein without notice. This publication is subject to change without notice.

Trademarks

ZyNOS (ZyXEL Network Operating System) is a registered trademark of ZyXEL Communications, Inc. Other trademarks mentioned in this publication are used for identification purposes only and may be properties of their respective owners.

P-335 Series User’s Guide

Federal Communications

Commission (FCC) Interference

Statement

This device complies with Part 15 of FCC rules. Operation is subject to the following two conditions:

• This device may not cause harmful interference.

• This device must accept any interference received, including interference that may cause undesired operations.

This equipment has been tested and found to comply with the limits for a Class B digital device pursuant to Part 15 of the FCC Rules. These limits are designed to provide reasonable protection against harmful interference in a commercial environment. This equipment generates, uses, and can radiate radio frequency energy, and if not installed and used in accordance with the instructions, may cause harmful interference to radio communications.

If this equipment does cause harmful interference to radio/television reception, which can be determined by turning the equipment off and on, the user is encouraged to try to correct the interference by one or more of the following measures:

• Reorient or relocate the receiving antenna.

• Increase the separation between the equipment and the receiver.

• Connect the equipment into an outlet on a circuit different from that to which the receiver is connected.

• Consult the dealer or an experienced radio/TV technician for help.

Notice 1

Changes or modifications not expressly approved by the party responsible for compliance could void the user's authority to operate the equipment.

Certifications

Go to www.zyxel.com

1 Select your product from the drop-down list box on the ZyXEL home page to go to that

product's page.

2 Select the certification you wish to view from this page

4 Federal Communications Commission (FCC) Interference Statement

P-335 Series User’s Guide

Federal Communications Commission (FCC) Interference Statement 5

P-335 Series User’s Guide

ZyXEL warrants to the original end user (purchaser) that this product is free from any defects in materials or workmanship for a period of up to two years from the date of purchase. During the warranty period, and upon proof of purchase, should the product have indications of failure due to faulty workmanship and/or materials, ZyXEL will, at its discretion, repair or replace the defective products or components without charge for either parts or labor, and to whatever extent it shall deem necessary to restore the product or components to proper operating condition. Any replacement will consist of a new or re-manufactured functionally equivalent product of equal value, and will be solely at the discretion of ZyXEL. This warranty shall not apply if the product is modified, misused, tampered with, damaged by an act of God, or subjected to abnormal working conditions.

Note

Repair or replacement, as provided under this warranty, is the exclusive remedy of the purchaser. This warranty is in lieu of all other warranties, express or implied, including any implied warranty of merchantability or fitness for a particular use or purpose. ZyXEL shall in no event be held liable for indirect or consequential damages of any kind of character to the purchaser.

ZyXEL Limited Warranty

To obtain the services of this warranty, contact ZyXEL's Service Center for your Return Material Authorization number (RMA). Products must be returned Postage Prepaid. It is recommended that the unit be insured when shipped. Any returned products without proof of purchase or those with an out-dated warranty will be repaired or replaced (at the discretion of ZyXEL) and the customer will be billed for parts and labor. All repaired or replaced products will be shipped by ZyXEL to the corresponding return address, Postage Paid. This warranty gives you specific legal rights, and you may also have other rights that vary from country to country.

Safety Warnings

1 To reduce the risk of fire, use only No. 26 AWG or larger telephone wire.

2 Do not use this product near water, for example, in a wet basement or near a swimming

pool.

3 Avoid using this product during an electrical storm. There may be a remote risk of

electric shock from lightening.

This product has been designed for the WLAN 2.4 GHz network throughout the EC region and Switzerland, with restrictions in France.

6 ZyXEL Limited Warranty

P-335 Series User’s Guide

Customer Support

Please have the following information ready when you contact customer support.

• Product model and serial number.

• Warranty Information.

• Date that you received your device.

• Brief description of the problem and the steps you took to solve it.

METHOD

LOCATION

CORPORATE HEADQUARTERS (WORLDWIDE)

CZECH REPUBLIC

DENMARK

FINLAND

FRANCE

GERMANY

NORTH AMERICA

NORWAY

SPAIN

SWEDEN

SUPPORT E-MAIL TELEPHONE

SALES E-MAIL FAX FTP SITE

support@zyxel.com.tw +886-3-578-3942 www.zyxel.com

sales@zyxel.com.tw +886-3-578-2439 ftp.zyxel.com

info@cz.zyxel.com +420 241 091 350 www.zyxel.cz ZyXEL Communications

info@cz.zyxel.com +420 241 091 359

support@zyxel.dk +45 39 55 07 00 www.zyxel.dk Z y X E L C o m m u n i c a t i o n s A / S

sales@zyxel.dk +45 39 55 07 07

support@zyxel.fi +358-9-4780-8411 www.zyxel.fi Z y X EL C o m m un i c a t i on s O y

sales@zyxel.fi +358-9-4780 8448

info@zyxel.fr +33 (0)4 72 52 97 97 www.zyxel.fr Z y XE L Fr a nc e

+33 (0)4 72 52 19 20

support@zyxel.de +49-2405-6909-0 www.zyxel.de ZyXEL Deutschland GmbH.

sales@zyxel.de +49-2405-6909-99

support@zyxel.com +1-800-255-4101

+1-714-632-0882

sales@zyxel.com +1-714-632-0858 ftp.us.zyxel.com

support@zyxel.no +47 22 80 61 80 www.zyxel.no Z y X E L C o m m u n i c a t i o n s A / S

sales@zyxel.no +47 22 80 61 81

support@zyxel.es +34 902 195 420 www.zyxel.es Z y X E L C o m m u ni c a t i o n s

sales@zyxel.es +34 913 005 345

support@zyxel.se +46 31 744 7700 www.zyxel.se Z y X E L C o m m u n ic at i on s A/ S

sales@zyxel.se +46 31 744 7701

WEB SITE

www.europe.zyxel.com

ftp.europe.zyxel.com

www.us.zyxel.com ZyXEL Communications Inc.

REGULAR MAIL

ZyXEL Communications Corp. 6 Innovation Road II

Sc ien ce P ar k Hsinchu 300 Ta iw a n

Czech s.r.o. Modranská 621 143 01 Praha 4 - Modrany Ceská Republika

Col um bu sv ej 5 2860 Soeborg Denmark

Mal mi nk aa ri 10 00700 Helsinki Finland

1 ru e d e s V er ge r s Ba t. 1 / C 69760 Limonest France

Adenauerstr. 20/A2 D-52146 Wuerselen Germany

1130 N. Miller St. Anaheim

CA 92806-2001 U.S.A.

Ni ls H ans en s ve i 13 0667 Oslo Norway

Alejandro Villegas 33 1º, 28043 Madrid Spain

Sjöporten 4, 41764 Göteborg Sweden

Customer Support 7

P-335 Series User’s Guide

METHOD

LOCATION

UNITED KINGDOM

SUPPORT E-MAIL TELEPHONE

SALES E-MAIL FAX FTP SITE

technical@zyxel.co.uk +44 (0) 8702 909090 www.zyxel.co.uk ZyXEL Communications UK

sales@zyxel.co.uk +44 (0) 8702 909091 ftp.zyxel.co.uk

WEB SITE

a. “+” is the (prefix) number you enter to make an international telephone call.

•

REGULAR MAIL

Ltd.,11, The Courtyard, Eastern Road, Bracknell, Berkshire, RG12 2XB, United Kingdom (UK)

8 Customer Support

P-335 Series User’s Guide

Copyright .................................................................................................................. 3

Federal Communications Commission (FCC) Interference Statement ............... 4

ZyXEL Limited Warranty.......................................................................................... 6

Customer Support.................................................................................................... 7

Preface .................................................................................................................... 39

Chapter 1

Getting to Know Your Prestige ............................................................................. 43

1.1 Prestige Internet Security Gateway Overview ....................................................43

1.2 Prestige Features ...............................................................................................43

1.2.1 Physical Features .....................................................................................43

1.2.1.1 USB Port .........................................................................................43

1.2.1.2 OTIST Button (P-335WT only) ........................................................43

1.2.1.3 10/100M Auto-negotiating Ethernet/Fast Ethernet Interface(s) .......43

1.2.1.4 Auto-crossover 10/100 Mbps Ethernet Interface(s) .........................44

1.2.1.5 4-Port Switch ...................................................................................44

1.2.1.6 Time and Date .................................................................................44

1.2.1.7 Reset Button ...................................................................................44

1.2.2 Non-Physical Features .............................................................................44

1.2.2.1 Print Server .....................................................................................44

1.2.2.2 OTIST (P-335WT only) ...................................................................44

1.2.2.3 Media Bandwidth Management .......................................................44

1.2.2.4 Trend Micro Security Services ........................................................44

1.2.2.5 IPSec VPN Capability ......................................................................45

1.2.2.6 Firewall ............................................................................................45

1.2.2.7 IEEE 802.1x Network Security (P-335WT only) ..............................45

1.2.2.8 Content Filtering ..............................................................................45

1.2.2.9 Brute-Force Password Guessing Protection ...................................45

1.2.2.10 802.11b Wireless LAN Standard (P-335WT only) .........................45

1.2.2.11 802.11g Wireless LAN Standard (P-335WT only) .........................46

1.2.2.12 Packet Filtering .............................................................................46

1.2.2.13 Universal Plug and Play (UPnP) ...................................................46

1.2.2.14 Call Scheduling .............................................................................46

Table of Contents 9

P-335 Series User’s Guide

1.3 Applications for the Prestige ..............................................................................49

1.3.1 Print Server Application ............................................................................49

1.3.2 Secure Broadband Internet Access via Cable or DSL Modem .................49

1.3.3 VPN Application ........................................................................................50

1.3.4 Wireless LAN Application (P-335WT only) ...............................................50

1.2.2.15 PPPoE ...........................................................................................46

1.2.2.16 PPTP Encapsulation .....................................................................46

1.2.2.17 Dynamic DNS Support ..................................................................47

1.2.2.18 IP Multicast ....................................................................................47

1.2.2.19 IP Alias ..........................................................................................47

1.2.2.20 SNMP ............................................................................................47

1.2.2.21 Network Address Translation (NAT) ..............................................47

1.2.2.22 Traffic Redirect ..............................................................................47

1.2.2.23 Port Forwarding .............................................................................47

1.2.2.24 DHCP (Dynamic Host Configuration Protocol) ..............................48

1.2.2.25 Any IP ............................................................................................48

1.2.2.26 Full Network Management ............................................................48

1.2.2.27 RoadRunner Support ....................................................................48

1.2.2.28 Logging and Tracing ......................................................................48

1.2.2.29 Upgrade Prestige Firmware via LAN .............................................48

1.2.2.30 Embedded FTP and TFTP Servers ...............................................48

1.2.2.31 Wireless Association List (P-335WT only) ....................................48

1.2.2.32 Wireless LAN Channel Usage (P-335WT only) ............................49

Chapter 2

Introducing the Web Configurator........................................................................ 53

2.1 Web Configurator Overview ...............................................................................53

2.2 Accessing the Prestige Web Configurator .........................................................53

2.3 Resetting the Prestige ........................................................................................54

2.3.1 Procedure To Use The Reset Button ........................................................54

2.3.2 Navigating the Prestige Web Configurator ...............................................54

2.3.3 Navigation Panel .......................................................................................55

Chapter 3

Wizard Setup .......................................................................................................... 59

3.1 Wizard Setup Overview ......................................................................................59

3.2 Wizard Setup: General Setup and System Name ..............................................59

3.2.1 Domain Name ...........................................................................................59

3.3 Wizard Setup: Wireless LAN (P-335WT only) ....................................................60

3.3.1 Wizard Setup : Wireless LAN : Basic Security ..........................................61

3.3.2 Wizard Setup : Wireless LAN : Extended Security ...................................63

3.4 Wizard Setup : Wireless LAN : OTIST (P-335WT only) .....................................63

3.5 Wizard Setup : Internet Access ..........................................................................65

10 Table of Contents

P-335 Series User’s Guide

3.5.1 Ethernet ....................................................................................................65

3.5.2 PPPoE Encapsulation ...............................................................................66

3.5.3 PPTP Encapsulation .................................................................................67

3.6 Wizard Setup : WAN ..........................................................................................69

3.6.1 WAN IP Address Assignment ...................................................................69

3.6.2 IP Address and Subnet Mask ...................................................................69

3.6.3 DNS Server Address Assignment .............................................................70

3.6.4 WAN MAC Address ..................................................................................70

3.7 Wizard Setup : Complete ...................................................................................73

Chapter 4

Media Bandwidth Management Setup.................................................................. 75

4.1 Media Bandwidth Management Setup Overview ...............................................75

4.2 Media Bandwidth Management Setup ...............................................................75

4.3 Media Bandwidth Management Setup : Services ..............................................76

4.4 Media Bandwidth Management Setup : Service Priority ....................................77

4.5 Media Bandwidth Management Setup Complete ...............................................78

Chapter 5

System Screens ..................................................................................................... 79

5.1 System Overview ...............................................................................................79

5.2 Configuring General Setup .................................................................................79

5.3 Dynamic DNS .....................................................................................................81

5.3.1 DynDNS Wildcard .....................................................................................81

5.4 Configuring Dynamic DNS .................................................................................81

5.5 Configuring Password ........................................................................................83

5.6 Configuring Time Setting ....................................................................................83

Chapter 6

LAN Screens...........................................................................................................87

6.1 LAN Overview ....................................................................................................87

6.2 DHCP Setup .......................................................................................................87

6.2.1 IP Pool Setup ............................................................................................87

6.2.2 System DNS Servers ................................................................................87

6.3 LAN TCP/IP ........................................................................................................87

6.3.1 Factory LAN Defaults ................................................................................87

6.3.2 IP Address and Subnet Mask ...................................................................88

6.3.3 RIP Setup .................................................................................................88

6.3.4 Multicast ....................................................................................................88

6.4 Any IP .................................................................................................................89

6.4.1 How Any IP Works ....................................................................................90

6.5 Configuring IP ....................................................................................................90

6.6 Configuring Static DHCP ....................................................................................93

Table of Contents 11

P-335 Series User’s Guide

6.7 Configuring IP Alias ............................................................................................94

Chapter 7

Wireless LAN (P-335WT)........................................................................................ 97

7.1 Introduction ........................................................................................................97

7.2 Wireless Security Overview ...............................................................................97

7.2.1 Encryption .................................................................................................97

7.2.2 Authentication ...........................................................................................97

7.2.3 Restricted Access .....................................................................................98

7.2.4 Hide Prestige Identity ................................................................................98

7.2.5 G-plus .......................................................................................................98

7.2.6 Using OTIST .............................................................................................98

7.3 Configuring Wireless LAN on the Prestige .........................................................98

7.4 Configuring the Wireless Screen ........................................................................99

7.4.1 No Security .............................................................................................101

7.4.2 WEP Encryption ......................................................................................103

7.4.3 Configuring WEP Encryption ..................................................................103

7.4.4 Introduction to WPA ................................................................................105

7.4.5 WPA-PSK Application Example ..............................................................106

7.4.6 Configuring WPA-PSK Authentication ....................................................106

7.4.7 Wireless Client WPA Supplicants ...........................................................108

7.4.8 WPA with RADIUS Application Example ................................................108

7.4.9 Configuring WPA Authentication .............................................................109

7.4.10 802.1x Overview ...................................................................................112

7.4.11 Configuring 802.1x and Dynamic WEP Key Exchange ........................112

7.4.12 Configuring 802.1x and Static WEP Key Exchange .............................115

7.4.13 Configuring 802.1x ................................................................................ 118

7.5 MAC Filter ........................................................................................................121

7.6 Roaming ...........................................................................................................123

7.7 OTIST ...............................................................................................................124

7.7.1 Activating OTIST .....................................................................................125

7.7.2 OTIST button ..........................................................................................125

Chapter 8

WAN Screens........................................................................................................ 127

8.1 WAN Overview .................................................................................................127

8.2 TCP/IP Priority (Metric) ....................................................................................127

8.3 Configuring Route ............................................................................................127

8.4 Configuring WAN ISP .......................................................................................128

8.4.1 Ethernet Encapsulation ...........................................................................128

8.4.2 PPPoE Encapsulation .............................................................................129

8.4.3 PPTP Encapsulation ...............................................................................132

8.5 Configuring WAN IP .........................................................................................134

12 Table of Contents

P-335 Series User’s Guide

8.6 Configuring WAN MAC .....................................................................................137

8.7 Traffic Redirect .................................................................................................138

8.8 Configuring Traffic Redirect ..............................................................................139

Chapter 9

Network Address Translation (NAT) Screens.................................................... 143

9.1 NAT Overview ..................................................................................................143

9.1.1 NAT Definitions .......................................................................................143

9.1.2 What NAT Does ......................................................................................144

9.1.3 How NAT Works .....................................................................................144

9.1.4 NAT Application ......................................................................................145

9.1.5 NAT Mapping Types ...............................................................................145

9.2 Using NAT ........................................................................................................147

9.2.1 SUA (Single User Account) Versus NAT ................................................147

9.3 SUA Server ......................................................................................................147

9.3.1 Default Server IP Address ......................................................................147

9.3.2 Port Forwarding: Services and Port Numbers ........................................148

9.3.3 Configuring Servers Behind SUA (Example) ..........................................149

9.4 Configuring SUA Server ..................................................................................149

9.5 Configuring Address Mapping ..........................................................................151

9.5.1 Configuring Address Mapping ................................................................152

9.6 Trigger Port Forwarding ...................................................................................154

9.6.1 Trigger Port Forwarding Example ...........................................................154

9.6.2 Two Points To Remember About Trigger Ports .......................................155

9.7 Configuring Trigger Port Forwarding ................................................................155

Chapter 10

Static Route Screens ...........................................................................................157

10.1 Static Route Overview ....................................................................................157

10.2 Configuring IP Static Route ............................................................................157

10.2.1 Configuring Route Entry .......................................................................158

Chapter 11

UPnP...................................................................................................................... 161

11.1 Universal Plug and Play Overview ................................................................161

11.1.1 How Do I Know If I'm Using UPnP? ......................................................161

11.1.2 NAT Traversal .......................................................................................161

11.1.3 Cautions with UPnP ..............................................................................161

11.2 UPnP and ZyXEL ...........................................................................................162

11.3 Configuring UPnP ...........................................................................................162

11.4 Installing UPnP in Windows Example .............................................................163

11.4.1 Installing UPnP in Windows Me ............................................................164

11.4.2 Installing UPnP in Windows XP ............................................................165

Table of Contents 13

P-335 Series User’s Guide

11.5 Using UPnP in Windows XP Example ............................................................166

11.5.1 Auto-discover Your UPnP-enabled Network Device .............................167

11.5.2 Web Configurator Easy Access ............................................................168

11.5.3 Web Configurator Easy Access ............................................................169

Chapter 12

Trend Micro Security Services ............................................................................ 171

12.1 Trend Micro Security Services Overview .......................................................171

12.1.1 TMSS Web Page ..................................................................................171

12.2 Configuring TMSS on the Prestige .................................................................174

12.2.1 TMSS Service Settings .........................................................................175

12.3 Configuring Virus Protection ..........................................................................176

12.4 Parental Controls Configuration .....................................................................178

12.4.1 Parental Controls Statistics ...................................................................181

Chapter 13

Firewall..................................................................................................................183

13.1 Introduction ....................................................................................................183

13.1.1 What is a Firewall? ...............................................................................183

13.1.2 Stateful Inspection Firewall. ..................................................................183

13.1.3 About the Prestige Firewall ...................................................................183

13.1.4 Guidelines For Enhancing Security With Your Firewall ........................184

13.2 Firewall Settings Screen ................................................................................184

13.3 The Firewall, NAT and Remote Management ................................................186

13.3.1 LAN-to-WAN rules ................................................................................186

13.3.2 WAN-to-LAN rules ................................................................................187

13.4 Services ........................................................................................................187

Chapter 14

Content Filtering ................................................................................................. 191

14.1 Introduction to Content Filtering .....................................................................191

14.2 Restrict Web Features ...................................................................................191

14.3 Days and Times .............................................................................................191

14.4 Configure Content Filtering ............................................................................191

14.5 Customizing Keyword Blocking URL Checking ..............................................194

14.5.1 Domain Name or IP Address URL Checking ........................................194

14.5.2 Full Path URL Checking .......................................................................194

14.5.3 File Name URL Checking .....................................................................194

Chapter 15

Remote Management Screens ............................................................................ 197

15.1 Remote Management Overview .....................................................................197

15.1.1 Remote Management Limitations .........................................................197

14 Table of Contents

P-335 Series User’s Guide

15.1.2 Remote Management and NAT ............................................................198

15.1.3 System Timeout ...................................................................................198

15.2 Configuring WWW ..........................................................................................198

15.3 Configuring Telnet ..........................................................................................199

15.4 Configuring TELNET ......................................................................................200

15.5 Configuring FTP .............................................................................................201

15.6 SNMP .............................................................................................................202

15.6.1 Supported MIBs ....................................................................................203

15.6.2 SNMP Traps .........................................................................................203

15.6.3 Configuring SNMP ................................................................................203

15.7 Configuring DNS ............................................................................................205

15.8 Configuring Security .......................................................................................206

Chapter 16

Introduction to IPSec ........................................................................................... 209

16.1 VPN Overview ................................................................................................209

16.1.1 IPSec ....................................................................................................209

16.1.2 Security Association .............................................................................209

16.1.3 Other Terminology ................................................................................209

16.1.3.1 Encryption ...................................................................................209

16.1.3.2 Data Confidentiality .....................................................................210

16.1.3.3 Data Integrity ...............................................................................210

16.1.3.4 Data Origin Authentication ..........................................................210

16.1.4 VPN Applications ..................................................................................210

16.2 IPSec Architecture .........................................................................................210

16.2.1 IPSec Algorithms ..................................................................................211

16.2.2 Key Management .................................................................................. 211

16.3 Encapsulation .................................................................................................211

16.3.1 Transport Mode ....................................................................................212

16.3.2 Tunnel Mode .........................................................................................212

16.4 IPSec and NAT ...............................................................................................212

Chapter 17

VPN Screens.......................................................................................................215

17.1 VPN/IPSec Overview .....................................................................................215

17.2 IPSec Algorithms ............................................................................................215

17.2.1 AH (Authentication Header) Protocol ....................................................215

17.2.2 ESP (Encapsulating Security Payload) Protocol ..................................215

17.3 My IP Address ................................................................................................216

17.4 Secure Gateway Address ..............................................................................216

17.4.1 Dynamic Secure Gateway Address ......................................................217

17.5 Summary Screen ...........................................................................................217

17.6 Keep Alive ......................................................................................................219

Table of Contents 15

P-335 Series User’s Guide

17.7 NAT Traversal ................................................................................................219

17.7.1 NAT Traversal Configuration .................................................................219

17.7.2 Remote DNS Server .............................................................................220

17.8 ID Type and Content ......................................................................................221

17.8.1 ID Type and Content Examples ............................................................222

17.9 Pre-Shared Key ..............................................................................................222

17.10 Editing VPN Rules ........................................................................................223

17.11 IKE Phases ..................................................................................................226

17.11.1 Negotiation Mode ................................................................................227

17.11.2 Diffie-Hellman (DH) Key Groups .........................................................228

17.11.3 Perfect Forward Secrecy (PFS) ..........................................................228

17.12 Configuring Advanced IKE Settings .............................................................228

17.13 Manual Key Setup ........................................................................................233

17.13.1 Security Parameter Index (SPI) ..........................................................234

17.14 Configuring Manual Key ...............................................................................234

17.15 Viewing SA Monitor ......................................................................................237

17.16 Configuring Global Setting ...........................................................................238

17.17 Telecommuter VPN/IPSec Examples ...........................................................239

17.17.1 Telecommuters Sharing One VPN Rule Example ..............................239

17.17.2 Telecommuters Using Unique VPN Rules Example ...........................240

17.18 VPN and Remote Management ...................................................................241

Chapter 18

Centralized Logs ..................................................................................................243

18.1 View Log ........................................................................................................243

18.2 Log Settings ...................................................................................................244

Chapter 19

Print Server...........................................................................................................249

19.1 Print Server Overview ....................................................................................249

19.2 Prestige Print Server ......................................................................................249

19.2.1 Installation Requirements .....................................................................249

19.3 Prestige Print Server Configuration ................................................................250

Chapter 20

Media Bandwidth Management........................................................................... 251

20.1 Media Bandwidth Management Overview ......................................................251

20.1.1 Application-based Bandwidth Management Example ..........................251

20.1.2 Subnet-based Bandwidth Management Example .................................252

20.1.3 Application and Subnet-based Bandwidth Management Example .......252

20.1.4 Bandwidth Usage Example ...................................................................253

20.1.5 Bandwidth Management Priorities ........................................................255

20.1.6 Bandwidth Management Services ........................................................255

16 Table of Contents

P-335 Series User’s Guide

20.1.6.1 Xbox Live ....................................................................................255

20.1.6.2 VoIP (SIP) ..................................................................................256

20.1.6.3 FTP .............................................................................................256

20.1.6.4 E-Mail ..........................................................................................256

20.1.6.5 eMule/eDonkey ...........................................................................256

20.1.6.6 WWW ..........................................................................................256

20.1.7 Services ................................................................................................257

20.2 Media Bandwidth Management Configuration Screen ...................................258

20.3 Editing Bandwidth Management Rules ..........................................................260

20.3.1 Bandwidth Borrowing ...........................................................................260

20.4 Configuring Bandwidth Management Rules and Services .............................261

20.5 Monitor Screen ...............................................................................................262

Chapter 21

Maintenance ......................................................................................................... 265

21.1 Maintenance Overview ...................................................................................265

21.2 Status Screen .................................................................................................265

21.2.1 System Statistics ...................................................................................267

21.3 DHCP Table Screen .......................................................................................267

21.4 Any IP Table ...................................................................................................268

21.5 Association List ..............................................................................................269

21.6 F/W Upload Screen ........................................................................................270

21.7 Configuration Screen .....................................................................................273

21.7.1 Backup Configuration ...........................................................................274

21.7.2 Restore Configuration ..........................................................................275

21.7.3 Back to Factory Defaults .......................................................................276

21.8 Restart Screen ...............................................................................................276

Chapter 22

Introducing the SMT ............................................................................................279

22.1 SMT Introduction ............................................................................................279

22.1.1 Procedure for SMT Configuration via Telnet .........................................279

22.1.2 Entering Password ................................................................................279

22.1.3 Prestige SMT Menu Overview ..............................................................280

22.2 Navigating the SMT Interface .........................................................................281

22.2.1 System Management Terminal Interface Summary ..............................282

22.3 Changing the System Password ....................................................................283

Chapter 23

Menu 1 General Setup ......................................................................................... 285

23.1 General Setup ................................................................................................285

23.2 Procedure To Configure Menu 1 ....................................................................285

23.2.1 Procedure to Configure Dynamic DNS .................................................287

Table of Contents 17

P-335 Series User’s Guide

Chapter 24

Menu 2 WAN Setup ..............................................................................................289

24.1 Introduction to WAN .......................................................................................289

24.2 WAN Setup .....................................................................................................289

Chapter 25

Menu 3 LAN Setup ...............................................................................................291

25.1 LAN Setup ......................................................................................................291

25.1.1 General Ethernet Setup ........................................................................291

25.2 Protocol Dependent Ethernet Setup ..............................................................292

25.3 TCP/IP Ethernet Setup and DHCP ................................................................292

25.3.1 IP Alias Setup .......................................................................................294

25.4 Wireless LAN Setup (P-335WT only) .............................................................295

25.4.1 Configuring MAC Address Filter ...........................................................297

25.4.2 Configuring Roaming on the Prestige ...................................................299

Chapter 26

Internet Access .................................................................................................... 301

26.1 Introduction to Internet Access Setup ............................................................301

26.2 Ethernet Encapsulation ..................................................................................301

26.3 Configuring the PPTP Client ..........................................................................303

26.4 Configuring the PPPoE Client ........................................................................303

26.5 Basic Setup Complete ....................................................................................304

Chapter 27

Remote Node Configuration ...............................................................................305

27.1 Introduction to Remote Node Setup ...............................................................305

27.2 Remote Node Profile Setup ...........................................................................305

27.2.1 Ethernet Encapsulation .........................................................................305

27.2.2 PPPoE Encapsulation ...........................................................................307

27.2.2.1 Outgoing Authentication Protocol ................................................307

27.2.2.2 Nailed-Up Connection .................................................................308

27.2.3 PPTP Encapsulation .............................................................................308

27.3 Edit IP .............................................................................................................309

27.4 Remote Node Filter ........................................................................................311

27.4.1 Traffic Redirect Setup ...........................................................................312

Chapter 28

Static Route Setup ...............................................................................................315

28.1 IP Static Route Setup .....................................................................................315

18 Table of Contents

P-335 Series User’s Guide

Chapter 29

Network Address Translation (NAT)................................................................... 317

29.1 Using NAT ......................................................................................................317

29.1.1 SUA (Single User Account) Versus NAT ..............................................317

29.2 Applying NAT .................................................................................................317

29.3 NAT Setup ......................................................................................................319

29.3.1 Address Mapping Sets ..........................................................................320

29.3.1.1 User-Defined Address Mapping Sets ..........................................321

29.3.1.2 Ordering Your Rules ....................................................................322

29.4 Configuring a Server behind NAT ..................................................................324

29.5 General NAT Examples ..................................................................................325

29.5.1 Example 1: Internet Access Only ..........................................................325

29.5.2 Example 2: Internet Access with an Inside Server ...............................326

29.5.3 Example 3: Multiple Public IP Addresses With Inside Servers .............327

29.5.4 Example 4: NAT Unfriendly Application Programs ...............................330

29.6 Configuring Trigger Port Forwarding .............................................................331

Chapter 30

Enabling the Firewall ........................................................................................... 333

30.1 Remote Management and the Firewall ..........................................................333

30.2 Access Methods .............................................................................................333

30.3 Enabling the Firewall ......................................................................................333

Chapter 31

Filter Configuration..............................................................................................335

31.1 Introduction to Filters ......................................................................................335

31.1.1 The Filter Structure of the Prestige .......................................................336

31.2 Configuring a Filter Set ..................................................................................337

31.2.1 Configuring a Filter Rule .......................................................................338

31.2.2 Configuring a TCP/IP Filter Rule ..........................................................339

31.2.3 Configuring a Generic Filter Rule .........................................................341

31.3 Example Filter ................................................................................................343

31.4 Filter Types and NAT ......................................................................................345

31.5 Firewall Versus Filters ....................................................................................346

31.6 Applying a Filter ............................................................................................346

31.6.1 Applying LAN Filters .............................................................................346

31.6.2 Applying Remote Node Filters ..............................................................347

Chapter 32

SNMP Configuration ............................................................................................349

32.1 About SNMP ..................................................................................................349

32.2 Supported MIBs ............................................................................................350

32.3 SNMP Configuration ......................................................................................350

Table of Contents 19

P-335 Series User’s Guide

32.4 SNMP Traps ...................................................................................................351

Chapter 33

System Security ...................................................................................................353

33.1 System Security .............................................................................................353

33.1.1 System Password .................................................................................353

33.1.2 Configuring External RADIUS Server ...................................................353

33.1.3 802.1x ...................................................................................................355

Chapter 34

System Information and Diagnosis .................................................................... 359

34.1 System Status ................................................................................................359

34.2 System Information ........................................................................................361

34.2.1 System Information ...............................................................................361

34.2.2 Console Port Speed ..............................................................................362

34.3 Log and Trace ................................................................................................362

34.3.1 Syslog Logging .....................................................................................362

34.3.2 Call-Triggering Packet ..........................................................................367

34.4 Diagnostic ......................................................................................................368

34.4.1 WAN DHCP ..........................................................................................369

34.3.1.1 CDR ............................................................................................364

34.3.1.2 Packet triggered ..........................................................................366

34.3.1.3 Filter log .....................................................................................366

34.3.1.4 PPP log ......................................................................................366

34.3.1.5 Firewall log ..................................................................................367

Chapter 35

Firmware and Configuration File Maintenance ................................................. 371

35.1 Filename Conventions ...................................................................................371

35.2 Backup Configuration .....................................................................................372

35.2.1 Backup Configuration ...........................................................................372

35.2.2 Using the FTP Command from the Command Line ..............................373

35.2.3 Example of FTP Commands from the Command Line .........................374

35.2.4 GUI-based FTP Clients .........................................................................374

35.2.5 TFTP and FTP over WAN Management Limitations .............................374

35.2.6 Backup Configuration Using TFTP .......................................................375

35.2.7 TFTP Command Example ....................................................................375

35.2.8 GUI-based TFTP Clients ......................................................................376

35.3 Restore Configuration ....................................................................................376

35.3.1 Restore Using FTP ...............................................................................376

35.3.2 Restore Using FTP Session Example ..................................................378

35.4 Uploading Firmware and Configuration Files .................................................378

35.4.1 Firmware File Upload ............................................................................378

20 Table of Contents

P-335 Series User’s Guide

35.4.2 Configuration File Upload .....................................................................379

35.4.3 FTP File Upload Command from the DOS Prompt Example ................379

35.4.4 FTP Session Example of Firmware File Upload ...................................380

35.4.5 TFTP File Upload ..................................................................................380

35.4.6 TFTP Upload Command Example ........................................................381

Chapter 36

System Maintenance............................................................................................ 383

36.1 Command Interpreter Mode ...........................................................................383

36.1.1 Command Syntax .................................................................................383

36.1.2 Command Usage ..................................................................................384

36.2 Call Control Support .......................................................................................384

36.2.1 Budget Management ............................................................................384

36.2.2 Call History ...........................................................................................385

36.3 Time and Date Setting ....................................................................................386

36.3.1 Resetting the Time ................................................................................388

Chapter 37

Remote Management ........................................................................................... 389

37.1 Remote Management .....................................................................................389

37.1.1 Remote Management Limitations .........................................................390

Chapter 38

Call Scheduling ....................................................................................................393

38.1 Introduction to Call Scheduling ......................................................................393

Chapter 39

VPN/IPSec Setup .................................................................................................. 397

39.1 VPN/IPSec Overview .....................................................................................397

39.2 IPSec Summary Screen .................................................................................398

39.3 IKE Setup .......................................................................................................404

39.4 Manual Setup .................................................................................................406

39.4.1 Active Protocol ......................................................................................407

39.4.2 Security Parameter Index (SPI) ............................................................407

Chapter 40

SA Monitor ............................................................................................................ 409

40.1 SA Monitor Overview .....................................................................................409

40.2 Using SA Monitor ...........................................................................................409

Chapter 41

Troubleshooting ...................................................................................................413

41.1 Problems Starting Up the Prestige .................................................................413

Table of Contents 21

P-335 Series User’s Guide

41.2 Problems with the LAN ...................................................................................413

41.3 Problems with the WAN .................................................................................414

41.4 Problems Accessing the Prestige ..................................................................415

41.5 Problems with Restricted Web Pages and Keyword Blocking .......................415

41.5.1 Pop-up Windows, JavaScripts and Java Permissions ..........................416

41.5.2 ActiveX Controls in Internet Explorer ....................................................424

41.5.1.1 Internet Explorer Pop-up Blockers ..............................................417

41.5.1.2 JavaScripts ..................................................................................420

41.5.1.3 Java Permissions ........................................................................422

22 Table of Contents

P-335 Series User’s Guide

Table of Contents 23

P-335 Series User’s Guide

24 Table of Contents

P-335 Series User’s Guide

List of Figures

Figure 1 Prestige Print Server Application .......................................................................... 49

Figure 2 Secure Internet Access via Cable, DSL or Wireless Modem ................................ 50

Figure 3 VPN Application .................................................................................................... 50

Figure 4 Internet Access Application Example .................................................................... 51

Figure 5 Change Password Screen .................................................................................... 54

Figure 6 The MAIN MENU Screen of the Web Configurator ............................................... 55

Figure 7 Wizard Setup : General ......................................................................................... 60

Figure 8 Wizard Setup : Wireless LAN ................................................................................ 60

Figure 9 Wizard Setup : Wireless LAN : Basic Security ...................................................... 62

Figure 10 Wizard Setup : Wireless LAN : Extended Security ............................................. 63

Figure 11 Wizard Setup : Wireless LAN : OTIST ................................................................ 64

Figure 12 Wizard Setup : Internet Access : Ethernet Encapsulation .................................. 65

Figure 13 Wizard Setup : Internet Access : PPPoE Encapsulation .................................... 67

Figure 14 Wizard Setup : Internet Access : PPTP Encapsulation ....................................... 68

Figure 15 Wizard Setup : WAN ........................................................................................... 71

Figure 16 Wizard Setup : WAN IP and DNS Server Address Assignment .......................... 72

Figure 17 Wizard Setup : WAN MAC Address .................................................................... 73

Figure 18 Wizard Setup : Complete .................................................................................... 74

Figure 19 Media Bandwidth Management Setup ............................................................... 76

Figure 20 Media Bandwidth Management Setup : Services ............................................... 77

Figure 21 Media Bandwidth Management Setup : Service Priority ..................................... 78

Figure 22 Media Bandwidth Management Setup : Complete .............................................. 78

Figure 23 System General Setup ....................................................................................... 80

Figure 24 DDNS .................................................................................................................. 82

Figure 25 Password ............................................................................................................ 83

Figure 26 Time Setting ........................................................................................................ 84

Figure 27 Any IP Example Application ................................................................................ 89

Figure 28 LAN IP ................................................................................................................. 91

Figure 29 Static DHCP ........................................................................................................ 94

Figure 30 IP Alias ................................................................................................................ 95

Figure 31 Prestige Wireless Security Levels ....................................................................... 99

Figure 32 Wireless ............................................................................................................. 100

Figure 33 Wireless: No Security .......................................................................................... 102

Figure 34 Wireless: Static WEP Encryption ........................................................................ 104

Figure 35 WPA - PSK Authentication .................................................................................. 106

Figure 36 Wireless: WPA-PSK ............................................................................................ 107

List of Figures 25

P-335 Series User’s Guide

Figure 37 WPA with RADIUS Application Example ............................................................ 109

Figure 38 Wireless: WPA .................................................................................................... 110

Figure 39 Wireless: 802.1x and Dynamic WEP .................................................................. 113

Figure 40 Wireless: 802.1x and Static WEP ....................................................................... 116

Figure 41 Wireless: 802.1x ................................................................................................. 119

Figure 42 MAC Address Filter ............................................................................................. 122

Figure 43 Roaming ..............................................................................................................123

Figure 44 OTIST ................................................................................................................. 124

Figure 45 OTIST Start ......................................................................................................... 125

Figure 46 OTIST Process ................................................................................................... 125

Figure 47 WAN: Route ........................................................................................................ 128

Figure 48 Ethernet Encapsulation ....................................................................................... 129

Figure 49 PPPoE Encapsulation ......................................................................................... 131

Figure 50 PPTP Encapsulation ........................................................................................... 133

Figure 51 WAN: IP .............................................................................................................135

Figure 52 MAC Setup .......................................................................................................... 137

Figure 53 Traffic Redirect WAN Setup ................................................................................ 138

Figure 54 Traffic Redirect LAN Setup ................................................................................. 139

Figure 55 WAN: Traffic Redirect .......................................................................................... 140

Figure 56 How NAT Works .................................................................................................. 145

Figure 57 NAT Application With IP Alias ............................................................................. 145

Figure 58 Multiple Servers Behind NAT Example ............................................................... 149

Figure 59 SUA/NAT Setup .................................................................................................. 150

Figure 60 Address Mapping ................................................................................................ 151

Figure 61 Address Mapping Rule ........................................................................................ 153

Figure 62 Trigger Port Forwarding Process: Example ........................................................ 154

Figure 63 Trigger Port .........................................................................................................156

Figure 64 Example of Static Routing Topology ................................................................... 157

Figure 65 Static Route .........................................................................................................158

Figure 66 Static Route: Edit ................................................................................................ 159

Figure 67 Configuring UPnP ............................................................................................... 163

Figure 68 TMSS First Time Access ..................................................................................... 171

Figure 69 Download ActiveX to View TMSS Web Page ..................................................... 172

Figure 70 TMSS Web Page(Dashboard) ............................................................................ 172

Figure 71 TMSS Service Summary ..................................................................................... 172

Figure 72 TMSS 3 Steps ..................................................................................................... 173

Figure 73 TMSS Registration Form .................................................................................... 173

Figure 74 Example TMSS Activated Service Summary Screen ......................................... 174

Figure 75 Example TMSS Activated Parental Controls Screen .......................................... 174

Figure 76 TMSS Main Screen ............................................................................................. 174

Figure 77 TMSS Service Settings ....................................................................................... 175

Figure 78 Virus Protection ................................................................................................... 176

Figure 79 No Parental Controls License ............................................................................. 178

26 List of Figures

P-335 Series User’s Guide

Figure 80 Parental Controls ................................................................................................ 179

Figure 81 Parental Controls Statistics ................................................................................. 181

Figure 82 Firewall: Settings ................................................................................................. 185

Figure 83 Firewall Rule Directions ...................................................................................... 186

Figure 84 Firewall: Service .................................................................................................. 188

Figure 85 Content Filter ...................................................................................................... 192

Figure 86 Remote Management: WWW ............................................................................. 199

Figure 87 Telnet Configuration on a TCP/IP Network ......................................................... 200

Figure 88 Remote Management: Telnet .............................................................................. 200

Figure 89 Remote Management: FTP ................................................................................. 201

Figure 90 SNMP Management Model ................................................................................. 202

Figure 91 Remote Management: SNMP ............................................................................. 204

Figure 92 Remote Management: DNS ................................................................................ 205

Figure 93 Security ............................................................................................................... 206

Figure 94 Encryption and Decryption .................................................................................. 210

Figure 95 IPSec Architecture .............................................................................................. 211

Figure 96 Transport and Tunnel Mode IPSec Encapsulation .............................................. 212

Figure 97 IPSec Summary Fields ....................................................................................... 217

Figure 98 VPN: Summary ................................................................................................... 218

Figure 99 NAT Router Between IPSec Routers .................................................................. 219

Figure 100 VPN Host using Intranet DNS Server Example ................................................ 220

Figure 101 Mismatching ID Type and Content Configuration Example .............................. 222

Figure 102 VPN: Rule Setup (Basic) ................................................................................... 223

Figure 103 Two Phases to Set Up the IPSec SA ................................................................ 227

Figure 104 VPN IKE: Advanced .......................................................................................... 229

Figure 105 Setup: Manual ................................................................................................... 235

Figure 106 SA Monitor ........................................................................................................ 238

Figure 107 VPN: Global Setting .......................................................................................... 239

Figure 108 Telecommuters Sharing One VPN Rule Example ............................................. 240

Figure 109 Telecommuters Using Unique VPN Rules Example ......................................... 241

Figure 110 View Logs .......................................................................................................... 244

Figure 111 Log Settings ...................................................................................................... 246

Figure 112 Configuring Print Server Screen ....................................................................... 250

Figure 113 Application-based Bandwidth Management Example ....................................... 252

Figure 114 Subnet-based Bandwidth Management Example ............................................. 252

Figure 115 Application and Subnet-based Bandwidth Management Example .................... 253

Figure 116 Bandwidth Usage Example ............................................................................... 254

Figure 117 Maximize Bandwidth Usage Example ............................................................... 255

Figure 118 Bandwidth Management Configuration ............................................................. 259

Figure 119 Bandwidth Management Edit ............................................................................ 261

Figure 120 Bandwidth Management Monitor ...................................................................... 263

Figure 121 Maintenance Status .......................................................................................... 266

Figure 122 Maintenance System Statistics ......................................................................... 267

List of Figures 27

P-335 Series User’s Guide

Figure 123 Maintenance DHCP Table ................................................................................. 268

Figure 124 Maintenance Any IP .......................................................................................... 269

Figure 125 Maintenance Association List .......................................................................... 270

Figure 126 Maintenance Firmware Upload ......................................................................... 271

Figure 127 Upload Warning ................................................................................................ 272

Figure 128 Network Temporarily Disconnected .................................................................. 272

Figure 129 Upload Error Message ...................................................................................... 273

Figure 130 Maintenance Configuration ............................................................................... 274

Figure 131 Configuration Restore Successful ..................................................................... 275

Figure 132 Temporarily Disconnected ................................................................................. 276

Figure 133 Configuration Restore Error .............................................................................. 276

Figure 134 System Restart ................................................................................................. 277

Figure 135 Login Screen ..................................................................................................... 280

Figure 136 SMT Menu Overview ........................................................................................ 280

Figure 137 SMT Main Menu ................................................................................................ 282

Figure 138 Menu 23: System Security ................................................................................ 283

Figure 139 Menu 23 System Password .............................................................................. 283

Figure 140 Menu 1 General Setup. ..................................................................................... 286

Figure 141 Menu 1.1 Configure Dynamic DNS .................................................................. 287

Figure 142 Menu 2 WAN Setup .......................................................................................... 289

Figure 143 Menu 3 LAN Setup ............................................................................................ 291

Figure 144 Menu 3.1 LAN Port Filter Setup. ....................................................................... 291

Figure 145 Menu 3.2 TCP/IP and DHCP Ethernet Setup ................................................... 292

Figure 146 Physical Network & Partitioned Logical Networks ............................................ 294

Figure 147 Menu 3.2.1: IP Alias Setup ............................................................................... 294

Figure 148 Menu 3.5 Wireless LAN Setup .......................................................................... 296

Figure 149 Menu 3.5 Wireless LAN Setup ......................................................................... 298

Figure 150 Menu 3.5.1 WLAN MAC Address Filter ............................................................ 299

Figure 151 Menu 3.5 Wireless LAN Setup .......................................................................... 300

Figure 152 Menu 3.5.2 Roaming Configuration .................................................................. 300

Figure 153 Menu 4 Internet Access Setup .......................................................................... 301

Figure 154 Internet Access Setup (PPTP) ......................................................................... 303

Figure 155 Internet Access Setup (PPPoE) ........................................................................ 304

Figure 156 Menu 11.1 Remote Node Profile for Ethernet Encapsulation ............................ 306

Figure 157 Menu 11.1 Remote Node Profile for PPPoE Encapsulation .............................. 307

Figure 158 Menu 11.1 Remote Node Profile for PPTP Encapsulation ................................ 309

Figure 159 Menu 11.3 Remote Node Network Layer Options for Ethernet Encapsulation . 310

Figure 160 Menu 11.5: Remote Node Filter (Ethernet Encapsulation) ................................ 312

Figure 161 Menu 11.5: Remote Node Filter (PPPoE or PPTP Encapsulation) ................... 312

Figure 162 Menu 11.6: Traffic Redirect Setup .................................................................... 313

Figure 163 Menu 12 IP Static Route Setup ........................................................................ 315

Figure 164 Menu12.1 Edit IP Static Route .......................................................................... 315

Figure 165 Menu 4 Applying NAT for Internet Access ........................................................ 318

28 List of Figures

P-335 Series User’s Guide

Figure 166 Menu 11.3 Applying NAT to the Remote Node ................................................. 319

Figure 167 Menu 15 NAT Setup .......................................................................................... 320

Figure 168 Menu 15.1 Address Mapping Sets .................................................................... 320

Figure 169 Menu 15.1.255 SUA Address Mapping Rules ................................................. 320

Figure 170 Menu 15.1.1 First Set ........................................................................................ 322

Figure 171 Menu 15.1.1.1 Editing/Configuring an Individual Rule in a Set ......................... 323

Figure 172 Menu 15.2.1 NAT Server Setup ........................................................................ 324

Figure 173 Multiple Servers Behind NAT Example ............................................................. 325

Figure 174 NAT Example 1 ................................................................................................. 325

Figure 175 Menu 4 Internet Access & NAT Example ......................................................... 326

Figure 176 NAT Example 2 ................................................................................................. 326

Figure 177 Menu 15.2.1 Specifying an Inside Server ......................................................... 327

Figure 178 NAT Example 3 ................................................................................................. 328

Figure 179 NAT Example 3: Menu 11.3 .............................................................................. 328

Figure 180 Example 3: Menu 15.1.1.1 ............................................................................... 329

Figure 181 Example 3: Final Menu 15.1.1 .......................................................................... 329

Figure 182 Example 3: Menu 15.2 ...................................................................................... 330

Figure 183 NAT Example 4 ................................................................................................. 330

Figure 184 Example 4: Menu 15.1.1.1 Address Mapping Rule. .......................................... 331

Figure 185 Example 4: Menu 15.1.1 Address Mapping Rules ............................................ 331

Figure 186 Menu 15.3 Trigger Port Setup ........................................................................... 332

Figure 187 Menu 21.2 Firewall Setup ................................................................................. 334

Figure 188 Outgoing Packet Filtering Process .................................................................... 335

Figure 189 Filter Rule Process ............................................................................................ 336

Figure 190 Menu 21: Filter and Firewall Setup ................................................................... 337

Figure 191 Menu 21.1: Filter Set Configuration .................................................................. 337

Figure 192 Menu 21.1.1.1 TCP/IP Filter Rule. .................................................................... 339

Figure 193 Executing an IP Filter ........................................................................................ 341

Figure 194 Menu 21.1.4.1 Generic Filter Rule .................................................................... 342

Figure 195 Telnet Filter Example ........................................................................................ 343

Figure 196 Example Filter: Menu 21.1.3.1 .......................................................................... 344

Figure 197 Example Filter Rules Summary: Menu 21.1.3 .................................................. 345

Figure 198 Protocol and Device Filter Sets ......................................................................... 346

Figure 199 Filtering LAN Traffic .......................................................................................... 347

Figure 200 Filtering Remote Node Traffic ........................................................................... 347

Figure 201 SNMP Management Model ............................................................................... 349

Figure 202 Menu 22 SNMP Configuration .......................................................................... 351

Figure 203 Menu 23 System Security ................................................................................. 353

Figure 204 Menu 23 System Security ................................................................................. 353

Figure 205 Menu 23.2 System Security : RADIUS Server .................................................. 354

Figure 206 Menu 23 System Security ................................................................................. 355

Figure 207 Menu 23.4 System Security : IEEE802.1x ........................................................ 356

Figure 208 Menu 24 System Maintenance ......................................................................... 359

List of Figures 29

P-335 Series User’s Guide

Figure 209 Menu 24.1 System Maintenance : Status ......................................................... 360

Figure 210 Menu 24.2 System Information and Console Port Speed ............................... 361

Figure 211 Menu 24.2.1 System Maintenance : Information .............................................. 361

Figure 212 Menu 24.2.2 System Maintenance : Change Console Port Speed ................... 362

Figure 213 Menu 24.3.2 System Maintenance : Syslog Logging ........................................ 362

Figure 214 Syslog Example ................................................................................................ 364

Figure 215 Call-Triggering Packet Example ........................................................................ 368

Figure 216 Menu 24.4 System Maintenance : Diagnostic ................................................... 369

Figure 217 LAN & WAN DHCP ........................................................................................... 369

Figure 218 Telnet in Menu 24.5 ........................................................................................... 373

Figure 219 FTP Session Example ...................................................................................... 374

Figure 220 Telnet into Menu 24.6. ....................................................................................... 377

Figure 221 Restore Using FTP Session Example ............................................................... 378

Figure 222 Telnet Into Menu 24.7.1 Upload System Firmware ........................................... 379

Figure 223 Telnet Into Menu 24.7.2 System Maintenance . ................................................ 379

Figure 224 FTP Session Example of Firmware File Upload ............................................... 380

Figure 225 Command Mode in Menu 24 ............................................................................. 383

Figure 226 Valid Commands ............................................................................................... 384

Figure 227 Menu 24.9 System Maintenance : Call Control ................................................. 384

Figure 228 Budget Management ......................................................................................... 385

Figure 229 Menu 24.9.2 - Call History ................................................................................ 385

Figure 230 Menu 24: System Maintenance ....................................................................... 386

Figure 231 Menu 24.10 System Maintenance: Time and Date Setting ............................... 387

Figure 232 Menu 24.11 – Remote Management Control .................................................... 390

Figure 233 Menu 26 Schedule Setup .................................................................................. 393

Figure 234 Menu 26.1 Schedule Set Setup ....................................................................... 394

Figure 235 Applying Schedule Set(s) to a Remote Node (PPPoE) .................................... 395

Figure 236 VPN SMT Menu Tree ........................................................................................ 397

Figure 237 Menu 27 VPN/IPSec Setup ............................................................................... 398

Figure 238 Menu 27 ............................................................................................................ 398

Figure 239 Menu 27.1.1 IPSec Setup ................................................................................. 401

Figure 240 Menu 27.1.1.1 IKE Setup .................................................................................. 405

Figure 241 Menu 27.1.1.2 Manual Setup ............................................................................ 407

Figure 242 Menu 27.2 SA Monitor ...................................................................................... 410

Figure 243 Pop-up Blocker ................................................................................................. 417

Figure 244 Internet Options ............................................................................................... 418

Figure 245 Internet Options ................................................................................................ 419

Figure 246 Pop-up Blocker Settings ................................................................................... 420

Figure 247 Internet Options ................................................................................................ 421

Figure 248 Security Settings - Java Scripting ..................................................................... 422

Figure 249 Security Settings - Java .................................................................................... 423

Figure 250 Java (Sun) ......................................................................................................... 424

Figure 251 Internet Options Security .................................................................................. 425

30 List of Figures

P-335 Series User’s Guide

Figure 252 Security Setting ActiveX Controls ..................................................................... 426

Figure 253 Single-Computer per Router Hardware Configuration ...................................... 430

Figure 254 Prestige as a PPPoE Client .............................................................................. 430

Figure 255 Transport PPP frames over Ethernet ............................................................... 431

Figure 256 PPTP Protocol Overview .................................................................................. 432

Figure 257 Example Message Exchange between Computer and an ANT ........................ 433

Figure 258 Network Print Server Setup Wizard .................................................................. 436

Figure 259 Network Print Server Setup Wizard : Welcome ................................................ 437

Figure 260 Network Print Server Setup Wizard : Select A Print Server .............................. 438

Figure 261 Network Print Server Setup Wizard : Change Settings ..................................... 439

Figure 262 Network Print Server Setup Wizard : Select A Printer ...................................... 440

Figure 263 Add Printer Help ................................................................................................ 440

Figure 264 Network Print Server Setup Wizard : Summary ................................................ 441

Figure 265 Network Print Server Setup Wizard : Installation Complete .............................. 441

Figure 266 .......................................................................................................................... 442

Figure 267 Network Print Monitor Setup : Welcome ........................................................... 443

Figure 268 Network Print Monitor Setup : Location ............................................................ 443

Figure 269 Network Print Monitor Setup : Complete ........................................................... 444

Figure 270 Printers Screen ................................................................................................. 444

Figure 271 Add Printer Wizard Welcome Screen ............................................................... 445

Figure 272 Local Printer Screen ......................................................................................... 445

Figure 273 Select Printer Port Screen ................................................................................ 446

Figure 274 Add Standard TCP/IP Printer Port Screen ........................................................ 446

Figure 275 Add Port Screen ................................................................................................ 447

Figure 276 Additional Port Information Screen ................................................................... 447

Figure 277 Port Settings Screen ......................................................................................... 448

Figure 278 Add Standard TCP/IP Printer Port Complete .................................................... 448

Figure 279 Add Printer Screen ............................................................................................ 449

Figure 280 Use Existing Driver Screen ............................................................................... 449

Figure 281 Name Your Printer Screen ................................................................................ 450

Figure 282 Printer Sharing Screen ..................................................................................... 450

Figure 283 Location and Comment Screen ........................................................................ 451

Figure 284 Print Test Page Screen ..................................................................................... 451

Figure 285 Add Printer Wizard Complete ........................................................................... 452

Figure 286 Macintosh HD ................................................................................................... 452

Figure 287 Macintosh HD folder ......................................................................................... 452

Figure 288 Applications Folder ........................................................................................... 453

Figure 289 Utilities Folder ................................................................................................... 453

Figure 290 Printer List Folder .............................................................................................. 453

Figure 291 Printer Configuration ......................................................................................... 454

Figure 292 Printer Model ..................................................................................................... 454

Figure 293 Print Server ....................................................................................................... 455

Figure 294 WIndows 95/98/Me: Network: Configuration ..................................................... 466

List of Figures 31

P-335 Series User’s Guide

Figure 295 Windows 95/98/Me: TCP/IP Properties: IP Address ......................................... 467

Figure 296 Windows 95/98/Me: TCP/IP Properties: DNS Configuration ............................ 468

Figure 297 Windows XP: Start Menu .................................................................................. 469

Figure 298 Windows XP: Control Panel .............................................................................. 469

Figure 299 Windows XP: Control Panel: Network Connections: Properties ....................... 470

Figure 300 Windows XP: Local Area Connection Properties .............................................. 470

Figure 301 Windows XP: Advanced TCP/IP Settings ......................................................... 471

Figure 302 Windows XP: Internet Protocol (TCP/IP) Properties ......................................... 472

Figure 303 Macintosh OS 8/9: Apple Menu ........................................................................ 473

Figure 304 Macintosh OS 8/9: TCP/IP ................................................................................ 474

Figure 305 Macintosh OS X: Apple Menu ........................................................................... 474

Figure 306 Macintosh OS X: Network ................................................................................. 475

Figure 307 Peer-to-Peer Communication in an Ad-hoc Network ........................................ 477

Figure 308 Basic Service Set .............................................................................................. 478

Figure 309 Infrastructure WLAN ......................................................................................... 479

Figure 310 RTS/CTS ......................................................................................................... 480

Figure 311 EAP Authentication ........................................................................................... 483

Figure 312 WEP Authentication Steps ................................................................................ 485

Figure 313 Roaming Example ............................................................................................. 489

Figure 314 Ideal Setup ........................................................................................................ 495

Figure 315 “Triangle Route” Problem .................................................................................. 496

Figure 316 IP Alias .............................................................................................................. 497

Figure 317 Gateways on the WAN Side .............................................................................. 497

Figure 318 myZyXEL.com Login Screen ............................................................................ 500

Figure 319 Logged Into myZyXEL.com ............................................................................... 501

Figure 320 Product Registration ......................................................................................... 501

Figure 321 Add New Product .............................................................................................. 502

Figure 322 Product Survey ................................................................................................. 502

Figure 323 Service Management ........................................................................................ 503

Figure 324 Service Activation: Entering Licence Key ........................................................ 503

32 List of Figures

P-335 Series User’s Guide

List of Tables

Table 1 IEEE 802.11b ......................................................................................................... 45

Table 2 IEEE 802.11g ......................................................................................................... 46

Table 3 Screens Summary ................................................................................................. 56

Table 4 Wizard Setup : Wireless LAN ................................................................................ 60

Table 5 Wizard Setup : Wireless LAN Setup : Basic Security ............................................ 62

Table 6 Wizard Setup : Wireless LAN : Extended Security ................................................ 63

Table 7 Wizard Setup : Wireless LAN : OTIST ................................................................... 64

Table 8 Wizard Setup : Internet Access : Ethernet Encapsulation ..................................... 65

Table 9 Wizard Setup : Internet Access : PPPoE Encapsulation ....................................... 67

Table 10 Wizard Setup : Internet Access : PPTP Encapsulation ....................................... 68

Table 11 Private IP Address Ranges .................................................................................. 69

Table 12 Example of Network Properties for LAN Servers with Fixed IP Addresses ......... 71

Table 13 Wizard Setup : WAN ............................................................................................ 71

Table 14 Wizard Setup : WAN IP and DNS Server Address Assignment .......................... 72

Table 15 Wizard Setup : WAN MAC Address ..................................................................... 73

Table 16 Media Bandwidth Management Setup ................................................................. 76

Table 17 Media Bandwidth Management Setup : Services ................................................ 77

Table 18 Media Bandwidth Management Setup : Service Priority ..................................... 78

Table 19 System General Setup ........................................................................................ 80

Table 20 DDNS .................................................................................................................. 82

Table 21 Password .............................................................................................................83

Table 22 Time Setting ........................................................................................................ 84

Table 23 LAN IP ................................................................................................................. 91

Table 24 Static DHCP ......................................................................................................... 94

Table 25 IP Alias ................................................................................................................ 95

Table 26 Wireless ............................................................................................................... 100

Table 27 Wireless No Security ........................................................................................... 102

Table 28 Wireless: Static WEP Encryption ......................................................................... 104

Table 29 Wireless: WPA-PSK ............................................................................................ 107

Table 30 Wireless: WPA ..................................................................................................... 111

Table 31 Wireless: 802.1x and Dynamic WEP ................................................................... 114

Table 32 Wireless: 802.1x and Static WEP ........................................................................ 117

Table 33 Wireless: 802.1x and No WEP ............................................................................ 120

Table 34 MAC Address Filter ............................................................................................. 122

Table 35 Roaming ..............................................................................................................123

Table 36 OTIST .................................................................................................................. 124

List of Tables 33

P-335 Series User’s Guide

Table 37 WAN: Route ......................................................................................................... 128

Table 38 Ethernet Encapsulation ....................................................................................... 129

Table 39 PPPoE Encapsulation ......................................................................................... 131

Table 40 PPTP Encapsulation ............................................................................................ 133

Table 41 WAN: IP ............................................................................................................... 135

Table 42 Traffic Redirect .................................................................................................... 140

Table 43 NAT Definitions .................................................................................................... 143

Table 44 NAT Mapping Types ............................................................................................ 146

Table 45 Services and Port Numbers ................................................................................. 148

Table 46 SUA/NAT Setup ................................................................................................... 150

Table 47 Address Mapping ................................................................................................. 151

Table 48 Address Mapping Rule ........................................................................................ 153

Table 49 Trigger Port .......................................................................................................... 156

Table 50 Static Route .........................................................................................................158

Table 51 Static Route: Edit ................................................................................................. 159

Table 52 Configuring UPnP ................................................................................................ 163

Table 53 Service Settings ................................................................................................... 176

Table 54 Virus Protection ................................................................................................... 177

Table 55 Parental Controls ................................................................................................. 179

Table 56 Parental Controls Statistics .................................................................................. 181

Table 57 Firewall: Settings ................................................................................................. 185

Table 58 Firewall: Service .................................................................................................. 188

Table 59 Content Filter .......................................................................................................193

Table 60 Remote Management: WWW .............................................................................. 199

Table 61 Remote Management: Telnet .............................................................................. 200

Table 62 Remote Management: FTP ................................................................................. 201

Table 63 SNMP Traps ........................................................................................................ 203

Table 64 Remote Management: SNMP .............................................................................. 204

Table 65 Remote Management: DNS ................................................................................ 205

Table 66 Security ................................................................................................................ 206

Table 67 VPN and NAT ...................................................................................................... 213

Table 68 AH and ESP ........................................................................................................ 216

Table 69 VPN: Summary .................................................................................................... 218

Table 70 Local ID Type and Content Fields ....................................................................... 221

Table 71 Peer ID Type and Content Fields ........................................................................ 221

Table 72 Matching ID Type and Content Configuration Example ....................................... 222

Table 73 VPN: Rule Setup (Basic) ..................................................................................... 223

Table 74 VPN IKE: Advanced ............................................................................................ 230

Table 75 Rule Setup: Manual ............................................................................................. 235

Table 76 SA Monitor ...........................................................................................................238

Table 77 VPN: Global Setting ............................................................................................. 239

Table 78 Telecommuter and Headquarters Configuration Example ................................... 240

Table 79 View Logs ............................................................................................................244

34 List of Tables

P-335 Series User’s Guide

Table 80 Log Settings .........................................................................................................247

Table 81 Configuring Print Server ...................................................................................... 250

Table 82 Application and Subnet-based Bandwidth Management Example ...................... 253

Table 83 Media Mandwidth Management Priorities ........................................................... 255

Table 84 Commonly Used Services ................................................................................... 257

Table 85 Bandwidth Management Configuration ............................................................... 260

Table 86 Bandwidth Management Edit ............................................................................... 261

Table 87 Maintenance Status ............................................................................................. 266

Table 88 Maintenance System Statistics ............................................................................ 267

Table 89 Maintenance DHCP Table ................................................................................... 268

Table 90 Maintenance Any IP ............................................................................................ 269

Table 91 Maintenance Association List .............................................................................. 270

Table 92 Maintenance Firmware Upload ............................................................................ 271

Table 93 Maintenance Restore Configuration .................................................................... 275

Table 94 Main Menu Commands ....................................................................................... 281

Table 95 Main Menu Summary .......................................................................................... 282

Table 96 Menu 1 General Setup ........................................................................................ 286

Table 97 Menu 1.1 Configure Dynamic DNS ..................................................................... 287

Table 98 Menu 2 WAN Setup ............................................................................................. 289

Table 99 DHCP Ethernet Setup Fields ............................................................................... 292

Table 100 Menu 3.2: LAN TCP/IP Setup Fields ................................................................. 293

Table 101 Menu 3.2.1: IP Alias Setup ................................................................................ 294

Table 102 Menu 3.5 Wireless LAN Setup .......................................................................... 296

Table 103 Menu 3.5.1 WLAN MAC Address Filter ............................................................. 299

Table 104 Roaming Configuration ...................................................................................... 300

Table 105 Internet Access Setup (Ethernet ....................................................................... 301

Table 106 New Fields in Menu 4 (PPTP) Screen ............................................................... 303

Table 107 New Fields in Menu 4 (PPPoE) screen ............................................................. 304

Table 108 Menu 11.1 Remote Node Profile for Ethernet Encapsulation ............................ 306

Table 109 Fields in Menu 11.1 (PPPoE Encapsulation Specific) ....................................... 308

Table 110 Menu 11.1 Remote Node Profile for PPTP Encapsulation ................................. 309

Table 111 Remote Node Network Layer Options ............................................................... 310

Table 112 Menu 11.6: Traffic Redirect Setup ...................................................................... 313

Table 113 Menu12.1 Edit IP Static Route ........................................................................... 315

Table 114 Applying NAT in Menus 4 & 11.3 ....................................................................... 319

Table 115 SUA Address Mapping Rules ............................................................................ 320

Table 116 Menu 15.1.1 First Set ........................................................................................ 322

Table 117 Menu 15.1.1.1 Editing/Configuring an Individual Rule in a Set .......................... 323

Table 118 Menu 15.3 Trigger Port Setup ............................................................................ 332

Table 119 Abbreviations Used in the Filter Rules Summary Menu .................................... 337

Table 120 Rule Abbreviations Used ................................................................................... 338

Table 121 TCP/IP Filter Rule .............................................................................................. 339

Table 122 Generic Filter Rule Menu Fields ........................................................................ 342

List of Tables 35

P-335 Series User’s Guide

Table 123 Menu 22 SNMP Configuration ........................................................................... 351

Table 124 SNMP Traps ...................................................................................................... 351

Table 125 Ports and Permanent Virtual Circuits ................................................................. 352

Table 126 Menu 23.2 System Security : RADIUS Server .................................................. 354

Table 127 Menu 23.4 System Security : IEEE802.1x ......................................................... 356

Table 128 System Maintenance: Status Menu Fields ........................................................ 360

Table 129 Menu 24.2.1 System Maintenance : Information ............................................... 361

Table 130 Menu 24.3.2 System Maintenance : Syslog and Accounting ............................ 362

Table 131 System Maintenance Menu Diagnostic ............................................................. 369

Table 132 Filename Conventions ....................................................................................... 372

Table 133 General Commands for GUI-based FTP Clients ............................................... 374

Table 134 General Commands for GUI-based TFTP Clients ............................................. 376

Table 135 Menu 24.9.1 - Budget Management .................................................................. 385

Table 136 Call History Fields .............................................................................................. 386

Table 137 Time and Date Setting Fields ............................................................................ 387

Table 138 Menu 24.11 – Remote Management Control ..................................................... 390

Table 139 Menu 26.1 Schedule Set Setup ......................................................................... 394

Table 140 Menu 27.1 IPSec Summary ............................................................................... 398

Table 141 Menu 27.1.1 IPSec Setup .................................................................................. 401

Table 142 Menu 27.1.1.1 IKE Setup .................................................................................. 405

Table 143 Active Protocol: Encapsulation and Security Protocol ....................................... 407

Table 144 Menu 27.1.1.2 Manual Setup ............................................................................ 407

Table 145 Menu 27.2 SA Monitor ....................................................................................... 410

Table 146 Troubleshooting Starting Up Your Prestige ........................................................ 413

Table 147 Troubleshooting the LAN ................................................................................... 413

Table 148 Troubleshooting the WAN .................................................................................. 414

Table 149 Troubleshooting Accessing the Prestige ........................................................... 415

Table 150 Troubleshooting Restricted Web Pages and Keyword Blocking ........................ 415

Table 151 Troubleshooting the Password .......................................................................... 416

Table 152 Troubleshooting Telnet ...................................................................................... 416

Table 153 Device ................................................................................................................ 427

Table 154 Firmware ............................................................................................................427

Table 155 Print Server Interface ......................................................................................... 457

Table 156 Print Server Requirements and Specifications .................................................. 457

Table 157 Compatible USB Printers ................................................................................... 459

Table 158 NetBIOS Filter Default Settings ......................................................................... 462

Table 159 System Error logs .............................................................................................. 463

Table 160 System Maintenance Logs ................................................................................ 463

Table 161 UPnP Logs ........................................................................................................ 464

Table 162 ICMP Type and Code Explanations ................................................................... 464

Table 163 IEEE802.11g ...................................................................................................... 481

Table 164 Comparison of EAP Authentication Types ......................................................... 486

Table 165 Wireless Security Relational Matrix ................................................................... 488

36 List of Tables

P-335 Series User’s Guide

Table 166 Brute-Force Password Guessing Protection Commands .................................. 493

Table 167 myZyXEL.com Numbers .................................................................................... 499

List of Tables 37

P-335 Series User’s Guide

38 List of Tables

P-335 Series User’s Guide

Preface

Congratulations on your purchase of the P-335, Firewall Router with Print Server or the P-335WT, 802.11g Wireless Firewall Router with Print Server. This manual is designed to guide you through the configuration of your Prestige for its various applications.

Note: Use the web configurator, System Management Terminal (SMT) or command interpreter interface to configure your Prestige. Not all features can be configured through all interfaces.

Some parts of this manual relate to the Wireless Broadband Router. This manual may refer to the P-335, P-335WT, Firewall Router with Print Server or 802.11g Wireless Firewall Router with Print Server as the Prestige.

Note: Register your product online to receive e-mail notices of firmware upgrades and information at products, or at

www.us.zyxel.com for North American products.

www.zyxel.com for global

About This User's Guide

This User’s Guide is designed to guide you through the configuration of your Prestige using the web configurator or the SMT. The web configurator parts of this guide contain background information on features configurable by web configurator. The SMT parts of this guide contain background information solely on features not configurable by web configurator

Note: Use the web configurator, System Management Terminal (SMT) or command interpreter interface to configure your Prestige. Not all features can be configured through all interfaces.

Getting to Know Your Prestige

This chapter introduces the main features and applications of the Prestige.

1.1 Prestige Internet Security Gateway Overview

The Prestige is the ideal secure gateway for all data passing between the Internet and LAN’s.

By integrating NAT, firewall, media bandwidth management and VPN capability, ZyXEL’s Prestige is a complete security solution that protects your Intranet and efficiently manages data traffic on your network. The built-in print server allows computers on the LAN to share a USB printer eliminating the need to assign a dedicated computer as a print server or have a standalone print server device.

The embedded web configurator is easy to operate.

1.2 Prestige Features

The following sections describe Prestige features.

1.2.1 Physical Features

1.2.1.1 USB Port

The Prestige uses a USB 1.1 port to connect to a printer with a USB interface. Printers that use USB 1.0 are also compatible. Computers on the LAN use the printer by sending print requests to the print server in the Prestige.

1.2.1.2 OTIST Button (P-335WT only)

Use this button to activate OTIST (One-Touch Intelligent Security Technology). OTIST allows your Prestige to assign wireless clients the Prestige’s SSID and static WEP or WPAPSK encryption settings. The wireless client must also support OTIST and have OTIST enabled.

1.2.1.3 10/100M Auto-negotiating Ethernet/Fast Ethernet Interface(s)

This auto-negotiation feature allows the Prestige to detect the speed of incoming transmissions and adjust appropriately without manual intervention. It allows data transfer of either 10 Mbps or 100 Mbps in either half-duplex or full-duplex mode depending on your Ethernet network.

Chapter 1 Getting to Know Your Prestige 43

P-335 Series User’s Guide

1.2.1.4 Auto-crossover 10/100 Mbps Ethernet Interface(s)

These interfaces automatically adjust to either a crossover or straight-through Ethernet cable.

1.2.1.5 4-Port Switch

A combination of switch and router makes your Prestige a cost-effective and viable network solution. You can add up to four computers to the Prestige without the cost of a hub. Add more than four computers to your LAN by using a hub.

1.2.1.6 Time and Date

The Prestige allows you to get the current time and date from an external server when you turn on your Prestige. You can also set the time manually.

1.2.1.7 Reset Button

The Prestige reset button is built into the rear panel. Use this button to restore the factory defaults.

1.2.2 Non-Physical Features

1.2.2.1 Print Server

The Prestige has a built-in print server that allows computers on the LAN to share a USB printer. This eliminates the need to assign a dedicated computer as a print server or have a standalone print server device.

1.2.2.2 OTIST (P-335WT only)

One-Touch Intelligent Security Technology (OTIST) allows your Prestige to give wireless clients the Prestige’s security settings.The wireless client must also support OTIST. The Prestige’s OTIST feature supports static WEP or WPA-PSK encryption security settings.

1.2.2.3 Media Bandwidth Management

ZyXEL’s Media Bandwidth Management allows you to specify bandwidth classes based on an application and/or subnet. You can allocate specific amounts of bandwidth capacity (bandwidth budgets) to different bandwidth classes.

1.2.2.4 Trend Micro Security Services

TMSS (Trend Micro Security Services) identifies vulnerabilities and protects computers and networks that have Internet connections. TMSS is enabled by default on the Prestige but you must register at the TMSS web page. After you register, you can configure TMSS using the Prestige web configurator.

44 Chapter 1 Getting to Know Your Prestige

1.2.2.5 IPSec VPN Capability

Establish a Virtual Private Network (VPN) to connect with business partners and branch offices using data encryption and the Internet to provide secure communications without the expense of leased site-to-site lines. The Prestige VPN is based on the IPSec standard and is fully interoperable with other IPSec-based VPN products.

1.2.2.6 Firewall

The Prestige is a stateful inspection firewall with DoS (Denial of Service) protection. By default, when the firewall is activated, all incoming traffic from the WAN to the LAN is blocked unless it is initiated from the LAN. The Prestige firewall supports TCP/UDP inspection, DoS detection and prevention, real time alerts, reports and logs.

1.2.2.7 IEEE 802.1x Network Security (P-335WT only)

The Prestige supports the IEEE 802.1x standard to enhance user authentication. Use the builtin user profile database to authenticate up to 32 users using MD5 encryption. Use an EAPcompatible RADIUS (RFC2138, 2139 - Remote Authentication Dial In User Service) server to authenticate a limitless number of users using EAP (Extensible Authentication Protocol). EAP is an authentication protocol that supports multiple types of authentication.

P-335 Series User’s Guide

1.2.2.8 Content Filtering

Content filtering allows you to block access to forbidden Internet web sites, schedule when the Prestige should perform the filtering and give trusted LAN IP addresses unfiltered Internet access.

1.2.2.9 Brute-Force Password Guessing Protection

The Prestige has a special protection mechanism to discourage brute-force password guessing attacks on the Prestige’s management interfaces. You can specify a wait-time that must expire before entering a fourth password after three incorrect passwords have been entered. Please see the appendices for details about this feature.

1.2.2.10 802.11b Wireless LAN Standard (P-335WT only)

The Prestige, complies with the 802.11b wireless standard.

The 802.11b data rate and corresponding modulation techniques are as follows. The modulation technique defines how bits are encoded onto radio waves.

Table 1 IEEE 802.11b

DATA RATE (KBPS) MODULATION

1 DBPSK (Differential Binary Phase Shift Keyed)

2 DQPSK (Differential Quadrature Phase Shift Keying)

5.5 / 11 CCK (Complementary Code Keying)

Chapter 1 Getting to Know Your Prestige 45

P-335 Series User’s Guide

Note: The Prestige may be prone to RF (Radio Frequency) interference from other 2.4 GHz devices such as microwave ovens, wireless phones, Bluetooth enabled devices, and other wireless LANs

1.2.2.11 802.11g Wireless LAN Standard (P-335WT only)

The Prestige, complies with the 802.11g wireless standard and is also fully compatible with the 802.11b standard. This means an 802.11b radio card can interface directly with an 802.11g device (and vice versa) at 11 Mbps or lower depending on range. 802.11g has several intermediate rate steps between the maximum and minimum data rates. The 802.11g data rate and modulation are as follows:

Table 2 IEEE 802.11g

DATA RATE (MBPS) MODULATION

6/9/12/18/24/36/48/54 OFDM (Orthogonal Frequency Division Multiplexing)

1.2.2.12 Packet Filtering

The packet filtering mechanism blocks unwanted traffic from entering/leaving your network.

1.2.2.13 Universal Plug and Play (UPnP)

Using the standard TCP/IP protocol, the Prestige and other UPnP enabled devices can dynamically join a network, obtain an IP address and convey its capabilities to other devices on the network.

1.2.2.14 Call Scheduling

Configure call time periods to restrict and allow access for users on remote nodes.

1.2.2.15 PPPoE

PPPoE facilitates the interaction of a host with an Internet modem to achieve access to highspeed data networks via a familiar "dial-up networking" user interface.

1.2.2.16 PPTP Encapsulation

Point-to-Point Tunneling Protocol (PPTP) is a network protocol that enables secure transfer of data from a remote client to a private server, creating a Virtual Private Network (VPN) using a TCP/IP-based network.

PPTP supports on-demand, multi-protocol and virtual private networking over public networks, such as the Internet. The Prestige supports one PPTP server connection at any given time.

46 Chapter 1 Getting to Know Your Prestige

1.2.2.17 Dynamic DNS Support

With Dynamic DNS (Domain Name System) support, you can have a static hostname alias for a dynamic IP address, allowing the host to be more easily accessible from various locations on the Internet. You must register for this service with a Dynamic DNS service provider.

1.2.2.18 IP Multicast

Deliver IP packets to a specific group of hosts using IP multicast. IGMP (Internet Group Management Protocol) is the protocol used to support multicast groups. The latest version is version 2 (see RFC 2236); the Prestige supports both versions 1 and 2.

1.2.2.19 IP Alias

IP Alias allows you to partition a physical network into logical networks over the same Ethernet interface. The Prestige supports three logical LAN interfaces via its single physical Ethernet LAN interface with the Prestige itself as the gateway for each LAN network.

1.2.2.20 SNMP

P-335 Series User’s Guide

SNMP (Simple Network Management Protocol) is a protocol used for exchanging management information between network devices. SNMP is a member of the TCP/IP protocol suite. Your Prestige supports SNMP agent functionality, which allows a manager station to manage and monitor the Prestige through the network. The Prestige supports SNMP version one (SNMPv1) and version two (SNMPv2).

1.2.2.21 Network Address Translation (NAT)

Network Address Translation (NAT) allows the translation of an Internet protocol address used within one network (for example a private IP address used in a local network) to a different IP address known within another network (for example a public IP address used on the Internet).

1.2.2.22 Traffic Redirect

Traffic Redirect forwards WAN traffic to a backup gateway on the LAN when the Prestige cannot connect to the Internet, thus acting as an auxiliary backup when your regular WAN connection fails.

1.2.2.23 Port Forwarding

Use this feature to forward incoming service requests to a server on your local network. You may enter a single port number or a range of port numbers to be forwarded, and the local IP address of the desired server.

Chapter 1 Getting to Know Your Prestige 47

P-335 Series User’s Guide

1.2.2.24 DHCP (Dynamic Host Configuration Protocol)

DHCP (Dynamic Host Configuration Protocol) allows the individual client computers to obtain the TCP/IP configuration at start-up from a centralized DHCP server. The Prestige has built-in DHCP server capability, enabled by default, which means it can assign IP addresses, an IP default gateway and DNS servers to all systems that support the DHCP client.

1.2.2.25 Any IP

The Any IP feature allows a computer to access the Internet without changing the network settings (such as IP address and subnet mask) of the computer, when the IP addresses of the computer and the Prestige are not in the same subnet.

1.2.2.26 Full Network Management

The embedded web configurator is an all-platform web-based utility that allows you to easily access the Prestige’s management settings and configure the firewall. Most functions of the Prestige are also software configurable via the SMT (System Management Terminal) interface. The SMT is a menu-driven interface that you can access over a telnet connection.

1.2.2.27 RoadRunner Support

In addition to standard cable modem services, the Prestige supports Time Warner’s RoadRunner Service.

1.2.2.28 Logging and Tracing

• Built-in message logging and packet tracing.

• Unix syslog facility support.

• Firewall logs.

• Content filtering logs.

1.2.2.29 Upgrade Prestige Firmware via LAN

The firmware of the Prestige can be upgraded via the LAN (refer to Maintenance- F/W Upload Screen).

1.2.2.30 Embedded FTP and TFTP Servers

The Prestige’s embedded FTP and TFTP Servers enable fast firmware upgrades as well as configuration file backups and restoration.

1.2.2.31 Wireless Association List (P-335WT only)

With the Wireless Association List, you can see the list of the wireless stations that are currently using the Prestige to access your wired network.

48 Chapter 1 Getting to Know Your Prestige

1.2.2.32 Wireless LAN Channel Usage (P-335WT only)

The Wireless Channel Usage displays whether the radio channels are used by other wireless devices within the transmission range of the Prestige. This allows you to select the channel with minimum interference for your Prestige.

1.3 Applications for the Prestige

Here are some examples of what you can do with your Prestige.

1.3.1 Print Server Application

The following figure shows how you can setup your printer to operate on a LAN using the Prestige as a router and print server.

Figure 1 Prestige Print Server Application

Computers

P-335 Series User’s Guide

USB Printer

Prestige

1.3.2 Secure Broadband Internet Access via Cable or DSL Modem

You can connect a cable modem, DSL or wireless modem to the Prestige for broadband Internet access via an Ethernet or a wireless port on the modem. The Prestige guarantees not only high speed Internet access, but secure internal network protection and traffic management as well.

Chapter 1 Getting to Know Your Prestige 49

P-335 Series User’s Guide

Figure 2 Secure Internet Access via Cable, DSL or Wireless Modem

1.3.3 VPN Application

Prestige VPN is an ideal cost-effective way to connect branch offices and business partners over the Internet without the need (and expense) for leased lines between sites.

Figure 3 VPN Application

1.3.4 Wireless LAN Application (P-335WT only)

Add a wireless LAN to your existing network without expensive network cables. Wireless stations can move freely anywhere in the coverage area and use resources on the wired network.

50 Chapter 1 Getting to Know Your Prestige

Figure 4 Internet Access Application Example

P-335 Series User’s Guide

Chapter 1 Getting to Know Your Prestige 51

P-335 Series User’s Guide

52 Chapter 1 Getting to Know Your Prestige

Introducing the Web

This chapter describes how to access the Prestige web configurator and provides an overview of its screens.

2.1 Web Configurator Overview

The web configurator is an HTML-based management interface that allows easy Prestige setup and management via Internet browser. Use Internet Explorer 6.0 and later or Netscape Navigator 7.0 and later versions. The recommended screen resolution is 1024 by 768 pixels.

P-335 Series User’s Guide

CHAPTER 2

Configurator

In order to use the web configurator you need to allow:

• Web browser pop-up windows from your device. Web pop-up blocking is enabled by default in Windows XP SP (Service Pack) 2.

• JavaScripts (enabled by default).

• Java permissions (enabled by default).

See the Troubleshooting chapter to see how to make sure these functions are allowed in Internet Explorer.

2.2 Accessing the Prestige Web Configurator

1 Make sure your Prestige hardware is properly connected and prepare your computer/

computer network to connect to the Prestige (refer to the Quick Start Guide).

2 Launch your web browser.

3 Type "192.168.1.1" as the URL.

4 Type "1234" (default) as the password and click Login. In some versions, the default

password appears automatically - if this is the case, click Login.

5 You should see a screen asking you to change your password (highly recommended) as

shown next. Type a new password (and retype it to confirm) and click Apply or click Ignore.

Chapter 2 Introducing the Web Configurator 53

P-335 Series User’s Guide

Figure 5 Change Password Screen

You should now see the MAIN MENU screen)

Note: The management session automatically times out when the time period set in the Administrator Inactivity Timer field expires (default five minutes). Simply log back into the Prestige if this happens to you

2.3 Resetting the Prestige

If you forget your password or cannot access the web configurator, you will need to use the RESET button at the back of the Prestige to reload the factory-default configuration file. This means that you will lose all configurations that you had previously and the password will be reset to “1234”.

2.3.1 Procedure To Use The Reset Button

1 Make sure the PWR LED is on (not blinking).

2 Press the RESET button for ten seconds or until the PWR LED begins to blink and then

release it. When the PWR LED begins to blink, the defaults have been restored and the Prestige restarts.

2.3.2 Navigating the Prestige Web Configurator

The following summarizes how to navigate the web configurator from the SITE MAP screen.

• Click WIZARD for initial configuration including general setup, Wireless LAN Setup, ISP parameters for Internet Access and WAN IP/DNS Server/MAC address assignment.

• Click a link under ADVANCED to configure advanced Prestige features.

• Click BW SETUP for initial configuration of media bandwidth management.

54 Chapter 2 Introducing the Web Configurator

P-335 Series User’s Guide

• Click to view the web configurator in the language of your choice.

• Click LOGOUT at any time to exit the web configurator.

• Click MAINTENANCE to view information about your Prestige or upgrade configuration/firmware files. Maintenance includes Status (Statistics), DHCP Ta bl e, F/ W (firmware) Upload, Configuration (Backup, Restore, Defaults) and Restart.

Figure 6 The MAIN MENU Screen of the Web Configurator

2.3.3 Navigation Panel

After you enter the password, use the sub-menus on the navigation panel to configure Prestige features.

Chapter 2 Introducing the Web Configurator 55

P-335 Series User’s Guide

The following table describes the sub-menus.

Table 3 Screens Summary

LINK TAB FUNCTION

WIZARD SETUP Use these screens for initial configuration including general

BANDWIDTH SETUP

SYSTEM General This screen contains administrative and system-related

LAN IP Use this screen to configure LAN DHCP, TCP/IP settings and to

WIRELESS (P-335WT only)

WAN Route This screen allows you to configure route priority.

SUA/NAT SUA Server Use this screen to configure servers behind the Prestige.

STATIC ROUTE IP Static Route Use this screen to configure IP static routes.

FIREWALL Settings Use this screen to activate/deactivate the firewall and log packets

CONTENT FILTER

setup, Wireless LAN setup, ISP parameters for Internet Access and WAN IP/DNS Server/MAC address assignment.

Use these screens for initial configuration of media bandwidth management.

information.

DDNS Use this screen to set up dynamic DNS.

Password Use this screen to change your password.

Time Zone Use this screen to change your Prestige’s time and date.

enable Any IP.

Static DHCP Use this screen to assign IP addresses on the LAN to specific

IP Alias Use this screen to partition your LAN interface into subnets.

Wireless Use this screen to configure wireless LAN.

MAC Filter Use the MAC filter screen to configure the Prestige to block

Roaming This screen allows you to configure your Prestige roaming

OTIST This screen allows you to assign wireless clients the Prestige’s

WAN ISP Use this screen to change your Prestige’s WAN ISP settings.

WAN IP Use this screen to change your Prestige’s WAN IP settings.

WAN MAC Use this screen to change your Prestige’s WAN MAC settings.

Traffic Redirect Use this screen to configure your traffic redirect properties and

Address Mapping

Trigger Port Use this screen to change your Prestige’s trigger port settings.

Services Use this screen to enable service blocking (LAN to WAN firewall

Filter This screen allows you to block sites containing certain keywords

individual computers based on their MAC Addresses.

access to devices or block the devices from accessing the Prestige.

capabilities.

wireless security settings.

parameters.

Use this screen to configure network address translation mapping rules.

related to firewall rules.

rules).

in the URL and set the days and times for the Prestige to perform content filtering.

56 Chapter 2 Introducing the Web Configurator

P-335 Series User’s Guide

Table 3 Screens Summary

LINK TAB FUNCTION

REMOTE MGMT TELNET Use this screen to configure through which interface(s) and from

which IP address(es) users can use Telnet to manage the Prestige.

FTP Use this screen to configure through which interface(s) and from

which IP address(es) users can use FTP to access the Prestige.

WWW Use this screen to configure through which interface(s) and from

SNMP Use this screen to configure your Prestige’s settings for Simple

DNS Use this screen to configure through which interface(s) and from

Security Use this screen to change your anti-probing settings.

VPN Summary Use this screen to view the rule summary.

Rule Setup Use this screen to configure VPN connections.

SA Monitor Use this screen to display and manage active VPN connections.

Global Setting Use this screen to allow NetBIOS packets through the VPN

UPnP UPnP Use this screen to enable UPnP on the Prestige.

TMSS Service Settings Use this screen to decide which computers in the network you

Antivirus Protection

Parental Controls

LOGS View Log Use this screen to view the logs for the categories that you

Log Settings Use this screen to change your Prestige’s log settings.

PRINT SERVER Use this screen to view the printer and printer port name and to

BW MGMT Configuration Use this screen to configure your Prestige’s settings for Media

Monitor View the bandwidth usage of the LAN, WAN and WLAN

which IP address(es) users can use HTTP to manage the Prestige.

Network Management Protocol management.

which IP address(es) users can send DNS queries to the Prestige.

connections.

can apply TMSS.

This screen allows you to check the computers in the network for Trend Micro Internet Security.

This screen allows a parent (LAN administrator) to control a LAN user's Internet access privileges by blocking specified website categories.

selected.

monitor the printer status.

Bandwidth Management.

configured bandwidth rules.

Chapter 2 Introducing the Web Configurator 57

P-335 Series User’s Guide

Table 3 Screens Summary

LINK TAB FUNCTION

MAINTENANCE Status This screen contains administrative and system-related

LOGOUT Click this label to exit the web configurator.

information.

DHCP Table This screen displays DHCP (Dynamic Host Configuration

Protocol) related information and is READ-ONLY.

Any IP Use this screen to allow a computer to access the Internet

without changing the network settings of the computer, when the IP addresses of the computer and the Prestige are not in the same subnet.

F/W Upload Use this screen to upload firmware to your Prestige.

Configuration Use this screen to backup and restore the configuration or reset

the factory defaults to your Prestige.

Restart This screen allows you to reboot the Prestige without turning the

power off.

58 Chapter 2 Introducing the Web Configurator

P-335 Series User’s Guide

CHAPTER 3

Wizard Setup

This chapter provides information on the Wizard Setup screens in the web configurator.

3.1 Wizard Setup Overview

The web configurator’s Wizard Setup helps you configure your device to access the Internet. The second screen has three variations depending on what encapsulation type you use. Refer to your ISP (Internet Service Provider) checklist in the Quick Start Guide to know what to enter in each field. Leave a field blank if you don’t have that information.

3.2 Wizard Setup: General Setup and System Name

General Setup contains administrative and system-related information. System Name is for identification purposes. However, because some ISPs check this name you should enter your computer's "Computer Name".

• In Windows 95/98 click Start, Settings, Control Panel, Network. Click the Identification tab, note the entry for the Computer Name field and enter it as the System Name.

• In Windows 2000, click Start, Settings and Control Panel and then double-click System. Click the Network Identification tab and then the Properties button. Note the entry for the Computer name field and enter it as the System Name.

• In Windows XP, click Start, My Computer, View system information and then click the Computer Name tab. Note the entry in the Full computer name field and enter it as the Prestige System Name.

3.2.1 Domain Name

The Domain Name entry is what is propagated to the DHCP clients on the LAN. If you leave this blank, the domain name obtained by DHCP from the ISP is used. While you must enter the host name (System Name) on each individual computer, the domain name can be assigned from the Prestige via DHCP.

Click Next to configure the Prestige for Internet access.

Chapter 3 Wizard Setup 59

P-335 Series User’s Guide

Figure 7 Wizard Setup : General

3.3 Wizard Setup: Wireless LAN (P-335WT only)

Set up your wireless LAN using the following screen.

Figure 8 Wizard Setup : Wireless LAN

The following table describes the labels in this screen.

Table 4 Wizard Setup : Wireless LAN

LABEL DESCRIPTION

Name(SSID) Enter a descriptive name (up to 32 printable 7-bit ASCII characters) for the wireless

LAN. If you change this field on the Prestige, make sure all wireless stations use the same

SSID in order to access the network.

Choose Channel ID

To manually set the Prestige to use a channel, select a channel from the drop-down list box.

60 Chapter 3 Wizard Setup

P-335 Series User’s Guide

Table 4 Wizard Setup : Wireless LAN

LABEL DESCRIPTION

Security The Security can be selected as auto, none, basic or extended.

Choose Auto to use WPA-PSK security with a default Pre-Shared Key and proceed to another wireless LAN setup screen where you can enable OTIST. Choose this option only if your wireless clients support WPA-PSK.

Choose None to have no wireless LAN security configured and proceed to another wireless LAN setup screen where you can enable OTIST.

Choose Basic(WEP) security if you want to configure WEP Encryption parameters. Choose Extend(WPA-PSK) security to configure a Pre-Shared Key. The third screen varies depending on which security level you select.

Back Click Back to display the previous screen.

Next Click Next to proceed to the next screen.

Note: The wireless stations and Prestige must use the same SSID, channel ID and WEP encryption key (if WEP is enabled) or WPA-PSK (if WPA-PSK is enabled) for wireless communication.

3.3.1 Wizard Setup : Wireless LAN : Basic Security

Choose Basic(WEP) to setup WEP Encryption parameters.

Chapter 3 Wizard Setup 61

P-335 Series User’s Guide

Figure 9 Wizard Setup : Wireless LAN : Basic Security

The following table describes the labels in this screen.

Table 5 Wizard Setup : Wireless LAN Setup : Basic Security

LABEL DESCRIPTION

Passphrase Enter a Passphrase (up to 32 printable characters) and clicking Generate. The

WEP Encryption

Key 1 to Key 4 The WEP keys are used to encrypt data. Both the Prestige and the wireless stations

Back Click Back to display the previous screen.

Next Click Next to proceed to the next screen.

Prestige automatically generates a WEP key.

Select 64-bit WEP, 128-bit WEP or 256-bit WEP to allow data encryption.

ASCII Select this option in order to enter ASCII characters as the WEP keys.

HEX Select this option to enter hexadecimal characters as the WEP keys.

The preceding “0x” is entered automatically.

must use the same WEP key for data transmission. If you chose 64-bit WEP, then enter any 5 ASCII characters or 10 hexadecimal

characters ("0-9", "A-F"). If you chose 128-bit WEP, then enter 13 ASCII characters or 26 hexadecimal

characters ("0-9", "A-F"). If you chose 256-bit WEP, then enter 29 ASCII characters or 58 hexadecimal

characters ("0-9", "A-F"). You must configure at least one key, only one key can be activated at any one time.

The default key is key 1.

62 Chapter 3 Wizard Setup

P-335 Series User’s Guide

3.3.2 Wizard Setup : Wireless LAN : Extended Security

Choose Extend(WPA-PSK) security in the Wireless LAN Setup screen to set up a Pre- Shared Key.

Figure 10 Wizard Setup : Wireless LAN : Extended Security

The following table describes the labels in this screen.

Table 6 Wizard Setup : Wireless LAN : Extended Security

LABEL DESCRIPTION

Pre-Shared Key

Back Click Back to display the previous screen.

Next Click Next to proceed to the next screen.

Type from 8 to 63 case-sensitive ASCII characters. You can set up the most secure wireless connection by configuring WPA in the advanced wireless screen. You need to configure an authentication server to do this.

3.4 Wizard Setup : Wireless LAN : OTIST (P-335WT only)

The following screen allows you to enable Prestige One-Touch Intelligent Security Technology (OTIST). One-Touch Intelligent Security Technology (OTIST) allows your Prestige to assign wireless clients the Prestige’s SSID and static WEP or WPA-PSK encryption settings. The wireless client must also support OTIST and have OTIST enabled.

OTIST on page 124 for more information.

See

Chapter 3 Wizard Setup 63

P-335 Series User’s Guide

Figure 11 Wizard Setup : Wireless LAN : OTIST

The following table describes the labels in this screen.

Table 7 Wizard Setup : Wireless LAN : OTIST

LABEL DESCRIPTION

Do you want to enable OneTouch Intelligent Security Technology now?

Setup Key The default OTIST Setup Key is “01234567”. This key can be changed in the web

Back Click Back to display the previous screen.

Next Click Next to proceed to the next screen.

Finish Click Finish to enable OTIST and complete the wizard setup.

Select the Yes radio button and click Finish to enable One-Touch Intelligent Security Technology (OTIST), complete the wizard setup and save your configuration.

Select the Yes radio button and click Next to proceed with the setup wizard and enable OTIST only when you click Finish in the final wizard screen.

Click No and then Next to proceed to the following screen. Click No and then Finish to complete the wizard setup and save your configuration.

configurator. Be sure to use the same OTIST Setup Key on the Prestige and wireless clients.

Refer to the chapter on wireless LAN for more information.

64 Chapter 3 Wizard Setup

3.5 Wizard Setup : Internet Access

The Prestige offers three choices of encapsulation. They are Ethernet, PPP over Ethernet or PPTP.

3.5.1 Ethernet

Choose Ethernet when the WAN port is used as a regular Ethernet.

Figure 12 Wizard Setup : Internet Access : Ethernet Encapsulation

P-335 Series User’s Guide

The following table describes the labels in this screen.

Table 8 Wizard Setup : Internet Access : Ethernet Encapsulation

LABEL DESCRIPTION

ISP Parameters for Internet Access

Encapsulation You must choose the Ethernet option when the WAN port is used as a regular

Service Type Choose from Standard, Tels tra (RoadRunner Telstra authentication method), RR-

User Name Type the user name given to you by your ISP.

Password Type the password associated with the user name above.

Relogin Every (min)

Back Click Back to return to the previous screen.

Next Click Next to continue.

Ethernet. Otherwise, choose PPP over Ethernet or PPTP for a dial-up connection.

Manager (Roadrunner Manager authentication method), RR-Toshiba (Roadrunner Toshiba authentication method) or Telia Login.

The following fields are not applicable (N/A) for the Standard service type.

Type the authentication server IP address here if your ISP gave you one.

the domain name of the Telia login server, for example “login1.telia.com”.

This field only applies when you select Telia Login in the Service Type field. The Telia server logs the Prestige out if the Prestige does not log in periodically. Type the number of minutes from 1 to 59 (30 default) for the Prestige to wait between logins.

Chapter 3 Wizard Setup 65

P-335 Series User’s Guide

3.5.2 PPPoE Encapsulation

Point-to-Point Protocol over Ethernet (PPPoE) functions as a dial-up connection. PPPoE is an IETF (Internet Engineering Task Force) draft standard specifying how a host personal computer interacts with a broadband modem (for example DSL, cable, wireless, etc.) to achieve access to high-speed data networks.

For the service provider, PPPoE offers an access and authentication method that works with existing access control systems (for instance, Radius). For the user, PPPoE provides a login and authentication method that the existing Microsoft Dial-Up Networking software can activate, and therefore requires no new learning or procedures for Windows users.

One of the benefits of PPPoE is the ability to let end users access one of multiple network services, a function known as dynamic service selection. This enables the service provider to easily create and offer new IP services for specific users.

Operationally, PPPoE saves significant effort for both the subscriber and the ISP/carrier, as it requires no specific configuration of the broadband modem at the subscriber’s site.

By implementing PPPoE directly on the Prestige (rather than individual computers), the computers on the LAN do not need PPPoE software installed, since the Prestige does that part of the task. Furthermore, with NAT, all of the LAN's computers will have Internet access.

Refer to the appendix for more information on PPPoE.

66 Chapter 3 Wizard Setup

Figure 13 Wizard Setup : Internet Access : PPPoE Encapsulation

The following table describes the labels in this screen.

Table 9 Wizard Setup : Internet Access : PPPoE Encapsulation

P-335 Series User’s Guide

LABEL DESCRIPTION

ISP Parameter for Internet Access

Encapsulation Choose PPP over Ethernet from the pull-down list box. PPPoE forms a dial-up

connection.

Service Name Type the name of your service provider.

User Name Type the user name given to you by your ISP.

Password Type the password associated with the user name above.

Nailed-Up Connection

Idle Timeout Type the time in seconds that elapses before the router automatically disconnects

Next Click Next to continue.

Back Click Back to return to the previous screen.

Select Nailed-Up Connection if you do not want the connection to time out.

from the PPPoE server. The default time is 100 seconds.

3.5.3 PPTP Encapsulation

Point-to-Point Tunneling Protocol (PPTP) is a network protocol that enables transfers of data from a remote client to a private server, creating a Virtual Private Network (VPN) using TCP/ IP-based networks.

PPTP supports on-demand, multi-protocol, and virtual private networking over public networks, such as the Internet.

Chapter 3 Wizard Setup 67

P-335 Series User’s Guide

Refer to the appendix for more information on PPTP.

Figure 14 Wizard Setup : Internet Access : PPTP Encapsulation

Note: The PRESTIGE supports one PPTP server connection at

any given time.

The following table describes the fields in this screen

Table 10 Wizard Setup : Internet Access : PPTP Encapsulation

LABEL DESCRIPTION

ISP Parameters for Internet Access

Encapsulation Select PPTP from the drop-down list box.

User Name Type the user name given to you by your ISP.

Password Type the password associated with the User Name above.

Nailed-Up Connection

Idle Timeout Type the time in seconds that elapses before the router automatically disconnects

PPTP Configuration

My IP Address Type the (static) IP address assigned to you by your ISP.

My IP Subnet Mask Type the subnet mask assigned to you by your ISP (if given).

Server IP Address Type the IP address of the PPTP server.

68 Chapter 3 Wizard Setup

Select Nailed-Up Connection if you do not want the connection to time out.

from the PPTP server. The default is 100 seconds.

Table 10 Wizard Setup : Internet Access : PPTP Encapsulation

LABEL DESCRIPTION

P-335 Series User’s Guide

Connection ID/ Name

Back Click Back to return to the previous screen.

Next Click Next to continue.

Enter the connection ID or connection name in this field. It must follow the "c:id" and "n:name" format. For example, C:12 or N:My ISP.

This field is optional and depends on the requirements of your ISP.

3.6 Wizard Setup : WAN

These wizard screens allow you to configure WAN IP address assignment, DNS server address assignment and the WAN MAC address.

3.6.1 WAN IP Address Assignment

Every computer on the Internet must have a unique IP address. If your networks are isolated from the Internet, for instance, only between your two branch offices, you can assign any IP addresses to the hosts without problems. However, the Internet Assigned Numbers Authority (IANA) has reserved the following three blocks of IP addresses specifically for private networks.

Table 11 Private IP Address Ranges

10.0.0.0 - 10.255.255.255

172.16.0.0 - 172.31.255.255

192.168.0.0 - 192.168.255.255

You can obtain your IP address from the IANA, from an ISP or have it assigned by a private network. If you belong to a small organization and your Internet access is through an ISP, the ISP can provide you with the Internet addresses for your local networks. On the other hand, if you are part of a much larger organization, you should consult your network administrator for the appropriate IP addresses.

Note: Regardless of your particular situation, do not create an arbitrary IP address; always follow the guidelines above. For more information on address assignment, please refer to RFC 1597, Address Allocation for Private Internets and RFC 1466, Guidelines for Management of IP Address Space.

3.6.2 IP Address and Subnet Mask

Similar to the way houses on a street share a common street name, so too do computers on a LAN share one common network number.

Chapter 3 Wizard Setup 69

P-335 Series User’s Guide

Where you obtain your network number depends on your particular situation. If the ISP or your network administrator assigns you a block of registered IP addresses, follow their instructions in selecting the IP addresses and the subnet mask.

If the ISP did not explicitly give you an IP network number, then most likely you have a single user account and the ISP will assign you a dynamic IP address when the connection is established. The Internet Assigned Number Authority (IANA) reserved this block of addresses specifically for private use; please do not use any other number unless you are told otherwise. Let's say you select 192.168.1.0 as the network number; which covers 254 individual addresses, from 192.168.1.1 to 192.168.1.254 (zero and 255 are reserved). In other words, the first three numbers specify the network number while the last number identifies an individual computer on that network.

Once you have decided on the network number, pick an IP address that is easy to remember, for instance, 192.168.1.1, for your Prestige, but make sure that no other device on your network is using that IP address.

The subnet mask specifies the network number portion of an IP address. Your Prestige will compute the subnet mask automatically based on the IP address that you entered. You don't need to change the subnet mask computed by the Prestige unless you are instructed to do otherwise.

3.6.3 DNS Server Address Assignment

Use DNS (Domain Name System) to map a domain name to its corresponding IP address and vice versa, for instance, the IP address of www.zyxel.com is 204.217.0.2. The DNS server is extremely important because without it, you must know the IP address of a computer before you can access it.

The Prestige can get the DNS server addresses in the following ways.

1 The ISP tells you the DNS server addresses, usually in the form of an information sheet,

when you sign up. If your ISP gives you DNS server addresses, enter them in the DNS Server fields in DHCP Setup.

2 If the ISP did not give you DNS server information, leave the DNS Server fields in

DHCP Setup set to 0.0.0.0 for the ISP to dynamically assign the DNS server IP addresses.

3.6.4 WAN MAC Address

Every Ethernet device has a unique MAC (Media Access Control) address. The MAC address is assigned at the factory and consists of six pairs of hexadecimal characters, for example, 00:A0:C5:00:00:02.

70 Chapter 3 Wizard Setup

P-335 Series User’s Guide

You can configure the WAN port's MAC address by either using the factory default or cloning the MAC address from a computer on your LAN. Once it is successfully configured, the address will be copied to the "rom" file (ZyNOS configuration file). It will not change unless you change the setting or upload a different "rom" file.

Table 12 Example of Network Properties for LAN Servers with Fixed IP Addresses

Choose an IP address 192.168.1.2-192.168.1.32; 192.168.1.65-192.168.1.254.

Subnet mask 255.255.255.0

Gateway (or default route) 192.168.1.1(Prestige LAN IP)

The following wizard screen allows you to assign a fixed IP address or give the Prestige an automatically assigned IP address depending on your ISP.

Figure 15 Wizard Setup : WAN

The following table describes the labels in this screen

Table 13 Wizard Setup : WAN

LABEL DESCRIPTION

Get automatically from ISP(default)

Use fixed IP address Select this option If the ISP assigned a fixed IP address. Select Use fixed

Back Click Back to return to the previous screen.

Next Click Next to continue.

Select this option If your ISP did not assign you a fixed IP address. This is the default selection.

IP address to give the Prestige a fixed, unique IP address. The fixed IP address should be in the same subnet as your broadband modem or router.

Select Use fixed IP address in the previous wizard screen and click Next to view the following screen. Fill in the fields and click Next to continue.

Chapter 3 Wizard Setup 71

P-335 Series User’s Guide

Figure 16 Wizard Setup : WAN IP and DNS Server Address Assignment

The following table describes the labels in this screen

Table 14 Wizard Setup : WAN IP and DNS Server Address Assignment

LABEL DESCRIPTION

WAN IP Address Assignment

My WAN IP Address Enter the IP address of your Prestige in dotted decimal notation.

If you change the Prestige’s IP address, you must use the new IP address if you want to access the web configurator again.

Remote IP Address Enter a Remote IP Address appropriate to your network.

Remote IP Subnet Mask Enter the Remote IP Subnet Mask of the neighboring device, if you know

it. If you do not, leave the Remote IP Subnet Mask field as 0.0.0.0.

System DNS Server Address Assignment (if applicable) DNS (Domain Name System) is for mapping a domain name to its corresponding IP address and vice

versa. The DNS server is extremely important because without it, you must know the IP address of a computer before you can access it. The Prestige uses a system DNS server (in the order you specify here) to resolve domain names for VPN, DDNS and the time server.

First DNS Server

Second DNS Server

Third DNS Server

Select From ISP if your ISP dynamically assigns DNS server information (and the Prestige's WAN IP address). The field to the right displays the (read-only) DNS server IP address that the ISP assigns.

Select User-Defined if you have the IP address of a DNS server. Enter the DNS server's IP address in the field to the right.

Select None if you do not want to configure DNS servers. If you do not configure a system DNS server, you must use IP addresses when configuring VPN, DDNS and the time server.

72 Chapter 3 Wizard Setup

P-335 Series User’s Guide

Table 14 Wizard Setup : WAN IP and DNS Server Address Assignment

LABEL DESCRIPTION

Back Click Back to return to the previous screen.

Next Click Next to continue.

Select Get automatically from ISP (Default) in the first WAN wizard setup screen and click Next to view the following WAN MAC Address screen. Click Next to go to the final wizard

setup screen.

Figure 17 Wizard Setup : WAN MAC Address

The following table describes the labels in this screen

Table 15 Wizard Setup : WAN MAC Address

LABEL DESCRIPTION

WAN MAC Address The MAC address field allows you to configure the WAN port's MAC

Factory Default Select this option to use the factory assigned default MAC Address.

Spoof this Computer's MAC address - IP Address

Back Click Back to return to the previous screen.

Next Click Next to continue.

Address by either using the factory default or cloning the MAC address from a computer on your LAN.

Select this option and enter the IP address of the computer on the LAN whose MAC you are cloning. Once it is successfully configured, the address will be copied to the rom file (ZyNOS configuration file). It will not change unless you change the setting or upload a different rom file. It is advisable to clone the MAC address from a computer on your LAN even if your ISP does not presently require MAC address authentication.

3.7 Wizard Setup : Complete

Follow the on-screen instructions and click Finish to complete the wizard setup and save your configuration.

Chapter 3 Wizard Setup 73

P-335 Series User’s Guide

Figure 18 Wizard Setup : Complete

Well done! You have successfully set up your Prestige to operate on your network and access the Internet

74 Chapter 3 Wizard Setup

P-335 Series User’s Guide

CHAPTER 4

Media Bandwidth Management

This chapter provides information on the bandwidth management setup screens in the web configurator.

4.1 Media Bandwidth Management Setup Overview

The web configurator’s BW SETUP allows you to specify bandwidth classes based on an application and/or subnet. You can allocate specific amounts of bandwidth capacity (bandwidth budgets) to different bandwidth classes.

Setup

The Prestige applies bandwidth management to traffic that it forwards out through the LAN, WAN and WLAN interfaces regardless of the traffic's source. For example, bandwidth management can be applied to the following situations:a LAN user surfing the Web or a LAN user downloading from a server behind the Prestige.

The Prestige does not control the bandwidth of traffic that comes into these interfaces.

Traffic redirect or IP alias may cause LAN-to-LAN traffic to pass through the Prestige and be managed by bandwidth management.

4.2 Media Bandwidth Management Setup

Click BM SETUP in the main menu to display the first wizard screen.

Chapter 4 Media Bandwidth Management Setup 75

P-335 Series User’s Guide

Figure 19 Media Bandwidth Management Setup

The following fields describe the label in this screen.

Table 16 Media Bandwidth Management Setup

LABEL DESCRIPTION

Active Select the Active check box to have the Prestige apply bandwidth

Managed Bandwidth (Kbps)

Next Click Next to continue.

management to traffic going out through the Prestige’s WAN, LAN or WLAN port.

Enter the amount of Managed Bandwidth in kbps (2 to 100,000) that you want to allocate for traffic. 20 kbps to 20,000 kbps is recommended. The recommendation is to set this speed to be equal to or less than the speed of the broadband device connected to the WAN port.

For example, set the speed to 1000 Kbps (or less) if the broadband device connected to the WAN port has an upstream speed of 1000 Kbps.

4.3 Media Bandwidth Management Setup : Services

Use the second wizard screen to select the services that you want to apply bandwidth management.

76 Chapter 4 Media Bandwidth Management Setup

Figure 20 Media Bandwidth Management Setup : Services

The following table describes the labels in this screen.

P-335 Series User’s Guide

Table 17 Media Bandwidth Management Setup : Services

LABEL DESCRIPTION

Choose Channel ID

Back Click Back to display the previous screen.

Next Click Next to proceed to the next screen.

Create bandwidth management classes by selecting services from the list provided.

• XBox Live

•VoIP (SIP)

•FTP

•E-Mail

• eMule/eDonkey

•WWW For a detailed description of these services, see the Media Bandwidth Management

chapter.

4.4 Media Bandwidth Management Setup : Service Priority

Use the following wizard screen to select the priorities that you want to apply to the services listed.

Chapter 4 Media Bandwidth Management Setup 77

P-335 Series User’s Guide

Figure 21 Media Bandwidth Management Setup : Service Priority

The following table describes the fields in this screen.

Table 18 Media Bandwidth Management Setup : Service Priority

LABELS DESCRIPTION

Service These fields display the services selected in the previous screen.

Priority Select High, Mid or Low priority for each service to have your Prestige use a

priority for traffic that matches that service. If the rules set up in this wizard are changed in ADVANCED - BW MGMT -

Configuration, then the service priority radio button will be set to Others. The ADVANCED - BW MGMT - Configuration - Edit configuration screens allow

you to edit these rule configurations.

Back Click Back to return to the previous screen.

Finish Click Finish to complete and save the bandwidth management setup.

4.5 Media Bandwidth Management Setup Complete

Well done! You have finished configuration of Media Bandwidth Management. You may now continue configuring your device.

Figure 22 Media Bandwidth Management Setup : Complete

78 Chapter 4 Media Bandwidth Management Setup

This chapter provides information on the System screens.

5.1 System Overview

See the Wizard Setup chapter for more information on the next few screens.

5.2 Configuring General Setup

Click SYSTEM to open the General screen.

P-335 Series User’s Guide

CHAPTER 5

System Screens

Chapter 5 System Screens 79

P-335 Series User’s Guide

Figure 23 System General Setup

The following table describes the labels in this screen.

Table 19 System General Setup

LABEL DESCRIPTION

System Name System Name is a unique name to identify the Prestige in an Ethernet network.. It

Domain Name Enter the domain name (if you know it) here. If you leave this field blank, the ISP

Administrator Inactivity Timer

System DNS Servers (if applicable) DNS (Domain Name System) is for mapping a domain name to its corresponding IP address and vice

is recommended you enter your computer’s “Computer name” in this field (see the Wizard Setup chapter for how to find your computer’s name). This name can be up to 30 alphanumeric characters long. Spaces are not allowed, but dashes “-” and underscores "_" are accepted.

may assign a domain name via DHCP. The domain name entered by you is given priority over the ISP assigned domain

name.

Type how many minutes a management session (either via the web configurator or SMT) can be left idle before the session times out. The default is 5 minutes. After it times out you have to log in with your password again. Very long idle timeouts may have security risks. A value of "0" means a management session never times out, no matter how long it has been left idle (not recommended).

80 Chapter 5 System Screens

Table 19 System General Setup

LABEL DESCRIPTION

P-335 Series User’s Guide

First DNS Server Second DNS Server Third DNS Server

Apply Click Apply to save your changes back to the Prestige.

Reset Click Reset to begin configuring this screen afresh.

5.3 Dynamic DNS

Dynamic DNS allows you to update your current dynamic IP address with one or many dynamic DNS services so that anyone can contact you (in NetMeeting, CU-SeeMe, etc.). You can also access your FTP server or Web site on your own computer using a domain name (for instance myhost.dhs.org, where myhost is a name of your choice) that will never change instead of using an IP address that changes each time you reconnect. Your friends or relatives will always be able to call you even if they don't know your IP address.

Select From ISP if your ISP dynamically assigns DNS server information (and the Prestige's WAN IP address). The field below displays the (read-only) DNS server IP address that the ISP assigns.

Select User-Defined if you have the IP address of a DNS server. Enter the DNS server's IP address in the field below. If you chose User-Defined, but leave the IP address set to 0.0.0.0, User-Defined changes to None after you click Apply. If you set a second choice to User-Defined, and enter the same IP address, the second User-Defined changes to None after you click Apply.

Select None if you do not want to configure DNS servers. If you do not configure a system DNS server, you must use IP addresses when configuring VPN, DDNS and the time server.

First of all, you need to have registered a dynamic DNS account with www.dyndns.org. This is for people with a dynamic IP from their ISP or DHCP server that would still like to have a domain name. The Dynamic DNS service provider will give you a password or key.

5.3.1 DynDNS Wildcard

Enabling the wildcard feature for your host causes *.yourhost.dyndns.org to be aliased to the same IP address as yourhost.dyndns.org. This feature is useful if you want to be able to use, for example, www.yourhost.dyndns.org and still reach your hostname.

Note: If you have a private WAN IP address, then you cannot use Dynamic DNS.

5.4 Configuring Dynamic DNS

To change your Prestige’s DDNS, click SYSTEM, then the DDNS tab. The screen appears as shown.

Chapter 5 System Screens 81

P-335 Series User’s Guide

Figure 24 DDNS

The following table describes the labels in this screen.

Table 20 DDNS

LABEL DESCRIPTION

Enable DDNS Select this check box to use dynamic DNS.

Service Provider Select the name of your Dynamic DNS service provider.

DDNS Type Select the type of service that you are registered for from your Dynamic DNS

service provider.

Host Names 1~3 Enter the host names in the three fields provided. You can specify up to two

host names in each field separated by a comma (",").

User Name Enter your user name.

Password Enter the password assigned to you.

Enable Wildcard Option Select the check box to enable DynDNS Wildcard.

Enable off line option This option is available when CustomDNS is selected in the DDNS Type

IP Address Update Policy:

Use WAN IP Address Select this option to update the IP address of the host name(s) to the WAN IP

DDNS server auto detect IP Address

field. Check with your Dynamic DNS service provider to have traffic redirected to a URL (that you can specify) while you are off line.

address.

Select this option to update the IP address of the host name(s) automatically by the DDNS server. It is recommended that you select this option.

82 Chapter 5 System Screens

Table 20 DDNS

LABEL DESCRIPTION

P-335 Series User’s Guide

Use specified IP Address

Apply Click Apply to save your changes back to the Prestige.

Reset Click Reset to begin configuring this screen afresh.

Type the IP address of the host name(s). Use this if you have a static IP address.

5.5 Configuring Password

To change your Prestige’s password (recommended), click SYSTEM, then the Password tab. The screen appears as shown. This screen allows you to change the Prestige’s password.

Figure 25 Password

The following table describes the labels in this screen.

Table 21 Password

LABEL DESCRIPTION

Old Password Type the default password or the existing password you use to access the

system in this field.

New Password Type the new password in this field.

Retype to Confirm Type the new password again in this field.

Apply Click Apply to save your changes back to the Prestige.

Reset Click Reset to begin configuring this screen afresh.

5.6 Configuring Time Setting

To change your Prestige’s time and date, click SYSTEM, then the Time Setting tab. The screen appears as shown. Use this screen to configure the Prestige’s time based on your local time zone.

Chapter 5 System Screens 83

P-335 Series User’s Guide

Figure 26 Time Setting

The following table describes the labels in this screen.

Table 22 Time Setting

LABEL DESCRIPTION

Time Protocol Select the time service protocol that your time server sends when you turn on

Time Server Address

Current Time This field displays the time of your Prestige.

New Time This field displays the last updated time from the time server.

the Prestige. Not all time servers support all protocols, so you may have to check with your ISP/network administrator or use trial and error to find a protocol that works.

The main difference between them is the format.

Daytime (RFC 867) format is day/month/year/time zone of the server. Time (RFC 868) format displays a 4-byte integer giving the total number of

seconds since 1970/1/1 at 0:0:0. The default, NTP (RFC 1305), is similar to Time (RFC 868). Select None to enter the time and date manually.

Enter the IP address or URL (up to 20 extended ASCII characters in length) of your time server. Check with your ISP/network administrator if you are unsure of this information.

Each time you reload this page, the Prestige synchronizes the time with the time server.

When you select None in the Time Protocol field, enter the new time in this field and then click Apply.

84 Chapter 5 System Screens

P-335 Series User’s Guide

Table 22 Time Setting

LABEL DESCRIPTION

Current Date This field displays the date of your Prestige.

Each time you reload this page, the Prestige synchronizes the time with the time server.

New Date This field displays the last updated date from the time server.

When you select None in the Time Protocol field, enter the new date in this field and then click Apply.

Time Zone Choose the Time Zone of your location. This will set the time difference between

your time zone and Greenwich Mean Time (GMT).

Daylight Savings Select this option if you use daylight savings time. Daylight saving is a period

Start Date Enter the month and day that your daylight-savings time starts on if you selected

End Date Enter the month and day that your daylight-savings time ends on if you selected

Apply Click Apply to save your changes back to the Prestige.

Reset Click Reset to begin configuring this screen afresh.

from late spring to early fall when many countries set their clocks ahead of normal local time by one hour to give more daytime light in the evening.

Daylight Savings.

Chapter 5 System Screens 85

P-335 Series User’s Guide

86 Chapter 5 System Screens

This chapter describes how to configure LAN settings.

6.1 LAN Overview

Local Area Network (LAN) is a shared communication system to which many computers are attached. The LAN screens can help you configure a LAN DHCP server, manage IP addresses, and partition your physical network into logical networks.

6.2 DHCP Setup

P-335 Series User’s Guide

CHAPTER 6

LAN Screens

DHCP (Dynamic Host Configuration Protocol, RFC 2131 and RFC 2132) allows individual clients to obtain TCP/IP configuration at start-up from a server. You can configure the Prestige as a DHCP server or disable it. When configured as a server, the Prestige provides the TCP/IP configuration for the clients. If DHCP service is disabled, you must have another DHCP server on your LAN, or else the computer must be manually configured.

6.2.1 IP Pool Setup

The Prestige is pre-configured with a pool of 32 IP addresses starting from 192.168.1.33 to

192.168.1.64. This configuration leaves 31 IP addresses (excluding the Prestige itself) in the lower range for other server computers, for instance, servers for mail, FTP, TFTP, web, etc., that you may have.

6.2.2 System DNS Servers

Refer to the IP Address and Subnet Mask section in the Wizard Setup chapter.

6.3 LAN TCP/IP

The Prestige has built-in DHCP server capability that assigns IP addresses and DNS servers to systems that support DHCP client capability.

6.3.1 Factory LAN Defaults

The LAN parameters of the Prestige are preset in the factory with the following values:

Chapter 6 LAN Screens 87

P-335 Series User’s Guide

• IP address of 192.168.1.1 with subnet mask of 255.255.255.0 (24 bits)

• DHCP server enabled with 32 client IP addresses starting from 192.168.1.33.

These parameters should work for the majority of installations. If your ISP gives you explicit DNS server address(es), read the embedded web configurator help regarding what fields need to be configured.

6.3.2 IP Address and Subnet Mask

Refer to the IP Address and Subnet Mask section in the Wizard Setup chapter for this information.

6.3.3 RIP Setup

RIP (Routing Information Protocol, RFC 1058 and RFC 1389) allows a router to exchange routing information with other routers. RIP Direction controls the sending and receiving of RIP packets. When set to Both or Out Only, the Prestige will broadcast its routing table periodically. When set to Both or In Only, it will incorporate the RIP information that it receives; when set to None, it will not send any RIP packets and will ignore any RIP packets received.

RIP Version controls the format and the broadcasting method of the RIP packets that the Prestige sends (it recognizes both formats when receiving). RIP-1 is universally supported; but RIP-2 carries more information. RIP-1 is probably adequate for most networks, unless you have an unusual network topology.

Both RIP-2B and RIP-2M send routing data in RIP-2 format; the difference being that RIP- 2B uses subnet broadcasting while RIP-2M uses multicasting. Multicasting can reduce the load on non-router machines since they generally do not listen to the RIP multicast address and so will not receive the RIP packets. However, if one router uses multicasting, then all routers on your network must use multicasting, also.

By default, RIP Direction is set to Both and RIP Version to RIP-1.

6.3.4 Multicast

Traditionally, IP packets are transmitted in one of either two ways - Unicast (1 sender - 1 recipient) or Broadcast (1 sender - everybody on the network). Multicast delivers IP packets to a group of hosts on the network - not everybody and not just 1.

IGMP (Internet Group Multicast Protocol) is a network-layer protocol used to establish membership in a Multicast group - it is not used to carry user data. IGMP version 2 (RFC

2236) is an improvement over version 1 (RFC 1112) but IGMP version 1 is still in wide use. If you would like to read more detailed information about interoperability between IGMP version 2 and version 1, please see sections 4 and 5 of RFC 2236. The class D IP address is used to identify host groups and can be in the range 224.0.0.0 to 239.255.255.255. The address

88 Chapter 6 LAN Screens

224.0.0.0 is not assigned to any group and is used by IP multicast computers. The address

224.0.0.1 is used for query messages and is assigned to the permanent group of all IP hosts (including gateways). All hosts must join the 224.0.0.1 group in order to participate in IGMP. The address 224.0.0.2 is assigned to the multicast routers group.

The Prestige supports both IGMP version 1 (IGMP-v1) and IGMP version 2 (IGMP-v2). At start up, the Prestige queries all directly connected networks to gather group membership. After that, the Prestige periodically updates this information. IP multicasting can be enabled/ disabled on the Prestige LAN and/or WAN interfaces in the web configurator (LAN; WA N ). Select None to disable IP multicasting on these interfaces.

6.4 Any IP

Traditionally, you must set the IP addresses and the subnet masks of a computer and the Prestige to be in the same subnet to allow the computer to access the Internet (through the Prestige). In cases where your computer is required to use a static IP address in another network, you may need to manually configure the network settings of the computer every time you want to access the Internet via the Prestige.

P-335 Series User’s Guide

With the Any IP feature and NAT enabled, the Prestige allows a computer to access the Internet without changing the network settings (such as IP address and subnet mask) of the computer, when the IP addresses of the computer and the Prestige are not in the same subnet. Whether a computer is set to use a dynamic or static (fixed) IP address, you can simply connect the computer to the Prestige and access the Internet.

The following figure depicts a scenario where a computer is set to use a static private IP address in the corporate environment. In a residential house where a Prestige is installed, you can still use the computer to access the Internet without changing the network settings, even when the IP addresses of the computer and the Prestige are not in the same subnet.

Figure 27 Any IP Example Application

Chapter 6 LAN Screens 89

P-335 Series User’s Guide

The Any IP feature does not apply to a computer using either a dynamic IP address or a static IP address that is in the same subnet as the Prestige’s IP address.

6.4.1 How Any IP Works

Address Resolution Protocol (ARP) is a protocol for mapping an Internet Protocol address (IP address) to a physical machine address, also known as a Media Access Control or MAC address, on the local area network. IP routing table is defined on IP Ethernet devices (the Prestige) to decide which hop to use,

The following lists out the steps taken, when a computer tries to access the Internet for the first time through the Prestige.

1 When a computer (which is in a different subnet) first attempts to access the Internet, it

sends packets to its default gateway (which is not the Prestige) by looking at the MAC address in its ARP table.

Note: You must enable NAT to use the Any IP feature on the Prestige

to help forward data along to its specified destination.

2 When the computer cannot locate the default gateway, an ARP request is broadcast on the

LAN.

3 The Prestige receives the ARP request and replies to the computer with its own MAC

address.

4 The computer updates the MAC address for the default gateway to the ARP table. Once

the ARP table is updated, the computer is able to access the Internet through the Prestige.

5 When the Prestige receives packets from the computer, it creates an entry in the IP

routing table so it can properly forward packets intended for the computer.

After all the routing information is updated, the computer can access the Prestige and the Internet as if it is in the same subnet as the Prestige.

6.5 Configuring IP

Click LAN to open the IP screen.

90 Chapter 6 LAN Screens

Figure 28 LAN IP

P-335 Series User’s Guide

The following table describes the labels in this screen.

Table 23 LAN IP

LABEL DESCRIPTION

DHCP Server DHCP (Dynamic Host Configuration Protocol, RFC 2131 and RFC 2132) allows

IP Pool Starting Address

Pool Size This field specifies the size, or count of the IP address pool.

Chapter 6 LAN Screens 91

individual clients (computers) to obtain TCP/IP configuration at startup from a server. Leave the DHCP Server check box selected unless your ISP instructs you to do otherwise. Clear it to disable the Prestige acting as a DHCP server. When configured as a server, the Prestige provides TCP/IP configuration for the clients. If not, DHCP service is disabled and you must have another DHCP server on your LAN, or else the computers must be manually configured. When set as a server, fill in the following four fields.

This field specifies the first of the contiguous addresses in the IP address pool.

P-335 Series User’s Guide

Table 23 LAN IP

LABEL DESCRIPTION

DNS Servers Assigned by DHCP Server The Prestige passes a DNS (Domain Name System) server IP address (in the order you specify here)

to the DHCP clients. The Prestige only passes this information to the LAN DHCP clients when you select the DHCP Server check box. When you clear the DHCP Server check box, DHCP service is disabled and you must have another DHCP sever on your LAN, or else the computers must have their DNS server addresses manually configured.

First DNS Server Second DNS Server Third DNS Server

LAN TCP/IP

IP Address Type the IP address of your Prestige in dotted decimal notation 192.168.1.1

IP Subnet Mask The subnet mask specifies the network number portion of an IP address. Your

RIP Direction RIP (Routing Information Protocol, RFC1058 and RFC 1389) allows a router to

RIP Version The RIP Version field controls the format and the broadcasting method of the

Multicast Select IGMP V-1 or IGMP V-2 or None. IGMP (Internet Group Multicast Protocol)

Select From ISP if your ISP dynamically assigns DNS server information (and the Prestige's WAN IP address). The field to the right displays the (read-only) DNS server IP address that the ISP assigns.

Select User-Defined if you have the IP address of a DNS server. Enter the DNS server's IP address in the field to the right. If you chose User-Defined, but leave the IP address set to 0.0.0.0, User-Defined changes to None after you click Apply. If you set a second choice to User-Defined, and enter the same IP address, the second User-Defined changes to None after you click Apply.

Select DNS Relay to have the Prestige act as a DNS proxy. The Prestige's LAN IP address displays in the field to the right (read-only). The Prestige tells the DHCP clients on the LAN that the Prestige itself is the DNS server. When a computer on the LAN sends a DNS query to the Prestige, the Prestige forwards the query to the Prestige's system DNS server (configured in the SYSTEM General screen) and relays the response back to the computer. You can only select DNS Relay for one of the three servers; if you select DNS Relay for a second or third DNS server, that choice changes to None after you click Apply.

Select None if you do not want to configure DNS servers. If you do not configure a DNS server, you must know the IP address of a computer in order to access it.

(factory default).

Prestige will automatically calculate the subnet mask based on the IP address that you assign. Unless you are implementing subnetting, use the subnet mask computed by the Prestige 255.255.255.0.

exchange routing information with other routers. The RIP Direction field controls the sending and receiving of RIP packets. Select the RIP direction from Both/In Only/Out Only/None. When set to Both or Out Only, the Prestige will broadcast its routing table periodically. When set to Both or In Only, it will incorporate the RIP information that it receives; when set to None, it will not send any RIP packets and will ignore any RIP packets received. Both is the default.

RIP packets that the Prestige sends (it recognizes both formats when receiving). RIP-1 is universally supported but RIP-2 carries more information. RIP-1 is probably adequate for most networks, unless you have an unusual network topology. Both RIP-2B and RIP-2M sends the routing data in RIP-2 format; the difference being that RIP-2B uses subnet broadcasting while RIP-2M uses multicasting. Multicasting can reduce the load on non-router machines since they generally do not listen to the RIP multicast address and so will not receive the RIP packets. However, if one router uses multicasting, then all routers on your network must use multicasting, also. By default, RIP direction is set to Both and the Version set to RIP-1.

is a network-layer protocol used to establish membership in a Multicast group - it is not used to carry user data. IGMP version 2 (RFC 2236) is an improvement over version 1 (RFC 1112) but IGMP version 1 is still in wide use. If you would like to read more detailed information about interoperability between IGMP version 2 and version 1, please see sections 4 and 5 of RFC 2236.

92 Chapter 6 LAN Screens

P-335 Series User’s Guide

Table 23 LAN IP

LABEL DESCRIPTION

Any IP Setup

Active

Windows Networking (NetBIOS over TCP/IP): NetBIOS (Network Basic Input/Output System) are TCP or UDP broadcast packets that enable a computer to connect to and communicate with a LAN. For some dial-up services such as PPPoE or PPTP, NetBIOS packets cause unwanted calls. However it may sometimes be necessary to allow NetBIOS packets to pass through to the WAN in order to find a computer on the WAN.

Allow between LAN and WAN

Apply Click Apply to save your changes back to the Prestige.

Reset Click Reset to begin configuring this screen afresh.

Select this option to activate the Any-IP feature. This allows a computer to access the Internet without changing the network settings (such as IP address and subnet mask) of the computer, even when the IP addresses of the computer and the Prestige are not in the same subnet. When you disable the Any-IP feature, only computers with dynamic IP addresses

or static IP addresses in the same subnet as the Prestige’s LAN IP address can connect to the Prestige or access the Internet through the Prestige.

Select this check box to forward NetBIOS packets from the LAN to the WAN and from the WAN to the LAN. If your firewall is enabled with the default policy set to block WAN to LAN traffic, you also need to enable the default WAN to LAN firewall rule that forwards NetBIOS traffic.

Clear this check box to block all NetBIOS packets going from the LAN to the WAN and from the WAN to the LAN.

6.6 Configuring Static DHCP

This table allows you to assign IP addresses on the LAN to specific individual computers based on their MAC Addresses.

Every Ethernet device has a unique MAC (Media Access Control) address. The MAC address is assigned at the factory and consists of six pairs of hexadecimal characters, for example, 00:A0:C5:00:00:02.

To change your Prestige’s Static DHCP settings, click LAN, then the Static DHCP tab. The screen appears as shown.

Chapter 6 LAN Screens 93

P-335 Series User’s Guide

Figure 29 Static DHCP

The following table describes the labels in this screen.

Table 24 Static DHCP

LABEL DESCRIPTION

# This is the index number of the Static IP table entry (row).

MAC Address Type the MAC address (with colons) of a computer on your LAN.

IP Address Type the LAN IP address in this field.

Apply Click Apply to save your changes back to the Prestige.

Reset Click Reset to begin configuring this screen afresh.

6.7 Configuring IP Alias

IP Alias allows you to partition a physical network into different logical networks over the same Ethernet interface. The Prestige supports three logical LAN interfaces via its single physical Ethernet interface with the Prestige itself as the gateway for each LAN network.

To change your Prestige’s IP Alias settings, click LAN, then the IP Alias tab. The screen appears as shown.

94 Chapter 6 LAN Screens

Figure 30 IP Alias

P-335 Series User’s Guide

The following table describes the labels in this screen.

Table 25 IP Alias

LABEL DESCRIPTION

IP Alias 1,2 Select the check box to configure another LAN network for the Prestige.

IP Address Enter the IP address of your Prestige in dotted decimal notation.

IP Subnet Mask Your Prestige will automatically calculate the subnet mask based on the IP

address that you assign. Unless you are implementing subnetting, use the subnet mask computed by the Prestige.

RIP Direction RIP (Routing Information Protocol, RFC1058 and RFC 1389) allows a router to

RIP Version The RIP Version field controls the format and the broadcasting method of the

Apply Click Apply to save your changes back to the Prestige.

Reset Click Reset to begin configuring this screen afresh.

Chapter 6 LAN Screens 95

P-335 Series User’s Guide

96 Chapter 6 LAN Screens

This chapter discusses how to configure Wireless LAN.

7.1 Introduction

A wireless LAN can be as simple as two computers with wireless LAN adapters communicating in a peer-to-peer network or as complex as a number of computers with wireless LAN adapters communicating through access points which bridge network traffic to the wired LAN.

Note: See the WLAN appendix for more detailed information on WLANs.

P-335 Series User’s Guide

CHAPTER 7

Wireless LAN (P-335WT)

7.2 Wireless Security Overview

Wireless security is vital to your network to protect wireless communication between wireless stations, access points and the wired network.

Wireless security methods available on the Prestige are data encryption, wireless client authentication, restricting access by device MAC address and hiding the Prestige identity.

7.2.1 Encryption

• Use WPA security if you have WPA-aware wireless clients and a RADIUS server. WPA has user authentication and improved data encryption over WEP.

• Use WPA-PSK if you have WPA-aware wireless clients but no RADIUS server.

• If you don’t have WPA-aware wireless clients, then use WEP key encrypting. A higher bit key offers better security at a throughput trade-off. You can use Passphrase to automatically generate 64-bit or 128-bit WEP keys or manually enter 64-bit, 128-bit or 256-bit WEP keys.

7.2.2 Authentication

WPA has user authentication and you can also configure IEEE 802.1x to use a RADIUS server to authenticate wireless clients before joining your network.

• Use RADIUS authentication if you have a RADIUS server. See the appendices for information on protocols used when a client authenticates with a RADIUS server via the Prestige.

Chapter 7 Wireless LAN (P-335WT) 97

P-335 Series User’s Guide

7.2.3 Restricted Access

The MAC Filter screen allows you to configure the AP to give exclusive access to devices (Allow Association) or exclude them from accessing the AP (Deny Association).

7.2.4 Hide Prestige Identity

If you hide the ESSID, then the Prestige cannot be seen when a wireless client scans for local APs. The trade-off for the extra security of “hiding” the Prestige may be inconvenient for some valid WLAN clients. If you don’t hide the ESSID, at least you should change the default one.

7.2.5 G-plus

G-plus is an enhancement to the IEEE 802.11g wireless standard. G-plus combines multiple frames into a larger frame size. This increases wireless transmission speeds by allowing larger frames (up to 4 KB) to be sent.

G-plus speed applies only to unicast traffic (not broadcast or multicast). G-plus is automatically disabled if wireless transmission speeds fall below 11 Mbps.

7.2.6 Using OTIST

To automatically configure the wireless security settings and set the wireless client to use the

SSID and WEP or WPA-PSK settings, use the OTIST setup wizard or the advanced

same wireless OTIST screen.

To manually configure the security setting, enter the WEP or WPA-PSK keys and SSID in the wireless screen. After that, you can enter the same settings in the wireless client or run OTIST to have the wireless client acquire the SSID and key automatically.

If you change the SSID or the keys after OTIST, you need to run OTIST again or enter them manually in the wireless client.

Note: You must activate and start OTIST on both the Prestige and the wireless client at the same time.

See the wireless client Quick Start Guide for information on wireless client OTIST setup. For more information on OTIST see

Activating OTIST on page 125.

7.3 Configuring Wireless LAN on the Prestige

1 Configure the SSID and WEP in the Wireless screen. If you configure WEP, you can’t

configure WPA or WPA-PSK.

2 Use the MAC Filter screen to restrict access to your wireless network by MAC address.

3 Configure the RADIUS authentication database settings in the Wireless screen.

98 Chapter 7 Wireless LAN (P-335WT)

P-335 Series User’s Guide

4 If you have OTIST-enabled clients, configure OTIST in the OTIST screen. OTIST

transfers device SSID and WEP or WPA-PSK key settings (if enabled) to wireless clients.

The following figure shows the relative effectiveness of these wireless security methods available on your Prestige.

Figure 31 Prestige Wireless Security Levels

Note: You must enable the same wireless security settings on the Prestige and on all

wireless clients that you want to associate with it.

7.4 Configuring the Wireless Screen

Note: If you are configuring the Prestige from a computer

connected to the wireless LAN and you change the Prestige’s SSID or WEP settings, you will lose your wireless connection when you press Apply to confirm. You must then change the wireless settings of your computer to match the Prestige’s new settings.

Click the WIRELESS link under ADVANCED to open the Wireless screen.

Chapter 7 Wireless LAN (P-335WT) 99

P-335 Series User’s Guide

Figure 32 Wireless

The following table describes the general wireless LAN labels in this screen.

Table 26 Wireless

LABEL DESCRIPTION

Enable Wireless LAN

Name(SSID) (Service Set IDentity) The SSID identifies the Service Set with which a wireless

Click the check box to activate wireless LAN.

station is associated. Wireless stations associating to the access point (AP) must have the same SSID. Enter a descriptive name (up to 32 printable 7-bit ASCII characters) for the wireless LAN.

Note: If you are configuring the Prestige from a computer connected to the wireless LAN and you change the Prestige’s SSID or WEP settings, you will lose your wireless connection when you press Apply to confirm. You must then change the wireless settings of your computer to match the Prestige’s new settings.

100 Chapter 7 Wireless LAN (P-335WT)

ZyXEL Communications P-335WT User Manual

Specifications and Main Features

Frequently Asked Questions

User Manual

User’s Guide

Copyright

4 Federal Communications Commission (FCC) Interference Statement

ZyXEL Limited Warranty

Customer Support

Table of Contents

List of Figures

List of Tables

Preface

Getting to Know Your Prestige

1.1 Prestige Internet Security Gateway Overview

1.2 Prestige Features

1.2.1 Physical Features

1.2.1.1 USB Port

1.2.1.2 OTIST Button (P-335WT only)

1.2.1.3 10/100M Auto-negotiating Ethernet/Fast Ethernet Interface(s)

1.2.1.4 Auto-crossover 10/100 Mbps Ethernet Interface(s)

1.2.1.5 4-Port Switch

1.2.1.6 Time and Date

1.2.1.7 Reset Button

1.2.2 Non-Physical Features

1.2.2.1 Print Server

1.2.2.2 OTIST (P-335WT only)

1.2.2.3 Media Bandwidth Management

1.2.2.4 Trend Micro Security Services

1.2.2.5 IPSec VPN Capability

1.2.2.6 Firewall

1.2.2.7 IEEE 802.1x Network Security (P-335WT only)

1.2.2.8 Content Filtering

1.2.2.9 Brute-Force Password Guessing Protection

1.2.2.10 802.11b Wireless LAN Standard (P-335WT only)

1.2.2.11 802.11g Wireless LAN Standard (P-335WT only)

1.2.2.12 Packet Filtering

1.2.2.13 Universal Plug and Play (UPnP)

1.2.2.14 Call Scheduling

1.2.2.15 PPPoE

1.2.2.16 PPTP Encapsulation

1.2.2.17 Dynamic DNS Support

1.2.2.18 IP Multicast

1.2.2.19 IP Alias

1.2.2.20 SNMP

1.2.2.21 Network Address Translation (NAT)

1.2.2.22 Traffic Redirect

1.2.2.23 Port Forwarding

1.2.2.24 DHCP (Dynamic Host Configuration Protocol)

1.2.2.25 Any IP

1.2.2.26 Full Network Management

1.2.2.27 RoadRunner Support

1.2.2.28 Logging and Tracing

1.2.2.29 Upgrade Prestige Firmware via LAN

1.2.2.30 Embedded FTP and TFTP Servers

1.2.2.31 Wireless Association List (P-335WT only)

1.2.2.32 Wireless LAN Channel Usage (P-335WT only)

1.3 Applications for the Prestige

1.3.1 Print Server Application

1.3.2 Secure Broadband Internet Access via Cable or DSL Modem

1.3.3 VPN Application

1.3.4 Wireless LAN Application (P-335WT only)

2.1 Web Configurator Overview

2.2 Accessing the Prestige Web Configurator

2.3 Resetting the Prestige

2.3.1 Procedure To Use The Reset Button

2.3.2 Navigating the Prestige Web Configurator

2.3.3 Navigation Panel

Wizard Setup

3.1 Wizard Setup Overview

3.2 Wizard Setup: General Setup and System Name

3.2.1 Domain Name

3.3 Wizard Setup: Wireless LAN (P-335WT only)

3.3.1 Wizard Setup : Wireless LAN : Basic Security

3.3.2 Wizard Setup : Wireless LAN : Extended Security

3.4 Wizard Setup : Wireless LAN : OTIST (P-335WT only)

3.5 Wizard Setup : Internet Access

3.5.1 Ethernet

3.5.2 PPPoE Encapsulation

3.5.3 PPTP Encapsulation