The contents of this publication may not be reproduced in any part or as a whole, transcribed,
stored in a retrieval system, translated into any language, or transmitted in any form or by any
means, electronic, mechanical, magnetic, optical, chemical, photocopying, manual, or
otherwise, without the prior written permission of ZyXEL Communications Corporation.
Published by ZyXEL Communications Corporation. All rights reserved.
Disclaimer
ZyXEL does not assume any liability arising out of the application or use of any products, or
software described herein. Neither does it convey any license under its patent rights nor the
patent rights of others. ZyXEL further reserves the right to make changes in any products
described herein without notice. This publication is subject to change without notice.
Trademarks
ZyNOS (ZyXEL Network Operating System) is a registered trademark of ZyXEL
Communications, Inc. Other trademarks mentioned in this publication are used for
identification purposes only and may be properties of their respective owners.
Copyright2
Prestige 660H/HW Series User’s Guide
Federal Communications
Commission (FCC) Interference
Statement
This device complies with Part 15 of FCC rules. Operation is subject to the following two
conditions:
• This device may not cause harmful interference.
• This device must accept any interference received, including interference that may cause
undesired operations.
This equipment has been tested and found to comply with the limits for a Class B digital
device pursuant to Part 15 of the FCC Rules. These limits are designed to provide reasonable
protection against harmful interference in a commercial environment. This equipment
generates, uses, and can radiate radio frequency energy, and if not installed and used in
accordance with the instructions, may cause harmful interference to radio communications.
If this equipment does cause harmful interference to radio/television reception, which can be
determined by turning the equipment off and on, the user is encouraged to try to correct the
interference by one or more of the following measures:
• Reorient or relocate the receiving antenna.
• Increase the separation between the equipment and the receiver.
• Connect the equipment into an outlet on a circuit different from that to which the receiver
is connected.
• Consult the dealer or an experienced radio/TV technician for help.
Notice 1
Changes or modifications not expressly approved by the party responsible for compliance
could void the user's authority to operate the equipment.
This Class B digital apparatus complies with Canadian ICES-003.
Cet appareil numérique de la classe B est conforme à la norme NMB-003 du Canada.
Certifications
Go to www.zyxel.com
1 Select your product from the drop-down list box on the ZyXEL home page to go to that
product's page.
2 Select the certification you wish to view from this page.
3 Federal Communications Commission (FCC) Interference Statement
Prestige 660H/HW Series User’s Guide
Safety Warnings
For your safety, be sure to read and follow all warning notices and instructions.
• To reduce the risk of fire, use only No. 26 AWG (American Wire Gauge) or larger
telecommunication line cord.
• Do NOT open the device or unit. Opening or removing covers can expose you to
dangerous high voltage points or other risks. ONLY qualified service personnel can
service the device. Please contact your vendor for further information.
• Use ONLY the dedicated power supply for your device. Connect the power cord or
power adaptor to the right supply voltage (110V AC in North America or 230V AC in
Europe).
• Do NOT use the device if the power supply is damaged as it might cause electrocution.
• If the power supply is damaged, remove it from the power outlet.
• Do NOT attempt to repair the power supply. Contact your local vendor to order a new
power supply.
• Place connecting cables carefully so that no one will step on them or stumble over them.
Do NOT allow anything to rest on the power cord and do NOT locate the product where
anyone can walk on the power cord.
• If you wall mount your device, make sure that no electrical, gas or water pipes will be
damaged.
• Do NOT install nor use your device during a thunderstorm. There may be a remote risk of
electric shock from lightning.
• Do NOT expose your device to dampness, dust or corrosive liquids.
• Do NOT use this product near water, for example, in a wet basement or near a swimming
pool.
• Make sure to connect the cables to the correct ports.
• Do NOT obstruct the device ventilation slots, as insufficient airflow may harm your
device.
• Do NOT store things on the device.
• Connect ONLY suitable accessories to the device.
Safety Warnings4
Prestige 660H/HW Series User’s Guide
ZyXEL Limited Warranty
ZyXEL warrants to the original end user (purchaser) that this product is free from any defects
in materials or workmanship for a period of up to two years from the date of purchase. During
the warranty period, and upon proof of purchase, should the product have indications of failure
due to faulty workmanship and/or materials, ZyXEL will, at its discretion, repair or replace the
defective products or components without charge for either parts or labor, and to whatever
extent it shall deem necessary to restore the product or components to proper operating
condition. Any replacement will consist of a new or re-manufactured functionally equivalent
product of equal value, and will be solely at the discretion of ZyXEL. This warranty shall not
apply if the product is modified, misused, tampered with, damaged by an act of God, or
subjected to abnormal working conditions.
Note
Repair or replacement, as provided under this warranty, is the exclusive remedy of the
purchaser. This warranty is in lieu of all other warranties, express or implied, including any
implied warranty of merchantability or fitness for a particular use or purpose. ZyXEL shall in
no event be held liable for indirect or consequential damages of any kind of character to the
purchaser.
To obtain the services of this warranty, contact ZyXEL's Service Center for your Return
Material Authorization number (RMA). Products must be returned Postage Prepaid. It is
recommended that the unit be insured when shipped. Any returned products without proof of
purchase or those with an out-dated warranty will be repaired or replaced (at the discretion of
ZyXEL) and the customer will be billed for parts and labor. All repaired or replaced products
will be shipped by ZyXEL to the corresponding return address, Postage Paid. This warranty
gives you specific legal rights, and you may also have other rights that vary from country to
country.
5 ZyXEL Limited Warranty
Prestige 660H/HW Series User’s Guide
Customer Support
Please have the following information ready when you contact customer support.
• Product model and serial number.
• Warranty Information.
• Date that you received your device.
• Brief description of the problem and the steps you took to solve it.
Congratulations on your purchase of the Prestige 660HW Wireless ADSL Security Gateway
or the Prestige 660H ADSL Security Gateway.
Note: Register your product online to receive e-mail notices of firmware upgrades and
information at
North American products.
The Prestige 660HW has the built-in IEEE 802.11g wireless feature that provides wireless
LAN connection without the expense of additional network cabling infrastructure.
Your Prestige is easy to install and configure.
About This User's Guide
This manual is designed to guide you through the configuration of your Prestige for its various
applications. The web configurator parts of this guide contain background information on
features configurable by web configurator. The SMT parts of this guide contain background
information solely on features not configurable by web configurator.
www.zyxel.com for global products, or at www.us.zyxel.com for
Note: Use the web configurator, System Management Terminal (SMT) or command
interpreter interface to configure your Prestige. Not all features can be
configured through all interfaces.
Syntax Conventions
• “Enter” means for you to type one or more characters. “Select” or “Choose” means for
you to use one predefined choices.
• The SMT menu titles and labels are in Bold Times New Roman font. Predefined field
choices are in Bold Arial font. Command and arrow keys are enclosed in square
brackets. [ENTER] means the Enter, or carriage return key; [ESC] means the Escape key
and [SPACE BAR] means the Space Bar.
• Mouse action sequences are denoted using a comma. For example, “click the Apple icon,
Control Panels and then Modem” means first click the Apple icon, then point your
mouse pointer to Control Panels and then click Modem.
• For brevity’s sake, we will use “e.g.,” as a shorthand for “for instance”, and “i.e.,” for
“that is” or “in other words” throughout this manual.
• The Prestige 660H and Prestige 660HW series may be referred to as the Prestige in this
user’s guide. This refers to both models (ADSL over POTS and ADSL over ISDN) unless
specifically identified.
Related Documentation
• Supporting Disk
Refer to the included CD for support documents.
• Quick Start Guide
Preface38
Prestige 660H/HW Series User’s Guide
The Quick Start Guide is designed to help you get up and running right away. They
contain connection information and instructions on getting started.
• Web Configurator Online Help
Embedded web help for descriptions of individual screens and supplementary
information.
• ZyXEL Glossary and Web Site
Please refer to www.zyxel.com for an online glossary of networking terms and additional
support documentation.
User Guide Feedback
Help us help you. E-mail all User Guide-related comments, questions or suggestions for
improvement to techwriters@zyxel.com.tw or send regular mail to The Technical Writing
Team, ZyXEL Communications Corp., 6 Innovation Road II, Science-Based Industrial Park,
Hsinchu, 300, Taiwan. Thank you.
Graphics Icons Key
PrestigeComputerNotebook computer
ServerDSLAMFirewall
TelephoneSwitchRouter
Wireless Signal
39 Preface
Prestige 660H/HW Series User’s Guide
Introduction to DSL
DSL (Digital Subscriber Line) technology enhances the data capacity of the existing twistedpair wire that runs between the local telephone company switching offices and most homes
and offices. While the wire itself can handle higher frequencies, the telephone switching
equipment is designed to cut off signals above 4,000 Hz to filter noise off the voice line, but
now everybody is searching for ways to get more bandwidth to improve access to the Web hence DSL technologies.
There are actually seven types of DSL service, ranging in speeds from 16 Kbits/sec to 52
Mbits/sec. The services are either symmetrical (traffic flows at the same speed in both
directions), or asymmetrical (the downstream capacity is higher than the upstream capacity).
Asymmetrical services (ADSL) are suitable for Internet users because more information is
usually downloaded than uploaded. For example, a simple button click in a web browser can
start an extended download that includes graphics and text.
As data rates increase, the carrying distance decreases. That means that users who are beyond
a certain distance from the telephone company’s central office may not be able to obtain the
higher speeds.
A DSL connection is a point-to-point dedicated circuit, meaning that the link is always up and
there is no dialing required.
Introduction to ADSL
It is an asymmetrical technology, meaning that the downstream data rate is much higher than
the upstream data rate. As mentioned, this works well for a typical Internet session in which
more information is downloaded, for example, from Web servers, than is uploaded. ADSL
operates in a frequency range that is above the frequency range of voice services, so the two
systems can operate over the same cable.
Introduction to DSL40
Prestige 660H/HW Series User’s Guide
41 Introduction to DSL
Prestige 660H/HW Series User’s Guide
CHAPTER 1
Getting To Know Your Prestige
This chapter describes the key features and applications of your Prestige.
1.1 Introducing the Prestige
Your Prestige integrates high-speed 10/100Mbps auto-negotiating LAN interface(s) and a
high-speed ADSL port into a single package. The Prestige is ideal for high-speed Internet
browsing and making LAN-to-LAN connections to remote networks. The Prestige is an ADSL
router compatible with the ADSL/ADSL2/ADSL2+ standards. Maximum data rates attainable
by the Prestige for each standard are shown in the next table.
Table 1 ADSL Standards
DATA RATE STANDARD UPSTREAMDOWNSTREAM
ADSL
ADSL2
ADSL2+
Note: The standard your ISP supports determines the maximum upstream and
downstream speeds attainable. Actual speeds attained also depend on the
distance from your ISP, line quality, etc.
By integrating DSL and NAT, the Prestige provides ease of installation and Internet access.
The Prestige is also a complete security solution with a robust firewall, content filtering and
Wi-Fi Protected Access (WPA).
Two Prestige model series are included in this user’s guide at the time of writing. In the
Prestige product name, “H” denotes an integrated 4-port switch (hub) and “W” denotes an
included wireless LAN card. The Prestige 660HW provides IEEE 802.11g wireless LAN
connectivity allowing users to enjoy the convenience and mobility of working anywhere
within the coverage area.
Models ending in “1”, for example Prestige 660HW-61, denote a device that works over the
analog telephone system, POTS (Plain Old Telephone Service). Models ending in “3” denote a
device that works over ISDN (Integrated Services Digital Network). Models ending in “7”
denote a device that works over T-ISDN (UR-2).
832 kbps8Mbps
3.5Mbps12Mbps
3.5Mbps24Mbps
Note: Only use firmware for your Prestige’s specific model. Refer to the label on the
bottom of your Prestige.
Chapter 1 Getting To Know Your Prestige42
Prestige 660H/HW Series User’s Guide
The web browser-based Graphical User Interface (GUI) provides easy management.
1.1.1 Features of the Prestige
The following sections describe the features of the Prestige.
Note: See the product specifications in the appendix for detailed features and
standards support.
Built-in Switch
The 10/100 Mbps auto-negotiating Ethernet ports allow the Prestige to detect the speed of
incoming transmissions and adjust appropriately without manual intervention. It allows data
transfer of either 10 Mbps or 100 Mbps in either half-duplex or full-duplex mode depending
on your Ethernet network. The ports are also auto-crossover (MDI/MDI-X) meaning they
automatically adjust to either a crossover or straight-through Ethernet cable.
High Speed Internet Access
Your Prestige ADSL/ADSL2/ADSL2+ router can support downstream transmission rates of
up to 24Mbps and upstream transmission rates of 3.5Mbps. Actual speeds attained depend on
ISP DSLAM environment.
Zero Configuration Internet Access
Once you connect and turn on the Prestige, it automatically detects the Internet connection
settings (such as the VCI/VPI numbers and the encapsulation method) from the ISP and makes
the necessary configuration changes. In cases where additional account information (such as
an Internet account user name and password) is required or the Prestige cannot connect to the
ISP, you will be redirected to web screen(s) for information input or troubleshooting.
Any IP
The Any IP feature allows a computer to access the Internet and the Prestige without changing
the network settings (such as IP address and subnet mask) of the computer, when the IP
addresses of the computer and the Prestige are not in the same subnet.
Firewall
The Prestige is a stateful inspection firewall with DoS (Denial of Service) protection. By
default, when the firewall is activated, all incoming traffic from the WAN to the LAN is
blocked unless it is initiated from the LAN. The Prestige firewall supports TCP/UDP
inspection, DoS detection and prevention, real time alerts, reports and logs.
Note: You can configure most features of the Prestige via SMT but we recommend
you configure the firewall and content filters using the web configurator.
43 Chapter 1 Getting To Know Your Prestige
Prestige 660H/HW Series User’s Guide
Content Filtering
Content filtering allows you to block access to forbidden Internet web sites, schedule when the
Prestige should perform the filtering and give trusted LAN IP addresses unfiltered Internet
access.
Traffic Redirect
Traffic redirect forwards WAN traffic to a backup gateway when the Prestige cannot connect
to the Internet, thus acting as an auxiliary if your regular WAN connection fails.
Media Bandwidth Management
ZyXEL’s Media Bandwidth Management allows you to specify bandwidth classes based on an
application and/or subnet. You can allocate specific amounts of bandwidth capacity
(bandwidth budgets) to different bandwidth classes.
Universal Plug and Play (UPnP)
Using the standard TCP/IP protocol, the Prestige and other UPnP enabled devices can
dynamically join a network, obtain an IP address and convey its capabilities to other devices
on the network.
PPPoE Support (RFC2516)
PPPoE (Point-to-Point Protocol over Ethernet) emulates a dial-up connection. It allows your
ISP to use their existing network configuration with newer broadband technologies such as
ADSL. The PPPoE driver on the Prestige is transparent to the computers on the LAN, which
see only Ethernet and are not aware of PPPoE thus saving you from having to manage PPPoE
clients on individual computers.
Network Address Translation (NAT)
Network Address Translation (NAT) allows the translation of an Internet protocol address
used within one network (for example a private IP address used in a local network) to a
different IP address known within
the Internet).
another network (for example a public IP address used on
This auto-negotiation feature allows the Prestige to detect the speed of incoming transmissions
and adjust appropriately without manual intervention. It allows data transfer of either 10 Mbps
or 100 Mbps in either half-duplex or full-duplex mode depending on your Ethernet network.
These interfaces automatically adjust to either a crossover or straight-through Ethernet cable.
Chapter 1 Getting To Know Your Prestige44
Prestige 660H/HW Series User’s Guide
Dynamic DNS Support
With Dynamic DNS support, you can have a static hostname alias for a dynamic IP address,
allowing the host to be more easily accessible from various locations on the Internet. You must
register for this service with a Dynamic DNS service provider.
Multiple PVC (Permanent Virtual Circuits) Support
Your Prestige supports up to 8 PVC’s.
ADSL Standards
• Full-Rate (ANSI T1.413, Issue 2; G.dmt (G.992.1) with line rate support of up to 8 Mbps
downstream and 832 Kbps upstream.
• G.lite (G.992.2) with line rate support of up to 1.5Mbps downstream and 512Kbps
upstream.
• TCP/IP (Transmission Control Protocol/Internet Protocol) network layer protocol.
• ATM Forum UNI 3.1/4.0 PVC.
• Supports up to 8 PVCs (UBR, CBR, VBR).
• Multiple Protocol over AAL5 (RFC 1483).
• PPP over AAL5 (RFC 2364).
• PPP over Ethernet over AAL5 (RFC 2516).
• RFC 1661.
• PPP over PAP (RFC 1334).
• PPP over CHAP (RFC 1994).
Protocol Support
• DHCP Support
DHCP (Dynamic Host Configuration Protocol) allows the individual clients (computers)
to obtain the TCP/IP configuration at start-up from a centralized DHCP server. The
Prestige has built-in DHCP server capability enabled by default. It can assign IP
addresses, an IP default gateway and DNS servers to DHCP clients. The Prestige can now
also act as a surrogate DHCP server (DHCP Relay) where it relays IP address assignment
from the actual real DHCP server to the clients.
•IP Alias
IP Alias allows you to partition a physical network into logical networks over the same
Ethernet interface. The Prestige supports three logical LAN interfaces via its single
physical Ethernet interface with the Prestige itself as the gateway for each LAN network.
• IP Policy Routing (IPPR)
45 Chapter 1 Getting To Know Your Prestige
Prestige 660H/HW Series User’s Guide
Traditionally, routing is based on the destination address only and the router takes the
shortest path to forward a packet. IP Policy Routing (IPPR) provides a mechanism to
override the default routing behavior and alter the packet forwarding based on the policy
defined by the network administrator.
• PPP (Point-to-Point Protocol) link layer protocol.
• Transparent bridging for unsupported network layer protocols.
• RIP I/RIP II
• IGMP Proxy
• ICMP support
• ATM QoS support
• MIB II support (RFC 1213)
Networking Compatibility
Your Prestige is compatible with the major ADSL DSLAM (Digital Subscriber Line Access
Multiplexer) providers, making configuration as simple as possible for you.
Multiplexing
The Prestige supports VC-based and LLC-based multiplexing.
Encapsulation
The Prestige supports PPPoA (RFC 2364 - PPP over ATM Adaptation Layer 5), RFC 1483
encapsulation over ATM, MAC encapsulated routing (ENET encapsulation) as well as PPP
over Ethernet (RFC 2516).
Network Management
• Menu driven SMT (System Management Terminal) management
• Embedded web configurator
• CLI (Command Line Interpreter)
• Remote Management via Telnet or Web
•SNMP manageable
• DHCP Server/Client/Relay
• Built-in Diagnostic Tools
•Syslog
• Telnet Support (Password-protected telnet access to internal configuration manager)
• TFTP/FTP server, firmware upgrade and configuration backup/support supported
• Supports OAM F4/F5 loop-back, AIS and RDI OAM cells
Other PPPoE Features
• PPPoE idle time out
• PPPoE Dial on Demand
Chapter 1 Getting To Know Your Prestige46
Prestige 660H/HW Series User’s Guide
Diagnostics Capabilities
The Prestige can perform self-diagnostic tests. These tests check the integrity of the following
circuitry:
• FLASH memory
• ADSL circuitry
•RAM
• LAN port
Packet Filters
The Prestige's packet filtering functions allows added network security and management.
Ease of Installation
Your Prestige is designed for quick, intuitive and easy installation.
Housing
Your Prestige's compact and ventilated housing minimizes space requirements making it easy
to position anywhere in your busy office.
1.1.1.1 P-660HW Wireless Features
OTIST
OTIST allows your Prestige to assign its ESSID and security settings (WEP or WPA-PSK) to
the ZyXEL wireless adapters that support OTIST and are within transmission range. The
ZyXEL wireless adapters must also have OTIST enabled.
IEEE 802.11g Wireless LAN
The Prestige supports the IEEE 802.11g standard, which is fully compatible with the IEEE
802.11b standard, meaning that you can have both IEEE 802.11b and IEEE 802.11g wireless
clients in the same wireless network.
Note: The Prestige 660HW may be prone to RF (Radio Frequency) interference from
other 2.4 GHz devices such as microwave ovens, wireless phones, Bluetooth
enabled devices, and other wireless LANs.
Antenna
The Prestige is equipped with a 2dBi fixed antenna to provide clear radio signal between the
wireless stations and the access points.
47 Chapter 1 Getting To Know Your Prestige
Wireless LAN MAC Address Filtering
Your Prestige can check the MAC addresses of wireless stations against a list of allowed or
denied MAC addresses.
WEP Encryption
WEP (Wired Equivalent Privacy) encrypts data frames before transmitting over the wireless
network to help keep network communications private.
Wi-Fi Protected Access
Wi-Fi Protected Access (WPA) is a subset of the IEEE 802.11i security specification draft.
Key differences between WPA and WEP are user authentication and improved data
encryption.
1.1.2 Applications for the Prestige
Here are some example uses for which the Prestige is well suited.
Prestige 660H/HW Series User’s Guide
1.1.2.1 Internet Access
The Prestige is the ideal high-speed Internet access solution. Your Prestige supports the TCP/
IP protocol, which the Internet uses exclusively. It is compatible with all major ADSL
DSLAM (Digital Subscriber Line Access Multiplexer) providers. A DSLAM is a rack of
ADSL line cards with data multiplexed into a backbone network interface/connection (for
example, T1, OC3, DS3, ATM or Frame Relay). Think of it as the equivalent of a modem rack
for ADSL. In addition, the Prestige allows wireless clients access to your network resources. A
typical Internet access application is shown below.
Figure 1 Prestige Internet Access Application
Internet Single User Account
For a SOHO (Small Office/Home Office) environment, your Prestige offers the Single User
Account (SUA) feature that allows multiple users on the LAN (Local Area Network) to access
the Internet concurrently for the cost of a single IP address.
Chapter 1 Getting To Know Your Prestige48
Prestige 660H/HW Series User’s Guide
1.1.3 Firewall for Secure Broadband Internet Access
The Prestige provides protection from attacks by Internet hackers. By default, the firewall
blocks all incoming traffic from the WAN. The firewall supports TCP/UDP inspection and
DoS (Denial of Services) detection and prevention, as well as real time alerts, reports and logs.
Figure 2 Firewall Application
1.1.3.1 LAN to LAN Application
You can use the Prestige to connect two geographically dispersed networks over the ADSL line.
A typical LAN-to-LAN application for your Prestige is shown as follows.
Figure 3 Prestige LAN-to-LAN Application
1.1.4 Front Panel LEDs
Figure 4 P-660H Front Panel
49 Chapter 1 Getting To Know Your Prestige
Prestige 660H/HW Series User’s Guide
Figure 5 P-660HW Front Panel
The following table describes the LEDs.
Table 2 Front Panel LEDs
LEDCOLORSTATUSDESCRIPTION
PWR/SYSGreenOnThe Prestige is receiving power and functioning properly.
Blinking The Prestige is rebooting.
RedOnPower to the Prestige is too low.
NoneOffThe system is not ready or has malfunctioned.
LAN 1-4GreenOnThe Prestige has a successful 10Mb Ethernet connection.
Blinking The Prestige is sending/receiving data.
AmberOnThe Prestige has a successful 100Mb Ethernet connection.
Blinking The Prestige is sending/receiving data.
NoneOffThe LAN is not connected.
WLAN (P660HW only)
DSL/PPPGreenFast
GreenOnThe Prestige is ready, but is not sending/receiving data
through the wireless LAN.
BlinkingThe Prestige is sending/receiving data through the wireless
LAN.
NoneOffThe wireless LAN is not ready or has failed.
The Prestige is sending/receiving non-PPP data.
Blinking
Slow
Blinking
OnThe system is ready, but is not sending/receiving non-PPP
AmberOnThe connection to the PPPoE server is up.
BlinkingThe Prestige is sending/receiving PPP data.
OffThe DSL link is down.
The Prestige is initializing the DSL line.
data.
Refer to the Quick Start Guide for information on hardware connections.
Chapter 1 Getting To Know Your Prestige50
Prestige 660H/HW Series User’s Guide
51 Chapter 1 Getting To Know Your Prestige
Introducing the Web
This chapter describes how to access and navigate the web configurator.
2.1 Web Configurator Overview
The web configurator is an HTML-based management interface that allows easy Prestige
setup and management via Internet browser. Use Internet Explorer 6.0 and later or Netscape
Navigator 7.0 and later versions with JavaScript enabled. Recommended screen resolution is
1024 by 768 pixels.
Prestige 660H/HW Series User’s Guide
CHAPTER 2
Configurator
In order to use the web configurator you need to allow:
• Web browser pop-up windows from your device. Web pop-up blocking is enabled by
default in Windows XP SP (Service Pack) 2.
• JavaScripts (enabled by default).
• Java permissions (enabled by default).
See the Troubleshooting chapter to see how to make sure these functions are allowed in
Internet Explorer.
2.1.1 Accessing the Prestige Web Configurator
Note: Even though you can connect to the Prestige wirelessly, it is recommended that
you connect your computer to a LAN port for initial configuration.
1 Make sure your Prestige hardware is properly connected (refer to the Quick Start Guide).
2 Prepare your computer/computer network to connect to the Prestige (refer to the Quick
Start Guide).
3 Launch your web browser.
4 Type "192.168.1.1" as the URL.
5 An Enter Network Password window displays.The Password field already contains the
default password “1234”. Click Login to proceed to a screen asking you to change your
password or click Cancel to revert to the default password.
Chapter 2 Introducing the Web Configurator52
Prestige 660H/HW Series User’s Guide
Figure 6 Password Screen
6 It is highly recommended you change the default password! Enter a new password, retype
it to confirm and click Apply; alternatively click Ignore to proceed to the main menu if
you do not want to change the password now.
Note: If you do not change the password, the following screen appears every time
you log in.
Figure 7 Change Password at Login
7 You should now see the SITE MAP screen.
Note: The Prestige automatically times out after five minutes of inactivity. Simply log
back into the Prestige if this happens to you.
2.1.2 Resetting the Prestige
If you forget your password or cannot access the web configurator, you will need to use the
RESET button at the back of the Prestige to reload the factory-default configuration file. This
means that you will lose all configurations that you had previously and the password will be
reset to “1234”.
2.1.2.1 Using the Reset Button
1 Make sure the PWR/SYS LED is on (not blinking).
53 Chapter 2 Introducing the Web Configurator
Prestige 660H/HW Series User’s Guide
2 Press the RESET button for ten seconds or until the PWR/SYS LED begins to blink and
then release it. When the PWR/SYS LED begins to blink, the defaults have been restored
and the Prestige restarts.
2.1.3 Navigating the Prestige Web Configurator
The following summarizes how to navigate the web configurator from the SITE MAP screen.
We use the Prestige 660HW-61 web screens in this guide as an example. Screens vary slightly
for different Prestige models.
• Click Wizard Setup to begin a series of screens to configure your Prestige for the first
time.
• Click a link under Advanced Setup to configure advanced Prestige features.
• Click a link under Maintenance to see Prestige performance statistics, upload firmware
and back up, restore or upload a configuration file.
• Click Site Map to go to the Site Map screen.
• Click Logout in the navigation panel when you have finished a Prestige management
session.
Figure 8 Web Configurator: Site Map Screen
Chapter 2 Introducing the Web Configurator54
Prestige 660H/HW Series User’s Guide
Note: Click the icon (located in the top right corner of most screens) to view
embedded help.
Table 3 Web Configurator Screens Summary
LINKSUB-LINKFUNCTION
Wizard SetupConnection
Setup
Media Bandwidth
Mgnt
Advanced Setup
PasswordUse this screen to change your password.
LANUse this screen to configure LAN DHCP and TCP/IP settings.
Wireless LANWirelessUse this screen to configure the wireless LAN settings.
MAC FilterUse this screen to change MAC filter settings on the Prestige.
802.1x/WPAUse this screen to configure WLAN authentication and security
Local User
Database
RADIUSUse this screen to specify the external RADIUS server for
OTISTUse this screen to have the Prestige set your wireless station to
WANWAN SetupUse this screen to change the Prestige’s WAN remote node
WAN BackupUse this screen to configure your traffic redirect properties and
NATSUA OnlyUse this screen to configure servers behind the Prestige.
Full FeatureUse this screen to configure network address translation
Dynamic DNSUse this screen to set up dynamic DNS.
Time and DateUse this screen to change your Prestige’s time and date.
FirewallDefault PolicyUse this screen to activate/deactivate the firewall and the
Rule SummaryThis screen shows a summary of the firewall rules, and allows
Anti ProbingUse this screen to change your anti-probing settings.
ThresholdUse this screen to configure the threshold for DoS attacks.
Content FilterKeywordUse this screen to block sites containing certain keywords in the
ScheduleUse this screen to set the days and times for the Prestige to
TrustedUse this screen to exclude a range of users on the LAN from
Remote
Management
Use these screens for initial configuration including general
setup, ISP parameters for Internet Access and WAN IP/DNS
Server/MAC address assignment.
Use these screens forto set up bandwidth control quickly.
settings.
Use this screen to set up built-in user profiles for wireless station
authentication.
wireless station authentication.
use the same wireless settings as the Prestige.
settings.
WAN backup settings.
mapping rules.
direction of network traffic to which to apply the rule.
you to edit/add a firewall rule.
URL.
perform content filtering.
content filtering on your Prestige.
Use this screen to configure through which interface(s) and from
which IP address(es) users can use Telnet/FTP/Web to manage
the Prestige.
55 Chapter 2 Introducing the Web Configurator
Prestige 660H/HW Series User’s Guide
Table 3 Web Configurator Screens Summary (continued)
LINKSUB-LINKFUNCTION
UPnPUse this screen to enable UPnP on the Prestige.
LogsLog SettingsUse this screen to change your Prestige’s log settings.
View LogUse this screen to view the logs for the categories that you
Media Bandwidth
Management
Maintenance
System StatusThis screen contains administrative and system-related
Any IP TableUse this screen to allow a computer to access the Internet
Wireless LANAssociation ListThis screen displays the MAC address(es) of the wireless
DiagnosticGeneralThese screens display information to help you identify problems
FirmwareUse this screen to upload firmware to your Prestige
LOGOUTClick this label to exit the web configurator.
SummaryUse this screen to allocate an interface's outgoing capacity to
Class SetupUse this screen to define a bandwidth class.
MonitorUse this screen to view bandwidth class statistics.
DSL LineThese screens display information to help you identify problems
selected.
specific types of traffic.
information.
Protocol) related information and is READ-ONLY.
without changing the network settings of the computer, when the
IP addresses of the computer and the Prestige are not in the
same subnet.
stations that are currently logged in to the network.
with the Prestige general connection.
with the DSL line.
Chapter 2 Introducing the Web Configurator56
Prestige 660H/HW Series User’s Guide
57 Chapter 2 Introducing the Web Configurator
Prestige 660H/HW Series User’s Guide
CHAPTER 3
Wizard Setup for Internet Access
This chapter provides information on the Wizard Setup screens for Internet access in the web
configurator.
3.1 Introduction to Internet Access Wizard
Use the Wizard Setup screens to configure your system for Internet access with the
information (provided by your ISP) that you fill in the Internet Account Information table in
the Quick Start Guide.Your ISP may have already configured some of the fields in the wizard
screens for you.
3.1.1 Internet Access Wizard Setup
1 In the SITE MAP screen click Wizard Setup to display the first wizard screen.
Chapter 3 Wizard Setup for Internet Access58
Prestige 660H/HW Series User’s Guide
Figure 9 Internet Access Wizard Setup: First Screen
The following table describes the fields in this screen.
Table 4 Internet Access Wizard Setup: First Screen
LABELDESCRIPTION
ModeFrom the Mode drop-down list box, select Routing (default) if your ISP allows
EncapsulationSelect the encapsulation type your ISP uses from the Encapsulation drop-down list
MultiplexSelect the multiplexing method used by your ISP from the Multiplex drop-down list
Virtual Circuit IDVPI (Virtual Path Identifier) and VCI (Virtual Channel Identifier) define a virtual circuit.
VPIEnter the VPI assigned to you. This field may already be configured.
VCIEnter the VCI assigned to you. This field may already be configured.
NextClick this button to go to the next wizard screen. The next wizard screen you see
multiple computers to share an Internet account. Otherwise select Bridge.
box. Choices vary depending on what you select in the Mode field.
If you select Bridge in the Mode field, select either PPPoA or RFC 1483.
If you select Routing in the Mode field, select PPPoA, RFC 1483, ENET ENCAP or
PPPoE.
box either VC-based or LLC-based.
Refer to the appendix for more information.
depends on what protocol you chose above. Click on the protocol link to see the next
wizard screen for that protocol.
2 The next wizard screen varies depending on what mode and encapsulation type you use.
All screens shown are with routing mode. Configure the fields and click Next to continue.
59 Chapter 3 Wizard Setup for Internet Access
Figure 10 Internet Connection with PPPoE
Prestige 660H/HW Series User’s Guide
The following table describes the fields in this screen.
Table 5 Internet Connection with PPPoE
LABELDESCRIPTION
Service Name Type the name of your PPPoE service here.
User NameEnter the user name exactly as your ISP assigned. If assigned a name in the form
user@domain where domain identifies a service name, then enter both components
exactly as given.
PasswordEnter the password associated with the user name above.
IP AddressA static IP address is a fixed IP that your ISP gives you. A dynamic IP address is not
ConnectionSelect Connect on Demand when you don't want the connection up all the time and
Network
Address
Translation
BackClick Back to go back to the first wizard screen.
NextClick Next to continue to the next wizard screen.
fixed; the ISP assigns you a different one each time you connect to the Internet.
Select Obtain an IP Address Automatically if you have a dynamic IP address;
otherwise select Static IP Address and type your ISP assigned IP address in the text
box below.
specify an idle time-out (in seconds) in the Max. Idle Timeout field. The default
setting selects Connection on Demand with 0 as the idle time-out, which means the
Internet session will not timeout.
Select Nailed-Up Connection when you want your connection up all the time. The
Prestige will try to bring up the connection automatically if it is disconnected.
The schedule rule(s) in SMT menu 26 has priority over your Connection settings.
Select None, SUA Only or Full Feature from the drop-sown list box. Refer to the NAT
chapter for more details.
Chapter 3 Wizard Setup for Internet Access60
Prestige 660H/HW Series User’s Guide
Figure 11 Internet Connection with RFC 1483
The following table describes the fields in this screen.
Table 6 Internet Connection with RFC 1483
LABELDESCRIPTION
IP AddressThis field is available if you select Routing in the Mode field.
Type your ISP assigned IP address in this field.
Network Address
Translation
BackClick Back to go back to the first wizard screen.
NextClick Next to continue to the next wizard screen.
Select None, SUA Only or Full Feature from the drop-down list box. Refer to NAT
chapter for more details.
Figure 12 Internet Connection with ENET ENCAP
61 Chapter 3 Wizard Setup for Internet Access
Prestige 660H/HW Series User’s Guide
The following table describes the fields in this screen.
Table 7 Internet Connection with ENET ENCAP
LABELDESCRIPTION
IP AddressA static IP address is a fixed IP that your ISP gives you. A dynamic IP address is not
fixed; the ISP assigns you a different one each time you connect to the Internet. .
Select Obtain an IP Address Automatically if you have a dynamic IP address;
otherwise select Static IP Address and type your ISP assigned IP address in the IP
Address text box below.
Subnet MaskEnter a subnet mask in dotted decimal notation.
Refer to appendices to calculate a subnet mask If you are implementing subnetting.
ENET ENCAP
Gateway
Network
Address
Translation
BackClick Back to go back to the first wizard screen.
NextClick Next to continue to the next wizard screen.
You must specify a gateway IP address (supplied by your ISP) when you use ENET ENCAP in the Encapsulation field in the previous screen.
Select None, SUA Only or Full Feature from the drop-sown list box. Refer to the NAT
chapter for more details.
Figure 13 Internet Connection with PPPoA
Chapter 3 Wizard Setup for Internet Access62
Prestige 660H/HW Series User’s Guide
The following table describes the fields in this screen.
Table 8 Internet Connection with PPPoA
LABELDESCRIPTION
User NameEnter the login name that your ISP gives you.
PasswordEnter the password associated with the user name above.
IP AddressThis option is available if you select Routing in the Mode field.
A static IP address is a fixed IP that your ISP gives you. A dynamic IP address is not
fixed; the ISP assigns you a different one each time you connect to the Internet.
Click Obtain an IP Address Automatically if you have a dynamic IP address;
otherwise click Static IP Address and type your ISP assigned IP address in the IP
Address text box below.
ConnectionSelect Connect on Demand when you don't want the connection up all the time and
specify an idle time-out (in seconds) in the Max. Idle Timeout field. The default setting
selects Connection on Demand with 0 as the idle time-out, which means the Internet
session will not timeout.
Select Nailed-Up Connection when you want your connection up all the time. The
Prestige will try to bring up the connection automatically if it is disconnected.
The schedule rule(s) in SMT menu 26 has priority over your Connection settings.
Network
Address
Translation
BackClick Back to go back to the first wizard screen.
NextClick Next to continue to the next wizard screen.
This option is available if you select Routing in the Mode field.
Select None, SUA Only or Full Feature from the drop-sown list box. Refer to the NAT
chapter for more details.
3 Verify the settings in the screen shown next. To change the LAN information on the
Prestige, click Change LAN Configurations. Otherwise click Save Settings to save the
configuration and skip to the section 3.13.
63 Chapter 3 Wizard Setup for Internet Access
Figure 14 Internet Access Wizard Setup: Third Screen
Prestige 660H/HW Series User’s Guide
If you want to change your Prestige LAN settings, click Change LAN Configuration to
display the screen as shown next.
Figure 15 Internet Access Wizard Setup: LAN Configuration
Chapter 3 Wizard Setup for Internet Access64
Prestige 660H/HW Series User’s Guide
The following table describes the fields in this screen.
Table 9 Internet Access Wizard Setup: LAN Configuration
LABELDESCRIPTION
LAN IP AddressEnter the IP address of your Prestige in dotted decimal notation, for example,
192.168.1.1 (factory default).
If you changed the Prestige's LAN IP address, you must use the new IP
address if you want to access the web configurator again.
LAN Subnet MaskEnter a subnet mask in dotted decimal notation.
DHCP
DHCP ServerFrom the DHCP Server drop-down list box, select On to allow your Prestige to
Client IP Pool Starting
Address
Size of Client IP PoolThis field specifies the size or count of the IP address pool.
Primary DNS ServerEnter the IP addresses of the DNS servers. The DNS servers are passed to
Secondary DNS Server As above.
BackClick Back to go back to the previous screen.
FinishClick Finish to save the settings and proceed to the next wizard screen.
assign IP addresses, an IP default gateway and DNS servers to computer
systems that support the DHCP client. Select Off to disable DHCP server.
When DHCP server is used, set the following items:
This field specifies the first of the contiguous addresses in the IP address
pool.
the DHCP clients along with the IP address and the subnet mask.
4 The Prestige automatically tests the connection to the computer(s) connected to the LAN
ports. To test the connection from the Prestige to the ISP, click Start Diagnose.
Otherwise click Return to Main Menu to go back to the Site Map screen.
Figure 16 Internet Access Wizard Setup: Connection Tests
5 Launch your web browser and navigate to www.zyxel.com. Internet access is just the
beginning. Refer to the rest of this guide for more detailed information on the complete
range of Prestige features. If you cannot access the Internet, open the web configurator
again to confirm that the Internet settings you configured in the Wizard Setup are correct.
65 Chapter 3 Wizard Setup for Internet Access
Prestige 660H/HW Series User’s Guide
CHAPTER 4
Wizard Setup for Media
Bandwidth Management
This chapter shows you how to configure basic bandwidth management using the wizard
screens.
4.1 Introduction to Media Bandwidth Management
The web configurator’s Media Bandwidth Magnt. screens under Wizard Setup allows you
to specify bandwidth classes based on an application (or service). You can allocate specific
amounts of bandwidth capacity (bandwidth budgets) to different bandwidth classes.
The Prestige applies bandwidth management to traffic that it forwards out through an
interface. The Prestige does not control the bandwidth of traffic that comes into an interface.
Bandwidth management applies to all traffic flowing out of the Prestige through the interface,
regardless of the traffic's source.
Traffic redirect or IP alias may cause LAN-to-LAN traffic to pass through the Prestige and be
managed by bandwidth management.
Refer to Chapter 18 on page 194 for more information and advanced configuration.
4.1.1 Predefined Media Bandwidth Management Services
The following is a description of the services that you can select and to which you can apply
media bandwidth management using the Wizard Setup screens.
Table 10 Media Bandwidth Mgnt. Wizard Setup: Services
SERVICEDESCRIPTION
Xbox LiveThis is Microsoft’s online gaming service that lets you play multiplayer Xbox games
on the Internet via broadband technology. Xbox Live uses port 3074.
VoIP (SIP)Sending voice signals over the Internet is called Voice over IP or VoIP. Session
Initiated Protocol (SIP) is an internationally recognized standard for implementing
VoIP. SIP is an application-layer control (signaling) protocol that handles the
setting up, altering and tearing down of voice and multimedia sessions over the
Internet.
SIP is transported primarily over UDP but can also be transported over TCP, using
the default port number 5060.
Chapter 4 Wizard Setup for Media Bandwidth Management66
Prestige 660H/HW Series User’s Guide
Table 10 Media Bandwidth Mgnt. Wizard Setup: Services (continued)
SERVICEDESCRIPTION
FTPFile Transfer Program enables fast transfer of files, including large files that may
not be possible by e-mail. FTP uses port number 21.
E-MailElectronic mail consists of messages sent through a computer network to specific
groups or individuals. Here are some default ports for e-mail:
POP3 - port 110
IMAP - port 143
SMTP - port 25
HTTP - port 80
eMuleThese programs use advanced file sharing applications relying on central servers
WWWThe World Wide Web (WWW) is an Internet system to distribute graphical, hyper-
to search for files. They use default port 4662.
linked information, based on Hyper Text Transfer Protocol (HTTP) - a client/server
protocol for the World Wide Web. The Web is not synonymous with the Internet;
rather, it is just one service on the Internet. Other services on the Internet include
Internet Relay Chat and Newsgroups. The Web is accessed through use of a
browser.
4.2 Media Bandwidth Management Setup
1 Click Media Bandwidth Mgnt. under WizardSetup in the SITE MAP screen.
Figure 17 Media Bandwidth Mgnt. Wizard Setup: First Screen
67 Chapter 4 Wizard Setup for Media Bandwidth Management
Prestige 660H/HW Series User’s Guide
The following table describes the labels in this screen.
Tabl e 11 Media Bandwidth Mgnt. Wizard Setup: First Screen
LABELDESCRIPTION
ActiveSelect the Active check box to have the Prestige apply bandwidth management
to traffic going out through the Prestige’s WAN, LAN or WLAN port.
Select the service to
apply bandwidth
management.
NextClick Next to continue.
These checkboxes are applicable when you select the Active checkbox above.
Create bandwidth management classes by selecting services from the list
provided.
•XBox Live
•VoIP (SIP)
•FTP
•E-Mail
•eMule
•WWW
Refer to Table 12 on page 68 for more information.
2 The Prestige automatically creates the bandwidth class for each service you select. You
may set the priority for each bandwidth class in the second wizard screen.
Figure 18 Media Bandwidth Mgnt. Wizard Setup: Second Screen
The following table describes the fields in this screen.
Table 12 Media Bandwidth Mgnt. Wizard Setup: Second Screen
LABELDESCRIPTION
ServiceThese fields display the service(s) selected in the previous screen.
PrioritySelect High, Mid or Low priority for each service to have your Prestige use a priority
for traffic that matches that service.
If the rules set up in this wizard are changed in ADVANCED - Media Bandwidth
Mgnt. - Class Setup, then the service priority radio button will be set to Others.
The Class Configuration screen allows you to edit these rule configurations.
Chapter 4 Wizard Setup for Media Bandwidth Management68
Prestige 660H/HW Series User’s Guide
Table 12 Media Bandwidth Mgnt. Wizard Setup: Second Screen
LABELDESCRIPTION
BackClick Back to return to the previous screen.
FinishClick Finish to complete and save the bandwidth management setup.
3 Well done! You have finished configuration of Media Bandwidth Management. You may
now continue configuring your device.
Click Return to Main Menu to return to the Site Map screen.
Figure 19 Media Bandwidth Mgnt. Wizard Setup: Finish
69 Chapter 4 Wizard Setup for Media Bandwidth Management
This chapter provides information on the Password screen.
5.1 Password Overview
It is highly recommended that you change the password for accessing the Prestige.
5.1.1 Configuring Password
To change your Prestige’s password (recommended), click Password in the Site Map screen.
Figure 20 Password
Prestige 660H/HW Series User’s Guide
CHAPTER 5
Password Setup
The following table describes the fields in this screen.
Table 13 Password
LABELDESCRIPTION
Old PasswordType the default password or the existing password you use to access the system
in this field.
New PasswordType the new password in this field.
Retype to ConfirmType the new password again in this field.
ApplyClick Apply to save your changes back to the Prestige.
CancelClick Cancel to begin configuring this screen afresh.
Chapter 5 Password Setup70
Prestige 660H/HW Series User’s Guide
71 Chapter 5 Password Setup
This chapter describes how to configure LAN settings.
6.1 LAN Overview
A Local Area Network (LAN) is a shared communication system to which many computers
are attached. A LAN is a computer network limited to the immediate area, usually the same
building or floor of a building. The LAN screens can help you configure a LAN DHCP server
and manage IP addresses.
6.1.1 LANs, WANs and the Prestige
Prestige 660H/HW Series User’s Guide
CHAPTER 6
LAN Setup
The actual physical connection determines whether the Prestige ports are LAN or WAN ports.
There are two separate IP networks, one inside the LAN network and the other outside the
WAN network as shown next.
Figure 21 LAN and WAN IP Addresses
Chapter 6 LAN Setup72
Prestige 660H/HW Series User’s Guide
6.2 DNS Server Address
DNS (Domain Name System) is for mapping a domain name to its corresponding IP address
and vice versa. The DNS server is extremely important because without it, you must know the
IP address of a machine before you can access it. The DNS server addresses that you enter in
the DHCP setup are passed to the client machines along with the assigned IP address and
subnet mask.
There are two ways that an ISP disseminates the DNS server addresses. The first is for an ISP
to tell a customer the DNS server addresses, usually in the form of an information sheet, when
s/he signs up. If your ISP gives you the DNS server addresses, enter them in the DNS Server
fields in DHCP Setup, otherwise, leave them blank.
Some ISP’s choose to pass the DNS servers using the DNS server extensions of PPP IPCP (IP
Control Protocol) after the connection is up. If your ISP did not give you explicit DNS
servers, chances are the DNS servers are conveyed through IPCP negotiation. The Prestige
supports the IPCP DNS server extensions through the DNS proxy feature.
If the Primary and Secondary DNS Server fields in the LAN Setup screen are not specified,
for instance, left as 0.0.0.0, the Prestige tells the DHCP clients that it itself is the DNS server.
When a computer sends a DNS query to the Prestige, the Prestige forwards the query to the
real DNS server learned through IPCP and relays the response back to the computer.
Please note that DNS proxy works only when the ISP uses the IPCP DNS server extensions. It
does not mean you can leave the DNS servers out of the DHCP setup under all circumstances.
If your ISP gives you explicit DNS servers, make sure that you enter their IP addresses in the
LAN Setup screen. This way, the Prestige can pass the DNS servers to the computers and the
computers can query the DNS server directly without the Prestige’s intervention.
6.3 DNS Server Address Assignment
Use DNS (Domain Name System) to map a domain name to its corresponding IP address and
vice versa. The DNS server is extremely important because without it, you must know the IP
address of a computer before you can access it.
There are two ways that an ISP disseminates the DNS server addresses.
• The ISP tells you the DNS server addresses, usually in the form of an information sheet,
when you sign up. If your ISP gives you DNS server addresses, enter them in the DNS
Server fields in the LAN Setup screen.
• The Prestige acts as a DNS proxy when the Primary and Secondary DNS Server fields
are left blank in the LAN Setup screen.
73 Chapter 6 LAN Setup
6.4 LAN TCP/IP
The Prestige has built-in DHCP server capability that assigns IP addresses and DNS servers to
systems that support DHCP client capability.
6.4.1 Factory LAN Defaults
The LAN parameters of the Prestige are preset in the factory with the following values:
• IP address of 192.168.1.1 with subnet mask of 255.255.255.0 (24 bits)
• DHCP server enabled with 32 client IP addresses starting from 192.168.1.33.
These parameters should work for the majority of installations. If your ISP gives you explicit
DNS server address(es), read the embedded web configurator help regarding what fields need
to be configured.
6.4.2 IP Address and Subnet Mask
Prestige 660H/HW Series User’s Guide
Similar to the way houses on a street share a common street name, so too do computers on a
LAN share one common network number.
Where you obtain your network number depends on your particular situation. If the ISP or
your network administrator assigns you a block of registered IP addresses, follow their
instructions in selecting the IP addresses and the subnet mask.
If the ISP did not explicitly give you an IP network number, then most likely you have a single
user account and the ISP will assign you a dynamic IP address when the connection is
established. If this is the case, it is recommended that you select a network number from
192.168.0.0 to 192.168.255.0 and you must enable the Network Address Translation (NAT)
feature of the Prestige. The Internet Assigned Number Authority (IANA) reserved this block
of addresses specifically for private use; please do not use any other number unless you are
told otherwise. Let's say you select 192.168.1.0 as the network number; which covers 254
individual addresses, from 192.168.1.1 to 192.168.1.254 (zero and 255 are reserved). In other
words, the first three numbers specify the network number while the last number identifies an
individual computer on that network.
Once you have decided on the network number, pick an IP address that is easy to remember,
for instance, 192.168.1.1, for your Prestige, but make sure that no other device on your
network is using that IP address.
The subnet mask specifies the network number portion of an IP address. Your Prestige will
compute the subnet mask automatically based on the IP address that you entered. You don't
need to change the subnet mask computed by the Prestige unless you are instructed to do
otherwise.
Chapter 6 LAN Setup74
Prestige 660H/HW Series User’s Guide
6.4.3 RIP Setup
RIP (Routing Information Protocol) allows a router to exchange routing information with
other routers. The RIP Direction field controls the sending and receiving of RIP packets.
When set to:
• Both - the Prestige will broadcast its routing table periodically and incorporate the RIP
information that it receives.
• In Only - the Prestige will not send any RIP packets but will accept all RIP packets
received.
• Out Only - the Prestige will send out RIP packets but will not accept any RIP packets
received.
• None - the Prestige will not send any RIP packets and will ignore any RIP packets
received.
The Version field controls the format and the broadcasting method of the RIP packets that the
Prestige sends (it recognizes both formats when receiving). RIP-1 is universally supported;
but RIP-2 carries more information. RIP-1 is probably adequate for most networks, unless
you have an unusual network topology.
Both RIP-2B and RIP-2M sends the routing data in RIP-2 format; the difference being that
RIP-2B uses subnet broadcasting while RIP-2M uses multicasting.
6.4.4 Multicast
Traditionally, IP packets are transmitted in one of either two ways - Unicast (1 sender - 1
recipient) or Broadcast (1 sender - everybody on the network). Multicast delivers IP packets to
a group of hosts on the network - not everybody and not just 1.
IGMP (Internet Group Multicast Protocol) is a network-layer protocol used to establish
membership in a Multicast group - it is not used to carry user data. IGMP version 2 (RFC
2236) is an improvement over version 1 (RFC 1112) but IGMP version 1 is still in wide use. If
you would like to read more detailed information about interoperability between IGMP
version 2 and version 1, please see sections 4 and 5 of RFC 2236. The class D IP address is
used to identify host groups and can be in the range 224.0.0.0 to 239.255.255.255. The address
224.0.0.0 is not assigned to any group and is used by IP multicast computers. The address
224.0.0.1 is used for query messages and is assigned to the permanent group of all IP hosts
(including gateways). All hosts must join the 224.0.0.1 group in order to participate in IGMP.
The address 224.0.0.2 is assigned to the multicast routers group.
The Prestige supports both IGMP version 1 (IGMP-v1) and IGMP version 2 (IGMP-v2). At
start up, the Prestige queries all directly connected networks to gather group membership.
After that, the Prestige periodically updates this information. IP multicasting can be enabled/
disabled on the Prestige LAN and/or WAN interfaces in the web configurator (LAN; WA N ).
Select None to disable IP multicasting on these interfaces.
75 Chapter 6 LAN Setup
6.5 Any IP
Traditionally, you must set the IP addresses and the subnet masks of a computer and the
Prestige to be in the same subnet to allow the computer to access the Internet (through the
Prestige). In cases where your computer is required to use a static IP address in another
network, you may need to manually configure the network settings of the computer every time
you want to access the Internet via the Prestige.
With the Any IP feature and NAT enabled, the Prestige allows a computer to access the
Internet without changing the network settings (such as IP address and subnet mask) of the
computer, when the IP addresses of the computer and the Prestige are not in the same subnet.
Whether a computer is set to use a dynamic or static (fixed) IP address, you can simply
connect the computer to the Prestige and access the Internet.
The following figure depicts a scenario where a computer is set to use a static private IP
address in the corporate environment. In a residential house where a Prestige is installed, you
can still use the computer to access the Internet without changing the network settings, even
when the IP addresses of the computer and the Prestige are not in the same subnet.
Figure 22 Any IP Example
Prestige 660H/HW Series User’s Guide
The Any IP feature does not apply to a computer using either a dynamic IP address or a static
IP address that is in the same subnet as the Prestige’s IP address.
Note: You must enable NAT/SUA to use the Any IP feature on the Prestige.
6.5.1 How Any IP Works
Address Resolution Protocol (ARP) is a protocol for mapping an Internet Protocol address (IP
address) to a physical machine address, also known as a Media Access Control or MAC
address, on the local area network. IP routing table is defined on IP Ethernet devices (the
Prestige) to decide which hop to use,
Chapter 6 LAN Setup76
to help forward data along to its specified destination.
Prestige 660H/HW Series User’s Guide
The following lists out the steps taken, when a computer tries to access the Internet for the first
time through the Prestige.
1 When a computer (which is in a different subnet) first attempts to access the Internet, it
sends packets to its default gateway (which is not the Prestige) by looking at the MAC
address in its ARP table.
2 When the computer cannot locate the default gateway, an ARP request is broadcast on the
LAN.
3 The Prestige receives the ARP request and replies to the computer with its own MAC
address.
4 The computer updates the MAC address for the default gateway to the ARP table. Once
the ARP table is updated, the computer is able to access the Internet through the Prestige.
5 When the Prestige receives packets from the computer, it creates an entry in the IP
routing table so it can properly forward packets intended for the computer.
After all the routing information is updated, the computer can access the Prestige and the
Internet as if it is in the same subnet as the Prestige.
6.6 Configuring LAN
Click LAN and LAN Setup to open the following screen.
77 Chapter 6 LAN Setup
Figure 23 LAN Setup
Prestige 660H/HW Series User’s Guide
The following table describes the fields in this screen.
Table 14 LAN Setup
LABELDESCRIPTION
DHCP
DHCPIf set to Server, your Prestige can assign IP addresses, an IP default gateway
and DNS servers to Windows 95, Windows NT and other systems that support
the DHCP client.
If set to None, the DHCP server will be disabled.
If set to Relay, the Prestige acts as a surrogate DHCP server and relays DHCP
requests and responses between the remote server and the clients. Enter the IP
address of the actual, remote DHCP server in the Remote DHCP Server field in
this case.
When DHCP is used, the following items need to be set:
Client IP Pool
Starting Address
Size of Client IP
Pool
Primary DNS Server Enter the IP addresses of the DNS servers. The DNS servers are passed to the
Secondary DNS
Server
This field specifies the first of the contiguous addresses in the IP address pool.
This field specifies the size or count of the IP address pool.
DHCP clients along with the IP address and the subnet mask.
As above.
Chapter 6 LAN Setup78
Prestige 660H/HW Series User’s Guide
Table 14 LAN Setup (continued)
LABELDESCRIPTION
Remote DHCP
Server
TCP/IP
IP AddressEnter the IP address of your Prestige in dotted decimal notation, for example,
IP Subnet Mask Type the subnet mask assigned to you by your ISP (if given).
RIP DirectionSelect the RIP direction from None, Both, In Only and Out Only.
RIP VersionSelect the RIP version from RIP-1, RIP-2B and RIP-2M.
MulticastIGMP (Internet Group Multicast Protocol) is a network-layer protocol used to
Any IP SetupSelect the Active checkbox to enable the Any IP feature. This allows a computer
ApplyClick Apply to save your changes back to the Prestige.
CancelClick Cancel to begin configuring this screen afresh.
If Relay is selected in the DHCP field above then enter the IP address of the
actual remote DHCP server here.
192.168.1.1 (factory default).
establish membership in a multicast group. The Prestige supports both IGMP
version 1 (IGMP-v1) and IGMP-v2. Select None to disable it.
to access the Internet without changing the network settings (such as IP address
and subnet mask) of the computer, even when the IP addresses of the computer
and the Prestige are not in the same subnet.
When you disable the Any IP feature, only computers with dynamic IP addresses
or static IP addresses in the same subnet as the Prestige’s LAN IP address can
connect to the Prestige or access the Internet through the Prestige.
6.7 Configuring Static DHCP
This table allows you to assign IP addresses on the LAN to specific individual computers
based on their MAC Addresses.
Every Ethernet device has a unique MAC (Media Access Control) address. The MAC address
is assigned at the factory and consists of six pairs of hexadecimal characters, for example,
00:A0:C5:00:00:02.
To change your Prestige’s static DHCP settings, click LAN, then the Static DHCP tab. The
screen appears as shown.
79 Chapter 6 LAN Setup
Figure 24 LAN: Static DHCP
Prestige 660H/HW Series User’s Guide
The following table describes the labels in this screen.
Table 15 LAN: Static DHCP
LABELDESCRIPTION
#This is the index number of the Static IP table entry (row).
MAC AddressType the MAC address (with colons) of a computer on your LAN.
IP AddressThis field specifies the size, or count of the IP address pool.
ApplyClick Apply to save your changes back to the Prestige.
ResetClick Reset to begin configuring this screen afresh.
Chapter 6 LAN Setup80
Prestige 660H/HW Series User’s Guide
81 Chapter 6 LAN Setup
Prestige 660H/HW Series User’s Guide
CHAPTER 7
Wireless LAN (Prestige 660HW)
This chapter discusses how to configure Wireless LAN.
7.1 Introduction
A wireless LAN can be as simple as two computers with wireless LAN adapters
communicating in a peer-to-peer network or as complex as a number of computers with
wireless LAN adapters communicating through access points which bridge network traffic to
the wired LAN.
Note: See the WLAN appendix for more detailed information on WLANs.
7.2 Wireless Security Overview
Wireless security is vital to your network to protect wireless communication between wireless
stations, access points and the wired network.
Wireless security methods available on the Prestige are data encryption, wireless client
authentication, restricting access by device MAC address and hiding the Prestige identity.
7.2.1 Encryption
• Use WPA security if you have WPA-aware wireless clients and a RADIUS server. WPA
has user authentication and improved data encryption over WEP.
• Use WPA-PSK if you have WPA-aware wireless clients but no RADIUS server.
• If you don’t have WPA-aware wireless clients, then use WEP key encrypting. A higher
bit key offers better security at a throughput trade-off. You can use Passphrase to
automatically generate 64-bit or 128-bit WEP keys or manually enter 64-bit, 128-bit or
256-bit WEP keys.
7.2.2 Authentication
WPA has user authentication and you can also configure IEEE 802.1x to use the built-in
database (Local User Database) or a RADIUS server to authenticate wireless clients before
joining your network.
• Use RADIUS authentication if you have a RADIUS server. See the appendices for
information on protocols used when a client authenticates with a RADIUS server via the
Prestige.
Chapter 7 Wireless LAN (Prestige 660HW)82
Prestige 660H/HW Series User’s Guide
• Use the Local User Database if you have less than 32 wireless clients in your network.
The Prestige uses MD5 encryption when a client authenticates with the Local User
Database
7.2.3 Restricted Access
The MAC Filter screen allows you to configure the AP to give exclusive access to devices
(Allow Association) or exclude them from accessing the AP (Deny Association).
7.2.4 Hide Prestige Identity
If you hide the ESSID, then the Prestige cannot be seen when a wireless client scans for local
APs. The trade-off for the extra security of “hiding” the Prestige may be inconvenience for
some valid WLAN clients. If you don’t hide the ESSID, at least you should change the default
one.
7.2.5 G-plus
G-plus is an enhancement to the IEEE 802.11g wireless standard. G-plus combines multiple
frames into a larger frame size. This increases wireless transmission speeds by allowing larger
frames (up to 4 KB) to be sent.
G-plus speed applies only to unicast traffic (not broadcast or multicast). G-plus is
automatically disabled if wireless transmission speeds fall below 11 Mbps.
7.2.6 Configuring Wireless LAN on the Prestige
1 Configure the ESSID
and WEP in the
Wireless screen. If you
configure WEP, you
can’t configure WPA or WPA-PSK.
2 Use the MAC Filter
screen to restrict access
to your wireless
network by MAC
address.
3 Configure WPA or
WPA-PSK in the
802.1x/WPA screen. You can also configure 802.1x wireless client authentication in the 802.1x/WPA screen.
4 Configure the RADIUS authentication database settings in the RADIUS screen.
5 Configure the built-in authentication database in the Local User Database screen.
83 Chapter 7 Wireless LAN (Prestige 660HW)
Prestige 660H/HW Series User’s Guide
6 If you have OTIST-enabled clients, configure OTIST in the OTIST screen. OTIST
transfers device SSID and WEP or WPA-PSK key settings (if enabled) to wireless
clients.
The following figure shows the relative effectiveness of these wireless security methods
available on your Prestige.
Figure 25 Wireless Security Methods
Note: You must enable the same wireless security settings on the Prestige and on all
wireless clients that you want to associate with it.
If you do not enable any wireless security on your Prestige, your network is
accessible to any wireless networking device that is within range.
7.3 Configuring the Wireless Screen
7.3.1 WEP Encryption
WEP encryption scrambles the data transmitted between the wireless stations and the access
points to keep network communications private. It encrypts unicast and multicast
communications in a network. Both the wireless stations and the access points must use the
same WEP key.
Your Prestige allows you to configure up to four 64-bit, 128-bit or 256-bit WEP keys but only
one key can be enabled at any one time.
In order to configure and enable WEP encryption; click Wireless LAN and Wireless to the
display the Wireless screen.
Chapter 7 Wireless LAN (Prestige 660HW)84
Prestige 660H/HW Series User’s Guide
Figure 26 Wireless Screen
The following table describes the labels in this screen.
Table 16 Wireless LAN
LABELDESCRIPTION
Enable Wireless
LAN
Enable Wireless g+Select this checkbox to allow any ZyXEL WLAN devices that support this feature to
802.11 ModeSelect 802.11b Only to allow only IEEE 802.11b compliant WLAN devices to
ESSIDThe ESSID (Extended Service Set IDentification) is a unique name to identify the
You should configure some wireless security (see Figure 25 on page 84) when you
enable the wireless LAN. Select the check box to enable the wireless LAN.
associate with the Prestige at higher transmission speeds. This permits the Prestige
to transmit at a higher speed than the 802.11g Only mode.
associate with the Prestige.
Select 802.11g Only to allow only IEEE 802.11g compliant WLAN devices to
associate with the Prestige.
Select Mixed to allow either IEEE802.11b or IEEE802.11g compliant WLAN devices
to associate with the Prestige. The transmission rate of your Prestige might be
reduced.
Prestige in the wireless LAN. Wireless stations associating to the Prestige must
have the same ESSID.
Enter a descriptive name of up to 32 printable characters (including spaces;
alphabetic characters are case-sensitive).
85 Chapter 7 Wireless LAN (Prestige 660HW)
Prestige 660H/HW Series User’s Guide
Table 16 Wireless LAN (continued)
LABELDESCRIPTION
Hide ESSIDSelect Yes to hide the ESSID in so a station cannot obtain the ESSID through AP
scanning.
Select No to make the ESSID visible so a station can obtain the ESSID through AP
scanning.
Channel ID The radio frequency used by IEEE 802.11a, b or g wireless devices is called a
channel.
Select a channel from the drop-down list box.
RTS/CTS
Threshold
Fragmentation
Threshold
You won’t see the following WEP-related fields if you have WPA or WPA-PSK enabled.
PassphraseEnter a "passphrase" (password phrase) of up to 63 case-sensitive printable
GenerateAfter you enter the passphrase, click Generate to have the Prestige generate four
WEP EncryptionWEP (Wired Equivalent Privacy) encrypts data frames before transmitting over the
Key 1 to Key 4 The WEP keys are used to encrypt data. Both the Prestige and the wireless stations
BackClick Back to go to the main wireless LAN setup screen.
ApplyClick Apply to save your changes back to the Prestige.
CancelClick Cancel to begin configuring this screen afresh.
The RTS (Request To Send) threshold (number of bytes) is for enabling RTS/CTS.
Data with its frame size larger than this value will perform the RTS/CTS handshake.
Setting this value to be larger than the maximum MSDU (MAC service data unit)
size turns off RTS/CTS. Setting this value to zero turns on RTS/CTS.
Select the check box to change the default value and enter a new value between 0
and 2432.
This is the threshold (number of bytes) for the fragmentation boundary for directed
messages. It is the maximum data fragment size that can be sent.
Select the check box to change the default value and enter a value between 256
and 2432.
characters and click Generate to have the Prestige create four different WEP keys.
At the time of writing, you cannot use passphrase to generate 256-bit WEP keys.
different WEP keys automatically. The keys display in the fields below.
wireless network.
Select Disable to allow all wireless stations to communicate with the access points
without any data encryption.
Select 64-bit WEP, 128-bit WEP or 256-bit WEP to use data encryption.
must use the same WEP key for data transmission.
If you want to manually set the WEP keys, enter the key in the field provided.
If you chose 64-bit WEP, then enter any 5 ASCII characters or 10 hexadecimal
characters ("0-9", "A-F").
If you chose 128-bit WEP, then enter 13 ASCII characters or 26 hexadecimal
characters ("0-9", "A-F").
If you chose 256-bit WEP, then enter 29 ASCII characters or 58 hexadecimal
characters ("0-9", "A-F").
The values for the WEP keys must be set up exactly the same on all wireless
devices in the same wireless LAN.
You must configure all four keys, but only one key can be used at any one time. The
default key is key 1.
Chapter 7 Wireless LAN (Prestige 660HW)86
Prestige 660H/HW Series User’s Guide
Note: If you are configuring the Prestige from a computer connected to the wireless
LAN and you change the Prestige’s ESSID or security settings (see
on page 84), you will lose your wireless connection when you press Apply to
confirm. You must then change the wireless settings of your computer to match
the Prestige’s new settings.
7.4 Configuring MAC Filters
Every Ethernet device has a unique MAC (Media Access Control) address. The MAC address
is assigned at the factory and consists of six pairs of hexadecimal characters, for example,
00:A0:C5:00:00:02. You need to know the MAC addresses of the devices to configure this
screen. To change your Prestige’s MAC filter settings, click Wireless LAN, MAC Filter to
open the MAC Filter screen. The screen appears as shown.
Note: Be careful not to list your computer’s MAC address and set the Action field to
Deny Association when managing the Prestige via a wireless connection.
This would lock you out.
Figure 25
87 Chapter 7 Wireless LAN (Prestige 660HW)
Figure 27 MAC Address Filter
Prestige 660H/HW Series User’s Guide
The following table describes the fields in this menu.
Table 17 MAC Address Filter
LABELDESCRIPTION
ActiveSelect Ye s from the drop down list box to enable MAC address filtering.
Action Define the filter action for the list of MAC addresses in the MAC Address table.
Select Deny Association to block access to the router, MAC addresses not listed will
be allowed to access the Prestige. Select Allow Association to permit access to the
router, MAC addresses not listed will be denied access to the Prestige.
MAC Address Enter the MAC addresses in a valid MAC address format, that is, six hexadecimal
character pairs, for example, 12:34:56:78:9a:bc
allowed or denied access to the Prestige in these address fields.
Chapter 7 Wireless LAN (Prestige 660HW)88
of the wireless stations that are
Prestige 660H/HW Series User’s Guide
Table 17 MAC Address Filter (continued)
LABELDESCRIPTION
Back Click Back to go to the main wireless LAN setup screen.
ApplyClick Apply to save your changes back to the Prestige.
CancelClick Cancel to begin configuring this screen afresh.
7.5 Introduction to WPA
Wi-Fi Protected Access (WPA) is a subset of the IEEE 802.11i standard. WPA is preferred to
WEP as WPA has user authentication and improved data encryption. See the appendix for
more information on WPA user authentication and WPA encryption.
If you don’t have an external RADIUS server, you should use WPA-PSK (WPA -Pre-Shared
Key). WPA-PSK only requires a single (identical) password entered into each WLAN
member. As long as the passwords match, a client will be granted access to a WLAN.
Note: You can’t use the Local User Database for authentication when you select
WPA.
7.5.1 WPA-PSK Application Example
A WPA-PSK application looks as follows.
1 First enter identical passwords into the AP and all wireless clients. The Pre-Shared Key
(PSK) must be between 8 and 63 printable characters (including spaces; alphabetic
characters are case-sensitive).
2 The AP checks each client’s password and (only) allows it to join the network if the
passwords match.
3 The AP derives and distributes keys to the wireless clients.
4 The AP and wireless clients use the TKIP encryption process to encrypt data exchanged
between them.
89 Chapter 7 Wireless LAN (Prestige 660HW)
Figure 28 WPA - PSK Authentication
7.5.2 WPA with RADIUS Application Example
You need the IP address, port number (default is 1812) and shared secret of a RADIUS server.
A WPA application example with an external RADIUS server looks as follows. "A" is the
RADIUS server. "DS" is the distribution system (wired link to the LAN).
Prestige 660H/HW Series User’s Guide
1 The AP passes the wireless client’s authentication request to the RADIUS server.
2 The RADIUS server then checks the user's identification against its database and grants
or denies network access accordingly.
3 The RADIUS server distributes a Pairwise Master Key (PMK) key to the AP that then
sets up a key hierarchy and management system, using the pair-wise key to dynamically
generate unique data encryption keys to encrypt every data packet that is wirelessly
transmitted between the AP and the wireless clients
Chapter 7 Wireless LAN (Prestige 660HW)90
Prestige 660H/HW Series User’s Guide
Figure 29 WPA with RADIUS Application Example2
7.5.3 Wireless Client WPA Supplicants
A wireless client supplicant is the software that runs on an operating system instructing the
wireless client how to use WPA. At the time of writing, the most widely available supplicants
are the WPA patch for Windows XP, Funk Software's Odyssey client, and Meetinghouse Data
Communications' AEGIS client.
The Windows XP patch is a free download that adds WPA capability to Windows XP's builtin "Zero Configuration" wireless client. However, you must run Windows XP to use it.
7.6 Configuring IEEE 802.1x and WPA
To change your Prestige’s authentication settings, click the Wireless LAN link under
Advanced Setup and then the 802.1x/WPA tab. The screen varies by the key management
protocol you select.
You see the next screens when you select No Access Allowed or No Authentication Required in the Wireless Port Control field.
91 Chapter 7 Wireless LAN (Prestige 660HW)
Prestige 660H/HW Series User’s Guide
Figure 30 Wireless LAN: 802.1x/WPA: No Authentication
The following table describes the label in these screens.
Table 18 Wireless LAN: 802.1x/WPA: No Access/Authentication
LABELDESCRIPTION
Wireless Port
Control
BackClick Back to go to the main wireless LAN setup screen.
ApplyClick Apply to save your changes back to the Prestige.
CancelClick Cancel to begin configuring this screen afresh.
To control wireless station access to the wired network, select a control method from
the drop-down list box. Choose from No Access Allowed, No Authentication
Required and Authentication Required.
No Access Allowed blocks all wireless stations access to the wired network.
No Authentication Required allows all wireless stations access to the wired network
without entering usernames and passwords. This is the default setting.
Authentication Required means that all wireless stations have to enter usernames
and passwords before access to the wired network is allowed.
Select Authentication Required to configure Key Management Protocol and other
related fields.
7.6.1 Authentication Required: 802.1x
You need the following for IEEE 802.1x authentication.
• A computer with an IEEE 802.11 a/b/g wireless LAN adapter and equipped with a web
browser (with JavaScript enabled) and/or Telnet.
• A wireless station computer must be running IEEE 802.1x-compliant software. Not all
Windows operating systems support IEEE 802.1x (see the Microsoft web site for details).
For other operating systems, see their documentation. If your operating system does not
support IEEE 802.1x, then you may need to install IEEE 802.1x client software.
• An optional network RADIUS server for remote user authentication and accounting.
Select Authentication Required in the Wireless Port Control field and 802.1x in the Key Management Protocol field to display the next screen.
Chapter 7 Wireless LAN (Prestige 660HW)92
Prestige 660H/HW Series User’s Guide
Figure 31 Wireless LAN: 802.1x/WPA: 802.1xl
The following table describes the labels in this screen.
Table 19 Wireless LAN: 802.1x/WPA: 802.1x
LABELDESCRIPTION
Wireless Port
Control
ReAuthentication
Timer
(in Seconds)
To control wireless station access to the wired network, select a control method
from the drop-down list box. Choose from No Authentication Required,
Authentication Required and No Access Allowed.
The following fields are only available when you select Authentication Required.
Specify how often wireless stations have to reenter usernames and passwords in
order to stay connected. This field is activated only when you select
Authentication Required in the Wireless Port Control field.
Enter a time interval between 10 and 9999 seconds. The default time interval is
1800 seconds (30 minutes).
Note: If wireless station authentication is done using a RADIUS
server, the reauthentication timer on the RADIUS server has
priority.
Idle Timeout
(in Seconds)
Key Management
Protocol
The Prestige automatically disconnects a wireless station from the wired network
after a period of inactivity. The wireless station needs to enter the username and
password again before access to the wired network is allowed.
This field is activated only when you select Authentication Required in the
Wireless Port Control field. The default time interval is 3600 seconds (or 1 hour).
BackClick Back to go to the main wireless LAN setup screen.
ApplyClick Apply to save your changes back to the Prestige.
CancelClick Cancel to begin configuring this screen afresh.
This field is activated only when you select Authentication Required in the
Wireless Port Control field. Also set the Authentication Databases field to
RADIUS Only. Local user database may not be used.
Select Disable to allow wireless stations to communicate with the access points
without using dynamic WEP key exchange.
Select 64-bit WEP, 128-bit WEP or 256-bit WEP to enable data encryption.
Up to 32 stations can access the Prestige when you configure dynamic WEP key
exchange.
This field is not available when you set Key Management Protocol to WPA or
WPA-PSK.
The authentication database contains wireless station login information. The local
user database is the built-in database on the Prestige. The RADIUS is an external
server. Use this drop-down list box to select which database the Prestige should
use (first) to authenticate a wireless station.
Before you specify the priority, make sure you have set up the corresponding
database correctly first.
Select Local User Database Only to have the Prestige just check the built-in user
database on the Prestige for a wireless station's username and password.
Select RADIUS Only to have the Prestige just check the user database on the
specified RADIUS server for a wireless station's username and password.
Select Local first, then RADIUS to have the Prestige first check the user
database on the Prestige for a wireless station's username and password. If the
user name is not found, the Prestige then checks the user database on the
specified RADIUS server.
Select RADIUS first, then Local to have the Prestige first check the user
database on the specified RADIUS server for a wireless station's username and
password. If the Prestige cannot reach the RADIUS server, the Prestige then
checks the local user database on the Prestige. When the user name is not found
or password does not match in the RADIUS server, the Prestige will not check the
local user database and the authentication fails.
Note: Once you enable user authentication, you need to specify an external RADIUS
server or create local user accounts on the Prestige for authentication.
7.6.2 Authentication Required: WPA
Select Authentication Requiredin the Wireless Port Control field and WPA in the Key
Management Protocol field to display the next screen.
Chapter 7 Wireless LAN (Prestige 660HW)94
Prestige 660H/HW Series User’s Guide
Figure 32 Wireless LAN: 802.1x/WPA: WPAl
The following table describes the labels not previously discussed
Table 20 Wireless LAN: 802.1x/WPA: WPAl
LABELDESCRIPTION
Key Management
Protocol
WPA Mixed ModeThe Prestige can operate in WPA Mixed Mode, which supports both clients
Group Data Privacy Group Data Privacy allows you to choose TKIP (recommended) or WEP for
WPA Group Key
Update Timer
Authentication
Databases
Choose WPA in this field.
running WPA and clients running dynamic WEP key exchange with 802.1x in the
same Wi-Fi network.
Select the check box to activate WPA mixed mode. Otherwise, clear the check
box and configure the Group Data Privacy field.
broadcast and multicast ("group") traffic if the Key Management Protocol is
WPA and WPA Mixed Mode is disabled. WEP is used automatically if you have
enabled WPA Mixed Mode.
All unicast traffic is automatically encrypted by TKIP when WPA or WPA-PSK Key Management Protocol is selected.
The WPA Group Key Update Timer is the rate at which the AP (if using WPA-PSK key management) or RADIUS server (if using WPA key management)
sends a new group key out to all clients. The re-keying process is the WPA
equivalent of automatically changing the WEP key for an AP and all stations in a
WLAN on a periodic basis. Setting of the WPA Group Key Update Timer is also
supported in WPA-PSK mode. The Prestige default is 1800 seconds (30
minutes).
When you configure Key Management Protocol to WPA, the Authentication
Databases must be RADIUS Only. You can only use the Local User Database
Only with 802.1x Key Management Protocol.
95 Chapter 7 Wireless LAN (Prestige 660HW)
7.6.3 Authentication Required: WPA-PSK
Select Authentication Requiredin the Wireless Port Control field and WPA-PSK in the
Key Management Protocol field to display the next screen.
Figure 33 Wireless LAN: 802.1x/WPA:WPA-PSKl
Prestige 660H/HW Series User’s Guide
The following table describes the labels not previously discussed.
Table 21 Wireless LAN: 802.1x/WPA: WPAl-PSK
LABELDESCRIPTION
Key Management
Protocol
Pre-Shared KeyThe encryption mechanisms used for WPA and WPA-PSK are the same. The
WPA Mixed ModeThe Prestige can operate in WPA Mixed Mode, which supports both clients
Group Data Privacy Group Data Privacy allows you to choose TKIP (recommended) or WEP for
Authentication
Databases
Choose WPA-PSK in this field.
only difference between the two is that WPA-PSK uses a simple common
password, instead of user-specific credentials.
Type a pre-shared key from 8 to 63 printable characters (including spaces;
alphabetic characters are case-sensitive).
running WPA and clients running dynamic WEP key exchange with 802.1x in the
same Wi-Fi network.
Select the check box to activate WPA mixed mode. Otherwise, clear the check
box and configure the Group Data Privacy field.
broadcast and multicast ("group") traffic if the Key Management Protocol is
WPA and WPA Mixed Mode is disabled. WEP is used automatically if you have
enabled WPA Mixed Mode.
All unicast traffic is automatically encrypted by TKIP when WPA or WPA-PSK Key Management Protocol is selected.
This field is only visible when WPA Mixed Mode is enabled.
Chapter 7 Wireless LAN (Prestige 660HW)96
Prestige 660H/HW Series User’s Guide
7.7 Configuring Local User Authentication
By storing user profiles locally, your Prestige is able to authenticate wireless users without
interacting with a network RADIUS server. However, there is a limit on the number of users
you may authenticate in this way.
To change your Prestige’s local user database, click Wireless LAN, Local User Database.
The screen appears as shown.
Figure 34 Local User Database
The following table describes the fields in this screen.
Table 22 Local User Database
LABELDESCRIPTION
# This is the index number of a local user account.
Active Select this check box to enable the user profile.
User NameEnter a user name of up to 31 alphanumeric characters (case-sensitive), hyphens ('-')
and underscores ('_') if you’re using MD5 encryption and maximum 14 if you’re using
PEAP.
97 Chapter 7 Wireless LAN (Prestige 660HW)
Table 22 Local User Database (continued)
LABELDESCRIPTION
PasswordEnter a password of up to 31 printable characters (including spaces; alphabetic
characters are case-sensitive) if you’re using MD5 encryption and maximum 14 if you’re
using PEAP.
BackClick Back to go to the main wireless LAN setup screen.
ApplyClick Apply to save these settings back to the Prestige.
CancelClick Cancel to begin configuring this screen again.
7.8 Configuring RADIUS
To set up your Prestige’s RADIUS server settings, click WIRELESS LAN, RADIUS. The
screen appears as shown.
Figure 35 RADIUS
Prestige 660H/HW Series User’s Guide
The following table describes the fields in this screen.
Table 23 RADIUS
LABELDESCRIPTION
Authentication Server
ActiveSelect Yes from the drop-down list box to enable user authentication
Server IP AddressEnter the IP address of the external authentication server in dotted decimal
Port NumberThe default port of the RADIUS server for authentication is 1812.
Chapter 7 Wireless LAN (Prestige 660HW)98
through an external authentication server.
notation.
You need not change this value unless your network administrator instructs
you to do so with additional information.
Prestige 660H/HW Series User’s Guide
Table 23 RADIUS (continued)
LABELDESCRIPTION
Shared SecretEnter a password (up to 31 alphanumeric characters) as the key to be
shared between the external authentication server and the access points.
The key is not sent over the network. This key must be the same on the
external authentication server and Prestige.
Accounting Server
ActiveSelect Yes from the drop-down list box to enable user authentication
Server IP AddressEnter the IP address of the external accounting server in dotted decimal
Port NumberThe default port of the RADIUS server for accounting is 1813.
Shared SecretEnter a password (up to 31 alphanumeric characters) as the key to be
BackClick Back to go to the main wireless LAN setup screen.
ApplyClick Apply to save these settings back to the Prestige.
CancelClick Cancel to begin configuring this screen again.
through an external accounting server.
notation.
You need not change this value unless your network administrator instructs
you to do so with additional information.
shared between the external accounting server and the access points.
The key is not sent over the network. This key must be the same on the
external accounting server and the Prestige.
7.9 Introduction to OTIST
In a wireless network, the wireless clients must have the same SSID and security settings as
the access point (AP) or wireless router (we will refer to both as “AP” here) in order to
associate with it. Traditionally this meant that you had to configure the settings on the AP and
then manually configure the exact same settings on each wireless client.
OTIST (One-Touch Intelligent Security Technology) allows you to transfer your AP’s SSID
and WEP or WPA-PSK security settings to wireless clients that support OTIST and are within
transmission range. You can also choose to have OTIST generate a WPA-PSK key for you if
you didn’t configure one manually.
Note: OTIST replaces the pre-configured wireless settings on the wireless clients.
7.9.1 Enabling OTIST
You must enable OTIST on both the AP and wireless client before you start transferring
settings.
Note: The AP and wireless client(s) MUST use the same Setup key.
7.9.1.1 AP
You can enable OTIST using the Reset button or the web configurator.
99 Chapter 7 Wireless LAN (Prestige 660HW)
Loading...
+ hidden pages
You need points to download manuals.
1 point = 1 manual.
You can buy points or you can get point for every manual you upload.