ZyXEL Communications VPCJ2, VPCL14 User Manual

Download

Prestige 660H/HW Series

802.11g Wireless ADSL2+ 4-Port Security Gateway

User’s Guide

Version 3.40

5/2005

Prestige 660H/HW Series User’s Guide

Copyright

The contents of this publication may not be reproduced in any part or as a whole, transcribed, stored in a retrieval system, translated into any language, or transmitted in any form or by any means, electronic, mechanical, magnetic, optical, chemical, photocopying, manual, or otherwise, without the prior written permission of ZyXEL Communications Corporation.

Disclaimer

ZyXEL does not assume any liability arising out of the application or use of any products, or software described herein. Neither does it convey any license under its patent rights nor the patent rights of others. ZyXEL further reserves the right to make changes in any products described herein without notice. This publication is subject to change without notice.

Trademarks

ZyNOS (ZyXEL Network Operating System) is a registered trademark of ZyXEL Communications, Inc. Other trademarks mentioned in this publication are used for identification purposes only and may be properties of their respective owners.

Prestige 660H/HW Series User’s Guide

Federal Communications

Commission (FCC) Interference

Statement

This device complies with Part 15 of FCC rules. Operation is subject to the following two conditions:

• This device may not cause harmful interference.

• This device must accept any interference received, including interference that may cause undesired operations.

This equipment has been tested and found to comply with the limits for a Class B digital device pursuant to Part 15 of the FCC Rules. These limits are designed to provide reasonable protection against harmful interference in a commercial environment. This equipment generates, uses, and can radiate radio frequency energy, and if not installed and used in accordance with the instructions, may cause harmful interference to radio communications.

If this equipment does cause harmful interference to radio/television reception, which can be determined by turning the equipment off and on, the user is encouraged to try to correct the interference by one or more of the following measures:

• Reorient or relocate the receiving antenna.

• Increase the separation between the equipment and the receiver.

• Connect the equipment into an outlet on a circuit different from that to which the receiver is connected.

• Consult the dealer or an experienced radio/TV technician for help.

Notice 1

Changes or modifications not expressly approved by the party responsible for compliance could void the user's authority to operate the equipment.

This Class B digital apparatus complies with Canadian ICES-003.

Cet appareil numérique de la classe B est conforme à la norme NMB-003 du Canada.

Certifications

Go to www.zyxel.com

1 Select your product from the drop-down list box on the ZyXEL home page to go to that

product's page.

2 Select the certification you wish to view from this page.

3 Federal Communications Commission (FCC) Interference Statement

Prestige 660H/HW Series User’s Guide

Safety Warnings

For your safety, be sure to read and follow all warning notices and instructions.

• To reduce the risk of fire, use only No. 26 AWG (American Wire Gauge) or larger telecommunication line cord.

• Do NOT open the device or unit. Opening or removing covers can expose you to dangerous high voltage points or other risks. ONLY qualified service personnel can service the device. Please contact your vendor for further information.

• Use ONLY the dedicated power supply for your device. Connect the power cord or power adaptor to the right supply voltage (110V AC in North America or 230V AC in Europe).

• Do NOT use the device if the power supply is damaged as it might cause electrocution.

• If the power supply is damaged, remove it from the power outlet.

• Do NOT attempt to repair the power supply. Contact your local vendor to order a new power supply.

• Place connecting cables carefully so that no one will step on them or stumble over them. Do NOT allow anything to rest on the power cord and do NOT locate the product where anyone can walk on the power cord.

• If you wall mount your device, make sure that no electrical, gas or water pipes will be damaged.

• Do NOT install nor use your device during a thunderstorm. There may be a remote risk of electric shock from lightning.

• Do NOT expose your device to dampness, dust or corrosive liquids.

• Do NOT use this product near water, for example, in a wet basement or near a swimming pool.

• Make sure to connect the cables to the correct ports.

• Do NOT obstruct the device ventilation slots, as insufficient airflow may harm your device.

• Do NOT store things on the device.

• Connect ONLY suitable accessories to the device.

Safety Warnings 4

Prestige 660H/HW Series User’s Guide

ZyXEL Limited Warranty

ZyXEL warrants to the original end user (purchaser) that this product is free from any defects in materials or workmanship for a period of up to two years from the date of purchase. During the warranty period, and upon proof of purchase, should the product have indications of failure due to faulty workmanship and/or materials, ZyXEL will, at its discretion, repair or replace the defective products or components without charge for either parts or labor, and to whatever extent it shall deem necessary to restore the product or components to proper operating condition. Any replacement will consist of a new or re-manufactured functionally equivalent product of equal value, and will be solely at the discretion of ZyXEL. This warranty shall not apply if the product is modified, misused, tampered with, damaged by an act of God, or subjected to abnormal working conditions.

Note

Repair or replacement, as provided under this warranty, is the exclusive remedy of the purchaser. This warranty is in lieu of all other warranties, express or implied, including any implied warranty of merchantability or fitness for a particular use or purpose. ZyXEL shall in no event be held liable for indirect or consequential damages of any kind of character to the purchaser.

To obtain the services of this warranty, contact ZyXEL's Service Center for your Return Material Authorization number (RMA). Products must be returned Postage Prepaid. It is recommended that the unit be insured when shipped. Any returned products without proof of purchase or those with an out-dated warranty will be repaired or replaced (at the discretion of ZyXEL) and the customer will be billed for parts and labor. All repaired or replaced products will be shipped by ZyXEL to the corresponding return address, Postage Paid. This warranty gives you specific legal rights, and you may also have other rights that vary from country to country.

5 ZyXEL Limited Warranty

Prestige 660H/HW Series User’s Guide

Customer Support

Please have the following information ready when you contact customer support.

• Product model and serial number.

• Warranty Information.

• Date that you received your device.

• Brief description of the problem and the steps you took to solve it.

METHOD

LOCATION

CORPORATE HEADQUARTERS (WORLDWIDE)

CZECH REPUBLIC

DENMARK

FINLAND

FRANCE

GERMANY

NORTH AMERICA

NORWAY

SPAIN

SWEDEN

SUPPORT E-MAIL TELEPHONE

SALES E-MAIL FAX FTP SITE

support@zyxel.com.tw +886-3-578-3942 www.zyxel.com

sales@zyxel.com.tw +886-3-578-2439 ftp.zyxel.com

info@cz.zyxel.com +420 241 091 350 www.zyxel.cz ZyXEL Communications

info@cz.zyxel.com +420 241 091 359

support@zyxel.dk +45 39 55 07 00 www.zyxel.dk Z y X E L C o m m u n i c a t i o n s A / S

sales@zyxel.dk +45 39 55 07 07

support@zyxel.fi +358-9-4780-8411 www.zyxel.fi Z y X EL C o m m un i c a t i on s O y

sales@zyxel.fi +358-9-4780 8448

info@zyxel.fr +33 (0)4 72 52 97 97 www.zyxel.fr Z y XE L Fr a nc e

+33 (0)4 72 52 19 20

support@zyxel.de +49-2405-6909-0 www.zyxel.de ZyXEL Deutschland GmbH.

sales@zyxel.de +49-2405-6909-99

support@zyxel.com +1-800-255-4101

+1-714-632-0882

sales@zyxel.com +1-714-632-0858 ftp.us.zyxel.com

support@zyxel.no +47 22 80 61 80 www.zyxel.no Z y X E L C o m m u n i c a t i o n s A / S

sales@zyxel.no +47 22 80 61 81

support@zyxel.es +34 902 195 420 www.zyxel.es Z y X E L C o m m u ni c a t i o n s

sales@zyxel.es +34 913 005 345

support@zyxel.se +46 31 744 7700 www.zyxel.se Z y X E L C o m m u n ic at i on s A/ S

sales@zyxel.se +46 31 744 7701

WEB SITE

www.europe.zyxel.com

ftp.europe.zyxel.com

www.us.zyxel.com ZyXEL Communications Inc.

REGULAR MAIL

ZyXEL Communications Corp. 6 Innovation Road II

Sc ien ce P ar k Hsinchu 300 Ta iw a n

Czech s.r.o. Modranská 621 143 01 Praha 4 - Modrany Ceská Republika

Col um bu sv ej 5 2860 Soeborg Denmark

Mal mi nk aa ri 10 00700 Helsinki Finland

1 ru e d e s V er ge r s Ba t. 1 / C 69760 Limonest France

Adenauerstr. 20/A2 D-52146 Wuerselen Germany

1130 N. Miller St. Anaheim

CA 92806-2001 U.S.A.

Ni ls H ans en s ve i 13 0667 Oslo Norway

Alejandro Villegas 33 1º, 28043 Madrid Spain

Sjöporten 4, 41764 Göteborg Sweden

Customer Support 6

Prestige 660H/HW Series User’s Guide

METHOD

LOCATION

UNITED KINGDOM

SUPPORT E-MAIL TELEPHONE

SALES E-MAIL FAX FTP SITE

technical@zyxel.co.uk +44 (0) 8702 909090 www.zyxel.co.uk ZyXEL Communications UK

sales@zyxel.co.uk +44 (0) 8702 909091 ftp.zyxel.co.uk

WEB SITE

a. “+” is the (prefix) number you enter to make an international telephone call.

REGULAR MAIL

Ltd.,11, The Courtyard, Eastern Road, Bracknell, Berkshire, RG12 2XB, United Kingdom (UK)

7 Customer Support

Prestige 660H/HW Series User’s Guide

Copyright .................................................................................................................. 2

Federal Communications Commission (FCC) Interference Statement ............... 3

Safety Warnings ....................................................................................................... 4

ZyXEL Limited Warranty.......................................................................................... 5

Customer Support.................................................................................................... 6

Table of Contents..................................................................................................... 8

List of Figures ........................................................................................................ 24

List of Tables .......................................................................................................... 32

Preface .................................................................................................................... 38

Introduction to DSL................................................................................................ 40

Chapter 1

Getting To Know Your Prestige.............................................................................42

1.1 Introducing the Prestige .....................................................................................42

1.1.1 Features of the Prestige ...........................................................................43

1.1.1.1 P-660HW Wireless Features ...........................................................47

1.1.2 Applications for the Prestige .....................................................................48

1.1.2.1 Internet Access ...............................................................................48

1.1.3 Firewall for Secure Broadband Internet Access .......................................49

1.1.3.1 LAN to LAN Application ...................................................................49

1.1.4 Front Panel LEDs .....................................................................................49

Chapter 2

Introducing the Web Configurator........................................................................ 52

2.1 Web Configurator Overview ...............................................................................52

2.1.1 Accessing the Prestige Web Configurator ................................................52

2.1.2 Resetting the Prestige ..............................................................................53

2.1.2.1 Using the Reset Button ...................................................................53

2.1.3 Navigating the Prestige Web Configurator ...............................................54

Prestige 660H/HW Series User’s Guide

Chapter 3

Wizard Setup for Internet Access.........................................................................58

3.1 Introduction to Internet Access Wizard ..............................................................58

3.1.1 Internet Access Wizard Setup ..................................................................58

Chapter 4

Wizard Setup for Media Bandwidth Management ............................................... 66

4.1 Introduction to Media Bandwidth Management ..................................................66

4.1.1 Predefined Media Bandwidth Management Services ...............................66

4.2 Media Bandwidth Management Setup ...............................................................67

Chapter 5

Password Setup .....................................................................................................70

5.1 Password Overview ...........................................................................................70

5.1.1 Configuring Password ...............................................................................70

Chapter 6

LAN Setup...............................................................................................................72

6.1 LAN Overview ....................................................................................................72

6.1.1 LANs, WANs and the Prestige ..................................................................72

6.2 DNS Server Address ..........................................................................................73

6.3 DNS Server Address Assignment ......................................................................73

6.4 LAN TCP/IP ........................................................................................................74

6.4.1 Factory LAN Defaults ................................................................................74

6.4.2 IP Address and Subnet Mask ...................................................................74

6.4.3 RIP Setup .................................................................................................75

6.4.4 Multicast ....................................................................................................75

6.5 Any IP .................................................................................................................76

6.5.1 How Any IP Works ....................................................................................76

6.6 Configuring LAN .................................................................................................77

6.7 Configuring Static DHCP ....................................................................................79

Chapter 7

Wireless LAN (Prestige 660HW)............................................................................ 82

7.1 Introduction ........................................................................................................82

7.2 Wireless Security Overview ...............................................................................82

7.2.1 Encryption .................................................................................................82

7.2.2 Authentication ...........................................................................................82

7.2.3 Restricted Access .....................................................................................83

7.2.4 Hide Prestige Identity ................................................................................83

7.2.5 G-plus .......................................................................................................83

7.2.6 Configuring Wireless LAN on the Prestige ...............................................83

7.3 Configuring the Wireless Screen ........................................................................84

Prestige 660H/HW Series User’s Guide

7.3.1 WEP Encryption ........................................................................................84

7.4 Configuring MAC Filters .....................................................................................87

7.5 Introduction to WPA ...........................................................................................89

7.5.1 WPA-PSK Application Example ................................................................89

7.5.2 WPA with RADIUS Application Example ..................................................90

7.5.3 Wireless Client WPA Supplicants ............................................................91

7.6 Configuring IEEE 802.1x and WPA ....................................................................91

7.6.1 Authentication Required: 802.1x ...............................................................92

7.6.2 Authentication Required: WPA .................................................................94

7.6.3 Authentication Required: WPA-PSK .........................................................96

7.7 Configuring Local User Authentication ...............................................................97

7.8 Configuring RADIUS ..........................................................................................98

7.9 Introduction to OTIST .........................................................................................99

7.9.1 Enabling OTIST ........................................................................................99

7.9.1.1 AP ...................................................................................................99

7.9.1.2 Wireless Client ..............................................................................101

7.9.2 Starting OTIST ........................................................................................101

7.9.3 Notes on OTIST ......................................................................................102

Chapter 8

WAN Setup............................................................................................................ 104

8.1 WAN Overview .................................................................................................104

8.2 Metric ..............................................................................................................104

8.3 PPPoE Encapsulation ......................................................................................105

8.4 Traffic Shaping .................................................................................................105

8.5 Zero Configuration Internet Access ..................................................................106

8.6 Configuring WAN Setup ...................................................................................106

8.7 Traffic Redirect ................................................................................................109

8.8 Configuring WAN Backup ................................................................................. 110

Chapter 9

Network Address Translation (NAT) Screens.................................................... 114

9.1 NAT Overview .................................................................................................. 114

9.1.1 NAT Definitions ....................................................................................... 114

9.1.2 What NAT Does ......................................................................................115

9.1.3 How NAT Works .....................................................................................115

9.1.4 NAT Application ......................................................................................116

9.1.5 NAT Mapping Types ...............................................................................117

9.2 SUA (Single User Account) Versus NAT .......................................................... 118

9.3 SUA Server ...................................................................................................... 118

9.3.1 Default Server IP Address ...................................................................... 118

9.3.2 Port Forwarding: Services and Port Numbers ........................................118

9.3.3 Configuring Servers Behind SUA (Example) ..........................................119

Prestige 660H/HW Series User’s Guide

9.4 SIP ALG ........................................................................................................... 119

9.5 Selecting the NAT Mode ..................................................................................120

9.6 Configuring SUA Server ...................................................................................120

9.7 Configuring Address Mapping ..........................................................................122

9.8 Editing an Address Mapping Rule ....................................................................123

Chapter 10

Dynamic DNS Setup............................................................................................. 126

10.1 Dynamic DNS .................................................................................................126

10.1.1 DYNDNS Wildcard ................................................................................126

10.2 Configuring Dynamic DNS .............................................................................126

Chapter 11

Time and Date....................................................................................................... 128

11.1 Configuring Time and Date .............................................................................128

Chapter 12

Firewalls................................................................................................................130

12.1 Firewall Overview ...........................................................................................130

12.2 Types of Firewalls ..........................................................................................130

12.2.1 Packet Filtering Firewalls ......................................................................130

12.2.2 Application-level Firewalls ....................................................................130

12.2.3 Stateful Inspection Firewalls ................................................................131

12.3 Introduction to ZyXEL’s Firewall .....................................................................131

12.3.1 Denial of Service Attacks ......................................................................132

12.4 Denial of Service ............................................................................................132

12.4.1 Basics ...................................................................................................132

12.4.2 Types of DoS Attacks ...........................................................................133

12.4.2.1 ICMP Vulnerability ......................................................................135

12.4.2.2 Illegal Commands (NetBIOS and SMTP) ....................................135

12.4.2.3 Traceroute ...................................................................................136

12.5 Stateful Inspection ..........................................................................................136

12.5.1 Stateful Inspection Process ..................................................................137

12.5.2 Stateful Inspection and the Prestige .....................................................138

12.5.3 TCP Security .........................................................................................138

12.5.4 UDP/ICMP Security ..............................................................................139

12.5.5 Upper Layer Protocols ..........................................................................139

12.6 Guidelines for Enhancing Security with Your Firewall ....................................139

12.6.1 Security In General ...............................................................................140

12.7 Packet Filtering Vs Firewall ............................................................................141

12.7.1 Packet Filtering: ....................................................................................141

12.7.1.1 When To Use Filtering .................................................................141

12.7.2 Firewall .................................................................................................141

Prestige 660H/HW Series User’s Guide

12.7.2.1 When To Use The Firewall ..........................................................141

Chapter 13

Firewall Configuration .........................................................................................144

13.1 Access Methods .............................................................................................144

13.2 Firewall Policies Overview .............................................................................144

13.3 Rule Logic Overview ......................................................................................145

13.3.1 Rule Checklist .......................................................................................145

13.3.2 Security Ramifications ..........................................................................145

13.3.3 Key Fields For Configuring Rules .........................................................146

13.3.3.1 Action ..........................................................................................146

13.3.3.2 Service ........................................................................................146

13.3.3.3 Source Address ...........................................................................146

13.3.3.4 Destination Address ....................................................................146

13.4 Connection Direction Example .......................................................................146

13.4.1 LAN to WAN Rules ...............................................................................147

13.4.2 WAN to LAN Rules ...............................................................................147

13.4.3 Alerts .....................................................................................................148

13.5 Configuring Basic Firewall Settings ................................................................148

13.6 Rule Summary ...............................................................................................149

13.6.1 Configuring Firewall Rules ....................................................................151

13.7 Customized Services .....................................................................................154

13.8 Creating/Editing A Customized Service .........................................................154

13.9 Example Firewall Rule ...................................................................................155

13.10 Predefined Services .....................................................................................159

13.11 Anti-Probing ..................................................................................................161

13.12 Configuring Attack Alert ...............................................................................162

13.12.1 Threshold Values ................................................................................163

13.12.2 Half-Open Sessions ............................................................................163

13.12.2.1 TCP Maximum Incomplete and Blocking Time .........................163

Chapter 14

Content Filtering .................................................................................................. 166

14.1 Content Filtering Overview .............................................................................166

14.2 Configuring Keyword Blocking .......................................................................166

14.3 Configuring the Schedule ..............................................................................167

14.4 Configuring Trusted Computers .....................................................................168

Chapter 15

Remote Management Configuration .................................................................. 170

15.1 Remote Management Overview .....................................................................170

15.1.1 Remote Management Limitations .........................................................170

15.1.2 Remote Management and NAT ............................................................171

Prestige 660H/HW Series User’s Guide

15.1.3 System Timeout ...................................................................................171

15.2 Telnet ..............................................................................................................171

15.3 FTP ................................................................................................................171

15.4 Web ................................................................................................................172

15.5 Configuring Remote Management .................................................................172

Chapter 16

Universal Plug-and-Play (UPnP) ......................................................................... 174

16.1 Introducing Universal Plug and Play ..............................................................174

16.1.1 How do I know if I'm using UPnP? ........................................................174

16.1.2 NAT Traversal .......................................................................................174

16.1.3 Cautions with UPnP ..............................................................................174

16.2 UPnP and ZyXEL ...........................................................................................175

16.2.1 Configuring UPnP .................................................................................175

16.3 Installing UPnP in Windows Example ............................................................176

16.4 Using UPnP in Windows XP Example ...........................................................180

Chapter 17

Logs Screens........................................................................................................ 188

17.1 Logs Overview ...............................................................................................188

17.1.1 Alerts and Logs .....................................................................................188

17.2 Configuring Log Settings ................................................................................188

17.3 Displaying the Logs ........................................................................................190

17.4 SMTP Error Messages ...................................................................................191

17.4.1 Example E-mail Log ..............................................................................192

Chapter 18

Media Bandwidth Management Advanced Setup.............................................. 194

18.1 Bandwidth Management Advanced Setup Overview .....................................194

18.2 Bandwidth Classes and Filters .......................................................................194

18.3 Proportional Bandwidth Allocation .................................................................195

18.4 Bandwidth Management Usage Examples ....................................................195

18.4.1 Application-based Bandwidth Management Example ..........................195

18.4.2 Subnet-based Bandwidth Management Example .................................195

18.4.3 Application and Subnet-based Bandwidth Management Example .......196

18.5 Scheduler .......................................................................................................197

18.5.1 Priority-based Scheduler ......................................................................197

18.5.2 Fairness-based Scheduler ....................................................................197

18.6 Maximize Bandwidth Usage ...........................................................................197

18.6.1 Reserving Bandwidth for Non-Bandwidth Class Traffic ........................197

18.6.2 Maximize Bandwidth Usage Example ..................................................198

18.7 Bandwidth Borrowing .....................................................................................199

18.7.1 Bandwidth Borrowing Example .............................................................199

Prestige 660H/HW Series User’s Guide

18.7.2 Maximize Bandwidth Usage With Bandwidth Borrowing ......................200

18.8 Configuring Summary ....................................................................................200

18.9 Configuring Class Setup ................................................................................202

18.9.1 DiffServ .................................................................................................203

18.9.1.1 DSCP and Per-Hop Behavior ......................................................203

18.9.2 Media Bandwidth Management Class Configuration ............................203

18.9.3 Media Bandwidth Management Statistics .............................................206

18.10 Bandwidth Monitor ......................................................................................207

Chapter 19

Maintenance ......................................................................................................... 210

19.1 Maintenance Overview ...................................................................................210

19.2 System Status Screen ....................................................................................210

19.2.1 System Statistics ...................................................................................212

19.3 DHCP Table Screen .......................................................................................214

19.4 Any IP Table Screen .......................................................................................215

19.5 Wireless Screen .............................................................................................215

19.5.1 Association List .....................................................................................215

19.6 Diagnostic Screens ........................................................................................216

19.6.1 Diagnostic General Screen ...................................................................216

19.6.2 Diagnostic DSL Line Screen .................................................................217

19.7 Firmware Screen ............................................................................................219

Chapter 20

Introducing the SMT ............................................................................................222

20.1 SMT Introduction ............................................................................................222

20.1.1 Procedure for SMT Configuration via Telnet .........................................222

20.1.2 Entering Password ................................................................................222

20.1.3 Prestige SMT Menu Overview ..............................................................223

20.2 Navigating the SMT Interface .........................................................................223

20.2.1 System Management Terminal Interface Summary ..............................225

20.3 Changing the System Password ....................................................................225

Chapter 21

Menu 1 General Setup ......................................................................................... 228

21.1 General Setup ................................................................................................228

21.2 Procedure To Configure Menu 1 ....................................................................228

21.2.1 Procedure to Configure Dynamic DNS .................................................229

Chapter 22

Menu 2 WAN Backup Setup ................................................................................ 232

22.1 Introduction to WAN Backup Setup ................................................................232

22.2 Configuring Dial Backup in Menu 2 ................................................................232

Prestige 660H/HW Series User’s Guide

22.2.1 Traffic Redirect Setup ...........................................................................233

Chapter 23

Menu 3 LAN Setup ...............................................................................................236

23.1 LAN Setup ......................................................................................................236

23.1.1 General Ethernet Setup ........................................................................236

23.2 Protocol Dependent Ethernet Setup ..............................................................237

23.3 CP/IP Ethernet Setup and DHCP ...................................................................237

Chapter 24

Wireless LAN Setup ............................................................................................. 240

24.1 Wireless LAN Overview .................................................................................240

24.2 Wireless LAN Setup .......................................................................................240

24.2.1 Wireless LAN MAC Address Filter ........................................................241

Chapter 25

Internet Access .................................................................................................... 244

25.1 Internet Access Overview ..............................................................................244

25.2 IP Policies ......................................................................................................244

25.3 IP Alias ...........................................................................................................244

25.4 IP Alias Setup .................................................................................................245

25.5 Route IP Setup ...............................................................................................246

25.6 Internet Access Configuration ........................................................................247

Chapter 26

Remote Node Configuration ...............................................................................250

26.1 Remote Node Setup Overview .......................................................................250

26.2 Remote Node Setup .......................................................................................250

26.2.1 Remote Node Profile ............................................................................250

26.2.2 Encapsulation and Multiplexing Scenarios ...........................................251

26.2.2.1 Scenario 1: One VC, Multiple Protocols ......................................251

26.2.2.2 Scenario 2: One VC, One Protocol (IP) ......................................251

26.2.2.3 Scenario 3: Multiple VCs .............................................................251

26.2.3 Outgoing Authentication Protocol .........................................................253

26.3 Remote Node Network Layer Options ...........................................................254

26.3.1 My WAN Addr Sample IP Addresses ...................................................255

26.4 Remote Node Filter ........................................................................................256

26.5 Editing ATM Layer Options ............................................................................257

26.5.1 VC-based Multiplexing (non-PPP Encapsulation) ................................257

26.5.2 LLC-based Multiplexing or PPP Encapsulation ....................................257

26.5.3 Advance Setup Options ........................................................................258

Prestige 660H/HW Series User’s Guide

Chapter 27

Static Route Setup ...............................................................................................260

27.1 IP Static Route Overview ...............................................................................260

27.2 Configuration ..................................................................................................260

Chapter 28

Bridging Setup ..................................................................................................... 264

28.1 Bridging in General ........................................................................................264

28.2 Bridge Ethernet Setup ....................................................................................264

28.2.1 Remote Node Bridging Setup ...............................................................264

28.2.2 Bridge Static Route Setup .....................................................................266

Chapter 29

Network Address Translation (NAT)................................................................... 268

29.1 Using NAT ......................................................................................................268

29.1.1 SUA (Single User Account) Versus NAT ..............................................268

29.2 Applying NAT .................................................................................................268

29.3 NAT Setup ......................................................................................................270

29.3.1 Address Mapping Sets ..........................................................................270

29.3.1.1 SUA Address Mapping Set .........................................................271

29.3.1.2 User-Defined Address Mapping Sets ..........................................272

29.3.1.3 Ordering Your Rules ....................................................................273

29.4 Configuring a Server behind NAT ..................................................................274

29.5 General NAT Examples ..................................................................................275

29.5.1 Example 1: Internet Access Only ..........................................................276

29.5.2 Example 2: Internet Access with an Inside Server ...............................276

29.5.3 Example 3: Multiple Public IP Addresses With Inside Servers .............277

29.5.4 Example 4: NAT Unfriendly Application Programs ...............................281

Chapter 30

Enabling the Firewall ........................................................................................... 284

30.1 Remote Management and the Firewall ..........................................................284

30.2 Access Methods .............................................................................................284

30.3 Enabling the Firewall ......................................................................................284

Chapter 31

Filter Configuration..............................................................................................286

31.1 About Filtering ................................................................................................286

31.1.1 The Filter Structure of the Prestige .......................................................287

31.2 Configuring a Filter Set for the Prestige .........................................................288

31.3 Filter Rules Summary Menus .........................................................................289

31.4 Configuring a Filter Rule ................................................................................290

31.4.1 TCP/IP Filter Rule .................................................................................291

Prestige 660H/HW Series User’s Guide

31.4.2 Generic Filter Rule ................................................................................293

31.5 Filter Types and NAT .....................................................................................295

31.6 Example Filter ................................................................................................295

31.7 Applying Filters and Factory Defaults ............................................................297

31.7.1 Ethernet Traffic .....................................................................................298

31.7.2 Remote Node Filters .............................................................................298

Chapter 32

SNMP Configuration ............................................................................................300

32.1 About SNMP ..................................................................................................300

32.2 Supported MIBs ............................................................................................301

32.3 SNMP Configuration ......................................................................................301

32.4 SNMP Traps ...................................................................................................302

Chapter 33

System Security ...................................................................................................304

33.1 System Security .............................................................................................304

33.1.1 System Password .................................................................................304

33.1.2 Configuring External RADIUS Server ...................................................304

33.1.3 IEEE802.1x ...........................................................................................306

33.2 Creating User Accounts on the Prestige ........................................................308

Chapter 34

System Information and Diagnosis .................................................................... 310

34.1 Overview ........................................................................................................310

34.2 System Status ................................................................................................310

34.3 System Information ........................................................................................312

34.3.1 System Information ...............................................................................312

34.3.2 Console Port Speed ..............................................................................313

34.4 Log and Trace ................................................................................................314

34.4.1 Viewing Error Log .................................................................................314

34.4.2 Syslog and Accounting .........................................................................315

34.5 Diagnostic ......................................................................................................317

Chapter 35

Firmware and Configuration File Maintenance ................................................. 320

35.1 Filename Conventions ...................................................................................320

35.2 Backup Configuration .....................................................................................321

35.2.1 Backup Configuration ...........................................................................321

35.2.2 Using the FTP Command from the Command Line ..............................322

35.2.3 Example of FTP Commands from the Command Line .........................322

35.2.4 GUI-based FTP Clients .........................................................................323

35.2.5 TFTP and FTP over WAN Management Limitations .............................323

Prestige 660H/HW Series User’s Guide

35.2.6 Backup Configuration Using TFTP .......................................................324

35.2.7 TFTP Command Example ....................................................................324

35.2.8 GUI-based TFTP Clients ......................................................................324

35.3 Restore Configuration ....................................................................................325

35.3.1 Restore Using FTP ...............................................................................325

35.3.2 Restore Using FTP Session Example ..................................................326

35.4 Uploading Firmware and Configuration Files .................................................327

35.4.1 Firmware File Upload ............................................................................327

35.4.2 Configuration File Upload .....................................................................327

35.4.3 FTP File Upload Command from the DOS Prompt Example ................328

35.4.4 FTP Session Example of Firmware File Upload ...................................329

35.4.5 TFTP File Upload ..................................................................................329

35.4.6 TFTP Upload Command Example ........................................................330

Chapter 36

System Maintenance............................................................................................ 332

36.1 Command Interpreter Mode ...........................................................................332

36.2 Call Control Support .......................................................................................333

36.2.1 Budget Management ............................................................................333

36.3 Time and Date Setting ....................................................................................334

36.3.1 Resetting the Time ................................................................................335

Chapter 37

Remote Management ........................................................................................... 338

37.1 Remote Management Overview .....................................................................338

37.2 Remote Management .....................................................................................338

37.2.1 Remote Management Setup .................................................................338

37.2.2 Remote Management Limitations .........................................................339

37.3 Remote Management and NAT ......................................................................340

37.4 System Timeout .............................................................................................340

Chapter 38

IP Policy Routing.................................................................................................. 342

38.1 IP Policy Routing Overview ............................................................................342

38.2 Benefits of IP Policy Routing ..........................................................................342

38.3 Routing Policy ................................................................................................342

38.4 IP Routing Policy Setup .................................................................................343

38.5 Applying an IP Policy .....................................................................................346

38.5.1 Ethernet IP Policies ..............................................................................346

38.6 IP Policy Routing Example .............................................................................347

Prestige 660H/HW Series User’s Guide

Chapter 39

Call Scheduling ....................................................................................................352

39.1 Introduction ....................................................................................................352

Chapter 40

Internal SPTGEN .................................................................................................. 356

40.1 Internal SPTGEN Overview ...........................................................................356

40.2 The Configuration Text File Format ................................................................356

40.2.1 Internal SPTGEN File Modification - Important Points to Remember ...357

40.3 Internal SPTGEN FTP Download Example ....................................................357

40.4 Internal SPTGEN FTP Upload Example ........................................................358

Chapter 41

Troubleshooting ...................................................................................................360

41.1 Problems Starting Up the Prestige .................................................................360

41.2 Problems with the LAN LED ...........................................................................360

41.3 Problems with the DSL LED ...........................................................................361

41.4 Problems with the LAN Interface ....................................................................361

41.5 Problems with the WAN Interface ..................................................................361

41.6 Problems with Internet Access .......................................................................362

41.7 Problems with the Password ..........................................................................362

41.8 Problems with the Web Configurator .............................................................363

41.9 Problems with Remote Management .............................................................363

Appendix A

Splitters and Microfilters ..................................................................................... 364

Connecting a POTS Splitter ................................................................................... 364

Telephone Microfilters ............................................................................................ 365

Prestige With ISDN ................................................................................................ 365

Appendix B

Setting up Your Computer’s IP Address............................................................ 368

Windows 95/98/Me................................................................................................. 368

Installing Components ..................................................................................... 369

Configuring ...................................................................................................... 370

Verifying Settings............................................................................................. 371

Windows 2000/NT/XP ............................................................................................ 371

Verifying Settings............................................................................................. 375

Macintosh OS 8/9................................................................................................... 375

Verifying Settings............................................................................................. 377

Macintosh OS X ..................................................................................................... 377

Verifying Settings............................................................................................. 378

Prestige 660H/HW Series User’s Guide

Appendix C

IP Subnetting ........................................................................................................ 380

IP Addressing......................................................................................................... 380

IP Classes .............................................................................................................. 380

Subnet Masks ........................................................................................................ 381

Subnetting .............................................................................................................. 381

Example: Two Subnets .......................................................................................... 382

Example: Four Subnets.......................................................................................... 384

Example Eight Subnets.......................................................................................... 385

Subnetting With Class A and Class B Networks. ................................................... 386

Appendix D

PPPoE ................................................................................................................... 388

PPPoE in Action..................................................................................................... 388

Benefits of PPPoE.................................................................................................. 388

Traditional Dial-up Scenario................................................................................... 388

How PPPoE Works ................................................................................................ 389

Prestige as a PPPoE Client ................................................................................... 389

Appendix E

Virtual Circuit Topology ......................................................................................390

Appendix F

Wireless LANs ...................................................................................................... 392

Wireless LAN Topologies ....................................................................................... 392

Ad-hoc Wireless LAN Configuration ................................................................ 392

BSS.................................................................................................................. 392

ESS.................................................................................................................. 393

Channel.................................................................................................................. 394

RTS/CTS................................................................................................................ 394

Fragmentation Threshold ....................................................................................... 395

Preamble Type....................................................................................................... 396

IEEE 802.1x ........................................................................................................... 397

RADIUS.................................................................................................................. 397

Types of RADIUS Messages ........................................................................... 397

EAP Authentication ................................................................................................ 398

Types of Authentication......................................................................................... 399

EAP-MD5 (Message-Digest Algorithm 5) ........................................................ 399

EAP-TLS (Transport Layer Security) ............................................................... 399

EAP-TTLS (Tunneled Transport Layer Service) .............................................. 399

PEAP (Protected EAP) .................................................................................... 400

LEAP................................................................................................................ 400

Prestige 660H/HW Series User’s Guide

WEP Authentication Steps ..................................................................................... 400

Dynamic WEP Key Exchange ......................................................................... 401

WPA ....................................................................................................................... 402

User Authentication ........................................................................................ 402

Encryption ....................................................................................................... 402

Security Parameters Summary .............................................................................. 403

Roaming................................................................................................................. 403

Requirements for Roaming.............................................................................. 404

Appendix G

Antenna Selection and Positioning Recommendation..................................... 406

Antenna Characteristics ......................................................................................... 406

Frequency........................................................................................................ 406

Radiation Pattern ............................................................................................. 406

Antenna Gain................................................................................................... 406

Types of Antennas For WLAN................................................................................ 407

Positioning Antennas ....................................................................................... 407

Connector Type...................................................................................................... 407

Appendix H

Example Internal SPTGEN Screens.................................................................... 408

Command Examples.............................................................................................. 428

Appendix I

Command Interpreter........................................................................................... 430

Command Syntax................................................................................................... 430

Command Usage ................................................................................................... 430

Appendix J

Firewall Commands ............................................................................................. 432

Sys Firewall Commands ........................................................................................ 432

Appendix K

Brute-Force Password Guessing Protection..................................................... 434

Example ................................................................................................................. 434

Appendix L

Boot Commands ..................................................................................................436

Appendix M

Log Descriptions.................................................................................................. 438

Log Commands...................................................................................................... 447

Prestige 660H/HW Series User’s Guide

Configuring What You Want the Prestige to Log ............................................. 447

Displaying Logs ............................................................................................... 447

Log Command Example......................................................................................... 448

Index...................................................................................................................... 450

Prestige 660H/HW Series User’s Guide

List of Figures

Figure 1 Prestige Internet Access Application .................................................................... 48

Figure 2 Firewall Application ............................................................................................... 49

Figure 3 Prestige LAN-to-LAN Application .......................................................................... 49

Figure 4 P-660H Front Panel .............................................................................................. 49

Figure 5 P-660HW Front Panel ........................................................................................... 50

Figure 6 Password Screen .................................................................................................. 53

Figure 7 Change Password at Login ................................................................................... 53

Figure 8 Web Configurator: Site Map Screen ................................................................... 54

Figure 9 Internet Access Wizard Setup: First Screen ......................................................... 59

Figure 10 Internet Connection with PPPoE ......................................................................... 60

Figure 11 Internet Connection with RFC 1483 ................................................................... 61

Figure 12 Internet Connection with ENET ENCAP ............................................................. 61

Figure 13 Internet Connection with PPPoA ......................................................................... 62

Figure 14 Internet Access Wizard Setup: Third Screen ...................................................... 64

Figure 15 Internet Access Wizard Setup: LAN Configuration ............................................. 64

Figure 16 Internet Access Wizard Setup: Connection Tests ............................................... 65

Figure 17 Media Bandwidth Mgnt. Wizard Setup: First Screen .......................................... 67

Figure 18 Media Bandwidth Mgnt. Wizard Setup: Second Screen .................................... 68

Figure 19 Media Bandwidth Mgnt. Wizard Setup: Finish ................................................... 69

Figure 20 Password ............................................................................................................ 70

Figure 21 LAN and WAN IP Addresses .............................................................................. 72

Figure 22 Any IP Example .................................................................................................. 76

Figure 23 LAN Setup ........................................................................................................... 78

Figure 24 LAN: Static DHCP ............................................................................................... 80

Figure 25 Wireless Security Methods ................................................................................. 84

Figure 26 Wireless Screen .................................................................................................. 85

Figure 27 MAC Address Filter ............................................................................................. 88

Figure 28 WPA - PSK Authentication .................................................................................. 90

Figure 29 WPA with RADIUS Application Example2 .......................................................... 91

Figure 30 Wireless LAN: 802.1x/WPA: No Authentication .................................................. 92

Figure 31 Wireless LAN: 802.1x/WPA: 802.1xl ................................................................... 93

Figure 32 Wireless LAN: 802.1x/WPA: WPAl ...................................................................... 95

Figure 33 Wireless LAN: 802.1x/WPA:WPA-PSKl .............................................................. 96

Figure 34 Local User Database .......................................................................................... 97

Figure 35 RADIUS .............................................................................................................. 98

Figure 36 OTIST ................................................................................................................. 100

Prestige 660H/HW Series User’s Guide

Figure 37 Example Wireless Client OTIST Screen ............................................................. 101

Figure 38 Security Key ........................................................................................................ 101

Figure 39 OTIST in Progress (Prestige) .............................................................................. 101

Figure 40 OTIST in Progress (Client) .................................................................................. 101

Figure 41 No AP with OTIST Found ................................................................................... 102

Figure 42 Start OTIST? ....................................................................................................... 102

Figure 43 Example of Traffic Shaping ................................................................................. 106

Figure 44 WAN Setup (PPPoE) .......................................................................................... 107

Figure 45 Traffic Redirect Example ..................................................................................... 110

Figure 46 Traffic Redirect LAN Setup ................................................................................. 110

Figure 47 WAN Backup ....................................................................................................... 111

Figure 48 How NAT Works .................................................................................................. 116

Figure 49 NAT Application With IP Alias ............................................................................. 116

Figure 50 Multiple Servers Behind NAT Example ............................................................... 119

Figure 51 NAT Mode ........................................................................................................... 120

Figure 52 Edit SUA/NAT Server Set ................................................................................... 121

Figure 53 Address Mapping Rules ...................................................................................... 122

Figure 54 Address Mapping Rule Edit ................................................................................ 123

Figure 55 Dynamic DNS ..................................................................................................... 127

Figure 56 Time and Date ..................................................................................................... 128

Figure 57 Prestige Firewall Application ............................................................................... 132

Figure 58 Three-Way Handshake ....................................................................................... 133

Figure 59 SYN Flood ........................................................................................................... 134

Figure 60 Smurf Attack ....................................................................................................... 135

Figure 61 Stateful Inspection ............................................................................................... 137

Figure 62 LAN to WAN Traffic ............................................................................................. 147

Figure 63 WAN to LAN Traffic ............................................................................................. 147

Figure 64 Firewall: Default Policy ........................................................................................ 148

Figure 65 Firewall: Rule Summary ..................................................................................... 149

Figure 66 Firewall: Edit Rule ............................................................................................... 152

Figure 67 Firewall: Customized Services ............................................................................ 154

Figure 68 Firewall: Configure Customized Services ........................................................... 155

Figure 69 Firewall Example: Rule Summary ....................................................................... 156

Figure 70 Firewall Example: Edit Rule: Destination Address ............................................. 157

Figure 71 Edit Custom Port Example .................................................................................. 157

Figure 72 Firewall Example: Edit Rule: Select Customized Services ................................. 158

Figure 73 Firewall Example: Rule Summary: My Service .................................................. 159

Figure 74 Firewall: Anti Probing .......................................................................................... 162

Figure 75 Firewall: Threshold .............................................................................................. 164

Figure 76 Content Filter: Keyword ...................................................................................... 166

Figure 77 Content Filter: Schedule ..................................................................................... 167

Figure 78 Content Filter: Trusted ........................................................................................ 168

Figure 79 Telnet Configuration on a TCP/IP Network ......................................................... 171

Prestige 660H/HW Series User’s Guide

Figure 80 Remote Management ......................................................................................... 172

Figure 81 Configuring UPnP ............................................................................................... 175

Figure 82 Add/Remove Programs: Windows Setup: Communication ................................. 177

Figure 83 Add/Remove Programs: Windows Setup: Communication: Components .......... 177

Figure 84 Network Connections .......................................................................................... 178

Figure 85 Windows Optional Networking Components Wizard .......................................... 179

Figure 86 Networking Services ........................................................................................... 180

Figure 87 Network Connections .......................................................................................... 181

Figure 88 Internet Connection Properties .......................................................................... 182

Figure 89 Internet Connection Properties: Advanced Settings ........................................... 183

Figure 90 Internet Connection Properties: Advanced Settings: Add ................................... 183

Figure 91 System Tray Icon ................................................................................................ 184

Figure 92 Internet Connection Status .................................................................................. 184

Figure 93 Network Connections .......................................................................................... 185

Figure 94 Network Connections: My Network Places ......................................................... 186

Figure 95 Network Connections: My Network Places: Properties: Example ....................... 186

Figure 96 Log Settings ........................................................................................................ 189

Figure 97 View Logs ........................................................................................................... 191

Figure 98 E-mail Log Example ............................................................................................ 192

Figure 99 Application-based Bandwidth Management Example ......................................... 195

Figure 100 Subnet-based Bandwidth Management Example ............................................. 196

Figure 101 Application and Subnet-based Bandwidth Management Example ................... 196

Figure 102 Bandwidth Allotment Example .......................................................................... 198

Figure 103 Maximize Bandwidth Usage Example ............................................................... 199

Figure 104 Bandwidth Borrowing Example ......................................................................... 200

Figure 105 Media Bandwidth Management: Summary ....................................................... 201

Figure 106 Media Bandwidth Management: Class Setup ................................................... 202

Figure 107 DiffServ: Differentiated Service Field ................................................................ 203

Figure 108 Media Bandwidth Management: Class Configuration ....................................... 204

Figure 109 Media Bandwidth Management Statistics ........................................................ 207

Figure 110 Media Bandwidth Management: Monitor .......................................................... 208

Figure 111 System Status .................................................................................................... 211

Figure 112 System Status: Show Statistics ......................................................................... 213

Figure 113 DHCP Table ...................................................................................................... 214

Figure 114 Any IP Table ...................................................................................................... 215

Figure 115 Association List ................................................................................................. 216

Figure 116 Diagnostic: General ........................................................................................... 217

Figure 117 Diagnostic: DSL Line ......................................................................................... 218

Figure 118 Firmware Upgrade ............................................................................................ 219

Figure 119 Network Temporarily Disconnected ................................................................... 220

Figure 120 Error Message .................................................................................................. 220

Figure 121 Login Screen ..................................................................................................... 223

Figure 122 Prestige SMT Menu Overview .......................................................................... 223

Prestige 660H/HW Series User’s Guide

Figure 123 Menu 23.1 Change Password ........................................................................... 226

Figure 124 Menu 1 General Setup ...................................................................................... 229

Figure 125 Menu 1.1 Configure Dynamic DNS .................................................................. 230

Figure 126 Menu 2 WAN Backup Setup ............................................................................. 232

Figure 127 Menu 2.1Traffic Redirect Setup ......................................................................... 233

Figure 128 Menu 3 LAN Setup ............................................................................................ 236

Figure 129 Menu 3.1 LAN Port Filter Setup ........................................................................ 236

Figure 130 Menu 3.2 TCP/IP and DHCP Ethernet Setup ................................................... 237

Figure 131 Menu 3.5 - Wireless LAN Setup ....................................................................... 240

Figure 132 Menu 3.5.1 WLAN MAC Address Filtering ........................................................ 242

Figure 133 IP Alias Network Example ................................................................................. 245

Figure 134 Menu 3.2 TCP/IP and DHCP Setup ................................................................. 245

Figure 135 Menu 3.2.1 IP Alias Setup ................................................................................ 246

Figure 136 Menu 1 General Setup ...................................................................................... 247

Figure 137 Menu 4 Internet Access Setup .......................................................................... 247

Figure 138 Menu 11 Remote Node Setup ........................................................................... 251

Figure 139 Menu 11.1 Remote Node Profile ...................................................................... 252

Figure 140 Menu 11.3 Remote Node Network Layer Options ............................................ 254

Figure 141 Sample IP Addresses for a TCP/IP LAN-to-LAN Connection ........................... 256

Figure 142 Menu 11.5 Remote Node Filter (RFC 1483 or ENET Encapsulation) ............... 256

Figure 143 Menu 11.5 Remote Node Filter (PPPoA or PPPoE Encapsulation) ................. 257

Figure 144 Menu 11.6 for VC-based Multiplexing ............................................................... 257

Figure 145 Menu 11.6 for LLC-based Multiplexing or PPP Encapsulation .......................... 258

Figure 146 Menu 11.1 Remote Node Profile ....................................................................... 258

Figure 147 Menu 11.8 Advance Setup Options .................................................................. 259

Figure 148 Sample Static Routing Topology ....................................................................... 260

Figure 149 Menu 12 Static Route Setup ............................................................................. 261

Figure 150 Menu 12.1 IP Static Route Setup ...................................................................... 261

Figure 151 Menu12.1.1 Edit IP Static Route ....................................................................... 261

Figure 152 Menu 11.1 Remote Node Profile ....................................................................... 265

Figure 153 Menu 11.3 Remote Node Network Layer Options ............................................ 265

Figure 154 Menu 12.3.1 Edit Bridge Static Route ............................................................... 266

Figure 155 Menu 4 Applying NAT for Internet Access ........................................................ 269

Figure 156 Applying NAT in Menus 4 & 11.3 ....................................................................... 269

Figure 157 Menu 15 NAT Setup ........................................................................................ 270

Figure 158 Menu 15.1 Address Mapping Sets .................................................................... 271

Figure 159 Menu 15.1.255 SUA Address Mapping Rules .................................................. 271

Figure 160 Menu 15.1.1 First Set ........................................................................................ 272

Figure 161 Menu 15.1.1.1 Editing/Configuring an Individual Rule in a Set ........................ 273

Figure 162 Menu 15.2 NAT Server Setup ........................................................................... 274

Figure 163 Menu 15.2.1 NAT Server Setup ........................................................................ 275

Figure 164 Multiple Servers Behind NAT Example ............................................................. 275

Figure 165 NAT Example 1 ................................................................................................. 276

Prestige 660H/HW Series User’s Guide

Figure 166 Menu 4 Internet Access & NAT Example .......................................................... 276

Figure 167 NAT Example 2 ................................................................................................. 277

Figure 168 Menu 15.2.1 Specifying an Inside Server ......................................................... 277

Figure 169 NAT Example 3 ................................................................................................. 278

Figure 170 Example 3: Menu 11.3 ...................................................................................... 279

Figure 171 Example 3: Menu 15.1.1.1 ................................................................................ 279

Figure 172 Example 3: Final Menu 15.1.1 .......................................................................... 280

Figure 173 Example 3: Menu 15.2.1 ................................................................................... 280

Figure 174 NAT Example 4 ................................................................................................. 281

Figure 175 Example 4: Menu 15.1.1.1 Address Mapping Rule ........................................... 281

Figure 176 Example 4: Menu 15.1.1 Address Mapping Rules ............................................ 282

Figure 177 Menu 21.2 Firewall Setup ................................................................................. 285

Figure 178 Outgoing Packet Filtering Process .................................................................... 286

Figure 179 Filter Rule Process ............................................................................................ 287

Figure 180 Menu 21 Filter Set Configuration ...................................................................... 288

Figure 181 NetBIOS_WAN Filter Rules Summary ............................................................. 288

Figure 182 NetBIOS_LAN Filter Rules Summary .............................................................. 289

Figure 183 IGMP Filter Rules Summary ............................................................................ 289

Figure 184 Menu 21.1.x.1 TCP/IP Filter Rule ..................................................................... 291

Figure 185 Executing an IP Filter ........................................................................................ 293

Figure 186 Menu 21.1.5.1 Generic Filter Rule ................................................................... 294

Figure 187 Protocol and Device Filter Sets ......................................................................... 295

Figure 188 Sample Telnet Filter .......................................................................................... 296

Figure 189 Menu 21.1.6.1 Sample Filter ............................................................................ 296

Figure 190 Menu 21.1.6.1 Sample Filter Rules Summary .................................................. 297

Figure 191 Filtering Ethernet Traffic .................................................................................... 298

Figure 192 Filtering Remote Node Traffic ........................................................................... 298

Figure 193 SNMP Management Model ............................................................................... 300

Figure 194 Menu 22 SNMP Configuration .......................................................................... 302

Figure 195 Menu 23 – System Security .............................................................................. 304

Figure 196 Menu 23.2 System Security: RADIUS Server ................................................... 305

Figure 197 Menu 23 System Security ................................................................................. 306

Figure 198 Menu 23.4 System Security: IEEE802.1x ......................................................... 306

Figure 199 Menu 14 Dial-in User Setup .............................................................................. 309

Figure 200 Menu 14.1 Edit Dial-in User .............................................................................. 309

Figure 201 Menu 24 System Maintenance ......................................................................... 310

Figure 202 Menu 24.1 System Maintenance : Status ......................................................... 311

Figure 203 Menu 24.2 System Information and Console Port Speed ................................. 312

Figure 204 Menu 24.2.1 System Maintenance: Information ............................................... 313

Figure 205 Menu 24.2.2 System Maintenance : Change Console Port Speed ................... 314

Figure 206 Menu 24.3 System Maintenance: Log and Trace ............................................. 314

Figure 207 Sample Error and Information Messages ......................................................... 315

Figure 208 Menu 24.3.2 System Maintenance: Syslog and Accounting ............................. 315

Prestige 660H/HW Series User’s Guide

Figure 209 Syslog Example ................................................................................................ 316

Figure 210 Menu 24.4 System Maintenance : Diagnostic ................................................... 317

Figure 211 Telnet in Menu 24.5 ........................................................................................... 322

Figure 212 FTP Session Example ...................................................................................... 323

Figure 213 Telnet into Menu 24.6 ........................................................................................ 326

Figure 214 Restore Using FTP Session Example ............................................................... 326

Figure 215 Telnet Into Menu 24.7.1 Upload System Firmware .......................................... 327

Figure 216 Telnet Into Menu 24.7.2 System Maintenance ................................................. 328

Figure 217 FTP Session Example of Firmware File Upload ............................................... 329

Figure 218 Command Mode in Menu 24 ............................................................................. 332

Figure 219 Valid Commands ............................................................................................... 332

Figure 220 Menu 24.9 System Maintenance: Call Control .................................................. 333

Figure 221 Menu 24.9.1 System Maintenance: Budget Management ................................ 333

Figure 222 Menu 24 System Maintenance ......................................................................... 334

Figure 223 Menu 24.10 System Maintenance: Time and Date Setting ............................... 335

Figure 224 Menu 24.11 Remote Management Control ....................................................... 339

Figure 225 Menu 25 IP Routing Policy Setup ..................................................................... 343

Figure 226 Menu 25.1 IP Routing Policy Setup .................................................................. 344

Figure 227 Menu 25.1.1 IP Routing Policy .......................................................................... 345

Figure 228 Menu 3.2 TCP/IP and DHCP Ethernet Setup ................................................... 347

Figure 229 Menu 11.3 Remote Node Network Layer Options ............................................ 347

Figure 230 Example of IP Policy Routing ........................................................................... 348

Figure 231 IP Routing Policy Example ................................................................................ 349

Figure 232 IP Routing Policy Example ................................................................................ 350

Figure 233 Applying IP Policies Example ........................................................................... 350

Figure 234 Menu 26 Schedule Setup .................................................................................. 352

Figure 235 Menu 26.1 Schedule Set Setup ....................................................................... 353

Figure 236 Applying Schedule Set(s) to a Remote Node (PPPoE) .................................... 354

Figure 237 Configuration Text File Format: Column Descriptions ....................................... 356

Figure 238 Invalid Parameter Entered: Command Line Example ....................................... 357

Figure 239 Valid Parameter Entered: Command Line Example ......................................... 357

Figure 240 Internal SPTGEN FTP Download Example ..................................................... 358

Figure 241 Internal SPTGEN FTP Upload Example ........................................................... 358

Figure 242 Connecting a POTS Splitter .............................................................................. 364

Figure 243 Connecting a Microfilter .................................................................................... 365

Figure 244 Prestige with ISDN ............................................................................................ 366

Figure 245 WIndows 95/98/Me: Network: Configuration ..................................................... 369

Figure 246 Windows 95/98/Me: TCP/IP Properties: IP Address ......................................... 370

Figure 247 Windows 95/98/Me: TCP/IP Properties: DNS Configuration ............................ 371

Figure 248 Windows XP: Start Menu .................................................................................. 372

Figure 249 Windows XP: Control Panel .............................................................................. 372

Figure 250 Windows XP: Control Panel: Network Connections: Properties ....................... 373

Figure 251 Windows XP: Local Area Connection Properties .............................................. 373

Prestige 660H/HW Series User’s Guide

Figure 252 Windows XP: Advanced TCP/IP Settings ......................................................... 374

Figure 253 Windows XP: Internet Protocol (TCP/IP) Properties ......................................... 375

Figure 254 Macintosh OS 8/9: Apple Menu ........................................................................ 376

Figure 255 Macintosh OS 8/9: TCP/IP ................................................................................ 376

Figure 256 Macintosh OS X: Apple Menu ........................................................................... 377

Figure 257 Macintosh OS X: Network ................................................................................. 378

Figure 258 Single-Computer per Router Hardware Configuration ...................................... 389

Figure 259 Prestige as a PPPoE Client .............................................................................. 389

Figure 260 Virtual Circuit Topology ..................................................................................... 390

Figure 261 Peer-to-Peer Communication in an Ad-hoc Network ........................................ 392

Figure 262 Basic Service Set .............................................................................................. 393

Figure 263 Infrastructure WLAN ......................................................................................... 394

Figure 264 RTS/CTS ......................................................................................................... 395

Figure 265 EAP Authentication ........................................................................................... 398

Figure 266 WEP Authentication Steps ................................................................................ 400

Figure 267 Roaming Example ............................................................................................. 404

Figure 268 Option to Enter Debug Mode ............................................................................ 436

Figure 269 Boot Module Commands .................................................................................. 437

Figure 270 Displaying Log Categories Example ................................................................. 447

Figure 271 Displaying Log Parameters Example ................................................................ 447

Figure 272 Log Command Example ................................................................................... 448

Prestige 660H/HW Series User’s Guide

List of Tables

Table 1 ADSL Standards .................................................................................................... 42

Table 2 Front Panel LEDs .................................................................................................. 50

Table 3 Web Configurator Screens Summary .................................................................... 55

Table 4 Internet Access Wizard Setup: First Screen .......................................................... 59

Table 5 Internet Connection with PPPoE .......................................................................... 60

Table 6 Internet Connection with RFC 1483 ...................................................................... 61

Table 7 Internet Connection with ENET ENCAP ................................................................ 62

Table 8 Internet Connection with PPPoA ........................................................................... 63

Table 9 Internet Access Wizard Setup: LAN Configuration ................................................ 65

Table 10 Media Bandwidth Mgnt. Wizard Setup: Services ................................................. 66

Table 11 Media Bandwidth Mgnt. Wizard Setup: First Screen ........................................... 68

Table 12 Media Bandwidth Mgnt. Wizard Setup: Second Screen ...................................... 68

Table 13 Password .............................................................................................................70

Table 14 LAN Setup ........................................................................................................... 78

Table 15 LAN: Static DHCP ................................................................................................ 80

Table 16 Wireless LAN ....................................................................................................... 85

Table 17 MAC Address Filter ............................................................................................. 88

Table 18 Wireless LAN: 802.1x/WPA: No Access/Authentication ...................................... 92

Table 19 Wireless LAN: 802.1x/WPA: 802.1x .................................................................... 93

Table 20 Wireless LAN: 802.1x/WPA: WPAl ...................................................................... 95

Table 21 Wireless LAN: 802.1x/WPA: WPAl-PSK .............................................................. 96

Table 22 Local User Database ........................................................................................... 97

Table 23 RADIUS ...............................................................................................................98

Table 24 OTIST .................................................................................................................. 100

Table 25 WAN Setup .......................................................................................................... 107

Table 26 WAN Backup ....................................................................................................... 111

Table 27 NAT Definitions .................................................................................................... 114

Table 28 NAT Mapping Types ............................................................................................ 117

Table 29 Services and Port Numbers ................................................................................. 118

Table 30 NAT Mode ............................................................................................................ 120

Table 31 Edit SUA/NAT Server Set .................................................................................... 121

Table 32 Address Mapping Rules ...................................................................................... 122

Table 33 Address Mapping Rule Edit ................................................................................. 124

Table 34 Dynamic DNS ...................................................................................................... 127

Table 35 Time and Date ..................................................................................................... 129

Table 36 Common IP Ports ................................................................................................ 133

Prestige 660H/HW Series User’s Guide

Table 37 ICMP Commands That Trigger Alerts .................................................................. 135

Table 38 Legal NetBIOS Commands ................................................................................. 135

Table 39 Legal SMTP Commands .................................................................................... 136

Table 40 Firewall: Default Policy ........................................................................................ 148

Table 41 Rule Summary ..................................................................................................... 150

Table 42 Firewall: Edit Rule ................................................................................................ 153

Table 43 Customized Services ........................................................................................... 154

Table 44 Firewall: Configure Customized Services ............................................................ 155

Table 45 Predefined Services ........................................................................................... 159

Table 46 Firewall: Anti Probing ........................................................................................... 162

Table 47 Firewall: Threshold .............................................................................................. 164

Table 48 Content Filter: Keyword ....................................................................................... 167

Table 49 Content Filter: Schedule ...................................................................................... 168

Table 50 Content Filter: Trusted ......................................................................................... 168

Table 51 Remote Management .......................................................................................... 172

Table 52 Configuring UPnP ................................................................................................ 176

Table 53 Log Settings .........................................................................................................189

Table 54 View Logs ............................................................................................................191

Table 55 SMTP Error Messages ........................................................................................ 191

Table 56 Application and Subnet-based Bandwidth Management Example ...................... 196

Table 57 Media Bandwidth Management: Summary .......................................................... 201

Table 58 Media Bandwidth Management: Class Setup ...................................................... 202

Table 59 Media Bandwidth Management: Class Configuration .......................................... 204

Table 60 Services and Port Numbers ................................................................................. 206

Table 61 Media Bandwidth Management Statistics ............................................................ 207

Table 62 Media Bandwidth Management: Monitor ............................................................. 208

Table 63 System Status ...................................................................................................... 211

Table 64 System Status: Show Statistics ........................................................................... 213

Table 65 DHCP Table ......................................................................................................... 214

Table 66 Any IP Table ........................................................................................................ 215

Table 67 Association List .................................................................................................... 216

Table 68 Diagnostic: General ............................................................................................. 217

Table 69 Diagnostic: DSL Line ........................................................................................... 218

Table 70 Firmware Upgrade ............................................................................................... 219

Table 71 Navigating the SMT Interface .............................................................................. 224

Table 72 SMT Main Menu .................................................................................................. 224

Table 73 Main Menu Summary .......................................................................................... 225

Table 74 Menu 1 General Setup ........................................................................................ 229

Table 75 Menu 1.1 Configure Dynamic DNS ..................................................................... 230

Table 76 Menu 2 WAN Backup Setup ................................................................................ 232

Table 77 Menu 2.1Traffic Redirect Setup ........................................................................... 233

Table 78 DHCP Ethernet Setup ......................................................................................... 238

Table 79 TCP/IP Ethernet Setup ........................................................................................ 238

Prestige 660H/HW Series User’s Guide

Table 80 Menu 3.5 - Wireless LAN Setup .......................................................................... 240

Table 81 Menu 3.5.1 WLAN MAC Address Filtering .......................................................... 242

Table 82 Menu 3.2.1 IP Alias Setup ................................................................................... 246

Table 83 Menu 4 Internet Access Setup ............................................................................ 248

Table 84 Menu 11.1 Remote Node Profile ......................................................................... 252

Table 85 Menu 11.3 Remote Node Network Layer Options ............................................... 254

Table 86 Menu 11.8 Advance Setup Options ..................................................................... 259

Table 87 Menu12.1.1 Edit IP Static Route .......................................................................... 262

Table 88 Remote Node Network Layer Options: Bridge Fields .......................................... 265

Table 89 Menu 12.3.1 Edit Bridge Static Route .................................................................. 266

Table 90 Applying NAT in Menus 4 & 11.3 ......................................................................... 270

Table 91 SUA Address Mapping Rules .............................................................................. 271

Table 92 Menu 15.1.1 First Set .......................................................................................... 273

Table 93 Menu 15.1.1.1 Editing/Configuring an Individual Rule in a Set ........................... 274

Table 94 Abbreviations Used in the Filter Rules Summary Menu ...................................... 289

Table 95 Rule Abbreviations Used ..................................................................................... 290

Table 96 Menu 21.1.x.1 TCP/IP Filter Rule ........................................................................ 291

Table 97 Menu 21.1.5.1 Generic Filter Rule ....................................................................... 294

Table 98 Filter Sets Table ................................................................................................... 297

Table 99 Menu 22 SNMP Configuration ............................................................................. 302

Table 100 SNMP Traps ...................................................................................................... 302

Table 101 Ports and Permanent Virtual Circuits ................................................................. 303

Table 102 Menu 23.2 System Security: RADIUS Server ................................................... 305

Table 103 Menu 23.4 System Security : IEEE802.1x ......................................................... 307

Table 104 Menu 14.1 Edit Dial-in User ............................................................................... 309

Table 105 Menu 24.1 System Maintenance : Status .......................................................... 311

Table 106 Menu 24.2.1 System Maintenance: Information ................................................ 313

Table 107 Menu 24.3.2 System Maintenance : Syslog and Accounting ............................ 315

Table 108 Menu 24.4 System Maintenance Menu: Diagnostic .......................................... 318

Table 109 Filename Conventions ....................................................................................... 321

Table 110 General Commands for GUI-based FTP Clients ............................................... 323

Table 111 General Commands for GUI-based TFTP Clients ............................................. 325

Table 112 Menu 24.9.1 System Maintenance : Budget Management ................................ 334

Table 113 Menu 24.10 System Maintenance: Time and Date Setting ............................... 335

Table 114 Menu 24.11 Remote Management Control ........................................................ 339

Table 115 Menu 25.1 IP Routing Policy Setup ................................................................... 344

Table 116 Menu 25.1.1 IP Routing Policy .......................................................................... 345

Table 117 Menu 26.1 Schedule Set Setup ......................................................................... 353

Table 118 Troubleshooting the Start-Up of Your Prestige ................................................... 360

Table 119 Troubleshooting the LAN LED ........................................................................... 360

Table 120 Troubleshooting the DSL LED ........................................................................... 361

Table 121 Troubleshooting the LAN Interface .................................................................... 361

Table 122 Troubleshooting the WAN Interface ................................................................... 361

Prestige 660H/HW Series User’s Guide

Table 123 Troubleshooting Internet Access ....................................................................... 362

Table 124 Troubleshooting the Password .......................................................................... 362

Table 125 Troubleshooting the Web Configurator .............................................................. 363

Table 126 Troubleshooting Remote Management ............................................................. 363

Table 127 Classes of IP Addresses ................................................................................... 380

Table 128 Allowed IP Address Range By Class ................................................................. 381

Table 129 “Natural” Masks ................................................................................................ 381

Table 130 Alternative Subnet Mask Notation ..................................................................... 382

Table 131 Two Subnets Example ....................................................................................... 382

Table 132 Subnet 1 ............................................................................................................383

Table 133 Subnet 2 ............................................................................................................383

Table 134 Subnet 1 ............................................................................................................384

Table 135 Subnet 2 ............................................................................................................384

Table 136 Subnet 3 ............................................................................................................384

Table 137 Subnet 4 ............................................................................................................385

Table 138 Eight Subnets .................................................................................................... 385

Table 139 Class C Subnet Planning ................................................................................... 385

Table 140 Class B Subnet Planning ................................................................................... 386

Table 141 IEEE802.11g ...................................................................................................... 396

Table 142 Comparison of EAP Authentication Types ......................................................... 401

Table 143 Wireless Security Relational Matrix ................................................................... 403

Table 144 Abbreviations Used in the Example Internal SPTGEN Screens Table .............. 408

Table 145 Menu 1 General Setup (SMT Menu 1) .............................................................. 408

Table 146 Menu 3 (SMT Menu 1) ....................................................................................... 408

Table 147 Menu 4 Internet Access Setup (SMT Menu 4) .................................................. 412

Table 148 Menu 12(SMT Menu 12) .................................................................................... 413

Table 149 Menu 15 SUA Server Setup (SMT Menu 15) .................................................... 417

Table 150 Menu 21.1 Filter Set #1 (SMT Menu 21.1) ........................................................ 419

Table 151 Menu 21.1 Filer Set #2, (SMT Menu 21.1) ....................................................... 423

Table 152 ci command (for annex a): wan adsl opencmd .................................................. 428

Table 153 Sys Firewall Commands .................................................................................... 432

Table 154 Brute-Force Password Guessing Protection Commands .................................. 434

Table 155 System Maintenance Logs ................................................................................ 438

Table 156 System Error Logs ............................................................................................. 439

Table 157 Access Control Logs .......................................................................................... 439

Table 158 TCP Reset Logs ................................................................................................ 440

Table 159 Packet Filter Logs .............................................................................................. 440

Table 160 ICMP Logs ......................................................................................................... 440

Table 161 CDR Logs .......................................................................................................... 441

Table 162 PPP Logs ........................................................................................................... 441

Table 163 UPnP Logs ........................................................................................................ 442

Table 164 Content Filtering Logs ....................................................................................... 442

Table 165 Attack Logs ........................................................................................................ 443

Prestige 660H/HW Series User’s Guide

Table 166 802.1X Logs ...................................................................................................... 444

Table 167 ACL Setting Notes ............................................................................................. 444

Table 168 ICMP Notes ....................................................................................................... 445

Table 169 Syslog Logs ....................................................................................................... 446

Table 170 RFC-2408 ISAKMP Payload Types ................................................................... 446

Prestige 660H/HW Series User’s Guide

Preface

Congratulations on your purchase of the Prestige 660HW Wireless ADSL Security Gateway or the Prestige 660H ADSL Security Gateway.

Note: Register your product online to receive e-mail notices of firmware upgrades and

information at North American products.

The Prestige 660HW has the built-in IEEE 802.11g wireless feature that provides wireless LAN connection without the expense of additional network cabling infrastructure.

Your Prestige is easy to install and configure.

About This User's Guide

This manual is designed to guide you through the configuration of your Prestige for its various applications. The web configurator parts of this guide contain background information on features configurable by web configurator. The SMT parts of this guide contain background information solely on features not configurable by web configurator.

www.zyxel.com for global products, or at www.us.zyxel.com for

Note: Use the web configurator, System Management Terminal (SMT) or command

interpreter interface to configure your Prestige. Not all features can be configured through all interfaces.

Syntax Conventions

• “Enter” means for you to type one or more characters. “Select” or “Choose” means for you to use one predefined choices.

• The SMT menu titles and labels are in Bold Times New Roman font. Predefined field choices are in Bold Arial font. Command and arrow keys are enclosed in square brackets. [ENTER] means the Enter, or carriage return key; [ESC] means the Escape key and [SPACE BAR] means the Space Bar.

• Mouse action sequences are denoted using a comma. For example, “click the Apple icon, Control Panels and then Modem” means first click the Apple icon, then point your mouse pointer to Control Panels and then click Modem.

• For brevity’s sake, we will use “e.g.,” as a shorthand for “for instance”, and “i.e.,” for “that is” or “in other words” throughout this manual.

• The Prestige 660H and Prestige 660HW series may be referred to as the Prestige in this user’s guide. This refers to both models (ADSL over POTS and ADSL over ISDN) unless specifically identified.

Introduction to DSL

DSL (Digital Subscriber Line) technology enhances the data capacity of the existing twistedpair wire that runs between the local telephone company switching offices and most homes and offices. While the wire itself can handle higher frequencies, the telephone switching equipment is designed to cut off signals above 4,000 Hz to filter noise off the voice line, but now everybody is searching for ways to get more bandwidth to improve access to the Web hence DSL technologies.

There are actually seven types of DSL service, ranging in speeds from 16 Kbits/sec to 52 Mbits/sec. The services are either symmetrical (traffic flows at the same speed in both directions), or asymmetrical (the downstream capacity is higher than the upstream capacity). Asymmetrical services (ADSL) are suitable for Internet users because more information is usually downloaded than uploaded. For example, a simple button click in a web browser can start an extended download that includes graphics and text.

As data rates increase, the carrying distance decreases. That means that users who are beyond a certain distance from the telephone company’s central office may not be able to obtain the higher speeds.

A DSL connection is a point-to-point dedicated circuit, meaning that the link is always up and there is no dialing required.

Introduction to ADSL

It is an asymmetrical technology, meaning that the downstream data rate is much higher than the upstream data rate. As mentioned, this works well for a typical Internet session in which more information is downloaded, for example, from Web servers, than is uploaded. ADSL operates in a frequency range that is above the frequency range of voice services, so the two systems can operate over the same cable.

Introduction to DSL 40

Prestige 660H/HW Series User’s Guide

41 Introduction to DSL

Prestige 660H/HW Series User’s Guide

CHAPTER 1

Getting To Know Your Prestige

This chapter describes the key features and applications of your Prestige.

1.1 Introducing the Prestige

Your Prestige integrates high-speed 10/100Mbps auto-negotiating LAN interface(s) and a high-speed ADSL port into a single package. The Prestige is ideal for high-speed Internet browsing and making LAN-to-LAN connections to remote networks. The Prestige is an ADSL router compatible with the ADSL/ADSL2/ADSL2+ standards. Maximum data rates attainable by the Prestige for each standard are shown in the next table.

Table 1 ADSL Standards

DATA RATE STANDARD UPSTREAM DOWNSTREAM

ADSL

ADSL2

ADSL2+

Note: The standard your ISP supports determines the maximum upstream and

downstream speeds attainable. Actual speeds attained also depend on the distance from your ISP, line quality, etc.

By integrating DSL and NAT, the Prestige provides ease of installation and Internet access. The Prestige is also a complete security solution with a robust firewall, content filtering and Wi-Fi Protected Access (WPA).

Two Prestige model series are included in this user’s guide at the time of writing. In the Prestige product name, “H” denotes an integrated 4-port switch (hub) and “W” denotes an included wireless LAN card. The Prestige 660HW provides IEEE 802.11g wireless LAN connectivity allowing users to enjoy the convenience and mobility of working anywhere within the coverage area.

Models ending in “1”, for example Prestige 660HW-61, denote a device that works over the analog telephone system, POTS (Plain Old Telephone Service). Models ending in “3” denote a device that works over ISDN (Integrated Services Digital Network). Models ending in “7” denote a device that works over T-ISDN (UR-2).

832 kbps 8Mbps

3.5Mbps 12Mbps

3.5Mbps 24Mbps

Note: Only use firmware for your Prestige’s specific model. Refer to the label on the

bottom of your Prestige.

Chapter 1 Getting To Know Your Prestige 42

Prestige 660H/HW Series User’s Guide

The web browser-based Graphical User Interface (GUI) provides easy management.

1.1.1 Features of the Prestige

The following sections describe the features of the Prestige.

Note: See the product specifications in the appendix for detailed features and

standards support.

Built-in Switch

The 10/100 Mbps auto-negotiating Ethernet ports allow the Prestige to detect the speed of incoming transmissions and adjust appropriately without manual intervention. It allows data transfer of either 10 Mbps or 100 Mbps in either half-duplex or full-duplex mode depending on your Ethernet network. The ports are also auto-crossover (MDI/MDI-X) meaning they automatically adjust to either a crossover or straight-through Ethernet cable.

High Speed Internet Access

Your Prestige ADSL/ADSL2/ADSL2+ router can support downstream transmission rates of up to 24Mbps and upstream transmission rates of 3.5Mbps. Actual speeds attained depend on ISP DSLAM environment.

Zero Configuration Internet Access

Once you connect and turn on the Prestige, it automatically detects the Internet connection settings (such as the VCI/VPI numbers and the encapsulation method) from the ISP and makes the necessary configuration changes. In cases where additional account information (such as an Internet account user name and password) is required or the Prestige cannot connect to the ISP, you will be redirected to web screen(s) for information input or troubleshooting.

Any IP

The Any IP feature allows a computer to access the Internet and the Prestige without changing the network settings (such as IP address and subnet mask) of the computer, when the IP addresses of the computer and the Prestige are not in the same subnet.

Firewall

The Prestige is a stateful inspection firewall with DoS (Denial of Service) protection. By default, when the firewall is activated, all incoming traffic from the WAN to the LAN is blocked unless it is initiated from the LAN. The Prestige firewall supports TCP/UDP inspection, DoS detection and prevention, real time alerts, reports and logs.

Note: You can configure most features of the Prestige via SMT but we recommend

you configure the firewall and content filters using the web configurator.

43 Chapter 1 Getting To Know Your Prestige

Prestige 660H/HW Series User’s Guide

Content Filtering

Content filtering allows you to block access to forbidden Internet web sites, schedule when the Prestige should perform the filtering and give trusted LAN IP addresses unfiltered Internet access.

Traffic Redirect

Traffic redirect forwards WAN traffic to a backup gateway when the Prestige cannot connect to the Internet, thus acting as an auxiliary if your regular WAN connection fails.

Media Bandwidth Management

ZyXEL’s Media Bandwidth Management allows you to specify bandwidth classes based on an application and/or subnet. You can allocate specific amounts of bandwidth capacity (bandwidth budgets) to different bandwidth classes.

Universal Plug and Play (UPnP)

Using the standard TCP/IP protocol, the Prestige and other UPnP enabled devices can dynamically join a network, obtain an IP address and convey its capabilities to other devices on the network.

PPPoE Support (RFC2516)

PPPoE (Point-to-Point Protocol over Ethernet) emulates a dial-up connection. It allows your ISP to use their existing network configuration with newer broadband technologies such as ADSL. The PPPoE driver on the Prestige is transparent to the computers on the LAN, which see only Ethernet and are not aware of PPPoE thus saving you from having to manage PPPoE clients on individual computers.

Network Address Translation (NAT)

Network Address Translation (NAT) allows the translation of an Internet protocol address used within one network (for example a private IP address used in a local network) to a different IP address known within the Internet).

another network (for example a public IP address used on

10/100M Auto-negotiating Ethernet/Fast Ethernet Interface(s)

This auto-negotiation feature allows the Prestige to detect the speed of incoming transmissions and adjust appropriately without manual intervention. It allows data transfer of either 10 Mbps or 100 Mbps in either half-duplex or full-duplex mode depending on your Ethernet network.

Auto-Crossover (MDI/MDI-X) 10/100 Mbps Ethernet Interface(s)

These interfaces automatically adjust to either a crossover or straight-through Ethernet cable.

Chapter 1 Getting To Know Your Prestige 44

Prestige 660H/HW Series User’s Guide

Dynamic DNS Support

With Dynamic DNS support, you can have a static hostname alias for a dynamic IP address, allowing the host to be more easily accessible from various locations on the Internet. You must register for this service with a Dynamic DNS service provider.

Multiple PVC (Permanent Virtual Circuits) Support

Your Prestige supports up to 8 PVC’s.

ADSL Standards

• Full-Rate (ANSI T1.413, Issue 2; G.dmt (G.992.1) with line rate support of up to 8 Mbps downstream and 832 Kbps upstream.

• G.lite (G.992.2) with line rate support of up to 1.5Mbps downstream and 512Kbps upstream.

• Supports Multi-Mode standard (ANSI T1.413, Issue 2; G.dmt (G.992.1); G.lite (G992.2)).

• TCP/IP (Transmission Control Protocol/Internet Protocol) network layer protocol.

• ATM Forum UNI 3.1/4.0 PVC.

• Supports up to 8 PVCs (UBR, CBR, VBR).

• Multiple Protocol over AAL5 (RFC 1483).

• PPP over AAL5 (RFC 2364).

• PPP over Ethernet over AAL5 (RFC 2516).

• RFC 1661.

• PPP over PAP (RFC 1334).

• PPP over CHAP (RFC 1994).

Protocol Support

• DHCP Support

DHCP (Dynamic Host Configuration Protocol) allows the individual clients (computers) to obtain the TCP/IP configuration at start-up from a centralized DHCP server. The Prestige has built-in DHCP server capability enabled by default. It can assign IP addresses, an IP default gateway and DNS servers to DHCP clients. The Prestige can now also act as a surrogate DHCP server (DHCP Relay) where it relays IP address assignment from the actual real DHCP server to the clients.

•IP Alias

IP Alias allows you to partition a physical network into logical networks over the same Ethernet interface. The Prestige supports three logical LAN interfaces via its single physical Ethernet interface with the Prestige itself as the gateway for each LAN network.

• IP Policy Routing (IPPR)

45 Chapter 1 Getting To Know Your Prestige

Prestige 660H/HW Series User’s Guide

Traditionally, routing is based on the destination address only and the router takes the shortest path to forward a packet. IP Policy Routing (IPPR) provides a mechanism to override the default routing behavior and alter the packet forwarding based on the policy defined by the network administrator.

• PPP (Point-to-Point Protocol) link layer protocol.

• Transparent bridging for unsupported network layer protocols.

• RIP I/RIP II

• IGMP Proxy

• ICMP support

• ATM QoS support

• MIB II support (RFC 1213)

Networking Compatibility

Your Prestige is compatible with the major ADSL DSLAM (Digital Subscriber Line Access Multiplexer) providers, making configuration as simple as possible for you.

Multiplexing

The Prestige supports VC-based and LLC-based multiplexing.

Encapsulation

The Prestige supports PPPoA (RFC 2364 - PPP over ATM Adaptation Layer 5), RFC 1483 encapsulation over ATM, MAC encapsulated routing (ENET encapsulation) as well as PPP over Ethernet (RFC 2516).

Network Management

• Menu driven SMT (System Management Terminal) management

• Embedded web configurator

• CLI (Command Line Interpreter)

• Remote Management via Telnet or Web

•SNMP manageable

• DHCP Server/Client/Relay

• Built-in Diagnostic Tools

•Syslog

• Telnet Support (Password-protected telnet access to internal configuration manager)

• TFTP/FTP server, firmware upgrade and configuration backup/support supported

• Supports OAM F4/F5 loop-back, AIS and RDI OAM cells

Other PPPoE Features

• PPPoE idle time out

• PPPoE Dial on Demand

Chapter 1 Getting To Know Your Prestige 46

Prestige 660H/HW Series User’s Guide

Diagnostics Capabilities

The Prestige can perform self-diagnostic tests. These tests check the integrity of the following circuitry:

• FLASH memory

• ADSL circuitry

•RAM

• LAN port

Packet Filters

The Prestige's packet filtering functions allows added network security and management.

Ease of Installation

Your Prestige is designed for quick, intuitive and easy installation.

Housing

Your Prestige's compact and ventilated housing minimizes space requirements making it easy to position anywhere in your busy office.

1.1.1.1 P-660HW Wireless Features

OTIST

OTIST allows your Prestige to assign its ESSID and security settings (WEP or WPA-PSK) to the ZyXEL wireless adapters that support OTIST and are within transmission range. The ZyXEL wireless adapters must also have OTIST enabled.

IEEE 802.11g Wireless LAN

The Prestige supports the IEEE 802.11g standard, which is fully compatible with the IEEE

802.11b standard, meaning that you can have both IEEE 802.11b and IEEE 802.11g wireless clients in the same wireless network.

Note: The Prestige 660HW may be prone to RF (Radio Frequency) interference from

other 2.4 GHz devices such as microwave ovens, wireless phones, Bluetooth enabled devices, and other wireless LANs.

Antenna

The Prestige is equipped with a 2dBi fixed antenna to provide clear radio signal between the wireless stations and the access points.

47 Chapter 1 Getting To Know Your Prestige

Wireless LAN MAC Address Filtering

Your Prestige can check the MAC addresses of wireless stations against a list of allowed or denied MAC addresses.

WEP Encryption

WEP (Wired Equivalent Privacy) encrypts data frames before transmitting over the wireless network to help keep network communications private.

Wi-Fi Protected Access

Wi-Fi Protected Access (WPA) is a subset of the IEEE 802.11i security specification draft. Key differences between WPA and WEP are user authentication and improved data encryption.

1.1.2 Applications for the Prestige

Here are some example uses for which the Prestige is well suited.

Prestige 660H/HW Series User’s Guide

1.1.2.1 Internet Access

The Prestige is the ideal high-speed Internet access solution. Your Prestige supports the TCP/ IP protocol, which the Internet uses exclusively. It is compatible with all major ADSL DSLAM (Digital Subscriber Line Access Multiplexer) providers. A DSLAM is a rack of ADSL line cards with data multiplexed into a backbone network interface/connection (for example, T1, OC3, DS3, ATM or Frame Relay). Think of it as the equivalent of a modem rack for ADSL. In addition, the Prestige allows wireless clients access to your network resources. A typical Internet access application is shown below.

Figure 1 Prestige Internet Access Application

Internet Single User Account

For a SOHO (Small Office/Home Office) environment, your Prestige offers the Single User Account (SUA) feature that allows multiple users on the LAN (Local Area Network) to access the Internet concurrently for the cost of a single IP address.

Chapter 1 Getting To Know Your Prestige 48

Prestige 660H/HW Series User’s Guide

1.1.3 Firewall for Secure Broadband Internet Access

The Prestige provides protection from attacks by Internet hackers. By default, the firewall blocks all incoming traffic from the WAN. The firewall supports TCP/UDP inspection and DoS (Denial of Services) detection and prevention, as well as real time alerts, reports and logs.

Figure 2 Firewall Application

1.1.3.1 LAN to LAN Application

You can use the Prestige to connect two geographically dispersed networks over the ADSL line. A typical LAN-to-LAN application for your Prestige is shown as follows.

Figure 3 Prestige LAN-to-LAN Application

1.1.4 Front Panel LEDs

Figure 4 P-660H Front Panel

49 Chapter 1 Getting To Know Your Prestige

Prestige 660H/HW Series User’s Guide

Figure 5 P-660HW Front Panel

The following table describes the LEDs.

Table 2 Front Panel LEDs

LED COLOR STATUS DESCRIPTION

PWR/SYS Green On The Prestige is receiving power and functioning properly.

Blinking The Prestige is rebooting.

Red On Power to the Prestige is too low.

None Off The system is not ready or has malfunctioned.

LAN 1-4 Green On The Prestige has a successful 10Mb Ethernet connection.

Blinking The Prestige is sending/receiving data.

Amber On The Prestige has a successful 100Mb Ethernet connection.

Blinking The Prestige is sending/receiving data.

None Off The LAN is not connected.

WLAN (P660HW only)

DSL/PPP Green Fast

Green On The Prestige is ready, but is not sending/receiving data

through the wireless LAN.

Blinking The Prestige is sending/receiving data through the wireless

LAN.

None Off The wireless LAN is not ready or has failed.

The Prestige is sending/receiving non-PPP data.

Blinking

Slow Blinking

On The system is ready, but is not sending/receiving non-PPP

Amber On The connection to the PPPoE server is up.

Blinking The Prestige is sending/receiving PPP data.

Off The DSL link is down.

The Prestige is initializing the DSL line.

data.

Refer to the Quick Start Guide for information on hardware connections.

Chapter 1 Getting To Know Your Prestige 50

Prestige 660H/HW Series User’s Guide

51 Chapter 1 Getting To Know Your Prestige

Introducing the Web

This chapter describes how to access and navigate the web configurator.

2.1 Web Configurator Overview

The web configurator is an HTML-based management interface that allows easy Prestige setup and management via Internet browser. Use Internet Explorer 6.0 and later or Netscape Navigator 7.0 and later versions with JavaScript enabled. Recommended screen resolution is 1024 by 768 pixels.

Prestige 660H/HW Series User’s Guide

CHAPTER 2

Configurator

In order to use the web configurator you need to allow:

• Web browser pop-up windows from your device. Web pop-up blocking is enabled by default in Windows XP SP (Service Pack) 2.

• JavaScripts (enabled by default).

• Java permissions (enabled by default).

See the Troubleshooting chapter to see how to make sure these functions are allowed in Internet Explorer.

2.1.1 Accessing the Prestige Web Configurator

Note: Even though you can connect to the Prestige wirelessly, it is recommended that

you connect your computer to a LAN port for initial configuration.

1 Make sure your Prestige hardware is properly connected (refer to the Quick Start Guide).

2 Prepare your computer/computer network to connect to the Prestige (refer to the Quick

Start Guide).

3 Launch your web browser.

4 Type "192.168.1.1" as the URL.

5 An Enter Network Password window displays.The Password field already contains the

default password “1234”. Click Login to proceed to a screen asking you to change your password or click Cancel to revert to the default password.

Chapter 2 Introducing the Web Configurator 52

Prestige 660H/HW Series User’s Guide

Figure 6 Password Screen

6 It is highly recommended you change the default password! Enter a new password, retype

it to confirm and click Apply; alternatively click Ignore to proceed to the main menu if you do not want to change the password now.

Note: If you do not change the password, the following screen appears every time

you log in.

Figure 7 Change Password at Login

7 You should now see the SITE MAP screen.

Note: The Prestige automatically times out after five minutes of inactivity. Simply log

back into the Prestige if this happens to you.

2.1.2 Resetting the Prestige

If you forget your password or cannot access the web configurator, you will need to use the RESET button at the back of the Prestige to reload the factory-default configuration file. This means that you will lose all configurations that you had previously and the password will be reset to “1234”.

2.1.2.1 Using the Reset Button

1 Make sure the PWR/SYS LED is on (not blinking).

53 Chapter 2 Introducing the Web Configurator

Prestige 660H/HW Series User’s Guide

2 Press the RESET button for ten seconds or until the PWR/SYS LED begins to blink and

then release it. When the PWR/SYS LED begins to blink, the defaults have been restored and the Prestige restarts.

2.1.3 Navigating the Prestige Web Configurator

The following summarizes how to navigate the web configurator from the SITE MAP screen. We use the Prestige 660HW-61 web screens in this guide as an example. Screens vary slightly for different Prestige models.

• Click Wizard Setup to begin a series of screens to configure your Prestige for the first time.

• Click a link under Advanced Setup to configure advanced Prestige features.

• Click a link under Maintenance to see Prestige performance statistics, upload firmware and back up, restore or upload a configuration file.

• Click Site Map to go to the Site Map screen.

• Click Logout in the navigation panel when you have finished a Prestige management session.

Figure 8 Web Configurator: Site Map Screen

Chapter 2 Introducing the Web Configurator 54

Prestige 660H/HW Series User’s Guide

Note: Click the icon (located in the top right corner of most screens) to view

embedded help.

Table 3 Web Configurator Screens Summary

LINK SUB-LINK FUNCTION

Wizard Setup Connection

Setup

Media Bandwidth Mgnt

Advanced Setup

Password Use this screen to change your password.

LAN Use this screen to configure LAN DHCP and TCP/IP settings.

Wireless LAN Wireless Use this screen to configure the wireless LAN settings.

MAC Filter Use this screen to change MAC filter settings on the Prestige.

802.1x/WPA Use this screen to configure WLAN authentication and security

Local User Database

RADIUS Use this screen to specify the external RADIUS server for

OTIST Use this screen to have the Prestige set your wireless station to

WAN WAN Setup Use this screen to change the Prestige’s WAN remote node

WAN Backup Use this screen to configure your traffic redirect properties and

NAT SUA Only Use this screen to configure servers behind the Prestige.

Full Feature Use this screen to configure network address translation

Dynamic DNS Use this screen to set up dynamic DNS.

Time and Date Use this screen to change your Prestige’s time and date.

Firewall Default Policy Use this screen to activate/deactivate the firewall and the

Rule Summary This screen shows a summary of the firewall rules, and allows

Anti Probing Use this screen to change your anti-probing settings.

Threshold Use this screen to configure the threshold for DoS attacks.

Content Filter Keyword Use this screen to block sites containing certain keywords in the

Schedule Use this screen to set the days and times for the Prestige to

Trusted Use this screen to exclude a range of users on the LAN from

Remote Management

Use these screens for initial configuration including general setup, ISP parameters for Internet Access and WAN IP/DNS Server/MAC address assignment.

Use these screens forto set up bandwidth control quickly.

settings.

Use this screen to set up built-in user profiles for wireless station authentication.

wireless station authentication.

use the same wireless settings as the Prestige.

settings.

WAN backup settings.

mapping rules.

direction of network traffic to which to apply the rule.

you to edit/add a firewall rule.

URL.

perform content filtering.

content filtering on your Prestige.

Use this screen to configure through which interface(s) and from which IP address(es) users can use Telnet/FTP/Web to manage the Prestige.

55 Chapter 2 Introducing the Web Configurator

Prestige 660H/HW Series User’s Guide

Table 3 Web Configurator Screens Summary (continued)

LINK SUB-LINK FUNCTION

UPnP Use this screen to enable UPnP on the Prestige.

Logs Log Settings Use this screen to change your Prestige’s log settings.

View Log Use this screen to view the logs for the categories that you

Media Bandwidth Management

Maintenance

System Status This screen contains administrative and system-related

DHCP Table This screen displays DHCP (Dynamic Host Configuration

Any IP Table Use this screen to allow a computer to access the Internet

Wireless LAN Association List This screen displays the MAC address(es) of the wireless

Diagnostic General These screens display information to help you identify problems

Firmware Use this screen to upload firmware to your Prestige

LOGOUT Click this label to exit the web configurator.

Summary Use this screen to allocate an interface's outgoing capacity to

Class Setup Use this screen to define a bandwidth class.

Monitor Use this screen to view bandwidth class statistics.

DSL Line These screens display information to help you identify problems

selected.

specific types of traffic.

information.

Protocol) related information and is READ-ONLY.

without changing the network settings of the computer, when the IP addresses of the computer and the Prestige are not in the same subnet.

stations that are currently logged in to the network.

with the Prestige general connection.

with the DSL line.

Chapter 2 Introducing the Web Configurator 56

Prestige 660H/HW Series User’s Guide

57 Chapter 2 Introducing the Web Configurator

Prestige 660H/HW Series User’s Guide

CHAPTER 3

Wizard Setup for Internet Access

This chapter provides information on the Wizard Setup screens for Internet access in the web configurator.

3.1 Introduction to Internet Access Wizard

Use the Wizard Setup screens to configure your system for Internet access with the information (provided by your ISP) that you fill in the Internet Account Information table in the Quick Start Guide. Your ISP may have already configured some of the fields in the wizard screens for you.

3.1.1 Internet Access Wizard Setup

1 In the SITE MAP screen click Wizard Setup to display the first wizard screen.

Chapter 3 Wizard Setup for Internet Access 58

Prestige 660H/HW Series User’s Guide

Figure 9 Internet Access Wizard Setup: First Screen

The following table describes the fields in this screen.

Table 4 Internet Access Wizard Setup: First Screen

LABEL DESCRIPTION

Mode From the Mode drop-down list box, select Routing (default) if your ISP allows

Encapsulation Select the encapsulation type your ISP uses from the Encapsulation drop-down list

Multiplex Select the multiplexing method used by your ISP from the Multiplex drop-down list

Virtual Circuit IDVPI (Virtual Path Identifier) and VCI (Virtual Channel Identifier) define a virtual circuit.

VPI Enter the VPI assigned to you. This field may already be configured.

VCI Enter the VCI assigned to you. This field may already be configured.

Next Click this button to go to the next wizard screen. The next wizard screen you see

multiple computers to share an Internet account. Otherwise select Bridge.

box. Choices vary depending on what you select in the Mode field. If you select Bridge in the Mode field, select either PPPoA or RFC 1483. If you select Routing in the Mode field, select PPPoA, RFC 1483, ENET ENCAP or

PPPoE.

box either VC-based or LLC-based.

Refer to the appendix for more information.

depends on what protocol you chose above. Click on the protocol link to see the next wizard screen for that protocol.

2 The next wizard screen varies depending on what mode and encapsulation type you use.

All screens shown are with routing mode. Configure the fields and click Next to continue.

59 Chapter 3 Wizard Setup for Internet Access

Figure 10 Internet Connection with PPPoE

Prestige 660H/HW Series User’s Guide

The following table describes the fields in this screen.

Table 5 Internet Connection with PPPoE

LABEL DESCRIPTION

Service Name Type the name of your PPPoE service here.

User Name Enter the user name exactly as your ISP assigned. If assigned a name in the form

user@domain where domain identifies a service name, then enter both components

exactly as given.

Password Enter the password associated with the user name above.

IP Address A static IP address is a fixed IP that your ISP gives you. A dynamic IP address is not

Connection Select Connect on Demand when you don't want the connection up all the time and

Network Address Translation

Back Click Back to go back to the first wizard screen.

Next Click Next to continue to the next wizard screen.

fixed; the ISP assigns you a different one each time you connect to the Internet. Select Obtain an IP Address Automatically if you have a dynamic IP address;

otherwise select Static IP Address and type your ISP assigned IP address in the text box below.

specify an idle time-out (in seconds) in the Max. Idle Timeout field. The default setting selects Connection on Demand with 0 as the idle time-out, which means the Internet session will not timeout.

Select Nailed-Up Connection when you want your connection up all the time. The Prestige will try to bring up the connection automatically if it is disconnected.

The schedule rule(s) in SMT menu 26 has priority over your Connection settings.

Select None, SUA Only or Full Feature from the drop-sown list box. Refer to the NAT chapter for more details.

Chapter 3 Wizard Setup for Internet Access 60

Prestige 660H/HW Series User’s Guide

Figure 11 Internet Connection with RFC 1483

The following table describes the fields in this screen.

Table 6 Internet Connection with RFC 1483

LABEL DESCRIPTION

IP Address This field is available if you select Routing in the Mode field.

Type your ISP assigned IP address in this field.

Network Address Translation

Back Click Back to go back to the first wizard screen.

Next Click Next to continue to the next wizard screen.

Select None, SUA Only or Full Feature from the drop-down list box. Refer to NAT chapter for more details.

Figure 12 Internet Connection with ENET ENCAP

61 Chapter 3 Wizard Setup for Internet Access

Prestige 660H/HW Series User’s Guide

The following table describes the fields in this screen.

Table 7 Internet Connection with ENET ENCAP

LABEL DESCRIPTION

IP Address A static IP address is a fixed IP that your ISP gives you. A dynamic IP address is not

fixed; the ISP assigns you a different one each time you connect to the Internet. . Select Obtain an IP Address Automatically if you have a dynamic IP address;

otherwise select Static IP Address and type your ISP assigned IP address in the IP Address text box below.

Subnet Mask Enter a subnet mask in dotted decimal notation.

Refer to appendices to calculate a subnet mask If you are implementing subnetting.

ENET ENCAP Gateway

Network Address Translation

Back Click Back to go back to the first wizard screen.

Next Click Next to continue to the next wizard screen.

You must specify a gateway IP address (supplied by your ISP) when you use ENET ENCAP in the Encapsulation field in the previous screen.

Select None, SUA Only or Full Feature from the drop-sown list box. Refer to the NAT chapter for more details.

Figure 13 Internet Connection with PPPoA

Chapter 3 Wizard Setup for Internet Access 62

Prestige 660H/HW Series User’s Guide

The following table describes the fields in this screen.

Table 8 Internet Connection with PPPoA

LABEL DESCRIPTION

User Name Enter the login name that your ISP gives you.

Password Enter the password associated with the user name above.

IP Address This option is available if you select Routing in the Mode field.

A static IP address is a fixed IP that your ISP gives you. A dynamic IP address is not fixed; the ISP assigns you a different one each time you connect to the Internet.

Click Obtain an IP Address Automatically if you have a dynamic IP address; otherwise click Static IP Address and type your ISP assigned IP address in the IP Address text box below.

Connection Select Connect on Demand when you don't want the connection up all the time and

specify an idle time-out (in seconds) in the Max. Idle Timeout field. The default setting selects Connection on Demand with 0 as the idle time-out, which means the Internet session will not timeout.

Select Nailed-Up Connection when you want your connection up all the time. The Prestige will try to bring up the connection automatically if it is disconnected.

The schedule rule(s) in SMT menu 26 has priority over your Connection settings.

Network Address Translation

Back Click Back to go back to the first wizard screen.

Next Click Next to continue to the next wizard screen.

This option is available if you select Routing in the Mode field. Select None, SUA Only or Full Feature from the drop-sown list box. Refer to the NAT

chapter for more details.

3 Verify the settings in the screen shown next. To change the LAN information on the

Prestige, click Change LAN Configurations. Otherwise click Save Settings to save the configuration and skip to the section 3.13.

63 Chapter 3 Wizard Setup for Internet Access

Figure 14 Internet Access Wizard Setup: Third Screen

Prestige 660H/HW Series User’s Guide

If you want to change your Prestige LAN settings, click Change LAN Configuration to display the screen as shown next.

Figure 15 Internet Access Wizard Setup: LAN Configuration

Chapter 3 Wizard Setup for Internet Access 64

Prestige 660H/HW Series User’s Guide

The following table describes the fields in this screen.

Table 9 Internet Access Wizard Setup: LAN Configuration

LABEL DESCRIPTION

LAN IP Address Enter the IP address of your Prestige in dotted decimal notation, for example,

192.168.1.1 (factory default). If you changed the Prestige's LAN IP address, you must use the new IP

address if you want to access the web configurator again.

LAN Subnet Mask Enter a subnet mask in dotted decimal notation.

DHCP

DHCP Server From the DHCP Server drop-down list box, select On to allow your Prestige to

Client IP Pool Starting Address

Size of Client IP Pool This field specifies the size or count of the IP address pool.

Primary DNS Server Enter the IP addresses of the DNS servers. The DNS servers are passed to

Secondary DNS Server As above.

Back Click Back to go back to the previous screen.

Finish Click Finish to save the settings and proceed to the next wizard screen.

assign IP addresses, an IP default gateway and DNS servers to computer systems that support the DHCP client. Select Off to disable DHCP server.

When DHCP server is used, set the following items:

This field specifies the first of the contiguous addresses in the IP address pool.

the DHCP clients along with the IP address and the subnet mask.

4 The Prestige automatically tests the connection to the computer(s) connected to the LAN

ports. To test the connection from the Prestige to the ISP, click Start Diagnose. Otherwise click Return to Main Menu to go back to the Site Map screen.

Figure 16 Internet Access Wizard Setup: Connection Tests

5 Launch your web browser and navigate to www.zyxel.com. Internet access is just the

beginning. Refer to the rest of this guide for more detailed information on the complete range of Prestige features. If you cannot access the Internet, open the web configurator again to confirm that the Internet settings you configured in the Wizard Setup are correct.

65 Chapter 3 Wizard Setup for Internet Access

Prestige 660H/HW Series User’s Guide

CHAPTER 4

Wizard Setup for Media

Bandwidth Management

This chapter shows you how to configure basic bandwidth management using the wizard screens.

4.1 Introduction to Media Bandwidth Management

The web configurator’s Media Bandwidth Magnt. screens under Wizard Setup allows you to specify bandwidth classes based on an application (or service). You can allocate specific amounts of bandwidth capacity (bandwidth budgets) to different bandwidth classes.

The Prestige applies bandwidth management to traffic that it forwards out through an interface. The Prestige does not control the bandwidth of traffic that comes into an interface.

Bandwidth management applies to all traffic flowing out of the Prestige through the interface, regardless of the traffic's source.

Traffic redirect or IP alias may cause LAN-to-LAN traffic to pass through the Prestige and be managed by bandwidth management.

Refer to Chapter 18 on page 194 for more information and advanced configuration.

4.1.1 Predefined Media Bandwidth Management Services

The following is a description of the services that you can select and to which you can apply media bandwidth management using the Wizard Setup screens.

Table 10 Media Bandwidth Mgnt. Wizard Setup: Services

SERVICE DESCRIPTION

Xbox Live This is Microsoft’s online gaming service that lets you play multiplayer Xbox games

on the Internet via broadband technology. Xbox Live uses port 3074.

VoIP (SIP) Sending voice signals over the Internet is called Voice over IP or VoIP. Session

Initiated Protocol (SIP) is an internationally recognized standard for implementing VoIP. SIP is an application-layer control (signaling) protocol that handles the setting up, altering and tearing down of voice and multimedia sessions over the Internet.

SIP is transported primarily over UDP but can also be transported over TCP, using the default port number 5060.

Chapter 4 Wizard Setup for Media Bandwidth Management 66

Prestige 660H/HW Series User’s Guide

Table 10 Media Bandwidth Mgnt. Wizard Setup: Services (continued)

SERVICE DESCRIPTION

FTP File Transfer Program enables fast transfer of files, including large files that may

not be possible by e-mail. FTP uses port number 21.

E-Mail Electronic mail consists of messages sent through a computer network to specific

groups or individuals. Here are some default ports for e-mail: POP3 - port 110 IMAP - port 143 SMTP - port 25 HTTP - port 80

eMule These programs use advanced file sharing applications relying on central servers

WWW The World Wide Web (WWW) is an Internet system to distribute graphical, hyper-

to search for files. They use default port 4662.

linked information, based on Hyper Text Transfer Protocol (HTTP) - a client/server protocol for the World Wide Web. The Web is not synonymous with the Internet; rather, it is just one service on the Internet. Other services on the Internet include Internet Relay Chat and Newsgroups. The Web is accessed through use of a browser.

4.2 Media Bandwidth Management Setup

1 Click Media Bandwidth Mgnt. under Wizard Setup in the SITE MAP screen.

Figure 17 Media Bandwidth Mgnt. Wizard Setup: First Screen

67 Chapter 4 Wizard Setup for Media Bandwidth Management

Prestige 660H/HW Series User’s Guide

The following table describes the labels in this screen.

Tabl e 11 Media Bandwidth Mgnt. Wizard Setup: First Screen

LABEL DESCRIPTION

Active Select the Active check box to have the Prestige apply bandwidth management

to traffic going out through the Prestige’s WAN, LAN or WLAN port.

Select the service to apply bandwidth management.

Next Click Next to continue.

These checkboxes are applicable when you select the Active checkbox above. Create bandwidth management classes by selecting services from the list

provided.

• XBox Live

•VoIP (SIP)

•FTP

•E-Mail

•eMule

•WWW Refer to Table 12 on page 68 for more information.

2 The Prestige automatically creates the bandwidth class for each service you select. You

may set the priority for each bandwidth class in the second wizard screen.

Figure 18 Media Bandwidth Mgnt. Wizard Setup: Second Screen

The following table describes the fields in this screen.

Table 12 Media Bandwidth Mgnt. Wizard Setup: Second Screen

LABEL DESCRIPTION

Service These fields display the service(s) selected in the previous screen.

Priority Select High, Mid or Low priority for each service to have your Prestige use a priority

for traffic that matches that service. If the rules set up in this wizard are changed in ADVANCED - Media Bandwidth

Mgnt. - Class Setup, then the service priority radio button will be set to Others. The Class Configuration screen allows you to edit these rule configurations.

Chapter 4 Wizard Setup for Media Bandwidth Management 68

Prestige 660H/HW Series User’s Guide

Table 12 Media Bandwidth Mgnt. Wizard Setup: Second Screen

LABEL DESCRIPTION

Back Click Back to return to the previous screen.

Finish Click Finish to complete and save the bandwidth management setup.

3 Well done! You have finished configuration of Media Bandwidth Management. You may

now continue configuring your device.

Click Return to Main Menu to return to the Site Map screen.

Figure 19 Media Bandwidth Mgnt. Wizard Setup: Finish

69 Chapter 4 Wizard Setup for Media Bandwidth Management

This chapter provides information on the Password screen.

5.1 Password Overview

It is highly recommended that you change the password for accessing the Prestige.

5.1.1 Configuring Password

To change your Prestige’s password (recommended), click Password in the Site Map screen.

Figure 20 Password

Prestige 660H/HW Series User’s Guide

CHAPTER 5

Password Setup

The following table describes the fields in this screen.

Table 13 Password

LABEL DESCRIPTION

Old Password Type the default password or the existing password you use to access the system

in this field.

New Password Type the new password in this field.

Retype to Confirm Type the new password again in this field.

Apply Click Apply to save your changes back to the Prestige.

Cancel Click Cancel to begin configuring this screen afresh.

Chapter 5 Password Setup 70

Prestige 660H/HW Series User’s Guide

71 Chapter 5 Password Setup

This chapter describes how to configure LAN settings.

6.1 LAN Overview

A Local Area Network (LAN) is a shared communication system to which many computers are attached. A LAN is a computer network limited to the immediate area, usually the same building or floor of a building. The LAN screens can help you configure a LAN DHCP server and manage IP addresses.

6.1.1 LANs, WANs and the Prestige

Prestige 660H/HW Series User’s Guide

CHAPTER 6

LAN Setup

The actual physical connection determines whether the Prestige ports are LAN or WAN ports. There are two separate IP networks, one inside the LAN network and the other outside the WAN network as shown next.

Figure 21 LAN and WAN IP Addresses

Chapter 6 LAN Setup 72

Prestige 660H/HW Series User’s Guide

6.2 DNS Server Address

DNS (Domain Name System) is for mapping a domain name to its corresponding IP address and vice versa. The DNS server is extremely important because without it, you must know the IP address of a machine before you can access it. The DNS server addresses that you enter in the DHCP setup are passed to the client machines along with the assigned IP address and subnet mask.

There are two ways that an ISP disseminates the DNS server addresses. The first is for an ISP to tell a customer the DNS server addresses, usually in the form of an information sheet, when s/he signs up. If your ISP gives you the DNS server addresses, enter them in the DNS Server fields in DHCP Setup, otherwise, leave them blank.

Some ISP’s choose to pass the DNS servers using the DNS server extensions of PPP IPCP (IP Control Protocol) after the connection is up. If your ISP did not give you explicit DNS servers, chances are the DNS servers are conveyed through IPCP negotiation. The Prestige supports the IPCP DNS server extensions through the DNS proxy feature.

If the Primary and Secondary DNS Server fields in the LAN Setup screen are not specified, for instance, left as 0.0.0.0, the Prestige tells the DHCP clients that it itself is the DNS server. When a computer sends a DNS query to the Prestige, the Prestige forwards the query to the real DNS server learned through IPCP and relays the response back to the computer.

Please note that DNS proxy works only when the ISP uses the IPCP DNS server extensions. It does not mean you can leave the DNS servers out of the DHCP setup under all circumstances. If your ISP gives you explicit DNS servers, make sure that you enter their IP addresses in the LAN Setup screen. This way, the Prestige can pass the DNS servers to the computers and the computers can query the DNS server directly without the Prestige’s intervention.

6.3 DNS Server Address Assignment

Use DNS (Domain Name System) to map a domain name to its corresponding IP address and vice versa. The DNS server is extremely important because without it, you must know the IP address of a computer before you can access it.

There are two ways that an ISP disseminates the DNS server addresses.

• The ISP tells you the DNS server addresses, usually in the form of an information sheet, when you sign up. If your ISP gives you DNS server addresses, enter them in the DNS Server fields in the LAN Setup screen.

• The Prestige acts as a DNS proxy when the Primary and Secondary DNS Server fields are left blank in the LAN Setup screen.

73 Chapter 6 LAN Setup

6.4 LAN TCP/IP

The Prestige has built-in DHCP server capability that assigns IP addresses and DNS servers to systems that support DHCP client capability.

6.4.1 Factory LAN Defaults

The LAN parameters of the Prestige are preset in the factory with the following values:

• IP address of 192.168.1.1 with subnet mask of 255.255.255.0 (24 bits)

• DHCP server enabled with 32 client IP addresses starting from 192.168.1.33.

These parameters should work for the majority of installations. If your ISP gives you explicit DNS server address(es), read the embedded web configurator help regarding what fields need to be configured.

6.4.2 IP Address and Subnet Mask

Prestige 660H/HW Series User’s Guide

Similar to the way houses on a street share a common street name, so too do computers on a LAN share one common network number.

Where you obtain your network number depends on your particular situation. If the ISP or your network administrator assigns you a block of registered IP addresses, follow their instructions in selecting the IP addresses and the subnet mask.

If the ISP did not explicitly give you an IP network number, then most likely you have a single user account and the ISP will assign you a dynamic IP address when the connection is established. If this is the case, it is recommended that you select a network number from

192.168.0.0 to 192.168.255.0 and you must enable the Network Address Translation (NAT) feature of the Prestige. The Internet Assigned Number Authority (IANA) reserved this block of addresses specifically for private use; please do not use any other number unless you are told otherwise. Let's say you select 192.168.1.0 as the network number; which covers 254 individual addresses, from 192.168.1.1 to 192.168.1.254 (zero and 255 are reserved). In other words, the first three numbers specify the network number while the last number identifies an individual computer on that network.

Once you have decided on the network number, pick an IP address that is easy to remember, for instance, 192.168.1.1, for your Prestige, but make sure that no other device on your network is using that IP address.

The subnet mask specifies the network number portion of an IP address. Your Prestige will compute the subnet mask automatically based on the IP address that you entered. You don't need to change the subnet mask computed by the Prestige unless you are instructed to do otherwise.

Chapter 6 LAN Setup 74

Prestige 660H/HW Series User’s Guide

6.4.3 RIP Setup

RIP (Routing Information Protocol) allows a router to exchange routing information with other routers. The RIP Direction field controls the sending and receiving of RIP packets. When set to:

• Both - the Prestige will broadcast its routing table periodically and incorporate the RIP information that it receives.

• In Only - the Prestige will not send any RIP packets but will accept all RIP packets received.

• Out Only - the Prestige will send out RIP packets but will not accept any RIP packets received.

• None - the Prestige will not send any RIP packets and will ignore any RIP packets received.

The Version field controls the format and the broadcasting method of the RIP packets that the Prestige sends (it recognizes both formats when receiving). RIP-1 is universally supported; but RIP-2 carries more information. RIP-1 is probably adequate for most networks, unless you have an unusual network topology.

Both RIP-2B and RIP-2M sends the routing data in RIP-2 format; the difference being that

RIP-2B uses subnet broadcasting while RIP-2M uses multicasting.

6.4.4 Multicast

Traditionally, IP packets are transmitted in one of either two ways - Unicast (1 sender - 1 recipient) or Broadcast (1 sender - everybody on the network). Multicast delivers IP packets to a group of hosts on the network - not everybody and not just 1.

IGMP (Internet Group Multicast Protocol) is a network-layer protocol used to establish membership in a Multicast group - it is not used to carry user data. IGMP version 2 (RFC

2236) is an improvement over version 1 (RFC 1112) but IGMP version 1 is still in wide use. If you would like to read more detailed information about interoperability between IGMP version 2 and version 1, please see sections 4 and 5 of RFC 2236. The class D IP address is used to identify host groups and can be in the range 224.0.0.0 to 239.255.255.255. The address

224.0.0.0 is not assigned to any group and is used by IP multicast computers. The address

224.0.0.1 is used for query messages and is assigned to the permanent group of all IP hosts (including gateways). All hosts must join the 224.0.0.1 group in order to participate in IGMP. The address 224.0.0.2 is assigned to the multicast routers group.

The Prestige supports both IGMP version 1 (IGMP-v1) and IGMP version 2 (IGMP-v2). At start up, the Prestige queries all directly connected networks to gather group membership. After that, the Prestige periodically updates this information. IP multicasting can be enabled/ disabled on the Prestige LAN and/or WAN interfaces in the web configurator (LAN; WA N ). Select None to disable IP multicasting on these interfaces.

75 Chapter 6 LAN Setup

6.5 Any IP

Traditionally, you must set the IP addresses and the subnet masks of a computer and the Prestige to be in the same subnet to allow the computer to access the Internet (through the Prestige). In cases where your computer is required to use a static IP address in another network, you may need to manually configure the network settings of the computer every time you want to access the Internet via the Prestige.

With the Any IP feature and NAT enabled, the Prestige allows a computer to access the Internet without changing the network settings (such as IP address and subnet mask) of the computer, when the IP addresses of the computer and the Prestige are not in the same subnet. Whether a computer is set to use a dynamic or static (fixed) IP address, you can simply connect the computer to the Prestige and access the Internet.

The following figure depicts a scenario where a computer is set to use a static private IP address in the corporate environment. In a residential house where a Prestige is installed, you can still use the computer to access the Internet without changing the network settings, even when the IP addresses of the computer and the Prestige are not in the same subnet.

Figure 22 Any IP Example

Prestige 660H/HW Series User’s Guide

The Any IP feature does not apply to a computer using either a dynamic IP address or a static IP address that is in the same subnet as the Prestige’s IP address.

Note: You must enable NAT/SUA to use the Any IP feature on the Prestige.

6.5.1 How Any IP Works

Address Resolution Protocol (ARP) is a protocol for mapping an Internet Protocol address (IP address) to a physical machine address, also known as a Media Access Control or MAC address, on the local area network. IP routing table is defined on IP Ethernet devices (the Prestige) to decide which hop to use,

Chapter 6 LAN Setup 76

to help forward data along to its specified destination.

Prestige 660H/HW Series User’s Guide

The following lists out the steps taken, when a computer tries to access the Internet for the first time through the Prestige.

1 When a computer (which is in a different subnet) first attempts to access the Internet, it

sends packets to its default gateway (which is not the Prestige) by looking at the MAC address in its ARP table.

2 When the computer cannot locate the default gateway, an ARP request is broadcast on the

LAN.

3 The Prestige receives the ARP request and replies to the computer with its own MAC

address.

4 The computer updates the MAC address for the default gateway to the ARP table. Once

the ARP table is updated, the computer is able to access the Internet through the Prestige.

5 When the Prestige receives packets from the computer, it creates an entry in the IP

routing table so it can properly forward packets intended for the computer.

After all the routing information is updated, the computer can access the Prestige and the Internet as if it is in the same subnet as the Prestige.

6.6 Configuring LAN

Click LAN and LAN Setup to open the following screen.

77 Chapter 6 LAN Setup

Figure 23 LAN Setup

Prestige 660H/HW Series User’s Guide

The following table describes the fields in this screen.

Table 14 LAN Setup

LABEL DESCRIPTION

DHCP

DHCP If set to Server, your Prestige can assign IP addresses, an IP default gateway

and DNS servers to Windows 95, Windows NT and other systems that support the DHCP client.

If set to None, the DHCP server will be disabled. If set to Relay, the Prestige acts as a surrogate DHCP server and relays DHCP

requests and responses between the remote server and the clients. Enter the IP address of the actual, remote DHCP server in the Remote DHCP Server field in this case.

When DHCP is used, the following items need to be set:

Client IP Pool Starting Address

Size of Client IP Pool

Primary DNS Server Enter the IP addresses of the DNS servers. The DNS servers are passed to the

Secondary DNS Server

This field specifies the first of the contiguous addresses in the IP address pool.

This field specifies the size or count of the IP address pool.

DHCP clients along with the IP address and the subnet mask.

As above.

Chapter 6 LAN Setup 78

Prestige 660H/HW Series User’s Guide

Table 14 LAN Setup (continued)

LABEL DESCRIPTION

Remote DHCP Server

TCP/IP

IP Address Enter the IP address of your Prestige in dotted decimal notation, for example,

IP Subnet Mask Type the subnet mask assigned to you by your ISP (if given).

RIP Direction Select the RIP direction from None, Both, In Only and Out Only.

RIP Version Select the RIP version from RIP-1, RIP-2B and RIP-2M.

Multicast IGMP (Internet Group Multicast Protocol) is a network-layer protocol used to

Any IP Setup Select the Active checkbox to enable the Any IP feature. This allows a computer

Apply Click Apply to save your changes back to the Prestige.

Cancel Click Cancel to begin configuring this screen afresh.

If Relay is selected in the DHCP field above then enter the IP address of the actual remote DHCP server here.

192.168.1.1 (factory default).

establish membership in a multicast group. The Prestige supports both IGMP version 1 (IGMP-v1) and IGMP-v2. Select None to disable it.

to access the Internet without changing the network settings (such as IP address and subnet mask) of the computer, even when the IP addresses of the computer and the Prestige are not in the same subnet.

When you disable the Any IP feature, only computers with dynamic IP addresses or static IP addresses in the same subnet as the Prestige’s LAN IP address can connect to the Prestige or access the Internet through the Prestige.

6.7 Configuring Static DHCP

This table allows you to assign IP addresses on the LAN to specific individual computers based on their MAC Addresses.

Every Ethernet device has a unique MAC (Media Access Control) address. The MAC address is assigned at the factory and consists of six pairs of hexadecimal characters, for example, 00:A0:C5:00:00:02.

To change your Prestige’s static DHCP settings, click LAN, then the Static DHCP tab. The screen appears as shown.

79 Chapter 6 LAN Setup

Figure 24 LAN: Static DHCP

Prestige 660H/HW Series User’s Guide

The following table describes the labels in this screen.

Table 15 LAN: Static DHCP

LABEL DESCRIPTION

# This is the index number of the Static IP table entry (row).

MAC Address Type the MAC address (with colons) of a computer on your LAN.

IP Address This field specifies the size, or count of the IP address pool.

Apply Click Apply to save your changes back to the Prestige.

Reset Click Reset to begin configuring this screen afresh.

Chapter 6 LAN Setup 80

Prestige 660H/HW Series User’s Guide

81 Chapter 6 LAN Setup

Prestige 660H/HW Series User’s Guide

CHAPTER 7

Wireless LAN (Prestige 660HW)

This chapter discusses how to configure Wireless LAN.

7.1 Introduction

A wireless LAN can be as simple as two computers with wireless LAN adapters communicating in a peer-to-peer network or as complex as a number of computers with wireless LAN adapters communicating through access points which bridge network traffic to the wired LAN.

Note: See the WLAN appendix for more detailed information on WLANs.

7.2 Wireless Security Overview

Wireless security is vital to your network to protect wireless communication between wireless stations, access points and the wired network.

Wireless security methods available on the Prestige are data encryption, wireless client authentication, restricting access by device MAC address and hiding the Prestige identity.

7.2.1 Encryption

• Use WPA security if you have WPA-aware wireless clients and a RADIUS server. WPA has user authentication and improved data encryption over WEP.

• Use WPA-PSK if you have WPA-aware wireless clients but no RADIUS server.

• If you don’t have WPA-aware wireless clients, then use WEP key encrypting. A higher bit key offers better security at a throughput trade-off. You can use Passphrase to automatically generate 64-bit or 128-bit WEP keys or manually enter 64-bit, 128-bit or 256-bit WEP keys.

7.2.2 Authentication

WPA has user authentication and you can also configure IEEE 802.1x to use the built-in database (Local User Database) or a RADIUS server to authenticate wireless clients before joining your network.

• Use RADIUS authentication if you have a RADIUS server. See the appendices for information on protocols used when a client authenticates with a RADIUS server via the Prestige.

Chapter 7 Wireless LAN (Prestige 660HW) 82

Prestige 660H/HW Series User’s Guide

• Use the Local User Database if you have less than 32 wireless clients in your network. The Prestige uses MD5 encryption when a client authenticates with the Local User Database

7.2.3 Restricted Access

The MAC Filter screen allows you to configure the AP to give exclusive access to devices (Allow Association) or exclude them from accessing the AP (Deny Association).

7.2.4 Hide Prestige Identity

If you hide the ESSID, then the Prestige cannot be seen when a wireless client scans for local APs. The trade-off for the extra security of “hiding” the Prestige may be inconvenience for some valid WLAN clients. If you don’t hide the ESSID, at least you should change the default one.

7.2.5 G-plus

G-plus is an enhancement to the IEEE 802.11g wireless standard. G-plus combines multiple frames into a larger frame size. This increases wireless transmission speeds by allowing larger frames (up to 4 KB) to be sent.

G-plus speed applies only to unicast traffic (not broadcast or multicast). G-plus is automatically disabled if wireless transmission speeds fall below 11 Mbps.

7.2.6 Configuring Wireless LAN on the Prestige

1 Configure the ESSID

and WEP in the Wireless screen. If you

configure WEP, you can’t configure WPA or WPA-PSK.

2 Use the MAC Filter

screen to restrict access to your wireless network by MAC address.

3 Configure WPA or

WPA-PSK in the

802.1x/WPA screen. You can also configure 802.1x wireless client authentication in the 802.1x/WPA screen.

4 Configure the RADIUS authentication database settings in the RADIUS screen.

5 Configure the built-in authentication database in the Local User Database screen.

83 Chapter 7 Wireless LAN (Prestige 660HW)

Prestige 660H/HW Series User’s Guide

6 If you have OTIST-enabled clients, configure OTIST in the OTIST screen. OTIST

transfers device SSID and WEP or WPA-PSK key settings (if enabled) to wireless clients.

The following figure shows the relative effectiveness of these wireless security methods available on your Prestige.

Figure 25 Wireless Security Methods

Note: You must enable the same wireless security settings on the Prestige and on all

wireless clients that you want to associate with it.

If you do not enable any wireless security on your Prestige, your network is accessible to any wireless networking device that is within range.

7.3 Configuring the Wireless Screen

7.3.1 WEP Encryption

WEP encryption scrambles the data transmitted between the wireless stations and the access points to keep network communications private. It encrypts unicast and multicast communications in a network. Both the wireless stations and the access points must use the same WEP key.

Your Prestige allows you to configure up to four 64-bit, 128-bit or 256-bit WEP keys but only one key can be enabled at any one time.

In order to configure and enable WEP encryption; click Wireless LAN and Wireless to the display the Wireless screen.

Chapter 7 Wireless LAN (Prestige 660HW) 84

Prestige 660H/HW Series User’s Guide

Figure 26 Wireless Screen

The following table describes the labels in this screen.

Table 16 Wireless LAN

LABEL DESCRIPTION

Enable Wireless LAN

Enable Wireless g+Select this checkbox to allow any ZyXEL WLAN devices that support this feature to

802.11 Mode Select 802.11b Only to allow only IEEE 802.11b compliant WLAN devices to

ESSID The ESSID (Extended Service Set IDentification) is a unique name to identify the

You should configure some wireless security (see Figure 25 on page 84) when you enable the wireless LAN. Select the check box to enable the wireless LAN.

associate with the Prestige at higher transmission speeds. This permits the Prestige to transmit at a higher speed than the 802.11g Only mode.

associate with the Prestige. Select 802.11g Only to allow only IEEE 802.11g compliant WLAN devices to

associate with the Prestige. Select Mixed to allow either IEEE802.11b or IEEE802.11g compliant WLAN devices

to associate with the Prestige. The transmission rate of your Prestige might be reduced.

Prestige in the wireless LAN. Wireless stations associating to the Prestige must have the same ESSID.

Enter a descriptive name of up to 32 printable characters (including spaces; alphabetic characters are case-sensitive).

85 Chapter 7 Wireless LAN (Prestige 660HW)

Prestige 660H/HW Series User’s Guide

Table 16 Wireless LAN (continued)

LABEL DESCRIPTION

Hide ESSID Select Yes to hide the ESSID in so a station cannot obtain the ESSID through AP

scanning. Select No to make the ESSID visible so a station can obtain the ESSID through AP

scanning.

Channel ID The radio frequency used by IEEE 802.11a, b or g wireless devices is called a

channel. Select a channel from the drop-down list box.

RTS/CTS Threshold

Fragmentation Threshold

You won’t see the following WEP-related fields if you have WPA or WPA-PSK enabled.

Passphrase Enter a "passphrase" (password phrase) of up to 63 case-sensitive printable

Generate After you enter the passphrase, click Generate to have the Prestige generate four

WEP Encryption WEP (Wired Equivalent Privacy) encrypts data frames before transmitting over the

Key 1 to Key 4 The WEP keys are used to encrypt data. Both the Prestige and the wireless stations

Back Click Back to go to the main wireless LAN setup screen.

Apply Click Apply to save your changes back to the Prestige.

Cancel Click Cancel to begin configuring this screen afresh.

The RTS (Request To Send) threshold (number of bytes) is for enabling RTS/CTS. Data with its frame size larger than this value will perform the RTS/CTS handshake. Setting this value to be larger than the maximum MSDU (MAC service data unit) size turns off RTS/CTS. Setting this value to zero turns on RTS/CTS.

Select the check box to change the default value and enter a new value between 0 and 2432.

This is the threshold (number of bytes) for the fragmentation boundary for directed messages. It is the maximum data fragment size that can be sent.

Select the check box to change the default value and enter a value between 256 and 2432.

characters and click Generate to have the Prestige create four different WEP keys. At the time of writing, you cannot use passphrase to generate 256-bit WEP keys.

different WEP keys automatically. The keys display in the fields below.

wireless network. Select Disable to allow all wireless stations to communicate with the access points

without any data encryption. Select 64-bit WEP, 128-bit WEP or 256-bit WEP to use data encryption.

must use the same WEP key for data transmission. If you want to manually set the WEP keys, enter the key in the field provided. If you chose 64-bit WEP, then enter any 5 ASCII characters or 10 hexadecimal

characters ("0-9", "A-F"). If you chose 128-bit WEP, then enter 13 ASCII characters or 26 hexadecimal

characters ("0-9", "A-F"). If you chose 256-bit WEP, then enter 29 ASCII characters or 58 hexadecimal

characters ("0-9", "A-F"). The values for the WEP keys must be set up exactly the same on all wireless

devices in the same wireless LAN. You must configure all four keys, but only one key can be used at any one time. The

default key is key 1.

Chapter 7 Wireless LAN (Prestige 660HW) 86

Prestige 660H/HW Series User’s Guide

Note: If you are configuring the Prestige from a computer connected to the wireless

LAN and you change the Prestige’s ESSID or security settings (see

on page 84), you will lose your wireless connection when you press Apply to

confirm. You must then change the wireless settings of your computer to match the Prestige’s new settings.

7.4 Configuring MAC Filters

Every Ethernet device has a unique MAC (Media Access Control) address. The MAC address is assigned at the factory and consists of six pairs of hexadecimal characters, for example, 00:A0:C5:00:00:02. You need to know the MAC addresses of the devices to configure this screen. To change your Prestige’s MAC filter settings, click Wireless LAN, MAC Filter to open the MAC Filter screen. The screen appears as shown.

Note: Be careful not to list your computer’s MAC address and set the Action field to

Deny Association when managing the Prestige via a wireless connection.

This would lock you out.

Figure 25

87 Chapter 7 Wireless LAN (Prestige 660HW)

Figure 27 MAC Address Filter

Prestige 660H/HW Series User’s Guide

The following table describes the fields in this menu.

Table 17 MAC Address Filter

LABEL DESCRIPTION

Active Select Ye s from the drop down list box to enable MAC address filtering.

Action Define the filter action for the list of MAC addresses in the MAC Address table.

Select Deny Association to block access to the router, MAC addresses not listed will be allowed to access the Prestige. Select Allow Association to permit access to the router, MAC addresses not listed will be denied access to the Prestige.

MAC Address Enter the MAC addresses in a valid MAC address format, that is, six hexadecimal

character pairs, for example, 12:34:56:78:9a:bc allowed or denied access to the Prestige in these address fields.

Chapter 7 Wireless LAN (Prestige 660HW) 88

of the wireless stations that are

Prestige 660H/HW Series User’s Guide

Table 17 MAC Address Filter (continued)

LABEL DESCRIPTION

Back Click Back to go to the main wireless LAN setup screen.

Apply Click Apply to save your changes back to the Prestige.

Cancel Click Cancel to begin configuring this screen afresh.

7.5 Introduction to WPA

Wi-Fi Protected Access (WPA) is a subset of the IEEE 802.11i standard. WPA is preferred to WEP as WPA has user authentication and improved data encryption. See the appendix for more information on WPA user authentication and WPA encryption.

If you don’t have an external RADIUS server, you should use WPA-PSK (WPA -Pre-Shared Key). WPA-PSK only requires a single (identical) password entered into each WLAN member. As long as the passwords match, a client will be granted access to a WLAN.

Note: You can’t use the Local User Database for authentication when you select

WPA.

7.5.1 WPA-PSK Application Example

A WPA-PSK application looks as follows.

1 First enter identical passwords into the AP and all wireless clients. The Pre-Shared Key

(PSK) must be between 8 and 63 printable characters (including spaces; alphabetic characters are case-sensitive).

2 The AP checks each client’s password and (only) allows it to join the network if the

passwords match.

3 The AP derives and distributes keys to the wireless clients.

4 The AP and wireless clients use the TKIP encryption process to encrypt data exchanged

between them.

89 Chapter 7 Wireless LAN (Prestige 660HW)

Figure 28 WPA - PSK Authentication

7.5.2 WPA with RADIUS Application Example

You need the IP address, port number (default is 1812) and shared secret of a RADIUS server. A WPA application example with an external RADIUS server looks as follows. "A" is the RADIUS server. "DS" is the distribution system (wired link to the LAN).

Prestige 660H/HW Series User’s Guide

1 The AP passes the wireless client’s authentication request to the RADIUS server.

2 The RADIUS server then checks the user's identification against its database and grants

or denies network access accordingly.

3 The RADIUS server distributes a Pairwise Master Key (PMK) key to the AP that then

sets up a key hierarchy and management system, using the pair-wise key to dynamically generate unique data encryption keys to encrypt every data packet that is wirelessly transmitted between the AP and the wireless clients

Chapter 7 Wireless LAN (Prestige 660HW) 90

Prestige 660H/HW Series User’s Guide

Figure 29 WPA with RADIUS Application Example2

7.5.3 Wireless Client WPA Supplicants

A wireless client supplicant is the software that runs on an operating system instructing the wireless client how to use WPA. At the time of writing, the most widely available supplicants are the WPA patch for Windows XP, Funk Software's Odyssey client, and Meetinghouse Data Communications' AEGIS client.

The Windows XP patch is a free download that adds WPA capability to Windows XP's builtin "Zero Configuration" wireless client. However, you must run Windows XP to use it.

7.6 Configuring IEEE 802.1x and WPA

To change your Prestige’s authentication settings, click the Wireless LAN link under Advanced Setup and then the 802.1x/WPA tab. The screen varies by the key management protocol you select.

You see the next screens when you select No Access Allowed or No Authentication Required in the Wireless Port Control field.

91 Chapter 7 Wireless LAN (Prestige 660HW)

Prestige 660H/HW Series User’s Guide

Figure 30 Wireless LAN: 802.1x/WPA: No Authentication

The following table describes the label in these screens.

Table 18 Wireless LAN: 802.1x/WPA: No Access/Authentication

LABEL DESCRIPTION

Wireless Port Control

Back Click Back to go to the main wireless LAN setup screen.

Apply Click Apply to save your changes back to the Prestige.

Cancel Click Cancel to begin configuring this screen afresh.

To control wireless station access to the wired network, select a control method from the drop-down list box. Choose from No Access Allowed, No Authentication

Required and Authentication Required. No Access Allowed blocks all wireless stations access to the wired network. No Authentication Required allows all wireless stations access to the wired network

without entering usernames and passwords. This is the default setting. Authentication Required means that all wireless stations have to enter usernames

and passwords before access to the wired network is allowed. Select Authentication Required to configure Key Management Protocol and other

related fields.

7.6.1 Authentication Required: 802.1x

You need the following for IEEE 802.1x authentication.

• A computer with an IEEE 802.11 a/b/g wireless LAN adapter and equipped with a web browser (with JavaScript enabled) and/or Telnet.

• A wireless station computer must be running IEEE 802.1x-compliant software. Not all Windows operating systems support IEEE 802.1x (see the Microsoft web site for details). For other operating systems, see their documentation. If your operating system does not support IEEE 802.1x, then you may need to install IEEE 802.1x client software.

• An optional network RADIUS server for remote user authentication and accounting.

Select Authentication Required in the Wireless Port Control field and 802.1x in the Key Management Protocol field to display the next screen.

Chapter 7 Wireless LAN (Prestige 660HW) 92

Prestige 660H/HW Series User’s Guide

Figure 31 Wireless LAN: 802.1x/WPA: 802.1xl

The following table describes the labels in this screen.

Table 19 Wireless LAN: 802.1x/WPA: 802.1x

LABEL DESCRIPTION

Wireless Port Control

ReAuthentication Timer (in Seconds)

To control wireless station access to the wired network, select a control method from the drop-down list box. Choose from No Authentication Required, Authentication Required and No Access Allowed.

The following fields are only available when you select Authentication Required.

Specify how often wireless stations have to reenter usernames and passwords in order to stay connected. This field is activated only when you select Authentication Required in the Wireless Port Control field.

Enter a time interval between 10 and 9999 seconds. The default time interval is

1800 seconds (30 minutes).

Note: If wireless station authentication is done using a RADIUS

server, the reauthentication timer on the RADIUS server has priority.

Idle Timeout (in Seconds)

Key Management Protocol

The Prestige automatically disconnects a wireless station from the wired network after a period of inactivity. The wireless station needs to enter the username and password again before access to the wired network is allowed.

This field is activated only when you select Authentication Required in the Wireless Port Control field. The default time interval is 3600 seconds (or 1 hour).

Choose 802.1x from the drop-down list.

93 Chapter 7 Wireless LAN (Prestige 660HW)

Prestige 660H/HW Series User’s Guide

Table 19 Wireless LAN: 802.1x/WPA: 802.1x (continued)

LABEL DESCRIPTION

Dynamic WEP Key Exchange

Authentication Databases

Back Click Back to go to the main wireless LAN setup screen.

Apply Click Apply to save your changes back to the Prestige.

Cancel Click Cancel to begin configuring this screen afresh.

This field is activated only when you select Authentication Required in the

Wireless Port Control field. Also set the Authentication Databases field to RADIUS Only. Local user database may not be used.

Select Disable to allow wireless stations to communicate with the access points without using dynamic WEP key exchange.

Select 64-bit WEP, 128-bit WEP or 256-bit WEP to enable data encryption. Up to 32 stations can access the Prestige when you configure dynamic WEP key

exchange. This field is not available when you set Key Management Protocol to WPA or

WPA-PSK.

The authentication database contains wireless station login information. The local user database is the built-in database on the Prestige. The RADIUS is an external server. Use this drop-down list box to select which database the Prestige should use (first) to authenticate a wireless station.

Before you specify the priority, make sure you have set up the corresponding database correctly first.

Select Local User Database Only to have the Prestige just check the built-in user database on the Prestige for a wireless station's username and password.

Select RADIUS Only to have the Prestige just check the user database on the specified RADIUS server for a wireless station's username and password.

Select Local first, then RADIUS to have the Prestige first check the user database on the Prestige for a wireless station's username and password. If the user name is not found, the Prestige then checks the user database on the specified RADIUS server.

Select RADIUS first, then Local to have the Prestige first check the user database on the specified RADIUS server for a wireless station's username and password. If the Prestige cannot reach the RADIUS server, the Prestige then checks the local user database on the Prestige. When the user name is not found or password does not match in the RADIUS server, the Prestige will not check the local user database and the authentication fails.

Note: Once you enable user authentication, you need to specify an external RADIUS

server or create local user accounts on the Prestige for authentication.

7.6.2 Authentication Required: WPA

Select Authentication Required in the Wireless Port Control field and WPA in the Key Management Protocol field to display the next screen.

Chapter 7 Wireless LAN (Prestige 660HW) 94

Prestige 660H/HW Series User’s Guide

Figure 32 Wireless LAN: 802.1x/WPA: WPAl

The following table describes the labels not previously discussed

Table 20 Wireless LAN: 802.1x/WPA: WPAl

LABEL DESCRIPTION

Key Management Protocol

WPA Mixed Mode The Prestige can operate in WPA Mixed Mode, which supports both clients

Group Data Privacy Group Data Privacy allows you to choose TKIP (recommended) or WEP for

WPA Group Key Update Timer

Authentication Databases

Choose WPA in this field.

running WPA and clients running dynamic WEP key exchange with 802.1x in the same Wi-Fi network.

Select the check box to activate WPA mixed mode. Otherwise, clear the check box and configure the Group Data Privacy field.

broadcast and multicast ("group") traffic if the Key Management Protocol is WPA and WPA Mixed Mode is disabled. WEP is used automatically if you have enabled WPA Mixed Mode.

All unicast traffic is automatically encrypted by TKIP when WPA or WPA-PSK Key Management Protocol is selected.

The WPA Group Key Update Timer is the rate at which the AP (if using WPA- PSK key management) or RADIUS server (if using WPA key management) sends a new group key out to all clients. The re-keying process is the WPA equivalent of automatically changing the WEP key for an AP and all stations in a WLAN on a periodic basis. Setting of the WPA Group Key Update Timer is also supported in WPA-PSK mode. The Prestige default is 1800 seconds (30 minutes).

When you configure Key Management Protocol to WPA, the Authentication

Databases must be RADIUS Only. You can only use the Local User Database Only with 802.1x Key Management Protocol.

95 Chapter 7 Wireless LAN (Prestige 660HW)

7.6.3 Authentication Required: WPA-PSK

Select Authentication Required in the Wireless Port Control field and WPA-PSK in the Key Management Protocol field to display the next screen.

Figure 33 Wireless LAN: 802.1x/WPA:WPA-PSKl

Prestige 660H/HW Series User’s Guide

The following table describes the labels not previously discussed.

Table 21 Wireless LAN: 802.1x/WPA: WPAl-PSK

LABEL DESCRIPTION

Key Management Protocol

Pre-Shared Key The encryption mechanisms used for WPA and WPA-PSK are the same. The

WPA Mixed Mode The Prestige can operate in WPA Mixed Mode, which supports both clients

Group Data Privacy Group Data Privacy allows you to choose TKIP (recommended) or WEP for

Authentication Databases

Choose WPA-PSK in this field.

only difference between the two is that WPA-PSK uses a simple common password, instead of user-specific credentials.

Type a pre-shared key from 8 to 63 printable characters (including spaces; alphabetic characters are case-sensitive).

running WPA and clients running dynamic WEP key exchange with 802.1x in the same Wi-Fi network.

Select the check box to activate WPA mixed mode. Otherwise, clear the check box and configure the Group Data Privacy field.

broadcast and multicast ("group") traffic if the Key Management Protocol is WPA and WPA Mixed Mode is disabled. WEP is used automatically if you have enabled WPA Mixed Mode.

All unicast traffic is automatically encrypted by TKIP when WPA or WPA-PSK Key Management Protocol is selected.

This field is only visible when WPA Mixed Mode is enabled.

Chapter 7 Wireless LAN (Prestige 660HW) 96

Prestige 660H/HW Series User’s Guide

7.7 Configuring Local User Authentication

By storing user profiles locally, your Prestige is able to authenticate wireless users without interacting with a network RADIUS server. However, there is a limit on the number of users you may authenticate in this way.

To change your Prestige’s local user database, click Wireless LAN, Local User Database. The screen appears as shown.

Figure 34 Local User Database

The following table describes the fields in this screen.

Table 22 Local User Database

LABEL DESCRIPTION

# This is the index number of a local user account.

Active Select this check box to enable the user profile.

User Name Enter a user name of up to 31 alphanumeric characters (case-sensitive), hyphens ('-')

and underscores ('_') if you’re using MD5 encryption and maximum 14 if you’re using PEAP.

97 Chapter 7 Wireless LAN (Prestige 660HW)

Table 22 Local User Database (continued)

LABEL DESCRIPTION

Password Enter a password of up to 31 printable characters (including spaces; alphabetic

characters are case-sensitive) if you’re using MD5 encryption and maximum 14 if you’re using PEAP.

Back Click Back to go to the main wireless LAN setup screen.

Apply Click Apply to save these settings back to the Prestige.

Cancel Click Cancel to begin configuring this screen again.

7.8 Configuring RADIUS

To set up your Prestige’s RADIUS server settings, click WIRELESS LAN, RADIUS. The screen appears as shown.

Figure 35 RADIUS

Prestige 660H/HW Series User’s Guide

The following table describes the fields in this screen.

Table 23 RADIUS

LABEL DESCRIPTION

Authentication Server

Active Select Yes from the drop-down list box to enable user authentication

Server IP Address Enter the IP address of the external authentication server in dotted decimal

Port Number The default port of the RADIUS server for authentication is 1812.

Chapter 7 Wireless LAN (Prestige 660HW) 98

through an external authentication server.

notation.

You need not change this value unless your network administrator instructs you to do so with additional information.

Prestige 660H/HW Series User’s Guide

Table 23 RADIUS (continued)

LABEL DESCRIPTION

Shared Secret Enter a password (up to 31 alphanumeric characters) as the key to be

shared between the external authentication server and the access points. The key is not sent over the network. This key must be the same on the

external authentication server and Prestige.

Accounting Server

Active Select Yes from the drop-down list box to enable user authentication

Server IP Address Enter the IP address of the external accounting server in dotted decimal

Port Number The default port of the RADIUS server for accounting is 1813.

Shared Secret Enter a password (up to 31 alphanumeric characters) as the key to be

Back Click Back to go to the main wireless LAN setup screen.

Apply Click Apply to save these settings back to the Prestige.

Cancel Click Cancel to begin configuring this screen again.

through an external accounting server.

notation.

You need not change this value unless your network administrator instructs you to do so with additional information.

shared between the external accounting server and the access points. The key is not sent over the network. This key must be the same on the

external accounting server and the Prestige.

7.9 Introduction to OTIST

In a wireless network, the wireless clients must have the same SSID and security settings as the access point (AP) or wireless router (we will refer to both as “AP” here) in order to associate with it. Traditionally this meant that you had to configure the settings on the AP and then manually configure the exact same settings on each wireless client.

OTIST (One-Touch Intelligent Security Technology) allows you to transfer your AP’s SSID and WEP or WPA-PSK security settings to wireless clients that support OTIST and are within transmission range. You can also choose to have OTIST generate a WPA-PSK key for you if you didn’t configure one manually.

Note: OTIST replaces the pre-configured wireless settings on the wireless clients.

7.9.1 Enabling OTIST

You must enable OTIST on both the AP and wireless client before you start transferring settings.

Note: The AP and wireless client(s) MUST use the same Setup key.

7.9.1.1 AP

You can enable OTIST using the Reset button or the web configurator.

99 Chapter 7 Wireless LAN (Prestige 660HW)

ZyXEL Communications VPCJ2, VPCL14 User Manual

Specifications and Main Features

Frequently Asked Questions

User Manual

User’s Guide

Copyright

3 Federal Communications Commission (FCC) Interference Statement

Safety Warnings

ZyXEL Limited Warranty

Customer Support

Table of Contents

List of Figures

List of Tables

Preface

Introduction to DSL

Getting To Know Your Prestige

1.1 Introducing the Prestige

1.1.1 Features of the Prestige

1.1.1.1 P-660HW Wireless Features

1.1.2 Applications for the Prestige

1.1.2.1 Internet Access

1.1.3 Firewall for Secure Broadband Internet Access

1.1.3.1 LAN to LAN Application

1.1.4 Front Panel LEDs

2.1 Web Configurator Overview

2.1.1 Accessing the Prestige Web Configurator

2.1.2 Resetting the Prestige

2.1.2.1 Using the Reset Button

2.1.3 Navigating the Prestige Web Configurator

Wizard Setup for Internet Access

3.1 Introduction to Internet Access Wizard

3.1.1 Internet Access Wizard Setup

4.1 Introduction to Media Bandwidth Management

4.1.1 Predefined Media Bandwidth Management Services

4.2 Media Bandwidth Management Setup

5.1 Password Overview

5.1.1 Configuring Password

Password Setup

6.1 LAN Overview

6.1.1 LANs, WANs and the Prestige

LAN Setup

6.2 DNS Server Address

6.3 DNS Server Address Assignment

6.4 LAN TCP/IP

6.4.1 Factory LAN Defaults

6.4.2 IP Address and Subnet Mask

6.4.3 RIP Setup

6.4.4 Multicast

6.5 Any IP

6.5.1 How Any IP Works

6.6 Configuring LAN

6.7 Configuring Static DHCP

Wireless LAN (Prestige 660HW)

7.1 Introduction

7.2 Wireless Security Overview

7.2.1 Encryption

7.2.2 Authentication

7.2.3 Restricted Access

7.2.4 Hide Prestige Identity

7.2.5 G-plus

7.2.6 Configuring Wireless LAN on the Prestige

7.3 Configuring the Wireless Screen

7.3.1 WEP Encryption

7.4 Configuring MAC Filters

7.5 Introduction to WPA

7.5.1 WPA-PSK Application Example

7.5.2 WPA with RADIUS Application Example

7.5.3 Wireless Client WPA Supplicants

7.6 Configuring IEEE 802.1x and WPA

7.6.1 Authentication Required: 802.1x

7.6.2 Authentication Required: WPA

7.6.3 Authentication Required: WPA-PSK

7.7 Configuring Local User Authentication

7.8 Configuring RADIUS

7.9 Introduction to OTIST

7.9.1 Enabling OTIST

7.9.1.1 AP