ZyXEL Communications VPCJ2, VPCL14 User Manual

Prestige 660H/HW Series
802.11g Wireless ADSL2+ 4-Port Security Gateway

User’s Guide

Version 3.40
5/2005
Prestige 660H/HW Series User’s Guide
Copyright © 2005 by ZyXEL Communications Corporation.
The contents of this publication may not be reproduced in any part or as a whole, transcribed, stored in a retrieval system, translated into any language, or transmitted in any form or by any means, electronic, mechanical, magnetic, optical, chemical, photocopying, manual, or otherwise, without the prior written permission of ZyXEL Communications Corporation.
Published by ZyXEL Communications Corporation. All rights reserved.
Disclaimer
ZyXEL does not assume any liability arising out of the application or use of any products, or software described herein. Neither does it convey any license under its patent rights nor the patent rights of others. ZyXEL further reserves the right to make changes in any products described herein without notice. This publication is subject to change without notice.
Trademarks
ZyNOS (ZyXEL Network Operating System) is a registered trademark of ZyXEL Communications, Inc. Other trademarks mentioned in this publication are used for identification purposes only and may be properties of their respective owners.
Copyright 2
Prestige 660H/HW Series User’s Guide
Federal Communications
Commission (FCC) Interference
Statement
This device complies with Part 15 of FCC rules. Operation is subject to the following two conditions:
• This device may not cause harmful interference.
• This device must accept any interference received, including interference that may cause undesired operations.
This equipment has been tested and found to comply with the limits for a Class B digital device pursuant to Part 15 of the FCC Rules. These limits are designed to provide reasonable protection against harmful interference in a commercial environment. This equipment generates, uses, and can radiate radio frequency energy, and if not installed and used in accordance with the instructions, may cause harmful interference to radio communications.
If this equipment does cause harmful interference to radio/television reception, which can be determined by turning the equipment off and on, the user is encouraged to try to correct the interference by one or more of the following measures:
• Reorient or relocate the receiving antenna.
• Increase the separation between the equipment and the receiver.
• Connect the equipment into an outlet on a circuit different from that to which the receiver is connected.
• Consult the dealer or an experienced radio/TV technician for help.
Notice 1
Changes or modifications not expressly approved by the party responsible for compliance could void the user's authority to operate the equipment.
This Class B digital apparatus complies with Canadian ICES-003.
Cet appareil numérique de la classe B est conforme à la norme NMB-003 du Canada.
Certifications
Go to www.zyxel.com
1 Select your product from the drop-down list box on the ZyXEL home page to go to that
product's page.
2 Select the certification you wish to view from this page.

3 Federal Communications Commission (FCC) Interference Statement

Prestige 660H/HW Series User’s Guide

Safety Warnings

For your safety, be sure to read and follow all warning notices and instructions.
• To reduce the risk of fire, use only No. 26 AWG (American Wire Gauge) or larger telecommunication line cord.
• Do NOT open the device or unit. Opening or removing covers can expose you to dangerous high voltage points or other risks. ONLY qualified service personnel can service the device. Please contact your vendor for further information.
• Use ONLY the dedicated power supply for your device. Connect the power cord or power adaptor to the right supply voltage (110V AC in North America or 230V AC in Europe).
• Do NOT use the device if the power supply is damaged as it might cause electrocution.
• If the power supply is damaged, remove it from the power outlet.
• Do NOT attempt to repair the power supply. Contact your local vendor to order a new power supply.
• Place connecting cables carefully so that no one will step on them or stumble over them. Do NOT allow anything to rest on the power cord and do NOT locate the product where anyone can walk on the power cord.
• If you wall mount your device, make sure that no electrical, gas or water pipes will be damaged.
• Do NOT install nor use your device during a thunderstorm. There may be a remote risk of electric shock from lightning.
• Do NOT expose your device to dampness, dust or corrosive liquids.
• Do NOT use this product near water, for example, in a wet basement or near a swimming pool.
• Make sure to connect the cables to the correct ports.
• Do NOT obstruct the device ventilation slots, as insufficient airflow may harm your device.
• Do NOT store things on the device.
• Connect ONLY suitable accessories to the device.
Safety Warnings 4
Prestige 660H/HW Series User’s Guide

ZyXEL Limited Warranty

ZyXEL warrants to the original end user (purchaser) that this product is free from any defects in materials or workmanship for a period of up to two years from the date of purchase. During the warranty period, and upon proof of purchase, should the product have indications of failure due to faulty workmanship and/or materials, ZyXEL will, at its discretion, repair or replace the defective products or components without charge for either parts or labor, and to whatever extent it shall deem necessary to restore the product or components to proper operating condition. Any replacement will consist of a new or re-manufactured functionally equivalent product of equal value, and will be solely at the discretion of ZyXEL. This warranty shall not apply if the product is modified, misused, tampered with, damaged by an act of God, or subjected to abnormal working conditions.
Note
Repair or replacement, as provided under this warranty, is the exclusive remedy of the purchaser. This warranty is in lieu of all other warranties, express or implied, including any implied warranty of merchantability or fitness for a particular use or purpose. ZyXEL shall in no event be held liable for indirect or consequential damages of any kind of character to the purchaser.
To obtain the services of this warranty, contact ZyXEL's Service Center for your Return Material Authorization number (RMA). Products must be returned Postage Prepaid. It is recommended that the unit be insured when shipped. Any returned products without proof of purchase or those with an out-dated warranty will be repaired or replaced (at the discretion of ZyXEL) and the customer will be billed for parts and labor. All repaired or replaced products will be shipped by ZyXEL to the corresponding return address, Postage Paid. This warranty gives you specific legal rights, and you may also have other rights that vary from country to country.
5 ZyXEL Limited Warranty
Prestige 660H/HW Series User’s Guide

Customer Support

Please have the following information ready when you contact customer support.
• Product model and serial number.
• Warranty Information.
• Date that you received your device.
• Brief description of the problem and the steps you took to solve it.
METHOD
LOCATION
CORPORATE HEADQUARTERS (WORLDWIDE)
CZECH REPUBLIC
DENMARK
FINLAND
FRANCE
GERMANY
NORTH AMERICA
NORWAY
SPAIN
SWEDEN
SUPPORT E-MAIL TELEPHONE
SALES E-MAIL FAX FTP SITE
support@zyxel.com.tw +886-3-578-3942 www.zyxel.com
sales@zyxel.com.tw +886-3-578-2439 ftp.zyxel.com
info@cz.zyxel.com +420 241 091 350 www.zyxel.cz ZyXEL Communications
info@cz.zyxel.com +420 241 091 359
support@zyxel.dk +45 39 55 07 00 www.zyxel.dk Z y X E L C o m m u n i c a t i o n s A / S
sales@zyxel.dk +45 39 55 07 07
support@zyxel.fi +358-9-4780-8411 www.zyxel.fi Z y X EL C o m m un i c a t i on s O y
sales@zyxel.fi +358-9-4780 8448
info@zyxel.fr +33 (0)4 72 52 97 97 www.zyxel.fr Z y XE L Fr a nc e
+33 (0)4 72 52 19 20
support@zyxel.de +49-2405-6909-0 www.zyxel.de ZyXEL Deutschland GmbH.
sales@zyxel.de +49-2405-6909-99
support@zyxel.com +1-800-255-4101
+1-714-632-0882
sales@zyxel.com +1-714-632-0858 ftp.us.zyxel.com
support@zyxel.no +47 22 80 61 80 www.zyxel.no Z y X E L C o m m u n i c a t i o n s A / S
sales@zyxel.no +47 22 80 61 81
support@zyxel.es +34 902 195 420 www.zyxel.es Z y X E L C o m m u ni c a t i o n s
sales@zyxel.es +34 913 005 345
support@zyxel.se +46 31 744 7700 www.zyxel.se Z y X E L C o m m u n ic at i on s A/ S
sales@zyxel.se +46 31 744 7701
A
WEB SITE
www.europe.zyxel.com
ftp.europe.zyxel.com
www.us.zyxel.com ZyXEL Communications Inc.
REGULAR MAIL
ZyXEL Communications Corp. 6 Innovation Road II
Sc ien ce P ar k Hsinchu 300 Ta iw a n
Czech s.r.o. Modranská 621 143 01 Praha 4 - Modrany Ceská Republika
Col um bu sv ej 5 2860 Soeborg Denmark
Mal mi nk aa ri 10 00700 Helsinki Finland
1 ru e d e s V er ge r s Ba t. 1 / C 69760 Limonest France
Adenauerstr. 20/A2 D-52146 Wuerselen Germany
1130 N. Miller St. Anaheim
CA 92806-2001 U.S.A.
Ni ls H ans en s ve i 13 0667 Oslo Norway
Alejandro Villegas 33 1º, 28043 Madrid Spain
Sjöporten 4, 41764 Göteborg Sweden
Customer Support 6
Prestige 660H/HW Series User’s Guide
METHOD
LOCATION
UNITED KINGDOM
SUPPORT E-MAIL TELEPHONE
SALES E-MAIL FAX FTP SITE
technical@zyxel.co.uk +44 (0) 8702 909090 www.zyxel.co.uk ZyXEL Communications UK
sales@zyxel.co.uk +44 (0) 8702 909091 ftp.zyxel.co.uk
A
WEB SITE
a. “+” is the (prefix) number you enter to make an international telephone call.
REGULAR MAIL
Ltd.,11, The Courtyard, Eastern Road, Bracknell, Berkshire, RG12 2XB, United Kingdom (UK)
7 Customer Support
Prestige 660H/HW Series User’s Guide

Table of Contents

Copyright .................................................................................................................. 2
Federal Communications Commission (FCC) Interference Statement ............... 3
Safety Warnings ....................................................................................................... 4
ZyXEL Limited Warranty.......................................................................................... 5
Customer Support.................................................................................................... 6
Table of Contents..................................................................................................... 8
List of Figures ........................................................................................................ 24
List of Tables .......................................................................................................... 32
Preface .................................................................................................................... 38
Introduction to DSL................................................................................................ 40
Chapter 1
Getting To Know Your Prestige.............................................................................42
1.1 Introducing the Prestige .....................................................................................42
1.1.1 Features of the Prestige ...........................................................................43
1.1.1.1 P-660HW Wireless Features ...........................................................47
1.1.2 Applications for the Prestige .....................................................................48
1.1.2.1 Internet Access ...............................................................................48
1.1.3 Firewall for Secure Broadband Internet Access .......................................49
1.1.3.1 LAN to LAN Application ...................................................................49
1.1.4 Front Panel LEDs .....................................................................................49
Chapter 2
Introducing the Web Configurator........................................................................ 52
2.1 Web Configurator Overview ...............................................................................52
2.1.1 Accessing the Prestige Web Configurator ................................................52
2.1.2 Resetting the Prestige ..............................................................................53
2.1.2.1 Using the Reset Button ...................................................................53
2.1.3 Navigating the Prestige Web Configurator ...............................................54
8
Prestige 660H/HW Series User’s Guide
Chapter 3
Wizard Setup for Internet Access.........................................................................58
3.1 Introduction to Internet Access Wizard ..............................................................58
3.1.1 Internet Access Wizard Setup ..................................................................58
Chapter 4
Wizard Setup for Media Bandwidth Management ............................................... 66
4.1 Introduction to Media Bandwidth Management ..................................................66
4.1.1 Predefined Media Bandwidth Management Services ...............................66
4.2 Media Bandwidth Management Setup ...............................................................67
Chapter 5
Password Setup .....................................................................................................70
5.1 Password Overview ...........................................................................................70
5.1.1 Configuring Password ...............................................................................70
Chapter 6
LAN Setup...............................................................................................................72
6.1 LAN Overview ....................................................................................................72
6.1.1 LANs, WANs and the Prestige ..................................................................72
6.2 DNS Server Address ..........................................................................................73
6.3 DNS Server Address Assignment ......................................................................73
6.4 LAN TCP/IP ........................................................................................................74
6.4.1 Factory LAN Defaults ................................................................................74
6.4.2 IP Address and Subnet Mask ...................................................................74
6.4.3 RIP Setup .................................................................................................75
6.4.4 Multicast ....................................................................................................75
6.5 Any IP .................................................................................................................76
6.5.1 How Any IP Works ....................................................................................76
6.6 Configuring LAN .................................................................................................77
6.7 Configuring Static DHCP ....................................................................................79
Chapter 7
Wireless LAN (Prestige 660HW)............................................................................ 82
7.1 Introduction ........................................................................................................82
7.2 Wireless Security Overview ...............................................................................82
7.2.1 Encryption .................................................................................................82
7.2.2 Authentication ...........................................................................................82
7.2.3 Restricted Access .....................................................................................83
7.2.4 Hide Prestige Identity ................................................................................83
7.2.5 G-plus .......................................................................................................83
7.2.6 Configuring Wireless LAN on the Prestige ...............................................83
7.3 Configuring the Wireless Screen ........................................................................84
9
Prestige 660H/HW Series User’s Guide
7.3.1 WEP Encryption ........................................................................................84
7.4 Configuring MAC Filters .....................................................................................87
7.5 Introduction to WPA ...........................................................................................89
7.5.1 WPA-PSK Application Example ................................................................89
7.5.2 WPA with RADIUS Application Example ..................................................90
7.5.3 Wireless Client WPA Supplicants ............................................................91
7.6 Configuring IEEE 802.1x and WPA ....................................................................91
7.6.1 Authentication Required: 802.1x ...............................................................92
7.6.2 Authentication Required: WPA .................................................................94
7.6.3 Authentication Required: WPA-PSK .........................................................96
7.7 Configuring Local User Authentication ...............................................................97
7.8 Configuring RADIUS ..........................................................................................98
7.9 Introduction to OTIST .........................................................................................99
7.9.1 Enabling OTIST ........................................................................................99
7.9.1.1 AP ...................................................................................................99
7.9.1.2 Wireless Client ..............................................................................101
7.9.2 Starting OTIST ........................................................................................101
7.9.3 Notes on OTIST ......................................................................................102
Chapter 8
WAN Setup............................................................................................................ 104
8.1 WAN Overview .................................................................................................104
8.2 Metric ..............................................................................................................104
8.3 PPPoE Encapsulation ......................................................................................105
8.4 Traffic Shaping .................................................................................................105
8.5 Zero Configuration Internet Access ..................................................................106
8.6 Configuring WAN Setup ...................................................................................106
8.7 Traffic Redirect ................................................................................................109
8.8 Configuring WAN Backup ................................................................................. 110
Chapter 9
Network Address Translation (NAT) Screens.................................................... 114
9.1 NAT Overview .................................................................................................. 114
9.1.1 NAT Definitions ....................................................................................... 114
9.1.2 What NAT Does ......................................................................................115
9.1.3 How NAT Works .....................................................................................115
9.1.4 NAT Application ......................................................................................116
9.1.5 NAT Mapping Types ...............................................................................117
9.2 SUA (Single User Account) Versus NAT .......................................................... 118
9.3 SUA Server ...................................................................................................... 118
9.3.1 Default Server IP Address ...................................................................... 118
9.3.2 Port Forwarding: Services and Port Numbers ........................................118
9.3.3 Configuring Servers Behind SUA (Example) ..........................................119
10
Prestige 660H/HW Series User’s Guide
9.4 SIP ALG ........................................................................................................... 119
9.5 Selecting the NAT Mode ..................................................................................120
9.6 Configuring SUA Server ...................................................................................120
9.7 Configuring Address Mapping ..........................................................................122
9.8 Editing an Address Mapping Rule ....................................................................123
Chapter 10
Dynamic DNS Setup............................................................................................. 126
10.1 Dynamic DNS .................................................................................................126
10.1.1 DYNDNS Wildcard ................................................................................126
10.2 Configuring Dynamic DNS .............................................................................126
Chapter 11
Time and Date....................................................................................................... 128
11.1 Configuring Time and Date .............................................................................128
Chapter 12
Firewalls................................................................................................................130
12.1 Firewall Overview ...........................................................................................130
12.2 Types of Firewalls ..........................................................................................130
12.2.1 Packet Filtering Firewalls ......................................................................130
12.2.2 Application-level Firewalls ....................................................................130
12.2.3 Stateful Inspection Firewalls ................................................................131
12.3 Introduction to ZyXEL’s Firewall .....................................................................131
12.3.1 Denial of Service Attacks ......................................................................132
12.4 Denial of Service ............................................................................................132
12.4.1 Basics ...................................................................................................132
12.4.2 Types of DoS Attacks ...........................................................................133
12.4.2.1 ICMP Vulnerability ......................................................................135
12.4.2.2 Illegal Commands (NetBIOS and SMTP) ....................................135
12.4.2.3 Traceroute ...................................................................................136
12.5 Stateful Inspection ..........................................................................................136
12.5.1 Stateful Inspection Process ..................................................................137
12.5.2 Stateful Inspection and the Prestige .....................................................138
12.5.3 TCP Security .........................................................................................138
12.5.4 UDP/ICMP Security ..............................................................................139
12.5.5 Upper Layer Protocols ..........................................................................139
12.6 Guidelines for Enhancing Security with Your Firewall ....................................139
12.6.1 Security In General ...............................................................................140
12.7 Packet Filtering Vs Firewall ............................................................................141
12.7.1 Packet Filtering: ....................................................................................141
12.7.1.1 When To Use Filtering .................................................................141
12.7.2 Firewall .................................................................................................141
11
Prestige 660H/HW Series User’s Guide
12.7.2.1 When To Use The Firewall ..........................................................141
Chapter 13
Firewall Configuration .........................................................................................144
13.1 Access Methods .............................................................................................144
13.2 Firewall Policies Overview .............................................................................144
13.3 Rule Logic Overview ......................................................................................145
13.3.1 Rule Checklist .......................................................................................145
13.3.2 Security Ramifications ..........................................................................145
13.3.3 Key Fields For Configuring Rules .........................................................146
13.3.3.1 Action ..........................................................................................146
13.3.3.2 Service ........................................................................................146
13.3.3.3 Source Address ...........................................................................146
13.3.3.4 Destination Address ....................................................................146
13.4 Connection Direction Example .......................................................................146
13.4.1 LAN to WAN Rules ...............................................................................147
13.4.2 WAN to LAN Rules ...............................................................................147
13.4.3 Alerts .....................................................................................................148
13.5 Configuring Basic Firewall Settings ................................................................148
13.6 Rule Summary ...............................................................................................149
13.6.1 Configuring Firewall Rules ....................................................................151
13.7 Customized Services .....................................................................................154
13.8 Creating/Editing A Customized Service .........................................................154
13.9 Example Firewall Rule ...................................................................................155
13.10 Predefined Services .....................................................................................159
13.11 Anti-Probing ..................................................................................................161
13.12 Configuring Attack Alert ...............................................................................162
13.12.1 Threshold Values ................................................................................163
13.12.2 Half-Open Sessions ............................................................................163
13.12.2.1 TCP Maximum Incomplete and Blocking Time .........................163
Chapter 14
Content Filtering .................................................................................................. 166
14.1 Content Filtering Overview .............................................................................166
14.2 Configuring Keyword Blocking .......................................................................166
14.3 Configuring the Schedule ..............................................................................167
14.4 Configuring Trusted Computers .....................................................................168
Chapter 15
Remote Management Configuration .................................................................. 170
15.1 Remote Management Overview .....................................................................170
15.1.1 Remote Management Limitations .........................................................170
15.1.2 Remote Management and NAT ............................................................171
12
Prestige 660H/HW Series User’s Guide
15.1.3 System Timeout ...................................................................................171
15.2 Telnet ..............................................................................................................171
15.3 FTP ................................................................................................................171
15.4 Web ................................................................................................................172
15.5 Configuring Remote Management .................................................................172
Chapter 16
Universal Plug-and-Play (UPnP) ......................................................................... 174
16.1 Introducing Universal Plug and Play ..............................................................174
16.1.1 How do I know if I'm using UPnP? ........................................................174
16.1.2 NAT Traversal .......................................................................................174
16.1.3 Cautions with UPnP ..............................................................................174
16.2 UPnP and ZyXEL ...........................................................................................175
16.2.1 Configuring UPnP .................................................................................175
16.3 Installing UPnP in Windows Example ............................................................176
16.4 Using UPnP in Windows XP Example ...........................................................180
Chapter 17
Logs Screens........................................................................................................ 188
17.1 Logs Overview ...............................................................................................188
17.1.1 Alerts and Logs .....................................................................................188
17.2 Configuring Log Settings ................................................................................188
17.3 Displaying the Logs ........................................................................................190
17.4 SMTP Error Messages ...................................................................................191
17.4.1 Example E-mail Log ..............................................................................192
Chapter 18
Media Bandwidth Management Advanced Setup.............................................. 194
18.1 Bandwidth Management Advanced Setup Overview .....................................194
18.2 Bandwidth Classes and Filters .......................................................................194
18.3 Proportional Bandwidth Allocation .................................................................195
18.4 Bandwidth Management Usage Examples ....................................................195
18.4.1 Application-based Bandwidth Management Example ..........................195
18.4.2 Subnet-based Bandwidth Management Example .................................195
18.4.3 Application and Subnet-based Bandwidth Management Example .......196
18.5 Scheduler .......................................................................................................197
18.5.1 Priority-based Scheduler ......................................................................197
18.5.2 Fairness-based Scheduler ....................................................................197
18.6 Maximize Bandwidth Usage ...........................................................................197
18.6.1 Reserving Bandwidth for Non-Bandwidth Class Traffic ........................197
18.6.2 Maximize Bandwidth Usage Example ..................................................198
18.7 Bandwidth Borrowing .....................................................................................199
18.7.1 Bandwidth Borrowing Example .............................................................199
13
Prestige 660H/HW Series User’s Guide
18.7.2 Maximize Bandwidth Usage With Bandwidth Borrowing ......................200
18.8 Configuring Summary ....................................................................................200
18.9 Configuring Class Setup ................................................................................202
18.9.1 DiffServ .................................................................................................203
18.9.1.1 DSCP and Per-Hop Behavior ......................................................203
18.9.2 Media Bandwidth Management Class Configuration ............................203
18.9.3 Media Bandwidth Management Statistics .............................................206
18.10 Bandwidth Monitor ......................................................................................207
Chapter 19
Maintenance ......................................................................................................... 210
19.1 Maintenance Overview ...................................................................................210
19.2 System Status Screen ....................................................................................210
19.2.1 System Statistics ...................................................................................212
19.3 DHCP Table Screen .......................................................................................214
19.4 Any IP Table Screen .......................................................................................215
19.5 Wireless Screen .............................................................................................215
19.5.1 Association List .....................................................................................215
19.6 Diagnostic Screens ........................................................................................216
19.6.1 Diagnostic General Screen ...................................................................216
19.6.2 Diagnostic DSL Line Screen .................................................................217
19.7 Firmware Screen ............................................................................................219
Chapter 20
Introducing the SMT ............................................................................................222
20.1 SMT Introduction ............................................................................................222
20.1.1 Procedure for SMT Configuration via Telnet .........................................222
20.1.2 Entering Password ................................................................................222
20.1.3 Prestige SMT Menu Overview ..............................................................223
20.2 Navigating the SMT Interface .........................................................................223
20.2.1 System Management Terminal Interface Summary ..............................225
20.3 Changing the System Password ....................................................................225
Chapter 21
Menu 1 General Setup ......................................................................................... 228
21.1 General Setup ................................................................................................228
21.2 Procedure To Configure Menu 1 ....................................................................228
21.2.1 Procedure to Configure Dynamic DNS .................................................229
Chapter 22
Menu 2 WAN Backup Setup ................................................................................ 232
22.1 Introduction to WAN Backup Setup ................................................................232
22.2 Configuring Dial Backup in Menu 2 ................................................................232
14
Prestige 660H/HW Series User’s Guide
22.2.1 Traffic Redirect Setup ...........................................................................233
Chapter 23
Menu 3 LAN Setup ...............................................................................................236
23.1 LAN Setup ......................................................................................................236
23.1.1 General Ethernet Setup ........................................................................236
23.2 Protocol Dependent Ethernet Setup ..............................................................237
23.3 CP/IP Ethernet Setup and DHCP ...................................................................237
Chapter 24
Wireless LAN Setup ............................................................................................. 240
24.1 Wireless LAN Overview .................................................................................240
24.2 Wireless LAN Setup .......................................................................................240
24.2.1 Wireless LAN MAC Address Filter ........................................................241
Chapter 25
Internet Access .................................................................................................... 244
25.1 Internet Access Overview ..............................................................................244
25.2 IP Policies ......................................................................................................244
25.3 IP Alias ...........................................................................................................244
25.4 IP Alias Setup .................................................................................................245
25.5 Route IP Setup ...............................................................................................246
25.6 Internet Access Configuration ........................................................................247
Chapter 26
Remote Node Configuration ...............................................................................250
26.1 Remote Node Setup Overview .......................................................................250
26.2 Remote Node Setup .......................................................................................250
26.2.1 Remote Node Profile ............................................................................250
26.2.2 Encapsulation and Multiplexing Scenarios ...........................................251
26.2.2.1 Scenario 1: One VC, Multiple Protocols ......................................251
26.2.2.2 Scenario 2: One VC, One Protocol (IP) ......................................251
26.2.2.3 Scenario 3: Multiple VCs .............................................................251
26.2.3 Outgoing Authentication Protocol .........................................................253
26.3 Remote Node Network Layer Options ...........................................................254
26.3.1 My WAN Addr Sample IP Addresses ...................................................255
26.4 Remote Node Filter ........................................................................................256
26.5 Editing ATM Layer Options ............................................................................257
26.5.1 VC-based Multiplexing (non-PPP Encapsulation) ................................257
26.5.2 LLC-based Multiplexing or PPP Encapsulation ....................................257
26.5.3 Advance Setup Options ........................................................................258
15
Prestige 660H/HW Series User’s Guide
Chapter 27
Static Route Setup ...............................................................................................260
27.1 IP Static Route Overview ...............................................................................260
27.2 Configuration ..................................................................................................260
Chapter 28
Bridging Setup ..................................................................................................... 264
28.1 Bridging in General ........................................................................................264
28.2 Bridge Ethernet Setup ....................................................................................264
28.2.1 Remote Node Bridging Setup ...............................................................264
28.2.2 Bridge Static Route Setup .....................................................................266
Chapter 29
Network Address Translation (NAT)................................................................... 268
29.1 Using NAT ......................................................................................................268
29.1.1 SUA (Single User Account) Versus NAT ..............................................268
29.2 Applying NAT .................................................................................................268
29.3 NAT Setup ......................................................................................................270
29.3.1 Address Mapping Sets ..........................................................................270
29.3.1.1 SUA Address Mapping Set .........................................................271
29.3.1.2 User-Defined Address Mapping Sets ..........................................272
29.3.1.3 Ordering Your Rules ....................................................................273
29.4 Configuring a Server behind NAT ..................................................................274
29.5 General NAT Examples ..................................................................................275
29.5.1 Example 1: Internet Access Only ..........................................................276
29.5.2 Example 2: Internet Access with an Inside Server ...............................276
29.5.3 Example 3: Multiple Public IP Addresses With Inside Servers .............277
29.5.4 Example 4: NAT Unfriendly Application Programs ...............................281
Chapter 30
Enabling the Firewall ........................................................................................... 284
30.1 Remote Management and the Firewall ..........................................................284
30.2 Access Methods .............................................................................................284
30.3 Enabling the Firewall ......................................................................................284
Chapter 31
Filter Configuration..............................................................................................286
31.1 About Filtering ................................................................................................286
31.1.1 The Filter Structure of the Prestige .......................................................287
31.2 Configuring a Filter Set for the Prestige .........................................................288
31.3 Filter Rules Summary Menus .........................................................................289
31.4 Configuring a Filter Rule ................................................................................290
31.4.1 TCP/IP Filter Rule .................................................................................291
16
Prestige 660H/HW Series User’s Guide
31.4.2 Generic Filter Rule ................................................................................293
31.5 Filter Types and NAT .....................................................................................295
31.6 Example Filter ................................................................................................295
31.7 Applying Filters and Factory Defaults ............................................................297
31.7.1 Ethernet Traffic .....................................................................................298
31.7.2 Remote Node Filters .............................................................................298
Chapter 32
SNMP Configuration ............................................................................................300
32.1 About SNMP ..................................................................................................300
32.2 Supported MIBs ............................................................................................301
32.3 SNMP Configuration ......................................................................................301
32.4 SNMP Traps ...................................................................................................302
Chapter 33
System Security ...................................................................................................304
33.1 System Security .............................................................................................304
33.1.1 System Password .................................................................................304
33.1.2 Configuring External RADIUS Server ...................................................304
33.1.3 IEEE802.1x ...........................................................................................306
33.2 Creating User Accounts on the Prestige ........................................................308
Chapter 34
System Information and Diagnosis .................................................................... 310
34.1 Overview ........................................................................................................310
34.2 System Status ................................................................................................310
34.3 System Information ........................................................................................312
34.3.1 System Information ...............................................................................312
34.3.2 Console Port Speed ..............................................................................313
34.4 Log and Trace ................................................................................................314
34.4.1 Viewing Error Log .................................................................................314
34.4.2 Syslog and Accounting .........................................................................315
34.5 Diagnostic ......................................................................................................317
Chapter 35
Firmware and Configuration File Maintenance ................................................. 320
35.1 Filename Conventions ...................................................................................320
35.2 Backup Configuration .....................................................................................321
35.2.1 Backup Configuration ...........................................................................321
35.2.2 Using the FTP Command from the Command Line ..............................322
35.2.3 Example of FTP Commands from the Command Line .........................322
35.2.4 GUI-based FTP Clients .........................................................................323
35.2.5 TFTP and FTP over WAN Management Limitations .............................323
17
Prestige 660H/HW Series User’s Guide
35.2.6 Backup Configuration Using TFTP .......................................................324
35.2.7 TFTP Command Example ....................................................................324
35.2.8 GUI-based TFTP Clients ......................................................................324
35.3 Restore Configuration ....................................................................................325
35.3.1 Restore Using FTP ...............................................................................325
35.3.2 Restore Using FTP Session Example ..................................................326
35.4 Uploading Firmware and Configuration Files .................................................327
35.4.1 Firmware File Upload ............................................................................327
35.4.2 Configuration File Upload .....................................................................327
35.4.3 FTP File Upload Command from the DOS Prompt Example ................328
35.4.4 FTP Session Example of Firmware File Upload ...................................329
35.4.5 TFTP File Upload ..................................................................................329
35.4.6 TFTP Upload Command Example ........................................................330
Chapter 36
System Maintenance............................................................................................ 332
36.1 Command Interpreter Mode ...........................................................................332
36.2 Call Control Support .......................................................................................333
36.2.1 Budget Management ............................................................................333
36.3 Time and Date Setting ....................................................................................334
36.3.1 Resetting the Time ................................................................................335
Chapter 37
Remote Management ........................................................................................... 338
37.1 Remote Management Overview .....................................................................338
37.2 Remote Management .....................................................................................338
37.2.1 Remote Management Setup .................................................................338
37.2.2 Remote Management Limitations .........................................................339
37.3 Remote Management and NAT ......................................................................340
37.4 System Timeout .............................................................................................340
Chapter 38
IP Policy Routing.................................................................................................. 342
38.1 IP Policy Routing Overview ............................................................................342
38.2 Benefits of IP Policy Routing ..........................................................................342
38.3 Routing Policy ................................................................................................342
38.4 IP Routing Policy Setup .................................................................................343
38.5 Applying an IP Policy .....................................................................................346
38.5.1 Ethernet IP Policies ..............................................................................346
38.6 IP Policy Routing Example .............................................................................347
18
Prestige 660H/HW Series User’s Guide
Chapter 39
Call Scheduling ....................................................................................................352
39.1 Introduction ....................................................................................................352
Chapter 40
Internal SPTGEN .................................................................................................. 356
40.1 Internal SPTGEN Overview ...........................................................................356
40.2 The Configuration Text File Format ................................................................356
40.2.1 Internal SPTGEN File Modification - Important Points to Remember ...357
40.3 Internal SPTGEN FTP Download Example ....................................................357
40.4 Internal SPTGEN FTP Upload Example ........................................................358
Chapter 41
Troubleshooting ...................................................................................................360
41.1 Problems Starting Up the Prestige .................................................................360
41.2 Problems with the LAN LED ...........................................................................360
41.3 Problems with the DSL LED ...........................................................................361
41.4 Problems with the LAN Interface ....................................................................361
41.5 Problems with the WAN Interface ..................................................................361
41.6 Problems with Internet Access .......................................................................362
41.7 Problems with the Password ..........................................................................362
41.8 Problems with the Web Configurator .............................................................363
41.9 Problems with Remote Management .............................................................363
Appendix A
Splitters and Microfilters ..................................................................................... 364
Connecting a POTS Splitter ................................................................................... 364
Telephone Microfilters ............................................................................................ 365
Prestige With ISDN ................................................................................................ 365
Appendix B
Setting up Your Computer’s IP Address............................................................ 368
Windows 95/98/Me................................................................................................. 368
Installing Components ..................................................................................... 369
Configuring ...................................................................................................... 370
Verifying Settings............................................................................................. 371
Windows 2000/NT/XP ............................................................................................ 371
Verifying Settings............................................................................................. 375
Macintosh OS 8/9................................................................................................... 375
Verifying Settings............................................................................................. 377
Macintosh OS X ..................................................................................................... 377
Verifying Settings............................................................................................. 378
19
Prestige 660H/HW Series User’s Guide
Appendix C
IP Subnetting ........................................................................................................ 380
IP Addressing......................................................................................................... 380
IP Classes .............................................................................................................. 380
Subnet Masks ........................................................................................................ 381
Subnetting .............................................................................................................. 381
Example: Two Subnets .......................................................................................... 382
Example: Four Subnets.......................................................................................... 384
Example Eight Subnets.......................................................................................... 385
Subnetting With Class A and Class B Networks. ................................................... 386
Appendix D
PPPoE ................................................................................................................... 388
PPPoE in Action..................................................................................................... 388
Benefits of PPPoE.................................................................................................. 388
Traditional Dial-up Scenario................................................................................... 388
How PPPoE Works ................................................................................................ 389
Prestige as a PPPoE Client ................................................................................... 389
Appendix E
Virtual Circuit Topology ......................................................................................390
Appendix F
Wireless LANs ...................................................................................................... 392
Wireless LAN Topologies ....................................................................................... 392
Ad-hoc Wireless LAN Configuration ................................................................ 392
BSS.................................................................................................................. 392
ESS.................................................................................................................. 393
Channel.................................................................................................................. 394
RTS/CTS................................................................................................................ 394
Fragmentation Threshold ....................................................................................... 395
Preamble Type....................................................................................................... 396
IEEE 802.1x ........................................................................................................... 397
RADIUS.................................................................................................................. 397
Types of RADIUS Messages ........................................................................... 397
EAP Authentication ................................................................................................ 398
Types of Authentication......................................................................................... 399
EAP-MD5 (Message-Digest Algorithm 5) ........................................................ 399
EAP-TLS (Transport Layer Security) ............................................................... 399
EAP-TTLS (Tunneled Transport Layer Service) .............................................. 399
PEAP (Protected EAP) .................................................................................... 400
LEAP................................................................................................................ 400
20
Prestige 660H/HW Series User’s Guide
WEP Authentication Steps ..................................................................................... 400
Dynamic WEP Key Exchange ......................................................................... 401
WPA ....................................................................................................................... 402
User Authentication ........................................................................................ 402
Encryption ....................................................................................................... 402
Security Parameters Summary .............................................................................. 403
Roaming................................................................................................................. 403
Requirements for Roaming.............................................................................. 404
Appendix G
Antenna Selection and Positioning Recommendation..................................... 406
Antenna Characteristics ......................................................................................... 406
Frequency........................................................................................................ 406
Radiation Pattern ............................................................................................. 406
Antenna Gain................................................................................................... 406
Types of Antennas For WLAN................................................................................ 407
Positioning Antennas ....................................................................................... 407
Connector Type...................................................................................................... 407
Appendix H
Example Internal SPTGEN Screens.................................................................... 408
Command Examples.............................................................................................. 428
Appendix I
Command Interpreter........................................................................................... 430
Command Syntax................................................................................................... 430
Command Usage ................................................................................................... 430
Appendix J
Firewall Commands ............................................................................................. 432
Sys Firewall Commands ........................................................................................ 432
Appendix K
Brute-Force Password Guessing Protection..................................................... 434
Example ................................................................................................................. 434
Appendix L
Boot Commands ..................................................................................................436
Appendix M
Log Descriptions.................................................................................................. 438
Log Commands...................................................................................................... 447
21
Prestige 660H/HW Series User’s Guide
Configuring What You Want the Prestige to Log ............................................. 447
Displaying Logs ............................................................................................... 447
Log Command Example......................................................................................... 448
Index...................................................................................................................... 450
22
Prestige 660H/HW Series User’s Guide
23
Prestige 660H/HW Series User’s Guide

List of Figures

Figure 1 Prestige Internet Access Application .................................................................... 48
Figure 2 Firewall Application ............................................................................................... 49
Figure 3 Prestige LAN-to-LAN Application .......................................................................... 49
Figure 4 P-660H Front Panel .............................................................................................. 49
Figure 5 P-660HW Front Panel ........................................................................................... 50
Figure 6 Password Screen .................................................................................................. 53
Figure 7 Change Password at Login ................................................................................... 53
Figure 8 Web Configurator: Site Map Screen ................................................................... 54
Figure 9 Internet Access Wizard Setup: First Screen ......................................................... 59
Figure 10 Internet Connection with PPPoE ......................................................................... 60
Figure 11 Internet Connection with RFC 1483 ................................................................... 61
Figure 12 Internet Connection with ENET ENCAP ............................................................. 61
Figure 13 Internet Connection with PPPoA ......................................................................... 62
Figure 14 Internet Access Wizard Setup: Third Screen ...................................................... 64
Figure 15 Internet Access Wizard Setup: LAN Configuration ............................................. 64
Figure 16 Internet Access Wizard Setup: Connection Tests ............................................... 65
Figure 17 Media Bandwidth Mgnt. Wizard Setup: First Screen .......................................... 67
Figure 18 Media Bandwidth Mgnt. Wizard Setup: Second Screen .................................... 68
Figure 19 Media Bandwidth Mgnt. Wizard Setup: Finish ................................................... 69
Figure 20 Password ............................................................................................................ 70
Figure 21 LAN and WAN IP Addresses .............................................................................. 72
Figure 22 Any IP Example .................................................................................................. 76
Figure 23 LAN Setup ........................................................................................................... 78
Figure 24 LAN: Static DHCP ............................................................................................... 80
Figure 25 Wireless Security Methods ................................................................................. 84
Figure 26 Wireless Screen .................................................................................................. 85
Figure 27 MAC Address Filter ............................................................................................. 88
Figure 28 WPA - PSK Authentication .................................................................................. 90
Figure 29 WPA with RADIUS Application Example2 .......................................................... 91
Figure 30 Wireless LAN: 802.1x/WPA: No Authentication .................................................. 92
Figure 31 Wireless LAN: 802.1x/WPA: 802.1xl ................................................................... 93
Figure 32 Wireless LAN: 802.1x/WPA: WPAl ...................................................................... 95
Figure 33 Wireless LAN: 802.1x/WPA:WPA-PSKl .............................................................. 96
Figure 34 Local User Database .......................................................................................... 97
Figure 35 RADIUS .............................................................................................................. 98
Figure 36 OTIST ................................................................................................................. 100
24
Prestige 660H/HW Series User’s Guide
Figure 37 Example Wireless Client OTIST Screen ............................................................. 101
Figure 38 Security Key ........................................................................................................ 101
Figure 39 OTIST in Progress (Prestige) .............................................................................. 101
Figure 40 OTIST in Progress (Client) .................................................................................. 101
Figure 41 No AP with OTIST Found ................................................................................... 102
Figure 42 Start OTIST? ....................................................................................................... 102
Figure 43 Example of Traffic Shaping ................................................................................. 106
Figure 44 WAN Setup (PPPoE) .......................................................................................... 107
Figure 45 Traffic Redirect Example ..................................................................................... 110
Figure 46 Traffic Redirect LAN Setup ................................................................................. 110
Figure 47 WAN Backup ....................................................................................................... 111
Figure 48 How NAT Works .................................................................................................. 116
Figure 49 NAT Application With IP Alias ............................................................................. 116
Figure 50 Multiple Servers Behind NAT Example ............................................................... 119
Figure 51 NAT Mode ........................................................................................................... 120
Figure 52 Edit SUA/NAT Server Set ................................................................................... 121
Figure 53 Address Mapping Rules ...................................................................................... 122
Figure 54 Address Mapping Rule Edit ................................................................................ 123
Figure 55 Dynamic DNS ..................................................................................................... 127
Figure 56 Time and Date ..................................................................................................... 128
Figure 57 Prestige Firewall Application ............................................................................... 132
Figure 58 Three-Way Handshake ....................................................................................... 133
Figure 59 SYN Flood ........................................................................................................... 134
Figure 60 Smurf Attack ....................................................................................................... 135
Figure 61 Stateful Inspection ............................................................................................... 137
Figure 62 LAN to WAN Traffic ............................................................................................. 147
Figure 63 WAN to LAN Traffic ............................................................................................. 147
Figure 64 Firewall: Default Policy ........................................................................................ 148
Figure 65 Firewall: Rule Summary ..................................................................................... 149
Figure 66 Firewall: Edit Rule ............................................................................................... 152
Figure 67 Firewall: Customized Services ............................................................................ 154
Figure 68 Firewall: Configure Customized Services ........................................................... 155
Figure 69 Firewall Example: Rule Summary ....................................................................... 156
Figure 70 Firewall Example: Edit Rule: Destination Address ............................................. 157
Figure 71 Edit Custom Port Example .................................................................................. 157
Figure 72 Firewall Example: Edit Rule: Select Customized Services ................................. 158
Figure 73 Firewall Example: Rule Summary: My Service .................................................. 159
Figure 74 Firewall: Anti Probing .......................................................................................... 162
Figure 75 Firewall: Threshold .............................................................................................. 164
Figure 76 Content Filter: Keyword ...................................................................................... 166
Figure 77 Content Filter: Schedule ..................................................................................... 167
Figure 78 Content Filter: Trusted ........................................................................................ 168
Figure 79 Telnet Configuration on a TCP/IP Network ......................................................... 171
25
Prestige 660H/HW Series User’s Guide
Figure 80 Remote Management ......................................................................................... 172
Figure 81 Configuring UPnP ............................................................................................... 175
Figure 82 Add/Remove Programs: Windows Setup: Communication ................................. 177
Figure 83 Add/Remove Programs: Windows Setup: Communication: Components .......... 177
Figure 84 Network Connections .......................................................................................... 178
Figure 85 Windows Optional Networking Components Wizard .......................................... 179
Figure 86 Networking Services ........................................................................................... 180
Figure 87 Network Connections .......................................................................................... 181
Figure 88 Internet Connection Properties .......................................................................... 182
Figure 89 Internet Connection Properties: Advanced Settings ........................................... 183
Figure 90 Internet Connection Properties: Advanced Settings: Add ................................... 183
Figure 91 System Tray Icon ................................................................................................ 184
Figure 92 Internet Connection Status .................................................................................. 184
Figure 93 Network Connections .......................................................................................... 185
Figure 94 Network Connections: My Network Places ......................................................... 186
Figure 95 Network Connections: My Network Places: Properties: Example ....................... 186
Figure 96 Log Settings ........................................................................................................ 189
Figure 97 View Logs ........................................................................................................... 191
Figure 98 E-mail Log Example ............................................................................................ 192
Figure 99 Application-based Bandwidth Management Example ......................................... 195
Figure 100 Subnet-based Bandwidth Management Example ............................................. 196
Figure 101 Application and Subnet-based Bandwidth Management Example ................... 196
Figure 102 Bandwidth Allotment Example .......................................................................... 198
Figure 103 Maximize Bandwidth Usage Example ............................................................... 199
Figure 104 Bandwidth Borrowing Example ......................................................................... 200
Figure 105 Media Bandwidth Management: Summary ....................................................... 201
Figure 106 Media Bandwidth Management: Class Setup ................................................... 202
Figure 107 DiffServ: Differentiated Service Field ................................................................ 203
Figure 108 Media Bandwidth Management: Class Configuration ....................................... 204
Figure 109 Media Bandwidth Management Statistics ........................................................ 207
Figure 110 Media Bandwidth Management: Monitor .......................................................... 208
Figure 111 System Status .................................................................................................... 211
Figure 112 System Status: Show Statistics ......................................................................... 213
Figure 113 DHCP Table ...................................................................................................... 214
Figure 114 Any IP Table ...................................................................................................... 215
Figure 115 Association List ................................................................................................. 216
Figure 116 Diagnostic: General ........................................................................................... 217
Figure 117 Diagnostic: DSL Line ......................................................................................... 218
Figure 118 Firmware Upgrade ............................................................................................ 219
Figure 119 Network Temporarily Disconnected ................................................................... 220
Figure 120 Error Message .................................................................................................. 220
Figure 121 Login Screen ..................................................................................................... 223
Figure 122 Prestige SMT Menu Overview .......................................................................... 223
26
Prestige 660H/HW Series User’s Guide
Figure 123 Menu 23.1 Change Password ........................................................................... 226
Figure 124 Menu 1 General Setup ...................................................................................... 229
Figure 125 Menu 1.1 Configure Dynamic DNS .................................................................. 230
Figure 126 Menu 2 WAN Backup Setup ............................................................................. 232
Figure 127 Menu 2.1Traffic Redirect Setup ......................................................................... 233
Figure 128 Menu 3 LAN Setup ............................................................................................ 236
Figure 129 Menu 3.1 LAN Port Filter Setup ........................................................................ 236
Figure 130 Menu 3.2 TCP/IP and DHCP Ethernet Setup ................................................... 237
Figure 131 Menu 3.5 - Wireless LAN Setup ....................................................................... 240
Figure 132 Menu 3.5.1 WLAN MAC Address Filtering ........................................................ 242
Figure 133 IP Alias Network Example ................................................................................. 245
Figure 134 Menu 3.2 TCP/IP and DHCP Setup ................................................................. 245
Figure 135 Menu 3.2.1 IP Alias Setup ................................................................................ 246
Figure 136 Menu 1 General Setup ...................................................................................... 247
Figure 137 Menu 4 Internet Access Setup .......................................................................... 247
Figure 138 Menu 11 Remote Node Setup ........................................................................... 251
Figure 139 Menu 11.1 Remote Node Profile ...................................................................... 252
Figure 140 Menu 11.3 Remote Node Network Layer Options ............................................ 254
Figure 141 Sample IP Addresses for a TCP/IP LAN-to-LAN Connection ........................... 256
Figure 142 Menu 11.5 Remote Node Filter (RFC 1483 or ENET Encapsulation) ............... 256
Figure 143 Menu 11.5 Remote Node Filter (PPPoA or PPPoE Encapsulation) ................. 257
Figure 144 Menu 11.6 for VC-based Multiplexing ............................................................... 257
Figure 145 Menu 11.6 for LLC-based Multiplexing or PPP Encapsulation .......................... 258
Figure 146 Menu 11.1 Remote Node Profile ....................................................................... 258
Figure 147 Menu 11.8 Advance Setup Options .................................................................. 259
Figure 148 Sample Static Routing Topology ....................................................................... 260
Figure 149 Menu 12 Static Route Setup ............................................................................. 261
Figure 150 Menu 12.1 IP Static Route Setup ...................................................................... 261
Figure 151 Menu12.1.1 Edit IP Static Route ....................................................................... 261
Figure 152 Menu 11.1 Remote Node Profile ....................................................................... 265
Figure 153 Menu 11.3 Remote Node Network Layer Options ............................................ 265
Figure 154 Menu 12.3.1 Edit Bridge Static Route ............................................................... 266
Figure 155 Menu 4 Applying NAT for Internet Access ........................................................ 269
Figure 156 Applying NAT in Menus 4 & 11.3 ....................................................................... 269
Figure 157 Menu 15 NAT Setup ........................................................................................ 270
Figure 158 Menu 15.1 Address Mapping Sets .................................................................... 271
Figure 159 Menu 15.1.255 SUA Address Mapping Rules .................................................. 271
Figure 160 Menu 15.1.1 First Set ........................................................................................ 272
Figure 161 Menu 15.1.1.1 Editing/Configuring an Individual Rule in a Set ........................ 273
Figure 162 Menu 15.2 NAT Server Setup ........................................................................... 274
Figure 163 Menu 15.2.1 NAT Server Setup ........................................................................ 275
Figure 164 Multiple Servers Behind NAT Example ............................................................. 275
Figure 165 NAT Example 1 ................................................................................................. 276
27
Prestige 660H/HW Series User’s Guide
Figure 166 Menu 4 Internet Access & NAT Example .......................................................... 276
Figure 167 NAT Example 2 ................................................................................................. 277
Figure 168 Menu 15.2.1 Specifying an Inside Server ......................................................... 277
Figure 169 NAT Example 3 ................................................................................................. 278
Figure 170 Example 3: Menu 11.3 ...................................................................................... 279
Figure 171 Example 3: Menu 15.1.1.1 ................................................................................ 279
Figure 172 Example 3: Final Menu 15.1.1 .......................................................................... 280
Figure 173 Example 3: Menu 15.2.1 ................................................................................... 280
Figure 174 NAT Example 4 ................................................................................................. 281
Figure 175 Example 4: Menu 15.1.1.1 Address Mapping Rule ........................................... 281
Figure 176 Example 4: Menu 15.1.1 Address Mapping Rules ............................................ 282
Figure 177 Menu 21.2 Firewall Setup ................................................................................. 285
Figure 178 Outgoing Packet Filtering Process .................................................................... 286
Figure 179 Filter Rule Process ............................................................................................ 287
Figure 180 Menu 21 Filter Set Configuration ...................................................................... 288
Figure 181 NetBIOS_WAN Filter Rules Summary ............................................................. 288
Figure 182 NetBIOS_LAN Filter Rules Summary .............................................................. 289
Figure 183 IGMP Filter Rules Summary ............................................................................ 289
Figure 184 Menu 21.1.x.1 TCP/IP Filter Rule ..................................................................... 291
Figure 185 Executing an IP Filter ........................................................................................ 293
Figure 186 Menu 21.1.5.1 Generic Filter Rule ................................................................... 294
Figure 187 Protocol and Device Filter Sets ......................................................................... 295
Figure 188 Sample Telnet Filter .......................................................................................... 296
Figure 189 Menu 21.1.6.1 Sample Filter ............................................................................ 296
Figure 190 Menu 21.1.6.1 Sample Filter Rules Summary .................................................. 297
Figure 191 Filtering Ethernet Traffic .................................................................................... 298
Figure 192 Filtering Remote Node Traffic ........................................................................... 298
Figure 193 SNMP Management Model ............................................................................... 300
Figure 194 Menu 22 SNMP Configuration .......................................................................... 302
Figure 195 Menu 23 – System Security .............................................................................. 304
Figure 196 Menu 23.2 System Security: RADIUS Server ................................................... 305
Figure 197 Menu 23 System Security ................................................................................. 306
Figure 198 Menu 23.4 System Security: IEEE802.1x ......................................................... 306
Figure 199 Menu 14 Dial-in User Setup .............................................................................. 309
Figure 200 Menu 14.1 Edit Dial-in User .............................................................................. 309
Figure 201 Menu 24 System Maintenance ......................................................................... 310
Figure 202 Menu 24.1 System Maintenance : Status ......................................................... 311
Figure 203 Menu 24.2 System Information and Console Port Speed ................................. 312
Figure 204 Menu 24.2.1 System Maintenance: Information ............................................... 313
Figure 205 Menu 24.2.2 System Maintenance : Change Console Port Speed ................... 314
Figure 206 Menu 24.3 System Maintenance: Log and Trace ............................................. 314
Figure 207 Sample Error and Information Messages ......................................................... 315
Figure 208 Menu 24.3.2 System Maintenance: Syslog and Accounting ............................. 315
28
Prestige 660H/HW Series User’s Guide
Figure 209 Syslog Example ................................................................................................ 316
Figure 210 Menu 24.4 System Maintenance : Diagnostic ................................................... 317
Figure 211 Telnet in Menu 24.5 ........................................................................................... 322
Figure 212 FTP Session Example ...................................................................................... 323
Figure 213 Telnet into Menu 24.6 ........................................................................................ 326
Figure 214 Restore Using FTP Session Example ............................................................... 326
Figure 215 Telnet Into Menu 24.7.1 Upload System Firmware .......................................... 327
Figure 216 Telnet Into Menu 24.7.2 System Maintenance ................................................. 328
Figure 217 FTP Session Example of Firmware File Upload ............................................... 329
Figure 218 Command Mode in Menu 24 ............................................................................. 332
Figure 219 Valid Commands ............................................................................................... 332
Figure 220 Menu 24.9 System Maintenance: Call Control .................................................. 333
Figure 221 Menu 24.9.1 System Maintenance: Budget Management ................................ 333
Figure 222 Menu 24 System Maintenance ......................................................................... 334
Figure 223 Menu 24.10 System Maintenance: Time and Date Setting ............................... 335
Figure 224 Menu 24.11 Remote Management Control ....................................................... 339
Figure 225 Menu 25 IP Routing Policy Setup ..................................................................... 343
Figure 226 Menu 25.1 IP Routing Policy Setup .................................................................. 344
Figure 227 Menu 25.1.1 IP Routing Policy .......................................................................... 345
Figure 228 Menu 3.2 TCP/IP and DHCP Ethernet Setup ................................................... 347
Figure 229 Menu 11.3 Remote Node Network Layer Options ............................................ 347
Figure 230 Example of IP Policy Routing ........................................................................... 348
Figure 231 IP Routing Policy Example ................................................................................ 349
Figure 232 IP Routing Policy Example ................................................................................ 350
Figure 233 Applying IP Policies Example ........................................................................... 350
Figure 234 Menu 26 Schedule Setup .................................................................................. 352
Figure 235 Menu 26.1 Schedule Set Setup ....................................................................... 353
Figure 236 Applying Schedule Set(s) to a Remote Node (PPPoE) .................................... 354
Figure 237 Configuration Text File Format: Column Descriptions ....................................... 356
Figure 238 Invalid Parameter Entered: Command Line Example ....................................... 357
Figure 239 Valid Parameter Entered: Command Line Example ......................................... 357
Figure 240 Internal SPTGEN FTP Download Example ..................................................... 358
Figure 241 Internal SPTGEN FTP Upload Example ........................................................... 358
Figure 242 Connecting a POTS Splitter .............................................................................. 364
Figure 243 Connecting a Microfilter .................................................................................... 365
Figure 244 Prestige with ISDN ............................................................................................ 366
Figure 245 WIndows 95/98/Me: Network: Configuration ..................................................... 369
Figure 246 Windows 95/98/Me: TCP/IP Properties: IP Address ......................................... 370
Figure 247 Windows 95/98/Me: TCP/IP Properties: DNS Configuration ............................ 371
Figure 248 Windows XP: Start Menu .................................................................................. 372
Figure 249 Windows XP: Control Panel .............................................................................. 372
Figure 250 Windows XP: Control Panel: Network Connections: Properties ....................... 373
Figure 251 Windows XP: Local Area Connection Properties .............................................. 373
29
Prestige 660H/HW Series User’s Guide
Figure 252 Windows XP: Advanced TCP/IP Settings ......................................................... 374
Figure 253 Windows XP: Internet Protocol (TCP/IP) Properties ......................................... 375
Figure 254 Macintosh OS 8/9: Apple Menu ........................................................................ 376
Figure 255 Macintosh OS 8/9: TCP/IP ................................................................................ 376
Figure 256 Macintosh OS X: Apple Menu ........................................................................... 377
Figure 257 Macintosh OS X: Network ................................................................................. 378
Figure 258 Single-Computer per Router Hardware Configuration ...................................... 389
Figure 259 Prestige as a PPPoE Client .............................................................................. 389
Figure 260 Virtual Circuit Topology ..................................................................................... 390
Figure 261 Peer-to-Peer Communication in an Ad-hoc Network ........................................ 392
Figure 262 Basic Service Set .............................................................................................. 393
Figure 263 Infrastructure WLAN ......................................................................................... 394
Figure 264 RTS/CTS ......................................................................................................... 395
Figure 265 EAP Authentication ........................................................................................... 398
Figure 266 WEP Authentication Steps ................................................................................ 400
Figure 267 Roaming Example ............................................................................................. 404
Figure 268 Option to Enter Debug Mode ............................................................................ 436
Figure 269 Boot Module Commands .................................................................................. 437
Figure 270 Displaying Log Categories Example ................................................................. 447
Figure 271 Displaying Log Parameters Example ................................................................ 447
Figure 272 Log Command Example ................................................................................... 448
30
Prestige 660H/HW Series User’s Guide
31
Prestige 660H/HW Series User’s Guide

List of Tables

Table 1 ADSL Standards .................................................................................................... 42
Table 2 Front Panel LEDs .................................................................................................. 50
Table 3 Web Configurator Screens Summary .................................................................... 55
Table 4 Internet Access Wizard Setup: First Screen .......................................................... 59
Table 5 Internet Connection with PPPoE .......................................................................... 60
Table 6 Internet Connection with RFC 1483 ...................................................................... 61
Table 7 Internet Connection with ENET ENCAP ................................................................ 62
Table 8 Internet Connection with PPPoA ........................................................................... 63
Table 9 Internet Access Wizard Setup: LAN Configuration ................................................ 65
Table 10 Media Bandwidth Mgnt. Wizard Setup: Services ................................................. 66
Table 11 Media Bandwidth Mgnt. Wizard Setup: First Screen ........................................... 68
Table 12 Media Bandwidth Mgnt. Wizard Setup: Second Screen ...................................... 68
Table 13 Password .............................................................................................................70
Table 14 LAN Setup ........................................................................................................... 78
Table 15 LAN: Static DHCP ................................................................................................ 80
Table 16 Wireless LAN ....................................................................................................... 85
Table 17 MAC Address Filter ............................................................................................. 88
Table 18 Wireless LAN: 802.1x/WPA: No Access/Authentication ...................................... 92
Table 19 Wireless LAN: 802.1x/WPA: 802.1x .................................................................... 93
Table 20 Wireless LAN: 802.1x/WPA: WPAl ...................................................................... 95
Table 21 Wireless LAN: 802.1x/WPA: WPAl-PSK .............................................................. 96
Table 22 Local User Database ........................................................................................... 97
Table 23 RADIUS ...............................................................................................................98
Table 24 OTIST .................................................................................................................. 100
Table 25 WAN Setup .......................................................................................................... 107
Table 26 WAN Backup ....................................................................................................... 111
Table 27 NAT Definitions .................................................................................................... 114
Table 28 NAT Mapping Types ............................................................................................ 117
Table 29 Services and Port Numbers ................................................................................. 118
Table 30 NAT Mode ............................................................................................................ 120
Table 31 Edit SUA/NAT Server Set .................................................................................... 121
Table 32 Address Mapping Rules ...................................................................................... 122
Table 33 Address Mapping Rule Edit ................................................................................. 124
Table 34 Dynamic DNS ...................................................................................................... 127
Table 35 Time and Date ..................................................................................................... 129
Table 36 Common IP Ports ................................................................................................ 133
32
Prestige 660H/HW Series User’s Guide
Table 37 ICMP Commands That Trigger Alerts .................................................................. 135
Table 38 Legal NetBIOS Commands ................................................................................. 135
Table 39 Legal SMTP Commands .................................................................................... 136
Table 40 Firewall: Default Policy ........................................................................................ 148
Table 41 Rule Summary ..................................................................................................... 150
Table 42 Firewall: Edit Rule ................................................................................................ 153
Table 43 Customized Services ........................................................................................... 154
Table 44 Firewall: Configure Customized Services ............................................................ 155
Table 45 Predefined Services ........................................................................................... 159
Table 46 Firewall: Anti Probing ........................................................................................... 162
Table 47 Firewall: Threshold .............................................................................................. 164
Table 48 Content Filter: Keyword ....................................................................................... 167
Table 49 Content Filter: Schedule ...................................................................................... 168
Table 50 Content Filter: Trusted ......................................................................................... 168
Table 51 Remote Management .......................................................................................... 172
Table 52 Configuring UPnP ................................................................................................ 176
Table 53 Log Settings .........................................................................................................189
Table 54 View Logs ............................................................................................................191
Table 55 SMTP Error Messages ........................................................................................ 191
Table 56 Application and Subnet-based Bandwidth Management Example ...................... 196
Table 57 Media Bandwidth Management: Summary .......................................................... 201
Table 58 Media Bandwidth Management: Class Setup ...................................................... 202
Table 59 Media Bandwidth Management: Class Configuration .......................................... 204
Table 60 Services and Port Numbers ................................................................................. 206
Table 61 Media Bandwidth Management Statistics ............................................................ 207
Table 62 Media Bandwidth Management: Monitor ............................................................. 208
Table 63 System Status ...................................................................................................... 211
Table 64 System Status: Show Statistics ........................................................................... 213
Table 65 DHCP Table ......................................................................................................... 214
Table 66 Any IP Table ........................................................................................................ 215
Table 67 Association List .................................................................................................... 216
Table 68 Diagnostic: General ............................................................................................. 217
Table 69 Diagnostic: DSL Line ........................................................................................... 218
Table 70 Firmware Upgrade ............................................................................................... 219
Table 71 Navigating the SMT Interface .............................................................................. 224
Table 72 SMT Main Menu .................................................................................................. 224
Table 73 Main Menu Summary .......................................................................................... 225
Table 74 Menu 1 General Setup ........................................................................................ 229
Table 75 Menu 1.1 Configure Dynamic DNS ..................................................................... 230
Table 76 Menu 2 WAN Backup Setup ................................................................................ 232
Table 77 Menu 2.1Traffic Redirect Setup ........................................................................... 233
Table 78 DHCP Ethernet Setup ......................................................................................... 238
Table 79 TCP/IP Ethernet Setup ........................................................................................ 238
33
Prestige 660H/HW Series User’s Guide
Table 80 Menu 3.5 - Wireless LAN Setup .......................................................................... 240
Table 81 Menu 3.5.1 WLAN MAC Address Filtering .......................................................... 242
Table 82 Menu 3.2.1 IP Alias Setup ................................................................................... 246
Table 83 Menu 4 Internet Access Setup ............................................................................ 248
Table 84 Menu 11.1 Remote Node Profile ......................................................................... 252
Table 85 Menu 11.3 Remote Node Network Layer Options ............................................... 254
Table 86 Menu 11.8 Advance Setup Options ..................................................................... 259
Table 87 Menu12.1.1 Edit IP Static Route .......................................................................... 262
Table 88 Remote Node Network Layer Options: Bridge Fields .......................................... 265
Table 89 Menu 12.3.1 Edit Bridge Static Route .................................................................. 266
Table 90 Applying NAT in Menus 4 & 11.3 ......................................................................... 270
Table 91 SUA Address Mapping Rules .............................................................................. 271
Table 92 Menu 15.1.1 First Set .......................................................................................... 273
Table 93 Menu 15.1.1.1 Editing/Configuring an Individual Rule in a Set ........................... 274
Table 94 Abbreviations Used in the Filter Rules Summary Menu ...................................... 289
Table 95 Rule Abbreviations Used ..................................................................................... 290
Table 96 Menu 21.1.x.1 TCP/IP Filter Rule ........................................................................ 291
Table 97 Menu 21.1.5.1 Generic Filter Rule ....................................................................... 294
Table 98 Filter Sets Table ................................................................................................... 297
Table 99 Menu 22 SNMP Configuration ............................................................................. 302
Table 100 SNMP Traps ...................................................................................................... 302
Table 101 Ports and Permanent Virtual Circuits ................................................................. 303
Table 102 Menu 23.2 System Security: RADIUS Server ................................................... 305
Table 103 Menu 23.4 System Security : IEEE802.1x ......................................................... 307
Table 104 Menu 14.1 Edit Dial-in User ............................................................................... 309
Table 105 Menu 24.1 System Maintenance : Status .......................................................... 311
Table 106 Menu 24.2.1 System Maintenance: Information ................................................ 313
Table 107 Menu 24.3.2 System Maintenance : Syslog and Accounting ............................ 315
Table 108 Menu 24.4 System Maintenance Menu: Diagnostic .......................................... 318
Table 109 Filename Conventions ....................................................................................... 321
Table 110 General Commands for GUI-based FTP Clients ............................................... 323
Table 111 General Commands for GUI-based TFTP Clients ............................................. 325
Table 112 Menu 24.9.1 System Maintenance : Budget Management ................................ 334
Table 113 Menu 24.10 System Maintenance: Time and Date Setting ............................... 335
Table 114 Menu 24.11 Remote Management Control ........................................................ 339
Table 115 Menu 25.1 IP Routing Policy Setup ................................................................... 344
Table 116 Menu 25.1.1 IP Routing Policy .......................................................................... 345
Table 117 Menu 26.1 Schedule Set Setup ......................................................................... 353
Table 118 Troubleshooting the Start-Up of Your Prestige ................................................... 360
Table 119 Troubleshooting the LAN LED ........................................................................... 360
Table 120 Troubleshooting the DSL LED ........................................................................... 361
Table 121 Troubleshooting the LAN Interface .................................................................... 361
Table 122 Troubleshooting the WAN Interface ................................................................... 361
34
Prestige 660H/HW Series User’s Guide
Table 123 Troubleshooting Internet Access ....................................................................... 362
Table 124 Troubleshooting the Password .......................................................................... 362
Table 125 Troubleshooting the Web Configurator .............................................................. 363
Table 126 Troubleshooting Remote Management ............................................................. 363
Table 127 Classes of IP Addresses ................................................................................... 380
Table 128 Allowed IP Address Range By Class ................................................................. 381
Table 129 “Natural” Masks ................................................................................................ 381
Table 130 Alternative Subnet Mask Notation ..................................................................... 382
Table 131 Two Subnets Example ....................................................................................... 382
Table 132 Subnet 1 ............................................................................................................383
Table 133 Subnet 2 ............................................................................................................383
Table 134 Subnet 1 ............................................................................................................384
Table 135 Subnet 2 ............................................................................................................384
Table 136 Subnet 3 ............................................................................................................384
Table 137 Subnet 4 ............................................................................................................385
Table 138 Eight Subnets .................................................................................................... 385
Table 139 Class C Subnet Planning ................................................................................... 385
Table 140 Class B Subnet Planning ................................................................................... 386
Table 141 IEEE802.11g ...................................................................................................... 396
Table 142 Comparison of EAP Authentication Types ......................................................... 401
Table 143 Wireless Security Relational Matrix ................................................................... 403
Table 144 Abbreviations Used in the Example Internal SPTGEN Screens Table .............. 408
Table 145 Menu 1 General Setup (SMT Menu 1) .............................................................. 408
Table 146 Menu 3 (SMT Menu 1) ....................................................................................... 408
Table 147 Menu 4 Internet Access Setup (SMT Menu 4) .................................................. 412
Table 148 Menu 12(SMT Menu 12) .................................................................................... 413
Table 149 Menu 15 SUA Server Setup (SMT Menu 15) .................................................... 417
Table 150 Menu 21.1 Filter Set #1 (SMT Menu 21.1) ........................................................ 419
Table 151 Menu 21.1 Filer Set #2, (SMT Menu 21.1) ....................................................... 423
Table 152 ci command (for annex a): wan adsl opencmd .................................................. 428
Table 153 Sys Firewall Commands .................................................................................... 432
Table 154 Brute-Force Password Guessing Protection Commands .................................. 434
Table 155 System Maintenance Logs ................................................................................ 438
Table 156 System Error Logs ............................................................................................. 439
Table 157 Access Control Logs .......................................................................................... 439
Table 158 TCP Reset Logs ................................................................................................ 440
Table 159 Packet Filter Logs .............................................................................................. 440
Table 160 ICMP Logs ......................................................................................................... 440
Table 161 CDR Logs .......................................................................................................... 441
Table 162 PPP Logs ........................................................................................................... 441
Table 163 UPnP Logs ........................................................................................................ 442
Table 164 Content Filtering Logs ....................................................................................... 442
Table 165 Attack Logs ........................................................................................................ 443
35
Prestige 660H/HW Series User’s Guide
Table 166 802.1X Logs ...................................................................................................... 444
Table 167 ACL Setting Notes ............................................................................................. 444
Table 168 ICMP Notes ....................................................................................................... 445
Table 169 Syslog Logs ....................................................................................................... 446
Table 170 RFC-2408 ISAKMP Payload Types ................................................................... 446
36
Prestige 660H/HW Series User’s Guide
37
Prestige 660H/HW Series User’s Guide

Preface

Congratulations on your purchase of the Prestige 660HW Wireless ADSL Security Gateway or the Prestige 660H ADSL Security Gateway.
Note: Register your product online to receive e-mail notices of firmware upgrades and
information at North American products.
The Prestige 660HW has the built-in IEEE 802.11g wireless feature that provides wireless LAN connection without the expense of additional network cabling infrastructure.
Your Prestige is easy to install and configure.
About This User's Guide
This manual is designed to guide you through the configuration of your Prestige for its various applications. The web configurator parts of this guide contain background information on features configurable by web configurator. The SMT parts of this guide contain background information solely on features not configurable by web configurator.
www.zyxel.com for global products, or at www.us.zyxel.com for
Note: Use the web configurator, System Management Terminal (SMT) or command
interpreter interface to configure your Prestige. Not all features can be configured through all interfaces.
Syntax Conventions
• “Enter” means for you to type one or more characters. “Select” or “Choose” means for you to use one predefined choices.
• The SMT menu titles and labels are in Bold Times New Roman font. Predefined field choices are in Bold Arial font. Command and arrow keys are enclosed in square brackets. [ENTER] means the Enter, or carriage return key; [ESC] means the Escape key and [SPACE BAR] means the Space Bar.
• Mouse action sequences are denoted using a comma. For example, “click the Apple icon, Control Panels and then Modem” means first click the Apple icon, then point your mouse pointer to Control Panels and then click Modem.
• For brevity’s sake, we will use “e.g.,” as a shorthand for “for instance”, and “i.e.,” for “that is” or “in other words” throughout this manual.
• The Prestige 660H and Prestige 660HW series may be referred to as the Prestige in this user’s guide. This refers to both models (ADSL over POTS and ADSL over ISDN) unless specifically identified.
Related Documentation
• Supporting Disk
Refer to the included CD for support documents.
• Quick Start Guide
Preface 38
Prestige 660H/HW Series User’s Guide
The Quick Start Guide is designed to help you get up and running right away. They contain connection information and instructions on getting started.
• Web Configurator Online Help
Embedded web help for descriptions of individual screens and supplementary information.
• ZyXEL Glossary and Web Site
Please refer to www.zyxel.com for an online glossary of networking terms and additional support documentation.
User Guide Feedback
Help us help you. E-mail all User Guide-related comments, questions or suggestions for improvement to techwriters@zyxel.com.tw or send regular mail to The Technical Writing Team, ZyXEL Communications Corp., 6 Innovation Road II, Science-Based Industrial Park, Hsinchu, 300, Taiwan. Thank you.
Graphics Icons Key
Prestige Computer Notebook computer
Server DSLAM Firewall
Telephone Switch Router
Wireless Signal
39 Preface
Prestige 660H/HW Series User’s Guide

Introduction to DSL

DSL (Digital Subscriber Line) technology enhances the data capacity of the existing twisted­pair wire that runs between the local telephone company switching offices and most homes and offices. While the wire itself can handle higher frequencies, the telephone switching equipment is designed to cut off signals above 4,000 Hz to filter noise off the voice line, but now everybody is searching for ways to get more bandwidth to improve access to the Web ­hence DSL technologies.
There are actually seven types of DSL service, ranging in speeds from 16 Kbits/sec to 52 Mbits/sec. The services are either symmetrical (traffic flows at the same speed in both directions), or asymmetrical (the downstream capacity is higher than the upstream capacity). Asymmetrical services (ADSL) are suitable for Internet users because more information is usually downloaded than uploaded. For example, a simple button click in a web browser can start an extended download that includes graphics and text.
As data rates increase, the carrying distance decreases. That means that users who are beyond a certain distance from the telephone company’s central office may not be able to obtain the higher speeds.
A DSL connection is a point-to-point dedicated circuit, meaning that the link is always up and there is no dialing required.
Introduction to ADSL
It is an asymmetrical technology, meaning that the downstream data rate is much higher than the upstream data rate. As mentioned, this works well for a typical Internet session in which more information is downloaded, for example, from Web servers, than is uploaded. ADSL operates in a frequency range that is above the frequency range of voice services, so the two systems can operate over the same cable.
Introduction to DSL 40
Prestige 660H/HW Series User’s Guide
41 Introduction to DSL
Prestige 660H/HW Series User’s Guide
CHAPTER 1

Getting To Know Your Prestige

This chapter describes the key features and applications of your Prestige.

1.1 Introducing the Prestige

Your Prestige integrates high-speed 10/100Mbps auto-negotiating LAN interface(s) and a high-speed ADSL port into a single package. The Prestige is ideal for high-speed Internet browsing and making LAN-to-LAN connections to remote networks. The Prestige is an ADSL router compatible with the ADSL/ADSL2/ADSL2+ standards. Maximum data rates attainable by the Prestige for each standard are shown in the next table.
Table 1 ADSL Standards
DATA RATE STANDARD UPSTREAM DOWNSTREAM
ADSL
ADSL2
ADSL2+
Note: The standard your ISP supports determines the maximum upstream and
downstream speeds attainable. Actual speeds attained also depend on the distance from your ISP, line quality, etc.
By integrating DSL and NAT, the Prestige provides ease of installation and Internet access. The Prestige is also a complete security solution with a robust firewall, content filtering and Wi-Fi Protected Access (WPA).
Two Prestige model series are included in this user’s guide at the time of writing. In the Prestige product name, “H” denotes an integrated 4-port switch (hub) and “W” denotes an included wireless LAN card. The Prestige 660HW provides IEEE 802.11g wireless LAN connectivity allowing users to enjoy the convenience and mobility of working anywhere within the coverage area.
Models ending in “1”, for example Prestige 660HW-61, denote a device that works over the analog telephone system, POTS (Plain Old Telephone Service). Models ending in “3” denote a device that works over ISDN (Integrated Services Digital Network). Models ending in “7” denote a device that works over T-ISDN (UR-2).
832 kbps 8Mbps
3.5Mbps 12Mbps
3.5Mbps 24Mbps
Note: Only use firmware for your Prestige’s specific model. Refer to the label on the
bottom of your Prestige.
Chapter 1 Getting To Know Your Prestige 42
Prestige 660H/HW Series User’s Guide
The web browser-based Graphical User Interface (GUI) provides easy management.

1.1.1 Features of the Prestige

The following sections describe the features of the Prestige.
Note: See the product specifications in the appendix for detailed features and
standards support.
Built-in Switch
The 10/100 Mbps auto-negotiating Ethernet ports allow the Prestige to detect the speed of incoming transmissions and adjust appropriately without manual intervention. It allows data transfer of either 10 Mbps or 100 Mbps in either half-duplex or full-duplex mode depending on your Ethernet network. The ports are also auto-crossover (MDI/MDI-X) meaning they automatically adjust to either a crossover or straight-through Ethernet cable.
High Speed Internet Access
Your Prestige ADSL/ADSL2/ADSL2+ router can support downstream transmission rates of up to 24Mbps and upstream transmission rates of 3.5Mbps. Actual speeds attained depend on ISP DSLAM environment.
Zero Configuration Internet Access
Once you connect and turn on the Prestige, it automatically detects the Internet connection settings (such as the VCI/VPI numbers and the encapsulation method) from the ISP and makes the necessary configuration changes. In cases where additional account information (such as an Internet account user name and password) is required or the Prestige cannot connect to the ISP, you will be redirected to web screen(s) for information input or troubleshooting.
Any IP
The Any IP feature allows a computer to access the Internet and the Prestige without changing the network settings (such as IP address and subnet mask) of the computer, when the IP addresses of the computer and the Prestige are not in the same subnet.
Firewall
The Prestige is a stateful inspection firewall with DoS (Denial of Service) protection. By default, when the firewall is activated, all incoming traffic from the WAN to the LAN is blocked unless it is initiated from the LAN. The Prestige firewall supports TCP/UDP inspection, DoS detection and prevention, real time alerts, reports and logs.
Note: You can configure most features of the Prestige via SMT but we recommend
you configure the firewall and content filters using the web configurator.
43 Chapter 1 Getting To Know Your Prestige
Prestige 660H/HW Series User’s Guide
Content Filtering
Content filtering allows you to block access to forbidden Internet web sites, schedule when the Prestige should perform the filtering and give trusted LAN IP addresses unfiltered Internet access.
Traffic Redirect
Traffic redirect forwards WAN traffic to a backup gateway when the Prestige cannot connect to the Internet, thus acting as an auxiliary if your regular WAN connection fails.
Media Bandwidth Management
ZyXEL’s Media Bandwidth Management allows you to specify bandwidth classes based on an application and/or subnet. You can allocate specific amounts of bandwidth capacity (bandwidth budgets) to different bandwidth classes.
Universal Plug and Play (UPnP)
Using the standard TCP/IP protocol, the Prestige and other UPnP enabled devices can dynamically join a network, obtain an IP address and convey its capabilities to other devices on the network.
PPPoE Support (RFC2516)
PPPoE (Point-to-Point Protocol over Ethernet) emulates a dial-up connection. It allows your ISP to use their existing network configuration with newer broadband technologies such as ADSL. The PPPoE driver on the Prestige is transparent to the computers on the LAN, which see only Ethernet and are not aware of PPPoE thus saving you from having to manage PPPoE clients on individual computers.
Network Address Translation (NAT)
Network Address Translation (NAT) allows the translation of an Internet protocol address used within one network (for example a private IP address used in a local network) to a different IP address known within the Internet).
another network (for example a public IP address used on
10/100M Auto-negotiating Ethernet/Fast Ethernet Interface(s)
This auto-negotiation feature allows the Prestige to detect the speed of incoming transmissions and adjust appropriately without manual intervention. It allows data transfer of either 10 Mbps or 100 Mbps in either half-duplex or full-duplex mode depending on your Ethernet network.
Auto-Crossover (MDI/MDI-X) 10/100 Mbps Ethernet Interface(s)
These interfaces automatically adjust to either a crossover or straight-through Ethernet cable.
Chapter 1 Getting To Know Your Prestige 44
Prestige 660H/HW Series User’s Guide
Dynamic DNS Support
With Dynamic DNS support, you can have a static hostname alias for a dynamic IP address, allowing the host to be more easily accessible from various locations on the Internet. You must register for this service with a Dynamic DNS service provider.
Multiple PVC (Permanent Virtual Circuits) Support
Your Prestige supports up to 8 PVC’s.
ADSL Standards
• Full-Rate (ANSI T1.413, Issue 2; G.dmt (G.992.1) with line rate support of up to 8 Mbps downstream and 832 Kbps upstream.
• G.lite (G.992.2) with line rate support of up to 1.5Mbps downstream and 512Kbps upstream.
• Supports Multi-Mode standard (ANSI T1.413, Issue 2; G.dmt (G.992.1); G.lite (G992.2)).
• TCP/IP (Transmission Control Protocol/Internet Protocol) network layer protocol.
• ATM Forum UNI 3.1/4.0 PVC.
• Supports up to 8 PVCs (UBR, CBR, VBR).
• Multiple Protocol over AAL5 (RFC 1483).
• PPP over AAL5 (RFC 2364).
• PPP over Ethernet over AAL5 (RFC 2516).
• RFC 1661.
• PPP over PAP (RFC 1334).
• PPP over CHAP (RFC 1994).
Protocol Support
• DHCP Support
DHCP (Dynamic Host Configuration Protocol) allows the individual clients (computers) to obtain the TCP/IP configuration at start-up from a centralized DHCP server. The Prestige has built-in DHCP server capability enabled by default. It can assign IP addresses, an IP default gateway and DNS servers to DHCP clients. The Prestige can now also act as a surrogate DHCP server (DHCP Relay) where it relays IP address assignment from the actual real DHCP server to the clients.
•IP Alias
IP Alias allows you to partition a physical network into logical networks over the same Ethernet interface. The Prestige supports three logical LAN interfaces via its single physical Ethernet interface with the Prestige itself as the gateway for each LAN network.
• IP Policy Routing (IPPR)
45 Chapter 1 Getting To Know Your Prestige
Prestige 660H/HW Series User’s Guide
Traditionally, routing is based on the destination address only and the router takes the shortest path to forward a packet. IP Policy Routing (IPPR) provides a mechanism to override the default routing behavior and alter the packet forwarding based on the policy defined by the network administrator.
• PPP (Point-to-Point Protocol) link layer protocol.
• Transparent bridging for unsupported network layer protocols.
• RIP I/RIP II
• IGMP Proxy
• ICMP support
• ATM QoS support
• MIB II support (RFC 1213)
Networking Compatibility
Your Prestige is compatible with the major ADSL DSLAM (Digital Subscriber Line Access Multiplexer) providers, making configuration as simple as possible for you.
Multiplexing
The Prestige supports VC-based and LLC-based multiplexing.
Encapsulation
The Prestige supports PPPoA (RFC 2364 - PPP over ATM Adaptation Layer 5), RFC 1483 encapsulation over ATM, MAC encapsulated routing (ENET encapsulation) as well as PPP over Ethernet (RFC 2516).
Network Management
• Menu driven SMT (System Management Terminal) management
• Embedded web configurator
• CLI (Command Line Interpreter)
• Remote Management via Telnet or Web
•SNMP manageable
• DHCP Server/Client/Relay
• Built-in Diagnostic Tools
•Syslog
• Telnet Support (Password-protected telnet access to internal configuration manager)
• TFTP/FTP server, firmware upgrade and configuration backup/support supported
• Supports OAM F4/F5 loop-back, AIS and RDI OAM cells
Other PPPoE Features
• PPPoE idle time out
• PPPoE Dial on Demand
Chapter 1 Getting To Know Your Prestige 46
Prestige 660H/HW Series User’s Guide
Diagnostics Capabilities
The Prestige can perform self-diagnostic tests. These tests check the integrity of the following circuitry:
• FLASH memory
• ADSL circuitry
•RAM
• LAN port
Packet Filters
The Prestige's packet filtering functions allows added network security and management.
Ease of Installation
Your Prestige is designed for quick, intuitive and easy installation.
Housing
Your Prestige's compact and ventilated housing minimizes space requirements making it easy to position anywhere in your busy office.
1.1.1.1 P-660HW Wireless Features
OTIST
OTIST allows your Prestige to assign its ESSID and security settings (WEP or WPA-PSK) to the ZyXEL wireless adapters that support OTIST and are within transmission range. The ZyXEL wireless adapters must also have OTIST enabled.
IEEE 802.11g Wireless LAN
The Prestige supports the IEEE 802.11g standard, which is fully compatible with the IEEE
802.11b standard, meaning that you can have both IEEE 802.11b and IEEE 802.11g wireless clients in the same wireless network.
Note: The Prestige 660HW may be prone to RF (Radio Frequency) interference from
other 2.4 GHz devices such as microwave ovens, wireless phones, Bluetooth enabled devices, and other wireless LANs.
Antenna
The Prestige is equipped with a 2dBi fixed antenna to provide clear radio signal between the wireless stations and the access points.
47 Chapter 1 Getting To Know Your Prestige
Wireless LAN MAC Address Filtering
Your Prestige can check the MAC addresses of wireless stations against a list of allowed or denied MAC addresses.
WEP Encryption
WEP (Wired Equivalent Privacy) encrypts data frames before transmitting over the wireless network to help keep network communications private.
Wi-Fi Protected Access
Wi-Fi Protected Access (WPA) is a subset of the IEEE 802.11i security specification draft. Key differences between WPA and WEP are user authentication and improved data encryption.

1.1.2 Applications for the Prestige

Here are some example uses for which the Prestige is well suited.
Prestige 660H/HW Series User’s Guide
1.1.2.1 Internet Access
The Prestige is the ideal high-speed Internet access solution. Your Prestige supports the TCP/ IP protocol, which the Internet uses exclusively. It is compatible with all major ADSL DSLAM (Digital Subscriber Line Access Multiplexer) providers. A DSLAM is a rack of ADSL line cards with data multiplexed into a backbone network interface/connection (for example, T1, OC3, DS3, ATM or Frame Relay). Think of it as the equivalent of a modem rack for ADSL. In addition, the Prestige allows wireless clients access to your network resources. A typical Internet access application is shown below.
Figure 1 Prestige Internet Access Application
Internet Single User Account
For a SOHO (Small Office/Home Office) environment, your Prestige offers the Single User Account (SUA) feature that allows multiple users on the LAN (Local Area Network) to access the Internet concurrently for the cost of a single IP address.
Chapter 1 Getting To Know Your Prestige 48
Prestige 660H/HW Series User’s Guide

1.1.3 Firewall for Secure Broadband Internet Access

The Prestige provides protection from attacks by Internet hackers. By default, the firewall blocks all incoming traffic from the WAN. The firewall supports TCP/UDP inspection and DoS (Denial of Services) detection and prevention, as well as real time alerts, reports and logs.
Figure 2 Firewall Application
1.1.3.1 LAN to LAN Application
You can use the Prestige to connect two geographically dispersed networks over the ADSL line. A typical LAN-to-LAN application for your Prestige is shown as follows.
Figure 3 Prestige LAN-to-LAN Application

1.1.4 Front Panel LEDs

Figure 4 P-660H Front Panel
49 Chapter 1 Getting To Know Your Prestige
Prestige 660H/HW Series User’s Guide
Figure 5 P-660HW Front Panel
The following table describes the LEDs.
Table 2 Front Panel LEDs
LED COLOR STATUS DESCRIPTION
PWR/SYS Green On The Prestige is receiving power and functioning properly.
Blinking The Prestige is rebooting.
Red On Power to the Prestige is too low.
None Off The system is not ready or has malfunctioned.
LAN 1-4 Green On The Prestige has a successful 10Mb Ethernet connection.
Blinking The Prestige is sending/receiving data.
Amber On The Prestige has a successful 100Mb Ethernet connection.
Blinking The Prestige is sending/receiving data.
None Off The LAN is not connected.
WLAN (P­660HW only)
DSL/PPP Green Fast
Green On The Prestige is ready, but is not sending/receiving data
through the wireless LAN.
Blinking The Prestige is sending/receiving data through the wireless
LAN.
None Off The wireless LAN is not ready or has failed.
The Prestige is sending/receiving non-PPP data.
Blinking
Slow Blinking
On The system is ready, but is not sending/receiving non-PPP
Amber On The connection to the PPPoE server is up.
Blinking The Prestige is sending/receiving PPP data.
Off The DSL link is down.
The Prestige is initializing the DSL line.
data.
Refer to the Quick Start Guide for information on hardware connections.
Chapter 1 Getting To Know Your Prestige 50
Prestige 660H/HW Series User’s Guide
51 Chapter 1 Getting To Know Your Prestige
Introducing the Web
This chapter describes how to access and navigate the web configurator.

2.1 Web Configurator Overview

The web configurator is an HTML-based management interface that allows easy Prestige setup and management via Internet browser. Use Internet Explorer 6.0 and later or Netscape Navigator 7.0 and later versions with JavaScript enabled. Recommended screen resolution is 1024 by 768 pixels.
Prestige 660H/HW Series User’s Guide
CHAPTER 2
Configurator
In order to use the web configurator you need to allow:
• Web browser pop-up windows from your device. Web pop-up blocking is enabled by default in Windows XP SP (Service Pack) 2.
• JavaScripts (enabled by default).
• Java permissions (enabled by default).
See the Troubleshooting chapter to see how to make sure these functions are allowed in Internet Explorer.

2.1.1 Accessing the Prestige Web Configurator

Note: Even though you can connect to the Prestige wirelessly, it is recommended that
you connect your computer to a LAN port for initial configuration.
1 Make sure your Prestige hardware is properly connected (refer to the Quick Start Guide).
2 Prepare your computer/computer network to connect to the Prestige (refer to the Quick
Start Guide).
3 Launch your web browser.
4 Type "192.168.1.1" as the URL.
5 An Enter Network Password window displays.The Password field already contains the
default password “1234”. Click Login to proceed to a screen asking you to change your password or click Cancel to revert to the default password.
Chapter 2 Introducing the Web Configurator 52
Prestige 660H/HW Series User’s Guide
Figure 6 Password Screen
6 It is highly recommended you change the default password! Enter a new password, retype
it to confirm and click Apply; alternatively click Ignore to proceed to the main menu if you do not want to change the password now.
Note: If you do not change the password, the following screen appears every time
you log in.
Figure 7 Change Password at Login
7 You should now see the SITE MAP screen.
Note: The Prestige automatically times out after five minutes of inactivity. Simply log
back into the Prestige if this happens to you.

2.1.2 Resetting the Prestige

If you forget your password or cannot access the web configurator, you will need to use the RESET button at the back of the Prestige to reload the factory-default configuration file. This means that you will lose all configurations that you had previously and the password will be reset to “1234”.
2.1.2.1 Using the Reset Button
1 Make sure the PWR/SYS LED is on (not blinking).
53 Chapter 2 Introducing the Web Configurator
Prestige 660H/HW Series User’s Guide
2 Press the RESET button for ten seconds or until the PWR/SYS LED begins to blink and
then release it. When the PWR/SYS LED begins to blink, the defaults have been restored and the Prestige restarts.

2.1.3 Navigating the Prestige Web Configurator

The following summarizes how to navigate the web configurator from the SITE MAP screen. We use the Prestige 660HW-61 web screens in this guide as an example. Screens vary slightly for different Prestige models.
• Click Wizard Setup to begin a series of screens to configure your Prestige for the first time.
• Click a link under Advanced Setup to configure advanced Prestige features.
• Click a link under Maintenance to see Prestige performance statistics, upload firmware and back up, restore or upload a configuration file.
• Click Site Map to go to the Site Map screen.
• Click Logout in the navigation panel when you have finished a Prestige management session.
Figure 8 Web Configurator: Site Map Screen
Chapter 2 Introducing the Web Configurator 54
Prestige 660H/HW Series User’s Guide
Note: Click the icon (located in the top right corner of most screens) to view
embedded help.
Table 3 Web Configurator Screens Summary
LINK SUB-LINK FUNCTION
Wizard Setup Connection
Setup
Media Bandwidth Mgnt
Advanced Setup
Password Use this screen to change your password.
LAN Use this screen to configure LAN DHCP and TCP/IP settings.
Wireless LAN Wireless Use this screen to configure the wireless LAN settings.
MAC Filter Use this screen to change MAC filter settings on the Prestige.
802.1x/WPA Use this screen to configure WLAN authentication and security
Local User Database
RADIUS Use this screen to specify the external RADIUS server for
OTIST Use this screen to have the Prestige set your wireless station to
WAN WAN Setup Use this screen to change the Prestige’s WAN remote node
WAN Backup Use this screen to configure your traffic redirect properties and
NAT SUA Only Use this screen to configure servers behind the Prestige.
Full Feature Use this screen to configure network address translation
Dynamic DNS Use this screen to set up dynamic DNS.
Time and Date Use this screen to change your Prestige’s time and date.
Firewall Default Policy Use this screen to activate/deactivate the firewall and the
Rule Summary This screen shows a summary of the firewall rules, and allows
Anti Probing Use this screen to change your anti-probing settings.
Threshold Use this screen to configure the threshold for DoS attacks.
Content Filter Keyword Use this screen to block sites containing certain keywords in the
Schedule Use this screen to set the days and times for the Prestige to
Trusted Use this screen to exclude a range of users on the LAN from
Remote Management
Use these screens for initial configuration including general setup, ISP parameters for Internet Access and WAN IP/DNS Server/MAC address assignment.
Use these screens forto set up bandwidth control quickly.
settings.
Use this screen to set up built-in user profiles for wireless station authentication.
wireless station authentication.
use the same wireless settings as the Prestige.
settings.
WAN backup settings.
mapping rules.
direction of network traffic to which to apply the rule.
you to edit/add a firewall rule.
URL.
perform content filtering.
content filtering on your Prestige.
Use this screen to configure through which interface(s) and from which IP address(es) users can use Telnet/FTP/Web to manage the Prestige.
55 Chapter 2 Introducing the Web Configurator
Prestige 660H/HW Series User’s Guide
Table 3 Web Configurator Screens Summary (continued)
LINK SUB-LINK FUNCTION
UPnP Use this screen to enable UPnP on the Prestige.
Logs Log Settings Use this screen to change your Prestige’s log settings.
View Log Use this screen to view the logs for the categories that you
Media Bandwidth Management
Maintenance
System Status This screen contains administrative and system-related
DHCP Table This screen displays DHCP (Dynamic Host Configuration
Any IP Table Use this screen to allow a computer to access the Internet
Wireless LAN Association List This screen displays the MAC address(es) of the wireless
Diagnostic General These screens display information to help you identify problems
Firmware Use this screen to upload firmware to your Prestige
LOGOUT Click this label to exit the web configurator.
Summary Use this screen to allocate an interface's outgoing capacity to
Class Setup Use this screen to define a bandwidth class.
Monitor Use this screen to view bandwidth class statistics.
DSL Line These screens display information to help you identify problems
selected.
specific types of traffic.
information.
Protocol) related information and is READ-ONLY.
without changing the network settings of the computer, when the IP addresses of the computer and the Prestige are not in the same subnet.
stations that are currently logged in to the network.
with the Prestige general connection.
with the DSL line.
Chapter 2 Introducing the Web Configurator 56
Prestige 660H/HW Series User’s Guide
57 Chapter 2 Introducing the Web Configurator
Prestige 660H/HW Series User’s Guide
CHAPTER 3

Wizard Setup for Internet Access

This chapter provides information on the Wizard Setup screens for Internet access in the web configurator.

3.1 Introduction to Internet Access Wizard

Use the Wizard Setup screens to configure your system for Internet access with the information (provided by your ISP) that you fill in the Internet Account Information table in the Quick Start Guide. Your ISP may have already configured some of the fields in the wizard screens for you.

3.1.1 Internet Access Wizard Setup

1 In the SITE MAP screen click Wizard Setup to display the first wizard screen.
Chapter 3 Wizard Setup for Internet Access 58
Prestige 660H/HW Series User’s Guide
Figure 9 Internet Access Wizard Setup: First Screen
The following table describes the fields in this screen.
Table 4 Internet Access Wizard Setup: First Screen
LABEL DESCRIPTION
Mode From the Mode drop-down list box, select Routing (default) if your ISP allows
Encapsulation Select the encapsulation type your ISP uses from the Encapsulation drop-down list
Multiplex Select the multiplexing method used by your ISP from the Multiplex drop-down list
Virtual Circuit IDVPI (Virtual Path Identifier) and VCI (Virtual Channel Identifier) define a virtual circuit.
VPI Enter the VPI assigned to you. This field may already be configured.
VCI Enter the VCI assigned to you. This field may already be configured.
Next Click this button to go to the next wizard screen. The next wizard screen you see
multiple computers to share an Internet account. Otherwise select Bridge.
box. Choices vary depending on what you select in the Mode field. If you select Bridge in the Mode field, select either PPPoA or RFC 1483. If you select Routing in the Mode field, select PPPoA, RFC 1483, ENET ENCAP or
PPPoE.
box either VC-based or LLC-based.
Refer to the appendix for more information.
depends on what protocol you chose above. Click on the protocol link to see the next wizard screen for that protocol.
2 The next wizard screen varies depending on what mode and encapsulation type you use.
All screens shown are with routing mode. Configure the fields and click Next to continue.
59 Chapter 3 Wizard Setup for Internet Access
Figure 10 Internet Connection with PPPoE
Prestige 660H/HW Series User’s Guide
The following table describes the fields in this screen.
Table 5 Internet Connection with PPPoE
LABEL DESCRIPTION
Service Name Type the name of your PPPoE service here.
User Name Enter the user name exactly as your ISP assigned. If assigned a name in the form
user@domain where domain identifies a service name, then enter both components
exactly as given.
Password Enter the password associated with the user name above.
IP Address A static IP address is a fixed IP that your ISP gives you. A dynamic IP address is not
Connection Select Connect on Demand when you don't want the connection up all the time and
Network Address Translation
Back Click Back to go back to the first wizard screen.
Next Click Next to continue to the next wizard screen.
fixed; the ISP assigns you a different one each time you connect to the Internet. Select Obtain an IP Address Automatically if you have a dynamic IP address;
otherwise select Static IP Address and type your ISP assigned IP address in the text box below.
specify an idle time-out (in seconds) in the Max. Idle Timeout field. The default setting selects Connection on Demand with 0 as the idle time-out, which means the Internet session will not timeout.
Select Nailed-Up Connection when you want your connection up all the time. The Prestige will try to bring up the connection automatically if it is disconnected.
The schedule rule(s) in SMT menu 26 has priority over your Connection settings.
Select None, SUA Only or Full Feature from the drop-sown list box. Refer to the NAT chapter for more details.
Chapter 3 Wizard Setup for Internet Access 60
Prestige 660H/HW Series User’s Guide
Figure 11 Internet Connection with RFC 1483
The following table describes the fields in this screen.
Table 6 Internet Connection with RFC 1483
LABEL DESCRIPTION
IP Address This field is available if you select Routing in the Mode field.
Type your ISP assigned IP address in this field.
Network Address Translation
Back Click Back to go back to the first wizard screen.
Next Click Next to continue to the next wizard screen.
Select None, SUA Only or Full Feature from the drop-down list box. Refer to NAT chapter for more details.
Figure 12 Internet Connection with ENET ENCAP
61 Chapter 3 Wizard Setup for Internet Access
Prestige 660H/HW Series User’s Guide
The following table describes the fields in this screen.
Table 7 Internet Connection with ENET ENCAP
LABEL DESCRIPTION
IP Address A static IP address is a fixed IP that your ISP gives you. A dynamic IP address is not
fixed; the ISP assigns you a different one each time you connect to the Internet. . Select Obtain an IP Address Automatically if you have a dynamic IP address;
otherwise select Static IP Address and type your ISP assigned IP address in the IP Address text box below.
Subnet Mask Enter a subnet mask in dotted decimal notation.
Refer to appendices to calculate a subnet mask If you are implementing subnetting.
ENET ENCAP Gateway
Network Address Translation
Back Click Back to go back to the first wizard screen.
Next Click Next to continue to the next wizard screen.
You must specify a gateway IP address (supplied by your ISP) when you use ENET ENCAP in the Encapsulation field in the previous screen.
Select None, SUA Only or Full Feature from the drop-sown list box. Refer to the NAT chapter for more details.
Figure 13 Internet Connection with PPPoA
Chapter 3 Wizard Setup for Internet Access 62
Prestige 660H/HW Series User’s Guide
The following table describes the fields in this screen.
Table 8 Internet Connection with PPPoA
LABEL DESCRIPTION
User Name Enter the login name that your ISP gives you.
Password Enter the password associated with the user name above.
IP Address This option is available if you select Routing in the Mode field.
A static IP address is a fixed IP that your ISP gives you. A dynamic IP address is not fixed; the ISP assigns you a different one each time you connect to the Internet.
Click Obtain an IP Address Automatically if you have a dynamic IP address; otherwise click Static IP Address and type your ISP assigned IP address in the IP Address text box below.
Connection Select Connect on Demand when you don't want the connection up all the time and
specify an idle time-out (in seconds) in the Max. Idle Timeout field. The default setting selects Connection on Demand with 0 as the idle time-out, which means the Internet session will not timeout.
Select Nailed-Up Connection when you want your connection up all the time. The Prestige will try to bring up the connection automatically if it is disconnected.
The schedule rule(s) in SMT menu 26 has priority over your Connection settings.
Network Address Translation
Back Click Back to go back to the first wizard screen.
Next Click Next to continue to the next wizard screen.
This option is available if you select Routing in the Mode field. Select None, SUA Only or Full Feature from the drop-sown list box. Refer to the NAT
chapter for more details.
3 Verify the settings in the screen shown next. To change the LAN information on the
Prestige, click Change LAN Configurations. Otherwise click Save Settings to save the configuration and skip to the section 3.13.
63 Chapter 3 Wizard Setup for Internet Access
Figure 14 Internet Access Wizard Setup: Third Screen
Prestige 660H/HW Series User’s Guide
If you want to change your Prestige LAN settings, click Change LAN Configuration to display the screen as shown next.
Figure 15 Internet Access Wizard Setup: LAN Configuration
Chapter 3 Wizard Setup for Internet Access 64
Prestige 660H/HW Series User’s Guide
The following table describes the fields in this screen.
Table 9 Internet Access Wizard Setup: LAN Configuration
LABEL DESCRIPTION
LAN IP Address Enter the IP address of your Prestige in dotted decimal notation, for example,
192.168.1.1 (factory default). If you changed the Prestige's LAN IP address, you must use the new IP
address if you want to access the web configurator again.
LAN Subnet Mask Enter a subnet mask in dotted decimal notation.
DHCP
DHCP Server From the DHCP Server drop-down list box, select On to allow your Prestige to
Client IP Pool Starting Address
Size of Client IP Pool This field specifies the size or count of the IP address pool.
Primary DNS Server Enter the IP addresses of the DNS servers. The DNS servers are passed to
Secondary DNS Server As above.
Back Click Back to go back to the previous screen.
Finish Click Finish to save the settings and proceed to the next wizard screen.
assign IP addresses, an IP default gateway and DNS servers to computer systems that support the DHCP client. Select Off to disable DHCP server.
When DHCP server is used, set the following items:
This field specifies the first of the contiguous addresses in the IP address pool.
the DHCP clients along with the IP address and the subnet mask.
4 The Prestige automatically tests the connection to the computer(s) connected to the LAN
ports. To test the connection from the Prestige to the ISP, click Start Diagnose. Otherwise click Return to Main Menu to go back to the Site Map screen.
Figure 16 Internet Access Wizard Setup: Connection Tests
5 Launch your web browser and navigate to www.zyxel.com. Internet access is just the
beginning. Refer to the rest of this guide for more detailed information on the complete range of Prestige features. If you cannot access the Internet, open the web configurator again to confirm that the Internet settings you configured in the Wizard Setup are correct.
65 Chapter 3 Wizard Setup for Internet Access
Prestige 660H/HW Series User’s Guide
CHAPTER 4
Wizard Setup for Media
Bandwidth Management
This chapter shows you how to configure basic bandwidth management using the wizard screens.

4.1 Introduction to Media Bandwidth Management

The web configurator’s Media Bandwidth Magnt. screens under Wizard Setup allows you to specify bandwidth classes based on an application (or service). You can allocate specific amounts of bandwidth capacity (bandwidth budgets) to different bandwidth classes.
The Prestige applies bandwidth management to traffic that it forwards out through an interface. The Prestige does not control the bandwidth of traffic that comes into an interface.
Bandwidth management applies to all traffic flowing out of the Prestige through the interface, regardless of the traffic's source.
Traffic redirect or IP alias may cause LAN-to-LAN traffic to pass through the Prestige and be managed by bandwidth management.
Refer to Chapter 18 on page 194 for more information and advanced configuration.

4.1.1 Predefined Media Bandwidth Management Services

The following is a description of the services that you can select and to which you can apply media bandwidth management using the Wizard Setup screens.
Table 10 Media Bandwidth Mgnt. Wizard Setup: Services
SERVICE DESCRIPTION
Xbox Live This is Microsoft’s online gaming service that lets you play multiplayer Xbox games
on the Internet via broadband technology. Xbox Live uses port 3074.
VoIP (SIP) Sending voice signals over the Internet is called Voice over IP or VoIP. Session
Initiated Protocol (SIP) is an internationally recognized standard for implementing VoIP. SIP is an application-layer control (signaling) protocol that handles the setting up, altering and tearing down of voice and multimedia sessions over the Internet.
SIP is transported primarily over UDP but can also be transported over TCP, using the default port number 5060.
Chapter 4 Wizard Setup for Media Bandwidth Management 66
Prestige 660H/HW Series User’s Guide
Table 10 Media Bandwidth Mgnt. Wizard Setup: Services (continued)
SERVICE DESCRIPTION
FTP File Transfer Program enables fast transfer of files, including large files that may
not be possible by e-mail. FTP uses port number 21.
E-Mail Electronic mail consists of messages sent through a computer network to specific
groups or individuals. Here are some default ports for e-mail: POP3 - port 110 IMAP - port 143 SMTP - port 25 HTTP - port 80
eMule These programs use advanced file sharing applications relying on central servers
WWW The World Wide Web (WWW) is an Internet system to distribute graphical, hyper-
to search for files. They use default port 4662.
linked information, based on Hyper Text Transfer Protocol (HTTP) - a client/server protocol for the World Wide Web. The Web is not synonymous with the Internet; rather, it is just one service on the Internet. Other services on the Internet include Internet Relay Chat and Newsgroups. The Web is accessed through use of a browser.

4.2 Media Bandwidth Management Setup

1 Click Media Bandwidth Mgnt. under Wizard Setup in the SITE MAP screen.
Figure 17 Media Bandwidth Mgnt. Wizard Setup: First Screen
67 Chapter 4 Wizard Setup for Media Bandwidth Management
Prestige 660H/HW Series User’s Guide
The following table describes the labels in this screen.
Tabl e 11 Media Bandwidth Mgnt. Wizard Setup: First Screen
LABEL DESCRIPTION
Active Select the Active check box to have the Prestige apply bandwidth management
to traffic going out through the Prestige’s WAN, LAN or WLAN port.
Select the service to apply bandwidth management.
Next Click Next to continue.
These checkboxes are applicable when you select the Active checkbox above. Create bandwidth management classes by selecting services from the list
provided.
XBox Live
•VoIP (SIP)
•FTP
•E-Mail
•eMule
•WWW Refer to Table 12 on page 68 for more information.
2 The Prestige automatically creates the bandwidth class for each service you select. You
may set the priority for each bandwidth class in the second wizard screen.
Figure 18 Media Bandwidth Mgnt. Wizard Setup: Second Screen
The following table describes the fields in this screen.
Table 12 Media Bandwidth Mgnt. Wizard Setup: Second Screen
LABEL DESCRIPTION
Service These fields display the service(s) selected in the previous screen.
Priority Select High, Mid or Low priority for each service to have your Prestige use a priority
for traffic that matches that service. If the rules set up in this wizard are changed in ADVANCED - Media Bandwidth
Mgnt. - Class Setup, then the service priority radio button will be set to Others. The Class Configuration screen allows you to edit these rule configurations.
Chapter 4 Wizard Setup for Media Bandwidth Management 68
Prestige 660H/HW Series User’s Guide
Table 12 Media Bandwidth Mgnt. Wizard Setup: Second Screen
LABEL DESCRIPTION
Back Click Back to return to the previous screen.
Finish Click Finish to complete and save the bandwidth management setup.
3 Well done! You have finished configuration of Media Bandwidth Management. You may
now continue configuring your device.
Click Return to Main Menu to return to the Site Map screen.
Figure 19 Media Bandwidth Mgnt. Wizard Setup: Finish
69 Chapter 4 Wizard Setup for Media Bandwidth Management
This chapter provides information on the Password screen.

5.1 Password Overview

It is highly recommended that you change the password for accessing the Prestige.

5.1.1 Configuring Password

To change your Prestige’s password (recommended), click Password in the Site Map screen.
Figure 20 Password
Prestige 660H/HW Series User’s Guide
CHAPTER 5

Password Setup

The following table describes the fields in this screen.
Table 13 Password
LABEL DESCRIPTION
Old Password Type the default password or the existing password you use to access the system
in this field.
New Password Type the new password in this field.
Retype to Confirm Type the new password again in this field.
Apply Click Apply to save your changes back to the Prestige.
Cancel Click Cancel to begin configuring this screen afresh.
Chapter 5 Password Setup 70
Prestige 660H/HW Series User’s Guide
71 Chapter 5 Password Setup
This chapter describes how to configure LAN settings.

6.1 LAN Overview

A Local Area Network (LAN) is a shared communication system to which many computers are attached. A LAN is a computer network limited to the immediate area, usually the same building or floor of a building. The LAN screens can help you configure a LAN DHCP server and manage IP addresses.

6.1.1 LANs, WANs and the Prestige

Prestige 660H/HW Series User’s Guide
CHAPTER 6

LAN Setup

The actual physical connection determines whether the Prestige ports are LAN or WAN ports. There are two separate IP networks, one inside the LAN network and the other outside the WAN network as shown next.
Figure 21 LAN and WAN IP Addresses
Chapter 6 LAN Setup 72
Prestige 660H/HW Series User’s Guide

6.2 DNS Server Address

DNS (Domain Name System) is for mapping a domain name to its corresponding IP address and vice versa. The DNS server is extremely important because without it, you must know the IP address of a machine before you can access it. The DNS server addresses that you enter in the DHCP setup are passed to the client machines along with the assigned IP address and subnet mask.
There are two ways that an ISP disseminates the DNS server addresses. The first is for an ISP to tell a customer the DNS server addresses, usually in the form of an information sheet, when s/he signs up. If your ISP gives you the DNS server addresses, enter them in the DNS Server fields in DHCP Setup, otherwise, leave them blank.
Some ISP’s choose to pass the DNS servers using the DNS server extensions of PPP IPCP (IP Control Protocol) after the connection is up. If your ISP did not give you explicit DNS servers, chances are the DNS servers are conveyed through IPCP negotiation. The Prestige supports the IPCP DNS server extensions through the DNS proxy feature.
If the Primary and Secondary DNS Server fields in the LAN Setup screen are not specified, for instance, left as 0.0.0.0, the Prestige tells the DHCP clients that it itself is the DNS server. When a computer sends a DNS query to the Prestige, the Prestige forwards the query to the real DNS server learned through IPCP and relays the response back to the computer.
Please note that DNS proxy works only when the ISP uses the IPCP DNS server extensions. It does not mean you can leave the DNS servers out of the DHCP setup under all circumstances. If your ISP gives you explicit DNS servers, make sure that you enter their IP addresses in the LAN Setup screen. This way, the Prestige can pass the DNS servers to the computers and the computers can query the DNS server directly without the Prestige’s intervention.

6.3 DNS Server Address Assignment

Use DNS (Domain Name System) to map a domain name to its corresponding IP address and vice versa. The DNS server is extremely important because without it, you must know the IP address of a computer before you can access it.
There are two ways that an ISP disseminates the DNS server addresses.
• The ISP tells you the DNS server addresses, usually in the form of an information sheet, when you sign up. If your ISP gives you DNS server addresses, enter them in the DNS Server fields in the LAN Setup screen.
• The Prestige acts as a DNS proxy when the Primary and Secondary DNS Server fields are left blank in the LAN Setup screen.
73 Chapter 6 LAN Setup

6.4 LAN TCP/IP

The Prestige has built-in DHCP server capability that assigns IP addresses and DNS servers to systems that support DHCP client capability.

6.4.1 Factory LAN Defaults

The LAN parameters of the Prestige are preset in the factory with the following values:
• IP address of 192.168.1.1 with subnet mask of 255.255.255.0 (24 bits)
• DHCP server enabled with 32 client IP addresses starting from 192.168.1.33.
These parameters should work for the majority of installations. If your ISP gives you explicit DNS server address(es), read the embedded web configurator help regarding what fields need to be configured.

6.4.2 IP Address and Subnet Mask

Prestige 660H/HW Series User’s Guide
Similar to the way houses on a street share a common street name, so too do computers on a LAN share one common network number.
Where you obtain your network number depends on your particular situation. If the ISP or your network administrator assigns you a block of registered IP addresses, follow their instructions in selecting the IP addresses and the subnet mask.
If the ISP did not explicitly give you an IP network number, then most likely you have a single user account and the ISP will assign you a dynamic IP address when the connection is established. If this is the case, it is recommended that you select a network number from
192.168.0.0 to 192.168.255.0 and you must enable the Network Address Translation (NAT) feature of the Prestige. The Internet Assigned Number Authority (IANA) reserved this block of addresses specifically for private use; please do not use any other number unless you are told otherwise. Let's say you select 192.168.1.0 as the network number; which covers 254 individual addresses, from 192.168.1.1 to 192.168.1.254 (zero and 255 are reserved). In other words, the first three numbers specify the network number while the last number identifies an individual computer on that network.
Once you have decided on the network number, pick an IP address that is easy to remember, for instance, 192.168.1.1, for your Prestige, but make sure that no other device on your network is using that IP address.
The subnet mask specifies the network number portion of an IP address. Your Prestige will compute the subnet mask automatically based on the IP address that you entered. You don't need to change the subnet mask computed by the Prestige unless you are instructed to do otherwise.
Chapter 6 LAN Setup 74
Prestige 660H/HW Series User’s Guide

6.4.3 RIP Setup

RIP (Routing Information Protocol) allows a router to exchange routing information with other routers. The RIP Direction field controls the sending and receiving of RIP packets. When set to:
Both - the Prestige will broadcast its routing table periodically and incorporate the RIP information that it receives.
In Only - the Prestige will not send any RIP packets but will accept all RIP packets received.
Out Only - the Prestige will send out RIP packets but will not accept any RIP packets received.
None - the Prestige will not send any RIP packets and will ignore any RIP packets received.
The Version field controls the format and the broadcasting method of the RIP packets that the Prestige sends (it recognizes both formats when receiving). RIP-1 is universally supported; but RIP-2 carries more information. RIP-1 is probably adequate for most networks, unless you have an unusual network topology.
Both RIP-2B and RIP-2M sends the routing data in RIP-2 format; the difference being that
RIP-2B uses subnet broadcasting while RIP-2M uses multicasting.

6.4.4 Multicast

Traditionally, IP packets are transmitted in one of either two ways - Unicast (1 sender - 1 recipient) or Broadcast (1 sender - everybody on the network). Multicast delivers IP packets to a group of hosts on the network - not everybody and not just 1.
IGMP (Internet Group Multicast Protocol) is a network-layer protocol used to establish membership in a Multicast group - it is not used to carry user data. IGMP version 2 (RFC
2236) is an improvement over version 1 (RFC 1112) but IGMP version 1 is still in wide use. If you would like to read more detailed information about interoperability between IGMP version 2 and version 1, please see sections 4 and 5 of RFC 2236. The class D IP address is used to identify host groups and can be in the range 224.0.0.0 to 239.255.255.255. The address
224.0.0.0 is not assigned to any group and is used by IP multicast computers. The address
224.0.0.1 is used for query messages and is assigned to the permanent group of all IP hosts (including gateways). All hosts must join the 224.0.0.1 group in order to participate in IGMP. The address 224.0.0.2 is assigned to the multicast routers group.
The Prestige supports both IGMP version 1 (IGMP-v1) and IGMP version 2 (IGMP-v2). At start up, the Prestige queries all directly connected networks to gather group membership. After that, the Prestige periodically updates this information. IP multicasting can be enabled/ disabled on the Prestige LAN and/or WAN interfaces in the web configurator (LAN; WA N ). Select None to disable IP multicasting on these interfaces.
75 Chapter 6 LAN Setup

6.5 Any IP

Traditionally, you must set the IP addresses and the subnet masks of a computer and the Prestige to be in the same subnet to allow the computer to access the Internet (through the Prestige). In cases where your computer is required to use a static IP address in another network, you may need to manually configure the network settings of the computer every time you want to access the Internet via the Prestige.
With the Any IP feature and NAT enabled, the Prestige allows a computer to access the Internet without changing the network settings (such as IP address and subnet mask) of the computer, when the IP addresses of the computer and the Prestige are not in the same subnet. Whether a computer is set to use a dynamic or static (fixed) IP address, you can simply connect the computer to the Prestige and access the Internet.
The following figure depicts a scenario where a computer is set to use a static private IP address in the corporate environment. In a residential house where a Prestige is installed, you can still use the computer to access the Internet without changing the network settings, even when the IP addresses of the computer and the Prestige are not in the same subnet.
Figure 22 Any IP Example
Prestige 660H/HW Series User’s Guide
The Any IP feature does not apply to a computer using either a dynamic IP address or a static IP address that is in the same subnet as the Prestige’s IP address.
Note: You must enable NAT/SUA to use the Any IP feature on the Prestige.

6.5.1 How Any IP Works

Address Resolution Protocol (ARP) is a protocol for mapping an Internet Protocol address (IP address) to a physical machine address, also known as a Media Access Control or MAC address, on the local area network. IP routing table is defined on IP Ethernet devices (the Prestige) to decide which hop to use,
Chapter 6 LAN Setup 76
to help forward data along to its specified destination.
Prestige 660H/HW Series User’s Guide
The following lists out the steps taken, when a computer tries to access the Internet for the first time through the Prestige.
1 When a computer (which is in a different subnet) first attempts to access the Internet, it
sends packets to its default gateway (which is not the Prestige) by looking at the MAC address in its ARP table.
2 When the computer cannot locate the default gateway, an ARP request is broadcast on the
LAN.
3 The Prestige receives the ARP request and replies to the computer with its own MAC
address.
4 The computer updates the MAC address for the default gateway to the ARP table. Once
the ARP table is updated, the computer is able to access the Internet through the Prestige.
5 When the Prestige receives packets from the computer, it creates an entry in the IP
routing table so it can properly forward packets intended for the computer.
After all the routing information is updated, the computer can access the Prestige and the Internet as if it is in the same subnet as the Prestige.

6.6 Configuring LAN

Click LAN and LAN Setup to open the following screen.
77 Chapter 6 LAN Setup
Figure 23 LAN Setup
Prestige 660H/HW Series User’s Guide
The following table describes the fields in this screen.
Table 14 LAN Setup
LABEL DESCRIPTION
DHCP
DHCP If set to Server, your Prestige can assign IP addresses, an IP default gateway
and DNS servers to Windows 95, Windows NT and other systems that support the DHCP client.
If set to None, the DHCP server will be disabled. If set to Relay, the Prestige acts as a surrogate DHCP server and relays DHCP
requests and responses between the remote server and the clients. Enter the IP address of the actual, remote DHCP server in the Remote DHCP Server field in this case.
When DHCP is used, the following items need to be set:
Client IP Pool Starting Address
Size of Client IP Pool
Primary DNS Server Enter the IP addresses of the DNS servers. The DNS servers are passed to the
Secondary DNS Server
This field specifies the first of the contiguous addresses in the IP address pool.
This field specifies the size or count of the IP address pool.
DHCP clients along with the IP address and the subnet mask.
As above.
Chapter 6 LAN Setup 78
Prestige 660H/HW Series User’s Guide
Table 14 LAN Setup (continued)
LABEL DESCRIPTION
Remote DHCP Server
TCP/IP
IP Address Enter the IP address of your Prestige in dotted decimal notation, for example,
IP Subnet Mask Type the subnet mask assigned to you by your ISP (if given).
RIP Direction Select the RIP direction from None, Both, In Only and Out Only.
RIP Version Select the RIP version from RIP-1, RIP-2B and RIP-2M.
Multicast IGMP (Internet Group Multicast Protocol) is a network-layer protocol used to
Any IP Setup Select the Active checkbox to enable the Any IP feature. This allows a computer
Apply Click Apply to save your changes back to the Prestige.
Cancel Click Cancel to begin configuring this screen afresh.
If Relay is selected in the DHCP field above then enter the IP address of the actual remote DHCP server here.
192.168.1.1 (factory default).
establish membership in a multicast group. The Prestige supports both IGMP version 1 (IGMP-v1) and IGMP-v2. Select None to disable it.
to access the Internet without changing the network settings (such as IP address and subnet mask) of the computer, even when the IP addresses of the computer and the Prestige are not in the same subnet.
When you disable the Any IP feature, only computers with dynamic IP addresses or static IP addresses in the same subnet as the Prestige’s LAN IP address can connect to the Prestige or access the Internet through the Prestige.

6.7 Configuring Static DHCP

This table allows you to assign IP addresses on the LAN to specific individual computers based on their MAC Addresses.
Every Ethernet device has a unique MAC (Media Access Control) address. The MAC address is assigned at the factory and consists of six pairs of hexadecimal characters, for example, 00:A0:C5:00:00:02.
To change your Prestige’s static DHCP settings, click LAN, then the Static DHCP tab. The screen appears as shown.
79 Chapter 6 LAN Setup
Figure 24 LAN: Static DHCP
Prestige 660H/HW Series User’s Guide
The following table describes the labels in this screen.
Table 15 LAN: Static DHCP
LABEL DESCRIPTION
# This is the index number of the Static IP table entry (row).
MAC Address Type the MAC address (with colons) of a computer on your LAN.
IP Address This field specifies the size, or count of the IP address pool.
Apply Click Apply to save your changes back to the Prestige.
Reset Click Reset to begin configuring this screen afresh.
Chapter 6 LAN Setup 80
Prestige 660H/HW Series User’s Guide
81 Chapter 6 LAN Setup
Prestige 660H/HW Series User’s Guide
CHAPTER 7

Wireless LAN (Prestige 660HW)

This chapter discusses how to configure Wireless LAN.

7.1 Introduction

A wireless LAN can be as simple as two computers with wireless LAN adapters communicating in a peer-to-peer network or as complex as a number of computers with wireless LAN adapters communicating through access points which bridge network traffic to the wired LAN.
Note: See the WLAN appendix for more detailed information on WLANs.

7.2 Wireless Security Overview

Wireless security is vital to your network to protect wireless communication between wireless stations, access points and the wired network.
Wireless security methods available on the Prestige are data encryption, wireless client authentication, restricting access by device MAC address and hiding the Prestige identity.

7.2.1 Encryption

• Use WPA security if you have WPA-aware wireless clients and a RADIUS server. WPA has user authentication and improved data encryption over WEP.
• Use WPA-PSK if you have WPA-aware wireless clients but no RADIUS server.
• If you don’t have WPA-aware wireless clients, then use WEP key encrypting. A higher bit key offers better security at a throughput trade-off. You can use Passphrase to automatically generate 64-bit or 128-bit WEP keys or manually enter 64-bit, 128-bit or 256-bit WEP keys.

7.2.2 Authentication

WPA has user authentication and you can also configure IEEE 802.1x to use the built-in database (Local User Database) or a RADIUS server to authenticate wireless clients before joining your network.
• Use RADIUS authentication if you have a RADIUS server. See the appendices for information on protocols used when a client authenticates with a RADIUS server via the Prestige.
Chapter 7 Wireless LAN (Prestige 660HW) 82
Prestige 660H/HW Series User’s Guide
• Use the Local User Database if you have less than 32 wireless clients in your network. The Prestige uses MD5 encryption when a client authenticates with the Local User Database

7.2.3 Restricted Access

The MAC Filter screen allows you to configure the AP to give exclusive access to devices (Allow Association) or exclude them from accessing the AP (Deny Association).

7.2.4 Hide Prestige Identity

If you hide the ESSID, then the Prestige cannot be seen when a wireless client scans for local APs. The trade-off for the extra security of “hiding” the Prestige may be inconvenience for some valid WLAN clients. If you don’t hide the ESSID, at least you should change the default one.

7.2.5 G-plus

G-plus is an enhancement to the IEEE 802.11g wireless standard. G-plus combines multiple frames into a larger frame size. This increases wireless transmission speeds by allowing larger frames (up to 4 KB) to be sent.
G-plus speed applies only to unicast traffic (not broadcast or multicast). G-plus is automatically disabled if wireless transmission speeds fall below 11 Mbps.

7.2.6 Configuring Wireless LAN on the Prestige

1 Configure the ESSID
and WEP in the Wireless screen. If you
configure WEP, you can’t configure WPA or WPA-PSK.
2 Use the MAC Filter
screen to restrict access to your wireless network by MAC address.
3 Configure WPA or
WPA-PSK in the
802.1x/WPA screen. You can also configure 802.1x wireless client authentication in the 802.1x/WPA screen.
4 Configure the RADIUS authentication database settings in the RADIUS screen.
5 Configure the built-in authentication database in the Local User Database screen.
83 Chapter 7 Wireless LAN (Prestige 660HW)
Prestige 660H/HW Series User’s Guide
6 If you have OTIST-enabled clients, configure OTIST in the OTIST screen. OTIST
transfers device SSID and WEP or WPA-PSK key settings (if enabled) to wireless clients.
The following figure shows the relative effectiveness of these wireless security methods available on your Prestige.
Figure 25 Wireless Security Methods
Note: You must enable the same wireless security settings on the Prestige and on all
wireless clients that you want to associate with it.
If you do not enable any wireless security on your Prestige, your network is accessible to any wireless networking device that is within range.

7.3 Configuring the Wireless Screen

7.3.1 WEP Encryption

WEP encryption scrambles the data transmitted between the wireless stations and the access points to keep network communications private. It encrypts unicast and multicast communications in a network. Both the wireless stations and the access points must use the same WEP key.
Your Prestige allows you to configure up to four 64-bit, 128-bit or 256-bit WEP keys but only one key can be enabled at any one time.
In order to configure and enable WEP encryption; click Wireless LAN and Wireless to the display the Wireless screen.
Chapter 7 Wireless LAN (Prestige 660HW) 84
Prestige 660H/HW Series User’s Guide
Figure 26 Wireless Screen
The following table describes the labels in this screen.
Table 16 Wireless LAN
LABEL DESCRIPTION
Enable Wireless LAN
Enable Wireless g+Select this checkbox to allow any ZyXEL WLAN devices that support this feature to
802.11 Mode Select 802.11b Only to allow only IEEE 802.11b compliant WLAN devices to
ESSID The ESSID (Extended Service Set IDentification) is a unique name to identify the
You should configure some wireless security (see Figure 25 on page 84) when you enable the wireless LAN. Select the check box to enable the wireless LAN.
associate with the Prestige at higher transmission speeds. This permits the Prestige to transmit at a higher speed than the 802.11g Only mode.
associate with the Prestige. Select 802.11g Only to allow only IEEE 802.11g compliant WLAN devices to
associate with the Prestige. Select Mixed to allow either IEEE802.11b or IEEE802.11g compliant WLAN devices
to associate with the Prestige. The transmission rate of your Prestige might be reduced.
Prestige in the wireless LAN. Wireless stations associating to the Prestige must have the same ESSID.
Enter a descriptive name of up to 32 printable characters (including spaces; alphabetic characters are case-sensitive).
85 Chapter 7 Wireless LAN (Prestige 660HW)
Prestige 660H/HW Series User’s Guide
Table 16 Wireless LAN (continued)
LABEL DESCRIPTION
Hide ESSID Select Yes to hide the ESSID in so a station cannot obtain the ESSID through AP
scanning. Select No to make the ESSID visible so a station can obtain the ESSID through AP
scanning.
Channel ID The radio frequency used by IEEE 802.11a, b or g wireless devices is called a
channel. Select a channel from the drop-down list box.
RTS/CTS Threshold
Fragmentation Threshold
You won’t see the following WEP-related fields if you have WPA or WPA-PSK enabled.
Passphrase Enter a "passphrase" (password phrase) of up to 63 case-sensitive printable
Generate After you enter the passphrase, click Generate to have the Prestige generate four
WEP Encryption WEP (Wired Equivalent Privacy) encrypts data frames before transmitting over the
Key 1 to Key 4 The WEP keys are used to encrypt data. Both the Prestige and the wireless stations
Back Click Back to go to the main wireless LAN setup screen.
Apply Click Apply to save your changes back to the Prestige.
Cancel Click Cancel to begin configuring this screen afresh.
The RTS (Request To Send) threshold (number of bytes) is for enabling RTS/CTS. Data with its frame size larger than this value will perform the RTS/CTS handshake. Setting this value to be larger than the maximum MSDU (MAC service data unit) size turns off RTS/CTS. Setting this value to zero turns on RTS/CTS.
Select the check box to change the default value and enter a new value between 0 and 2432.
This is the threshold (number of bytes) for the fragmentation boundary for directed messages. It is the maximum data fragment size that can be sent.
Select the check box to change the default value and enter a value between 256 and 2432.
characters and click Generate to have the Prestige create four different WEP keys. At the time of writing, you cannot use passphrase to generate 256-bit WEP keys.
different WEP keys automatically. The keys display in the fields below.
wireless network. Select Disable to allow all wireless stations to communicate with the access points
without any data encryption. Select 64-bit WEP, 128-bit WEP or 256-bit WEP to use data encryption.
must use the same WEP key for data transmission. If you want to manually set the WEP keys, enter the key in the field provided. If you chose 64-bit WEP, then enter any 5 ASCII characters or 10 hexadecimal
characters ("0-9", "A-F"). If you chose 128-bit WEP, then enter 13 ASCII characters or 26 hexadecimal
characters ("0-9", "A-F"). If you chose 256-bit WEP, then enter 29 ASCII characters or 58 hexadecimal
characters ("0-9", "A-F"). The values for the WEP keys must be set up exactly the same on all wireless
devices in the same wireless LAN. You must configure all four keys, but only one key can be used at any one time. The
default key is key 1.
Chapter 7 Wireless LAN (Prestige 660HW) 86
Prestige 660H/HW Series User’s Guide
Note: If you are configuring the Prestige from a computer connected to the wireless
LAN and you change the Prestige’s ESSID or security settings (see
on page 84), you will lose your wireless connection when you press Apply to
confirm. You must then change the wireless settings of your computer to match the Prestige’s new settings.

7.4 Configuring MAC Filters

Every Ethernet device has a unique MAC (Media Access Control) address. The MAC address is assigned at the factory and consists of six pairs of hexadecimal characters, for example, 00:A0:C5:00:00:02. You need to know the MAC addresses of the devices to configure this screen. To change your Prestige’s MAC filter settings, click Wireless LAN, MAC Filter to open the MAC Filter screen. The screen appears as shown.
Note: Be careful not to list your computer’s MAC address and set the Action field to
Deny Association when managing the Prestige via a wireless connection.
This would lock you out.
Figure 25
87 Chapter 7 Wireless LAN (Prestige 660HW)
Figure 27 MAC Address Filter
Prestige 660H/HW Series User’s Guide
The following table describes the fields in this menu.
Table 17 MAC Address Filter
LABEL DESCRIPTION
Active Select Ye s from the drop down list box to enable MAC address filtering.
Action Define the filter action for the list of MAC addresses in the MAC Address table.
Select Deny Association to block access to the router, MAC addresses not listed will be allowed to access the Prestige. Select Allow Association to permit access to the router, MAC addresses not listed will be denied access to the Prestige.
MAC Address Enter the MAC addresses in a valid MAC address format, that is, six hexadecimal
character pairs, for example, 12:34:56:78:9a:bc allowed or denied access to the Prestige in these address fields.
Chapter 7 Wireless LAN (Prestige 660HW) 88
of the wireless stations that are
Prestige 660H/HW Series User’s Guide
Table 17 MAC Address Filter (continued)
LABEL DESCRIPTION
Back Click Back to go to the main wireless LAN setup screen.
Apply Click Apply to save your changes back to the Prestige.
Cancel Click Cancel to begin configuring this screen afresh.

7.5 Introduction to WPA

Wi-Fi Protected Access (WPA) is a subset of the IEEE 802.11i standard. WPA is preferred to WEP as WPA has user authentication and improved data encryption. See the appendix for more information on WPA user authentication and WPA encryption.
If you don’t have an external RADIUS server, you should use WPA-PSK (WPA -Pre-Shared Key). WPA-PSK only requires a single (identical) password entered into each WLAN member. As long as the passwords match, a client will be granted access to a WLAN.
Note: You can’t use the Local User Database for authentication when you select
WPA.

7.5.1 WPA-PSK Application Example

A WPA-PSK application looks as follows.
1 First enter identical passwords into the AP and all wireless clients. The Pre-Shared Key
(PSK) must be between 8 and 63 printable characters (including spaces; alphabetic characters are case-sensitive).
2 The AP checks each client’s password and (only) allows it to join the network if the
passwords match.
3 The AP derives and distributes keys to the wireless clients.
4 The AP and wireless clients use the TKIP encryption process to encrypt data exchanged
between them.
89 Chapter 7 Wireless LAN (Prestige 660HW)
Figure 28 WPA - PSK Authentication

7.5.2 WPA with RADIUS Application Example

You need the IP address, port number (default is 1812) and shared secret of a RADIUS server. A WPA application example with an external RADIUS server looks as follows. "A" is the RADIUS server. "DS" is the distribution system (wired link to the LAN).
Prestige 660H/HW Series User’s Guide
1 The AP passes the wireless client’s authentication request to the RADIUS server.
2 The RADIUS server then checks the user's identification against its database and grants
or denies network access accordingly.
3 The RADIUS server distributes a Pairwise Master Key (PMK) key to the AP that then
sets up a key hierarchy and management system, using the pair-wise key to dynamically generate unique data encryption keys to encrypt every data packet that is wirelessly transmitted between the AP and the wireless clients
Chapter 7 Wireless LAN (Prestige 660HW) 90
Prestige 660H/HW Series User’s Guide
Figure 29 WPA with RADIUS Application Example2

7.5.3 Wireless Client WPA Supplicants

A wireless client supplicant is the software that runs on an operating system instructing the wireless client how to use WPA. At the time of writing, the most widely available supplicants are the WPA patch for Windows XP, Funk Software's Odyssey client, and Meetinghouse Data Communications' AEGIS client.
The Windows XP patch is a free download that adds WPA capability to Windows XP's built­in "Zero Configuration" wireless client. However, you must run Windows XP to use it.

7.6 Configuring IEEE 802.1x and WPA

To change your Prestige’s authentication settings, click the Wireless LAN link under Advanced Setup and then the 802.1x/WPA tab. The screen varies by the key management protocol you select.
You see the next screens when you select No Access Allowed or No Authentication Required in the Wireless Port Control field.
91 Chapter 7 Wireless LAN (Prestige 660HW)
Prestige 660H/HW Series User’s Guide
Figure 30 Wireless LAN: 802.1x/WPA: No Authentication
The following table describes the label in these screens.
Table 18 Wireless LAN: 802.1x/WPA: No Access/Authentication
LABEL DESCRIPTION
Wireless Port Control
Back Click Back to go to the main wireless LAN setup screen.
Apply Click Apply to save your changes back to the Prestige.
Cancel Click Cancel to begin configuring this screen afresh.
To control wireless station access to the wired network, select a control method from the drop-down list box. Choose from No Access Allowed, No Authentication
Required and Authentication Required. No Access Allowed blocks all wireless stations access to the wired network. No Authentication Required allows all wireless stations access to the wired network
without entering usernames and passwords. This is the default setting. Authentication Required means that all wireless stations have to enter usernames
and passwords before access to the wired network is allowed. Select Authentication Required to configure Key Management Protocol and other
related fields.

7.6.1 Authentication Required: 802.1x

You need the following for IEEE 802.1x authentication.
• A computer with an IEEE 802.11 a/b/g wireless LAN adapter and equipped with a web browser (with JavaScript enabled) and/or Telnet.
• A wireless station computer must be running IEEE 802.1x-compliant software. Not all Windows operating systems support IEEE 802.1x (see the Microsoft web site for details). For other operating systems, see their documentation. If your operating system does not support IEEE 802.1x, then you may need to install IEEE 802.1x client software.
• An optional network RADIUS server for remote user authentication and accounting.
Select Authentication Required in the Wireless Port Control field and 802.1x in the Key Management Protocol field to display the next screen.
Chapter 7 Wireless LAN (Prestige 660HW) 92
Prestige 660H/HW Series User’s Guide
Figure 31 Wireless LAN: 802.1x/WPA: 802.1xl
The following table describes the labels in this screen.
Table 19 Wireless LAN: 802.1x/WPA: 802.1x
LABEL DESCRIPTION
Wireless Port Control
ReAuthentication Timer (in Seconds)
To control wireless station access to the wired network, select a control method from the drop-down list box. Choose from No Authentication Required, Authentication Required and No Access Allowed.
The following fields are only available when you select Authentication Required.
Specify how often wireless stations have to reenter usernames and passwords in order to stay connected. This field is activated only when you select Authentication Required in the Wireless Port Control field.
Enter a time interval between 10 and 9999 seconds. The default time interval is
1800 seconds (30 minutes).
Note: If wireless station authentication is done using a RADIUS
server, the reauthentication timer on the RADIUS server has priority.
Idle Timeout (in Seconds)
Key Management Protocol
The Prestige automatically disconnects a wireless station from the wired network after a period of inactivity. The wireless station needs to enter the username and password again before access to the wired network is allowed.
This field is activated only when you select Authentication Required in the Wireless Port Control field. The default time interval is 3600 seconds (or 1 hour).
Choose 802.1x from the drop-down list.
93 Chapter 7 Wireless LAN (Prestige 660HW)
Prestige 660H/HW Series User’s Guide
Table 19 Wireless LAN: 802.1x/WPA: 802.1x (continued)
LABEL DESCRIPTION
Dynamic WEP Key Exchange
Authentication Databases
Back Click Back to go to the main wireless LAN setup screen.
Apply Click Apply to save your changes back to the Prestige.
Cancel Click Cancel to begin configuring this screen afresh.
This field is activated only when you select Authentication Required in the
Wireless Port Control field. Also set the Authentication Databases field to RADIUS Only. Local user database may not be used.
Select Disable to allow wireless stations to communicate with the access points without using dynamic WEP key exchange.
Select 64-bit WEP, 128-bit WEP or 256-bit WEP to enable data encryption. Up to 32 stations can access the Prestige when you configure dynamic WEP key
exchange. This field is not available when you set Key Management Protocol to WPA or
WPA-PSK.
The authentication database contains wireless station login information. The local user database is the built-in database on the Prestige. The RADIUS is an external server. Use this drop-down list box to select which database the Prestige should use (first) to authenticate a wireless station.
Before you specify the priority, make sure you have set up the corresponding database correctly first.
Select Local User Database Only to have the Prestige just check the built-in user database on the Prestige for a wireless station's username and password.
Select RADIUS Only to have the Prestige just check the user database on the specified RADIUS server for a wireless station's username and password.
Select Local first, then RADIUS to have the Prestige first check the user database on the Prestige for a wireless station's username and password. If the user name is not found, the Prestige then checks the user database on the specified RADIUS server.
Select RADIUS first, then Local to have the Prestige first check the user database on the specified RADIUS server for a wireless station's username and password. If the Prestige cannot reach the RADIUS server, the Prestige then checks the local user database on the Prestige. When the user name is not found or password does not match in the RADIUS server, the Prestige will not check the local user database and the authentication fails.
Note: Once you enable user authentication, you need to specify an external RADIUS
server or create local user accounts on the Prestige for authentication.

7.6.2 Authentication Required: WPA

Select Authentication Required in the Wireless Port Control field and WPA in the Key Management Protocol field to display the next screen.
Chapter 7 Wireless LAN (Prestige 660HW) 94
Prestige 660H/HW Series User’s Guide
Figure 32 Wireless LAN: 802.1x/WPA: WPAl
The following table describes the labels not previously discussed
Table 20 Wireless LAN: 802.1x/WPA: WPAl
LABEL DESCRIPTION
Key Management Protocol
WPA Mixed Mode The Prestige can operate in WPA Mixed Mode, which supports both clients
Group Data Privacy Group Data Privacy allows you to choose TKIP (recommended) or WEP for
WPA Group Key Update Timer
Authentication Databases
Choose WPA in this field.
running WPA and clients running dynamic WEP key exchange with 802.1x in the same Wi-Fi network.
Select the check box to activate WPA mixed mode. Otherwise, clear the check box and configure the Group Data Privacy field.
broadcast and multicast ("group") traffic if the Key Management Protocol is WPA and WPA Mixed Mode is disabled. WEP is used automatically if you have enabled WPA Mixed Mode.
All unicast traffic is automatically encrypted by TKIP when WPA or WPA-PSK Key Management Protocol is selected.
The WPA Group Key Update Timer is the rate at which the AP (if using WPA- PSK key management) or RADIUS server (if using WPA key management) sends a new group key out to all clients. The re-keying process is the WPA equivalent of automatically changing the WEP key for an AP and all stations in a WLAN on a periodic basis. Setting of the WPA Group Key Update Timer is also supported in WPA-PSK mode. The Prestige default is 1800 seconds (30 minutes).
When you configure Key Management Protocol to WPA, the Authentication
Databases must be RADIUS Only. You can only use the Local User Database Only with 802.1x Key Management Protocol.
95 Chapter 7 Wireless LAN (Prestige 660HW)

7.6.3 Authentication Required: WPA-PSK

Select Authentication Required in the Wireless Port Control field and WPA-PSK in the Key Management Protocol field to display the next screen.
Figure 33 Wireless LAN: 802.1x/WPA:WPA-PSKl
Prestige 660H/HW Series User’s Guide
The following table describes the labels not previously discussed.
Table 21 Wireless LAN: 802.1x/WPA: WPAl-PSK
LABEL DESCRIPTION
Key Management Protocol
Pre-Shared Key The encryption mechanisms used for WPA and WPA-PSK are the same. The
WPA Mixed Mode The Prestige can operate in WPA Mixed Mode, which supports both clients
Group Data Privacy Group Data Privacy allows you to choose TKIP (recommended) or WEP for
Authentication Databases
Choose WPA-PSK in this field.
only difference between the two is that WPA-PSK uses a simple common password, instead of user-specific credentials.
Type a pre-shared key from 8 to 63 printable characters (including spaces; alphabetic characters are case-sensitive).
running WPA and clients running dynamic WEP key exchange with 802.1x in the same Wi-Fi network.
Select the check box to activate WPA mixed mode. Otherwise, clear the check box and configure the Group Data Privacy field.
broadcast and multicast ("group") traffic if the Key Management Protocol is WPA and WPA Mixed Mode is disabled. WEP is used automatically if you have enabled WPA Mixed Mode.
All unicast traffic is automatically encrypted by TKIP when WPA or WPA-PSK Key Management Protocol is selected.
This field is only visible when WPA Mixed Mode is enabled.
Chapter 7 Wireless LAN (Prestige 660HW) 96
Prestige 660H/HW Series User’s Guide

7.7 Configuring Local User Authentication

By storing user profiles locally, your Prestige is able to authenticate wireless users without interacting with a network RADIUS server. However, there is a limit on the number of users you may authenticate in this way.
To change your Prestige’s local user database, click Wireless LAN, Local User Database. The screen appears as shown.
Figure 34 Local User Database
The following table describes the fields in this screen.
Table 22 Local User Database
LABEL DESCRIPTION
# This is the index number of a local user account.
Active Select this check box to enable the user profile.
User Name Enter a user name of up to 31 alphanumeric characters (case-sensitive), hyphens ('-')
and underscores ('_') if you’re using MD5 encryption and maximum 14 if you’re using PEAP.
97 Chapter 7 Wireless LAN (Prestige 660HW)
Table 22 Local User Database (continued)
LABEL DESCRIPTION
Password Enter a password of up to 31 printable characters (including spaces; alphabetic
characters are case-sensitive) if you’re using MD5 encryption and maximum 14 if you’re using PEAP.
Back Click Back to go to the main wireless LAN setup screen.
Apply Click Apply to save these settings back to the Prestige.
Cancel Click Cancel to begin configuring this screen again.

7.8 Configuring RADIUS

To set up your Prestige’s RADIUS server settings, click WIRELESS LAN, RADIUS. The screen appears as shown.
Figure 35 RADIUS
Prestige 660H/HW Series User’s Guide
The following table describes the fields in this screen.
Table 23 RADIUS
LABEL DESCRIPTION
Authentication Server
Active Select Yes from the drop-down list box to enable user authentication
Server IP Address Enter the IP address of the external authentication server in dotted decimal
Port Number The default port of the RADIUS server for authentication is 1812.
Chapter 7 Wireless LAN (Prestige 660HW) 98
through an external authentication server.
notation.
You need not change this value unless your network administrator instructs you to do so with additional information.
Prestige 660H/HW Series User’s Guide
Table 23 RADIUS (continued)
LABEL DESCRIPTION
Shared Secret Enter a password (up to 31 alphanumeric characters) as the key to be
shared between the external authentication server and the access points. The key is not sent over the network. This key must be the same on the
external authentication server and Prestige.
Accounting Server
Active Select Yes from the drop-down list box to enable user authentication
Server IP Address Enter the IP address of the external accounting server in dotted decimal
Port Number The default port of the RADIUS server for accounting is 1813.
Shared Secret Enter a password (up to 31 alphanumeric characters) as the key to be
Back Click Back to go to the main wireless LAN setup screen.
Apply Click Apply to save these settings back to the Prestige.
Cancel Click Cancel to begin configuring this screen again.
through an external accounting server.
notation.
You need not change this value unless your network administrator instructs you to do so with additional information.
shared between the external accounting server and the access points. The key is not sent over the network. This key must be the same on the
external accounting server and the Prestige.

7.9 Introduction to OTIST

In a wireless network, the wireless clients must have the same SSID and security settings as the access point (AP) or wireless router (we will refer to both as “AP” here) in order to associate with it. Traditionally this meant that you had to configure the settings on the AP and then manually configure the exact same settings on each wireless client.
OTIST (One-Touch Intelligent Security Technology) allows you to transfer your AP’s SSID and WEP or WPA-PSK security settings to wireless clients that support OTIST and are within transmission range. You can also choose to have OTIST generate a WPA-PSK key for you if you didn’t configure one manually.
Note: OTIST replaces the pre-configured wireless settings on the wireless clients.

7.9.1 Enabling OTIST

You must enable OTIST on both the AP and wireless client before you start transferring settings.
Note: The AP and wireless client(s) MUST use the same Setup key.
7.9.1.1 AP
You can enable OTIST using the Reset button or the web configurator.
99 Chapter 7 Wireless LAN (Prestige 660HW)
Loading...