ZyXEL Communications P660HWTX 802.11g Wireless ADSL2+4 port Gateway User Manual 1
ZyXEL Communications Corporation 802.11g Wireless ADSL2+4 port Gateway Users Manual 1
Contents
- 1. Users Manual 1
- 2. Users Manual 2
- 3. Users Manual 3
- 4. Users Manual 4
Users Manual 1
| Download: |  |
| Mirror Download [FCC.gov] | |
| Document ID | 566050 |
| Application ID | Lkc/AdRABOSu4yjSuS6btg== |
| Document Description | Users Manual 1 |
| Short Term Confidential | No |
| Permanent Confidential | No |
| Supercede | No |
| Document Type | User Manual |
| Display Format | Adobe Acrobat PDF - pdf |
| Filesize | 137.39kB (1717419 bits) |
| Date Submitted | 2005-07-27 00:00:00 |
| Date Available | 2005-07-26 00:00:00 |
| Creation Date | 2005-07-27 13:34:15 |
| Producing Software | Acrobat Distiller 5.0.5 (Windows) |
| Document Lastmod | 2005-07-27 07:33:02 |
| Document Title | P-660H/HW/W T Series User's Guide V3.40 (July 2005) |
| Document Creator | FrameMaker 7.1 |
| Document Author: | Cindy Yang |
P-660H/HW/W-T Series
ADSL 2+ Gateway
User’s Guide
Version 3.40
7/2005
P-660H/HW/W-T Series User’ Guide
Copyright
Copyright © 2005 by ZyXEL Communications Corporation.
The contents of this publication may not be reproduced in any part or as a whole, transcribed,
stored in a retrieval system, translated into any language, or transmitted in any form or by any
means, electronic, mechanical, magnetic, optical, chemical, photocopying, manual, or
otherwise, without the prior written permission of ZyXEL Communications Corporation.
Published by ZyXEL Communications Corporation. All rights reserved.
Disclaimer
ZyXEL does not assume any liability arising out of the application or use of any products, or
software described herein. Neither does it convey any license under its patent rights nor the
patent rights of others. ZyXEL further reserves the right to make changes in any products
described herein without notice. This publication is subject to change without notice.
Trademarks
ZyNOS (ZyXEL Network Operating System) is a registered trademark of ZyXEL
Communications, Inc. Other trademarks mentioned in this publication are used for
identification purposes only and may be properties of their respective owners.
Copyright
P-660H/HW/W-T Series User’ Guide
Federal Communications
Commission (FCC) Interference
Statement
This device complies with Part 15 of FCC rules. Operation is subject to the following two
conditions:
• This device may not cause harmful interference.
• This device must accept any interference received, including interference that may cause
undesired operations.
This equipment has been tested and found to comply with the limits for a Class B digital
device pursuant to Part 15 of the FCC Rules. These limits are designed to provide reasonable
protection against harmful interference in a residential installation. This equipment generates,
uses, and can radiate radio frequency energy, and if not installed and used in accordance with
the instructions, may cause harmful interference to radio communications. However, there is
no guarantee that interference will not occur in a particular installation
If this equipment does cause harmful interference to radio/television reception, which can be
determined by turning the equipment off and on, the user is encouraged to try to correct the
interference by one or more of the following measures:
• Reorient or relocate the receiving antenna.
• Increase the separation between the equipment and the receiver.
• Connect the equipment into an outlet on a circuit different from that to which the receiver
is connected.
• Consult the dealer or an experienced radio/TV technician for help.
This Class B digital apparatus complies with Canadian ICES-003.
Cet appareil numérique de la classe B est conforme à la norme NMB-003 du Canada.
FCC Caution
Any changes or modifications not expressly approved by the party responsible for compliance
could void the user's authority to operate this equipment.
IMPORTANT NOTE: FCC Radiation Exposure Statement
This equipment complies with FCC radiation exposure limits set forth for an uncontrolled
environment. This equipment should be installed and operated with minimum distance 20cm
between the radiator & your body.
Federal Communications Commission (FCC) Interference Statement
P-660H/HW/W-T Series User’ Guide
This transmitter must not be co-located or operating in conjunction with any other antenna or
transmitter.
ZyXEL Communications Corporation declared that Prestige 660HW-T1 is limited in CH1~11
from 2400 to 2483.5 MHz by specified firmware controlled in USA.
Certifications
Go to www.zyxel.com
1 Select your product from the drop-down list box on the ZyXEL
home page to go to that product's page.
2 Select the certification you wish to view from this page.
Federal Communications Commission (FCC) Interference Statement
P-660H/HW/W-T Series User’ Guide
Safety Warnings
For your safety, be sure to read and follow all warning notices and instructions.
• To reduce the risk of fire, use only No. 26 AWG (American Wire Gauge) or larger
telecommunication line cord.
• Do NOT open the device or unit. Opening or removing covers can expose you to
dangerous high voltage points or other risks. ONLY qualified service personnel can
service the device. Please contact your vendor for further information.
• Use ONLY the dedicated power supply for your device. Connect the power cord or
power adaptor to the right supply voltage (110V AC in North America or 230V AC in
Europe).
• Do NOT use the device if the power supply is damaged as it might cause electrocution.
• If the power supply is damaged, remove it from the power outlet.
• Do NOT attempt to repair the power supply. Contact your local vendor to order a new
power supply.
• Place connecting cables carefully so that no one will step on them or stumble over them.
Do NOT allow anything to rest on the power cord and do NOT locate the product where
anyone can walk on the power cord.
• If you wall mount your device, make sure that no electrical, gas or water pipes will be
damaged.
• Do NOT install nor use your device during a thunderstorm. There may be a remote risk of
electric shock from lightning.
• Do NOT expose your device to dampness, dust or corrosive liquids.
• Do NOT use this product near water, for example, in a wet basement or near a swimming
pool.
• Make sure to connect the cables to the correct ports.
• Do NOT obstruct the device ventilation slots, as insufficient airflow may harm your
device.
• Do NOT store things on the device.
• Connect ONLY suitable accessories to the device.
Safety Warnings
P-660H/HW/W-T Series User’ Guide
ZyXEL Limited Warranty
ZyXEL warrants to the original end user (purchaser) that this product is free from any defects
in materials or workmanship for a period of up to two years from the date of purchase. During
the warranty period, and upon proof of purchase, should the product have indications of failure
due to faulty workmanship and/or materials, ZyXEL will, at its discretion, repair or replace the
defective products or components without charge for either parts or labor, and to whatever
extent it shall deem necessary to restore the product or components to proper operating
condition. Any replacement will consist of a new or re-manufactured functionally equivalent
product of equal value, and will be solely at the discretion of ZyXEL. This warranty shall not
apply if the product is modified, misused, tampered with, damaged by an act of God, or
subjected to abnormal working conditions.
Note
Repair or replacement, as provided under this warranty, is the exclusive remedy of the
purchaser. This warranty is in lieu of all other warranties, express or implied, including any
implied warranty of merchantability or fitness for a particular use or purpose. ZyXEL shall in
no event be held liable for indirect or consequential damages of any kind of character to the
purchaser.
To obtain the services of this warranty, contact ZyXEL's Service Center for your Return
Material Authorization number (RMA). Products must be returned Postage Prepaid. It is
recommended that the unit be insured when shipped. Any returned products without proof of
purchase or those with an out-dated warranty will be repaired or replaced (at the discretion of
ZyXEL) and the customer will be billed for parts and labor. All repaired or replaced products
will be shipped by ZyXEL to the corresponding return address, Postage Paid. This warranty
gives you specific legal rights, and you may also have other rights that vary from country to
country.
ZyXEL Limited Warranty
P-660H/HW/W-T Series User’ Guide
Customer Support
Please have the following information ready when you contact customer support.
•
•
•
•
Product model and serial number.
Warranty Information.
Date that you received your device.
Brief description of the problem and the steps you took to solve it.
METHOD SUPPORT E-MAIL
TELEPHONEA
WEB SITE
FAX
FTP SITE
REGULAR MAIL
LOCATION
CORPORATE
HEADQUARTERS
(WORLDWIDE)
CZECH REPUBLIC
SALES E-MAIL
support@zyxel.com.tw +886-3-578-3942
sales@zyxel.com.tw
+886-3-578-2439
info@cz.zyxel.com
+420 241 091 350
info@cz.zyxel.com
+420 241 091 359
support@zyxel.dk
+45 39 55 07 00
DENMARK
sales@zyxel.dk
+45 39 55 07 07
support@zyxel.fi
+358-9-4780-8411
FINLAND
sales@zyxel.fi
+358-9-4780 8448
info@zyxel.fr
+33 (0)4 72 52 97 97
NORTH AMERICA
NORWAY
SPAIN
SWEDEN
www.zyxel.cz
ZyXEL Communications
Czech s.r.o.
Modranská 621
143 01 Praha 4 - Modrany
Ceská Republika
www.zyxel.dk
ZyXEL Communications A/S
Columbusvej 5
2860 Soeborg
Denmark
www.zyxel.fi
ZyXEL Communications Oy
Malminkaari 10
00700 Helsinki
Finland
www.zyxel.fr
ZyXEL France
1 rue des Vergers
Bat. 1 / C
69760 Limonest
France
www.zyxel.de
ZyXEL Deutschland GmbH.
Adenauerstr. 20/A2 D-52146
Wuerselen
Germany
ZyXEL Communications Inc.
1130 N. Miller St.
Anaheim
CA 92806-2001
U.S.A.
+33 (0)4 72 52 19 20
FRANCE
GERMANY
www.zyxel.com
ZyXEL Communications Corp.
www.europe.zyxel.com 6 Innovation Road II
Science Park
ftp.zyxel.com
Hsinchu 300
Taiwan
ftp.europe.zyxel.com
support@zyxel.de
+49-2405-6909-0
sales@zyxel.de
+49-2405-6909-99
support@zyxel.com
+1-800-255-4101
+1-714-632-0882
www.us.zyxel.com
sales@zyxel.com
+1-714-632-0858
ftp.us.zyxel.com
support@zyxel.no
+47 22 80 61 80
www.zyxel.no
sales@zyxel.no
+47 22 80 61 81
ZyXEL Communications A/S
Nils Hansens vei 13
0667 Oslo
Norway
support@zyxel.es
+34 902 195 420
www.zyxel.es
sales@zyxel.es
+34 913 005 345
ZyXEL Communications
Alejandro Villegas 33
1º, 28043 Madrid
Spain
support@zyxel.se
+46 31 744 7700
www.zyxel.se
sales@zyxel.se
+46 31 744 7701
ZyXEL Communications A/S
Sjöporten 4, 41764 Göteborg
Sweden
Customer Support
P-660H/HW/W-T Series User’ Guide
TELEPHONEA
WEB SITE
SALES E-MAIL
FAX
FTP SITE
support@zyxel.co.uk
+44 (0) 1344 303044
08707 555779 (UK only)
www.zyxel.co.uk
sales@zyxel.co.uk
+44 (0) 1344 303034
ftp.zyxel.co.uk
METHOD SUPPORT E-MAIL
REGULAR MAIL
LOCATION
UNITED KINGDOM
ZyXEL Communications UK
Ltd.,11 The Courtyard,
Eastern Road, Bracknell,
Berkshire, RG12 2XB,
United Kingdom (UK)
a. “+” is the (prefix) number you enter to make an international telephone call.
Customer Support
P-660H/HW/W-T Series User’ Guide
Customer Support
P-660H/HW/W-T Series User’ Guide
Table of Contents
Copyright .................................................................................................................. 2
Federal Communications Commission (FCC) Interference Statement ............... 3
Safety Warnings ....................................................................................................... 5
ZyXEL Limited Warranty.......................................................................................... 6
Customer Support.................................................................................................... 7
Table of Contents ................................................................................................... 10
List of Figures ........................................................................................................ 24
List of Tables .......................................................................................................... 32
Preface .................................................................................................................... 38
Introduction to DSL................................................................................................ 40
Chapter 1
Getting To Know Your Prestige............................................................................. 42
1.1 Introducing the Prestige .....................................................................................42
1.2 Features .............................................................................................................42
1.2.1 Wireless Features (P-660HW/P-660W) ....................................................45
1.3 Applications for the Prestige ..............................................................................46
1.3.1 Protected Internet Access .........................................................................46
1.3.2 LAN to LAN Application ............................................................................46
1.4 Front Panel LEDs ...............................................................................................46
1.5 Hardware Connection ........................................................................................47
Chapter 2
Introducing the Web Configurator........................................................................ 48
2.1 Web Configurator Overview ...............................................................................48
2.1.1 Accessing the Web Configurator ..............................................................48
2.1.2 Resetting the Prestige ..............................................................................49
2.1.2.1 Using the Reset Button ...................................................................49
2.1.3 Navigating the Web Configurator ..............................................................50
2.2 Change Login Password ...................................................................................52
Table of Contents
10
P-660H/HW/W-T Series User’ Guide
Chapter 3
Wizard Setup for Internet Access ......................................................................... 54
3.1 Introduction ........................................................................................................54
3.1.1 Internet Access Wizard Setup ..................................................................54
Chapter 4
LAN Setup............................................................................................................... 62
4.1 LAN Overview ...................................................................................................62
4.1.1 LANs, WANs and the Prestige ..................................................................62
4.1.2 DHCP Setup .............................................................................................63
4.1.2.1 IP Pool Setup ..................................................................................63
4.1.3 DNS Server Address ................................................................................63
4.1.4 DNS Server Address Assignment .............................................................63
4.2 LAN TCP/IP ........................................................................................................64
4.2.1 IP Address and Subnet Mask ...................................................................64
4.2.1.1 Private IP Addresses .......................................................................65
4.2.2 RIP Setup .................................................................................................65
4.2.3 Multicast ....................................................................................................66
4.2.4 Any IP .......................................................................................................66
4.2.4.1 How Any IP Works ..........................................................................67
4.3 Configuring LAN ................................................................................................68
Chapter 5
Wireless LAN .......................................................................................................... 70
5.1 Wireless LAN Introduction .................................................................................70
5.2 Wireless Security Overview ...............................................................................70
5.2.1 Encryption .................................................................................................70
5.2.2 Authentication ...........................................................................................70
5.2.3 Restricted Access .....................................................................................71
5.2.4 Hide Prestige Identity ................................................................................71
5.3 The Main Wireless LAN Screen ........................................................................71
5.4 Configuring the Wireless Screen .......................................................................73
5.4.1 WEP Encryption ........................................................................................73
5.5 Configuring MAC Filters
5.6 Introduction to WPA
..................................................................................75
.........................................................................................77
5.6.1 WPA-PSK Application Example ................................................................77
5.6.2 WPA with RADIUS Application Example ..................................................78
5.6.3 Wireless Client WPA Supplicants ............................................................79
5.7 Configuring IEEE 802.1x and WPA ...................................................................79
5.7.1 No Access Allowed or Authentication .......................................................80
5.7.2 Authentication Required: 802.1x ...............................................................80
5.7.3 Authentication Required: WPA .................................................................82
5.7.4 Authentication Required: WPA-PSK .........................................................84
11
Table of Contents
P-660H/HW/W-T Series User’ Guide
5.8 Configuring Local User Authentication ..............................................................85
5.9 Configuring RADIUS .........................................................................................87
Chapter 6
WAN Setup.............................................................................................................. 90
6.1 WAN Overview ..................................................................................................90
6.1.1 Encapsulation ...........................................................................................90
6.1.1.1 ENET ENCAP .................................................................................90
6.1.1.2 PPP over Ethernet ..........................................................................90
6.1.1.3 PPPoA .............................................................................................90
6.1.1.4 RFC 1483 ........................................................................................91
6.1.2 Multiplexing ...............................................................................................91
6.1.2.1 VC-based Multiplexing ....................................................................91
6.1.2.2 LLC-based Multiplexing ...................................................................91
6.1.3 VPI and VCI ..............................................................................................91
6.1.4 IP Address Assignment ............................................................................91
6.1.4.1 IP Assignment with PPPoA or PPPoE Encapsulation .....................91
6.1.4.2 IP Assignment with RFC 1483 Encapsulation .................................92
6.1.4.3 IP Assignment with ENET ENCAP Encapsulation ..........................92
6.1.5 Nailed-Up Connection (PPP) ....................................................................92
6.1.6 NAT ...........................................................................................................92
6.2 Metric ................................................................................................................92
6.3 PPPoE Encapsulation ........................................................................................93
6.4 Traffic Shaping ...................................................................................................93
6.5 Zero Configuration Internet Access ....................................................................94
6.6 The Main WAN Screen ......................................................................................95
6.7 Configuring WAN Setup ....................................................................................95
6.8 Traffic Redirect ..................................................................................................98
6.9 Configuring WAN Backup ..................................................................................99
Chapter 7
Network Address Translation (NAT) Screens .................................................... 102
7.1 NAT Overview .................................................................................................102
7.1.1 NAT Definitions .......................................................................................102
7.1.2 What NAT Does ......................................................................................103
7.1.3 How NAT Works .....................................................................................103
7.1.4 NAT Application ......................................................................................104
7.1.5 NAT Mapping Types ...............................................................................105
7.2 SUA (Single User Account) Versus NAT ..........................................................106
7.3 SUA Server ......................................................................................................106
7.3.1 Default Server IP Address ......................................................................106
7.3.2 Port Forwarding: Services and Port Numbers ........................................106
7.3.3 Configuring Servers Behind SUA (Example) ..........................................107
Table of Contents
12
P-660H/HW/W-T Series User’ Guide
7.4 Selecting the NAT Mode .................................................................................107
7.5 Configuring SUA Server Set ...........................................................................108
7.6 Configuring Address Mapping Rules ...............................................................110
7.7 Editing an Address Mapping Rule ................................................................... 111
Chapter 8
Dynamic DNS Setup............................................................................................. 114
8.1 Dynamic DNS Overview .................................................................................114
8.1.1 DYNDNS Wildcard ..................................................................................114
8.2 Configuring Dynamic DNS ..............................................................................114
Chapter 9
Time and Date....................................................................................................... 116
9.1 Configuring Time and Date .............................................................................116
Chapter 10
Firewalls................................................................................................................ 118
10.1 Firewall Overview ..........................................................................................118
10.2 Types of Firewalls ..........................................................................................118
10.2.1 Packet Filtering Firewalls ......................................................................118
10.2.2 Application-level Firewalls ....................................................................119
10.2.3 Stateful Inspection Firewalls ................................................................119
10.3 Introduction to ZyXEL’s Firewall .....................................................................119
10.3.1 Denial of Service Attacks ......................................................................120
10.4 Denial of Service ............................................................................................120
10.4.1 Basics ...................................................................................................120
10.4.2 Types of DoS Attacks ...........................................................................121
10.4.2.1 ICMP Vulnerability ......................................................................123
10.4.2.2 Illegal Commands (NetBIOS and SMTP) ....................................123
10.4.2.3 Traceroute ...................................................................................124
10.5 Stateful Inspection ..........................................................................................124
10.5.1 Stateful Inspection Process ..................................................................125
10.5.2 Stateful Inspection and the Prestige .....................................................126
10.5.3 TCP Security .........................................................................................126
10.5.4 UDP/ICMP Security ..............................................................................127
10.5.5 Upper Layer Protocols ..........................................................................127
10.6 Guidelines for Enhancing Security with Your Firewall ....................................127
10.6.1 Security In General ...............................................................................128
10.7 Packet Filtering Vs Firewall ............................................................................129
10.7.1 Packet Filtering: ....................................................................................129
10.7.1.1 When To Use Filtering .................................................................129
10.7.2 Firewall .................................................................................................129
10.7.2.1 When To Use The Firewall ..........................................................129
13
Table of Contents
P-660H/HW/W-T Series User’ Guide
Chapter 11
Firewall Configuration ......................................................................................... 132
11.1 Access Methods .............................................................................................132
11.2 Firewall Policies Overview .............................................................................132
11.3 Rule Logic Overview .....................................................................................133
11.3.1 Rule Checklist .......................................................................................133
11.3.2 Security Ramifications ..........................................................................133
11.3.3 Key Fields For Configuring Rules .........................................................134
11.3.3.1 Action ...........................................................................................134
11.3.3.2 Service .........................................................................................134
11.3.3.3 Source Address ...........................................................................134
11.3.3.4 Destination Address ....................................................................134
11.4 Connection Direction ......................................................................................134
11.4.1 LAN to WAN Rules ................................................................................134
11.4.2 Alerts .....................................................................................................135
11.5 Configuring Default Firewall Policy
..............................................................135
11.6 Rule Summary ..............................................................................................136
11.6.1 Configuring Firewall Rules ..................................................................138
11.7 Customized Services .....................................................................................141
11.8 Configuring A Customized Service ...............................................................141
11.9 Example Firewall Rule ....................................................................................142
11.10 Predefined Services .....................................................................................146
11.11 Anti-Probing .................................................................................................148
11.12 DoS Thresholds ...........................................................................................149
11.12.1 Threshold Values ................................................................................150
11.12.2 Half-Open Sessions ............................................................................150
11.12.2.1 TCP Maximum Incomplete and Blocking Time ..........................150
11.12.3 Configuring Firewall Thresholds .........................................................151
Chapter 12
Content Filtering .................................................................................................. 154
12.1 Content Filtering Overview ............................................................................154
12.2 The Main Content Filter Screen .....................................................................154
12.3 Configuring Keyword Blocking
.....................................................................155
12.4 Configuring the Schedule .............................................................................156
12.5 Configuring Trusted Computers
...................................................................156
Chapter 13
Remote Management Configuration .................................................................. 158
13.1 Remote Management Overview ....................................................................158
13.1.1 Remote Management Limitations .........................................................158
13.1.2 Remote Management and NAT ............................................................159
13.1.3 System Timeout ...................................................................................159
Table of Contents
14
P-660H/HW/W-T Series User’ Guide
13.2 Telnet ..............................................................................................................159
13.3 FTP ................................................................................................................160
13.4 Web ................................................................................................................160
13.5 Configuring Remote Management ................................................................160
Chapter 14
Universal Plug-and-Play (UPnP) ......................................................................... 162
14.1 Introducing Universal Plug and Play .............................................................162
14.1.1 How do I know if I'm using UPnP? ........................................................162
14.1.2 NAT Traversal .......................................................................................162
14.1.3 Cautions with UPnP ..............................................................................163
14.2 UPnP and ZyXEL ...........................................................................................163
14.2.1 Configuring UPnP ................................................................................163
14.3 Installing UPnP in Windows Example ............................................................164
14.4 Using UPnP in Windows XP Example ...........................................................168
Chapter 15
Logs Screens........................................................................................................ 176
15.1 Logs Overview ..............................................................................................176
15.1.1 Alerts and Logs .....................................................................................176
15.2 Configuring Log Settings ...............................................................................176
15.3 Displaying the Logs .......................................................................................178
15.4 SMTP Error Messages ...................................................................................179
15.4.1 Example E-mail Log ..............................................................................180
Chapter 16
Media Bandwidth Management Advanced Setup.............................................. 182
16.1 Media Bandwidth Management Overview .....................................................182
16.2 Bandwidth Classes and Filters .......................................................................182
16.3 Proportional Bandwidth Allocation .................................................................183
16.4 Bandwidth Management Usage Examples ....................................................183
16.4.1 Application-based Bandwidth Management Example ..........................183
16.4.2 Subnet-based Bandwidth Management Example .................................183
16.4.3 Application and Subnet-based Bandwidth Management Example .......184
16.5 Scheduler .......................................................................................................185
16.5.1 Priority-based Scheduler ......................................................................185
16.5.2 Fairness-based Scheduler ....................................................................185
16.6 Maximize Bandwidth Usage ...........................................................................185
16.6.1 Reserving Bandwidth for Non-Bandwidth Class Traffic ........................185
16.6.2 Maximize Bandwidth Usage Example ..................................................186
16.7 Bandwidth Borrowing .....................................................................................187
16.7.1 Maximize Bandwidth Usage With Bandwidth Borrowing ......................187
16.8 The Main Media Bandwidth Management Screen ........................................188
15
Table of Contents
P-660H/HW/W-T Series User’ Guide
16.9 Configuring Summary ...................................................................................188
16.10 Configuring Class Setup
............................................................................190
16.10.1 Media Bandwidth Management Class Configuration ........................190
16.10.2 Media Bandwidth Management Statistics .........................................193
16.11 Bandwidth Monitor .....................................................................................194
Chapter 17
Maintenance ......................................................................................................... 196
17.1 Maintenance Overview ...................................................................................196
17.2 System Status Screen ...................................................................................196
17.2.1 System Statistics ...................................................................................198
17.3 DHCP Table Screen ......................................................................................200
17.4 Any IP Table Screen ......................................................................................201
17.5 Wireless Screen ............................................................................................201
17.5.1 Association List ....................................................................................201
17.6 Diagnostic Screens .......................................................................................202
17.6.1 General Diagnostic ..............................................................................202
17.6.2 DSL Line Diagnostic
...........................................................................203
17.7 Firmware Upgrade ........................................................................................205
Chapter 18
Introducing the SMT ............................................................................................ 208
18.1 SMT Introduction ............................................................................................208
18.1.1 Procedure for SMT Configuration via Telnet .........................................208
18.1.2 Entering Password ................................................................................208
18.1.3 Prestige SMT Menus Overview ............................................................209
18.2 Navigating the SMT Interface .........................................................................210
18.2.1 System Management Terminal Interface Summary ..............................211
18.3 Changing the System Password ....................................................................212
Chapter 19
Menu 1 General Setup ......................................................................................... 214
19.1 General Setup ................................................................................................214
19.2 Procedure To Configure Menu 1 ....................................................................214
19.2.1 Procedure to Configure Dynamic DNS .................................................215
Chapter 20
Menu 2 WAN Backup Setup ................................................................................ 218
20.1 Introduction to WAN Backup Setup ................................................................218
20.2 Configuring Dial Backup in Menu 2 ................................................................218
20.2.1 Traffic Redirect Setup ...........................................................................219
Table of Contents
16
P-660H/HW/W-T Series User’ Guide
Chapter 21
Menu 3 LAN Setup ............................................................................................... 222
21.1 LAN Setup ......................................................................................................222
21.1.1 General Ethernet Setup ........................................................................222
21.2 Protocol Dependent Ethernet Setup ..............................................................223
21.3 TCP/IP Ethernet Setup and DHCP ................................................................223
Chapter 22
Wireless LAN Setup ............................................................................................. 226
22.1 Wireless LAN Overview .................................................................................226
22.2 Wireless LAN Setup .......................................................................................226
22.2.1 Wireless LAN MAC Address Filter ........................................................227
Chapter 23
Internet Access .................................................................................................... 230
23.1 Internet Access Overview ..............................................................................230
23.2 IP Policies ......................................................................................................230
23.3 IP Alias ...........................................................................................................230
23.4 IP Alias Setup .................................................................................................231
23.5 Route IP Setup ...............................................................................................232
23.6 Internet Access Configuration ........................................................................233
Chapter 24
Remote Node Configuration ............................................................................... 236
24.1 Remote Node Setup Overview .......................................................................236
24.2 Remote Node Setup .......................................................................................236
24.2.1 Remote Node Profile ............................................................................236
24.2.2 Encapsulation and Multiplexing Scenarios ...........................................237
24.2.2.1 Scenario 1: One VC, Multiple Protocols ......................................237
24.2.2.2 Scenario 2: One VC, One Protocol (IP) ......................................237
24.2.2.3 Scenario 3: Multiple VCs .............................................................237
24.2.3 Outgoing Authentication Protocol .........................................................239
24.3 Remote Node Network Layer Options ...........................................................240
24.3.1 My WAN Addr Sample IP Addresses ...................................................241
24.4 Remote Node Filter ........................................................................................242
24.5 Editing ATM Layer Options ............................................................................243
24.5.1 VC-based Multiplexing (non-PPP Encapsulation) ................................243
24.5.2 LLC-based Multiplexing or PPP Encapsulation ....................................243
24.5.3 Advance Setup Options ........................................................................244
Chapter 25
Static Route Setup ............................................................................................... 246
25.1 IP Static Route Overview ...............................................................................246
17
Table of Contents
P-660H/HW/W-T Series User’ Guide
25.2 Configuration ..................................................................................................246
Chapter 26
Bridging Setup ..................................................................................................... 250
26.1 Bridging in General ........................................................................................250
26.2 Bridge Ethernet Setup ....................................................................................250
26.2.1 Remote Node Bridging Setup ...............................................................250
26.2.2 Bridge Static Route Setup .....................................................................252
Chapter 27
Network Address Translation (NAT) ................................................................... 254
27.1 Using NAT ......................................................................................................254
27.1.1 SUA (Single User Account) Versus NAT ..............................................254
27.2 Applying NAT .................................................................................................254
27.3 NAT Setup ......................................................................................................256
27.3.1 Address Mapping Sets ..........................................................................256
27.3.1.1 SUA Address Mapping Set .........................................................257
27.3.1.2 User-Defined Address Mapping Sets ..........................................258
27.3.1.3 Ordering Your Rules ....................................................................259
27.4 Configuring a Server behind NAT ..................................................................260
27.5 General NAT Examples ..................................................................................261
27.5.1 Example 1: Internet Access Only ..........................................................262
27.5.2 Example 2: Internet Access with an Inside Server ...............................262
27.5.3 Example 3: Multiple Public IP Addresses With Inside Servers .............263
27.5.4 Example 4: NAT Unfriendly Application Programs ...............................267
Chapter 28
Enabling the Firewall ........................................................................................... 270
28.1 Remote Management and the Firewall ..........................................................270
28.2 Access Methods .............................................................................................270
28.3 Enabling the Firewall ......................................................................................270
Chapter 29
Filter Configuration .............................................................................................. 272
29.1 About Filtering ................................................................................................272
29.1.1 The Filter Structure of the Prestige .......................................................273
29.2 Configuring a Filter Set for the Prestige .........................................................274
29.3 Filter Rules Summary Menus .........................................................................275
29.4 Configuring a Filter Rule ................................................................................276
29.4.1 TCP/IP Filter Rule .................................................................................277
29.4.2 Generic Filter Rule ................................................................................279
29.5 Filter Types and NAT .....................................................................................281
29.6 Example Filter ................................................................................................281
Table of Contents
18
P-660H/HW/W-T Series User’ Guide
29.7 Applying Filters and Factory Defaults ............................................................283
29.7.1 Ethernet Traffic .....................................................................................284
29.7.2 Remote Node Filters .............................................................................284
Chapter 30
SNMP Configuration ............................................................................................ 286
30.1 About SNMP ..................................................................................................286
30.2 Supported MIBs ............................................................................................287
30.3 SNMP Configuration ......................................................................................287
30.4 SNMP Traps ...................................................................................................288
Chapter 31
System Security ................................................................................................... 290
31.1 System Security .............................................................................................290
31.1.1 System Password .................................................................................290
31.1.2 Configuring External RADIUS Server ...................................................290
31.1.3 IEEE 802.1x ..........................................................................................292
31.2 Creating User Accounts on the Prestige ........................................................294
Chapter 32
System Information and Diagnosis .................................................................... 296
32.1 Overview ........................................................................................................296
32.2 System Status ................................................................................................296
32.3 System Information ........................................................................................298
32.3.1 System Information ...............................................................................298
32.3.2 Console Port Speed ..............................................................................299
32.4 Log and Trace ................................................................................................300
32.4.1 Viewing Error Log .................................................................................300
32.4.2 Syslog and Accounting .........................................................................301
32.5 Diagnostic ......................................................................................................303
Chapter 33
Firmware and Configuration File Maintenance ................................................. 306
33.1 Filename Conventions ...................................................................................306
33.2 Backup Configuration .....................................................................................307
33.2.1 Backup Configuration ...........................................................................307
33.2.2 Using the FTP Command from the Command Line ..............................308
33.2.3 Example of FTP Commands from the Command Line .........................308
33.2.4 GUI-based FTP Clients .........................................................................309
33.2.5 TFTP and FTP over WAN Management Limitations .............................309
33.2.6 Backup Configuration Using TFTP .......................................................310
33.2.7 TFTP Command Example ....................................................................310
33.2.8 GUI-based TFTP Clients ......................................................................310
19
Table of Contents
P-660H/HW/W-T Series User’ Guide
33.3 Restore Configuration ....................................................................................311
33.3.1 Restore Using FTP ...............................................................................311
33.3.2 Restore Using FTP Session Example ..................................................312
33.4 Uploading Firmware and Configuration Files .................................................313
33.4.1 Firmware File Upload ............................................................................313
33.4.2 Configuration File Upload .....................................................................313
33.4.3 FTP File Upload Command from the DOS Prompt Example ................314
33.4.4 FTP Session Example of Firmware File Upload ...................................315
33.4.5 TFTP File Upload ..................................................................................315
33.4.6 TFTP Upload Command Example ........................................................316
Chapter 34
System Maintenance............................................................................................ 318
34.1 Command Interpreter Mode ...........................................................................318
34.2 Call Control Support .......................................................................................319
34.2.1 Budget Management ............................................................................319
34.3 Time and Date Setting ....................................................................................320
34.3.1 Resetting the Time ................................................................................322
Chapter 35
Remote Management ........................................................................................... 324
35.1 Remote Management Overview .....................................................................324
35.2 Remote Management .....................................................................................324
35.2.1 Remote Management Setup .................................................................324
35.2.2 Remote Management Limitations .........................................................325
35.3 Remote Management and NAT ......................................................................326
35.4 System Timeout .............................................................................................326
Chapter 36
IP Policy Routing.................................................................................................. 328
36.1 IP Policy Routing Overview ............................................................................328
36.2 Benefits of IP Policy Routing ..........................................................................328
36.3 Routing Policy ................................................................................................328
36.4 IP Routing Policy Setup .................................................................................329
36.5 Applying an IP Policy .....................................................................................332
36.5.1 Ethernet IP Policies ..............................................................................332
36.6 IP Policy Routing Example .............................................................................333
Chapter 37
Call Scheduling .................................................................................................... 338
37.1 Introduction ....................................................................................................338
Table of Contents
20
P-660H/HW/W-T Series User’ Guide
Chapter 38
Troubleshooting ................................................................................................... 342
38.1 Problems Starting Up the Prestige .................................................................342
38.2 Problems with the LAN ...................................................................................342
38.3 Problems with the WAN .................................................................................343
38.4 Problems Accessing the Prestige ..................................................................344
38.4.1 Pop-up Windows, JavaScripts and Java Permissions ..........................344
38.4.1.1 Internet Explorer Pop-up Blockers ..............................................344
38.4.1.2 JavaScripts ..................................................................................347
38.4.1.3 Java Permissions ........................................................................349
38.4.2 ActiveX Controls in Internet Explorer ....................................................351
Appendix A
Product Specifications ....................................................................................... 354
Appendix B
Wall-mounting Instructions................................................................................. 358
Appendix C
Setting up Your Computer’s IP Address............................................................ 360
Windows 95/98/Me................................................................................................. 360
Windows 2000/NT/XP ............................................................................................ 363
Macintosh OS 8/9................................................................................................... 368
Macintosh OS X ..................................................................................................... 370
Linux....................................................................................................................... 371
Appendix D
IP Subnetting ........................................................................................................ 376
IP Addressing......................................................................................................... 376
IP Classes .............................................................................................................. 376
Subnet Masks ........................................................................................................ 377
Subnetting .............................................................................................................. 377
Example: Two Subnets .......................................................................................... 378
Example: Four Subnets.......................................................................................... 380
Example Eight Subnets .......................................................................................... 381
Subnetting With Class A and Class B Networks. ................................................... 382
Appendix E
Boot Commands .................................................................................................. 384
Appendix F
Command Interpreter........................................................................................... 386
21
Table of Contents
P-660H/HW/W-T Series User’ Guide
Command Syntax................................................................................................... 386
Command Usage ................................................................................................... 386
Appendix G
Firewall Commands ............................................................................................. 388
Appendix H
NetBIOS Filter Commands .................................................................................. 394
Introduction ............................................................................................................ 394
Display NetBIOS Filter Settings ............................................................................. 394
NetBIOS Filter Configuration.................................................................................. 395
Appendix I
Splitters and Microfilters ..................................................................................... 398
Connecting a POTS Splitter ................................................................................... 398
Telephone Microfilters ............................................................................................ 398
Prestige With ISDN ................................................................................................ 399
Appendix J
PPPoE ................................................................................................................... 402
PPPoE in Action..................................................................................................... 402
Benefits of PPPoE.................................................................................................. 402
Traditional Dial-up Scenario ................................................................................... 402
How PPPoE Works ................................................................................................ 403
Prestige as a PPPoE Client ................................................................................... 403
Appendix K
Log Descriptions.................................................................................................. 404
Log Commands...................................................................................................... 418
Log Command Example......................................................................................... 419
Appendix L
Wireless LANs ...................................................................................................... 420
Wireless LAN Topologies ....................................................................................... 420
Channel.................................................................................................................. 422
RTS/CTS ................................................................................................................ 422
Fragmentation Threshold ....................................................................................... 423
Preamble Type ....................................................................................................... 424
IEEE 802.1x ........................................................................................................... 425
RADIUS.................................................................................................................. 425
Types of Authentication.......................................................................................... 426
WPA ....................................................................................................................... 428
Table of Contents
22
P-660H/HW/W-T Series User’ Guide
Security Parameters Summary .............................................................................. 429
Appendix M
Internal SPTGEN .................................................................................................. 430
Internal SPTGEN Overview ................................................................................... 430
The Configuration Text File Format........................................................................ 430
Internal SPTGEN FTP Download Example............................................................ 431
Internal SPTGEN FTP Upload Example ................................................................ 432
Command Examples.............................................................................................. 453
Index...................................................................................................................... 456
23
Table of Contents
P-660H/HW/W-T Series User’ Guide
List of Figures
Figure 1 Protected Internet Access Applications ................................................................ 46
Figure 2 LAN-to-LAN Application Example ......................................................................... 46
Figure 3 Password Screen .................................................................................................. 49
Figure 4 Change Password at Login ................................................................................... 49
Figure 5 Web Configurator: Site Map Screen ................................................................... 50
Figure 6 Password .............................................................................................................. 52
Figure 7 Internet Access Wizard Setup: ISP Parameters ................................................... 54
Figure 8 Internet Connection with PPPoE ........................................................................... 55
Figure 9 Internet Connection with RFC 1483 ..................................................................... 56
Figure 10 Internet Connection with ENET ENCAP ............................................................. 57
Figure 11 Internet Connection with PPPoA ......................................................................... 58
Figure 12 Internet Access Wizard Setup: Third Screen ...................................................... 59
Figure 13 Internet Access Wizard Setup: LAN Configuration ............................................ 59
Figure 14 Internet Access Wizard Setup: Connection Tests ............................................... 60
Figure 15 LAN and WAN IP Addresses .............................................................................. 62
Figure 16 Any IP Example .................................................................................................. 67
Figure 17 LAN Setup ........................................................................................................... 68
Figure 18 Wireless LAN ...................................................................................................... 72
Figure 19 Wireless Security Methods ................................................................................. 73
Figure 20 Wireless Screen .................................................................................................. 74
Figure 21 MAC Filter ........................................................................................................... 76
Figure 22 WPA - PSK Authentication .................................................................................. 78
Figure 23 WPA with RADIUS Application Example2 .......................................................... 79
Figure 24 Wireless LAN: 802.1x/WPA: No Access Allowed ................................................ 80
Figure 25 Wireless LAN: 802.1x/WPA: No Authentication .................................................. 80
Figure 26 Wireless LAN: 802.1x/WPA: 802.1xl ................................................................... 81
Figure 27 Wireless LAN: 802.1x/WPA: WPA ....................................................................... 83
Figure 28 Wireless LAN: 802.1x/WPA:WPA-PSK ............................................................... 84
Figure 29 Local User Database .......................................................................................... 86
Figure 30 RADIUS .............................................................................................................. 87
Figure 31 Example of Traffic Shaping ................................................................................. 94
Figure 32 WAN ................................................................................................................... 95
Figure 33 WAN Setup (PPPoE) .......................................................................................... 96
Figure 34 Traffic Redirect Example ..................................................................................... 99
Figure 35 Traffic Redirect LAN Setup ................................................................................. 99
Figure 36 WAN Backup ....................................................................................................... 100
Figure 37 How NAT Works .................................................................................................. 104
Figure 38 NAT Application With IP Alias ............................................................................. 104
List of Figures
24
P-660H/HW/W-T Series User’ Guide
Figure 39 Multiple Servers Behind NAT Example ............................................................... 107
Figure 40 NAT Mode ........................................................................................................... 108
Figure 41 Edit SUA/NAT Server Set ................................................................................... 109
Figure 42 Address Mapping Rules ...................................................................................... 110
Figure 43 Edit Address Mapping Rule
.............................................................................. 112
Figure 44 Dynamic DNS ..................................................................................................... 115
Figure 45 Time and Date ..................................................................................................... 116
Figure 46 Prestige Firewall Application ............................................................................... 120
Figure 47 Three-Way Handshake ....................................................................................... 122
Figure 48 SYN Flood ........................................................................................................... 122
Figure 49 Smurf Attack ....................................................................................................... 123
Figure 50 Stateful Inspection ............................................................................................... 125
Figure 51 Firewall: Default Policy ........................................................................................ 135
Figure 52 Firewall: Rule Summary ..................................................................................... 137
Figure 53 Firewall: Edit Rule ............................................................................................... 139
Figure 54 Firewall: Customized Services ............................................................................ 141
Figure 55 Firewall: Configure Customized Services ........................................................... 142
Figure 56 Firewall Example: Rule Summary ....................................................................... 143
Figure 57 Firewall Example: Edit Rule: Destination Address ............................................. 144
Figure 58 Edit Custom Port Example .................................................................................. 144
Figure 59 Firewall Example: Edit Rule: Select Customized Services ................................. 145
Figure 60 Firewall Example: Rule Summary: My Service .................................................. 146
Figure 61 Firewall: Anti Probing .......................................................................................... 149
Figure 62 Firewall: Threshold .............................................................................................. 151
Figure 63 Content Filtering ................................................................................................. 154
Figure 64 Content Filter: Keyword ...................................................................................... 155
Figure 65 Content Filter: Schedule ..................................................................................... 156
Figure 66 Content Filter: Trusted ........................................................................................ 157
Figure 67 Telnet Configuration on a TCP/IP Network ......................................................... 159
Figure 68 Remote Management ......................................................................................... 160
Figure 69 Configuring UPnP ............................................................................................... 163
Figure 70 Add/Remove Programs: Windows Setup: Communication ................................. 165
Figure 71 Add/Remove Programs: Windows Setup: Communication: Components .......... 165
Figure 72 Network Connections .......................................................................................... 166
Figure 73 Windows Optional Networking Components Wizard .......................................... 167
Figure 74 Networking Services ........................................................................................... 168
Figure 75 Network Connections .......................................................................................... 169
Figure 76 Internet Connection Properties .......................................................................... 170
Figure 77 Internet Connection Properties: Advanced Settings ........................................... 171
Figure 78 Internet Connection Properties: Advanced Settings: Add ................................... 171
Figure 79 System Tray Icon ................................................................................................ 172
Figure 80 Internet Connection Status .................................................................................. 172
Figure 81 Network Connections .......................................................................................... 173
25
List of Figures
P-660H/HW/W-T Series User’ Guide
Figure 82 Network Connections: My Network Places ......................................................... 174
Figure 83 Network Connections: My Network Places: Properties: Example ....................... 174
Figure 84 Log Settings ........................................................................................................ 177
Figure 85 View Logs ........................................................................................................... 179
Figure 86 E-mail Log Example ............................................................................................ 180
Figure 87 Application-based Bandwidth Management Example ......................................... 183
Figure 88 Subnet-based Bandwidth Management Example ............................................... 184
Figure 89 Application and Subnet-based Bandwidth Management Example ..................... 184
Figure 90 Bandwidth Allotment Example ............................................................................ 186
Figure 91 Maximize Bandwidth Usage Example ................................................................. 187
Figure 92 Media Bandwidth Mgnt. ..................................................................................... 188
Figure 93 Media Bandwidth Management: Summary ......................................................... 189
Figure 94 Media Bandwidth Management: Class Setup ..................................................... 190
Figure 95 Media Bandwidth Management: Class Configuration ......................................... 191
Figure 96 Media Bandwidth Management Statistics .......................................................... 193
Figure 97 Media Bandwidth Management: Monitor ........................................................... 194
Figure 98 System Status ..................................................................................................... 197
Figure 99 System Status: Show Statistics ........................................................................... 199
Figure 100 DHCP Table ...................................................................................................... 200
Figure 101 Any IP Table ...................................................................................................... 201
Figure 102 Association List ................................................................................................. 202
Figure 103 Diagnostic: General .......................................................................................... 203
Figure 104 Diagnostic: DSL Line ........................................................................................ 204
Figure 105 Firmware Upgrade ............................................................................................ 205
Figure 106 Network Temporarily Disconnected .................................................................. 206
Figure 107 Error Message .................................................................................................. 206
Figure 108 Login Screen ..................................................................................................... 209
Figure 109 Menu 23.1 Change Password ........................................................................... 212
Figure 110 Menu 1 General Setup ...................................................................................... 215
Figure 111 Menu 1.1 Configure Dynamic DNS .................................................................. 216
Figure 112 Menu 2 WAN Backup Setup .............................................................................. 218
Figure 113 Menu 2.1Traffic Redirect Setup ......................................................................... 219
Figure 114 Menu 3 LAN Setup ............................................................................................ 222
Figure 115 Menu 3.1 LAN Port Filter Setup ........................................................................ 222
Figure 116 Menu 3.2 TCP/IP and DHCP Ethernet Setup ................................................... 223
Figure 117 Menu 3.5 - Wireless LAN Setup ....................................................................... 226
Figure 118 Menu 3.5.1 WLAN MAC Address Filtering ........................................................ 228
Figure 119 IP Alias Network Example ................................................................................. 231
Figure 120 Menu 3.2 TCP/IP and DHCP Setup ................................................................. 231
Figure 121 Menu 3.2.1 IP Alias Setup ................................................................................ 232
Figure 122 Menu 1 General Setup ...................................................................................... 233
Figure 123 Menu 4 Internet Access Setup .......................................................................... 233
Figure 124 Menu 11 Remote Node Setup ........................................................................... 237
List of Figures
26
P-660H/HW/W-T Series User’ Guide
Figure 125 Menu 11.1 Remote Node Profile ...................................................................... 238
Figure 126 Menu 11.3 Remote Node Network Layer Options ............................................ 240
Figure 127 Sample IP Addresses for a TCP/IP LAN-to-LAN Connection ........................... 242
Figure 128 Menu 11.5 Remote Node Filter (RFC 1483 or ENET Encapsulation) ............... 242
Figure 129 Menu 11.5 Remote Node Filter (PPPoA or PPPoE Encapsulation) ................. 243
Figure 130 Menu 11.6 for VC-based Multiplexing ............................................................... 243
Figure 131 Menu 11.6 for LLC-based Multiplexing or PPP Encapsulation .......................... 244
Figure 132 Menu 11.1 Remote Node Profile ....................................................................... 244
Figure 133 Menu 11.8 Advance Setup Options .................................................................. 245
Figure 134 Sample Static Routing Topology ....................................................................... 246
Figure 135 Menu 12 Static Route Setup ............................................................................. 247
Figure 136 Menu 12.1 IP Static Route Setup ...................................................................... 247
Figure 137 Menu12.1.1 Edit IP Static Route ....................................................................... 247
Figure 138 Menu 11.1 Remote Node Profile ....................................................................... 251
Figure 139 Menu 11.3 Remote Node Network Layer Options ............................................ 251
Figure 140 Menu 12.3.1 Edit Bridge Static Route ............................................................... 252
Figure 141 Menu 4 Applying NAT for Internet Access ........................................................ 255
Figure 142 Applying NAT in Menus 4 & 11.3 ....................................................................... 255
Figure 143 Menu 15 NAT Setup ........................................................................................ 256
Figure 144 Menu 15.1 Address Mapping Sets .................................................................... 257
Figure 145 Menu 15.1.255 SUA Address Mapping Rules .................................................. 257
Figure 146 Menu 15.1.1 First Set ........................................................................................ 258
Figure 147 Menu 15.1.1.1 Editing/Configuring an Individual Rule in a Set ........................ 259
Figure 148 Menu 15.2 NAT Server Setup ........................................................................... 260
Figure 149 Menu 15.2.1 NAT Server Setup ........................................................................ 261
Figure 150 Multiple Servers Behind NAT Example ............................................................. 261
Figure 151 NAT Example 1 ................................................................................................. 262
Figure 152 Menu 4 Internet Access & NAT Example .......................................................... 262
Figure 153 NAT Example 2 ................................................................................................. 263
Figure 154 Menu 15.2.1 Specifying an Inside Server ......................................................... 263
Figure 155 NAT Example 3 ................................................................................................. 264
Figure 156 Example 3: Menu 11.3 ...................................................................................... 265
Figure 157 Example 3: Menu 15.1.1.1 ................................................................................ 265
Figure 158 Example 3: Final Menu 15.1.1 .......................................................................... 266
Figure 159 Example 3: Menu 15.2.1 ................................................................................... 266
Figure 160 NAT Example 4 ................................................................................................. 267
Figure 161 Example 4: Menu 15.1.1.1 Address Mapping Rule ........................................... 267
Figure 162 Example 4: Menu 15.1.1 Address Mapping Rules ............................................ 268
Figure 163 Menu 21.2 Firewall Setup ................................................................................. 271
Figure 164 Outgoing Packet Filtering Process .................................................................... 272
Figure 165 Filter Rule Process ............................................................................................ 273
Figure 166 Menu 21 Filter Set Configuration ...................................................................... 274
Figure 167 NetBIOS_WAN Filter Rules Summary ............................................................. 274
27
List of Figures
P-660H/HW/W-T Series User’ Guide
Figure 168 NetBIOS_LAN Filter Rules Summary .............................................................. 275
Figure 169 IGMP Filter Rules Summary ............................................................................ 275
Figure 170 Menu 21.1.x.1 TCP/IP Filter Rule ..................................................................... 277
Figure 171 Executing an IP Filter ........................................................................................ 279
Figure 172 Menu 21.1.5.1 Generic Filter Rule ................................................................... 280
Figure 173 Protocol and Device Filter Sets ......................................................................... 281
Figure 174 Sample Telnet Filter .......................................................................................... 282
Figure 175 Menu 21.1.6.1 Sample Filter ............................................................................ 282
Figure 176 Menu 21.1.6.1 Sample Filter Rules Summary .................................................. 283
Figure 177 Filtering Ethernet Traffic .................................................................................... 284
Figure 178 Filtering Remote Node Traffic ........................................................................... 284
Figure 179 SNMP Management Model ............................................................................... 286
Figure 180 Menu 22 SNMP Configuration .......................................................................... 288
Figure 181 Menu 23 – System Security .............................................................................. 290
Figure 182 Menu 23.2 System Security: RADIUS Server ................................................... 291
Figure 183 Menu 23 System Security ................................................................................. 292
Figure 184 Menu 23.4 System Security: IEEE 802.1x ........................................................ 292
Figure 185 Menu 14 Dial-in User Setup .............................................................................. 295
Figure 186 Menu 14.1 Edit Dial-in User .............................................................................. 295
Figure 187 Menu 24 System Maintenance ......................................................................... 296
Figure 188 Menu 24.1 System Maintenance : Status ......................................................... 297
Figure 189 Menu 24.2 System Information and Console Port Speed ................................. 298
Figure 190 Menu 24.2.1 System Maintenance: Information ............................................... 299
Figure 191 Menu 24.2.2 System Maintenance : Change Console Port Speed ................... 300
Figure 192 Menu 24.3 System Maintenance: Log and Trace ............................................. 300
Figure 193 Sample Error and Information Messages ......................................................... 301
Figure 194 Menu 24.3.2 System Maintenance: Syslog and Accounting ............................. 301
Figure 195 Syslog Example ................................................................................................ 302
Figure 196 Menu 24.4 System Maintenance : Diagnostic ................................................... 303
Figure 197 Telnet in Menu 24.5 ........................................................................................... 308
Figure 198 FTP Session Example ...................................................................................... 309
Figure 199 Telnet into Menu 24.6 ........................................................................................ 312
Figure 200 Restore Using FTP Session Example ............................................................... 312
Figure 201 Telnet Into Menu 24.7.1 Upload System Firmware .......................................... 313
Figure 202 Telnet Into Menu 24.7.2 System Maintenance ................................................. 314
Figure 203 FTP Session Example of Firmware File Upload ............................................... 315
Figure 204 Command Mode in Menu 24 ............................................................................. 318
Figure 205 Valid Commands ............................................................................................... 318
Figure 206 Menu 24.9 System Maintenance: Call Control .................................................. 319
Figure 207 Menu 24.9.1 System Maintenance: Budget Management ................................ 320
Figure 208 Menu 24 System Maintenance ......................................................................... 321
Figure 209 Menu 24.10 System Maintenance: Time and Date Setting ............................... 321
Figure 210 Menu 24.11 Remote Management Control ....................................................... 325
List of Figures
28
P-660H/HW/W-T Series User’ Guide
Figure 211 Menu 25 IP Routing Policy Setup ..................................................................... 329
Figure 212 Menu 25.1 IP Routing Policy Setup .................................................................. 330
Figure 213 Menu 25.1.1 IP Routing Policy .......................................................................... 331
Figure 214 Menu 3.2 TCP/IP and DHCP Ethernet Setup ................................................... 333
Figure 215 Menu 11.3 Remote Node Network Layer Options ............................................ 333
Figure 216 Example of IP Policy Routing ........................................................................... 334
Figure 217 IP Routing Policy Example ................................................................................ 335
Figure 218 IP Routing Policy Example ................................................................................ 336
Figure 219 Applying IP Policies Example ........................................................................... 336
Figure 220 Menu 26 Schedule Setup .................................................................................. 338
Figure 221 Menu 26.1 Schedule Set Setup ....................................................................... 339
Figure 222 Applying Schedule Set(s) to a Remote Node (PPPoE) .................................... 340
Figure 223 Pop-up Blocker ................................................................................................. 345
Figure 224 Internet Options ............................................................................................... 345
Figure 225 Internet Options ................................................................................................ 346
Figure 226 Pop-up Blocker Settings ................................................................................... 347
Figure 227 Internet Options ................................................................................................ 348
Figure 228 Security Settings - Java Scripting ..................................................................... 349
Figure 229 Security Settings - Java .................................................................................... 350
Figure 230 Java (Sun) ......................................................................................................... 351
Figure 231 Internet Options Security .................................................................................. 352
Figure 232 Security Setting ActiveX Controls ..................................................................... 353
Figure 233 Wall-mounting Example .................................................................................... 358
Figure 234 WIndows 95/98/Me: Network: Configuration ..................................................... 361
Figure 235 Windows 95/98/Me: TCP/IP Properties: IP Address ......................................... 362
Figure 236 Windows 95/98/Me: TCP/IP Properties: DNS Configuration ............................ 363
Figure 237 Windows XP: Start Menu .................................................................................. 364
Figure 238 Windows XP: Control Panel .............................................................................. 364
Figure 239 Windows XP: Control Panel: Network Connections: Properties ....................... 365
Figure 240 Windows XP: Local Area Connection Properties .............................................. 365
Figure 241 Windows XP: Internet Protocol (TCP/IP) Properties ......................................... 366
Figure 242 Windows XP: Advanced TCP/IP Properties ...................................................... 367
Figure 243 Windows XP: Internet Protocol (TCP/IP) Properties ......................................... 368
Figure 244 Macintosh OS 8/9: Apple Menu ........................................................................ 369
Figure 245 Macintosh OS 8/9: TCP/IP ................................................................................ 369
Figure 246 Macintosh OS X: Apple Menu ........................................................................... 370
Figure 247 Macintosh OS X: Network ................................................................................. 371
Figure 248 Red Hat 9.0: KDE: Network Configuration: Devices ........................................ 372
Figure 249 Red Hat 9.0: KDE: Ethernet Device: General ................................................. 372
Figure 250 Red Hat 9.0: KDE: Network Configuration: DNS ............................................. 373
Figure 251 Red Hat 9.0: KDE: Network Configuration: Activate
................................. 373
Figure 252 Red Hat 9.0: Dynamic IP Address Setting in ifconfig-eth0 .............................. 374
Figure 253 Red Hat 9.0: Static IP Address Setting in ifconfig-eth0
29
.................................. 374
List of Figures
P-660H/HW/W-T Series User’ Guide
Figure 254 Red Hat 9.0: DNS Settings in resolv.conf
...................................................... 374
Figure 255 Red Hat 9.0: Restart Ethernet Card ................................................................ 375
Figure 256 Red Hat 9.0: Checking TCP/IP Properties ...................................................... 375
Figure 257 Option to Enter Debug Mode ............................................................................ 384
Figure 258 Boot Module Commands .................................................................................. 385
Figure 259 Connecting a POTS Splitter .............................................................................. 398
Figure 260 Connecting a Microfilter .................................................................................... 399
Figure 261 Prestige with ISDN ............................................................................................ 399
Figure 262 Single-Computer per Router Hardware Configuration ...................................... 403
Figure 263 Prestige as a PPPoE Client .............................................................................. 403
Figure 264 Displaying Log Categories Example ................................................................. 418
Figure 265 Displaying Log Parameters Example ................................................................ 418
Figure 266 Peer-to-Peer Communication in an Ad-hoc Network ........................................ 420
Figure 267 Basic Service Set .............................................................................................. 421
Figure 268 Infrastructure WLAN ......................................................................................... 422
Figure 269 RTS/CTS .......................................................................................................... 423
Figure 270 Configuration Text File Format: Column Descriptions ....................................... 430
Figure 271 Invalid Parameter Entered: Command Line Example ....................................... 431
Figure 272 Valid Parameter Entered: Command Line Example ......................................... 431
Figure 273 Internal SPTGEN FTP Download Example ..................................................... 432
Figure 274 Internal SPTGEN FTP Upload Example ........................................................... 432
List of Figures
30
P-660H/HW/W-T Series User’ Guide
31
List of Figures
P-660H/HW/W-T Series User’ Guide
List of Tables
Table 1 ADSL Standards .................................................................................................... 42
Table 2 Front Panel LEDs .................................................................................................. 47
Table 3 Web Configurator Screens Summary .................................................................... 50
Table 4 Password ............................................................................................................... 53
Table 5 Internet Access Wizard Setup: ISP Parameters .................................................... 55
Table 6 Internet Connection with PPPoE .......................................................................... 56
Table 7 Internet Connection with RFC 1483 ...................................................................... 56
Table 8 Internet Connection with ENET ENCAP ................................................................ 57
Table 9 Internet Connection with PPPoA ........................................................................... 58
Table 10 Internet Access Wizard Setup: LAN Configuration .............................................. 60
Table 11 LAN Setup ........................................................................................................... 68
Table 12 Wireless LAN ....................................................................................................... 72
Table 13 Wireless LAN ....................................................................................................... 74
Table 14 MAC Filter ............................................................................................................ 76
Table 15 Wireless LAN: 802.1x/WPA: No Access/Authentication ...................................... 80
Table 16 Wireless LAN: 802.1x/WPA: 802.1x .................................................................... 81
Table 17 Wireless LAN: 802.1x/WPA: WPA ....................................................................... 83
Table 18 Wireless LAN: 802.1x/WPA: WPA-PSK ............................................................... 84
Table 19 Local User Database ........................................................................................... 86
Table 20 RADIUS ............................................................................................................... 87
Table 21 WAN .................................................................................................................... 95
Table 22 WAN Setup .......................................................................................................... 96
Table 23 WAN Backup ....................................................................................................... 100
Table 24 NAT Definitions .................................................................................................... 102
Table 25 NAT Mapping Types ............................................................................................ 105
Table 26 Services and Port Numbers ................................................................................. 106
Table 27 NAT Mode ............................................................................................................ 108
Table 28 Edit SUA/NAT Server Set .................................................................................... 109
Table 29 Address Mapping Rules ...................................................................................... 110
Table 30 Edit Address Mapping Rule ................................................................................. 112
Table 31 Dynamic DNS ...................................................................................................... 115
Table 32 Time and Date ..................................................................................................... 117
Table 33 Common IP Ports ................................................................................................ 121
Table 34 ICMP Commands That Trigger Alerts .................................................................. 123
Table 35 Legal NetBIOS Commands ................................................................................. 123
Table 36 Legal SMTP Commands .................................................................................... 124
Table 37 Firewall: Default Policy ........................................................................................ 135
Table 38 Rule Summary ..................................................................................................... 137
List of Tables
32
P-660H/HW/W-T Series User’ Guide
Table 39 Firewall: Edit Rule ................................................................................................ 140
Table 40 Customized Services ........................................................................................... 141
Table 41 Firewall: Configure Customized Services ............................................................ 142
Table 42 Predefined Services ........................................................................................... 146
Table 43 Firewall: Anti Probing ........................................................................................... 149
Table 44 Firewall: Threshold .............................................................................................. 152
Table 45 ............................................................................................................................. 154
Table 46 Content Filter: Keyword ....................................................................................... 155
Table 47 Content Filter: Schedule ...................................................................................... 156
Table 48 Content Filter: Trusted ......................................................................................... 157
Table 49 Remote Management .......................................................................................... 160
Table 50 Configuring UPnP ................................................................................................ 164
Table 51 Log Settings ......................................................................................................... 177
Table 52 View Logs ............................................................................................................ 179
Table 53 SMTP Error Messages ........................................................................................ 179
Table 54 Application and Subnet-based Bandwidth Management Example ...................... 184
Table 55 Media Bandwidth Mgnt. ....................................................................................... 188
Table 56 Media Bandwidth Management: Summary .......................................................... 189
Table 57 Media Bandwidth Management: Class Setup ...................................................... 190
Table 58 Media Bandwidth Management: Class Configuration .......................................... 191
Table 59 Services and Port Numbers ................................................................................. 192
Table 60 Media Bandwidth Management Statistics ............................................................ 193
Table 61 Media Bandwidth Management: Monitor ............................................................. 194
Table 62 System Status ...................................................................................................... 197
Table 63 System Status: Show Statistics ........................................................................... 199
Table 64 DHCP Table ......................................................................................................... 200
Table 65 Any IP Table ........................................................................................................ 201
Table 66 Association List .................................................................................................... 202
Table 67 Diagnostic: General ............................................................................................. 203
Table 68 Diagnostic: DSL Line ........................................................................................... 204
Table 69 Firmware Upgrade ............................................................................................... 205
Table 70 SMT Menus Overview ......................................................................................... 209
Table 71 Navigating the SMT Interface .............................................................................. 210
Table 72 SMT Main Menu .................................................................................................. 211
Table 73 Main Menu Summary .......................................................................................... 211
Table 74 Menu 1 General Setup ........................................................................................ 215
Table 75 Menu 1.1 Configure Dynamic DNS ..................................................................... 216
Table 76 Menu 2 WAN Backup Setup ................................................................................ 218
Table 77 Menu 2.1Traffic Redirect Setup ........................................................................... 219
Table 78 DHCP Ethernet Setup ......................................................................................... 224
Table 79 TCP/IP Ethernet Setup ........................................................................................ 224
Table 80 Menu 3.5 - Wireless LAN Setup .......................................................................... 226
Table 81 Menu 3.5.1 WLAN MAC Address Filtering .......................................................... 228
33
List of Tables
P-660H/HW/W-T Series User’ Guide
Table 82 Menu 3.2.1 IP Alias Setup ................................................................................... 232
Table 83 Menu 4 Internet Access Setup ............................................................................ 234
Table 84 Menu 11.1 Remote Node Profile ......................................................................... 238
Table 85 Menu 11.3 Remote Node Network Layer Options ............................................... 240
Table 86 Menu 11.8 Advance Setup Options ..................................................................... 245
Table 87 Menu12.1.1 Edit IP Static Route .......................................................................... 248
Table 88 Remote Node Network Layer Options: Bridge Fields .......................................... 251
Table 89 Menu 12.3.1 Edit Bridge Static Route .................................................................. 252
Table 90 Applying NAT in Menus 4 & 11.3 ......................................................................... 256
Table 91 SUA Address Mapping Rules .............................................................................. 257
Table 92 Menu 15.1.1 First Set .......................................................................................... 259
Table 93 Menu 15.1.1.1 Editing/Configuring an Individual Rule in a Set ........................... 260
Table 94 Abbreviations Used in the Filter Rules Summary Menu ...................................... 275
Table 95 Rule Abbreviations Used ..................................................................................... 276
Table 96 Menu 21.1.x.1 TCP/IP Filter Rule ........................................................................ 277
Table 97 Menu 21.1.5.1 Generic Filter Rule ....................................................................... 280
Table 98 Filter Sets Table ................................................................................................... 283
Table 99 Menu 22 SNMP Configuration ............................................................................. 288
Table 100 SNMP Traps ...................................................................................................... 288
Table 101 Ports and Permanent Virtual Circuits ................................................................. 289
Table 102 Menu 23.2 System Security: RADIUS Server ................................................... 291
Table 103 Menu 23.4 System Security: IEEE 802.1x ......................................................... 293
Table 104 Menu 14.1 Edit Dial-in User ............................................................................... 295
Table 105 Menu 24.1 System Maintenance: Status ........................................................... 297
Table 106 Menu 24.2.1 System Maintenance: Information ................................................ 299
Table 107 Menu 24.3.2 System Maintenance : Syslog and Accounting ............................ 301
Table 108 Menu 24.4 System Maintenance Menu: Diagnostic .......................................... 304
Table 109 Filename Conventions ....................................................................................... 307
Table 110 General Commands for GUI-based FTP Clients ............................................... 309
Table 111 General Commands for GUI-based TFTP Clients ............................................. 311
Table 112 Menu 24.9.1 System Maintenance: Budget Management ................................. 320
Table 113 Menu 24.10 System Maintenance: Time and Date Setting ............................... 321
Table 114 Menu 24.11 Remote Management Control ........................................................ 325
Table 115 Menu 25.1 IP Routing Policy Setup ................................................................... 330
Table 116 Menu 25.1.1 IP Routing Policy .......................................................................... 331
Table 117 Menu 26.1 Schedule Set Setup ......................................................................... 339
Table 118 Troubleshooting Starting Up Your Prestige ........................................................ 342
Table 119 Troubleshooting the LAN ................................................................................... 342
Table 120 Troubleshooting the WAN .................................................................................. 343
Table 121 Troubleshooting Accessing the Prestige ........................................................... 344
Table 122 Device ................................................................................................................ 354
Table 123 Firmware ............................................................................................................ 355
Table 124 Classes of IP Addresses ................................................................................... 376
List of Tables
34
P-660H/HW/W-T Series User’ Guide
Table 125 Allowed IP Address Range By Class ................................................................. 377
Table 126 “Natural” Masks ................................................................................................ 377
Table 127 Alternative Subnet Mask Notation ..................................................................... 378
Table 128 Two Subnets Example ....................................................................................... 378
Table 129 Subnet 1 ............................................................................................................ 379
Table 130 Subnet 2 ............................................................................................................ 379
Table 131 Subnet 1 ............................................................................................................ 380
Table 132 Subnet 2 ............................................................................................................ 380
Table 133 Subnet 3 ............................................................................................................ 380
Table 134 Subnet 4 ............................................................................................................ 381
Table 135 Eight Subnets .................................................................................................... 381
Table 136 Class C Subnet Planning ................................................................................... 381
Table 137 Class B Subnet Planning ................................................................................... 382
Table 138 Firewall Commands ........................................................................................... 388
Table 139 NetBIOS Filter Default Settings ......................................................................... 395
Table 140 System Maintenance Logs ................................................................................ 404
Table 141 System Error Logs ............................................................................................. 405
Table 142 Access Control Logs .......................................................................................... 405
Table 143 TCP Reset Logs ................................................................................................ 406
Table 144 Packet Filter Logs .............................................................................................. 406
Table 145 ICMP Logs ......................................................................................................... 407
Table 146 CDR Logs .......................................................................................................... 407
Table 147 PPP Logs ........................................................................................................... 407
Table 148 UPnP Logs ........................................................................................................ 408
Table 149 Content Filtering Logs ....................................................................................... 408
Table 150 Attack Logs ........................................................................................................ 409
Table 151 IPSec Logs ........................................................................................................ 410
Table 152 IKE Logs ............................................................................................................ 410
Table 153 PKI Logs ............................................................................................................ 413
Table 154 Certificate Path Verification Failure Reason Codes ........................................... 414
Table 155 802.1X Logs ...................................................................................................... 415
Table 156 ACL Setting Notes ............................................................................................. 416
Table 157 ICMP Notes ....................................................................................................... 416
Table 158 Syslog Logs ....................................................................................................... 417
Table 159 RFC-2408 ISAKMP Payload Types ................................................................... 417
Table 160 IEEE 802.11g ..................................................................................................... 424
Table 161 Comparison of EAP Authentication Types ......................................................... 428
Table 162 Wireless Security Relational Matrix ................................................................... 429
Table 163 Abbreviations Used in the Example Internal SPTGEN Screens Table .............. 432
Table 164 Menu 1 General Setup (SMT Menu 1) .............................................................. 433
Table 165 Menu 3 (SMT Menu 3 ) ...................................................................................... 433
Table 166 Menu 4 Internet Access Setup (SMT Menu 4) .................................................. 436
Table 167 Menu 12 (SMT Menu 12) ................................................................................... 438
35
List of Tables
P-660H/HW/W-T Series User’ Guide
Table 168 Menu 15 SUA Server Setup (SMT Menu 15) .................................................... 442
Table 169 Menu 21.1 Filter Set #1 (SMT Menu 21.1) ........................................................ 444
Table 170 Menu 21.1 Filer Set #2, (SMT Menu 21.1) ........................................................ 447
Table 171 Menu 23 System Menus (SMT Menu 23) .......................................................... 452
Table 172 Menu 24.11 Remote Management Control (SMT Menu 24.11) ......................... 453
Table 173 Command Examples ......................................................................................... 453
List of Tables
36
P-660H/HW/W-T Series User’ Guide
37
List of Tables
P-660H/HW/W-T Series User’ Guide
Preface
Congratulations on your purchase of the P-660H/HW/W T series ADSL 2+ gateway. P-660W
and P-660HW come with biult-in IEEE 802.11g wireless capability allowing wireless
connectivity. P-660H and P-660HW have a 4-port switch that allows you to connect up to 4
computers to the Prestige without purchasing a switch/hub.
Note: Register your product online to receive e-mail notices of firmware upgrades and
information at www.zyxel.com for global products, or at www.us.zyxel.com for
North American products.
About This User's Guide
This manual is designed to guide you through the configuration of your Prestige for its various
applications. The web configurator parts of this guide contain background information on
features configurable by web configurator. The SMT parts of this guide contain background
information solely on features not configurable by web configurator.
Note: Use the web configurator, System Management Terminal (SMT) or command
interpreter interface to configure your Prestige. Not all features can be
configured through all interfaces.
Syntax Conventions
• “Enter” means for you to type one or more characters. “Select” or “Choose” means for
you to use one predefined choices.
• The SMT menu titles and labels are in Bold Times New Roman font. Predefined field
choices are in Bold Arial font. Command and arrow keys are enclosed in square
brackets. [ENTER] means the Enter, or carriage return key; [ESC] means the Escape key
and [SPACE BAR] means the Space Bar.
• Mouse action sequences are denoted using a comma. For example, “click the Apple icon,
Control Panels and then Modem” means first click the Apple icon, then point your
mouse pointer to Control Panels and then click Modem.
• For brevity’s sake, we will use “e.g.,” as a shorthand for “for instance”, and “i.e.,” for
“that is” or “in other words” throughout this manual.
• The P-600H/HW/W T series may be referred to as the “Prestige” in this User’s Guide.
• Application graphics and screen shoots shown are for the P-660W model unless
otherwise specified.
Related Documentation
• Supporting Disk
Refer to the included CD for support documents.
• Quick Start Guide
The Quick Start Guide is designed to help you get up and running right away. They
contain connection information and instructions on getting started.
Preface
38
P-660H/HW/W-T Series User’ Guide
• Web Configurator Online Help
Embedded web help for descriptions of individual screens and supplementary
information.
• ZyXEL Glossary and Web Site
Please refer to www.zyxel.com for an online glossary of networking terms and additional
support documentation.
User Guide Feedback
Help us help you. E-mail all User Guide-related comments, questions or suggestions for
improvement to techwriters@zyxel.com.tw or send regular mail to The Technical Writing
Team, ZyXEL Communications Corp., 6 Innovation Road II, Science-Based Industrial Park,
Hsinchu, 300, Taiwan. Thank you.
Graphics Icons Key
Prestige
Computer
Notebook computer
Server
DSLAM
Firewall
Telephone
Switch
Router
Wireless Signal
39
Preface
P-660H/HW/W-T Series User’ Guide
Introduction to DSL
DSL (Digital Subscriber Line) technology enhances the data capacity of the existing twistedpair wire that runs between the local telephone company switching offices and most homes
and offices. While the wire itself can handle higher frequencies, the telephone switching
equipment is designed to cut off signals above 4,000 Hz to filter noise off the voice line, but
now everybody is searching for ways to get more bandwidth to improve access to the Web hence DSL technologies.
There are actually seven types of DSL service, ranging in speeds from 16 Kbits/sec to 52
Mbits/sec. The services are either symmetrical (traffic flows at the same speed in both
directions), or asymmetrical (the downstream capacity is higher than the upstream capacity).
Asymmetrical services (ADSL) are suitable for Internet users because more information is
usually downloaded than uploaded. For example, a simple button click in a web browser can
start an extended download that includes graphics and text.
As data rates increase, the carrying distance decreases. That means that users who are beyond
a certain distance from the telephone company’s central office may not be able to obtain the
higher speeds.
A DSL connection is a point-to-point dedicated circuit, meaning that the link is always up and
there is no dialing required.
Introduction to ADSL
It is an asymmetrical technology, meaning that the downstream data rate is much higher than
the upstream data rate. As mentioned, this works well for a typical Internet session in which
more information is downloaded, for example, from Web servers, than is uploaded. ADSL
operates in a frequency range that is above the frequency range of voice services, so the two
systems can operate over the same cable.
Introduction to DSL
40
P-660H/HW/W-T Series User’ Guide
41
Introduction to DSL
P-660H/HW/W-T Series User’ Guide
CHAPTER 1
Getting To Know Your Prestige
This chapter describes the key features and applications of your Prestige.
1.1 Introducing the Prestige
The Prestige is an ADSL2+ gateway that allows super-fast, secure Internet access over analog
(POTS) or digital (ISDN) telephone lines (depending on your model).
In the Prestige product name, “H” denotes an integrated 4-port switch (hub) and “W” denotes
an included wireless LAN card that provides wireless connectivity.
Models ending in “1”, for example P-660W-T1, denote a device that works over the analog
telephone system, POTS (Plain Old Telephone Service). Models ending in “3” denote a device
that works over ISDN (Integrated Services Digital Network). Models ending in “7” denote a
device that works over T-ISDN (UR-2).
Note: Only use firmware for your Prestige’s specific model. Refer to the label on the
bottom of your Prestige.
The DSL RJ-11 (ADSL over POTS models) or RJ-45 (ADSL over ISDN models) connects to
your ADSL-enabled telephone line. The Prestige is compatible with the ADSL/ADSL2/
ADSL2+ standards. Maximum data rates attainable by the Prestige for each standard are
shown in the next table.
Table 1 ADSL Standards
DATA RATE STANDARD
UPSTREAM
DOWNSTREAM
ADSL
832 kbps
8Mbps
ADSL2
3.5Mbps
12Mbps
ADSL2+
3.5Mbps
24Mbps
Note: The standard your ISP supports determines the maximum upstream and
downstream speeds attainable. Actual speeds attained also depend on the
distance from your ISP, line quality, etc.
1.2 Features
The following sections describe the features of the Prestige.
Chapter 1 Getting To Know Your Prestige
42
P-660H/HW/W-T Series User’ Guide
Note: See the product specifications in the appendix for detailed features and
standards support.
High Speed Internet Access
Your Prestige ADSL/ADSL2/ADSL2+ router can support downstream transmission rates of
up to 24Mbps and upstream transmission rates of 3.5Mbps. Actual speeds attained depend on
the ADSL service you subscribed to, distance from your ISP, line quality, etc.
Zero Configuration Internet Access
Once you connect and turn on the Prestige, it automatically detects the Internet connection
settings (such as the VCI/VPI numbers and the encapsulation method) from the ISP and makes
the necessary configuration changes. In cases where additional account information (such as
an Internet account user name and password) is required or the Prestige cannot connect to the
ISP, you will be redirected to web screen(s) for information input or troubleshooting.
Any IP
The Any IP feature allows a computer to access the Internet and the Prestige without changing
the network settings (such as IP address and subnet mask) of the computer, when the IP
addresses of the computer and the Prestige are not in the same subnet.
Firewall
The Prestige is a stateful inspection firewall with DoS (Denial of Service) protection. By
default, when the firewall is activated, all incoming traffic from the WAN to the LAN is
blocked unless it is initiated from the LAN. The Prestige firewall supports TCP/UDP
inspection, DoS detection and prevention, real time alerts, reports and logs.
Content Filtering
Content filtering allows you to block access to forbidden Internet web sites, schedule when the
Prestige should perform the filtering and give trusted LAN IP addresses unfiltered Internet
access.
Traffic Redirect
Traffic redirect forwards WAN traffic to a backup gateway when the Prestige cannot connect
to the Internet, thus acting as an auxiliary if your regular WAN connection fails.
Media Bandwidth Management
ZyXEL’s Media Bandwidth Management allows you to specify bandwidth classes based on an
application and/or subnet. You can allocate specific amounts of bandwidth capacity
(bandwidth budgets) to different bandwidth classes.
43
Chapter 1 Getting To Know Your Prestige
P-660H/HW/W-T Series User’ Guide
Universal Plug and Play (UPnP)
Using the standard TCP/IP protocol, the Prestige and other UPnP enabled devices can
dynamically join a network, obtain an IP address and convey its capabilities to other devices
on the network.
PPPoE (RFC2516)
PPPoE (Point-to-Point Protocol over Ethernet) emulates a dial-up connection. It allows your
ISP to use their existing network configuration with newer broadband technologies such as
ADSL. The PPPoE driver on the Prestige is transparent to the computers on the LAN, which
see only Ethernet and are not aware of PPPoE thus saving you from having to manage PPPoE
clients on individual computers. The Prestige also includes PPPoE idle time-out (the PPPoE
connection terminates after a period of no traffic that you configure) and PPPoE Dial-onDemand (the PPPoE connection is brought up only when an Internet access request is made).
Network Address Translation (NAT)
Network Address Translation (NAT) allows the translation of an Internet protocol address
used within one network (for example a private IP address used in a local network) to a
different IP address known within another network (for example a public IP address used on
the Internet).
Dynamic DNS Support
With Dynamic DNS support, you can have a static hostname alias for a dynamic IP address,
allowing the host to be more easily accessible from various locations on the Internet. You must
register for this service with a Dynamic DNS service provider.
DHCP
DHCP (Dynamic Host Configuration Protocol) allows the individual clients (computers)
to obtain the TCP/IP configuration at start-up from a centralized DHCP server. The
Prestige has built-in DHCP server capability enabled by default. It can assign IP
addresses, an IP default gateway and DNS servers to DHCP clients. The Prestige can now
also act as a surrogate DHCP server (DHCP Relay) where it relays IP address assignment
from the actual real DHCP server to the clients.
IP Alias
IP Alias allows you to partition a physical network into logical networks over the same
Ethernet interface. The Prestige supports three logical LAN interfaces via its single
physical Ethernet interface with the Prestige itself as the gateway for each LAN network.
IP Policy Routing (IPPR)
Traditionally, routing is based on the destination address only and the router takes the
shortest path to forward a packet. IP Policy Routing (IPPR) provides a mechanism to
override the default routing behavior and alter the packet forwarding based on the policy
defined by the network administrator.
Chapter 1 Getting To Know Your Prestige
44
P-660H/HW/W-T Series User’ Guide
Packet Filters
The Prestige's packet filtering functions allows added network security and management.
Housing
Your Prestige's compact and ventilated housing minimizes space requirements making it easy
to position anywhere in your busy office.
4-Port Switch (P-660H/P-660HW)
A combination of switch and router makes your Prestige a cost-effective and viable network
solution. You can connect up to four computers to the Prestige without the cost of a hub. Use a
hub to add more than four computers to your LAN.
1.2.1 Wireless Features (P-660HW/P-660W)
Wireless LAN
The Prestige supports the IEEE 802.11g standard, which is fully compatible with the IEEE
802.11b standard, meaning that you can have both IEEE 802.11b and IEEE 802.11g wireless
clients in the same wireless network.
Note: The Prestige may be prone to RF (Radio Frequency) interference from other
2.4 GHz devices such as microwave ovens, wireless phones, Bluetooth
enabled devices, and other wireless LANs.
Wi-Fi Protected Access
Wi-Fi Protected Access (WPA) is a subset of the IEEE 802.11i security specification standard.
Key differences between WPA and WEP are user authentication and improved data
encryption.
Antenna
The Prestige is equipped with one 2dBi fixed antenna to provide clear radio signal between the
wireless stations and the access points.
Wireless LAN MAC Address Filtering
Your Prestige can check the MAC addresses of wireless stations against a list of allowed or
denied MAC addresses.
WEP Encryption
WEP (Wired Equivalent Privacy) encrypts data frames before transmitting over the wireless
network to help keep network communications private.
45
Chapter 1 Getting To Know Your Prestige
P-660H/HW/W-T Series User’ Guide
1.3 Applications for the Prestige
Here are some example uses for which the Prestige is well suited. Application graphics shown
are for the P-660W.
1.3.1 Protected Internet Access
The Prestige is the ideal high-speed Internet access solution. It is compatible with all major
ADSL DSLAM (Digital Subscriber Line Access Multiplexer) providers and supports the
ADSL standards as shown in Table 1 on page 42. In addition, the Prestige allows wireless
clients access to your network resources.
The Prestige provides protection from attacks by Internet hackers. By default, the firewall
blocks all incoming traffic from the WAN. The firewall supports TCP/UDP inspection and
DoS (Denial of Services) detection and prevention, as well as real time alerts, reports and logs.
Figure 1 Protected Internet Access Applications
ss
1.3.2 LAN to LAN Application
You can use the Prestige to connect two geographically dispersed networks over the ADSL
line. A typical LAN-to-LAN application example is shown as follows.
Figure 2 LAN-to-LAN Application Example
1.4 Front Panel LEDs
The following figure shows the front panel LEDs.
Chapter 1 Getting To Know Your Prestige
46
P-660H/HW/W-T Series User’ Guide
The following table describes the LEDs.
Table 2 Front Panel LEDs
LED
COLOR
STATUS
DESCRIPTION
PWR/SYS
Green
On
The Prestige is receiving power and functioning properly.
Blinking
The Prestige is rebooting or performing diagnostics.
On
Power to the Prestige is too low.
Off
The system is not ready or has malfunctioned.
On
The Prestige has a successful 10Mb Ethernet connection.
Blinking
The Prestige is sending/receiving data.
On
The Prestige has a successful 100Mb Ethernet connection.
Blinking
The Prestige is sending/receiving data.
Off
The LAN is not connected.
On
The Prestige is ready, but is not sending/receiving data
through the wireless LAN.
Blinking
The Prestige is sending/receiving data through the wireless
LAN.
Off
The wireless LAN is not ready or has failed.
Fast
Blinking
The Prestige is sending/receiving non-PPP data.
Slow
Blinking
The Prestige is initializing the DSL line.
On
The system is ready, but is not sending/receiving non-PPP
data.
On
The connection to the PPPoE server is up.
Blinking
The Prestige is sending/receiving PPP data.
Off
The DSL link is down.
Red
LAN
Green
Amber
WLAN (P660HW/ P660W)
DSL/PPP
Green
Green
Amber
1.5 Hardware Connection
Refer to the Quick Start Guide for information on hardware connection.
47
Chapter 1 Getting To Know Your Prestige
P-660H/HW/W-T Series User’ Guide
CHAPTER 2
Introducing the Web
Configurator
This chapter describes how to access and navigate the web configurator.
2.1 Web Configurator Overview
The web configurator is an HTML-based management interface that allows easy Prestige
setup and management via Internet browser. Use Internet Explorer 6.0 and later or Netscape
Navigator 7.0 and later versions. The recommended screen resolution is 1024 by 768 pixels.
In order to use the web configurator you need to allow:
• Web browser pop-up windows from your device. Web pop-up blocking is enabled by
default in Windows XP SP (Service Pack) 2.
• JavaScripts (enabled by default).
• Java permissions (enabled by default).
See the chapter on troubleshooting if you need to make sure these functions are allowed in
Internet Explorer.
2.1.1 Accessing the Web Configurator
Note: Even though you can connect to the Prestige wirelessly, it is recommended that
you connect your computer to a LAN port for initial configuration.
1 Make sure your Prestige hardware is properly connected (refer to the Quick Start Guide).
2 Prepare your computer/computer network to connect to the Prestige (refer to the Quick
Start Guide).
3 Launch your web browser.
4 Type "192.168.1.1" as the URL.
5 A window displays as shown.The Password field already contains the default password
“1234”. Click Login to proceed to a screen asking you to change your password or click
Cancel to revert to the default password.
Chapter 2 Introducing the Web Configurator
48
P-660H/HW/W-T Series User’ Guide
Figure 3 Password Screen
6 It is highly recommended you change the default password! Enter a new password
between 1 and 30 characters, retype it to confirm and click Apply; alternatively click
Ignore to proceed to the main menu if you do not want to change the password now.
Note: If you do not change the password at least once, the following screen appears
every time you log in.
Figure 4 Change Password at Login
7 You should now see the SITE MAP screen.
Note: The Prestige automatically times out after five minutes of inactivity. Simply log
back into the Prestige if this happens to you.
2.1.2 Resetting the Prestige
If you forget your password or cannot access the web configurator, you will need to use the
RESET button at the back of the Prestige to reload the factory-default configuration file. This
means that you will lose all configurations that you had previously and the password will be
reset to “1234”.
2.1.2.1 Using the Reset Button
1 Make sure the PWR/SYS LED is on (not blinking).
2 Press the RESET button for ten seconds or until the PWR/SYS LED begins to blink and
then release it. When the PWR/SYS LED begins to blink, the defaults have been restored
and the Prestige restarts.
49
Chapter 2 Introducing the Web Configurator
P-660H/HW/W-T Series User’ Guide
2.1.3 Navigating the Web Configurator
The following summarizes how to navigate the web configurator from the SITE MAP screen.
We use the Prestige 660W-T1 web screens in this guide as an example. Screens vary slightly
for different Prestige models.
• Click Wizard Setup to begin a series of screens to configure your Prestige for the first
time.
• Click a link under Advanced Setup to configure advanced Prestige features.
• Click a link under Maintenance to see Prestige performance statistics, upload firmware
and back up, restore or upload a configuration file.
• Click Site Map to go to the Site Map screen.
• Click Logout in the navigation panel when you have finished a Prestige management
session.
Figure 5
Web Configurator: Site Map Screen
Note: Click the
icon (located in the top right corner of most screens) to view
embedded help.
Table 3 Web Configurator Screens Summary
LINK
SUB-LINK
FUNCTION
Wizard Setup
Connection Setup
Use these screens for initial configuration including general
setup, ISP parameters for Internet Access and WAN IP/DNS
Server/MAC address assignment.
Media Bandwidth
Mgnt
Use these screens to limit bandwidth usage by application.
Advanced Setup
Password
Use this screen to change your password.
LAN
Use this screen to configure LAN DHCP and TCP/IP settings.
Chapter 2 Introducing the Web Configurator
50
P-660H/HW/W-T Series User’ Guide
Table 3 Web Configurator Screens Summary (continued)
LINK
SUB-LINK
FUNCTION
Wireless LAN
(P-660W / P660HW only)
Wireless
Use this screen to configure the wireless LAN settings.
MAC Filter
Use this screen to change MAC filter settings on the Prestige.
802.1x/WPA
Use this screen to configure WLAN authentication and security
settings.
Local User
Database
Use this screen to set up built-in user profiles for wireless
station authentication.
RADIUS
Use this screen to specify the external RADIUS server for
wireless station authentication.
WAN Setup
Use this screen to change the Prestige’s WAN remote node
settings.
WAN Backup
Use this screen to configure your traffic redirect properties and
WAN backup settings.
SUA Only
Use this screen to configure servers behind the Prestige.
Full Feature
Use this screen to configure network address translation
mapping rules.
WAN
NAT
Dynamic DNS
Use this screen to set up dynamic DNS.
Time and Date
Use this screen to change your Prestige’s time and date.
Firewall
Content Filter
Default Policy
Use this screen to activate/deactivate the firewall and the
direction of network traffic to which to apply the rule.
Rule Summary
This screen shows a summary of the firewall rules, and allows
you to edit/add a firewall rule.
Anti Probing
Use this screen to change your anti-probing settings.
Threshold
Use this screen to configure the threshold for DoS attacks.
Keyword
Use this screen to block sites containing certain keywords in the
URL.
Schedule
Use this screen to set the days and times for the Prestige to
perform content filtering.
Trusted
Use this screen to exclude a range of users on the LAN from
content filtering on your Prestige.
Remote
Management
Use this screen to configure through which interface(s) and
from which IP address(es) users can use Telnet/FTP/Web to
manage the Prestige.
UPnP
Use this screen to enable UPnP on the Prestige.
Logs
Log Settings
Use this screen to change your Prestige’s log settings.
View Log
Use this screen to view the logs for the categories that you
selected.
Media Bandwidth Summary
Management
Use this screen to assign bandwidth limits to specific types of
traffic.
Class Setup
Use this screen to define a bandwidth class.
Monitor
Use this screen to view bandwidth class statistics.
Maintenance
System Status
51
This screen contains administrative and system-related
information.
Chapter 2 Introducing the Web Configurator
P-660H/HW/W-T Series User’ Guide
Table 3 Web Configurator Screens Summary (continued)
LINK
SUB-LINK
FUNCTION
DHCP Table
This screen displays DHCP (Dynamic Host Configuration
Protocol) related information and is READ-ONLY.
Any IP Table
Use this screen to view the IP and MAC addresses of LAN
computers communicating with the Prestige.
Wireless LAN
(P-660W / P660HW only)
Association List
This screen displays the MAC address(es) of the wireless
stations that are currently associating with the Prestige.
Diagnostic
General
These screens display information to help you identify problems
with the Prestige general connection.
DSL Line
These screens display information to help you identify problems
with the DSL line.
Firmware
Use this screen to upload firmware to your Prestige
LOGOUT
Click Logout to exit the web configurator.
2.2 Change Login Password
It is highly recommended that you periodically change the password for accessing the
Prestige. If you didn’t change the default one after you logged in or you want to change to a
new password again, then click Password in the Site Map screen to display the screen as
shown next.
Figure 6 Password
The following table describes the fields in this screen.
Chapter 2 Introducing the Web Configurator
52
P-660H/HW/W-T Series User’ Guide
Table 4 Password
53
LABEL
DESCRIPTION
Old Password
Type the default password or the existing password you use to access the system
in this field.
New Password
Type the new password in this field.
Retype to Confirm
Type the new password again in this field.
Apply
Click Apply to save your changes back to the Prestige.
Cancel
Click Cancel to begin configuring this screen afresh.
Chapter 2 Introducing the Web Configurator
P-660H/HW/W-T Series User’ Guide
CHAPTER 3
Wizard Setup for Internet Access
This chapter provides information on the Wizard Setup screens for Internet access in the web
configurator.
3.1 Introduction
Use the Wizard Setup screens to configure your system for Internet access with the
information given to you by your ISP.
Note: See the advanced menu chapters for background information on these fields.
3.1.1 Internet Access Wizard Setup
1 In the SITE MAP screen click Wizard Setup to display the first wizard screen.
Figure 7 Internet Access Wizard Setup: ISP Parameters
The following table describes the fields in this screen.
Chapter 3 Wizard Setup for Internet Access
54
P-660H/HW/W-T Series User’ Guide
Table 5 Internet Access Wizard Setup: ISP Parameters
LABEL
DESCRIPTION
Mode
From the Mode drop-down list box, select Routing (default) if your ISP allows
multiple computers to share an Internet account. Otherwise select Bridge.
Encapsulation
Select the encapsulation type your ISP uses from the Encapsulation drop-down list
box. Choices vary depending on what you select in the Mode field.
If you select Bridge in the Mode field, select either PPPoA or RFC 1483.
If you select Routing in the Mode field, select PPPoA, RFC 1483, ENET ENCAP or
PPPoE.
Multiplex
Select the multiplexing method used by your ISP from the Multiplex drop-down list
box either VC-based or LLC-based.
Virtual Circuit
ID
VPI (Virtual Path Identifier) and VCI (Virtual Channel Identifier) define a virtual circuit.
Refer to the appendix for more information.
VPI
Enter the VPI assigned to you. This field may already be configured.
VCI
Enter the VCI assigned to you. This field may already be configured.
Next
Click this button to go to the next wizard screen. The next wizard screen you see
depends on what protocol you chose above. Click on the protocol link to see the next
wizard screen for that protocol.
2 The next wizard screen varies depending on what mode and encapsulation type you use.
All screens shown are with routing mode. Configure the fields and click Next to continue.
Figure 8 Internet Connection with PPPoE
The following table describes the fields in this screen.
55
Chapter 3 Wizard Setup for Internet Access
P-660H/HW/W-T Series User’ Guide
Table 6
Internet Connection with PPPoE
LABEL
DESCRIPTION
Service Name
Type the name of your PPPoE service here.
User Name
Enter the user name exactly as your ISP assigned. If assigned a name in the form
user@domain where domain identifies a service name, then enter both components
exactly as given.
Password
Enter the password associated with the user name above.
IP Address
A static IP address is a fixed IP that your ISP gives you. A dynamic IP address is not
fixed; the ISP assigns you a different one each time you connect to the Internet.
Select Obtain an IP Address Automatically if you have a dynamic IP address;
otherwise select Static IP Address and type your ISP assigned IP address in the text
box below.
Connection
Select Connect on Demand when you don't want the connection up all the time and
specify an idle time-out (in seconds) in the Max. Idle Timeout field. The default
setting selects Connection on Demand with 0 as the idle time-out, which means the
Internet session will not timeout.
Select Nailed-Up Connection when you want your connection up all the time. The
Prestige will try to bring up the connection automatically if it is disconnected.
The schedule rule(s) in SMT menu 26 has priority over your Connection settings.
Network
Address
Translation
Select None, SUA Only or Full Feature from the drop-sown list box. Refer to the NAT
chapter for more details.
Back
Click Back to go back to the first wizard screen.
Next
Click Next to continue to the next wizard screen.
Figure 9
Internet Connection with RFC 1483
The following table describes the fields in this screen.
Table 7 Internet Connection with RFC 1483
LABEL
DESCRIPTION
IP Address
This field is available if you select Routing in the Mode field.
Type your ISP assigned IP address in this field.
Network Address
Translation
Select None, SUA Only or Full Feature from the drop-down list box. Refer to the
NAT chapter for more details.
Chapter 3 Wizard Setup for Internet Access
56
P-660H/HW/W-T Series User’ Guide
Table 7 Internet Connection with RFC 1483 (continued)
LABEL
DESCRIPTION
Back
Click Back to go back to the first wizard screen.
Next
Click Next to continue to the next wizard screen.
Figure 10 Internet Connection with ENET ENCAP
The following table describes the fields in this screen.
Table 8 Internet Connection with ENET ENCAP
LABEL
DESCRIPTION
IP Address
A static IP address is a fixed IP that your ISP gives you. A dynamic IP address is not
fixed; the ISP assigns you a different one each time you connect to the Internet.
Select Obtain an IP Address Automatically if you have a dynamic IP address;
otherwise select Static IP Address and type your ISP assigned IP address in the IP
Address text box below.
Subnet Mask
Enter a subnet mask in dotted decimal notation.
Refer to the appendices to calculate a subnet mask If you are implementing subnetting.
ENET ENCAP You must specify a gateway IP address (supplied by your ISP) when you use ENET
Gateway
ENCAP in the Encapsulation field in the previous screen.
57
Network
Address
Translation
Select None, SUA Only or Full Feature from the drop-sown list box. Refer to the NAT
chapter for more details.
Back
Click Back to go back to the first wizard screen.
Next
Click Next to continue to the next wizard screen.
Chapter 3 Wizard Setup for Internet Access
P-660H/HW/W-T Series User’ Guide
Figure 11 Internet Connection with PPPoA
The following table describes the fields in this screen.
Table 9 Internet Connection with PPPoA
LABEL
DESCRIPTION
User Name
Enter the login name that your ISP gives you.
Password
Enter the password associated with the user name above.
IP Address
This option is available if you select Routing in the Mode field.
A static IP address is a fixed IP that your ISP gives you. A dynamic IP address is not
fixed; the ISP assigns you a different one each time you connect to the Internet.
Click Obtain an IP Address Automatically if you have a dynamic IP address;
otherwise click Static IP Address and type your ISP assigned IP address in the IP
Address text box below.
Connection
Select Connect on Demand when you don't want the connection up all the time and
specify an idle time-out (in seconds) in the Max. Idle Timeout field. The default setting
selects Connection on Demand with 0 as the idle time-out, which means the Internet
session will not timeout.
Select Nailed-Up Connection when you want your connection up all the time. The
Prestige will try to bring up the connection automatically if it is disconnected.
The schedule rule(s) in SMT menu 26 has priority over your Connection settings.
Network
Address
Translation
This option is available if you select Routing in the Mode field.
Select None, SUA Only or Full Feature from the drop-sown list box. Refer to the NAT
chapter for more details.
Back
Click Back to go back to the first wizard screen.
Next
Click Next to continue to the next wizard screen.
Chapter 3 Wizard Setup for Internet Access
58
P-660H/HW/W-T Series User’ Guide
3 Verify the settings in the screen shown next. To change the LAN information on the
Prestige, click Change LAN Configurations. Otherwise click Save Settings to save the
configuration and skip to the section 3.13.
Figure 12 Internet Access Wizard Setup: Third Screen
If you want to change your Prestige LAN settings, click Change LAN Configuration to
display the screen as shown next.
Figure 13 Internet Access Wizard Setup: LAN Configuration
59
Chapter 3 Wizard Setup for Internet Access
P-660H/HW/W-T Series User’ Guide
The following table describes the fields in this screen.
Table 10 Internet Access Wizard Setup: LAN Configuration
LABEL
DESCRIPTION
LAN IP Address
Enter the IP address of your Prestige in dotted decimal notation, for example,
192.168.1.1 (factory default).
If you changed the Prestige's LAN IP address, you must use the new IP
address if you want to access the web configurator again.
LAN Subnet Mask
Enter a subnet mask in dotted decimal notation.
DHCP
DHCP Server
From the DHCP Server drop-down list box, select On to allow your Prestige to
assign IP addresses, an IP default gateway and DNS servers to computer
systems that support the DHCP client. Select Off to disable DHCP server.
When DHCP server is used, set the following items:
Client IP Pool Starting
Address
This field specifies the first of the contiguous addresses in the IP address
pool.
Size of Client IP Pool
This field specifies the size or count of the IP address pool.
Primary DNS Server
Enter the IP addresses of the DNS servers. The DNS servers are passed to
the DHCP clients along with the IP address and the subnet mask.
Secondary DNS Server As above.
Back
Click Back to go back to the previous screen.
Finish
Click Finish to save the settings and proceed to the next wizard screen.
4 The Prestige automatically tests the connection to the computer(s) connected to the LAN
ports. To test the connection from the Prestige to the ISP, click Start Diagnose.
Otherwise click Return to Main Menu to go back to the Site Map screen.
Figure 14 Internet Access Wizard Setup: Connection Tests
5 Launch your web browser and navigate to www.zyxel.com. Internet access is just the
beginning. Refer to the rest of this guide for more detailed information on the complete
range of Prestige features. If you cannot access the Internet, open the web configurator
again to confirm that the Internet settings you configured in the Wizard Setup are correct.
Chapter 3 Wizard Setup for Internet Access
60
P-660H/HW/W-T Series User’ Guide
61
Chapter 3 Wizard Setup for Internet Access
P-660H/HW/W-T Series User’ Guide
CHAPTER 4
LAN Setup
This chapter describes how to configure LAN settings.
4.1 LAN Overview
A Local Area Network (LAN) is a shared communication system to which many computers
are attached. A LAN is a computer network limited to the immediate area, usually the same
building or floor of a building. The LAN screens can help you configure a LAN DHCP server
and manage IP addresses.
See Section 4.3 on page 68 to configure the LAN screens.
4.1.1 LANs, WANs and the Prestige
The actual physical connection determines whether the Prestige ports are LAN or WAN ports.
There are two separate IP networks, one inside the LAN network and the other outside the
WAN network as shown next.
Figure 15 LAN and WAN IP Addresses
Chapter 4 LAN Setup
62
P-660H/HW/W-T Series User’ Guide
4.1.2 DHCP Setup
DHCP (Dynamic Host Configuration Protocol, RFC 2131 and RFC 2132) allows individual
clients to obtain TCP/IP configuration at start-up from a server. You can configure the Prestige
as a DHCP server or disable it. When configured as a server, the Prestige provides the TCP/IP
configuration for the clients. If you turn DHCP service off, you must have another DHCP
server on your LAN, or else the computer must be manually configured.
4.1.2.1 IP Pool Setup
The Prestige is pre-configured with a pool of IP addresses for the DHCP clients (DHCP Pool).
See the product specifications in the appendices. Do not assign static IP addresses from the
DHCP pool to your LAN computers.
4.1.3 DNS Server Address
DNS (Domain Name System) is for mapping a domain name to its corresponding IP address
and vice versa. The DNS server is extremely important because without it, you must know the
IP address of a machine before you can access it. The DNS server addresses that you enter in
the DHCP setup are passed to the client machines along with the assigned IP address and
subnet mask.
There are two ways that an ISP disseminates the DNS server addresses. The first is for an ISP
to tell a customer the DNS server addresses, usually in the form of an information sheet, when
s/he signs up. If your ISP gives you the DNS server addresses, enter them in the DNS Server
fields in DHCP Setup, otherwise, leave them blank.
Some ISP’s choose to pass the DNS servers using the DNS server extensions of PPP IPCP (IP
Control Protocol) after the connection is up. If your ISP did not give you explicit DNS
servers, chances are the DNS servers are conveyed through IPCP negotiation. The Prestige
supports the IPCP DNS server extensions through the DNS proxy feature.
If the Primary and Secondary DNS Server fields in the LAN Setup screen are not specified,
for instance, left as 0.0.0.0, the Prestige tells the DHCP clients that it itself is the DNS server.
When a computer sends a DNS query to the Prestige, the Prestige forwards the query to the
real DNS server learned through IPCP and relays the response back to the computer.
Please note that DNS proxy works only when the ISP uses the IPCP DNS server extensions. It
does not mean you can leave the DNS servers out of the DHCP setup under all circumstances.
If your ISP gives you explicit DNS servers, make sure that you enter their IP addresses in the
LAN Setup screen. This way, the Prestige can pass the DNS servers to the computers and the
computers can query the DNS server directly without the Prestige’s intervention.
4.1.4 DNS Server Address Assignment
Use DNS (Domain Name System) to map a domain name to its corresponding IP address and
vice versa. The DNS server is extremely important because without it, you must know the IP
address of a computer before you can access it.
63
Chapter 4 LAN Setup
P-660H/HW/W-T Series User’ Guide
There are two ways that an ISP disseminates the DNS server addresses.
• The ISP tells you the DNS server addresses, usually in the form of an information sheet,
when you sign up. If your ISP gives you DNS server addresses, enter them in the DNS
Server fields in the LAN Setup screen.
• The Prestige acts as a DNS proxy when the Primary and Secondary DNS Server fields
are left blank in the LAN Setup screen.
4.2 LAN TCP/IP
The Prestige has built-in DHCP server capability that assigns IP addresses and DNS servers to
systems that support DHCP client capability.
4.2.1 IP Address and Subnet Mask
Similar to the way houses on a street share a common street name, so too do computers on a
LAN share one common network number.
Where you obtain your network number depends on your particular situation. If the ISP or
your network administrator assigns you a block of registered IP addresses, follow their
instructions in selecting the IP addresses and the subnet mask.
If the ISP did not explicitly give you an IP network number, then most likely you have a single
user account and the ISP will assign you a dynamic IP address when the connection is
established. If this is the case, it is recommended that you select a network number from
192.168.0.0 to 192.168.255.0 and you must enable the Network Address Translation (NAT)
feature of the Prestige. The Internet Assigned Number Authority (IANA) reserved this block
of addresses specifically for private use; please do not use any other number unless you are
told otherwise. Let's say you select 192.168.1.0 as the network number; which covers 254
individual addresses, from 192.168.1.1 to 192.168.1.254 (zero and 255 are reserved). In other
words, the first three numbers specify the network number while the last number identifies an
individual computer on that network.
Once you have decided on the network number, pick an IP address that is easy to remember,
for instance, 192.168.1.1, for your Prestige, but make sure that no other device on your
network is using that IP address.
The subnet mask specifies the network number portion of an IP address. Your Prestige will
compute the subnet mask automatically based on the IP address that you entered. You don't
need to change the subnet mask computed by the Prestige unless you are instructed to do
otherwise.
Chapter 4 LAN Setup
64
P-660H/HW/W-T Series User’ Guide
4.2.1.1 Private IP Addresses
Every machine on the Internet must have a unique address. If your networks are isolated from
the Internet, for example, only between your two branch offices, you can assign any IP
addresses to the hosts without problems. However, the Internet Assigned Numbers Authority
(IANA) has reserved the following three blocks of IP addresses specifically for private
networks:
• 10.0.0.0 — 10.255.255.255
• 172.16.0.0 — 172.31.255.255
• 192.168.0.0 — 192.168.255.255
You can obtain your IP address from the IANA, from an ISP or it can be assigned from a
private network. If you belong to a small organization and your Internet access is through an
ISP, the ISP can provide you with the Internet addresses for your local networks. On the other
hand, if you are part of a much larger organization, you should consult your network
administrator for the appropriate IP addresses.
Note: Regardless of your particular situation, do not create an arbitrary IP address;
always follow the guidelines above. For more information on address
assignment, please refer to RFC 1597, Address Allocation for Private Internets
and RFC 1466, Guidelines for Management of IP Address Space.
4.2.2 RIP Setup
RIP (Routing Information Protocol) allows a router to exchange routing information with
other routers. The RIP Direction field controls the sending and receiving of RIP packets.
When set to:
• Both - the Prestige will broadcast its routing table periodically and incorporate the RIP
information that it receives.
• In Only - the Prestige will not send any RIP packets but will accept all RIP packets
received.
• Out Only - the Prestige will send out RIP packets but will not accept any RIP packets
received.
• None - the Prestige will not send any RIP packets and will ignore any RIP packets
received.
The Version field controls the format and the broadcasting method of the RIP packets that the
Prestige sends (it recognizes both formats when receiving). RIP-1 is universally supported;
but RIP-2 carries more information. RIP-1 is probably adequate for most networks, unless
you have an unusual network topology.
Both RIP-2B and RIP-2M sends the routing data in RIP-2 format; the difference being that
RIP-2B uses subnet broadcasting while RIP-2M uses multicasting.
65
Chapter 4 LAN Setup
P-660H/HW/W-T Series User’ Guide
4.2.3 Multicast
Traditionally, IP packets are transmitted in one of either two ways - Unicast (1 sender - 1
recipient) or Broadcast (1 sender - everybody on the network). Multicast delivers IP packets to
a group of hosts on the network - not everybody and not just 1.
IGMP (Internet Group Multicast Protocol) is a network-layer protocol used to establish
membership in a Multicast group - it is not used to carry user data. IGMP version 2 (RFC
2236) is an improvement over version 1 (RFC 1112) but IGMP version 1 is still in wide use. If
you would like to read more detailed information about interoperability between IGMP
version 2 and version 1, please see sections 4 and 5 of RFC 2236. The class D IP address is
used to identify host groups and can be in the range 224.0.0.0 to 239.255.255.255. The address
224.0.0.0 is not assigned to any group and is used by IP multicast computers. The address
224.0.0.1 is used for query messages and is assigned to the permanent group of all IP hosts
(including gateways). All hosts must join the 224.0.0.1 group in order to participate in IGMP.
The address 224.0.0.2 is assigned to the multicast routers group.
The Prestige supports both IGMP version 1 (IGMP-v1) and IGMP version 2 (IGMP-v2). At
start up, the Prestige queries all directly connected networks to gather group membership.
After that, the Prestige periodically updates this information. IP multicasting can be enabled/
disabled on the Prestige LAN and/or WAN interfaces in the web configurator (LAN; WAN).
Select None to disable IP multicasting on these interfaces.
4.2.4 Any IP
Traditionally, you must set the IP addresses and the subnet masks of a computer and the
Prestige to be in the same subnet to allow the computer to access the Internet (through the
Prestige). In cases where your computer is required to use a static IP address in another
network, you may need to manually configure the network settings of the computer every time
you want to access the Internet via the Prestige.
With the Any IP feature and NAT enabled, the Prestige allows a computer to access the
Internet without changing the network settings (such as IP address and subnet mask) of the
computer, when the IP addresses of the computer and the Prestige are not in the same subnet.
Whether a computer is set to use a dynamic or static (fixed) IP address, you can simply
connect the computer to the Prestige and access the Internet.
The following figure depicts a scenario where a computer is set to use a static private IP
address in the corporate environment. In a residential house where a Prestige is installed, you
can still use the computer to access the Internet without changing the network settings, even
when the IP addresses of the computer and the Prestige are not in the same subnet.
Chapter 4 LAN Setup
66
P-660H/HW/W-T Series User’ Guide
Figure 16 Any IP Example
The Any IP feature does not apply to a computer using either a dynamic IP address or a static
IP address that is in the same subnet as the Prestige’s IP address.
Note: You must enable NAT/SUA to use the Any IP feature on the Prestige.
4.2.4.1 How Any IP Works
Address Resolution Protocol (ARP) is a protocol for mapping an Internet Protocol address (IP
address) to a physical machine address, also known as a Media Access Control or MAC
address, on the local area network. IP routing table is defined on IP Ethernet devices (the
Prestige) to decide which hop to use, to help forward data along to its specified destination.
The following lists out the steps taken, when a computer tries to access the Internet for the first
time through the Prestige.
1 When a computer (which is in a different subnet) first attempts to access the Internet, it
sends packets to its default gateway (which is not the Prestige) by looking at the MAC
address in its ARP table.
2 When the computer cannot locate the default gateway, an ARP request is broadcast on the
LAN.
3 The Prestige receives the ARP request and replies to the computer with its own MAC
address.
4 The computer updates the MAC address for the default gateway to the ARP table. Once
the ARP table is updated, the computer is able to access the Internet through the Prestige.
5 When the Prestige receives packets from the computer, it creates an entry in the IP
routing table so it can properly forward packets intended for the computer.
After all the routing information is updated, the computer can access the Prestige and the
Internet as if it is in the same subnet as the Prestige.
67
Chapter 4 LAN Setup
P-660H/HW/W-T Series User’ Guide
4.3 Configuring LAN
Click LAN to open the LAN Setup screen. See Section 4.1 on page 62 for background
information.
Figure 17 LAN Setup
The following table describes the fields in this screen.
Table 11 LAN Setup
LABEL
DESCRIPTION
DHCP
DHCP
If set to Server, your Prestige can assign IP addresses, an IP default gateway
and DNS servers to Windows 95, Windows NT and other systems that support
the DHCP client.
If set to None, the DHCP server will be disabled.
If set to Relay, the Prestige acts as a surrogate DHCP server and relays DHCP
requests and responses between the remote server and the clients. Enter the IP
address of the actual, remote DHCP server in the Remote DHCP Server field in
this case.
When DHCP is used, the following items need to be set:
Client IP Pool
Starting Address
This field specifies the first of the contiguous addresses in the IP address pool.
Chapter 4 LAN Setup
68
P-660H/HW/W-T Series User’ Guide
Table 11 LAN Setup (continued)
LABEL
DESCRIPTION
Size of Client IP
Pool
This field specifies the size or count of the IP address pool.
Primary DNS Server Enter the IP addresses of the DNS servers. The DNS servers are passed to the
DHCP clients along with the IP address and the subnet mask.
Secondary DNS
Server
As above.
Remote DHCP
Server
If Relay is selected in the DHCP field above then enter the IP address of the
actual remote DHCP server here.
TCP/IP
69
IP Address
Enter the IP address of your Prestige in dotted decimal notation, for example,
192.168.1.1 (factory default).
IP Subnet Mask
Type the subnet mask assigned to you by your ISP (if given).
RIP Direction
Select the RIP direction from None, Both, In Only and Out Only.
RIP Version
Select the RIP version from RIP-1, RIP-2B and RIP-2M.
Multicast
IGMP (Internet Group Multicast Protocol) is a network-layer protocol used to
establish membership in a multicast group. The Prestige supports both IGMP
version 1 (IGMP-v1) and IGMP-v2. Select None to disable it.
Any IP Setup
Select the Active check box to enable the Any IP feature. This allows a computer
to access the Internet without changing the network settings (such as IP address
and subnet mask) of the computer, even when the IP addresses of the computer
and the Prestige are not in the same subnet.
When you disable the Any IP feature, only computers with dynamic IP addresses
or static IP addresses in the same subnet as the Prestige’s LAN IP address can
connect to the Prestige or access the Internet through the Prestige.
Apply
Click Apply to save your changes back to the Prestige.
Cancel
Click Cancel to begin configuring this screen afresh.
Chapter 4 LAN Setup
P-660H/HW/W-T Series User’ Guide
CHAPTER 5
Wireless LAN
This chapter discusses how to configure the Wireless LAN screens for P-660HW or P-660W.
5.1 Wireless LAN Introduction
A wireless LAN can be as simple as two computers with wireless LAN adapters
communicating in a peer-to-peer network or as complex as a number of computers with
wireless LAN adapters communicating through access points which bridge network traffic to
the wired LAN.
Refer to Section 5.3 on page 71 to configure wireless LAN settings.
Note: See the WLAN appendix for more detailed information on WLANs.
5.2 Wireless Security Overview
Wireless security is vital to your network to protect wireless communication between wireless
stations, access points and the wired network.
Wireless security methods available on the Prestige are data encryption, wireless client
authentication, restricting access by device MAC address and hiding the Prestige identity.
5.2.1 Encryption
• Use WPA security if you have WPA-aware wireless clients and a RADIUS server. WPA
has user authentication and improved data encryption over WEP.
• Use WPA-PSK if you have WPA-aware wireless clients but no RADIUS server.
• If you don’t have WPA-aware wireless clients, then use WEP key encrypting. A higher
bit key offers better security at a throughput trade-off. You can use Passphrase to
automatically generate 64-bit or 128-bit WEP keys or manually enter 64-bit, 128-bit or
256-bit WEP keys.
5.2.2 Authentication
WPA has user authentication and you can also configure IEEE 802.1x to use the built-in
database (Local User Database) or a RADIUS server to authenticate wireless clients before
joining your network.
Chapter 5 Wireless LAN
70
P-660H/HW/W-T Series User’ Guide
• Use RADIUS authentication if you have a RADIUS server. See the appendices for
information on protocols used when a client authenticates with a RADIUS server via the
Prestige.
• Use the Local User Database if you have less than 32 wireless clients in your network.
The Prestige uses MD5 encryption when a client authenticates with the Local User
Database
5.2.3 Restricted Access
The MAC Filter screen allows you to configure the AP to give exclusive access to devices
(Allow Association) or exclude them from accessing the AP (Deny Association).
5.2.4 Hide Prestige Identity
If you hide the ESSID, then the Prestige cannot be seen when a wireless client scans for local
APs. The trade-off for the extra security of “hiding” the Prestige may be inconvenience for
some valid WLAN clients. If you don’t hide the ESSID, at least you should change the default
one.
5.3 The Main Wireless LAN Screen
Click Wireless LAN in the navigation panel to display the main Wireless LAN screen.
71
Chapter 5 Wireless LAN
P-660H/HW/W-T Series User’ Guide
Figure 18 Wireless LAN
The following table describes the links in this screen.
Table 12 Wireless LAN
LINK
DESCRIPTION
Wireless
Click this link to go to a screen where you can configure the ESSID and WEP.
Note: If you configure WEP, you can’t configure WPA or WPAPSK.
MAC Filter
Click this link to go to a screen where you can restrict access to your wireless
network by MAC address.
802.1x/WPA
Click this link to go to a screen where you can configure WPA or WPA-PSK. You
can also configure 802.1x wireless client authentication in this screen.
RADIUS
Click this link to go to a screen where you can configure the RADIUS
authentication database settings.
Local User
Database
Click this link to go to a screen where you can configure the built-in authentication
database for user authentication.
The following figure shows the relative effectiveness of these wireless security methods
available on your Prestige.
Chapter 5 Wireless LAN
72
P-660H/HW/W-T Series User’ Guide
Figure 19 Wireless Security Methods
Note: You must enable the same wireless security settings on the Prestige and on all
wireless clients that you want to associate with it.
If you do not enable any wireless security on your Prestige, your network is
accessible to any wireless networking device that is within range.
5.4 Configuring the Wireless Screen
5.4.1 WEP Encryption
WEP encryption scrambles the data transmitted between the wireless stations and the access
points to keep network communications private. It encrypts unicast and multicast
communications in a network. Both the wireless stations and the access points must use the
same WEP key.
Your Prestige allows you to configure up to four 64-bit, 128-bit or 256-bit WEP keys but only
one key can be enabled at any one time.
In order to configure and enable WEP encryption; click Wireless LAN and Wireless to the
display the Wireless screen.
73
Chapter 5 Wireless LAN
P-660H/HW/W-T Series User’ Guide
Figure 20 Wireless Screen
The following table describes the labels in this screen.
Table 13 Wireless LAN
LABEL
DESCRIPTION
Enable Wireless
LAN
You should configure some wireless security (see Figure 19 on page 73) when you
enable the wireless LAN. Select the check box to enable the wireless LAN.
ESSID
The ESSID (Extended Service Set IDentification) is a unique name to identify the
Prestige in the wireless LAN. Wireless stations associating to the Prestige must
have the same ESSID.
Enter a descriptive name of up to 32 printable characters (including spaces;
alphabetic characters are case-sensitive).
Hide ESSID
Select Yes to hide the ESSID in so a station cannot obtain the ESSID through AP
scanning.
Select No to make the ESSID visible so a station can obtain the ESSID through AP
scanning.
Channel ID
The radio frequency used by IEEE 802.11a, b or g wireless devices is called a
channel.
Select a channel from the drop-down list box.
RTS/CTS
Threshold
The RTS (Request To Send) threshold (number of bytes) is for enabling RTS/CTS.
Data with its frame size larger than this value will perform the RTS/CTS handshake.
Setting this value to be larger than the maximum MSDU (MAC service data unit)
size turns off RTS/CTS. Setting this value to zero turns on RTS/CTS.
Select the check box to change the default value and enter a new value between 0
and 2432.
Chapter 5 Wireless LAN
74
P-660H/HW/W-T Series User’ Guide
Table 13 Wireless LAN (continued)
LABEL
DESCRIPTION
Fragmentation
Threshold
This is the threshold (number of bytes) for the fragmentation boundary for directed
messages. It is the maximum data fragment size that can be sent.
Select the check box to change the default value and enter a value between 256
and 2432.
You won’t see the following WEP-related fields if you have WPA or WPA-PSK enabled.
Passphrase
Enter a "passphrase" (password phrase) of up to 63 case-sensitive printable
characters and click Generate to have the Prestige create four different WEP keys.
At the time of writing, you cannot use passphrase to generate 256-bit WEP keys.
Generate
After you enter the passphrase, click Generate to have the Prestige generate four
different WEP keys automatically. The keys display in the fields below.
WEP Encryption
WEP (Wired Equivalent Privacy) encrypts data frames before transmitting over the
wireless network.
Select Disable to allow all wireless stations to communicate with the access points
without any data encryption.
Select 64-bit WEP, 128-bit WEP or 256-bit WEP to use data encryption.
Key 1 to Key 4
The WEP keys are used to encrypt data. Both the Prestige and the wireless stations
must use the same WEP key for data transmission.
If you want to manually set the WEP keys, enter the key in the field provided.
If you chose 64-bit WEP, then enter any 5 ASCII characters or 10 hexadecimal
characters ("0-9", "A-F").
If you chose 128-bit WEP, then enter 13 ASCII characters or 26 hexadecimal
characters ("0-9", "A-F").
If you chose 256-bit WEP, then enter 29 ASCII characters or 58 hexadecimal
characters ("0-9", "A-F").
The values for the WEP keys must be set up exactly the same on all wireless
devices in the same wireless LAN.
You must configure all four keys, but only one key can be used at any one time. The
default key is key 1.
Back
Click Back to go to the main wireless LAN setup screen.
Apply
Click Apply to save your changes back to the Prestige.
Cancel
Click Cancel to begin configuring this screen afresh.
Note: If you are configuring the Prestige from a computer connected to the wireless
LAN and you change the Prestige’s ESSID or security settings (see Figure 19
on page 73), you will lose your wireless connection when you press Apply to
confirm. You must then change the wireless settings of your computer to match
the Prestige’s new settings.
5.5 Configuring MAC Filters
Every Ethernet device has a unique MAC (Media Access Control) address. The MAC address
is assigned at the factory and consists of six pairs of hexadecimal characters, for example,
00:A0:C5:00:00:02. You need to know the MAC addresses of the devices to configure this
screen. To change your Prestige’s MAC filter settings, click Wireless LAN, MAC Filter to
open the MAC Filter screen. The screen appears as shown.
75
Chapter 5 Wireless LAN
P-660H/HW/W-T Series User’ Guide
Note: Be careful not to list your computer’s MAC address and set the Action field to
Deny Association when managing the Prestige via a wireless connection.
This would lock you out.
Figure 21 MAC Filter
The following table describes the fields in this menu.
Table 14 MAC Filter
LABEL
DESCRIPTION
Active
Select Yes from the drop down list box to enable MAC address filtering.
Action
Define the filter action for the list of MAC addresses in the MAC Address table.
Select Deny Association to block access to the router, MAC addresses not listed will
be allowed to access the Prestige. Select Allow Association to permit access to the
router, MAC addresses not listed will be denied access to the Prestige.
Chapter 5 Wireless LAN
76
P-660H/HW/W-T Series User’ Guide
Table 14 MAC Filter (continued)
LABEL
DESCRIPTION
MAC Address
Enter the MAC addresses in a valid MAC address format, that is, six hexadecimal
character pairs, for example, 12:34:56:78:9a:bc of the wireless stations that are
allowed or denied access to the Prestige in these address fields.
Back
Click Back to go to the main wireless LAN setup screen.
Apply
Click Apply to save your changes back to the Prestige.
Cancel
Click Cancel to begin configuring this screen afresh.
5.6 Introduction to WPA
Wi-Fi Protected Access (WPA) is a subset of the IEEE 802.11i standard. WPA is preferred to
WEP as WPA has user authentication and improved data encryption. See the appendix for
more information on WPA user authentication and WPA encryption.
If you don’t have an external RADIUS server, you should use WPA-PSK (WPA -Pre-Shared
Key). WPA-PSK only requires a single (identical) password entered into each WLAN
member. As long as the passwords match, a client will be granted access to a WLAN.
Note: You can’t use the Local User Database for authentication when you select
WPA.
5.6.1 WPA-PSK Application Example
A WPA-PSK application looks as follows.
1 First enter identical passwords into the AP and all wireless clients. The Pre-Shared Key
(PSK) must be between 8 and 63 printable characters (including spaces; alphabetic
characters are case-sensitive).
2 The AP checks each client’s password and (only) allows it to join the network if the
passwords match.
3 The AP derives and distributes keys to the wireless clients.
4 The AP and wireless clients use the TKIP encryption process to encrypt data exchanged
between them.
77
Chapter 5 Wireless LAN
P-660H/HW/W-T Series User’ Guide
Figure 22 WPA - PSK Authentication
5.6.2 WPA with RADIUS Application Example
You need the IP address, port number (default is 1812) and shared secret of a RADIUS server.
A WPA application example with an external RADIUS server looks as follows. "A" is the
RADIUS server. "DS" is the distribution system (wired link to the LAN).
1 The AP passes the wireless client’s authentication request to the RADIUS server.
2 The RADIUS server then checks the user's identification against its database and grants
or denies network access accordingly.
3 The RADIUS server distributes a Pairwise Master Key (PMK) key to the AP that then
sets up a key hierarchy and management system, using the pair-wise key to dynamically
generate unique data encryption keys to encrypt every data packet that is wirelessly
transmitted between the AP and the wireless clients
Chapter 5 Wireless LAN
78
P-660H/HW/W-T Series User’ Guide
Figure 23 WPA with RADIUS Application Example2
5.6.3 Wireless Client WPA Supplicants
A wireless client supplicant is the software that runs on an operating system instructing the
wireless client how to use WPA. At the time of writing, the most widely available supplicants
are the WPA patch for Windows XP, Funk Software's Odyssey client, and Meetinghouse Data
Communications' AEGIS client.
The Windows XP patch is a free download that adds WPA capability to Windows XP's builtin "Zero Configuration" wireless client. However, you must run Windows XP to use it.
See Section 5.7.3 on page 82 and Section 5.7.4 on page 84 for configuration instruction.
5.7 Configuring IEEE 802.1x and WPA
To change your Prestige’s authentication settings, click the Wireless LAN link under
Advanced Setup and then the 802.1x/WPA tab. The screen varies by the key management
protocol you select.
• See Section 5.7.1 on page 80 if you want to allow unauthenticated wireless access or
block wireless access on the Prestige.
• See Section 5.7.2 on page 80 to configure IEEE 802.1x authentication.
• See Section 5.7.3 on page 82 to configure WPA.
• See Section 5.7.4 on page 84 to configure WPA-PSK.
79
Chapter 5 Wireless LAN
P-660H/HW/W-T Series User’ Guide
5.7.1 No Access Allowed or Authentication
Select No Access Allowed or No Authentication Required in the Wireless Port
Control field.
Figure 24 Wireless LAN: 802.1x/WPA: No Access Allowed
Figure 25 Wireless LAN: 802.1x/WPA: No Authentication
The following table describes the label in these screens.
Table 15 Wireless LAN: 802.1x/WPA: No Access/Authentication
LABEL
DESCRIPTION
Wireless Port
Control
To control wireless station access to the wired network, select a control method from
the drop-down list box. Choose from No Access Allowed, No Authentication
Required and Authentication Required.
No Access Allowed blocks all wireless stations access to the wired network.
No Authentication Required allows all wireless stations access to the wired network
without entering usernames and passwords. This is the default setting.
Authentication Required means that all wireless stations have to enter usernames
and passwords before access to the wired network is allowed.
Select Authentication Required to configure Key Management Protocol and other
related fields.
Back
Click Back to go to the main wireless LAN setup screen.
Apply
Click Apply to save your changes back to the Prestige.
Cancel
Click Cancel to begin configuring this screen afresh.
5.7.2 Authentication Required: 802.1x
You need the following for IEEE 802.1x authentication.
Chapter 5 Wireless LAN
80
P-660H/HW/W-T Series User’ Guide
• A computer with an IEEE 802.11 a/b/g wireless LAN adapter and equipped with a web
browser (with JavaScript enabled) and/or Telnet.
• A wireless station computer must be running IEEE 802.1x-compliant software. Not all
Windows operating systems support IEEE 802.1x (see the Microsoft web site for details).
For other operating systems, see their documentation. If your operating system does not
support IEEE 802.1x, then you may need to install IEEE 802.1x client software.
• An optional network RADIUS server for remote user authentication and accounting.
Select Authentication Required in the Wireless Port Control field and 802.1x in the Key
Management Protocol field to display the next screen.
Figure 26 Wireless LAN: 802.1x/WPA: 802.1xl
The following table describes the labels in this screen.
Table 16 Wireless LAN: 802.1x/WPA: 802.1x
LABEL
DESCRIPTION
Wireless Port
Control
To control wireless station access to the wired network, select a control method
from the drop-down list box. Choose from No Authentication Required,
Authentication Required and No Access Allowed.
The following fields are only available when you select Authentication Required.
ReAuthentication
Timer
(in Seconds)
Specify how often wireless stations have to reenter usernames and passwords in
order to stay connected. This field is activated only when you select
Authentication Required in the Wireless Port Control field.
Enter a time interval between 10 and 9999 seconds. The default time interval is
1800 seconds (30 minutes).
Note: If wireless station authentication is done using a RADIUS
server, the reauthentication timer on the RADIUS server has
priority.
81
Chapter 5 Wireless LAN
P-660H/HW/W-T Series User’ Guide
Table 16 Wireless LAN: 802.1x/WPA: 802.1x (continued)
LABEL
DESCRIPTION
Idle Timeout
(in Seconds)
The Prestige automatically disconnects a wireless station from the wired network
after a period of inactivity. The wireless station needs to enter the username and
password again before access to the wired network is allowed.
This field is activated only when you select Authentication Required in the
Wireless Port Control field. The default time interval is 3600 seconds (or 1 hour).
Key Management
Protocol
Choose 802.1x from the drop-down list.
Dynamic WEP Key This field is activated only when you select Authentication Required in the
Exchange
Wireless Port Control field. Also set the Authentication Databases field to
RADIUS Only. Local user database may not be used.
Select Disable to allow wireless stations to communicate with the access points
without using dynamic WEP key exchange.
Select 64-bit WEP, 128-bit WEP or 256-bit WEP to enable data encryption.
Up to 32 stations can access the Prestige when you configure dynamic WEP key
exchange.
This field is not available when you set Key Management Protocol to WPA or
WPA-PSK.
Authentication
Databases
The authentication database contains wireless station login information. The local
user database is the built-in database on the Prestige. The RADIUS is an external
server. Use this drop-down list box to select which database the Prestige should
use (first) to authenticate a wireless station.
Before you specify the priority, make sure you have set up the corresponding
database correctly first.
Select Local User Database Only to have the Prestige just check the built-in user
database on the Prestige for a wireless station's username and password.
Select RADIUS Only to have the Prestige just check the user database on the
specified RADIUS server for a wireless station's username and password.
Select Local first, then RADIUS to have the Prestige first check the user
database on the Prestige for a wireless station's username and password. If the
user name is not found, the Prestige then checks the user database on the
specified RADIUS server.
Select RADIUS first, then Local to have the Prestige first check the user
database on the specified RADIUS server for a wireless station's username and
password. If the Prestige cannot reach the RADIUS server, the Prestige then
checks the local user database on the Prestige. When the user name is not found
or password does not match in the RADIUS server, the Prestige will not check the
local user database and the authentication fails.
Back
Click Back to go to the main wireless LAN setup screen.
Apply
Click Apply to save your changes back to the Prestige.
Cancel
Click Cancel to begin configuring this screen afresh.
Note: Once you enable user authentication, you need to specify an external RADIUS
server or create local user accounts on the Prestige for authentication.
5.7.3 Authentication Required: WPA
Select Authentication Required in the Wireless Port Control field and WPA in the Key
Management Protocol field to display the next screen.
Chapter 5 Wireless LAN
82
P-660H/HW/W-T Series User’ Guide
See Section 5.6 on page 77 for more information.
Figure 27 Wireless LAN: 802.1x/WPA: WPA
The following table describes the labels not previously discussed.
Table 17 Wireless LAN: 802.1x/WPA: WPA
83
LABEL
DESCRIPTION
Key Management
Protocol
Choose WPA in this field.
WPA Mixed Mode
The Prestige can operate in WPA Mixed Mode, which supports both clients
running WPA and clients running dynamic WEP key exchange with 802.1x in the
same Wi-Fi network.
Select the check box to activate WPA mixed mode. Otherwise, clear the check
box and configure the Group Data Privacy field.
Group Data Privacy
Group Data Privacy allows you to choose TKIP (recommended) or WEP for
broadcast and multicast ("group") traffic if the Key Management Protocol is
WPA and WPA Mixed Mode is disabled. WEP is used automatically if you have
enabled WPA Mixed Mode.
All unicast traffic is automatically encrypted by TKIP when WPA or WPA-PSK
Key Management Protocol is selected.
WPA Group Key
Update Timer
The WPA Group Key Update Timer is the rate at which the AP (if using WPAPSK key management) or RADIUS server (if using WPA key management)
sends a new group key out to all clients. The re-keying process is the WPA
equivalent of automatically changing the WEP key for an AP and all stations in a
WLAN on a periodic basis. Setting of the WPA Group Key Update Timer is also
supported in WPA-PSK mode. The Prestige default is 1800 seconds (30
minutes).
Authentication
Databases
When you configure Key Management Protocol to WPA, the Authentication
Databases must be RADIUS Only. You can only use the Local User Database
Only with 802.1x Key Management Protocol.
Chapter 5 Wireless LAN
P-660H/HW/W-T Series User’ Guide
5.7.4 Authentication Required: WPA-PSK
Select Authentication Required in the Wireless Port Control field and WPA-PSK in the
Key Management Protocol field to display the next screen.
See Section 5.6 on page 77 for more information.
Figure 28 Wireless LAN: 802.1x/WPA:WPA-PSK
The following table describes the labels not previously discussed.
Table 18 Wireless LAN: 802.1x/WPA: WPA-PSK
LABEL
DESCRIPTION
Key Management
Protocol
Choose WPA-PSK in this field.
Pre-Shared Key
The encryption mechanisms used for WPA and WPA-PSK are the same. The
only difference between the two is that WPA-PSK uses a simple common
password, instead of user-specific credentials.
Type a pre-shared key from 8 to 63 printable characters (including spaces;
alphabetic characters are case-sensitive).
WPA Mixed Mode
The Prestige can operate in WPA Mixed Mode, which supports both clients
running WPA and clients running dynamic WEP key exchange with 802.1x in the
same Wi-Fi network.
Select the check box to activate WPA mixed mode. Otherwise, clear the check
box and configure the Group Data Privacy field.
Chapter 5 Wireless LAN
84
P-660H/HW/W-T Series User’ Guide
Table 18 Wireless LAN: 802.1x/WPA: WPA-PSK (continued)
LABEL
DESCRIPTION
Group Data Privacy
Group Data Privacy allows you to choose TKIP (recommended) or WEP for
broadcast and multicast ("group") traffic if the Key Management Protocol is
WPA and WPA Mixed Mode is disabled. WEP is used automatically if you have
enabled WPA Mixed Mode.
All unicast traffic is automatically encrypted by TKIP when WPA or WPA-PSK
Key Management Protocol is selected.
Authentication
Databases
This field is only visible when WPA Mixed Mode is enabled.
5.8 Configuring Local User Authentication
By storing user profiles locally, your Prestige is able to authenticate wireless users without
interacting with a network RADIUS server. However, there is a limit on the number of users
you may authenticate in this way.
To change your Prestige’s local user database, click Wireless LAN, Local User Database.
The screen appears as shown.
85
Chapter 5 Wireless LAN
P-660H/HW/W-T Series User’ Guide
Figure 29 Local User Database
The following table describes the fields in this screen.
Table 19 Local User Database
LABEL
DESCRIPTION
This is the index number of a local user account.
Active
Select this check box to enable the user profile.
User Name
Enter a user name of up to 31 alphanumeric characters (case-sensitive), hyphens ('-')
and underscores ('_') if you’re using MD5 encryption and maximum 14 if you’re using
PEAP.
Password
Enter a password of up to 31 printable characters (including spaces; alphabetic
characters are case-sensitive) if you’re using MD5 encryption and maximum 14 if you’re
using PEAP.
Back
Click Back to go to the main wireless LAN setup screen.
Apply
Click Apply to save these settings back to the Prestige.
Cancel
Click Cancel to begin configuring this screen again.
Chapter 5 Wireless LAN
86
P-660H/HW/W-T Series User’ Guide
5.9 Configuring RADIUS
To set up your Prestige’s RADIUS server settings, click WIRELESS LAN, RADIUS. The
screen appears as shown.
Figure 30 RADIUS
The following table describes the fields in this screen.
Table 20 RADIUS
LABEL
DESCRIPTION
Authentication Server
Active
Select Yes from the drop-down list box to enable user authentication
through an external authentication server.
Server IP Address
Enter the IP address of the external authentication server in dotted decimal
notation.
Port Number
The default port of the RADIUS server for authentication is 1812.
You need not change this value unless your network administrator instructs
you to do so with additional information.
Shared Secret
Enter a password (up to 31 alphanumeric characters) as the key to be
shared between the external authentication server and the access points.
The key is not sent over the network. This key must be the same on the
external authentication server and Prestige.
Accounting Server
87
Active
Select Yes from the drop-down list box to enable user authentication
through an external accounting server.
Server IP Address
Enter the IP address of the external accounting server in dotted decimal
notation.
Chapter 5 Wireless LAN
P-660H/HW/W-T Series User’ Guide
Table 20 RADIUS (continued)
LABEL
DESCRIPTION
Port Number
The default port of the RADIUS server for accounting is 1813.
You need not change this value unless your network administrator instructs
you to do so with additional information.
Shared Secret
Enter a password (up to 31 alphanumeric characters) as the key to be
shared between the external accounting server and the access points.
The key is not sent over the network. This key must be the same on the
external accounting server and the Prestige.
Back
Click Back to go to the main wireless LAN setup screen.
Apply
Click Apply to save these settings back to the Prestige.
Cancel
Click Cancel to begin configuring this screen again.
Chapter 5 Wireless LAN
88
P-660H/HW/W-T Series User’ Guide
89
Chapter 5 Wireless LAN
P-660H/HW/W-T Series User’ Guide
CHAPTER 6
WAN Setup
This chapter describes how to configure WAN settings.
6.1 WAN Overview
A WAN (Wide Area Network) is an outside connection to another network or the Internet.
6.1.1 Encapsulation
Be sure to use the encapsulation method required by your ISP. The Prestige supports the
following methods.
6.1.1.1 ENET ENCAP
The MAC Encapsulated Routing Link Protocol (ENET ENCAP) is only implemented with the
IP network protocol. IP packets are routed between the Ethernet interface and the WAN
interface and then formatted so that they can be understood in a bridged environment. For
instance, it encapsulates routed Ethernet frames into bridged ATM cells. ENET ENCAP
requires that you specify a gateway IP address in the ENET ENCAP Gateway field in the
second wizard screen. You can get this information from your ISP.
6.1.1.2 PPP over Ethernet
PPPoE provides access control and billing functionality in a manner similar to dial-up services
using PPP. The Prestige bridges a PPP session over Ethernet (PPP over Ethernet, RFC 2516)
from your computer to an ATM PVC (Permanent Virtual Circuit) which connects to ADSL
Access Concentrator where the PPP session terminates. One PVC can support any number of
PPP sessions from your LAN. For more information on PPPoE, see the appendices.
6.1.1.3 PPPoA
PPPoA stands for Point to Point Protocol over ATM Adaptation Layer 5 (AAL5). A PPPoA
connection functions like a dial-up Internet connection. The Prestige encapsulates the PPP
session based on RFC1483 and sends it through an ATM PVC (Permanent Virtual Circuit) to
the Internet Service Provider’s (ISP) DSLAM (digital access multiplexer). Please refer to RFC
2364 for more information on PPPoA. Refer to RFC 1661 for more information on PPP.
Chapter 6 WAN Setup
90
P-660H/HW/W-T Series User’ Guide
6.1.1.4 RFC 1483
RFC 1483 describes two methods for Multiprotocol Encapsulation over ATM Adaptation
Layer 5 (AAL5). The first method allows multiplexing of multiple protocols over a single
ATM virtual circuit (LLC-based multiplexing) and the second method assumes that each
protocol is carried over a separate ATM virtual circuit (VC-based multiplexing). Please refer
to the RFC for more detailed information.
6.1.2 Multiplexing
There are two conventions to identify what protocols the virtual circuit (VC) is carrying. Be
sure to use the multiplexing method required by your ISP.
6.1.2.1 VC-based Multiplexing
In this case, by prior mutual agreement, each protocol is assigned to a specific virtual circuit;
for example, VC1 carries IP, etc. VC-based multiplexing may be dominant in environments
where dynamic creation of large numbers of ATM VCs is fast and economical.
6.1.2.2 LLC-based Multiplexing
In this case one VC carries multiple protocols with protocol identifying information being
contained in each packet header. Despite the extra bandwidth and processing overhead, this
method may be advantageous if it is not practical to have a separate VC for each carried
protocol, for example, if charging heavily depends on the number of simultaneous VCs.
6.1.3 VPI and VCI
Be sure to use the correct Virtual Path Identifier (VPI) and Virtual Channel Identifier (VCI)
numbers assigned to you. The valid range for the VPI is 0 to 255 and for the VCI is 32 to
65535 (0 to 31 is reserved for local management of ATM traffic). Please see the appendix for
more information.
6.1.4 IP Address Assignment
A static IP is a fixed IP that your ISP gives you. A dynamic IP is not fixed; the ISP assigns you
a different one each time. The Single User Account feature can be enabled or disabled if you
have either a dynamic or static IP. However the encapsulation method assigned influences
your choices for IP address and ENET ENCAP gateway.
6.1.4.1 IP Assignment with PPPoA or PPPoE Encapsulation
If you have a dynamic IP, then the IP Address and ENET ENCAP Gateway fields are not
applicable (N/A). If you have a static IP, then you only need to fill in the IP Address field and
not the ENET ENCAP Gateway field.
91
Chapter 6 WAN Setup
P-660H/HW/W-T Series User’ Guide
6.1.4.2 IP Assignment with RFC 1483 Encapsulation
In this case the IP Address Assignment must be static with the same requirements for the IP
Address and ENET ENCAP Gateway fields as stated above.
6.1.4.3 IP Assignment with ENET ENCAP Encapsulation
In this case you can have either a static or dynamic IP. For a static IP you must fill in all the IP
Address and ENET ENCAP Gateway fields as supplied by your ISP. However for a
dynamic IP, the Prestige acts as a DHCP client on the WAN port and so the IP Address and
ENET ENCAP Gateway fields are not applicable (N/A) as the DHCP server assigns them to
the Prestige.
6.1.5 Nailed-Up Connection (PPP)
A nailed-up connection is a dial-up line where the connection is always up regardless of traffic
demand. The Prestige does two things when you specify a nailed-up connection. The first is
that idle timeout is disabled. The second is that the Prestige will try to bring up the connection
when turned on and whenever the connection is down. A nailed-up connection can be very
expensive for obvious reasons.
Do not specify a nailed-up connection unless your telephone company offers flat-rate service
or you need a constant connection and the cost is of no concern
6.1.6 NAT
NAT (Network Address Translation - NAT, RFC 1631) is the translation of the IP address of a
host in a packet, for example, the source address of an outgoing packet, used within one
network to a different IP address known within another network.
6.2 Metric
The metric represents the "cost of transmission". A router determines the best route for
transmission by choosing a path with the lowest "cost". RIP routing uses hop count as the
measurement of cost, with a minimum of "1" for directly connected networks. The number
must be between "1" and "15"; a number greater than "15" means the link is down. The
smaller the number, the lower the "cost".
The metric sets the priority for the Prestige’s routes to the Internet. If any two of the default
routes have the same metric, the Prestige uses the following pre-defined priorities:
• Normal route: designated by the ISP (see Section 6.7 on page 95)
• Traffic-redirect route (see Section 6.8 on page 98)
• WAN-backup route, also called dial-backup (see Section 6.9 on page 99)
Chapter 6 WAN Setup
92
P-660H/HW/W-T Series User’ Guide
For example, if the normal route has a metric of "1" and the traffic-redirect route has a metric
of "2" and dial-backup route has a metric of "3", then the normal route acts as the primary
default route. If the normal route fails to connect to the Internet, the Prestige tries the trafficredirect route next. In the same manner, the Prestige uses the dial-backup route if the trafficredirect route also fails.
If you want the dial-backup route to take first priority over the traffic-redirect route or even the
normal route, all you need to do is set the dial-backup route’s metric to "1" and the others to
"2" (or greater).
IP Policy Routing overrides the default routing behavior and takes priority over all of the
routes mentioned above.
6.3 PPPoE Encapsulation
The Prestige supports PPPoE (Point-to-Point Protocol over Ethernet). PPPoE is an IETF Draft
standard (RFC 2516) specifying how a personal computer (PC) interacts with a broadband
modem (DSL, cable, wireless, etc.) connection. The PPPoE option is for a dial-up connection
using PPPoE.
For the service provider, PPPoE offers an access and authentication method that works with
existing access control systems (for example Radius). PPPoE provides a login and
authentication method that the existing Microsoft Dial-Up Networking software can activate,
and therefore requires no new learning or procedures for Windows users.
One of the benefits of PPPoE is the ability to let you access one of multiple network services,
a function known as dynamic service selection. This enables the service provider to easily
create and offer new IP services for individuals.
Operationally, PPPoE saves significant effort for both you and the ISP or carrier, as it requires
no specific configuration of the broadband modem at the customer site.
By implementing PPPoE directly on the Prestige (rather than individual computers), the
computers on the LAN do not need PPPoE software installed, since the Prestige does that part
of the task. Furthermore, with NAT, all of the LANs’ computers will have access.
6.4 Traffic Shaping
Traffic Shaping is an agreement between the carrier and the subscriber to regulate the average
rate and fluctuations of data transmission over an ATM network. This agreement helps
eliminate congestion, which is important for transmission of real time data such as audio and
video connections.
93
Chapter 6 WAN Setup
P-660H/HW/W-T Series User’ Guide
Peak Cell Rate (PCR) is the maximum rate at which the sender can send cells. This parameter
may be lower (but not higher) than the maximum line speed. 1 ATM cell is 53 bytes (424 bits),
so a maximum speed of 832Kbps gives a maximum PCR of 1962 cells/sec. This rate is not
guaranteed because it is dependent on the line speed.
Sustained Cell Rate (SCR) is the mean cell rate of each bursty traffic source. It specifies the
maximum average rate at which cells can be sent over the virtual connection. SCR may not be
greater than the PCR.
Maximum Burst Size (MBS) is the maximum number of cells that can be sent at the PCR.
After MBS is reached, cell rates fall below SCR until cell rate averages to the SCR again. At
this time, more cells (up to the MBS) can be sent at the PCR again.
If the PCR, SCR or MBS is set to the default of "0", the system will assign a maximum value
that correlates to your upstream line rate.
The following figure illustrates the relationship between PCR, SCR and MBS.
Figure 31 Example of Traffic Shaping
6.5 Zero Configuration Internet Access
Once you turn on and connect the Prestige to a telephone jack, it automatically detects the
Internet connection settings (such as the VCI/VPI numbers and the encapsulation method)
from the ISP and makes the necessary configuration changes. In cases where additional
account information (such as an Internet account user name and password) is required or the
Prestige cannot connect to the ISP, you will be redirected to web screen(s) for information
input or troubleshooting.
Zero configuration for Internet access is disable when
• the Prestige is in bridge mode
• you set the Prestige to use a static (fixed) WAN IP address.
Chapter 6 WAN Setup
94
P-660H/HW/W-T Series User’ Guide
6.6 The Main WAN Screen
Click WAN in the navigation panel to display the man WAN screen.
See Section 6.1 on page 90 for more information.
Figure 32 WAN
The following table describes the links in this screen.
Table 21 WAN
LINK
DESCRIPTION
WAN Setup
Click this link to go to the screen where you can configure your Prestige for an Internet
connection.
WAN Backup
Click this link to go to the screen where you can configure WAN backup connections
(traffic redirect and dial backup).
6.7 Configuring WAN Setup
To change your Prestige’s WAN remote node settings, click WAN and WAN Setup. The
screen differs by the encapsulation.
See Section 6.1 on page 90 for more information.
95
Chapter 6 WAN Setup
P-660H/HW/W-T Series User’ Guide
Figure 33 WAN Setup (PPPoE)
The following table describes the fields in this screen.
Table 22 WAN Setup
LABEL
DESCRIPTION
Name
Enter the name of your Internet Service Provider, e.g., MyISP. This information is
for identification purposes only.
Mode
Select Routing (default) from the drop-down list box if your ISP allows multiple
computers to share an Internet account. Otherwise select Bridge.
Chapter 6 WAN Setup
96
P-660H/HW/W-T Series User’ Guide
Table 22 WAN Setup (continued)
LABEL
DESCRIPTION
Encapsulation
Select the method of encapsulation used by your ISP from the drop-down list
box. Choices vary depending on the mode you select in the Mode field.
If you select Bridge in the Mode field, select either PPPoA or RFC 1483.
If you select Routing in the Mode field, select PPPoA, RFC 1483, ENET
ENCAP or PPPoE.
Multiplex
Select the method of multiplexing used by your ISP from the drop-down list.
Choices are VC or LLC.
Virtual Circuit ID
VPI (Virtual Path Identifier) and VCI (Virtual Channel Identifier) define a virtual
circuit. Refer to the appendix for more information.
VPI
The valid range for the VPI is 0 to 255. Enter the VPI assigned to you.
VCI
The valid range for the VCI is 32 to 65535 (0 to 31 is reserved for local
management of ATM traffic). Enter the VCI assigned to you.
ATM QoS Type
Select CBR (Continuous Bit Rate) to specify fixed (always-on) bandwidth for
voice or data traffic. Select UBR (Unspecified Bit Rate) for applications that are
non-time sensitive, such as e-mail. Select VBR (Variable Bit Rate) for bursty
traffic and bandwidth sharing with other applications.
Cell Rate
Cell rate configuration often helps eliminate traffic congestion that slows
transmission of real time data such as audio and video connections.
Peak Cell Rate
Divide the DSL line rate (bps) by 424 (the size of an ATM cell) to find the Peak
Cell Rate (PCR). This is the maximum rate at which the sender can send cells.
Type the PCR here.
Sustain Cell Rate
The Sustain Cell Rate (SCR) sets the average cell rate (long-term) that can be
transmitted. Type the SCR, which must be less than the PCR. Note that system
default is 0 cells/sec.
Maximum Burst Size Maximum Burst Size (MBS) refers to the maximum number of cells that can be
sent at the peak rate. Type the MBS, which is less than 65535.
Login Information
(PPPoA and PPPoE encapsulation only)
Service Name
(PPPoE only) Type the name of your PPPoE service here.
User Name
Enter the user name exactly as your ISP assigned. If assigned a name in the
form user@domain where domain identifies a service name, then enter both
components exactly as given.
Password
Enter the password associated with the user name above.
IP Address
This option is available if you select Routing in the Mode field.
A static IP address is a fixed IP that your ISP gives you. A dynamic IP address is
not fixed; the ISP assigns you a different one each time you connect to the
Internet.
Select Obtain an IP Address Automatically if you have a dynamic IP address;
otherwise select Static IP Address and type your ISP assigned IP address in
the IP Address field below.
Connection
The schedule rule(s) in SMT menu 26 have priority over your Connection
(PPPoA and PPPoE settings.
encapsulation only)
Nailed-Up
Connection
97
Select Nailed-Up Connection when you want your connection up all the time.
The Prestige will try to bring up the connection automatically if it is disconnected.
Chapter 6 WAN Setup
P-660H/HW/W-T Series User’ Guide
Table 22 WAN Setup (continued)
LABEL
DESCRIPTION
Connect on Demand Select Connect on Demand when you don't want the connection up all the time
and specify an idle time-out in the Max Idle Timeout field.
Max Idle Timeout
Specify an idle time-out in the Max Idle Timeout field when you select Connect
on Demand. The default setting is 0, which means the Internet session will not
timeout.
PPPoE Passthrough This field is available when you select PPPoE encapsulation.
(PPPoE
In addition to the Prestige's built-in PPPoE client, you can enable PPPoE pass
encapsulation only) through to allow up to ten hosts on the LAN to use PPPoE client software on their
computers to connect to the ISP via the Prestige. Each host can have a separate
account and a public WAN IP address.
PPPoE pass through is an alternative to NAT for application where NAT is not
appropriate.
Disable PPPoE pass through if you do not need to allow hosts on the LAN to use
PPPoE client software on their computers to connect to the ISP.
Subnet Mask
(ENET ENCAP
encapsulation only)
Enter a subnet mask in dotted decimal notation.
Refer to the appendices to calculate a subnet mask If you are implementing
subnetting.
ENET ENCAP
Gateway
(ENET ENCAP
encapsulation only)
You must specify a gateway IP address (supplied by your ISP) when you select
ENET ENCAP in the Encapsulation field
Zero Configuration
This feature is not applicable/available when you configure the Prestige to use a
static WAN IP address or in bridge mode.
Select Yes to set the Prestige to automatically detect the Internet connection
settings (such as the VCI/VPI numbers and the encapsulation method) from the
ISP and make the necessary configuration changes.
Select No to disable this feature. You must manually configure the Prestige for
Internet access.
Back
Click Back to return to the previous screen.
Apply
Click Apply to save the changes.
Cancel
Click Cancel to begin configuring this screen afresh.
6.8 Traffic Redirect
Traffic redirect forwards traffic to a backup gateway when the Prestige cannot connect to the
Internet. An example is shown in the figure below.
Chapter 6 WAN Setup
98
P-660H/HW/W-T Series User’ Guide
Figure 34 Traffic Redirect Example
The following network topology allows you to avoid triangle route security issues when the
backup gateway is connected to the LAN. Use IP alias to configure the LAN into two or three
logical networks with the Prestige itself as the gateway for each LAN network. Put the
protected LAN in one subnet (Subnet 1 in the following figure) and the backup gateway in
another subnet (Subnet 2). Configure filters that allow packets from the protected LAN
(Subnet 1) to the backup gateway (Subnet 2).
Figure 35 Traffic Redirect LAN Setup
6.9 Configuring WAN Backup
To change your Prestige’s WAN backup settings, click WAN, then WAN Backup. The screen
appears as shown.
99
Chapter 6 WAN Setup
P-660H/HW/W-T Series User’ Guide
Figure 36 WAN Backup
The following table describes the fields in this screen.
Table 23 WAN Backup
LABEL
DESCRIPTION
Backup Type
Select the method that the Prestige uses to check the DSL connection.
Select DSL Link to have the Prestige check if the connection to the DSLAM is up.
Select ICMP to have the Prestige periodically ping the IP addresses configured in
the Check WAN IP Address fields.
Check WAN IP
Address1-3
Configure this field to test your Prestige's WAN accessibility. Type the IP address of
a reliable nearby computer (for example, your ISP's DNS server address).
Note: If you activate either traffic redirect or dial backup, you must
configure at least one IP address here.
When using a WAN backup connection, the Prestige periodically pings the
addresses configured here and uses the other WAN backup connection (if
configured) if there is no response.
Fail Tolerance
Type the number of times (2 recommended) that your Prestige may ping the IP
addresses configured in the Check WAN IP Address field without getting a
response before switching to a WAN backup connection (or a different WAN
backup connection).
Recovery Interval When the Prestige is using a lower priority connection (usually a WAN backup
connection), it periodically checks to whether or not it can use a higher priority
connection.
Type the number of seconds (30 recommended) for the Prestige to wait between
checks. Allow more time if your destination IP address handles lots of traffic.
Chapter 6 WAN Setup
100
P-660H/HW/W-T Series User’ Guide
Table 23 WAN Backup (continued)
LABEL
DESCRIPTION
Timeout
Type the number of seconds (3 recommended) for your Prestige to wait for a ping
response from one of the IP addresses in the Check WAN IP Address field before
timing out the request. The WAN connection is considered "down" after the Prestige
times out the number of times specified in the Fail Tolerance field. Use a higher
value in this field if your network is busy or congested.
Traffic Redirect
Traffic redirect forwards traffic to a backup gateway when the Prestige cannot
connect to the Internet.
Active
Select this check box to have the Prestige use traffic redirect if the normal WAN
connection goes down.
Note: If you activate traffic redirect, you must configure at least one
Check WAN IP Address.
101
Metric
This field sets this route's priority among the routes the Prestige uses.
The metric represents the "cost of transmission". A router determines the best route
for transmission by choosing a path with the lowest "cost". RIP routing uses hop
count as the measurement of cost, with a minimum of "1" for directly connected
networks. The number must be between "1" and "15"; a number greater than "15"
means the link is down. The smaller the number, the lower the "cost".
Backup Gateway
Type the IP address of your backup gateway in dotted decimal notation. The
Prestige automatically forwards traffic to this IP address if the Prestige's Internet
connection terminates.
Back
Click Back to return to the previous screen.
Apply
Click Apply to save the changes.
Cancel
Click Cancel to begin configuring this screen afresh.
Chapter 6 WAN Setup
P-660H/HW/W-T Series User’ Guide
CHAPTER 7
Network Address Translation
(NAT) Screens
This chapter discusses how to configure NAT on the Prestige.
7.1 NAT Overview
NAT (Network Address Translation - NAT, RFC 1631) is the translation of the IP address of a
host in a packet, for example, the source address of an outgoing packet, used within one
network to a different IP address known within another network.
7.1.1 NAT Definitions
Inside/outside denotes where a host is located relative to the Prestige, for example, the
computers of your subscribers are the inside hosts, while the web servers on the Internet are
the outside hosts.
Global/local denotes the IP address of a host in a packet as the packet traverses a router, for
example, the local address refers to the IP address of a host when the packet is in the local
network, while the global address refers to the IP address of the host when the same packet is
traveling in the WAN side.
Note that inside/outside refers to the location of a host, while global/local refers to the IP
address of a host used in a packet. Thus, an inside local address (ILA) is the IP address of an
inside host in a packet when the packet is still in the local network, while an inside global
address (IGA) is the IP address of the same inside host when the packet is on the WAN side.
The following table summarizes this information.
Table 24 NAT Definitions
ITEM
DESCRIPTION
Inside
This refers to the host on the LAN.
Outside
This refers to the host on the WAN.
Local
This refers to the packet address (source or destination) as the packet travels on the
LAN.
Global
This refers to the packet address (source or destination) as the packet travels on the
WAN.
NAT never changes the IP address (either local or global) of an outside host.
Chapter 7 Network Address Translation (NAT) Screens
102
P-660H/HW/W-T Series User’ Guide
7.1.2 What NAT Does
In the simplest form, NAT changes the source IP address in a packet received from a
subscriber (the inside local address) to another (the inside global address) before forwarding
the packet to the WAN side. When the response comes back, NAT translates the destination
address (the inside global address) back to the inside local address before forwarding it to the
original inside host. Note that the IP address (either local or global) of an outside host is never
changed.
The global IP addresses for the inside hosts can be either static or dynamically assigned by the
ISP. In addition, you can designate servers, for example, a web server and a telnet server, on
your local network and make them accessible to the outside world. If you do not define any
servers (for Many-to-One and Many-to-Many Overload mapping – see Table 25 on page 105),
NAT offers the additional benefit of firewall protection. With no servers defined, your
Prestige filters out all incoming inquiries, thus preventing intruders from probing your
network. For more information on IP address translation, refer to RFC 1631, The IP Network
Address Translator (NAT).
7.1.3 How NAT Works
Each packet has two addresses – a source address and a destination address. For outgoing
packets, the ILA (Inside Local Address) is the source address on the LAN, and the IGA (Inside
Global Address) is the source address on the WAN. For incoming packets, the ILA is the
destination address on the LAN, and the IGA is the destination address on the WAN. NAT
maps private (local) IP addresses to globally unique ones required for communication with
hosts on other networks. It replaces the original IP source address (and TCP or UDP source
port numbers for Many-to-One and Many-to-Many Overload NAT mapping) in each packet
and then forwards it to the Internet. The Prestige keeps track of the original addresses and port
numbers so incoming reply packets can have their original values restored. The following
figure illustrates this.
103
Chapter 7 Network Address Translation (NAT) Screens
P-660H/HW/W-T Series User’ Guide
Figure 37 How NAT Works
7.1.4 NAT Application
The following figure illustrates a possible NAT application, where three inside LANs (logical
LANs using IP Alias) behind the Prestige can communicate with three distinct WAN
networks. More examples follow at the end of this chapter.
Figure 38 NAT Application With IP Alias
Chapter 7 Network Address Translation (NAT) Screens
104
P-660H/HW/W-T Series User’ Guide
7.1.5 NAT Mapping Types
NAT supports five types of IP/port mapping. They are:
• One to One: In One-to-One mode, the Prestige maps one local IP address to one global
IP address.
• Many to One: In Many-to-One mode, the Prestige maps multiple local IP addresses to
one global IP address. This is equivalent to SUA (for instance, PAT, port address
translation), ZyXEL’s Single User Account feature that previous ZyXEL routers
supported (the SUA Only option in today’s routers).
• Many to Many Overload: In Many-to-Many Overload mode, the Prestige maps the
multiple local IP addresses to shared global IP addresses.
• Many-to-Many No Overload: In Many-to-Many No Overload mode, the Prestige maps
each local IP address to a unique global IP address.
• Server: This type allows you to specify inside servers of different services behind the
NAT to be accessible to the outside world.
Port numbers do NOT change for One-to-One and Many-to-Many No Overload NAT
mapping types.
The following table summarizes these types.
Table 25 NAT Mapping Types
105
TYPE
IP MAPPING
SMT ABBREVIATION
One-to-One
ILA1ÅÆ IGA1
1:1
Many-to-One (SUA/PAT)
ILA1ÅÆ IGA1
ILA2ÅÆ IGA1
…
M:1
Many-to-Many Overload
ILA1ÅÆ IGA1
ILA2ÅÆ IGA2
ILA3ÅÆ IGA1
ILA4ÅÆ IGA2
…
M:M Ov
Many-to-Many No Overload
ILA1ÅÆ IGA1
ILA2ÅÆ IGA2
ILA3ÅÆ IGA3
…
M:M No OV
Server
Server 1 IPÅÆ IGA1
Server 2 IPÅÆ IGA1
Server 3 IPÅÆ IGA1
Server
Chapter 7 Network Address Translation (NAT) Screens
P-660H/HW/W-T Series User’ Guide
7.2 SUA (Single User Account) Versus NAT
SUA (Single User Account) is a ZyNOS implementation of a subset of NAT that supports two
types of mapping, Many-to-One and Server. The Prestige also supports Full Feature NAT
to map multiple global IP addresses to multiple private LAN IP addresses of clients or servers
using mapping types as outlined in Table 25 on page 105.
• Choose SUA Only if you have just one public WAN IP address for your Prestige.
• Choose Full Feature if you have multiple public WAN IP addresses for your Prestige.
7.3 SUA Server
A SUA server set is a list of inside (behind NAT on the LAN) servers, for example, web or
FTP, that you can make visible to the outside world even though SUA makes your whole
inside network appear as a single computer to the outside world.
You may enter a single port number or a range of port numbers to be forwarded, and the local
IP address of the desired server. The port number identifies a service; for example, web
service is on port 80 and FTP on port 21. In some cases, such as for unknown services or
where one server can support more than one service (for example both FTP and web service),
it might be better to specify a range of port numbers. You can allocate a server IP address that
corresponds to a port or a range of ports.
Many residential broadband ISP accounts do not allow you to run any server processes (such
as a Web or FTP server) from your location. Your ISP may periodically check for servers and
may suspend your account if it discovers any active services at your location. If you are
unsure, refer to your ISP.
7.3.1 Default Server IP Address
In addition to the servers for specified services, NAT supports a default server IP address. A
default server receives packets from ports that are not specified in this screen.
If you do not assign an IP address in Server Set 1 (default server) the Prestige discards all
packets received for ports that are not specified here or in the remote management setup.
7.3.2 Port Forwarding: Services and Port Numbers
The most often used port numbers are shown in the following table. Please refer to RFC 1700
for further information about port numbers.
Table 26 Services and Port Numbers
SERVICES
PORT NUMBER
ECHO
FTP (File Transfer Protocol)
21
Chapter 7 Network Address Translation (NAT) Screens
106
P-660H/HW/W-T Series User’ Guide
Table 26 Services and Port Numbers (continued)
SERVICES
PORT NUMBER
SMTP (Simple Mail Transfer Protocol)
25
DNS (Domain Name System)
53
Finger
79
HTTP (Hyper Text Transfer protocol or WWW, Web)
80
POP3 (Post Office Protocol)
110
NNTP (Network News Transport Protocol)
119
SNMP (Simple Network Management Protocol)
161
SNMP trap
162
PPTP (Point-to-Point Tunneling Protocol)
1723
7.3.3 Configuring Servers Behind SUA (Example)
Let's say you want to assign ports 21-25 to one FTP, Telnet and SMTP server (A in the
example), port 80 to another (B in the example) and assign a default server IP address of
192.168.1.35 to a third (C in the example). You assign the LAN IP addresses and the ISP
assigns the WAN IP address. The NAT network appears as a single host on the Internet.
IP address assigned by ISP.
Figure 39 Multiple Servers Behind NAT Example
7.4 Selecting the NAT Mode
You must create a firewall rule in addition to setting up SUA/NAT, to allow traffic from the
WAN to be forwarded through the Prestige. Click NAT to open the following screen.
107
Chapter 7 Network Address Translation (NAT) Screens
P-660H/HW/W-T Series User’ Guide
Figure 40 NAT Mode
The following table describes the labels in this screen.
Table 27 NAT Mode
LABEL
DESCRIPTION
None
Select this radio button to disable NAT.
SUA Only
Select this radio button if you have just one public WAN IP address for your Prestige.
The Prestige uses Address Mapping Set 1 in the NAT - Edit SUA/NAT Server Set
screen.
Edit Details
Click this link to go to the NAT - Edit SUA/NAT Server Set screen.
Full Feature
Select this radio button if you have multiple public WAN IP addresses for your Prestige.
Edit Details
Click this link to go to the NAT - Address Mapping Rules screen.
Apply
Click Apply to save your configuration.
7.5 Configuring SUA Server Set
If you do not assign an IP address in Server Set 1 (default server) the Prestige discards all
packets received for ports that are not specified here or in the remote management setup.
Click NAT, select SUA Only and click Edit Details to open the following screen.
See Section 7.3 on page 106 for more information. See Table 26 on page 106 for port numbers
commonly used for particular services.
Chapter 7 Network Address Translation (NAT) Screens
108
P-660H/HW/W-T Series User’ Guide
Figure 41 Edit SUA/NAT Server Set
The following table describes the fields in this screen.
Table 28 Edit SUA/NAT Server Set
LABEL
DESCRIPTION
Start Port No.
Enter a port number in this field.
To forward only one port, enter the port number again in the End Port No. field.
To forward a series of ports, enter the start port number here and the end port
number in the End Port No. field.
End Port No.
Enter a port number in this field.
To forward only one port, enter the port number again in the Start Port No. field
above and then enter it again in this field.
To forward a series of ports, enter the last port number in a series that begins with
the port number in the Start Port No. field above.
Server IP Address Enter your server IP address in this field.
109
Save
Click Save to save your changes back to the Prestige.
Cancel
Click Cancel to return to the previous configuration.
Chapter 7 Network Address Translation (NAT) Screens
P-660H/HW/W-T Series User’ Guide
7.6 Configuring Address Mapping Rules
Ordering your rules is important because the Prestige applies the rules in the order that you
specify. When a rule matches the current packet, the Prestige takes the corresponding action
and the remaining rules are ignored. If there are any empty rules before your new configured
rule, your configured rule will be pushed up by that number of empty rules. For example, if
you have already configured rules 1 to 6 in your current set and now you configure rule
number 9. In the set summary screen, the new rule will be rule 7, not 9. Now if you delete rule
4, rules 5 to 7 will be pushed up by 1 rule, so old rules 5, 6 and 7 become new rules 4, 5 and 6.
To change your Prestige’s address mapping settings, click NAT, Select Full Feature and click
Edit Details to open the following screen.
Figure 42 Address Mapping Rules
The following table describes the fields in this screen.
Table 29 Address Mapping Rules
LABEL
DESCRIPTION
Local Start IP
This is the starting Inside Local IP Address (ILA). Local IP addresses are N/A for
Server port mapping.
Local End IP
This is the end Inside Local IP Address (ILA). If the rule is for all local IP addresses,
then this field displays 0.0.0.0 as the Local Start IP address and 255.255.255.255
as the Local End IP address. This field is N/A for One-to-one and Server mapping
types.
Global Start IP
This is the starting Inside Global IP Address (IGA). Enter 0.0.0.0 here if you have a
dynamic IP address from your ISP. You can only do this for Many-to-One and
Server mapping types.
Global End IP
This is the ending Inside Global IP Address (IGA). This field is N/A for One-to-one,
Many-to-One and Server mapping types.
Chapter 7 Network Address Translation (NAT) Screens
110
Source Exif Data:
File Type : PDF File Type Extension : pdf MIME Type : application/pdf PDF Version : 1.6 Linearized : No Encryption : Standard V2.3 (128-bit) User Access : Print, Copy, Extract, Print high-res XMP Toolkit : 3.1-701 Producer : Acrobat Distiller 5.0.5 (Windows) Modify Date : 2005:07:27 07:33:02-06:00 Create Date : 2005:07:27 13:34:15-07:00 Metadata Date : 2005:07:27 07:33:02-06:00 Creator Tool : FrameMaker 7.1 Format : application/pdf Creator : Cindy Yang Title : P-660H/HW/W T Series User's Guide V3.40 (July 2005) Document ID : uuid:2afb6455-cb14-41d9-914f-a53375643b9e Instance ID : uuid:130d9ac8-70c6-409f-af30-27bd07e9e550 Page Count : 110 Author : Cindy YangEXIF Metadata provided by EXIF.tools