Home
/
ZyXEL Communications
/
Prestige 652
/
User Manual

ZyXEL Communications Prestige 652, User Manual, Page: 144 / 521

Share

Page: 144 / 521

ZyXEL Communications Prestige 652 User Manual Download Page 144

Prestige 652 Series User’s Guide

Firewalls

11-11

work properly, this connection must be allowed to pass through even though a connection from the Internet
would normally be rejected.

In order to achieve this, the Prestige inspects the application-level FTP data. Specifically, it searches for
outgoing "PORT" commands, and when it sees these, it adds a cache entry for the anticipated data
connection. This can be done safely, since the PORT command contains address and port information, which
can be used to uniquely identify the connection.

Any protocol that operates in this way must be supported on a case-by-case basis. You can use the web
configurator’s Custom Ports feature to do this.

11.6 Guidelines For Enhancing Security With Your Firewall

1. Change the default password via SMT or web configurator.

2. Think about access control

before

you connect a console port to the network in any way, including

attaching a modem to the port. Be aware that a break on the console port might give unauthorized
individuals total control of the firewall, even with access control configured.

3. Limit who can telnet into your router.

4. Don't enable any local service (such as SNMP or NTP) that you don't use. Any enabled service could

present a potential security risk. A determined hacker might be able to find creative ways to misuse the
enabled services to access the firewall or the network.

5. For local services that are enabled, protect against misuse. Protect by configuring the services to

communicate only with specific peers, and protect by configuring rules to block packets for the services
at specific interfaces.

6. Protect against IP spoofing by making sure the firewall is active.

7. Keep the firewall in a secured (locked) room.

11.6.1 Security In General

You can never be too careful! Factors outside your firewall, filtering or NAT can cause security breaches.
Below are some generalizations about what you can do to minimize them.

1. Encourage your company or organization to develop a comprehensive security plan. Good network

administration takes into account what hackers can do and prepares against attacks. The best defense
against hackers and crackers is information. Educate all employees about the importance of security and
how to minimize risk. Produce lists like this one!

2. DSL or cable modem connections are “always-on” connections and are particularly vulnerable because

they provide more opportunities for hackers to crack your system. Turn your computer off when not in
use.

«
...
142
143
144
145
146
...
»

Summary of Contents for Prestige 652

Page 1: ...Prestige 652 Series ADSL Security Wireless LAN Router User s Guide Version 3 40 August 2003...

Page 2: ...y ZyXEL Communications Corporation All rights reserved Disclaimer ZyXEL does not assume any liability arising out of the application or use of any products or software described herein Neither does it...

Page 3: ...equency energy and if not installed and used in accordance with the instructions may cause harmful interference to radio communications If this equipment does cause harmful interference to radio telev...

Page 4: ...he purchaser This warranty is in lieu of all other warranties express or implied including any implied warranty of merchantability or fitness for a particular use or purpose ZyXEL shall in no event be...

Page 5: ...578 2439 ftp europe zyxel com ZyXEL Communications Corp 6 Innovation Road II Science Based Industrial Park Hsinchu 300 Taiwan support zyxel com 1 800 255 4101 www us zyxel com NORTH AMERICA sales zyx...

Page 6: ...ing To Know Your Prestige 1 1 1 1 Introducing the Prestige 652 Series 1 1 1 2 Features of the Prestige 1 1 1 3 Applications for the Prestige 1 6 Chapter 2 Introducing the Web Configurator 2 1 2 1 Web...

Page 7: ...ernet Connection 3 15 Password LAN Wireless LAN and WAN II Chapter 4 Password Setup 4 1 4 1 Password Overview 4 1 4 2 Configuring Password 4 1 Chapter 5 LAN Setup 5 1 5 1 LAN Overview 5 1 5 2 DNS Serv...

Page 8: ...t 7 7 7 8 Configuring WAN Backup 7 9 7 9 Configuring Advanced WAN Backup 7 11 7 10 AT Command Strings 7 15 7 11 DTR Signal 7 16 7 12 Response Strings 7 16 7 13 Configuring Advanced Modem Setup 7 16 NA...

Page 9: ...tateful Inspection 11 7 11 6 Guidelines For Enhancing Security With Your Firewall 11 11 11 7 Packet Filtering Vs Firewall 11 12 Chapter 12 Firewall Configuration 12 1 12 1 Remote Management and the Fi...

Page 10: ...iguring Trusted Computers 15 4 VPN IPSec V Chapter 16 Introduction to IPSec 16 1 16 1 VPN Overview 16 1 16 2 IPSec Architecture 16 3 16 3 Encapsulation 16 5 16 4 IPSec and NAT 16 5 Chapter 17 VPN Scre...

Page 11: ...18 4 Web 18 3 18 5 Configuring Remote Management 18 3 Chapter 19 Universal Plug and Play UPnP 19 1 19 1 Introducing Universal Plug and Play 19 1 19 2 UPnP and ZyXEL 19 2 19 3 Installing UPnP in Window...

Page 12: ...2 2 System Status Screen 22 1 22 3 DHCP Table Screen 22 6 22 4 Wireless Screens 22 7 22 5 Diagnostic Screens 22 9 22 6 Firmware Screen 22 12 SMT General Configuration IX Chapter 23 Introducing the SMT...

Page 13: ...thernet Setup 26 2 26 3 TCP IP Ethernet Setup and DHCP 26 2 Chapter 27 Wireless LAN Setup 27 1 27 1 Wireless LAN Overview 27 1 27 2 Inserting a PCMCIA Wireless LAN Card 27 1 27 3 Wireless LAN Setup 27...

Page 14: ...Configuring a Server behind NAT 32 9 32 5 General NAT Examples 32 11 Chapter 33 Enabling the Firewall 33 1 33 1 Remote Management and the Firewall 33 1 33 2 Access Methods 33 1 33 3 Enabling the Firew...

Page 15: ...System Information 37 3 37 3 Log and Trace 37 5 37 4 Diagnostic 37 9 Chapter 38 Firmware and Configuration File Maintenance 38 1 38 1 Filename Conventions 38 1 38 2 Backup Configuration 38 2 38 3 Rest...

Page 16: ...Sec and Internal SPTGEN XI Chapter 43 VPN IPSec Setup 43 1 43 1 VPN IPSec Overview 43 1 43 2 IPSec Summary Screen 43 2 43 3 IPSec Setup 43 6 43 4 IKE Setup 43 11 43 5 Manual Setup 43 13 Chapter 44 SA...

Page 17: ...Appendix D PPPoE D 1 Appendix E Virtual Circuit Topology E 1 Appendix F Power Adaptor Specifications F 1 Appendix G Example Internal SPTGEN Screens G 1 Appendix H Setting up Your Computer s IPAddress...

Page 18: ...Internet Connection with PPPoE 3 6 Figure 3 3 Internet Connection with RFC 1483 3 8 Figure 3 4 Internet Connection with ENET ENCAP 3 9 Figure 3 5 Internet Connection with PPPoA 3 10 Figure 3 6 Wizard...

Page 19: ...e 8 3 Multiple Servers Behind NAT Example 8 8 Figure 8 4 NAT Mode 8 8 Figure 8 5 Edit SUA NAT Server Set 8 10 Figure 8 6 Address Mapping Rules 8 11 Figure 8 7 Address Mapping Rule Edit 8 13 Figure 9 1...

Page 20: ...5 2 Figure 15 2 Content Filter Schedule 15 3 Figure 15 3 Content Filter Trusted 15 4 Figure 16 1 Encryption and Decryption 16 2 Figure 16 2 VPN Application 16 3 Figure 16 3 IPSec Architecture 16 4 Fig...

Page 21: ...ple 21 6 Figure 21 6 Bandwidth Borrowing Example 21 8 Figure 21 7 Bandwidth Manager Summary 21 10 Figure 21 8 Bandwidth Manager Class Setup 21 12 Figure 21 9 Bandwidth Manager Class Configuration 21 1...

Page 22: ...7 Menu 11 2 Remote Node PPP Options 25 11 Figure 25 8 Menu 11 3 Remote Node Network Layer Options 25 11 Figure 25 9 Menu 11 4 Remote Node Setup Script 25 14 Figure 25 10 Menu 11 1 Remote Node Profile...

Page 23: ...1 Sample Static Routing Topology 30 1 Figure 30 2 Menu 12 Static Route Setup 30 2 Figure 30 3 Menu 12 1 IP Static Route Setup P652H HW 30 2 Figure 30 4 Menu12 1 1 Edit IP Static Route 30 3 Figure 31 1...

Page 24: ...ewall Setup 33 2 Figure 34 1 Outgoing Packet Filtering Process 34 2 Figure 34 2 Filter Rule Process 34 3 Figure 34 3 Menu 21 Filter Set Configuration P652H HW 34 4 Figure 34 4 NetBIOS_WAN Filter Rules...

Page 25: ...ystem Maintenance 37 1 Figure 37 2 Menu 24 1 System Maintenance Status 37 2 Figure 37 3 Menu 24 2 System Information and Console Port Speed 37 3 Figure 37 4 Menu 24 2 1 System Maintenance Information...

Page 26: ...seen using the Console Port 38 14 Figure 38 17 Example Xmodem Upload 38 14 Figure 38 18 Menu 24 7 2 as seen using the Console Port 38 15 Figure 38 19 Example Xmodem Upload 38 16 Figure 39 1 Command M...

Page 27: ...u Tree 43 1 Figure 43 2 Menu 27 VPN IPSec Setup 43 2 Figure 43 3 Menu 27 1 IPSec Summary 43 2 Figure 43 4 Menu 27 1 1 IPSec Setup 43 6 Figure 43 5 Menu 27 1 1 1 IKE Setup 43 11 Figure 43 6 Menu 27 1 1...

Page 28: ...word 4 1 Table 5 1 LAN 5 4 Table 6 1 Wireless 6 5 Table 6 2 MAC Address Filter 6 8 Table 6 3 802 1x 6 11 Table 6 4 Local User Database 6 14 Table 6 5 RADIUS 6 15 Table 7 1 WAN Setup 7 5 Table 7 2 WAN...

Page 29: ...able 13 5 Timeout 13 13 Table 14 1 Customized Services 14 2 Table 14 2 Creating Editing A Customized Service 14 3 Table 15 1 Content Filter Keyword 15 2 Table 15 2 Content Filter Schedule 15 4 Table 1...

Page 30: ...p 21 12 Table 21 4 Bandwidth Manager Class Configuration 21 14 Table 21 5 Services and Port Numbers 21 16 Table 21 6 Bandwidth Management Statistics 21 17 Table 21 7 Bandwidth Manager Monitor 21 18 Ta...

Page 31: ...dress Filtering 27 4 Table 28 1 Menu 3 2 1 IP Alias Setup 28 4 Table 28 2 Menu 4 Internet Access Setup 28 5 Table 29 1 Menu 11 1 Remote Node Profile 29 3 Table 29 2 Menu 11 3 Remote Node Network Layer...

Page 32: ...ance Menu Diagnostic 37 10 Table 38 1 Filename Conventions 38 2 Table 38 2 General Commands for GUI based FTP Clients 38 4 Table 38 3 General Commands for GUI based TFTP Clients 38 6 Table 39 1 Menu 2...

Page 33: ...rt A 8 Troubleshooting the Web Configurator A 4 Chart A 9 Troubleshooting Remote Management A 5 Chart B 1 Classes of IP Addresses B 1 Chart B 2 Allowed IP Address Range By Class B 2 Chart B 3 Natural...

Page 34: ...Chart J 4 Attack Logs J 3 Chart J 5 Access Logs J 4 Chart J 6 TCP Reset Logs J 5 Chart J 7 ICMP Notes J 5 Chart J 8 Sample IKE Key Exchange Logs J 8 Chart J 9 Sample IPSec Logs During Packet Transmiss...

Page 35: ...features not configurable by web configurator Use the web configurator System Management Terminal SMT or command interpreter interface to configure your Prestige Not all features can be configured th...

Page 36: ...e click the Apple icon Control Panels and then Modem means first click the Apple icon then point your mouse pointer to Control Panels and then click Modem For brevity s sake we will use e g as a short...

Page 37: ...stream capacity Asymmetrical services ADSL are suitable for Internet users because more information is usually downloaded than uploaded For example a simple button click in a web browser can start an...

Page 38: ...I Getting Started This part is structured as a step by step guide to help you access your Prestige It covers key features and applications accessing the web configurator and configuring the wizard scr...

Page 39: ...the coverage area The web browser based Graphical User Interface provides easy management and is totally independent of the operating system platform you use 1 2 Features of the Prestige Your Prestig...

Page 40: ...ers with wireless LAN Ethernet adapters can connect to the local area network without any wiring efforts and enjoy reliable high speed connectivity Wireless LAN MAC Address Filtering MAC Address Filte...

Page 41: ...to negotiation feature allows the Prestige to detect the speed of incoming transmissions and adjust appropriately without manual intervention It allows data transfer of either 10 Mbps or 100 Mbps in e...

Page 42: ...r Ethernet over AAL5 RFC 2516 RFC 1661 PPP over PAP RFC 1334 PPP over CHAP RFC 1994 Protocol Support DHCP Support DHCP Dynamic Host Configuration Protocol allows the individual clients computers to ob...

Page 43: ...ble with the major ADSL DSLAM Digital Subscriber Line Access Multiplexer providers making configuration as simple as possible for you Multiplexing The Prestige supports VC based and LLC based multiple...

Page 44: ...king it easy to position anywhere in your busy office 1 3 Applications for the Prestige Here are some example uses for which the Prestige is well suited 1 3 1 Internet Access The Prestige is the ideal...

Page 45: ...that allows multiple users on the LAN Local Area Network to access the Internet concurrently for the cost of a single IP address 1 3 2 Firewall for Secure Broadband Internet Access The Prestige provid...

Page 46: ...pplication 1 3 3 VPN Application The Prestige s VPN feature makes it an ideal cost effective way to connect branch offices and business partners over the Internet without the need and expense for leas...

Page 47: ...Know Your Prestige 1 9 Figure 1 3 VPN Application 1 3 4 LAN to LAN Application You can use the Prestige to connect two geographically dispersed networks over the ADSL line A typical LAN to LAN applic...

Page 48: ...Prestige 652 Series User s Guide 1 10 Getting To Know Your Prestige Figure 1 4 Prestige LAN to LAN Application...

Page 49: ...Netscape Navigator 7 0 and later versions with JavaScript enabled It is recommended that you set your screen resolution to 1024 by 768 pixels 2 2 Accessing the Prestige Web Configurator Step 1 Make su...

Page 50: ...or from the SITE MAP screen Screens vary slightly for different Prestige models Select a language from the Language drop down list box Click Wizard Setup to begin a series of screens to configure your...

Page 51: ...tion file replaces the current configuration file with the factory default configuration file This means that you will lose all configurations that you had previously and the speed of the console port...

Page 52: ...nter Debug Mode within 3 seconds press any key to enter debug mode Step 2 Enter atlc after Enter Debug Mode message Step 3 Wait for Starting XMODEM upload message before activating Xmodem upload on yo...

Page 53: ...ted Ethernet frames into bridged ATM cells ENET ENCAP requires that you specify a gateway IP address in the Ethernet Encapsulation Gateway field in the second wizard screen You can get this informatio...

Page 54: ...1 carries IP etc VC based multiplexing may be dominant in environments where dynamic creation of large numbers of ATM VCs is fast and economical 3 3 2 LLC based Multiplexing In this case one VC carrie...

Page 55: ...Choices vary depending on what you select in the Mode field If you select Bridge in the Mode field select either PPPoA or RFC 1483 If you select Routing in the Mode field select PPPoA RFC 1483 ENET EN...

Page 56: ...signed Number Authority IANA reserved this block of addresses specifically for private use please do not use any other number unless you are told otherwise Let s say you select 192 168 1 0 as the netw...

Page 57: ...IP Addresses Every machine on the Internet must have a unique address If your networks are isolated from the Internet for example only between your two branch offices you can assign any IP addresses t...

Page 58: ...reasons Do not specify a nailed up connection unless your telephone company offers flat rate service or you need a constant connection and the cost is of no concern 3 9 NAT NAT Network Address Transla...

Page 59: ...Obtain an IP Address Automatically if you have a dynamic IP address otherwise select Static IP Address and type your ISP assigned IP address in the IP Address text box below Connection Select Connect...

Page 60: ...1483 LABEL DESCRIPTION IP Address This field is available if you select Routing in the Mode field Type your ISP assigned IP address in this field Network Address Translation Select None SUA Only or F...

Page 61: ...Internet The Single User Account feature can be used with either a dynamic or static IP address Select Obtain an IP Address Automatically if you have a dynamic IP address otherwise select Static IP Ad...

Page 62: ...ss Translation Select None SUA Only or Full Feature from the drop sown list box Refer to the NAT chapter for more details Back Click Back to go back to the first wizard screen Next Click Next to conti...

Page 63: ...ult setting selects Connection on Demand with 0 as the idle time out which means the Internet session will not timeout Select Nailed Up Connection when you want your connection up all the time The Pre...

Page 64: ...192 168 1 1 for other server machines for example server for mail FTP telnet web etc that you may have 3 12 Wizard Setup Configuration Third Screen Step 1 Verify the settings in the screen shown next...

Page 65: ...8 1 1 factory default If you changed the Prestige s LAN IP address you must use the new IP address if you want to access the web configurator again LAN Subnet Mask Enter a subnet mask in dotted decima...

Page 66: ...The DNS servers are passed to the DHCP clients along with the IP address and the subnet mask Secondary DNS Server As above Back Click Back to go back to the previous screen Finish Click Finish to save...

Page 67: ...te to www zyxel com Internet access is just the beginning Refer to the rest of this User s Guide for more detailed information on the complete range of Prestige features If you cannot access the Inter...

Page 68: ...Password LAN Wireless LAN and WAN II Part II Password LAN Wireless LAN and WAN This part covers the password LAN Local Area Network wireless LAN and WAN setup...

Page 69: ...for accessing the Prestige 4 2 Configuring Password To change your Prestige s password recommended click Password The screen appears as shown Figure 4 1 Password The following table describes the fiel...

Page 70: ...2 Password Setup Table 4 1 Password LABEL DESCRIPTION Retype to Confirm Type the new password again in this field Apply Click Apply to save your changes back to the Prestige Cancel Click Cancel to be...

Page 71: ...works one inside the LAN network the other outside the WAN network as shown next Figure 5 1 LAN and WAN IP Addresses 5 2 DNS Server Address DNS Domain Name System is for mapping a domain name to its c...

Page 72: ...servers to the computers and the computers can query the DNS server directly without the Prestige s intervention 5 3 DNS Server Address Assignment Use DNS Domain Name System to map a domain name to it...

Page 73: ...transmitted in one of either two ways Unicast 1 sender 1 recipient or Broadcast 1 sender everybody on the network Multicast delivers IP packets to a group of hosts on the network not everybody and no...

Page 74: ...e 652 Series User s Guide 5 4 LAN Setup 5 5 Configuring LAN Click LAN to open the following screen Figure 5 2 LAN The following table describes the fields in this screen Table 5 1 LAN LABEL DESCRIPTIO...

Page 75: ...count of the IP address pool Primary DNS Server Enter the IP addresses of the DNS servers The DNS servers are passed to the DHCP clients along with the IP address and the subnet mask Secondary DNS Se...

Page 76: ...Prestige 652 Series User s Guide 5 6 LAN Setup Table 5 1 LAN LABEL DESCRIPTION Cancel Click this button to reset the fields in this screen...

Page 77: ...s XP An optional network RADIUS server for remote user authentication and accounting 6 1 2 Channel The range of radio frequencies used by IEEE 802 11b wireless devices is called a channel Channels ava...

Page 78: ...n send before an RTS Request To Send CTS Clear to Send handshake is invoked When a data frame exceeds the RTS CTS value you set between 0 to 2432 bytes the station that wants to transmit this frame mu...

Page 79: ...ta frames will be fragmented before they reach RTS CTS size 6 2 Levels of Security Wireless security is vital to your network to protect wireless communication between wireless stations access points...

Page 80: ...a ZyAIR series wireless LAN PCMCIA card to add optional wireless LAN capabilities Step 1 Turn off the Prestige Never insert or remove a wireless LAN card when the Prestige is turned on Step 2 Locate...

Page 81: ...reless LAN Wireless stations associating to the Prestige must have the same ESSID Enter a descriptive name up to 32 characters Hide ESSID Select Yes to hide the ESSID in so a station cannot obtain the...

Page 82: ...WEP to use data encryption Key 1 to Key 4 The WEP keys are used to encrypt data Both the Prestige and the wireless stations must use the same WEP key for data transmission If you chose 64 bit WEP then...

Page 83: ...less LAN Setup 6 7 To change your Prestige s MAC filter settings click Wireless LAN MAC Filter to open the MAC Filter screen The screen appears as shown Figure 6 4 MAC Address Filter The following tab...

Page 84: ...Click Cancel to begin configuring this screen afresh 6 7 Network Authentication You can set the Prestige and your network to authenticate a wireless station before the wireless station can communicat...

Page 85: ...r response from the user and then sends another Access Request message The following types of RADIUS messages are exchanged between the access point and the RADIUS server for user accounting Accountin...

Page 86: ...station sends a start message to the Prestige Step 2 The Prestige sends a request identity message to the wireless station for identity information Step 3 The wireless station replies with identity in...

Page 87: ...wired network ReAuthentication Timer Specify how often wireless stations have to reenter user names and passwords in order to stay connected This field is activated only when you select Authentication...

Page 88: ...ck the user database on the Prestige for a client s user name and password If the user name is not found the Prestige checks the user database on the specified RADIUS server Select RADIUS first then L...

Page 89: ...Prestige 652 Series User s Guide Wireless LAN Setup 6 13 Figure 6 7 Local User Database The following table describes the fields in this screen...

Page 90: ...31 characters long for this user profile Back Click Back to go to the main wireless LAN setup screen Apply Click Apply to save these settings back to the Prestige Cancel Click Cancel to begin configu...

Page 91: ...over the network This key must be the same on the external authentication server and Prestige Accounting Server Active Select Yes from the drop down list box to enable user authentication through an e...

Page 92: ......

Page 93: ...rect route see section 7 6 3 WAN backup route also called dial backup see section 7 6 For example if the normal route has a metric of 1 and the traffic redirect route has a metric of 2 and dial backup...

Page 94: ...affic Shaping is an agreement between the carrier and the subscriber to regulate the average rate and fluctuations of data transmission over an ATM network This agreement helps eliminate congestion wh...

Page 95: ...2 Series User s Guide WAN Setup 7 3 Figure 7 1 Example of Traffic Shaping 7 5 Configuring WAN Setup To change your Prestige s WAN remote node settings click WAN WAN Setup The screen differs by the enc...

Page 96: ...Prestige 652 Series User s Guide 7 4 WAN Setup Figure 7 2 WAN Setup The following table describes the fields in this screen...

Page 97: ...t Refer to the appendix for more information VPI The valid range for the VPI is 0 to 255 Enter the VPI assigned to you VCI The valid range for the VCI is 32 to 65535 0 to 31 is reserved for local mana...

Page 98: ...ime you connect to the Internet The Single User Account feature can be used with either a dynamic or static IP address Select Obtain an IP Address Automatically if you have a dynamic IP address otherw...

Page 99: ...ppendix in the to calculate a subnet mask If you are implementing subnetting ENET ENCAP Gateway ENET ENCAP encapsulation only You must specify a gateway IP address supplied by your ISP when you select...

Page 100: ...cted to the LAN Use IP alias to configure the LAN into two or three logical networks with the Prestige itself as the gateway for each LAN network Put the protected LAN in one subnet Subnet 1 in the fo...

Page 101: ...9 7 8 Configuring WAN Backup To change your Prestige s WAN backup settings click WAN then WAN Backup The screen appears as shown Figure 7 5 WAN Backup The following table describes the fields in this...

Page 102: ...r priority connection Type the number of seconds 30 recommended for the Prestige to wait between checks Allow more time if your destination IP address handles lots of traffic Timeout Type the number o...

Page 103: ...ternal device Available speeds are 9600 19200 38400 57600 115200 or 230400 bps User Name Type the login name assigned by your ISP Password Type the password assigned by your ISP Pri Phone Type the fir...

Page 104: ...Prestige 652 Series User s Guide 7 12 WAN Setup Figure 7 6 Advanced WAN Backup...

Page 105: ...equire dialing the pound sign before the phone number for local calls Include a symbol at the beginning of the phone numbers as required Dial Backup Port Speed Use the drop down list box to select the...

Page 106: ...difference being that RIP 2B uses subnet broadcasting while RIP 2M uses multicasting Multicasting can reduce the load on non router machines since they generally do not listen to the RIP multicast ad...

Page 107: ...up connection can be used during the time configured in the Period field Set an amount that is less than the time period configured in the Period field If you set the Allocated Budget to 0 you will no...

Page 108: ...e strings tell the Prestige the tags or labels immediately preceding the various call parameters sent from the WAN device The response strings have not been standardized please consult the documentati...

Page 109: ...ype the AT Command string to make a call Example atdt Drop Type the AT Command string to drop a call represents a one second wait for example ath can be used if your modem has a slow response time Ans...

Page 110: ...r of times for the Prestige to retry a busy or no answer phone number before blacklisting the number Example 0 Retry Interval Type a number of seconds for the Prestige to wait before trying another ca...

Page 111: ...NAT Dynamic DNS and Time Zone III Part III NAT Dynamic DNS and Time Zone This part covers NAT Network Address Translation dynamic DNS Domain Name Sever and Time Zone setup...

Page 112: ......

Page 113: ...cal address refers to the IP address of a host when the packet is in the local network while the global address refers to the IP address of the host when the same packet is traveling in the WAN side N...

Page 114: ...If you do not define any servers for Many to One and Many to Many Overload mapping see Table 8 2 NAT offers the additional benefit of firewall protection With no servers defined your Prestige filters...

Page 115: ...T Works 8 1 4 NAT Application The following figure illustrates a possible NAT application where three inside LANs logical LANs using IP Alias behind the Prestige can communicate with three distinct WA...

Page 116: ...aps multiple local IP addresses to one global IP address This is equivalent to SUA for instance PAT port address translation ZyXEL s Single User Account feature that previous ZyXEL routers supported t...

Page 117: ...SMT ABBREVIATION One to One ILA1 IGA1 1 1 Many to One SUA PAT ILA1 IGA1 ILA2 IGA1 M 1 Many to Many Overload ILA1 IGA1 ILA2 IGA2 ILA3 IGA1 ILA4 IGA2 M M Ov Many to Many No Overload ILA1 IGA1 ILA2 IGA2...

Page 118: ...ervices NAT supports a default server IP address A default server receives packets from ports that are not specified in this screen If you do not assign a Default Server IP Address then all packets re...

Page 119: ...further information about port numbers Table 8 3 Services and Port Numbers SERVICES PORT NUMBER ECHO 7 FTP File Transfer Protocol 21 SMTP Simple Mail Transfer Protocol 25 DNS Domain Name System 53 Fin...

Page 120: ...ultiple Servers Behind NAT Example 8 4 Selecting the NAT Mode You must create a firewall rule in addition to setting up SUA NAT to allow traffic from the WAN to be forwarded through the Prestige Click...

Page 121: ...erver Set screen Full Feature Select this radio button if you have multiple public WAN IP addresses for your Prestige Edit Details Click this link to go to the NAT Address Mapping Rules screen Apply C...

Page 122: ...the port number again in the End Port No field To forward a series of ports enter the start port number here and the end port number in the End Port No field End Port No Enter a port number in this f...

Page 123: ...ige takes the corresponding action and the remaining rules are ignored If there are any empty rules before your new configured rule your configured rule will be pushed up by that number of empty rules...

Page 124: ...eld is N A for One to one Many to One and Server mapping types Type 1 1 One to one mode maps one local IP address to one global IP address Note that port numbers do not change for the One to one NAT m...

Page 125: ...unt feature that previous ZyXEL routers supported only 3 Many to Many Overload Many to Many Overload mode maps multiple local IP addresses to shared global IP addresses 4 Many to Many No Overload Many...

Page 126: ...is field is N A for One to One Many to One and Server mapping types Server Mapping Set Only available when Type is set to Server Select a number from 1 to 10 from the drop down menu to choose a server...

Page 127: ...ends or relatives will always be able to call you even if they don t know your IP address First of all you need to have registered a dynamic DNS account with www dyndns org This is for people with a d...

Page 128: ...ct the name of your Dynamic DNS service provider Host Names Type the domain name assigned to your Prestige by your Dynamic DNS provider E mail Address Type your e mail address User Type your user name...

Page 129: ...le on all models Use this screen to configure the Prestige s time and date settings 10 1 Configuring Time Zone To change your Prestige s time and date click Time Zone The screen appears as shown Use t...

Page 130: ...dtime gov tw Time Zone Choose the time zone of your location This will set the time difference between your time zone and Greenwich Mean Time GMT Daylight Savings Select this option if you use dayligh...

Page 131: ...page the Prestige synchronizes the time with the time server New Time This field displays the last updated time from the time server When you select None in the Use Time Server when Bootup field enter...

Page 132: ...rs IV Part IV Firewall and Content Filters This part introduces firewalls in general and the Prestige firewall It also explains customized services and logs and gives example firewall rules and an ove...

Page 133: ......

Page 134: ...wall to guard effectively you must design and deploy it appropriately This requires integrating the firewall into a broad information security policy In addition specific policies must be implemented...

Page 135: ...hing that some proxies support See section 11 5 for more information on Stateful Inspection Firewalls of one type or another have become an integral part of standard security solutions for enterprises...

Page 136: ...ocols that perform specific functions An extension number called the TCP port or UDP port identifies these protocols such as HTTP Web FTP File Transfer Protocol POP3 E mail etc For example Web traffic...

Page 137: ...versize packet is then sent to an unsuspecting system Systems may crash hang or reboot 1 b Teardrop attack exploits weaknesses in the re assembly of IP packet fragments As data is transmitted through...

Page 138: ...Attack floods a targeted system with a series of SYN packets Each packet causes the targeted system to issue a SYN ACK response While the targeted system waits for the ACK that follows the SYN ACK it...

Page 139: ...cast the ICMP echo request packet to all hosts on the network If there are numerous hosts this will create a large amount of ICMP echo request and response traffic If a hacker chooses to spoof the sou...

Page 140: ...ng from within the trusted network To engage in IP spoofing a hacker must modify the packet headers so that it appears that the packets originate from a trusted host and should be allowed through the...

Page 141: ...tocol is configured for a firewall rule inspection 1 The packet travels from the firewall s LAN to the WAN 2 The packet is evaluated against the interface s existing outbound access list and the packe...

Page 142: ...ction s state table entry is deleted and the connection s temporary inbound access list entries are deleted 11 5 2 Stateful Inspection and the Prestige Additional rules may be defined to extend or ove...

Page 143: ...quence numbers However at the very minimum they contain an IP address pair source and destination UDP also contains port pairs and ICMP has type and code information All of this data can be analyzed i...

Page 144: ...ocal service such as SNMP or NTP that you don t use Any enabled service could present a potential security risk A determined hacker might be able to find creative ways to misuse the enabled services t...

Page 145: ...ch as or 8 Upgrade your software regularly Many older versions of software especially web browsers have well known security deficiencies When you upgrade to the latest versions you get the latest patc...

Page 146: ...masquerading as a response to a nonexistent outbound request can be blocked The firewall uses session filtering i e smart rules that enhance the filtering process and control the network session rath...

Page 147: ......

Page 148: ...management see the Remote Management chapter and the firewall is enabled The firewall blocks remote management from the WAN unless you configure a firewall rule to allow it The firewall allows remote...

Page 149: ...en see the chapter on logs 12 3 2 Threshold Values Tune these parameters when something is not working and after you have checked the firewall counters These default values should work fine for most s...

Page 150: ...etected in the last one minute sample period TCP Maximum Incomplete and Blocking Time An unusually high number of half open sessions with the same destination host address could indicate that a Denial...

Page 151: ...es the firewall to stop deleting half open sessions The Prestige continues to delete half open sessions as necessary until the rate of new connection attempts drops below this number 80 is the default...

Page 152: ...ber TCP Maximum Incomplete This is the number of existing half open TCP sessions default 10 with the same destination host IP address that causes the firewall to start dropping half open sessions to t...

Page 153: ...or example you may create rules to Block certain types of traffic such as IRC Internet Relay Chat from the LAN to the Internet Allow certain types of traffic such as Lotus Notes database synchronizati...

Page 154: ...vice 2 Is it possible to modify the rule to be more specific For example if IRC is blocked for all users will a rule that blocks just certain users be more effective 3 Does a rule that allows Internet...

Page 155: ...om LAN to WAN and WAN to LAN in your firewall 13 3 1 LAN to WAN Rules The default rule for LAN to WAN traffic is that all users on the LAN are allowed non restricted access to the WAN When you configu...

Page 156: ...n attack automatically generates a log Logs can be sent to an e mail account or syslog server that you specify in the Log Settings screen see the chapter on logs 13 5 Rule Summary The fields in the Ru...

Page 157: ...for packets not matching following rules Use the drop down list box to select whether to Block silently discard or Forward allow the passage of packets that do not match the following rules Default P...

Page 158: ...one Rules Reorder You may reorder your rules using this function Use the drop sown list box to select the number of the rule you want to move The ordering of your rules is important as rules are appli...

Page 159: ...be possible by e mail H 323 TCP 1720 Net Meeting uses this protocol HTTP TCP 80 Hyper Text Transfer Protocol a client server protocol for the world wide web HTTPS HTTPS is a secured http session ofte...

Page 160: ...channel RCMD TCP 512 Remote Command Service REAL_AUDIO TCP 7070 A streaming audio service that enables real time sound over the web REXEC TCP 514 Remote Execution Daemon RLOGIN TCP 513 Remote Login R...

Page 161: ...d in UNIX environments It operates over TCP IP networks Its primary function is to allow users to log into remote host systems TFTP UDP 69 Trivial File Transfer Protocol is an Internet file transfer p...

Page 162: ...e 13 4 Creating Editing A Firewall Rule The following table describes the fields in this screen Table 13 3 Creating Editing A Firewall Rule LABEL DESCRIPTION Source Address Click SrcAdd to add a new a...

Page 163: ...own list box to select whether to Block silently discard or Forward allow the passage of packets that match this rule Log This field determines if a log is created for packets that match the rule Matc...

Page 164: ...50 a subnet or any IP address Select an option from the drop down list box that includes Single Address Range Address Subnet Address and Any Address Start IP Address Type the single IP address or the...

Page 165: ...efault 30 for the Prestige to wait for a TCP session to reach the established state before dropping the session FIN Wait Timeout Type the number of seconds default 60 for a TCP session to remain open...

Page 166: ...Creating Custom Rules Table 13 5 Timeout LABEL DESCRIPTION Back Click Back to return to the previous screen Apply Click Apply to save your customized settings and exit this screen Cancel Click Cancel...

Page 167: ...numbers not predefined by the Prestige see Figure 13 4 For a comprehensive list of port numbers and services visit the IANA Internet Assigned Number Authority website For further information on these...

Page 168: ...of your customized service Protocol This shows the IP protocol TCP UDP or Both that defines your customized service Port This is the port number or range that defines your customized service Back Clic...

Page 169: ...r customized service Back Click Back to return to the Firewall Customized Services screen Apply Click Apply to save your customized settings and exit this screen Cancel Click Cancel to return to the p...

Page 170: ...it rule screen and then click a rule number to bring up the Firewall Customized Services Config screen Configure as follows Figure 14 4 Customized Service for MyService Example Customized services sho...

Page 171: ...lined earlier in this chapter to configure all your rules Configure the rule configuration screen like the one below and apply it Figure 14 5 Syslog Rule Configuration Example This is your MyService c...

Page 172: ...irewall rules the Rule Summary screen should look like the following Don t forget to click Apply when you have finished configuring your rule s to save your settings back to the Prestige Figure 14 6 R...

Page 173: ...u can set a schedule for when the Prestige performs content filtering You can also specify trusted IP addresses on the LAN for which the Prestige will not perform content filtering 15 2 Configuring Ke...

Page 174: ...ct this check box to enable this feature Block Websites that contain these keywords in the URL This box contains the list of all the keywords that you have configured the Prestige to block Delete High...

Page 175: ...will get a message telling you that the content filter is blocking this request Back Click Back to return to the previous screen Apply Click Apply to save your changes back to the Prestige Cancel Cli...

Page 176: ...to the previous screen Apply Click Apply to save your changes Cancel Click Cancel to return to the previously saved settings 15 4 Configuring Trusted Computers To exclude a range of users on the LAN f...

Page 177: ...address of a specific range of users on your LAN that you want to exclude from content filtering Leave this field blank if you want to exclude an individual computer Back Click Back to return to the p...

Page 178: ...VPN IPSec V Part V VPN IPSec This part provides information about configuring VPN IPSec for secure communications...

Page 179: ...ns for secure data communications across a public network like the Internet IPSec is built around a number of standardized cryptographic techniques to provide confidentiality data integrity and authen...

Page 180: ...Prestige supports the following VPN applications Linking Two or More Private Networks Together Connect branch offices and business partners over the Internet with significant cost savings and improve...

Page 181: ...Prestige 652 Series User s Guide Introduction to IPSec 16 3 Figure 16 2 VPN Application 16 2 IPSec Architecture The overall IPSec architecture is shown as follows...

Page 182: ...re including implementation algorithms The Encryption Algorithm describes the use of encryption techniques such as DES Data Encryption Standard and Triple DES algorithms The Authentication Algorithms...

Page 183: ...original IP header in the hashing process 16 3 2 Tunnel Mode Tunnel mode encapsulates the entire IP packet to transmit it securely A Tunnel mode is required for gateway services to provide access to...

Page 184: ...ing headers in a new IP packet The new IP packet s source address is the outbound address of the sending VPN gateway and its destination address is the inbound address of the VPN device at the receivi...

Page 185: ...grity authentication sequence integrity replay resistance and non repudiation but not for confidentiality for which the ESP was designed In applications where confidentiality is not required or not sa...

Page 186: ...dress static or dynamic to set up the VPN tunnel The Prestige has to rebuild the VPN tunnel if the My IP Address changes after setup 17 4 Secure Gateway Address Secure Gateway Address is the WAN IP ad...

Page 187: ...management and not Manual key management 17 5 VPN Summary Screen The following figure helps explain the main fields in the web configurator Figure 17 1 IPSec Summary Fields Local and remote IP address...

Page 188: ...his field displays whether the VPN policy is active or not A Y signifies that this VPN policy is active Local Address This is the IP address es of computers on your local network behind your Prestige...

Page 189: ...ound traffic the Prestige automatically drops the tunnel after two minutes 17 7 ID Type and Content With aggressive negotiation mode see section 17 10 1 the Prestige identifies incoming SAs by ID type...

Page 190: ...Gateway field DNS Type a domain name up to 31 characters by which to identify the remote IPSec router E mail Type an e mail address up to 31 characters by which to identify the remote IPSec router Th...

Page 191: ...E B Local ID type IP Local ID type IP Local ID content 1 1 1 10 Local ID content 1 1 1 10 Peer ID type E mail Peer ID type IP Peer ID content aa yahoo com Peer ID content N A 17 8 Pre Shared Key A pre...

Page 192: ...Prestige 652 Series User s Guide 17 8 VPN Screens Figure 17 3 VPN IKE...

Page 193: ...through a secure gateway must have the same negotiation mode Local Local IP addresses must be static and correspond to the remote IPSec router s configured remote IP addresses Two active SAs cannot ha...

Page 194: ...op down menu to choose Single Range or Subnet Select Single with a single IP address Select Range for a specific range of IP addresses Select Subnet to specify IP addresses on a network by their subne...

Page 195: ...ain name Select E mail to identify the remote IPSec router by an e mail address Content When you select IP in the Peer ID Type field type the IP address of the computer with which you will make the VP...

Page 196: ...me secret key which can be used to encrypt and decrypt the message or to generate and verify a message authentication code The DES encryption algorithm uses a 56 bit key Triple DES 3DES is a variation...

Page 197: ...od expires If an IKE SA times out when an IPSec SA is already established the IPSec SA stays connected In phase 2 you must Choose which protocol to use ESP or AH for the IKE key exchange Choose an enc...

Page 198: ...ows two parties to establish a shared secret over an unsecured communications channel Diffie Hellman is used within IKE SA setup to establish session keys 768 bit Group 1 DH1 and 1024 bit Group 2 DH2...

Page 199: ...ns 17 15 Figure 17 5 VPN IKE Advanced The following table describes the fields in this screen Table 17 8 VPN IKE Advanced LABEL DESCRIPTION VPN IKE Protocol Enter 1 for ICMP 6 for TCP 17 for UDP etc 0...

Page 200: ...P 110 POP3 End Enter a port number in this field to define a port range This port number must be greater than that specified in the previous field If Remote Start Port is left at 0 End will also remai...

Page 201: ...otiates in this field It may range from 60 to 3 000 000 seconds almost 35 days A short SA Life Time increases security by forcing the two VPN gateways to update the encryption and authentication keys...

Page 202: ...s disabled NONE by default in phase 2 IPSec SA setup This allows faster IPSec setup but is not so secure Choose DH1 or DH2 from the drop down list box to enable PFS DH1 refers to Diffie Hellman Group...

Page 203: ...cal outgoing and incoming SPIs 17 13Configuring Manual Key You only configure VPN Manual Key when you select Manual in the Key Management field on the VPN IKE screen This is the VPN Manual Key screen...

Page 204: ...ess Type field is configured to Single enter a static IP address on the LAN behind your Prestige When the Local Address Type field is configured to Range enter the beginning static IP address in a ran...

Page 205: ...nter the end static IP address in a range of computers on the network behind the remote IPSec router When the Remote Address Type field is configured to Subnet enter a subnet mask on the network behin...

Page 206: ...ect SHA1 or MD5 from the drop down list box MD5 Message Digest 5 and SHA1 Secure Hash Algorithm are hash algorithms used to authenticate packet data The SHA1 algorithm is generally considered stronger...

Page 207: ...escribes the fields in this screen Table 17 10 SA Monitor LABEL DESCRIPTION No This is the security association index number Name This field displays the identification name for this VPN policy Encaps...

Page 208: ...Windows Networking NetBIOS over TCP IP NetBIOS Network Basic Input Output System are TCP or UDP broadcast packets that enable a computer to find other computers It may sometimes be necessary to allow...

Page 209: ...ges of addresses cannot overlap See the following table and figure for an example Having everyone use the same pre shared key may create a vulnerability If the pre shared key is compromised all of the...

Page 210: ...arate VPN rule to simultaneously access a Prestige at headquarters They can use different IPSec parameters including the pre shared key and the local IP addresses or ranges of addresses can overlap Se...

Page 211: ...SNMP DNS or ICMP and terminates at the Prestige s LAN or WAN port configure remote management to allow access for that service If the VPN tunnel terminates at the Prestige s LAN IP address configure r...

Page 212: ...UPnP and Logs VI Part VI Remote Management UPnP and Logs This part contains information on how to configure the Prestige for remote management setting up Universal Plug and Play UPnP and setting up an...

Page 213: ...isable When you Choose WAN only or ALL LAN WAN you still need to configure a firewall rule to allow access To disable remote management of a service select Disable in the corresponding Server Access f...

Page 214: ...he LAN 18 1 3 System Timeout There is a system timeout of five minutes three hundred seconds for either the console port or telnet web FTP connections Your Prestige automatically logs you out if you d...

Page 215: ...Each of these labels denotes a service that you may use to remotely manage the Prestige Access Status Select the access interface Choices are All LAN Only WAN Only and Disable Port This field shows t...

Page 216: ...Prestige 652 Series User s Guide 18 4 Remote Management Configuration Table 18 1 Remote Management LABEL DESCRIPTION Cancel Click Cancel to begin configuring this screen afresh...

Page 217: ...ting the icon of a UPnP device will allow you to access the information and properties of that device 19 1 2 NAT Traversal UPnP NAT traversal automates the process of allowing an application to operat...

Page 218: ...ested UPnP broadcasts are only allowed on the LAN See later sections for examples of installing UPnP in Windows XP and Windows Me as well as an example of using UPnP in Windows 19 2 1 Configuring UPnP...

Page 219: ...plication Allow UPnP to pass through Firewall Select this check box to allow traffic from UPnP enabled applications to bypass the firewall Clear this check box to have the firewall block all UPnP appl...

Page 220: ...t the computer when prompted Installing UPnP in Windows XP Follow the steps below to install the UPnP in Windows XP Step 1 Click start and Control Panel Step 2 Double click Network Connections Step 3...

Page 221: ...le This section shows you how to use the UPnP feature in Windows XP You must already have UPnP installed in Windows XP and UPnP activated on the Prestige Make sure the computer is connected to a LAN p...

Page 222: ...re automatically created Step 4 You may edit or delete the port mappings or click Add to manually add port mappings When the UPnP enabled device is disconnected from your computer all port mappings wi...

Page 223: ...can access the web based configurator on the Prestige without finding out the IP address of the Prestige first This comes helpful if you do not know the IP address of the Prestige Follow the steps be...

Page 224: ...nabled device displays under Local Network Step 5 Right click on the icon for your Prestige and select Invoke The web configurator login screen displays Step 6 Right click on the icon for your Prestig...

Page 225: ...Alerts and Logs An alert is a type of log that warrants more serious attention They include system errors attacks access control and attempted access to blocked web sites Some categories such as Syst...

Page 226: ...Prestige 652 Series User s Guide 20 2 Logs Screens Figure 20 1 Log Settings The following table describes the fields in this screen...

Page 227: ...enable UNIX syslog Syslog IP Address Enter the server name or IP address of the syslog server that will log the selected categories of logs Log Facility Select a location from the drop down list box...

Page 228: ...gs screen to see the logs for the categories that you selected in the Log Settings screen see section 20 2 Log entries in red indicate alerts The log wraps around and deletes the old entries after it...

Page 229: ...tings page make sure that you have first filled in the Address Info fields in Log Settings see section 20 2 Refresh Click Refresh to renew the log screen Clear Log Click Clear Log to delete all the lo...

Page 230: ...rward 09 54 17 UDP src port 00520 dest port 00520 1 00 3 Apr 7 00 From 192 168 1 6 To 10 10 10 10 match forward 09 54 19 UDP src port 03516 dest port 00053 1 01 snip snip 126 Apr 7 00 From 192 168 1 1...

Page 231: ...Bandwidth Management VII Part VII Bandwidth Management This part provides information on the functions and configuration of Bandwidth Management...

Page 232: ......

Page 233: ...helps reduce delays and dropped packets at the next routing device For example you can set the WAN interface speed to 1000kbps if the ADSL connection has an upstream speed of 1000kbps All configuratio...

Page 234: ...available bandwidth 21 4 Bandwidth Management Usage Examples These examples show bandwidth management allotments on a WAN interface that is configured for 640Kbps 21 4 1 Application based Bandwidth Ma...

Page 235: ...t Example The following example uses bandwidth classes based on LAN subnets and applications specific applications in each subnet are allotted bandwidth Table 21 1 Application and Subnet based Bandwid...

Page 236: ...ovide smoother operation 21 5 2 Fairness based Scheduler The Prestige divides bandwidth equally among bandwidth classes when using the fairness based scheduler thus preventing one bandwidth class from...

Page 237: ...eps to configure the Prestige to allow bandwidth for traffic that is not defined in a bandwidth filter Leave some of the interface s bandwidth unbudgeted Do not enable the interface s Maximize Bandwid...

Page 238: ...s gets up to its budgeted bandwidth The administration class only uses 1 Mbps of its budgeted 2 Mbps Sales and Marketing are first to get extra bandwidth because they have the highest priority 6 If th...

Page 239: ...s can also borrow bandwidth from a higher parent class grandparent class if the child class s parent class is also configured to borrow bandwidth from its parent class This can go on for as many level...

Page 240: ...th Borrowing Example The Bill class can borrow unused bandwidth from the Sales USA class because the Bill class has bandwidth borrowing enabled The Bill class can also borrow unused bandwidth from the...

Page 241: ...on individual child classes the Prestige functions as follows 1 The Prestige sends traffic according to each bandwidth class s bandwidth budget 2 The Prestige assigns a parent class s unused bandwidth...

Page 242: ...ve Select an interface s check box to enable bandwidth management on that interface Speed kbps Enter the amount of bandwidth for this interface that you want to allocate using bandwidth management Thi...

Page 243: ...stige Cancel Click Cancel to begin configuring this screen afresh 21 9 Configuring Class Setup The class setup screen displays the configured bandwidth classes by individual interface Select an interf...

Page 244: ...LABEL DESCRIPTION Interface Select an interface from the drop down list box for which you wish to set up classes Back Click Back to go to the main BW Manager screen Add Child Class Click Add Child cla...

Page 245: ...ass 21 9 1 Bandwidth Manager Class Configuration Configure a bandwidth management class in the Class Configuration screen You must use the Bandwidth Manager Summary screen to enable bandwidth manageme...

Page 246: ...width Manager Class Configuration The following table describes the labels in this screen Table 21 4 Bandwidth Manager Class Configuration LABEL DESCRIPTION Class Name Use the auto generated name or e...

Page 247: ...le 21 2 Bandwidth Filter The Prestige uses a bandwidth filter to identify the traffic that belongs to a bandwidth class Active Select the check box to have the Prestige use this bandwidth filter when...

Page 248: ...s any source port number Protocol ID Enter the protocol ID service type number for example 1 for ICMP 6 for TCP or 17 for UDP A blank protocol ID means any protocol number Back Click Back to go to the...

Page 249: ...ss the statistics page is showing Budget kbps This field displays the amount of bandwidth allocated to the class Tx Packets This field displays the total number of packets transmitted Tx Bytes This fi...

Page 250: ...10 Configuring Monitor To view the Prestige s bandwidth usage and allotments click BW Manager then Monitor The screen appears as shown Figure 21 11 Bandwidth Manager Monitor The following table descri...

Page 251: ...tige 652 Series User s Guide Bandwidth Management 21 19 Table 21 7 Bandwidth Manager Monitor LABEL DESCRIPTION Back Click Back to go to the main BW Manager screen Refresh Click Refresh to update the p...

Page 252: ...Maintenance VIII Part VIII Maintenance This part covers the maintenance screens...

Page 253: ...t traffic statistics 22 1 Maintenance Overview The maintenance screens can help you view system information upload new firmware manage configuration and restart your Prestige 22 2 System Status Screen...

Page 254: ...Prestige 652 Series User s Guide 22 2 Maintenance Figure 22 1 System Status...

Page 255: ...on IP Address This is the WAN port IP address IP Subnet Mask This is the WAN port IP subnet mask Default Gateway This is the IP address of the default gateway if applicable VPI VCI This is the Virtual...

Page 256: ...of packets sent and number of packets received for each port 22 2 1 System Statistics Click Show Statistics in the System Status screen to open the following screen Read only information here include...

Page 257: ...ype Link types are PPPoA ENET RFC 1483 and PPPoE Interface This field displays the type of port Status For the WAN port this displays the port speed and duplex setting if you re using Ethernet encapsu...

Page 258: ...n Protocol RFC 2131 and RFC 2132 allows individual clients to obtain TCP IP configuration at start up from a server You can configure the Prestige as a DHCP server or disable it When configured as a s...

Page 259: ...computer with the displayed host name Every Ethernet device has a unique MAC address The MAC address is assigned at the factory and consists of six pairs of hexadecimal characters for example 00 A0 C...

Page 260: ...que MAC address The MAC address is assigned at the factory and consists of six pairs of hexadecimal characters for example 00 A0 C5 00 00 02 Association Time This field displays how long a wireless cl...

Page 261: ...y This field displays Yes if another AP or Ad hoc network is using the channel within the Prestige s transmission range Back Click Back to return to the previous screen Refresh Click Refresh to renew...

Page 262: ...P Address Type the IP address of a computer that you want to ping in order to test a connection Ping Click this button to ping the IP address that you entered Reset System Click this button to reboot...

Page 263: ...The following table describes the fields in this screen Table 22 7 Diagnostic DSL Line LABEL DESCRIPTION Reset ADSL Line Click this button to reinitialize the ADSL line The large text box above then d...

Page 264: ...Margin Click this button to display the downstream noise margin Back Click this button to go back to the main Diagnostic screen 22 6 Firmware Screen Find firmware at www zyxel com in a file that usual...

Page 265: ...essed zip files before you can upload them Upload Click Upload to begin the upload process This process may take up to two minutes Reset Click this button to clear all user entered configuration infor...

Page 266: ...etwork Temporarily Disconnected After two minutes log in again and check your new firmware version in the System Status screen If the upload was not successful the following screen will appear Click B...

Page 267: ...Management Terminal configuration for general setup WAN backup LAN setup wireless LAN setup Internet access remote node static route NAT and enabling the firewall See the web configurator parts of thi...

Page 268: ......

Page 269: ...ity 8 data bits 1 stop bit data flow set to none 9600 bps port speed Press ENTER to display the SMT password screen The default password is 1234 23 1 2 Procedure for SMT Configuration via Telnet The f...

Page 270: ...g in your Prestige will automatically log you out Figure 23 1 Login Screen 23 1 4 Prestige SMT Menu Overview We use the Prestige 652HW 31 SMT menus in this guide as an example The SMT menus vary sligh...

Page 271: ...nu 24 2 System Information and Console port Speed Menu 24 10 Time and Date Setting Menu 26 Schedule Setup Menu 26 x Schedule Set Setup Menu 24 9 Call Control Menu 24 9 1 Budget Management Menu 24 11 R...

Page 272: ...xt field respectively Entering information Type in or press SPACE BAR then press ENTER You need to fill in two types of fields The first requires you to type in the appropriate information The second...

Page 273: ...Static Routing Setup Use this menu to set up static routes 14 Dial in User Setup Use this menu to set up local user profiles on the Prestige 652H HW 15 NAT Setup Use this menu to specify inside serve...

Page 274: ...ystem Password Change the Prestige default password by following the steps shown next Step 1 Enter 23 in the main menu to display Menu 23 System Security Step 2 Enter 1 to display Menu 23 1 System Sec...

Page 275: ...000 click Start Settings Control Panel and then double click System Click the Network Identification tab and then the Properties button Note the entry for the Computer name field and enter it as the P...

Page 276: ...eave this field blank the ISP may assign a domain name via DHCP You can go to menu 24 8 and type sys domainname to see the current domain name used by your gateway If you want to clear this field just...

Page 277: ...Active Press SPACE BAR to select Yes and then press ENTER to make dynamic DNS active Yes Host Enter the domain name assigned to your Prestige by your Dynamic DNS provider me dyndns org EMAIL Enter yo...

Page 278: ......

Page 279: ...auxiliary port DIAL BACKUP on the Prestige 652 or AUX on the Prestige 652H HW for use in the event that the regular WAN connection is dropped first make sure you have set up the port connection and th...

Page 280: ...ress of a reliable nearby computer for example your ISP s DNS server address When using a WAN backup connection the Prestige periodically pings the addresses configured here and uses the other WAN bac...

Page 281: ...ess ENTER to configure Menu 2 1 Traffic Redirect Setup Select No default if you do not want to configure this feature Dial Backup Press SPACE BAR to select Yes or No Select Yes and press ENTER to conf...

Page 282: ...estige uses The metric represents the cost of transmission A router determines the best route for transmission by choosing a path with the lowest cost RIP routing uses hop count as the measurement of...

Page 283: ...mand String Init Enter the AT command string to initialize the WAN device Consult the manual of your WAN device connected to your Dial Backup port for specific AT commands at fs0 0 Edit Advanced Setup...

Page 284: ...ble 25 4 Menu 2 2 1 Advanced Dial Backup Setup AT Commands Fields FIELD DESCRIPTION EXAMPLE AT Command Strings Dial Enter the AT Command string to make a call atdt Drop Enter the AT Command string to...

Page 285: ...vanced Dial Backup Setup Call Control Parameters FIELD DESCRIPTION EXAMPLE Call Control Dial Timeout sec Enter a number of seconds for the Prestige to keep trying to set up an outgoing call before tim...

Page 286: ...e This field can be up to eight characters LAoffice Active Press SPACE BAR and then ENTER to select Yes to enable the remote node or No to disable the remote node Yes Outgoing My Login Enter the login...

Page 287: ...PP Options see section 25 7 No default Rem IP Addr Leave the field set to 0 0 0 0 default if the remote gateway has a dynamic IP address Enter the remote gateway s IP address here if it is static 0 0...

Page 288: ...lapse before the Prestige automatically disconnects the PPP connection This option only applies when the Prestige initiates the call 100 seconds default Once you have configured this menu press ENTER...

Page 289: ...n press SPACE BAR to select Yes Press ENTER to open Menu 11 3 Network Layer Options Figure 25 8 Menu 11 3 Remote Node Network Layer Options The following table describes the fields in this menu Table...

Page 290: ...e smaller the number the higher priority the route has 15 default Private This parameter determines if the Prestige will include the route to this remote node in its RIP broadcasts If set to Yes this...

Page 291: ...word in the remote node when the Prestige sees them in a Send string Please note that both variables must been entered exactly as shown No other characters may appear before or after either i e they m...

Page 292: ...t string to match After matching the Expect string the Prestige returns the string in the Send field Set 1 6 Send Enter a string to send out after the Expect string is matched 0 0 0 0 25 10Remote Node...

Page 293: ...the Filters chapter for more information on defining the filters Figure 25 11 Menu 11 5 Dial Backup Remote Node Filter Menu 11 5 Remote Node Filter Input Filter Sets protocol filters device filters O...

Page 294: ......

Page 295: ...Ethernet traffic You seldom need to filter Ethernet traffic however the filter sets may be useful to block certain packets reduce traffic and prevent security breaches Figure 26 2 Menu 3 1 LAN Port Fi...

Page 296: ...ess ENTER to display Menu 3 2 TCP IP and DHCP Ethernet Setup as shown next Figure 26 3 Menu 3 2 TCP IP and DHCP Ethernet Setup Follow the instructions in the following table on how to configure the DH...

Page 297: ...r count of the IP address pool 32 Primary DNS Server Secondary DNS Server Enter the IP addresses of the DNS servers The DNS servers are passed to the DHCP clients along with the IP address and the sub...

Page 298: ...nable IP Multicasting or select None to disable it None default IP Policies Create policies using SMT menu 25 see the IP Policy Routing chapter and apply them on the Prestige LAN interface here You ca...

Page 299: ...Turn off the Prestige Never insert or remove a wireless LAN card when the Prestige is turned on Step 2 Locate the slot labeled Wireless LAN on the Prestige Step 3 With its pin connector facing the slo...

Page 300: ...operating frequency channel depending on your particular region CH01 2412MHz RTS Threshold RTS Request To Send threshold number of bytes enables RTS CTS handshake Data with its frame size larger than...

Page 301: ...e 128 bit WEP in the WEP Encryption field then enter 13 characters or 26 hexadecimal characters 0 9 A F preceded by 0x for each key 1 4 There are four data encryption keys to secure your data from eav...

Page 302: ...ccess to the Prestige in these address fields When you have completed this menu press ENTER at the prompt Press ENTER to confirm or ESC to cancel to save your configuration or press ESC to cancel and...

Page 303: ...olicy Routing IPPR provides a mechanism to override the default routing behavior and alter the packet forwarding based on the policy defined by the network administrator Policy based routing is applie...

Page 304: ...ure 28 2 Partitioned Logical Networks Use menu 3 2 1 to configure IP Alias on your Prestige 28 4 IP Alias Setup Use menu 3 2 to configure the first network Move the cursor to Edit IP Alias field and p...

Page 305: ...tgoing protocol filters N A IP Alias 2 No IP Address N A IP Subnet Mask N A RIP Direction N A Version N A Incoming protocol filters N A Outgoing protocol filters N A Enter here to CONFIRM or ESC to CA...

Page 306: ...Choices are RIP 1 RIP 2B or RIP 2M RIP 1 Incoming Protocol Filters Enter the filter set s you wish to apply to the incoming traffic between this node and the Prestige Outgoing Protocol Filters Enter t...

Page 307: ...enu type 4 to display Menu 4 Internet Access Setup as shown next Figure 28 6 Menu 4 Internet Access Setup The following table contains instructions on how to configure your Prestige for Internet acces...

Page 308: ...traffic source that can be sent at the peak rate and a parameter for burst traffic Type the SCR it must be less than the PCR 0 Maximum Burst Size MBS 0 Refers to the maximum number of cells that can...

Page 309: ...Mapping Set Type the numbers of mapping sets 1 8 to use with NAT See the NAT chapter for details N A When you have completed this menu press ENTER at the prompt Press ENTER to confirm or ESC to cance...

Page 310: ......

Page 311: ...onfiguring one of the remote nodes You first choose a remote node in Menu 11 Remote Node Setup You can then edit that node s profile in menu 11 1 as well as configure specific settings in three submen...

Page 312: ...pplication Here are some examples of more suitable combinations in such an application Scenario 1 One VC Multiple Protocols PPPoA RFC 2364 encapsulation with VC based multiplexing is the best combinat...

Page 313: ...are selected then the Rem Login Rem Password My Login My Password and Authen fields are not applicable N A ENET ENCAP Multiplexing Press SPACE BAR and then ENTER to select the method of multiplexing...

Page 314: ...requested by this remote node CHAP accept CHAP Challenge Handshake Authentication Protocol only Authen PAP accept PAP Password Authentication Protocol only Route This field determines the protocol use...

Page 315: ...ons Edit Filter Sets Use SPACE BAR to choose Yes and press ENTER to open menu 11 5 to edit the filter sets See the Remote Node Filter section for more details No default Idle Timeout sec Type the numb...

Page 316: ...FIELD DESCRIPTION EXAMPLE IP Address Assignment Press SPACE BAR and then ENTER to select Dynamic if the remote node is using a dynamically assigned IP address or Static if it is using a static fixed...

Page 317: ...ld the SMT uses NAT server set 1 in menu 15 2 see the NAT chapter for details 2 Metric The metric represents the cost of transmission for routing purposes IP routing uses hop count as the cost measure...

Page 318: ...mple IP Addresses The following figure uses sample IP addresses to help you understand the field of My Wan Addr in menu 11 3 Refer to the previous Figure 5 1 LAN and WAN IP Addresses for a brief revie...

Page 319: ...Figure 29 5 Menu 11 5 Remote Node Filter RFC 1483 or ENET Encapsulation Figure 29 6 Menu 11 5 Remote Node Filter PPPoA or PPPoE Encapsulation 29 5 Editing ATM Layer Options Follow the steps shown next...

Page 320: ...ocols with protocol identifying information being contained in each packet header Figure 29 8 Menu 11 6 for LLC based Multiplexing or PPP Encapsulation Menu 11 6 Remote Node ATM Layer Options VPI VCI...

Page 321: ...to display Menu 11 8 Advance Setup Options Figure 29 10 Menu 11 8 Advance Setup Options The following table describes the fields in this menu Menu 11 8 Advance Setup Options PPPoE PPPoE_Client_PC No...

Page 322: ...r computers to connect to the ISP via the Prestige Each host can have a separate account and a public WAN IP address PPPoE pass through is an alternative to NAT for applications where NAT is not appro...

Page 323: ...is directly connected to a remote node Each remote node specifies only the network to which the gateway is directly connected and the Prestige has no knowledge of the networks beyond For instance the...

Page 324: ...shown next Figure 30 3 Menu 12 1 IP Static Route Setup P652H HW Step 3 Now type the route number of a static route you want to configure Menu 12 1 IP Static Route Setup 1 ________ 2 ________ 3 _______...

Page 325: ...o be identical to the host ID IP Subnet Mask Type the subnet mask for this destination Follow the discussion on IP Subnet Mask in this manual Gateway IP Address Type the IP address of the gateway The...

Page 326: ...his remote node in its RIP broadcasts If set to Yes this route is kept private and is not included in RIP broadcasts If No the route to this remote node will be propagated to other hosts through RIP b...

Page 327: ...col and it also demands more CPU cycles and memory For efficiency reasons do not turn on bridging unless you need to support protocols other than IP on your network For IP enable the routing if you ne...

Page 328: ...em Subnet Mask 0 0 0 0 My WAN Addr 0 0 0 0 NAT Full Feature Address Mapping Set 2 Metric 2 Private No RIP Direction Both Version RIP 2B Multicast IGMP v2 IP Policies Press ENTER to Confirm or ESC to C...

Page 329: ...ur configuration or press ESC to cancel and go back to the previous screen 31 2 2 Bridge Static Route Setup Similar to network layer static routes a bridging static route tells the Prestige the route...

Page 330: ...to IP Address If available type the IP address of the destination computer that you want to bridge the packets to Gateway Node Press SPACE BAR and then ENTER to select the number of the remote node on...

Page 331: ...Server See section 32 3 1 for a detailed description of the NAT set for SUA The Prestige also supports Full Feature NAT to map multiple global IP addresses to multiple private LAN IP addresses of clie...

Page 332: ...the cursor to the Edit IP Bridge field press SPACE BAR to select Yes and then press ENTER to bring up Menu 11 3 Remote Node Network Layer Options Menu 4 Internet Access Setup ISP s Name MyISP Encapsu...

Page 333: ...ly if you have just one public WAN IP address for your Prestige SUA Only 32 3 NAT Setup Use the address mapping sets menus and submenus to create the mapping table used to assign global addresses to c...

Page 334: ...r 15 from the main menu to bring up the following screen Figure 32 3 Menu 15 NAT Setup 32 3 1 Address Mapping Sets Enter 1 to bring up Menu 15 1 Address Mapping Sets Figure 32 4 Menu 15 1 Address Mapp...

Page 335: ...ing local IP address ILA If the rule is for all local IPs then the Start IP is 0 0 0 0 and the End IP is 255 255 255 255 255 255 255 255 Global Start IP This is the starting global IP address IGA If y...

Page 336: ...d field and you must enter a name for the set Figure 32 6 Menu 15 1 1 First Set If the Set Name field is left blank the entire set will be deleted The Type Local and Global Start End IPs are configure...

Page 337: ...rule selected The rules after the selected rule will then be moved down by one rule Delete means to delete the selected rule and then all the rules after the selected one will be advanced one rule Non...

Page 338: ...IP fields MUST be set for Server Start This is the starting local IP address ILA 0 0 0 0 End This is the ending local IP address ILA If the rule is for all local IPs then put the Start IP as 0 0 0 0 a...

Page 339: ...r press ESC to cancel and go back to the previous screen 32 4 Configuring a Server behind NAT Follow these steps to configure a server behind NAT Step 5 Enter 15 in the main menu to go to Menu 15 NAT...

Page 340: ...In the following figure you have a computer acting as an FTP Telnet and SMTP server ports 21 23 and 25 at 192 168 1 33 Step 10 Press ENTER at the Press ENTER to confirm prompt to save your configurati...

Page 341: ...32 5 General NAT Examples The following are some examples of NAT configuration 32 5 1 Example 1 Internet Access Only In the following Internet access example you only need one rule where your ILAs In...

Page 342: ...Network Address Translation field in menus 4 and 11 3 is specifically pre configured to handle this case Menu 4 Internet Access Setup ISP s Name MyISP Encapsulation RFC 1483 Multiplexing LLC based VPI...

Page 343: ...pecify the Inside Server behind the NAT as shown in the next figure Figure 32 14 Menu 15 2 1 Specifying an Inside Server Menu 15 2 1 NAT Server Setup Used for SUA Only Rule Start Port No End Port No I...

Page 344: ...r Four rules need to be configured two bi directional and two unidirectional as follows Rule 1 Map the first IGA to the first inside FTP server for FTP traffic in both directions 1 1 mapping giving bo...

Page 345: ...rect mapping for packets going both ways and enter the local Start IP as 192 168 1 10 the IP address of FTP Server 1 the global Start IP as 10 132 50 1 our first IGA See Figure 32 17 Step 6 Repeat the...

Page 346: ...e it as shown Menu 15 1 1 Address Mapping Rules Set Name Example3 Idx Local Start IP Local End IP Global Start IP Global End IP Type 1 192 168 1 10 10 132 50 1 1 1 2 192 168 1 11 10 132 50 2 1 1 3 0 0...

Page 347: ...ng as port numbers do not change for Many to Many No Overload and One to One NAT mapping types The following figure illustrates this Figure 32 19 NAT Example 4 Menu 15 2 1 NAT Server Setup Rule Start...

Page 348: ...e configured your rule you should be able to check the settings in menu 15 1 1 as shown next Figure 32 21 Example 4 Menu 15 1 1 Address Mapping Rules Menu 15 1 1 1 Address Mapping Rule Type Many to Ma...

Page 349: ...the most comprehensive firewall configuration tool your Prestige has to offer For this reason it is recommended that you configure your firewall using the web configurator see the following chapters...

Page 350: ...acks when it is active The default Policy sets 1 allow all sessions originating from the LAN to the WAN and 2 deny all sessions originating from the WAN to the LAN You may define additional Policy rul...

Page 351: ...MP system security system information and diagnosis firmware and configuration file maintenance system maintenance remote management IP Policy Routing and call scheduling See the web configurator part...

Page 352: ......

Page 353: ...e divided into incoming and outgoing filters depending on the direction of the packet relative to a port Data filtering can be applied on either the WAN side or the Ethernet side Call filtering is use...

Page 354: ...ures that follow The following figure illustrates the logic flow when executing a filter rule Data Outgoing Packet Drop packet Built in default Call Filters User defined Call Filters if applicable Ini...

Page 355: ...e Fetch Next Filter Set Next Filter Set Available Accept Packet Drop Packet Yes No Yes No Yes Packet intoFilter Filter Set Forward Drop No Check Next Rule Figure 34 2 Filter Rule Process You can apply...

Page 356: ...ep 1 Enter 21 in the main menu to display Menu 21 Filter and Firewall Setup Step 2 Enter 1 to display Menu 21 1 Filter Set Configuration as shown next Figure 34 3 Menu 21 Filter Set Configuration P652...

Page 357: ...Pr 6 SA 0 0 0 0 DA 0 0 0 0 DP 139 N D N 4 Y IP Pr 17 SA 0 0 0 0 DA 0 0 0 0 DP 137 N D N 5 Y IP Pr 17 SA 0 0 0 0 DA 0 0 0 0 DP 138 N D N 6 Y IP Pr 17 SA 0 0 0 0 DA 0 0 0 0 DP 139 N D F Enter Filter Ru...

Page 358: ...the Edit Comments field and press ENTER Step 5 Press ENTER at the message Press ENTER to confirm to display Menu 21 1 1 Filter Rules Summary that is if you selected filter set 1 in menu 21 1 See Figu...

Page 359: ...ule GEN for Generic IP for TCP IP Filter Rules These parameters are displayed here Menu 21 1 4 Filter Rules Summary A Type Filter Rules M m n 1 Y Gen Off 12 Len 2 Mask ffff Value 8863 N F N 2 Y Gen Of...

Page 360: ...hed F means to forward the packet immediately and skip checking the remaining rules D means to drop the packet N means to check the next rule n Action Not Matched F means to forward the packet immedia...

Page 361: ...the Prestige will warn you and will not allow you to save 34 5 1 TCP IP Filter Rule This section shows you how to configure a TCP IP filter rule TCP IP rules allow you to base the rule on the fields i...

Page 362: ...n IP source route The majority of IP packets do not have source route No default Destination IP Addr Type the destination IP address of the packet you want to filter This field is ignored if it is 0 0...

Page 363: ...ng option from the following None No packets will be logged Action Matched Only packets that match the rule parameters will be logged Action Not Matched Only packets that do not match the rule paramet...

Page 364: ...Active Check IP Protocol Drop Drop Packet Accept Packet Drop Forward Check Next Rule Check Next Rule Check Next Rule Forward Not Matched Yes No Check Src IP Addr Apply SrcAddrMask to Src Addr Matched...

Page 365: ...and Value fields are specified in hexadecimal numbers Note that it takes two hexadecimal digits to represent a byte so if the length is 4 the value in either field will take 8 digits for example FFFF...

Page 366: ...to the data portion before comparison Value Type the value in Hexadecimal to compare with the data portion More If Yes a matching packet is passed to the next filter rule before an action is taken or...

Page 367: ...e exact address and port on the wire Therefore the Prestige applies the protocol filters to the native IP address and port number before NAT for outgoing packets and after NAT for incoming packets On...

Page 368: ...elnet Filter Step 1 Enter 1 in the menu 21 to display Menu 21 1 Filter Set Configuration Step 2 Enter the index number of the filter set you want to configure in this case 6 Step 3 Type a descriptive...

Page 369: ...sk 0 0 0 0 Port Port Comp Equal TCP Estab No More No Log None Action Matched Drop Action Not Matched Forward Press ENTER to Confirm or ESC to Cancel Press SPACE BAR to choose this filter rule type The...

Page 370: ...on shows you where to apply the filter s after you design it them Sets of factory default filter rules have been configured in menu 21 but have not been applied to filter traffic Menu 21 1 6 Filter Ru...

Page 371: ...want to apply as appropriate You can choose up to four filter sets from twelve by typing their numbers separated by commas for example 3 4 6 11 The factory default filter set NetBIOS_LAN is inserted...

Page 372: ...PoA or PPPoE encapsulation Menu 11 5 Remote Node Filter Input Filter Sets protocol filters 6 device filters Output Filter Sets protocol filters 2 device filters Call Filter Sets Protocol filters Devic...

Page 373: ...SNMP is a member of the TCP IP protocol suite Your Prestige supports SNMP agent functionality which allows a manager station to manage and monitor the Prestige through the network The Prestige suppor...

Page 374: ...ponse protocol based on the manager agent model The manager issues a request and the agent returns responses using the following protocol operations Get Allows the manager to retrieve an object variab...

Page 375: ...Prestige will only respond to SNMP messages from this address A blank default field means your Prestige will respond to all SNMP messages it receives regardless of source 0 0 0 0 Trap Community Type t...

Page 376: ...ed in RFC 1215 A trap is sent with the port number 5 authenticationFailure defined in RFC 1215 A trap is sent to the manager when receiving any SNMP gets or sets requirements with wrong community pass...

Page 377: ...efault password If you forget your password you have to restore the default configuration file Refer to the section on changing the system password in the Introducing the SMT chapter and the section o...

Page 378: ...istrator instructs you to do so with additional information 1812 Shared Secret Specify a password up to 31 alphanumeric characters as the key to be shared between the external authentication server an...

Page 379: ...must be the same on the external accounting server and Prestige When you have completed this menu press ENTER at the prompt Press ENTER to confirm or ESC to cancel to save your configuration or press...

Page 380: ...ow often a client has to re enter username and password to stay connected to the wired network This field is activated only when you select Authentication Required in the Wireless Port Control field E...

Page 381: ...restige for a client s user name and password If the user name is not found the Prestige checks the user database on the specified RADIUS server Select RADIUS first then Local to have the Prestige fir...

Page 382: ...s long for this user profile When you have completed this menu press ENTER at the prompt Press ENTER to confirm or ESC to cancel to save your configuration or press ESC to cancel and go back to the pr...

Page 383: ...ext System Status is a tool that can be used to monitor your Prestige Specifically it gives you information on your ADSL telephone line status number of packets sent and received To get to System Stat...

Page 384: ...ion rate in bytes per second Rx B s This shows the receiving rate in bytes per second Up Time This is the time this channel has been connected to the current remote node My WAN IP from ISP This is the...

Page 385: ...Down Upstream Speed This shows the upstream transfer rate in kbps Downstream Speed This shows the downstream transfer rate in kbps CPU Load This specifies the percentage of CPU utilization 37 2 System...

Page 386: ...t Vendor Displays the vendor of the ADSL chipset and DSL version Standard This refers to the operational protocol the Prestige and the DSLAM Digital Subscriber Line Access Multiplexer are using LAN Et...

Page 387: ...e 37 3 Log and Trace There are two logging facilities in the Prestige The first is the error logs and trace records that are stored locally The second is the UNIX syslog facility for message logging 3...

Page 388: ...24 3 2 System Maintenance UNIX Syslog as shown next Figure 37 8 Menu 24 3 2 System Maintenance Syslog and Accounting You need to configure the UNIX syslog parameters described in the following table...

Page 389: ...INFO String String board xx line xx channel xx call xx str board the hardware board ID line the WAN ID in a board Channel channel ID within the WAN call the call reference number which starts from 1 a...

Page 390: ...19 14 43 55 192 168 102 2 ZYXEL IP Src 202 132 154 123 Dst 255 255 255 255 UDP spo 0208 dpo 0208 S03 R01mF Jul 19 14 44 00 192 168 102 2 ZYXEL IP Src 192 168 102 20 Dst 202 132 154 1 UDP spo 05d4 dpo...

Page 391: ...17 02 44 262 Frame Type IP Header IP Version 4 Header Length 20 Type of Service 0x00 0 Total Length 0x002C 44 Identification 0x0002 2 Flags 0x00 Fragment Offset 0x00 Time to Live 0xFE 254 Protocol 0x...

Page 392: ...tic FIELD DESCRIPTION Reset xDSL Re initialize the xDSL link to the telephone company Ping Host Ping the host to see if the links and TCP IP protocol on both systems are working Reboot System Reboot t...

Page 393: ...er to the label on the bottom of your Prestige ftp put firmware bin ras This is a sample FTP session showing the transfer of the computer file firmware bin to the Prestige ftp get rom 0 config cfg Thi...

Page 394: ...pload files in menus 24 5 24 6 24 7 1 and 24 7 2 depending on whether you use the console port or Telnet Option 5 from Menu 24 System Maintenance allows you to backup the current Prestige configuratio...

Page 395: ...ion file on the Prestige to your computer and renames it config rom See earlier in this chapter for more information on filename conventions Step 7 Enter quit to exit the ftp prompt 38 2 3 Example of...

Page 396: ...this option Normal The server requires a unique User ID and Password to login Transfer Type Transfer files in either ASCII plain text format or in binary mode Initial Remote Directory Specify the defa...

Page 397: ...stdio 0 to disable the SMT timeout so the TFTP transfer will not be interrupted Enter command sys stdio 5 to restore the five minute SMT timeout default when the file transfer is complete Step 4 Launc...

Page 398: ...ige The filename for the firmware is ras and for the configuration file is rom 0 Binary Transfer the file in binary mode Abort Stop transfer of the file Refer to section 38 2 5 to read about configura...

Page 399: ...estore a previously saved configuration Note that this function erases the current configuration before restoring a previous back up configuration please do not attempt to restore unless you have a ba...

Page 400: ...ile config rom on your computer to the Prestige See earlier in this chapter for more information on filename conventions Step 8 Enter quit to exit the ftp prompt The Prestige will automatically restar...

Page 401: ...lay menu 24 6 and enter y at the following screen Figure 38 9 System Maintenance Restore Configuration Step 2 The following screen indicates that the Xmodem download has started Figure 38 10 System Ma...

Page 402: ...e previous Restore Configuration section or by following the instructions in Menu 24 7 2 System Maintenance Upload System Configuration File for console port WARNING DO NOT INTERRUPT THE FILE TRANSFER...

Page 403: ...fter the upload system configuration file process is complete For details on FTP commands please consult the documentation of your FTP client program For details on uploading system firmware using TFT...

Page 404: ...e configuration file on the Prestige to your computer and renames it config rom See earlier in this chapter for more information on filename conventions Step 7 Enter quit to exit the ftp prompt The Pr...

Page 405: ...ctive and the Prestige in CI mode before and during the TFTP transfer For details on TFTP commands see following example please consult the documentation of your TFTP client program For UNIX use get t...

Page 406: ...hould be similar 38 4 9 Example Xmodem Firmware Upload Using HyperTerminal Click Transfer then Send File to display the following screen Figure 38 17 Example Xmodem Upload After the configuration uplo...

Page 407: ...38 4 11 Example Xmodem Configuration Upload Using HyperTerminal Click Transfer then Send File to display the following screen Menu 24 7 2 System Maintenance Upload System Configuration File To upload...

Page 408: ...ion File Maintenance Figure 38 19 Example Xmodem Upload After the configuration upload process has completed restart the Prestige by entering atgo Type the configuration file s location or click Brows...

Page 409: ...ing menu 24 8 See the included disk or the zyxel com web site for more detailed information on CI commands Enter 8 from Menu 24 System Maintenance A list of valid commands can be found by typing help...

Page 410: ...outgoing calls will be blocked To access the call control menu select option 9 in menu 24 to go to Menu 24 9 System Maintenance Call Control as shown in the next table Figure 39 3 Menu 24 9 System Ma...

Page 411: ...selected Table 39 1 Menu 24 9 1 System Maintenance Budget Management FIELD DESCRIPTION EXAMPLE Remote Node Enter the index number of the remote node you want to reset just one in this case 1 Connectio...

Page 412: ...m Maintenance Time and Date Setting to update the time and date settings of your Prestige as shown in the following screen Figure 39 6 Menu 24 10 System Maintenance Time and Date Setting Menu 24 10 Sy...

Page 413: ...nsure of this information Current Time This field displays an updated time only when you reenter this menu New Time Enter the new time in hour minute and second format Current Date This field displays...

Page 414: ......

Page 415: ...ess See the firewall chapters for details on configuring firewall rules 40 2 Remote Management To disable remote management of a service select Disable in the corresponding Server Access field Enter 1...

Page 416: ...Access Select the access interface if any by pressing the SPACE BAR Choices are LAN only WAN only All or Disable The default is LAN only LAN only Secured Client IP The default 0 0 0 0 allows any clie...

Page 417: ...ay only have one remote management session of the same type running at one time 5 There is a web remote management session running with a Telnet session A Telnet session will be disconnected if you be...

Page 418: ......

Page 419: ...y of the network to enable the backbone to prioritize traffic Cost Savings IPPR allows organizations to distribute interactive traffic on high bandwidth high cost paths while using low cost paths for...

Page 420: ...he index of the policy set you want to configure to open Menu 25 1 IP Routing Policy Setup Menu 25 1 shows the summary of a policy set including the criteria and the action of a single policy and whet...

Page 421: ...25 P 6 T NM PR 0 GW 192 168 1 1 T MT PR 0 2 N __________________________________________________________________________ __________________________________________________________________________ 3 N...

Page 422: ...mple UDP TCP ICMP etc Type of Service Prioritize incoming network traffic by choosing from Don t Care Normal Min Delay Max Thruput Min Cost or Max Reliable Precedence Precedence value of the incoming...

Page 423: ...teway must be the IP address of a remote node The default gateway is specified as 0 0 0 0 Type of Service Set the new TOS value of the outgoing packet Prioritize incoming network traffic by choosing N...

Page 424: ...m IP Addr 0 0 0 0 Rem Subnet Mask 0 0 0 0 My WAN Addr 0 0 0 0 NAT Full Feature Address Mapping Set 2 Metric 2 Private No RIP Direction Both Version RIP 2B Multicast IGMP v2 IP Policies 2 4 7 9 Press E...

Page 425: ...ute Web packets to the Internet using one policy and route FTP packets to a remote network using another policy See the next figure Figure 41 6 Example of IP Policy Routing To force Web packets coming...

Page 426: ...s set to route packets from any host IP 0 0 0 0 means any host with protocol TCP and port FTP access through another gateway 192 168 1 100 Menu 25 1 1 IP Routing Policy Policy Set Name set1 Active Yes...

Page 427: ...e DHCP Server N A TCP IP Setup IP Address 192 168 1 1 IP Subnet Mask 255 255 255 0 RIP Direction Both Version RIP 1 Multicast None IP Policies 1 2 Edit IP Alias No Press ENTER to Confirm or ESC to Can...

Page 428: ......

Page 429: ...next Figure 42 1 Menu 26 Schedule Setup Lower numbered sets take precedence over higher numbered sets thereby avoiding scheduling conflicts For example if sets 1 2 3 and 4 in are applied in the remot...

Page 430: ...t be triggered up until the end of the Duration Table 42 1 Menu 26 1 Schedule Set Setup FIELD DESCRIPTION EXAMPLE Active Press SPACE BAR to select Yes or No Choose Yes and press ENTER to activate the...

Page 431: ...ake effect in hour minute format 09 00 Duration Enter the maximum length of time this connection is allowed in hour minute format 08 00 Action Forced On means that the connection is maintained whether...

Page 432: ...ile Rem Node Name ChangeMe Route IP Active Yes Bridge No Encapsulation PPPoE Edit IP Bridge No Multiplexing VC based Edit ATM Options No Service Name Telco Option Incoming Allocated Budget min 0 Rem L...

Page 433: ...XII Part XII Appendices and Index This part contains additional background information and an index or key terms...

Page 434: ......

Page 435: ...you should contact your vendor 1 Make sure the Prestige is connected to your computer s serial port VT100 terminal emulation 9600 bps is the default speed on leaving the factory Try other speeds in ca...

Page 436: ...the System Information and Diagnosis chapter SMT Problems with the LAN Interface Chart A 4 Troubleshooting the LAN Interface PROBLEM CORRECTIVE ACTION I cannot access the Prestige from the LAN If the...

Page 437: ...CORRECTIVE ACTION I cannot access the Internet Make sure the Prestige is turned on and connected to the network If the DSL LED is off refer to Chart A 3 Troubleshooting the DSL LED Verify your WAN se...

Page 438: ...igurator PROBLEM CORRECTIVE ACTION I cannot access the web configurator Refer to Chart A 7 Troubleshooting the Password Make sure that there is not an SMT console session running Check that you have e...

Page 439: ...n remote management may not be possible Use the Prestige s WAN IP address when configuring from the WAN Use the Prestige s LAN IP address when configuring from the LAN Refer to Chart A 4 Troubleshooti...

Page 440: ......

Page 441: ...n the next left most bit In a class B address the first two octets make up the network number and the two remaining octets make up the host ID Class C addresses begin starting from the left with 1 1 0...

Page 442: ...net mask is used to determine which bits are part of the network number and which bits are part of the host ID using a logical AND operation A subnet mask has 32 bits each bit of the mask corresponds...

Page 443: ...ddress using both notations Chart B 4 Alternative Subnet Mask Notation SUBNET MASK IP ADDRESS SUBNET MASK 1 BITS LAST OCTET BIT VALUE 255 255 255 0 24 0000 0000 255 255 255 128 25 1000 0000 255 255 25...

Page 444: ...sk Binary 11111111 11111111 11111111 10000000 Subnet Address 192 168 1 0 Lowest Host ID 192 168 1 1 Broadcast Address 192 168 1 127 Highest Host ID 192 168 1 126 Chart B 6 Subnet 2 NETWORK NUMBER LAST...

Page 445: ...bnet Chart B 7 Subnet 1 NETWORK NUMBER LAST OCTET BIT VALUE IP Address 192 168 1 0 IP Address Binary 11000000 10101000 00000001 00000000 Subnet Mask Binary 11111111 11111111 11111111 11000000 Subnet A...

Page 446: ...t Address 192 168 1 255 Highest Host ID 192 168 1 254 Example Eight Subnets Similarly use a 27 bit mask to create 8 subnets 001 010 011 100 101 110 The following table shows class C IP address last oc...

Page 447: ...rmines which bits are part of the network number and which are part of the host ID A class B address has two host ID octets available for subnetting and a class A address has three host ID octets see...

Page 448: ...s B Subnet Planning NO BORROWED HOST BITS SUBNET MASK NO SUBNETS NO HOSTS PER SUBNET 25 10 255 255 255 192 26 1024 62 11 255 255 255 224 27 2048 30 12 255 255 255 240 28 4096 14 13 255 255 255 248 29...

Page 449: ...hat facilitates the ability to communicate decisions on the fly 5 It provides campus wide networking coverage allowing enterprises the roaming capability to set up easy to use wireless networks that t...

Page 450: ...Infrastructure Wireless LAN Configuration For Infrastructure WLANs multiple access points APs link the WLAN to the wired network and allow users to efficiently share network resources The Access Point...

Page 451: ...Prestige 652 Series User s Guide Wireless LAN and IEEE 802 11 C 3 Diagram C 2 ESS Provides Campus Wide Coverage...

Page 452: ......

Page 453: ...s using PPP Benefits of PPPoE PPPoE offers the following benefits 1 It provides you with a familiar dial up networking DUN user interface 2 It lessens the burden on the carriers of provisioning virtua...

Page 454: ...PPP frames to the ISP The L2TP tunnel is capable of carrying multiple PPP sessions With PPPoE the VC Virtual Circuit is equivalent to the dial up connection and is between the modem and the AC as oppo...

Page 455: ...tween circuit end points Diagram E 1 Virtual Circuit Topology Think of a virtual path as a cable that contains a bundle of wires The cable connects two points and wires within the cable provide indivi...

Page 456: ......

Page 457: ...25A Power Consumption 11 W Safety Standards UL CUL CSA UL 1310 CSA C22 2 No 223 NORTH AMERICAN PLUG STANDARDS AC Power Adapter Model AA 121A25 Input Power AC120Volts 60Hz 19W Output Power AC 12Volts 1...

Page 458: ...TANDARDS AC Power Adapter Model AA 121A25 Input Power AC120Volts 60Hz 19W Output Power AC 12Volts 1 25A Power Consumption 14W Safety Standards UL CUL UL 1310 CSA C22 2 No 223 EUROPEAN PLUG STANDARDS A...

Page 459: ...seen in SMT screens FN Field Name PVA Parameter Values Allowed INPUT An example of what you may enter Applies to the P652H HW The following are Internal SPTGEN screens associated with the SMT screens...

Page 460: ...Output protocol filters Set 2 256 30100011 Output protocol filters Set 3 256 30100012 Output protocol filters Set 4 256 30100013 Output device filters Set 1 256 30100014 Output device filters Set 2 25...

Page 461: ...12 256 30200016 IP Policies Set 4 1 12 256 MENU 3 2 1 IP ALIAS SETUP SMT MENU 3 2 1 FIN FN PVA INPUT 30201001 IP Alias 1 0 No 1 Yes 0 30201002 IP Address 0 0 0 0 30201003 IP Subnet Mask 0 30201004 RI...

Page 462: ...ion 0 None 1 Both 2 In Only 3 Out Only 0 30201018 Version 0 Rip 1 1 Rip 2B 2 Rip 2M 0 30201019 IP Alias 2 Incoming protocol filters Set 1 256 30201020 IP Alias 2 Incoming protocol filters Set 2 256 30...

Page 463: ...WEP Key3 30500011 WEP Key4 MENU 3 5 1 WLAN MAC ADDRESS FILTER SMT MENU 3 5 1 30501001 Mac Filter Active 0 No 1 Yes 0 30501002 Filter Action 0 Allow 1 Deny 0 30501003 Address 1 00 00 00 00 00 00 305010...

Page 464: ...t 1 6 40000017 ISP incoming protocol filter set 2 256 40000018 ISP incoming protocol filter set 3 256 40000019 ISP incoming protocol filter set 4 256 40000020 ISP outgoing protocol filter set 1 256 40...

Page 465: ...atic Route set 1 Gateway 0 0 0 0 120101006 IP Static Route set 1 Metric 0 120101007 IP Static Route set 1 Private 0 No 1 Yes 0 MENU 12 1 2 IP STATIC ROUTE SETUP SMT MENU 12 1 2 FIN FN PVA INPUT 120102...

Page 466: ...e set 4 Active 0 No 1 Yes 0 120104003 IP Static Route set 4 Destination IP address 0 0 0 0 120104004 IP Static Route set 4 Destination IP subnetmask 0 120104005 IP Static Route set 4 Gateway 0 0 0 0 1...

Page 467: ...1 7 IP STATIC ROUTE SETUP SMT MENU 12 1 7 FIN FN PVA INPUT 120107001 IP Static Route set 7 Name Str 120107002 IP Static Route set 7 Active 0 No 1 Yes 0 120107003 IP Static Route set 7 Destination IP...

Page 468: ...09006 IP Static Route set 9 Metric 0 120109007 IP Static Route set 9 Private 0 No 1 Yes 0 MENU 12 1 10 IP STATIC ROUTE SETUP SMT MENU 12 1 10 FIN FN PVA INPUT 120110001 IP Static Route set 10 Name 120...

Page 469: ...set 12 Destination IP address 0 0 0 0 120112004 IP Static Route set 12 Destination IP subnetmask 0 120112005 IP Static Route set 12 Gateway 0 0 0 0 120112006 IP Static Route set 12 Metric 0 120112007...

Page 470: ...VA INPUT 120115001 IP Static Route set 15 Name Str 120115002 IP Static Route set 15 Active 0 No 1 Yes 0 120115003 IP Static Route set 15 Destination IP address 0 0 0 0 120115004 IP Static Route set 15...

Page 471: ...150000006 SUA Server 2 Local IP address 0 0 0 0 150000007 SUA Server 3 Active 0 No 1 Yes 0 150000008 SUA Server 3 Protocol 0 All 6 TCP 17 U DP 0 150000009 SUA Server 3 Port Start 0 150000010 SUA Serve...

Page 472: ...00030 SUA Server 7 Port End 0 150000031 SUA Server 7 Local IP address 0 0 0 0 150000032 SUA Server 8 Active 0 No 1 Yes 0 150000033 SUA Server 8 Protocol 0 All 6 TCP 17 U DP 0 150000034 SUA Server 8 Po...

Page 473: ...1 SMT MENU 21 FIN FN PVA INPUT 210100001 Filter Set 1 Name Str MENU 21 1 1 1 FILTER SET 1 RULE 1 SMT MENU 21 1 1 1 FIN FN PVA INPUT 210101001 IP Filter Set 1 Rule 1 Type 2 TCP IP 2 210101002 IP Filte...

Page 474: ...FIN FN PVA INPUT 210102001 IP Filter Set 1 Rule 2 Type 2 TCP IP 2 210102002 IP Filter Set 1 Rule 2 Active 0 No 1 Yes 1 210102003 IP Filter Set 1 Rule 2 Protocol 6 210102004 IP Filter Set 1 Rule 2 Des...

Page 475: ...3 Dest IP address 0 0 0 0 210103005 IP Filter Set 1 Rule 3 Dest Subnet Mask 0 210103006 IP Filter Set 1 Rule 3 Dest Port 139 210103007 IP Filter Set 1 Rule 3 Dest Port Comp 0 none 1 equal 2 not equal...

Page 476: ...ter Set 1 Rule 4 Src IP address 0 0 0 0 210104009 IP Filter Set 1 Rule 4 Src Subnet Mask 0 210104010 IP Filter Set 1 Rule 4 Src Port 0 210104011 IP Filter Set 1 Rule 4 Src Port Comp 0 none 1 equal 2 n...

Page 477: ...Act Match 1 check next 2 forward 3 dr op 3 210105014 IP Filter Set 1 Rule 5 Act Not Match 1 Check Next 2 Forward 3 Drop 1 MENU 21 1 1 6 SET 1 RULE 6 SMT MENU 21 1 1 6 FIN FN PVA INPUT 210106001 IP Fi...

Page 478: ...am Str NetBIOS_WAN MENU 21 1 2 1 FILTER SET 2 RULE 1 SMT MENU 21 1 2 1 FIN FN PVA INPUT 210201001 IP Filter Set 2 Rule 1 Type 0 none 2 TCP IP 2 210201002 IP Filter Set 2 Rule 1 Active 0 No 1 Yes 1 210...

Page 479: ...Filter Set 2 Rule 2 Active 0 No 1 Yes 1 210202003 IP Filter Set 2 Rule 2 Protocol 6 210202004 IP Filter Set 2 Rule 2 Dest IP address 0 0 0 0 210202005 IP Filter Set 2 Rule 2 Dest Subnet Mask 0 210202...

Page 480: ...Mask 0 210203006 IP Filter Set 2 Rule 3 Dest Port 139 210203007 IP Filter Set 2 Rule 3 Dest Port Comp 0 none 1 equal 2 not equal 3 less 4 great er 1 210203008 IP Filter Set 2 Rule 3 Src IP address 0 0...

Page 481: ...10204009 IP Filter Set 2 Rule 4 Src Subnet Mask 0 210204010 IP Filter Set 2 Rule 4 Src Port 0 210204011 IP Filter Set 2 Rule 4 Src Port Comp 0 none 1 equal 2 not equal 3 less 4 great er 0 210204013 IP...

Page 482: ...ilter Set 2 Rule 5 Act Match 1 check next 2 forward 3 dr op 3 210205014 IP Filter Set 2 Rule 5 Act Not Match 1 check next 2 forward 3 dr op 1 MENU 21 1 2 6 FILTER SET 2 RULE 6 SMT MENU 21 1 2 5 FIN FN...

Page 483: ...MENU 23 2 SYSTEM SECURITY RADIUS SERVER SMT MENU 23 2 FIN FN PVA INPUT 230200001 Authentication Server Configured 0 No 1 Yes 1 230200002 Authentication Server Active 0 No 1 Yes 1 230200003 Authentica...

Page 484: ...00005 FTP Server Access 0 all 1 none 2 Lan 3 Wan 0 241100006 FTP Server Secured IP address 0 0 0 0 241100007 WEB Server Port 80 241100008 WEB Server Access 0 all 1 none 2 Lan 3 Wan 0 241100009 WEB Ser...

Page 485: ...equires the purchase of a third party TCP IP application package TCP IP should already be installed on computers using Windows NT 2000 XP Macintosh OS 7 and later operating systems After the appropria...

Page 486: ...ck OK If you need TCP IP a In the Network window click Add b Select Protocol and then click Add c Select Microsoft from the list of manufacturers d Select TCP IP from the list of network protocols and...

Page 487: ...atically If you have a static IP address select Specify an IP address and type your information into the IP Address and Subnet Mask fields 3 Click the DNS Configuration tab If you do not know your DNS...

Page 488: ...and click Add 5 Click OK to save and close the TCP IP Properties window 6 Click OK to close the Network window Insert the Windows CD if prompted 7 Turn on your Prestige and restart your computer when...

Page 489: ...ndows 2000 NT XP 1 For Windows XP click start Control Panel In Windows 2000 NT click Start Settings Control Panel 2 For Windows XP click Network Connections For Windows 2000 NT click Network and Dial...

Page 490: ...Win XP and click Properties 5 The Internet Protocol TCP IP Properties window opens the General tab in Windows XP If you have a dynamic IP address click Obtain an IP address automatically If you have a...

Page 491: ...address in IP address and a subnet mask in Subnet mask and then click Add Repeat the above two steps for each IP address you want to add Configure additional default gateways in the IP Settings tab b...

Page 492: ...d Alternate DNS server fields If you have previously configured DNS servers click Advanced and then the DNS tab to order them 8 Click OK to close the Internet Protocol TCP IP Properties window 9 Click...

Page 493: ...User s Guide Setting up Your Computer s IP Address H 9 Macintosh OS 8 9 1 Click the Apple menu Control Panel and double click TCP IP to open the TCP IP Control Panel 2 Select Ethernet built in from t...

Page 494: ...n the IP Address box Type your subnet mask in the Subnet mask box Type the IP address of your Prestige in the Router address box 5 Close the TCP IP Control Panel 6 Click Save if prompted to save chang...

Page 495: ...ect Using DHCP from the Configure list 4 For statically assigned settings do the following From the Configure box select Manually Type your IP address in the IP Address box Type your subnet mask in th...

Page 496: ......

Page 497: ...oint where the telephone line enters your residence as shown in the following figure Diagram I 1 Connecting a POTS Splitter Step 1 Connect the side labeled Phone to your telephone Step 2 Connect the s...

Page 498: ...ble jack end of the Y Connector to the Prestige Step 4 Connect the phone side of the microfilter to your telephone as shown in the following figure Diagram I 2 Connecting a Microfilter Prestige With I...

Page 499: ...e DHCP server assigned an IP address to a client SMT Login Successfully Someone has logged on to the router s SMT interface SMT Login Fail Someone has failed to log on to the router s SMT interface WE...

Page 500: ...bid ActiveX Destination Contains Java applet Web Block The Prestige blocked access to an IP address or domain name that contains a Java applet because the content filter is set to forbid Java applets...

Page 501: ...etected a TCP SMTP illegal command attack NetBIOS TCP The firewall detected a TCP NetBIOS attack ip spoofing no routing entry Protocol The firewall detected an IP spoofing attack while the Prestige di...

Page 502: ...IP Protocol Direction Access did not match a firewall rule s destination IP address and the Prestige logged it src IP Protocol Direction Access did not match a firewall rule s source IP address and th...

Page 503: ...ort the ICMP packet s protocol 2 The ICMP packet is an echo reply for which there was no corresponding echo request Router reply ICMP packet The router sent an ICMP response packet This packet automat...

Page 504: ...twork on the route to the destination network 5 Redirect 0 Redirect datagrams for the Network 1 Redirect datagrams for the Host 2 Redirect datagrams for the Type of Service and Network 3 Redirect data...

Page 505: ...der IPSec Log The following figure shows a typical log from the VPN connection peer Index Date Time Log 001 01 Jan 08 02 22 Send Main Mode request to 192 168 100 101 002 01 Jan 08 02 22 Send SA 003 01...

Page 506: ...Prestige has received an IKE negotiation request from the peer Recv Symbol IKE uses the ISAKMP protocol refer to RFC2408 ISAKMP to transmit data Each ISAKMP packet contains payloads of different types...

Page 507: ...s exchange policy details including local and remote IP address ranges If these ranges differ then the connection fails Local remote IPs of incoming request conflict with rule d If the security gatewa...

Page 508: ...incoming packet did not match vs My Local IP address The IP address type or IP address of an incoming packet does not match the peer IP address type or IP address configured on the local router The lo...

Page 509: ...n settings are incorrect Please check them Rule d idle time out disconnect If an SA has no packets transmitted for a period of time configurable via CI command the Prestige drops the connection The fo...

Page 510: ......

Page 511: ...dwidth Class 21 1 Bandwidth Filter 21 1 21 15 Bandwidth Management 21 1 Bandwidth Management Statistics 21 17 Bandwidth Manager Class Configuration 21 13 Bandwidth Manager Class Setup 21 11 Bandwidth...

Page 512: ...3 Copyright ii Cost Of Transmission 29 7 30 3 Country Code 37 4 CPU Load 37 3 Custom Ports Creating Editing 14 2 Introduction 14 1 Customer Support v Customized Services 14 2 D Data encryption 6 4 Dat...

Page 513: ...ID 6 1 Ethernet Encapsulation 8 6 Ethernet Traffic 34 19 Example Internal SPTGEN Screens G 1 Extended Service Set C 2 F Factory LAN Defaults 5 2 Fairness based Scheduler 21 4 FCC iii FHSS See Frequen...

Page 514: ...nagement 12 1 33 1 Rule Checklist 13 1 Rule Logic 13 1 Rule Precedence 13 4 Rule Security Ramifications 13 2 Services 13 6 SMT Menus 33 1 Types 11 1 When To Use 11 13 Firmware File Maintenance 22 12 F...

Page 515: ...et Access Setup A 3 32 1 Internet Assigned Numbers Authority See IANA Internet Control Message Protocol ICMP 11 6 IP address 25 9 25 11 IP Address3 4 5 3 8 6 8 9 22 6 26 3 30 3 31 4 34 10 37 4 37 10 4...

Page 516: ...dress 31 4 MAC Address Filter 27 3 MAC Address Filter Action 6 8 27 4 MAC Address Filtering 6 6 Main Menu 23 5 Management Information Base MIB 35 2 Maximize Bandwidth Usage 21 4 21 11 Max incomplete H...

Page 517: ...Firewalls 11 1 Packet Triggered 37 7 Packets 37 2 PAP 25 9 29 4 Password 4 1 23 1 23 6 29 4 35 2 Period hr 25 9 Ping 37 10 Ping of Death 11 4 Point to Point xxxvii Point to Point Tunneling Protocol 8...

Page 518: ...Number 37 2 Remote Node Traffic 34 20 Required fields 23 4 Restore Configuration 38 7 retry count 25 7 retry interval 25 7 RF signals C 1 RFC 1483 29 2 RFC 2364 29 2 29 3 RIP 25 12 26 3 29 7 See Routi...

Page 519: ...s 13 3 13 10 Source Based Routing 41 1 Splitters I 1 SPTGEN Screens G 1 Stateful Inspection 1 2 11 1 11 2 11 7 11 8 Prestige 11 9 Process 11 8 Static Route Setup 30 1 Static Routing Topology 30 1 SUA...

Page 520: ...TFTP File Transfer 38 12 TFTP Restrictions 18 1 38 4 Three Way Handshake 11 5 Threshold Values 12 2 Time and Date Setting 39 4 39 5 Time Zone 39 5 Timeout 13 12 13 13 25 3 25 10 TOS Type of Service 4...

Page 521: ...2 11 11 13 2 33 2 WEP 6 4 WEP Encryption 27 3 Wireless LAN C 1 27 1 Benefits C 1 Wireless LAN Setup 27 1 Wizard Setup 3 1 WLAN See Wireless LAN X XMODEM protocol 38 2 Z ZyNOS 38 1 38 2 ZyNOS F W Vers...

Reviews:

No comments