manualshive.com logo in svg

ZyXEL Communications P-660H - VERSION 3.40, Руководство пользователя

Поделиться
Скачать
ZyXEL Communications P-660H - VERSION 3.40 Скачать руководство пользователя страница 1

P-660H/HW/W-T Series

ADSL 2+ Gateway

User’s Guide

Version 3.40

6/2005

Содержание P-660H - VERSION 3.40

Страница 1: ...P 660H HW W T Series ADSL 2 Gateway User s Guide Version 3 40 6 2005...

Страница 2: ...ZyXEL Communications Corporation All rights reserved Disclaimer ZyXEL does not assume any liability arising out of the application or use of any products or software described herein Neither does it...

Страница 3: ...occur in a particular installation If this equipment does cause harmful interference to radio television reception which can be determined by turning the equipment off and on the user is encouraged t...

Страница 4: ...ther antenna or transmitter ZyXEL Communications Corporation declared that Prestige 660HW T1 is limited in CH1 11 from 2400 to 2483 5 MHz by specified firmware controlled in USA Certifications Go to w...

Страница 5: ...supply is damaged remove it from the power outlet Do NOT attempt to repair the power supply Contact your local vendor to order a new power supply Place connecting cables carefully so that no one will...

Страница 6: ...d by an act of God or subjected to abnormal working conditions Note Repair or replacement as provided under this warranty is the exclusive remedy of the purchaser This warranty is in lieu of all other...

Страница 7: ...svej 5 2860 Soeborg Denmark sales zyxel dk 45 39 55 07 07 FINLAND support zyxel fi 358 9 4780 8411 www zyxel fi ZyXEL Communications Oy Malminkaari 10 00700 Helsinki Finland sales zyxel fi 358 9 4780...

Страница 8: ...yxel co uk ZyXEL Communications UK Ltd 11 The Courtyard Eastern Road Bracknell Berkshire RG12 2XB United Kingdom UK sales zyxel co uk 44 0 1344 303034 ftp zyxel co uk a is the prefix number you enter...

Страница 9: ...P 660H HW W T Series User Guide 9 Customer Support...

Страница 10: ...Know Your Prestige 42 1 1 Introducing the Prestige 42 1 2 Features 42 1 2 1 Wireless Features P 660HW P 660W 45 1 3 Applications for the Prestige 46 1 3 1 Protected Internet Access 46 1 3 2 LAN to LAN...

Страница 11: ...orks 67 4 3 Configuring LAN 68 Chapter 5 Wireless LAN 70 5 1 Wireless LAN Introduction 70 5 2 Wireless Security Overview 70 5 2 1 Encryption 70 5 2 2 Authentication 70 5 2 3 Restricted Access 71 5 2 4...

Страница 12: ...on 92 6 1 4 3 IP Assignment with ENET ENCAP Encapsulation 92 6 1 5 Nailed Up Connection PPP 92 6 1 6 NAT 92 6 2 Metric 92 6 3 PPPoE Encapsulation 93 6 4 Traffic Shaping 93 6 5 Zero Configuration Inter...

Страница 13: ...Stateful Inspection Firewalls 119 10 3 Introduction to ZyXEL s Firewall 119 10 3 1 Denial of Service Attacks 120 10 4 Denial of Service 120 10 4 1 Basics 120 10 4 2 Types of DoS Attacks 121 10 4 2 1 I...

Страница 14: ...Rules 138 11 7 Customized Services 141 11 8 Configuring A Customized Service 141 11 9 Example Firewall Rule 142 11 10 Predefined Services 146 11 11 Anti Probing 148 11 12 DoS Thresholds 149 11 12 1 T...

Страница 15: ...ges 179 15 4 1 Example E mail Log 180 Chapter 16 Media Bandwidth Management Advanced Setup 182 16 1 Media Bandwidth Management Overview 182 16 2 Bandwidth Classes and Filters 182 16 3 Proportional Ban...

Страница 16: ...17 6 1 General Diagnostic 202 17 6 2 DSL Line Diagnostic 203 17 7 Firmware Upgrade 205 Chapter 18 Introducing the SMT 208 18 1 SMT Introduction 208 18 1 1 Procedure for SMT Configuration via Telnet 2...

Страница 17: ...uration 233 Chapter 24 Remote Node Configuration 236 24 1 Remote Node Setup Overview 236 24 2 Remote Node Setup 236 24 2 1 Remote Node Profile 236 24 2 2 Encapsulation and Multiplexing Scenarios 237 2...

Страница 18: ...Server behind NAT 260 27 5 General NAT Examples 261 27 5 1 Example 1 Internet Access Only 262 27 5 2 Example 2 Internet Access with an Inside Server 262 27 5 3 Example 3 Multiple Public IP Addresses W...

Страница 19: ...and Diagnosis 296 32 1 Overview 296 32 2 System Status 296 32 3 System Information 298 32 3 1 System Information 298 32 3 2 Console Port Speed 299 32 4 Log and Trace 300 32 4 1 Viewing Error Log 300...

Страница 20: ...4 1 Command Interpreter Mode 318 34 2 Call Control Support 319 34 2 1 Budget Management 319 34 3 Time and Date Setting 320 34 3 1 Resetting the Time 322 Chapter 35 Remote Management 324 35 1 Remote Ma...

Страница 21: ...ns 349 38 4 2 ActiveX Controls in Internet Explorer 351 Appendix A Product Specifications 354 Appendix B Wall mounting Instructions 358 Appendix C Setting up Your Computer s IP Address 360 Windows 95...

Страница 22: ...398 Telephone Microfilters 398 Prestige With ISDN 399 Appendix J PPPoE 402 PPPoE in Action 402 Benefits of PPPoE 402 Traditional Dial up Scenario 402 How PPPoE Works 403 Prestige as a PPPoE Client 40...

Страница 23: ...23 Table of Contents Appendix M Internal SPTGEN 430 Internal SPTGEN Overview 430 The Configuration Text File Format 430 Internal SPTGEN FTP Download Example 431 Internal SPTGEN FTP Upload Example 432...

Страница 24: ...d Setup Connection Tests 60 Figure 15 LAN and WAN IP Addresses 62 Figure 16 Any IP Example 67 Figure 17 LAN Setup 68 Figure 18 Wireless LAN 72 Figure 19 Wireless Security Methods 73 Figure 20 Wireless...

Страница 25: ...all Example Edit Rule Select Customized Services 145 Figure 60 Firewall Example Rule Summary My Service 146 Figure 61 Firewall Anti Probing 149 Figure 62 Firewall Threshold 151 Figure 63 Content Filte...

Страница 26: ...98 System Status 197 Figure 99 System Status Show Statistics 199 Figure 100 DHCP Table 200 Figure 101 Any IP Table 201 Figure 102 Association List 202 Figure 103 Diagnostic General 203 Figure 104 Diag...

Страница 27: ...Internet Access 255 Figure 142 Applying NAT in Menus 4 11 3 255 Figure 143 Menu 15 NAT Setup 256 Figure 144 Menu 15 1 Address Mapping Sets 257 Figure 145 Menu 15 1 255 SUA Address Mapping Rules 257 Fi...

Страница 28: ...intenance Status 297 Figure 189 Menu 24 2 System Information and Console Port Speed 298 Figure 190 Menu 24 2 1 System Maintenance Information 299 Figure 191 Menu 24 2 2 System Maintenance Change Conso...

Страница 29: ...Controls 353 Figure 233 WIndows 95 98 Me Network Configuration 361 Figure 234 Windows 95 98 Me TCP IP Properties IP Address 362 Figure 235 Windows 95 98 Me TCP IP Properties DNS Configuration 363 Figu...

Страница 30: ...figuration 403 Figure 262 Prestige as a PPPoE Client 403 Figure 263 Displaying Log Categories Example 418 Figure 264 Displaying Log Parameters Example 418 Figure 265 Peer to Peer Communication in an A...

Страница 31: ...P 660H HW W T Series User Guide 31 List of Figures...

Страница 32: ...eless LAN 802 1x WPA No Access Authentication 80 Table 16 Wireless LAN 802 1x WPA 802 1x 81 Table 17 Wireless LAN 802 1x WPA WPA 83 Table 18 Wireless LAN 802 1x WPA WPA PSK 84 Table 19 Local User Data...

Страница 33: ...ement Class Setup 190 Table 58 Media Bandwidth Management Class Configuration 191 Table 59 Services and Port Numbers 192 Table 60 Media Bandwidth Management Statistics 193 Table 61 Media Bandwidth Man...

Страница 34: ...nent Virtual Circuits 289 Table 102 Menu 23 2 System Security RADIUS Server 291 Table 103 Menu 23 4 System Security IEEE 802 1x 293 Table 104 Menu 14 1 Edit Dial in User 295 Table 105 Menu 24 1 System...

Страница 35: ...406 Table 144 Packet Filter Logs 406 Table 145 ICMP Logs 407 Table 146 CDR Logs 407 Table 147 PPP Logs 407 Table 148 UPnP Logs 408 Table 149 Content Filtering Logs 408 Table 150 Attack Logs 409 Table...

Страница 36: ...erver Setup SMT Menu 15 442 Table 169 Menu 21 1 Filter Set 1 SMT Menu 21 1 444 Table 170 Menu 21 1 Filer Set 2 SMT Menu 21 1 447 Table 171 Menu 23 System Menus SMT Menu 23 452 Table 172 Menu 24 11 Rem...

Страница 37: ...P 660H HW W T Series User Guide 37 List of Tables...

Страница 38: ...Not all features can be configured through all interfaces Syntax Conventions Enter means for you to type one or more characters Select or Choose means for you to use one predefined choices The SMT me...

Страница 39: ...s and additional support documentation User Guide Feedback Help us help you E mail all User Guide related comments questions or suggestions for improvement to techwriters zyxel com tw or send regular...

Страница 40: ...pstream capacity Asymmetrical services ADSL are suitable for Internet users because more information is usually downloaded than uploaded For example a simple button click in a web browser can start an...

Страница 41: ...P 660H HW W T Series User Guide 41 Introduction to DSL...

Страница 42: ...device that works over ISDN Integrated Services Digital Network Models ending in 7 denote a device that works over T ISDN UR 2 Note Only use firmware for your Prestige s specific model Refer to the l...

Страница 43: ...Internet and the Prestige without changing the network settings such as IP address and subnet mask of the computer when the IP addresses of the computer and the Prestige are not in the same subnet Fi...

Страница 44: ...work for example a public IP address used on the Internet Dynamic DNS Support With Dynamic DNS support you can have a static hostname alias for a dynamic IP address allowing the host to be more easily...

Страница 45: ...eaning that you can have both IEEE 802 11b and IEEE 802 11g wireless clients in the same wireless network Note The Prestige may be prone to RF Radio Frequency interference from other 2 4 GHz devices s...

Страница 46: ...n the Prestige allows wireless clients access to your network resources The Prestige provides protection from attacks by Internet hackers By default the firewall blocks all incoming traffic from the W...

Страница 47: ...tion Blinking The Prestige is sending receiving data Amber On The Prestige has a successful 100Mb Ethernet connection Blinking The Prestige is sending receiving data Off The LAN is not connected WLAN...

Страница 48: ...XP SP Service Pack 2 JavaScripts enabled by default Java permissions enabled by default See the chapter on troubleshooting if you need to make sure these functions are allowed in Internet Explorer 2...

Страница 49: ...Note The Prestige automatically times out after five minutes of inactivity Simply log back into the Prestige if this happens to you 2 1 2 Resetting the Prestige If you forget your password or cannot a...

Страница 50: ...rmware and back up restore or upload a configuration file Click Site Map to go to the Site Map screen Click Logout in the navigation panel when you have finished a Prestige management session Figure 5...

Страница 51: ...ch to apply the rule Rule Summary This screen shows a summary of the firewall rules and allows you to edit add a firewall rule Anti Probing Use this screen to change your anti probing settings Thresho...

Страница 52: ...Protocol related information and is READ ONLY Any IP Table Use this screen to view the IP and MAC addresses of LAN computers communicating with the Prestige Wireless LAN P 660W P 660HW only Associati...

Страница 53: ...d Type the default password or the existing password you use to access the system in this field New Password Type the new password in this field Retype to Confirm Type the new password again in this f...

Страница 54: ...troduction Use the Wizard Setup screens to configure your system for Internet access with the information given to you by your ISP Note See the advanced menu chapters for background information on the...

Страница 55: ...drop down list box Choices vary depending on what you select in the Mode field If you select Bridge in the Mode field select either PPPoA or RFC 1483 If you select Routing in the Mode field select PPP...

Страница 56: ...Connection Select Connect on Demand when you don t want the connection up all the time and specify an idle time out in seconds in the Max Idle Timeout field The default setting selects Connection on...

Страница 57: ...matically if you have a dynamic IP address otherwise select Static IP Address and type your ISP assigned IP address in the IP Address text box below Subnet Mask Enter a subnet mask in dotted decimal n...

Страница 58: ...and type your ISP assigned IP address in the IP Address text box below Connection Select Connect on Demand when you don t want the connection up all the time and specify an idle time out in seconds i...

Страница 59: ...n the Prestige click Change LAN Configurations Otherwise click Save Settings to save the configuration and skip to the section 3 13 Figure 12 Internet Access Wizard Setup Third Screen If you want to c...

Страница 60: ...P address of your Prestige in dotted decimal notation for example 192 168 1 1 factory default If you changed the Prestige s LAN IP address you must use the new IP address if you want to access the web...

Страница 61: ...P 660H HW W T Series User Guide 61 Chapter 3 Wizard Setup for Internet Access...

Страница 62: ...the immediate area usually the same building or floor of a building The LAN screens can help you configure a LAN DHCP server and manage IP addresses See Section 4 3 on page 68 to configure the LAN sc...

Страница 63: ...s up If your ISP gives you the DNS server addresses enter them in the DNS Server fields in DHCP Setup otherwise leave them blank Some ISP s choose to pass the DNS servers using the DNS server extensio...

Страница 64: ...then most likely you have a single user account and the ISP will assign you a dynamic IP address when the connection is established If this is the case it is recommended that you select a network numb...

Страница 65: ...lines above For more information on address assignment please refer to RFC 1597 Address Allocation for Private Internets and RFC 1466 Guidelines for Management of IP Address Space 4 2 2 RIP Setup RIP...

Страница 66: ...all directly connected networks to gather group membership After that the Prestige periodically updates this information IP multicasting can be enabled disabled on the Prestige LAN and or WAN interfac...

Страница 67: ...uter tries to access the Internet for the first time through the Prestige 1 When a computer which is in a different subnet first attempts to access the Internet it sends packets to its default gateway...

Страница 68: ...ult gateway and DNS servers to Windows 95 Windows NT and other systems that support the DHCP client If set to None the DHCP server will be disabled If set to Relay the Prestige acts as a surrogate DHC...

Страница 69: ...the RIP version from RIP 1 RIP 2B and RIP 2M Multicast IGMP Internet Group Multicast Protocol is a network layer protocol used to establish membership in a multicast group The Prestige supports both I...

Страница 70: ...access points and the wired network Wireless security methods available on the Prestige are data encryption wireless client authentication restricting access by device MAC address and hiding the Prest...

Страница 71: ...2 3 Restricted Access The MAC Filter screen allows you to configure the AP to give exclusive access to devices Allow Association or exclude them from accessing the AP Deny Association 5 2 4 Hide Pres...

Страница 72: ...If you configure WEP you can t configure WPA or WPA PSK MAC Filter Click this link to go to a screen where you can restrict access to your wireless network by MAC address 802 1x WPA Click this link t...

Страница 73: ...Configuring the Wireless Screen 5 4 1 WEP Encryption WEP encryption scrambles the data transmitted between the wireless stations and the access points to keep network communications private It encryp...

Страница 74: ...cluding spaces alphabetic characters are case sensitive Hide ESSID Select Yes to hide the ESSID in so a station cannot obtain the ESSID through AP scanning Select No to make the ESSID visible so a sta...

Страница 75: ...ate four different WEP keys At the time of writing you cannot use passphrase to generate 256 bit WEP keys Generate After you enter the passphrase click Generate to have the Prestige generate four diff...

Страница 76: ...e describes the fields in this menu Table 14 MAC Filter LABEL DESCRIPTION Active Select Yes from the drop down list box to enable MAC address filtering Action Define the filter action for the list of...

Страница 77: ...t enter identical passwords into the AP and all wireless clients The Pre Shared Key PSK must be between 8 and 63 printable characters including spaces alphabetic characters are case sensitive 2 The AP...

Страница 78: ...system wired link to the LAN 1 The AP passes the wireless client s authentication request to the RADIUS server 2 The RADIUS server then checks the user s identification against its database and grants...

Страница 79: ...ity to Windows XP s built in Zero Configuration wireless client However you must run Windows XP to use it See Section 5 7 3 on page 82 and Section 5 7 4 on page 84 for configuration instruction 5 7 Co...

Страница 80: ...network select a control method from the drop down list box Choose from No Access Allowed No Authentication Required and Authentication Required No Access Allowed blocks all wireless stations access...

Страница 81: ...creen Figure 26 Wireless LAN 802 1x WPA 802 1xl The following table describes the labels in this screen Table 16 Wireless LAN 802 1x WPA 802 1x LABEL DESCRIPTION Wireless Port Control To control wirel...

Страница 82: ...ication Databases The authentication database contains wireless station login information The local user database is the built in database on the Prestige The RADIUS is an external server Use this dro...

Страница 83: ...group traffic if the Key Management Protocol is WPA and WPA Mixed Mode is disabled WEP is used automatically if you have enabled WPA Mixed Mode All unicast traffic is automatically encrypted by TKIP w...

Страница 84: ...agement Protocol Choose WPA PSK in this field Pre Shared Key The encryption mechanisms used for WPA and WPA PSK are the same The only difference between the two is that WPA PSK uses a simple common pa...

Страница 85: ...ess LAN Local User Database The screen appears as shown Group Data Privacy Group Data Privacy allows you to choose TKIP recommended or WEP for broadcast and multicast group traffic if the Key Manageme...

Страница 86: ...er name of up to 31 alphanumeric characters case sensitive hyphens and underscores _ if you re using MD5 encryption and maximum 14 if you re using PEAP Password Enter a password of up to 31 printable...

Страница 87: ...tted decimal notation Port Number The default port of the RADIUS server for authentication is 1812 You need not change this value unless your network administrator instructs you to do so with addition...

Страница 88: ...a password up to 31 alphanumeric characters as the key to be shared between the external accounting server and the access points The key is not sent over the network This key must be the same on the e...

Страница 89: ...P 660H HW W T Series User Guide 89 Chapter 5 Wireless LAN...

Страница 90: ...ateway field in the second wizard screen You can get this information from your ISP 6 1 1 2 PPP over Ethernet PPPoE provides access control and billing functionality in a manner similar to dial up ser...

Страница 91: ...ing information being contained in each packet header Despite the extra bandwidth and processing overhead this method may be advantageous if it is not practical to have a separate VC for each carried...

Страница 92: ...n is down A nailed up connection can be very expensive for obvious reasons Do not specify a nailed up connection unless your telephone company offers flat rate service or you need a constant connectio...

Страница 93: ...vice provider PPPoE offers an access and authentication method that works with existing access control systems for example Radius PPPoE provides a login and authentication method that the existing Mic...

Страница 94: ...s time more cells up to the MBS can be sent at the PCR again If the PCR SCR or MBS is set to the default of 0 the system will assign a maximum value that correlates to your upstream line rate The foll...

Страница 95: ...n 6 7 Configuring WAN Setup To change your Prestige s WAN remote node settings click WAN and WAN Setup The screen differs by the encapsulation See Section 6 1 on page 90 for more information Table 21...

Страница 96: ...ds in this screen Table 22 WAN Setup LABEL DESCRIPTION Name Enter the name of your Internet Service Provider e g MyISP This information is for identification purposes only Mode Select Routing default...

Страница 97: ...ll Rate PCR This is the maximum rate at which the sender can send cells Type the PCR here Sustain Cell Rate The Sustain Cell Rate SCR sets the average cell rate long term that can be transmitted Type...

Страница 98: ...e to NAT for application where NAT is not appropriate Disable PPPoE pass through if you do not need to allow hosts on the LAN to use PPPoE client software on their computers to connect to the ISP Subn...

Страница 99: ...three logical networks with the Prestige itself as the gateway for each LAN network Put the protected LAN in one subnet Subnet 1 in the following figure and the backup gateway in another subnet Subnet...

Страница 100: ...er traffic redirect or dial backup you must configure at least one IP address here When using a WAN backup connection the Prestige periodically pings the addresses configured here and uses the other W...

Страница 101: ...irect you must configure at least one Check WAN IP Address Metric This field sets this route s priority among the routes the Prestige uses The metric represents the cost of transmission A router deter...

Страница 102: ...fers to the IP address of a host when the packet is in the local network while the global address refers to the IP address of the host when the same packet is traveling in the WAN side Note that insid...

Страница 103: ...105 NAT offers the additional benefit of firewall protection With no servers defined your Prestige filters out all incoming inquiries thus preventing intruders from probing your network For more info...

Страница 104: ...NAT Works 7 1 4 NAT Application The following figure illustrates a possible NAT application where three inside LANs logical LANs using IP Alias behind the Prestige can communicate with three distinct...

Страница 105: ...e Prestige maps the multiple local IP addresses to shared global IP addresses Many to Many No Overload In Many to Many No Overload mode the Prestige maps each local IP address to a unique global IP ad...

Страница 106: ...t 80 and FTP on port 21 In some cases such as for unknown services or where one server can support more than one service for example both FTP and web service it might be better to specify a range of p...

Страница 107: ...st on the Internet IP address assigned by ISP Figure 39 Multiple Servers Behind NAT Example 7 4 Selecting the NAT Mode You must create a firewall rule in addition to setting up SUA NAT to allow traffi...

Страница 108: ...n page 106 for more information See Table 26 on page 106 for port numbers commonly used for particular services Table 27 NAT Mode LABEL DESCRIPTION None Select this radio button to disable NAT SUA Onl...

Страница 109: ...of ports enter the start port number here and the end port number in the End Port No field End Port No Enter a port number in this field To forward only one port enter the port number again in the Sta...

Страница 110: ...e your Prestige s address mapping settings click NAT Select Full Feature and click Edit Details to open the following screen Figure 42 Address Mapping Rules The following table describes the fields in...

Страница 111: ...e local IP addresses to one global IP address This is equivalent to SUA i e PAT port address translation ZyXEL s Single User Account feature that previous ZyXEL routers supported only M M Ov Overload...

Страница 112: ...ype allows you to specify inside servers of different services behind the NAT to be accessible to the outside world Local Start IP This is the starting local IP address ILA Local IP addresses are N A...

Страница 113: ...13 Chapter 7 Network Address Translation NAT Screens Cancel Click Cancel to return to the previously saved settings Delete Click Delete to exit this screen without saving Table 30 Edit Address Mapping...

Страница 114: ...u even if they don t know your IP address First of all you need to have registered a dynamic DNS account with www dyndns org This is for people with a dynamic IP from their ISP or DHCP server that wou...

Страница 115: ...ovider This is the name of your Dynamic DNS service provider Host Names Type the domain name assigned to your Prestige by your Dynamic DNS provider E mail Address Type your e mail address User Type yo...

Страница 116: ...screen to configure the Prestige s time and date settings 9 1 Configuring Time and Date To change your Prestige s time and date click Time And Date The screen appears as shown Use this screen to conf...

Страница 117: ...the month and day that your daylight savings time starts on if you selected Daylight Savings End Date Enter the month and day that your daylight savings time ends on if you selected Daylight Savings...

Страница 118: ...never be the only mechanism or method employed For a firewall to guard effectively you must design and deploy it appropriately This requires integrating the firewall into a broad information security...

Страница 119: ...strict access by screening data packets against defined access rules They make access control decisions based on IP address and protocol They also inspect the session data to assure the integrity of t...

Страница 120: ...red to automatically detect and thwart all known DoS attacks 10 4 1 Basics Computers share information over the Internet using a common language called TCP IP TCP IP in turn is a set of application pr...

Страница 121: ...hang or reboot Teardrop attack exploits weaknesses in the re assembly of IP packet fragments As data is transmitted through a network IP packets are often broken up into smaller chunks Each fragment...

Страница 122: ...n as a backlog queue SYN ACKs are moved off the queue only when an ACK comes back or when an internal timer which is set at relatively long intervals terminates the three way handshake Once the queue...

Страница 123: ...the intermediary network but will also congest the network of the spoofed source IP address known as the victim network This flood of broadcast traffic consumes all available bandwidth making communi...

Страница 124: ...er or firewall The Prestige blocks all IP Spoofing attempts 10 5 Stateful Inspection With stateful inspection fields of the packets are compared to packets that are already known to be trusted For exa...

Страница 125: ...rmine and record information about the state of the packet s connection This information is recorded in a new state table entry created for the new connection If there is not a firewall rule for this...

Страница 126: ...wall rules is a very powerful tool Using custom rules it is possible to disable all firewall protection or block all access to the Internet Use extreme caution when creating or deleting firewall rules...

Страница 127: ...d in through the firewall simply because they are too dangerous and contain too little tracking information For instance ICMP redirect packets are never allowed in since they could be used to reroute...

Страница 128: ...ckers to crack your system Turn your computer off when not in use Never give out a password or any sensitive information to an unsolicited telephone call or e mail Never e mail sensitive information s...

Страница 129: ...work B If the filter blocks the traffic from A to B it also blocks the traffic from B to A Filters can not distinguish traffic originating from an inside host or an outside host by IP address To block...

Страница 130: ...between inside host networks and outside host networks Remember that filters can not distinguish traffic originating from an inside host or an outside host by IP address The firewall performs better...

Страница 131: ...P 660H HW W T Series User Guide 131 Chapter 10 Firewalls...

Страница 132: ...tion of travel of packets to which they apply Note The LAN includes both the LAN port and the WLAN By default the Prestige s stateful packet inspection allows packets traveling in the following direct...

Страница 133: ...w Note Study these points carefully before configuring rules 11 3 1 Rule Checklist State the intent of the rule For example This restricts all IRC access from the LAN to the Internet Or This allows a...

Страница 134: ...s 11 3 3 3 Source Address What is the connection s source address is it on the LAN WAN Is it a single IP a range of IPs or a subnet 11 3 3 4 Destination Address What is the connection s destination ad...

Страница 135: ...il account that you specify in the Log Settings screen see the chapter on logs 11 5 Configuring Default Firewall Policy Click Firewall and then Default Policy to display the following screen Activate...

Страница 136: ...ts to which they apply For example LAN to LAN Router means packets traveling from a computer subnet on the LAN to either another computer subnet on the LAN interface of the Prestige or the Prestige it...

Страница 137: ...fic traveling in the selected packet direction The firewall rules that you configure summarized below take priority over the general firewall action settings above Rule This is your firewall rule numb...

Страница 138: ...r a log is created when packets match this rule Enabled or not Disable Alert This field tells you whether this rule generates an alert Yes or not No when the rule is matched Insert Append Type the ind...

Страница 139: ...P 660H HW W T Series User Guide 139 Chapter 11 Firewall Configuration Figure 53 Firewall Edit Rule The following table describes the labels in this screen...

Страница 140: ...move it Services Available Selected Services Please see Section 11 10 on page 146 for more information on services available Highlight a service from the Available Services box on the left then click...

Страница 141: ...ll Customized Services The following table describes the labels in this screen 11 8 Configuring A Customized Service Click a rule number in the Firewall Customized Services screen to create a new cust...

Страница 142: ...figure Customized Services LABEL DESCRIPTION Service Name Type a unique name for your custom port Service Type Choose the IP port TCP UDP or TCP UDP that defines your customized port from the drop dow...

Страница 143: ...number for where you want to put the rule For example if you type 6 your new rule becomes number 6 and the previous rule 6 if there is one becomes rule 7 4 Click Insert to display the firewall rule c...

Страница 144: ...es link to open the Customized Service screen 8 Click an index number to display the Customized Services Config screen and configure the screen as follows and click Apply Figure 58 Edit Custom Port Ex...

Страница 145: ...ect Customized Services Note Custom ports show up with an before their names in the Services list box and the Rule Summary list box Click Apply after you ve created your custom port On completing the...

Страница 146: ...he IP protocol type TCP UDP or ICMP The second field indicates the IP port number that defines the service Note that there may be more than one IP protocol type For example look at the default configu...

Страница 147: ...cast Protocol is used when sending packets to a specific group of hosts NEWS TCP 144 A protocol for news groups NFS UDP 2049 Network File System NFS is a client server distributed file service that pr...

Страница 148: ...DP 161 Simple Network Management Program SNMP TRAPS TCP UDP 162 Traps for use with the SNMP RFC 1215 SQL NET TCP 1521 Structured Query Language is an interface to access data on many different types o...

Страница 149: ...es Select this option to prevent hackers from finding the Prestige by probing for unused ports If you select this option the Prestige will not respond to port request s for unused ports thus leaving t...

Страница 150: ...gure 47 on page 122 For UDP half open means that the firewall has detected no return traffic The Prestige measures both the total number of existing half open sessions and the rate of session establis...

Страница 151: ...mber of half open sessions to a given host will never exceed the threshold If the Blocking Time timeout is greater than 0 then the Prestige blocks all new connection requests to the host giving the se...

Страница 152: ...equests as necessary until the number of existing half open sessions drops below this number 80 existing half open sessions Maximum Incomplete High This is the number of existing half open sessions th...

Страница 153: ...block new connection requests when TCP Maximum Incomplete is reached Enter the length of blocking time in minutes between 1 and 256 Back Click Back to return to the previous screen Apply Click Apply t...

Страница 154: ...sted IP addresses on the LAN for which the Prestige will not perform content filtering 12 2 The Main Content Filter Screen Click Content Filter to display the main Content Filtering screen Figure 63 C...

Страница 155: ...k box to enable this feature Block Websites that contain these keywords in the URL This box contains the list of all the keywords that you have configured the Prestige to block Delete Highlight a keyw...

Страница 156: ...LAN from content filtering on your Prestige click Content Filter and Trusted The screen appears as shown Table 47 Content Filter Schedule LABEL DESCRIPTION Days to Block Select a check box to configu...

Страница 157: ...beginning IP address of a specific range of computers on the LAN that you want to exclude from content filtering To Type the ending IP address of a specific range of users on your LAN that you want to...

Страница 158: ...r Prestige from a remote location via Internet WAN only ALL LAN and WAN LAN only Neither Disable When you Choose WAN only or ALL LAN WAN you still need to configure a firewall rule to allow access To...

Страница 159: ...ave one remote management session running at one time There is a firewall rule that blocks it 13 1 2 Remote Management and NAT When NAT is enabled Use the Prestige s WAN IP address when configuring fr...

Страница 160: ...in this screen Table 49 Remote Management LABEL DESCRIPTION Server Type Each of these labels denotes a service that you may use to remotely manage the Prestige Access Status Select the access interfac...

Страница 161: ...P 660H HW W T Series User Guide 161 Chapter 13 Remote Management Configuration...

Страница 162: ...How do I know if I m using UPnP UPnP hardware is identified as an icon in the Network Connections folder Windows XP Each UPnP compatible device installed on your network will appear as a separate ico...

Страница 163: ...UPnP certification from the Universal Plug and Play Forum Creates UPnP Implementers Corp UIC ZyXEL s UPnP implementation supports IGD 1 0 Internet Gateway Device At the time of writing ZyXEL s UPnP im...

Страница 164: ...tige s IP address although you must still enter the password to access the web configurator Allow users to make configuration changes through UPnP Select this check box to allow UPnP enabled applicati...

Страница 165: ...etup Communication 3 In the Communications window select the Universal Plug and Play check box in the Components selection box Figure 71 Add Remove Programs Windows Setup Communication Components 4 Cl...

Страница 166: ...ws XP 1 Click Start and Control Panel 2 Double click Network Connections 3 In the Network Connections window click Advanced in the main menu and select Optional Networking Components Figure 72 Network...

Страница 167: ...HW W T Series User Guide 167 Chapter 14 Universal Plug and Play UPnP Figure 73 Windows Optional Networking Components Wizard 5 In the Networking Services window select the Universal Plug and Play che...

Страница 168: ...ection shows you how to use the UPnP feature in Windows XP You must already have UPnP installed in Windows XP and UPnP activated on the Prestige Make sure the computer is connected to a LAN port of th...

Страница 169: ...Series User Guide 169 Chapter 14 Universal Plug and Play UPnP Figure 75 Network Connections 3 In the Internet Connection Properties window click Settings to see the port mappings there were automatic...

Страница 170: ...660H HW W T Series User Guide Chapter 14 Universal Plug and Play UPnP 170 Figure 76 Internet Connection Properties 4 You may edit or delete the port mappings or click Add to manually add port mapping...

Страница 171: ...rties Advanced Settings Figure 78 Internet Connection Properties Advanced Settings Add 5 When the UPnP enabled device is disconnected from your computer all port mappings will be deleted automatically...

Страница 172: ...tion Status Web Configurator Easy Access With UPnP you can access the web based configurator on the Prestige without finding out the IP address of the Prestige first This comes helpful if you do not k...

Страница 173: ...versal Plug and Play UPnP Figure 81 Network Connections 4 An icon with the description for each UPnP enabled device displays under Local Network 5 Right click on the icon for your Prestige and select...

Страница 174: ...ay UPnP 174 Figure 82 Network Connections My Network Places 6 Right click on the icon for your Prestige and select Properties A properties window displays with basic information about the Prestige Fig...

Страница 175: ...P 660H HW W T Series User Guide 175 Chapter 14 Universal Plug and Play UPnP...

Страница 176: ...control and attempted access to blocked web sites Some categories such as System Errors consist of both logs and alerts You may differentiate them by their color in the View Log screen Alerts display...

Страница 177: ...rver name or the IP address of the mail server for the e mail addresses specified below If this field is left blank logs and alert messages will not be sent via e mail Mail Subject Type a title that y...

Страница 178: ...log server Refer to the documentation of your syslog program for more details Send Log Log Schedule This drop down menu is used to configure the frequency of log messages being sent as E mail Daily We...

Страница 179: ...This field displays the time the log was recorded Message This field states the reason for the log Source This field lists the source IP address and the port number of the incoming packet Destination...

Страница 180: ...Prestige Date Fri 07 Apr 2000 10 05 42 From user zyxel com To user zyxel com 1 Apr 7 00 From 192 168 1 1 To 192 168 1 255 default policy forward 09 54 03 UDP src port 00520 dest port 00520 1 00 2 Apr...

Страница 181: ...P 660H HW W T Series User Guide 181 Chapter 15 Logs Screens...

Страница 182: ...antee delivery Bandwidth management also allows you to configure the allowed output for an interface to match what the network can handle This helps reduce delays and dropped packets at the next routi...

Страница 183: ...not exceed the configured bandwidth budget speed of the parent class 16 3 Proportional Bandwidth Allocation Bandwidth management allows you to define how much bandwidth each class gets however the act...

Страница 184: ...wing example uses bandwidth classes based on LAN subnets and applications specific applications in each subnet are allotted bandwidth Figure 89 Application and Subnet based Bandwidth Management Exampl...

Страница 185: ...is not using among the bandwidth classes that require more bandwidth When you enable maximize bandwidth usage the Prestige first makes sure that each bandwidth class gets up to its bandwidth allotment...

Страница 186: ...e classes that require more bandwidth Therefore the Prestige divides a total of 3 Mbps total of unbudgeted and unused bandwidth among the classes that require more bandwidth In this case suppose that...

Страница 187: ...The Prestige uses the scheduler to divide a parent class s unused bandwidth among the child classes 16 7 1 Maximize Bandwidth Usage With Bandwidth Borrowing If you configure both maximize bandwidth us...

Страница 188: ...16 9 Configuring Summary Click Media Bandwidth Management Summary to open the screen as shown next Enable bandwidth management on an interface and set the maximum allowed bandwidth for that interface...

Страница 189: ...as the bandwidth budget of the interface s root class The recommendation is to set this speed to match what the interface s connection can handle For example set the WAN interface speed to 10000 kbps...

Страница 190: ...mple classes Figure 94 Media Bandwidth Management Class Setup The following table describes the labels in this screen 16 10 1 Media Bandwidth Management Class Configuration Configure a bandwidth manag...

Страница 191: ...ass Priority Enter a number between 0 and 7 to set the priority of this class The higher the number the higher the priority The default setting is 3 Borrow bandwidth from parent class Select this opti...

Страница 192: ...you select None the bandwidth class applies to all services unless you specify one by configuring the Destination Port Source Port and Protocol ID fields Destination IP Address Enter the destination...

Страница 193: ...110 NNTP Network News Transport Protocol 119 SNMP Simple Network Management Protocol 161 SNMP trap 162 PPTP Point to Point Tunneling Protocol 1723 Table 59 Services and Port Numbers SERVICES PORT NUMB...

Страница 194: ...the new update period you entered in the Update Period field above Stop Update Click Stop Update to stop the browser from refreshing bandwidth management statistics Clear Counter Click Clear Counter...

Страница 195: ...P 660H HW W T Series User Guide 195 Chapter 16 Media Bandwidth Management Advanced Setup...

Страница 196: ...ffic statistics 17 1 Maintenance Overview The maintenance screens can help you view system information upload new firmware manage configuration and restart your Prestige 17 2 System Status Screen Clic...

Страница 197: ...hapter 17 Maintenance Figure 98 System Status The following table describes the fields in this screen Table 62 System Status LABEL DESCRIPTION System Status System Name This is the name of your Presti...

Страница 198: ...if applicable VPI VCI This is the Virtual Path Identifier and Virtual Channel Identifier that you entered in the first Wizard screen LAN Information MAC Address This is the MAC Media Access Control or...

Страница 199: ...RFC 1483 and PPPoE Interface This field displays the type of port Status For the WAN port this displays the port speed and duplex setting if you re using Ethernet encapsulation and down line is down...

Страница 200: ...MAC Address of all network clients using the DHCP server Figure 100 DHCP Table The following table describes the fields in this screen Poll Interval s Type the time interval for the browser to refresh...

Страница 201: ...ssociation List This screen displays the MAC address es of the wireless stations that are currently logged in to the network Click Wireless LAN and then Association List to open the screen shown next...

Страница 202: ...tion List LABEL DESCRIPTION This is the index number of an associated wireless station MAC Address This field displays the MAC Media Access Control address of an associated wireless station Every Ethe...

Страница 203: ...le 67 Diagnostic General LABEL DESCRIPTION TCP IP Address Type the IP address of a computer that you want to ping in order to test a connection Ping Click this button to ping the IP address that you e...

Страница 204: ...atus Click this button to view ATM status ATM Loopback Test Click this button to start the ATM loopback test Make sure you have configured at least one PVC with proper VPIs VCIs before you begin this...

Страница 205: ...to upload firmware to your Prestige Figure 105 Firmware Upgrade The following table describes the labels in this screen Note Do NOT turn off the Prestige while firmware upload is in progress After yo...

Страница 206: ...In some operating systems you may see the following icon on your desktop Figure 106 Network Temporarily Disconnected After two minutes log in again and check your new firmware version in the System St...

Страница 207: ...P 660H HW W T Series User Guide 207 Chapter 17 Maintenance...

Страница 208: ...estige 1 In Windows click Start usually in the bottom left corner Run and then type telnet 192 168 1 1 the default IP address and click OK 2 Enter 1234 in the Password field 3 After entering the passw...

Страница 209: ...le 11 3 Remote Node Network Layer Options 11 5 Remote Node Filter 11 6 Remote Node ATM Layer Options 11 8 Advance Setup Options PPPoE passthrough 12 Static Routing Setup 12 1 Edit Static Route Setup 1...

Страница 210: ...agement 24 10 Time and Date Setting 24 11 Remote Management Control 25 IP Routing Policy Setup 25 1 IP Routing Policy Setup 25 1 1 IP Routing Policy 26 Schedule Setup 26 1 Schedule Set Setup Table 70...

Страница 211: ...onfiguration by pressing ENTER at the message Press ENTER to confirm or ESC to cancel Saving the data on the screen will take you in most cases to the previous menu Exit the SMT Type 99 then press ENT...

Страница 212: ...up the Remote Node for LAN to LAN connection including Internet connection 12 Static Routing Setup Use this menu to set up static routes 14 Dial in User Setup Use this menu to set up local user profil...

Страница 213: ...P 660H HW W T Series User Guide 213 Chapter 18 Introducing the SMT Note Note that as you type a password the screen displays an for each character you type...

Страница 214: ...indows 2000 click Start Settings Control Panel and then double click System Click the Network Identification tab and then the Properties button Note the entry for the Computer name field and enter it...

Страница 215: ...ocation up to 31 characters of your Prestige Contact Person s Name optional Enter the name up to 30 characters of the person in charge of this Prestige Domain Name Enter the domain name if you know it...

Страница 216: ...our dynamic DNS service provider Active Press SPACE BAR to select Yes and then press ENTER to make dynamic DNS active Host Enter the domain name assigned to your Prestige by your dynamic DNS provider...

Страница 217: ...P 660H HW W T Series User Guide 217 Chapter 19 Menu 1 General Setup...

Страница 218: ...pAlive Fail Tolerance 0 Recovery Interval sec 0 ICMP Timeout sec 0 Traffic Redirect No Press ENTER to Confirm or ESC to Cancel Table 76 Menu 2 WAN Backup Setup FIELD DESCRIPTION Check Mechanism Press...

Страница 219: ...e if your destination IP address handles lots of traffic ICMP Timeout Type the number of seconds for an ICMP session to wait for the ICMP response Traffic Redirect Press SPACE BAR to select Yes or No...

Страница 220: ...th the lowest cost RIP routing uses hop count as the measurement of cost with a minimum of 1 for directly connected networks The number must be between 1 and 15 a number greater than 15 means the link...

Страница 221: ...P 660H HW W T Series User Guide 221 Chapter 20 Menu 2 WAN Backup Setup...

Страница 222: ...pply to the Ethernet traffic You seldom need to filter Ethernet traffic however the filter sets may be useful to block certain packets reduce traffic and prevent security breaches Figure 115 Menu 3 1...

Страница 223: ...the main menu to display Menu 3 LAN Setup When menu 3 appears press 2 and press ENTER to display Menu 3 2 TCP IP and DHCP Ethernet Setup as shown next Figure 116 Menu 3 2 TCP IP and DHCP Ethernet Setu...

Страница 224: ...HCP Serve If Relay is selected in the DHCP field above then enter the IP address of the actual remote DHCP server here Table 79 TCP IP Ethernet Setup FIELD DESCRIPTION TCP IP Setup IP Address Enter th...

Страница 225: ...P 660H HW W T Series User Guide 225 Chapter 21 Menu 3 LAN Setup...

Страница 226: ...u 3 5 Wireless LAN Setup The following table describes the fields in this menu Menu 3 5 Wireless LAN Setup ESSID Wireless Hide ESSID No Channel ID CH06 2437MHz RTS Threshold 2432 Frag Threshold 2432 W...

Страница 227: ...ovides data encryption to prevent wireless stations from accessing data transmitted over the wireless network Select Disable allows wireless stations to communicate with the access points without any...

Страница 228: ...0 00 00 00 11 00 00 00 00 00 00 23 00 00 00 00 00 00 12 00 00 00 00 00 00 24 00 00 00 00 00 00 Enter here to CONFIRM or ESC to CANCEL Table 81 Menu 3 5 1 WLAN MAC Address Filtering FIELD DESCRIPTION A...

Страница 229: ...P 660H HW W T Series User Guide 229 Chapter 22 Wireless LAN Setup...

Страница 230: ...based on the policy defined by the network administrator Policy based routing is applied to incoming packets on a per interface basis prior to the normal routing Create policies using SMT menu 25 and...

Страница 231: ...the second and third network Figure 120 Menu 3 2 TCP IP and DHCP Setup Pressing ENTER displays Menu 3 2 1 IP Alias Setup as shown next Menu 3 2 TCP IP and DHCP Setup DHCP Setup DHCP Server Client IP P...

Страница 232: ...LD DESCRIPTION IP Alias Choose Yes to configure the LAN network for the Prestige IP Address Enter the IP address of your Prestige in dotted decimal notation IP Subnet Mask Your Prestige will automatic...

Страница 233: ...Encapsulation Gateway IP address if you are using ENET ENCAP encapsulation From the main menu type 4 to display Menu 4 Internet Access Setup as shown next Figure 123 Menu 4 Internet Access Setup The f...

Страница 234: ...he mean cell rate of a bursty on off traffic source that can be sent at the peak rate and a parameter for burst traffic Type the SCR it must be less than the PCR Maximum Burst Size MBS 0 Refers to the...

Страница 235: ...P 660H HW W T Series User Guide 235 Chapter 23 Internet Access...

Страница 236: ...you are configuring one of the remote nodes You first choose a remote node in Menu 11 Remote Node Setup You can then edit that node s profile in menu 11 1 as well as configure specific settings in thr...

Страница 237: ...n Here are some examples of more suitable combinations in such an application 24 2 2 1 Scenario 1 One VC Multiple Protocols PPPoA RFC 2364 encapsulation with VC based multiplexing is the best combinat...

Страница 238: ...11 Encapsulation PPPoA refers to RFC 2364 PPP Encapsulation over ATM Adaptation Layer 5 If RFC 1483 Multiprotocol Encapsulation over ATM Adaptation Layer 5 of ENET ENCAP are selected then the Rem Logi...

Страница 239: ...s and press ENTER to display Menu 11 8 Advance Setup Options Telco Option Allocated Budget min This sets a ceiling for outgoing call time for this remote node The default for this field is 0 meaning n...

Страница 240: ...ble 85 Menu 11 3 Remote Node Network Layer Options FIELD DESCRIPTION IP Address Assignment Press SPACE BAR and then ENTER to select Dynamic if the remote node is using a dynamically assigned IP addres...

Страница 241: ...t for this link The number need not be precise but it must be between 1 and 15 In practice 2 or 3 is usually a good number Private This determines if the Prestige will include the route to this remote...

Страница 242: ...e Prestige and also to prevent certain packets from triggering calls You can specify up to 4 filter sets separated by comma for example 1 5 9 12 in each filter field Note that spaces are accepted in t...

Страница 243: ...xample VC1 will carry IP Separate VPI and VCI numbers must be specified for each protocol Figure 130 Menu 11 6 for VC based Multiplexing 24 5 2 LLC based Multiplexing or PPP Encapsulation For LLC base...

Страница 244: ...ct Yes then press ENTER to display Menu 11 8 Advance Setup Options Menu 11 6 Remote Node ATM Layer Options VPI VCI LLC Multiplexing or PPP Encapsulation VPI 0 VCI 38 ATM QoS Type UBR Peak Cell Rate PC...

Страница 245: ...t you can enable PPPoE pass through to allow up to ten hosts on the LAN to use PPPoE client software on their computers to connect to the ISP via the Prestige Each host can have a separate account and...

Страница 246: ...ch remote node specifies only the network to which the gateway is directly connected and the Prestige has no knowledge of the networks beyond For instance the Prestige knows about network N2 in the fo...

Страница 247: ...atic Route Menu 12 Static Route Setup 1 IP Static Route 3 Bridge Static Route Please enter selection Menu 12 1 IP Static Route Setup 1 ________ 2 ________ 3 ________ 4 ________ 5 ________ 6 ________ 7...

Страница 248: ...estination Gateway IP Address Type the IP address of the gateway The gateway is a router or switch on the same network segment as the device s LAN or WAN port The gateway helps forward packets to thei...

Страница 249: ...P 660H HW W T Series User Guide 249 Chapter 25 Static Route Setup...

Страница 250: ...protocol and it also demands more CPU cycles and memory For efficiency reasons do not turn on bridging unless you need to support protocols other than IP on your network For IP enable the routing if...

Страница 251: ...Options Authen N A Edit Filter Sets No Idle Timeout sec N A Press ENTER to Confirm or ESC to Cancel Menu 11 3 Remote Node Network Layer Options IP Options Bridge Options IP Address Assignment Static...

Страница 252: ...ancel Table 89 Menu 12 3 1 Edit Bridge Static Route FIELD DESCRIPTION Route This is the route index number you typed in Menu 12 3 Bridge Static Route Setup Route Name Type a name for the bridge static...

Страница 253: ...P 660H HW W T Series User Guide 253 Chapter 26 Bridging Setup...

Страница 254: ...ts two types of mapping Many to One and Server See Section 27 3 on page 256 or a detailed description of the NAT set for SUA The Prestige also supports Full Feature NAT to map multiple global IP addre...

Страница 255: ...options for Network Address Translation Menu 4 Internet Access Setup ISP s Name MyISP Encapsulation RFC 1483 Multiplexing LLC based VPI 8 VCI 35 ATM QoS Type UBR Peak Cell Rate PCR 0 Sustain Cell Rate...

Страница 256: ...er information on these menus To configure NAT enter 15 from the main menu to bring up the following screen Figure 143 Menu 15 NAT Setup 27 3 1 Address Mapping Sets Enter 1 to bring up Menu 15 1 Addre...

Страница 257: ...d only Menu 15 1 Address Mapping Sets 1 2 3 4 5 6 7 8 255 SUA read only Enter Menu Selection Number Menu 15 1 255 Address Mapping Rules Set Name Idx Local Start IP Local End IP Global Start IP Global...

Страница 258: ...End IP is the ending local IP address ILA If the rule is for all local IPs then the Start IP is 0 0 0 0 and the End IP is 255 255 255 255 Global Start IP This is the starting global IP address IGA If...

Страница 259: ...eld and then selecting a rule brings up the following menu Menu 15 1 1 1 Address Mapping Rule in which you can edit an individual rule and configure the Type Local and Global Start End IPs An End IP a...

Страница 260: ...e starting local IP address ILA End This is the ending local IP address ILA If the rule is for all local IPs then put the Start IP as 0 0 0 0 and the End IP as 255 255 255 255 This field is N A for On...

Страница 261: ...ing as an FTP Telnet and SMTP server ports 21 23 and 25 at 192 168 1 33 6 Press ENTER at the Press ENTER to confirm prompt to save your configuration after you define all the servers or press ESC at a...

Страница 262: ...he Many to One mapping discussed in Section 27 5 on page 261 The SUA Only read only option from the Network Address Translation field in menus 4 and 11 3 is specifically pre configured to handle this...

Страница 263: ...the other IGA Map the FTP servers to the first two IGAs and the other LAN traffic to the remaining IGA Map the third IGA to an inside web server and mail server Four rules need to be configured two b...

Страница 264: ...ose the Full Feature option from the Network Address Translation field in menu 4 or menu 11 3 inFigure 156 on page 265 1 Enter 15 from the main menu 2 Enter 1 to configure the Address Mapping Sets 3 E...

Страница 265: ...s IP Address Assignment Static Ethernet Addr Timeout min 0 Rem IP Addr 0 0 0 0 Rem Subnet Mask 0 0 0 0 My WAN Addr 0 0 0 0 NAT Full Feature Address Mapping Set 2 Metric 2 Private No RIP Direction Both...

Страница 266: ...Rules Set Name Example3 Idx Local Start IP Local End IP Global Start IP Global End IP Type 1 192 168 1 10 10 132 50 1 1 1 2 192 168 1 11 10 132 50 2 1 1 3 0 0 0 0 255 255 255 255 10 132 50 3 M 1 4 10...

Страница 267: ...ome gaming programs are NAT unfriendly because they embed addressing information in the data stream These applications won t work through NAT even when using One to One and Many to Many No Overload ma...

Страница 268: ...Menu 15 1 1 Address Mapping Rules Menu 15 1 1 Address Mapping Rules Set Name Example4 Idx Local Start IP Local End IP Global Start IP Global End IP Type 1 192 168 1 10 192 168 1 12 10 132 50 1 10 132...

Страница 269: ...P 660H HW W T Series User Guide 269 Chapter 27 Network Address Translation NAT...

Страница 270: ...prehensive firewall configuration tool your Prestige has to offer For this reason it is recommended that you configure your firewall using the web configurator see the following chapters for instructi...

Страница 271: ...attacks when it is active The default Policy sets 1 allow all sessions originating from the LAN to the WAN and 2 deny all sessions originating from the WAN to the LAN You may define additional Policy...

Страница 272: ...WAN side or the Ethernet side Call filtering is used to determine if a packet should be allowed to trigger a call Outgoing packets must undergo data filtering before they encounter call filtering Cal...

Страница 273: ...ming packets your Prestige applies data filters only Packets are processed depending on whether a match is found The following sections describe how to configure filter sets 29 1 1 The Filter Structur...

Страница 274: ...1 in menu 21 1 Figure 167 NetBIOS_WAN Filter Rules Summary Menu 21 1 Filter Set Configuration Filter Set Comments Set Comments 1 _______________ 7 _______________ 2 _______________ 8 _______________ 3...

Страница 275: ...f Value 01005e N D F 2 N 3 N 4 N 5 N 6 N Enter Filter Rule Number 1 6 to Configure Table 94 Abbreviations Used in the Filter Rules Summary Menu FIELD DESCRIPTION The filter rule number 1 to 6 A Active...

Страница 276: ...of a filter set is determined by the first rule that you create When applying the filter sets to a port separate menu fields are provided for protocol and device filter sets If you include a protocol...

Страница 277: ...ER to Confirm or ESC to Cancel Table 96 Menu 21 1 x 1 TCP IP Filter Rule FIELD DESCRIPTION Filter This is the filter set filter rule coordinates for instance 2 3 refers to the second filter set and th...

Страница 278: ...s only when the IP Protocol field is 6 TCP If Yes the rule matches packets that want to establish TCP connection s SYN 1 and ACK 0 else it is ignored More If Yes a matching packet is passed to the nex...

Страница 279: ...uration Figure 171 Executing an IP Filter 29 4 2 Generic Filter Rule This section shows you how to configure a generic filter rule The purpose of generic rules is to allow you to filter non IP packets...

Страница 280: ...ve No Offset 0 Length 0 Mask N A Value N A More No Log None Action Matched Check Next Rule Action Not Matched Check Next Rule Press ENTER to Confirm or ESC to Cancel Table 97 Menu 21 1 5 1 Generic Fil...

Страница 281: ...is receiving and sending the packets for instance the interface The interface can be an Ethernet or any other hardware port The following figure illustrates this Figure 173 Protocol and Device Filter...

Страница 282: ...le Make the entries in this menu as shown next When you press ENTER to confirm the following screen appears Note that there is only one filter rule in this set Figure 175 Menu 21 1 6 1 Sample Filter A...

Страница 283: ...r Rules Summary 29 7 Applying Filters and Factory Defaults This section shows you where to apply the filter s after you design it them Sets of factory default filter rules have been configured in menu...

Страница 284: ...ic 29 7 2 Remote Node Filters Go to menu 11 5 shown next and type the number s of the filter set s as appropriate You can cascade up to four filter sets by typing their numbers separated by commas The...

Страница 285: ...P 660H HW W T Series User Guide 285 Chapter 29 Filter Configuration...

Страница 286: ...twork The Prestige supports SNMP version one SNMPv1 and version two c SNMPv2c The next figure illustrates an SNMP management operation SNMP is only available if TCP IP is configured Figure 179 SNMP Ma...

Страница 287: ...trieve an object variable from the agent GetNext Allows the manager to retrieve the next object variable from a table or list within an agent In SNMPv1 when a manager wants to retrieve all elements of...

Страница 288: ...t station Trusted Host If you enter a trusted host your Prestige will only respond to SNMP messages from this address A blank default field means your Prestige will respond to all SNMP messages it rec...

Страница 289: ...6 whyReboot defined in ZYXEL MIB A trap is sent with the reason of restart before rebooting when the system is going to restart warm start 6a For intentional reboot A trap is sent with the message Sys...

Страница 290: ...rd Enter 23 in the main menu to display Menu 23 System Security You should change the default password If you forget your password you have to restore the default configuration file Figure 181 Menu 23...

Страница 291: ...Shared Secret Specify a password up to 31 alphanumeric characters as the key to be shared between the external authentication server and the access points The key is not sent over the network This ke...

Страница 292: ...em Security IEEE 802 1x Figure 184 Menu 23 4 System Security IEEE 802 1x The following table describes the fields in this menu Menu 23 System Security 1 Change Password 2 RADIUS Server 4 IEEE802 1x En...

Страница 293: ...ic WEP Key Exchange This field is activated only when you select Authentication Required in the Wireless Port Control field Also set the Authentication Databases field to RADIUS Only Local user databa...

Страница 294: ...se with 802 1x Key Management Protocol Select Local User Database Only to have the Prestige just check the built in user database on the Prestige for a wireless station s username and password Select...

Страница 295: ...22 ________ 30 ________ 7 ________ 15 ________ 23 ________ 31 ________ 8 ________ 16 ________ 24 ________ 32 ________ Enter Menu Selection Number Menu 14 1 Edit Dial in User User Name test Active Yes...

Страница 296: ...es you information on the status and statistics of the ports as shown next System Status is a tool that can be used to monitor your Prestige Specifically it gives you information on your DSL telephone...

Страница 297: ...x Pkts 8314 Upstream Speed 0 kbps CPU Load 25 52 Downstream Speed 0 kbps Press Command COMMANDS 1 Reset Counters TAB Next Page ESC Exit Table 105 Menu 24 1 System Maintenance Status FIELD DESCRIPTION...

Страница 298: ...formation Enter 1 in menu 24 2 to display the screen shown next Collision This is the number of collisions WAN This shows statistics for the WAN Line Status This shows the current status of the xDSL l...

Страница 299: ...0 13 49 11 11 35 IP Address 192 168 1 1 IP Mask 255 255 255 0 DHCP Server Press ESC or RETURN to Exit Table 106 Menu 24 2 1 System Maintenance Information FIELD DESCRIPTION Name Displays the system na...

Страница 300: ...ething goes wrong is the error log Follow the procedures to view the local error trace log 1 Type 24 in the main menu to display Menu 24 System Maintenance 2 From menu 24 type 3 to display Menu 24 3 S...

Страница 301: ...ask pause 1 day 57 Sat Jan 01 00 00 03 2000 PP21 INFO monitoring WAN connectivity 58 Sat Jan 01 00 03 06 2000 PP19 INFO SMT Password pass 59 Sat Jan 01 00 03 06 2000 PP01 INFO SMT Session Begin 60 Sat...

Страница 302: ...2 OutCall Connected 64000 40002 Jul 19 11 20 06 192 168 102 2 ZYXEL board 0 line 0 channel 0 call 1 C02 Call Terminated 2 Packet Triggered SdcmdSyslogSend SYSLOG_PKTTRI SYSLOG_NOTICE String String Pac...

Страница 303: ...55 192 168 102 2 ZYXEL IP Src 202 132 154 123 Dst 255 255 255 255 UDP spo 0208 dpo 0208 S03 R01mF Jul 19 14 44 00 192 168 102 2 ZYXEL IP Src 192 168 102 20 Dst 202 132 154 1 UDP spo 05d4 dpo 0035 S03...

Страница 304: ...nce Menu Diagnostic FIELD DESCRIPTION Reset xDSL Re initialize the xDSL link to the telephone company Ping Host Ping the host to see if the links and TCP IP protocol on both systems are working Reboot...

Страница 305: ...P 660H HW W T Series User Guide 305 Chapter 32 System Information and Diagnosis...

Страница 306: ...of your choosing ZyNOS ZyXEL Network Operating System sometimes referred to as the ras file is the system firmware and has a bin filename extension With many FTP and TFTP clients the filenames are si...

Страница 307: ...mmended once your Prestige is functioning properly FTP is the preferred methods for backing up your current configuration to your computer since they are faster Any serial communications program shoul...

Страница 308: ...names it config rom See earlier in this chapter for more information on filename conventions 7 Enter quit to exit the ftp prompt 33 2 3 Example of FTP Commands from the Command Line Menu 24 5 System M...

Страница 309: ...e session running 331 Enter PASS command Password 230 Logged in ftp bin 200 Type I OK ftp get rom 0 zyxel rom 200 Port command okay 150 Opening data connection for STOR ras 226 File received OK ftp 16...

Страница 310: ...transfer is complete 4 Launch the TFTP client on your computer and connect to the Prestige Set the transfer mode to binary before starting data transfer 5 Use the TFTP client see the example below to...

Страница 311: ...rt after the file transfer is complete Note Do not interrupt the file transfer process as this may PERMANENTLY DAMAGE YOUR Prestige 33 3 1 Restore Using FTP For details about backup using T FTP please...

Страница 312: ...to Section 33 2 5 on page 309 to read about configurations that disallow TFTP and FTP over WAN Menu 24 6 System Maintenance Restore Configuration To transfer the firmware and configuration file to yo...

Страница 313: ...rmware and the configuration file using FTP Figure 201 Telnet Into Menu 24 7 1 Upload System Firmware 33 4 2 Configuration File Upload You see the following screen when you telnet into menu 24 7 2 Men...

Страница 314: ...rs the configuration file on the Prestige to your computer and renames it config rom See earlier in this chapter for more information on filename conventions 7 Enter quit to exit the ftp prompt The Pr...

Страница 315: ...the SMT in command interpreter CI mode by entering 8 in Menu 24 System Maintenance 3 Enter the command sys stdio 0 to disable the console timeout so the TFTP transfer will not be interrupted Enter sys...

Страница 316: ...as where i specifies binary image transfer mode use this mode when transferring binary files host is the Prestige s IP address and put transfers the file source on the computer firmware bin name of th...

Страница 317: ...P 660H HW W T Series User Guide 317 Chapter 33 Firmware and Configuration File Maintenance...

Страница 318: ...mmands Enter 8 from Menu 24 System Maintenance A list of valid commands can be found by typing help or at the command prompt Type exit to return to the SMT main menu when finished Figure 204 Command M...

Страница 319: ...eds the limit the current call will be dropped and any future outgoing calls will be blocked To access the call control menu select option 9 in menu 24 to go to Menu 24 9 System Maintenance Call Contr...

Страница 320: ...r get the current time and date from an external server when you turn on your Prestige Menu 24 10 allows you to update the time and date settings of your Prestige The real time is then displayed in th...

Страница 321: ...Current Date 2000 01 01 New Date yyyy mm dd 2000 01 01 Time Zone GMT Daylight Saving No Start Date mm dd 01 00 End Date mm dd 01 00 Press ENTER to Confirm or ESC to Cancel Table 113 Menu 24 10 System...

Страница 322: ...ly when you re enter this menu New Date Enter the new date in year month and day format Time Zone Press SPACE BAR and then ENTER to set the time difference between your time zone and Greenwich Mean Ti...

Страница 323: ...P 660H HW W T Series User Guide 323 Chapter 34 System Maintenance...

Страница 324: ...onfiguring firewall rules 35 2 Remote Management To disable remote management of a service select Disable in the corresponding Server Access field Enter 11 from menu 24 to display Menu 24 11 Remote Ma...

Страница 325: ...LAN only Secured Client IP 0 0 0 0 FTP Server Server Port 21 Server Access LAN only Secured Client IP 0 0 0 0 Web Server Server Port 80 Server Access LAN only Secured Client IP 0 0 0 0 Press ENTER to...

Страница 326: ...ess when configuring from the LAN 35 4 System Timeout There is a default system management idle timeout of five minutes three hundred seconds The Prestige automatically logs you out if the management...

Страница 327: ...P 660H HW W T Series User Guide 327 Chapter 35 Remote Management...

Страница 328: ...edence or TOS Type of Service values in the IP header at the periphery of the network to enable the backbone to prioritize traffic Cost Savings IPPR allows organizations to distribute interactive traf...

Страница 329: ...the main menu to open Menu 25 IP Routing Policy Setup 2 Type the index of the policy set you want to configure to open Menu 25 1 IP Routing Policy Setup Menu 25 1 shows the summary of a policy set inc...

Страница 330: ..._________________________________________________________ ______________________________________________________________________ 5 N ___________________________________________________________________...

Страница 331: ...es are displayed with a minus sign in SMT menu 25 Criteria IP Protocol IP layer 4 protocol for example UDP TCP ICMP etc Type of Service Prioritize incoming network traffic by choosing from Don t Care...

Страница 332: ...e LAN otherwise the gateway must be the IP address of a remote node The default gateway is specified as 0 0 0 0 Type of Service Set the new TOS value of the outgoing packet Prioritize incoming network...

Страница 333: ...See the next figure Menu 3 2 TCP IP and DHCP Setup DHCP Setup DHCP Server Client IP Pool Starting Address 192 168 1 33 Size of Client IP Pool 32 Primary DNS Server 0 0 0 0 Secondary DNS Server 0 0 0...

Страница 334: ...P route Figure 216 Example of IP Policy Routing To force packets coming from clients with IP addresses of 192 168 1 33 to 192 168 1 64 to be routed to the Internet via the WAN port of the Prestige fol...

Страница 335: ...any host with protocol TCP and port FTP access through another gateway 192 168 1 100 Menu 25 1 1 IP Routing Policy Policy Set Name set1 Active Yes Criteria IP Protocol 6 Type of Service Don t Care Pre...

Страница 336: ...0 Destination addr start 0 0 0 0 port start 20 Action Matched Gateway addr 192 168 1 100 Type of Service No Change Precedence No Change Packet length 10 Len Comp N A end N A end N A end N A end 21 Lo...

Страница 337: ...P 660H HW W T Series User Guide 337 Chapter 36 IP Policy Routing...

Страница 338: ...ts take precedence over higher numbered sets thereby avoiding scheduling conflicts For example if sets 1 2 3 and 4 in are applied in the remote node then set 1 will take precedence over set 2 3 and 4...

Страница 339: ...es or No Choose Yes and press ENTER to activate the schedule set Start Date Enter the start date when you wish the set to take effect in year month date format Valid dates are from the present to 2036...

Страница 340: ...eans that the connection is blocked whether or not there is a demand call on the line Enable Dial On Demand means that this schedule permits a demand call on the line Disable Dial On Demand means that...

Страница 341: ...P 660H HW W T Series User Guide 341 Chapter 37 Call Scheduling...

Страница 342: ...propriate power source Make sure that the Prestige and the power source are both turned on Turn the Prestige off and on If the error persists you may have a hardware problem In this case you should co...

Страница 343: ...MAC address or the host name The username and password apply to PPPoE and PPPoA encapsulation only Make sure that you have entered the correct Service Type User Name and Password be sure to use the co...

Страница 344: ...and Username fields are case sensitive Make sure that you enter the correct password and username using the proper casing If you have changed the password and have now forgotten it you will need to u...

Страница 345: ...op ups check box in the Pop up Blocker section of the screen This disables any web pop up blockers you may have enabled Figure 224 Internet Options 3 Click Apply to save this setting 38 4 1 1 2 Enable...

Страница 346: ...ubleshooting 346 Figure 225 Internet Options 3 Type the IP address of your device the web page that you do not want to have blocked with the prefix http For example http 192 168 1 1 4 Click Add to mov...

Страница 347: ...gs 5 Click Close to return to the Privacy screen 6 Click Apply to save this setting 38 4 1 2 JavaScripts If pages of the web configurator do not display properly in Internet Explorer check that JavaSc...

Страница 348: ...ure 227 Internet Options 2 Click the Custom Level button 3 Scroll down to Scripting 4 Under Active scripting make sure that Enable is selected the default 5 Under Scripting of Java applets make sure t...

Страница 349: ...tings Java Scripting 38 4 1 3 Java Permissions 1 From Internet Explorer click Tools Internet Options and then the Security tab 2 Click the Custom Level button 3 Scroll down to Microsoft VM 4 Under Jav...

Страница 350: ...bleshooting 350 Figure 229 Security Settings Java 38 4 1 3 1 JAVA Sun 1 From Internet Explorer click Tools Internet Options and then the Advanced tab 2 make sure that Use Java 2 for applet under Java...

Страница 351: ...to download ActiveX controls or to use Trend Micro Security Services Make sure that ActiveX controls are allowed in Internet Explorer Screen shots for Internet Explorer 6 are shown Steps may vary depe...

Страница 352: ...re 231 Internet Options Security 3 Scroll down to ActiveX controls and plug ins 4 Under Download signed ActiveX controls select the Prompt radio button 5 Under Run ActiveX controls and plug ins make s...

Страница 353: ...P 660H HW W T Series User Guide 353 Chapter 38 Troubleshooting Figure 232 Security Setting ActiveX Controls...

Страница 354: ...Address 192 168 1 1 Default Subnet Mask 255 255 255 0 24 bits Default Password 1234 DHCP Pool 192 168 1 32 to 192 168 1 64 Dimensions W x D x H 180 x 128 x 36 mm Power Specification 12VDC 1A Built in...

Страница 355: ...ent Relay RIP I RIP II ICMP ATM QoS SNMP v1 and v2c with MIB II support RFC 1213 IP Multicasting IGMP v1 and v2 IGMP Proxy UPnP Management Embedded Web Configurator Menu driven SMT System Management T...

Страница 356: ...ort Forwarding 1024 NAT sessions Multimedia application PPTP under NAT SUA IPSec passthrough SIP ALG passthrough VPN passthrough Content Filtering Web page blocking by URL keyword Static Routes 16 IP...

Страница 357: ...P 660H HW W T Series User Guide 357 Appendix A...

Страница 358: ...ance between the centers of the holes matches what is listed in the product specifications appendix Note Be careful to avoid damaging pipes or cables located inside the wall when drilling holes for th...

Страница 359: ...P 660H HW W T Series User Guide 359 Appendix B...

Страница 360: ...rchase of a third party TCP IP application package TCP IP should already be installed on computers using Windows NT 2000 XP Macintosh OS 7 and later operating systems After the appropriate TCP IP comp...

Страница 361: ...rks If you need the adapter 1 In the Network window click Add 2 Select Adapter and then click Add 3 Select the manufacturer and model of your network adapter and then click OK If you need TCP IP 1 In...

Страница 362: ...entry and click Properties 2 Click the IP Address tab If your IP address is dynamic select Obtain an IP address automatically If you have a static IP address select Specify an IP address and type your...

Страница 363: ...operties window 6 Click OK to close the Network window Insert the Windows CD if prompted 7 Turn on your Prestige and restart your computer when prompted Verifying Settings 1 Click Start and then Run 2...

Страница 364: ...364 Figure 236 Windows XP Start Menu 2 In the Control Panel double click Network Connections Network and Dial up Connections in Windows 2000 NT Figure 237 Windows XP Control Panel 3 Right click Local...

Страница 365: ...XP and then click Properties Figure 239 Windows XP Local Area Connection Properties 5 The Internet Protocol TCP IP Properties window opens the General tab in Windows XP If you have a dynamic IP addre...

Страница 366: ...P IP Address type an IP address in IP address and a subnet mask in Subnet mask and then click Add Repeat the above two steps for each IP address you want to add Configure additional default gateways i...

Страница 367: ...n Windows XP Click Obtain DNS server address automatically if you do not know your DNS server IP address es If you know your DNS server IP address es click Use the following DNS server addresses and t...

Страница 368: ...window Network and Dial up Connections in Windows 2000 NT 11Turn on your Prestige and restart your computer if prompted Verifying Settings 1 Click Start All Programs Accessories and then Command Promp...

Страница 369: ...de 369 Appendix C Figure 243 Macintosh OS 8 9 Apple Menu 2 Select Ethernet built in from the Connect via list Figure 244 Macintosh OS 8 9 TCP IP 3 For dynamically assigned settings select Using DHCP S...

Страница 370: ...ted to save changes to your configuration 7 Turn on your Prestige and restart your computer if prompted Verifying Settings Check your TCP IP properties in the TCP IP Control Panel window Macintosh OS...

Страница 371: ...net mask box Type the IP address of your Prestige in the Router address box 5 Click Apply Now and close the window 6 Turn on your Prestige and restart your computer if prompted Verifying Settings Chec...

Страница 372: ...re your computer IP address using the KDE 1 Click the Red Hat button located on the bottom left corner select System Setting and click Network Figure 247 Red Hat 9 0 KDE Network Configuration Devices...

Страница 373: ...dress es click the DNS tab in the Network Configuration screen Enter the DNS server information in the fields provided Figure 249 Red Hat 9 0 KDE Network Configuration DNS 5 Click the Devices tab 6 Cl...

Страница 374: ...an example where the static IP address is 192 168 1 10 and the subnet mask is 255 255 255 0 Figure 252 Red Hat 9 0 Static IP Address Setting in ifconfig eth0 2 If you know your DNS server IP address e...

Страница 375: ...interface OK Setting network parameters OK Bringing up loopback interface OK Bringing up interface eth0 OK root localhost ifconfig eth0 Link encap Ethernet HWaddr 00 50 BA 72 5B 44 inet addr 172 23 19...

Страница 376: ...the first two octets make up the network number and the two remaining octets make up the host ID Class C addresses begin starting from the left with 1 1 0 In a class C address the first three octets m...

Страница 377: ...ID Subnet masks are expressed in dotted decimal notation just as IP addresses are The natural masks for class A B and C IP addresses are as follows Subnetting With subnetting the class arrangement of...

Страница 378: ...168 1 0 with subnet mask of 255 255 255 0 The first three octets of the address make up the network number class C You want to have two separate networks Divide the network 192 168 1 0 into two separ...

Страница 379: ...e directed broadcast address for the first subnet Therefore the lowest IP address that can be assigned to an actual host for the first subnet is 192 168 1 1 and the highest is 192 168 1 126 Similarly...

Страница 380: ...s Binary 11000000 10101000 00000001 00000000 Subnet Mask Binary 11111111 11111111 11111111 11000000 Subnet Address 192 168 1 0 Lowest Host ID 192 168 1 1 Broadcast Address 192 168 1 63 Highest Host ID...

Страница 381: ...111 11111111 11111111 11000000 Subnet Address 192 168 1 192 Lowest Host ID 192 168 1 193 Broadcast Address 192 168 1 255 Highest Host ID 192 168 1 254 Table 135 Eight Subnets SUBNET SUBNET ADDRESS FIR...

Страница 382: ...netting The following table is a summary for class B subnet planning Table 137 Class B Subnet Planning NO BORROWED HOST BITS SUBNET MASK NO SUBNETS NO HOSTS PER SUBNET 1 255 255 128 0 17 2 32766 2 255...

Страница 383: ...P 660H HW W T Series User Guide 383 Appendix D...

Страница 384: ...ge boot module commands as shown in the next screen ATBAx allows you to change the console port speed The x denotes the number preceding the colon to give the console port speed following the colon in...

Страница 385: ...dump memory contents from address x for length y ATRBx display the 8 bit value of address x ATRWx display the 16 bit value of address x ATRLx display the 32 bit value of address x ATGO x run program...

Страница 386: ...d possibly render it unusable Command Syntax The command keywords are in courier new font Enter the command keywords exactly as shown do not abbreviate The required fields in a command are enclosed in...

Страница 387: ...P 660H HW W T Series User Guide 387 Appendix F...

Страница 388: ...rules config display firewall set set This command shows the current configuration of a set including timeout values name default permit and etc If you don t put use a number after set information ab...

Страница 389: ...59 This command sets the minute of the hour for the firewall log to be sent via e mail if the Prestige is set to send it on a hourly daily or weekly basis Attack config edit firewall attack send alert...

Страница 390: ...onfig edit firewall set set default permit forward block This command sets whether a packet is dropped or allowed through when it does not meet a rule within the set Config edit firewall set set icmp...

Страница 391: ...alert e mail when a DOS attack or a violation of a particular rule occurs config edit firewall set set rule rule srcaddr single ip address This command sets the rule to have the Prestige check for tr...

Страница 392: ...set rule rule UDP destport single port This command sets a rule to have the Prestige check for UDP traffic with this destination address You may repeat this command to enter various non consecutive po...

Страница 393: ...P 660H HW W T Series User Guide 393 Appendix G...

Страница 394: ...AN and from the WAN to the LAN Allow or disallow the sending of NetBIOS packets from the LAN to the DMZ and from the DMZ to the LAN Allow or disallow the sending of NetBIOS packets from the WAN to the...

Страница 395: ...his field displays whether NetBIOS packets are allowed to initiate calls Disabled means that NetBIOS packets are blocked from initiating calls Disabled type Identify which NetBIOS filter numbered 0 3...

Страница 396: ...H HW W T Series User Guide Appendix H 396 sys filter netbios config 3 on This command blocks IPSec NetBIOS packets sys filter netbios config 4 off This command stops NetBIOS commands from initiating c...

Страница 397: ...P 660H HW W T Series User Guide 397 Appendix H...

Страница 398: ...phone sets Install the POTS splitter at the point where the telephone line enters your residence as shown in the following figure Figure 258 Connecting a POTS Splitter 1 Connect the side labeled Phone...

Страница 399: ...onnect another cable from the double jack end of the Y Connector to the Prestige 4 Connect the phone side of the microfilter to your telephone as shown in the following figure Figure 259 Connecting a...

Страница 400: ...P 660H HW W T Series User Guide Appendix I 400...

Страница 401: ...P 660H HW W T Series User Guide 401 Appendix I...

Страница 402: ...a manner similar to dial up services using PPP Benefits of PPPoE PPPoE offers the following benefits It provides you with a familiar dial up networking DUN user interface It lessens the burden on the...

Страница 403: ...Concentrator and tunnels the PPP frames to the ISP The L2TP tunnel is capable of carrying multiple PPP sessions With PPPoE the VC Virtual Circuit is equivalent to the dial up connection and is betwee...

Страница 404: ...TELNET login Someone has logged on to the router via telnet TELNET login failed Someone has failed to log on to the router via telnet Successful FTP login Someone has logged on to the router via ftp...

Страница 405: ...ter settings WAN connection is down A WAN connection is down You cannot access the network through this interface Table 142 Access Control Logs LOG MESSAGE DESCRIPTION Firewall default policy TCP UDP...

Страница 406: ...s UDP idle timeout 3 minutes TCP connection three way handshaking timeout 270 seconds TCP FIN wait timeout 2 MSL Maximum Segment Lifetime set in the TCP header TCP idle established timeout s 150 minut...

Страница 407: ...ply packet to the sender Table 146 CDR Logs LOG MESSAGE DESCRIPTION board d line d channel d call d s C01 Outgoing Call dev x ch x s The router received the setup requirements for a call call is the r...

Страница 408: ...ntent filter server responded that the web site is in the blocked category list but it did not return the category type s s The content filter server responded that the web site is in the blocked cate...

Страница 409: ...l detected an ICMP echo attack For type and code details see Table 157 on page 416 syn flood TCP The firewall detected a TCP syn flood attack ports scan TCP The firewall detected a TCP port scan attac...

Страница 410: ...during IKE phase 2 because the router and the peer s Local Remote Addresses don t match Verifying Local ID failed The connection failed during IKE phase 2 because the router and the peer s Local Remot...

Страница 411: ...emote Address This information conflicted with static rule d thus the connection is not allowed Phase 1 ID type mismatch This router s Peer ID Type is different from the peer IPSec router s Local ID T...

Страница 412: ...ter and the peer Rule d Phase 2 encapsulation mismatch The listed rule s IKE phase 2 encapsulation did not match between the router and the peer Rule d Phase 2 pfs mismatch The listed rule s IKE phase...

Страница 413: ...bject name The router received a certification authority certificate with subject name as recorded from the LDAP server whose IP address and port are recorded in the Source field Rcvd user cert subjec...

Страница 414: ...orithm mismatch between the certificate and the search constraints 2 Key usage mismatch between the certificate and the search constraints 3 Certificate was not valid in the time interval 4 Not used 5...

Страница 415: ...ired User logout because of user deassociation The router logged out a user who ended the session User logout because of no authentication response from user The router logged out a user from which th...

Страница 416: ...ACL set for packets traveling from the WAN to the WAN or the Prestige D to D ZW DMZ to DMZ Prestige ACL set for packets traveling from the DMZ to the DM or the Prestige Table 157 ICMP Notes TYPE CODE...

Страница 417: ...st dstIP dstPort msg msg note note devID mac address last three numbers cat category This message is sent by the system RAS displays as the system name if you haven t configured one when the router ge...

Страница 418: ...d by a log category to display the parameters that are available for the category Figure 264 Displaying Log Parameters Example 4 Use sys logs category followed by a log category and a parameter to dec...

Страница 419: ...ear command to erase all of the Prestige s logs Log Command Example This example shows how to set the Prestige to record the access logs and alerts and then view the results ras sys logs load ras sys...

Страница 420: ...r Independent Basic Service Set IBSS The following diagram shows an example of notebook computers using wireless adapters to form an Ad hoc wireless LAN Figure 265 Peer to Peer Communication in an Ad...

Страница 421: ...connection between APs is called a Distribution System DS This type of wireless LAN topology is called an Infrastructure WLAN The Access Points not only provide communication with the wired network bu...

Страница 422: ...rlap however To avoid interference due to overlap your AP should be on a channel at least five channels away from a channel that an adjacent AP is using For example if your region has 11 channels and...

Страница 423: ...ssion It also reserves and confirms with the requesting station the time frame for the requested transmission Stations can send frames smaller than the specified RTS CTS directly to the AP without the...

Страница 424: ...eamble However not all wireless adapters support short preamble Use long preamble if you are unsure what preamble mode the wireless adapters support to ensure interpretability between the AP and the w...

Страница 425: ...eless stations RADIUS RADIUS is based on a client server model that supports authentication authorization and accounting The access point is the client and the server is the RADIUS server The RADIUS s...

Страница 426: ...ix discusses some popular authentication types EAP MD5 EAP TLS EAP TTLS PEAP and LEAP The type of authentication you use depends on the RADIUS server or the AP Consult your network administrator for m...

Страница 427: ...s client identity is protected For client authentication EAP TTLS supports EAP methods and legacy authentication methods such as PAP CHAP MS CHAP and MS CHAP v2 PEAP Protected EAP Like EAP TTLS server...

Страница 428: ...hael an extended initialization vector IV with sequencing rules and a re keying mechanism TKIP regularly changes and rotates the encryption keys so that the same encryption key is never used twice The...

Страница 429: ...two is that WPA PSK uses a simple common password instead of user specific credentials The common password approach makes WPA PSK susceptible to brute force password guessing attacks but it s still an...

Страница 430: ...er field name parameter values allowed input where input is your input conforming to parameter values allowed The figure shown next is an example of an Internal SPTGEN text file Figure 269 Configurati...

Страница 431: ...The Prestige will display the following if you enter parameter s that are valid Figure 271 Valid Parameter Entered Command Line Example Internal SPTGEN FTP Download Example 1 Launch your FTP applicat...

Страница 432: ...EN FTP Upload Example Example Internal SPTGEN Screens This section covers Prestige Internal SPTGEN screens c ftp 192 168 1 1 220 PPP FTP version 1 0 ready at Sat Jan 1 03 22 12 2000 User 192 168 1 1 n...

Страница 433: ...0 Table 165 Menu 3 SMT Menu 3 Menu 3 1 General Ethernet Setup SMT menu 3 1 FIN FN PVA INPUT 30100001 Input Protocol filters Set 1 2 30100002 Input Protocol filters Set 2 256 30100003 Input Protocol f...

Страница 434: ...1 Version 0 Rip 1 1 Rip 2B 2 Rip 2M 0 30200012 Multicast 0 IGMP v2 1 IGMP v1 2 None 2 30200013 IP Policies Set 1 1 12 256 30200014 IP Policies Set 2 1 12 256 30200015 IP Policies Set 3 1 12 256 302000...

Страница 435: ...ly 3 Out Only 0 30201018 Version 0 Rip 1 1 Rip 2B 2 Rip 2M 0 30201019 IP Alias 2 Incoming protocol filters Set 1 256 30201020 IP Alias 2 Incoming protocol filters Set 2 256 30201021 IP Alias 2 Incomin...

Страница 436: ...0 MENU 3 5 1 WLAN MAC ADDRESS FILTER SMT MENU 3 5 1 FIN FN PVA INPUT 30501001 Mac Filter Active 0 No 1 Yes 0 30501002 Filter Action 0 Allow 1 Deny 0 30501003 Address 1 00 00 00 00 0 0 00 30501004 Addr...

Страница 437: ...40000016 ISP incoming protocol filter set 1 6 40000017 ISP incoming protocol filter set 2 256 40000018 ISP incoming protocol filter set 3 256 40000019 ISP incoming protocol filter set 4 256 40000020...

Страница 438: ...s 0 Menu 12 1 2 IP Static Route Setup SMT Menu 12 1 2 FIN FN PVA INPUT 120102001 IP Static Route set 2 Name 120102002 IP Static Route set 2 Active 0 No 1 Yes 0 120102003 IP Static Route set 2 Destinat...

Страница 439: ...etmask 0 120105005 IP Static Route set 5 Gateway 0 0 0 0 120105006 IP Static Route set 5 Metric 0 120105007 IP Static Route set 5 Private 0 No 1 Yes 0 Menu 12 1 6 IP Static Route Setup SMT Menu 12 1 6...

Страница 440: ...c Route set 9 Destination IP address 0 0 0 0 120109004 IP Static Route set 9 Destination IP subnetmask 0 120109005 IP Static Route set 9 Gateway 0 0 0 0 120109006 IP Static Route set 9 Metric 0 120109...

Страница 441: ...UT 120113001 IP Static Route set 13 Name Str 120113002 IP Static Route set 13 Active 0 No 1 Yes 0 120113003 IP Static Route set 13 Destination IP address 0 0 0 0 120113004 IP Static Route set 13 Desti...

Страница 442: ...6005 IP Static Route set 16 Gateway 0 0 0 0 120116006 IP Static Route set 16 Metric 0 120116007 IP Static Route set 16 Private 0 No 1 Yes 0 Table 167 Menu 12 SMT Menu 12 continued Table 168 Menu 15 SU...

Страница 443: ...17 U DP 0 0 0 0 150000029 SUA Server 7 Port Start 0 150000030 SUA Server 7 Port End 0 150000031 SUA Server 7 Local IP address 0 0 0 0 150000032 SUA Server 8 Active 0 No 1 Yes 0 150000033 SUA Server 8...

Страница 444: ...set 1 rule 1 SMT Menu 21 1 1 1 FIN FN PVA INPUT 210101001 IP Filter Set 1 Rule 1 Type 2 TCP IP 2 210101002 IP Filter Set 1 Rule 1 Active 0 No 1 Yes 1 210101003 IP Filter Set 1 Rule 1 Protocol 6 21010...

Страница 445: ...less 4 greater 0 210102013 IP Filter Set 1 Rule 2 Act Match 1 check next 2 forward 3 drop 3 210102014 IP Filter Set 1 Rule 2 Act Not Match 1 check next 2 forward 3 drop 1 Menu 21 1 1 3 set 1 rule 3 S...

Страница 446: ...210104009 IP Filter Set 1 Rule 4 Src Subnet Mask 0 210104010 IP Filter Set 1 Rule 4 Src Port 0 210104011 IP Filter Set 1 Rule 4 Src Port Comp 0 none 1 equal 2 not equal 3 less 4 greater 0 210104013 I...

Страница 447: ...1 Rule 6 Dest IP address 0 0 0 0 210106005 IP Filter Set 1 Rule 6 Dest Subnet Mask 0 210106006 IP Filter Set 1 Rule 6 Dest Port 139 210106007 IP Filter Set 1 Rule 6 Dest Port Comp 0 none 1 equal 2 not...

Страница 448: ...Rule 1 Src Port 0 210201011 IP Filter Set 2 Rule 1 Src Port Comp 0 none 1 equal 2 not equal 3 less 4 gr eater 0 210201013 IP Filter Set 2 Rule 1 Act Match 1 check next 2 forward 3 drop 3 210201014 IP...

Страница 449: ...IP Filter Set 2 Rule 3 Dest IP address 0 0 0 0 210203005 IP Filter Set 2 Rule 3 Dest Subnet Mask 0 210203006 IP Filter Set 2 Rule 3 Dest Port 139 210203007 IP Filter Set 2 Rule 3 Dest Port Comp 0 non...

Страница 450: ...0 210204013 IP Filter Set 2 Rule 4 Act Match 1 check next 2 forward 3 drop 3 210204014 IP Filter Set 2 Rule 4 Act Not Match 1 check next 2 forward 3 drop 1 Menu 21 1 2 5 Filter set 2 rule 5 SMT Menu...

Страница 451: ...206006 IP Filter Set 2 Rule 6 Dest Port 139 210206007 IP Filter Set 2 Rule 6 Dest Port Comp 0 none 1 equal 2 not equal 3 less 4 gr eater 1 210206008 IP Filter Set 2 Rule 6 Src IP address 0 0 0 0 21020...

Страница 452: ...006 Accounting Server Configured 0 No 1 Yes 1 230200007 Accounting Server Active 0 No 1 Yes 1 230200008 Accounting Server IP Address 192 168 1 44 230200009 Accounting Server Port 1823 230200010 Accoun...

Страница 453: ...1 Remote Management Control SMT Menu 24 11 FIN FN PVA INPUT 241100001 TELNET Server Port 23 241100002 TELNET Server Access 0 all 1 none 2 L an 3 Wan 0 241100003 TELNET Server Secured IP address 0 0 0...

Страница 454: ...P 660H HW W T Series User Guide Appendix M 454 FIN FN PVA INPUT 990000001 ADSL OPMD 0 etsi 1 normal 2 gdmt 3 multimo de 3 Table 173 Command Examples continued FIN FN PVA INPUT...

Страница 455: ...P 660H HW W T Series User Guide 455 Appendix M...

Страница 456: ...ication databases 294 Authentication protocol 239 AWG 5 B Backup 307 Backup Typ 100 Bandwidth Borrowing 187 bandwidth budget 182 bandwidth capacity 182 Bandwidth Class 182 bandwidth class 182 Bandwidt...

Страница 457: ...3 Corrosive Liquids 5 Cost Of Transmission 241 248 Country Code 299 Covers 5 CPU Load 298 CTS Clear to Send 423 Custom Ports Creating Editing 141 Customer Support 7 Customized Services 141 Customized...

Страница 458: ...structure 273 Generic Filter Rule 279 Remote Node 242 Remote Node Filter 242 Remote Node Filters 284 Sample 282 SUA 281 TCP IP Filter Rule 277 Filter Log 302 Filter Rule Process 273 Filter Rule Setup...

Страница 459: ...Statement 3 Internal SPTGEN 430 FTP Upload Example 432 Points to Remember 430 Text File 430 Internet Access 43 46 230 233 234 Internet access 54 230 Internet Access Setup 254 343 Internet access wizar...

Страница 460: ...st Size MBS 94 97 Max incomplete High 150 Max incomplete Low 150 MBSSee Maximum Burst Size 234 Media Access Control 250 Media Bandwidth Management 43 Merchantability 6 Message Integrity Check MIC 428...

Страница 461: ...r 5 Power Cord 5 Power Outlet 5 Power Supply 5 Power Supply repair 5 PPP Encapsulation 243 PPP Log 303 PPP session over Ethernet PPP over Ethernet RFC 2516 90 PPPoA 237 PPPoE 93 402 Benefits 93 PPPoE...

Страница 462: ...uthorization RMA Number 6 Returned Products 6 Returns 6 RF Radio Frequency 45 RFC 1483 91 RFC 1631 102 RFC 1483 237 RFC 2364 237 238 RFC2516 44 Rights 2 Rights Legal 6 RIP 224 241 RIPSee Routing Infor...

Страница 463: ...IP Address 301 Syslog Server 301 System Console Port Speed 299 Diagnostic 303 Log and Trace 300 Syslog and Accounting 301 System Information 298 System Status 296 System Information 298 System Informa...

Страница 464: ...r IP VoIP 182 Voltage Supply 5 Voltage High 5 VPI VCI 91 W Wall Mount 5 WAN Wide Area Network 90 WAN backup 99 WAN Setup 218 WAN to LAN Rules 134 Warnings 5 Warranty 6 Warranty Information 7 Warranty...

Страница 465: ...n Internet Access 43 Zero configuration Internet access 94 ZyNOS 2 307 ZyNOS ZyXEL Network Operating System 306 ZyNOS F W Version 307 ZyXEL Communications Corporation 2 ZyXEL Home Page 4 ZyXEL Limited...

Отзывы:

Нет отзывов

Бренды по названию

Популярные бренды

Загрузить еще бренды