ZyXEL Communications P-662HW-63 Скачать руководство пользователя страница 1

Страница: 1 / 561

Prestige 662HW Series

802.11g Wireless ADSL2+ 4-Port Security Gateway

User’s Guide

Version 3.40

August

2004

Содержание P-662HW-63

Страница 1: ...Prestige 662HW Series 802 11g Wireless ADSL2 4 Port Security Gateway User s Guide Version 3 40 August 2004...

Страница 2: ...by ZyXEL Communications Corporation All rights reserved Disclaimer ZyXEL does not assume any liability arising out of the application or use of any products or software described herein Neither does i...

Страница 3: ...ence to radio communications If this equipment does cause harmful interference to radio television reception which can be determined by turning the equipment off and on the user is encouraged to try t...

Страница 4: ...of the purchaser This warranty is in lieu of all other warranties express or implied including any implied warranty of merchantability or fitness for a particular use or purpose ZyXEL shall in no even...

Страница 5: ...e 49 2405 6909 0 www zyxel de ZyXEL Deutschland GmbH Adenauerstr 20 A2 D 52146 Wuerselen Germany sales zyxel de 49 2405 6909 99 FRANCE info zyxel fr 33 0 4 72 52 97 97 www zyxel fr ZyXEL France 1 rue...

Страница 6: ...Prestige 662HW Series User s Guide Customer Support 6...

Страница 7: ...Prestige 662HW Series User s Guide 7 Customer Support...

Страница 8: ...4 1 1 1 Features of the Prestige 45 1 1 2 Applications for the Prestige 50 1 1 2 1 Internet Access 51 1 1 3 Firewall for Secure Broadband Internet Access 51 1 1 3 1 LAN to LAN Application 51 1 1 4 Pre...

Страница 9: ...e IP Addresses 64 3 2 2 Nailed Up Connection PPP 64 3 2 3 NAT 64 3 2 4 Internet Access Wizard Setup Second Screen 64 3 2 5 DHCP Setup 69 3 2 5 1 IP Pool Setup 69 3 2 6 Internet Access Wizard Setup Thi...

Страница 10: ...1 2 Channel 90 8 1 3 ESS ID 91 8 1 4 RTS CTS 91 8 1 5 Fragmentation Threshold 92 8 2 Levels of Security 92 8 3 Data Encryption with WEP 93 8 4 Configuring Wireless LAN 93 8 5 Configuring MAC Filter 95...

Страница 11: ...ings 124 9 13 Configuring Advanced Modem Setup 124 Chapter 10 Network Address Translation NAT Screens 128 10 1 NAT Overview 128 10 1 1 NAT Definitions 128 10 1 2 What NAT Does 129 10 1 3 How NAT Works...

Страница 12: ...9 13 4 2 3 Traceroute 150 13 5 Stateful Inspection 150 13 5 1 Stateful Inspection Process 151 13 5 2 Stateful Inspection and the Prestige 152 13 5 3 TCP Security 152 13 5 4 UDP ICMP Security 153 13 5...

Страница 13: ...s 177 14 12 2 1 TCP Maximum Incomplete and Blocking Time 177 Chapter 15 Content Filtering 180 15 1 Content Filtering Overview 180 15 2 Configuring Keyword Blocking 180 15 3 Configuring the Schedule 18...

Страница 14: ...12 18 1 VPN Overview 212 18 1 1 IPSec 212 18 1 2 Security Association 212 18 1 3 Other Terminology 212 18 1 3 1 Encryption 212 18 1 3 2 Data Confidentiality 213 18 1 3 3 Data Integrity 213 18 1 3 4 Da...

Страница 15: ...al Setting 241 19 17 Telecommuter VPN IPSec Examples 242 19 17 1 Telecommuters Sharing One VPN Rule Example 242 19 17 2 Telecommuters Using Unique VPN Rules Example 243 19 18 VPN and Remote Management...

Страница 16: ...andwidth Management Example 272 23 5 Scheduler 272 23 5 1 Priority based Scheduler 273 23 5 2 Fairness based Scheduler 273 23 6 Maximize Bandwidth Usage 273 23 6 1 Reserving Bandwidth for Non Bandwidt...

Страница 17: ...er 26 Menu 1 General Setup 302 26 1 General Setup 302 26 2 Procedure To Configure Menu 1 302 26 2 1 Procedure to Configure Dynamic DNS 303 Chapter 27 Menu 2 WAN Backup Setup 306 27 1 Introduction to W...

Страница 18: ...2 3 Scenario 3 Multiple VCs 327 31 2 3 Outgoing Authentication Protocol 329 31 3 Remote Node Network Layer Options 330 31 3 1 My WAN Addr Sample IP Addresses 331 31 4 Remote Node Filter 332 31 5 Editi...

Страница 19: ...on Programs 358 Chapter 35 Enabling the Firewall 360 35 1 Remote Management and the Firewall 360 35 2 Access Methods 360 35 3 Enabling the Firewall 360 Chapter 36 Filter Configuration 362 36 1 About F...

Страница 20: ...s 396 40 2 Backup Configuration 397 40 2 1 Backup Configuration 397 40 2 2 Using the FTP Command from the Command Line 398 40 2 3 Example of FTP Commands from the Command Line 398 40 2 4 GUI based FTP...

Страница 21: ...and Date Setting 414 41 3 1 Resetting the Time 416 Chapter 42 Remote Management 418 42 1 Remote Management Overview 418 42 2 Remote Management 418 42 2 1 Remote Management Setup 418 42 2 2 Remote Man...

Страница 22: ...Internal SPTGEN FTP Upload Example 452 Chapter 48 Troubleshooting 454 48 1 Problems Starting Up the Prestige 454 48 2 Problems with the LAN LED 454 48 3 Problems with the DSL LED 455 48 4 Problems wi...

Страница 23: ...Works 481 Prestige as a PPPoE Client 481 Appendix E Wireless LAN and IEEE 802 11 482 Benefits of a Wireless LAN 482 IEEE 802 11 482 Ad hoc Wireless LAN Configuration 483 Infrastructure Wireless LAN C...

Страница 24: ...Your ZyXEL Device 495 Activating a Service 498 Appendix J Windows 98 Me Requirements for Anti Virus Packet Scan Message Display500 Appendix K Example Internal SPTGEN Screens 504 Command Examples 524...

Страница 25: ...es User s Guide 25 Table of Contents Appendix P Boot Commands 536 Appendix Q Log Descriptions 538 Log Commands 550 Configuring What You Want the Prestige to Log 550 Displaying Logs 551 Log Command Exa...

Страница 26: ...ess Wizard Setup Connection Tests 71 Figure 15 Media Bandwidth Mgnt Wizard Setup First Screen 74 Figure 16 Media Bandwidth Mgnt Wizard Setup Second Screen 75 Figure 17 Media Bandwidth Mgnt Wizard Setu...

Страница 27: ...AN to WAN Traffic 161 Figure 59 WAN to LAN Traffic 162 Figure 60 Firewall Default Policy 163 Figure 61 Firewall Rule Summary 164 Figure 62 Firewall Edit Rule 166 Figure 63 Firewall Customized Services...

Страница 28: ...SA 232 Figure 99 VPN IKE Advanced Setup 234 Figure 100 VPN Manual Key 237 Figure 101 VPN SA Monitor 240 Figure 102 VPN Global Setting 241 Figure 103 Telecommuters Sharing One VPN Rule Example 242 Figu...

Страница 29: ...ssociation List 290 Figure 141 Diagnostic General 291 Figure 142 Diagnostic DSL Line 292 Figure 143 Firmware Upgrade 293 Figure 144 Network Temporarily Disconnected 294 Figure 145 Error Message 294 Fi...

Страница 30: ...Internet Access 345 Figure 183 Applying NAT in Menus 4 11 3 345 Figure 184 Menu 15 NAT Setup 346 Figure 185 Menu 15 1 Address Mapping Sets 347 Figure 186 Menu 15 1 255 SUA Address Mapping Rules 347 F...

Страница 31: ...6 Figure 230 Menu 24 1 System Maintenance Status 387 Figure 231 Menu 24 2 System Information and Console Port Speed 388 Figure 232 Menu 24 2 1 System Maintenance Information 389 Figure 233 Menu 24 2 2...

Страница 32: ...Example of IP Policy Routing 428 Figure 271 IP Routing Policy Example 428 Figure 272 IP Routing Policy Example 429 Figure 273 Applying IP Policies Example 429 Figure 274 Menu 26 Schedule Setup 430 Fi...

Страница 33: ...Challenge Authentication 487 Figure 309 Ideal Setup 490 Figure 310 Triangle Route Problem 490 Figure 311 IP Alias 491 Figure 312 Gateways on the WAN Side 491 Figure 313 myZyXEL com Login Screen 495 Fi...

Страница 34: ...nd Screen 75 Table 13 Password 76 Table 14 LAN Setup 84 Table 15 LAN Static DHCP 85 Table 16 DMZ 87 Table 17 Wireless LAN 94 Table 18 MAC Address Filter 96 Table 19 Wireless Security Relational Matrix...

Страница 35: ...neral Services 188 Table 57 Available Services 189 Table 58 Content Access Control General Web Site Filter 193 Table 59 Content Access Control General Diagnose 198 Table 60 Content Access Control User...

Страница 36: ...Main Menu 298 Table 101 Main Menu Summary 299 Table 102 Menu 1 General Setup 303 Table 103 Menu 1 1 Configure Dynamic DNS 304 Table 104 Menu 2 WAN Backup Setup 306 Table 105 Menu 2 1Traffic Redirect...

Страница 37: ...d FTP Clients 399 Table 142 General Commands for GUI based TFTP Clients 401 Table 143 Menu 24 9 1 System Maintenance Budget Management 414 Table 144 Menu 24 10 System Maintenance Time and Date Setting...

Страница 38: ...Table 184 Menu 4 Internet Access Setup SMT Menu 4 508 Table 185 Menu 12 SMT Menu 12 509 Table 186 Menu 15 SUA Server Setup SMT Menu 15 513 Table 187 Menu 21 1 Filter Set 1 SMT Menu 21 1 515 Table 188...

Страница 39: ...Prestige 662HW Series User s Guide 39 List of Tables Table 209 Syslog Logs 549 Table 210 RFC 2408 ISAKMP Payload Types 549...

Страница 40: ...structions on getting started Web Configurator Online Help Embedded web help for descriptions of individual screens and supplementary information ZyXEL Glossary and Web Site Please refer to www zyxel...

Страница 41: ...ck the Apple icon Control Panels and then Modem means first click the Apple icon then point your mouse pointer to Control Panels and then click Modem For brevity s sake we will use e g as a shorthand...

Страница 42: ...upstream capacity Asymmetrical services ADSL are suitable for Internet users because more information is usually downloaded than uploaded For example a simple button click in a web browser can start...

Страница 43: ...Prestige 662HW Series User s Guide 43 Introduction to DSL...

Страница 44: ...included in this user s guide at the time of writing In the Prestige product name H denotes an integrated 4 port switch hub and W denotes an included wireless card The Prestige 662HW provide 802 11g...

Страница 45: ...ect to the ISP you will be redirected to web screen s for information input or troubleshooting Any IP The Any IP feature allows a computer to access the Internet and the Prestige without changing the...

Страница 46: ...This means an IEEE 802 11b radio card can interface directly with an IEEE 802 11g access point and vice versa at 11 Mbps or lower depending on range IEEE 802 11g has several intermediate rate steps b...

Страница 47: ...d on an application and or subnet You can allocate specific amounts of bandwidth capacity bandwidth budgets to different bandwidth classes Universal Plug and Play UPnP Using the standard TCP IP protoc...

Страница 48: ...omatically adjust to either a crossover or straight through Ethernet cable Dynamic DNS Support With Dynamic DNS support you can have a static hostname alias for a dynamic IP address allowing the host...

Страница 49: ...estination address only and the router takes the shortest path to forward a packet IP Policy Routing IPPR provides a mechanism to override the default routing behavior and alter the packet forwarding...

Страница 50: ...d Diagnostics Capabilities The Prestige can perform self diagnostic tests These tests check the integrity of the following circuitry FLASH memory ADSL circuitry RAM LAN port Packet Filters The Prestig...

Страница 51: ...own below Figure 1 Prestige Internet Access Application Internet Single User Account For a SOHO Small Office Home Office environment your Prestige offers the Single User Account SUA feature that allow...

Страница 52: ...ter 1 Getting To Know Your Prestige 52 Figure 3 Prestige LAN to LAN Application 1 1 4 Prestige Hardware Installation and Connection Refer to the Quick Start Guide for information on hardware installat...

Страница 53: ...Prestige 662HW Series User s Guide 53 Chapter 1 Getting To Know Your Prestige...

Страница 54: ...68 pixels 2 1 1 Accessing the Prestige Web Configurator 1 Make sure your Prestige hardware is properly connected refer to the Quick Start Guide 2 Prepare your computer computer network to connect to t...

Страница 55: ...t access the web configurator you will need to use the RESET button at the back of the Prestige to reload the factory default configuration file This means that you will lose all configurations that y...

Страница 56: ...pload firmware and back up restore or upload a configuration file Click Site Map to go to the Site Map screen Click Logout in the navigation panel when you have finished a Prestige management session...

Страница 57: ...your Prestige Content Access Control General Use the screens to configure general settings and set up content access classes User Profiles Use the screens to set up user profiles Online Status Use thi...

Страница 58: ...p you identify problems with the Prestige general connection DSL Line These screens display information to help you identify problems with the DSL line Firmware Use this screen to upload firmware to y...

Страница 59: ...Prestige 662HW Series User s Guide 59 Chapter 2 Introducing the Web Configurator...

Страница 60: ...r instance it encapsulates routed Ethernet frames into bridged ATM cells ENET ENCAP requires that you specify a gateway IP address in the ENET ENCAP Gateway field in the second wizard screen You can g...

Страница 61: ...t for example VC1 carries IP etc VC based multiplexing may be dominant in environments where dynamic creation of large numbers of ATM VCs is fast and economical 3 1 2 2 LLC based Multiplexing In this...

Страница 62: ...net account Otherwise select Bridge Encapsulation Select the encapsulation type your ISP uses from the Encapsulation drop down list box Choices vary depending on what you select in the Mode field If y...

Страница 63: ...compute the subnet mask automatically based on the IP address that you entered You don t need to change the subnet mask computed by the Prestige unless you are instructed to do otherwise 3 2 1 IP Addr...

Страница 64: ...lways up regardless of traffic demand The Prestige does two things when you specify a nailed up connection The first is that idle timeout is disabled The second is that the Prestige will try to bring...

Страница 65: ...ain an IP Address Automatically if you have a dynamic IP address otherwise select Static IP Address and type your ISP assigned IP address in the text box below Connection Select Connect on Demand when...

Страница 66: ...LABEL DESCRIPTION IP Address This field is available if you select Routing in the Mode field Type your ISP assigned IP address in this field Network Address Translation Select None SUA Only or Full F...

Страница 67: ...dynamic IP address otherwise select Static IP Address and type your ISP assigned IP address in the IP Address text box below Subnet Mask Enter a subnet mask in dotted decimal notation Refer to the IP...

Страница 68: ...P assigned IP address in the IP Address text box below Connection Select Connect on Demand when you don t want the connection up all the time and specify an idle time out in seconds in the Max Idle Ti...

Страница 69: ...is pre configured with a pool of 32 IP addresses starting from 192 168 1 33 to 192 168 1 64 for the client machines This leaves 31 IP addresses 192 168 1 2 to 192 168 1 32 excluding the Prestige itse...

Страница 70: ...se the new IP address if you want to access the web configurator again LAN Subnet Mask Enter a subnet mask in dotted decimal notation DHCP DHCP Server From the DHCP Server drop down list box select On...

Страница 71: ...onnection Launch your web browser and navigate to www zyxel com Internet access is just the beginning Refer to the rest of this User s Guide for more detailed information on the complete range of Pres...

Страница 72: ...affic to pass through the Prestige and be managed by bandwidth management Refer to Chapter 23 Media Bandwidth Management Advanced Setup for more information and advanced configuration 4 1 1 Predefined...

Страница 73: ...or e mail POP3 port 110 IMAP port 143 SMTP port 25 HTTP port 80 eMule These programs use advanced file sharing applications relying on central servers to search for files They use default port 4662 WW...

Страница 74: ...andwidth class in the second wizard screen Table 11 Media Bandwidth Mgnt Wizard Setup First Screen LABEL DESCRIPTION Active Select the Active check box to have the Prestige apply bandwidth management...

Страница 75: ...width Mgnt Wizard Setup Second Screen LABEL DESCRIPTION Service These fields display the service s selected in the previous screen Priority Select High Mid or Low priority for each service to have you...

Страница 76: ...ssword recommended click Password in the Site Map screen Figure 18 Password The following table describes the fields in this screen Table 13 Password LABEL DESCRIPTION Old Password Type the default pa...

Страница 77: ...Prestige 662HW Series User s Guide 77 Chapter 5 Password Setup...

Страница 78: ...a computer network limited to the immediate area usually the same building or floor of a building The LAN screens can help you configure a LAN DHCP server and manage IP addresses 6 1 1 LANs WANs and...

Страница 79: ...n are not specified for instance left as 0 0 0 0 the Prestige tells the DHCP clients that it itself is the DNS server When a computer sends a DNS query to the Prestige the Prestige forwards the query...

Страница 80: ...g Information Protocol allows a router to exchange routing information with other routers The RIP Direction field controls the sending and receiving of RIP packets When set to Both the Prestige will b...

Страница 81: ...es all directly connected networks to gather group membership After that the Prestige periodically updates this information IP multicasting can be enabled disabled on the Prestige LAN and or WAN inter...

Страница 82: ...omputer tries to access the Internet for the first time through the Prestige 1 When a computer which is in a different subnet first attempts to access the Internet it sends packets to its default gate...

Страница 83: ...LAN Setup After all the routing information is updated the computer can access the Prestige and the Internet as if it is in the same subnet as the Prestige 6 6 Configuring LAN Click LAN and LAN Setup...

Страница 84: ...subnet mask Secondary DNS Server As above Remote DHCP Server If Relay is selected in the DHCP field above then enter the IP address of the actual remote DHCP server here TCP IP IP Address Enter the IP...

Страница 85: ...LAN then the Static DHCP tab The screen appears as shown Figure 22 LAN Static DHCP The following table describes the labels in this screen Table 15 LAN Static DHCP LABEL DESCRIPTION This is the index...

Страница 86: ...ers can have access to host servers on the DMZ but no access to the LAN unless special filter rules allowing access were configured by the administrator or the user is an authorized remote user It is...

Страница 87: ...he RIP information that it receives when set to None it will not send any RIP packets and will ignore any RIP packets received Both is the default RIP Version The RIP Version field controls the format...

Страница 88: ...forwards NetBIOS traffic Clear this check box to block all NetBIOS packets going from the LAN to the DMZ and from the DMZ to the LAN Allow between DMZ and WAN Select this check box to forward NetBIOS...

Страница 89: ...Prestige 662HW Series User s Guide 89 Chapter 7 DMZ...

Страница 90: ...for details For other operating systems see its documentation If your operating system does not support IEEE 802 1X then you may need to install IEEE 802 1X client software An optional network RADIUS...

Страница 91: ...at the same time collisions may occur when both sets of data arrive at the AP at the same time resulting in a loss of messages for both stations RTS CTS is designed to prevent collisions due to hidden...

Страница 92: ...If the Fragmentation Threshold value is smaller than the RTS CTS value see previously you set then the RTS Request To Send CTS Clear to Send handshake will never occur as data frames will be fragmente...

Страница 93: ...network communications private It encrypts unicast and multicast communications in a network Both the wireless stations and the access points must use the same WEP key for data encryption and decrypti...

Страница 94: ...Wireless stations associating to the Prestige must have the same ESSID Enter a descriptive name up to 32 characters Hide ESSID Select Yes to hide the ESSID in so a station cannot obtain the ESSID thr...

Страница 95: ...allow all wireless computers to communicate with the access points without any data encryption Select 64 bit WEP 128 bit WEP or 256 bit WEP to use data encryption Key 1 to Key 4 The WEP keys are used...

Страница 96: ...the list of MAC addresses in the MAC Address table Select Deny Association to block access to the router MAC addresses not listed will be allowed to access the Prestige Select Allow Association to per...

Страница 97: ...orization and accounting The access point is the client and the server is the RADIUS server The RADIUS server handles the following tasks Authentication Determines the identity of the users Authorizat...

Страница 98: ...ed secret key which is a password they both know The key is not sent over the network In addition to the shared key password information exchanged is also encrypted to protect the network from unautho...

Страница 99: ...ent As long as the passwords match a client will be granted access to a WLAN 8 7 2 Encryption WPA improves data encryption by using Temporal Key Integrity Protocol TKIP Message Integrity Check MIC and...

Страница 100: ...sword 8 8 WPA PSK Application Example A WPA PSK application looks as follows 1 First enter identical passwords into the AP and all wireless clients The Pre Shared Key PSK must consist of between 8 and...

Страница 101: ...ity Parameters Summary Refer to this table to see what other security parameters you should configure for each Authentication Method key management protocol type You enter manual keys by first selecti...

Страница 102: ...ireless client However you must run Windows XP to use it 8 12 Configuring 802 1x and WPA To change your Prestige s authentication settings click the Wireless LAN link under Advanced Setup and then the...

Страница 103: ...t box Choose from No Access Allowed No Authentication Required and Authentication Required No Access Allowed blocks all wireless stations access to the wired network No Authentication Required allows...

Страница 104: ...er database may not be used Select Disable to allow wireless stations to communicate with the access points without using dynamic WEP key exchange Select 64 bit WEP or 128 bit WEP to enable data encry...

Страница 105: ...otocol The following table describes the labels not previously discussed Back Click Back to go to the main wireless LAN setup screen Apply Click Apply to save your changes back to the Prestige Cancel...

Страница 106: ...r broadcast and multicast group traffic if the Key Management Protocol is WPA and WPA Mixed Mode is disabled WEP is used automatically if you have enabled WPA Mixed Mode All unicast traffic is automat...

Страница 107: ...including spaces and symbols WPA Mixed Mode The Prestige can operate in WPA Mixed Mode which supports both clients running WPA and clients running dynamic WEP key exchange with 802 1x in the same Wi F...

Страница 108: ...le to authenticate wireless users without interacting with a network RADIUS server However there is a limit on the number of users you may authenticate in this way To change your Prestige s local user...

Страница 109: ...e 36 RADIUS The following table describes the fields in this screen Table 24 Local User Database LABEL DESCRIPTION This is the index number of a local user account Active Select this check box to enab...

Страница 110: ...ey must be the same on the external authentication server and Prestige Accounting Server Active Select Yes from the drop down list box to enable user authentication through an external accounting serv...

Страница 111: ...Prestige 662HW Series User s Guide 111 Chapter 8 Wireless LAN Setup...

Страница 112: ...same metric the Prestige uses the following pre defined priorities Normal route designated by the ISP see the Configuring WAN Setup section Traffic redirect route see the Traffic Redirect section WAN...

Страница 113: ...E software installed since the Prestige does that part of the task Furthermore with NAT all of the LANs computers will have access 9 4 Traffic Shaping Traffic Shaping is an agreement between the carri...

Страница 114: ...ssary configuration changes In cases where additional account information such as an Internet account user name and password is required or the Prestige cannot connect to the ISP you will be redirecte...

Страница 115: ...elds in this screen Table 26 WAN Setup LABEL DESCRIPTION Name Enter the name of your Internet Service Provider e g MyISP This information is for identification purposes only Mode Select Routing defaul...

Страница 116: ...Cell Rate PCR This is the maximum rate at which the sender can send cells Type the PCR here Sustain Cell Rate The Sustain Cell Rate SCR sets the average cell rate long term that can be transmitted Typ...

Страница 117: ...T for application where NAT is not appropriate Disable PPPoE pass through if you do not need to allow hosts on the LAN to use PPPoE client software on their computers to connect to the ISP Subnet Mask...

Страница 118: ...r three logical networks with the Prestige itself as the gateway for each LAN network Put the protected LAN in one subnet Subnet 1 in the following figure and the backup gateway in another subnet Subn...

Страница 119: ...this field to test your Prestige s WAN accessibility Type the IP address of a reliable nearby computer for example your ISP s DNS server address Note If you activate either traffic redirect or dial b...

Страница 120: ...The smaller the number the lower the cost Backup Gateway Type the IP address of your backup gateway in dotted decimal notation The Prestige automatically forwards traffic to this IP address if the Pr...

Страница 121: ...9 9 Configuring Advanced WAN Backup To edit your Prestige s advanced WAN backup settings click WAN WAN Backup and then the Advanced Setup button The screen appears as shown Figure 42 Advanced WAN Back...

Страница 122: ...speeds are 9600 19200 38400 57600 115200 or 230400 bps AT Command Initial String Type the AT command string to initialize the WAN device Consult the manual of your WAN device connected to your dial b...

Страница 123: ...C 1112 but IGMP version 1 is still in wide use If you would like to read more detailed information about interoperability between IGMP version 2 and version 1 please see sections 4 and 5 of RFC 2236 P...

Страница 124: ...e to hang up in addition to issuing the drop command ATH 9 12 Response Strings The response strings tell the Prestige the tags or labels immediately preceding the various call parameters sent from the...

Страница 125: ...the DTR Data Terminal Ready signal after the AT Command String Drop is sent out AT Response Strings CLID Type the keyword that precedes the CLID Calling Line Identification in the AT response string T...

Страница 126: ...if it does not receive a positive disconnect confirmation Example 20 Call Back Delay Type a number of seconds for the Prestige to wait between dropping a callback request call and dialing the corresp...

Страница 127: ...Prestige 662HW Series User s Guide 127 Chapter 9 WAN Setup...

Страница 128: ...refers to the IP address of a host when the packet is in the local network while the global address refers to the IP address of the host when the same packet is traveling in the WAN side Note that in...

Страница 129: ...NAT offers the additional benefit of firewall protection With no servers defined your Prestige filters out all incoming inquiries thus preventing intruders from probing your network For more informat...

Страница 130: ...following figure illustrates a possible NAT application where three inside LANs logical LANs using IP Alias behind the Prestige can communicate with three distinct WAN networks More examples follow at...

Страница 131: ...e servers of different services behind the NAT to be accessible to the outside world Port numbers do not change for One to One and Many to Many No Overload NAT mapping types The following table summar...

Страница 132: ...do not allow you to run any server processes such as a Web or FTP server from your location Your ISP may periodically check for servers and may suspend your account if it discovers any active services...

Страница 133: ...he example You assign the LAN IP addresses and the ISP assigns the WAN IP address The NAT network appears as a single host on the Internet IP address assigned by ISP Figure 46 Multiple Servers Behind...

Страница 134: ...wing screen Refer to Table 32 for port numbers commonly used for particular services Table 33 NAT Mode LABEL DESCRIPTION None Select this radio button to disable NAT SUA Only Select this radio button...

Страница 135: ...s of ports enter the start port number here and the end port number in the End Port No field End Port No Enter a port number in this field To forward only one port enter the port number again in the S...

Страница 136: ...e your Prestige s address mapping settings click NAT Select Full Feature and click Edit Details to open the following screen Figure 49 Address Mapping Rules The following table describes the fields in...

Страница 137: ...T mapping type M 1 Many to One mode maps multiple local IP addresses to one global IP address This is equivalent to SUA i e PAT port address translation ZyXEL s Single User Account feature that previo...

Страница 138: ...utside world Local Start IP This is the starting local IP address ILA Local IP addresses are N A for Server port mapping Local End IP This is the end local IP address ILA If your rule is for all local...

Страница 139: ...Prestige 662HW Series User s Guide 139 Chapter 10 Network Address Translation NAT Screens...

Страница 140: ...friends or relatives will always be able to call you even if they don t know your IP address First of all you need to have registered a dynamic DNS account with www dyndns org This is for people with...

Страница 141: ...Provider This is the name of your Dynamic DNS service provider Host Names Type the domain name assigned to your Prestige by your Dynamic DNS provider E mail Address Type your e mail address User Type...

Страница 142: ...is screen to configure the Prestige s time and date settings 12 1 Configuring Time and Date To change your Prestige s time and date click Time And Date The screen appears as shown Use this screen to c...

Страница 143: ...er the month and day that your daylight savings time starts on if you selected Daylight Savings End Date Enter the month and day that your daylight savings time ends on if you selected Daylight Saving...

Страница 144: ...or a firewall to guard effectively you must design and deploy it appropriately This requires integrating the firewall into a broad information security policy In addition specific policies must be imp...

Страница 145: ...some proxies support See theStateful Inspection section for more information on Stateful Inspection Firewalls of one type or another have become an integral part of standard security solutions for ent...

Страница 146: ...et of application protocols that perform specific functions An extension number called the TCP port or UDP port identifies these protocols such as HTTP Web FTP File Transfer Protocol POP3 E mail etc F...

Страница 147: ...sh hang or reboot Teardrop attack exploits weaknesses in the re assembly of IP packet fragments As data is transmitted through a network IP packets are often broken up into smaller chunks Each fragmen...

Страница 148: ...latively long intervals terminates the three way handshake Once the queue is full the system will ignore all incoming SYN requests making the system unavailable for legitimate users Figure 55 SYN Floo...

Страница 149: ...andwidth making communications impossible Figure 56 Smurf Attack 13 4 2 1 ICMP Vulnerability ICMP is an error reporting protocol that works in concert with IP The following ICMP types trigger an alert...

Страница 150: ...l The Prestige blocks all IP Spoofing attempts 13 5 Stateful Inspection With stateful inspection fields of the packets are compared to packets that are already known to be trusted For example if you a...

Страница 151: ...ermine and record information about the state of the packet s connection This information is recorded in a new state table entry created for the new connection If there is not a firewall rule for this...

Страница 152: ...rules work by evaluating the network traffic s Source IP address Destination IP address IP protocol type and comparing these to rules set by the administrator Below is a brief technical description of...

Страница 153: ...lar situation exists for ICMP except that the Prestige is even more restrictive Specifically only outgoing echoes will allow incoming echo replies outgoing address mask requests will allow incoming ad...

Страница 154: ...count what hackers can do and prepares against attacks The best defense against hackers and crackers is information Educate all employees about the importance of security and how to minimize risk Prod...

Страница 155: ...der portion of an IP packet 13 7 1 1 When To Use Filtering To block allow LAN packets by their MAC addresses To block allow special IP packets which are neither TCP nor UDP nor ICMP packets To block a...

Страница 156: ...ter choice when complex rules are required To selectively block allow inbound or outbound traffic between inside host networks and outside host networks Remember that filters can not distinguish traff...

Страница 157: ...Prestige 662HW Series User s Guide 157 Chapter 13 Firewalls...

Страница 158: ...r advanced users 14 2 Firewall Policies Overview Firewall rules are grouped based on the direction of travel of packets to which they apply By default the Prestige s stateful packet inspection allows...

Страница 159: ...the LAN Allow everyone except your competitors to access a Web server Restrict use of certain protocols such as Telnet to authorized users on the LAN These custom rules work by comparing the Source I...

Страница 160: ...e if IRC is blocked for all users will a rule that blocks just certain users be more effective 4 Does a rule that allows Internet users access to resources on the LAN create a security vulnerability F...

Страница 161: ...s for managing the Prestige through the LAN interface and policies for LAN to LAN the policies that control routing between two subnets on the LAN Similarly WAN to WAN Router and DMZ to DMZ Router pol...

Страница 162: ...ert Message to Administrator When Matched checkbox or when a rule is matched in the Edit Rule screen see the Configuring Firewall Rules section When an event generates an alert a message can be immedi...

Страница 163: ...LAN to DMZ WAN to WAN Router WAN to LAN WAN to DMZ DMZ to DMZ Router DMZ to LAN or DMZ to WAN Firewall rules are grouped based on the direction of travel of packets to which they apply For example LA...

Страница 164: ...green When the amount of space used is over 80 the bar is red Packet Direction Use the drop down list box to select a direction of travel of packets for which you want to configure firewall rules Defa...

Страница 165: ...ice type is equivalent to Any See for more information Action This is the specified action for that rule either Block or Forward Note that Block means the firewall silently discards the packet Schedul...

Страница 166: ...Prestige 662HW Series User s Guide Chapter 14 Firewall Configuration 166 Figure 62 Firewall Edit Rule The following table describes the labels in this screen...

Страница 167: ...ck Delete to remove it Services Available Selected Services Please see for more information on services available Highlight a service from the Available Services box on the left then click Add to add...

Страница 168: ...wall Customized Services 14 8 Creating Editing A Customized Service Click a rule number in the Firewall Customized Services screen to create a new custom port or edit an existing one This action displ...

Страница 169: ...LABEL DESCRIPTION Service Name Type a unique name for your custom port Service Type Choose the IP port TCP UDP or TCP UDP that defines your customized port from the drop down list box Port Configurat...

Страница 170: ...x number for where you want to put the rule For example if you type 6 your new rule becomes number 6 and the previous rule 6 if there is one becomes rule 7 4 Click Insert to display the firewall rule...

Страница 171: ...ices link to open the Customized Service screen 8 Click an index number to display the Customized Services Config screen and configure the screen as follows and click Apply Figure 67 Edit Custom Port...

Страница 172: ...xample Edit Rule Select Customized Services On completing the configuration procedure for this Internet firewall rule the Rule Summary Note Custom ports show up with an before their names in the Servi...

Страница 173: ...ar in brackets The first field indicates the IP protocol type TCP UDP or ICMP The second field indicates the IP port number that defines the service Note that there may be more than one IP protocol ty...

Страница 174: ...ternet Group Multicast Protocol is used when sending packets to a specific group of hosts NEWS TCP 144 A protocol for news groups NFS UDP 2049 Network File System NFS is a client server distributed fi...

Страница 175: ...gement Program SNMP TRAPS TCP UDP 162 Traps for use with the SNMP RFC 1215 SQL NET TCP 1521 Structured Query Language is an interface to access data on many different types of database systems includi...

Страница 176: ...g LAN and WAN and DMZ Ping requests Do not respond to requests for unauthorized services Select this option to prevent hackers from finding the Prestige by probing for unused ports If you select this...

Страница 177: ...see Figure 54 For UDP half open means that the firewall has detected no return traffic The Prestige measures both the total number of existing half open sessions and the rate of session establishment...

Страница 178: ...n requests to the host giving the server time to handle the present connections The Prestige continues to block all new connection requests until the Blocking Time expires The Prestige also sends aler...

Страница 179: ...Do not set Maximum Incomplete High to lower than the current Maximum Incomplete Low number 100 existing half open sessions The above values causes the Prestige to start deleting half open sessions wh...

Страница 180: ...can set a schedule for when the Prestige performs content filtering You can also specify trusted IP addresses on the LAN for which the Prestige will not perform content filtering 15 2 Configuring Keyw...

Страница 181: ...that you have configured the Prestige to block Delete Highlight a keyword in the box and click Delete to remove it Clear All Click Clear All to remove all of the keywords from the list Keyword Type a...

Страница 182: ...e screen appears as shown Table 52 Content Filter Schedule LABEL DESCRIPTION Days to Block Select a check box to configure which days of the week or everyday you want the content filtering to be activ...

Страница 183: ...beginning IP address of a specific range of computers on the LAN that you want to exclude from content filtering To Type the ending IP address of a specific range of users on your LAN that you want t...

Страница 184: ...he system before they can gain access to the Internet 16 1 1 Content Access Control WLAN Application You can control LAN user Internet access by having an administrator configure Content Access Contro...

Страница 185: ...labels in this screen Note You must set up all four user groups Table 54 Content Access Control General LABEL DESCRIPTION Enable Content Access Control Select the check box to allow the LAN administr...

Страница 186: ...web site address Content Filtering Service Click Register to go to a web site where you can register for category based content filtering using an external database You can use a trial application or...

Страница 187: ...e day s that you do not want any time restrictions for user Internet access Time Budget Left Type the number of hours 0 to 23 and minutes 0 to 59 to allow Internet access of unblocked sites Note If yo...

Страница 188: ...have the service blocked on a day in the weekend Saturday or Sunday These services will be blocked according to the settings you configure in Time Scheduling screen Blocked Services This box shows al...

Страница 189: ...CQ TCP 5190 AOL s Internet Messenger service used as a listening port by ICQ AUTH TCP 113 Authentication protocol used by some servers BGP TCP 179 Border Gateway Protocol BOOTP_CLIENT UDP 68 DHCP Clie...

Страница 190: ...Service REAL_AUDIO TCP 7070 A streaming audio service that enables real time sound over the web REXEC TCP 514 Remote Execution Daemon RLOGIN TCP 513 Remote Login RTELNET TCP 107 Remote Telnet RTSP TC...

Страница 191: ...ck Edit under Web Browsing in the Content Access Control General screen A screen displays as shown next TFTP UDP 69 Trivial File Transfer Protocol is an Internet file transfer protocol similar to FTP...

Страница 192: ...Prestige 662HW Series User s Guide Chapter 16 Content Access Control 192 Figure 79 Content Access Control General Web Site Filter...

Страница 193: ...pages that contain sexually explicit material for the purpose of arousing a sexual or prurient interest Sex Education Selecting this category excludes pages that provide graphic information sometimes...

Страница 194: ...nt Business Economy Selecting this category excludes pages devoted to business firms business information economics marketing business management and entrepreneurship This does not include pages that...

Страница 195: ...Internet and technology related organizations and companies Hacking Proxy Avoidance Pages providing information on illegal or questionable access to or the use of communications equipment software or...

Страница 196: ...excludes pages that promote or provide information about spectator sports recreational activities or hobbies This includes pages that discuss or promote camping gardening and collecting Travel Selecti...

Страница 197: ...click basic to see a smaller list Keyword Blocking Select the Enable check box to block the URL containing the keywords in the keyword list Block Websites that contain these keywords in the URL Type a...

Страница 198: ...isplay the screen as shown next Table 59 Content Access Control General Diagnose LABEL DESCRIPTION Test Web Site Attribute Test Result This field displays the web site address check result Test if web...

Страница 199: ...r Username Enter the user name for this account Password Enter a password associated to the user name above Category Select a user group from the drop down list box to associate this user account to t...

Страница 200: ...This field displays the amount of time that you have before the Prestige logs you out and terminates your Internet access This time depends on the time allowance configured in Time Scheduling screen...

Страница 201: ...login name and password the Prestige checks the access profile and begins enforcing the access control restriction as defined by the administrator 4 The access privileges remain in force until you lo...

Страница 202: ...tor Login The administrator can log into the system The administrator opens their browser and is directed to the Prestige user login page this is the same as the user login The administrator enters ad...

Страница 203: ...Prestige 662HW Series User s Guide 203 Chapter 16 Content Access Control...

Страница 204: ...ignatures for known viruses and a scanning engine Signatures are byte patterns that are unique to a particular virus These signatures are stored in a pattern file The scanning engine compares the file...

Страница 205: ...cted networked computers can grow exponentially 5 To prevent the spread of viruses you need to install host based anti virus software on a computer or buy an anti virus system 17 3 Introduction to the...

Страница 206: ...r virus 4 If a virus pattern is matched the Prestige cleans the virus by deleting the infected packet and alerts the intended computer user s 17 3 2 Limitations of the Prestige Packet Scan The Prestig...

Страница 207: ...ee the Registration and Online Update section for more information Table 63 Anti Virus Packet Scan LABEL DESCRIPTION Packet Scan Configuration Active Select this check box to enable the anti virus pac...

Страница 208: ...maximum number of opened connections is reached default is 300 connections at a time Packet Scan Information Packet Scan Engine Version This read only field displays the version of the scanning engin...

Страница 209: ...L com appendix for more information Activation After you have successfully registered for the anti virus service click Activate to enable and start using the anti virus feature This also sets the Pres...

Страница 210: ...on and Virus Information Update screen click Update Now An update progress screen displays as shown Figure 88 Virus Scan Update in Progress 2 After the virus scan update is successful a screen display...

Страница 211: ...Prestige 662HW Series User s Guide 211 Chapter 17 Anti Virus Packet Scan...

Страница 212: ...ions for secure data communications across a public network like the Internet IPSec is built around a number of standardized cryptographic techniques to provide confidentiality data integrity and auth...

Страница 213: ...or More Private Networks Together Connect branch offices and business partners over the Internet with significant cost savings and improved performance when compared to leased lines between sites Acc...

Страница 214: ...on Algorithm describes the use of encryption techniques such as DES Data Encryption Standard and Triple DES algorithms The Authentication Algorithms HMAC MD5 RFC 2403 and HMAC SHA 1 RFC 2404 provide a...

Страница 215: ...ended forward into the IP header to verify the integrity of the entire packet by use of portions of the original IP header in the hashing process 18 3 2 Tunnel Mode Tunnel mode encapsulates the entire...

Страница 216: ...using ESP in Tunnel mode encapsulates the entire original packet including headers in a new IP packet The new IP packet s source address is the outbound address of the sending VPN gateway and its des...

Страница 217: ...Prestige 662HW Series User s Guide 217 Chapter 18 Introduction to IPSec...

Страница 218: ...tegrity authentication sequence integrity replay resistance and non repudiation but not for confidentiality for which the ESP was designed In applications where confidentiality is not required or not...

Страница 219: ...Gateway Address field You may alternatively enter the remote secure gateway s domain name if it has one in the Secure Gateway Address field Table 66 AH and ESP ESP AH DES default Data Encryption Stand...

Страница 220: ...he secure gateway s address In this case only the remote secure gateway can initiate SAs This may be useful for telecommuters initiating a VPN tunnel to the company network see the Telecommuter VPN IP...

Страница 221: ...s active No signifies that this VPN policy is not active Local Address This is the IP address es of computer s on your local network behind your Prestige The same static IP address is displayed twice...

Страница 222: ...wo IPSec routers Remote Address This is the IP address es of computer s on the remote network behind the remote IPSec router This field displays N A when the Secure Gateway Address field displays 0 0...

Страница 223: ...or NAT traversal to work you must Use ESP security protocol in either transport or tunnel mode Use IKE keying mode Enable NAT traversal on both IPSec endpoints In order for IPSec router A see the figu...

Страница 224: ...s section for a telecommuter configuration example Regardless of the ID type and content configuration the Prestige does not allow you to save multiple active rules with overlapping local and remote I...

Страница 225: ...e 69 Peer ID Type and Content Fields PEER ID TYPE CONTENT IP Type the IP address of the computer with which you will make the VPN connection or leave the field blank to have the Prestige automatically...

Страница 226: ...ase 1 IKE negotiation see the IKE Phases section for more on IKE phases It is called pre shared because you have to share it with another party before you can communicate with them over a secure conne...

Страница 227: ...Prestige 662HW Series User s Guide 227 Chapter 19 VPN Screens Figure 97 VPN IKE The following table describes the fields in this screen...

Страница 228: ...Select Tunnel mode or Transport mode from the drop down list box DNS Server for IPSec VPN If there is a private DNS server that services the VPN type its IP address here The Prestige assigns this add...

Страница 229: ...field is configured to Subnet enter a static IP address on the network behind the remote IPSec router End Subnet Mask When the Remote Address Type field is configured to Single this field is N A When...

Страница 230: ...h trailing spaces are truncated The domain name or e mail address is for identification purposes only and can be any string It is recommended that you type an IP address other than 0 0 0 0 or use the...

Страница 231: ...box When you use one of these encryption algorithms for data communications both the sending device and the receiving device must use the same secret key which can be used to encrypt and decrypt the m...

Страница 232: ...gorithm Choose an authentication algorithm Choose whether to enable Perfect Forward Secrecy PFS using Diffie Hellman public key cryptography see the Perfect Forward Secrecy PFS section Select None the...

Страница 233: ...l Diffie Hellman is used within IKE SA setup to establish session keys 768 bit Group 1 DH1 and 1024 bit Group 2 DH2 Diffie Hellman groups are supported Upon completion of the Diffie Hellman exchange t...

Страница 234: ...packets to protect against replay attacks Select YES from the drop down menu to enable replay detection or select NO to disable it Local Start Port 0 is the default and signifies any port Type a port...

Страница 235: ...both the sending device and the receiving device must use the same secret key which can be used to encrypt and decrypt the message or to generate and verify a message authentication code The DES encry...

Страница 236: ...ased latency and decreased throughput This implementation of AES uses a 128 bit key AES is faster than 3DES Select NULL to set up a tunnel without encryption When you select NULL you do not enter an e...

Страница 237: ...14 Configuring Manual Key You only configure VPN Manual Key when you select Manual in the IPSec Key Mode field on the VPN IKE screen This is the VPN Manual Key screen as shown next Figure 100 VPN Man...

Страница 238: ...P Address Start When the Local Address Type field is configured to Single enter a static IP address on the LAN behind your Prestige When the Local Address Type field is configured to Range enter the b...

Страница 239: ...orithm Select DES 3DES or NULL from the drop down list box When DES is used for data communications both sender and receiver must know the same secret key which can be used to encrypt and decrypt the...

Страница 240: ...esh to display active VPN connections This screen is read only The following table describes the fields in this tab When there is outbound traffic but no inbound traffic the SA times out automatically...

Страница 241: ...delay Disconnect Select Disconnect next to a security association and then click Apply to stop that security association Back Click Back to return to the previous screen Apply Click Apply to save your...

Страница 242: ...for an example configuration that allows multiple telecommuters A B and C in the figure to use one VPN rule to simultaneously access a Prestige at headquarters HQ in the figure The telecommuters do no...

Страница 243: ...should not overlap See the following table and figure for an example where three telecommuters each use a different VPN rule for a VPN connection with a Prestige located at headquarters The Prestige...

Страница 244: ...arters Prestige Rule 1 Local ID Type IP Peer ID Type IP Local ID Content 192 168 2 12 Peer ID Content 192 168 2 12 Local IP Address 192 168 2 12 Secure Gateway Address telecommuter1 com Remote Address...

Страница 245: ...HW Series User s Guide 245 Chapter 19 VPN Screens 19 18 VPN and Remote Management If a VPN tunnel uses Telnet FTP WWW then you should configure remote management Remote Management to allow access for...

Страница 246: ...g firewall rules You may manage your Prestige from a remote location via Internet WAN only ALL LAN and WAN LAN only Neither Disable When you Choose WAN only or ALL LAN WAN you still need to configure...

Страница 247: ...rule that blocks it 20 1 2 Remote Management and NAT When NAT is enabled Use the Prestige s WAN IP address when configuring from the WAN Use the Prestige s LAN IP address when configuring from the LA...

Страница 248: ...otes a service that you may use to remotely manage the Prestige Access Status Select the access interface Choices are All LAN Only WAN Only and Disable Port This field shows the port number for the re...

Страница 249: ...Prestige 662HW Series User s Guide 249 Chapter 20 Remote Management Configuration...

Страница 250: ...ate icon Selecting the icon of a UPnP device will allow you to access the information and properties of that device 21 1 2 NAT Traversal UPnP NAT traversal automates the process of allowing an applica...

Страница 251: ...tion supports IGD 1 0 Internet Gateway Device At the time of writing ZyXEL s UPnP implementation supports Windows Messenger 4 6 and 4 7 while Windows Messenger 5 0 and Xbox are still being tested UPnP...

Страница 252: ...stige s IP address although you must still enter the password to access the web configurator Allow users to make configuration changes through UPnP Select this check box to allow UPnP enabled applicat...

Страница 253: ...Setup Communication 3 In the Communications window select the Universal Plug and Play check box in the Components selection box Figure 109 Add Remove Programs Windows Setup Communication Components 4...

Страница 254: ...ows XP 1 Click Start and Control Panel 2 Double click Network Connections 3 In the Network Connections window click Advanced in the main menu and select Optional Networking Components Figure 110 Netwo...

Страница 255: ...662HW Series User s Guide 255 Chapter 21 Universal Plug and Play UPnP Figure 111 Windows Optional Networking Components Wizard 5 In the Networking Services window select the Universal Plug and Play c...

Страница 256: ...section shows you how to use the UPnP feature in Windows XP You must already have UPnP installed in Windows XP and UPnP activated on the Prestige Make sure the computer is connected to a LAN port of...

Страница 257: ...Series User s Guide 257 Chapter 21 Universal Plug and Play UPnP Figure 113 Network Connections 3 In the Internet Connection Properties window click Settings to see the port mappings there were automat...

Страница 258: ...stige 662HW Series User s Guide Chapter 21 Universal Plug and Play UPnP 258 Figure 114 Internet Connection Properties 4 You may edit or delete the port mappings or click Add to manually add port mappi...

Страница 259: ...erties Advanced Settings Figure 116 Internet Connection Properties Advanced Settings Add 5 When the UPnP enabled device is disconnected from your computer all port mappings will be deleted automatical...

Страница 260: ...ection Status Web Configurator Easy Access With UPnP you can access the web based configurator on the Prestige without finding out the IP address of the Prestige first This comes helpful if you do not...

Страница 261: ...iversal Plug and Play UPnP Figure 119 Network Connections 4 An icon with the description for each UPnP enabled device displays under Local Network 5 Right click on the icon for your Prestige and selec...

Страница 262: ...lay UPnP 262 Figure 120 Network Connections My Network Places 6 Right click on the icon for your Prestige and select Properties A properties window displays with basic information about the Prestige F...

Страница 263: ...Prestige 662HW Series User s Guide 263 Chapter 21 Universal Plug and Play UPnP...

Страница 264: ...ors attacks access control and attempted access to blocked web sites Some categories such as System Errors consist of both logs and alerts You may differentiate them by their color in the View Log scr...

Страница 265: ...Log Settings LABEL DESCRIPTION Address Info Mail Server Enter the server name or the IP address of the mail server for the e mail addresses specified below If this field is left blank logs and alert m...

Страница 266: ...facility allows you to log the messages to different files in the syslog server Refer to the documentation of your syslog program for more details Send Log Log Schedule This drop down menu is used to...

Страница 267: ...recorded See the chapter on system maintenance and information to configure the Prestige s time and date Message This field states the reason for the log Source This field lists the source IP address...

Страница 268: ...ubject Firewall Alert From Prestige Date Fri 07 Apr 2000 10 05 42 From user zyxel com To user zyxel com 1 Apr 7 00 From 192 168 1 1 To 192 168 1 255 default policy forward 09 54 03 UDP src port 00520...

Страница 269: ...Prestige 662HW Series User s Guide 269 Chapter 22 Logs Screens...

Страница 270: ...u to configure the allowed output for an interface to match what the network can handle This helps reduce delays and dropped packets at the next routing device For example you can set the WAN interfac...

Страница 271: ...onal Bandwidth Allocation Bandwidth management allows you to define how much bandwidth each class gets however the actual bandwidth allotted to each class decreases or increases in proportion to actua...

Страница 272: ...applications in each subnet are allotted bandwidth Figure 127 Application and Subnet based Bandwidth Management Example 23 5 Scheduler The scheduler divides up an interface s bandwidth among the band...

Страница 273: ...When you enable maximize bandwidth usage the Prestige first makes sure that each bandwidth class gets up to its bandwidth allotment Next the Prestige divides up an interface s available bandwidth ban...

Страница 274: ...the classes that require more bandwidth Therefore the Prestige divides a total of 3 Mbps total of unbudgeted and unused bandwidth among the classes that require more bandwidth In this case suppose tha...

Страница 275: ...class first The child class can also borrow bandwidth from a higher parent class grandparent class if the child class s parent class is also configured to borrow bandwidth from its parent class This c...

Страница 276: ...enabled The Bill class cannot borrow unused bandwidth from the Root class because the Sales class has bandwidth borrowing disabled The Amy class cannot borrow unused bandwidth from the Sales USA class...

Страница 277: ...bandwidth child classes of higher priority and treats bandwidth classes of the same priority equally 3 The Prestige assigns any remaining unused or unbudgeted bandwidth on the interface to any bandwid...

Страница 278: ...able bandwidth management on that interface Bandwidth management applies to all traffic flowing out of the router through the interface regardless of the traffic s source Traffic redirect or IP alias...

Страница 279: ...erface To add a child class click Media Bandwidth Management then Class Setup Click the Add Child Class button to open the following screen Table 86 Media Bandwidth Management Class Setup LABEL DESCRI...

Страница 280: ...ty The default setting is 3 Borrow bandwidth from parent class Select this option to allow a child class to borrow bandwidth from its parent class if the parent class is not using up its bandwidth bud...

Страница 281: ...configuring the Destination Port Source Port and Protocol ID fields Destination IP Address Enter the destination IP address in dotted decimal notation A blank destination IP address means any destinat...

Страница 282: ...able 88 Services and Port Numbers SERVICES PORT NUMBER Table 89 Media Bandwidth Management Statistics LABEL DESCRIPTION Class Name This field displays the name of the class the statistics page is show...

Страница 283: ...r from refreshing bandwidth management statistics Clear Counter Click Clear Counter to clear all of the bandwidth management statistics Table 89 Media Bandwidth Management Statistics LABEL DESCRIPTION...

Страница 284: ...nd port traffic statistics 24 1 Maintenance Overview The maintenance screens can help you view system information upload new firmware manage configuration and restart your Prestige 24 2 System Status...

Страница 285: ...Chapter 24 Maintenance Figure 136 System Status The following table describes the fields in this screen Table 91 System Status LABEL DESCRIPTION System Status System Name This is the name of your Pres...

Страница 286: ...if applicable VPI VCI This is the Virtual Path Identifier and Virtual Channel Identifier that you entered in the first Wizard screen LAN Information MAC Address This is the MAC Media Access Control o...

Страница 287: ...ET RFC 1483 and PPPoE Interface This field displays the type of port Status For the WAN port this displays the port speed and duplex setting if you re using Ethernet encapsulation and down line is dow...

Страница 288: ...d MAC Address of all network clients using the DHCP server Figure 138 DHCP Table The following table describes the fields in this screen Poll Interval s Type the time interval for the browser to refre...

Страница 289: ...ge s wireless LAN 24 5 1 Association List This screen displays the MAC address es of the wireless stations that are currently logged in to the network Click Wireless LAN and then Association List to o...

Страница 290: ...sociation List LABEL DESCRIPTION This is the index number of an associated wireless station MAC Address This field displays the MAC Media Access Control address of an associated wireless station Every...

Страница 291: ...t Table 96 Diagnostic General LABEL DESCRIPTION TCP IP Address Type the IP address of a computer that you want to ping in order to test a connection Ping Click this button to ping the IP address that...

Страница 292: ...Status Click this button to view ATM status ATM Loopback Test Click this button to start the ATM loopback test Make sure you have configured at least one PVC with proper VPIs VCIs before you begin thi...

Страница 293: ...en the following screen Follow the instructions in this screen to upload firmware to your Prestige Figure 143 Firmware Upgrade The following table describes the labels in this screen Table 98 Firmware...

Страница 294: ...ts in this time causing a temporary network disconnect In some operating systems you may see the following icon on your desktop Figure 144 Network Temporarily Disconnected After two minutes log in aga...

Страница 295: ...Prestige 662HW Series User s Guide 295 Chapter 24 Maintenance...

Страница 296: ...restige 1 In Windows click Start usually in the bottom left corner Run and then type telnet 192 168 1 1 the default IP address and click OK 2 Enter 1234 in the Password field 3 After entering the pass...

Страница 297: ...enus in this guide as an example The SMT menus vary slightly for different Prestige models The following figure gives you an overview of the various SMT menu screens of your Pres tige Figure 147 Prest...

Страница 298: ...quires you to type in the appropriate information The second allows you to cycle through the available choices by pressing SPACE BAR Required fields or ChangeMe All fields with the symbol must be fill...

Страница 299: ...up an Internet connection 11 Remote Node Setup Use this menu to set up the Remote Node for LAN to LAN connection including Internet connection 12 Static Routing Setup Use this menu to set up static ro...

Страница 300: ...d field up to 30 characters and press ENTER 5 Re type your new system password in the Retype to confirm field for confirmation and press ENTER Menu 23 1 System Security Change Password Old Password Ne...

Страница 301: ...Prestige 662HW Series User s Guide 301 Chapter 25 Introducing the SMT...

Страница 302: ...Windows 2000 click Start Settings Control Panel and then double click System Click the Network Identification tab and then the Properties button Note the entry for the Computer name field and enter it...

Страница 303: ...nal Enter the name up to 30 characters of the person in charge of this Prestige Domain Name Enter the domain name if you know it here If you leave this field blank the ISP may assign a domain name via...

Страница 304: ...your dynamic DNS service provider Active Press SPACE BAR to select Yes and then press ENTER to make dynamic DNS active Host Enter the domain name assigned to your Prestige by your dynamic DNS provide...

Страница 305: ...Prestige 662HW Series User s Guide 305 Chapter 26 Menu 1 General Setup...

Страница 306: ...Fail Tolerance 0 Recovery Interval sec 0 ICMP Timeout sec 0 Traffic Redirect No Dial Backup No Press ENTER to Confirm or ESC to Cancel Table 104 Menu 2 WAN Backup Setup FIELD DESCRIPTION Check Mechan...

Страница 307: ...seconds for an ICMP session to wait for the ICMP response Traffic Redirect Press SPACE BAR to select Yes or No Select Yes and press ENTER to configure Menu 2 1 Traffic Redirect Setup Select No default...

Страница 308: ...ns the link is down The smaller the number the lower the cost When you have completed this menu press ENTER at the prompt Press ENTER to Confirm or ESC to Cancel to save your configuration or press ES...

Страница 309: ...o edit the advanced setup for the Dial Backup port move the cursor to this field press the SPACE BAR to select Yes and then press ENTER to go to Menu 2 2 1 Advanced Dial Backup Setup When you have com...

Страница 310: ...he default the DTR Data Terminal Ready signal is dropped after the AT Command String Drop is sent out AT Response Strings CLID Calling Line Identification Enter the keyword that precedes the CLID Call...

Страница 311: ...ait before dropping the DTR signal if it does not receive a positive disconnect confirmation Call Back Delay sec Enter a number of seconds for the Prestige to wait between dropping a callback request...

Страница 312: ...y to the Ethernet traffic You seldom need to filter Ethernet traffic however the filter sets may be useful to block certain packets reduce traffic and prevent security breaches Figure 156 Menu 3 1 LAN...

Страница 313: ...ed below For TCP IP Ethernet setup refer to the Internet Access Configuration section For bridging Ethernet setup refer to Chapter 33 Bridging Setup 28 3 CP IP Ethernet Setup and DHCP Use menu 3 2 to...

Страница 314: ...ws 95 Windows NT and other systems that support the DHCP client If set to None the DHCP server will be disabled If set to Relay the Prestige acts as a surrogate DHCP server and relays DHCP requests an...

Страница 315: ...is a network layer protocol used to establish membership in a Multicast group The Prestige supports both IGMP version 1 IGMP v1 and version 2 IGMP v2 Press the SPACE BAR to enable IP Multicasting or...

Страница 316: ...less LAN Setup The following table describes the fields in this menu Menu 3 5 Wireless LAN Setup ESSID Wireless Hide ESSID No Channel ID CH06 2437MHz RTS Threshold 2432 Frag Threshold 2432 WEP Disable...

Страница 317: ...rovides data encryption to prevent wireless stations from accessing data transmitted over the wireless network Select Disable allows wireless stations to communicate with the access points without any...

Страница 318: ...00 00 00 00 11 00 00 00 00 00 00 23 00 00 00 00 00 00 12 00 00 00 00 00 00 24 00 00 00 00 00 00 Enter here to CONFIRM or ESC to CANCEL Table 112 Menu 3 5 1 WLAN MAC Address Filtering FIELD DESCRIPTION...

Страница 319: ...Prestige 662HW Series User s Guide 319 Chapter 29 Wireless LAN Setup...

Страница 320: ...olicy defined by the network administrator Policy based routing is applied to incoming packets on a per interface basis prior to the normal routing Create policies using SMT menu 25 see Chapter 43 IP...

Страница 321: ...the second and third network Figure 161 Menu 3 2 TCP IP and DHCP Setup Pressing ENTER displays Menu 3 2 1 IP Alias Setup as shown next Menu 3 2 TCP IP and DHCP Setup DHCP Setup DHCP Server Client IP...

Страница 322: ...IELD DESCRIPTION IP Alias Choose Yes to configure the LAN network for the Prestige IP Address Enter the IP address of your Prestige in dotted decimal notation IP Subnet Mask Your Prestige will automat...

Страница 323: ...Encapsulation Gateway IP address if you are using ENET ENCAP encapsulation From the main menu type 4 to display Menu 4 Internet Access Setup as shown next Figure 164 Menu 4 Internet Access Setup The...

Страница 324: ...fic source that can be sent at the peak rate and a parameter for burst traffic Type the SCR it must be less than the PCR Maximum Burst Size MBS 0 Refers to the maximum number of cells that can be sent...

Страница 325: ...Prestige 662HW Series User s Guide 325 Chapter 30 Internet Access...

Страница 326: ...s you are configuring one of the remote nodes You first choose a remote node in Menu 11 Remote Node Setup You can then edit that node s profile in menu 11 1 as well as configure specific settings in t...

Страница 327: ...ion Here are some examples of more suitable combinations in such an application 31 2 2 1 Scenario 1 One VC Multiple Protocols PPPoA RFC 2364 encapsulation with VC based multiplexing is the best combin...

Страница 328: ...u 11 Encapsulation PPPoA refers to RFC 2364 PPP Encapsulation over ATM Adaptation Layer 5 If RFC 1483 Multiprotocol Encapsulation over ATM Adaptation Layer 5 of ENET ENCAP are selected then the Rem Lo...

Страница 329: ...press ENTER to display Menu 11 8 Advance Setup Options Telco Option Allocated Budget min This sets a ceiling for outgoing call time for this remote node The default for this field is 0 meaning no bud...

Страница 330: ...CEL Table 116 Menu 11 3 Remote Node Network Layer Options FIELD DESCRIPTION IP Address Assignment Press SPACE BAR and then ENTER to select Dynamic if the remote node is using a dynamically assigned IP...

Страница 331: ...of 1 for directly connected networks Type a number that approximates the cost for this link The number need not be precise but it must be between 1 and 15 In practice 2 or 3 is usually a good number P...

Страница 332: ...mote Node Filter to specify the filter set s to apply to the incoming and outgoing traffic between this remote node and the Prestige and also to prevent certain packets from triggering calls You can s...

Страница 333: ...stige depending on whether you chose VC based LLC based multiplexing and PPP encapsulation in menu 11 1 31 5 1 VC based Multiplexing non PPP Encapsulation For VC based multiplexing by prior agreement...

Страница 334: ...the VCI is 32 to 65535 1 to 31 is reserved for local management of ATM traffic 31 5 3 Advance Setup Options In menu 11 1 select PPPoE in the Encapsulation field Menu 11 6 Remote Node ATM Layer Options...

Страница 335: ...onfirm or ESC to Cancel Menu 11 8 Advance Setup Options PPPoE pass through No Press ENTER to Confirm or ESC to Cancel Table 117 Menu 11 8 Advance Setup Options FIELD DESCRIPTION PPPoE pass through Pre...

Страница 336: ...Each remote node specifies only the network to which the gateway is directly connected and the Prestige has no knowledge of the networks beyond For instance the Prestige knows about network N2 in the...

Страница 337: ...Static Route Menu 12 Static Route Setup 1 IP Static Route 3 Bridge Static Route Please enter selection Menu 12 1 IP Static Route Setup 1 ________ 2 ________ 3 ________ 4 ________ 5 ________ 6 ________...

Страница 338: ...ss and Subnet Mask section in this manual Gateway IP Address Type the IP address of the gateway The gateway is a router or switch on the same network segment as the device s LAN or WAN port The gatewa...

Страница 339: ...Prestige 662HW Series User s Guide 339 Chapter 32 Static Route Setup...

Страница 340: ...er protocol and it also demands more CPU cycles and memory For efficiency reasons do not turn on bridging unless you need to support protocols other than IP on your network For IP enable the routing i...

Страница 341: ...ilter Sets No Idle Timeout sec N A Press ENTER to Confirm or ESC to Cancel Menu 11 3 Remote Node Network Layer Options IP Options Bridge Options IP Address Assignment Static Ethernet Addr Timeout min...

Страница 342: ...Cancel Table 120 Menu 12 3 1 Edit Bridge Static Route FIELD DESCRIPTION Route This is the route index number you typed in Menu 12 3 Bridge Static Route Setup Route Name Type a name for the bridge stat...

Страница 343: ...Prestige 662HW Series User s Guide 343 Chapter 33 Bridging Setup...

Страница 344: ...ports two types of mapping Many to One and Server See the NAT Setup section or a detailed description of the NAT set for SUA The Prestige also supports Full Feature NAT to map multiple global IP addre...

Страница 345: ...options for Network Address Translation Menu 4 Internet Access Setup ISP s Name MyISP Encapsulation RFC 1483 Multiplexing LLC based VPI 8 VCI 35 ATM QoS Type UBR Peak Cell Rate PCR 0 Sustain Cell Rat...

Страница 346: ...web configurator screens for further information on these menus To configure NAT enter 15 from the main menu to bring up the following screen Figure 184 Menu 15 NAT Setup 34 3 1 Address Mapping Sets...

Страница 347: ...election Number Menu 15 1 255 Address Mapping Rules Set Name Idx Local Start IP Local End IP Global Start IP Global End IP Type 1 0 0 0 0 255 255 255 255 0 0 0 0 M 1 2 0 0 0 0 Server 3 4 5 6 7 8 9 10...

Страница 348: ...u 15 1 1 1 described later and the values are displayed here Global Start IP This is the starting global IP address IGA If you have a dynamic IP enter 0 0 0 0 as the Global Start IP Global End IP This...

Страница 349: ...including deleting a rule No changes to the set take place until this action is taken Selecting Edit in the Action field and then selecting a rule brings up the following menu Menu 15 1 1 1 Address M...

Страница 350: ...multiple servers of different types behind NAT to this computer See section 27 5 3 for an example Local IP Only local IP fields are N A for server Global IP fields MUST be set for Server Start This is...

Страница 351: ...acting as an FTP Telnet and SMTP server ports 21 23 and 25 at 192 168 1 33 6 Press ENTER at the Press ENTER to confirm prompt to save your configuration after you define all the servers or press ESC a...

Страница 352: ...Behind NAT Example 34 5 General NAT Examples The following are some examples of NAT configuration 34 5 1 Example 1 Internet Access Only In the following Internet access example you only need one rule...

Страница 353: ...Network Address Translation field in menus 4 and 11 3 is specifically pre configured to handle this case 34 5 2 Example 2 Internet Access with an Inside Server Menu 4 Internet Access Setup ISP s Name...

Страница 354: ...ervers to the first two IGAs and the other LAN traffic to the remaining IGA Map the third IGA to an inside web server and mail server Four rules need to be configured two bi directional and two unidir...

Страница 355: ...l Feature option from the Network Address Translation field in menu 4 or menu 11 3 in Figure 197 1 Enter 15 from the main menu 2 Enter 1 to configure the Address Mapping Sets 3 Enter 1 to begin config...

Страница 356: ...ons IP Address Assignment Static Ethernet Addr Timeout min 0 Rem IP Addr 0 0 0 0 Rem Subnet Mask 0 0 0 0 My WAN Addr 0 0 0 0 NAT Full Feature Address Mapping Set 2 Metric 2 Private No RIP Direction Bo...

Страница 357: ...r 2 in Menu 15 NAT Setup 3 Enter 1 in Menu 15 2 NAT Server Sets to see the following menu Configure it as shown Menu 15 1 1 Address Mapping Rules Set Name Example3 Idx Local Start IP Local End IP Glob...

Страница 358: ...Figure 201 NAT Example 4 Other applications such as some gaming programs are NAT unfriendly because they embed addressing information in the data stream These applications won t work through NAT even...

Страница 359: ...g Rules Menu 15 1 1 1 Address Mapping Rule Type Many to Many No Overload Local IP Start 192 168 1 10 End 192 168 1 12 Global IP Start 10 132 50 1 End 10 132 50 3 Server Mapping Set N A Press ENTER to...

Страница 360: ...by far the most comprehensive firewall configuration tool your Prestige has to offer For this reason it is recommended that you configure your firewall using the web configurator see the following cha...

Страница 361: ...S attacks when it is active The default Policy sets 1 allow all sessions originating from the LAN to the WAN and 2 deny all sessions originating from the WAN to the LAN You may define additional Polic...

Страница 362: ...ring Call filters are divided into two groups the built in call filters and user defined call filters Your Prestige has built in call filters that prevent administrative for example RIP packets from t...

Страница 363: ...ribe how to configure filter sets 36 1 1 The Filter Structure of the Prestige A filter set consists of one or more filter rules Usually you would group related rules for example all the rules for NetB...

Страница 364: ...in menu 21 1 Figure 208 NetBIOS_WAN Filter Rules Summary Menu 21 1 Filter Set Configuration Filter Filter Set Comments Set Comments 1 _______________ 7 _______________ 2 _______________ 8 ____________...

Страница 365: ...ff Value 01005e N D F 2 N 3 N 4 N 5 N 6 N Enter Filter Rule Number 1 6 to Configure Table 125 Abbreviations Used in the Filter Rules Summary Menu FIELD DESCRIPTION The filter rule number 1 to 6 A Acti...

Страница 366: ...of a filter set is determined by the first rule that you create When applying the filter sets to a port separate menu fields are provided for protocol and device filter sets If you include a protocol...

Страница 367: ...TER to Confirm or ESC to Cancel Table 127 Menu 21 1 x 1 TCP IP Filter Rule FIELD DESCRIPTION Filter This is the filter set filter rule coordinates for instance 2 3 refers to the second filter set and...

Страница 368: ...es only when the IP Protocol field is 6 TCP If Yes the rule matches packets that want to establish TCP connection s SYN 1 and ACK 0 else it is ignored More If Yes a matching packet is passed to the ne...

Страница 369: ...lies the Mask bit wise ANDing to the data portion before comparing the result against the Value to determine a match The Mask and Value fields are specified in hexadecimal numbers Note that it takes t...

Страница 370: ...d below each type will be different Choices are Generic Filter Rule or TCP IP Filter Rule Active Select Yes to turn on or No to turn off the filter rule Offset Type the starting byte of the data porti...

Страница 371: ...er NAT for incoming packets On the other hand the generic or device filters are applied to the raw packets that appear on the wire They are applied at the point where the Prestige is receiving and sen...

Страница 372: ...ule Make the entries in this menu as shown next When you press ENTER to confirm the following screen appears Note that there is only one filter rule in this set Figure 216 Menu 21 1 6 1 Sample Filter...

Страница 373: ...er Rules Summary 36 7 Applying Filters and Factory Defaults This section shows you where to apply the filter s after you design it them Sets of factory default filter rules have been configured in men...

Страница 374: ...ffic 36 7 2 Remote Node Filters Go to menu 11 5 shown next and type the number s of the filter set s as appropriate You can cascade up to four filter sets by typing their numbers separated by commas T...

Страница 375: ...Prestige 662HW Series User s Guide 375 Chapter 36 Filter Configuration...

Страница 376: ...network The Prestige supports SNMP version one SNMPv1 and version two c SNMPv2c The next figure illustrates an SNMP management operation SNMP is only available if TCP IP is configured Figure 220 SNMP...

Страница 377: ...etrieve an object variable from the agent GetNext Allows the manager to retrieve the next object variable from a table or list within an agent In SNMPv1 when a manager wants to retrieve all elements o...

Страница 378: ...ent station Trusted Host If you enter a trusted host your Prestige will only respond to SNMP messages from this address A blank default field means your Prestige will respond to all SNMP messages it r...

Страница 379: ...d 6 whyReboot defined in ZYXEL MIB A trap is sent with the reason of restart before rebooting when the system is going to restart warm start 6a For intentional reboot A trap is sent with the message S...

Страница 380: ...f you forget your password you have to restore the default configuration file Refer to the Changing the System Password section and the Resetting the Prestige section for information Figure 222 Menu 2...

Страница 381: ...on Shared Secret Specify a password up to 31 alphanumeric characters as the key to be shared between the external authentication server and the access points The key is not sent over the network This...

Страница 382: ...stem Security IEEE802 1x Figure 226 Menu 23 4 System Security IEEE802 1x The following table describes the fields in this menu Menu 23 System Security 1 Change Password 2 RADIUS Server 4 IEEE802 1x En...

Страница 383: ...mic WEP Key Exchange This field is activated only when you select Authentication Required in the Wireless Port Control field Also set the Authentication Databases field to RADIUS Only Local user datab...

Страница 384: ...base with 802 1x Key Management Protocol Select Local User Database Only to have the Prestige just check the built in user database on the Prestige for a wireless station s username and password Selec...

Страница 385: ...22 ________ 30 ________ 7 ________ 15 ________ 23 ________ 31 ________ 8 ________ 16 ________ 24 ________ 32 ________ Enter Menu Selection Number Menu 14 1 Edit Dial in User User Name test Active Yes...

Страница 386: ...wn in the following figure Figure 229 Menu 24 System Maintenance 39 2 System Status The first selection System Status gives you information on the status and statistics of the ports as shown next Syst...

Страница 387: ...6 N A 0 0 0 0 0 0 00 00 7 N A 0 0 0 0 0 0 00 00 My WAN IP from ISP 0 0 0 0 Ethernet WAN Status Tx Pkts 528 Line Status Down Collisions 0 Rx Pkts 505 Upstream Speed 0 kbps CPU Load 2 12 Downstream Spee...

Страница 388: ...2 to display the screen shown next Rx Pkts This is the number of received packets from the LAN Collision This is the number of collisions WAN This shows statistics for the WAN Line Status This shows t...

Страница 389: ...Mask 255 255 255 0 DHCP Server Press ESC or RETURN to Exit Table 137 Menu 24 2 1 System Maintenance Information FIELD DESCRIPTION Name Displays the system name of your Prestige This information can b...

Страница 390: ...mething goes wrong is the error log Follow the procedures to view the local error trace log 1 Type 24 in the main menu to display Menu 24 System Maintenance 2 From menu 24 type 3 to display Menu 24 3...

Страница 391: ...task pause 1 day 57 Sat Jan 01 00 00 03 2000 PP21 INFO monitoring WAN connectivity 58 Sat Jan 01 00 03 06 2000 PP19 INFO SMT Password pass 59 Sat Jan 01 00 03 06 2000 PP01 INFO SMT Session Begin 60 Sa...

Страница 392: ...02 OutCall Connected 64000 40002 Jul 19 11 20 06 192 168 102 2 ZYXEL board 0 line 0 channel 0 call 1 C02 Call Terminated 2 Packet Triggered SdcmdSyslogSend SYSLOG_PKTTRI SYSLOG_NOTICE String String Pa...

Страница 393: ...55 192 168 102 2 ZYXEL IP Src 202 132 154 123 Dst 255 255 255 255 UDP spo 0208 dpo 0208 S03 R01mF Jul 19 14 44 00 192 168 102 2 ZYXEL IP Src 192 168 102 20 Dst 202 132 154 1 UDP spo 05d4 dpo 0035 S03...

Страница 394: ...ance Menu Diagnostic FIELD DESCRIPTION Reset xDSL Re initialize the xDSL link to the telephone company Ping Host Ping the host to see if the links and TCP IP protocol on both systems are working Reboo...

Страница 395: ...Prestige 662HW Series User s Guide 395 Chapter 39 System Information and Diagnosis...

Страница 396: ...name of your choosing ZyNOS ZyXEL Network Operating System sometimes referred to as the ras file is the system firmware and has a bin filename extension With many FTP and TFTP clients the filenames ar...

Страница 397: ...ommended once your Prestige is functioning properly FTP is the preferred methods for backing up your current configuration to your computer since they are faster Any serial communications program shou...

Страница 398: ...enames it config rom See earlier in this chapter for more information on filename conventions 7 Enter quit to exit the ftp prompt 40 2 3 Example of FTP Commands from the Command Line Menu 24 5 System...

Страница 399: ...le session running 331 Enter PASS command Password 230 Logged in ftp bin 200 Type I OK ftp get rom 0 zyxel rom 200 Port command okay 150 Opening data connection for STOR ras 226 File received OK ftp 1...

Страница 400: ...le transfer is complete 4 Launch the TFTP client on your computer and connect to the Prestige Set the transfer mode to binary before starting data transfer 5 Use the TFTP client see the example below...

Страница 401: ...en 3 Run the HyperTerminal program by clicking Transfer then Receive File as shown in the following screen Table 142 General Commands for GUI based TFTP Clients COMMAND DESCRIPTION Host Enter the IP a...

Страница 402: ...to restore unless you have a backup configuration file stored on disk FTP is the preferred method for restoring your current computer configuration to your Prestige since FTP is faster Please note th...

Страница 403: ...nd FTP over WAN Management Limitations section to read about configurations that disallow TFTP and FTP over WAN Menu 24 6 System Maintenance Restore Configuration To transfer the firmware and configur...

Страница 404: ...ted Figure 248 System Maintenance Starting Xmodem Download Screen 3 Run the HyperTerminal program by clicking Transfer then Send File as shown in the following screen Figure 249 Restore Configuration...

Страница 405: ...d System Firmware 40 4 2 Configuration File Upload You see the following screen when you telnet into menu 24 7 2 Save to ROM Hit any key to start system reboot Note Do not interrupt the file transfer...

Страница 406: ...fers the configuration file on the Prestige to your computer and renames it config rom See earlier in this chapter for more information on filename conventions 7 Enter quit to exit the ftp prompt The...

Страница 407: ...s address 2 Put the SMT in command interpreter CI mode by entering 8 in Menu 24 System Maintenance 3 Enter the command sys stdio 0 to disable the console timeout so the TFTP transfer will not be inter...

Страница 408: ...ended since FTP or TFTP is faster Any serial communications program should work fine however you must use the Xmodem protocol to perform the download upload 40 4 8 Uploading Firmware File Via Console...

Страница 409: ...l on your computer Follow the procedure as shown previously for the HyperTerminal program The procedure for other serial communications programs should be similar Menu 24 7 2 System Maintenance Upload...

Страница 410: ...410 3 Enter atgo to restart the Prestige 40 4 11 Example Xmodem Configuration Upload Using HyperTerminal Click Transfer then Send File to display the following screen Figure 257 Example Xmodem Upload...

Страница 411: ...Prestige 662HW Series User s Guide 411 Chapter 40 Firmware and Configuration File Maintenance...

Страница 412: ...rmation on CI commands Enter 8 from Menu 24 System Maintenance A list of valid commands can be found by typing help or at the command prompt Type exit to return to the SMT main menu when finished Figu...

Страница 413: ...ceeds the limit the current call will be dropped and any future outgoing calls will be blocked To access the call control menu select option 9 in menu 24 to go to Menu 24 9 System Maintenance Call Con...

Страница 414: ...or get the current time and date from an external server when you turn on your Prestige Menu 24 10 allows you to update the time and date settings of your Prestige The real time is then displayed in...

Страница 415: ...9 Current Date 2000 01 01 New Date yyyy mm dd 2000 01 01 Time Zone GMT Daylight Saving No Start Date mm dd 01 00 End Date mm dd 01 00 Press ENTER to Confirm or ESC to Cancel Table 144 Menu 24 10 Syste...

Страница 416: ...nly when you re enter this menu New Date Enter the new date in year month and day format Time Zone Press SPACE BAR and then ENTER to set the time difference between your time zone and Greenwich Mean T...

Страница 417: ...Prestige 662HW Series User s Guide 417 Chapter 41 System Maintenance...

Страница 418: ...configuring firewall rules 42 2 Remote Management To disable remote management of a service select Disable in the corresponding Server Access field Enter 11 from menu 24 to display Menu 24 11 Remote...

Страница 419: ...s LAN only Secured Client IP 0 0 0 0 FTP Server Server Port 21 Server Access LAN only Secured Client IP 0 0 0 0 Web Server Server Port 80 Server Access LAN only Secured Client IP 0 0 0 0 Press ENTER t...

Страница 420: ...dress when configuring from the LAN 42 4 System Timeout There is a default system management idle timeout of five minutes three hundred seconds The Prestige automatically logs you out if the managemen...

Страница 421: ...Prestige 662HW Series User s Guide 421 Chapter 42 Remote Management...

Страница 422: ...ecedence or TOS Type of Service values in the IP header at the periphery of the network to enable the backbone to prioritize traffic Cost Savings IPPR allows organizations to distribute interactive tr...

Страница 423: ...e main menu to open Menu 25 IP Routing Policy Setup 2 Type the index of the policy set you want to configure to open Menu 25 1 IP Routing Policy Setup Menu 25 1 shows the summary of a policy set inclu...

Страница 424: ...__________________________________________________________ __________________________________________________________________________ 5 N ______________________________________________________________...

Страница 425: ...ies are displayed with a minus sign in SMT menu 25 Criteria IP Protocol IP layer 4 protocol for example UDP TCP ICMP etc Type of Service Prioritize incoming network traffic by choosing from Don t Care...

Страница 426: ...he LAN otherwise the gateway must be the IP address of a remote node The default gateway is specified as 0 0 0 0 Type of Service Set the new TOS value of the outgoing packet Prioritize incoming networ...

Страница 427: ...e default IP route and route 2 represents the configured IP route Menu 3 2 TCP IP and DHCP Setup DHCP Setup DHCP Server Client IP Pool Starting Address 192 168 1 33 Size of Client IP Pool 32 Primary D...

Страница 428: ...shown next Figure 271 IP Routing Policy Example 1 Check Menu 25 1 IP Routing Policy Setup to see if the rule is added correctly 2 Create another policy set in menu 25 Menu 25 1 1 IP Routing Policy Po...

Страница 429: ...l 6 Type of Service Don t Care Precedence Don t Care Source addr start 0 0 0 0 port start 0 Destination addr start 0 0 0 0 port start 20 Action Matched Gateway addr 192 168 1 100 Type of Service No Ch...

Страница 430: ...take precedence over higher numbered sets thereby avoiding scheduling conflicts For example if sets 1 2 3 and 4 in are applied in the remote node then set 1 will take precedence over set 2 3 and 4 as...

Страница 431: ...Yes or No Choose Yes and press ENTER to activate the schedule set Start Date Enter the start date when you wish the set to take effect in year month date format Valid dates are from the present to 20...

Страница 432: ...means that the connection is blocked whether or not there is a demand call on the line Enable Dial On Demand means that this schedule permits a demand call on the line Disable Dial On Demand means tha...

Страница 433: ...Prestige 662HW Series User s Guide 433 Chapter 44 Call Scheduling...

Страница 434: ...has these main submenus Define VPN policies in menu 27 1 submenus including security policies endpoint IP addresses peer IPSec router IP address and key management Menu 27 2 SA Monitor allows you to m...

Страница 435: ...Name A Local Addr Start Addr End Mask Encap IPSec Algorithm Key Mgt Remote Addr Start Addr End Mask Secure GW Addr 001 Taiwan Y 192 168 1 35 192 168 1 38 Tunnel ESP AES MD5 IKE 172 16 2 40 172 16 2 4...

Страница 436: ...strong integrity and authentication by adding authentication information to IP packets This authentication information is calculated using header and payload data in the IP packet This provides an add...

Страница 437: ...hoose the Edit Delete or Go To commands Select None and then press ENTER to go to the Press ENTER to Confirm prompt Use Edit to create or edit a rule Use Delete to remove a rule To edit or delete a ru...

Страница 438: ...ment Setup No Press ENTER to Confirm or ESC to Cancel Table 150 Menu 27 1 1 IPSec Setup FIELD DESCRIPTION Index This is the VPN rule index number you selected in the previous menu Name Enter a unique...

Страница 439: ...estige The Prestige uses its current WAN IP address static or dynamic in setting up the VPN tunnel if you leave this field as 0 0 0 0 The VPN tunnel has to be rebuilt if this IP address changes Peer I...

Страница 440: ...estige End Subnet Mask When the Addr Type field is configured to Single this field is N A When the Addr Type field is configured to Range enter the end static IP address in a range of computers on the...

Страница 441: ...nd the remote IPSec router cannot create a VPN tunnel when attempting to connect using a port number that does not match this port number or range of port numbers Some of the most common IP ports are...

Страница 442: ...pre shared key You will receive a PYLD_MALFORMED payload malformed packet if the same pre shared key is not used on both ends Encryption Algorithm The Prestige and the remote IPSec router generate an...

Страница 443: ...ress SPACE BAR to choose from NULL DES 3DES or AES and then press ENTER Select NULL to set up a tunnel without encryption Authentication Algorithm Press SPACE BAR to choose from SHA1 or MD5 and then p...

Страница 444: ...n you choose DES and fill in fields Key1 to Key3 when you choose 3DES Select NULL to set up a tunnel without encryption When you select NULL you do not enter any encryption keys Key1 Enter a unique ei...

Страница 445: ...able The key must be unique Enter 16 characters for MD5 authentication and 20 characters for SHA 1 authentication Any character may be used including spaces but trailing spaces are truncated When you...

Страница 446: ...se the Refresh function to display active VPN connections Use the Disconnect function to cut off active connections Type 2 in Menu 27 VPN IPSec Setup and then press ENTER to go to Menu 27 2 SA Monitor...

Страница 447: ...by the remote IP address as configured in Menu 27 1 1 IPSec Setup Individual connections using the same VPN rule may be terminated without affecting other connections using the same rule Encap This f...

Страница 448: ...ve VPN connections None allows you to jump to the Press ENTER to Confirm prompt Select Next Page or Previous Page to view the next or previous page of rules respectively Select Connection Type the VPN...

Страница 449: ...Prestige 662HW Series User s Guide 449 Chapter 46 SA Monitor...

Страница 450: ...rnal SPTGEN text files conform to the following format field identification number field name parameter values allowed input where input is your input conforming to parameter values allowed The figure...

Страница 451: ...Figure 285 Invalid Parameter Entered Command Line Example The Prestige will display the following if you enter parameter s that are valid Figure 286 Valid Parameter Entered Command Line Example 47 3...

Страница 452: ...SPTGEN FTP Upload Example c ftp 192 168 1 1 220 PPP FTP version 1 0 ready at Sat Jan 1 03 22 12 2000 User 192 168 1 1 none 331 Enter PASS command Password 230 Logged in ftp bin 200 Type I OK ftp get r...

Страница 453: ...Prestige 662HW Series User s Guide 453 Chapter 47 Internal SPTGEN...

Страница 454: ...e that the Prestige s power adaptor is connected to the Prestige and plugged in to an appropriate power source Check that the Prestige and the power source are both turned on Turn the Prestige off and...

Страница 455: ...ont panel are both off refer to the Problems with the LAN LED section Make sure that the IP address and the subnet mask of the Prestige and your computer s are on the same subnet I cannot ping any com...

Страница 456: ...using the same ESSID channel WEP keys if WEP encryption is activated and authentication method Internet connection disconnects Check the schedule rules Refer to the Call Scheduling chapter SMT If you...

Страница 457: ...agement and firewall for details Your computer s and the Prestige s IP addresses must be on the same subnet for LAN access If you changed the Prestige s LAN IP address then enter the new one as the UR...

Страница 458: ...flow control only use pins 2 3 and 5 Table 164 Console Dial Backup Port Pin Assignments CONSOLE PORT RS 232 FEMALE DB 9F DIAL BACKUP RS 232 MALE DB 9M Pin 1 NON Pin 2 DCE TXD Pin 3 DCE RXD Pin 4 DCE...

Страница 459: ...Prestige 662HW Series User s Guide 459 Appendix A Pin Assignments Figure 290 Ethernet Cable Pin Assignments...

Страница 460: ...s 3 1 requires the purchase of a third party TCP IP application package TCP IP should already be installed on computers using Windows NT 2000 XP Macintosh OS 7 and later operating systems After the ap...

Страница 461: ...for Microsoft Networks If you need the adapter 1 In the Network window click Add 2 Select Adapter and then click Add 3 Select the manufacturer and model of your network adapter and then click OK If y...

Страница 462: ...rk adapter s TCP IP entry and click Properties 2 Click the IP Address tab If your IP address is dynamic select Obtain an IP address automatically If you have a static IP address select Specify an IP a...

Страница 463: ...ck OK to save and close the TCP IP Properties window 6 Click OK to close the Network window Insert the Windows CD if prompted 7 Turn on your Prestige and restart your computer when prompted Verifying...

Страница 464: ...r Computer s IP Address 464 Figure 294 Windows XP Start Menu 2 For Windows XP click Network Connections For Windows 2000 NT click Network and Dial up Connections Figure 295 Windows XP Control Panel 3...

Страница 465: ...ork Connections Properties 4 Select Internet Protocol TCP IP under the General tab in Win XP and click Properties Figure 297 Windows XP Local Area Connection Properties 5 The Internet Protocol TCP IP...

Страница 466: ...re additional IP addresses In the IP Settings tab in IP addresses click Add In TCP IP Address type an IP address in IP address and a subnet mask in Subnet mask and then click Add Repeat the above two...

Страница 467: ...fields If you have previously configured DNS servers click Advanced and then the DNS tab to order them Figure 299 Windows XP Internet Protocol TCP IP Properties 8 Click OK to close the Internet Proto...

Страница 468: ...Setting up Your Computer s IP Address 468 Macintosh OS 8 9 1 Click the Apple menu Control Panel and double click TCP IP to open the TCP IP Control Panel Figure 300 Macintosh OS 8 9 Apple Menu 2 Selec...

Страница 469: ...Type your IP address in the IP Address box Type your subnet mask in the Subnet mask box Type the IP address of your Prestige in the Router address box 5 Close the TCP IP Control Panel 6 Click Save if...

Страница 470: ...t in Ethernet from the Show list Click the TCP IP tab 3 For dynamically assigned settings select Using DHCP from the Configure list Figure 303 Macintosh OS X Network 4 For statically assigned settings...

Страница 471: ...Guide 471 Appendix B Setting up Your Computer s IP Address 5 Click Apply Now and close the window 6 Turn on your Prestige and restart your computer if prompted Verifying Settings Check your TCP IP pro...

Страница 472: ...address the first two octets make up the network number and the two remaining octets make up the host ID Class C addresses begin starting from the left with 1 1 0 In a class C address the first three...

Страница 473: ...the host ID Subnet masks are expressed in dotted decimal notation just as IP addresses are The natural masks for class A B and C IP addresses are as follows Subnetting With subnetting the class arran...

Страница 474: ...mask Normally if no mask is specified it is understood that the natural mask is being used Example Two Subnets As an example you have a class C address 192 168 1 0 with subnet mask of 255 255 255 0 Th...

Страница 475: ...192 168 1 1 and the highest is 192 168 1 126 Similarly the host ID range for the second subnet is 192 168 1 129 to 192 168 1 254 Note In the following charts shaded bold last octet bit values indicate...

Страница 476: ...68 1 0 IP Address Binary 11000000 10101000 00000001 00000000 Subnet Mask Binary 11111111 11111111 11111111 11000000 Subnet Address 192 168 1 0 Lowest Host ID 192 168 1 1 Broadcast Address 192 168 1 63...

Страница 477: ...1111 11111111 11111111 11000000 Subnet Address 192 168 1 192 Lowest Host ID 192 168 1 193 Broadcast Address 192 168 1 255 Highest Host ID 192 168 1 254 Table 176 Eight Subnets SUBNET SUBNET ADDRESS FI...

Страница 478: ...ubnetting The following table is a summary for class B subnet planning Table 178 Class B Subnet Planning NO BORROWED HOST BITS SUBNET MASK NO SUBNETS NO HOSTS PER SUBNET 1 255 255 128 0 17 2 32766 2 2...

Страница 479: ...Prestige 662HW Series User s Guide 479 Appendix C IP Subnetting...

Страница 480: ...a manner similar to dial up services using PPP Benefits of PPPoE PPPoE offers the following benefits It provides you with a familiar dial up networking DUN user interface It lessens the burden on the...

Страница 481: ...ccess Concentrator and tunnels the PPP frames to the ISP The L2TP tunnel is capable of carrying multiple PPP sessions With PPPoE the VC Virtual Circuit is equivalent to the dial up connection and is b...

Страница 482: ...nference room users access to the network as they move from meeting to meeting getting up to date access to information and the ability to communicate decisions while on the go It provides campus wide...

Страница 483: ...unication in an Ad hoc Network Infrastructure Wireless LAN Configuration For Infrastructure WLANs multiple Access Points APs link the WLAN to the wired network and allow users to efficiently share net...

Страница 484: ...Prestige 662HW Series User s Guide Appendix E Wireless LAN and IEEE 802 11 484 Figure 307 ESS Provides Campus Wide Coverage...

Страница 485: ...Prestige 662HW Series User s Guide 485 Appendix E Wireless LAN and IEEE 802 11...

Страница 486: ...802 11b standard does not provide any central user account management User access control is done through manual modification of the MAC address table on the access point Although WEP data encryption...

Страница 487: ...less LAN With IEEE 802 1x RADIUS Server Authentication Sequence The following figure depicts a typical wireless network with a remote RADIUS server for user authentication using EAPOL EAP Over LAN Fig...

Страница 488: ...authentication method does not support data encryption with dynamic session key You must configure WEP encryption keys for data encryption EAP TLS Transport Layer Security With EAP TLS digital certif...

Страница 489: ...ison of EAP Authentication Types EAP MD5 EAP TLS EAP TTLS PEAP LEAP Mutual Authentication No Yes Yes Yes Yes Certificate Client No Yes Optional Optional No Certificate Server No Yes Yes Yes No Dynamic...

Страница 490: ...ets between two Ethernet devices Some companies have more than one alternate route to one or more ISPs If the LAN and ISP s are in the same subnet the triangle route problem may occur The steps below...

Страница 491: ...must pass through the Prestige to your LAN The following steps describe such a scenario 1 A computer on the LAN initiates a connection by sending a SYN packet to a receiving server on the WAN 2 The Pr...

Страница 492: ...Prestige 662HW Series User s Guide Appendix H Triangle Route 492...

Страница 493: ...Prestige 662HW Series User s Guide 493 Appendix H Triangle Route...

Страница 494: ...tivate device specific feature s myZyXEL com Account Login 1 Go to myZeXEL com using your web browser 2 Create a new account if you don t have one already with a user name and password by filling in a...

Страница 495: ...ave created a myZyXEL com account log in and register your ZyXEL device by clicking the hyperlink as shown in the next screen Note You are automatically logged out of your myZyXEL com account after fi...

Страница 496: ...al number in the Serial Number field 4 Your device category and model number automicatically display in the Category and Model fields respectively Otherwise select the correct ones from the drop down...

Страница 497: ...w Product 8 Specify the purchase information and click Continue Figure 317 Product Survey 9 Click Continue again 10After you have registered your ZyXEL device you can view its registration details in...

Страница 498: ...n see Figure 318 for your registered ZyXEL device click My Product and the link for your ZyXEL device 2 Click Activate for the corresponding service to display the next screen Figure 319 Service Activ...

Страница 499: ...endix I myZyXEL com Congratulations You have successfully registered your ZyXEL device and activated a service at myZyXEL com Note You must then activate the service s on your ZyXEL device via its web...

Страница 500: ...systems only For Windows 98 Me you must open the WinPopup window in order to view real time alert messages Click Start Run and enter winpopup in the field provided and click OK The WinPopup window di...

Страница 501: ...Packet Scan Message Display Figure 322 Windows 98 Task Bar Properties 3 Double click Programs and click StartUp Figure 323 Windows 98 StartUp 4 Right click in the StartUp pane and click New Shortcut...

Страница 502: ...acket Scan Message Display 502 Figure 324 Windows 98 Startup Create Shortcut 6 Accept the default or specify a name for the shortcut and click Finish Figure 325 Windows 98 Startup Select a Title for t...

Страница 503: ...s User s Guide 503 Appendix J Windows 98 Me Requirements for Anti Virus Packet Scan Message Display Figure 326 Windows 98 Startup Shortcut Note The WinPopup window displays after the computer finishes...

Страница 504: ...An example of what you may enter Applies to the Prestige Table 182 Menu 1 General Setup SMT Menu 1 Menu 1 General Setup SMT Menu 1 FIN FN PVA INPUT 10000000 Configured 0 No 1 Yes 0 10000001 System Nam...

Страница 505: ...1 Server 2 Relay 0 30200002 Client IP Pool Starting Address 192 168 1 33 30200003 Size of Client IP Pool 32 30200004 Primary DNS Server 0 0 0 0 30200005 Secondary DNS Server 0 0 0 0 30200006 Remote D...

Страница 506: ...30201012 IP Alias 1 Outgoing protocol filters Set 3 256 30201013 IP Alias 1 Outgoing protocol filters Set 4 256 30201014 IP Alias 2 0 No 1 Yes 0 30201015 IP Address 0 0 0 0 30201016 IP Subnet Mask 0 3...

Страница 507: ...2432 30500005 FRAG Threshold 256 2432 2432 30500006 WEP 0 DISABLE 1 64 bit WEP 2 128 bit WEP 0 30500007 Default Key 1 2 3 4 0 30500008 WEP Key1 30500009 WEP Key2 30500010 WEP Key3 30500011 WEP Key4 ME...

Страница 508: ...st pqa 40000010 My Password Str 1234 40000011 Single User Account 0 No 1 Yes 1 40000012 IP Address Assignment 0 Static 1 D ynamic 1 40000013 IP Address 0 0 0 0 40000014 Remote IP address 0 0 0 0 40000...

Страница 509: ...Yes 0 120101003 IP Static Route set 1 Destination IP address 0 0 0 0 120101004 IP Static Route set 1 Destination IP subnetmask 0 120101005 IP Static Route set 1 Gateway 0 0 0 0 120101006 IP Static Ro...

Страница 510: ...P Static Route set 4 Private 0 No 1 Yes 0 Menu 12 1 5 IP Static Route Setup SMT Menu 12 1 5 FIN FN PVA INPUT 120105001 IP Static Route set 5 Name Str 120105002 IP Static Route set 5 Active 0 No 1 Yes...

Страница 511: ...oute set 8 Gateway 0 0 0 0 120108006 IP Static Route set 8 Metric 0 120108007 IP Static Route set 8 Private 0 No 1 Yes 0 Menu 12 1 9 IP Static Route Setup SMT Menu 12 1 9 FIN FN PVA INPUT 120109001 IP...

Страница 512: ...Route set 12 Destination IP address 0 0 0 0 120112004 IP Static Route set 12 Destination IP subnetmask 0 120112005 IP Static Route set 12 Gateway 0 0 0 0 120112006 IP Static Route set 12 Metric 0 120...

Страница 513: ...tic Route set 15 Private 0 No 1 Yes 0 Menu 12 1 16 IP Static Route Setup SMT Menu 12 1 16 FIN FN PVA INPUT 120116001 IP Static Route set 16 Name Str 120116002 IP Static Route set 16 Active 0 No 1 Yes...

Страница 514: ...Local IP address 0 0 0 0 150000022 SUA Server 6 Active 0 No 1 Yes 0 0 150000023 SUA Server 6 Protocol 0 All 6 TCP 17 U DP 0 150000024 SUA Server 6 Port Start 0 150000025 SUA Server 6 Port End 0 150000...

Страница 515: ...t Start 0 150000055 SUA Server 12 Port End 0 150000056 SUA Server 12 Local IP address 0 0 0 0 Menu 21 Filter set 1 SMT Menu 21 FIN FN PVA INPUT 210100001 Filter Set 1 Name Str Table 186 Menu 15 SUA Se...

Страница 516: ...IP Filter Set 1 Rule 2 Dest Port Comp 0 none 1 equal 2 not equal 3 less 4 greater 1 210102008 IP Filter Set 1 Rule 2 Src IP address 0 0 0 0 210102009 IP Filter Set 1 Rule 2 Src Subnet Mask 0 210102010...

Страница 517: ...ilter Set 1 Rule 4 Active 0 No 1 Yes 1 210104003 IP Filter Set 1 Rule 4 Protocol 17 210104004 IP Filter Set 1 Rule 4 Dest IP address 0 0 0 0 210104005 IP Filter Set 1 Rule 4 Dest Subnet Mask 0 2101040...

Страница 518: ...Set 1 Rule 5 Act Match 1 check next 2 forward 3 drop 3 210105014 IP Filter Set 1 Rule 5 Act Not Match 1 Check Next 2 Forward 3 Dro p 1 Menu 21 1 1 6 set 1 rule 6 SMT Menu 21 1 1 6 FIN FN PVA INPUT 210...

Страница 519: ...ule 1 Active 0 No 1 Yes 1 210201003 IP Filter Set 2 Rule 1 Protocol 6 210201004 IP Filter Set 2 Rule 1 Dest IP address 0 0 0 0 210201005 IP Filter Set 2 Rule 1 Dest Subnet Mask 0 210201006 IP Filter S...

Страница 520: ...p 0 none 1 equal 2 not equal 3 less 4 gr eater 0 210202013 IP Filter Set 2 Rule 2 Act Match 1 check next 2 forward 3 drop 3 210202014 IP Filter Set 2 Rule 2 Act Not Match 1 check next 2 forward 3 drop...

Страница 521: ...4 Dest Subnet Mask 0 210204006 IP Filter Set 2 Rule 4 Dest Port 137 210204007 IP Filter Set 2 Rule 4 Dest Port Comp 0 none 1 equal 2 not equal 3 less 4 gr eater 1 210204008 IP Filter Set 2 Rule 4 Src...

Страница 522: ...210205014 IP Filter Set 2 Rule 5 Act Not Match 1 check next 2 forward 3 drop 1 Menu 21 1 2 6 Filter set 2 rule 6 SMT Menu 21 1 2 5 FIN FN PVA INPUT 210206001 IP Filter Set 2 Rule 6 Type 0 none 2 TCP I...

Страница 523: ...hared Secret 111111111111 111 111111111111 1111 230200006 Accounting Server Configured 0 No 1 Yes 1 230200007 Accounting Server Active 0 No 1 Yes 1 230200008 Accounting Server IP Address 192 168 1 44...

Страница 524: ...ed IP address 0 0 0 0 241100007 WEB Server Port 80 241100008 WEB Server Access 0 all 1 none 2 L an 3 Wan 0 241100009 WEB Server Secured IP address 0 0 0 0 Table 188 Menu 21 1 Filer Set 2 SMT Menu 21 1...

Страница 525: ...Prestige 662HW Series User s Guide 525 Appendix K Example Internal SPTGEN Screens...

Страница 526: ...the command keywords exactly as shown do not abbreviate The required fields in a command are enclosed in angle brackets The optional fields in a command are enclosed in square brackets The symbol mea...

Страница 527: ...Prestige 662HW Series User s Guide 527 Appendix L Command Interpreter...

Страница 528: ...es disables the firewall cnt disp Displays the firewall log type and count clear Clears the firewall log count pktdump Dumps the last 64 bytes of packets that the firewall has dropped dynamicrule disp...

Страница 529: ...Prestige 662HW Series User s Guide 529 Appendix M Firewall Commands...

Страница 530: ...g of NetBIOS packets from the LAN to the WAN and from the WAN to the LAN Allow or disallow the sending of NetBIOS packets from the LAN to the DMZ and from the DMZ to the LAN Allow or disallow the send...

Страница 531: ...Trigger dial This field displays whether NetBIOS packets are allowed to initiate calls Disabled means that NetBIOS packets are blocked from initiating calls Disabled type Identify which NetBIOS filter...

Страница 532: ...ies User s Guide Appendix N NetBIOS Filter Commands 532 sys filter netbios config 3 on This command blocks IPSec NetBIOS packets sys filter netbios config 4 off This command stops NetBIOS commands fro...

Страница 533: ...Prestige 662HW Series User s Guide 533 Appendix N NetBIOS Filter Commands...

Страница 534: ...ion to block all access attempts for five minutes after the third time an incorrect password is entered Table 192 Brute Force Password Guessing Protection Commands COMMAND DESCRIPTION sys pwderrtm Thi...

Страница 535: ...Prestige 662HW Series User s Guide 535 Appendix O Brute Force Password Guessing Protection...

Страница 536: ...e Prestige boot module commands as shown in the next screen ATBAx allows you to change the console port speed The x denotes the number preceding the colon to give the console port speed following the...

Страница 537: ...ATDUx y dump memory contents from address x for length y ATRBx display the 8 bit value of address x ATRWx display the 16 bit value of address x ATRLx display the 32 bit value of address x ATGO x run...

Страница 538: ...Successful TELNET login Someone has logged on to the router via telnet TELNET login failed Someone has failed to log on to the router via telnet Successful FTP login Someone has logged on to the route...

Страница 539: ...etBIOS filter settings WAN connection is down A WAN connection is down You cannot access the network through this interface Table 195 Access Control Logs LOG MESSAGE DESCRIPTION Firewall default polic...

Страница 540: ...eset packet when the number of incomplete connections TCP and UDP exceeded the user configured threshold Incomplete count is for all TCP and UDP connections through the firewall Note When the number o...

Страница 541: ...le board 0 line 0 channel 0 call 3 C01 Outgoing Call dev 6 ch 0 Means the router has dialed to the PPPoE server 3 times board d line d channel d call d s C02 OutCall Connected d s The PPPoE PPTP or di...

Страница 542: ...filter server responded that the web site is in the blocked category list and returned the category type s cache hit The system detected that the web site is in the blocked list from the local cache b...

Страница 543: ...nd code details see Table 208 syn flood TCP The firewall detected a TCP syn flood attack ports scan TCP The firewall detected a TCP port scan attack teardrop TCP The firewall detected a TCP teardrop a...

Страница 544: ...on failed during IKE phase 2 because the router and the peer s Local Remote Addresses don t match Verifying Local ID failed The connection failed during IKE phase 2 because the router and the peer s L...

Страница 545: ...router s Remote Address This information conflicted with static rule d thus the connection is not allowed Phase 1 ID type mismatch This router s Peer ID Type is different from the peer IPSec router s...

Страница 546: ...en the router and the peer Rule d Phase 2 encapsulation mismatch The listed rule s IKE phase 2 encapsulation did not match between the router and the peer Rule d Phase 2 pfs mismatch The listed rule s...

Страница 547: ...was not authenticated User logout because of session timeout expired The router logged out a user whose session expired User logout because of user deassociation The router logged out a user who ended...

Страница 548: ...WAN Prestige ACL set for packets traveling from the WAN to the WAN or the Prestige D to D Prestige DMZ to DMZ Prestige ACL set for packets traveling from the DMZ to the DM or the Prestige Table 208 I...

Страница 549: ...srcPort dst dstIP dstPort msg msg note note devID mac address last three numbers cat category This message is sent by the system RAS displays as the system name if you haven t configured one when the...

Страница 550: ...ories Example 3 Use sys logs category followed by a log category to display the parameters that are available for the category Figure 330 Displaying Log Parameters Example 4 Use sys logs category foll...

Страница 551: ...og category Use the sys logs clear command to erase all of the Prestige s logs Log Command Example This example shows how to set the Prestige to record the access logs and alerts and then view the res...

Страница 552: ...ions 333 Attack Alert 176 178 Attack Types 149 Authentication 328 329 Authentication Code 494 Authentication databases 104 authentication databases 384 Authentication Header 218 Authentication protoco...

Страница 553: ...on 185 Administrator Login 202 Application 184 configuration steps 184 Content Filtering Service 186 create user groups 185 Customize services 188 Diagnose 197 diagnose sequence 198 Idle Timeout 185 l...

Страница 554: ...ost Configuration Protocol 49 Dynamic Secure Gateway Address 220 Dynamic WEP key exchange 104 dynamic WEP key exchange 383 DYNDNS Wildcard 140 E EAP 92 97 98 EAP Authentication 488 MD5 488 TLS 488 TTL...

Страница 555: ...d error 294 Fragment Threshold 317 Fragmentation Threshold 92 Fragmentation threshold 92 Frame Relay 51 Frequency Hopping Spread Spectrum 482 FTP 132 246 419 Restrictions 419 FTP File Transfer 405 FTP...

Страница 556: ...422 IP Policy Routing IPPR 49 320 Applying an IP Policy 426 Ethernet IP Policies 426 Gateway 426 IP Pool Setup 69 IP Ports 440 441 IP Protocol 425 IP protocol 422 IP protocol type 173 IP Routing Polic...

Страница 557: ...duct Registration 496 service activation 498 myZyXEL com Account 494 N Nailed Up Connection 64 NAT 63 132 133 371 Address mapping rule 137 Application 130 Applying NAT in the SMT Menus 344 Configuring...

Страница 558: ...189 PSK 383 PVC Permanent Virtual Circuit 60 Q Quality of Service 422 Quick Start Guide 40 R Radio frequency 94 RADIUS 92 97 Configuring 109 Shared Secret Key 98 RADIUS Message Types 97 RADIUS Message...

Страница 559: ...re 204 Signature based 204 Signature based virus scan 204 Single User Account SUA 51 SMT Menu Overview 297 SMTP 132 SMTP Error Messages 267 Smurf 148 149 SNMP 132 133 Community 378 Configuration 377 G...

Страница 560: ...p 307 Traffic redirect 117 traffic redirect 47 Traffic shaping 113 Transmission Rates 45 Transport Layer Security 488 Transport Mode 215 Triangle 490 Triangle Route Solutions 491 Triple DES 3DES 442 T...

Страница 561: ...less LAN 316 482 Benefits 482 Configuring 93 Wireless LAN MAC Address Filtering 47 Wireless LAN Setup 316 Wireless port control 103 383 Wireless security 92 Wizard Setup 73 WLAN 482 Interference 90 Se...

Результаты поиска

Содержание P-662HW-63

Отзывы:

Похожие инструкции для P-662HW-63

Бренды по названию

Популярные бренды

ZyXEL Communications P-662HW-63, Руководство пользователя

Результаты поиска

Содержание P-662HW-63

Отзывы:

Похожие инструкции для P-662HW-63

Бренды по названию

Популярные бренды