ZyXEL Communications Prestige 2602HW Series Скачать руководство пользователя | Manualshive

Страница: 80 / 460

background image

Prestige 2602HW Series User’s Guide

80

Chapter 5 LAN Setup

5.7 Configuring Static DHCP

This table allows you to assign IP addresses on the LAN to specific individual computers
based on their MAC Addresses.

Every Ethernet device has a unique MAC (Media Access Control) address. The MAC address
is assigned at the factory and consists of six pairs of hexadecimal characters, for example,
00:A0:C5:00:00:02.

To change your Prestige’s static DHCP settings, click

LAN

, then the

Static DHCP

tab. The

screen appears as shown.

Figure 22

LAN: Static DHCP

The following table describes the labels in this screen.

Table 13

LAN: Static DHCP

LABEL

DESCRIPTION

#

This is the index number of the Static IP table entry (row).

MAC Address

Type the MAC address (with colons) of a computer on your LAN.

IP Address

This field specifies the size, or count of the IP address pool.

Back

Click

Back

to return to the previous screen.

Apply

Click

Apply

to save your changes back to the Prestige.

Cancel

Click

Cancel

to begin configuring this screen afresh.

«
...
78
79
80
81
82
...
»

Содержание Prestige 2602HW Series

Страница 1: ...Prestige 2602HW Series ADSL VoIP IAD with 802 11g Wireless User s Guide Version 3 40 August 2004...

Страница 2: ......

Страница 3: ...by ZyXEL Communications Corporation All rights reserved Disclaimer ZyXEL does not assume any liability arising out of the application or use of any products or software described herein Neither does i...

Страница 4: ...sed in accordance with the instructions may cause harmful interference to radio communications If this equipment does cause harmful interference to radio television reception which can be determined b...

Страница 5: ...of the purchaser This warranty is in lieu of all other warranties express or implied including any implied warranty of merchantability or fitness for a particular use or purpose ZyXEL shall in no eve...

Страница 6: ...de 49 2405 6909 0 www zyxel de ZyXEL Deutschland GmbH Adenauerstr 20 A2 D 52146 Wuerselen Germany sales zyxel de 49 2405 6909 99 FRANCE info zyxel fr 33 0 4 72 52 97 97 www zyxel fr ZyXEL France 1 rue...

Страница 7: ...42 1 3 Features of the Prestige 42 1 4 Applications for the Prestige 49 1 4 1 Internet Access 49 1 4 2 Making Calls via Internet Telephony Service Provider 50 1 4 3 Making Calls via IP PBX 50 1 4 4 Fi...

Страница 8: ...tion 60 3 2 1 3 IP Assignment with ENET ENCAP Encapsulation 60 3 2 1 4 Private IP Addresses 61 3 2 2 Nailed Up Connection PPP 61 3 2 3 NAT 61 3 2 4 Internet Access Wizard Setup Second Screen 61 3 2 5...

Страница 9: ...83 6 3 Data Encryption with WEP 84 6 4 Configuring Wireless LAN 84 6 5 Configuring MAC Filter 86 6 6 Network Authentication 88 6 6 1 EAP 88 6 6 1 1 RADIUS 88 6 6 1 2 Types of RADIUS Messages 88 6 6 2...

Страница 10: ...2 SUA Single User Account Versus NAT 116 8 3 SUA Server 117 8 3 1 Default Server IP Address 117 8 3 2 Port Forwarding Services and Port Numbers 117 8 3 3 Configuring Servers Behind SUA Example 118 8...

Страница 11: ...3 VLAN 135 10 5 QoS Configuration 135 10 6 Phone 136 10 6 1 Voice Activity Detection Silence Suppression 136 10 6 2 Comfort Noise Generation 137 10 6 3 Echo Cancellation 137 10 7 Phone Configuration...

Страница 12: ...ICMP Security 158 13 5 5 Upper Layer Protocols 158 13 6 Guidelines for Enhancing Security with Your Firewall 159 13 6 1 Security In General 159 13 7 Packet Filtering Vs Firewall 160 13 7 1 Packet Fil...

Страница 13: ...ing Keyword Blocking 185 15 3 Configuring the Schedule 186 15 4 Configuring Trusted Computers 187 Chapter 16 Remote Management Configuration 189 16 1 Remote Management Overview 189 16 1 1 Remote Manag...

Страница 14: ...reens 220 19 6 1 Diagnostic General Screen 220 19 6 2 Diagnostic DSL Line Screen 220 19 7 Firmware Screen 222 Chapter 20 Introducing the SMT 225 20 1 Introduction to the SMT 225 20 2 Accessing the SMT...

Страница 15: ...25 1 Internet Access Overview 249 25 2 IP Policies 249 25 3 IP Alias 249 25 4 IP Alias Setup 250 25 5 Route IP Setup 251 25 6 Internet Access Configuration 252 Chapter 26 Remote Node Configuration 25...

Страница 16: ...1 Address Mapping Sets 275 29 3 1 1 SUA Address Mapping Set 276 29 3 1 2 User Defined Address Mapping Sets 277 29 3 1 3 Ordering Your Rules 278 29 4 Configuring a Server behind NAT 279 29 5 General N...

Страница 17: ...em Security 309 33 1 System Security 309 33 1 1 System Password 309 33 1 2 Configuring External RADIUS Server 309 33 1 3 IEEE802 1x 311 33 2 Creating User Accounts on the Prestige 313 Chapter 34 Syste...

Страница 18: ...rompt Example 335 35 4 4 FTP Session Example of Firmware File Upload 336 35 4 5 TFTP File Upload 336 35 4 6 TFTP Upload Command Example 337 35 4 7 Uploading Via Console Port 337 35 4 8 Uploading Firmw...

Страница 19: ...mportant Points to Remember 364 40 3 Internal SPTGEN FTP Download Example 364 40 4 Internal SPTGEN FTP Upload Example 365 Chapter 41 Troubleshooting 367 41 1 Problems Starting Up the Prestige 367 41 2...

Страница 20: ...bnetting With Class A and Class B Networks 395 Appendix D PPPoE 397 PPPoE in Action 397 Benefits of PPPoE 397 Traditional Dial up Scenario 397 How PPPoE Works 398 Prestige as a PPPoE Client 398 Append...

Страница 21: ...Problem 407 The Triangle Route Solutions 408 IP Aliasing 408 Gateways on the WAN Side 408 Appendix I Example Internal SPTGEN Screens 411 Command Examples 432 Appendix J Command Interpreter 433 Command...

Страница 22: ...Prestige 2602HW Series User s Guide 22...

Страница 23: ...reen 66 Figure 15 Internet Access Wizard Setup Fourth Screen 68 Figure 16 Internet Access Wizard Setup LAN Configuration 69 Figure 17 Internet Access Wizard Setup Connection Tests 70 Figure 18 Passwor...

Страница 24: ...Speed Dial 139 Figure 57 Lifeline 141 Figure 58 Dynamic DNS 144 Figure 59 Time and Date 146 Figure 60 Prestige Firewall Application 151 Figure 61 Three Way Handshake 153 Figure 62 SYN Flood 153 Figure...

Страница 25: ...etwork Connections 204 Figure 97 Network Connections My Network Places 205 Figure 98 Network Connections My Network Places Properties Example 205 Figure 99 Log Settings 208 Figure 100 View Logs 210 Fi...

Страница 26: ...ance Setup Options 264 Figure 141 Sample Static Routing Topology 265 Figure 142 Menu 12 Static Route Setup 266 Figure 143 Menu 12 1 IP Static Route Setup 266 Figure 144 Menu12 1 1 Edit IP Static Route...

Страница 27: ...03 Figure 186 SNMP Management Model 305 Figure 187 Menu 22 SNMP Configuration 307 Figure 188 Menu 23 System Security 309 Figure 189 Menu 23 System Security 309 Figure 190 Menu 23 2 System Security RAD...

Страница 28: ...24 System Maintenance 343 Figure 229 Menu 24 10 System Maintenance Time and Date Setting 344 Figure 230 Menu 24 11 Remote Management Control 348 Figure 231 Menu 25 IP Routing Policy Setup 352 Figure 2...

Страница 29: ...386 Figure 261 Macintosh OS X Apple Menu 387 Figure 262 Macintosh OS X Network 387 Figure 263 Single Computer per Router Hardware Configuration 398 Figure 264 Prestige as a PPPoE Client 398 Figure 26...

Страница 30: ...Prestige 2602HW Series User s Guide 30...

Страница 31: ...Table 14 Wireless LAN 85 Table 15 MAC Address Filter 87 Table 16 Wireless Security Relational Matrix 92 Table 17 Wireless LAN 802 1x WPA 94 Table 18 Wireless LAN 802 1x WPA for 802 1x Protocol 95 Tabl...

Страница 32: ...d 186 Table 55 Content Filter Schedule 187 Table 56 Content Filter Trusted 188 Table 57 Remote Management 191 Table 58 Configuring UPnP 195 Table 59 Log Settings 208 Table 60 View Logs 210 Table 61 SM...

Страница 33: ...s and Permanent Virtual Circuits 308 Table 101 Menu 23 2 System Security RADIUS Server 310 Table 102 Menu 23 4 System Security IEEE802 1x 312 Table 103 Menu 14 1 Edit Dial in User 314 Table 104 Menu 2...

Страница 34: ...AP Authentication Types 406 Table 143 Abbreviations Used in the Example Internal SPTGEN Screens Table 411 Table 144 Menu 1 General Setup SMT Menu 1 411 Table 145 Menu 3 SMT Menu 3 411 Table 146 Menu 4...

Страница 35: ...le 167 ACL Setting Notes 445 Table 168 ICMP Notes 445 Table 169 Syslog Logs 446 Table 170 SIP Logs 446 Table 171 RTP Logs 447 Table 172 FSM Logs Caller Side 447 Table 173 FSM Logs Callee Side 447 Tabl...

Страница 36: ...Prestige 2602HW Series User s Guide 36...

Страница 37: ...information and instructions on getting started Web Configurator Online Help Embedded web help for descriptions of individual screens and supplementary information ZyXEL Glossary and Web Site Please...

Страница 38: ...ck the Apple icon Control Panels and then Modem means first click the Apple icon then point your mouse pointer to Control Panels and then click Modem For brevity s sake we will use e g as a shorthand...

Страница 39: ...upstream capacity Asymmetrical services ADSL are suitable for Internet users because more information is usually downloaded than uploaded For example a simple button click in a web browser can start...

Страница 40: ...Prestige 2602HW Series User s Guide 40 Introduction to DSL...

Страница 41: ...you would expect from the traditional telephone service The Prestige uses SIP Session Initiated Protocol an internationally recognized standard for implementing VoIP The Prestige is ideal for high spe...

Страница 42: ...Switched Telephone Network lifeline feature PSTN lifeline lets you have VoIP phone service and PSTN phone service at the same time 1 3 Features of the Prestige The following sections describe the feat...

Страница 43: ...that a call uses by not transmitting silent packets when you are not speaking Comfort Noise Generation When the Prestige uses VAD it generates and sends comfort background noise when you are not speak...

Страница 44: ...P feature allows a computer to access the Internet and the Prestige without changing the network settings such as IP address and subnet mask of the computer when the IP addresses of the computer and t...

Страница 45: ...ddresses WEP Encryption WEP Wired Equivalent Privacy encrypts data frames before transmitting over the wireless network to help keep network communications private Wi Fi Protected Access Wi Fi Protect...

Страница 46: ...n NAT Network Address Translation NAT allows the translation of an Internet protocol address used within one network for example a private IP address used in a local network to a different IP address...

Страница 47: ...Host Configuration Protocol allows the individual clients computers to obtain the TCP IP configuration at start up from a centralized DHCP server The Prestige has built in DHCP server capability enabl...

Страница 48: ...Encapsulation The Prestige supports PPPoA RFC 2364 PPP over ATM Adaptation Layer 5 RFC 1483 encapsulation over ATM MAC encapsulated routing ENET encapsulation as well as PPP over Ethernet RFC 2516 Ne...

Страница 49: ...stige Here are some example uses for which the Prestige is well suited 1 4 1 Internet Access The Prestige is the ideal high speed Internet access solution Your Prestige supports the TCP IP protocol wh...

Страница 50: ...through an Internet Telephony Service Provider ITSP The following figure shows a basic example of how you would make a VoIP call through an ITSP You use your analog phone A in the figure and the Pres...

Страница 51: ...gure 3 IP PBX Application 1 4 4 Firewall for Secure Broadband Internet Access The Prestige provides protection from attacks by Internet hackers By default the firewall blocks all incoming traffic from...

Страница 52: ...Chapter 1 Getting To Know Your Prestige Figure 5 Prestige LAN to LAN Application 1 5 Prestige Hardware Installation and Connection Refer to the Quick Start Guide for information on hardware installati...

Страница 53: ...sing the Prestige Web Configurator 1 Make sure your Prestige hardware is properly connected refer to the Quick Start Guide 2 Prepare your computer computer network to connect to the Prestige refer to...

Страница 54: ...en release it When the PWR SYS LED begins to blink the defaults have been restored and the Prestige restarts 2 1 3 Navigating the Prestige Web Configurator The following summarizes how to navigate the...

Страница 55: ...Use this screen to configure LAN DHCP and TCP IP settings Wireless LAN Wireless Use this screen to configure the wireless LAN settings MAC Filter Use this screen to change MAC filter settings on the P...

Страница 56: ...n keywords in the URL Schedule Use this screen to set the days and times for the Prestige to perform content filtering Trusted Use this screen to exclude a range of users on the LAN from content filte...

Страница 57: ...ent For instance it encapsulates routed Ethernet frames into bridged ATM cells ENET ENCAP requires that you specify a gateway IP address in the Ethernet Encapsulation Gateway field in the second wizar...

Страница 58: ...ple VC1 carries IP etc VC based multiplexing may be dominant in environments where dynamic creation of large numbers of ATM VCs is fast and economical 3 1 2 2 LLC based Multiplexing In this case one V...

Страница 59: ...t Otherwise select Bridge Encapsulation Select the encapsulation type your ISP uses from the Encapsulation drop down list box Choices vary depending on what you select in the Mode field If you select...

Страница 60: ...e subnet mask automatically based on the IP address that you entered You don t need to change the subnet mask computed by the Prestige unless you are instructed to do otherwise 3 2 1 IP Address Assign...

Страница 61: ...regardless of traffic demand The Prestige does two things when you specify a nailed up connection The first is that idle timeout is disabled The second is that the Prestige will try to bring up the co...

Страница 62: ...Address Automatically if you have a dynamic IP address otherwise select Static IP Address and type your ISP assigned IP address in the text box below Connection Select Connect on Demand when you don...

Страница 63: ...Table 6 Internet Connection with RFC 1483 LABEL DESCRIPTION IP Address This field is available if you select Routing in the Mode field Type your ISP assigned IP address in this field Network Address...

Страница 64: ...address otherwise select Static IP Address and type your ISP assigned IP address in the IP Address text box below Subnet Mask Enter a subnet mask in dotted decimal notation Refer to the IP Subnetting...

Страница 65: ...ame above IP Address This option is available if you select Routing in the Mode field A static IP address is a fixed IP that your ISP gives you A dynamic IP address is not fixed the ISP assigns you a...

Страница 66: ...ct or register server SIP Server Port Enter the SIP server s listening port for SIP in this field Leave this field set to the default if your VoIP service provider did not give you a server port numbe...

Страница 67: ...restige itself which has a default IP of 192 168 1 1 for other server machines for example server for mail FTP telnet web etc that you may have 3 2 8 Internet Access Wizard Setup Fourth Screen Verify...

Страница 68: ...Series User s Guide 68 Chapter 3 Wizard Setup Figure 15 Internet Access Wizard Setup Fourth Screen If you want to change your Prestige LAN settings click Change LAN Configuration to display the scree...

Страница 69: ...must use the new IP address if you want to access the web configurator again LAN Subnet Mask Enter a subnet mask in dotted decimal notation DHCP DHCP Server From the DHCP Server drop down list box sel...

Страница 70: ...Launch your web browser and navigate to www zyxel com Internet access is just the beginning Refer to the rest of this User s Guide for more detailed information on the complete range of Prestige feat...

Страница 71: ...ssword recommended click Password in the Site Map screen Figure 18 Password The following table describes the fields in this screen Table 11 Password LABEL DESCRIPTION Old Password Type the default pa...

Страница 72: ...Prestige 2602HW Series User s Guide 72 Chapter 4 Password Setup...

Страница 73: ...a computer network limited to the immediate area usually the same building or floor of a building The LAN screens can help you configure a LAN DHCP server and manage IP addresses 5 1 1 LANs WANs and...

Страница 74: ...n are not specified for instance left as 0 0 0 0 the Prestige tells the DHCP clients that it itself is the DNS server When a computer sends a DNS query to the Prestige the Prestige forwards the query...

Страница 75: ...ng Information Protocol allows a router to exchange routing information with other routers The RIP Direction field controls the sending and receiving of RIP packets When set to Both the Prestige will...

Страница 76: ...es all directly connected networks to gather group membership After that the Prestige periodically updates this information IP multicasting can be enabled disabled on the Prestige LAN and or WAN inter...

Страница 77: ...omputer tries to access the Internet for the first time through the Prestige 1 When a computer which is in a different subnet first attempts to access the Internet it sends packets to its default gate...

Страница 78: ...LAN Setup After all the routing information is updated the computer can access the Prestige and the Internet as if it is in the same subnet as the Prestige 5 6 Configuring LAN Click LAN and LAN Setup...

Страница 79: ...ld above then enter the IP address of the actual remote DHCP server here TCP IP IP Address Enter the IP address of your Prestige in dotted decimal notation for example 192 168 1 1 factory default IP S...

Страница 80: ...hange your Prestige s static DHCP settings click LAN then the Static DHCP tab The screen appears as shown Figure 22 LAN Static DHCP The following table describes the labels in this screen Table 13 LAN...

Страница 81: ...ing IEEE 802 1x compliant software Currently this is offered in Windows XP An optional network RADIUS server for remote user authentication and accounting 6 1 2 Channel A channel is the radio frequenc...

Страница 82: ...at the same time collisions may occur when both sets of data arrive at the AP at the same time resulting in a loss of messages for both stations RTS CTS is designed to prevent collisions due to hidde...

Страница 83: ...If the Fragmentation Threshold value is smaller than the RTS CTS value see previously you set then the RTS Request To Send CTS Clear to Send handshake will never occur as data frames will be fragmente...

Страница 84: ...network communications private It encrypts unicast and multicast communications in a network Both the wireless stations and the access points must use the same WEP key for data encryption and decrypt...

Страница 85: ...N Wireless stations associating to the Prestige must have the same ESSID Enter a descriptive name up to 32 characters Hide ESSID Select Yes to hide the ESSID in so a station cannot obtain the ESSID th...

Страница 86: ...vacy encrypts data frames before transmitting over the wireless network Select Disable to allow all wireless computers to communicate with the access points without any data encryption Select 64 bit W...

Страница 87: ...the list of MAC addresses in the MAC Address table Select Deny Association to block access to the router MAC addresses not listed will be allowed to access the Prestige Select Allow Association to pe...

Страница 88: ...uthentication authorization and accounting The access point is the client and the server is the RADIUS server The RADIUS server handles the following tasks Authentication Determines the identity of th...

Страница 89: ...red secret key which is a password they both know The key is not sent over the network In addition to the shared key password information exchanged is also encrypted to protect the network from unauth...

Страница 90: ...ient As long as the passwords match a client will be granted access to a WLAN 6 7 2 Encryption WPA improves data encryption by using Temporal Key Integrity Protocol TKIP Message Integrity Check MIC an...

Страница 91: ...sword 6 8 WPA PSK Application Example A WPA PSK application looks as follows 1 First enter identical passwords into the AP and all wireless clients The Pre Shared Key PSK must consist of between 8 and...

Страница 92: ...ity Parameters Summary Refer to this table to see what other security parameters you should configure for each Authentication Method key management protocol type You enter manual keys by first selecti...

Страница 93: ...ireless client However you must run Windows XP to use it 6 12 Configuring 802 1x and WPA To change your Prestige s authentication settings click the Wireless LAN link under Advanced Setup and then the...

Страница 94: ...t box Choose from No Access Allowed No Authentication Required and Authentication Required No Access Allowed blocks all wireless stations access to the wired network No Authentication Required allows...

Страница 95: ...er database may not be used Select Disable to allow wireless stations to communicate with the access points without using dynamic WEP key exchange Select 64 bit WEP or 128 bit WEP to enable data encry...

Страница 96: ...otocol The following table describes the labels not previously discussed Back Click Back to go to the main wireless LAN setup screen Apply Click Apply to save your changes back to the Prestige Cancel...

Страница 97: ...r broadcast and multicast group traffic if the Key Management Protocol is WPA and WPA Mixed Mode is disabled WEP is used automatically if you have enabled WPA Mixed Mode All unicast traffic is automat...

Страница 98: ...including spaces and symbols WPA Mixed Mode The Prestige can operate in WPA Mixed Mode which supports both clients running WPA and clients running dynamic WEP key exchange with 802 1x in the same Wi F...

Страница 99: ...le to authenticate wireless users without interacting with a network RADIUS server However there is a limit on the number of users you may authenticate in this way To change your Prestige s local user...

Страница 100: ...re 35 RADIUS The following table describes the fields in this screen Table 21 Local User Database LABEL DESCRIPTION This is the index number of a local user account Active Select this check box to ena...

Страница 101: ...ey must be the same on the external authentication server and Prestige Accounting Server Active Select Yes from the drop down list box to enable user authentication through an external accounting serv...

Страница 102: ...Prestige 2602HW Series User s Guide 102 Chapter 6 Wireless LAN Setup...

Страница 103: ...f the default routes have the same metric the Prestige uses the following pre defined priorities Normal route designated by the ISP see the Configuring WAN Setup section Traffic redirect route see the...

Страница 104: ...E software installed since the Prestige does that part of the task Furthermore with NAT all of the LANs computers will have access 7 4 Traffic Shaping Traffic Shaping is an agreement between the carri...

Страница 105: ...ssary configuration changes In cases where additional account information such as an Internet account user name and password is required or the Prestige cannot connect to the ISP you will be redirecte...

Страница 106: ...ields in this screen Table 23 WAN Setup LABEL DESCRIPTION Name Enter the name of your Internet Service Provider e g MyISP This information is for identification purposes only Mode Select Routing defau...

Страница 107: ...Cell Rate PCR This is the maximum rate at which the sender can send cells Type the PCR here Sustain Cell Rate The Sustain Cell Rate SCR sets the average cell rate long term that can be transmitted Typ...

Страница 108: ...T for application where NAT is not appropriate Disable PPPoE pass through if you do not need to allow hosts on the LAN to use PPPoE client software on their computers to connect to the ISP Subnet Mask...

Страница 109: ...r three logical networks with the Prestige itself as the gateway for each LAN network Put the protected LAN in one subnet Subnet 1 in the following figure and the backup gateway in another subnet Subn...

Страница 110: ...activate traffic redirect you must configure at least one IP address here When using a WAN backup connection the Prestige periodically pings the addresses configured here and uses the other WAN backup...

Страница 111: ...Address Metric This field sets this route s priority among the routes the Prestige uses The metric represents the cost of transmission A router determines the best route for transmission by choosing...

Страница 112: ...Prestige 2602HW Series User s Guide 112 Chapter 7 WAN Setup...

Страница 113: ...refers to the IP address of a host when the packet is in the local network while the global address refers to the IP address of the host when the same packet is traveling in the WAN side Note that ins...

Страница 114: ...NAT offers the additional benefit of firewall protection With no servers defined your Prestige filters out all incoming inquiries thus preventing intruders from probing your network For more informat...

Страница 115: ...following figure illustrates a possible NAT application where three inside LANs logical LANs using IP Alias behind the Prestige can communicate with three distinct WAN networks More examples follow at...

Страница 116: ...e NAT to be accessible to the outside world Port numbers do not change for One to One and Many to Many No Overload NAT mapping types The following table summarizes these types 8 2 SUA Single User Acco...

Страница 117: ...er from your location Your ISP may periodically check for servers and may suspend your account if it discovers any active services at your location If you are unsure refer to your ISP 8 3 1 Default Se...

Страница 118: ...ddress assigned by ISP Figure 43 Multiple Servers Behind NAT Example 8 4 Selecting the NAT Mode You must create a firewall rule in addition to setting up SUA NAT to allow traffic from the WAN to be fo...

Страница 119: ...here or in the remote management setup Click NAT select SUA Only and click Edit Details to open the following screen Refer to Table 27 for port numbers commonly used for particular services Full Feat...

Страница 120: ...s of ports enter the start port number here and the end port number in the End Port No field End Port No Enter a port number in this field To forward only one port enter the port number again in the S...

Страница 121: ...your Prestige s address mapping settings click NAT Select Full Feature and click Edit Details to open the following screen Figure 46 Address Mapping Rules The following table describes the fields in...

Страница 122: ...T mapping type M 1 Many to One mode maps multiple local IP addresses to one global IP address This is equivalent to SUA i e PAT port address translation ZyXEL s Single User Account feature that previo...

Страница 123: ...utside world Local Start IP This is the starting local IP address ILA Local IP addresses are N A for Server port mapping Local End IP This is the end local IP address ILA If your rule is for all local...

Страница 124: ...Prestige 2602HW Series User s Guide 124 Chapter 8 Network Address Translation NAT Screens...

Страница 125: ...setting up altering and tearing down of voice and multimedia sessions over the Internet SIP signaling is separate from the media for which it handles sessions The media that is exchanged during the se...

Страница 126: ...and the call is terminated 9 2 3 SIP Servers SIP is a client server protocol A SIP client is an application program or device that sends SIP requests A SIP server responds to the SIP requests When you...

Страница 127: ...t Server A SIP redirect server accepts SIP requests translates the destination address to an IP address and sends the translated IP address back to the device that sent the request Then the client dev...

Страница 128: ...RFC 1889 for details on RTP 9 3 SIP ALG The Prestige 2602HW is a SIP Application Layer Gateway ALG A SIP ALG allows VoIP calls to pass through NAT by examining and translating IP addresses embedded in...

Страница 129: ...thesis AbS hybrid waveform codec that uses a filter based on information about how the human vocal tract produces sounds G 729 provides good sound quality and reduces the required bandwidth to 8kbps 9...

Страница 130: ...Prestige 2602HW Series User s Guide 130 Chapter 9 Introduction to VoIP...

Страница 131: ...e Screens Introduction This chapter covers the configuration of the VoIP screens 10 2 SIP Settings Configuration Click Voice in the navigation panel and then SIP Settings to display the following scre...

Страница 132: ...ress then enter the address from the SIP Server Address field again here REGISTER Server Port Enter the SIP register server s listening port for SIP in this field If you were not given a register serv...

Страница 133: ...number without a domain name in the SIP messages that it sends Expiration Duration This field sets how long an entry remains registered with the SIP register server After this time period expires the...

Страница 134: ...ct the type of voice coder decoder codec that you want the Prestige to use G 711 provides higher voice quality than G 729 but requires 64kbps of bandwidth while G 729 only requires 8kbps Select G 711...

Страница 135: ...field DSCP is backward compatible with the three precedence bits in the ToS octet so that non DiffServ compliant ToS enabled network device will not conflict with the DSCP mapping Figure 53 DiffServ...

Страница 136: ...ork control traffic It is recommended that you use priority 5 for SIP RTP TOS Priority Type a priority for voice transmissions The Prestige applies Type of Service priority tags with this priority to...

Страница 137: ...ction 10 6 3 Echo Cancellation G 168 is an ITU T standard for eliminating the echo caused by the sound of your voice reverberating in the telephone receiver while you talk 10 7 Phone Configuration Cli...

Страница 138: ...both when you make a call If you select both SIP accounts the Prestige will first try to use SIP account 2 and then SIP account 1 when you make a call You cannot call the SIP number of the SIP accoun...

Страница 139: ...t Use Proxy if calls to this party use your SIP account configured in the VoIP screen Select Non Proxy Use IP or URL if calls to this party use a different SIP server or go directly to the callee s Vo...

Страница 140: ...ntacting police fire or emergency medical services 10 11 Lifeline Configuration Prestige 2602HWL Click Voice in the navigation panel and then Lifeline to display the following screen Name This is the...

Страница 141: ...for dialing regular calls when the VoIP service is available Relay to PSTN Use these fields to specify phone numbers to which the Prestige will always send calls through the regular phone service wit...

Страница 142: ...Prestige 2602HW Series User s Guide 142 Chapter 10 Voice Screens...

Страница 143: ...friends or relatives will always be able to call you even if they don t know your IP address First of all you need to have registered a dynamic DNS account with www dyndns org This is for people with...

Страница 144: ...Provider This is the name of your Dynamic DNS service provider Host Names Type the domain name assigned to your Prestige by your Dynamic DNS provider E mail Address Type your e mail address User Type...

Страница 145: ...ils then the Prestige goes through the rest of the list in order from the first one tried until either it is successful or all the pre defined NTP time servers have been tried 12 2 Configuring Time an...

Страница 146: ...lays a 4 byte integer giving the total number of seconds since 1970 1 1 at 0 0 0 NTP RFC 1305 is similar to Time RFC 868 Select None to enter the time and date manually IP Address or URL Enter the IP...

Страница 147: ...eld displays the date of your Prestige Each time you reload this page the Prestige synchronizes the time with the time server New Date yyyy mm dd This field displays the last updated date from the tim...

Страница 148: ...Prestige 2602HW Series User s Guide 148 Chapter 12 Time and Date...

Страница 149: ...or a firewall to guard effectively you must design and deploy it appropriately This requires integrating the firewall into a broad information security policy In addition specific policies must be imp...

Страница 150: ...some proxies support See theStateful Inspection section for more information on Stateful Inspection Firewalls of one type or another have become an integral part of standard security solutions for en...

Страница 151: ...et of application protocols that perform specific functions An extension number called the TCP port or UDP port identifies these protocols such as HTTP Web FTP File Transfer Protocol POP3 E mail etc F...

Страница 152: ...sh hang or reboot Teardrop attack exploits weaknesses in the re assembly of IP packet fragments As data is transmitted through a network IP packets are often broken up into smaller chunks Each fragmen...

Страница 153: ...latively long intervals terminates the three way handshake Once the queue is full the system will ignore all incoming SYN requests making the system unavailable for legitimate users Figure 62 SYN Floo...

Страница 154: ...bandwidth making communications impossible Figure 63 Smurf Attack 13 4 2 1 ICMP Vulnerability ICMP is an error reporting protocol that works in concert with IP The following ICMP types trigger an aler...

Страница 155: ...l The Prestige blocks all IP Spoofing attempts 13 5 Stateful Inspection With stateful inspection fields of the packets are compared to packets that are already known to be trusted For example if you a...

Страница 156: ...termine and record information about the state of the packet s connection This information is recorded in a new state table entry created for the new connection If there is not a firewall rule for thi...

Страница 157: ...rules work by evaluating the network traffic s Source IP address Destination IP address IP protocol type and comparing these to rules set by the administrator Below is a brief technical description o...

Страница 158: ...ilar situation exists for ICMP except that the Prestige is even more restrictive Specifically only outgoing echoes will allow incoming echo replies outgoing address mask requests will allow incoming a...

Страница 159: ...ccount what hackers can do and prepares against attacks The best defense against hackers and crackers is information Educate all employees about the importance of security and how to minimize risk Pro...

Страница 160: ...der portion of an IP packet 13 7 1 1 When To Use Filtering To block allow LAN packets by their MAC addresses To block allow special IP packets which are neither TCP nor UDP nor ICMP packets To block a...

Страница 161: ...ter choice when complex rules are required To selectively block allow inbound or outbound traffic between inside host networks and outside host networks Remember that filters can not distinguish traff...

Страница 162: ...Prestige 2602HW Series User s Guide 162 Chapter 13 Firewalls...

Страница 163: ...d users 14 2 Firewall Policies Overview Firewall rules are grouped based on the direction of travel of packets to which they apply By default the Prestige s stateful packet inspection allows packets t...

Страница 164: ...fault rules 14 3 Rule Logic Overview 14 3 1 Rule Checklist State the intent of the rule For example This restricts all IRC access from the LAN to the Internet Or This allows a remote Lotus Notes serve...

Страница 165: ...Does this rule conflict with any existing rules 6 Once these questions have been answered adding rules is simply a matter of plugging the information into the correct fields in the web configurator sc...

Страница 166: ...polices apply in the same way to the WAN port 14 4 1 LAN to WAN Rules The default rule for LAN to WAN traffic is that all users on the LAN are allowed non restricted access to the WAN When you configu...

Страница 167: ...screen see the chapter on logs 14 5 Configuring Basic Firewall Settings Click Firewall and then Default Policy to display the following screen Activate the firewall by selecting the Firewall Enabled c...

Страница 168: ...the LAN to either another computer subnet on the LAN interface of the Prestige or the Prestige itself Default Action Use the radio buttons to select whether to Block silently discard or Forward allow...

Страница 169: ...re summarized below take priority over the general firewall action settings above Rule This is your firewall rule number The ordering of your rules is important as rules are applied in turn Click a ru...

Страница 170: ...ou whether this rule generates an alert Yes or not No when the rule is matched Insert Append Type the index number for where you want to put a rule For example if you type 6 your new rule becomes numb...

Страница 171: ...Prestige 2602HW Series User s Guide Chapter 14 Firewall Configuration 171 Figure 69 Firewall Edit Rule The following table describes the labels in this screen...

Страница 172: ...ck Delete to remove it Services Available Selected Services Please see for more information on services available Highlight a service from the Available Services box on the left then click Add to add...

Страница 173: ...rewall Customized Services 14 8 Creating Editing A Customized Service Click a rule number in the Firewall Customized Services screen to create a new custom port or edit an existing one This action dis...

Страница 174: ...s LABEL DESCRIPTION Service Name Type a unique name for your custom port Service Type Choose the IP port TCP UDP or TCP UDP that defines your customized port from the drop down list box Port Configura...

Страница 175: ...ex number for where you want to put the rule For example if you type 6 your new rule becomes number 6 and the previous rule 6 if there is one becomes rule 7 4 Click Insert to display the firewall rule...

Страница 176: ...ervices screen 8 Click the number of a customized service to open the configuration screen Configure it as follows and click Apply Figure 74 Edit Custom Port Example 9 Click Back in the Customized Ser...

Страница 177: ...elect Customized Services On completing the configuration procedure for this Internet firewall rule the Rule Summary screen should look like the following Note Custom ports show up with an before thei...

Страница 178: ...one IP protocol type For example look at the default configuration labeled DNS UDP TCP 53 means UDP port 53 and TCP port 53 Up to 128 entries are supported Custom service ports may also be configured...

Страница 179: ...ransport Protocol is the delivery mechanism for the USENET newsgroup service PING ICMP 0 Packet INternet Groper is a protocol that sends out ICMP echo requests to test whether or not a remote host is...

Страница 180: ...o access data on many different types of database systems including mainframes midrange systems UNIX systems and network servers SSDP UDP 1900 Simole Service Discovery Protocol SSDP is a discovery ser...

Страница 181: ...uests Do not respond to requests for unauthorized services Select this option to prevent hackers from finding the Prestige by probing for unused ports If you select this option the Prestige will not r...

Страница 182: ...d see Figure 61 For UDP half open means that the firewall has detected no return traffic The Prestige measures both the total number of existing half open sessions and the rate of session establishmen...

Страница 183: ...on requests to the host giving the server time to handle the present connections The Prestige continues to block all new connection requests until the Blocking Time expires The Prestige also sends ale...

Страница 184: ...Do not set Maximum Incomplete High to lower than the current Maximum Incomplete Low number 100 existing half open sessions The above values causes the Prestige to start deleting half open sessions wh...

Страница 185: ...can set a schedule for when the Prestige performs content filtering You can also specify trusted IP addresses on the LAN for which the Prestige will not perform content filtering 15 2 Configuring Key...

Страница 186: ...that you have configured the Prestige to block Delete Highlight a keyword in the box and click Delete to remove it Clear All Click Clear All to remove all of the keywords from the list Keyword Type a...

Страница 187: ...e screen appears as shown Table 55 Content Filter Schedule LABEL DESCRIPTION Days to Block Select a check box to configure which days of the week or everyday you want the content filtering to be activ...

Страница 188: ...e beginning IP address of a specific range of computers on the LAN that you want to exclude from content filtering To Type the ending IP address of a specific range of users on your LAN that you want...

Страница 189: ...ng firewall rules You may manage your Prestige from a remote location via Internet WAN only ALL LAN and WAN LAN only Neither Disable When you Choose WAN only or ALL LAN WAN you still need to configure...

Страница 190: ...l rule that blocks it 16 1 2 Remote Management and NAT When NAT is enabled Use the Prestige s WAN IP address when configuring from the WAN Use the Prestige s LAN IP address when configuring from the L...

Страница 191: ...otes a service that you may use to remotely manage the Prestige Access Status Select the access interface Choices are All LAN Only WAN Only and Disable Port This field shows the port number for the re...

Страница 192: ...Prestige 2602HW Series User s Guide 192 Chapter 16 Remote Management Configuration...

Страница 193: ...ate icon Selecting the icon of a UPnP device will allow you to access the information and properties of that device 17 1 2 NAT Traversal UPnP NAT traversal automates the process of allowing an applica...

Страница 194: ...n supports IGD 1 0 Internet Gateway Device At the time of writing ZyXEL s UPnP implementation supports Windows Messenger 4 6 and 4 7 while Windows Messenger 5 0 and Xbox are still being tested The Pre...

Страница 195: ...stige s IP address although you must still enter the password to access the web configurator Allow users to make configuration changes through UPnP Select this check box to allow UPnP enabled applicat...

Страница 196: ...Setup Communication 3 In the Communications window select the Universal Plug and Play check box in the Components selection box Figure 86 Add Remove Programs Windows Setup Communication Components 4...

Страница 197: ...dows XP 1 Click Start and Control Panel 2 Double click Network Connections 3 In the Network Connections window click Advanced in the main menu and select Optional Networking Components Figure 87 Netwo...

Страница 198: ...2602HW Series User s Guide 198 Chapter 17 Universal Plug and Play UPnP Figure 88 Windows Optional Networking Components Wizard 5 In the Networking Services window select the Universal Plug and Play c...

Страница 199: ...section shows you how to use the UPnP feature in Windows XP You must already have UPnP installed in Windows XP and UPnP activated on the Prestige Make sure the computer is connected to a LAN port of...

Страница 200: ...Series User s Guide 200 Chapter 17 Universal Plug and Play UPnP Figure 90 Network Connections 3 In the Internet Connection Properties window click Settings to see the port mappings there were automat...

Страница 201: ...stige 2602HW Series User s Guide Chapter 17 Universal Plug and Play UPnP 201 Figure 91 Internet Connection Properties 4 You may edit or delete the port mappings or click Add to manually add port mappi...

Страница 202: ...perties Advanced Settings Figure 93 Internet Connection Properties Advanced Settings Add 5 When the UPnP enabled device is disconnected from your computer all port mappings will be deleted automatical...

Страница 203: ...ection Status Web Configurator Easy Access With UPnP you can access the web based configurator on the Prestige without finding out the IP address of the Prestige first This comes helpful if you do not...

Страница 204: ...niversal Plug and Play UPnP Figure 96 Network Connections 4 An icon with the description for each UPnP enabled device displays under Local Network 5 Right click on the icon for your Prestige and selec...

Страница 205: ...Play UPnP 205 Figure 97 Network Connections My Network Places 6 Right click on the icon for your Prestige and select Properties A properties window displays with basic information about the Prestige F...

Страница 206: ...Prestige 2602HW Series User s Guide 206 Chapter 17 Universal Plug and Play UPnP...

Страница 207: ...rors attacks access control and attempted access to blocked web sites Some categories such as System Errors consist of both logs and alerts You may differentiate them by their color in the View Log sc...

Страница 208: ...server name or the IP address of the mail server for the e mail addresses specified below If this field is left blank logs and alert messages will not be sent via e mail Mail Subject Type a title that...

Страница 209: ...syslog server Refer to the documentation of your syslog program for more details Send Log Log Schedule This drop down menu is used to configure the frequency of log messages being sent as E mail Daily...

Страница 210: ...apter on system maintenance and information to configure the Prestige s time and date Message This field states the reason for the log Source This field lists the source IP address and the port number...

Страница 211: ...t From Prestige Date Fri 07 Apr 2000 10 05 42 From user zyxel com To user zyxel com 1 Apr 7 00 From 192 168 1 1 To 192 168 1 255 default policy forward 09 54 03 UDP src port 00520 dest port 00520 1 00...

Страница 212: ...Prestige 2602HW Series User s Guide 212 Chapter 18 Logs Screens...

Страница 213: ...nd port traffic statistics 19 1 Maintenance Overview The maintenance screens can help you view system information upload new firmware manage configuration and restart your Prestige 19 2 System Status...

Страница 214: ...Prestige 2602HW Series User s Guide 214 Chapter 19 Maintenance Figure 102 System Status...

Страница 215: ...of the contiguous addresses in the IP address pool DHCP Pool Size This is the number of IP addresses in the IP address pool WLAN Information ESSID This is the descriptive name used to identify the Pr...

Страница 216: ...ribes the fields in this screen Table 63 System Status Show Statistics LABEL DESCRIPTION System up Time This is the elapsed time the system has been up CPU Load This field specifies the percentage of...

Страница 217: ...is field displays the number of bytes received in the last second Up Time This field displays the elapsed time this port has been up Collisions This is the number of collisions on this port Voice Stat...

Страница 218: ...e following table describes the labels in this screen Table 64 DHCP Table LABEL DESCRIPTION Host Name This is the name of the host computer IP Address This field displays the IP address relative to th...

Страница 219: ...MAC address The MAC address is assigned at the factory and consists of six pairs of hexadecimal characters for example 00 A0 C5 00 00 02 Refresh Click Refresh to update this screen Table 65 Any IP Tab...

Страница 220: ...is screen 19 6 2 Diagnostic DSL Line Screen Click Diagnostic and then DSL Line to open the screen shown next Table 67 Diagnostic General LABEL DESCRIPTION TCP IP Address Type the IP address of a compu...

Страница 221: ...Status Click this button to view ATM status ATM Loopback Test Click this button to start the ATM loopback test Make sure you have configured at least one PVC with proper VPIs VCIs before you begin thi...

Страница 222: ...pen the following screen Follow the instructions in this screen to upload firmware to your Prestige Figure 109 Firmware Upgrade The following table describes the labels in this screen Table 69 Firmwar...

Страница 223: ...rts in this time causing a temporary network disconnect In some operating systems you may see the following icon on your desktop Figure 110 Network Temporarily Disconnected After two minutes log in ag...

Страница 224: ...Prestige 2602HW Series User s Guide 224 Chapter 19 Maintenance...

Страница 225: ...the SMT menus via console port how to navigate the SMT and how to configure SMT menus 20 2 Accessing the SMT via the Console Port Make sure you have the physical connection properly set up as describe...

Страница 226: ...tion via Telnet The following procedure details how to telnet into your Prestige 1 In Windows click Start usually in the bottom left corner Run and then type telnet 192 168 1 1 the default IP address...

Страница 227: ...enter the default password 1234 As you type the password the screen displays an asterisk for each character you type Please note that if there is no activity for longer than five minutes after you log...

Страница 228: ...figure your Prestige Several operations that you should be familiar with before you attempt to modify the configuration are listed in the table below Table 70 Navigating the SMT Interface OPERATION KE...

Страница 229: ...to save the new configuration All fields with ChangeMe must not be left blank in order to be able to save the new configuration N A fields N A Some of the fields in the SMT will show a N A This symbo...

Страница 230: ...A quick and easy way to set up an Internet connection 11 Remote Node Setup Use this menu to set up the Remote Node for LAN to LAN connection including Internet connection 12 Static Routing Setup Use t...

Страница 231: ...rd field up to 30 characters and press ENTER 5 Re type your new system password in the Retype to confirm field for confirmation and press ENTER Menu 23 1 System Security Change Password Old Password N...

Страница 232: ...Prestige 2602HW Series User s Guide 232 Chapter 20 Introducing the SMT...

Страница 233: ...Windows 2000 click Start Settings Control Panel and then double click System Click the Network Identification tab and then the Properties button Note the entry for the Computer name field and enter i...

Страница 234: ...nal Enter the name up to 30 characters of the person in charge of this Prestige Domain Name Enter the domain name if you know it here If you leave this field blank the ISP may assign a domain name via...

Страница 235: ...your dynamic DNS service provider Active Press SPACE BAR to select Yes and then press ENTER to make dynamic DNS active Host Enter the domain name assigned to your Prestige by your dynamic DNS provide...

Страница 236: ...Prestige 2602HW Series User s Guide 236 Chapter 21 Menu 1 General Setup...

Страница 237: ...Fail Tolerance 0 Recovery Interval sec 0 ICMP Timeout sec 0 Traffic Redirect No Press ENTER to Confirm or ESC to Cancel Table 75 Menu 2 WAN Backup Setup FIELD DESCRIPTION Check Mechanism Press SPACE...

Страница 238: ...ime if your destination IP address handles lots of traffic ICMP Timeout Type the number of seconds for an ICMP session to wait for the ICMP response Traffic Redirect Press SPACE BAR to select Yes or N...

Страница 239: ...with the lowest cost RIP routing uses hop count as the measurement of cost with a minimum of 1 for directly connected networks The number must be between 1 and 15 a number greater than 15 means the li...

Страница 240: ...Prestige 2602HW Series User s Guide 240 Chapter 22 Menu 2 WAN Backup Setup...

Страница 241: ...y to the Ethernet traffic You seldom need to filter Ethernet traffic however the filter sets may be useful to block certain packets reduce traffic and prevent security breaches Figure 122 Menu 3 1 LAN...

Страница 242: ...3 from the main menu to display Menu 3 LAN Setup When menu 3 appears press 2 and press ENTER to display Menu 3 2 TCP IP and DHCP Ethernet Setup as shown next Figure 123 Menu 3 2 TCP IP and DHCP Ethern...

Страница 243: ...ter the IP address of the actual remote DHCP server here Table 78 TCP IP Ethernet Setup FIELD DESCRIPTION TCP IP Setup IP Address Enter the LAN IP address of your Prestige in dotted decimal notation I...

Страница 244: ...Prestige 2602HW Series User s Guide 244 Chapter 23 Menu 3 LAN Setup...

Страница 245: ...eless LAN Setup The following table describes the fields in this menu Menu 3 5 Wireless LAN Setup ESSID Wireless Hide ESSID No Channel ID CH06 2437MHz RTS Threshold 2432 Frag Threshold 2432 WEP Disabl...

Страница 246: ...itted over the wireless network Select Disable allows wireless stations to communicate with the access points without any data encryption Select 64 bit WEP 128 bit WEP or 256 bit WEP to for the type o...

Страница 247: ...00 00 00 00 11 00 00 00 00 00 00 23 00 00 00 00 00 00 12 00 00 00 00 00 00 24 00 00 00 00 00 00 Enter here to CONFIRM or ESC to CANCEL Table 80 Menu 3 5 1 WLAN MAC Address Filtering FIELD DESCRIPTION...

Страница 248: ...Prestige 2602HW Series User s Guide 248 Chapter 24 Wireless LAN Setup...

Страница 249: ...olicy defined by the network administrator Policy based routing is applied to incoming packets on a per interface basis prior to the normal routing Create policies using SMT menu 25 see Chapter 38 IP...

Страница 250: ...e the second and third network Figure 127 Menu 3 2 TCP IP and DHCP Setup Pressing ENTER displays Menu 3 2 1 IP Alias Setup as shown next Menu 3 2 TCP IP and DHCP Setup DHCP Setup DHCP Server Client IP...

Страница 251: ...IELD DESCRIPTION IP Alias Choose Yes to configure the LAN network for the Prestige IP Address Enter the IP address of your Prestige in dotted decimal notation IP Subnet Mask Your Prestige will automat...

Страница 252: ...t Encapsulation Gateway IP address if you are using ENET ENCAP encapsulation From the main menu type 4 to display Menu 4 Internet Access Setup as shown next Figure 130 Menu 4 Internet Access Setup The...

Страница 253: ...fic source that can be sent at the peak rate and a parameter for burst traffic Type the SCR it must be less than the PCR Maximum Burst Size MBS 0 Refers to the maximum number of cells that can be sent...

Страница 254: ...Prestige 2602HW Series User s Guide 254 Chapter 25 Internet Access...

Страница 255: ...s you are configuring one of the remote nodes You first choose a remote node in Menu 11 Remote Node Setup You can then edit that node s profile in menu 11 1 as well as configure specific settings in t...

Страница 256: ...ion Here are some examples of more suitable combinations in such an application 26 2 2 1 Scenario 1 One VC Multiple Protocols PPPoA RFC 2364 encapsulation with VC based multiplexing is the best combin...

Страница 257: ...u 11 Encapsulation PPPoA refers to RFC 2364 PPP Encapsulation over ATM Adaptation Layer 5 If RFC 1483 Multiprotocol Encapsulation over ATM Adaptation Layer 5 of ENET ENCAP are selected then the Rem Lo...

Страница 258: ...d press ENTER to display Menu 11 8 Advance Setup Options Telco Option Allocated Budget min This sets a ceiling for outgoing call time for this remote node The default for this field is 0 meaning no bu...

Страница 259: ...NCEL Table 84 Menu 11 3 Remote Node Network Layer Options FIELD DESCRIPTION IP Address Assignment Press SPACE BAR and then ENTER to select Dynamic if the remote node is using a dynamically assigned IP...

Страница 260: ...of 1 for directly connected networks Type a number that approximates the cost for this link The number need not be precise but it must be between 1 and 15 In practice 2 or 3 is usually a good number...

Страница 261: ...mote Node Filter to specify the filter set s to apply to the incoming and outgoing traffic between this remote node and the Prestige and also to prevent certain packets from triggering calls You can s...

Страница 262: ...stige depending on whether you chose VC based LLC based multiplexing and PPP encapsulation in menu 11 1 26 5 1 VC based Multiplexing non PPP Encapsulation For VC based multiplexing by prior agreement...

Страница 263: ...the VCI is 32 to 65535 1 to 31 is reserved for local management of ATM traffic 26 5 3 Advance Setup Options In menu 11 1 select PPPoE in the Encapsulation field Menu 11 6 Remote Node ATM Layer Options...

Страница 264: ...Confirm or ESC to Cancel Menu 11 8 Advance Setup Options PPPoE pass through No Press ENTER to Confirm or ESC to Cancel Table 85 Menu 11 8 Advance Setup Options FIELD DESCRIPTION PPPoE pass through Pre...

Страница 265: ...Each remote node specifies only the network to which the gateway is directly connected and the Prestige has no knowledge of the networks beyond For instance the Prestige knows about network N2 in the...

Страница 266: ...the fields for Menu 12 1 1 Edit IP Static Route Setup Menu 12 Static Route Setup 1 IP Static Route 3 Bridge Static Route Please enter selection Menu 12 1 IP Static Route Setup 1 ________ 2 ________ 3...

Страница 267: ...way The gateway is an immediate neighbor of your Prestige that will forward the packet to the destination On the LAN the gateway must be a router on the same segment as your Prestige over WAN the gate...

Страница 268: ...Prestige 2602HW Series User s Guide 268 Chapter 27 Static Route Setup...

Страница 269: ...er protocol and it also demands more CPU cycles and memory For efficiency reasons do not turn on bridging unless you need to support protocols other than IP on your network For IP enable the routing i...

Страница 270: ...Filter Sets No Idle Timeout sec N A Press ENTER to Confirm or ESC to Cancel Menu 11 3 Remote Node Network Layer Options IP Options Bridge Options IP Address Assignment Static Ethernet Addr Timeout min...

Страница 271: ...Cancel Table 88 Menu 12 3 1 Edit Bridge Static Route FIELD DESCRIPTION Route This is the route index number you typed in Menu 12 3 Bridge Static Route Setup Route Name Type a name for the bridge stat...

Страница 272: ...Prestige 2602HW Series User s Guide 272 Chapter 28 Bridging Setup...

Страница 273: ...pports two types of mapping Many to One and Server See the NAT Setup section or a detailed description of the NAT set for SUA The Prestige also supports Full Feature NAT to map multiple global IP addr...

Страница 274: ...e options for Network Address Translation Menu 4 Internet Access Setup ISP s Name MyISP Encapsulation RFC 1483 Multiplexing LLC based VPI 8 VCI 35 ATM QoS Type UBR Peak Cell Rate PCR 0 Sustain Cell Ra...

Страница 275: ...T web configurator screens for further information on these menus To configure NAT enter 15 from the main menu to bring up the following screen Figure 150 Menu 15 NAT Setup 29 3 1 Address Mapping Sets...

Страница 276: ...Selection Number Menu 15 1 255 Address Mapping Rules Set Name Idx Local Start IP Local End IP Global Start IP Global End IP Type 1 0 0 0 0 255 255 255 255 0 0 0 0 M 1 2 0 0 0 0 Server 3 4 5 6 7 8 9 10...

Страница 277: ...nu 15 1 1 1 described later and the values are displayed here Global Start IP This is the starting global IP address IGA If you have a dynamic IP enter 0 0 0 0 as the Global Start IP Global End IP Thi...

Страница 278: ...t including deleting a rule No changes to the set take place until this action is taken Selecting Edit in the Action field and then selecting a rule brings up the following menu Menu 15 1 1 1 Address...

Страница 279: ...multiple servers of different types behind NAT to this computer See section 27 5 3 for an example Local IP Only local IP fields are N A for server Global IP fields MUST be set for Server Start This is...

Страница 280: ...acting as an FTP Telnet and SMTP server ports 21 23 and 25 at 192 168 1 33 6 Press ENTER at the Press ENTER to confirm prompt to save your configuration after you define all the servers or press ESC a...

Страница 281: ...Example 29 5 General NAT Examples The following are some examples of NAT configuration 29 5 1 Example 1 Internet Access Only In the following Internet access example you only need one rule where your...

Страница 282: ...mple 2 Internet Access with an Inside Server Figure 160 NAT Example 2 In this case you do exactly as above use the convenient pre configured SUA Only set and also go to menu 15 2 to specify the Inside...

Страница 283: ...s Map the first IGA to the first inside FTP server for FTP traffic in both directions 1 1 mapping giving both local and global IP addresses Map the second IGA to our second inside FTP server for FTP t...

Страница 284: ...e as One to One direct mapping for packets going both ways and enter the local Start IP as 192 168 1 10 the IP address of FTP Server 1 the global Start IP as 10 132 50 1 our first IGA See Figure 164 5...

Страница 285: ...following menu Configure it as shown Menu 15 1 1 1 Address Mapping Rule Type One to One Local IP Start 192 168 1 10 End N A Global IP Start 10 132 50 1 End N A Server Mapping Set N A Press ENTER to Co...

Страница 286: ...Figure 167 NAT Example 4 Other applications such as some gaming programs are NAT unfriendly because they embed addressing information in the data stream These applications won t work through NAT even...

Страница 287: ...ng Rules Menu 15 1 1 1 Address Mapping Rule Type Many to Many No Overload Local IP Start 192 168 1 10 End 192 168 1 12 Global IP Start 10 132 50 1 End 10 132 50 3 Server Mapping Set N A Press ENTER to...

Страница 288: ...Prestige 2602HW Series User s Guide 288 Chapter 29 Network Address Translation NAT...

Страница 289: ...by far the most comprehensive firewall configuration tool your Prestige has to offer For this reason it is recommended that you configure your firewall using the web configurator see the following cha...

Страница 290: ...OS attacks when it is active The default Policy sets 1 allow all sessions originating from the LAN to the WAN and 2 deny all sessions originating from the WAN to the LAN You may define additional Poli...

Страница 291: ...ering Call filters are divided into two groups the built in call filters and user defined call filters Your Prestige has built in call filters that prevent administrative for example RIP packets from...

Страница 292: ...cribe how to configure filter sets 31 1 1 The Filter Structure of the Prestige A filter set consists of one or more filter rules Usually you would group related rules for example all the rules for Net...

Страница 293: ...in menu 21 1 Figure 174 NetBIOS_WAN Filter Rules Summary Menu 21 1 Filter Set Configuration Filter Filter Set Comments Set Comments 1 _______________ 7 _______________ 2 _______________ 8 ___________...

Страница 294: ...fff Value 01005e N D F 2 N 3 N 4 N 5 N 6 N Enter Filter Rule Number 1 6 to Configure Table 93 Abbreviations Used in the Filter Rules Summary Menu FIELD DESCRIPTION The filter rule number 1 to 6 A Acti...

Страница 295: ...s of a filter set is determined by the first rule that you create When applying the filter sets to a port separate menu fields are provided for protocol and device filter sets If you include a protoco...

Страница 296: ...NTER to Confirm or ESC to Cancel Table 95 Menu 21 1 x 1 TCP IP Filter Rule FIELD DESCRIPTION Filter This is the filter set filter rule coordinates for instance 2 3 refers to the second filter set and...

Страница 297: ...ies only when the IP Protocol field is 6 TCP If Yes the rule matches packets that want to establish TCP connection s SYN 1 and ACK 0 else it is ignored More If Yes a matching packet is passed to the n...

Страница 298: ...plies the Mask bit wise ANDing to the data portion before comparing the result against the Value to determine a match The Mask and Value fields are specified in hexadecimal numbers Note that it takes...

Страница 299: ...d below each type will be different Choices are Generic Filter Rule or TCP IP Filter Rule Active Select Yes to turn on or No to turn off the filter rule Offset Type the starting byte of the data porti...

Страница 300: ...ter NAT for incoming packets On the other hand the generic or device filters are applied to the raw packets that appear on the wire They are applied at the point where the Prestige is receiving and se...

Страница 301: ...rule Make the entries in this menu as shown next When you press ENTER to confirm the following screen appears Note that there is only one filter rule in this set Figure 182 Menu 21 1 6 1 Sample Filter...

Страница 302: ...ter Rules Summary 31 7 Applying Filters and Factory Defaults This section shows you where to apply the filter s after you design it them Sets of factory default filter rules have been configured in me...

Страница 303: ...ffic 31 7 2 Remote Node Filters Go to menu 11 5 shown next and type the number s of the filter set s as appropriate You can cascade up to four filter sets by typing their numbers separated by commas T...

Страница 304: ...Prestige 2602HW Series User s Guide 304 Chapter 31 Filter Configuration...

Страница 305: ...network The Prestige supports SNMP version one SNMPv1 and version two c SNMPv2c The next figure illustrates an SNMP management operation SNMP is only available if TCP IP is configured Figure 186 SNMP...

Страница 306: ...retrieve an object variable from the agent GetNext Allows the manager to retrieve the next object variable from a table or list within an agent In SNMPv1 when a manager wants to retrieve all elements...

Страница 307: ...ent station Trusted Host If you enter a trusted host your Prestige will only respond to SNMP messages from this address A blank default field means your Prestige will respond to all SNMP messages it r...

Страница 308: ...rd 6 whyReboot defined in ZYXEL MIB A trap is sent with the reason of restart before rebooting when the system is going to restart warm start 6a For intentional reboot A trap is sent with the message...

Страница 309: ...f you forget your password you have to restore the default configuration file Refer to the Changing the System Password section and the Resetting the Prestige section for information Figure 188 Menu 2...

Страница 310: ...on Shared Secret Specify a password up to 31 alphanumeric characters as the key to be shared between the external authentication server and the access points The key is not sent over the network This...

Страница 311: ...ystem Security IEEE802 1x Figure 192 Menu 23 4 System Security IEEE802 1x The following table describes the fields in this menu Menu 23 System Security 1 Change Password 2 RADIUS Server 4 IEEE802 1x E...

Страница 312: ...amic WEP Key Exchange This field is activated only when you select Authentication Required in the Wireless Port Control field Also set the Authentication Databases field to RADIUS Only Local user data...

Страница 313: ...base with 802 1x Key Management Protocol Select Local User Database Only to have the Prestige just check the built in user database on the Prestige for a wireless station s username and password Selec...

Страница 314: ..._ 22 ________ 30 ________ 7 ________ 15 ________ 23 ________ 31 ________ 8 ________ 16 ________ 24 ________ 32 ________ Enter Menu Selection Number Menu 14 1 Edit Dial in User User Name test Active Ye...

Страница 315: ...own in the following figure Figure 195 Menu 24 System Maintenance 34 2 System Status The first selection System Status gives you information on the status and statistics of the ports as shown next Sys...

Страница 316: ...6 N A 0 0 0 0 0 0 00 00 7 N A 0 0 0 0 0 0 00 00 My WAN IP from ISP 0 0 0 0 Ethernet WAN Status Tx Pkts 528 Line Status Down Collisions 0 Rx Pkts 505 Upstream Speed 0 kbps CPU Load 2 12 Downstream Spe...

Страница 317: ...2 to display the screen shown next Rx Pkts This is the number of received packets from the LAN Collision This is the number of collisions WAN This shows statistics for the WAN Line Status This shows...

Страница 318: ...Mask 255 255 255 0 DHCP Server Press ESC or RETURN to Exit Table 105 Menu 24 2 1 System Maintenance Information FIELD DESCRIPTION Name Displays the system name of your Prestige This information can be...

Страница 319: ...omething goes wrong is the error log Follow the procedures to view the local error trace log 1 Type 24 in the main menu to display Menu 24 System Maintenance 2 From menu 24 type 3 to display Menu 24 3...

Страница 320: ...task pause 1 day 57 Sat Jan 01 00 00 03 2000 PP21 INFO monitoring WAN connectivity 58 Sat Jan 01 00 03 06 2000 PP19 INFO SMT Password pass 59 Sat Jan 01 00 03 06 2000 PP01 INFO SMT Session Begin 60 S...

Страница 321: ...C02 OutCall Connected 64000 40002 Jul 19 11 20 06 192 168 102 2 ZYXEL board 0 line 0 channel 0 call 1 C02 Call Terminated 2 Packet Triggered SdcmdSyslogSend SYSLOG_PKTTRI SYSLOG_NOTICE String String P...

Страница 322: ...3 55 192 168 102 2 ZYXEL IP Src 202 132 154 123 Dst 255 255 255 255 UDP spo 0208 dpo 0208 S03 R01mF Jul 19 14 44 00 192 168 102 2 ZYXEL IP Src 192 168 102 20 Dst 202 132 154 1 UDP spo 05d4 dpo 0035 S0...

Страница 323: ...nance Menu Diagnostic FIELD DESCRIPTION Reset xDSL Re initialize the xDSL link to the telephone company Ping Host Ping the host to see if the links and TCP IP protocol on both systems are working Rebo...

Страница 324: ...Prestige 2602HW Series User s Guide 324 Chapter 34 System Information and Diagnosis...

Страница 325: ...name of your choosing ZyNOS ZyXEL Network Operating System sometimes referred to as the ras file is the system firmware and has a bin filename extension With many FTP and TFTP clients the filenames ar...

Страница 326: ...commended once your Prestige is functioning properly FTP is the preferred methods for backing up your current configuration to your computer since they are faster Any serial communications program sho...

Страница 327: ...renames it config rom See earlier in this chapter for more information on filename conventions 7 Enter quit to exit the ftp prompt 35 2 3 Example of FTP Commands from the Command Line Menu 24 5 System...

Страница 328: ...ole session running 331 Enter PASS command Password 230 Logged in ftp bin 200 Type I OK ftp get rom 0 zyxel rom 200 Port command okay 150 Opening data connection for STOR ras 226 File received OK ftp...

Страница 329: ...le transfer is complete 4 Launch the TFTP client on your computer and connect to the Prestige Set the transfer mode to binary before starting data transfer 5 Use the TFTP client see the example below...

Страница 330: ...een 3 Run the HyperTerminal program by clicking Transfer then Receive File as shown in the following screen Table 110 General Commands for GUI based TFTP Clients COMMAND DESCRIPTION Host Enter the IP...

Страница 331: ...Note that this function erases the current configuration before restoring a previous back up configuration please do not attempt to restore unless you have a backup configuration file stored on disk...

Страница 332: ...and FTP over WAN Management Limitations section to read about configurations that disallow TFTP and FTP over WAN Menu 24 6 System Maintenance Restore Configuration To transfer the firmware and configu...

Страница 333: ...reen indicates that the Xmodem download has started Figure 214 System Maintenance Starting Xmodem Download Screen 3 Run the HyperTerminal program by clicking Transfer then Send File as shown in the fo...

Страница 334: ...ad System Firmware 35 4 2 Configuration File Upload You see the following screen when you telnet into menu 24 7 2 Save to ROM Hit any key to start system reboot Note Do not interrupt the file transfer...

Страница 335: ...fers the configuration file on the Prestige to your computer and renames it config rom See earlier in this chapter for more information on filename conventions 7 Enter quit to exit the ftp prompt The...

Страница 336: ...is address 2 Put the SMT in command interpreter CI mode by entering 8 in Menu 24 System Maintenance 3 Enter the command sys stdio 0 to disable the console timeout so the TFTP transfer will not be inte...

Страница 337: ...mended since FTP or TFTP is faster Any serial communications program should work fine however you must use the Xmodem protocol to perform the download upload 35 4 8 Uploading Firmware File Via Console...

Страница 338: ...ol on your computer Follow the procedure as shown previously for the HyperTerminal program The procedure for other serial communications programs should be similar Menu 24 7 2 System Maintenance Uploa...

Страница 339: ...339 3 Enter atgo to restart the Prestige 35 4 11 Example Xmodem Configuration Upload Using HyperTerminal Click Transfer then Send File to display the following screen Figure 223 Example Xmodem Upload...

Страница 340: ...Prestige 2602HW Series User s Guide 340 Chapter 35 Firmware and Configuration File Maintenance...

Страница 341: ...nformation on CI commands Enter 8 from Menu 24 System Maintenance A list of valid commands can be found by typing help or at the command prompt Type exit to return to the SMT main menu when finished F...

Страница 342: ...nu select option 9 in menu 24 to go to Menu 24 9 System Maintenance Call Control as shown in the next table Figure 226 Menu 24 9 System Maintenance Call Control 36 2 1 Budget Management Menu 24 9 1 sh...

Страница 343: ...en displayed in the Prestige error logs and firewall logs Select menu 24 in the main menu to open Menu 24 System Maintenance as shown next Figure 228 Menu 24 System Maintenance Then enter 10 to go to...

Страница 344: ...ces between them are the format Daytime RFC 867 format is day month year time zone of the server Time RFC 868 format displays a 4 byte integer giving the total number of seconds since 1970 1 1 at 0 0...

Страница 345: ...Prestige 2602HW Series User s Guide Chapter 36 System Maintenance 345 24 hour intervals after starting...

Страница 346: ...Prestige 2602HW Series User s Guide 346 Chapter 36 System Maintenance...

Страница 347: ...configuring firewall rules 37 2 Remote Management To disable remote management of a service select Disable in the corresponding Server Access field Enter 11 from menu 24 to display Menu 24 11 Remote...

Страница 348: ...s LAN only Secured Client IP 0 0 0 0 FTP Server Server Port 21 Server Access LAN only Secured Client IP 0 0 0 0 Web Server Server Port 80 Server Access LAN only Secured Client IP 0 0 0 0 Press ENTER t...

Страница 349: ...dress when configuring from the LAN 37 4 System Timeout There is a default system management idle timeout of five minutes three hundred seconds The Prestige automatically logs you out if the managemen...

Страница 350: ...Prestige 2602HW Series User s Guide 350 Chapter 37 Remote Management...

Страница 351: ...ecedence or TOS Type of Service values in the IP header at the periphery of the network to enable the backbone to prioritize traffic Cost Savings IPPR allows organizations to distribute interactive tr...

Страница 352: ...e main menu to open Menu 25 IP Routing Policy Setup 2 Type the index of the policy set you want to configure to open Menu 25 1 IP Routing Policy Setup Menu 25 1 shows the summary of a policy set inclu...

Страница 353: ...___________________________________________________________ __________________________________________________________________________ 5 N _____________________________________________________________...

Страница 354: ...cies are displayed with a minus sign in SMT menu 25 Criteria IP Protocol IP layer 4 protocol for example UDP TCP ICMP etc Type of Service Prioritize incoming network traffic by choosing from Don t Car...

Страница 355: ...the LAN otherwise the gateway must be the IP address of a remote node The default gateway is specified as 0 0 0 0 Type of Service Set the new TOS value of the outgoing packet Prioritize incoming netwo...

Страница 356: ...e default IP route and route 2 represents the configured IP route Menu 3 2 TCP IP and DHCP Setup DHCP Setup DHCP Server Client IP Pool Starting Address 192 168 1 33 Size of Client IP Pool 32 Primary D...

Страница 357: ...shown next Figure 237 IP Routing Policy Example 1 Check Menu 25 1 IP Routing Policy Setup to see if the rule is added correctly 2 Create another policy set in menu 25 Menu 25 1 1 IP Routing Policy Po...

Страница 358: ...l 6 Type of Service Don t Care Precedence Don t Care Source addr start 0 0 0 0 port start 0 Destination addr start 0 0 0 0 port start 20 Action Matched Gateway addr 192 168 1 100 Type of Service No Ch...

Страница 359: ...take precedence over higher numbered sets thereby avoiding scheduling conflicts For example if sets 1 2 3 and 4 in are applied in the remote node then set 1 will take precedence over set 2 3 and 4 as...

Страница 360: ...Yes or No Choose Yes and press ENTER to activate the schedule set Start Date Enter the start date when you wish the set to take effect in year month date format Valid dates are from the present to 20...

Страница 361: ...means that the connection is blocked whether or not there is a demand call on the line Enable Dial On Demand means that this schedule permits a demand call on the line Disable Dial On Demand means th...

Страница 362: ...Prestige 2602HW Series User s Guide 362 Chapter 39 Call Scheduling...

Страница 363: ...rnal SPTGEN text files conform to the following format field identification number field name parameter values allowed input where input is your input conforming to parameter values allowed The figure...

Страница 364: ...3 Figure 244 Invalid Parameter Entered Command Line Example The Prestige will display the following if you enter parameter s that are valid Figure 245 Valid Parameter Entered Command Line Example 40 3...

Страница 365: ...SPTGEN FTP Upload Example c ftp 192 168 1 1 220 PPP FTP version 1 0 ready at Sat Jan 1 03 22 12 2000 User 192 168 1 1 none 331 Enter PASS command Password 230 Logged in ftp bin 200 Type I OK ftp get...

Страница 366: ...Prestige 2602HW Series User s Guide 366 Chapter 40 Internal SPTGEN...

Страница 367: ...e that the Prestige s power adaptor is connected to the Prestige and plugged in to an appropriate power source Check that the Prestige and the power source are both turned on Turn the Prestige off and...

Страница 368: ...the LAN If the 10M 100M LEDs on the front panel are both off refer to Make sure that the IP address and the subnet mask of the Prestige and your computer s are on the same subnet I cannot ping any com...

Страница 369: ...ID channel WEP keys if WEP encryption is activated and authentication method Internet connection disconnects Check the schedule rules Refer to the Call Scheduling chapter SMT If you use PPPoA or PPPoE...

Страница 370: ...r details Your computer s and the Prestige s IP addresses must be on the same subnet for LAN access If you changed the Prestige s LAN IP address then enter the new one as the URL Remove any filters in...

Страница 371: ...ured I cannot call from one of the Prestige s phone ports to the other phone port You cannot call the SIP number of the SIP account that you are using to make a call The Prestige generates a busy tone...

Страница 372: ...Prestige 2602HW Series User s Guide 372 Chapter 41 Troubleshooting...

Страница 373: ...ecifications 373 Appendix A Hardware Specifications Ethernet Cable Pin Assignments Figure 248 Ethernet Cable Pin Assignments Prestige 2602HWL DSL Port Pin Assignments The following figure describes th...

Страница 374: ...Prestige 2602HW Series User s Guide 374 Appendix A Hardware Specifications Figure 249 Prestige 2602HWL DSL Port Pin Assignments...

Страница 375: ...olts 50 60Hz 0 5A Output Power DC 18Volts 1A Power Consumption 15W Safety Standards UL CUL UL 1950 EUROPEAN PLUG STANDARDS AC Power Adapter Model ADS6818 1818 B 1810 Input Power AC 100 240Volts 50 60H...

Страница 376: ...Prestige 2602HW Series User s Guide 376 Appendix A Hardware Specifications...

Страница 377: ...s 3 1 requires the purchase of a third party TCP IP application package TCP IP should already be installed on computers using Windows NT 2000 XP Macintosh OS 7 and later operating systems After the ap...

Страница 378: ...t for Microsoft Networks If you need the adapter 1 In the Network window click Add 2 Select Adapter and then click Add 3 Select the manufacturer and model of your network adapter and then click OK If...

Страница 379: ...ork adapter s TCP IP entry and click Properties 2 Click the IP Address tab If your IP address is dynamic select Obtain an IP address automatically If you have a static IP address select Specify an IP...

Страница 380: ...ck OK to save and close the TCP IP Properties window 6 Click OK to close the Network window Insert the Windows CD if prompted 7 Turn on your Prestige and restart your computer when prompted Verifying...

Страница 381: ...ur Computer s IP Address 381 Figure 253 Windows XP Start Menu 2 For Windows XP click Network Connections For Windows 2000 NT click Network and Dial up Connections Figure 254 Windows XP Control Panel 3...

Страница 382: ...work Connections Properties 4 Select Internet Protocol TCP IP under the General tab in Win XP and click Properties Figure 256 Windows XP Local Area Connection Properties 5 The Internet Protocol TCP IP...

Страница 383: ...ure additional IP addresses In the IP Settings tab in IP addresses click Add In TCP IP Address type an IP address in IP address and a subnet mask in Subnet mask and then click Add Repeat the above two...

Страница 384: ...r fields If you have previously configured DNS servers click Advanced and then the DNS tab to order them Figure 258 Windows XP Internet Protocol TCP IP Properties 8 Click OK to close the Internet Prot...

Страница 385: ...Setting up Your Computer s IP Address 385 Macintosh OS 8 9 1 Click the Apple menu Control Panel and double click TCP IP to open the TCP IP Control Panel Figure 259 Macintosh OS 8 9 Apple Menu 2 Selec...

Страница 386: ...y Type your IP address in the IP Address box Type your subnet mask in the Subnet mask box Type the IP address of your Prestige in the Router address box 5 Close the TCP IP Control Panel 6 Click Save i...

Страница 387: ...lt in Ethernet from the Show list Click the TCP IP tab 3 For dynamically assigned settings select Using DHCP from the Configure list Figure 262 Macintosh OS X Network 4 For statically assigned setting...

Страница 388: ...Guide 388 Appendix B Setting up Your Computer s IP Address 5 Click Apply Now and close the window 6 Turn on your Prestige and restart your computer if prompted Verifying Settings Check your TCP IP pro...

Страница 389: ...address the first two octets make up the network number and the two remaining octets make up the host ID Class C addresses begin starting from the left with 1 1 0 In a class C address the first three...

Страница 390: ...the host ID Subnet masks are expressed in dotted decimal notation just as IP addresses are The natural masks for class A B and C IP addresses are as follows Subnetting With subnetting the class arran...

Страница 391: ...mask Normally if no mask is specified it is understood that the natural mask is being used Example Two Subnets As an example you have a class C address 192 168 1 0 with subnet mask of 255 255 255 0 T...

Страница 392: ...192 168 1 1 and the highest is 192 168 1 126 Similarly the host ID range for the second subnet is 192 168 1 129 to 192 168 1 254 Note In the following charts shaded bold last octet bit values indicate...

Страница 393: ...68 1 0 IP Address Binary 11000000 10101000 00000001 00000000 Subnet Mask Binary 11111111 11111111 11111111 11000000 Subnet Address 192 168 1 0 Lowest Host ID 192 168 1 1 Broadcast Address 192 168 1 63...

Страница 394: ...11111 11111111 11111111 11000000 Subnet Address 192 168 1 192 Lowest Host ID 192 168 1 193 Broadcast Address 192 168 1 255 Highest Host ID 192 168 1 254 Table 139 Eight Subnets SUBNET SUBNET ADDRESS F...

Страница 395: ...subnetting The following table is a summary for class B subnet planning Table 141 Class B Subnet Planning NO BORROWED HOST BITS SUBNET MASK NO SUBNETS NO HOSTS PER SUBNET 1 255 255 128 0 17 2 32766 2...

Страница 396: ...Prestige 2602HW Series User s Guide 396 Appendix C IP Subnetting...

Страница 397: ...a manner similar to dial up services using PPP Benefits of PPPoE PPPoE offers the following benefits It provides you with a familiar dial up networking DUN user interface It lessens the burden on the...

Страница 398: ...ccess Concentrator and tunnels the PPP frames to the ISP The L2TP tunnel is capable of carrying multiple PPP sessions With PPPoE the VC Virtual Circuit is equivalent to the dial up connection and is b...

Страница 399: ...onference room users access to the network as they move from meeting to meeting getting up to date access to information and the ability to communicate decisions while on the go It provides campus wid...

Страница 400: ...munication in an Ad hoc Network Infrastructure Wireless LAN Configuration For Infrastructure WLANs multiple Access Points APs link the WLAN to the wired network and allow users to efficiently share ne...

Страница 401: ...Prestige 2602HW Series User s Guide Appendix E Wireless LAN and IEEE 802 11 401 Figure 266 ESS Provides Campus Wide Coverage...

Страница 402: ...Prestige 2602HW Series User s Guide 402 Appendix E Wireless LAN and IEEE 802 11...

Страница 403: ...E 802 11b standard does not provide any central user account management User access control is done through manual modification of the MAC address table on the access point Although WEP data encryptio...

Страница 404: ...less LAN With IEEE 802 1x RADIUS Server Authentication Sequence The following figure depicts a typical wireless network with a remote RADIUS server for user authentication using EAPOL EAP Over LAN Fig...

Страница 405: ...authentication method does not support data encryption with dynamic session key You must configure WEP encryption keys for data encryption EAP TLS Transport Layer Security With EAP TLS digital certif...

Страница 406: ...ison of EAP Authentication Types EAP MD5 EAP TLS EAP TTLS PEAP LEAP Mutual Authentication No Yes Yes Yes Yes Certificate Client No Yes Optional Optional No Certificate Server No Yes Yes Yes No Dynamic...

Страница 407: ...kets between two Ethernet devices Some companies have more than one alternate route to one or more ISPs If the LAN and ISP s are in the same subnet the triangle route problem may occur The steps below...

Страница 408: ...must pass through the Prestige to your LAN The following steps describe such a scenario 1 A computer on the LAN initiates a connection by sending a SYN packet to a receiving server on the WAN 2 The P...

Страница 409: ...Prestige 2602HW Series User s Guide Appendix H Triangle Route 409...

Страница 410: ...Prestige 2602HW Series User s Guide 410 Appendix H Triangle Route...

Страница 411: ...An example of what you may enter Applies to the Prestige Table 144 Menu 1 General Setup SMT Menu 1 Menu 1 General Setup SMT Menu 1 FIN FN PVA INPUT 10000000 Configured 0 No 1 Yes 0 10000001 System Na...

Страница 412: ...rver 2 Relay 0 30200002 Client IP Pool Starting Address 192 168 1 33 30200003 Size of Client IP Pool 32 30200004 Primary DNS Server 0 0 0 0 30200005 Secondary DNS Server 0 0 0 0 30200006 Remote DHCP S...

Страница 413: ...012 IP Alias 1 Outgoing protocol filters Set 3 256 30201013 IP Alias 1 Outgoing protocol filters Set 4 256 30201014 IP Alias 2 0 No 1 Yes 0 30201015 IP Address 0 0 0 0 30201016 IP Subnet Mask 0 302010...

Страница 414: ...ld 256 2432 2432 30500006 WEP 0 DISABLE 1 64 bit WEP 2 128 bit WEP 0 30500007 Default Key 1 2 3 4 0 30500008 WEP Key1 30500009 WEP Key2 30500010 WEP Key3 30500011 WEP Key4 30500012 Wlan Active 0 Disab...

Страница 415: ...st pqa 40000010 My Password Str 1234 40000011 Single User Account 0 No 1 Yes 1 40000012 IP Address Assignment 0 Static 1 D ynamic 1 40000013 IP Address 0 0 0 0 40000014 Remote IP address 0 0 0 0 40000...

Страница 416: ...No 1 Yes 0 120101003 IP Static Route set 1 Destination IP address 0 0 0 0 120101004 IP Static Route set 1 Destination IP subnetmask 0 120101005 IP Static Route set 1 Gateway 0 0 0 0 120101006 IP Stat...

Страница 417: ...IP Static Route set 4 Private 0 No 1 Yes 0 Menu 12 1 5 IP Static Route Setup SMT Menu 12 1 5 FIN FN PVA INPUT 120105001 IP Static Route set 5 Name Str 120105002 IP Static Route set 5 Active 0 No 1 Yes...

Страница 418: ...oute set 8 Gateway 0 0 0 0 120108006 IP Static Route set 8 Metric 0 120108007 IP Static Route set 8 Private 0 No 1 Yes 0 Menu 12 1 9 IP Static Route Setup SMT Menu 12 1 9 FIN FN PVA INPUT 120109001 IP...

Страница 419: ...ddress 0 0 0 0 120112004 IP Static Route set 12 Destination IP subnetmask 0 120112005 IP Static Route set 12 Gateway 0 0 0 0 120112006 IP Static Route set 12 Metric 0 120112007 IP Static Route set 12...

Страница 420: ...P Static Route Setup SMT Menu 12 1 16 FIN FN PVA INPUT 120116001 IP Static Route set 16 Name Str 120116002 IP Static Route set 16 Active 0 No 1 Yes 0 120116003 IP Static Route set 16 Destination IP ad...

Страница 421: ...6 Active 0 No 1 Yes 0 0 150000023 SUA Server 6 Protocol 0 All 6 TCP 17 U DP 0 150000024 SUA Server 6 Port Start 0 150000025 SUA Server 6 Port End 0 150000026 SUA Server 6 Local IP address 0 0 0 0 150...

Страница 422: ...SUA Server 12 Port End 0 150000056 SUA Server 12 Local IP address 0 0 0 0 Table 148 Menu 15 SUA Server Setup SMT Menu 15 continued Table 149 Menu 21 1 Filter Set 1 SMT Menu 21 1 Menu 21 Filter set 1 S...

Страница 423: ...IP Filter Set 1 Rule 2 Dest Port Comp 0 none 1 equal 2 not equal 3 less 4 greater 1 210102008 IP Filter Set 1 Rule 2 Src IP address 0 0 0 0 210102009 IP Filter Set 1 Rule 2 Src Subnet Mask 0 21010201...

Страница 424: ...ilter Set 1 Rule 4 Active 0 No 1 Yes 1 210104003 IP Filter Set 1 Rule 4 Protocol 17 210104004 IP Filter Set 1 Rule 4 Dest IP address 0 0 0 0 210104005 IP Filter Set 1 Rule 4 Dest Subnet Mask 0 2101040...

Страница 425: ...Set 1 Rule 5 Act Match 1 check next 2 forward 3 drop 3 210105014 IP Filter Set 1 Rule 5 Act Not Match 1 Check Next 2 Forward 3 Dro p 1 Menu 21 1 1 6 set 1 rule 6 SMT Menu 21 1 1 6 FIN FN PVA INPUT 210...

Страница 426: ...ule 1 Active 0 No 1 Yes 1 210201003 IP Filter Set 2 Rule 1 Protocol 6 210201004 IP Filter Set 2 Rule 1 Dest IP address 0 0 0 0 210201005 IP Filter Set 2 Rule 1 Dest Subnet Mask 0 210201006 IP Filter S...

Страница 427: ...p 0 none 1 equal 2 not equal 3 less 4 gr eater 0 210202013 IP Filter Set 2 Rule 2 Act Match 1 check next 2 forward 3 drop 3 210202014 IP Filter Set 2 Rule 2 Act Not Match 1 check next 2 forward 3 drop...

Страница 428: ...4 Dest Subnet Mask 0 210204006 IP Filter Set 2 Rule 4 Dest Port 137 210204007 IP Filter Set 2 Rule 4 Dest Port Comp 0 none 1 equal 2 not equal 3 less 4 gr eater 1 210204008 IP Filter Set 2 Rule 4 Src...

Страница 429: ...210205014 IP Filter Set 2 Rule 5 Act Not Match 1 check next 2 forward 3 drop 1 Menu 21 1 2 6 Filter set 2 rule 6 SMT Menu 21 1 2 5 FIN FN PVA INPUT 210206001 IP Filter Set 2 Rule 6 Type 0 none 2 TCP I...

Страница 430: ...Menu 23 Menu 23 1 System Password Setup SMT Menu 23 1 FIN FN PVA INPUT 230000000 System Password 1234 Menu 23 2 System security radius server SMT Menu 23 2 FIN FN PVA INPUT 230200001 Authentication Se...

Страница 431: ...ixed Mode 0 Disable 1 Enable 0 230400009 Data Privacy for Broadcast Multicast packets 0 TKIP 1 WEP 0 230400010 WPA Broadcast Multicast Key Update Timer 0 Table 151 Menu 23 System Menus SMT Menu 23 con...

Страница 432: ...eens associated with the Prestige s command interpreter commands Table 153 ci command for annex a wan adsl opencmd ci command for annex a wan adsl opencmd FIN FN PVA INPUT 990000001 ADSL OPMD 0 glite...

Страница 433: ...r the command keywords exactly as shown do not abbreviate The required fields in a command are enclosed in angle brackets The optional fields in a command are enclosed in square brackets The symbol me...

Страница 434: ...Prestige 2602HW Series User s Guide 434 Appendix J Command Interpreter...

Страница 435: ...es disables the firewall cnt disp Displays the firewall log type and count clear Clears the firewall log count pktdump Dumps the last 64 bytes of packets that the firewall has dropped dynamicrule disp...

Страница 436: ...Prestige 2602HW Series User s Guide 436 Appendix K Firewall Commands...

Страница 437: ...le Prestige boot module commands as shown in the next screen ATBAx allows you to change the console port speed The x denotes the number preceding the colon to give the console port speed following the...

Страница 438: ...a ATDUx y dump memory contents from address x for length y ATRBx display the 8 bit value of address x ATRWx display the 16 bit value of address x ATRLx display the 32 bit value of address x ATGO x run...

Страница 439: ...Successful TELNET login Someone has logged on to the router via telnet TELNET login failed Someone has failed to log on to the router via telnet Successful FTP login Someone has logged on to the rout...

Страница 440: ...NetBIOS filter settings WAN connection is down A WAN connection is down You cannot access the network through this interface Table 157 Access Control Logs LOG MESSAGE DESCRIPTION Firewall default poli...

Страница 441: ...reset packet when the number of incomplete connections TCP and UDP exceeded the user configured threshold Incomplete count is for all TCP and UDP connections through the firewall Note When the number...

Страница 442: ...le board 0 line 0 channel 0 call 3 C01 Outgoing Call dev 6 ch 0 Means the router has dialed to the PPPoE server 3 times board d line d channel d call d s C02 OutCall Connected d s The PPPoE PPTP or di...

Страница 443: ...ee Table 168 ip spoofing WAN TCP UDP IGMP ESP GRE OSPF The firewall detected an IP spoofing attack on the WAN port ip spoofing WAN ICMP type d code d The firewall detected an ICMP IP spoofing attack o...

Страница 444: ...the RADIUS Server Local User Database does not support authentication method The local user database only supports the EAP MD5 method A user tried to use another authentication method and was not aut...

Страница 445: ...e WAN to WAN Prestige ACL set for packets traveling from the WAN to the WAN or the Prestige Table 168 ICMP Notes TYPE CODE DESCRIPTION 0 Echo Reply 0 Echo reply message 3 Destination Unreachable 0 Net...

Страница 446: ...e web MAIN MENU LOGS Log Settings page The severity is the log s syslog class The definition of messages and notes are defined in the various log charts throughout this appendix The devID is the last...

Страница 447: ...t Outgoing Call Number Someone used a phone connected to the listed phone port to make a VoIP call to the listed destination VoIP Call End Phone Phone Port A VoIP phone call made from a phone connecte...

Страница 448: ...e Prestige is to record 2 Use sys logs category to view a list of the log categories Figure 274 Displaying Log Categories Example 3 Use sys logs category followed by a log category to display the para...

Страница 449: ...every parameter is available with every category 5 Use the sys logs save command to store the settings in the Prestige you must do this in order to record logs Displaying Logs Use the sys logs displa...

Страница 450: ...on notes message 7 01 01 2000 09 40 13 192 168 1 1 3 192 168 1 33 1 ACCESS FO RWARD Router reply ICMP packet ICMP type 3 code 1 8 01 01 2000 09 40 07 192 168 1 1 3 192 168 1 33 1 ACCESS FO RWARD Route...

Страница 451: ...tions 262 ATM Loopback Test 221 ATM QoS Type 253 ATM Status 221 Attack Alert 181 183 Attack Types 154 Authentication 257 258 Authentication databases 95 authentication databases 313 Authentication Pas...

Страница 452: ...try Code 318 CPU Load 317 CTS Clear to Send 82 Custom Ports Creating Editing 173 Customer Support 6 Customized Services 173 Customized services 173 D Data encryption 84 Data Filtering 291 data privacy...

Страница 453: ...nded Service Set Identification 85 Example Internal SPTGEN Screens 411 Exiting the SMT 229 Expiration Duration 133 Extended Service Set 400 Extended Service Set ESS 82 Extensible Authentication Protoc...

Страница 454: ...E 802 11 399 Deployment Issues 403 Security Flaws 403 IEEE 802 11g 45 IEEE 802 11g Data Rates 45 IEEE 802 11g Modulation 45 IEEE 802 11g Wireless LAN 45 IEEE 802 11i 45 IEEE 802 1Q VLAN 135 IEEE 802 1...

Страница 455: ...IP 75 LAN to WAN Rules 166 LAND 152 153 Lifeline 42 140 Lifeline Screen 141 Link type 316 Listening Port 66 132 Listening Volume 138 LLC based Multiplexing 263 Local Network Rule Summary 168 Local Us...

Страница 456: ...n NAT 46 273 Network Authentication 88 Network Management 48 117 Network Topology With RADIUS Server Example 404 NNTP 117 Non Proxy 139 NTP Time Servers 145 O OFDM 45 OK Response 126 One Minute High 1...

Страница 457: ...88 RADIUS server 309 RAS 318 352 Rate Receiving 316 Transmission 316 Read Me First 37 Real time Transport Protocol 128 134 Register 215 Register Resend Timer 133 REGISTER Server Address 66 132 REGIST...

Страница 458: ...entities 125 SIP INVITE Request 126 SIP Local Port 66 132 SIP Number 66 125 132 139 SIP Proxy Server 127 SIP Redirect Server 127 SIP Register Server 128 SIP Registration Status 215 SIP Server Address...

Страница 459: ...tion 70 Text File Format 363 TFTP Restrictions 348 TFTP File Transfer 336 TFTP Restrictions 189 328 Three Way Handshake 153 Threshold Values 182 Time and Date Setting 343 Time Zone 344 Timeout 238 TKI...

Страница 460: ...55 150 159 165 290 web configurator screen summary 55 WEP Default Key 246 WEP Wired Equivalent Privacy 45 86 246 WEP Encryption 246 WEP encryption 84 Wi Fi Protected Access 90 Wi Fi Protected Access...

Отзывы:

Нет отзывов

Похожие инструкции для Prestige 2602HW Series

Бренд: D-Link Страницы: 10

SmartSwitch Router

Бренд: Cabletron Systems Страницы: 338

Бренд: LAWO Страницы: 154

Бренд: Patton electronics Страницы: 51

Бренд: Parkside Страницы: 55

Бренд: Parkside Страницы: 34

Бренд: TC Electronic Страницы: 174

Бренд: Funkwerk Страницы: 2

Proventia A1204

Бренд: Internet Security Systems Страницы: 42

Бренд: ICP DAS USA Страницы: 62

Бренд: Cisco MERAKI Страницы: 4

Бренд: Tripp Lite Страницы: 2

Бренд: ATTO Technology Страницы: 2

WNR2000v2 - Wireless- N 300 Router

Бренд: NETGEAR Страницы: 144

BladeCenter 1/10 Gb Uplink Ethernet SwitchModule

Бренд: IBM Страницы: 58

Бренд: LG Страницы: 8

Бренд: LG Страницы: 8

Бренд: LG Страницы: 11

Бренды по названию

0 1 2 3 4 5 6 7 8 9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Популярные бренды

Загрузить еще бренды