ZyXEL Communications Prestige 652 Series Скачать руководство пользователя страница 189 | Manualshive

Страница: 189 / 523

ZyXEL Communications Prestige 652 Series Скачать руководство пользователя страница 189

Prestige 652 Series User’s Guide

VPN Screens

17-5

Table 17-2 VPN Summary

LABEL

DESCRIPTION

Secure Gateway
IP

This is the IP address of the remote IPSec router. This must be a fixed, public IP address
for traffic going through the Internet.

Back

Click

Back

to return to the previous screen.

17.6 Keep Alive

When you initiate an IPSec tunnel with keep alive enabled, the Prestige automatically renegotiates the tunnel
when the IPSec SA lifetime period expires (see

section 17.10

for more on the IPSec SA lifetime). In effect,

the IPSec tunnel becomes an “always on” connection after you initiate it. Both IPSec routers must have a
Prestige-compatible keep alive feature enabled in order for this feature to work.

If the Prestige has its maximum number of simultaneous IPSec tunnels connected to it and they all have keep
alive enabled, then no other tunnels can take a turn connecting to the Prestige because the Prestige never
drops the tunnels that are already connected. Check

Table 1-1 Model Specific Features

in chapter 1 to see

how many simultaneous IPSec SAs your Prestige model can support.

When there is outbound traffic with no inbound traffic, the Prestige automatically

drops the tunnel after two minutes.

17.7 ID Type and Content

With aggressive negotiation mode (see

section

), the Prestige identifies incoming SAs by ID type and

content since this identifying information is not encrypted. This enables the Prestige to distinguish between
multiple rules for SAs that connect from remote IPSec routers that have dynamic WAN IP addresses.
Telecommuters can use separate passwords to simultaneously connect to the Prestige from IPSec routers with
dynamic IP addresses (see

section 17.16.2

for a telecommuter configuration example).

With main mode (see

section

), the ID type and content are encrypted to provide identity protection.

In this case the Prestige can only distinguish between up to eight different incoming SAs that connect from
remote IPSec routers that have dynamic WAN IP addresses. The Prestige can distinguish up to eight
incoming SAs because you can select between two encryption algorithms (DES and 3DES), two
authentication algorithms (MD5 and SHA1) and two key groups (DH1 and DH2) when you configure a VPN
rule (see

section 17.11

). The ID type and content act as an extra level of identification for incoming SAs.

The type of ID can be a domain name, an IP address or an e-mail address. The content is the IP address,
domain name, or e-mail address.

«
...
187
188
189
190
191
...
»

Содержание Prestige 652 Series

Страница 1: ...Prestige 652 Series ADSL Security Wireless LAN Router User s Guide Version 3 40 June 2003...

Страница 2: ...y ZyXEL Communications Corporation All rights reserved Disclaimer ZyXEL does not assume any liability arising out of the application or use of any products or software described herein Neither does it...

Страница 3: ...equency energy and if not installed and used in accordance with the instructions may cause harmful interference to radio communications If this equipment does cause harmful interference to radio telev...

Страница 4: ...he purchaser This warranty is in lieu of all other warranties express or implied including any implied warranty of merchantability or fitness for a particular use or purpose ZyXEL shall in no event be...

Страница 5: ...578 2439 ftp europe zyxel com ZyXEL Communications Corp 6 Innovation Road II Science Based Industrial Park Hsinchu 300 Taiwan support zyxel com 1 800 255 4101 www us zyxel com NORTH AMERICA sales zyx...

Страница 6: ...2 Accessing the Prestige Web Configurator 2 1 2 3 Navigating the Prestige Web Configurator 2 2 2 4 Resetting the Prestige 2 3 Chapter 3 Wizard Setup 3 1 3 1 Wizard Setup Introduction 3 1 3 2 Encapsul...

Страница 7: ...guring RADIUS 6 14 Chapter 7 WAN Setup 7 1 7 1 WAN Overview 7 1 7 2 Metric 7 1 7 3 PPPoE Encapsulation 7 1 7 4 Traffic Shaping 7 2 7 5 Configuring WAN Setup 7 3 7 6 WAN Backup 7 7 7 7 Traffic Redirect...

Страница 8: ...2 2 Enabling the Firewall 12 1 12 3 Attack Alert 12 2 Chapter 13 Creating Custom Rules 13 1 13 1 Rules Overview 13 1 13 2 Rule Logic Overview 13 1 13 3 Connection Direction 13 3 13 4 Logs 13 4 13 5 Ru...

Страница 9: ...elecommuter VPN IPSec Examples 17 25 17 17 VPN and Remote Management 17 27 Remote Management UPnP and Logs VI Chapter 18 Remote Management Configuration 18 1 18 1 Remote Management Overview 18 1 18 2...

Страница 10: ...Backup Setup 24 6 24 6 Remote Node Profile Backup ISP 24 8 24 7 Editing PPP Options 24 10 24 8 Editing TCP IP Options 24 11 24 9 Editing Login Script 24 13 24 10 Remote Node Filter 24 14 Chapter 25 Me...

Страница 11: ...3 Enabling the Firewall 32 1 SMT Advanced Management IX Chapter 33 Filter Configuration 33 1 33 1 About Filtering 33 1 33 2 Configuring a Filter Set for the Prestige 652H HW 33 4 33 3 Configuring a F...

Страница 12: ...ting Overview 40 1 40 2 Benefits of IP Policy Routing 40 1 40 3 Routing Policy 40 1 40 4 IP Routing Policy Setup 40 2 40 5 Applying an IP Policy 40 5 40 6 IP Policy Routing Example 40 7 Chapter 41 Cal...

Страница 13: ...Appendix D PPPoE D 1 Appendix E Virtual Circuit Topology E 1 Appendix F Power Adaptor Specifications F 1 Appendix G Example Internal SPTGEN Screens G 1 Appendix H Setting up Your Computer s IPAddress...

Страница 14: ...N Configuration 3 13 Figure 3 8 Wizard Screen 4 3 14 Figure 4 1 Password 4 1 Figure 5 1 LAN and WAN IP Addresses 5 1 Figure 5 2 LAN 5 4 Figure 6 1 RTS CTS 6 2 Figure 6 2 Prestige Wireless Security Lev...

Страница 15: ...d Services 14 1 Figure 14 2 Creating Editing A Customized Service 14 2 Figure 14 3 Configure Source IP Example 14 4 Figure 14 4 Customized Service for MyService Example 14 4 Figure 14 5 Syslog Rule Co...

Страница 16: ...eneral Setup 23 2 Figure 23 2 Menu 1 1 Configure Dynamic DNS 23 3 Figure 24 1 Menu 2 WAN Backup Setup 24 2 Figure 24 2 Menu 2 1Traffic Redirect Setup 24 3 Figure 24 3 Menu 2 2 Dial Backup Setup 24 5 F...

Страница 17: ...Figure 30 1 Menu 11 1 Remote Node Profile 30 2 Figure 30 2 Menu 11 3 Remote Node Network Layer Options 30 2 Figure 30 3 Menu 12 3 1 Edit Bridge Static Route 30 3 Figure 31 1 Menu 4 Applying NAT for I...

Страница 18: ...emote Node Traffic 33 20 Figure 34 1 SNMP Management Model 34 1 Figure 34 2 Menu 22 SNMP Configuration 34 3 Figure 35 1 Menu 23 System Security 35 1 Figure 35 2 Menu 23 System Security 35 1 Figure 35...

Страница 19: ...8 3 Menu 24 9 System Maintenance Call Control 38 2 Figure 38 4 Menu 24 9 1 System Maintenance Budget Management 38 3 Figure 38 5 Menu 24 System Maintenance 38 4 Figure 38 6 Menu 24 10 System Maintenan...

Страница 20: ...n Text File Format Column Descriptions 44 2 Figure 43 2 Invalid Parameter Entered Command Line Example 44 3 Figure 43 3 Valid Parameter Entered Command Line Example 44 3 Figure 43 4 Internal SPTGEN FT...

Страница 21: ...odem Setup 7 18 Table 8 1 NAT Definitions 8 1 Table 8 2 NAT Mapping Types 8 5 Table 8 3 Services and Port Numbers 8 7 Table 8 4 NAT Mode 8 9 Table 8 5 Edit SUA NAT Server Set 8 10 Table 8 6 Address Ma...

Страница 22: ...2 Table 20 1 Log Settings 20 3 Table 20 2 View Logs 20 4 Table 20 3 SMTP Error Messages 20 5 Table 21 1 System Status 21 2 Table 21 2 System Status Show Statistics 21 4 Table 21 3 DHCP Table 21 6 Tab...

Страница 23: ...e 33 3 Menu 21 1 x 1 TCP IP Filter Rule 33 10 Table 33 4 Menu 21 1 5 1 Generic Filter Rule 33 14 Table 33 5 Filter Sets Table 33 19 Table 34 1 Menu 22 SNMP Configuration 34 3 Table 34 2 SNMP Traps 34...

Страница 24: ...of Tables Table 41 2 Menu 27 1 1 IPSec Setup 42 6 Table 41 3 Menu 27 1 1 1 IKE Setup 42 12 Table 41 4 Active Protocol Encapsulation and Security Protocol 42 13 Table 41 5 Menu 27 1 1 2 Manual Setup 4...

Страница 25: ...s B 1 Chart B 2 Allowed IP Address Range By Class B 2 Chart B 3 Natural Masks B 2 Chart B 4 Alternative Subnet Mask Notation B 3 Chart B 5 Subnet 1 B 4 Chart B 6 Subnet 2 B 4 Chart B 7 Subnet 1 B 5 Ch...

Страница 26: ...eatures not configurable by web configurator Use the web configurator System Management Terminal SMT or command interpreter interface to configure your Prestige Not all features can be configured thro...

Страница 27: ...e click the Apple icon Control Panels and then Modem means first click the Apple icon then point your mouse pointer to Control Panels and then click Modem For brevity s sake we will use e g as a short...

Страница 28: ...stream capacity Asymmetrical services ADSL are suitable for Internet users because more information is usually downloaded than uploaded For example a simple button click in a web browser can start an...

Страница 29: ...I Getting Started This part is structured as a step by step guide to help you access your Prestige It covers key features and applications accessing the web configurator and configuring the wizard scr...

Страница 30: ......

Страница 31: ...here within the coverage area The web browser based Graphical User Interface provides easy management and is totally independent of the operating system platform you use 1 2 Features of the Prestige Y...

Страница 32: ...me offices Computers with wireless LAN Ethernet adapters can connect to the local area network without any wiring efforts and enjoy reliable high speed connectivity Wireless LAN MAC Address Filtering...

Страница 33: ...ws data transfer of either 10 Mbps or 100 Mbps in either half duplex or full duplex mode depending on your Ethernet network Auto crossover 10 100 Mbps Ethernet Interface s These interfaces automatical...

Страница 34: ...P configuration at start up from a centralized DHCP server The Prestige has built in DHCP server capability enabled by default It can assign IP addresses an IP default gateway and DNS servers to DHCP...

Страница 35: ...plexing Encapsulation The Prestige supports PPPoA RFC 2364 PPP over ATM Adaptation Layer 5 RFC 1483 encapsulation over ATM MAC encapsulated routing ENET encapsulation as well as PPP over Ethernet RFC...

Страница 36: ...anywhere in your busy office 1 3 Applications for the Prestige Here are some example uses for which the Prestige is well suited 1 3 1 Internet Access The Prestige is the ideal high speed Internet acce...

Страница 37: ...that allows multiple users on the LAN Local Area Network to access the Internet concurrently for the cost of a single IP address 1 3 2 Firewall for Secure Broadband Internet Access The Prestige provid...

Страница 38: ...pplication 1 3 3 VPN Application The Prestige s VPN feature makes it an ideal cost effective way to connect branch offices and business partners over the Internet without the need and expense for leas...

Страница 39: ...Know Your Prestige 1 9 Figure 1 3 VPN Application 1 3 4 LAN to LAN Application You can use the Prestige to connect two geographically dispersed networks over the ADSL line A typical LAN to LAN applic...

Страница 40: ...Prestige 652 Series User s Guide 1 10 Getting To Know Your Prestige Figure 1 4 Prestige LAN to LAN Application...

Страница 41: ...Netscape Navigator 7 0 and later versions with JavaScript enabled It is recommended that you set your screen resolution to 1024 by 768 pixels 2 2 Accessing the Prestige Web Configurator Step 1 Make su...

Страница 42: ...or from the SITE MAP screen Screens vary slightly for different Prestige models Select a language from the Language drop down list box Click Wizard Setup to begin a series of screens to configure your...

Страница 43: ...tion file replaces the current configuration file with the factory default configuration file This means that you will lose all configurations that you had previously and the speed of the console port...

Страница 44: ...nter Debug Mode within 3 seconds press any key to enter debug mode Step 2 Enter atlc after Enter Debug Mode message Step 3 Wait for Starting XMODEM upload message before activating Xmodem upload on yo...

Страница 45: ...ted Ethernet frames into bridged ATM cells ENET ENCAP requires that you specify a gateway IP address in the Ethernet Encapsulation Gateway field in the second wizard screen You can get this informatio...

Страница 46: ...1 carries IP etc VC based multiplexing may be dominant in environments where dynamic creation of large numbers of ATM VCs is fast and economical 3 3 2 LLC based Multiplexing In this case one VC carrie...

Страница 47: ...Choices vary depending on what you select in the Mode field If you select Bridge in the Mode field select either PPPoA or RFC 1483 If you select Routing in the Mode field select PPPoA RFC 1483 ENET EN...

Страница 48: ...signed Number Authority IANA reserved this block of addresses specifically for private use please do not use any other number unless you are told otherwise Let s say you select 192 168 1 0 as the netw...

Страница 49: ...IP Addresses Every machine on the Internet must have a unique address If your networks are isolated from the Internet for example only between your two branch offices you can assign any IP addresses t...

Страница 50: ...reasons Do not specify a nailed up connection unless your telephone company offers flat rate service or you need a constant connection and the cost is of no concern 3 9 NAT NAT Network Address Transla...

Страница 51: ...Obtain an IP Address Automatically if you have a dynamic IP address otherwise select Static IP Address and type your ISP assigned IP address in the IP Address text box below Connection Select Connect...

Страница 52: ...1483 LABEL DESCRIPTION IP Address This field is available if you select Routing in the Mode field Type your ISP assigned IP address in this field Network Address Translation Select None SUA Only or F...

Страница 53: ...Internet The Single User Account feature can be used with either a dynamic or static IP address Select Obtain an IP Address Automatically if you have a dynamic IP address otherwise select Static IP Ad...

Страница 54: ...ss Translation Select None SUA Only or Full Feature from the drop sown list box Refer to the NAT chapter for more details Back Click Back to go back to the first wizard screen Next Click Next to conti...

Страница 55: ...ult setting selects Connection on Demand with 0 as the idle time out which means the Internet session will not timeout Select Nailed Up Connection when you want your connection up all the time The Pre...

Страница 56: ...192 168 1 1 for other server machines for example server for mail FTP telnet web etc that you may have 3 12 Wizard Setup Configuration Third Screen Step 1 Verify the settings in the screen shown next...

Страница 57: ...8 1 1 factory default If you changed the Prestige s LAN IP address you must use the new IP address if you want to access the web configurator again LAN Subnet Mask Enter a subnet mask in dotted decima...

Страница 58: ...The DNS servers are passed to the DHCP clients along with the IP address and the subnet mask Secondary DNS Server As above Back Click Back to go back to the previous screen Finish Click Finish to save...

Страница 59: ...te to www zyxel com Internet access is just the beginning Refer to the rest of this User s Guide for more detailed information on the complete range of Prestige features If you cannot access the Inter...

Страница 60: ......

Страница 61: ...Password LAN Wireless LAN and WAN II Part II Password LAN Wireless LAN and WAN This part covers the password LAN Local Area Network wireless LAN and WAN setup...

Страница 62: ......

Страница 63: ...for accessing the Prestige 4 2 Configuring Password To change your Prestige s password recommended click Password The screen appears as shown Figure 4 1 Password The following table describes the fiel...

Страница 64: ...2 Password Setup Table 4 1 Password LABEL DESCRIPTION Retype to Confirm Type the new password again in this field Apply Click Apply to save your changes back to the Prestige Cancel Click Cancel to be...

Страница 65: ...works one inside the LAN network the other outside the WAN network as shown next Figure 5 1 LAN and WAN IP Addresses 5 2 DNS Server Address DNS Domain Name System is for mapping a domain name to its c...

Страница 66: ...servers to the computers and the computers can query the DNS server directly without the Prestige s intervention 5 3 DNS Server Address Assignment Use DNS Domain Name System to map a domain name to it...

Страница 67: ...transmitted in one of either two ways Unicast 1 sender 1 recipient or Broadcast 1 sender everybody on the network Multicast delivers IP packets to a group of hosts on the network not everybody and no...

Страница 68: ...e 652 Series User s Guide 5 4 LAN Setup 5 5 Configuring LAN Click LAN to open the following screen Figure 5 2 LAN The following table describes the fields in this screen Table 5 1 LAN LABEL DESCRIPTIO...

Страница 69: ...count of the IP address pool Primary DNS Server Enter the IP addresses of the DNS servers The DNS servers are passed to the DHCP clients along with the IP address and the subnet mask Secondary DNS Se...

Страница 70: ...Prestige 652 Series User s Guide 5 6 LAN Setup Table 5 1 LAN LABEL DESCRIPTION Cancel Click this button to reset the fields in this screen...

Страница 71: ...s XP An optional network RADIUS server for remote user authentication and accounting 6 1 2 Channel The range of radio frequencies used by IEEE 802 11b wireless devices is called a channel Channels ava...

Страница 72: ...n send before an RTS Request To Send CTS Clear to Send handshake is invoked When a data frame exceeds the RTS CTS value you set between 0 to 2432 bytes the station that wants to transmit this frame mu...

Страница 73: ...ta frames will be fragmented before they reach RTS CTS size 6 2 Levels of Security Wireless security is vital to your network to protect wireless communication between wireless stations access points...

Страница 74: ...a ZyAIR series wireless LAN PCMCIA card to add optional wireless LAN capabilities Step 1 Turn off the Prestige Never insert or remove a wireless LAN card when the Prestige is turned on Step 2 Locate...

Страница 75: ...reless LAN Wireless stations associating to the Prestige must have the same ESSID Enter a descriptive name up to 32 characters Hide ESSID Select Yes to hide the ESSID in so a station cannot obtain the...

Страница 76: ...WEP to use data encryption Key 1 to Key 4 The WEP keys are used to encrypt data Both the Prestige and the wireless stations must use the same WEP key for data transmission If you chose 64 bit WEP then...

Страница 77: ...less LAN Setup 6 7 To change your Prestige s MAC filter settings click Wireless LAN MAC Filter to open the MAC Filter screen The screen appears as shown Figure 6 4 MAC Address Filter The following tab...

Страница 78: ...Click Cancel to begin configuring this screen afresh 6 7 Network Authentication You can set the Prestige and your network to authenticate a wireless station before the wireless station can communicat...

Страница 79: ...r response from the user and then sends another Access Request message The following types of RADIUS messages are exchanged between the access point and the RADIUS server for user accounting Accountin...

Страница 80: ...station sends a start message to the Prestige Step 2 The Prestige sends a request identity message to the wireless station for identity information Step 3 The wireless station replies with identity in...

Страница 81: ...wired network ReAuthentication Timer Specify how often wireless stations have to reenter user names and passwords in order to stay connected This field is activated only when you select Authentication...

Страница 82: ...ck the user database on the Prestige for a client s user name and password If the user name is not found the Prestige checks the user database on the specified RADIUS server Select RADIUS first then L...

Страница 83: ...Prestige 652 Series User s Guide Wireless LAN Setup 6 13 Figure 6 7 Local User Database The following table describes the fields in this screen...

Страница 84: ...31 characters long for this user profile Back Click Back to go to the main wireless LAN setup screen Apply Click Apply to save these settings back to the Prestige Cancel Click Cancel to begin configu...

Страница 85: ...over the network This key must be the same on the external authentication server and Prestige Accounting Server Active Select Yes from the drop down list box to enable user authentication through an e...

Страница 86: ......

Страница 87: ...rect route see section 7 6 3 WAN backup route also called dial backup see section 7 6 For example if the normal route has a metric of 1 and the traffic redirect route has a metric of 2 and dial backup...

Страница 88: ...an agreement between the carrier and the subscriber to regulate the average rate and burstiness or fluctuation of data transmission over an ATM network This agreement helps eliminate congestion which...

Страница 89: ...2 Series User s Guide WAN Setup 7 3 Figure 7 1 Example of Traffic Shaping 7 5 Configuring WAN Setup To change your Prestige s WAN remote node settings click WAN WAN Setup The screen differs by the enc...

Страница 90: ...Prestige 652 Series User s Guide 7 4 WAN Setup Figure 7 2 WAN Setup The following table describes the fields in this screen...

Страница 91: ...ine a virtual circuit Refer to the appendix for more information VPI The valid range for the VPI is 0 to 255 Enter the VPI assigned to you VCI The valid range for the VCI is 32 to 65535 0 to 31 is res...

Страница 92: ...ime you connect to the Internet The Single User Account feature can be used with either a dynamic or static IP address Select Obtain an IP Address Automatically if you have a dynamic IP address otherw...

Страница 93: ...in the to calculate a subnet mask If you are implementing subnetting ENET ENCAP Gateway ENET ENCAP encapsulation only You must specify a gateway IP address supplied by your ISP when you select ENET E...

Страница 94: ...ure 7 4 Traffic Redirect WAN Setup The following network topology allows you to avoid triangle route security issues when the backup gateway is connected to the LAN or DMZ Use IP alias to configure th...

Страница 95: ...ge 652 Series User s Guide WAN Setup 7 9 Figure 7 5 Traffic Redirect LAN Setup 7 9 Configuring WAN Backup To change your Prestige s WAN backup settings click WAN then WAN Backup The screen appears as...

Страница 96: ...screen Table 7 2 WAN Backup LABEL DESCRIPTION Backup Type Select the method that the Prestige uses to check the DSL connection Select DSL Link to have the Prestige check the DSL connection s physical...

Страница 97: ...affic Timeout Type the number of seconds 3 recommended for your Prestige to wait for a ping response from one of the IP addresses in the Check WAN IP Address field before timing out the request The WA...

Страница 98: ...re 9600 19200 38400 57600 115200 or 230400 bps User Name Type the login name assigned by your ISP Password Type the password assigned by your ISP Pri Phone Type the first primary phone number from the...

Страница 99: ...Prestige 652 Series User s Guide WAN Setup 7 13 Figure 7 7 Advanced WAN Backup...

Страница 100: ...equire dialing the pound sign before the phone number for local calls Include a symbol at the beginning of the phone numbers as required Dial Backup Port Speed Use the drop down list box to select the...

Страница 101: ...difference being that RIP 2B uses subnet broadcasting while RIP 2M uses multicasting Multicasting can reduce the load on non router machines since they generally do not listen to the RIP multicast ad...

Страница 102: ...up connection can be used during the time configured in the Period field Set an amount that is less than the time period configured in the Period field If you set the Allocated Budget to 0 you will no...

Страница 103: ...e strings tell the Prestige the tags or labels immediately preceding the various call parameters sent from the WAN device The response strings have not been standardized please consult the documentati...

Страница 104: ...ype the AT Command string to make a call Example atdt Drop Type the AT Command string to drop a call represents a one second wait for example ath can be used if your modem has a slow response time Ans...

Страница 105: ...r of times for the Prestige to retry a busy or no answer phone number before blacklisting the number Example 0 Retry Interval Type a number of seconds for the Prestige to wait before trying another ca...

Страница 106: ......

Страница 107: ...NAT Dynamic DNS and Time Zone III Part III NAT Dynamic DNS and Time Zone This part covers NAT Network Address Translation dynamic DNS Domain Name Sever and Time Zone setup...

Страница 108: ......

Страница 109: ...cal address refers to the IP address of a host when the packet is in the local network while the global address refers to the IP address of the host when the same packet is traveling in the WAN side N...

Страница 110: ...If you do not define any servers for Many to One and Many to Many Overload mapping see Table 8 2 NAT offers the additional benefit of firewall protection With no servers defined your Prestige filters...

Страница 111: ...T Works 8 1 4 NAT Application The following figure illustrates a possible NAT application where three inside LANs logical LANs using IP Alias behind the Prestige can communicate with three distinct WA...

Страница 112: ...aps multiple local IP addresses to one global IP address This is equivalent to SUA for instance PAT port address translation ZyXEL s Single User Account feature that previous ZyXEL routers supported t...

Страница 113: ...SMT ABBREVIATION One to One ILA1 IGA1 1 1 Many to One SUA PAT ILA1 IGA1 ILA2 IGA1 M 1 Many to Many Overload ILA1 IGA1 ILA2 IGA2 ILA3 IGA1 ILA4 IGA2 M M Ov Many to Many No Overload ILA1 IGA1 ILA2 IGA2...

Страница 114: ...ervices NAT supports a default server IP address A default server receives packets from ports that are not specified in this screen If you do not assign a Default Server IP Address then all packets re...

Страница 115: ...further information about port numbers Table 8 3 Services and Port Numbers SERVICES PORT NUMBER ECHO 7 FTP File Transfer Protocol 21 SMTP Simple Mail Transfer Protocol 25 DNS Domain Name System 53 Fin...

Страница 116: ...ultiple Servers Behind NAT Example 8 4 Selecting the NAT Mode You must create a firewall rule in addition to setting up SUA NAT to allow traffic from the WAN to be forwarded through the Prestige Click...

Страница 117: ...erver Set screen Full Feature Select this radio button if you have multiple public WAN IP addresses for your Prestige Edit Details Click this link to go to the NAT Address Mapping Rules screen Apply C...

Страница 118: ...the port number again in the End Port No field To forward a series of ports enter the start port number here and the end port number in the End Port No field End Port No Enter a port number in this f...

Страница 119: ...ige takes the corresponding action and the remaining rules are ignored If there are any empty rules before your new configured rule your configured rule will be pushed up by that number of empty rules...

Страница 120: ...eld is N A for One to one Many to One and Server mapping types Type 1 1 One to one mode maps one local IP address to one global IP address Note that port numbers do not change for the One to one NAT m...

Страница 121: ...unt feature that previous ZyXEL routers supported only 3 Many to Many Overload Many to Many Overload mode maps multiple local IP addresses to shared global IP addresses 4 Many to Many No Overload Many...

Страница 122: ...is field is N A for One to One Many to One and Server mapping types Server Mapping Set Only available when Type is set to Server Select a number from 1 to 10 from the drop down menu to choose a server...

Страница 123: ...ends or relatives will always be able to call you even if they don t know your IP address First of all you need to have registered a dynamic DNS account with www dyndns org This is for people with a d...

Страница 124: ...ct the name of your Dynamic DNS service provider Host Names Type the domain name assigned to your Prestige by your Dynamic DNS provider E mail Address Type your e mail address User Type your user name...

Страница 125: ...le on all models Use this screen to configure the Prestige s time and date settings 10 1 Configuring Time Zone To change your Prestige s time and date click Time Zone The screen appears as shown Use t...

Страница 126: ...dtime gov tw Time Zone Choose the time zone of your location This will set the time difference between your time zone and Greenwich Mean Time GMT Daylight Savings Select this option if you use dayligh...

Страница 127: ...page the Prestige synchronizes the time with the time server New Time This field displays the last updated time from the time server When you select None in the Use Time Server when Bootup field enter...

Страница 128: ......

Страница 129: ...rs IV Part IV Firewall and Content Filters This part introduces firewalls in general and the Prestige firewall It also explains customized services and logs and gives example firewall rules and an ove...

Страница 130: ......

Страница 131: ...wall to guard effectively you must design and deploy it appropriately This requires integrating the firewall into a broad information security policy In addition specific policies must be implemented...

Страница 132: ...hing that some proxies support See section 11 5 for more information on Stateful Inspection Firewalls of one type or another have become an integral part of standard security solutions for enterprises...

Страница 133: ...ocols that perform specific functions An extension number called the TCP port or UDP port identifies these protocols such as HTTP Web FTP File Transfer Protocol POP3 E mail etc For example Web traffic...

Страница 134: ...versize packet is then sent to an unsuspecting system Systems may crash hang or reboot 1 b Teardrop attack exploits weaknesses in the re assembly of IP packet fragments As data is transmitted through...

Страница 135: ...Attack floods a targeted system with a series of SYN packets Each packet causes the targeted system to issue a SYN ACK response While the targeted system waits for the ACK that follows the SYN ACK it...

Страница 136: ...cast the ICMP echo request packet to all hosts on the network If there are numerous hosts this will create a large amount of ICMP echo request and response traffic If a hacker chooses to spoof the sou...

Страница 137: ...ng from within the trusted network To engage in IP spoofing a hacker must modify the packet headers so that it appears that the packets originate from a trusted host and should be allowed through the...

Страница 138: ...tocol is configured for a firewall rule inspection 1 The packet travels from the firewall s LAN to the WAN 2 The packet is evaluated against the interface s existing outbound access list and the packe...

Страница 139: ...ction s state table entry is deleted and the connection s temporary inbound access list entries are deleted 11 5 2 Stateful Inspection and the Prestige Additional rules may be defined to extend or ove...

Страница 140: ...quence numbers However at the very minimum they contain an IP address pair source and destination UDP also contains port pairs and ICMP has type and code information All of this data can be analyzed i...

Страница 141: ...ocal service such as SNMP or NTP that you don t use Any enabled service could present a potential security risk A determined hacker might be able to find creative ways to misuse the enabled services t...

Страница 142: ...ch as or 8 Upgrade your software regularly Many older versions of software especially web browsers have well known security deficiencies When you upgrade to the latest versions you get the latest patc...

Страница 143: ...masquerading as a response to a nonexistent outbound request can be blocked The firewall uses session filtering i e smart rules that enhance the filtering process and control the network session rath...

Страница 144: ......

Страница 145: ...management see the Remote Management chapter and the firewall is enabled The firewall blocks remote management from the WAN unless you configure a firewall rule to allow it The firewall allows remote...

Страница 146: ...en see the chapter on logs 12 3 2 Threshold Values Tune these parameters when something is not working and after you have checked the firewall counters These default values should work fine for most s...

Страница 147: ...etected in the last one minute sample period TCP Maximum Incomplete and Blocking Time An unusually high number of half open sessions with the same destination host address could indicate that a Denial...

Страница 148: ...es the firewall to stop deleting half open sessions The Prestige continues to delete half open sessions as necessary until the rate of new connection attempts drops below this number 80 is the default...

Страница 149: ...ber TCP Maximum Incomplete This is the number of existing half open TCP sessions default 10 with the same destination host IP address that causes the firewall to start dropping half open sessions to t...

Страница 150: ......

Страница 151: ...or example you may create rules to Block certain types of traffic such as IRC Internet Relay Chat from the LAN to the Internet Allow certain types of traffic such as Lotus Notes database synchronizati...

Страница 152: ...vice 2 Is it possible to modify the rule to be more specific For example if IRC is blocked for all users will a rule that blocks just certain users be more effective 3 Does a rule that allows Internet...

Страница 153: ...om LAN to WAN and WAN to LAN in your firewall 13 3 1 LAN to WAN Rules The default rule for LAN to WAN traffic is that all users on the LAN are allowed non restricted access to the WAN When you configu...

Страница 154: ...n attack automatically generates a log Logs can be sent to an e mail account or syslog server that you specify in the Log Settings screen see the chapter on logs 13 5 Rule Summary The fields in the Ru...

Страница 155: ...for packets not matching following rules Use the drop down list box to select whether to Block silently discard or Forward allow the passage of packets that do not match the following rules Default P...

Страница 156: ...one Rules Reorder You may reorder your rules using this function Use the drop sown list box to select the number of the rule you want to move The ordering of your rules is important as rules are appli...

Страница 157: ...be possible by e mail H 323 TCP 1720 Net Meeting uses this protocol HTTP TCP 80 Hyper Text Transfer Protocol a client server protocol for the world wide web HTTPS HTTPS is a secured http session ofte...

Страница 158: ...channel RCMD TCP 512 Remote Command Service REAL_AUDIO TCP 7070 A streaming audio service that enables real time sound over the web REXEC TCP 514 Remote Execution Daemon RLOGIN TCP 513 Remote Login R...

Страница 159: ...d in UNIX environments It operates over TCP IP networks Its primary function is to allow users to log into remote host systems TFTP UDP 69 Trivial File Transfer Protocol is an Internet file transfer p...

Страница 160: ...e 13 4 Creating Editing A Firewall Rule The following table describes the fields in this screen Table 13 3 Creating Editing A Firewall Rule LABEL DESCRIPTION Source Address Click SrcAdd to add a new a...

Страница 161: ...own list box to select whether to Block silently discard or Forward allow the passage of packets that match this rule Log This field determines if a log is created for packets that match the rule Matc...

Страница 162: ...50 a subnet or any IP address Select an option from the drop down list box that includes Single Address Range Address Subnet Address and Any Address Start IP Address Type the single IP address or the...

Страница 163: ...efault 30 for the Prestige to wait for a TCP session to reach the established state before dropping the session FIN Wait Timeout Type the number of seconds default 60 for a TCP session to remain open...

Страница 164: ...Creating Custom Rules Table 13 5 Timeout LABEL DESCRIPTION Back Click Back to return to the previous screen Apply Click Apply to save your customized settings and exit this screen Cancel Click Cancel...

Страница 165: ...numbers not predefined by the Prestige see Figure 13 4 For a comprehensive list of port numbers and services visit the IANA Internet Assigned Number Authority website For further information on these...

Страница 166: ...of your customized service Protocol This shows the IP protocol TCP UDP or Both that defines your customized service Port This is the port number or range that defines your customized service Back Clic...

Страница 167: ...your customized service Back Click Back to return to the Firewall Customized Services screen Apply Click Apply to save your customized settings and exit this screen Cancel Click Cancel to return to th...

Страница 168: ...it rule screen and then click a rule number to bring up the Firewall Customized Services Config screen Configure as follows Figure 14 4 Customized Service for MyService Example Customized services sho...

Страница 169: ...lined earlier in this chapter to configure all your rules Configure the rule configuration screen like the one below and apply it Figure 14 5 Syslog Rule Configuration Example This is your MyService c...

Страница 170: ...irewall rules the Rule Summary screen should look like the following Don t forget to click Apply when you have finished configuring your rule s to save your settings back to the Prestige Figure 14 6 R...

Страница 171: ...u can set a schedule for when the Prestige performs content filtering You can also specify trusted IP addresses on the LAN for which the Prestige will not perform content filtering 15 2 Configuring Ke...

Страница 172: ...ct this check box to enable this feature Block Websites that contain these keywords in the URL This box contains the list of all the keywords that you have configured the Prestige to block Delete High...

Страница 173: ...will get a message telling you that the content filter is blocking this request Back Click Back to return to the previous screen Apply Click Apply to save your changes back to the Prestige Cancel Cli...

Страница 174: ...to the previous screen Apply Click Apply to save your changes Cancel Click Cancel to return to the previously saved settings 15 4 Configuring Trusted Computers To exclude a range of users on the LAN f...

Страница 175: ...address of a specific range of users on your LAN that you want to exclude from content filtering Leave this field blank if you want to exclude an individual computer Back Click Back to return to the p...

Страница 176: ......

Страница 177: ...VPN IPSec V Part V VPN IPSec This part provides information about configuring VPN IPSec for secure communications...

Страница 178: ......

Страница 179: ...ns for secure data communications across a public network like the Internet IPSec is built around a number of standardized cryptographic techniques to provide confidentiality data integrity and authen...

Страница 180: ...Prestige supports the following VPN applications Linking Two or More Private Networks Together Connect branch offices and business partners over the Internet with significant cost savings and improve...

Страница 181: ...Prestige 652 Series User s Guide Introduction to IPSec 16 3 Figure 16 2 VPN Application 16 2 IPSec Architecture The overall IPSec architecture is shown as follows...

Страница 182: ...re including implementation algorithms The Encryption Algorithm describes the use of encryption techniques such as DES Data Encryption Standard and Triple DES algorithms The Authentication Algorithms...

Страница 183: ...original IP header in the hashing process 16 3 2 Tunnel Mode Tunnel mode encapsulates the entire IP packet to transmit it securely A Tunnel mode is required for gateway services to provide access to...

Страница 184: ...ing headers in a new IP packet The new IP packet s source address is the outbound address of the sending VPN gateway and its destination address is the inbound address of the VPN device at the receivi...

Страница 185: ...grity authentication sequence integrity replay resistance and non repudiation but not for confidentiality for which the ESP was designed In applications where confidentiality is not required or not sa...

Страница 186: ...is configured as 0 0 0 0 then the Prestige will use the current Prestige WAN IP address static or dynamic to set up the VPN tunnel The Prestige has to rebuild the VPN tunnel if the My IP Address chan...

Страница 187: ...management and not Manual key management 17 5 VPN Summary Screen The following figure helps explain the main fields in the web configurator Figure 17 1 IPSec Summary Fields Local and remote IP address...

Страница 188: ...his field displays whether the VPN policy is active or not A Y signifies that this VPN policy is active Local Address This is the IP address es of computers on your local network behind your Prestige...

Страница 189: ...und traffic the Prestige automatically drops the tunnel after two minutes 17 7 ID Type and Content With aggressive negotiation mode see section 17 10 1 the Prestige identifies incoming SAs by ID type...

Страница 190: ...Gateway field DNS Type a domain name up to 31 characters by which to identify the remote IPSec router E mail Type an e mail address up to 31 characters by which to identify the remote IPSec router Th...

Страница 191: ...E B Local ID type IP Local ID type IP Local ID content 1 1 1 10 Local ID content 1 1 1 10 Peer ID type E mail Peer ID type IP Peer ID content aa yahoo com Peer ID content N A 17 8 Pre Shared Key A pre...

Страница 192: ...Prestige 652 Series User s Guide 17 8 VPN Screens Figure 17 3 VPN IKE...

Страница 193: ...through a secure gateway must have the same negotiation mode Local Local IP addresses must be static and correspond to the remote IPSec router s configured remote IP addresses Two active SAs cannot ha...

Страница 194: ...op down menu to choose Single Range or Subnet Select Single with a single IP address Select Range for a specific range of IP addresses Select Subnet to specify IP addresses on a network by their subne...

Страница 195: ...ain name Select E mail to identify the remote IPSec router by an e mail address Content When you select IP in the Peer ID Type field type the IP address of the computer with which you will make the VP...

Страница 196: ...me secret key which can be used to encrypt and decrypt the message or to generate and verify a message authentication code The DES encryption algorithm uses a 56 bit key Triple DES 3DES is a variation...

Страница 197: ...od expires If an IKE SA times out when an IPSec SA is already established the IPSec SA stays connected In phase 2 you must Choose which protocol to use ESP or AH for the IKE key exchange Choose an enc...

Страница 198: ...ows two parties to establish a shared secret over an unsecured communications channel Diffie Hellman is used within IKE SA setup to establish session keys 768 bit Group 1 DH1 and 1024 bit Group 2 DH2...

Страница 199: ...ns 17 15 Figure 17 5 VPN IKE Advanced The following table describes the fields in this screen Table 17 8 VPN IKE Advanced LABEL DESCRIPTION VPN IKE Protocol Enter 1 for ICMP 6 for TCP 17 for UDP etc 0...

Страница 200: ...P 110 POP3 End Enter a port number in this field to define a port range This port number must be greater than that specified in the previous field If Remote Start Port is left at 0 End will also remai...

Страница 201: ...otiates in this field It may range from 60 to 3 000 000 seconds almost 35 days A short SA Life Time increases security by forcing the two VPN gateways to update the encryption and authentication keys...

Страница 202: ...s disabled NONE by default in phase 2 IPSec SA setup This allows faster IPSec setup but is not so secure Choose DH1 or DH2 from the drop down list box to enable PFS DH1 refers to Diffie Hellman Group...

Страница 203: ...cal outgoing and incoming SPIs 17 13Configuring Manual Key You only configure VPN Manual Key when you select Manual in the Key Management field on the VPN IKE screen This is the VPN Manual Key screen...

Страница 204: ...ess Type field is configured to Single enter a static IP address on the LAN behind your Prestige When the Local Address Type field is configured to Range enter the beginning static IP address in a ran...

Страница 205: ...static IP address in a range of computers on the network behind the remote IPSec router When the Remote Address Type field is configured to Subnet enter a subnet mask on the network behind the remote...

Страница 206: ...ect SHA1 or MD5 from the drop down list box MD5 Message Digest 5 and SHA1 Secure Hash Algorithm are hash algorithms used to authenticate packet data The SHA1 algorithm is generally considered stronger...

Страница 207: ...escribes the fields in this screen Table 17 10 SA Monitor LABEL DESCRIPTION No This is the security association index number Name This field displays the identification name for this VPN policy Encaps...

Страница 208: ...Windows Networking NetBIOS over TCP IP NetBIOS Network Basic Input Output System are TCP or UDP broadcast packets that enable a computer to find other computers It may sometimes be necessary to allow...

Страница 209: ...ges of addresses cannot overlap See the following table and figure for an example Having everyone use the same pre shared key may create a vulnerability If the pre shared key is compromised all of the...

Страница 210: ...ch use a separate VPN rule to simultaneously access a Prestige at headquarters They can use different IPSec parameters including the pre shared key and the local IP addresses or ranges of addresses ca...

Страница 211: ...SNMP DNS or ICMP and terminates at the Prestige s LAN or WAN port configure remote management to allow access for that service If the VPN tunnel terminates at the Prestige s LAN IP address configure r...

Страница 212: ......

Страница 213: ...UPnP and Logs VI Part VI Remote Management UPnP and Logs This part contains information on how to configure the Prestige for remote management setting up Universal Plug and Play UPnP and setting up an...

Страница 214: ......

Страница 215: ...isable When you Choose WAN only or ALL LAN WAN you still need to configure a firewall rule to allow access To disable remote management of a service select Disable in the corresponding Server Access f...

Страница 216: ...he LAN 18 1 3 System Timeout There is a system timeout of five minutes three hundred seconds for either the console port or telnet web FTP connections Your Prestige automatically logs you out if you d...

Страница 217: ...Each of these labels denotes a service that you may use to remotely manage the Prestige Access Status Select the access interface Choices are All LAN Only WAN Only and Disable Port This field shows t...

Страница 218: ...Prestige 652 Series User s Guide 18 4 Remote Management Configuration Table 18 1 Remote Management LABEL DESCRIPTION Cancel Click Cancel to begin configuring this screen afresh...

Страница 219: ...ting the icon of a UPnP device will allow you to access the information and properties of that device 19 1 2 NAT Traversal UPnP NAT traversal automates the process of allowing an application to operat...

Страница 220: ...ested UPnP broadcasts are only allowed on the LAN See later sections for examples of installing UPnP in Windows XP and Windows Me as well as an example of using UPnP in Windows 19 2 1 Configuring UPnP...

Страница 221: ...plication Allow UPnP to pass through Firewall Select this check box to allow traffic from UPnP enabled applications to bypass the firewall Clear this check box to have the firewall block all UPnP appl...

Страница 222: ...t the computer when prompted Installing UPnP in Windows XP Follow the steps below to install the UPnP in Windows XP Step 1 Click start and Control Panel Step 2 Double click Network Connections Step 3...

Страница 223: ...le This section shows you how to use the UPnP feature in Windows XP You must already have UPnP installed in Windows XP and UPnP activated on the Prestige Make sure the computer is connected to a LAN p...

Страница 224: ...re automatically created Step 4 You may edit or delete the port mappings or click Add to manually add port mappings When the UPnP enabled device is disconnected from your computer all port mappings wi...

Страница 225: ...can access the web based configurator on the Prestige without finding out the IP address of the Prestige first This comes helpful if you do not know the IP address of the Prestige Follow the steps be...

Страница 226: ...nabled device displays under Local Network Step 5 Right click on the icon for your Prestige and select Invoke The web configurator login screen displays Step 6 Right click on the icon for your Prestig...

Страница 227: ...Alerts and Logs An alert is a type of log that warrants more serious attention They include system errors attacks access control and attempted access to blocked web sites Some categories such as Syst...

Страница 228: ...Prestige 652 Series User s Guide 20 2 Logs Screens Figure 20 1 Log Settings The following table describes the fields in this screen...

Страница 229: ...enable UNIX syslog Syslog IP Address Enter the server name or IP address of the syslog server that will log the selected categories of logs Log Facility Select a location from the drop down list box...

Страница 230: ...gs screen to see the logs for the categories that you selected in the Log Settings screen see section 20 2 Log entries in red indicate alerts The log wraps around and deletes the old entries after it...

Страница 231: ...ings page make sure that you have first filled in the Address Info fields in Log Settings see section 20 2 Refresh Click Refresh to renew the log screen Clear Log Click Clear Log to delete all the log...

Страница 232: ...rward 09 54 17 UDP src port 00520 dest port 00520 1 00 3 Apr 7 00 From 192 168 1 6 To 10 10 10 10 match forward 09 54 19 UDP src port 03516 dest port 00053 1 01 snip snip 126 Apr 7 00 From 192 168 1 1...

Страница 233: ...Maintenance VII Part VII Maintenance This part covers the maintenance screens...

Страница 234: ......

Страница 235: ...c statistics 21 1 Maintenance Overview The maintenance screens can help you view system information upload new firmware manage configuration and restart your Prestige 21 2 System Status Screen Click S...

Страница 236: ...Prestige 652 Series User s Guide 21 2 Maintenance Figure 21 1 System Status The following table describes the fields in this screen Table 21 1 System Status LABEL DESCRIPTION System Status...

Страница 237: ...ay This is the IP address of the default gateway if applicable VPI VCI This is the Virtual Path Identifier and Virtual Channel Identifier that you entered in the first Wizard screen LAN Information MA...

Страница 238: ...up time and poll interval s The Poll Interval s field is configurable Figure 21 2 System Status Show Statistics The following table describes the fields in this screen Table 21 2 System Status Show S...

Страница 239: ...ll if you re using PPPoE encapsulation For a LAN port this shows the port speed and duplex setting TxPkts This field displays the number of packets transmitted on this port RxPkts This field displays...

Страница 240: ...to your DHCP status The DHCP table shows current DHCP Client information including IP Address Host Name and MAC Address of all network clients using the DHCP server Figure 21 3 DHCP Table The followi...

Страница 241: ...s field displays the MAC Media Access Control address of an associated wireless client Every Ethernet device has a unique MAC address The MAC address is assigned at the factory and consists of six pai...

Страница 242: ...ss This field displays Yes if another AP or Ad hoc network is using the channel within the Prestige s transmission range Back Click Back to return to the previous screen Refresh Click Refresh to renew...

Страница 243: ...Address Type the IP address of a computer that you want to ping in order to test a connection Ping Click this button to ping the IP address that you entered Reset System Click this button to reboot t...

Страница 244: ...The following table describes the fields in this screen Table 21 7 Diagnostic DSL Line LABEL DESCRIPTION Reset ADSL Line Click this button to reinitialize the ADSL line The large text box above then d...

Страница 245: ...Margin Click this button to display the downstream noise margin Back Click this button to go back to the main Diagnostic screen 21 6 Firmware Screen Find firmware at www zyxel com in a file that usual...

Страница 246: ...essed zip files before you can upload them Upload Click Upload to begin the upload process This process may take up to two minutes Reset Click this button to clear all user entered configuration infor...

Страница 247: ...etwork Temporarily Disconnected After two minutes log in again and check your new firmware version in the System Status screen If the upload was not successful the following screen will appear Click B...

Страница 248: ......

Страница 249: ...m Management Terminal configuration for general setup WAN backup LAN setup wireless LAN setup Internet access remote node static route NAT and enabling the firewall See the web configurator parts of t...

Страница 250: ......

Страница 251: ...ity 8 data bits 1 stop bit data flow set to none 9600 bps port speed Press ENTER to display the SMT password screen The default password is 1234 22 1 2 Procedure for SMT Configuration via Telnet The f...

Страница 252: ...g in your Prestige will automatically log you out Figure 22 1 Login Screen 22 1 4 Prestige SMT Menu Overview We use the Prestige 652HW 31 SMT menus in this guide as an example The SMT menus vary sligh...

Страница 253: ...nu 24 2 System Information and Console port Speed Menu 24 10 Time and Date Setting Menu 26 Schedule Setup Menu 26 x Schedule Set Setup Menu 24 9 Call Control Menu 24 9 1 Budget Management Menu 24 11 R...

Страница 254: ...xt field respectively Entering information Type in or press SPACE BAR then press ENTER You need to fill in two types of fields The first requires you to type in the appropriate information The second...

Страница 255: ...Static Routing Setup Use this menu to set up static routes 14 Dial in User Setup Use this menu to set up local user profiles on the Prestige 652H HW 15 NAT Setup Use this menu to specify inside serve...

Страница 256: ...ystem Password Change the Prestige default password by following the steps shown next Step 1 Enter 23 in the main menu to display Menu 23 System Security Step 2 Enter 1 to display Menu 23 1 System Sec...

Страница 257: ...000 click Start Settings Control Panel and then double click System Click the Network Identification tab and then the Properties button Note the entry for the Computer name field and enter it as the P...

Страница 258: ...eave this field blank the ISP may assign a domain name via DHCP You can go to menu 24 8 and type sys domainname to see the current domain name used by your gateway If you want to clear this field just...

Страница 259: ...Active Press SPACE BAR to select Yes and then press ENTER to make dynamic DNS active Yes Host Enter the domain name assigned to your Prestige by your Dynamic DNS provider me dyndns org EMAIL Enter yo...

Страница 260: ......

Страница 261: ...auxiliary port DIAL BACKUP on the Prestige 652 or AUX on the Prestige 652H HW for use in the event that the regular WAN connection is dropped first make sure you have set up the port connection and th...

Страница 262: ...ress of a reliable nearby computer for example your ISP s DNS server address When using a WAN backup connection the Prestige periodically pings the addresses configured here and uses the other WAN bac...

Страница 263: ...ect Setup Select No default if you do not want to configure this feature Dial Backup Press SPACE BAR to select Yes or No Select Yes and press ENTER to configure Menu 2 2 Dial Backup Setup Select No de...

Страница 264: ...ly forwards traffic to this IP address if the Prestige s Internet connection terminates Metric This field sets this route s priority among the routes the Prestige uses The metric represents the cost o...

Страница 265: ...mand String Init Enter the AT command string to initialize the WAN device Consult the manual of your WAN device connected to your Dial Backup port for specific AT commands at fs0 0 Edit Advanced Setup...

Страница 266: ...ble 24 4 Menu 2 2 1 Advanced Dial Backup Setup AT Commands Fields FIELD DESCRIPTION EXAMPLE AT Command Strings Dial Enter the AT Command string to make a call atdt Drop Enter the AT Command string to...

Страница 267: ...vanced Dial Backup Setup Call Control Parameters FIELD DESCRIPTION EXAMPLE Call Control Dial Timeout sec Enter a number of seconds for the Prestige to keep trying to set up an outgoing call before tim...

Страница 268: ...e This field can be up to eight characters LAoffice Active Press SPACE BAR and then ENTER to select Yes to enable the remote node or No to disable the remote node Yes Outgoing My Login Enter the login...

Страница 269: ...PP Options see section 24 7 No default Rem IP Addr Leave the field set to 0 0 0 0 default if the remote gateway has a dynamic IP address Enter the remote gateway s IP address here if it is static 0 0...

Страница 270: ...lapse before the Prestige automatically disconnects the PPP connection This option only applies when the Prestige initiates the call 100 seconds default Once you have configured this menu press ENTER...

Страница 271: ...n press SPACE BAR to select Yes Press ENTER to open Menu 11 3 Network Layer Options Figure 24 8 Menu 11 3 Remote Node Network Layer Options The following table describes the fields in this menu Table...

Страница 272: ...e smaller the number the higher priority the route has 15 default Private This parameter determines if the Prestige will include the route to this remote node in its RIP broadcasts If set to Yes this...

Страница 273: ...word in the remote node when the Prestige sees them in a Send string Please note that both variables must been entered exactly as shown No other characters may appear before or after either i e they m...

Страница 274: ...t string to match After matching the Expect string the Prestige returns the string in the Send field Set 1 6 Send Enter a string to send out after the Expect string is matched 0 0 0 0 24 10Remote Node...

Страница 275: ...the Filters chapter for more information on defining the filters Figure 24 11 Menu 11 5 Dial Backup Remote Node Filter Menu 11 5 Remote Node Filter Input Filter Sets protocol filters device filters O...

Страница 276: ......

Страница 277: ...Ethernet traffic You seldom need to filter Ethernet traffic however the filter sets may be useful to block certain packets reduce traffic and prevent security breaches Figure 25 2 Menu 3 1 LAN Port Fi...

Страница 278: ...ess ENTER to display Menu 3 2 TCP IP and DHCP Ethernet Setup as shown next Figure 25 3 Menu 3 2 TCP IP and DHCP Ethernet Setup Follow the instructions in the following table on how to configure the DH...

Страница 279: ...r count of the IP address pool 32 Primary DNS Server Secondary DNS Server Enter the IP addresses of the DNS servers The DNS servers are passed to the DHCP clients along with the IP address and the sub...

Страница 280: ...nable IP Multicasting or select None to disable it None default IP Policies Create policies using SMT menu 25 see the IP Policy Routing chapter and apply them on the Prestige LAN interface here You ca...

Страница 281: ...Turn off the Prestige Never insert or remove a wireless LAN card when the Prestige is turned on Step 2 Locate the slot labeled Wireless LAN on the Prestige Step 3 With its pin connector facing the slo...

Страница 282: ...operating frequency channel depending on your particular region CH01 2412MHz RTS Threshold RTS Request To Send threshold number of bytes enables RTS CTS handshake Data with its frame size larger than...

Страница 283: ...e 128 bit WEP in the WEP Encryption field then enter 13 characters or 26 hexadecimal characters 0 9 A F preceded by 0x for each key 1 4 There are four data encryption keys to secure your data from eav...

Страница 284: ...ccess to the Prestige in these address fields When you have completed this menu press ENTER at the prompt Press ENTER to confirm or ESC to cancel to save your configuration or press ESC to cancel and...

Страница 285: ...olicy Routing IPPR provides a mechanism to override the default routing behavior and alter the packet forwarding based on the policy defined by the network administrator Policy based routing is applie...

Страница 286: ...ure 27 2 Partitioned Logical Networks Use menu 3 2 1 to configure IP Alias on your Prestige 27 4 IP Alias Setup Use menu 3 2 to configure the first network Move the cursor to Edit IP Alias field and p...

Страница 287: ...tgoing protocol filters N A IP Alias 2 No IP Address N A IP Subnet Mask N A RIP Direction N A Version N A Incoming protocol filters N A Outgoing protocol filters N A Enter here to CONFIRM or ESC to CA...

Страница 288: ...Choices are RIP 1 RIP 2B or RIP 2M RIP 1 Incoming Protocol Filters Enter the filter set s you wish to apply to the incoming traffic between this node and the Prestige Outgoing Protocol Filters Enter t...

Страница 289: ...enu type 4 to display Menu 4 Internet Access Setup as shown next Figure 27 6 Menu 4 Internet Access Setup The following table contains instructions on how to configure your Prestige for Internet acces...

Страница 290: ...raffic source that can be sent at the peak rate and a parameter for burst type traffic Type the SCR it must be less than the PCR 0 Maximum Burst Size MBS 0 Refers to the maximum number of cells that c...

Страница 291: ...Mapping Set Type the numbers of mapping sets 1 8 to use with NAT See the NAT chapter for details N A When you have completed this menu press ENTER at the prompt Press ENTER to confirm or ESC to cance...

Страница 292: ......

Страница 293: ...onfiguring one of the remote nodes You first choose a remote node in Menu 11 Remote Node Setup You can then edit that node s profile in menu 11 1 as well as configure specific settings in three submen...

Страница 294: ...pplication Here are some examples of more suitable combinations in such an application Scenario 1 One VC Multiple Protocols PPPoA RFC 2364 encapsulation with VC based multiplexing is the best combinat...

Страница 295: ...are selected then the Rem Login Rem Password My Login My Password and Authen fields are not applicable N A ENET ENCAP Multiplexing Press SPACE BAR and then ENTER to select the method of multiplexing...

Страница 296: ...shake Authentication Protocol only Authen PAP accept PAP Password Authentication Protocol only Route This field determines the protocol used in routing Options are IP and None IP Bridge When bridging...

Страница 297: ...e Yes and press ENTER to open menu 11 5 to edit the filter sets See the Remote Node Filter section for more details No default Idle Timeout sec Type the number of seconds 0 9999 that can elapse when t...

Страница 298: ...FIELD DESCRIPTION EXAMPLE IP Address Assignment Press SPACE BAR and then ENTER to select Dynamic if the remote node is using a dynamically assigned IP address or Static if it is using a static fixed...

Страница 299: ...ld the SMT uses NAT server set 1 in menu 15 2 see the NAT chapter for details 2 Metric The metric represents the cost of transmission for routing purposes IP routing uses hop count as the cost measure...

Страница 300: ...mple IP Addresses The following figure uses sample IP addresses to help you understand the field of My Wan Addr in menu 11 3 Refer to the previous Figure 5 1 LAN and WAN IP Addresses for a brief revie...

Страница 301: ...Figure 28 5 Menu 11 5 Remote Node Filter RFC 1483 or ENET Encapsulation Figure 28 6 Menu 11 5 Remote Node Filter PPPoA or PPPoE Encapsulation 28 5 Editing ATM Layer Options Follow the steps shown next...

Страница 302: ...ocols with protocol identifying information being contained in each packet header Figure 28 8 Menu 11 6 for LLC based Multiplexing or PPP Encapsulation Menu 11 6 Remote Node ATM Layer Options VPI VCI...

Страница 303: ...to display Menu 11 8 Advance Setup Options Figure 28 10 Menu 11 8 Advance Setup Options The following table describes the fields in this menu Menu 11 8 Advance Setup Options PPPoE PPPoE_Client_PC No...

Страница 304: ...r computers to connect to the ISP via the Prestige Each host can have a separate account and a public WAN IP address PPPoE pass through is an alternative to NAT for applications where NAT is not appro...

Страница 305: ...is directly connected to a remote node Each remote node specifies only the network to which the gateway is directly connected and the Prestige has no knowledge of the networks beyond For instance the...

Страница 306: ...shown next Figure 29 3 Menu 12 1 IP Static Route Setup P652H HW Step 3 Now type the route number of a static route you want to configure Menu 12 1 IP Static Route Setup 1 ________ 2 ________ 3 _______...

Страница 307: ...o be identical to the host ID IP Subnet Mask Type the subnet mask for this destination Follow the discussion on IP Subnet Mask in this manual Gateway IP Address Type the IP address of the gateway The...

Страница 308: ...his remote node in its RIP broadcasts If set to Yes this route is kept private and is not included in RIP broadcasts If No the route to this remote node will be propagated to other hosts through RIP b...

Страница 309: ...col and it also demands more CPU cycles and memory For efficiency reasons do not turn on bridging unless you need to support protocols other than IP on your network For IP enable the routing if you ne...

Страница 310: ...em Subnet Mask 0 0 0 0 My WAN Addr 0 0 0 0 NAT Full Feature Address Mapping Set 2 Metric 2 Private No RIP Direction Both Version RIP 2B Multicast IGMP v2 IP Policies Press ENTER to Confirm or ESC to C...

Страница 311: ...ur configuration or press ESC to cancel and go back to the previous screen 30 2 2 Bridge Static Route Setup Similar to network layer static routes a bridging static route tells the Prestige the route...

Страница 312: ...to IP Address If available type the IP address of the destination computer that you want to bridge the packets to Gateway Node Press SPACE BAR and then ENTER to select the number of the remote node on...

Страница 313: ...Server See section 31 3 1 for a detailed description of the NAT set for SUA The Prestige also supports Full Feature NAT to map multiple global IP addresses to multiple private LAN IP addresses of clie...

Страница 314: ...the cursor to the Edit IP Bridge field press SPACE BAR to select Yes and then press ENTER to bring up Menu 11 3 Remote Node Network Layer Options Menu 4 Internet Access Setup ISP s Name MyISP Encapsu...

Страница 315: ...ly if you have just one public WAN IP address for your Prestige SUA Only 31 3 NAT Setup Use the address mapping sets menus and submenus to create the mapping table used to assign global addresses to c...

Страница 316: ...r 15 from the main menu to bring up the following screen Figure 31 3 Menu 15 NAT Setup 31 3 1 Address Mapping Sets Enter 1 to bring up Menu 15 1 Address Mapping Sets Figure 31 4 Menu 15 1 Address Mapp...

Страница 317: ...ing local IP address ILA If the rule is for all local IPs then the Start IP is 0 0 0 0 and the End IP is 255 255 255 255 255 255 255 255 Global Start IP This is the starting global IP address IGA If y...

Страница 318: ...d field and you must enter a name for the set Figure 31 6 Menu 15 1 1 First Set If the Set Name field is left blank the entire set will be deleted The Type Local and Global Start End IPs are configure...

Страница 319: ...rule selected The rules after the selected rule will then be moved down by one rule Delete means to delete the selected rule and then all the rules after the selected one will be advanced one rule Non...

Страница 320: ...IP fields MUST be set for Server Start This is the starting local IP address ILA 0 0 0 0 End This is the ending local IP address ILA If the rule is for all local IPs then put the Start IP as 0 0 0 0 a...

Страница 321: ...r press ESC to cancel and go back to the previous screen 31 4 Configuring a Server behind NAT Follow these steps to configure a server behind NAT Step 5 Enter 15 in the main menu to go to Menu 15 NAT...

Страница 322: ...In the following figure you have a computer acting as an FTP Telnet and SMTP server ports 21 23 and 25 at 192 168 1 33 Step 10 Press ENTER at the Press ENTER to confirm prompt to save your configurati...

Страница 323: ...31 5 General NAT Examples The following are some examples of NAT configuration 31 5 1 Example 1 Internet Access Only In the following Internet access example you only need one rule where your ILAs In...

Страница 324: ...Network Address Translation field in menus 4 and 11 3 is specifically pre configured to handle this case Menu 4 Internet Access Setup ISP s Name MyISP Encapsulation RFC 1483 Multiplexing LLC based VPI...

Страница 325: ...pecify the Inside Server behind the NAT as shown in the next figure Figure 31 14 Menu 15 2 1 Specifying an Inside Server Menu 15 2 1 NAT Server Setup Used for SUA Only Rule Start Port No End Port No I...

Страница 326: ...Four rules need to be configured two bi directional and two uni directional as follows Rule 1 Map the first IGA to the first inside FTP server for FTP traffic in both directions 1 1 mapping giving bo...

Страница 327: ...rect mapping for packets going both ways and enter the local Start IP as 192 168 1 10 the IP address of FTP Server 1 the global Start IP as 10 132 50 1 our first IGA See Figure 31 17 Step 6 Repeat the...

Страница 328: ...e it as shown Menu 15 1 1 Address Mapping Rules Set Name Example3 Idx Local Start IP Local End IP Global Start IP Global End IP Type 1 192 168 1 10 10 132 50 1 1 1 2 192 168 1 11 10 132 50 2 1 1 3 0 0...

Страница 329: ...ng as port numbers do not change for Many to Many No Overload and One to One NAT mapping types The following figure illustrates this Figure 31 19 NAT Example 4 Menu 15 2 1 NAT Server Setup Rule Start...

Страница 330: ...e configured your rule you should be able to check the settings in menu 15 1 1 as shown next Figure 31 21 Example 4 Menu 15 1 1 Address Mapping Rules Menu 15 1 1 1 Address Mapping Rule Type Many to Ma...

Страница 331: ...the most comprehensive firewall configuration tool your Prestige has to offer For this reason it is recommended that you configure your firewall using the web configurator see the following chapters...

Страница 332: ...acks when it is active The default Policy sets 1 allow all sessions originating from the LAN to the WAN and 2 deny all sessions originating from the WAN to the LAN You may define additional Policy rul...

Страница 333: ...NMP system security system information and diagnosis firmware and configuration file maintenance system maintenance remote management IP Policy Routing and call scheduling See the web configurator par...

Страница 334: ......

Страница 335: ...e divided into incoming and outgoing filters depending on the direction of the packet relative to a port Data filtering can be applied on either the WAN side or the Ethernet side Call filtering is use...

Страница 336: ...ures that follow The following figure illustrates the logic flow when executing a filter rule Data Outgoing Packet Drop packet Built in default Call Filters User defined Call Filters if applicable Ini...

Страница 337: ...e Fetch Next Filter Set Next Filter Set Available Accept Packet Drop Packet Yes No Yes No Yes Packet intoFilter Filter Set Forward Drop No Check Next Rule Figure 33 2 Filter Rule Process You can apply...

Страница 338: ...ep 1 Enter 21 in the main menu to display Menu 21 Filter and Firewall Setup Step 2 Enter 1 to display Menu 21 1 Filter Set Configuration as shown next Figure 33 3 Menu 21 Filter Set Configuration P652...

Страница 339: ...Pr 6 SA 0 0 0 0 DA 0 0 0 0 DP 139 N D N 4 Y IP Pr 17 SA 0 0 0 0 DA 0 0 0 0 DP 137 N D N 5 Y IP Pr 17 SA 0 0 0 0 DA 0 0 0 0 DP 138 N D N 6 Y IP Pr 17 SA 0 0 0 0 DA 0 0 0 0 DP 139 N D F Enter Filter Ru...

Страница 340: ...the Edit Comments field and press ENTER Step 5 Press ENTER at the message Press ENTER to confirm to display Menu 21 1 1 Filter Rules Summary that is if you selected filter set 1 in menu 21 1 See Figu...

Страница 341: ...ule GEN for Generic IP for TCP IP Filter Rules These parameters are displayed here Menu 21 1 4 Filter Rules Summary A Type Filter Rules M m n 1 Y Gen Off 12 Len 2 Mask ffff Value 8863 N F N 2 Y Gen Of...

Страница 342: ...hed F means to forward the packet immediately and skip checking the remaining rules D means to drop the packet N means to check the next rule n Action Not Matched F means to forward the packet immedia...

Страница 343: ...the Prestige will warn you and will not allow you to save 33 5 1 TCP IP Filter Rule This section shows you how to configure a TCP IP filter rule TCP IP rules allow you to base the rule on the fields i...

Страница 344: ...n IP source route The majority of IP packets do not have source route No default Destination IP Addr Type the destination IP address of the packet you want to filter This field is ignored if it is 0 0...

Страница 345: ...ng option from the following None No packets will be logged Action Matched Only packets that match the rule parameters will be logged Action Not Matched Only packets that do not match the rule paramet...

Страница 346: ...Active Check IP Protocol Drop Drop Packet Accept Packet Drop Forward Check Next Rule Check Next Rule Check Next Rule Forward Not Matched Yes No Check Src IP Addr Apply SrcAddrMask to Src Addr Matched...

Страница 347: ...and Value fields are specified in hexadecimal numbers Note that it takes two hexadecimal digits to represent a byte so if the length is 4 the value in either field will take 8 digits for example FFFF...

Страница 348: ...to the data portion before comparison Value Type the value in Hexadecimal to compare with the data portion More If Yes a matching packet is passed to the next filter rule before an action is taken or...

Страница 349: ...e exact address and port on the wire Therefore the Prestige applies the protocol filters to the native IP address and port number before NAT for outgoing packets and after NAT for incoming packets On...

Страница 350: ...elnet Filter Step 1 Enter 1 in the menu 21 to display Menu 21 1 Filter Set Configuration Step 2 Enter the index number of the filter set you want to configure in this case 6 Step 3 Type a descriptive...

Страница 351: ...sk 0 0 0 0 Port Port Comp Equal TCP Estab No More No Log None Action Matched Drop Action Not Matched Forward Press ENTER to Confirm or ESC to Cancel Press SPACE BAR to choose this filter rule type The...

Страница 352: ...on shows you where to apply the filter s after you design it them Sets of factory default filter rules have been configured in menu 21 but have not been applied to filter traffic Menu 21 1 6 Filter Ru...

Страница 353: ...want to apply as appropriate You can choose up to four filter sets from twelve by typing their numbers separated by commas for example 3 4 6 11 The factory default filter set NetBIOS_LAN is inserted...

Страница 354: ...PoA or PPPoE encapsulation Menu 11 5 Remote Node Filter Input Filter Sets protocol filters 6 device filters Output Filter Sets protocol filters 2 device filters Call Filter Sets Protocol filters Devic...

Страница 355: ...SNMP is a member of the TCP IP protocol suite Your Prestige supports SNMP agent functionality which allows a manager station to manage and monitor the Prestige through the network The Prestige suppor...

Страница 356: ...ponse protocol based on the manager agent model The manager issues a request and the agent returns responses using the following protocol operations Get Allows the manager to retrieve an object variab...

Страница 357: ...Prestige will only respond to SNMP messages from this address A blank default field means your Prestige will respond to all SNMP messages it receives regardless of source 0 0 0 0 Trap Community Type t...

Страница 358: ...ned in RFC 1215 A trap is sent with the port number 5 authenticationFailure defined in RFC 1215 A trap is sent to the manager when receiving any SNMP get or set requirements with wrong community passw...

Страница 359: ...efault password If you forget your password you have to restore the default configuration file Refer to the section on changing the system password in the Introducing the SMT chapter and the section o...

Страница 360: ...istrator instructs you to do so with additional information 1812 Shared Secret Specify a password up to 31 alphanumeric characters as the key to be shared between the external authentication server an...

Страница 361: ...must be the same on the external accounting server and Prestige When you have completed this menu press ENTER at the prompt Press ENTER to confirm or ESC to cancel to save your configuration or press...

Страница 362: ...ow often a client has to re enter username and password to stay connected to the wired network This field is activated only when you select Authentication Required in the Wireless Port Control field E...

Страница 363: ...restige for a client s user name and password If the user name is not found the Prestige checks the user database on the specified RADIUS server Select RADIUS first then Local to have the Prestige fir...

Страница 364: ...s long for this user profile When you have completed this menu press ENTER at the prompt Press ENTER to confirm or ESC to cancel to save your configuration or press ESC to cancel and go back to the pr...

Страница 365: ...ext System Status is a tool that can be used to monitor your Prestige Specifically it gives you information on your ADSL telephone line status number of packets sent and received To get to System Stat...

Страница 366: ...ion rate in bytes per second Rx B s This shows the receiving rate in bytes per second Up Time This is the time this channel has been connected to the current remote node My WAN IP from ISP This is the...

Страница 367: ...Down Upstream Speed This shows the upstream transfer rate in kbps Downstream Speed This shows the downstream transfer rate in kbps CPU Load This specifies the percentage of CPU utilization 36 2 System...

Страница 368: ...t Vendor Displays the vendor of the ADSL chipset and DSL version Standard This refers to the operational protocol the Prestige and the DSLAM Digital Subscriber Line Access Multiplexer are using LAN Et...

Страница 369: ...the Prestige 36 3 Log and Trace There are two logging facilities in the Prestige The first is the error logs and trace records that are stored locally The second is the UNIX syslog facility for messa...

Страница 370: ...24 3 2 System Maintenance UNIX Syslog as shown next Figure 36 8 Menu 24 3 2 System Maintenance Syslog and Accounting You need to configure the UNIX syslog parameters described in the following table...

Страница 371: ...INFO String String board xx line xx channel xx call xx str board the hardware board ID line the WAN ID in a board Channel channel ID within the WAN call the call reference number which starts from 1 a...

Страница 372: ...44 04 192 168 102 2 ZYXEL IP Src 192 168 102 20 Dst 202 132 154 1 UDP spo 05d4 dpo 0035 S03 R01mF 4 PPP Log SdcmdSyslogSend SYSLOG_PPPLOG SYSLOG_NOTICE String String ppp Proto Starting ppp Proto Openi...

Страница 373: ...Menu Diagnostic FIELD DESCRIPTION Reset xDSL Re initialize the xDSL link to the telephone company Ping Host Ping the host to see if the links and TCP IP protocol on both systems are working Reboot Sys...

Страница 374: ......

Страница 375: ...er to the label on the bottom of your Prestige ftp put firmware bin ras This is a sample FTP session showing the transfer of the computer file firmware bin to the Prestige ftp get rom 0 config cfg Thi...

Страница 376: ...pload files in menus 24 5 24 6 24 7 1 and 24 7 2 depending on whether you use the console port or Telnet Option 5 from Menu 24 System Maintenance allows you to backup the current Prestige configuratio...

Страница 377: ...ion file on the Prestige to your computer and renames it config rom See earlier in this chapter for more information on filename conventions Step 7 Enter quit to exit the ftp prompt 37 2 3 Example of...

Страница 378: ...this option Normal The server requires a unique User ID and Password to login Transfer Type Transfer files in either ASCII plain text format or in binary mode Initial Remote Directory Specify the defa...

Страница 379: ...stdio 0 to disable the SMT timeout so the TFTP transfer will not be interrupted Enter command sys stdio 5 to restore the five minute SMT timeout default when the file transfer is complete Step 4 Launc...

Страница 380: ...ige The filename for the firmware is ras and for the configuration file is rom 0 Binary Transfer the file in binary mode Abort Stop transfer of the file Refer to section 37 2 5 to read about configura...

Страница 381: ...estore a previously saved configuration Note that this function erases the current configuration before restoring a previous back up configuration please do not attempt to restore unless you have a ba...

Страница 382: ...ile config rom on your computer to the Prestige See earlier in this chapter for more information on filename conventions Step 8 Enter quit to exit the ftp prompt The Prestige will automatically restar...

Страница 383: ...lay menu 24 6 and enter y at the following screen Figure 37 9 System Maintenance Restore Configuration Step 2 The following screen indicates that the Xmodem download has started Figure 37 10 System Ma...

Страница 384: ...e previous Restore Configuration section or by following the instructions in Menu 24 7 2 System Maintenance Upload System Configuration File for console port WARNING DO NOT INTERRUPT THE FILE TRANSFER...

Страница 385: ...fter the upload system configuration file process is complete For details on FTP commands please consult the documentation of your FTP client program For details on uploading system firmware using TFT...

Страница 386: ...e configuration file on the Prestige to your computer and renames it config rom See earlier in this chapter for more information on filename conventions Step 7 Enter quit to exit the ftp prompt The Pr...

Страница 387: ...ctive and the Prestige in CI mode before and during the TFTP transfer For details on TFTP commands see following example please consult the documentation of your TFTP client program For UNIX use get t...

Страница 388: ...hould be similar 37 4 9 Example Xmodem Firmware Upload Using HyperTerminal Click Transfer then Send File to display the following screen Figure 37 17 Example Xmodem Upload After the configuration uplo...

Страница 389: ...37 4 11 Example Xmodem Configuration Upload Using HyperTerminal Click Transfer then Send File to display the following screen Menu 24 7 2 System Maintenance Upload System Configuration File To upload...

Страница 390: ...ion File Maintenance Figure 37 19 Example Xmodem Upload After the configuration upload process has completed restart the Prestige by entering atgo Type the configuration file s location or click Brows...

Страница 391: ...ing menu 24 8 See the included disk or the zyxel com web site for more detailed information on CI commands Enter 8 from Menu 24 System Maintenance A list of valid commands can be found by typing help...

Страница 392: ...outgoing calls will be blocked To access the call control menu select option 9 in menu 24 to go to Menu 24 9 System Maintenance Call Control as shown in the next table Figure 38 3 Menu 24 9 System Ma...

Страница 393: ...selected Table 38 1 Menu 24 9 1 System Maintenance Budget Management FIELD DESCRIPTION EXAMPLE Remote Node Enter the index number of the remote node you want to reset just one in this case 1 Connectio...

Страница 394: ...m Maintenance Time and Date Setting to update the time and date settings of your Prestige as shown in the following screen Figure 38 6 Menu 24 10 System Maintenance Time and Date Setting Menu 24 10 Sy...

Страница 395: ...nsure of this information Current Time This field displays an updated time only when you reenter this menu New Time Enter the new time in hour minute and second format Current Date This field displays...

Страница 396: ......

Страница 397: ...ess See the firewall chapters for details on configuring firewall rules 39 2 Remote Management To disable remote management of a service select Disable in the corresponding Server Access field Enter 1...

Страница 398: ...the access interface if any by pressing the SPACE BAR Choices are LAN only WAN only All or Disable The default is LAN only LAN only Secured Client IP The default 0 0 0 0 allows any client to use this...

Страница 399: ...the same type running at one time 5 There is a web remote management session running with a Telnet session A Telnet session will be disconnected if you begin a web session it will not begin if there...

Страница 400: ......

Страница 401: ...y of the network to enable the backbone to prioritize traffic Cost Savings IPPR allows organizations to distribute interactive traffic on high bandwidth high cost paths while using low cost paths for...

Страница 402: ...he index of the policy set you want to configure to open Menu 25 1 IP Routing Policy Setup Menu 25 1 shows the summary of a policy set including the criteria and the action of a single policy and whet...

Страница 403: ...25 P 6 T NM PR 0 GW 192 168 1 1 T MT PR 0 2 N __________________________________________________________________________ __________________________________________________________________________ 3 N...

Страница 404: ...mple UDP TCP ICMP etc Type of Service Prioritize incoming network traffic by choosing from Don t Care Normal Min Delay Max Thruput Min Cost or Max Reliable Precedence Precedence value of the incoming...

Страница 405: ...teway must be the IP address of a remote node The default gateway is specified as 0 0 0 0 Type of Service Set the new TOS value of the outgoing packet Prioritize incoming network traffic by choosing N...

Страница 406: ...m IP Addr 0 0 0 0 Rem Subnet Mask 0 0 0 0 My WAN Addr 0 0 0 0 NAT Full Feature Address Mapping Set 2 Metric 2 Private No RIP Direction Both Version RIP 2B Multicast IGMP v2 IP Policies 2 4 7 9 Press E...

Страница 407: ...ute Web packets to the Internet using one policy and route FTP packets to a remote network using another policy See the next figure Figure 40 6 Example of IP Policy Routing To force Web packets coming...

Страница 408: ...s set to route packets from any host IP 0 0 0 0 means any host with protocol TCP and port FTP access through another gateway 192 168 1 100 Menu 25 1 1 IP Routing Policy Policy Set Name set1 Active Yes...

Страница 409: ...e DHCP Server N A TCP IP Setup IP Address 192 168 1 1 IP Subnet Mask 255 255 255 0 RIP Direction Both Version RIP 1 Multicast None IP Policies 1 2 Edit IP Alias No Press ENTER to Confirm or ESC to Can...

Страница 410: ......

Страница 411: ...next Figure 41 1 Menu 26 Schedule Setup Lower numbered sets take precedence over higher numbered sets thereby avoiding scheduling conflicts For example if sets 1 2 3 and 4 in are applied in the remot...

Страница 412: ...t be triggered up until the end of the Duration Table 41 1 Menu 26 1 Schedule Set Setup FIELD DESCRIPTION EXAMPLE Active Press SPACE BAR to select Yes or No Choose Yes and press ENTER to activate the...

Страница 413: ...ake effect in hour minute format 09 00 Duration Enter the maximum length of time this connection is allowed in hour minute format 08 00 Action Forced On means that the connection is maintained whether...

Страница 414: ...ile Rem Node Name ChangeMe Route IP Active Yes Bridge No Encapsulation PPPoE Edit IP Bridge No Multiplexing VC based Edit ATM Options No Service Name Telco Option Incoming Allocated Budget min 0 Rem L...

Страница 415: ...GEN This part provides information about configuring VPN IPSec for secure communications and Internal SPTGEN for configuration of multiple Prestiges See the web configurator parts of this guide for ba...

Страница 416: ......

Страница 417: ...e main submenus 1 Define VPN policies in menu 27 1 submenus including security policies endpoint IP addresses peer IPSec router IP address and key management 2 Menu 27 2 SA Monitor allows you to manag...

Страница 418: ...27 1 IPSec Summary Menu 27 VPN IPSec Setup 1 IPSec Summary 2 SA Monitor Enter Menu Selection Number Menu 27 1 IPSec Summary Name A Local Addr Start Local Addr End Encap IPSec Algorithm Key Mgt Remote...

Страница 419: ...omputers on the LAN behind your Prestige When the Addr Type field in Menu 27 1 1 IPSec Setup is configured to SUBNET this is a static IP address on the LAN behind your Prestige 192 168 1 35 Local Addr...

Страница 420: ...160 bits Both AH and ESP increase the Prestige s processing requirements and communications latency delay You need to finish configuring the VPN policy in menu 27 1 1 1 or 27 1 1 2 if is displayed ES...

Страница 421: ...you are making the VPN connection This field displays 0 0 0 0 when you configure the Secure Gateway Addr field in SMT 27 1 1 to 0 0 0 0 193 81 13 2 Select Command Press SPACE BAR to choose from None...

Страница 422: ...e The name may be up to 32 characters long but only 10 characters will be displayed in Menu 27 1 IPSec Summary Taiwan Active Press SPACE BAR to choose either Yes or No Choose Yes and press ENTER to ac...

Страница 423: ...estige automatically use its own IP address When you select DNS in the Local ID Type field type a domain name up to 31 characters by which to identify this Prestige When you select E mail in the Local...

Страница 424: ...you configure in the Secure Gateway Address field below Secure Gateway Address Type the IP address or the domain name up to 31 characters of the IPSec router with which you re making the VPN connecti...

Страница 425: ...create a VPN tunnel if you try to connect using a port number that does not match this port number or range of port numbers Some of the most common IP ports are 21 FTP 53 DNS 23 Telnet 80 HTTP 25 SMT...

Страница 426: ...ed to SUBNET enter a subnet mask on the network behind the remote IPSec router This field displays N A when you configure the Secure Gateway Address field to 0 0 0 0 255 255 0 0 Port Start 0 is the de...

Страница 427: ...2 Manual Setup No When you have completed this menu press ENTER at the prompt Press ENTER to Confirm to save your configuration or press ESC at any time to cancel 42 4 IKE Setup To edit this menu the...

Страница 428: ...message authentication code Prestige DES encryption algorithm uses a 56 bit key Triple DES 3DES is a variation on DES that uses a 168 bit key As a result 3DES is more secure than DES It also requires...

Страница 429: ...l Perfect Forward Secrecy PFS Perfect Forward Secrecy PFS is disabled None by default in phase 2 IPSec SA setup This allows faster IPSec setup but is not so secure Press SPACE BAR and choose from DH1...

Страница 430: ...you chose an AH Active Protocol SPI The SPI must be unique and from one to four integers 0 to 9 1234 Encryption Algorithm Press SPACE BAR to choose from NULL 3DES or DES and then press ENTER Fill in...

Страница 431: ...tion and 20 characters for SHA 1 authentication Any character may be used including spaces but trailing spaces are truncated 123456789a bcde AH Setup The AH Setup fields are N A if you chose an ESP Ac...

Страница 432: ......

Страница 433: ...d does not timeout until the SA lifetime period expires See the Web Configurator User s Guide on keep alive to have the Prestige renegotiate an IPSec SA when the SA lifetime expires even if there is n...

Страница 434: ...Encryption methods include 56 bit DES and 168 bit 3DES NULL denotes a tunnel without encryption An incoming SA may have an AH in addition to ESP The Authentication Header provides strong integrity and...

Страница 435: ...save and upload multiple menus at the same time using just one configuration text file eliminating the need to navigate and configure individual SMT menus for each Prestige 44 2 The Configuration Tex...

Страница 436: ...an 0 or 1 in the Input column of Field Identification Number 1000000 refer to Figure 44 1 Menu 1 General Setup 10000000 Configured 0 No 1 Yes 1 10000001 System Name Str Prestige 10000002 Location Str...

Страница 437: ...Please wait for the system to write SPT text file ROM t Bootbase Version V2 02 2 22 2001 13 33 11 RAM Size 8192 Kbytes FLASH Intel 8M 2 c ftp 192 168 1 1 220 PPP FTP version 1 0 ready at Sat Jan 1 03...

Страница 438: ...l SPTGEN FTP Upload Example c ftp 192 168 1 1 220 PPP FTP version 1 0 ready at Sat Jan 1 03 22 12 2000 User 192 168 1 1 none 331 Enter PASS command Password 230 Logged in ftp bin 200 Type I OK ftp put...

Страница 439: ...Appendices and Index XI Part XI Appendices and Index This part contains additional background information and an index or key terms...

Страница 440: ......

Страница 441: ...you should contact your vendor 1 Make sure the Prestige is connected to your computer s serial port VT100 terminal emulation 9600 bps is the default speed on leaving the factory Try other speeds in ca...

Страница 442: ...he System Information and Diagnosis chapter SMT Problems with the LAN Interface Chart A 4 Troubleshooting the LAN Interface PROBLEM CORRECTIVE ACTION I cannot access the Prestige from the LAN If the 1...

Страница 443: ...CORRECTIVE ACTION I cannot access the Internet Make sure the Prestige is turned on and connected to the network If the DSL LED is off refer to Chart A 3 Troubleshooting the DSL LED Verify your WAN se...

Страница 444: ...igurator PROBLEM CORRECTIVE ACTION I cannot access the web configurator Refer to Chart A 7 Troubleshooting the Password Make sure that there is not an SMT console session running Check that you have e...

Страница 445: ...n remote management may not be possible Use the Prestige s WAN IP address when configuring from the WAN Use the Prestige s LAN IP address when configuring from the LAN Refer to Chart A 4 Troubleshooti...

Страница 446: ......

Страница 447: ...n the next left most bit In a class B address the first two octets make up the network number and the two remaining octets make up the host ID Class C addresses begin starting from the left with 1 1 0...

Страница 448: ...net mask is used to determine which bits are part of the network number and which bits are part of the host ID using a logical AND operation A subnet mask has 32 bits each bit of the mask corresponds...

Страница 449: ...ddress using both notations Chart B 4 Alternative Subnet Mask Notation SUBNET MASK IP ADDRESS SUBNET MASK 1 BITS LAST OCTET BIT VALUE 255 255 255 0 24 0000 0000 255 255 255 128 25 1000 0000 255 255 25...

Страница 450: ...sk Binary 11111111 11111111 11111111 10000000 Subnet Address 192 168 1 0 Lowest Host ID 192 168 1 1 Broadcast Address 192 168 1 127 Highest Host ID 192 168 1 126 Chart B 6 Subnet 2 NETWORK NUMBER LAST...

Страница 451: ...bnet Chart B 7 Subnet 1 NETWORK NUMBER LAST OCTET BIT VALUE IP Address 192 168 1 0 IP Address Binary 11000000 10101000 00000001 00000000 Subnet Mask Binary 11111111 11111111 11111111 11000000 Subnet A...

Страница 452: ...t Address 192 168 1 255 Highest Host ID 192 168 1 254 Example Eight Subnets Similarly use a 27 bit mask to create 8 subnets 001 010 011 100 101 110 The following table shows class C IP address last oc...

Страница 453: ...rmines which bits are part of the network number and which are part of the host ID A class B address has two host ID octets available for subnetting and a class A address has three host ID octets see...

Страница 454: ...s B Subnet Planning NO BORROWED HOST BITS SUBNET MASK NO SUBNETS NO HOSTS PER SUBNET 25 10 255 255 255 192 26 1024 62 11 255 255 255 224 27 2048 30 12 255 255 255 240 28 4096 14 13 255 255 255 248 29...

Страница 455: ...hat facilitates the ability to communicate decisions on the fly 5 It provides campus wide networking coverage allowing enterprises the roaming capability to set up easy to use wireless networks that t...

Страница 456: ...Infrastructure Wireless LAN Configuration For Infrastructure WLANs multiple access points APs link the WLAN to the wired network and allow users to efficiently share network resources The Access Point...

Страница 457: ...Prestige 652 Series User s Guide Wireless LAN and IEEE 802 11 C 3 Diagram C 2 ESS Provides Campus Wide Coverage...

Страница 458: ......

Страница 459: ...s using PPP Benefits of PPPoE PPPoE offers the following benefits 1 It provides you with a familiar dial up networking DUN user interface 2 It lessens the burden on the carriers of provisioning virtua...

Страница 460: ...PPP frames to the ISP The L2TP tunnel is capable of carrying multiple PPP sessions With PPPoE the VC Virtual Circuit is equivalent to the dial up connection and is between the modem and the AC as oppo...

Страница 461: ...tween circuit end points Diagram E 1 Virtual Circuit Topology Think of a virtual path as a cable that contains a bundle of wires The cable connects two points and wires within the cable provide indivi...

Страница 462: ......

Страница 463: ...25A Power Consumption 11 W Safety Standards UL CUL CSA UL 1310 CSA C22 2 No 223 NORTH AMERICAN PLUG STANDARDS AC Power Adapter Model AA 121A25 Input Power AC120Volts 60Hz 19W Output Power AC 12Volts 1...

Страница 464: ...TANDARDS AC Power Adapter Model AA 121A25 Input Power AC120Volts 60Hz 19W Output Power AC 12Volts 1 25A Power Consumption 14W Safety Standards UL CUL UL 1310 CSA C22 2 No 223 EUROPEAN PLUG STANDARDS A...

Страница 465: ...seen in SMT screens FN Field Name PVA Parameter Values Allowed INPUT An example of what you may enter Applies to the P652H HW The following are Internal SPTGEN screens associated with the SMT screens...

Страница 466: ...Output protocol filters Set 2 256 30100011 Output protocol filters Set 3 256 30100012 Output protocol filters Set 4 256 30100013 Output device filters Set 1 256 30100014 Output device filters Set 2 25...

Страница 467: ...12 256 30200016 IP Policies Set 4 1 12 256 MENU 3 2 1 IP ALIAS SETUP SMT MENU 3 2 1 FIN FN PVA INPUT 30201001 IP Alias 1 0 No 1 Yes 0 30201002 IP Address 0 0 0 0 30201003 IP Subnet Mask 0 30201004 RI...

Страница 468: ...ion 0 None 1 Both 2 In Only 3 Out Only 0 30201018 Version 0 Rip 1 1 Rip 2B 2 Rip 2M 0 30201019 IP Alias 2 Incoming protocol filters Set 1 256 30201020 IP Alias 2 Incoming protocol filters Set 2 256 30...

Страница 469: ...WEP Key3 30500011 WEP Key4 MENU 3 5 1 WLAN MAC ADDRESS FILTER SMT MENU 3 5 1 30501001 Mac Filter Active 0 No 1 Yes 0 30501002 Filter Action 0 Allow 1 Deny 0 30501003 Address 1 00 00 00 00 00 00 305010...

Страница 470: ...t 1 6 40000017 ISP incoming protocol filter set 2 256 40000018 ISP incoming protocol filter set 3 256 40000019 ISP incoming protocol filter set 4 256 40000020 ISP outgoing protocol filter set 1 256 40...

Страница 471: ...atic Route set 1 Gateway 0 0 0 0 120101006 IP Static Route set 1 Metric 0 120101007 IP Static Route set 1 Private 0 No 1 Yes 0 MENU 12 1 2 IP STATIC ROUTE SETUP SMT MENU 12 1 2 FIN FN PVA INPUT 120102...

Страница 472: ...e set 4 Active 0 No 1 Yes 0 120104003 IP Static Route set 4 Destination IP address 0 0 0 0 120104004 IP Static Route set 4 Destination IP subnetmask 0 120104005 IP Static Route set 4 Gateway 0 0 0 0 1...

Страница 473: ...1 7 IP STATIC ROUTE SETUP SMT MENU 12 1 7 FIN FN PVA INPUT 120107001 IP Static Route set 7 Name Str 120107002 IP Static Route set 7 Active 0 No 1 Yes 0 120107003 IP Static Route set 7 Destination IP...

Страница 474: ...09006 IP Static Route set 9 Metric 0 120109007 IP Static Route set 9 Private 0 No 1 Yes 0 MENU 12 1 10 IP STATIC ROUTE SETUP SMT MENU 12 1 10 FIN FN PVA INPUT 120110001 IP Static Route set 10 Name 120...

Страница 475: ...set 12 Destination IP address 0 0 0 0 120112004 IP Static Route set 12 Destination IP subnetmask 0 120112005 IP Static Route set 12 Gateway 0 0 0 0 120112006 IP Static Route set 12 Metric 0 120112007...

Страница 476: ...VA INPUT 120115001 IP Static Route set 15 Name Str 120115002 IP Static Route set 15 Active 0 No 1 Yes 0 120115003 IP Static Route set 15 Destination IP address 0 0 0 0 120115004 IP Static Route set 15...

Страница 477: ...150000006 SUA Server 2 Local IP address 0 0 0 0 150000007 SUA Server 3 Active 0 No 1 Yes 0 150000008 SUA Server 3 Protocol 0 All 6 TCP 17 U DP 0 150000009 SUA Server 3 Port Start 0 150000010 SUA Serve...

Страница 478: ...00030 SUA Server 7 Port End 0 150000031 SUA Server 7 Local IP address 0 0 0 0 150000032 SUA Server 8 Active 0 No 1 Yes 0 150000033 SUA Server 8 Protocol 0 All 6 TCP 17 U DP 0 150000034 SUA Server 8 Po...

Страница 479: ...1 SMT MENU 21 FIN FN PVA INPUT 210100001 Filter Set 1 Name Str MENU 21 1 1 1 FILTER SET 1 RULE 1 SMT MENU 21 1 1 1 FIN FN PVA INPUT 210101001 IP Filter Set 1 Rule 1 Type 2 TCP IP 2 210101002 IP Filte...

Страница 480: ...FIN FN PVA INPUT 210102001 IP Filter Set 1 Rule 2 Type 2 TCP IP 2 210102002 IP Filter Set 1 Rule 2 Active 0 No 1 Yes 1 210102003 IP Filter Set 1 Rule 2 Protocol 6 210102004 IP Filter Set 1 Rule 2 Des...

Страница 481: ...3 Dest IP address 0 0 0 0 210103005 IP Filter Set 1 Rule 3 Dest Subnet Mask 0 210103006 IP Filter Set 1 Rule 3 Dest Port 139 210103007 IP Filter Set 1 Rule 3 Dest Port Comp 0 none 1 equal 2 not equal...

Страница 482: ...ter Set 1 Rule 4 Src IP address 0 0 0 0 210104009 IP Filter Set 1 Rule 4 Src Subnet Mask 0 210104010 IP Filter Set 1 Rule 4 Src Port 0 210104011 IP Filter Set 1 Rule 4 Src Port Comp 0 none 1 equal 2 n...

Страница 483: ...Act Match 1 check next 2 forward 3 dr op 3 210105014 IP Filter Set 1 Rule 5 Act Not Match 1 Check Next 2 Forward 3 Drop 1 MENU 21 1 1 6 SET 1 RULE 6 SMT MENU 21 1 1 6 FIN FN PVA INPUT 210106001 IP Fi...

Страница 484: ...am Str NetBIOS_WAN MENU 21 1 2 1 FILTER SET 2 RULE 1 SMT MENU 21 1 2 1 FIN FN PVA INPUT 210201001 IP Filter Set 2 Rule 1 Type 0 none 2 TCP IP 2 210201002 IP Filter Set 2 Rule 1 Active 0 No 1 Yes 1 210...

Страница 485: ...Filter Set 2 Rule 2 Active 0 No 1 Yes 1 210202003 IP Filter Set 2 Rule 2 Protocol 6 210202004 IP Filter Set 2 Rule 2 Dest IP address 0 0 0 0 210202005 IP Filter Set 2 Rule 2 Dest Subnet Mask 0 210202...

Страница 486: ...Mask 0 210203006 IP Filter Set 2 Rule 3 Dest Port 139 210203007 IP Filter Set 2 Rule 3 Dest Port Comp 0 none 1 equal 2 not equal 3 less 4 great er 1 210203008 IP Filter Set 2 Rule 3 Src IP address 0 0...

Страница 487: ...10204009 IP Filter Set 2 Rule 4 Src Subnet Mask 0 210204010 IP Filter Set 2 Rule 4 Src Port 0 210204011 IP Filter Set 2 Rule 4 Src Port Comp 0 none 1 equal 2 not equal 3 less 4 great er 0 210204013 IP...

Страница 488: ...ilter Set 2 Rule 5 Act Match 1 check next 2 forward 3 dr op 3 210205014 IP Filter Set 2 Rule 5 Act Not Match 1 check next 2 forward 3 dr op 1 MENU 21 1 2 6 FILTER SET 2 RULE 6 SMT MENU 21 1 2 5 FIN FN...

Страница 489: ...MENU 23 2 SYSTEM SECURITY RADIUS SERVER SMT MENU 23 2 FIN FN PVA INPUT 230200001 Authentication Server Configured 0 No 1 Yes 1 230200002 Authentication Server Active 0 No 1 Yes 1 230200003 Authentica...

Страница 490: ...00005 FTP Server Access 0 all 1 none 2 Lan 3 Wan 0 241100006 FTP Server Secured IP address 0 0 0 0 241100007 WEB Server Port 80 241100008 WEB Server Access 0 all 1 none 2 Lan 3 Wan 0 241100009 WEB Ser...

Страница 491: ...equires the purchase of a third party TCP IP application package TCP IP should already be installed on computers using Windows NT 2000 XP Macintosh OS 7 and later operating systems After the appropria...

Страница 492: ...ck OK If you need TCP IP a In the Network window click Add b Select Protocol and then click Add c Select Microsoft from the list of manufacturers d Select TCP IP from the list of network protocols and...

Страница 493: ...atically If you have a static IP address select Specify an IP address and type your information into the IP Address and Subnet Mask fields 3 Click the DNS Configuration tab If you do not know your DNS...

Страница 494: ...and click Add 5 Click OK to save and close the TCP IP Properties window 6 Click OK to close the Network window Insert the Windows CD if prompted 7 Turn on your Prestige and restart your computer when...

Страница 495: ...ndows 2000 NT XP 1 For Windows XP click start Control Panel In Windows 2000 NT click Start Settings Control Panel 2 For Windows XP click Network Connections For Windows 2000 NT click Network and Dial...

Страница 496: ...Win XP and click Properties 5 The Internet Protocol TCP IP Properties window opens the General tab in Windows XP If you have a dynamic IP address click Obtain an IP address automatically If you have a...

Страница 497: ...address in IP address and a subnet mask in Subnet mask and then click Add Repeat the above two steps for each IP address you want to add Configure additional default gateways in the IP Settings tab b...

Страница 498: ...d Alternate DNS server fields If you have previously configured DNS servers click Advanced and then the DNS tab to order them 8 Click OK to close the Internet Protocol TCP IP Properties window 9 Click...

Страница 499: ...User s Guide Setting up Your Computer s IP Address H 9 Macintosh OS 8 9 1 Click the Apple menu Control Panel and double click TCP IP to open the TCP IP Control Panel 2 Select Ethernet built in from t...

Страница 500: ...n the IP Address box Type your subnet mask in the Subnet mask box Type the IP address of your Prestige in the Router address box 5 Close the TCP IP Control Panel 6 Click Save if prompted to save chang...

Страница 501: ...ect Using DHCP from the Configure list 4 For statically assigned settings do the following From the Configure box select Manually Type your IP address in the IP Address box Type your subnet mask in th...

Страница 502: ......

Страница 503: ...oint where the telephone line enters your residence as shown in the following figure Diagram I 1 Connecting a POTS Splitter Step 1 Connect the side labeled Phone to your telephone Step 2 Connect the s...

Страница 504: ...ble jack end of the Y Connector to the Prestige Step 4 Connect the phone side of the microfilter to your telephone as shown in the following figure Diagram I 2 Connecting a Microfilter Prestige With I...

Страница 505: ...e DHCP server assigned an IP address to a client SMT Login Successfully Someone has logged on to the router s SMT interface SMT Login Fail Someone has failed to log on to the router s SMT interface WE...

Страница 506: ...bid ActiveX Destination Contains Java applet Web Block The Prestige blocked access to an IP address or domain name that contains a Java applet because the content filter is set to forbid Java applets...

Страница 507: ...etected a TCP SMTP illegal command attack NetBIOS TCP The firewall detected a TCP NetBIOS attack ip spoofing no routing entry Protocol The firewall detected an IP spoofing attack while the Prestige di...

Страница 508: ...IP Protocol Direction Access did not match a firewall rule s destination IP address and the Prestige logged it src IP Protocol Direction Access did not match a firewall rule s source IP address and th...

Страница 509: ...ort the ICMP packet s protocol 2 The ICMP packet is an echo reply for which there was no corresponding echo request Router reply ICMP packet The router sent an ICMP response packet This packet automat...

Страница 510: ...twork on the route to the destination network 5 Redirect 0 Redirect datagrams for the Network 1 Redirect datagrams for the Host 2 Redirect datagrams for the Type of Service and Network 3 Redirect data...

Страница 511: ...der IPSec Log The following figure shows a typical log from the VPN connection peer Index Date Time Log 001 01 Jan 08 02 22 Send Main Mode request to 192 168 100 101 002 01 Jan 08 02 22 Send SA 003 01...

Страница 512: ...Prestige has received an IKE negotiation request from the peer Recv Symbol IKE uses the ISAKMP protocol refer to RFC2408 ISAKMP to transmit data Each ISAKMP packet contains payloads of different types...

Страница 513: ...s exchange policy details including local and remote IP address ranges If these ranges differ then the connection fails Local remote IPs of incoming request conflict with rule d If the security gatewa...

Страница 514: ...incoming packet did not match vs My Local IP address The IP address type or IP address of an incoming packet does not match the peer IP address type or IP address configured on the local router The lo...

Страница 515: ...n settings are incorrect Please check them Rule d idle time out disconnect If an SA has no packets transmitted for a period of time configurable via CI command the Prestige drops the connection The fo...

Страница 516: ......

Страница 517: ...Call Filters Built In 33 1 User Defined 33 1 Call Scheduling 41 1 Maximum Number of Schedule Sets 41 1 PPPoE 41 3 Precedence 41 1 Precedence Example See precedence CDR 36 7 CDR Call Detail Record 36...

Страница 518: ...6 6 ESS See Extended Service Set ESS ID 6 1 Ethernet Encapsulation 8 6 Ethernet Traffic 33 19 Example Internal SPTGEN Screens G 1 Extended Service Set C 2 F Factory LAN Defaults 5 2 FCC iii FHSS See F...

Страница 519: ...3 5 IBSS See Independent Basic Service Set ICMP echo 11 6 Idle Timeout 24 10 IEEE 802 11 C 1 IEEE 802 11b 1 2 IGMP 5 3 IGMP support 28 7 Independent Basic Service Set C 2 Infrastructure Configuration...

Страница 520: ...MAC Address Filter Action 6 8 26 4 MAC Address Filtering 6 6 Main Menu 22 5 Management Information Base MIB 34 2 Max incomplete High 12 3 Max incomplete Low 12 3 MBS See Maximum Burst Size Media Acce...

Страница 521: ...6 2 Transmission 36 2 Read Me First xxvi Related Documentation xxvi Rem IP Address 24 11 Rem Node Name 24 8 24 11 Remote DHCP Server 25 3 Remote Management Firewall 12 1 32 1 Remote Management and NAT...

Страница 522: ...UA Single User Account See NAT See NAT Subnet Mask 3 4 5 3 13 12 24 12 25 3 28 6 29 3 36 4 Subnet Masks B 2 Subnetting B 2 Supporting Disk xxvi SYN Flood 11 4 11 5 SYN ACK 11 5 Syntax Conventions xxvi...

Страница 523: ...iversal Plug and Play Forum 19 2 UNIX Syslog 36 5 36 7 UNIX syslog parameters 36 6 Upload Firmware 37 10 UPnP See Universal Plug and Play Upper Layer Protocols 11 10 User Name 9 2 User Profiles 6 12 3...

Отзывы:

Нет отзывов

Бренды по названию

0 1 2 3 4 5 6 7 8 9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Популярные бренды

Загрузить еще бренды