manualshive.com logo in svg

ZyXEL Communications Prestige 661H Series, Руководство пользователя, Страница: 138 / 547

Поделиться
Скачать
ZyXEL Communications Prestige 661H Series Скачать руководство пользователя страница 138

Prestige 661H/HW Series User’s Guide

Chapter 11 Firewalls

138

temporary entries might be modified, in order to permit only packets that are valid for the 
current state of the connection.

8

Any additional inbound or outbound packets that belong to the connection are inspected 
to update the state table entry and to modify the temporary inbound access list entries as 
required, and are forwarded through the interface.

9

When the connection terminates or times out, the connection's state table entry is deleted 
and the connection's temporary inbound access list entries are deleted.

11.5.2  Stateful Inspection and the Prestige

Additional rules may be defined to extend or override the default rules. For example, a rule 
may be created which will:

• Block all traffic of a certain type, such as IRC (Internet Relay Chat), from the LAN to the 

Internet.

• Allow certain types of traffic from the Internet to specific hosts on the LAN.
• Allow access to a Web server to everyone but competitors.
• Restrict use of certain protocols, such as Telnet, to authorized users on the LAN.

These custom rules work by evaluating the network traffic’s Source IP address, Destination IP 
address, IP protocol type, and comparing these to rules set by the administrator.

Note: 

The ability to define firewall rules is a very powerful tool. Using custom rules, it 
is possible to disable all firewall protection or block all access to the Internet. 
Use extreme caution when creating or deleting firewall rules. Test changes 
after creating them to make sure they work correctly.

Below is a brief technical description of how these connections are tracked. Connections may 
either be defined by the upper protocols (for instance, TCP), or by the Prestige itself (as with 
the "virtual connections" created for UDP and ICMP). 

11.5.3  TCP Security

The Prestige uses state information embedded in TCP packets. The first packet of any new 
connection has its SYN flag set and its ACK flag cleared; these are "initiation" packets. All 
packets that do not have this flag structure are called "subsequent" packets, since they 
represent data that occurs later in the TCP stream. 

If an initiation packet originates on the WAN, this means that someone is trying to make a 
connection from the Internet into the LAN. Except in a few special cases (see "Upper Layer 
Protocols" shown next), these packets are dropped and logged.

If an initiation packet originates on the LAN, this means that someone is trying to make a 
connection from the LAN to the Internet. Assuming that this is an acceptable part of the 
security policy (as is the case with the default policy), the connection will be allowed. A cache 
entry is added which includes connection information such as IP addresses, TCP ports, 
sequence numbers, etc.

Содержание Prestige 661H Series

Страница 1: ...Prestige 661H Series ADSL 2 Security Gateway Prestige 661HW Series 802 11g Wireless ADSL 2 Gateway User s Guide Version 3 40 12 2005...

Страница 2: ...by ZyXEL Communications Corporation All rights reserved Disclaimer ZyXEL does not assume any liability arising out of the application or use of any products or software described herein Neither does...

Страница 3: ...to radio communications If this equipment does cause harmful interference to radio television reception which can be determined by turning the equipment off and on the user is encouraged to try to co...

Страница 4: ...er supply is damaged remove it from the power outlet Do NOT attempt to repair the power supply Contact your local vendor to order a new power supply Place connecting cables carefully so that no one wi...

Страница 5: ...rovided under this warranty is the exclusive remedy of the purchaser This warranty is in lieu of all other warranties express or implied including any implied warranty of merchantability or fitness fo...

Страница 6: ...Denmark sales zyxel dk 45 39 55 07 07 FINLAND support zyxel fi 358 9 4780 8411 www zyxel fi ZyXEL Communications Oy Malminkaari 10 00700 Helsinki Finland sales zyxel fi 358 9 4780 8448 FRANCE info zy...

Страница 7: ...support zyxel se 46 31 744 7700 www zyxel se ZyXEL Communications A S Sj porten 4 41764 G teborg Sweden sales zyxel se 46 31 744 7701 UKRAINE support ua zyxel com 380 44 247 69 78 www ua zyxel com Zy...

Страница 8: ...Prestige 42 1 1 1 Features of the Prestige 43 1 1 1 1 P 661HW Wireless Features 46 1 1 2 Applications for the Prestige 47 1 1 2 1 Protected Internet Access 47 1 1 2 2 LAN to LAN Application 48 1 1 3 F...

Страница 9: ...etup 75 5 2 3 Multicast 75 5 2 4 Any IP 76 5 2 4 1 How Any IP Works 77 5 2 5 Configuring LAN 77 5 3 Configuring Static DHCP 79 Chapter 6 Wireless LAN Prestige 661HW 82 6 1 Introduction 82 6 2 Wireless...

Страница 10: ...3 7 1 2 Multiplexing 103 7 1 2 1 VC based Multiplexing 103 7 1 2 2 LLC based Multiplexing 103 7 1 3 VPI and VCI 103 7 1 4 IP Address Assignment 103 7 1 4 1 IP Assignment with PPPoA or PPPoE Encapsulat...

Страница 11: ...g Dynamic DNS 126 Chapter 10 Time and Date 128 10 1 Configuring Time and Date 128 Chapter 11 Firewalls 130 11 1 Firewall Overview 130 11 2 Types of Firewalls 130 11 2 1 Packet Filtering Firewalls 130...

Страница 12: ...tion 146 12 3 3 2 Service 146 12 3 3 3 Source Address 146 12 3 3 4 Destination Address 146 12 4 Connection Direction 146 12 4 1 LAN to WAN Rules 146 12 4 2 Alerts 147 12 5 Configuring Basic Firewall S...

Страница 13: ...N Screens 176 15 1 VPN IPSec Overview 176 15 2 IPSec Algorithms 176 15 2 1 AH Authentication Header Protocol 176 15 2 2 ESP Encapsulating Security Payload Protocol 177 15 3 My IP Address 177 15 4 Secu...

Страница 14: ...nfiguring Remote Management 206 Chapter 17 Universal Plug and Play UPnP 208 17 1 Introducing Universal Plug and Play 208 17 1 1 How do I know if I m using UPnP 208 17 1 2 NAT Traversal 208 17 1 3 Caut...

Страница 15: ...19 9 Configuring Class Setup 235 19 9 1 Media Bandwidth Management Class Configuration 236 19 9 2 Media Bandwidth Management Statistics 239 19 10 Bandwidth Monitor 240 Chapter 20 Trend Micro Security...

Страница 16: ...ure to Configure Dynamic DNS 273 Chapter 24 Menu 2 WAN Backup Setup 276 24 1 Introduction to WAN Backup Setup 276 24 2 Configuring WAN Backup in Menu 2 276 24 2 1 Traffic Redirect Setup 277 Chapter 25...

Страница 17: ...plexing non PPP Encapsulation 301 28 5 2 LLC based Multiplexing or PPP Encapsulation 301 28 5 3 Advance Setup Options 302 Chapter 29 Static Route Setup 304 29 1 IP Static Route Overview 304 29 2 Confi...

Страница 18: ...er Set for the Prestige 332 33 3 Filter Rules Summary Menus 333 33 4 Configuring a Filter Rule 334 33 4 1 TCP IP Filter Rule 335 33 4 2 Generic Filter Rule 337 33 5 Filter Types and NAT 339 33 6 Examp...

Страница 19: ...nagement Limitations 367 37 2 6 Backup Configuration Using TFTP 368 37 2 7 TFTP Command Example 368 37 2 8 GUI based TFTP Clients 368 37 3 Restore Configuration 369 37 3 1 Restore Using FTP 369 37 3 2...

Страница 20: ...icy Routing Example 391 Chapter 41 Call Scheduling 396 41 1 Introduction 396 Chapter 42 VPN IPSec Setup 400 42 1 VPN IPSec Overview 400 42 2 IPSec Summary Screen 400 42 3 IPSec Setup 403 42 4 IKE Setu...

Страница 21: ...ngs 435 Windows 2000 NT XP 435 Verifying Settings 440 Macintosh OS 8 9 440 Verifying Settings 442 Macintosh OS X 442 Verifying Settings 443 Appendix C IP Subnetting 444 IP Addressing 444 IP Classes 44...

Страница 22: ...ing the VPN Tunnel via SMT 474 VPN Troubleshooting 474 VPN Log 475 IPSec Debug 476 Use a VPN Tunnel 476 FTP Example 477 Appendix I Splitters and Microfilters 480 Connecting a POTS Splitter 480 Telepho...

Страница 23: ...Algorithm 5 508 EAP TLS Transport Layer Security 509 EAP TTLS Tunneled Transport Layer Service 509 PEAP Protected EAP 509 LEAP 509 Dynamic WEP Key Exchange 509 WPA 510 User Authentication 510 Encrypt...

Страница 24: ...tion 65 Figure 16 Internet Access Wizard Setup Connection Tests 66 Figure 17 Media Bandwidth Mgnt Wizard Setup 69 Figure 18 Media Bandwidth Mgnt Wizard Setup Second Screen 70 Figure 19 Media Bandwidth...

Страница 25: ...Way Handshake 134 Figure 59 SYN Flood 134 Figure 60 Smurf Attack 135 Figure 61 Stateful Inspection 137 Figure 62 Firewall Default Policy 147 Figure 63 Firewall Rule Summary 148 Figure 64 Firewall Edit...

Страница 26: ...Advanced Settings 217 Figure 102 Internet Connection Properties Advanced Settings Add 217 Figure 103 System Tray Icon 218 Figure 104 Internet Connection Status 218 Figure 105 Network Connections 219 F...

Страница 27: ...enu 23 1 Change Password 271 Figure 147 Menu 1 General Setup 273 Figure 148 Menu 1 1 Configure Dynamic DNS 274 Figure 149 Menu 2 WAN Backup Setup 276 Figure 150 Menu 2 1Traffic Redirect Setup 277 Figu...

Страница 28: ...85 Menu 15 2 NAT Server Setup 318 Figure 186 Menu 15 2 1 NAT Server Setup 319 Figure 187 Multiple Servers Behind NAT Example 319 Figure 188 NAT Example 1 320 Figure 189 Menu 4 Internet Access NAT Exam...

Страница 29: ...230 Sample Error and Information Messages 359 Figure 231 Menu 24 3 2 System Maintenance Syslog and Accounting 359 Figure 232 Syslog Example 360 Figure 233 Menu 24 4 System Maintenance Diagnostic 361 F...

Страница 30: ...net Options Security 426 Figure 275 Security Setting ActiveX Controls 427 Figure 276 WIndows 95 98 Me Network Configuration 433 Figure 277 Windows 95 98 Me TCP IP Properties IP Address 434 Figure 278...

Страница 31: ...307 Prestige with ISDN 481 Figure 308 Single Computer per Router Hardware Configuration 485 Figure 309 Prestige as a PPPoE Client 485 Figure 310 Displaying Log Categories Example 500 Figure 311 Displa...

Страница 32: ...Setup Second Screen 70 Table 14 LAN Setup 78 Table 15 LAN Static DHCP 80 Table 16 Wireless LAN 85 Table 17 MAC Address Filter 88 Table 18 Wireless LAN 802 1x WPA No Access Authentication 91 Table 19 W...

Страница 33: ...guration Example 183 Table 58 VPN IKE 185 Table 59 VPN IKE Advanced Setup 191 Table 60 VPN Manual Key 195 Table 61 VPN SA Monitor 198 Table 62 VPN Global Setting 198 Table 63 Telecommuters Sharing One...

Страница 34: ...Remote Node Profile 296 Table 104 Menu 11 3 Remote Node Network Layer Options 298 Table 105 Menu 11 8 Advance Setup Options 303 Table 106 Menu12 1 1 Edit IP Static Route 306 Table 107 Remote Node Netw...

Страница 35: ...IKE Setup 407 Table 140 Active Protocol Encapsulation and Security Protocol 408 Table 141 Menu 27 1 1 2 Manual Setup 409 Table 142 Menu 27 2 SA Monitor 413 Table 143 Troubleshooting Starting Up Your P...

Страница 36: ...99 Table 184 RFC 2408 ISAKMP Payload Types 499 Table 185 IEEE 802 11g 506 Table 186 Comparison of EAP Authentication Types 510 Table 187 Wireless Security Relational Matrix 511 Table 188 Abbreviations...

Страница 37: ...Prestige 661H HW Series User s Guide 37 List of Tables...

Страница 38: ...tor System Management Terminal SMT or command interpreter interface to configure your Prestige Not all features can be configured through all interfaces Syntax Conventions Enter means for you to type...

Страница 39: ...Site Please refer to www zyxel com for an online glossary of networking terms and additional support documentation User Guide Feedback Help us help you E mail all User Guide related comments question...

Страница 40: ...e upstream capacity Asymmetrical services ADSL are suitable for Internet users because more information is usually downloaded than uploaded For example a simple button click in a web browser can start...

Страница 41: ...Prestige 661H HW Series User s Guide 41 Introduction to DSL...

Страница 42: ...ide pertain to the P 661HW series only Models ending in 1 for example Prestige 661HW 61 denote a device that works over the analog telephone system POTS Plain Old Telephone Service Models ending in 3...

Страница 43: ...tically adjust to either a crossover or straight through Ethernet cable High Speed Internet Access Your Prestige ADSL ADSL2 ADSL2 router can support downstream transmission rates of up to 24Mbps and u...

Страница 44: ...rm the filtering and give trusted LAN IP addresses unfiltered Internet access IPSec VPN Capability Establish a Virtual Private Network VPN to connect with business partners and branch offices using da...

Страница 45: ...dress allowing the host to be more easily accessible from various locations on the Internet You must register for this service with a Dynamic DNS service provider DHCP DHCP Dynamic Host Configuration...

Страница 46: ...d Key differences between WPA and WEP are user authentication and improved data encryption Wireless g Wireless g technology allows super fast transmission rates actual speed depends on environment amo...

Страница 47: ...ts the ADSL standards as shown in Table 1 on page 42 In addition the P 661HW allows wireless clients access to your network resources The Prestige provides protection from attacks by Internet hackers...

Страница 48: ...r Prestige 48 Figure 1 Protected Internet Access Applications ss 1 1 2 2 LAN to LAN Application You can use the Prestige to connect two geographically dispersed networks over the ADSL line A typical L...

Страница 49: ...ON PWR SYS Green On The Prestige is receiving power and functioning properly Blinking The Prestige is rebooting or performing diagnostics Red On Power to the Prestige is too low None Off The system is...

Страница 50: ...nding receiving data through the wireless LAN None Off The wireless LAN is not ready or has failed DSL PPP Green Fast Blinking The Prestige is sending receiving non PPP data Slow Blinking The Prestige...

Страница 51: ...Prestige 661H HW Series User s Guide 51 Chapter 1 Getting To Know Your Prestige...

Страница 52: ...ervice Pack 2 JavaScripts enabled by default Java permissions enabled by default See the Troubleshooting chapter if you need to make sure these functions are allowed in Internet Explorer 2 1 1 Accessi...

Страница 53: ...ars every time you log in Figure 6 Change Password at Login 7 You should now see the SITE MAP screen Note The Prestige automatically times out after five minutes of inactivity Simply log back into the...

Страница 54: ...b screens in this guide as an example Screens vary slightly for different Prestige models Click Wizard Setup to begin a series of screens to configure your Prestige for the first time Click a link und...

Страница 55: ...LAN DHCP and TCP IP settings Wireless LAN P 661HW only Wireless Use this screen to configure the wireless LAN settings MAC Filter Use this screen to change MAC filter settings on the Prestige 802 1x W...

Страница 56: ...NetBIOS traffic through all tunnels Remote Management Use this screen to configure through which interface s and from which IP address es users can use Telnet FTP Web to manage the Prestige UPnP Use t...

Страница 57: ...he Prestige Diagnostic General These screens display information to help you identify problems with the Prestige general connection DSL Line These screens display information to help you identify prob...

Страница 58: ...creens for Internet access in the web configurator 3 1 Introduction Use the Wizard Setup screens to configure your system for Internet access with the information given to you by your ISP Note See the...

Страница 59: ...sulation drop down list box Choices vary depending on what you select in the Mode field If you select Bridge in the Mode field select either PPPoA or RFC 1483 If you select Routing in the Mode field s...

Страница 60: ...btain an IP Address Automatically if you have a dynamic IP address otherwise select Static IP Address and type your ISP assigned IP address in the text box below Connection Select Connect on Demand wh...

Страница 61: ...ection with RFC 1483 LABEL DESCRIPTION IP Address This field is available if you select Routing in the Mode field Type your ISP assigned IP address in this field Network Address Translation Select Non...

Страница 62: ...have a dynamic IP address otherwise select Static IP Address and type your ISP assigned IP address in the IP Address text box below Subnet Mask Enter a subnet mask in dotted decimal notation Refer to...

Страница 63: ...ss and type your ISP assigned IP address in the IP Address text box below Connection Select Connect on Demand when you don t want the connection up all the time and specify an idle time out in seconds...

Страница 64: ...To change the LAN information on the Prestige click Change LAN Configurations Otherwise click Save Settings to save the configuration and skip to the section 3 13 Figure 14 Internet Access Wizard Setu...

Страница 65: ...f you want to access the web configurator again LAN Subnet Mask Enter a subnet mask in dotted decimal notation DHCP DHCP Server From the DHCP Server drop down list box select On to allow your Prestige...

Страница 66: ...nch your web browser and navigate to www zyxel com Internet access is just the beginning Refer to the rest of this guide for more detailed information on the complete range of Prestige features If you...

Страница 67: ...Prestige 661H HW Series User s Guide 67 Chapter 3 Wizard Setup for Internet Access...

Страница 68: ...through the Prestige and be managed by bandwidth management 4 1 1 Predefined Media Bandwidth Management Services The following is a description of the services that you can select and to which you ca...

Страница 69: ...t 25 HTTP port 80 eMule These programs use advanced file sharing applications relying on central servers to search for files They use default port 4662 WWW The World Wide Web WWW is an Internet system...

Страница 70: ...AN port Select the service to apply bandwidth management These checkboxes are applicable when you select the Active check box above Create bandwidth management classes by selecting services from the l...

Страница 71: ...nagement You may now continue configuring your device Click Return to Main Menu to return to the Site Map screen Figure 19 Media Bandwidth Mgnt Wizard Setup Finish Back Click Back to return to the pre...

Страница 72: ...tige The actual physical connection determines whether the Prestige ports are LAN or WAN ports There are two separate IP networks one inside the LAN network and the other outside the WAN network as sh...

Страница 73: ...ver extensions through the DNS proxy feature If the Primary and Secondary DNS Server fields in the LAN Setup screen are not specified for instance left as 0 0 0 0 the Prestige tells the DHCP clients t...

Страница 74: ...do not use any other number unless you are told otherwise Let s say you select 192 168 1 0 as the network number which covers 254 individual addresses from 192 168 1 1 to 192 168 1 254 zero and 255 a...

Страница 75: ...out RIP packets but will not accept any RIP packets received None the Prestige will not send any RIP packets and will ignore any RIP packets received The Version field controls the format and the bro...

Страница 76: ...the Prestige In cases where your computer is required to use a static IP address in another network you may need to manually configure the network settings of the computer every time you want to acces...

Страница 77: ...attempts to access the Internet it sends packets to its default gateway which is not the Prestige by looking at the MAC address in its ARP table 2 When the computer cannot locate the default gateway...

Страница 78: ...ige acts as a surrogate DHCP server and relays DHCP requests and responses between the remote server and the clients Enter the IP address of the actual remote DHCP server in the Remote DHCP Server fie...

Страница 79: ...y your ISP if given RIP Direction Select the RIP direction from None Both In Only and Out Only RIP Version Select the RIP version from RIP 1 RIP 2B and RIP 2M Multicast IGMP Internet Group Multicast P...

Страница 80: ...AN Static DHCP LABEL DESCRIPTION This is the index number of the Static IP table entry row MAC Address Type the MAC address with colons of a computer on your LAN IP Address This field specifies the si...

Страница 81: ...Prestige 661H HW Series User s Guide 81 Chapter 5 LAN Setup...

Страница 82: ...thentication restricting access by device MAC address and hiding the Prestige identity 6 2 1 Encryption Use WPA security if you have WPA aware wireless clients and a RADIUS server WPA has user authent...

Страница 83: ...don t hide the ESSID at least you should change the default one 6 2 5 Configuring Wireless LAN on the Prestige 1 Configure the ESSID and WEP in the Wireless screen If you configure WEP you can t confi...

Страница 84: ...access points to keep network communications private It encrypts unicast and multicast communications in a network Both the wireless stations and the access points must use the same WEP key Your Prest...

Страница 85: ...vironment among Wireless g enabled access points and wireless clients ESSID The ESSID Extended Service Set IDentification is a unique name to identify the Prestige in the wireless LAN Wireless station...

Страница 86: ...te four different WEP keys At the time of writing you cannot use passphrase to generate 256 bit WEP keys Generate After you enter the passphrase click Generate to have the Prestige generate four diffe...

Страница 87: ...characters for example 00 A0 C5 00 00 02 You need to know the MAC addresses of the devices to configure this screen To change your Prestige s MAC filter settings click Wireless LAN MAC Filter to open...

Страница 88: ...haracters are case sensitive 2 The AP checks each client s password and only allows it to join the network if the passwords match 3 The AP derives and distributes keys to the wireless clients 4 The AP...

Страница 89: ...tribution system wired link to the LAN 1 The AP passes the wireless client s authentication request to the RADIUS server 2 The RADIUS server then checks the user s identification against its database...

Страница 90: ...oftware s Odyssey client and Meetinghouse Data Communications AEGIS client The Windows XP patch is a free download that adds WPA capability to Windows XP s built in Zero Configuration wireless client...

Страница 91: ...he wired network select a control method from the drop down list box Choose from No Access Allowed No Authentication Required and Authentication Required No Access Allowed blocks all wireless stations...

Страница 92: ...method from the drop down list box Choose from No Authentication Required Authentication Required and No Access Allowed The following fields are only available when you select Authentication Required...

Страница 93: ...this drop down list box to select which database the Prestige should use first to authenticate a wireless station Before you specify the priority make sure you have set up the corresponding database c...

Страница 94: ...if the Key Management Protocol is WPA and WPA Mixed Mode is disabled WEP is used automatically if you have enabled WPA Mixed Mode All unicast traffic is automatically encrypted by TKIP when WPA or WPA...

Страница 95: ...tials Type a pre shared key from 8 to 63 printable characters including spaces alphabetic characters are case sensitive WPA Mixed Mode The Prestige can operate in WPA Mixed Mode which supports both cl...

Страница 96: ...is way To change your Prestige s local user database click Wireless LAN Local User Database The screen appears as shown Figure 34 Local User Database The following table describes the fields in this s...

Страница 97: ...the main wireless LAN setup screen Apply Click Apply to save these settings back to the Prestige Cancel Click Cancel to begin configuring this screen again Table 22 Local User Database continued LABE...

Страница 98: ...e OTIST using the Reset button or the web configurator Shared Secret Enter a password up to 31 alphanumeric characters as the key to be shared between the external authentication server and the access...

Страница 99: ...key up to eight printable characters The default OTIST setup key is 01234567 Note If you change the OTIST setup key here you must also make the same change on the wireless client s Yes To have OTIST...

Страница 100: ...ator screen and in the wireless client s Adapter screen all within three minutes at the time or writing You can start OTIST in the wireless clients and AP in any order but they must all be within rang...

Страница 101: ...d AP you must still click Start in the AP OTIST web configurator screen or hold in the Reset button for one or two seconds for the AP to transfer settings 4 If you change the SSID or the keys on the A...

Страница 102: ...P Gateway field in the second wizard screen You can get this information from your ISP 7 1 1 2 PPP over Ethernet PPPoE provides access control and billing functionality in a manner similar to dial up...

Страница 103: ...ifying information being contained in each packet header Despite the extra bandwidth and processing overhead this method may be advantageous if it is not practical to have a separate VC for each carri...

Страница 104: ...ion is down A nailed up connection can be very expensive for obvious reasons Do not specify a nailed up connection unless your telephone company offers flat rate service or you need a constant connect...

Страница 105: ...service provider PPPoE offers an access and authentication method that works with existing access control systems for example Radius PPPoE provides a login and authentication method that the existing...

Страница 106: ...this time more cells up to the MBS can be sent at the PCR again If the PCR SCR or MBS is set to the default of 0 the system will assign a maximum value that correlates to your upstream line rate The f...

Страница 107: ...restige 661H HW Series User s Guide 107 Chapter 7 WAN Setup 7 6 Configuring WAN Setup To change your Prestige s WAN remote node settings click WAN and WAN Setup The screen differs by the encapsulation...

Страница 108: ...ields in this screen Table 25 WAN Setup LABEL DESCRIPTION Name Enter the name of your Internet Service Provider e g MyISP This information is for identification purposes only Mode Select Routing defau...

Страница 109: ...Cell Rate PCR This is the maximum rate at which the sender can send cells Type the PCR here Sustain Cell Rate The Sustain Cell Rate SCR sets the average cell rate long term that can be transmitted Ty...

Страница 110: ...tive to NAT for application where NAT is not appropriate Disable PPPoE pass through if you do not need to allow hosts on the LAN to use PPPoE client software on their computers to connect to the ISP S...

Страница 111: ...or three logical networks with the Prestige itself as the gateway for each LAN network Put the protected LAN in one subnet Subnet 1 in the following figure and the backup gateway in another subnet Sub...

Страница 112: ...ivate either traffic redirect you must configure at least one IP address here When using a WAN backup connection the Prestige periodically pings the addresses configured here and uses the other WAN ba...

Страница 113: ...P Address Metric This field sets this route s priority among the routes the Prestige uses The metric represents the cost of transmission A router determines the best route for transmission by choosing...

Страница 114: ...refers to the IP address of a host when the packet is in the local network while the global address refers to the IP address of the host when the same packet is traveling in the WAN side Note that ins...

Страница 115: ...age 117 NAT offers the additional benefit of firewall protection With no servers defined your Prestige filters out all incoming inquiries thus preventing intruders from probing your network For more i...

Страница 116: ...w NAT Works 8 1 4 NAT Application The following figure illustrates a possible NAT application where three inside LANs logical LANs using IP Alias behind the Prestige can communicate with three distinc...

Страница 117: ...the Prestige maps the multiple local IP addresses to shared global IP addresses Many to Many No Overload In Many to Many No Overload mode the Prestige maps each local IP address to a unique global IP...

Страница 118: ...ort 80 and FTP on port 21 In some cases such as for unknown services or where one server can support more than one service for example both FTP and web service it might be better to specify a range of...

Страница 119: ...host on the Internet IP address assigned by ISP Figure 50 Multiple Servers Behind NAT Example 8 4 Selecting the NAT Mode You must create a firewall rule in addition to setting up SUA NAT to allow traf...

Страница 120: ...creen Refer to Table 29 on page 118 for port numbers commonly used for particular services Table 30 NAT Mode LABEL DESCRIPTION None Select this radio button to disable NAT SUA Only Select this radio b...

Страница 121: ...s of ports enter the start port number here and the end port number in the End Port No field End Port No Enter a port number in this field To forward only one port enter the port number again in the S...

Страница 122: ...e your Prestige s address mapping settings click NAT Select Full Feature and click Edit Details to open the following screen Figure 53 Address Mapping Rules The following table describes the fields in...

Страница 123: ...T mapping type M 1 Many to One mode maps multiple local IP addresses to one global IP address This is equivalent to SUA i e PAT port address translation ZyXEL s Single User Account feature that previo...

Страница 124: ...utside world Local Start IP This is the starting local IP address ILA Local IP addresses are N A for Server port mapping Local End IP This is the end local IP address ILA If your rule is for all local...

Страница 125: ...Prestige 661H HW Series User s Guide 125 Chapter 8 Network Address Translation NAT Screens...

Страница 126: ...friends or relatives will always be able to call you even if they don t know your IP address First of all you need to have registered a dynamic DNS account with www dyndns org This is for people with...

Страница 127: ...Provider This is the name of your Dynamic DNS service provider Host Names Type the domain name assigned to your Prestige by your Dynamic DNS provider E mail Address Type your e mail address User Type...

Страница 128: ...his screen to configure the Prestige s time and date settings 10 1 Configuring Time and Date To change your Prestige s time and date click Time And Date The screen appears as shown Use this screen to...

Страница 129: ...ter the month and day that your daylight savings time starts on if you selected Daylight Savings End Date Enter the month and day that your daylight savings time ends on if you selected Daylight Savin...

Страница 130: ...For a firewall to guard effectively you must design and deploy it appropriately This requires integrating the firewall into a broad information security policy In addition specific policies must be im...

Страница 131: ...hat some proxies support See Section 11 5 on page 136 for more information on stateful inspection Firewalls of one type or another have become an integral part of standard security solutions for enter...

Страница 132: ...set of application protocols that perform specific functions An extension number called the TCP port or UDP port identifies these protocols such as HTTP Web FTP File Transfer Protocol POP3 E mail etc...

Страница 133: ...ash hang or reboot Teardrop attack exploits weaknesses in the re assembly of IP packet fragments As data is transmitted through a network IP packets are often broken up into smaller chunks Each fragme...

Страница 134: ...nown as a backlog queue SYN ACKs are moved off the queue only when an ACK comes back or when an internal timer which is set at relatively long intervals terminates the three way handshake Once the que...

Страница 135: ...up the intermediary network but will also congest the network of the spoofed source IP address known as the victim network This flood of broadcast traffic consumes all available bandwidth making commu...

Страница 136: ...outer or firewall The Prestige blocks all IP Spoofing attempts 11 5 Stateful Inspection With stateful inspection fields of the packets are compared to packets that are already known to be trusted For...

Страница 137: ...termine and record information about the state of the packet s connection This information is recorded in a new state table entry created for the new connection If there is not a firewall rule for thi...

Страница 138: ...irewall rules is a very powerful tool Using custom rules it is possible to disable all firewall protection or block all access to the Internet Use extreme caution when creating or deleting firewall ru...

Страница 139: ...owed in through the firewall simply because they are too dangerous and contain too little tracking information For instance ICMP redirect packets are never allowed in since they could be used to rerou...

Страница 140: ...hackers to crack your system Turn your computer off when not in use Never give out a password or any sensitive information to an unsolicited telephone call or e mail Never e mail sensitive informatio...

Страница 141: ...network B If the filter blocks the traffic from A to B it also blocks the traffic from B to A Filters can not distinguish traffic originating from an inside host or an outside host by IP address To bl...

Страница 142: ...ic between inside host networks and outside host networks Remember that filters can not distinguish traffic originating from an inside host or an outside host by IP address The firewall performs bette...

Страница 143: ...Prestige 661H HW Series User s Guide 143 Chapter 11 Firewalls...

Страница 144: ...rection of travel of packets to which they apply Note The LAN includes both the LAN port and the WLAN By default the Prestige s stateful packet inspection allows packets traveling in the following dir...

Страница 145: ...ese points carefully before configuring rules 12 3 1 Rule Checklist State the intent of the rule For example This restricts all IRC access from the LAN to the Internet Or This allows a remote Lotus No...

Страница 146: ...ices 12 3 3 3 Source Address What is the connection s source address is it on the LAN WAN Is it a single IP a range of IPs or a subnet 12 3 3 4 Destination Address What is the connection s destination...

Страница 147: ...a message can be immediately sent to an e mail account that you specify in the Log Settings screen see the chapter on logs 12 5 Configuring Basic Firewall Settings Click Firewall and then Default Pol...

Страница 148: ...ch they apply For example LAN to LAN Router means packets traveling from a computer subnet on the LAN to either another computer subnet on the LAN interface of the Prestige or the Prestige itself Defa...

Страница 149: ...k source or destination address is equivalent to Any Destination IP This drop down list box displays the destination addresses or ranges of addresses to which this firewall rule applies Please note th...

Страница 150: ...ctions to create a new rule 1 In the Rule Summary screen type the index number for where you want to put the rule For example if you type 6 your new rule becomes number 6 and the previous rule 6 if th...

Страница 151: ...Prestige 661H HW Series User s Guide 151 Chapter 12 Firewall Configuration Figure 64 Firewall Edit Rule...

Страница 152: ...ox above and click Delete to remove it Services Available Selected Services Please Section 12 10 on page 158see for more information on services available Highlight a service from the Available Servic...

Страница 153: ...ll Customized Services 12 8 Creating Editing A Customized Service Click a rule number in the Firewall Customized Services screen to create a new custom port or edit an existing one This action display...

Страница 154: ...s LABEL DESCRIPTION Service Name Type a unique name for your custom port Service Type Choose the IP port TCP UDP or TCP UDP that defines your customized port from the drop down list box Port Configura...

Страница 155: ...ex number for where you want to put the rule For example if you type 6 your new rule becomes number 6 and the previous rule 6 if there is one becomes rule 7 4 Click Insert to display the firewall rule...

Страница 156: ...vices link to open the Customized Service screen 8 Click an index number to display the Customized Services Config screen and configure the screen as follows and click Apply Figure 69 Edit Custom Port...

Страница 157: ...elect Customized Services Note Custom ports show up with an before their names in the Services list box and the Rule Summary list box Click Apply after you ve created your custom port On completing th...

Страница 158: ...the IP protocol type TCP UDP or ICMP The second field indicates the IP port number that defines the service Note that there may be more than one IP protocol type For example look at the default confi...

Страница 159: ...lticast Protocol is used when sending packets to a specific group of hosts NEWS TCP 144 A protocol for news groups NFS UDP 2049 Network File System NFS is a client server distributed file service that...

Страница 160: ...agement Program SNMP TRAPS TCP UDP 162 Traps for use with the SNMP RFC 1215 SQL NET TCP 1521 Structured Query Language is an interface to access data on many different types of database systems includ...

Страница 161: ...vent hackers from finding the Prestige by probing for unused ports If you select this option the Prestige will not respond to port request s for unused ports thus leaving the unused ports and the Pres...

Страница 162: ...Figure 58 on page 134 For UDP half open means that the firewall has detected no return traffic The Prestige measures both the total number of existing half open sessions and the rate of session establ...

Страница 163: ...on requests to the host giving the server time to handle the present connections The Prestige continues to block all new connection requests until the Blocking Time expires The Prestige also sends ale...

Страница 164: ...s Do not set Maximum Incomplete High to lower than the current Maximum Incomplete Low number 100 existing half open sessions The above values causes the Prestige to start deleting half open sessions w...

Страница 165: ...Prestige 661H HW Series User s Guide 165 Chapter 12 Firewall Configuration...

Страница 166: ...ule for when the Prestige performs content filtering You can also specify trusted IP addresses on the LAN for which the Prestige will not perform content filtering 13 2 Configuring Keyword Blocking Us...

Страница 167: ...s that you have configured the Prestige to block Delete Highlight a keyword in the box and click Delete to remove it Clear All Click Clear All to remove all of the keywords from the list Keyword Type...

Страница 168: ...me of the day or select the All day check box you want the content filtering to be active Back Click Back to return to the previous screen Apply Click Apply to save your changes Cancel Click Cancel to...

Страница 169: ...Prestige 661H HW Series User s Guide 169 Chapter 13 Content Filtering...

Страница 170: ...tions for secure data communications across a public network like the Internet IPSec is built around a number of standardized cryptographic techniques to provide confidentiality data integrity and aut...

Страница 171: ...o or More Private Networks Together Connect branch offices and business partners over the Internet with significant cost savings and improved performance when compared to leased lines between sites Ac...

Страница 172: ...yption Algorithm describes the use of encryption techniques such as DES Data Encryption Standard and Triple DES algorithms The Authentication Algorithms HMAC MD5 RFC 2403 and HMAC SHA 1 RFC 2404 provi...

Страница 173: ...tended forward into the IP header to verify the integrity of the entire packet by use of portions of the original IP header in the hashing process 14 3 2 Tunnel Mode Tunnel mode encapsulates the entir...

Страница 174: ...NAT in the middle so it assumes that the data has been maliciously altered IPSec using ESP in Tunnel mode encapsulates the entire original packet including headers in a new IP packet The new IP packe...

Страница 175: ...Prestige 661H HW Series User s Guide 175 Chapter 14 Introduction to IPSec...

Страница 176: ...the AH and ESP protocols The primary function of key management is to establish and maintain the SA between systems Once the SA is established the transport of data may commence 15 2 1 AH Authenticat...

Страница 177: ...ata encryption using a private secret key DES applies a 56 bit key to each 64 bit block of data MD5 default MD5 Message Digest 5 produces a 128 bit digest to authenticate packet data 3DES Triple DES 3...

Страница 178: ...in name in the Secure Gateway Address field if the remote secure gateway has a dynamic WAN IP address and is using DDNS The Prestige has to rebuild the VPN tunnel each time the remote secure gateway s...

Страница 179: ...ys the identification name for this VPN policy Active This field displays whether the VPN policy is active or not A Yes signifies that this VPN policy is active No signifies that this VPN policy is no...

Страница 180: ...omain names to private IP addresses on the remote network Remote Address This is the IP address es of computer s on the remote network behind the remote IPSec router This field displays N A when the S...

Страница 181: ...rom remote IPSec routers that have dynamic WAN IP addresses Telecommuters can use separate passwords to simultaneously connect to the Prestige from IPSec routers with dynamic IP addresses seeSection 1...

Страница 182: ...le 55 Peer ID Type and Content Fields PEER ID TYPE CONTENT IP Type the IP address of the computer with which you will make the VPN connection or leave the field blank to have the Prestige automaticall...

Страница 183: ...hase 1 IKE negotiation seeSection 15 11 on page 188for more on IKE phases It is called pre shared because you have to share it with another party before you can communicate with them over a secure con...

Страница 184: ...Prestige 661H HW Series User s Guide Chapter 15 VPN Screens 184 Figure 83 VPN IKE The following table describes the fields in this screen...

Страница 185: ...Local IP addresses must be static and correspond to the remote IPSec router s configured remote IP addresses Two active SAs can have the same configured local or remote IP address but not both You ca...

Страница 186: ...mation Local ID Type Select IP to identify this Prestige by its IP address Select DNS to identify this Prestige by a domain name Select E mail to identify this Prestige by an e mail address Content Wh...

Страница 187: ...y Protocol VPN Protocol Select ESP if you want to use ESP Encapsulation Security Payload The ESP protocol RFC 2406 provides encryption as well as some of the services offered by AH If you select ESP h...

Страница 188: ...SA should stay up before it times out An IKE SA times out when the IKE SA lifetime period expires If an IKE SA times out when an IPSec SA is already established the IPSec SA stays connected Authentic...

Страница 189: ...ions Main Mode ensures the highest level of security when the communicating parties are negotiating authentication phase 1 It uses 6 messages in three round trips SA negotiation Diffie Hellman exchang...

Страница 190: ...derived from previous keys The time consuming Diffie Hellman exchange is the trade off for this extra security This may be unnecessary for data that does not require such security so PFS is disabled...

Страница 191: ...to Denial of Service DoS attacks The IPSec receiver can detect and reject old or duplicate packets to protect against replay attacks Select YES from the drop down menu to enable replay detection or se...

Страница 192: ...drop down list box When you use one of these encryption algorithms for data communications both the sending device and the receiving device must use the same secret key which can be used to encrypt an...

Страница 193: ...eased latency and decreased throughput This implementation of AES uses a 128 bit key AES is faster than 3DES Select NULL to set up a tunnel without encryption When you select NULL you do not enter an...

Страница 194: ...15 14 Configuring Manual Key You only configure VPN Manual Key when you select Manual in the IPSec Key Mode field on the VPN IKE screen This is the VPN Manual Key screen as shown next Figure 86 VPN Ma...

Страница 195: ...IP Address Start When the Local Address Type field is configured to Single enter a static IP address on the LAN behind your Prestige When the Local Address Type field is configured to Range enter the...

Страница 196: ...p down list box When DES is used for data communications both sender and receiver must know the same secret key which can be used to encrypt and decrypt the message or to generate and verify a message...

Страница 197: ...resh to display active VPN connections This screen is read only The following table describes the fields in this tab When there is outbound traffic but no inbound traffic the SA times out automaticall...

Страница 198: ...ions latency delay Disconnect Select Disconnect next to a security association and then click Apply to stop that security association Back Click Back to return to the previous screen Apply Click Apply...

Страница 199: ...for an example configuration that allows multiple telecommuters A B and C in the figure to use one VPN rule to simultaneously access a Prestige at headquarters HQ in the figure The telecommuters do n...

Страница 200: ...should not overlap See the following table and figure for an example where three telecommuters each use a different VPN rule for a VPN connection with a Prestige located at headquarters The Prestige...

Страница 201: ...uarters Prestige Rule 1 Local ID Type IP Peer ID Type IP Local ID Content 192 168 2 12 Peer ID Content 192 168 2 12 Local IP Address 192 168 2 12 Secure Gateway Address telecommuter1 com Remote Addres...

Страница 202: ...HW Series User s Guide Chapter 15 VPN Screens 202 15 18 VPN and Remote Management If a VPN tunnel uses Telnet FTP WWW then you should configure remote management Remote Management to allow access for...

Страница 203: ...Prestige 661H HW Series User s Guide 203 Chapter 15 VPN Screens...

Страница 204: ...our Prestige from a remote location via Internet WAN only ALL LAN and WAN LAN only Neither Disable When you Choose WAN only or ALL LAN WAN you still need to configure a firewall rule to allow access T...

Страница 205: ...ll rule that blocks it 16 1 2 Remote Management and NAT When NAT is enabled Use the Prestige s WAN IP address when configuring from the WAN Use the Prestige s LAN IP address when configuring from the...

Страница 206: ...otes a service that you may use to remotely manage the Prestige Access Status Select the access interface Choices are All LAN Only WAN Only and Disable Port This field shows the port number for the re...

Страница 207: ...Prestige 661H HW Series User s Guide 207 Chapter 16 Remote Management Configuration...

Страница 208: ...will appear as a separate icon Selecting the icon of a UPnP device will allow you to access the information and properties of that device 17 1 2 NAT Traversal UPnP NAT traversal automates the process...

Страница 209: ...ation supports IGD 1 0 Internet Gateway Device At the time of writing ZyXEL s UPnP implementation supports Windows Messenger 4 6 and 4 7 while Windows Messenger 5 0 and Xbox are still being tested UPn...

Страница 210: ...estige s IP address although you must still enter the password to access the web configurator Allow users to make configuration changes through UPnP Select this check box to allow UPnP enabled applica...

Страница 211: ...s Setup Communication 3 In the Communications window select the Universal Plug and Play check box in the Components selection box Figure 95 Add Remove Programs Windows Setup Communication Components 4...

Страница 212: ...ndows XP 1 Click Start and Control Panel 2 Double click Network Connections 3 In the Network Connections window click Advanced in the main menu and select Optional Networking Components Figure 96 Netw...

Страница 213: ...661H HW Series User s Guide 213 Chapter 17 Universal Plug and Play UPnP Figure 97 Windows Optional Networking Components Wizard 5 In the Networking Services window select the Universal Plug and Play c...

Страница 214: ...section shows you how to use the UPnP feature in Windows XP You must already have UPnP installed in Windows XP and UPnP activated on the Prestige Make sure the computer is connected to a LAN port of...

Страница 215: ...W Series User s Guide 215 Chapter 17 Universal Plug and Play UPnP Figure 99 Network Connections 3 In the Internet Connection Properties window click Settings to see the port mappings there were automa...

Страница 216: ...tige 661H HW Series User s Guide Chapter 17 Universal Plug and Play UPnP 216 Figure 100 Internet Connection Properties 4 You may edit or delete the port mappings or click Add to manually add port mapp...

Страница 217: ...perties Advanced Settings Figure 102 Internet Connection Properties Advanced Settings Add 5 When the UPnP enabled device is disconnected from your computer all port mappings will be deleted automatica...

Страница 218: ...nection Status Web Configurator Easy Access With UPnP you can access the web based configurator on the Prestige without finding out the IP address of the Prestige first This comes helpful if you do no...

Страница 219: ...niversal Plug and Play UPnP Figure 105 Network Connections 4 An icon with the description for each UPnP enabled device displays under Local Network 5 Right click on the icon for your Prestige and sele...

Страница 220: ...Play UPnP 220 Figure 106 Network Connections My Network Places 6 Right click on the icon for your Prestige and select Properties A properties window displays with basic information about the Prestige...

Страница 221: ...Prestige 661H HW Series User s Guide 221 Chapter 17 Universal Plug and Play UPnP...

Страница 222: ...rors attacks access control and attempted access to blocked web sites Some categories such as System Errors consist of both logs and alerts You may differentiate them by their color in the View Log sc...

Страница 223: ...Log Settings LABEL DESCRIPTION Address Info Mail Server Enter the server name or the IP address of the mail server for the e mail addresses specified below If this field is left blank logs and alert...

Страница 224: ...facility allows you to log the messages to different files in the syslog server Refer to the documentation of your syslog program for more details Send Log Log Schedule This drop down menu is used to...

Страница 225: ...ngs page Time This field displays the time the log was recorded Message This field states the reason for the log Source This field lists the source IP address and the port number of the incoming packe...

Страница 226: ...ll Alert From Prestige Date Fri 07 Apr 2000 10 05 42 From user zyxel com To user zyxel com 1 Apr 7 00 From 192 168 1 1 To 192 168 1 255 default policy forward 09 54 03 UDP src port 00520 dest port 005...

Страница 227: ...Prestige 661H HW Series User s Guide 227 Chapter 18 Logs Screens...

Страница 228: ...also allows you to configure the allowed output for an interface to match what the network can handle This helps reduce delays and dropped packets at the next routing device For example you can set t...

Страница 229: ...ndwidth Allocation Bandwidth management allows you to define how much bandwidth each class gets however the actual bandwidth allotted to each class decreases or increases in proportion to actual avail...

Страница 230: ...lowing example uses bandwidth classes based on LAN subnets and applications specific applications in each subnet are allotted bandwidth Figure 113 Application and Subnet based Bandwidth Management Exa...

Страница 231: ...ss is not using among the bandwidth classes that require more bandwidth When you enable maximize bandwidth usage the Prestige first makes sure that each bandwidth class gets up to its bandwidth allotm...

Страница 232: ...the classes that require more bandwidth Therefore the Prestige divides a total of 3 Mbps total of unbudgeted and unused bandwidth among the classes that require more bandwidth In this case suppose th...

Страница 233: ...ss The Prestige uses the scheduler to divide a parent class s unused bandwidth among the child classes 19 7 1 Maximize Bandwidth Usage With Bandwidth Borrowing If you configure both maximize bandwidth...

Страница 234: ...ies to all traffic flowing out of the router through the interface regardless of the traffic s source Traffic redirect or IP alias may cause LAN to LAN traffic to pass through the Prestige and be mana...

Страница 235: ...cribes the labels in this screen Maximize Bandwidth Usage Select this check box to have the Prestige divide up all of the interface s unallocated and or unused bandwidth among the bandwidth classes th...

Страница 236: ...creen to enable bandwidth management on an interface before you can configure classes for that interface To add a child class click Media Bandwidth Management then Class Setup Click the Add Child Clas...

Страница 237: ...ity The default setting is 3 Borrow bandwidth from parent class Select this option to allow a child class to borrow bandwidth from its parent class if the parent class is not using up its bandwidth bu...

Страница 238: ...configuring the Destination Port Source Port and Protocol ID fields Destination IP Address Enter the destination IP address in dotted decimal notation A blank destination IP address means any destina...

Страница 239: ...Table 74 Services and Port Numbers SERVICES PORT NUMBER Table 75 Media Bandwidth Management Statistics LABEL DESCRIPTION Class Name This field displays the name of the class the statistics page is sho...

Страница 240: ...er from refreshing bandwidth management statistics Clear Counter Click Clear Counter to clear all of the bandwidth management statistics Table 75 Media Bandwidth Management Statistics LABEL DESCRIPTIO...

Страница 241: ...Prestige 661H HW Series User s Guide 241 Chapter 19 Media Bandwidth Management Advanced Setup...

Страница 242: ...web site categories such as pornography gambling etc 20 1 1 TMSS Web Page TMSS is enabled by default on the Prestige so you should see the following screen after you launch your web browser to connec...

Страница 243: ...122 Download ActiveX to View TMSS Web Page 2 In the TMSS web page click Service Summary Figure 123 TMSS Web Page Dashboard 3 Click Activate My Services to begin a 3 step process to activate TMSS Figu...

Страница 244: ...e registration form you will receive an e mail with instructions for validating your e mail address Follow the instructions 7 Download TMSS to each computer behind the Prestige that you want TMSS to m...

Страница 245: ...with TMSS activated Figure 128 Example TMSS Activated Parental Controls Screen After the free trial expires you can buy the Trend micro Internet Security TIS 1 package This package contains anti viru...

Страница 246: ...ecked and to display the status of computers under TMSS monitoring 3 Use the Parental Controls screen to schedule and block web pages based on pre defined web site categories such as pornography gambl...

Страница 247: ...rity Services on your Prestige Security Services Display Interval Automatically display TMSS Web page every Select from the drop down list box how often the TMSS web page appears in your web browser E...

Страница 248: ...estige IP Address This field displays the IP address of a TMSS client computer or Prestige Computer Name This field displays the host name of a TMSS client computer or the Prestige system name Antivir...

Страница 249: ...ve one or it has expired you will see the following message when you access the Parental Controls screen Figure 132 No Parental Controls License If you have completed the TMSS registration process and...

Страница 250: ...Parental Controls Select the check box to enable this feature on your Prestige Blocking Schedule The blocking schedule for TMSS is the same as that used for content filtering web site blocking by key...

Страница 251: ...related paraphernalia Alcohol Tobacco Selecting this category excludes pages that promote or offer the sale alcohol tobacco products or provide the means to create them It also includes pages that gl...

Страница 252: ...Available IP Addresses list box and click Add to move it them to the Selected IP Addresses box Select an IP address es in the Selected IP Addresses list box and click Remove to move it them to the Ava...

Страница 253: ...ser s Guide 253 Chapter 20 Trend Micro Security Services Reset Click Reset to clear all of the fields in this screen Refresh Click Refresh to renew the statistics screen Table 80 Parental Controls Sta...

Страница 254: ...and port traffic statistics 21 1 Maintenance Overview The maintenance screens can help you view system information upload new firmware manage configuration and restart your Prestige 21 2 System Status...

Страница 255: ...Chapter 21 Maintenance Figure 135 System Status The following table describes the fields in this screen Table 81 System Status LABEL DESCRIPTION System Status System Name This is the name of your Pre...

Страница 256: ...y if applicable VPI VCI This is the Virtual Path Identifier and Virtual Channel Identifier that you entered in the first Wizard screen LAN Information MAC Address This is the MAC Media Access Control...

Страница 257: ...NET RFC 1483 and PPPoE Interface This field displays the type of port Status For the WAN port this displays the port speed and duplex setting if you re using Ethernet encapsulation and down line is do...

Страница 258: ...nd MAC Address of all network clients using the DHCP server Figure 137 DHCP Table The following table describes the fields in this screen Poll Interval s Type the time interval for the browser to refr...

Страница 259: ...1 Association List This screen displays the MAC address es of the wireless stations that are currently logged in to the network Click Wireless LAN and then Association List to open the screen shown ne...

Страница 260: ...ssociation List LABEL DESCRIPTION This is the index number of an associated wireless station MAC Address This field displays the MAC Media Access Control address of an associated wireless station Ever...

Страница 261: ...xt Table 86 Diagnostic General LABEL DESCRIPTION TCP IP Address Type the IP address of a computer that you want to ping in order to test a connection Ping Click this button to ping the IP address that...

Страница 262: ...Status Click this button to view ATM status ATM Loopback Test Click this button to start the ATM loopback test Make sure you have configured at least one PVC with proper VPIs VCIs before you begin th...

Страница 263: ...en to upload firmware to your Prestige Figure 142 Firmware Upgrade The following table describes the labels in this screen Note Do not turn off the Prestige while firmware upload is in progress After...

Страница 264: ...t In some operating systems you may see the following icon on your desktop Figure 143 Network Temporarily Disconnected After two minutes log in again and check your new firmware version in the System...

Страница 265: ...Prestige 661H HW Series User s Guide 265 Chapter 21 Maintenance...

Страница 266: ...Prestige 1 In Windows click Start usually in the bottom left corner Run and then type telnet 192 168 1 1 the default IP address and click OK 2 Enter 1234 in the Password field 3 After entering the pas...

Страница 267: ...Profile 11 3 Remote Node Network Layer Options 11 5 Remote Node Filter 11 6 Remote Node ATM Layer Options 11 8 Advance Setup Options PPPoE passthrough 12 Static Routing Setup 12 1 Edit Static Route S...

Страница 268: ...tion 24 7 Upload Firmware 24 7 1 Upload System Firmware 24 7 2 Upload System Configuration File 24 8 Command Interpreter Mode 24 9 Call Control 24 9 1 Budget Management 24 10 Time and Date Setting 24...

Страница 269: ...e to save the new configuration All fields with ChangeMe must not be left blank in order to be able to save the new configuration N A fields N A Some of the fields in the SMT will show a N A This symb...

Страница 270: ...A quick and easy way to set up an Internet connection 11 Remote Node Setup Use this menu to set up the Remote Node for LAN to LAN connection including Internet connection 12 Static Routing Setup Use t...

Страница 271: ...rd field up to 30 characters and press ENTER 5 Re type your new system password in the Retype to confirm field for confirmation and press ENTER Note Note that as you type a password the screen display...

Страница 272: ...Windows 2000 click Start Settings Control Panel and then double click System Click the Network Identification tab and then the Properties button Note the entry for the Computer name field and enter i...

Страница 273: ...location up to 31 characters of your Prestige Contact Person s Name optional Enter the name up to 30 characters of the person in charge of this Prestige Domain Name Enter the domain name if you know...

Страница 274: ...f your dynamic DNS service provider Active Press SPACE BAR to select Yes and then press ENTER to make dynamic DNS active Host Enter the domain name assigned to your Prestige by your dynamic DNS provid...

Страница 275: ...Prestige 661H HW Series User s Guide 275 Chapter 23 Menu 1 General Setup...

Страница 276: ...Fail Tolerance 0 Recovery Interval sec 0 ICMP Timeout sec 0 Traffic Redirect No Press ENTER to Confirm or ESC to Cancel Table 95 Menu 2 WAN Backup Setup FIELD DESCRIPTION Check Mechanism Press SPACE...

Страница 277: ...ime if your destination IP address handles lots of traffic ICMP Timeout Type the number of seconds for an ICMP session to wait for the ICMP response Traffic Redirect Press SPACE BAR to select Yes or N...

Страница 278: ...with the lowest cost RIP routing uses hop count as the measurement of cost with a minimum of 1 for directly connected networks The number must be between 1 and 15 a number greater than 15 means the l...

Страница 279: ...Prestige 661H HW Series User s Guide 279 Chapter 24 Menu 2 WAN Backup Setup...

Страница 280: ...apply to the Ethernet traffic You seldom need to filter Ethernet traffic however the filter sets may be useful to block certain packets reduce traffic and prevent security breaches Figure 152 Menu 3...

Страница 281: ...m the main menu to display Menu 3 LAN Setup When menu 3 appears press 2 and press ENTER to display Menu 3 2 TCP IP and DHCP Ethernet Setup as shown next Figure 153 Menu 3 2 TCP IP and DHCP Ethernet Se...

Страница 282: ...e DHCP Serve If Relay is selected in the DHCP field above then enter the IP address of the actual remote DHCP server here Table 98 TCP IP Ethernet Setup FIELD DESCRIPTION TCP IP Setup IP Address Enter...

Страница 283: ...Prestige 661H HW Series User s Guide 283 Chapter 25 Menu 3 LAN Setup...

Страница 284: ...eless LAN Setup The following table describes the fields in this menu Menu 3 5 Wireless LAN Setup ESSID Wireless Hide ESSID No Channel ID CH06 2437MHz RTS Threshold 2432 Frag Threshold 2432 WEP Disabl...

Страница 285: ...provides data encryption to prevent wireless stations from accessing data transmitted over the wireless network Select Disable allows wireless stations to communicate with the access points without an...

Страница 286: ...00 00 00 00 11 00 00 00 00 00 00 23 00 00 00 00 00 00 12 00 00 00 00 00 00 24 00 00 00 00 00 00 Enter here to CONFIRM or ESC to CANCEL Table 100 Menu 3 5 1 WLAN MAC Address Filtering FIELD DESCRIPTIO...

Страница 287: ...Prestige 661H HW Series User s Guide 287 Chapter 26 Wireless LAN Setup...

Страница 288: ...ng based on the policy defined by the network administrator Policy based routing is applied to incoming packets on a per interface basis prior to the normal routing Create policies using SMT menu 25 a...

Страница 289: ...e the second and third network Figure 157 Menu 3 2 TCP IP and DHCP Setup Pressing ENTER displays Menu 3 2 1 IP Alias Setup as shown next Menu 3 2 TCP IP and DHCP Setup DHCP Setup DHCP Server Client IP...

Страница 290: ...FIELD DESCRIPTION IP Alias Choose Yes to configure the LAN network for the Prestige IP Address Enter the IP address of your Prestige in dotted decimal notation IP Subnet Mask Your Prestige will automa...

Страница 291: ...are using ENET ENCAP encapsulation From the main menu type 4 to display Menu 4 Internet Access Setup as shown next Figure 160 Menu 4 Internet Access Setup The following table contains instructions on...

Страница 292: ...s the mean cell rate of a bursty on off traffic source that can be sent at the peak rate and a parameter for burst traffic Type the SCR it must be less than the PCR Maximum Burst Size MBS 0 Refers to...

Страница 293: ...Prestige 661H HW Series User s Guide 293 Chapter 27 Internet Access...

Страница 294: ...ss you are configuring one of the remote nodes You first choose a remote node in Menu 11 Remote Node Setup You can then edit that node s profile in menu 11 1 as well as configure specific settings in...

Страница 295: ...tion Here are some examples of more suitable combinations in such an application 28 2 2 1 Scenario 1 One VC Multiple Protocols PPPoA RFC 2364 encapsulation with VC based multiplexing is the best combi...

Страница 296: ...nu 11 Encapsulation PPPoA refers to RFC 2364 PPP Encapsulation over ATM Adaptation Layer 5 If RFC 1483 Multiprotocol Encapsulation over ATM Adaptation Layer 5 of ENET ENCAP are selected then the Rem L...

Страница 297: ...Yes and press ENTER to display Menu 11 8 Advance Setup Options Telco Option Allocated Budget min This sets a ceiling for outgoing call time for this remote node The default for this field is 0 meaning...

Страница 298: ...Table 104 Menu 11 3 Remote Node Network Layer Options FIELD DESCRIPTION IP Address Assignment Press SPACE BAR and then ENTER to select Dynamic if the remote node is using a dynamically assigned IP add...

Страница 299: ...ost for this link The number need not be precise but it must be between 1 and 15 In practice 2 or 3 is usually a good number Private This determines if the Prestige will include the route to this remo...

Страница 300: ...the Prestige and also to prevent certain packets from triggering calls You can specify up to 4 filter sets separated by comma for example 1 5 9 12 in each filter field Note that spaces are accepted i...

Страница 301: ...example VC1 will carry IP Separate VPI and VCI numbers must be specified for each protocol Figure 167 Menu 11 6 for VC based Multiplexing 28 5 2 LLC based Multiplexing or PPP Encapsulation For LLC ba...

Страница 302: ...elect Yes then press ENTER to display Menu 11 8 Advance Setup Options Menu 11 6 Remote Node ATM Layer Options VPI VCI LLC Multiplexing or PPP Encapsulation VPI 0 VCI 38 ATM QoS Type UBR Peak Cell Rate...

Страница 303: ...ient you can enable PPPoE pass through to allow up to ten hosts on the LAN to use PPPoE client software on their computers to connect to the ISP via the Prestige Each host can have a separate account...

Страница 304: ...Each remote node specifies only the network to which the gateway is directly connected and the Prestige has no knowledge of the networks beyond For instance the Prestige knows about network N2 in the...

Страница 305: ...Static Route Menu 12 Static Route Setup 1 IP Static Route 3 Bridge Static Route Please enter selection Menu 12 1 IP Static Route Setup 1 ________ 2 ________ 3 ________ 4 ________ 5 ________ 6 _______...

Страница 306: ...s destination Gateway IP Address Type the IP address of the gateway The gateway is a router or switch on the same network segment as the device s LAN or WAN port The gateway helps forward packets to t...

Страница 307: ...Prestige 661H HW Series User s Guide 307 Chapter 29 Static Route Setup...

Страница 308: ...yer protocol and it also demands more CPU cycles and memory For efficiency reasons do not turn on bridging unless you need to support protocols other than IP on your network For IP enable the routing...

Страница 309: ...on Options Authen N A Edit Filter Sets No Idle Timeout sec N A Press ENTER to Confirm or ESC to Cancel Menu 11 3 Remote Node Network Layer Options IP Options Bridge Options IP Address Assignment Stati...

Страница 310: ...Cancel Table 108 Menu 12 3 1 Edit Bridge Static Route FIELD DESCRIPTION Route This is the route index number you typed in Menu 12 3 Bridge Static Route Setup Route Name Type a name for the bridge sta...

Страница 311: ...Prestige 661H HW Series User s Guide 311 Chapter 30 Bridging Setup...

Страница 312: ...ports two types of mapping Many to One and Server See Section 31 3 on page 314 or a detailed description of the NAT set for SUA The Prestige also supports Full Feature NAT to map multiple global IP ad...

Страница 313: ...e options for Network Address Translation Menu 4 Internet Access Setup ISP s Name MyISP Encapsulation RFC 1483 Multiplexing LLC based VPI 8 VCI 35 ATM QoS Type UBR Peak Cell Rate PCR 0 Sustain Cell Ra...

Страница 314: ...ther information on these menus To configure NAT enter 15 from the main menu to bring up the following screen Figure 180 Menu 15 NAT Setup 31 3 1 Address Mapping Sets Enter 1 to bring up Menu 15 1 Add...

Страница 315: ...ead only Menu 15 1 Address Mapping Sets 1 2 3 4 5 6 7 8 255 SUA read only Enter Menu Selection Number Menu 15 1 255 Address Mapping Rules Set Name Idx Local Start IP Local End IP Global Start IP Globa...

Страница 316: ...al End IP is the ending local IP address ILA If the rule is for all local IPs then the Start IP is 0 0 0 0 and the End IP is 255 255 255 255 Global Start IP This is the starting global IP address IGA...

Страница 317: ...field and then selecting a rule brings up the following menu Menu 15 1 1 1 Address Mapping Rule in which you can edit an individual rule and configure the Type Local and Global Start End IPs An End IP...

Страница 318: ...the starting local IP address ILA End This is the ending local IP address ILA If the rule is for all local IPs then put the Start IP as 0 0 0 0 and the End IP as 255 255 255 255 This field is N A for...

Страница 319: ...acting as an FTP Telnet and SMTP server ports 21 23 and 25 at 192 168 1 33 6 Press ENTER at the Press ENTER to confirm prompt to save your configuration after you define all the servers or press ESC a...

Страница 320: ...the Many to One mapping discussed in Section 31 5 on page 319 The SUA Only read only option from the Network Address Translation field in menus 4 and 11 3 is specifically pre configured to handle thi...

Страница 321: ...se the other IGA Map the FTP servers to the first two IGAs and the other LAN traffic to the remaining IGA Map the third IGA to an inside web server and mail server Four rules need to be configured two...

Страница 322: ...choose the Full Feature option from the Network Address Translation field in menu 4 or menu 11 3 inFigure 193 on page 323 1 Enter 15 from the main menu 2 Enter 1 to configure the Address Mapping Sets...

Страница 323: ...ions IP Address Assignment Static Ethernet Addr Timeout min 0 Rem IP Addr 0 0 0 0 Rem Subnet Mask 0 0 0 0 My WAN Addr 0 0 0 0 NAT Full Feature Address Mapping Set 2 Metric 2 Private No RIP Direction B...

Страница 324: ...ng Rules Set Name Example3 Idx Local Start IP Local End IP Global Start IP Global End IP Type 1 192 168 1 10 10 132 50 1 1 1 2 192 168 1 11 10 132 50 2 1 1 3 0 0 0 0 255 255 255 255 10 132 50 3 M 1 4...

Страница 325: ...s some gaming programs are NAT unfriendly because they embed addressing information in the data stream These applications won t work through NAT even when using One to One and Many to Many No Overload...

Страница 326: ...e 4 Menu 15 1 1 Address Mapping Rules Menu 15 1 1 Address Mapping Rules Set Name Example4 Idx Local Start IP Local End IP Global Start IP Global End IP Type 1 192 168 1 10 192 168 1 12 10 132 50 1 10...

Страница 327: ...Prestige 661H HW Series User s Guide 327 Chapter 31 Network Address Translation NAT...

Страница 328: ...comprehensive firewall configuration tool your Prestige has to offer For this reason it is recommended that you configure your firewall using the web configurator see the following chapters for instru...

Страница 329: ...OS attacks when it is active The default Policy sets 1 allow all sessions originating from the LAN to the WAN and 2 deny all sessions originating from the WAN to the LAN You may define additional Poli...

Страница 330: ...the WAN side or the Ethernet side Call filtering is used to determine if a packet should be allowed to trigger a call Outgoing packets must undergo data filtering before they encounter call filtering...

Страница 331: ...ncoming packets your Prestige applies data filters only Packets are processed depending on whether a match is found The following sections describe how to configure filter sets 33 1 1 The Filter Struc...

Страница 332: ...et 1 in menu 21 1 Figure 204 NetBIOS_WAN Filter Rules Summary Menu 21 1 Filter Set Configuration Filter Set Comments Set Comments 1 _______________ 7 _______________ 2 _______________ 8 ______________...

Страница 333: ...fff Value 01005e N D F 2 N 3 N 4 N 5 N 6 N Enter Filter Rule Number 1 6 to Configure Table 113 Abbreviations Used in the Filter Rules Summary Menu FIELD DESCRIPTION The filter rule number 1 to 6 A Act...

Страница 334: ...of a filter set is determined by the first rule that you create When applying the filter sets to a port separate menu fields are provided for protocol and device filter sets If you include a protocol...

Страница 335: ...NTER to Confirm or ESC to Cancel Table 115 Menu 21 1 x 1 TCP IP Filter Rule FIELD DESCRIPTION Filter This is the filter set filter rule coordinates for instance 2 3 refers to the second filter set and...

Страница 336: ...ies only when the IP Protocol field is 6 TCP If Yes the rule matches packets that want to establish TCP connection s SYN 1 and ACK 0 else it is ignored More If Yes a matching packet is passed to the n...

Страница 337: ...figuration Figure 208 Executing an IP Filter 33 4 2 Generic Filter Rule This section shows you how to configure a generic filter rule The purpose of generic rules is to allow you to filter non IP pack...

Страница 338: ...tive No Offset 0 Length 0 Mask N A Value N A More No Log None Action Matched Check Next Rule Action Not Matched Check Next Rule Press ENTER to Confirm or ESC to Cancel Table 116 Menu 21 1 5 1 Generic...

Страница 339: ...e is receiving and sending the packets for instance the interface The interface can be an Ethernet or any other hardware port The following figure illustrates this Figure 210 Protocol and Device Filte...

Страница 340: ...rule Make the entries in this menu as shown next When you press ENTER to confirm the following screen appears Note that there is only one filter rule in this set Figure 212 Menu 21 1 6 1 Sample Filter...

Страница 341: ...ter Rules Summary 33 7 Applying Filters and Factory Defaults This section shows you where to apply the filter s after you design it them Sets of factory default filter rules have been configured in me...

Страница 342: ...affic 33 7 2 Remote Node Filters Go to menu 11 5 shown next and type the number s of the filter set s as appropriate You can cascade up to four filter sets by typing their numbers separated by commas...

Страница 343: ...Prestige 661H HW Series User s Guide 343 Chapter 33 Filter Configuration...

Страница 344: ...network The Prestige supports SNMP version one SNMPv1 and version two c SNMPv2c The next figure illustrates an SNMP management operation SNMP is only available if TCP IP is configured Figure 216 SNMP...

Страница 345: ...retrieve an object variable from the agent GetNext Allows the manager to retrieve the next object variable from a table or list within an agent In SNMPv1 when a manager wants to retrieve all elements...

Страница 346: ...ment station Trusted Host If you enter a trusted host your Prestige will only respond to SNMP messages from this address A blank default field means your Prestige will respond to all SNMP messages it...

Страница 347: ...rd 6 whyReboot defined in ZYXEL MIB A trap is sent with the reason of restart before rebooting when the system is going to restart warm start 6a For intentional reboot A trap is sent with the message...

Страница 348: ...word Enter 23 in the main menu to display Menu 23 System Security You should change the default password If you forget your password you have to restore the default configuration file Figure 218 Menu...

Страница 349: ...ion Shared Secret Specify a password up to 31 alphanumeric characters as the key to be shared between the external authentication server and the access points The key is not sent over the network This...

Страница 350: ...ystem Security IEEE 802 1x Figure 221 Menu 23 4 System Security IEEE 802 1x The following table describes the fields in this menu Menu 23 System Security 1 Change Password 2 RADIUS Server 4 IEEE802 1x...

Страница 351: ...namic WEP Key Exchange This field is activated only when you select Authentication Required in the Wireless Port Control field Also set the Authentication Databases field to RADIUS Only Local user dat...

Страница 352: ...base with 802 1x Key Management Protocol Select Local User Database Only to have the Prestige just check the built in user database on the Prestige for a wireless station s username and password Selec...

Страница 353: ..._ 22 ________ 30 ________ 7 ________ 15 ________ 23 ________ 31 ________ 8 ________ 16 ________ 24 ________ 32 ________ Enter Menu Selection Number Menu 14 1 Edit Dial in User User Name test Active Ye...

Страница 354: ...gives you information on the status and statistics of the ports as shown next System Status is a tool that can be used to monitor your Prestige Specifically it gives you information on your DSL teleph...

Страница 355: ...peed 0 kbps CPU Load 2 17 Downstream Speed 0 kbps Press Command COMMANDS 1 Reset Counters ESC Exit Table 124 Menu 24 1 System Maintenance Status FIELD DESCRIPTION Node Lnk This is the node index numbe...

Страница 356: ...t Speed 36 3 1 System Information Enter 1 in menu 24 2 to display the screen shown next WAN This shows statistics for the WAN Line Status This shows the current status of the xDSL line which can be Up...

Страница 357: ...0 c5 99 96 23 IP Address 192 168 1 1 IP Mask 255 255 255 0 DHCP Server Press ESC or RETURN to Exit Table 125 Menu 24 2 1 System Maintenance Information FIELD DESCRIPTION Name Displays the system name...

Страница 358: ...omething goes wrong is the error log Follow the procedures to view the local error trace log 1 Type 24 in the main menu to display Menu 24 System Maintenance 2 From menu 24 type 3 to display Menu 24 3...

Страница 359: ...task pause 1 day 57 Sat Jan 01 00 00 03 2000 PP21 INFO monitoring WAN connectivity 58 Sat Jan 01 00 03 06 2000 PP19 INFO SMT Password pass 59 Sat Jan 01 00 03 06 2000 PP01 INFO SMT Session Begin 60 S...

Страница 360: ...C02 OutCall Connected 64000 40002 Jul 19 11 20 06 192 168 102 2 ZYXEL board 0 line 0 channel 0 call 1 C02 Call Terminated 2 Packet Triggered SdcmdSyslogSend SYSLOG_PKTTRI SYSLOG_NOTICE String String P...

Страница 361: ...3 55 192 168 102 2 ZYXEL IP Src 202 132 154 123 Dst 255 255 255 255 UDP spo 0208 dpo 0208 S03 R01mF Jul 19 14 44 00 192 168 102 2 ZYXEL IP Src 192 168 102 20 Dst 202 132 154 1 UDP spo 05d4 dpo 0035 S0...

Страница 362: ...nance Menu Diagnostic FIELD DESCRIPTION Reset xDSL Re initialize the xDSL link to the telephone company Ping Host Ping the host to see if the links and TCP IP protocol on both systems are working Rebo...

Страница 363: ...Prestige 661H HW Series User s Guide 363 Chapter 36 System Information and Diagnosis...

Страница 364: ...me of your choosing ZyNOS ZyXEL Network Operating System sometimes referred to as the ras file is the system firmware and has a bin filename extension With many FTP and TFTP clients the filenames are...

Страница 365: ...commended once your Prestige is functioning properly FTP is the preferred methods for backing up your current configuration to your computer since they are faster Any serial communications program sho...

Страница 366: ...renames it config rom See earlier in this chapter for more information on filename conventions 7 Enter quit to exit the ftp prompt 37 2 3 Example of FTP Commands from the Command Line Menu 24 5 System...

Страница 367: ...ole session running 331 Enter PASS command Password 230 Logged in ftp bin 200 Type I OK ftp get rom 0 zyxel rom 200 Port command okay 150 Opening data connection for STOR ras 226 File received OK ftp...

Страница 368: ...ile transfer is complete 4 Launch the TFTP client on your computer and connect to the Prestige Set the transfer mode to binary before starting data transfer 5 Use the TFTP client see the example below...

Страница 369: ...start after the file transfer is complete Note Do not interrupt the file transfer process as this may PERMANENTLY DAMAGE YOUR Prestige 37 3 1 Restore Using FTP For details about backup using T FTP ple...

Страница 370: ...er to Section 37 2 5 on page 367 to read about configurations that disallow TFTP and FTP over WAN Menu 24 6 System Maintenance Restore Configuration To transfer the firmware and configuration file to...

Страница 371: ...firmware and the configuration file using FTP Figure 238 Telnet Into Menu 24 7 1 Upload System Firmware 37 4 2 Configuration File Upload You see the following screen when you telnet into menu 24 7 2...

Страница 372: ...sfers the configuration file on the Prestige to your computer and renames it config rom See earlier in this chapter for more information on filename conventions 7 Enter quit to exit the ftp prompt The...

Страница 373: ...t the SMT in command interpreter CI mode by entering 8 in Menu 24 System Maintenance 3 Enter the command sys stdio 0 to disable the console timeout so the TFTP transfer will not be interrupted Enter s...

Страница 374: ...ras where i specifies binary image transfer mode use this mode when transferring binary files host is the Prestige s IP address and put transfers the file source on the computer firmware bin name of...

Страница 375: ...Prestige 661H HW Series User s Guide 375 Chapter 37 Firmware and Configuration File Maintenance...

Страница 376: ...tion on CI commands Enter 8 from Menu 24 System Maintenance A list of valid commands can be found by typing help or at the command prompt Type exit to return to the SMT main menu when finished Figure...

Страница 377: ...xceeds the limit the current call will be dropped and any future outgoing calls will be blocked To access the call control menu select option 9 in menu 24 to go to Menu 24 9 System Maintenance Call Co...

Страница 378: ...y or get the current time and date from an external server when you turn on your Prestige Menu 24 10 allows you to update the time and date settings of your Prestige The real time is then displayed in...

Страница 379: ...19 Current Date 2000 01 01 New Date yyyy mm dd 2000 01 01 Time Zone GMT Daylight Saving No Start Date mm dd 01 00 End Date mm dd 01 00 Press ENTER to Confirm or ESC to Cancel Table 132 Menu 24 10 Syst...

Страница 380: ...only when you re enter this menu New Date Enter the new date in year month and day format Time Zone Press SPACE BAR and then ENTER to set the time difference between your time zone and Greenwich Mean...

Страница 381: ...Prestige 661H HW Series User s Guide 381 Chapter 38 System Maintenance...

Страница 382: ...n configuring firewall rules 39 2 Remote Management To disable remote management of a service select Disable in the corresponding Server Access field Enter 11 from menu 24 to display Menu 24 11 Remote...

Страница 383: ...ss LAN only Secured Client IP 0 0 0 0 FTP Server Server Port 21 Server Access LAN only Secured Client IP 0 0 0 0 Web Server Server Port 80 Server Access LAN only Secured Client IP 0 0 0 0 Press ENTER...

Страница 384: ...ddress when configuring from the LAN 39 4 System Timeout There is a default system management idle timeout of five minutes three hundred seconds The Prestige automatically logs you out if the manageme...

Страница 385: ...Prestige 661H HW Series User s Guide 385 Chapter 39 Remote Management...

Страница 386: ...recedence or TOS Type of Service values in the IP header at the periphery of the network to enable the backbone to prioritize traffic Cost Savings IPPR allows organizations to distribute interactive t...

Страница 387: ...n the main menu to open Menu 25 IP Routing Policy Setup 2 Type the index of the policy set you want to configure to open Menu 25 1 IP Routing Policy Setup Menu 25 1 shows the summary of a policy set i...

Страница 388: ...___________________________________________________________ ______________________________________________________________________ 5 N _________________________________________________________________...

Страница 389: ...cies are displayed with a minus sign in SMT menu 25 Criteria IP Protocol IP layer 4 protocol for example UDP TCP ICMP etc Type of Service Prioritize incoming network traffic by choosing from Don t Car...

Страница 390: ...the LAN otherwise the gateway must be the IP address of a remote node The default gateway is specified as 0 0 0 0 Type of Service Set the new TOS value of the outgoing packet Prioritize incoming netwo...

Страница 391: ...cy See the next figure Menu 3 2 TCP IP and DHCP Setup DHCP Setup DHCP Server Client IP Pool Starting Address 192 168 1 33 Size of Client IP Pool 32 Primary DNS Server 0 0 0 0 Secondary DNS Server 0 0...

Страница 392: ...IP route Figure 253 Example of IP Policy Routing To force packets coming from clients with IP addresses of 192 168 1 33 to 192 168 1 64 to be routed to the Internet via the WAN port of the Prestige f...

Страница 393: ...ns any host with protocol TCP and port FTP access through another gateway 192 168 1 100 Menu 25 1 1 IP Routing Policy Policy Set Name set1 Active Yes Criteria IP Protocol 6 Type of Service Don t Care...

Страница 394: ...rt 0 Destination addr start 0 0 0 0 port start 20 Action Matched Gateway addr 192 168 1 100 Type of Service No Change Precedence No Change Packet length 10 Len Comp N A end N A end N A end N A end 21...

Страница 395: ...Prestige 661H HW Series User s Guide 395 Chapter 40 IP Policy Routing...

Страница 396: ...sets take precedence over higher numbered sets thereby avoiding scheduling conflicts For example if sets 1 2 3 and 4 in are applied in the remote node then set 1 will take precedence over set 2 3 and...

Страница 397: ...t Yes or No Choose Yes and press ENTER to activate the schedule set Start Date Enter the start date when you wish the set to take effect in year month date format Valid dates are from the present to 2...

Страница 398: ...means that the connection is blocked whether or not there is a demand call on the line Enable Dial On Demand means that this schedule permits a demand call on the line Disable Dial On Demand means th...

Страница 399: ...Prestige 661H HW Series User s Guide 399 Chapter 41 Call Scheduling...

Страница 400: ...anagement Menu 27 2 SA Monitor allows you to manage refresh or disconnect your SA connections From the main menu enter 27 to display the first VPN menu shown next Figure 260 Menu 27 VPN IPSec Setup 42...

Страница 401: ...tart When the Addr Type field in Menu 27 1 1 IPSec Setup is configured to Single this is a static IP address on the LAN behind your Prestige When the Addr Type field in Menu 27 1 1 IPSec Setup is conf...

Страница 402: ...k When the Addr Type field in Menu 27 1 1 IPSec Setup is configured to Single this is the same static IP address as in the Remote Addr Start field When the Addr Type field in Menu 27 1 1 IPSec Setup i...

Страница 403: ...m tw Protocol 0 DNS Server 0 0 0 0 Local Addr Type SINGLE IP Addr Start 1 1 1 1 End Subnet Mask N A Port Start 0 End N A Remote Addr Type SUBNET IP Addr Start 4 4 4 4 End Subnet Mask 255 255 0 0 Port...

Страница 404: ...dress Select DNS to identify the remote IPSec router by a domain name Select E mail to identify the remote IPSec router by an e mail address Content When you select IP in the Peer ID Type field type t...

Страница 405: ...create a VPN tunnel if you try to connect using a port number that does not match this port number or range of port numbers Some of the most common IP ports are 21 FTP 53 DNS 23 Telnet 80 HTTP 25 SMTP...

Страница 406: ...End Enter a port number in this field to define a port range This port number must be greater than that specified in the previous field This field is N A when 0 is configured in the Port Start field...

Страница 407: ...key You will receive a PYLD_MALFORMED payload malformed packet if the same pre shared key is not used on both ends Encryption Algorithm The Prestige and the remote IPSec router generate an encryption...

Страница 408: ...Press SPACE BAR to choose from NULL DES 3DES or AES and then press ENTER Select NULL to set up a tunnel without encryption Authentication Algorithm Press SPACE BAR to choose from SHA1 or MD5 and then...

Страница 409: ...en you choose DES and fill in fields Key1 to Key3 when you choose 3DES Select NULL to set up a tunnel without encryption When you select NULL you do not enter any encryption keys Key1 Enter a unique e...

Страница 410: ...cable The key must be unique Enter 16 characters for MD5 authentication and 20 characters for SHA 1 authentication Any character may be used including spaces but trailing spaces are truncated When you...

Страница 411: ...Prestige 661H HW Series User s Guide 411 Chapter 42 VPN IPSec Setup...

Страница 412: ...bound traffic but no inbound traffic the SA times out automatically after two minutes A tunnel with no outbound or inbound traffic is idle and does not timeout until the SA lifetime period expires See...

Страница 413: ...d by the remote IP address as configured in Menu 27 1 1 IPSec Setup Individual connections using the same VPN rule may be terminated without affecting other connections using the same rule Encap This...

Страница 414: ...ive VPN connections None allows you to jump to the Press ENTER to Confirm prompt Select Next Page or Previous Page to view the next or previous page of rules respectively Select Connection Type the VP...

Страница 415: ...Prestige 661H HW Series User s Guide 415 Chapter 43 SA Monitor...

Страница 416: ...appropriate power source Make sure that the Prestige and the power source are both turned on Turn the Prestige off and on If the error persists you may have a hardware problem In this case you should...

Страница 417: ...e MAC address or the host name The username and password apply to PPPoE and PPPoA encapsulation only Make sure that you have entered the correct Service Type User Name and Password be sure to use the...

Страница 418: ...rd and Username fields are case sensitive Make sure that you enter the correct password and username using the proper casing If you have changed the password and have now forgotten it you will need to...

Страница 419: ...k pop ups check box in the Pop up Blocker section of the screen This disables any web pop up blockers you may have enabled Figure 267 Internet Options 3 Click Apply to save this setting 44 4 1 1 2 Ena...

Страница 420: ...Troubleshooting 420 Figure 268 Internet Options 3 Type the IP address of your device the web page that you do not want to have blocked with the prefix http For example http 192 168 1 1 4 Click Add to...

Страница 421: ...ings 5 Click Close to return to the Privacy screen 6 Click Apply to save this setting 44 4 1 2 JavaScripts If pages of the web configurator do not display properly in Internet Explorer check that Java...

Страница 422: ...Figure 270 Internet Options 2 Click the Custom Level button 3 Scroll down to Scripting 4 Under Active scripting make sure that Enable is selected the default 5 Under Scripting of Java applets make sur...

Страница 423: ...ettings Java Scripting 44 4 1 3 Java Permissions 1 From Internet Explorer click Tools Internet Options and then the Security tab 2 Click the Custom Level button 3 Scroll down to Microsoft VM 4 Under J...

Страница 424: ...roubleshooting 424 Figure 272 Security Settings Java 44 4 1 3 1 JAVA Sun 1 From Internet Explorer click Tools Internet Options and then the Advanced tab 2 make sure that Use Java 2 for applet under Ja...

Страница 425: ...e to download ActiveX controls or to use Trend Micro Security Services Make sure that ActiveX controls are allowed in Internet Explorer Screen shots for Internet Explorer 6 are shown Steps may vary de...

Страница 426: ...igure 274 Internet Options Security 3 Scroll down to ActiveX controls and plug ins 4 Under Download signed ActiveX controls select the Prompt radio button 5 Under Run ActiveX controls and plug ins mak...

Страница 427: ...Prestige 661H HW Series User s Guide 427 Chapter 44 Troubleshooting Figure 275 Security Setting ActiveX Controls...

Страница 428: ...fault IP Address 192 168 1 1 Default Subnet Mask 255 255 255 0 24 bits Default Password 1234 DHCP Pool 192 168 1 32 to 192 168 1 64 Dimensions 180 W x 128 D x 36 H mm Weight P 661HW 350g P 661H 325g P...

Страница 429: ...d multiplexing Up to 8 PVCs Permanent Virtual Circuits I 610 F4 F5 OAM Other Protocol Support PPP Point to Point Protocol link layer protocol Transparent bridging for unsupported network layer protoco...

Страница 430: ...s server using EAP MD5 TLS TTLS Firewall Stateful Packet Inspection Prevent Denial of Service attacks such as Ping of Death SYN Flood LAND Smurf etc Real time E mail alerts Reports and logs NAT SUA Po...

Страница 431: ...Prestige 661H HW Series User s Guide 431 Appendix A...

Страница 432: ...ws 3 1 requires the purchase of a third party TCP IP application package TCP IP should already be installed on computers using Windows NT 2000 XP Macintosh OS 7 and later operating systems After the a...

Страница 433: ...t for Microsoft Networks If you need the adapter 1 In the Network window click Add 2 Select Adapter and then click Add 3 Select the manufacturer and model of your network adapter and then click OK If...

Страница 434: ...ork adapter s TCP IP entry and click Properties 2 Click the IP Address tab If your IP address is dynamic select Obtain an IP address automatically If you have a static IP address select Specify an IP...

Страница 435: ...nd close the TCP IP Properties window 6 Click OK to close the Network window Insert the Windows CD if prompted 7 Turn on your Prestige and restart your computer when prompted Verifying Settings 1 Clic...

Страница 436: ...Computer s IP Address 436 Figure 279 Windows XP Start Menu 2 In the Control Panel double click Network Connections Network and Dial up Connections in Windows 2000 NT Figure 280 Windows XP Control Pane...

Страница 437: ...rk Connections Properties 4 Select Internet Protocol TCP IP under the General tab in Win XP and then click Properties Figure 282 Windows XP Local Area Connection Properties 5 The Internet Protocol TCP...

Страница 438: ...configure additional IP addresses In the IP Settings tab in IP addresses click Add In TCP IP Address type an IP address in IP address and a subnet mask in Subnet mask and then click Add Repeat the abo...

Страница 439: ...ndow the General tab in Windows XP Click Obtain DNS server address automatically if you do not know your DNS server IP address es If you know your DNS server IP address es click Use the following DNS...

Страница 440: ...e Network Connections window Network and Dial up Connections in Windows 2000 NT 11Turn on your Prestige and restart your computer if prompted Verifying Settings 1 Click Start All Programs Accessories...

Страница 441: ...Setting up Your Computer s IP Address Figure 286 Macintosh OS 8 9 Apple Menu 2 Select Ethernet built in from the Connect via list Figure 287 Macintosh OS 8 9 TCP IP 3 For dynamically assigned setting...

Страница 442: ...6 Click Save if prompted to save changes to your configuration 7 Turn on your Prestige and restart your computer if prompted Verifying Settings Check your TCP IP properties in the TCP IP Control Panel...

Страница 443: ...llowing From the Configure box select Manually Type your IP address in the IP Address box Type your subnet mask in the Subnet mask box Type the IP address of your Prestige in the Router address box 5...

Страница 444: ...address the first two octets make up the network number and the two remaining octets make up the host ID Class C addresses begin starting from the left with 1 1 0 In a class C address the first three...

Страница 445: ...f the host ID Subnet masks are expressed in dotted decimal notation just as IP addresses are The natural masks for class A B and C IP addresses are as follows Subnetting With subnetting the class arra...

Страница 446: ...ddress 192 168 1 0 with subnet mask of 255 255 255 0 The first three octets of the address make up the network number class C You want to have two separate networks Divide the network 192 168 1 0 into...

Страница 447: ...128 is the directed broadcast address for the first subnet Therefore the lowest IP address that can be assigned to an actual host for the first subnet is 192 168 1 1 and the highest is 192 168 1 126 S...

Страница 448: ...IP Address Binary 11000000 10101000 00000001 00000000 Subnet Mask Binary 11111111 11111111 11111111 11000000 Subnet Address 192 168 1 0 Lowest Host ID 192 168 1 1 Broadcast Address 192 168 1 63 Highes...

Страница 449: ...nary 11111111 11111111 11111111 11000000 Subnet Address 192 168 1 192 Lowest Host ID 192 168 1 193 Broadcast Address 192 168 1 255 Highest Host ID 192 168 1 254 Table 160 Eight Subnets SUBNET SUBNET A...

Страница 450: ...e for subnetting The following table is a summary for class B subnet planning Table 162 Class B Subnet Planning NO BORROWED HOST BITS SUBNET MASK NO SUBNETS NO HOSTS PER SUBNET 1 255 255 128 0 17 2 32...

Страница 451: ...Prestige 661H HW Series User s Guide 451 Appendix C IP Subnetting...

Страница 452: ...le Prestige boot module commands as shown in the next screen ATBAx allows you to change the console port speed The x denotes the number preceding the colon to give the console port speed following the...

Страница 453: ...a ATDUx y dump memory contents from address x for length y ATRBx display the 8 bit value of address x ATRWx display the 16 bit value of address x ATRLx display the 32 bit value of address x ATGO x run...

Страница 454: ...the unit and possibly render it unusable Command Syntax The command keywords are in courier new font Enter the command keywords exactly as shown do not abbreviate The required fields in a command are...

Страница 455: ...Prestige 661H HW Series User s Guide 455 Appendix E Command Interpreter...

Страница 456: ...and the sets rules config display firewall set set This command shows the current configuration of a set including timeout values name default permit and etc If you don t put use a number after set in...

Страница 457: ...il minute 0 59 This command sets the minute of the hour for the firewall log to be sent via e mail if the Prestige is set to send it on a hourly daily or weekly basis Attack config edit firewall attac...

Страница 458: ...ified set Config edit firewall set set default permit forward block This command sets whether a packet is dropped or allowed through when it does not meet a rule within the set Config edit firewall se...

Страница 459: ...ge sends an alert e mail when a DOS attack or a violation of a particular rule occurs config edit firewall set set rule rule srcaddr single ip address This command sets the rule to have the Prestige c...

Страница 460: ...rewall set set rule rule UDP destport single port This command sets a rule to have the Prestige check for UDP traffic with this destination address You may repeat this command to enter various non con...

Страница 461: ...Prestige 661H HW Series User s Guide 461 Appendix F Firewall Commands...

Страница 462: ...he LAN to the WAN and from the WAN to the LAN Allow or disallow the sending of NetBIOS packets from the LAN to the DMZ and from the DMZ to the LAN Allow or disallow the sending of NetBIOS packets from...

Страница 463: ...l This field displays whether NetBIOS packets are allowed to initiate calls Disabled means that NetBIOS packets are blocked from initiating calls Disabled type Identify which NetBIOS filter numbered 0...

Страница 464: ...Prestige 661H HW Series User s Guide Appendix G NetBIOS Filter Commands 464...

Страница 465: ...Prestige 661H HW Series User s Guide 465 Appendix G NetBIOS Filter Commands...

Страница 466: ...o not manually create any static IP routes for the remote VPN site They are not required Dynamic IPSec Rule Create a dynamic rule by setting the Secure Gateway Address to 0 0 0 0 A single dynamic rule...

Страница 467: ...ocal Remote IP Address Start settings with your own values VPN Configuration via Web Configurator This section gives a VPN rule configuration example using the web configurator 1 Click VPN to display...

Страница 468: ...Prestige 661H HW Series User s Guide Appendix H VPN Setup 468 Figure 293 Headquarters VPN Rule Edit IP addresses on different subnets The IP address of the branch office IPSec router...

Страница 469: ...HW Series User s Guide 469 Appendix H VPN Setup Figure 294 Branch Office VPN Rule Edit Dialing the VPN Tunnel via Web Configurator IP addresses on different subnets The IP address of the headquarters...

Страница 470: ...ick the dial icon in the VPN Rules screen s Modify column to have the IPSec routers set up the tunnel 1 Figure 295 VPN Rule Configured The following screen displays Figure 296 VPN Dial This screen dis...

Страница 471: ...er 27 to display the first VPN menu shown next Figure 298 Menu 27 VPN IPSec Setup 2 Type 1 in menu 27 and then press ENTER to display Menu 27 1 IPSec Summary This is a summary read only menu of your I...

Страница 472: ...Cancel Press Space Bar to Toggle Menu 27 1 1 IPSec Setup Index 1 Name BRANCH Active Yes Keep Alive Yes Nat Traversal No Local ID type E MAIL Content test example com My IP Addr 0 0 0 0 Peer ID type E...

Страница 473: ...ctly the same on both IPSec routers Use a simple key and or copy and paste the setting into the other IPSec router to avoid typos Menu 27 1 1 IPSec Setup Index 1 Name HQ Active Yes Keep Alive Yes Nat...

Страница 474: ...t one of the IPSec routers The following steps will help you to rapidly identify and correct configuration problems Log into the SMTs of both ZyXEL IPSec routers via telnet Position the telnet windows...

Страница 475: ...E Send HASH 2 09 21 2004 05 45 08 172 21 3 43 172 21 3 185 IKE Adjust TCP MSS to 1398 3 09 21 2004 05 45 07 172 21 3 185 172 21 3 43 IKE Recv HASH SA NONCE ID ID 4 09 21 2004 05 45 07 172 21 3 43 172...

Страница 476: ...0 Disable 1 Original on off 2 IKE on off 3 IPSec SPI on off 4 XAUTH on off 5 CERT on off 6 All ras ipsec debug level 0 None 1 User 2 Low 3 High ras ipsec debug type 1 on ras ipsec debug type 2 on ras...

Страница 477: ...10m txt rw r r 1 505 505 0 Apr 16 2004 2 log rw r r 1 505 505 11816924 Dec 27 09 12 2neo1b 10mb rw r r 1 505 505 21354248 Dec 27 09 09 2neo2b 10mb rw r r 1 505 505 0 Dec 2 16 37 30m rw r r 1 505 505...

Страница 478: ...Prestige 661H HW Series User s Guide Appendix H VPN Setup 478 ftp 5631148 bytes sent in 614 8Seconds 9 17Kbytes sec...

Страница 479: ...Prestige 661H HW Series User s Guide 479 Appendix H VPN Setup...

Страница 480: ...s caused by telephone sets Install the POTS splitter at the point where the telephone line enters your residence as shown in the following figure Figure 305 Connecting a POTS Splitter 1 Connect the si...

Страница 481: ...microfilter 3 Connect another cable from the double jack end of the Y Connector to the Prestige 4 Connect the phone side of the microfilter to your telephone as shown in the following figure Figure 3...

Страница 482: ...Prestige 661H HW Series User s Guide Appendix I Splitters and Microfilters 482...

Страница 483: ...Prestige 661H HW Series User s Guide 483 Appendix I Splitters and Microfilters...

Страница 484: ...ity in a manner similar to dial up services using PPP Benefits of PPPoE PPPoE offers the following benefits It provides you with a familiar dial up networking DUN user interface It lessens the burden...

Страница 485: ...Access Concentrator and tunnels the PPP frames to the ISP The L2TP tunnel is capable of carrying multiple PPP sessions With PPPoE the VC Virtual Circuit is equivalent to the dial up connection and is...

Страница 486: ...Successful TELNET login Someone has logged on to the router via telnet TELNET login failed Someone has failed to log on to the router via telnet Successful FTP login Someone has logged on to the rout...

Страница 487: ...NetBIOS filter settings WAN connection is down A WAN connection is down You cannot access the network through this interface Table 167 Access Control Logs LOG MESSAGE DESCRIPTION Firewall default poli...

Страница 488: ...ut 3 minutes UDP idle timeout 3 minutes TCP connection three way handshaking timeout 270 seconds TCP FIN wait timeout 2 MSL Maximum Segment Lifetime set in the TCP header TCP idle established timeout...

Страница 489: ...an ICMP reply packet to the sender Table 171 CDR Logs LOG MESSAGE DESCRIPTION board d line d channel d call d s C01 Outgoing Call dev x ch x s The router received the setup requirements for a call ca...

Страница 490: ...et s The content filter server responded that the web site is in the blocked category list but it did not return the category type s s The content filter server responded that the web site is in the b...

Страница 491: ...The firewall detected an ICMP echo attack For type and code details see Table 182 on page 498 syn flood TCP The firewall detected a TCP syn flood attack ports scan TCP The firewall detected a TCP port...

Страница 492: ...ion failed during IKE phase 2 because the router and the peer s Local Remote Addresses don t match Verifying Local ID failed The connection failed during IKE phase 2 because the router and the peer s...

Страница 493: ...router s Remote Address This information conflicted with static rule d thus the connection is not allowed Phase 1 ID type mismatch This router s Peer ID Type is different from the peer IPSec router s...

Страница 494: ...een the router and the peer Rule d Phase 2 encapsulation mismatch The listed rule s IKE phase 2 encapsulation did not match between the router and the peer Rule d Phase 2 pfs mismatch The listed rule...

Страница 495: ...ca cert subject name The router received a certification authority certificate with subject name as recorded from the LDAP server whose IP address and port are recorded in the Source field Rcvd user...

Страница 496: ...PTION 1 Algorithm mismatch between the certificate and the search constraints 2 Key usage mismatch between the certificate and the search constraints 3 Certificate was not valid in the time interval 4...

Страница 497: ...session expired User logout because of user deassociation The router logged out a user who ended the session User logout because of no authentication response from user The router logged out a user fr...

Страница 498: ...AN Prestige ACL set for packets traveling from the WAN to the WAN or the Prestige D to D ZW DMZ to DMZ Prestige ACL set for packets traveling from the DMZ to the DM or the Prestige Table 182 ICMP Note...

Страница 499: ...P srcPort dst dstIP dstPort msg msg note note devID mac address last three numbers cat category This message is sent by the system RAS displays as the system name if you haven t configured one when th...

Страница 500: ...ory followed by a log category to display the parameters that are available for the category Figure 311 Displaying Log Parameters Example 4 Use sys logs category followed by a log category and a param...

Страница 501: ...sys logs clear command to erase all of the Prestige s logs Log Command Example This example shows how to set the Prestige to record the access logs and alerts and then view the results ras sys logs lo...

Страница 502: ...network or Independent Basic Service Set IBSS The following diagram shows an example of notebook computers using wireless adapters to form an Ad hoc wireless LAN Figure 312 Peer to Peer Communication...

Страница 503: ...his wired connection between APs is called a Distribution System DS This type of wireless LAN topology is called an Infrastructure WLAN The Access Points not only provide communication with the wired...

Страница 504: ...ially overlap however To avoid interference due to overlap your AP should be on a channel at least five channels away from a channel that an adjacent AP is using For example if your region has 11 chan...

Страница 505: ...ir transmission It also reserves and confirms with the requesting station the time frame for the requested transmission Stations can send frames smaller than the specified RTS CTS directly to the AP w...

Страница 506: ...rt long preamble However not all wireless adapters support short preamble Use long preamble if you are unsure what preamble mode the wireless adapters support to ensure interpretability between the AP...

Страница 507: ...or the wireless stations RADIUS RADIUS is based on a client server model that supports authentication authorization and accounting The access point is the client and the server is the RADIUS server Th...

Страница 508: ...his appendix discusses some popular authentication types EAP MD5 EAP TLS EAP TTLS PEAP and LEAP The type of authentication you use depends on the RADIUS server or the AP Consult your network administr...

Страница 509: ...ction thus client identity is protected For client authentication EAP TTLS supports EAP methods and legacy authentication methods such as PAP CHAP MS CHAP and MS CHAP v2 PEAP Protected EAP Like EAP TT...

Страница 510: ...named Michael an extended initialization vector IV with sequencing rules and a re keying mechanism TKIP regularly changes and rotates the encryption keys so that the same encryption key is never used...

Страница 511: ...tween the two is that WPA PSK uses a simple common password instead of user specific credentials The common password approach makes WPA PSK susceptible to brute force password guessing attacks but it...

Страница 512: ...ation number field name parameter values allowed input where input is your input conforming to parameter values allowed The figure shown next is an example of an Internal SPTGEN text file Figure 316 C...

Страница 513: ...ine Example The Prestige will display the following if you enter parameter s that are valid Figure 318 Valid Parameter Entered Command Line Example Internal SPTGEN FTP Download Example 1 Launch your F...

Страница 514: ...ternal SPTGEN FTP Upload Example Example Internal SPTGEN Screens This section covers Prestige Internal SPTGEN screens c ftp 192 168 1 1 220 PPP FTP version 1 0 ready at Sat Jan 1 03 22 12 2000 User 19...

Страница 515: ...0 No 1 Yes 0 Table 190 Menu 3 SMT Menu 3 Menu 3 1 General Ethernet Setup SMT menu 3 1 FIN FN PVA INPUT 30100001 Input Protocol filters Set 1 2 30100002 Input Protocol filters Set 2 256 30100003 Input...

Страница 516: ...y 0 30200011 Version 0 Rip 1 1 Rip 2B 2 Rip 2M 0 30200012 Multicast 0 IGMP v2 1 IGMP v1 2 None 2 30200013 IP Policies Set 1 1 12 256 30200014 IP Policies Set 2 1 12 256 30200015 IP Policies Set 3 1 12...

Страница 517: ...oth 2 In Only 3 Out Only 0 30201018 Version 0 Rip 1 1 Rip 2B 2 Rip 2M 0 30201019 IP Alias 2 Incoming protocol filters Set 1 256 30201020 IP Alias 2 Incoming protocol filters Set 2 256 30201021 IP Alia...

Страница 518: ...1 Enable 0 MENU 3 5 1 WLAN MAC ADDRESS FILTER SMT MENU 3 5 1 FIN FN PVA INPUT 30501001 Mac Filter Active 0 No 1 Yes 0 30501002 Filter Action 0 Allow 1 Deny 0 30501003 Address 1 00 00 00 00 0 0 00 305...

Страница 519: ...net mask 0 40000016 ISP incoming protocol filter set 1 6 40000017 ISP incoming protocol filter set 2 256 40000018 ISP incoming protocol filter set 3 256 40000019 ISP incoming protocol filter set 4 256...

Страница 520: ...e 0 No 1 Yes 0 Menu 12 1 2 IP Static Route Setup SMT Menu 12 1 2 FIN FN PVA INPUT 120102001 IP Static Route set 2 Name 120102002 IP Static Route set 2 Active 0 No 1 Yes 0 120102003 IP Static Route set...

Страница 521: ...on IP subnetmask 0 120105005 IP Static Route set 5 Gateway 0 0 0 0 120105006 IP Static Route set 5 Metric 0 120105007 IP Static Route set 5 Private 0 No 1 Yes 0 Menu 12 1 6 IP Static Route Setup SMT M...

Страница 522: ...3 IP Static Route set 9 Destination IP address 0 0 0 0 120109004 IP Static Route set 9 Destination IP subnetmask 0 120109005 IP Static Route set 9 Gateway 0 0 0 0 120109006 IP Static Route set 9 Metri...

Страница 523: ...FN PVA INPUT 120113001 IP Static Route set 13 Name Str 120113002 IP Static Route set 13 Active 0 No 1 Yes 0 120113003 IP Static Route set 13 Destination IP address 0 0 0 0 120113004 IP Static Route s...

Страница 524: ...sk 0 120116005 IP Static Route set 16 Gateway 0 0 0 0 120116006 IP Static Route set 16 Metric 0 120116007 IP Static Route set 16 Private 0 No 1 Yes 0 Table 192 Menu 12 SMT Menu 12 continued Table 193...

Страница 525: ...All 6 TCP 17 U DP 0 0 0 0 150000029 SUA Server 7 Port Start 0 150000030 SUA Server 7 Port End 0 150000031 SUA Server 7 Local IP address 0 0 0 0 150000032 SUA Server 8 Active 0 No 1 Yes 0 150000033 SUA...

Страница 526: ...u 21 1 1 1 set 1 rule 1 SMT Menu 21 1 1 1 FIN FN PVA INPUT 210101001 IP Filter Set 1 Rule 1 Type 2 TCP IP 2 210101002 IP Filter Set 1 Rule 1 Active 0 No 1 Yes 1 210101003 IP Filter Set 1 Rule 1 Protoc...

Страница 527: ...not equal 3 less 4 greater 0 210102013 IP Filter Set 1 Rule 2 Act Match 1 check next 2 forward 3 drop 3 210102014 IP Filter Set 1 Rule 2 Act Not Match 1 check next 2 forward 3 drop 1 Menu 21 1 1 3 set...

Страница 528: ...ess 0 0 0 0 210104009 IP Filter Set 1 Rule 4 Src Subnet Mask 0 210104010 IP Filter Set 1 Rule 4 Src Port 0 210104011 IP Filter Set 1 Rule 4 Src Port Comp 0 none 1 equal 2 not equal 3 less 4 greater 0...

Страница 529: ...ilter Set 1 Rule 6 Dest IP address 0 0 0 0 210106005 IP Filter Set 1 Rule 6 Dest Subnet Mask 0 210106006 IP Filter Set 1 Rule 6 Dest Port 139 210106007 IP Filter Set 1 Rule 6 Dest Port Comp 0 none 1 e...

Страница 530: ...ilter Set 2 Rule 1 Src Port 0 210201011 IP Filter Set 2 Rule 1 Src Port Comp 0 none 1 equal 2 not equal 3 less 4 gr eater 0 210201013 IP Filter Set 2 Rule 1 Act Match 1 check next 2 forward 3 drop 3 2...

Страница 531: ...210203004 IP Filter Set 2 Rule 3 Dest IP address 0 0 0 0 210203005 IP Filter Set 2 Rule 3 Dest Subnet Mask 0 210203006 IP Filter Set 2 Rule 3 Dest Port 139 210203007 IP Filter Set 2 Rule 3 Dest Port...

Страница 532: ...4 gr eater 0 210204013 IP Filter Set 2 Rule 4 Act Match 1 check next 2 forward 3 drop 3 210204014 IP Filter Set 2 Rule 4 Act Not Match 1 check next 2 forward 3 drop 1 Menu 21 1 2 5 Filter set 2 rule...

Страница 533: ...Mask 0 210206006 IP Filter Set 2 Rule 6 Dest Port 139 210206007 IP Filter Set 2 Rule 6 Dest Port Comp 0 none 1 equal 2 not equal 3 less 4 gr eater 1 210206008 IP Filter Set 2 Rule 6 Src IP address 0 0...

Страница 534: ...1111 230200006 Accounting Server Configured 0 No 1 Yes 1 230200007 Accounting Server Active 0 No 1 Yes 1 230200008 Accounting Server IP Address 192 168 1 44 230200009 Accounting Server Port 1823 23020...

Страница 535: ...Menu 24 11 Remote Management Control SMT Menu 24 11 FIN FN PVA INPUT 241100001 TELNET Server Port 23 241100002 TELNET Server Access 0 all 1 none 2 L an 3 Wan 0 241100003 TELNET Server Secured IP addr...

Страница 536: ...Prestige 661H HW Series User s Guide Appendix M Internal SPTGEN 536 FIN FN PVA INPUT 990000001 ADSL OPMD 0 etsi 1 normal 2 gdmt 3 multimo de 3 Table 198 Command Examples continued FIN FN PVA INPUT...

Страница 537: ...Prestige 661H HW Series User s Guide 537 Appendix M Internal SPTGEN...

Страница 538: ...databases 352 Authentication Header 176 Authentication protocol 297 Authority 3 auto negotiation 43 AWG 4 B Backup 365 Backup Typ 112 Bandwidth Borrowing 233 bandwidth budget 228 bandwidth capacity 22...

Страница 539: ...4 Copyright 2 Correcting Interference 3 Corrosive Liquids 4 Cost Of Transmission 299 306 Country Code 357 Covers 4 CPU Load 356 CTS Clear to Send 505 Custom Ports Creating Editing 153 Customer Support...

Страница 540: ...nded Service Set 503 F Failure 5 Fairness based Scheduler 231 FCC 3 Compliance 3 Rules Part 15 3 FCC Rules 3 Federal Communications Commission 3 Filename Conventions 364 filename conventions 365 Filte...

Страница 541: ...8 Independent Basic Service Set 502 Indirect Damages 5 initialization vector IV 510 Inside Header 173 Install UPnP 210 Windows Me 210 Windows XP 212 Insurance 5 Integrated Services Digital Network 42...

Страница 542: ...Rule Summary 148 Local User Database 352 Local user database 96 Log and Trace 358 Log Facility 359 Logging Option 336 339 Logical networks 288 Login 296 Logs 222 M MAC Media Access Control 258 MAC Me...

Страница 543: ...Packet Error 355 Received 355 Transmitted 355 Packet Filtering 141 Packet filtering When to use 141 Packet Filtering Firewalls 130 Packet Triggered 360 Packets 355 Pairwise Master Key PMK 510 PAP 297...

Страница 544: ...red 2 Registered Trademark 2 Regular Mail 6 reinitialize the ADSL line 262 Related Documentation 38 Relocate 3 Re manufactured 5 Remote DHCP Server 282 Remote Management Firewall 328 Remote Management...

Страница 545: ...98 349 Shipping 5 Shock Electric 4 SMT Menu Overview 267 SMTP 119 SMTP Error Messages 225 Smurf 134 135 SNMP 119 Community 346 Configuration 345 Get 345 GetNext 345 Manager 344 MIBs 345 Set 345 Trap 3...

Страница 546: ...136 Trademark 2 Trademark Owners 2 Trademarks 2 Traffic Redirect 110 111 Setup 277 Traffic redirect 110 traffic redirect 44 Traffic shaping 105 Translation 2 Transmission Rates 43 Transport Mode 173 T...

Страница 547: ...ng 84 Wireless LAN MAC Address Filtering 46 Wireless LAN Setup 284 Wireless port control 91 351 Wireless security 82 Wizard Setup 69 WLAN Interference 504 Security parameters 511 Workmanship 5 Worldwi...

Отзывы:

Нет отзывов