User ManualTable of ContentsPrestige 2602H Series1Prestige 2602HW Series1Copyright3Federal Communications Commission (FCC) Interference Statement4Safety Warnings6ZyXEL Limited Warranty7Customer Support8Table of Contents11List of Figures29List of Tables37Preface43Introduction to DSL45Getting To Know Your Prestige471.1 Introducing the Prestige471.1.1 Features of the Prestige481.1.1.1 P2602HW Wireless Features521.2 Applications for the Prestige531.2.1 Internet Access531.2.1.1 Internet Single User Account541.2.2 Making Calls via Internet Telephony Service Provider541.2.3 Make Peer-to-peer Calls541.2.4 Firewall for Secure Broadband Internet Access551.2.5 LAN to LAN Application551.2.6 Front Panel LEDs56Introducing the Web Configurator592.1 Web Configurator Overview592.1.1 Accessing the Prestige Web Configurator592.1.2 Resetting the Prestige602.1.2.1 Using The Reset Button602.1.3 Navigating the Prestige Web Configurator61Wizard Setup653.1 Wizard Setup Introduction653.1.1 Wizard Setup: First Screen653.1.2 Wizard Setup: Second Screen663.1.3 Wizard Setup: Third Screen703.1.4 Internet Access Wizard Setup: Fourth Screen723.1.5 Wizard Setup: Connection Test743.1.5.1 Test Your Internet Connection753.2 Media Bandwidth Management Wizard753.2.1 Predefined Media Bandwidth Management Services763.2.2 Media Bandwidth Management Setup: First Screen763.2.3 Media Bandwidth Mgnt. Wizard Setup: Second Screen773.2.4 Media Bandwidth Mgnt. Wizard Setup: Finish783.3 Password Setup793.3.1 Configuring Password79LAN Setup814.1 LAN Overview814.1.1 LANs, WANs and the Prestige814.1.2 DHCP Setup814.1.2.1 IP Pool Setup824.2 DNS Server Address824.3 DNS Server Address Assignment824.4 LAN TCP/IP834.4.1 Factory LAN Defaults834.5 LAN TCP/IP834.5.1 IP Address and Subnet Mask834.5.1.1 Private IP Addresses844.5.2 RIP Setup844.5.3 Multicast854.6 Any IP854.6.1 How Any IP Works864.7 Configuring LAN874.8 Configuring Static DHCP89Wireless LAN (P2602HW Models)915.1 Introduction915.2 Wireless Security Overview915.2.1 Encryption915.2.2 Authentication915.2.3 Restricted Access925.2.4 Hide Prestige Identity925.2.5 Configuring Wireless LAN on the Prestige925.3 Configuring the Wireless Screen935.3.1 WEP Encryption935.4 Configuring MAC Filters955.5 Introduction to WPA975.5.1 WPA-PSK Application Example975.5.2 WPA with RADIUS Application Example985.5.3 Wireless Client WPA Supplicants995.6 Configuring IEEE 802.1x and WPA995.6.1 Authentication Required: 802.1x1005.6.2 Authentication Required: WPA1025.6.3 Authentication Required: WPA-PSK1045.7 Configuring Local User Authentication1055.8 Configuring RADIUS106WAN Setup1096.1 WAN Overview1096.1.1 Encapsulation1096.1.1.1 ENET ENCAP1096.1.1.2 PPP over Ethernet1096.1.1.3 PPPoA1096.1.1.4 RFC 14831106.1.2 Multiplexing1106.1.2.1 VC-based Multiplexing1106.1.2.2 LLC-based Multiplexing1106.1.3 VPI and VCI1106.1.4 IP Address Assignment1106.1.4.1 IP Assignment with PPPoA or PPPoE Encapsulation1106.1.4.2 IP Assignment with RFC 1483 Encapsulation1116.1.4.3 IP Assignment with ENET ENCAP Encapsulation1116.1.5 Nailed-Up Connection (PPP)1116.2 Metric1116.3 PPPoE Encapsulation1126.4 Traffic Shaping1126.5 Zero Configuration Internet Access1136.6 Configuring WAN Setup1136.7 Traffic Redirect1166.8 Configuring WAN Backup117Network Address Translation (NAT) Screens1217.1 NAT Overview1217.1.1 NAT Definitions1217.1.2 What NAT Does1227.1.3 How NAT Works1227.1.4 NAT Application1237.1.5 NAT Mapping Types1237.2 SUA (Single User Account) Versus NAT1247.3 SUA Server1257.3.1 Default Server IP Address1257.3.2 Port Forwarding: Services and Port Numbers1257.3.3 Configuring Servers Behind SUA (Example)1267.4 Selecting the NAT Mode1267.5 Configuring SUA Server1277.6 Configuring Address Mapping1297.7 Editing an Address Mapping Rule130Introduction to VoIP1338.1 Introduction to VoIP1338.2 SIP1338.2.1 SIP Identities1338.2.1.1 SIP Number1338.2.1.2 SIP Service Domain1348.2.2 SIP Call Progression1348.2.3 SIP Servers1348.2.3.1 SIP User Agent1358.2.3.2 SIP Proxy Server1358.2.3.3 SIP Redirect Server1368.2.3.4 SIP Register Server1378.2.4 RTP1378.3 SIP ALG1378.4 Pulse Code Modulation1378.5 Voice Coding1388.5.1 G.7111388.5.2 G.7291388.6 PSTN Call Setup Signaling1388.7 MWI (Message Waiting Indication)138Voice Screens1399.1 Voice Screens Introduction1399.2 SIP Settings Configuration1399.3 Advanced Voice Settings Configuration1409.4 Quality of Service (QoS)1439.4.1 Type Of Service (ToS)1439.4.2 DiffServ1439.4.2.1 DSCP and Per-Hop Behavior1439.4.3 VLAN1439.5 QoS Configuration1449.6 Phone1459.6.1 Voice Activity Detection/Silence Suppression1459.6.2 Comfort Noise Generation1459.6.3 Echo Cancellation1459.7 Phone Configuration1459.8 Speed Dial1479.8.1 Peer-to-Peer Calls1479.9 Speed Dial Configuration1479.10 Lifeline (Prestige 2602HL/HWL)1499.11 Lifeline Configuration (Prestige 2602HL/HWL)1499.12 Supplementary Phone Services Overview1509.12.1 The Flash Key1519.12.2 Europe Type Supplementary Phone Services1519.12.2.1 European Call Hold1519.12.2.2 European Call Waiting1529.12.2.3 European Call Transfer1529.12.2.4 European Three-Way Conference1529.12.3 USA Type Supplementary Services1539.12.3.1 USA Call Hold1539.12.3.2 USA Call Waiting1539.12.3.3 USA Call Transfer1539.12.3.4 USA Three-Way Conference1539.13 Common Phone Port Configuration1549.14 Call Forward Configuration155Phone Usage15910.1 Dialing a Telephone Number15910.2 Using Speed Dial to Dial a Telephone Number15910.3 Internal Calls15910.4 Checking the Prestige’s IP Address15910.5 Auto Firmware Upgrade160Dynamic DNS Setup16111.1 Dynamic DNS16111.1.1 DYNDNS Wildcard16111.2 Configuring Dynamic DNS161Time and Date16312.1 Pre-defined NTP Time Servers List16312.2 Configuring Time and Date163Firewalls16713.1 Firewall Overview16713.2 Types of Firewalls16713.2.1 Packet Filtering Firewalls16713.2.2 Application-level Firewalls16713.2.3 Stateful Inspection Firewalls16813.3 Introduction to ZyXEL’s Firewall16813.3.1 Denial of Service Attacks16913.4 Denial of Service16913.4.1 Basics16913.4.2 Types of DoS Attacks17013.4.2.1 ICMP Vulnerability17213.4.2.2 Illegal Commands (NetBIOS and SMTP)17213.4.2.3 Traceroute17313.5 Stateful Inspection17313.5.1 Stateful Inspection Process17413.5.2 Stateful Inspection and the Prestige17513.5.3 TCP Security17513.5.4 UDP/ICMP Security17613.5.5 Upper Layer Protocols17613.6 Guidelines for Enhancing Security with Your Firewall17613.6.1 Security In General17713.7 Packet Filtering Vs Firewall17813.7.1 Packet Filtering:17813.7.1.1 When To Use Filtering17813.7.2 Firewall17813.7.2.1 When To Use The Firewall178Firewall Configuration18114.1 Access Methods18114.2 Firewall Policies Overview18114.3 Rule Logic Overview18214.3.1 Rule Checklist18214.3.2 Security Ramifications18214.3.3 Key Fields For Configuring Rules18314.3.3.1 Action18314.3.3.2 Service18314.3.3.3 Source Address18314.3.3.4 Destination Address18314.4 Connection Direction Example18314.4.1 LAN to WAN Rules18414.4.2 WAN to LAN Rules18414.4.3 Alerts18514.5 Configuring Basic Firewall Settings18514.6 Rule Summary18614.6.1 Configuring Firewall Rules18814.7 Customized Services19114.8 Creating/Editing A Customized Service19114.9 Example Firewall Rule19214.10 Predefined Services19614.11 Anti-Probing19814.12 DoS Thresholds19914.12.1 Threshold Values20014.12.2 Half-Open Sessions20014.12.2.1 TCP Maximum Incomplete and Blocking Time200Content Filtering20315.1 Content Filtering Overview20315.2 Configuring Keyword Blocking20315.3 Configuring the Schedule20415.4 Configuring Trusted Computers205Introduction to IPSec20716.1 VPN Overview20716.1.1 IPSec20716.1.2 Security Association20716.1.3 Other Terminology20716.1.3.1 Encryption20716.1.3.2 Data Confidentiality20816.1.3.3 Data Integrity20816.1.3.4 Data Origin Authentication20816.1.4 VPN Applications20816.2 IPSec Architecture20916.2.1 IPSec Algorithms20916.2.2 Key Management20916.3 Encapsulation20916.3.1 Transport Mode21016.3.2 Tunnel Mode21016.4 IPSec and NAT210VPN Screens21317.1 VPN/IPSec Overview21317.2 IPSec Algorithms21317.2.1 AH (Authentication Header) Protocol21317.2.2 ESP (Encapsulating Security Payload) Protocol21417.3 My IP Address21417.4 Secure Gateway Address21517.4.1 Dynamic Secure Gateway Address21517.5 VPN Summary Screen21517.6 Keep Alive21717.7 Remote DNS Server21717.8 NAT Traversal21817.8.1 NAT Traversal Configuration21917.9 ID Type and Content21917.9.1 ID Type and Content Examples22017.10 Pre-Shared Key22117.11 Editing VPN Policies22117.12 IKE Phases22617.12.1 Negotiation Mode22817.12.2 Diffie-Hellman (DH) Key Groups22817.12.3 Perfect Forward Secrecy (PFS)22817.13 Configuring Advanced IKE Settings22817.14 Manual Key Setup23117.14.1 Security Parameter Index (SPI)23117.15 Configuring Manual Key23217.16 Viewing SA Monitor23517.17 Configuring Global Setting23717.18 Telecommuter VPN/IPSec Examples23717.18.1 Telecommuters Sharing One VPN Rule Example23717.18.2 Telecommuters Using Unique VPN Rules Example23817.19 VPN and Remote Management240Remote Management Configuration24118.1 Remote Management Overview24118.1.1 Remote Management Limitations24118.1.2 Remote Management and NAT24218.1.3 System Timeout24218.2 Telnet24218.3 FTP24218.4 Web24318.5 Configuring Remote Management243Universal Plug-and-Play (UPnP)24519.1 Introducing Universal Plug and Play24519.1.1 How do I know if I'm using UPnP?24519.1.2 NAT Traversal24519.1.3 Cautions with UPnP24519.2 UPnP and ZyXEL24619.2.1 Configuring UPnP24619.3 Installing UPnP in Windows Example24719.4 Using UPnP in Windows XP Example251Logs Screens25920.1 Logs Overview25920.1.1 Alerts and Logs25920.2 Configuring Log Settings25920.3 Displaying the Logs26220.4 SMTP Error Messages26220.4.1 Example E-mail Log263Media Bandwidth Management Advanced Setup26521.1 Bandwidth Management Advanced Setup Overview26521.2 Bandwidth Classes and Filters26521.3 Proportional Bandwidth Allocation26621.4 Bandwidth Management Usage Examples26621.4.1 Application-based Bandwidth Management Example26621.4.2 Subnet-based Bandwidth Management Example26621.4.3 Application and Subnet-based Bandwidth Management Example26721.5 Scheduler26821.5.1 Priority-based Scheduler26821.5.2 Fairness-based Scheduler26821.6 Maximize Bandwidth Usage26821.6.1 Reserving Bandwidth for Non-Bandwidth Class Traffic26821.6.2 Maximize Bandwidth Usage Example26921.7 Bandwidth Borrowing27021.7.1 Bandwidth Borrowing Example27021.7.2 Maximize Bandwidth Usage With Bandwidth Borrowing27121.8 Configuring Summary27121.9 Configuring Class Setup27321.9.1 Media Bandwidth Management Class Configuration27421.9.2 Media Bandwidth Management Statistics27621.10 Bandwidth Monitor277Maintenance27922.1 Maintenance Overview27922.2 System Status Screen27922.2.1 System Statistics28222.3 DHCP Table Screen28322.4 Any IP Table Screen28422.5 Wireless Screen28522.5.1 Association List28522.6 Diagnostic Screens28622.6.1 Diagnostic General Screen28622.6.2 Diagnostic DSL Line Screen28622.7 Firmware Screen288Introducing the SMT29123.1 Introduction to the SMT29123.1.1 Procedure for SMT Configuration via Telnet29123.1.2 Entering Password29123.2 Navigating the SMT Interface29223.2.1 System Management Terminal Interface Summary29323.2.2 SMT Menus Overview29423.3 Changing the System Password295Menu 1 General Setup29724.1 General Setup29724.2 Procedure To Configure Menu 129724.2.1 Procedure to Configure Dynamic DNS298Menu 2 WAN Backup Setup30125.1 Introduction to WAN Backup Setup30125.2 Configuring WAN Backup in Menu 230125.2.1 Traffic Redirect Setup302Menu 3 LAN Setup30526.1 LAN Setup30526.1.1 General Ethernet Setup30526.2 Protocol Dependent Ethernet Setup30526.3 TCP/IP Ethernet Setup and DHCP306Wireless LAN Setup30927.1 Wireless LAN Overview30927.2 Wireless LAN Setup30927.2.1 Wireless LAN MAC Address Filter310Internet Access31328.1 Internet Access Overview31328.2 IP Policies31328.3 IP Alias31328.4 IP Alias Setup31428.5 Route IP Setup31528.6 Internet Access Configuration316Remote Node Configuration31929.1 Remote Node Setup Overview31929.2 Remote Node Setup31929.2.1 Remote Node Profile31929.2.2 Encapsulation and Multiplexing Scenarios32029.2.2.1 Scenario 1: One VC, Multiple Protocols32029.2.2.2 Scenario 2: One VC, One Protocol (IP)32029.2.2.3 Scenario 3: Multiple VCs32029.2.3 Outgoing Authentication Protocol32229.3 Remote Node Network Layer Options32329.3.1 My WAN Addr Sample IP Addresses32429.4 Remote Node Filter32529.5 Editing ATM Layer Options32629.5.1 VC-based Multiplexing (non-PPP Encapsulation)32629.5.2 LLC-based Multiplexing or PPP Encapsulation32729.5.3 Advance Setup Options327Static Route Setup32930.1 IP Static Route Overview32930.2 Configuration329Bridging Setup33331.1 Bridging in General33331.2 Bridge Ethernet Setup33331.2.1 Remote Node Bridging Setup33331.2.2 Bridge Static Route Setup335Network Address Translation (NAT)33732.1 Using NAT33732.1.1 SUA (Single User Account) Versus NAT33732.2 Applying NAT33732.3 NAT Setup33932.3.1 Address Mapping Sets33932.3.1.1 SUA Address Mapping Set34032.3.1.2 User-Defined Address Mapping Sets34132.3.1.3 Ordering Your Rules34132.4 Configuring a Server Behind NAT34332.5 General NAT Examples34432.5.1 Example 1: Internet Access Only34532.5.2 Example 2: Internet Access with an Inside Server34532.5.3 Example 3: Multiple Public IP Addresses With Inside Servers34632.5.4 Example 4: NAT Unfriendly Application Programs350Enabling the Firewall35333.1 Remote Management and the Firewall35333.2 Access Methods35333.3 Enabling the Firewall353Filter Configuration35534.1 About Filtering35534.1.1 The Filter Structure of the Prestige35634.2 Configuring a Filter Set for the Prestige35734.3 Filter Rules Summary Menus35834.4 Configuring a Filter Rule35934.4.1 TCP/IP Filter Rule36034.4.2 Generic Filter Rule36234.5 Filter Types and NAT36434.6 Example Filter36434.7 Applying Filters and Factory Defaults36634.7.1 Ethernet Traffic36734.7.2 Remote Node Filters367SNMP Configuration36935.1 About SNMP36935.2 Supported MIBs37035.3 SNMP Configuration37035.4 SNMP Traps371System Security37336.1 System Security37336.1.1 System Password37336.1.2 Configuring External RADIUS Server37336.1.3 IEEE802.1x37536.2 Creating User Accounts on the Prestige377System Information and Diagnosis37937.1 Overview37937.2 System Status37937.3 System Information38137.3.1 System Information38137.3.2 Console Port Speed38237.4 Log and Trace38337.4.1 Viewing Error Log38337.4.2 Syslog and Accounting38437.5 Diagnostic386Firmware and Configuration File Maintenance38938.1 Filename Conventions38938.2 Backup Configuration39038.2.1 Backup Configuration39038.2.2 Using the FTP Command from the Command Line39138.2.3 Example of FTP Commands from the Command Line39138.2.4 GUI-based FTP Clients39238.2.5 TFTP and FTP over WAN Management Limitations39238.2.6 Backup Configuration Using TFTP39338.2.7 TFTP Command Example39338.2.8 GUI-based TFTP Clients39338.3 Restore Configuration39438.3.1 Restore Using FTP39438.3.2 Restore Using FTP Session Example39538.4 Uploading Firmware and Configuration Files39638.4.1 Firmware File Upload39638.4.2 Configuration File Upload39638.4.3 FTP File Upload Command from the DOS Prompt Example39738.4.4 FTP Session Example of Firmware File Upload39838.4.5 TFTP File Upload39838.4.6 TFTP Upload Command Example399System Maintenance40139.1 Command Interpreter Mode40139.2 Call Control Support40239.2.1 Budget Management40239.3 Time and Date Setting40339.3.1 Resetting the Time404Remote Management40740.1 Remote Management Overview40740.2 Remote Management40740.2.1 Remote Management Setup40740.2.2 Remote Management Limitations40840.3 Remote Management and NAT40940.4 System Timeout409IP Policy Routing41141.1 IP Policy Routing Overview41141.2 Benefits of IP Policy Routing41141.3 Routing Policy41141.4 IP Routing Policy Setup41241.5 Applying an IP Policy41541.5.1 Ethernet IP Policies41541.6 IP Policy Routing Example416Call Scheduling41942.1 Introduction419VPN/IPSec Setup42343.1 VPN/IPSec Overview42343.2 IPSec Summary Screen42443.3 IPSec Setup42643.4 IKE Setup43043.5 Manual Setup43243.5.1 Active Protocol43243.5.2 Security Parameter Index (SPI)432SA Monitor43544.1 SA Monitor Overview43544.2 Using SA Monitor435Troubleshooting43945.1 Problems Starting Up the Prestige43945.2 Problems with the LAN43945.3 Problems with the WAN44045.4 Problems Accessing the Prestige44145.4.1 Pop-up Windows, JavaScripts and Java Permissions44145.4.1.1 Internet Explorer Pop-up Blockers44245.4.1.2 JavaScripts44545.4.1.3 Java Permissions44745.5 Telephone Problems449Product Specifications451Setting up Your Computer’s IP Address457IP Subnetting469PPPoE477Wireless LANs479Triangle Route489Internal SPTGEN493Command Interpreter519Firewall Commands521Boot Commands523Log Descriptions525Index537Numerics537A537B537C538D539E539F540G541H541I541J542K542L542M543N543O544P544Q545R545S546T548U549V549W549Z550Size: 12.6 MBPages: 550Language: EnglishOpen manual