User ManualTable of ContentsPrestige 2602HW Series1Copyright3Federal Communications Commission (FCC) Interference Statement4Safety Warnings5ZyXEL Limited Warranty6Customer Support7Table of Contents9List of Figures27List of Tables35Preface41Introduction to DSL43Getting To Know Your Prestige451.1 Introducing the Prestige451.2 Prestige 2602HW-L with Lifeline461.3 Features of the Prestige461.4 Applications for the Prestige531.4.1 Internet Access531.4.2 Making Calls via Internet Telephony Service Provider541.4.3 Firewall for Secure Broadband Internet Access551.4.4 LAN to LAN Application551.5 Prestige Hardware Installation and Connection56Introducing the Web Configurator572.1 Web Configurator Overview572.1.1 Accessing the Prestige Web Configurator572.1.2 Resetting the Prestige582.1.2.1 Using The Reset Button582.1.3 Navigating the Prestige Web Configurator58Wizard Setup633.1 Wizard Setup Introduction633.1.1 Encapsulation633.1.1.1 ENET ENCAP633.1.1.2 PPP over Ethernet633.1.1.3 PPPoA633.1.1.4 RFC 1483643.1.2 Multiplexing643.1.2.1 VC-based Multiplexing643.1.2.2 LLC-based Multiplexing643.1.3 VPI and VCI643.1.4 Internet Access Wizard Setup: First Screen643.2 IP Address and Subnet Mask653.2.1 IP Address Assignment663.2.1.1 IP Assignment with PPPoA or PPPoE Encapsulation663.2.1.2 IP Assignment with RFC 1483 Encapsulation663.2.1.3 IP Assignment with ENET ENCAP Encapsulation663.2.1.4 Private IP Addresses673.2.2 Nailed-Up Connection (PPP)673.2.3 NAT673.2.4 Internet Access Wizard Setup: Second Screen673.2.5 SIP Identities713.2.5.1 SIP Number713.2.5.2 SIP Service Domain713.2.6 Internet Access Wizard Setup: Third Screen713.2.7 DHCP Setup733.2.7.1 IP Pool Setup733.2.8 Internet Access Wizard Setup: Fourth Screen733.2.9 Internet Access Wizard Setup: Connection Test753.2.9.1 Test Your Internet Connection76Password Setup774.1 Password Overview774.1.1 Configuring Password77LAN Setup795.1 LAN Overview795.1.1 LANs, WANs and the Prestige795.2 DNS Server Address805.3 DNS Server Address Assignment805.4 LAN TCP/IP815.4.1 Factory LAN Defaults815.4.2 IP Address and Subnet Mask815.4.3 RIP Setup815.4.4 Multicast825.5 Any IP825.5.1 How Any IP Works835.6 Configuring LAN845.7 Configuring Static DHCP85Wireless LAN Setup876.1 Wireless LAN Introduction876.1.1 Additional Installation Requirements for Using IEEE 802.1x876.1.2 Channel876.1.3 ESS ID876.1.4 RTS/CTS886.1.5 Fragmentation Threshold896.2 Levels of Security896.3 Data Encryption with WEP906.4 Configuring Wireless LAN906.5 Configuring MAC Filter926.6 Network Authentication946.6.1 EAP946.6.1.1 RADIUS946.6.1.2 Types of RADIUS Messages946.6.2 EAP Authentication Overview956.7 Introduction to WPA966.7.1 User Authentication966.7.2 Encryption966.8 WPA-PSK Application Example976.9 WPA with RADIUS Application Example976.10 Security Parameters Summary986.11 Wireless Client WPA Supplicants996.12 Configuring 802.1x and WPA996.12.1 Authentication Required: 802.1x1006.12.2 Authentication Required: WPA1026.12.3 Authentication Required: WPA-PSK1036.13 Configuring Local User Authentication1056.14 Configuring RADIUS106WAN Setup1097.1 WAN Overview1097.2 Metric1097.3 PPPoE Encapsulation1107.4 Traffic Shaping1107.5 Zero Configuration Internet Access1117.6 Configuring WAN Setup1117.7 Traffic Redirect1147.8 Configuring WAN Backup115Network Address Translation (NAT) Screens1198.1 NAT Overview1198.1.1 NAT Definitions1198.1.2 What NAT Does1208.1.3 How NAT Works1208.1.4 NAT Application1218.1.5 NAT Mapping Types1218.2 SUA (Single User Account) Versus NAT1228.3 SUA Server1238.3.1 Default Server IP Address1238.3.2 Port Forwarding: Services and Port Numbers1238.3.3 Configuring Servers Behind SUA (Example)1248.4 Selecting the NAT Mode1248.5 Configuring SUA Server1258.6 Configuring Address Mapping1278.7 Editing an Address Mapping Rule128Introduction to VoIP1319.1 Introduction to VoIP1319.2 SIP1319.2.1 SIP Identities1319.2.1.1 SIP Number1319.2.1.2 SIP Service Domain1329.2.2 SIP Call Progression1329.2.3 SIP Servers1329.2.3.1 SIP User Agent Server1339.2.3.2 SIP Proxy Server1339.2.3.3 SIP Redirect Server1349.2.3.4 SIP Register Server1359.2.4 RTP1359.3 SIP ALG1359.4 Pulse Code Modulation1359.5 Voice Coding1369.5.1 G.7111369.5.2 G.7291369.6 PSTN Call Setup Signaling136Voice Screens13710.1 Voice Screens Introduction13710.2 SIP Settings Configuration13710.3 Advanced Voice Settings Configuration13810.4 Quality of Service (QoS)14010.4.1 Type Of Service (ToS)14010.4.2 DiffServ14110.4.2.1 DSCP and Per-Hop Behavior14110.4.3 VLAN14110.5 QoS Configuration14110.6 Phone14210.6.1 Voice Activity Detection/Silence Suppression14310.6.2 Comfort Noise Generation14310.6.3 Echo Cancellation14310.7 Phone Configuration14310.8 Speed Dial14410.8.1 Peer-to-Peer Calls14410.9 Speed Dial Configuration14510.10 Lifeline (Prestige 2602HW-L)14610.11 Lifeline Configuration (Prestige 2602HW-L)14610.12 Common Phone Port Configuration147Dynamic DNS Setup14911.1 Dynamic DNS14911.1.1 DYNDNS Wildcard14911.2 Configuring Dynamic DNS149Time and Date15112.1 Pre-defined NTP Time Servers List15112.2 Configuring Time and Date151Firewalls15513.1 Firewall Overview15513.2 Types of Firewalls15513.2.1 Packet Filtering Firewalls15513.2.2 Application-level Firewalls15513.2.3 Stateful Inspection Firewalls15613.3 Introduction to ZyXEL’s Firewall15613.3.1 Denial of Service Attacks15713.4 Denial of Service15713.4.1 Basics15713.4.2 Types of DoS Attacks15813.4.2.1 ICMP Vulnerability16013.4.2.2 Illegal Commands (NetBIOS and SMTP)16013.4.2.3 Traceroute16113.5 Stateful Inspection16113.5.1 Stateful Inspection Process16213.5.2 Stateful Inspection and the Prestige16313.5.3 TCP Security16313.5.4 UDP/ICMP Security16413.5.5 Upper Layer Protocols16413.6 Guidelines for Enhancing Security with Your Firewall16413.6.1 Security In General16513.7 Packet Filtering Vs Firewall16613.7.1 Packet Filtering:16613.7.1.1 When To Use Filtering16613.7.2 Firewall16613.7.2.1 When To Use The Firewall166Firewall Configuration16914.1 Access Methods16914.2 Firewall Policies Overview16914.3 Rule Logic Overview17014.3.1 Rule Checklist17014.3.2 Security Ramifications17014.3.3 Key Fields For Configuring Rules17114.3.3.1 Action17114.3.3.2 Service17114.3.3.3 Source Address17114.3.3.4 Destination Address17114.4 Connection Direction Example17114.4.1 LAN to WAN Rules17214.4.2 WAN to LAN Rules17214.4.3 Alerts17314.5 Configuring Basic Firewall Settings17314.6 Rule Summary17414.6.1 Configuring Firewall Rules17614.7 Customized Services17914.8 Creating/Editing A Customized Service17914.9 Example Firewall Rule18014.10 Predefined Services18414.11 Anti-Probing18614.12 DOS Thresholds18714.12.1 Threshold Values18814.12.2 Half-Open Sessions18814.12.2.1 TCP Maximum Incomplete and Blocking Time188Content Filtering19115.1 Content Filtering Overview19115.2 Configuring Keyword Blocking19115.3 Configuring the Schedule19215.4 Configuring Trusted Computers193Introduction to IPSec19516.1 VPN Overview19516.1.1 IPSec19516.1.2 Security Association19516.1.3 Other Terminology19516.1.3.1 Encryption19516.1.3.2 Data Confidentiality19616.1.3.3 Data Integrity19616.1.3.4 Data Origin Authentication19616.1.4 VPN Applications19616.2 IPSec Architecture19716.2.1 IPSec Algorithms19716.2.2 Key Management19716.3 Encapsulation19716.3.1 Transport Mode19816.3.2 Tunnel Mode19816.4 IPSec and NAT198VPN Screens20117.1 VPN/IPSec Overview20117.2 IPSec Algorithms20117.2.1 AH (Authentication Header) Protocol20117.2.2 ESP (Encapsulating Security Payload) Protocol20217.3 My IP Address20217.4 Secure Gateway Address20317.4.1 Dynamic Secure Gateway Address20317.5 VPN Summary Screen20317.6 Keep Alive20517.7 Remote DNS Server20517.8 NAT Traversal20617.8.1 NAT Traversal Configuration20717.9 ID Type and Content20717.9.1 ID Type and Content Examples20817.10 Pre-Shared Key20917.11 Editing VPN Policies20917.12 IKE Phases21417.12.1 Negotiation Mode21617.12.2 Diffie-Hellman (DH) Key Groups21617.12.3 Perfect Forward Secrecy (PFS)21617.13 Configuring Advanced IKE Settings21617.14 Manual Key Setup21917.14.1 Security Parameter Index (SPI)21917.15 Configuring Manual Key22017.16 Viewing SA Monitor22317.17 Configuring Global Setting22517.18 Telecommuter VPN/IPSec Examples22517.18.1 Telecommuters Sharing One VPN Rule Example22517.18.2 Telecommuters Using Unique VPN Rules Example22617.19 VPN and Remote Management228Remote Management Configuration22918.1 Remote Management Overview22918.1.1 Remote Management Limitations22918.1.2 Remote Management and NAT23018.1.3 System Timeout23018.2 Telnet23018.3 FTP23018.4 Web23118.5 Configuring Remote Management231Universal Plug-and-Play (UPnP)23319.1 Introducing Universal Plug and Play23319.1.1 How do I know if I'm using UPnP?23319.1.2 NAT Traversal23319.1.3 Cautions with UPnP23319.2 UPnP and ZyXEL23419.2.1 Configuring UPnP23419.3 Installing UPnP in Windows Example23519.4 Using UPnP in Windows XP Example239Logs Screens24720.1 Logs Overview24720.1.1 Alerts and Logs24720.2 Configuring Log Settings24720.3 Displaying the Logs25020.4 SMTP Error Messages25020.4.1 Example E-mail Log251Maintenance25321.1 Maintenance Overview25321.2 System Status Screen25321.2.1 System Statistics25621.3 DHCP Table Screen25721.4 Any IP Table Screen25821.5 Wireless Screen25921.5.1 Association List25921.6 Diagnostic Screens26021.6.1 Diagnostic General Screen26021.6.2 Diagnostic DSL Line Screen26021.7 Firmware Screen262Introducing the SMT26522.1 Introduction to the SMT26522.2 Accessing the SMT via the Console Port26522.2.1 Initial Screen26522.2.2 Entering the Password26622.2.3 Procedure for SMT Configuration via Telnet26622.2.4 Entering Password26722.3 Navigating the SMT Interface26722.3.1 System Management Terminal Interface Summary26822.3.2 SMT Menus Overview26922.4 Changing the System Password270Menu 1 General Setup27323.1 General Setup27323.2 Procedure To Configure Menu 127323.2.1 Procedure to Configure Dynamic DNS274Menu 2 WAN Backup Setup27724.1 Introduction to WAN Backup Setup27724.2 Configuring WAN Backup in Menu 227724.2.1 Traffic Redirect Setup278Menu 3 LAN Setup28125.1 LAN Setup28125.1.1 General Ethernet Setup28125.2 Protocol Dependent Ethernet Setup28125.3 TCP/IP Ethernet Setup and DHCP282Wireless LAN Setup28526.1 Wireless LAN Overview28526.2 Wireless LAN Setup28526.2.1 Wireless LAN MAC Address Filter286Internet Access28927.1 Internet Access Overview28927.2 IP Policies28927.3 IP Alias28927.4 IP Alias Setup29027.5 Route IP Setup29127.6 Internet Access Configuration292Remote Node Configuration29528.1 Remote Node Setup Overview29528.2 Remote Node Setup29528.2.1 Remote Node Profile29528.2.2 Encapsulation and Multiplexing Scenarios29628.2.2.1 Scenario 1: One VC, Multiple Protocols29628.2.2.2 Scenario 2: One VC, One Protocol (IP)29628.2.2.3 Scenario 3: Multiple VCs29628.2.3 Outgoing Authentication Protocol29828.3 Remote Node Network Layer Options29928.3.1 My WAN Addr Sample IP Addresses30028.4 Remote Node Filter30128.5 Editing ATM Layer Options30228.5.1 VC-based Multiplexing (non-PPP Encapsulation)30228.5.2 LLC-based Multiplexing or PPP Encapsulation30328.5.3 Advance Setup Options303Static Route Setup30529.1 IP Static Route Overview30529.2 Configuration305Bridging Setup30930.1 Bridging in General30930.2 Bridge Ethernet Setup30930.2.1 Remote Node Bridging Setup30930.2.2 Bridge Static Route Setup311Network Address Translation (NAT)31331.1 Using NAT31331.1.1 SUA (Single User Account) Versus NAT31331.2 Applying NAT31331.3 NAT Setup31531.3.1 Address Mapping Sets31531.3.1.1 SUA Address Mapping Set31631.3.1.2 User-Defined Address Mapping Sets31731.3.1.3 Ordering Your Rules31831.4 Configuring a Server behind NAT31931.5 General NAT Examples32131.5.1 Example 1: Internet Access Only32131.5.2 Example 2: Internet Access with an Inside Server32231.5.3 Example 3: Multiple Public IP Addresses With Inside Servers32331.5.4 Example 4: NAT Unfriendly Application Programs326Enabling the Firewall32932.1 Remote Management and the Firewall32932.2 Access Methods32932.3 Enabling the Firewall329Filter Configuration33133.1 About Filtering33133.1.1 The Filter Structure of the Prestige33233.2 Configuring a Filter Set for the Prestige33333.3 Filter Rules Summary Menus33433.4 Configuring a Filter Rule33533.4.1 TCP/IP Filter Rule33633.4.2 Generic Filter Rule33833.5 Filter Types and NAT34033.6 Example Filter34033.7 Applying Filters and Factory Defaults34233.7.1 Ethernet Traffic34333.7.2 Remote Node Filters343SNMP Configuration34534.1 About SNMP34534.2 Supported MIBs34634.3 SNMP Configuration34634.4 SNMP Traps347System Security34935.1 System Security34935.1.1 System Password34935.1.2 Configuring External RADIUS Server34935.1.3 IEEE802.1x35135.2 Creating User Accounts on the Prestige353System Information and Diagnosis35536.1 Overview35536.2 System Status35536.3 System Information35736.3.1 System Information35736.3.2 Console Port Speed35836.4 Log and Trace35936.4.1 Viewing Error Log35936.4.2 Syslog and Accounting36036.5 Diagnostic362Firmware and Configuration File Maintenance36537.1 Filename Conventions36537.2 Backup Configuration36637.2.1 Backup Configuration36637.2.2 Using the FTP Command from the Command Line36737.2.3 Example of FTP Commands from the Command Line36737.2.4 GUI-based FTP Clients36837.2.5 TFTP and FTP over WAN Management Limitations36837.2.6 Backup Configuration Using TFTP36937.2.7 TFTP Command Example36937.2.8 GUI-based TFTP Clients36937.2.9 Backup Via Console Port37037.3 Restore Configuration37137.3.1 Restore Using FTP37137.3.2 Restore Using FTP Session Example37237.3.3 Restore Via Console Port37337.4 Uploading Firmware and Configuration Files37437.4.1 Firmware File Upload37437.4.2 Configuration File Upload37437.4.3 FTP File Upload Command from the DOS Prompt Example37537.4.4 FTP Session Example of Firmware File Upload37637.4.5 TFTP File Upload37637.4.6 TFTP Upload Command Example37737.4.7 Uploading Via Console Port37737.4.8 Uploading Firmware File Via Console Port37737.4.9 Example Xmodem Firmware Upload Using HyperTerminal37837.4.10 Uploading Configuration File Via Console Port37837.4.11 Example Xmodem Configuration Upload Using HyperTerminal379System Maintenance38138.1 Command Interpreter Mode38138.2 Call Control Support38238.2.1 Budget Management38238.3 Time and Date Setting38338.3.1 Resetting the Time384Remote Management38739.1 Remote Management Overview38739.2 Remote Management38739.2.1 Remote Management Setup38739.2.2 Remote Management Limitations38839.3 Remote Management and NAT38939.4 System Timeout389IP Policy Routing39140.1 IP Policy Routing Overview39140.2 Benefits of IP Policy Routing39140.3 Routing Policy39140.4 IP Routing Policy Setup39240.5 Applying an IP Policy39540.5.1 Ethernet IP Policies39540.6 IP Policy Routing Example396Call Scheduling39941.1 Introduction399VPN/IPSec Setup40342.1 VPN/IPSec Overview40342.2 IPSec Summary Screen40442.3 IPSec Setup40642.4 IKE Setup41042.5 Manual Setup41242.5.1 Active Protocol41242.5.2 Security Parameter Index (SPI)412SA Monitor41543.1 SA Monitor Overview41543.2 Using SA Monitor415Troubleshooting41944.1 Problems Starting Up the Prestige41944.2 Problems with the LAN LED41944.3 Problems with the DSL LED42044.4 Problems with the LAN Interface42044.5 Problems with the WAN Interface42044.6 Problems with Internet Access42144.7 Problems with the Password42144.8 Problems with the Web Configurator42244.9 Problems with Remote Management42244.10 Telephone Problems423Hardware Specifications425Setting up Your Computer’s IP Address429IP Subnetting441PPPoE449Wireless LAN and IEEE 802.11451Wireless LAN With IEEE 802.1x455Types of EAP Authentication457Triangle Route459Internal SPTGEN463Command Interpreter489Firewall Commands491Boot Commands493Log Descriptions495Index507Numerics507A507B507C507D508E509F510G510H511I511J512K512L512M512N513O513P513Q514R514S515T517U517V518W518X519Z519Size: 11.8 MBPages: 519Language: EnglishOpen manual