Manuali utente per ZyXEL 660H-63

Sommario

• User’s Guide

  1
• Copyright

  3
• Federal Communications Commission (FCC) Interference Statement

  4
• Safety Warnings

  5
• ZyXEL Limited Warranty

  6
• Customer Support

  7
• Table of Contents

  9
• List of Figures

  25
• List of Tables

  33
• Preface

  39
• Introduction to DSL

  41
• Getting To Know Your Prestige

  43
  • 1.1 Introducing the Prestige

    43
    • 1.1.1 Features of the Prestige

      44
      • 1.1.1.1 P-660HW Wireless Features

        48
    • 1.1.2 Applications for the Prestige

      49
      • 1.1.2.1 Internet Access

        49
    • 1.1.3 Firewall for Secure Broadband Internet Access

      50
      • 1.1.3.1 LAN to LAN Application

        50
    • 1.1.4 Front Panel LEDs

      50
• Introducing the Web Configurator

  53
  • 2.1 Web Configurator Overview

    53
    • 2.1.1 Accessing the Prestige Web Configurator

      53
    • 2.1.2 Resetting the Prestige

      54
      • 2.1.2.1 Using the Reset Button

        54
    • 2.1.3 Navigating the Prestige Web Configurator

      55
• Wizard Setup for Internet Access

  59
  • 3.1 Introduction to Internet Access Wizard

    59
    • 3.1.1 Internet Access Wizard Setup

      59
• Wizard Setup for Media Bandwidth Management

  67
  • 4.1 Introduction to Media Bandwidth Management

    67
    • 4.1.1 Predefined Media Bandwidth Management Services

      67
  • 4.2 Media Bandwidth Management Setup

    68
• Password Setup

  71
  • 5.1 Password Overview

    71
    • 5.1.1 Configuring Password

      71
• LAN Setup

  73
  • 6.1 LAN Overview

    73
    • 6.1.1 LANs, WANs and the Prestige

      73
  • 6.2 DNS Server Address

    74
  • 6.3 DNS Server Address Assignment

    74
  • 6.4 LAN TCP/IP

    75
    • 6.4.1 Factory LAN Defaults

      75
    • 6.4.2 IP Address and Subnet Mask

      75
    • 6.4.3 RIP Setup

      76
    • 6.4.4 Multicast

      76
  • 6.5 Any IP

    77
    • 6.5.1 How Any IP Works

      77
  • 6.6 Configuring LAN

    78
  • 6.7 Configuring Static DHCP

    80
• Wireless LAN (Prestige 660HW)

  83
  • 7.1 Introduction

    83
  • 7.2 Wireless Security Overview

    83
    • 7.2.1 Encryption

      83
    • 7.2.2 Authentication

      83
    • 7.2.3 Restricted Access

      84
    • 7.2.4 Hide Prestige Identity

      84
    • 7.2.5 G-plus

      84
    • 7.2.6 Configuring Wireless LAN on the Prestige

      84
  • 7.3 Configuring the Wireless Screen

    85
    • 7.3.1 WEP Encryption

      85
  • 7.4 Configuring MAC Filters

    88
  • 7.5 Introduction to WPA

    90
    • 7.5.1 WPA-PSK Application Example

      90
    • 7.5.2 WPA with RADIUS Application Example

      91
    • 7.5.3 Wireless Client WPA Supplicants

      92
  • 7.6 Configuring IEEE 802.1x and WPA

    92
    • 7.6.1 Authentication Required: 802.1x

      93
    • 7.6.2 Authentication Required: WPA

      95
    • 7.6.3 Authentication Required: WPA-PSK

      97
  • 7.7 Configuring Local User Authentication

    98
  • 7.8 Configuring RADIUS

    99
  • 7.9 Introduction to OTIST

    100
    • 7.9.1 Enabling OTIST

      100
      • 7.9.1.1 AP

        100
      • 7.9.1.2 Wireless Client

        102
    • 7.9.2 Starting OTIST

      102
    • 7.9.3 Notes on OTIST

      103
• WAN Setup

  105
  • 8.1 WAN Overview

    105
  • 8.2 Metric

    105
  • 8.3 PPPoE Encapsulation

    106
  • 8.4 Traffic Shaping

    106
  • 8.5 Zero Configuration Internet Access

    107
  • 8.6 Configuring WAN Setup

    107
  • 8.7 Traffic Redirect

    110
  • 8.8 Configuring WAN Backup

    111
• Network Address Translation (NAT) Screens

  115
  • 9.1 NAT Overview

    115
    • 9.1.1 NAT Definitions

      115
    • 9.1.2 What NAT Does

      116
    • 9.1.3 How NAT Works

      116
    • 9.1.4 NAT Application

      117
    • 9.1.5 NAT Mapping Types

      118
  • 9.2 SUA (Single User Account) Versus NAT

    119
  • 9.3 SUA Server

    119
    • 9.3.1 Default Server IP Address

      119
    • 9.3.2 Port Forwarding: Services and Port Numbers

      119
    • 9.3.3 Configuring Servers Behind SUA (Example)

      120
  • 9.4 SIP ALG

    120
  • 9.5 Selecting the NAT Mode

    121
  • 9.6 Configuring SUA Server

    121
  • 9.7 Configuring Address Mapping

    123
  • 9.8 Editing an Address Mapping Rule

    124
• Dynamic DNS Setup

  127
  • 10.1 Dynamic DNS

    127
    • 10.1.1 DYNDNS Wildcard

      127
  • 10.2 Configuring Dynamic DNS

    127
• Time and Date

  129
  • 11.1 Configuring Time and Date

    129
• Firewalls

  131
  • 12.1 Firewall Overview

    131
  • 12.2 Types of Firewalls

    131
    • 12.2.1 Packet Filtering Firewalls

      131
    • 12.2.2 Application-level Firewalls

      131
    • 12.2.3 Stateful Inspection Firewalls

      132
  • 12.3 Introduction to ZyXEL’s Firewall

    132
    • 12.3.1 Denial of Service Attacks

      133
  • 12.4 Denial of Service

    133
    • 12.4.1 Basics

      133
    • 12.4.2 Types of DoS Attacks

      134
      • 12.4.2.1 ICMP Vulnerability

        136
      • 12.4.2.2 Illegal Commands (NetBIOS and SMTP)

        136
      • 12.4.2.3 Traceroute

        137
  • 12.5 Stateful Inspection

    137
    • 12.5.1 Stateful Inspection Process

      138
    • 12.5.2 Stateful Inspection and the Prestige

      139
    • 12.5.3 TCP Security

      139
    • 12.5.4 UDP/ICMP Security

      140
    • 12.5.5 Upper Layer Protocols

      140
  • 12.6 Guidelines for Enhancing Security with Your Firewall

    140
    • 12.6.1 Security In General

      141
  • 12.7 Packet Filtering Vs Firewall

    142
    • 12.7.1 Packet Filtering:

      142
      • 12.7.1.1 When To Use Filtering

        142
    • 12.7.2 Firewall

      142
      • 12.7.2.1 When To Use The Firewall

        142
• Firewall Configuration

  145
  • 13.1 Access Methods

    145
  • 13.2 Firewall Policies Overview

    145
  • 13.3 Rule Logic Overview

    146
    • 13.3.1 Rule Checklist

      146
    • 13.3.2 Security Ramifications

      146
    • 13.3.3 Key Fields For Configuring Rules

      147
      • 13.3.3.1 Action

        147
      • 13.3.3.2 Service

        147
      • 13.3.3.3 Source Address

        147
      • 13.3.3.4 Destination Address

        147
  • 13.4 Connection Direction Example

    147
    • 13.4.1 LAN to WAN Rules

      148
    • 13.4.2 WAN to LAN Rules

      148
    • 13.4.3 Alerts

      149
  • 13.5 Configuring Basic Firewall Settings

    149
  • 13.6 Rule Summary

    150
    • 13.6.1 Configuring Firewall Rules

      152
  • 13.7 Customized Services

    155
  • 13.8 Creating/Editing A Customized Service

    155
  • 13.9 Example Firewall Rule

    156
  • 13.10 Predefined Services

    160
  • 13.11 Anti-Probing

    162
  • 13.12 Configuring Attack Alert

    163
    • 13.12.1 Threshold Values

      164
    • 13.12.2 Half-Open Sessions

      164
      • 13.12.2.1 TCP Maximum Incomplete and Blocking Time

        164
• Content Filtering

  167
  • 14.1 Content Filtering Overview

    167
  • 14.2 Configuring Keyword Blocking

    167
  • 14.3 Configuring the Schedule

    168
  • 14.4 Configuring Trusted Computers

    169
• Remote Management Configuration

  171
  • 15.1 Remote Management Overview

    171
    • 15.1.1 Remote Management Limitations

      171
    • 15.1.2 Remote Management and NAT

      172
    • 15.1.3 System Timeout

      172
  • 15.2 Telnet

    172
  • 15.3 FTP

    172
  • 15.4 Web

    173
  • 15.5 Configuring Remote Management

    173
• Universal Plug-and-Play (UPnP)

  175
  • 16.1 Introducing Universal Plug and Play

    175
    • 16.1.1 How do I know if I'm using UPnP?

      175
    • 16.1.2 NAT Traversal

      175
    • 16.1.3 Cautions with UPnP

      175
  • 16.2 UPnP and ZyXEL

    176
    • 16.2.1 Configuring UPnP

      176
  • 16.3 Installing UPnP in Windows Example

    177
  • 16.4 Using UPnP in Windows XP Example

    181
• Logs Screens

  189
  • 17.1 Logs Overview

    189
    • 17.1.1 Alerts and Logs

      189
  • 17.2 Configuring Log Settings

    189
  • 17.3 Displaying the Logs

    191
  • 17.4 SMTP Error Messages

    192
    • 17.4.1 Example E-mail Log

      193
• Media Bandwidth Management Advanced Setup

  195
  • 18.1 Bandwidth Management Advanced Setup Overview

    195
  • 18.2 Bandwidth Classes and Filters

    195
  • 18.3 Proportional Bandwidth Allocation

    196
  • 18.4 Bandwidth Management Usage Examples

    196
    • 18.4.1 Application-based Bandwidth Management Example

      196
    • 18.4.2 Subnet-based Bandwidth Management Example

      196
    • 18.4.3 Application and Subnet-based Bandwidth Management Example

      197
  • 18.5 Scheduler

    198
    • 18.5.1 Priority-based Scheduler

      198
    • 18.5.2 Fairness-based Scheduler

      198
  • 18.6 Maximize Bandwidth Usage

    198
    • 18.6.1 Reserving Bandwidth for Non-Bandwidth Class Traffic

      198
    • 18.6.2 Maximize Bandwidth Usage Example

      199
  • 18.7 Bandwidth Borrowing

    200
    • 18.7.1 Bandwidth Borrowing Example

      200
    • 18.7.2 Maximize Bandwidth Usage With Bandwidth Borrowing

      201
  • 18.8 Configuring Summary

    201
  • 18.9 Configuring Class Setup

    203
    • 18.9.1 DiffServ

      204
      • 18.9.1.1 DSCP and Per-Hop Behavior

        204
    • 18.9.2 Media Bandwidth Management Class Configuration

      204
    • 18.9.3 Media Bandwidth Management Statistics

      207
  • 18.10 Bandwidth Monitor

    208
• Maintenance

  211
  • 19.1 Maintenance Overview

    211
  • 19.2 System Status Screen

    211
    • 19.2.1 System Statistics

      213
  • 19.3 DHCP Table Screen

    215
  • 19.4 Any IP Table Screen

    216
  • 19.5 Wireless Screen

    216
    • 19.5.1 Association List

      216
  • 19.6 Diagnostic Screens

    217
    • 19.6.1 Diagnostic General Screen

      217
    • 19.6.2 Diagnostic DSL Line Screen

      218
  • 19.7 Firmware Screen

    220
• Introducing the SMT

  223
  • 20.1 SMT Introduction

    223
    • 20.1.1 Procedure for SMT Configuration via Telnet

      223
    • 20.1.2 Entering Password

      223
    • 20.1.3 Prestige SMT Menu Overview

      224
  • 20.2 Navigating the SMT Interface

    224
    • 20.2.1 System Management Terminal Interface Summary

      226
  • 20.3 Changing the System Password

    226
• Menu 1 General Setup

  229
  • 21.1 General Setup

    229
  • 21.2 Procedure To Configure Menu 1

    229
    • 21.2.1 Procedure to Configure Dynamic DNS

      230
• Menu 2 WAN Backup Setup

  233
  • 22.1 Introduction to WAN Backup Setup

    233
  • 22.2 Configuring Dial Backup in Menu 2

    233
    • 22.2.1 Traffic Redirect Setup

      234
• Menu 3 LAN Setup

  237
  • 23.1 LAN Setup

    237
    • 23.1.1 General Ethernet Setup

      237
  • 23.2 Protocol Dependent Ethernet Setup

    238
  • 23.3 CP/IP Ethernet Setup and DHCP

    238
• Wireless LAN Setup

  241
  • 24.1 Wireless LAN Overview

    241
  • 24.2 Wireless LAN Setup

    241
    • 24.2.1 Wireless LAN MAC Address Filter

      242
• Internet Access

  245
  • 25.1 Internet Access Overview

    245
  • 25.2 IP Policies

    245
  • 25.3 IP Alias

    245
  • 25.4 IP Alias Setup

    246
  • 25.5 Route IP Setup

    247
  • 25.6 Internet Access Configuration

    248
• Remote Node Configuration

  251
  • 26.1 Remote Node Setup Overview

    251
  • 26.2 Remote Node Setup

    251
    • 26.2.1 Remote Node Profile

      251
    • 26.2.2 Encapsulation and Multiplexing Scenarios

      252
      • 26.2.2.1 Scenario 1: One VC, Multiple Protocols

        252
      • 26.2.2.2 Scenario 2: One VC, One Protocol (IP)

        252
      • 26.2.2.3 Scenario 3: Multiple VCs

        252
    • 26.2.3 Outgoing Authentication Protocol

      254
  • 26.3 Remote Node Network Layer Options

    255
    • 26.3.1 My WAN Addr Sample IP Addresses

      256
  • 26.4 Remote Node Filter

    257
  • 26.5 Editing ATM Layer Options

    258
    • 26.5.1 VC-based Multiplexing (non-PPP Encapsulation)

      258
    • 26.5.2 LLC-based Multiplexing or PPP Encapsulation

      258
    • 26.5.3 Advance Setup Options

      259
• Static Route Setup

  261
  • 27.1 IP Static Route Overview

    261
  • 27.2 Configuration

    261
• Bridging Setup

  265
  • 28.1 Bridging in General

    265
  • 28.2 Bridge Ethernet Setup

    265
    • 28.2.1 Remote Node Bridging Setup

      265
    • 28.2.2 Bridge Static Route Setup

      267
• Network Address Translation (NAT)

  269
  • 29.1 Using NAT

    269
    • 29.1.1 SUA (Single User Account) Versus NAT

      269
  • 29.2 Applying NAT

    269
  • 29.3 NAT Setup

    271
    • 29.3.1 Address Mapping Sets

      271
      • 29.3.1.1 SUA Address Mapping Set

        272
      • 29.3.1.2 User-Defined Address Mapping Sets

        273
      • 29.3.1.3 Ordering Your Rules

        274
  • 29.4 Configuring a Server behind NAT

    275
  • 29.5 General NAT Examples

    276
    • 29.5.1 Example 1: Internet Access Only

      277
    • 29.5.2 Example 2: Internet Access with an Inside Server

      277
    • 29.5.3 Example 3: Multiple Public IP Addresses With Inside Servers

      278
    • 29.5.4 Example 4: NAT Unfriendly Application Programs

      282
• Enabling the Firewall

  285
  • 30.1 Remote Management and the Firewall

    285
  • 30.2 Access Methods

    285
  • 30.3 Enabling the Firewall

    285
• Filter Configuration

  287
  • 31.1 About Filtering

    287
    • 31.1.1 The Filter Structure of the Prestige

      288
  • 31.2 Configuring a Filter Set for the Prestige

    289
  • 31.3 Filter Rules Summary Menus

    290
  • 31.4 Configuring a Filter Rule

    291
    • 31.4.1 TCP/IP Filter Rule

      292
    • 31.4.2 Generic Filter Rule

      294
  • 31.5 Filter Types and NAT

    296
  • 31.6 Example Filter

    296
  • 31.7 Applying Filters and Factory Defaults

    298
    • 31.7.1 Ethernet Traffic

      299
    • 31.7.2 Remote Node Filters

      299
• SNMP Configuration

  301
  • 32.1 About SNMP

    301
  • 32.2 Supported MIBs

    302
  • 32.3 SNMP Configuration

    302
  • 32.4 SNMP Traps

    303
• System Security

  305
  • 33.1 System Security

    305
    • 33.1.1 System Password

      305
    • 33.1.2 Configuring External RADIUS Server

      305
    • 33.1.3 IEEE802.1x

      307
  • 33.2 Creating User Accounts on the Prestige

    309
• System Information and Diagnosis

  311
  • 34.1 Overview

    311
  • 34.2 System Status

    311
  • 34.3 System Information

    313
    • 34.3.1 System Information

      313
    • 34.3.2 Console Port Speed

      314
  • 34.4 Log and Trace

    315
    • 34.4.1 Viewing Error Log

      315
    • 34.4.2 Syslog and Accounting

      316
  • 34.5 Diagnostic

    318
• Firmware and Configuration File Maintenance

  321
  • 35.1 Filename Conventions

    321
  • 35.2 Backup Configuration

    322
    • 35.2.1 Backup Configuration

      322
    • 35.2.2 Using the FTP Command from the Command Line

      323
    • 35.2.3 Example of FTP Commands from the Command Line

      323
    • 35.2.4 GUI-based FTP Clients

      324
    • 35.2.5 TFTP and FTP over WAN Management Limitations

      324
    • 35.2.6 Backup Configuration Using TFTP

      325
    • 35.2.7 TFTP Command Example

      325
    • 35.2.8 GUI-based TFTP Clients

      325
  • 35.3 Restore Configuration

    326
    • 35.3.1 Restore Using FTP

      326
    • 35.3.2 Restore Using FTP Session Example

      327
  • 35.4 Uploading Firmware and Configuration Files

    328
    • 35.4.1 Firmware File Upload

      328
    • 35.4.2 Configuration File Upload

      328
    • 35.4.3 FTP File Upload Command from the DOS Prompt Example

      329
    • 35.4.4 FTP Session Example of Firmware File Upload

      330
    • 35.4.5 TFTP File Upload

      330
    • 35.4.6 TFTP Upload Command Example

      331
• System Maintenance

  333
  • 36.1 Command Interpreter Mode

    333
  • 36.2 Call Control Support

    334
    • 36.2.1 Budget Management

      334
  • 36.3 Time and Date Setting

    335
    • 36.3.1 Resetting the Time

      336
• Remote Management

  339
  • 37.1 Remote Management Overview

    339
  • 37.2 Remote Management

    339
    • 37.2.1 Remote Management Setup

      339
    • 37.2.2 Remote Management Limitations

      340
  • 37.3 Remote Management and NAT

    341
  • 37.4 System Timeout

    341
• IP Policy Routing

  343
  • 38.1 IP Policy Routing Overview

    343
  • 38.2 Benefits of IP Policy Routing

    343
  • 38.3 Routing Policy

    343
  • 38.4 IP Routing Policy Setup

    344
  • 38.5 Applying an IP Policy

    347
    • 38.5.1 Ethernet IP Policies

      347
  • 38.6 IP Policy Routing Example

    348
• Call Scheduling

  353
  • 39.1 Introduction

    353
• Internal SPTGEN

  357
  • 40.1 Internal SPTGEN Overview

    357
  • 40.2 The Configuration Text File Format

    357
    • 40.2.1 Internal SPTGEN File Modification - Important Points to Remember

      358
  • 40.3 Internal SPTGEN FTP Download Example

    358
  • 40.4 Internal SPTGEN FTP Upload Example

    359
• Troubleshooting

  361
  • 41.1 Problems Starting Up the Prestige

    361
  • 41.2 Problems with the LAN LED

    361
  • 41.3 Problems with the DSL LED

    362
  • 41.4 Problems with the LAN Interface

    362
  • 41.5 Problems with the WAN Interface

    362
  • 41.6 Problems with Internet Access

    363
  • 41.7 Problems with the Password

    363
  • 41.8 Problems with the Web Configurator

    364
  • 41.9 Problems with Remote Management

    364
• Splitters and Microfilters

  365
  • Connecting a POTS Splitter

    365
  • Telephone Microfilters

    366
  • Prestige With ISDN

    366
• Setting up Your Computer’s IP Address

  369
  • Windows 95/98/Me

    369
  • Windows 2000/NT/XP

    372
  • Macintosh OS 8/9

    376
  • Macintosh OS X

    378
• IP Subnetting

  381
  • IP Addressing

    381
  • IP Classes

    381
  • Subnet Masks

    382
  • Subnetting

    382
  • Example: Two Subnets

    383
  • Example: Four Subnets

    385
  • Example Eight Subnets

    386
  • Subnetting With Class A and Class B Networks.

    387
• PPPoE

  389
  • PPPoE in Action

    389
  • Benefits of PPPoE

    389
  • Traditional Dial-up Scenario

    389
  • How PPPoE Works

    390
  • Prestige as a PPPoE Client

    390
• Virtual Circuit Topology

  391
• Wireless LANs

  393
  • Wireless LAN Topologies

    393
  • Channel

    395
  • RTS/CTS

    395
  • Fragmentation Threshold

    396
  • Preamble Type

    397
  • IEEE 802.1x

    398
  • RADIUS

    398
  • EAP Authentication

    399
  • Types of Authentication

    400
  • WEP Authentication Steps

    401
  • WPA

    403
  • Security Parameters Summary

    404
  • Roaming

    404
• Antenna Selection and Positioning Recommendation

  407
  • Antenna Characteristics

    407
  • Types of Antennas For WLAN

    408
  • Connector Type

    408
• Example Internal SPTGEN Screens

  409
  • Command Examples

    429
• Command Interpreter

  431
  • Command Syntax

    431
  • Command Usage

    431
• Firewall Commands

  433
  • Sys Firewall Commands

    433
• Brute-Force Password Guessing Protection

  435
  • Example

    435
• Boot Commands

  437
• Log Descriptions

  439
  • Log Commands

    448
  • Log Command Example

    449
• Index

  451
  • Numerics

    451
  • A

    451
  • B

    451
  • C

    452
  • D

    452
  • E

    453
  • F

    453
  • G

    454
  • H

    454
  • I

    454
  • K

    455
  • L

    455
  • M

    455
  • N

    455
  • O

    456
  • P

    456
  • Q

    457
  • R

    457
  • S

    458
  • T

    459
  • U

    459
  • V

    459
  • W

    459
  • X

    460
  • Z

    460