Guida Utente (91-004-582009B)SommarioUser’s Guide1Copyright3Federal Communications Commission (FCC) Interference Statement4Safety Warnings5ZyXEL Limited Warranty6Customer Support7Table of Contents9List of Figures25List of Tables33Preface39Introduction to DSL41Getting To Know Your Prestige431.1 Introducing the Prestige431.1.1 Features of the Prestige441.1.1.1 P-660HW Wireless Features481.1.2 Applications for the Prestige491.1.2.1 Internet Access491.1.3 Firewall for Secure Broadband Internet Access501.1.3.1 LAN to LAN Application501.1.4 Front Panel LEDs50Introducing the Web Configurator532.1 Web Configurator Overview532.1.1 Accessing the Prestige Web Configurator532.1.2 Resetting the Prestige542.1.2.1 Using the Reset Button542.1.3 Navigating the Prestige Web Configurator55Wizard Setup for Internet Access593.1 Introduction to Internet Access Wizard593.1.1 Internet Access Wizard Setup59Wizard Setup for Media Bandwidth Management674.1 Introduction to Media Bandwidth Management674.1.1 Predefined Media Bandwidth Management Services674.2 Media Bandwidth Management Setup68Password Setup715.1 Password Overview715.1.1 Configuring Password71LAN Setup736.1 LAN Overview736.1.1 LANs, WANs and the Prestige736.2 DNS Server Address746.3 DNS Server Address Assignment746.4 LAN TCP/IP756.4.1 Factory LAN Defaults756.4.2 IP Address and Subnet Mask756.4.3 RIP Setup766.4.4 Multicast766.5 Any IP776.5.1 How Any IP Works776.6 Configuring LAN786.7 Configuring Static DHCP80Wireless LAN (Prestige 660HW)837.1 Introduction837.2 Wireless Security Overview837.2.1 Encryption837.2.2 Authentication837.2.3 Restricted Access847.2.4 Hide Prestige Identity847.2.5 G-plus847.2.6 Configuring Wireless LAN on the Prestige847.3 Configuring the Wireless Screen857.3.1 WEP Encryption857.4 Configuring MAC Filters887.5 Introduction to WPA907.5.1 WPA-PSK Application Example907.5.2 WPA with RADIUS Application Example917.5.3 Wireless Client WPA Supplicants927.6 Configuring IEEE 802.1x and WPA927.6.1 Authentication Required: 802.1x937.6.2 Authentication Required: WPA957.6.3 Authentication Required: WPA-PSK977.7 Configuring Local User Authentication987.8 Configuring RADIUS997.9 Introduction to OTIST1007.9.1 Enabling OTIST1007.9.1.1 AP1007.9.1.2 Wireless Client1027.9.2 Starting OTIST1027.9.3 Notes on OTIST103WAN Setup1058.1 WAN Overview1058.2 Metric1058.3 PPPoE Encapsulation1068.4 Traffic Shaping1068.5 Zero Configuration Internet Access1078.6 Configuring WAN Setup1078.7 Traffic Redirect1108.8 Configuring WAN Backup111Network Address Translation (NAT) Screens1159.1 NAT Overview1159.1.1 NAT Definitions1159.1.2 What NAT Does1169.1.3 How NAT Works1169.1.4 NAT Application1179.1.5 NAT Mapping Types1189.2 SUA (Single User Account) Versus NAT1199.3 SUA Server1199.3.1 Default Server IP Address1199.3.2 Port Forwarding: Services and Port Numbers1199.3.3 Configuring Servers Behind SUA (Example)1209.4 SIP ALG1209.5 Selecting the NAT Mode1219.6 Configuring SUA Server1219.7 Configuring Address Mapping1239.8 Editing an Address Mapping Rule124Dynamic DNS Setup12710.1 Dynamic DNS12710.1.1 DYNDNS Wildcard12710.2 Configuring Dynamic DNS127Time and Date12911.1 Configuring Time and Date129Firewalls13112.1 Firewall Overview13112.2 Types of Firewalls13112.2.1 Packet Filtering Firewalls13112.2.2 Application-level Firewalls13112.2.3 Stateful Inspection Firewalls13212.3 Introduction to ZyXEL’s Firewall13212.3.1 Denial of Service Attacks13312.4 Denial of Service13312.4.1 Basics13312.4.2 Types of DoS Attacks13412.4.2.1 ICMP Vulnerability13612.4.2.2 Illegal Commands (NetBIOS and SMTP)13612.4.2.3 Traceroute13712.5 Stateful Inspection13712.5.1 Stateful Inspection Process13812.5.2 Stateful Inspection and the Prestige13912.5.3 TCP Security13912.5.4 UDP/ICMP Security14012.5.5 Upper Layer Protocols14012.6 Guidelines for Enhancing Security with Your Firewall14012.6.1 Security In General14112.7 Packet Filtering Vs Firewall14212.7.1 Packet Filtering:14212.7.1.1 When To Use Filtering14212.7.2 Firewall14212.7.2.1 When To Use The Firewall142Firewall Configuration14513.1 Access Methods14513.2 Firewall Policies Overview14513.3 Rule Logic Overview14613.3.1 Rule Checklist14613.3.2 Security Ramifications14613.3.3 Key Fields For Configuring Rules14713.3.3.1 Action14713.3.3.2 Service14713.3.3.3 Source Address14713.3.3.4 Destination Address14713.4 Connection Direction Example14713.4.1 LAN to WAN Rules14813.4.2 WAN to LAN Rules14813.4.3 Alerts14913.5 Configuring Basic Firewall Settings14913.6 Rule Summary15013.6.1 Configuring Firewall Rules15213.7 Customized Services15513.8 Creating/Editing A Customized Service15513.9 Example Firewall Rule15613.10 Predefined Services16013.11 Anti-Probing16213.12 Configuring Attack Alert16313.12.1 Threshold Values16413.12.2 Half-Open Sessions16413.12.2.1 TCP Maximum Incomplete and Blocking Time164Content Filtering16714.1 Content Filtering Overview16714.2 Configuring Keyword Blocking16714.3 Configuring the Schedule16814.4 Configuring Trusted Computers169Remote Management Configuration17115.1 Remote Management Overview17115.1.1 Remote Management Limitations17115.1.2 Remote Management and NAT17215.1.3 System Timeout17215.2 Telnet17215.3 FTP17215.4 Web17315.5 Configuring Remote Management173Universal Plug-and-Play (UPnP)17516.1 Introducing Universal Plug and Play17516.1.1 How do I know if I'm using UPnP?17516.1.2 NAT Traversal17516.1.3 Cautions with UPnP17516.2 UPnP and ZyXEL17616.2.1 Configuring UPnP17616.3 Installing UPnP in Windows Example17716.4 Using UPnP in Windows XP Example181Logs Screens18917.1 Logs Overview18917.1.1 Alerts and Logs18917.2 Configuring Log Settings18917.3 Displaying the Logs19117.4 SMTP Error Messages19217.4.1 Example E-mail Log193Media Bandwidth Management Advanced Setup19518.1 Bandwidth Management Advanced Setup Overview19518.2 Bandwidth Classes and Filters19518.3 Proportional Bandwidth Allocation19618.4 Bandwidth Management Usage Examples19618.4.1 Application-based Bandwidth Management Example19618.4.2 Subnet-based Bandwidth Management Example19618.4.3 Application and Subnet-based Bandwidth Management Example19718.5 Scheduler19818.5.1 Priority-based Scheduler19818.5.2 Fairness-based Scheduler19818.6 Maximize Bandwidth Usage19818.6.1 Reserving Bandwidth for Non-Bandwidth Class Traffic19818.6.2 Maximize Bandwidth Usage Example19918.7 Bandwidth Borrowing20018.7.1 Bandwidth Borrowing Example20018.7.2 Maximize Bandwidth Usage With Bandwidth Borrowing20118.8 Configuring Summary20118.9 Configuring Class Setup20318.9.1 DiffServ20418.9.1.1 DSCP and Per-Hop Behavior20418.9.2 Media Bandwidth Management Class Configuration20418.9.3 Media Bandwidth Management Statistics20718.10 Bandwidth Monitor208Maintenance21119.1 Maintenance Overview21119.2 System Status Screen21119.2.1 System Statistics21319.3 DHCP Table Screen21519.4 Any IP Table Screen21619.5 Wireless Screen21619.5.1 Association List21619.6 Diagnostic Screens21719.6.1 Diagnostic General Screen21719.6.2 Diagnostic DSL Line Screen21819.7 Firmware Screen220Introducing the SMT22320.1 SMT Introduction22320.1.1 Procedure for SMT Configuration via Telnet22320.1.2 Entering Password22320.1.3 Prestige SMT Menu Overview22420.2 Navigating the SMT Interface22420.2.1 System Management Terminal Interface Summary22620.3 Changing the System Password226Menu 1 General Setup22921.1 General Setup22921.2 Procedure To Configure Menu 122921.2.1 Procedure to Configure Dynamic DNS230Menu 2 WAN Backup Setup23322.1 Introduction to WAN Backup Setup23322.2 Configuring Dial Backup in Menu 223322.2.1 Traffic Redirect Setup234Menu 3 LAN Setup23723.1 LAN Setup23723.1.1 General Ethernet Setup23723.2 Protocol Dependent Ethernet Setup23823.3 CP/IP Ethernet Setup and DHCP238Wireless LAN Setup24124.1 Wireless LAN Overview24124.2 Wireless LAN Setup24124.2.1 Wireless LAN MAC Address Filter242Internet Access24525.1 Internet Access Overview24525.2 IP Policies24525.3 IP Alias24525.4 IP Alias Setup24625.5 Route IP Setup24725.6 Internet Access Configuration248Remote Node Configuration25126.1 Remote Node Setup Overview25126.2 Remote Node Setup25126.2.1 Remote Node Profile25126.2.2 Encapsulation and Multiplexing Scenarios25226.2.2.1 Scenario 1: One VC, Multiple Protocols25226.2.2.2 Scenario 2: One VC, One Protocol (IP)25226.2.2.3 Scenario 3: Multiple VCs25226.2.3 Outgoing Authentication Protocol25426.3 Remote Node Network Layer Options25526.3.1 My WAN Addr Sample IP Addresses25626.4 Remote Node Filter25726.5 Editing ATM Layer Options25826.5.1 VC-based Multiplexing (non-PPP Encapsulation)25826.5.2 LLC-based Multiplexing or PPP Encapsulation25826.5.3 Advance Setup Options259Static Route Setup26127.1 IP Static Route Overview26127.2 Configuration261Bridging Setup26528.1 Bridging in General26528.2 Bridge Ethernet Setup26528.2.1 Remote Node Bridging Setup26528.2.2 Bridge Static Route Setup267Network Address Translation (NAT)26929.1 Using NAT26929.1.1 SUA (Single User Account) Versus NAT26929.2 Applying NAT26929.3 NAT Setup27129.3.1 Address Mapping Sets27129.3.1.1 SUA Address Mapping Set27229.3.1.2 User-Defined Address Mapping Sets27329.3.1.3 Ordering Your Rules27429.4 Configuring a Server behind NAT27529.5 General NAT Examples27629.5.1 Example 1: Internet Access Only27729.5.2 Example 2: Internet Access with an Inside Server27729.5.3 Example 3: Multiple Public IP Addresses With Inside Servers27829.5.4 Example 4: NAT Unfriendly Application Programs282Enabling the Firewall28530.1 Remote Management and the Firewall28530.2 Access Methods28530.3 Enabling the Firewall285Filter Configuration28731.1 About Filtering28731.1.1 The Filter Structure of the Prestige28831.2 Configuring a Filter Set for the Prestige28931.3 Filter Rules Summary Menus29031.4 Configuring a Filter Rule29131.4.1 TCP/IP Filter Rule29231.4.2 Generic Filter Rule29431.5 Filter Types and NAT29631.6 Example Filter29631.7 Applying Filters and Factory Defaults29831.7.1 Ethernet Traffic29931.7.2 Remote Node Filters299SNMP Configuration30132.1 About SNMP30132.2 Supported MIBs30232.3 SNMP Configuration30232.4 SNMP Traps303System Security30533.1 System Security30533.1.1 System Password30533.1.2 Configuring External RADIUS Server30533.1.3 IEEE802.1x30733.2 Creating User Accounts on the Prestige309System Information and Diagnosis31134.1 Overview31134.2 System Status31134.3 System Information31334.3.1 System Information31334.3.2 Console Port Speed31434.4 Log and Trace31534.4.1 Viewing Error Log31534.4.2 Syslog and Accounting31634.5 Diagnostic318Firmware and Configuration File Maintenance32135.1 Filename Conventions32135.2 Backup Configuration32235.2.1 Backup Configuration32235.2.2 Using the FTP Command from the Command Line32335.2.3 Example of FTP Commands from the Command Line32335.2.4 GUI-based FTP Clients32435.2.5 TFTP and FTP over WAN Management Limitations32435.2.6 Backup Configuration Using TFTP32535.2.7 TFTP Command Example32535.2.8 GUI-based TFTP Clients32535.3 Restore Configuration32635.3.1 Restore Using FTP32635.3.2 Restore Using FTP Session Example32735.4 Uploading Firmware and Configuration Files32835.4.1 Firmware File Upload32835.4.2 Configuration File Upload32835.4.3 FTP File Upload Command from the DOS Prompt Example32935.4.4 FTP Session Example of Firmware File Upload33035.4.5 TFTP File Upload33035.4.6 TFTP Upload Command Example331System Maintenance33336.1 Command Interpreter Mode33336.2 Call Control Support33436.2.1 Budget Management33436.3 Time and Date Setting33536.3.1 Resetting the Time336Remote Management33937.1 Remote Management Overview33937.2 Remote Management33937.2.1 Remote Management Setup33937.2.2 Remote Management Limitations34037.3 Remote Management and NAT34137.4 System Timeout341IP Policy Routing34338.1 IP Policy Routing Overview34338.2 Benefits of IP Policy Routing34338.3 Routing Policy34338.4 IP Routing Policy Setup34438.5 Applying an IP Policy34738.5.1 Ethernet IP Policies34738.6 IP Policy Routing Example348Call Scheduling35339.1 Introduction353Internal SPTGEN35740.1 Internal SPTGEN Overview35740.2 The Configuration Text File Format35740.2.1 Internal SPTGEN File Modification - Important Points to Remember35840.3 Internal SPTGEN FTP Download Example35840.4 Internal SPTGEN FTP Upload Example359Troubleshooting36141.1 Problems Starting Up the Prestige36141.2 Problems with the LAN LED36141.3 Problems with the DSL LED36241.4 Problems with the LAN Interface36241.5 Problems with the WAN Interface36241.6 Problems with Internet Access36341.7 Problems with the Password36341.8 Problems with the Web Configurator36441.9 Problems with Remote Management364Splitters and Microfilters365Connecting a POTS Splitter365Telephone Microfilters366Prestige With ISDN366Setting up Your Computer’s IP Address369Windows 95/98/Me369Windows 2000/NT/XP372Macintosh OS 8/9376Macintosh OS X378IP Subnetting381IP Addressing381IP Classes381Subnet Masks382Subnetting382Example: Two Subnets383Example: Four Subnets385Example Eight Subnets386Subnetting With Class A and Class B Networks.387PPPoE389PPPoE in Action389Benefits of PPPoE389Traditional Dial-up Scenario389How PPPoE Works390Prestige as a PPPoE Client390Virtual Circuit Topology391Wireless LANs393Wireless LAN Topologies393Channel395RTS/CTS395Fragmentation Threshold396Preamble Type397IEEE 802.1x398RADIUS398EAP Authentication399Types of Authentication400WEP Authentication Steps401WPA403Security Parameters Summary404Roaming404Antenna Selection and Positioning Recommendation407Antenna Characteristics407Types of Antennas For WLAN408Connector Type408Example Internal SPTGEN Screens409Command Examples429Command Interpreter431Command Syntax431Command Usage431Firewall Commands433Sys Firewall Commands433Brute-Force Password Guessing Protection435Example435Boot Commands437Log Descriptions439Log Commands448Log Command Example449Index451Numerics451A451B451C452D452E453F453G454H454I454K455L455M455N455O456P456Q457R457S458T459U459V459W459X460Z460Dimensioni: 17,1 MBPagine: 460Language: EnglishApri il manuale