用户手册目录User’s Guide1Copyright2Federal Communications Commission (FCC) Interference Statement3ZyXEL Limited Warranty4Customer Support5Table of Contents8List of Figures26List of Tables34Preface40Introduction to DSL42Getting To Know Your Prestige441.1 Introducing the Prestige441.1.1 Features of the Prestige451.1.2 Applications for the Prestige511.1.2.1 Internet Access511.1.3 Firewall for Secure Broadband Internet Access511.1.3.1 LAN to LAN Application521.1.4 Prestige Hardware Installation and Connection52Introducing the Web Configurator542.1 Web Configurator Overview542.1.1 Accessing the Prestige Web Configurator542.1.2 Resetting the Prestige552.1.2.1 Using the Reset Button552.1.3 Navigating the Prestige Web Configurator56Wizard Setup for Internet Access603.1 Introduction603.1.1 Encapsulation603.1.1.1 ENET ENCAP603.1.1.2 PPP over Ethernet603.1.1.3 PPPoA603.1.1.4 RFC 1483613.1.2 Multiplexing613.1.2.1 VC-based Multiplexing613.1.2.2 LLC-based Multiplexing613.1.3 VPI and VCI613.2 Internet Access Wizard Setup: First Screen613.3 IP Address and Subnet Mask623.3.1 IP Address Assignment633.3.1.1 IP Assignment with PPPoA or PPPoE Encapsulation633.3.1.2 IP Assignment with RFC 1483 Encapsulation633.3.1.3 IP Assignment with ENET ENCAP Encapsulation633.3.1.4 Private IP Addresses643.3.2 Nailed-Up Connection (PPP)643.3.3 NAT643.4 Internet Access Wizard Setup: Second Screen643.4.1 DHCP Setup693.4.1.1 IP Pool Setup693.4.2 Internet Access Wizard Setup: Third Screen693.5 Internet Access Wizard Setup: Connection Test703.5.1 Test Your Internet Connection71Wizard Setup for Media Bandwidth Management724.1 Introduction724.1.1 Predefined Media Bandwidth Management Services724.2 Media Bandwidth Management Setup 1734.3 Media Bandwidth Mgnt. Wizard Setup: Second Screen744.4 Media Bandwidth Mgnt. Wizard Setup: Finish75Password Setup765.1 Password Overview765.1.1 Configuring Password76LAN Setup786.1 LAN Overview786.1.1 LANs, WANs and the Prestige786.2 DNS Server Address796.3 DNS Server Address Assignment796.4 LAN TCP/IP806.4.1 Factory LAN Defaults806.4.2 IP Address and Subnet Mask806.4.3 RIP Setup806.4.4 Multicast816.5 Any IP816.5.1 How Any IP Works826.6 Configuring LAN836.7 Configuring Static DHCP84DMZ867.1 Introduction867.2 Configuring DMZ86Wireless LAN Setup908.1 Introduction908.1.1 Additional Installation Requirements for Using 802.1x908.1.2 Channel908.1.3 ESS ID918.1.4 RTS/CTS918.1.5 Fragmentation Threshold928.2 Levels of Security928.3 Data Encryption with WEP938.4 Configuring Wireless LAN938.5 Configuring MAC Filter958.6 Network Authentication978.6.1 EAP978.6.1.1 RADIUS978.6.1.2 Types of RADIUS Messages978.6.2 EAP Authentication Overview988.7 Introduction to WPA998.7.1 User Authentication998.7.2 Encryption998.8 WPA-PSK Application Example1008.9 WPA with RADIUS Application Example1008.10 Security Parameters Summary1018.11 Wireless Client WPA Supplicants1028.12 Configuring 802.1x and WPA1028.12.1 Authentication Required: 802.1x1038.12.2 Authentication Required: WPA1058.12.3 Authentication Required: WPA-PSK1068.13 Configuring Local User Authentication1088.14 Configuring RADIUS109WAN Setup1129.1 WAN Overview1129.2 Metric1129.3 PPPoE Encapsulation1139.4 Traffic Shaping1139.5 Zero Configuration Internet Access1149.6 Configuring WAN Setup1149.7 Traffic Redirect1179.8 Configuring WAN Backup1189.9 Configuring Advanced WAN Backup1219.10 AT Command Strings1249.11 DTR Signal1249.12 Response Strings1249.13 Configuring Advanced Modem Setup124Network Address Translation (NAT) Screens12810.1 NAT Overview12810.1.1 NAT Definitions12810.1.2 What NAT Does12910.1.3 How NAT Works12910.1.4 NAT Application13010.1.5 NAT Mapping Types13010.2 SUA (Single User Account) Versus NAT13110.3 SUA Server13210.3.1 Default Server IP Address13210.3.2 Port Forwarding: Services and Port Numbers13210.3.3 Configuring Servers Behind SUA (Example)13310.4 Selecting the NAT Mode13310.5 Configuring SUA Server13410.6 Configuring Address Mapping13610.7 Editing an Address Mapping Rule137Dynamic DNS Setup14011.1 Dynamic DNS14011.1.1 DYNDNS Wildcard14011.2 Configuring Dynamic DNS140Time and Date14212.1 Configuring Time and Date142Firewalls14413.1 Firewall Overview14413.2 Types of Firewalls14413.2.1 Packet Filtering Firewalls14413.2.2 Application-level Firewalls14413.2.3 Stateful Inspection Firewalls14513.3 Introduction to ZyXEL’s Firewall14513.3.1 Denial of Service Attacks14613.4 Denial of Service14613.4.1 Basics14613.4.2 Types of DoS Attacks14713.4.2.1 ICMP Vulnerability14913.4.2.2 Illegal Commands (NetBIOS and SMTP)14913.4.2.3 Traceroute15013.5 Stateful Inspection15013.5.1 Stateful Inspection Process15113.5.2 Stateful Inspection and the Prestige15213.5.3 TCP Security15213.5.4 UDP/ICMP Security15313.5.5 Upper Layer Protocols15313.6 Guidelines for Enhancing Security with Your Firewall15413.6.1 Security In General15413.7 Packet Filtering Vs Firewall15513.7.1 Packet Filtering:15513.7.1.1 When To Use Filtering15513.7.2 Firewall15513.7.2.1 When To Use The Firewall156Firewall Configuration15814.1 Access Methods15814.2 Firewall Policies Overview15814.3 Rule Logic Overview15914.3.1 Rule Checklist15914.3.2 Security Ramifications16014.3.3 Key Fields For Configuring Rules16014.3.3.1 Action16014.3.3.2 Service16014.3.3.3 Source Address16014.3.3.4 Destination Address16114.4 Connection Direction Example16114.4.1 LAN to WAN Rules16114.4.2 WAN to LAN Rules16114.4.3 Alerts16214.5 Configuring Basic Firewall Settings16214.6 Rule Summary16414.6.1 Configuring Firewall Rules16514.7 Customized Services16814.8 Creating/Editing A Customized Service16814.9 Example Firewall Rule16914.10 Predefined Services17314.11 Anti-Probing17514.12 Configuring Attack Alert17614.12.1 Threshold Values17714.12.2 Half-Open Sessions17714.12.2.1 TCP Maximum Incomplete and Blocking Time177Content Filtering18015.1 Content Filtering Overview18015.2 Configuring Keyword Blocking18015.3 Configuring the Schedule18115.4 Configuring Trusted Computers182Content Access Control18416.1 Content Access Control Overview18416.1.1 Content Access Control WLAN Application18416.1.2 Configuration Steps18416.2 Activating CAC and Create User Groups18516.2.1 Configuring Time Schedule18616.2.2 Configuring Services18816.2.2.1 Available Services18916.2.3 Configuring Web Site Filters19116.2.4 Testing Web Site Access Privileges19716.3 User Account Setup19816.4 User Online Status20016.5 Content Access Control Logins20116.5.1 User Login20116.5.2 Administrator Login202Anti-Virus Packet Scan20417.1 Overview20417.1.1 Types of Computer Viruses20417.2 Signature-Based Virus Scan20417.2.1 Computer Virus Infection and Prevention20517.3 Introduction to the Prestige Anti-virus Packet Scan20517.3.1 How the Prestige Virus Scan Works20617.3.2 Limitations of the Prestige Packet Scan20617.4 Anti-virus Packet Scan Configuration20717.5 Registration and Online Update20817.5.1 Updating the Anti Virus Packet Scan210Introduction to IPSec21218.1 VPN Overview21218.1.1 IPSec21218.1.2 Security Association21218.1.3 Other Terminology21218.1.3.1 Encryption21218.1.3.2 Data Confidentiality21318.1.3.3 Data Integrity21318.1.3.4 Data Origin Authentication21318.1.4 VPN Applications21318.2 IPSec Architecture21318.2.1 IPSec Algorithms21418.2.2 Key Management21418.3 Encapsulation21418.3.1 Transport Mode21518.3.2 Tunnel Mode21518.4 IPSec and NAT215VPN Screens21819.1 VPN/IPSec Overview21819.2 IPSec Algorithms21819.2.1 AH (Authentication Header) Protocol21819.2.2 ESP (Encapsulating Security Payload) Protocol21819.3 My IP Address21919.4 Secure Gateway Address22019.4.1 Dynamic Secure Gateway Address22019.5 VPN Summary Screen22019.6 Keep Alive22219.7 NAT Traversal22219.7.1 NAT Traversal Configuration22319.7.2 Remote DNS Server22319.8 ID Type and Content22419.8.1 ID Type and Content Examples22519.9 Pre-Shared Key22619.10 Editing VPN Policies22619.11 IKE Phases23119.11.1 Negotiation Mode23219.11.2 Diffie-Hellman (DH) Key Groups23319.11.3 Perfect Forward Secrecy (PFS)23319.12 Configuring Advanced IKE Settings23319.13 Manual Key Setup23619.13.1 Security Parameter Index (SPI)23619.14 Configuring Manual Key23719.15 Viewing SA Monitor24019.16 Configuring Global Setting24119.17 Telecommuter VPN/IPSec Examples24219.17.1 Telecommuters Sharing One VPN Rule Example24219.17.2 Telecommuters Using Unique VPN Rules Example24319.18 VPN and Remote Management245Remote Management Configuration24620.1 Remote Management Overview24620.1.1 Remote Management Limitations24620.1.2 Remote Management and NAT24720.1.3 System Timeout24720.2 Telnet24720.3 FTP24720.4 Web24820.5 Configuring Remote Management248Universal Plug-and-Play (UPnP)25021.1 Introducing Universal Plug and Play25021.1.1 How do I know if I'm using UPnP?25021.1.2 NAT Traversal25021.1.3 Cautions with UPnP25021.2 UPnP and ZyXEL25121.2.1 Configuring UPnP25121.3 Installing UPnP in Windows Example25221.4 Using UPnP in Windows XP Example256Logs Screens26422.1 Logs Overview26422.1.1 Alerts and Logs26422.2 Configuring Log Settings26422.3 Displaying the Logs26622.4 SMTP Error Messages26722.4.1 Example E-mail Log268Media Bandwidth Management Advanced Setup27023.1 Bandwidth Management Advanced Setup Overview27023.2 Bandwidth Classes and Filters27023.3 Proportional Bandwidth Allocation27123.4 Bandwidth Management Usage Examples27123.4.1 Application-based Bandwidth Management Example27123.4.2 Subnet-based Bandwidth Management Example27123.4.3 Application and Subnet-based Bandwidth Management Example27223.5 Scheduler27223.5.1 Priority-based Scheduler27323.5.2 Fairness-based Scheduler27323.6 Maximize Bandwidth Usage27323.6.1 Reserving Bandwidth for Non-Bandwidth Class Traffic27323.6.2 Maximize Bandwidth Usage Example27423.7 Bandwidth Borrowing27523.7.1 Bandwidth Borrowing Example27523.7.2 Maximize Bandwidth Usage With Bandwidth Borrowing27723.8 Configuring Summary27723.9 Configuring Class Setup27823.9.1 Media Bandwidth Management Class Configuration27923.9.2 Media Bandwidth Management Statistics28223.10 Bandwidth Monitor283Maintenance28424.1 Maintenance Overview28424.2 System Status Screen28424.2.1 System Statistics28624.3 DHCP Table Screen28824.4 Any IP Table Screen28924.5 Wireless Screen28924.5.1 Association List28924.6 Diagnostic Screens29024.6.1 Diagnostic General Screen29024.6.2 Diagnostic DSL Line Screen29124.7 Firmware Screen293Introducing the SMT29625.1 SMT Introduction29625.1.1 Procedure for SMT Configuration via Telnet29625.1.2 Entering Password29625.1.3 Prestige SMT Menu Overview29725.2 Navigating the SMT Interface29725.2.1 System Management Terminal Interface Summary29925.3 Changing the System Password299Menu 1 General Setup30226.1 General Setup30226.2 Procedure To Configure Menu 130226.2.1 Procedure to Configure Dynamic DNS303Menu 2 WAN Backup Setup30627.1 Introduction to WAN Backup Setup30627.2 Configuring Dial Backup in Menu 230627.2.1 Traffic Redirect Setup30727.3 Configuring Dial Backup Setup30827.4 Advanced Dial Backup Setup309Menu 3 LAN Setup31228.1 LAN Setup31228.1.1 General Ethernet Setup31228.2 Protocol Dependent Ethernet Setup31328.3 CP/IP Ethernet Setup and DHCP313Wireless LAN Setup31629.1 Wireless LAN Overview31629.2 Wireless LAN Setup31629.2.1 Wireless LAN MAC Address Filter317Internet Access32030.1 Internet Access Overview32030.2 IP Policies32030.3 IP Alias32030.4 IP Alias Setup32130.5 Route IP Setup32230.6 Internet Access Configuration323Remote Node Configuration32631.1 Remote Node Setup Overview32631.2 Remote Node Setup32631.2.1 Remote Node Profile32631.2.2 Encapsulation and Multiplexing Scenarios32731.2.2.1 Scenario 1: One VC, Multiple Protocols32731.2.2.2 Scenario 2: One VC, One Protocol (IP)32731.2.2.3 Scenario 3: Multiple VCs32731.2.3 Outgoing Authentication Protocol32931.3 Remote Node Network Layer Options33031.3.1 My WAN Addr Sample IP Addresses33131.4 Remote Node Filter33231.5 Editing ATM Layer Options33331.5.1 VC-based Multiplexing (non-PPP Encapsulation)33331.5.2 LLC-based Multiplexing or PPP Encapsulation33431.5.3 Advance Setup Options334Static Route Setup33632.1 IP Static Route Overview33632.2 Configuration336Bridging Setup34033.1 Bridging in General34033.2 Bridge Ethernet Setup34033.2.1 Remote Node Bridging Setup34033.2.2 Bridge Static Route Setup342Network Address Translation (NAT)34434.1 Using NAT34434.1.1 SUA (Single User Account) Versus NAT34434.2 Applying NAT34434.3 NAT Setup34634.3.1 Address Mapping Sets34634.3.1.1 SUA Address Mapping Set34734.3.1.2 User-Defined Address Mapping Sets34834.3.1.3 Ordering Your Rules34934.4 Configuring a Server behind NAT35034.5 General NAT Examples35234.5.1 Example 1: Internet Access Only35234.5.2 Example 2: Internet Access with an Inside Server35334.5.3 Example 3: Multiple Public IP Addresses With Inside Servers35434.5.4 Example 4: NAT Unfriendly Application Programs358Enabling the Firewall36035.1 Remote Management and the Firewall36035.2 Access Methods36035.3 Enabling the Firewall360Filter Configuration36236.1 About Filtering36236.1.1 The Filter Structure of the Prestige36336.2 Configuring a Filter Set for the Prestige36436.3 Filter Rules Summary Menus36536.4 Configuring a Filter Rule36636.4.1 TCP/IP Filter Rule36736.4.2 Generic Filter Rule36936.5 Filter Types and NAT37136.6 Example Filter37136.7 Applying Filters and Factory Defaults37336.7.1 Ethernet Traffic37436.7.2 Remote Node Filters374SNMP Configuration37637.1 About SNMP37637.2 Supported MIBs37737.3 SNMP Configuration37737.4 SNMP Traps378System Security38038.1 System Security38038.1.1 System Password38038.1.2 Configuring External RADIUS Server38038.1.3 IEEE802.1x38238.2 Creating User Accounts on the Prestige384System Information and Diagnosis38639.1 Overview38639.2 System Status38639.3 System Information38839.3.1 System Information38839.3.2 Console Port Speed38939.4 Log and Trace39039.4.1 Viewing Error Log39039.4.2 Syslog and Accounting39139.5 Diagnostic393Firmware and Configuration File Maintenance39640.1 Filename Conventions39640.2 Backup Configuration39740.2.1 Backup Configuration39740.2.2 Using the FTP Command from the Command Line39840.2.3 Example of FTP Commands from the Command Line39840.2.4 GUI-based FTP Clients39940.2.5 TFTP and FTP over WAN Management Limitations39940.2.6 Backup Configuration Using TFTP40040.2.7 TFTP Command Example40040.2.8 GUI-based TFTP Clients40040.2.9 Backup Via Console Port40140.3 Restore Configuration40240.3.1 Restore Using FTP40240.3.2 Restore Using FTP Session Example40340.3.3 Restore Via Console Port40440.4 Uploading Firmware and Configuration Files40540.4.1 Firmware File Upload40540.4.2 Configuration File Upload40540.4.3 FTP File Upload Command from the DOS Prompt Example40640.4.4 FTP Session Example of Firmware File Upload40740.4.5 TFTP File Upload40740.4.6 TFTP Upload Command Example40840.4.7 Uploading Via Console Port40840.4.8 Uploading Firmware File Via Console Port40840.4.9 Example Xmodem Firmware Upload Using HyperTerminal40940.4.10 Uploading Configuration File Via Console Port40940.4.11 Example Xmodem Configuration Upload Using HyperTerminal410System Maintenance41241.1 Command Interpreter Mode41241.2 Call Control Support41341.2.1 Budget Management41341.3 Time and Date Setting41441.3.1 Resetting the Time416Remote Management41842.1 Remote Management Overview41842.2 Remote Management41842.2.1 Remote Management Setup41842.2.2 Remote Management Limitations41942.3 Remote Management and NAT42042.4 System Timeout420IP Policy Routing42243.1 IP Policy Routing Overview42243.2 Benefits of IP Policy Routing42243.3 Routing Policy42243.4 IP Routing Policy Setup42343.5 Applying an IP Policy42643.5.1 Ethernet IP Policies42643.6 IP Policy Routing Example427Call Scheduling43044.1 Introduction430VPN/IPSec Setup43445.1 VPN/IPSec Overview43445.2 IPSec Summary Screen43545.3 IPSec Setup43745.4 IKE Setup44145.5 Manual Setup44345.5.1 Active Protocol44345.5.2 Security Parameter Index (SPI)443SA Monitor44646.1 SA Monitor Overview44646.2 Using SA Monitor446Internal SPTGEN45047.1 Internal SPTGEN Overview45047.2 The Configuration Text File Format45047.2.1 Internal SPTGEN File Modification - Important Points to Remember45147.3 Internal SPTGEN FTP Download Example45147.4 Internal SPTGEN FTP Upload Example452Troubleshooting45448.1 Problems Starting Up the Prestige45448.2 Problems with the LAN LED45448.3 Problems with the DSL LED45548.4 Problems with the LAN Interface45548.5 Problems with the WAN Interface45548.6 Problems with Internet Access45648.7 Problems with the Password45648.8 Problems with the Web Configurator45748.9 Problems with Remote Management457Cable Pin Assignments458Splitters and Microfilters460Setting up Your Computer’s IP Address462IP Subnetting474PPPoE482Virtual Circuit Topology484Wireless LAN and IEEE 802.11486Wireless LAN With IEEE 802.1x490Types of EAP Authentication492Antenna Selection and Positioning Recommendation494myZyXEL.com496Windows 98/Me Requirements for Anti- Virus Packet Scan Message Display502Example Internal SPTGEN Screens506Command Interpreter528Firewall Commands530Sys Firewall Commands530NetBIOS Filter Commands532Brute-Force Password Guessing Protection536Boot Commands538Log Descriptions540Index554A554B554C555D555E556F556G557H557I557K558L558M558N559O559P559Q560R560S561T562U562V562W562X563Z563文件大小: 23.0 MB页数: 563Language: English打开用户手册