Manuals
/
Brands
/
Computer Equipment
/
Network Router
/
ZyXEL Communications
/
Computer Equipment
/
Network Router
ZyXEL Communications
662H Series, 662HW Series manual
325
1
325
563
563
Download
563 pages, 23.13 Mb
Prestige 662H/HW Series User’s Guide
325
Chapter 30 Internet Access
Contents
Page
Disclaimer
Trademarks
Notice
Certifications
Note
Safety Warnings
Page
Page
Page
Copyright
Federal Communications Commission (FCC) Interference Statement
List of Figures
List of Tables
Preface
Wizard Setup for Media Bandwidth Management
Password Setup
DMZ
Wireless LAN Setup
Page
Firewall Configuration
Content Filtering
Content Access Control
Introduction to IPSec
Remote Management Configuration
Universal Plug-and-Play(UPnP)
Maintenance
Introducing the SMT
Menu 1 General Setup
Menu 2 WAN Backup Setup
Menu 3 LAN Setup
Internet Access
Remote Node Configuration
Static Route Setup
Bridging Setup
Enabling the Firewall
SNMP Configuration
System Security
System Information and Diagnosis
Firmware and Configuration File Maintenance
Remote Management
Call Scheduling
VPN/IPSec Setup
SA Monitor
Internal SPTGEN
Troubleshooting
Appendix A
Cable Pin Assignments
Appendix D
IP Subnetting
Appendix E
Appendix F
Virtual Circuit Topology
Appendix
Appendix J
Appendix K
myZyXEL.com
Appendix L
Appendix O
Firewall Commands
Appendix P
NetBIOS Filter Commands
Appendix Q
Page
Page
Page
Page
Page
Page
Page
Page
Page
Page
Page
Page
Page
Page
About This User's Guide
Syntax Conventions
Related Documentation
User Guide Feedback
Graphics Icons Key
Introduction to ADSL
Page
1.1Introducing the Prestige
Table
High Speed Internet Access
Zero Configuration Internet Access
Any IP
Firewall
Content Filtering
Content Access Control
Anti-VirusPacket Scan
IEEE 802.11g Wireless LAN
External Antenna
Wireless LAN MAC Address Filtering
WEP Encryption
Wi-FiProtected Access
Traffic Redirect
PPPoE Support (RFC2516)
Network Address Translation (NAT)
LAN/DMZ Interface
10/100M Auto-negotiatingEthernet/Fast Ethernet Interface(s)
Auto-Crossover (MDI/MDI-X)10/100 Mbps Ethernet Interface(s)
Protocol Support
Networking Compatibility
Multiplexing
Encapsulation
Network Management
Other PPPoE Features
Diagnostics Capabilities
Housing
1.1.2.1 Internet Access
1.1.3.1 LAN to LAN Application
Page
2.1 Web Configurator Overview
2.1.2.1 Using the Reset Button
2.1.3Navigating the Prestige Web Configurator
Wizard Setup
Maintenance
Site Map
Logout
Page
Page
Page
3.1 Introduction
3.1.1.1 ENET ENCAP
3.1.1.2 PPP over Ethernet
3.1.1.3PPPoA
3.1.1.4 RFC
3.2 Internet Access Wizard Setup: First Screen
3.3 IP Address and Subnet Mask
3.3.1.1 IP Assignment with PPPoA or PPPoE Encapsulation
3.3.1.2 IP Assignment with RFC 1483 Encapsulation
3.3.1.3 IP Assignment with ENET ENCAP Encapsulation
3.3.1.4 Private IP Addresses
3.4 Internet Access Wizard Setup: Second Screen
Page
Page
Page
Page
3.4.1.1 IP Pool Setup
3.5 Internet Access Wizard Setup: Connection Test
3.5.1 Test Your Internet Connection
4.1 Introduction
4.2 Media Bandwidth Management Setup
4.3 Media Bandwidth Mgnt. Wizard Setup: Second Screen
4.4 Media Bandwidth Mgnt. Wizard Setup: Finish
5.1 Password Overview
Page
6.1 LAN Overview
6.1.1LANs, WANs and the Prestige
6.2 DNS Server Address
6.3 DNS Server Address Assignment
6.4 LAN TCP/IP
6.5 Any IP
6.5.1 How Any IP Works
6.6 Configuring LAN
6.7 Configuring Static DHCP
Static DHCP
7.1 Introduction
7.2 Configuring DMZ
Figure 23 DMZ
Table 16 DMZ
Page
Page
8.1 Introduction
8.1.3 ESS ID
8.1.4 RTS/CTS
RTS/CTS
8.2 Levels of Security
8.3 Data Encryption with WEP
8.4 Configuring Wireless LAN
Click Wireless LAN, Wireless to open the Wireless screen
8.5 Configuring MAC Filter
Page
8.6 Network Authentication
8.6.1.1 RADIUS
8.6.1.2 Types of RADIUS Messages
8.6.2 EAP Authentication Overview
8.7Introduction to WPA
8.8 WPA-PSKApplication Example
8.9 WPA with RADIUS Application Example
8.10 Security Parameters Summary
8.11 Wireless Client WPA Supplicants
8.12 Configuring 802.1x and WPA
8.12.1 Authentication Required:
Page
8.12.2 Authentication Required: WPA
WPA
8.12.3 Authentication Required: WPA-PSK
WPA-PSK
Page
8.13 Configuring Local User Authentication
8.14 Configuring RADIUS
Table 25 RADIUS
Page
9.1 WAN Overview
9.2 Metric
9.3 PPPoE Encapsulation
9.4 Traffic Shaping
9.5 Zero Configuration Internet Access
9.6Configuring WAN Setup
Page
Page
9.7 Traffic Redirect
9.8 Configuring WAN Backup
Figure 41 WAN Backup
Page
9.9 Configuring Advanced WAN Backup
Page
Page
9.10 AT Command Strings
9.11 DTR Signal
9.12 Response Strings
9.13 Configuring Advanced Modem Setup
Page
Page
Page
10.1 NAT Overview
10.1.2 What NAT Does
10.1.3 How NAT Works
10.1.4 NAT Application
10.1.5 NAT Mapping Types
10.2 SUA (Single User Account) Versus NAT
10.3SUA Server
10.4 Selecting the NAT Mode
10.5 Configuring SUA Server
Page
10.6 Configuring Address Mapping
10.7 Editing an Address Mapping Rule
Page
Page
11.1 Dynamic DNS
11.2 Configuring Dynamic DNS
Page
12.1 Configuring Time and Date
Page
13.1 Firewall Overview
13.2 Types of Firewalls
13.3 Introduction to ZyXEL’s Firewall
13.4 Denial of Service
13.4.2 Types of DoS Attacks
Ping of Death
Teardrop
SYN Flood
LAND
SYN Attack
LAND Attack
brute-force
13.4.2.1 ICMP Vulnerability
13.4.2.2 Illegal Commands (NetBIOS and SMTP)
13.4.2.3 Traceroute
13.5 Stateful Inspection
13.5.1 Stateful Inspection Process
Default Policy
13.5.2Stateful Inspection and the Prestige
13.5.3 TCP Security
13.5.4 UDP/ICMP Security
13.5.5 Upper Layer Protocols
13.6Guidelines for Enhancing Security with Your Firewall
13.7Packet Filtering Vs Firewall
13.7.1.1When To Use Filtering
13.7.2.1When To Use The Firewall
Page
14.1 Access Methods
14.2 Firewall Policies Overview
14.3 Rule Logic Overview
14.3.3.1 Action
14.3.3.2 Service
14.3.3.3 Source Address
14.3.3.4 Destination Address
14.4 Connection Direction Example
14.5 Configuring Basic Firewall Settings
Page
14.6 Rule Summary
14.6.1 Configuring Firewall Rules
Insert
Page
Page
14.7 Customized Services
14.8 Creating/Editing A Customized Service
14.9 Example Firewall Rule
Any
Destination Address
Delete
Customized Service
-Config
Add
Remove
Available Services
Rule Summary
Apply
14.10 Predefined Services
Page
14.11 Anti-Probing
14.12 Configuring Attack Alert
14.12.2.1 TCP Maximum Incomplete and Blocking Time
TCP Maximum Incomplete
Blocking Time
Page
15.1 Content Filtering Overview
15.2 Configuring Keyword Blocking
15.3 Configuring the Schedule
15.4 Configuring Trusted Computers
Page
16.1 Content Access Control Overview
16.2 Activating CAC and Create User Groups
16.2.1 Configuring Time Schedule
Time
Control Access
Control-General
Unlimited
End Time
16.2.2 Configuring Services
Services
Content Access Control: General
16.2.2.1 Available Services
Page
16.2.3 Configuring Web Site Filters
Web Browsing
Page
Page
Page
Page
Page
16.2.4 Testing Web Site Access Privileges
Diagnose
16.3 User Account Setup
Page
16.4 User Online Status
16.5 Content Access Control Logins
16.5.2 Administrator Login
Page
17.1 Overview
17.2 Signature-BasedVirus Scan
17.3Introduction to the Prestige Anti-virusPacket Scan
17.3.1 How the Prestige Virus Scan Works
17.3.2 Limitations of the Prestige Packet Scan
17.4 Anti-virusPacket Scan Configuration
17.5 Registration and Online Update
Page
17.5.1 Updating the Anti Virus Packet Scan
Page
18.1 VPN Overview
18.1.3.1 Encryption
18.1.3.2 Data Confidentiality
18.1.3.3 Data Integrity
18.1.3.4 Data Origin Authentication
18.2IPSec Architecture
18.3 Encapsulation
18.4IPSec and NAT
Page
Page
19.1 VPN/IPSec Overview
19.2 IPSec Algorithms
19.3 My IP Address
19.4 Secure Gateway Address
19.5 VPN Summary Screen
Page
19.6 Keep Alive
19.7 NAT Traversal
19.7.1 NAT Traversal Configuration
19.7.2 Remote DNS Server
19.8 ID Type and Content
19.8.1 ID Type and Content Examples
19.9 Pre-SharedKey
19.10 Editing VPN Policies
Figure 97 VPN IKE
Table 72 VPN IKE
Page
Page
19.11 IKE Phases
19.11.1Negotiation Mode
Negotiation Mode
19.12 Configuring Advanced IKE Settings
Page
Page
19.13 Manual Key Setup
19.14 Configuring Manual Key
Page
Page
19.15 Viewing SA Monitor
19.16 Configuring Global Setting
19.17 Telecommuter VPN/IPSec Examples
19.17.2 Telecommuters Using Unique VPN Rules Example
Page
19.18 VPN and Remote Management
20.1 Remote Management Overview
20.2 Telnet
20.3 FTP
20.4 Web
20.5 Configuring Remote Management
Page
21.1 Introducing Universal Plug and Play
21.2 UPnP and ZyXEL
21.3 Installing UPnP in Windows Example
Communications
Universal Plug and Play
Add/Remove Programs Properties
Installing UPnP in Windows XP
1Click Start and Control Panel
2Double-click Network Connections
Network Connections
Advanced
Page
21.4Using UPnP in Windows XP Example
Page
Page
Page
Web Configurator Easy Access
1Click Start and then Control Panel
3Select My Network Places under Other Places
Local Network
Invoke
Page
Page
22.1 Logs Overview
22.2 Configuring Log Settings
Page
22.3 Displaying the Logs
22.4 SMTP Error Messages
22.4.1 Example E-mailLog
Page
23.1 Bandwidth Management Advanced Setup Overview
23.2 Bandwidth Classes and Filters
23.3 Proportional Bandwidth Allocation
23.4 Bandwidth Management Usage Examples
23.5 Scheduler
23.6 Maximize Bandwidth Usage
23.6.2 Maximize Bandwidth Usage Example
23.7 Bandwidth Borrowing
Page
23.8Configuring Summary
23.9 Configuring Class Setup
23.9.1 Media Bandwidth Management Class Configuration
Media Bandwidth Management - Summary
Child-Class
Page
Page
23.9.2 Media Bandwidth Management Statistics
Media Bandwidth Management Statistics
Class Setup
23.10 Bandwidth Monitor
24.1 Maintenance Overview
24.2 System Status Screen
Page
24.2.1 System Statistics
Show Statistics
Poll Interval(s)
Page
24.3 DHCP Table Screen
24.4 Any IP Table Screen
24.5 Wireless Screen
24.6 Diagnostic Screens
24.6.2 Diagnostic DSL Line Screen
DSL Line
Page
24.7 Firmware Screen
Firmware Upload in Process
Back
Page
25.1 SMT Introduction
25.2 Navigating the SMT Interface
Page
25.3 Changing the System Password
New Password
Retype to confirm
Page
26.1 General Setup
26.2 Procedure To Configure Menu
26.2.1 Procedure to Configure Dynamic DNS
Edit Dynamic DNS
Menu 1.1— Configure Dynamic DNS
Page
Page
27.1 Introduction to WAN Backup Setup
27.2 Configuring Dial Backup in Menu
27.2.1 Traffic Redirect Setup
Menu 2.1 — Traffic Redirect Setup
27.3Configuring Dial Backup Setup
27.4 Advanced Dial Backup Setup
Page
Page
28.1 LAN Setup
28.3CP/IP Ethernet Setup and DHCP
Page
Page
29.1 Wireless LAN Overview
29.2 Wireless LAN Setup
29.2.1 Wireless LAN MAC Address Filter
Page
Page
30.1 Internet Access Overview
30.2 IP Policies
30.3 IP Alias
30.4 IP Alias Setup
30.5 Route IP Setup
30.6 Internet Access Configuration
Page
Page
31.1 Remote Node Setup Overview
31.2.1Remote Node Profile
31.2.2.1 Scenario 1: One VC, Multiple Protocols
31.2.2.2 Scenario 2: One VC, One Protocol (IP)
31.2.2.3 Scenario 3: Multiple VCs
Menu 11.1 – Remote Node Profile
31.2.3 Outgoing Authentication Protocol
31.3 Remote Node Network Layer Options
31.3.1 My WAN Addr Sample IP Addresses
My WAN Addr
Rem IP Addr
31.4 Remote Node Filter
31.5 Editing ATM Layer Options
31.5.2 LLC-basedMultiplexing or PPP Encapsulation
31.5.3 Advance Setup Options
PPPoE
Edit Advance Options
Menu 11.8 – Advance Setup Options
32.1 IP Static Route Overview
32.2 Configuration
Page
Page
Page
33.1 Bridging in General
33.2.1Remote Node Bridging Setup
Edit IP/Bridge
Yes and press [ENTER] to edit Menu 11.3 – Remote Node Network Layer Options
33.2.2 Bridge Static Route Setup
Edit Bridge Static Route
Page
34.1 Using NAT
34.2Applying NAT
Page
34.3 NAT Setup
34.3.1Address Mapping Sets
34.3.1.1SUA Address Mapping Set
34.3.1.2 User-DefinedAddress Mapping Sets
34.3.1.3 Ordering Your Rules
34.4 Configuring a Server behind NAT
3Enter 1 to go to Menu 15.2.1 NAT Server Setup as follows
Start Port No
End Port No
34.5 General NAT Examples
Network Address Translation
Many-to-One
34.5.2Example 2: Internet Access with an Inside Server
34.5.3 Example 3: Multiple Public IP Addresses With Inside Servers
1 :
Many :
Menu 15.1 - Address Mapping Sets
Edit Action
Start IP
Page
2Enter 2 in Menu 15 - NAT Setup
34.5.4 Example 4: NAT Unfriendly Application Programs
No Overload
One-to-One
Page
35.1 Remote Management and the Firewall
35.2Access Methods
Page
36.1 About Filtering
Execute
36.1.1 The Filter Structure of the Prestige
36.2 Configuring a Filter Set for the Prestige
36.3 Filter Rules Summary Menus
36.4 Configuring a Filter Rule
36.4.1 TCP/IP Filter Rule
Menu 21.1.x.1 – TCP/IP Filter Rule
Page
36.4.2 Generic Filter Rule
Offset
Length
Mask
Value
Generic Filter Rule
Menu 21.1.5.1 – Generic Filter Rule
Generic Filter Rule
36.5 Filter Types and NAT
36.6 Example Filter
1Enter 1 in the menu 21 to display Menu 21.1 — Filter Set Configuration
Menu 21.1.6 — Filter Rules Summary
36.7 Applying Filters and Factory Defaults
36.7.1 Ethernet Traffic
protocol filters
Input Filter Sets
36.7.2 Remote Node Filters
Call Filter Sets
Page
37.1 About SNMP
37.2Supported MIBs
37.3 SNMP Configuration
37.4 SNMP Traps
Page
38.1 System Security
Page
38.1.3 IEEE802.1x
Menu23 – System Security
2Enter 4 to display Menu 23.4 – System Security – IEEE802.1x
Page
38.2 Creating User Accounts on the Prestige
Page
39.1 Overview
39.2 System Status
Menu 24 — System Maintenance
System Status
Menu 24.1 — System Maintenance — Status
Menu 24.1 — System Maintenance — Status
39.3 System Information
39.3.2 Console Port Speed
Menu 24.2.2 – System Maintenance – Console Port Speed
39.4 Log and Trace
39.4.2 Syslog and Accounting
Menu 24.3.2 — System Maintenance — UNIX Syslog
Page
39.5 Diagnostic
Page
Page
40.1 Filename Conventions
40.2 Backup Configuration
40.2.2 Using the FTP Command from the Command Line
40.2.3Example of FTP Commands from the Command Line
40.2.4 GUI-basedFTP Clients
40.2.5 TFTP and FTP over WAN Management Limitations
40.2.6 Backup Configuration Using TFTP
40.2.7 TFTP Command Example
40.2.8 GUI-basedTFTP Clients
40.2.9 Backup Via Console Port
Transfer
Receive File
40.3Restore Configuration
40.3.2Restore Using FTP Session Example
40.3.3 Restore Via Console Port
Send File
40.4 Uploading Firmware and Configuration Files
40.4.3 FTP File Upload Command from the DOS Prompt Example
40.4.4 FTP Session Example of Firmware File Upload
40.4.5 TFTP File Upload
40.4.6 TFTP Upload Command Example
40.4.7 Uploading Via Console Port
40.4.8Uploading Firmware File Via Console Port
40.4.9 Example Xmodem Firmware Upload Using HyperTerminal
40.4.10Uploading Configuration File Via Console Port
40.4.11Example Xmodem Configuration Upload Using HyperTerminal
Page
41.1 Command Interpreter Mode
41.2 Call Control Support
41.3 Time and Date Setting
Page
41.3.1Resetting the Time
Page
42.1 Remote Management Overview
42.2 Remote Management
42.2.2 Remote Management Limitations
42.3 Remote Management and NAT
42.4System Timeout
Page
43.1 IP Policy Routing Overview
43.2 Benefits of IP Policy Routing
43.3 Routing Policy
43.4 IP Routing Policy Setup
Menu 25.1.1 – IP Routing Policy
Page
43.5 Applying an IP Policy
43.6 IP Policy Routing Example
Menu 25.1.1 — IP Routing Policy
Menu 25.1 — IP Routing Policy Setup
Page
44.1 Introduction
Menu 26.1 — Schedule Set Setup
Duration
Main Menu
PPPoA
Page
45.1 VPN/IPSec Overview
45.2 IPSec Summary Screen
Page
45.3 IPSec Setup
Page
Page
Page
45.4 IKE Setup
Page
45.5 Manual Setup
Page
Page
46.1 SA Monitor Overview
46.2 Using SA Monitor
Page
Page
Page
47.1 Internal SPTGEN Overview
47.2 The Configuration Text File Format
47.3 Internal SPTGEN FTP Download Example
47.4 Internal SPTGEN FTP Upload Example
Page
48.1 Problems Starting Up the Prestige
48.2 Problems with the LAN LED
48.3 Problems with the DSL LED
48.4 Problems with the LAN Interface
48.5 Problems with the WAN Interface
48.6 Problems with Internet Access
48.7 Problems with the Password
48.8 Problems with the Web Configurator
48.9 Problems with Remote Management
Page
Page
Connecting a POTS Splitter
Telephone Microfilters
Prestige With ISDN
Windows 95/98/Me
Installing Components
Adapter
Protocol
Microsoft
manufacturers
Configuring
Obtain an IP address automatically
Specify an IP address
Subnet Mask
Disable DNS
Windows 2000/NT/XP
Network and
Dial-up
Connections
3Right-click Local Area Connection and then click Properties
Internet Protocol (TCP/IP)
Use the following IP Address
Subnet mask
Default gateway
IP Settin
IP Settings
Macintosh OS 8/9
2Select Ethernet built-in from the Connect via list
Using DHCP Server
Configure:
Macintosh OS
Apply Now
Page
IP Addressing
IP Classes
Subnet Masks
Subnetting
Example: Two Subnets
Page
Example: Four Subnets
Example Eight Subnets
Subnetting With Class A and Class B Networks
Page
PPPoE in Action
Benefits of PPPoE
Traditional Dial-upScenario
How PPPoE Works
Prestige as a PPPoE Client
Page
Page
Benefits of a Wireless LAN
IEEE
Ad-hocWireless LAN Configuration
Infrastructure Wireless LAN Configuration
Page
Page
Security Flaws with IEEE
Deployment Issues with IEEE
Advantages of the IEEE
RADIUS Server Authentication Sequence
EAP-MD5 (Message-DigestAlgorithm 5)
EAP-TLS(Transport Layer Security)
EAP-TTLS(Tunneled Transport Layer Service)
PEAP (Protected EAP)
LEAP
Antenna Characteristics
Types of Antennas For WLAN
Connector Type
myZyXEL.com Account Login
Registering Your ZyXEL Device
Add New Product
Serial Number
Category
Model
Authentication Code
Continue
Activating a Service
Page
WinPopup
2Click the Start Menu Programs tab and click Advanced
Programs
StartUp
New
Shortcut
Create Shortcut
Finish
Page
Page
Page
Page
Page
Page
Page
Page
Page
Page
Page
Page
Page
Page
Page
Page
Page
Page
Page
Page
Page
Command Examples
Page
Command Syntax
Command Usage
Page
Sys Firewall Commands
Page
Display NetBIOS Filter Settings
NetBIOS Filter Configuration
Page
Page
Example
Page
Firmware and Configuration File Maintenance
Page
Page
Page
Table 35 ICMP Logs
Table 36 CDR Logs
Table 37 PPP Logs
Table 38 UPnP Logs
Page
Table 42 IKE Logs
Page
Page
Page
Page
Page
Log Commands
Log Command Example
