NBG-417N Wireless N-lite Home Router Default Login Details IP Address http://192.168.1.1 Password 1234 Firmware Version 1.0 Edition 2, 4/2009 www.zyxel.com www.zyxel.
About This User's Guide About This User's Guide Intended Audience This manual is intended for people who want to configure the NBG-417N using the Web Configurator. You should have at least a basic knowledge of TCP/IP networking concepts and topology. Tips for Reading User’s Guides On-Screen When reading a ZyXEL User’s Guide On-Screen, keep the following in mind: • If you don’t already have the latest version of Adobe Reader, you can download it from http://www.adobe.com.
About This User's Guide Documentation Feedback Send your comments, questions or suggestions to: techwriters@zyxel.com.tw Thank you! The Technical Writing Team, ZyXEL Communications Corp., 6 Innovation Road II, Science-Based Industrial Park, Hsinchu, 30099, Taiwan. Need More Help? More help is available at www.zyxel.com. • Download Library Search for the latest product updates and documentation from this link.
About This User's Guide Customer Support Should problems arise that cannot be solved by the methods listed above, you should contact your vendor. If you cannot contact your vendor, then contact a ZyXEL office for the region in which you bought the device. See http://www.zyxel.com/web/contact_us.php for contact information. Please have the following information ready when you contact an office. • Product model and serial number. • Warranty Information. • Date that you received your device.
Document Conventions Document Conventions Warnings and Notes These are how warnings and notes are shown in this User’s Guide. Warnings tell you about things that could harm you or your device. Note: Notes tell you other important information (for example, other things you may need to configure or helpful tips) or recommendations. Syntax Conventions • The NBG-417N may be referred to as the “NBG-417N”, the “device”, the “product” or the “system” in this User’s Guide.
Document Conventions Icons Used in Figures Figures in this User’s Guide may use the following generic icons. The NBG-417N icon is not an exact representation of your device.
Safety Warnings Safety Warnings • Do NOT use this product near water, for example, in a wet basement or near a swimming pool. • Do NOT expose your device to dampness, dust or corrosive liquids. • Do NOT store things on the device. • Do NOT install, use, or service this device during a thunderstorm. There is a remote risk of electric shock from lightning. • Connect ONLY suitable accessories to the device. • Do NOT open the device or unit.
Contents Overview Contents Overview Introduction ............................................................................................................................ 19 Getting to Know Your NBG-417N .............................................................................................. 21 The WPS Button ........................................................................................................................ 25 Introducing the Web Configurator ..................................
Contents Overview 10 NBG-417N User’s Guide
Table of Contents Table of Contents About This User's Guide .......................................................................................................... 3 Document Conventions............................................................................................................ 6 Safety Warnings........................................................................................................................ 8 Contents Overview .......................................................
Table of Contents 4.1 Wizard Setup ....................................................................................................................... 39 4.2 Connection Wizard: STEP 1: System Information ............................................................... 40 4.2.1 System Name ............................................................................................................. 40 4.2.2 Domain Name ........................................................................................
Table of Contents Part II: Network....................................................................................... 73 Chapter 7 Wireless LAN........................................................................................................................... 75 7.1 Overview .............................................................................................................................. 75 7.2 What You Can Do In the Wireless LAN Screen ...............................................
Table of Contents Chapter 10 DHCP Server.......................................................................................................................... 111 10.1 Overview ...........................................................................................................................111 10.2 What You Can Do in the DHCP Server Screens ..............................................................111 10.3 What You Need To Know About the DHCP Server Screens ................................
Table of Contents 13.3.1 What is a Firewall? ................................................................................................. 134 13.3.2 Stateful Inspection Firewall .................................................................................... 134 13.3.3 About the NBG-417N Firewall ................................................................................ 134 13.3.4 Guidelines For Enhancing Security With Your Firewall .......................................... 135 13.
Table of Contents 17.2 What You Can Do in the Remote Management Screens ................................................ 159 17.3 What You Need To Know About Remote Management ................................................... 159 17.3.1 Remote Management Limitations .......................................................................... 160 17.3.2 Remote Management and NAT .............................................................................. 160 17.3.3 System Timeout ..........................
Table of Contents 21.5 Restart Screen ................................................................................................................. 190 Chapter 22 Sys OP Mode ......................................................................................................................... 191 22.1 Overview .......................................................................................................................... 191 22.2 What You Can Do in the Sys OP Mode Screen ..................
Table of Contents 18 NBG-417N User’s Guide
P ART I Introduction Getting to Know Your NBG-417N (21) The WPS Button (25) Introducing the Web Configurator (27) Connection Wizard (39) AP Mode (53) Tutorials (61) 19
CHAPTER 1 Getting to Know Your NBG-417N 1.1 Overview This chapter introduces the main features and applications of the NBG-417N. The NBG-417N extends the range of your existing wired network without additional wiring, providing easy network access to mobile users. You can set up a wireless network with other IEEE 802.11b/g/n compatible devices. A range of services such as a firewall and content filtering are also available for secure Internet computing. 1.
Chapter 1 Getting to Know Your NBG-417N 1.3 Ways to Manage the NBG-417N Use any of the following methods to manage the NBG-417N. • WPS (Wi-Fi Protected Setup). You can use the WPS button or the WPS section of the Web Configurator to set up a wireless network with your ZyXEL Device. • Web Configurator. This is recommended for everyday management of the NBG417N using a (supported) web browser. 1.
Chapter 1 Getting to Know Your NBG-417N The following table describes the LEDs and the WPS button. Table 1 Front Panel LEDs and WPS Button LED COLOR STATUS DESCRIPTION POWER Green On The NBG-417N is receiving power and functioning properly. Off The NBG-417N is not receiving power. On The NBG-417N is ready, but is not sending/ receiving data through the wireless LAN. Blinking The NBG-417N is sending/receiving data through the wireless LAN.
Chapter 1 Getting to Know Your NBG-417N 24 NBG-417N User’s Guide
CHAPTER 2 The WPS Button 2.1 Overview Your NBG-417N supports WiFi Protected Setup (WPS), which is an easy way to set up a secure wireless network. WPS is an industry standard specification, defined by the WiFi Alliance. WPS allows you to quickly set up a wireless network with strong security, without having to configure security settings manually. Each WPS connection works between two devices. Both devices must support WPS (check each device’s documentation to make sure).
Chapter 2 The WPS Button 26 NBG-417N User’s Guide
CHAPTER 3 Introducing the Web Configurator This chapter describes how to access the NBG-417N Web Configurator and provides an overview of its screens. 3.1 Web Configurator Overview The Web Configurator is an HTML-based management interface that allows easy setup and management of the NBG-417N via Internet browser. Use Internet Explorer 6.0 and later or Netscape Navigator 7.0 and later versions or Safari 2.0 or later versions. The recommended screen resolution is 1024 by 768 pixels.
Chapter 3 Introducing the Web Configurator Your computer must be in the same subnet in order to access this website address. 4 Type "1234" (default) as the password and click Login. In some versions, the default password appears automatically - if this is the case, click Login. 5 You should see a screen asking you to change your password (highly recommended) as shown next. Type a new password (and retype it to confirm) and click Apply or click Ignore.
Chapter 3 Introducing the Web Configurator • Select a language to go to the basic Web Configurator in that language. To change to the advanced configurator see Chapter 23 on page 195. Figure 4 Selecting the setup mode 3.3 Resetting the NBG-417N If you forget your password or IP address, or you cannot access the Web Configurator, you will need to use the RESET button at the back of the NBG-417N to reload the factory-default configuration file.
Chapter 3 Introducing the Web Configurator 3.5 The Status Screen in Router Mode Click on Status. The screen below shows the status screen in Router Mode. (For information on the status screen in AP Mode see Chapter 5 on page 54.) Figure 5 Web Configurator Status Screen The following table describes the icons shown in the Status screen. Table 2 Status Screen Icon Key ICON DESCRIPTION Click this icon to open the setup wizard. Click this icon to view copyright and a link for related product information.
Chapter 3 Introducing the Web Configurator The following table describes the labels shown in the Status screen. Table 3 Web Configurator Status Screen LABEL DESCRIPTION Device Information System Name This is the System Name you enter in the Maintenance > System > General screen. It is for identification purposes. Firmware Version This is the firmware version and the date created. WAN Information - MAC Address This shows the WAN Ethernet adapter MAC Address of your device.
Chapter 3 Introducing the Web Configurator Table 3 Web Configurator Status Screen (continued) LABEL DESCRIPTION - Firewall This shows whether the firewall is active or not. - UPnP This shows whether UPnP is active or not. Interface Status Interface This displays the NBG-417N port types. The port types are: WAN, LAN and WLAN. Status For the LAN and WAN ports, this field displays Down (line is down) or Up (line is up or connected).
Chapter 3 Introducing the Web Configurator Table 4 Screens Summary LINK TAB FUNCTION General Use this screen to configure wireless LAN. MAC Filter Use the MAC filter screen to configure the NBG-417N to block access to devices or block the devices from accessing the NBG-417N. Advanced This screen allows you to configure advanced wireless settings. QoS Use this screen to configure Wi-Fi Multimedia Quality of Service (WMM QoS).
Chapter 3 Introducing the Web Configurator Table 4 Screens Summary LINK TAB FUNCTION Remote MGMT WWW Use this screen to configure through which interface(s) and from which IP address(es) users can use HTTP to manage the NBG-417N. UPnP General Use this screen to enable UPnP on the NBG-417N. General Use this screen to view and change administrative settings such as system and domain names, password and inactivity timer. Time Setting Use this screen to change your NBG-417N’s time and date.
Chapter 3 Introducing the Web Configurator The following table describes the labels in this screen. Table 5 Summary: DHCP Table LABEL DESCRIPTION # This is the index number of the host computer. IP Address This field displays the IP address relative to the # field listed above. Host Name This field displays the computer host name. MAC Address This field shows the MAC address of the computer with the name in the Host Name field.
Chapter 3 Introducing the Web Configurator The following table describes the labels in this screen. Table 6 Summary: Packet Statistics LABEL DESCRIPTION Port This is the NBG-417N’s port type. Status For the LAN ports, this displays the port speed and duplex setting or Down when the line is disconnected.
Chapter 3 Introducing the Web Configurator The following table describes the labels in this screen. Table 7 Summary: Wireless Association List LABEL DESCRIPTION # This is the index number of an associated wireless station. MAC Address This field displays the MAC address of an associated wireless station. Association Time This field displays the time a wireless station first associated with the NBG-417N’s WLAN network. Refresh Click Refresh to reload the list.
Chapter 3 Introducing the Web Configurator 38 NBG-417N User’s Guide
CHAPTER 4 Connection Wizard This chapter provides information on the wizard setup screens in the Web Configurator. 4.1 Wizard Setup The Web Configurator’s wizard setup helps you configure your device to access the Internet. Refer to your ISP (Internet Service Provider) checklist in the Quick Start Guide to know what to enter in each field. Leave a field blank if you don’t have that information. 1 After you access the NBG-417N Web Configurator, click the Go to Wizard setup hyperlink.
Chapter 4 Connection Wizard 2 Choose a language by clicking on the language’s button. The screen will update. Click the Next button to proceed to the next screen. Figure 10 Select a Language 3 Read the on-screen information and click Next. Figure 11 Welcome to the Connection Wizard 4.2 Connection Wizard: STEP 1: System Information System Information contains administrative and system-related information. 4.2.1 System Name System Name is for identification purposes.
Chapter 4 Connection Wizard • In Windows XP, click Start, My Computer, View system information and then click the Computer Name tab. Note the entry in the Full computer name field and enter it as the NBG-417N System Name. 4.2.2 Domain Name The Domain Name entry is what is propagated to the DHCP clients on the LAN. If you leave this blank, the domain name obtained by DHCP from the ISP is used.
Chapter 4 Connection Wizard 4.3 Connection Wizard: STEP 2: Wireless LAN Set up your wireless LAN using the following screen. Figure 13 Wizard Step 2: Wireless LAN The following table describes the labels in this screen. Table 9 Wizard Step 2: Wireless LAN LABEL DESCRIPTION Name (SSID) Enter a descriptive name (up to 32 printable 7-bit ASCII characters) for the wireless LAN. If you change this field on the NBG-417N, make sure all wireless stations use the same SSID in order to access the network.
Chapter 4 Connection Wizard Note: The wireless stations and NBG-417N must use the same SSID, channel ID, WPA-PSK (if WPA-PSK is enabled) or WPA2-PSK (if WPA2-PSK is enabled) for wireless communication. 4.3.1 Extend (WPA-PSK or WPA2-PSK) Security Choose Extend (WPA-PSK) or Extend (WPA2-PSK) security in the Wireless LAN setup screen to set up a Pre-Shared Key. Figure 14 Wizard Step 2: Extend (WPA-PSK or WPA2-PSK) Security The following table describes the labels in this screen.
Chapter 4 Connection Wizard This wizard screen varies according to the connection type that you select. Figure 15 Wizard Step 3: ISP Parameters. The following table describes the labels in this screen, Table 11 Wizard Step 3: ISP Parameters CONNECTION TYPE DESCRIPTION Ethernet Select the Ethernet option when the WAN port is used as a regular Ethernet. PPPoE Select the PPP over Ethernet option for a dial-up connection. If your ISP gave you an IP address and/or subnet mask, then select PPTP.
Chapter 4 Connection Wizard personal computer interacts with a broadband modem (for example DSL, cable, wireless, etc.) to achieve access to high-speed data networks. For the service provider, PPPoE offers an access and authentication method that works with existing access control systems (for instance, RADIUS). One of the benefits of PPPoE is the ability to let end users access one of multiple network services, a function known as dynamic service selection.
Chapter 4 Connection Wizard 4.4.3 PPTP Connection Point-to-Point Tunneling Protocol (PPTP) is a network protocol that enables transfers of data from a remote client to a private server, creating a Virtual Private Network (VPN) using TCP/IP-based networks. PPTP supports on-demand, multi-protocol, and virtual private networking over public networks, such as the Internet. Refer to the appendix for more information on PPTP. Note: The NBG-417N supports one PPTP server connection at any given time.
Chapter 4 Connection Wizard Table 13 Wizard Step 3: PPTP Connection LABEL DESCRIPTION Connection ID/ Name Enter the connection ID or connection name in this field. It must follow the "c:id" and "n:name" format. For example, C:12 or N:My ISP. This field is optional and depends on the requirements of your ISP. Get automatically from ISP Select this radio button if your ISP did not assign you a fixed IP address.
Chapter 4 Connection Wizard 4.4.5 WAN IP Address Assignment Every computer on the Internet must have a unique IP address. If your networks are isolated from the Internet, for instance, only between your two branch offices, you can assign any IP addresses to the hosts without problems. However, the Internet Assigned Numbers Authority (IANA) has reserved the following three blocks of IP addresses specifically for private networks. Table 15 Private IP Address Ranges 10.0.0.0 - 10.255.255.255 172.16.0.
Chapter 4 Connection Wizard Once you have decided on the network number, pick an IP address that is easy to remember, for instance, 192.168.1.1, for your NBG-417N, but make sure that no other device on your network is using that IP address. The subnet mask specifies the network number portion of an IP address. Your NBG-417N will compute the subnet mask automatically based on the IP address that you entered.
Chapter 4 Connection Wizard 4.4.8 WAN IP and DNS Server Address Assignment The following wizard screen allows you to assign a fixed WAN IP address and DNS server addresses. Figure 20 Wizard Step 3: WAN IP and DNS Server Addresses The following table describes the labels in this screen Table 16 Wizard Step 3: WAN IP and DNS Server Addresses LABEL DESCRIPTION WAN IP Address Assignment My WAN IP Address Enter your WAN IP address in this field.
Chapter 4 Connection Wizard 4.4.9 WAN MAC Address Every Ethernet device has a unique MAC (Media Access Control) address. The MAC address is assigned at the factory and consists of six pairs of hexadecimal characters, for example, 00:A0:C5:00:00:02. Table 17 Example of Network Properties for LAN Servers with Fixed IP Addresses Choose an IP address 192.168.1.2-192.168.1.32; 192.168.1.65-192.168.1.254. Subnet mask 255.255.255.0 Gateway (or default route) 192.168.1.
Chapter 4 Connection Wizard 4.5 Connection Wizard Complete Click Finish to complete the wizard setup. Figure 22 Connection Wizard Complete Well done! You have successfully set up your NBG-417N to operate on your network and access the Internet.
CHAPTER 5 AP Mode This chapter discusses how to configure settings while your NBG-417N is set to AP Mode. Many screens that are available in Router Mode are not available in AP Mode. Note: See Chapter 6 on page 61 for an example of setting up a wireless network in AP mode. 5.1 AP Mode Overview Use your NBG-417N as an AP if you already have a router or gateway on your network. In this mode your device bridges a wired network (LAN) and wireless LAN (WLAN) in the same subnet.
Chapter 5 AP Mode 2 To set your NBG-417N to AP Mode, go to Maintenance > Sys OP Mode > General and select Access Point. Figure 24 Maintenance > Sys OP Mode > General 3 A pop-up appears providing information on this mode. Click OK in the pop-up message window. (See Section 22.4 on page 193 for more information on the pop-up.) Click Apply. Your NBG-417N is now in AP Mode. Note: You have to log in to the Web Configurator again when you change modes. 5.3 The Status Screen in AP Mode Click on Status.
Chapter 5 AP Mode The following table describes the labels shown in the Status screen. Table 19 Web Configurator Status Screen LABEL DESCRIPTION Device Information System Name This is the System Name you enter in the Maintenance > System > General screen. It is for identification purposes. Firmware Version This is the firmware version and the date created. LAN Information - MAC Address This shows the LAN Ethernet adapter MAC Address of your device.
Chapter 5 AP Mode Table 19 Web Configurator Status Screen (continued) LABEL DESCRIPTION Rate For the LAN ports, this displays the port speed and duplex setting or N/A when the line is disconnected. For the WLAN, it displays the maximum transmission rate when the WLAN is enabled and N/A when the WLAN is disabled. Summary Packet Statistics Use this screen to view port status and packet specific statistics.
Chapter 5 AP Mode Table 20 Screens Summary LINK TAB FUNCTION General Use this screen to configure wireless LAN. MAC Filter Use the MAC filter screen to configure the NBG-417N to block access to devices or block the devices from accessing the NBG-417N. Advanced This screen allows you to configure advanced wireless settings. QoS Use this screen to configure Wi-Fi Multimedia Quality of Service (WMM QoS).
Chapter 5 AP Mode Note: If you change the IP address of the NBG-417N in the screen below, you will need to log into the NBG-417N again using the new IP address. Figure 27 Network > LAN > IP The table below describes the labels in the screen. Table 21 Network > LAN > IP LABEL DESCRIPTION Get from DHCP Server Select this to let the DHCP server in the gateway assign the NBG-417N IP address. User Defined LAN IP Select this to give the NBG-417N a static IP address.
Chapter 5 AP Mode 5.5 Logging in to the Web Configurator in AP Mode 1 Connect your computer to the LAN port of the NBG-417N. 2 The default IP address of the NBG-417N is “192.168.1.2”. In this case, your computer must have an IP address in the range between “192.168.1.3” and “192.168.1.254”. 3 Click Start > Run on your computer in Windows. 4 Type “cmd” in the dialog box. 5 Type “ipconfig” to show your computer’s IP address.
Chapter 5 AP Mode 60 NBG-417N User’s Guide
CHAPTER 6 Tutorials This chapter provides tutorials on wireless configurations your NBG-417N. 6.1 How to Connect to the Internet from an AP This section gives you an example of how to set up an access point (AP) and wireless client (a notebook (B), in this example) for wireless communication. B can access the Internet through the AP wirelessly. Figure 28 Wireless AP Connection to the Internet Internet B AP 6.
Chapter 6 Tutorials • PIN Configuration - create a secure wireless network simply by entering a wireless client's PIN (Personal Identification Number) in the NBG-417N’s interface. See Section 6.2.2 on page 63. This is the more secure method, since one device can authenticate the other. 6.2.1 Push Button Configuration (PBC) 1 Make sure that your NBG-417N is turned on and that it is within range of your computer.
Chapter 6 Tutorials The following figure shows you an example to set up wireless network and security by pressing a button on both NBG-417N and wireless client (the NWD210N in this example). Figure 29 Example WPS Process: PBC Method NBG-417N Wireless Client WITHIN 2 MINUTES SECURITY INFO COMMUNICATION 6.2.2 PIN Configuration When you use the PIN configuration method, you need to use both NBG-417N’s configuration interface and the client’s utilities.
Chapter 6 Tutorials The following figure shows you the example to set up wireless network and security on NBG-417N and wireless client (ex. NWD210N in this example) by using PIN method.
Chapter 6 Tutorials 6.3 Enable and Configure Wireless Security without WPS on your NBG-417N This example shows you how to configure wireless security settings with the following parameters on your NBG-417N. SSID SSID_Example3 Channel 6 Security WPA-PSK (Pre-Shared Key: ThisismyWPA-PSKpre-sharedkey) Follow the steps below to configure the wireless settings on your NBG-417N.
Chapter 6 Tutorials 5 Open the Status screen. Verify your wireless and wireless security settings under Device Information and check if the WLAN connection is up under Interface Status. Figure 32 Tutorial: Status Screen 6.3.1 Configure Your Notebook Note: We use the ZyXEL M-302 wireless adapter utility screens as an example for the wireless client. The screens may vary for different models. 66 1 The NBG-417N supports IEEE 802.11b, IEEE 802.11g and IEEE 802.11n wireless clients.
Chapter 6 Tutorials 4 Select SSID_Example3 and click Connect. Figure 33 Connecting a Wireless Client to a Wireless Network t 5 Select WPA-PSK and type the security key in the following screen. Click Next. Figure 34 Security Settings 6 The Confirm Save window appears. Check your settings and click Save to continue.
Chapter 6 Tutorials 7 Check the status of your wireless connection in the screen below. If your wireless connection is weak or you have no connection, see the Troubleshooting section of this User’s Guide. Figure 36 Link Status If your connection is successful, open your Internet browser and enter http:// www.zyxel.com or the URL of any other web site in the address bar. If you are able to access the web site, your wireless connection is successfully configured. 6.
Chapter 6 Tutorials In the following screen, you set the priorities for VoIP and e-mail. Figure 37 Tutorial: Priority Queue Click Enable for the VoIP (SIP) service and set priority to High. Do the same for E-mail. For the rest of the applications, click Enable if you need these services and set the priority to Low. Note: You can also leave the Enable field blank for the rest of the applications. In doing so, the NBG-417N does not apply bandwidth management to these services. 6.4.
Chapter 6 Tutorials To add the MSN Messenger service in the Priority Queue: 1 Click Enable in one of the fields for additional services. 2 Add MSN as the service name. 3 Set the priority for this to High. 4 For the port, choose TCP from the drop-down menu and enter 1863 in the Specific Port field. Your priority table should now have the VoIP, e-mail and MSN Messenger services priorities set to High. 6.4.
Chapter 6 Tutorials Enter the following values for each service you want to add. For this tutorial, you need to add each of the following service (see table below) and click Apply. Table 22 FIELDS SERVICES REAL AUDIO RTSP VDO LIVE FTP Active Check this to turn on this bandwidth management rule. Direction Select Both applies bandwidth management to traffic that the NBG-417N forwards to both the LAN and the WAN. Select To WAN LAN IP Range Enter 192.168.1.1 ~ 192.168.1.33. Enter 192.168.1.
Chapter 6 Tutorials 72 NBG-417N User’s Guide
P ART II Network Wireless LAN (75) WAN (95) LAN (107) DHCP Server (111) Network Address Translation (NAT) (117) Dynamic DNS (127) 73
CHAPTER 7 Wireless LAN 7.1 Overview This chapter discusses how to configure the wireless network settings in your NBG-417N. See the appendices for more detailed information about wireless networks. The following figure provides an example of a wireless network. Figure 41 Example of a Wireless Network AP The wireless network is the part in the blue circle. In this wireless network, devices A and B are called wireless clients.
Chapter 7 Wireless LAN 7.2 What You Can Do In the Wireless LAN Screen • Use the General screen (Section 7.4 on page 79) to enable the Wireless LAN, enter the SSID and select the wireless security mode. • Use the MAC Filter screen (Section 7.5 on page 84) to allow or deny wireless stations based on their MAC addresses from connecting to the NBG-417N. • Use the Advanced screen (Section 7.6 on page 86) to allow intra-BSS networking and set the RTS/CTS Threshold. • Use the QoS screen (Section 7.
Chapter 7 Wireless LAN In addition, you should change the default SSID to something that is difficult to guess. This type of security is fairly weak, however, because there are ways for unauthorized devices to get the SSID. In addition, unauthorized devices can still see the information that is sent in the wireless network. 7.3.1.2 MAC Address Filter Every wireless client has a unique identification number, called a MAC address.
Chapter 7 Wireless LAN Local user databases also have an additional limitation that is explained in the next section. 7.3.1.4 Encryption Wireless networks can use encryption to protect the information that is sent in the wireless network. Encryption is like a secret code. If you do not know the secret code, you cannot understand the message. The types of encryption you can choose depend on the type of user authentication. (See Section 7.3.1.3 on page 77 for information about this.
Chapter 7 Wireless LAN Many types of encryption use a key to protect the information in the wireless network. The longer the key, the stronger the encryption. Every wireless client in the wireless network must have the same key. 7.3.1.5 WPS WiFi Protected Setup (WPS) is an industry standard specification, defined by the WiFi Alliance. WPS allows you to quickly set up a wireless network with strong security, without having to configure security settings manually.
Chapter 7 Wireless LAN The following table describes the general wireless LAN labels in this screen. Table 24 Network > Wireless LAN > General LABEL DESCRIPTION Enable Wireless LAN Click the check box to activate wireless LAN. Name(SSID) (Service Set IDentity) The SSID identifies the Service Set with which a wireless station is associated. Wireless stations associating to the access point (AP) must have the same SSID.
Chapter 7 Wireless LAN Note: If you do not enable any wireless security on your NBG-417N, your network is accessible to any wireless networking device that is within range. Figure 43 Network > Wireless LAN > General: No Security The following table describes the labels in this screen. Table 25 Wireless No Security LABEL DESCRIPTION Security Mode Choose No Security from the drop-down list box. Apply Click Apply to save your changes back to the NBG-417N.
Chapter 7 Wireless LAN In order to configure and enable WEP encryption; click Network > Wireless LAN to display the General screen. Select Static WEP from the Security Mode list. Figure 44 Network > Wireless LAN > General: Static WEP The following table describes the wireless LAN security labels in this screen. Table 26 Network > Wireless LAN > General: Static WEP LABEL DESCRIPTION WEP Encryption Select 64-bit WEP or 128-bit WEP to enable data encryption.
Chapter 7 Wireless LAN Table 26 Network > Wireless LAN > General: Static WEP LABEL DESCRIPTION Hex Select this option in order to enter hexadecimal characters as a WEP key. The preceding "0x", that identifies a hexadecimal key, is entered automatically. Key 1 to Key 4 The WEP keys are used to encrypt data. Both the NBG-417N and the wireless stations must use the same WEP key for data transmission. If you chose 64-bit WEP, then enter any 5 ASCII characters or 10 hexadecimal characters ("0-9", "A-F").
Chapter 7 Wireless LAN The following table describes the labels in this screen. Table 27 Network > Wireless LAN > General: WPA-PSK/WPA2-PSK LABEL DESCRIPTION WPA Compatible This check box is available only when you select WPA2-PSK in the Security Mode field. Select the check box to have both WPA2 and WPA wireless clients be able to communicate with the NBG-417N even when the NBG-417N is using WPA2-PSK. Pre-Shared Key WPA-PSK/WPA2-PSK uses a simple common password for authentication.
Chapter 7 Wireless LAN To change your NBG-417N’s MAC filter settings, click Network > Wireless LAN > MAC Filter. The screen appears as shown. Figure 46 Network > Wireless LAN > MAC Filter The following table describes the labels in this menu. Table 28 Network > Wireless LAN > MAC Filter LABEL DESCRIPTION Active Select Yes from the drop down list box to enable MAC address filtering. Filter Action Define the filter action for the list of MAC addresses in the MAC Address table.
Chapter 7 Wireless LAN 7.6 Wireless LAN Advanced Screen Click Network > Wireless LAN > Advanced. The screen appears as shown. Figure 47 Network > Wireless LAN > Advanced The following table describes the labels in this screen. Table 29 Network > Wireless LAN > Advanced LABEL DESCRIPTION Wireless Advanced Setup RTS/CTS Threshold Data with its frame size larger than this value will perform the RTS (Request To Send)/CTS (Clear To Send) handshake. Enter a value between 0 and 2432.
Chapter 7 Wireless LAN Table 29 Network > Wireless LAN > Advanced LABEL DESCRIPTION CTS Protection When set to None, the NBG-417N protects wireless communication against interference. When set to Always, the NBG-417N improves performance within mixed wireless modes. Select Auto to let the NBG-417N determine whether to turn this feature on or off in the current environment. Tx Power This field controls the transmission power of the NBG-417N.
Chapter 7 Wireless LAN Click Network > Wireless LAN > QoS. The following screen appears. Figure 48 Network > Wireless LAN > QoS The following table describes the labels in this screen. Table 30 Network > Wireless LAN > QoS LABEL DESCRIPTION WMM QoS Policy Select Default to have the NBG-417N automatically give a service a priority level according to the ToS value in the IP header of packets it sends.
Chapter 7 Wireless LAN Table 30 Network > Wireless LAN > QoS (continued) LABEL DESCRIPTION Priority This field displays the priority of the application. Highest - Typically used for voice or video that should be highquality. High - Typically used for voice or video that can be medium-quality. Mid - Typically used for applications that do not fit into another priority. For example, Internet surfing.
Chapter 7 Wireless LAN Network > Wireless LAN > QoS: Application Priority Configuration (continued) LABEL DESCRIPTION Service The following is a description of the applications you can prioritize with WMM QoS. Select a service from the drop-down list box. • E-Mail Electronic mail consists of messages sent through a computer network to specific groups or individuals.
Chapter 7 Wireless LAN 7.8 WPS Screen Use this screen to enable/disable WPS, view or generate a new PIN number and check current WPS status. To open this screen, click Network > Wireless LAN > WPS tab. Figure 50 WPS The following table describes the labels in this screen. Table 31 WPS LABEL DESCRIPTION WPS Setup Enable WPS Select this to enable the WPS feature. PIN Number This displays a PIN number last time system generated. Click Generate to generate a new PIN number.
Chapter 7 Wireless LAN 7.9 WPS Station Screen Use this screen when you want to add a wireless station using WPS. To open this screen, click Network > Wireless LAN > WPS Station tab. Note: Note: After you click Push Button on this screen, you have to press a similar button in the wireless station utility within 2 minutes. To add the second wireless station, you have to press these buttons on both device and the wireless station again after the first 2 minutes.
Chapter 7 Wireless LAN on or off on certain days and at certain times. To open this screen, click Network > Wireless LAN > Scheduling tab. Figure 52 Scheduling The following table describes the labels in this screen. Table 33 Scheduling LABEL DESCRIPTION Enable Wireless LAN Scheduling Select this to enable Wireless LAN scheduling. Action Select On or Off to specify whether the Wireless LAN is turned on or off. This field works in conjunction with the Day and Except for the following times fields.
Chapter 7 Wireless LAN 94 NBG-417N User’s Guide
CHAPTER 8 WAN 8.1 Overview This chapter discusses the NBG-417N’s WAN screens. Use these screens to configure your NBG-417N for Internet access. A WAN (Wide Area Network) connection is an outside connection to another network or the Internet. It connects your private networks (such as a LAN (Local Area Network) and other networks, so that a computer in one location can communicate with computers in other locations.
Chapter 8 WAN 8.3 What You Need To Know About WAN The information in this section can help you configure the screens for your WAN connection, as well as enable/disable some advanced features of your NBG-417N. 8.3.1 Configuring Your Internet Connection Encapsulation Method Encapsulation is used to include data from an upper layer protocol into a lower layer protocol. To set up a WAN connection to the Internet, you need to use the same encapsulation method used by your ISP (Internet Service Provider).
Chapter 8 WAN WAN MAC Address The MAC address screen allows users to configure the WAN port's MAC address by either using the factory default or cloning the MAC address from a computer on your LAN. Choose Factory Default to select the factory assigned default MAC Address. Otherwise, click Clone the computer's MAC address - IP Address and enter the IP address of the computer on the LAN whose MAC you are cloning. Once it is successfully configured, the address will be copied to configuration file.
Chapter 8 WAN 8.3.3 NetBIOS over TCP/IP NetBIOS (Network Basic Input/Output System) are TCP or UDP broadcast packets that enable a computer to connect to and communicate with a LAN. For some dialup services such as PPPoE or PPTP, NetBIOS packets cause unwanted calls. However it may sometimes be necessary to allow NetBIOS packets to pass through to the WAN in order to find a computer on the WAN. 8.3.4 Auto-Bridge In the rear panel of your NBG-417N, you can see four LAN ports (1 to 4) and one WAN port.
Chapter 8 WAN 8.4 Internet Connection Use this screen to change your NBG-417N’s Internet access settings. Click Network > WAN. The screen differs according to the encapsulation you choose. 8.4.1 Ethernet Encapsulation This screen displays when you select Ethernet encapsulation. Figure 56 Network > WAN > Internet Connection: Ethernet Encapsulation The following table describes the labels in this screen.
Chapter 8 WAN Table 34 Network > WAN > Internet Connection: Ethernet Encapsulation LABEL DESCRIPTION IP Address Enter your WAN IP address in this field if you selected Use Fixed IP Address. IP Subnet Mask Enter the IP Subnet Mask in this field. Gateway IP Address Enter a Gateway IP Address (if your ISP gave you one) in this field. DNS Servers First DNS Server Select From ISP if your ISP dynamically assigns DNS server information (and the NBG-417N's WAN IP address).
Chapter 8 WAN One of the benefits of PPPoE is the ability to let you access one of multiple network services, a function known as dynamic service selection. This enables the service provider to easily create and offer new IP services for individuals. Operationally, PPPoE saves significant effort for both you and the ISP or carrier, as it requires no specific configuration of the broadband modem at the customer site.
Chapter 8 WAN Table 35 Network > WAN > Internet Connection: PPPoE Encapsulation LABEL DESCRIPTION Password Type the password associated with the user name above. Retype to Confirm Type your password again to make sure that you have entered is correctly. Nailed-Up Connection Select Nailed-Up Connection if you do not want the connection to time out. Idle Timeout This value specifies the time in minutes that elapses before the router automatically disconnects from the PPPoE server.
Chapter 8 WAN This screen displays when you select PPTP encapsulation. Figure 58 Network > WAN > Internet Connection: PPTP Encapsulation The following table describes the labels in this screen.
Chapter 8 WAN Table 36 Network > WAN > Internet Connection: PPTP Encapsulation LABEL DESCRIPTION Password Type the password associated with the User Name above. Retype to Confirm Type your password again to make sure that you have entered is correctly. Nailed-up Connection Select Nailed-Up Connection if you do not want the connection to time out. Idle Timeout This value specifies the time in minutes that elapses before the NBG-417N automatically disconnects from the PPTP server.
Chapter 8 WAN Table 36 Network > WAN > Internet Connection: PPTP Encapsulation LABEL DESCRIPTION Clone the computer’s MAC address - IP Address Select Clone the computer's MAC address - IP Address and enter the IP address of the computer on the LAN whose MAC you are cloning. Once it is successfully configured, the address will be copied to the rom file. It will not change unless you change the setting or upload a different ROM file.
Chapter 8 WAN The following table describes the labels in this screen. Table 37 WAN > Advanced LABEL DESCRIPTION Multicast Setup Multicast Check this to enable multicasting. This applies to traffic routed from the WAN to the LAN. Leaving this blank may cause incoming traffic to be dropped or sent to all connected network devices. Windows Networking (NetBIOS over TCP/IP) Allow between LAN and WAN Select this check box to forward NetBIOS packets from the LAN to the WAN and from the WAN to the LAN.
CHAPTER 9 LAN 9.1 Overview This chapter describes how to configure LAN settings. A Local Area Network (LAN) is a shared communication system to which many computers are attached. A LAN is a computer network limited to the immediate area, usually the same building or floor of a building. The LAN screens can help you configure a LAN DHCP server, manage IP addresses, and partition your physical network into logical networks.
Chapter 9 LAN 9.3 What You Need To Know About LAN The actual physical connection determines whether the NBG-417N ports are LAN or WAN ports. There are two separate IP networks, one inside the LAN network and the other outside the WAN network as shown next. Figure 60 LAN and WAN IP Addresses LAN WAN The LAN parameters of the NBG-417N are preset in the factory with the following values: • IP address of 192.168.1.1 with subnet mask of 255.255.255.
Chapter 9 LAN 9.4 LAN IP Screen Use this screen to change your basic LAN settings. Click Network > LAN. Figure 61 Network > LAN > IP The following table describes the labels in this screen. Table 38 Network > LAN > IP LABEL DESCRIPTION IP Address Type the IP address of your NBG-417N in dotted decimal notation 192.168.1.1 (factory default). IP Subnet Mask The subnet mask specifies the network number portion of an IP address.
Chapter 9 LAN 110 NBG-417N User’s Guide
CHAPTER 10 DHCP Server 10.1 Overview DHCP (Dynamic Host Configuration Protocol, RFC 2131 and RFC 2132) allows individual clients to obtain TCP/IP configuration at start-up from a server. You can configure the NBG-417N’s LAN as a DHCP server or disable it. When configured as a server, the NBG-417N provides the TCP/IP configuration for the clients. If DHCP service is disabled, you must have another DHCP server on your LAN, or else the computer must be manually configured. 10.
Chapter 10 DHCP Server 10.4 General Screen Use this screen to enable the DHCP server. Click Network > DHCP Server. The following screen displays. Figure 62 Network > DHCP Server > General The following table describes the labels in this screen. Table 39 Network > DHCP Server > General LABEL DESCRIPTION Enable DHCP Server Enable or Disable DHCP for LAN. IP Pool Starting Address This field specifies the first of the contiguous addresses in the IP address pool for LAN.
Chapter 10 DHCP Server To change your NBG-417N’s static DHCP settings, click Network > DHCP Server > Advanced. The following screen displays. Figure 63 Network > DHCP Server > Advanced The following table describes the labels in this screen. Table 40 Network > DHCP Server > Advanced LABEL DESCRIPTION Static DHCP Table # This is the index number of the static IP table entry (row). MAC Address Type the MAC address (with colons) of a computer on your LAN.
Chapter 10 DHCP Server Table 40 Network > DHCP Server > Advanced LABEL DESCRIPTION First DNS Server Select From ISP if your ISP dynamically assigns DNS server information (and the NBG-417N's WAN IP address). The field to the right displays the (read-only) DNS server IP address that the ISP assigns. Second DNS Server Select User-Defined if you have the IP address of a DNS server. Enter the DNS server's IP address in the field to the right. If you chose User-Defined, but leave the IP address set to 0.0.
Chapter 10 DHCP Server The following screen displays. Figure 64 Network > DHCP Server > Client List The following table describes the labels in this screen. Table 41 Network > DHCP Server > Client List LABEL DESCRIPTION # This is the index number of the host computer. IP Address This field displays the IP address relative to the # field listed above. Host Name This field displays the computer host name.
Chapter 10 DHCP Server 116 NBG-417N User’s Guide
CHAPTER 11 Network Address Translation (NAT) 11.1 Overview NAT (Network Address Translation - NAT, RFC 1631) is the translation of the IP address of a host in a packet. For example, the source address of an outgoing packet, used within one network is changed to a different IP address known within another network. The figure below is a simple illustration of a NAT network.
Chapter 11 Network Address Translation (NAT) Note: You must create a firewall rule in addition to setting up NAT, to allow traffic from the WAN to be forwarded through the NBG-417N. 11.2 What You Can Do in the NAT Screens • Use the General (Section 11.4 on page 120) screen to enable NAT and set a default server. • Use the Application (Section 11.5 on page 121) screen to change your NBG417N’s port forwarding settings. • Use the Advanced (Section 11.
Chapter 11 Network Address Translation (NAT) IP address of the same inside host when the packet is on the WAN side. The following table summarizes this information. Table 42 NAT Definitions ITEM DESCRIPTION Inside This refers to the host on the LAN. Outside This refers to the host on the WAN. Local This refers to the packet address (source or destination) as the packet travels on the LAN. Global This refers to the packet address (source or destination) as the packet travels on the WAN.
Chapter 11 Network Address Translation (NAT) so incoming reply packets can have their original values restored. The following figure illustrates this. Figure 66 How NAT Works NBG-417N 11.4 General NAT Screen Use this screen to enable NAT and set a default server. Click Network > NAT to open the General screen. Figure 67 Network > NAT > General The following table describes the labels in this screen.
Chapter 11 Network Address Translation (NAT) Table 43 Network > NAT > General LABEL DESCRIPTION Default Server Setup Server IP Address In addition to the servers for specified services, NAT supports a default server. A default server receives packets from ports that are not specified in the Application screen. If you do not assign a Default Server IP address, the NBG-417N discards all packets received for ports that are not specified in the Application screen or remote management.
Chapter 11 Network Address Translation (NAT) The following table describes the labels in this screen. Table 44 NAT Application LABEL DESCRIPTION Add Application Rule Active Select the check box to enable this rule and the requested service can be forwarded to the host with a specified internal IP address. Clear the checkbox to disallow forwarding of these ports to an inside server without having to delete the entry.
Chapter 11 Network Address Translation (NAT) 11.6 NAT Advanced Screen To change your NBG-417N’s trigger port settings, click Network > NAT > Advanced. The screen appears as shown. Note: Only one LAN computer can use a trigger port (range) at a time. Figure 69 Network > NAT > Advanced The following table describes the labels in this screen. Table 45 Network > NAT > Advanced LABEL DESCRIPTION # This is the rule index number (read-only).
Chapter 11 Network Address Translation (NAT) Table 45 Network > NAT > Advanced LABEL DESCRIPTION Apply Click Apply to save your changes back to the NBG-417N. Reset Click Reset to begin configuring this screen afresh. 11.7 Technical Reference The following section contains additional technical information about the NBG417N features described in this chapter. 11.
Chapter 11 Network Address Translation (NAT) address of 192.168.1.35 to a third (C in the example). You assign the LAN IP addresses and the ISP assigns the WAN IP address. The NAT network appears as a single host on the Internet. Figure 70 Multiple Servers Behind NAT Example NBG-417N 11.9 Trigger Port Forwarding Some services use a dedicated range of ports on the client side and a dedicated range of ports on the server side.
Chapter 11 Network Address Translation (NAT) 11.9.1 Trigger Port Forwarding Example The following is an example of trigger port forwarding. Figure 71 Trigger Port Forwarding Process: Example NBG-417N 1 Jane requests a file from the Real Audio server (port 7070). 2 Port 7070 is a “trigger” port and causes the NBG-417N to record Jane’s computer IP address. The NBG-417N associates Jane's computer IP address with the "incoming" port range of 6970-7170.
CHAPTER 12 Dynamic DNS 12.1 Overview Dynamic DNS (DDNS) services let you use a domain name with a dynamic IP address. 12.2 What You Can Do in the DDNS Screen Use the Dynamic DNS screen (Section 12.4 on page 128) to enable DDNS and configure the DDNS settings on the NBG-417N. 12.3 What You Need To Know About DDNS Dynamic DNS allows you to update your current dynamic IP address with one or many dynamic DNS services so that anyone can contact you (in NetMeeting, CUSeeMe, etc.).
Chapter 12 Dynamic DNS 12.4 Dynamic DNS Screen To change your NBG-417N’s DDNS, click Network > DDNS. The screen appears as shown. Figure 72 Dynamic DNS The following table describes the labels in this screen. Table 46 Dynamic DNS LABEL DESCRIPTION Dynamic DNS Setup Enable Dynamic DNS Select this check box to use dynamic DNS. Service Provider Select the name of your Dynamic DNS service provider.
Chapter 12 Dynamic DNS Table 46 Dynamic DNS LABEL DESCRIPTION Enable off line option This option is available when CustomDNS is selected in the DDNS Type field. Check with your Dynamic DNS service provider to have traffic redirected to a URL (that you can specify) while you are off line. IP Address Update Policy: Use WAN IP Address Select this option to update the IP address of the host name(s) to the WAN IP address.
Chapter 12 Dynamic DNS 130 NBG-417N User’s Guide
P ART III Security Firewall (133) Content Filtering (139) 131
CHAPTER 13 Firewall 13.1 Overview Use these screens to enable and configure the firewall that protects your NBG417N and your LAN from unwanted or malicious traffic. Enable the firewall to protect your LAN computers from attacks by hackers on the Internet and control access between the LAN and WAN. By default the firewall: • allows traffic that originates from your LAN computers to go to all of the networks. • blocks traffic that originates on the other networks from going to the LAN.
Chapter 13 Firewall • Use the Services screen (Section 13.5 on page 136) screen enable service blocking, enter/delete/modify the services you want to block and the date/time you want to block them. 13.3 What You Need To Know About Firewall The NBG-417N’s firewall feature physically separates the LAN and the WAN and acts as a secure gateway for all data passing between the networks. 13.3.
Chapter 13 Firewall The NBG-417N is installed between the LAN and a broadband modem connecting to the Internet. This allows it to act as a secure gateway for all data passing between the Internet and the LAN. The NBG-417N has one Ethernet WAN port and four Ethernet LAN ports, which are used to physically separate the network into two areas.The WAN (Wide Area Network) port attaches to the broadband (cable or DSL) modem to the Internet.
Chapter 13 Firewall 13.4 General Firewall Screen Use this screen to enable or disable the NBG-417N’s firewall, and set up firewall logs. Click Security > Firewall to open the General screen. Figure 74 Security > Firewall > General l The following table describes the labels in this screen. Table 47 Security > Firewall > General LABEL DESCRIPTION Enable Firewall Select this check box to activate the firewall.
Chapter 13 Firewall Click Security > Firewall > Services. The screen appears as shown next. Figure 75 Security > Firewall > Services l The following table describes the labels in this screen. Table 48 Security > Firewall > Services LABEL DESCRIPTION ICMP Internet Control Message Protocol is a message control and errorreporting protocol between a host server and a gateway to the Internet.
Chapter 13 Firewall 138 NBG-417N User’s Guide
CHAPTER 14 Content Filtering 14.1 Overview This chapter provides a brief overview of content filtering using the embedded web GUI. Internet content filtering allows you to create and enforce Internet access policies tailored to your needs. Content filtering is the ability to block certain web features or specific URL keywords. 14.2 What You Can Do in the Content Filtering Screen Use the Filter (Section 14.
Chapter 14 Content Filtering Restrict Web Features The NBG-417N can disable web proxies and block web features such as ActiveX controls, Java applets and cookies. Keyword Blocking URL Checking The NBG-417N checks the URL’s domain name (or IP address) and file path separately when performing keyword blocking. The URL’s domain name or IP address is the characters that come before the first slash in the URL. For example, with the URL www.zyxel.com.tw/news/ pressroom.php, the domain name is www.zyxel.com.tw.
Chapter 14 Content Filtering 14.4 Filter Screen Use this screen to restrict web features, add keywords for blocking and designate a trusted computer. Click Security > Content Filter to open the Filter screen. Figure 76 Security > Content Filter > Filter The following table describes the labels in this screen.
Chapter 14 Content Filtering Table 49 Security > Content Filter > Filter LABEL DESCRIPTION Apply Click Apply to save your changes. Reset Click Reset to begin configuring this screen afresh 14.5 Technical Reference The following section contains additional technical information about the NBG417N features described in this chapter. 14.5.1 Customizing Keyword Blocking URL Checking You can use commands to set how much of a website’s URL the content filter is to check for keyword blocking.
Chapter 14 Content Filtering For example, filename URL checking searches for keywords within the URL www.zyxel.com.tw/news/pressroom.php. Use the ip urlfilter customize actionFlags 8 [disable | enable] command to extend (or not extend) the keyword blocking search to include the URL's complete filename.
Chapter 14 Content Filtering 144 NBG-417N User’s Guide
P ART IV Management Static Route (147) Remote Management (159) Universal Plug-and-Play (UPnP) (163) 145
CHAPTER 15 Static Route 15.1 Overview This chapter shows you how to configure static routes for your NBG-417N. The NBG-417N usually uses the default gateway to route outbound traffic from computers on the LAN to the Internet. To have the NBG-417N send data to devices not reachable through the default gateway, use static routes. For example, the next figure shows a computer (A) connected to the NBG-417N’s LAN interface.
Chapter 15 Static Route 15.2 What You Can Do in the IP Static Route Screens • Use the IP Static Route screen (Section 15.3 on page 148) to view existing static route rules. • Use the Static Route Setup screen (Section 15.3.1 on page 149) to add or edit a static route rule. 15.3 IP Static Route Screen Use this screen to view existing static route rules. Click Management > Static Route to open the IP Static Route screen. The following screen displays.
Chapter 15 Static Route Table 50 Management > Static Route > IP Static Route LABEL DESCRIPTION Gateway This is the IP address of the gateway. The gateway is an immediate neighbor of your NBG-417N that will forward the packet to the destination. On the LAN, the gateway must be a router on the same segment as your NBG-417N; over the WAN, the gateway must be the IP address of one of the remote nodes. Modify Click the Edit icon to open the static route setup screen.
Chapter 15 Static Route Table 51 Management > Static Route > IP Static Route: Static Route Setup 150 LABEL DESCRIPTION Metric Metric represents the “cost” of transmission for routing purposes. IP routing uses hop count as the measurement of cost, with a minimum of 1 for directly connected networks. Enter a number that approximates the cost for this link. The number need not be precise, but it must be between 1 and 15. In practice, 2 or 3 is usually a good number.
CHAPTER 16 Bandwidth Management 16.1 Overview This chapter contains information about configuring bandwidth management and editing rules. ZyXEL’s Bandwidth Management allows you to specify bandwidth management rules based on an application. In the figure below, uplink traffic goes from the LAN device (A) to the WAN device (B). Bandwidth management is applied before sending the packets out to the WAN. Downlink traffic comes back from the WAN device (B) to the LAN device (A).
Chapter 16 Bandwidth Management 16.3 What You Need To Know About Bandwidth Management You can limit an application’s uplink or downlink bandwidth. This limit keeps the traffic from using up too much of the out-going interface’s bandwidth. This way you can make sure there is bandwidth for other applications.
Chapter 16 Bandwidth Management The following table describes the labels in this screen. Table 52 Management > Bandwidth MGMT > General LABEL DESCRIPTION Service Management Bandwidth Management Type This field allows you to have NBG-417N apply bandwidth management. Select Priority Queue or Bandwidth Allocation to enable bandwidth management. Select Priority Queue to allocate bandwidth based on the pre-defined priority assigned to an application. Refer to Section 16.5 on page 153.
Chapter 16 Bandwidth Management Click Management > Bandwidth MGMT > Advanced to open the bandwidth management Advanced screen. Figure 82 Management > Bandwidth MGMT > Advanced The following table describes the labels in this screen. Table 53 Management > Bandwidth MGMT > Advanced LABEL DESCRIPTION Priority Queue Local IP Address Enter the IP address of the computer to which bandwidth management does not apply.
Chapter 16 Bandwidth Management Table 53 Management > Bandwidth MGMT > Advanced (continued) LABEL DESCRIPTION Specific Port This displays the port/s assigned to the service. You can also specify the port/s to services to which you want to allocate bandwidth. Choose either Both, TCP or UDP in the drop-down menu and enter the port or range of ports in the provided boxes.
Chapter 16 Bandwidth Management • High - Typically used for voice traffic or video that is especially sensitive to jitter (jitter is the variations in delay). • Low - This is typically used for all other traffic that are not time-sensitive. 16.5.2 Rule Configuration: User Defined Service Rule Configuration If you want to edit a bandwidth management rule for specific protocols on an IP or IP range, click the Edit icon in the Bandwidth Allocation table of the Advanced screen. The following screen displays.
Chapter 16 Bandwidth Management LABEL DESCRIPTION Apply Click Apply to save your customized settings. Reset Click Reset to begin configuring this screen afresh. 16.5.3 Predefined Bandwidth Management Services The following is a description of the services that you can select and to which you can apply media bandwidth management in the Management > Bandwidth MGMT > Advanced screen.
Chapter 16 Bandwidth Management 16.5.4 Services and Port Numbers See Appendix F on page 259 for commonly used services and port numbers.
CHAPTER 17 Remote Management 17.1 Overview This chapter provides information on the Remote Management screens. Remote management allows you to determine which services/protocols can access which NBG-417N interface (if any) from which computers. You may manage your NBG-417N from a remote location via: • LAN only • LAN and WAN Note: When you configure remote management to allow management from the LAN & WAN in the options above, you still need to configure a firewall rule to allow access.
Chapter 17 Remote Management 17.3.1 Remote Management Limitations Remote management over LAN or WAN will not work when: 1 You have disabled that service in one of the remote management screens. 2 The IP address in the Secured Client IP Address field does not match the client IP address. If it does not match, the NBG-417N will disconnect the session immediately. 3 There is already another remote management session with an equal or higher priority running.
Chapter 17 Remote Management 17.4 WWW Screen To change your NBG-417N’s World Wide Web settings, click Management > Remote MGMT to display the WWW screen. Figure 84 Management > Remote MGMT > WWW The following table describes the labels in this screen Table 56 Management > Remote MGMT > WWW LABEL DESCRIPTION Server Port You may change the server port number for a service if needed, however you must use the same port number in order to use that service for remote management.
Chapter 17 Remote Management 162 NBG-417N User’s Guide
CHAPTER 18 Universal Plug-and-Play (UPnP) 18.1 Overview This chapter introduces the UPnP feature in the Web Configurator. Universal Plug and Play (UPnP) is a distributed, open networking standard that uses TCP/IP for simple peer-to-peer network connectivity between devices. A UPnP device can dynamically join a network, obtain an IP address, convey its capabilities and learn about other devices on the network. In turn, a device can leave a network smoothly and automatically when it is no longer in use.
Chapter 18 Universal Plug-and-Play (UPnP) • Dynamic port mapping • Learning public IP addresses • Assigning lease times to mappings Windows Messenger is an example of an application that supports NAT traversal and UPnP. See the NAT chapter for more information on NAT. Cautions with UPnP The automated nature of NAT traversal applications in establishing their own services and opening firewall ports may present network security issues.
Chapter 18 Universal Plug-and-Play (UPnP) 18.4 UPnP Screen Use this screen to enable UPnP. Click the Management > UPnP to open the following screen. Figure 85 Management > UPnP > General The following table describes the labels in this screen. Table 57 Management > UPnP > General LABEL DESCRIPTION Enable the Universal Plug and Play (UPnP) Feature Select this check box to activate UPnP.
Chapter 18 Universal Plug-and-Play (UPnP) 18.5.1 Installing UPnP in Windows Example This section shows how to install UPnP in Windows Me and Windows XP. 18.5.1.1 Installing UPnP in Windows Me Follow the steps below to install the UPnP in Windows Me. 1 Click Start and Control Panel. Double-click Add/Remove Programs. 2 Click on the Windows Setup tab and select Communication in the Components selection box. Click Details.
Chapter 18 Universal Plug-and-Play (UPnP) 3 In the Communications window, select the Universal Plug and Play check box in the Components selection box. Figure 87 Add/Remove Programs: Windows Setup: Communication: Components 4 Click OK to go back to the Add/Remove Programs Properties window and click Next. 5 Restart the computer when prompted. Installing UPnP in Windows XP Follow the steps below to install the UPnP in Windows XP. 1 Click Start and Control Panel. 2 Double-click Network Connections.
Chapter 18 Universal Plug-and-Play (UPnP) 4 The Windows Optional Networking Components Wizard window displays. Select Networking Service in the Components selection box and click Details. Figure 89 Windows Optional Networking Components Wizard 5 In the Networking Services window, select the Universal Plug and Play check box. Figure 90 Networking Services 6 Click OK to go back to the Windows Optional Networking Component Wizard window and click Next. 18.5.1.
Chapter 18 Universal Plug-and-Play (UPnP) Auto-discover Your UPnP-enabled Network Device 1 Click Start and Control Panel. Double-click Network Connections. An icon displays under Internet Gateway. 2 Right-click the icon and select Properties. Figure 91 Network Connections 3 In the Internet Connection Properties window, click Settings to see the port mappings there were automatically created.
Chapter 18 Universal Plug-and-Play (UPnP) 4 You may edit or delete the port mappings or click Add to manually add port mappings. Figure 93 Internet Connection Properties: Advanced Settings Figure 94 Internet Connection Properties: Advanced Settings: Add 5 When the UPnP-enabled device is disconnected from your computer, all port mappings will be deleted automatically. 6 Select Show icon in notification area when connected option and click OK. An icon displays in the system tray.
Chapter 18 Universal Plug-and-Play (UPnP) 7 Double-click on the icon to display your current Internet connection status. Figure 96 Internet Connection Status Web Configurator Easy Access With UPnP, you can access the web-based configurator on the NBG-417N without finding out the IP address of the NBG-417N first. This comes helpful if you do not know the IP address of the NBG-417N. Follow the steps below to access the Web Configurator. 1 Click Start and then Control Panel.
Chapter 18 Universal Plug-and-Play (UPnP) 3 Select My Network Places under Other Places. Figure 97 Network Connections 4 An icon with the description for each UPnP-enabled device displays under Local Network. 5 Right-click on the icon for your NBG-417N and select Invoke. The Web Configurator login screen displays.
Chapter 18 Universal Plug-and-Play (UPnP) 6 Right-click on the icon for your NBG-417N and select Properties. A properties window displays with basic information about the NBG-417N.
Chapter 18 Universal Plug-and-Play (UPnP) 174 NBG-417N User’s Guide
P ART V Maintenance and Troubleshooting System (177) Logs (183) Tools (185) Sys OP Mode (191) Language (195) Troubleshooting (197) 175
CHAPTER 19 System 19.1 Overview This chapter provides information on the System screens. See the chapter about wizard setup for more information on the next few screens. 19.2 What You Can Do in the System Screens • Use the General screen (Section 19.3 on page 177) to enter a name to identify the NBG-417N in the network and set the password. • Use the Time Setting screen (Section 19.4 on page 179) to change your NBG417N’s time and date. 19.
Chapter 19 System The following table describes the labels in this screen. Table 58 Maintenance > System > General LABEL DESCRIPTION System Setup System Name System Name is a unique name to identify the NBG-417N in an Ethernet network. It is recommended you enter your computer’s “Computer name” in this field (see the chapter about wizard setup for how to find your computer’s name). This name can be up to 30 alphanumeric characters long.
Chapter 19 System 19.4 Time Setting Screen To change your NBG-417N’s time and date, click Maintenance > System > Time Setting. The screen appears as shown. Use this screen to configure the NBG417N’s time based on your local time zone. Figure 101 Maintenance > System > Time Setting he following table describes the labels in this screen. Table 59 Maintenance > System > Time Setting LABEL DESCRIPTION Current Time and Date Current Time This field displays the time of your NBG-417N.
Chapter 19 System Table 59 Maintenance > System > Time Setting LABEL DESCRIPTION New Time This field displays the last updated time from the time server or the last time configured manually. (hh:mm:ss) When you set Time and Date Setup to Manual, enter the new time in this field and then click Apply. New Date (yyyy/mm/dd) This field displays the last updated date from the time server or the last date configured manually.
Chapter 19 System Table 59 Maintenance > System > Time Setting LABEL DESCRIPTION End Date Configure the day and time when Daylight Saving Time ends if you selected Daylight Savings. The o'clock field uses the 24 hour format. Here are a couple of examples: Daylight Saving Time ends in the United States on the last Sunday of October. Each time zone in the United States stops using Daylight Saving Time at 2 A.M. local time.
Chapter 19 System 182 NBG-417N User’s Guide
CHAPTER 20 Logs 20.1 Overview This chapter contains information about configuring general log settings and viewing the NBG-417N’s logs. Refer to the appendices for example log message explanations. The Web Configurator allows you to look at all of the NBG-417N’s logs in one location. 20.2 What You Can Do in the Log Screens Use the View Log screen (Section 20.
Chapter 20 Logs 20.4 View Log Screen Use the View Log screen to see the logged messages for the NBG-417N. Options include logs about system maintenance, system errors, access control, allowed or blocked web sites, blocked web features (such as ActiveX controls, Java and cookies), attacks (such as DoS) and IPSec. Log entries in red indicate system error logs. The log wraps around and deletes the old entries after it fills. Click a column heading to sort the entries.
CHAPTER 21 Tools 21.1 Overview This chapter shows you how to upload a new firmware, upload or save backup configuration files and restart the NBG-417N. 21.2 What You Can Do in the Tools Screen • Use the Firmware screen (Section 21.3 on page 185) to upload firmware to your NBG-417N. • Use the Configuration screen (Section 21.4 on page 188) to view information related to factory defaults, backup configuration, and restoring configuration. • Use the Restart screen (Section 21.
Chapter 21 Tools Click Maintenance > Tools. Follow the instructions in this screen to upload firmware to your NBG-417N. Figure 103 Maintenance > Tools > Firmware The following table describes the labels in this screen. Table 61 Maintenance > Tools > Firmware LABEL DESCRIPTION File Path Type in the location of the file you want to upload in this field or click Browse... to find it. Browse... Click Browse... to find the .bin file you want to upload. Remember that you must decompress compressed (.
Chapter 21 Tools The NBG-417N automatically restarts in this time causing a temporary network disconnect. In some operating systems, you may see the following icon on your desktop. Figure 105 Network Temporarily Disconnected After two minutes, log in again and check your new firmware version in the Status screen. If the upload was not successful, the following screen will appear. Click Return to go back to the Firmware screen.
Chapter 21 Tools 21.4 Configuration Screen Click Maintenance > Tools > Configuration. Information related to factory defaults, backup configuration, and restoring configuration appears as shown next. Figure 107 Maintenance > Tools > Configuration 21.4.1 Backup Configuration Backup configuration allows you to back up (save) the NBG-417N’s current configuration to a file on your computer.
Chapter 21 Tools 21.4.2 Restore Configuration Restore configuration allows you to upload a new or previously saved configuration file from your computer to your NBG-417N. Table 62 Maintenance Restore Configuration LABEL DESCRIPTION File Path Type in the location of the file you want to upload in this field or click Browse... to find it. Browse... Click Browse... to find the file you want to upload. Remember that you must decompress compressed (.ZIP) files before you can upload them.
Chapter 21 Tools If the upload was not successful, the following screen will appear. Click Return to go back to the Configuration screen. Figure 110 Configuration Restore Error 21.4.3 Back to Factory Defaults Pressing the Reset button in this section clears all user-entered configuration information and returns the NBG-417N to its factory defaults. You can also press the RESET button on the rear panel to reset the factory defaults of your NBG-417N.
CHAPTER 22 Sys OP Mode 22.1 Overview The Sys OP Mode (System Operation Mode) function lets you configure whether your NBG-417N is a router or AP. You can choose between Router Mode and AP Mode depending on your network topology and the features you require from your device. See Section 1.1 on page 21 for more information on which mode to choose. 22.2 What You Can Do in the Sys OP Mode Screen Use the General screen (Section 22.4 on page 193) to select how you connect to the Internet.
Chapter 22 Sys OP Mode 22.3 What You Need to Know About Sys OP Mode Router A router connects your local network with another network, such as the Internet. The router has two IP addresses, the LAN IP address and the WAN IP address. Figure 112 LAN and WAN IP Addresses in Router Mode LAN WAN Internet WAN IP LAN IP NBG-417N AP An AP extends one network and so has just one IP address. All Ethernet ports on the AP have the same IP address.
Chapter 22 Sys OP Mode 22.4 General Screen Use this screen to select how you connect to the Internet. Figure 114 Maintenance > Sys OP Mode > General If you select Router Mode, the following pop-up message window appears. Figure 115 Maintenance > Sys Op Mode > General: Router • In this mode there are both LAN and WAN ports. The LAN Ethernet and WAN Ethernet ports have different IP addresses. • The DHCP server on your device is enabled and allocates IP addresses to other devices on your local network.
Chapter 22 Sys OP Mode • The DHCP server on your device is disabled. In AP mode there must be a device with a DHCP server on your network such as a router or gateway which can allocate IP addresses. The IP address of the device on the local network is set to 192.168.1.2. The following table describes the labels in the General screen.
CHAPTER 23 Language 23.1 Language Screen Use this screen to change the language for the Web Configurator display. Click the language you prefer. The Web Configurator language changes after a while without restarting the NBG-417N.
Chapter 23 Language 196 NBG-417N User’s Guide
CHAPTER 24 Troubleshooting This chapter offers some suggestions to solve problems you might encounter. The potential problems are divided into the following categories. • Power, Hardware Connections, and LEDs • NBG-417N Access and Login • Internet Access • Resetting the NBG-417N to Its Factory Defaults • Wireless Router/AP Troubleshooting 24.1 Power, Hardware Connections, and LEDs The NBG-417N does not turn on. None of the LEDs turn on.
Chapter 24 Troubleshooting 3 Inspect your cables for damage. Contact the vendor to replace any damaged cables. 4 Disconnect and re-connect the power adaptor to the NBG-417N. 5 If the problem continues, contact the vendor. 24.2 NBG-417N Access and Login I don’t know the IP address of my NBG-417N. 1 The default IP address is 192.168.1.1.
Chapter 24 Troubleshooting 2 If this does not work, you have to reset the device to its factory defaults. See Section 24.4 on page 201. I cannot see or access the Login screen in the Web Configurator. 1 Make sure you are using the correct IP address. • The default IP address is 192.168.1.1. • If you changed the IP address (Section 7.3 on page 102), use the new IP address.
Chapter 24 Troubleshooting 2 This can happen when you fail to log out properly from your last session. Try logging in again after 5 minutes. 3 Disconnect and re-connect the power adaptor or cord to the NBG-417N. 4 If this does not work, you have to reset the device to its factory defaults. See Section 24.4 on page 201. 24.3 Internet Access I cannot access the Internet. 1 Check the hardware connections, and make sure the LEDs are behaving as expected. See the Quick Start Guide.
Chapter 24 Troubleshooting 1 Check the hardware connections, and make sure the LEDs are behaving as expected. See the Quick Start Guide and Section 1.5 on page 22. 2 Reboot the NBG-417N. 3 If the problem continues, contact your ISP. The Internet connection is slow or intermittent. 1 There might be a lot of traffic on the network. Look at the LEDs, and check Section 1.5 on page 22.
Chapter 24 Troubleshooting 2 Press the RESET button for longer than 1 second to restart/reboot the NBG-417N. 3 Press the RESET button for longer than five seconds to set the NBG-417N back to its factory-default configurations. If the NBG-417N restarts automatically, wait for the NBG-417N to finish restarting, and log in to the Web Configurator. The password is “1234”. If the NBG-417N does not restart automatically, disconnect and reconnect the NBG-417N’s power. Then, follow the directions above again.
Chapter 24 Troubleshooting Make sure that you select the Enable URL Keyword Blocking check box in the Content Filtering screen. Make sure that the keywords that you type are listed in the Keyword List. If a keyword that is listed in the Keyword List is not blocked when it is found in a URL, customize the keyword blocking using commands. See the Customizing Keyword Blocking URL Checking section in the Content Filter chapter. I can access the Internet, but I cannot open my network folders.
Chapter 24 Troubleshooting 204 NBG-417N User’s Guide
P ART VI Appendices and Index Product Specifications (207) Pop-up Windows, JavaScripts and Java Permissions (211) IP Addresses and Subnetting (219) Setting up Your Computer’s IP Address (229) Wireless LANs (247) Services (259) Legal Information (263) Index (271) 205
APPENDIX A Product Specifications The following tables summarize the NBG-417N’s hardware and firmware features. Table 64 Hardware Features Dimensions (W x D x H) 140 mm x 110 mm x 30 mm Weight 190 g Power Specification Input: 120~240 AC, 50~60 Hz Output: 12 V DC 1A Ethernet ports Auto-negotiating: 10 Mbps, 100 Mbps in either half-duplex or fullduplex mode. Auto-crossover: Use either crossover or straight-through Ethernet cables.
Appendix A Product Specifications Table 65 Firmware Features FEATURE DESCRIPTION Default LAN IP Address 192.168.1.1 (router) 192.168.1.2. (AP) Default LAN Subnet Mask 255.255.255.0 (24 bits) Default Password 1234 DHCP Pool 192.168.1.33 to 192.168.1.64 Wireless Interface Wireless LAN Default Wireless SSID ZyXEL Device Management Use the Web Configurator to easily configure the rich range of features on the NBG-417N. Wireless Functionality Allows IEEE 802.11b and/or IEEE 802.
Appendix A Product Specifications Table 65 Firmware Features FEATURE DESCRIPTION Bandwidth Management You can efficiently manage traffic on your network by reserving bandwidth and giving priority to certain types of traffic and/or to particular computers. Remote Management This allows you to decide whether a service (HTTP or FTP traffic for example) from a computer on a network (LAN or WAN for example) can access the NBG-417N.
Appendix A Product Specifications 210 NBG-417N User’s Guide
APPENDIX B Pop-up Windows, JavaScripts and Java Permissions In order to use the Web Configurator you need to allow: • Web browser pop-up windows from your device. • JavaScripts (enabled by default). • Java permissions (enabled by default). Note: Internet Explorer 6 screens are used here. Screens for other Internet Explorer versions may vary. Internet Explorer Pop-up Blockers You may have to disable pop-up blocking to log into your device.
Appendix B Pop-up Windows, JavaScripts and Java Permissions 1 In Internet Explorer, select Tools, Internet Options, Privacy. 2 Clear the Block pop-ups check box in the Pop-up Blocker section of the screen. This disables any web pop-up blockers you may have enabled. Figure 119 Internet Options: Privacy 3 Click Apply to save this setting. Enable pop-up Blockers with Exceptions Alternatively, if you only want to allow pop-up windows from your device, see the following steps.
Appendix B Pop-up Windows, JavaScripts and Java Permissions 2 Select Settings…to open the Pop-up Blocker Settings screen. Figure 120 Internet Options: Privacy 3 Type the IP address of your device (the web page that you do not want to have blocked) with the prefix “http://”. For example, http://192.168.167.1.
Appendix B Pop-up Windows, JavaScripts and Java Permissions 4 Click Add to move the IP address to the list of Allowed sites. Figure 121 Pop-up Blocker Settings 5 Click Close to return to the Privacy screen. 6 Click Apply to save this setting. JavaScripts If pages of the Web Configurator do not display properly in Internet Explorer, check that JavaScripts are allowed.
Appendix B Pop-up Windows, JavaScripts and Java Permissions 1 In Internet Explorer, click Tools, Internet Options and then the Security tab. Figure 122 Internet Options: Security 2 Click the Custom Level... button. 3 Scroll down to Scripting. 4 Under Active scripting make sure that Enable is selected (the default). 5 Under Scripting of Java applets make sure that Enable is selected (the default).
Appendix B Pop-up Windows, JavaScripts and Java Permissions 6 Click OK to close the window. Figure 123 Security Settings - Java Scripting Java Permissions 216 1 From Internet Explorer, click Tools, Internet Options and then the Security tab. 2 Click the Custom Level... button. 3 Scroll down to Microsoft VM. 4 Under Java permissions make sure that a safety level is selected.
Appendix B Pop-up Windows, JavaScripts and Java Permissions 5 Click OK to close the window. Figure 124 Security Settings - Java JAVA (Sun) 1 From Internet Explorer, click Tools, Internet Options and then the Advanced tab. 2 Make sure that Use Java 2 for
Appendix B Pop-up Windows, JavaScripts and Java Permissions 3 Click OK to close the window.
APPENDIX C IP Addresses and Subnetting This appendix introduces IP addresses and subnet masks. IP addresses identify individual devices on a network. Every networking device (including computers, servers, routers, printers, etc.) needs an IP address to communicate across the network. These networking devices are also known as hosts. Subnet masks determine the maximum number of possible hosts on a network. You can also use subnet masks to divide one network into multiple sub-networks.
Appendix C IP Addresses and Subnetting The following figure shows an example IP address in which the first three octets (192.168.1) are the network number, and the fourth octet (16) is the host ID. Figure 126 Network Number and Host ID How much of the IP address is the network number and how much is the host ID varies according to the subnet mask.
Appendix C IP Addresses and Subnetting Table 66 Subnet Mask - Identifying Network Number Network Number 1ST OCTET: 2ND OCTET: 3RD OCTET: 4TH OCTET (192) (168) (1) (2) 11000000 10101000 00000001 Host ID 00000010 By convention, subnet masks always consist of a continuous sequence of ones beginning from the leftmost bit of the mask, followed by a continuous sequence of zeros, for a total number of 32 bits.
Appendix C IP Addresses and Subnetting As these two IP addresses cannot be used for individual hosts, calculate the maximum number of possible hosts in a network as follows: Table 68 Maximum Host Numbers SUBNET MASK HOST ID SIZE 8 bits 24 bits 255.0.0.0 16 bits 255.255.0.0 24 bits 255.255.255.0 29 bits 255.255.255.
Appendix C IP Addresses and Subnetting Subnetting You can use subnetting to divide one network into multiple sub-networks. In the following example a network administrator creates two sub-networks to isolate a group of servers from the rest of the company network for security reasons. In this example, the company network address is 192.168.1.0. The first three octets of the address (192.168.
Appendix C IP Addresses and Subnetting The following figure shows the company network after subnetting. There are now two sub-networks, A and B. Figure 128 Subnetting Example: After Subnetting In a 25-bit subnet the host ID has 7 bits, so each sub-network has a maximum of 27 – 2 or 126 possible hosts (a host ID of all zeroes is the subnet’s address itself, all ones is the subnet’s broadcast address). 192.168.1.0 with mask 255.255.255.128 is subnet A itself, and 192.168.1.127 with mask 255.255.255.
Appendix C IP Addresses and Subnetting Each subnet contains 6 host ID bits, giving 26 - 2 or 62 hosts for each subnet (a host ID of all zeroes is the subnet itself, all ones is the subnet’s broadcast address). Table 70 Subnet 1 IP/SUBNET MASK NETWORK NUMBER LAST OCTET BIT VALUE IP Address (Decimal) 192.168.1. 0 IP Address (Binary) 11000000.10101000.00000001. 00000000 Subnet Mask (Binary) 11111111.11111111.11111111. 11000000 Subnet Address: 192.168.1.0 Lowest Host ID: 192.168.1.
Appendix C IP Addresses and Subnetting Table 73 Subnet 4 (continued) LAST OCTET BIT VALUE IP/SUBNET MASK NETWORK NUMBER Subnet Address: 192.168.1.192 Lowest Host ID: 192.168.1.193 Broadcast Address: 192.168.1.255 Highest Host ID: 192.168.1.254 Example: Eight Subnets Similarly, use a 27-bit mask to create eight subnets (000, 001, 010, 011, 100, 101, 110 and 111). The following table shows IP address last octet values for each subnet.
Appendix C IP Addresses and Subnetting The following table is a summary for subnet planning on a network with a 16-bit network number. Table 76 16-bit Network Number Subnet Planning NO. “BORROWED” HOST BITS SUBNET MASK NO. HOSTS PER NO. SUBNETS SUBNET 1 255.255.128.0 (/17) 2 32766 2 255.255.192.0 (/18) 4 16382 3 255.255.224.0 (/19) 8 8190 4 255.255.240.0 (/20) 16 4094 5 255.255.248.0 (/21) 32 2046 6 255.255.252.0 (/22) 64 1022 7 255.255.254.0 (/23) 128 510 8 255.255.255.
Appendix C IP Addresses and Subnetting that you entered. You don't need to change the subnet mask computed by the NBG-417N unless you are instructed to do otherwise. Private IP Addresses Every machine on the Internet must have a unique address. If your networks are isolated from the Internet (running only between two branch offices, for example) you can assign any IP addresses to the hosts without problems.
APPENDIX D Setting up Your Computer’s IP Address All computers must have a 10M or 100M Ethernet adapter card and TCP/IP installed. Windows 95/98/Me/NT/2000/XP, Macintosh OS 7 and later operating systems and all versions of UNIX/LINUX include the software components you need to install and use TCP/IP on your computer. Windows 3.1 requires the purchase of a thirdparty TCP/IP application package.
Appendix D Setting up Your Computer’s IP Address Windows 95/98/Me Click Start, Settings, Control Panel and double-click the Network icon to open the Network window. Figure 129 WIndows 95/98/Me: Network: Configuration Installing Components The Network window Configuration tab displays a list of installed components. You need a network adapter, the TCP/IP protocol and Client for Microsoft Networks. If you need the adapter: 1 In the Network window, click Add. 2 Select Adapter and then click Add.
Appendix D Setting up Your Computer’s IP Address 3 Select Microsoft from the list of manufacturers. 4 Select TCP/IP from the list of network protocols and then click OK. If you need Client for Microsoft Networks: 1 Click Add. 2 Select Client and then click Add. 3 Select Microsoft from the list of manufacturers. 4 Select Client for Microsoft Networks from the list of network clients and then click OK. 5 Restart your computer so the changes you made take effect.
Appendix D Setting up Your Computer’s IP Address 3 Click the DNS Configuration tab. • If you do not know your DNS information, select Disable DNS. • If you know your DNS information, select Enable DNS and type the information in the fields below (you may not need to fill them all in). Figure 131 Windows 95/98/Me: TCP/IP Properties: DNS Configuration 4 Click the Gateway tab. • If you do not know your gateway’s IP address, remove previously installed gateways.
Appendix D Setting up Your Computer’s IP Address 3 Select your network adapter. You should see your computer's IP address, subnet mask and default gateway. Windows 2000/NT/XP The following example figures use the default Windows XP GUI theme. 1 Click start (Start in Windows 2000/NT), Settings, Control Panel.
Appendix D Setting up Your Computer’s IP Address 2 In the Control Panel, double-click Network Connections (Network and Dialup Connections in Windows 2000/NT). Figure 133 Windows XP: Control Panel 3 Right-click Local Area Connection and then click Properties.
Appendix D Setting up Your Computer’s IP Address 4 Select Internet Protocol (TCP/IP) (under the General tab in Win XP) and then click Properties. Figure 135 Windows XP: Local Area Connection Properties 5 The Internet Protocol TCP/IP Properties window opens (the General tab in Windows XP). • If you have a dynamic IP address click Obtain an IP address automatically. • If you have a static IP address click Use the following IP Address and fill in the IP address, Subnet mask, and Default gateway fields.
Appendix D Setting up Your Computer’s IP Address • Click Advanced. Figure 136 Windows XP: Internet Protocol (TCP/IP) Properties 6 If you do not know your gateway's IP address, remove any previously installed gateways in the IP Settings tab and click OK. Do one or more of the following if you want to configure additional IP addresses: • In the IP Settings tab, in IP addresses, click Add. • In TCP/IP Address, type an IP address in IP address and a subnet mask in Subnet mask, and then click Add.
Appendix D Setting up Your Computer’s IP Address • Click OK when finished. Figure 137 Windows XP: Advanced TCP/IP Properties 7 In the Internet Protocol TCP/IP Properties window (the General tab in Windows XP): • Click Obtain DNS server address automatically if you do not know your DNS server IP address(es). • If you know your DNS server IP address(es), click Use the following DNS server addresses, and type them in the Preferred DNS server and Alternate DNS server fields.
Appendix D Setting up Your Computer’s IP Address If you have previously configured DNS servers, click Advanced and then the DNS tab to order them. Figure 138 Windows XP: Internet Protocol (TCP/IP) Properties 8 Click OK to close the Internet Protocol (TCP/IP) Properties window. 9 Click Close (OK in Windows 2000/NT) to close the Local Area Connection Properties window. 10 Close the Network Connections window (Network and Dial-up Connections in Windows 2000/NT).
Appendix D Setting up Your Computer’s IP Address Macintosh OS 8/9 1 Click the Apple menu, Control Panel and double-click TCP/IP to open the TCP/ IP Control Panel.
Appendix D Setting up Your Computer’s IP Address 2 Select Ethernet built-in from the Connect via list. Figure 140 Macintosh OS 8/9: TCP/IP 3 For dynamically assigned settings, select Using DHCP Server from the Configure: list. 4 For statically assigned settings, do the following: • From the Configure box, select Manually. • Type your IP address in the IP Address box. • Type your subnet mask in the Subnet mask box. • Type the IP address of your Prestige in the Router address box.
Appendix D Setting up Your Computer’s IP Address Macintosh OS X 1 Click the Apple menu, and click System Preferences to open the System Preferences window. Figure 141 Macintosh OS X: Apple Menu 2 Click Network in the icon bar. • Select Automatic from the Location list. • Select Built-in Ethernet from the Show list. • Click the TCP/IP tab. 3 For dynamically assigned settings, select Using DHCP from the Configure list.
Appendix D Setting up Your Computer’s IP Address 4 For statically assigned settings, do the following: • From the Configure box, select Manually. • Type your IP address in the IP Address box. • Type your subnet mask in the Subnet mask box. • Type the IP address of your Prestige in the Router address box. 5 Click Apply Now and close the window. 6 Turn on your Prestige and restart your computer (if prompted). Verifying Settings Check your TCP/IP properties in the Network window.
Appendix D Setting up Your Computer’s IP Address 2 Double-click on the profile of the network card you wish to configure. The Ethernet Device General screen displays as shown. Figure 144 Red Hat 9.0: KDE: Ethernet Device: General • If you have a dynamic IP address click Automatically obtain IP address settings with and select dhcp from the drop down list. • If you have a static IP address click Statically set IP Addresses and fill in the Address, Subnet mask, and Default Gateway Address fields.
Appendix D Setting up Your Computer’s IP Address 5 Click the Devices tab. 6 Click the Activate button to apply the changes. The following screen displays. Click Yes to save the changes in all screens. Figure 146 Red Hat 9.0: KDE: Network Configuration: Activate 7 After the network card restart process is complete, make sure the Status is Active in the Network Configuration screen.
Appendix D Setting up Your Computer’s IP Address • If you have a static IP address, enter static in the BOOTPROTO= field. Type IPADDR= followed by the IP address (in dotted decimal notation) and type NETMASK= followed by the subnet mask. The following example shows an example where the static IP address is 192.168.1.10 and the subnet mask is 255.255.255.0. Figure 148 Red Hat 9.0: Static IP Address Setting in ifconfig-eth0 DEVICE=eth0 ONBOOT=yes BOOTPROTO=static IPADDR=192.168.1.10 NETMASK=255.255.255.
Appendix D Setting up Your Computer’s IP Address 24.5.1 Verifying Settings Enter ifconfig in a terminal screen to check your TCP/IP properties. Figure 151 Red Hat 9.0: Checking TCP/IP Properties [root@localhost]# ifconfig eth0 Link encap:Ethernet HWaddr 00:50:BA:72:5B:44 inet addr:172.23.19.129 Bcast:172.23.19.255 Mask:255.255.255.
APPENDIX E Wireless LANs Wireless LAN Topologies This section discusses ad-hoc and infrastructure wireless LAN topologies. Ad-hoc Wireless LAN Configuration The simplest WLAN configuration is an independent (Ad-hoc) WLAN that connects a set of computers with wireless stations (A, B, C). Any time two or more wireless adapters are within range of each other, they can set up an independent network, which is commonly referred to as an Ad-hoc network or Independent Basic Service Set (IBSS).
Appendix E Wireless LANs with each other. When Intra-BSS is disabled, wireless station A and B can still access the wired network but cannot communicate with each other. Figure 153 Basic Service Set ESS An Extended Service Set (ESS) consists of a series of overlapping BSSs, each containing an access point, with each access point connected together by a wired network. This wired connection between APs is called a Distribution System (DS). This type of wireless LAN topology is called an Infrastructure WLAN.
Appendix E Wireless LANs An ESSID (ESS IDentification) uniquely identifies each ESS. All access points and their associated wireless stations within the same ESS must have the same ESSID in order to communicate. Figure 154 Infrastructure WLAN Channel A channel is the radio frequency(ies) used by IEEE 802.11a/b/g wireless devices. Channels available depend on your geographical area.
Appendix E Wireless LANs wireless gateway, but out-of-range of each other, so they cannot "hear" each other, that is they do not know if the channel is currently being used. Therefore, they are considered hidden from each other. Figure 155 RTS/CTS When station A sends data to the AP, it might not know that the station B is already using the channel.
Appendix E Wireless LANs Fragmentation Threshold A Fragmentation Threshold is the maximum data fragment size (between 256 and 2432 bytes) that can be sent in the wireless network before the AP will fragment the packet into smaller data frames. A large Fragmentation Threshold is recommended for networks not prone to interference while you should set a smaller threshold for busy networks or networks that are prone to interference.
Appendix E Wireless LANs several intermediate rate steps between the maximum and minimum data rates. The IEEE 802.11g data rate and modulation are as follows: Table 77 IEEE 802.11g DATA RATE (MBPS) MODULATION 1 DBPSK (Differential Binary Phase Shift Keyed) 2 DQPSK (Differential Quadrature Phase Shift Keying) 5.5 / 11 CCK (Complementary Code Keying) 6/9/12/18/24/36/ 48/54 OFDM (Orthogonal Frequency Division Multiplexing) IEEE 802.1x In June 2001, the IEEE 802.
Appendix E Wireless LANs Types of RADIUS Messages The following types of RADIUS messages are exchanged between the access point and the RADIUS server for user authentication: • Access-Request Sent by an access point requesting authentication. • Access-Reject Sent by a RADIUS server rejecting access. • Access-Accept Sent by a RADIUS server allowing access. • Access-Challenge Sent by a RADIUS server requesting more information in order to allow access.
Appendix E Wireless LANs However, MD5 authentication has some weaknesses. Since the authentication server needs to get the plaintext passwords, the passwords must be stored. Thus someone other than the authentication server may access the password file. In addition, it is possible to impersonate an authentication server as MD5 authentication method does not perform mutual authentication. Finally, MD5 authentication method does not support data encryption with dynamic session key.
Appendix E Wireless LANs If this feature is enabled, it is not necessary to configure a default encryption key in the Wireless screen. You may still configure and store keys here, but they will not be used while Dynamic WEP is enabled. Note: EAP-MD5 cannot be used with dynamic WEP key exchange For added security, certificate-based authentications (EAP-TLS, EAP-TTLS and PEAP) use dynamic keys for data encryption.
Appendix E Wireless LANs TKIP regularly changes and rotates the encryption keys so that the same encryption key is never used twice. The RADIUS server distributes a Pairwise Master Key (PMK) key to the AP that then sets up a key hierarchy and management system, using the pair-wise key to dynamically generate unique data encryption keys to encrypt every data packet that is wirelessly communicated between the AP and the wireless clients. This all happens in the background automatically.
Appendix E Wireless LANs 24.5.2 WPA(2)-PSK Application Example A WPA(2)-PSK application looks as follows. 1 First enter identical passwords into the AP and all wireless clients. The Pre-Shared Key (PSK) must consist of between 8 and 63 ASCII characters (including spaces and symbols). 2 The AP checks each wireless client's password and (only) allows it to join the network if the password matches. 3 The AP derives and distributes keys to the wireless clients.
Appendix E Wireless LANs Security Parameters Summary Refer to this table to see what other security parameters you should configure for each Authentication Method/ key management protocol type. MAC address filters are not dependent on how you configure these security features. Table 79 Wireless Security Relational Matrix AUTHENTICATION METHOD/ KEY MANAGEMENT PROTOCOL ENCRYPTIO ENTER IEEE 802.
APPENDIX F Services The following table lists some commonly-used services and their associated protocols and port numbers. • Name: This is a short, descriptive name for the service. You can use this one or create a different one, if you like. • Protocol: This is the type of IP protocol used by the service. If this is TCP/ UDP, then the service uses the same port number with TCP and UDP. If this is User-Defined, the Port(s) is the IP protocol number, not the port number.
Appendix F Services Table 80 Examples of Services (continued) 260 NAME PROTOCOL PORT(S) DESCRIPTION FTP TCP 20 TCP 21 File Transfer Program, a program to enable fast transfer of files, including large files that may not be possible by e-mail. H.323 TCP 1720 NetMeeting uses this protocol. HTTP TCP 80 Hyper Text Transfer Protocol - a client/ server protocol for the world wide web. HTTPS TCP 443 HTTPS is a secured http session often used in e-commerce.
Appendix F Services Table 80 Examples of Services (continued) NAME PROTOCOL PORT(S) DESCRIPTION POP3 TCP 110 Post Office Protocol version 3 lets a client computer get e-mail from a POP3 server through a temporary connection (TCP/IP or other). POP3S TCP 995 This is a more secure version of POP3 that runs over SSL. PPTP TCP 1723 Point-to-Point Tunneling Protocol enables secure transfer of data over public networks. This is the control channel.
Appendix F Services Table 80 Examples of Services (continued) 262 NAME PROTOCOL PORT(S) DESCRIPTION SSDP UDP 1900 The Simple Service Discovery Protocol supports Universal Plug-and-Play (UPnP). SSH TCP/UDP 22 Secure Shell Remote Login Program. STRM WORKS UDP 1558 Stream Works Protocol. SYSLOG UDP 514 Syslog allows you to send system logs to a UNIX server. TACACS UDP 49 Login Host Protocol used for (Terminal Access Controller Access Control System).
APPENDIX G Legal Information Copyright Copyright © 2009 by ZyXEL Communications Corporation. The contents of this publication may not be reproduced in any part or as a whole, transcribed, stored in a retrieval system, translated into any language, or transmitted in any form or by any means, electronic, mechanical, magnetic, optical, chemical, photocopying, manual, or otherwise, without the prior written permission of ZyXEL Communications Corporation. Published by ZyXEL Communications Corporation.
Appendix G Legal Information harmful interference to radio communications. However, there is no guarantee that interference will not occur in a particular installation. If this device does cause harmful interference to radio/television reception, which can be determined by turning the device off and on, the user is encouraged to try to correct the interference by one or more of the following measures: 1 Reorient or relocate the receiving antenna.
Appendix G Legal Information To reduce potential radio interference to other users, the antenna type and its gain should be so chosen that the EIRP is not more than required for successful communication. IMPORTANT NOTE: IC Radiation Exposure Statement: This equipment complies with IC radiation exposure limits set forth for an uncontrolled environment. This equipment should be installed and operated with minimum distance 20cm between the radiator & your body.
Appendix G Legal Information ZyXEL Limited Warranty ZyXEL warrants to the original end user (purchaser) that this product is free from any defects in materials or workmanship for a period of up to two years from the date of purchase.
Appendix G Legal Information 1 Grant of License for Personal Use ZyXEL Communications Corp. ("ZyXEL") grants you a non-exclusive, nonsublicense, non-transferable license to use the program with which this license is distributed (the "Software"), including any documentation files accompanying the Software ("Documentation"), for internal business use only, for up to the number of users specified in sales order and invoice.
Appendix G Legal Information permit third parties to link to the Software, or any part thereof. You may not use the Software, or any part thereof, in the operation of a service bureau or for the benefit of any other person or entity. You may not cause, assist or permit any third party to do any of the foregoing. Portions of the Software utilize or include third party software and other copyright material.
Appendix G Legal Information IN NO EVENT WILL ZyXEL BE LIABLE TO YOU OR ANY THIRD PARTY FOR ANY INCIDENTAL OR CONSEQUENTIAL DAMAGES (INCLUDING, WITHOUT LIMITATION, INDIRECT, SPECIAL, PUNITIVE, OR EXEMPLARY DAMAGES FOR LOSS OF BUSINESS, LOSS OF PROFITS, BUSINESS INTERRUPTION, OR LOSS OF BUSINESS INFORMATION) ARISING OUT OF THE USE OF OR INABILITY TO USE THE PROGRAM, OR FOR ANY CLAIM BY ANY OTHER PARTY, EVEN IF ZyXEL HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
Appendix G Legal Information 11 General This License Agreement shall be construed, interpreted and governed by the laws of Republic of China without regard to conflicts of laws provisions thereof. The exclusive forum for any disputes arising out of or relating to this License Agreement shall be an appropriate court or Commercial Arbitration Association sitting in ROC, Taiwan. This License Agreement shall constitute the entire Agreement between the parties hereto.
Index Index A Address Assignment 96 Alert 183 alternative subnet mask notation 222 AP 21 AP (Access Point) 249 AP Mode menu 56 overview 53 status screen 54 restore 189 content filtering 139 by keyword (in URL) 140 by web feature 140 copyright 263 CPU usage 31, 55 CTS (Clear to Send) 250 D AP+Bridge 21 Daylight saving 180 Auto-bridge 106 DDNS 127 see also Dynamic DNS service providers 128 B DHCP 34, 111 DHCP server see also Dynamic Host Configuration Protocol Backup configuration 188 Bandwidth mana
Index DynDNS see also DDNS 128 DynDNS Wildcard 127 H Hidden Node 249 HTTP 157 E Hyper Text Transfer Protocol 157 EAP Authentication 253 e-mail 90 Encryption 255 encryption 78 and local (user) database 78 key 79 WPA compatible 78 I IANA 228 IBSS 247 IEEE 802.
Index local (user) database 77 and encryption 78 Local Area Network 107 see also Network Basic Input/Output System 98 Network Address Translation 117, 120 Log 184 O M MAC 84 Operating Channel 31, 55 operating mode 21 MAC address 77, 97 cloning 51, 97 MAC address filter 77 MAC address filtering 84 P MAC filter 84 P2P 157 managing the device good habits 22 using the web configurator. See web configurator. using the WPS. See WPS.
Index Shared Secret Key 253 subnet mask 49, 220 RADIUS Message Types 253 subnetting 223 RADIUS Messages 253 registration product 266 Summary DHCP table 34 Packet statistics 35 Wireless station status 36 related documentation 3 syntax conventions 6 Remote management 159 and NAT 160 and the firewall 159 limitations 160 remote management session 159 system timeout 160 Sys Op Mode 191 RADIUS server 77 System General Setup 177 System Name 178 System name 40 vs computer name System restart 190 Reset b
Index VPN 102 W WAN IP address assignment 48 WAN (Wide Area Network) 95 WAN advanced 105 WAN IP address 48 WAN IP address assignment 50 WAN MAC address 97 warranty 266 note 266 Web Configurator how to access 27 Overview 27 complete 52 Internet connection 43 system information 40 wireless LAN 42 WLAN Interference 249 Security Parameters 258 World Wide Web 157 WPA compatible 78 WPA, WPA2 255 WPS 22 WWW 90, 157 X Xbox Live 157 Web configurator navigating 29 web configurator 22 WEP Encryption 82 WEP encrypt
Index 276 NBG-417N User’s Guide
