NBG-510S 802.11g Wireless Remote Access Broadband Gateway User’s Guide Version 1.00 7/2007 Edition 1 DEFAULT LOGIN IP Address http://192.168.1.1 User Name admin Password 1234 www.zyxel.
About This Guide About This Guide Intended Audience This manual is intended for home and small business network administrators who want to install and configure the ZyXEL Device. This guide assumes that the administrators who are familiar with basic network configuration. Related Documentation • Quick Start Guide The Quick Start Guide is designed to help you get up and running right away. It contains information on setting up your network and configuring for initial secure remote access to the LAN.
Document Conventions Document Conventions Warnings and Notes These are how warnings and notes are shown in this User’s Guide. 1 " Warnings tell you about things that could harm you or your device. Notes tell you other important information (for example, other things you may need to configure or helpful tips) or recommendations. Syntax Conventions • The NBG-510S may be referred to as the “ZyXEL Device”, the “device” or the “system” in this User’s Guide.
Document Conventions Icons Used in Figures Figures in this User’s Guide may use the following generic icons. The ZyXEL Device icon is not an exact representation of your device.
Safety Warnings Safety Warnings 1 For your safety, be sure to read and follow all warning notices and instructions. • Do NOT use this product near water, for example, in a wet basement or near a swimming pool. • Do NOT expose your device to dampness, dust or corrosive liquids. • Do NOT store things on the device. • Do NOT install, use, or service this device during a thunderstorm. There is a remote risk of electric shock from lightning. • Connect ONLY suitable accessories to the device.
Safety Warnings This product is recyclable. Dispose of it properly.
Safety Warnings 8 NBG-510S User’s Guide
Contents Overview Contents Overview Introduction ............................................................................................................................ 25 Introducing the ZyXEL Device ................................................................................................... 27 Hardware Connection ................................................................................................................ 29 The Web Configurator .............................................
Contents Overview Troubleshooting and Appendices ...................................................................................... 163 Troubleshooting .......................................................................................................................
Table of Contents Table of Contents About This Guide ...................................................................................................................... 3 Document Conventions............................................................................................................ 4 Safety Warnings........................................................................................................................ 6 Contents Overview ..................................................
Table of Contents 3.6 Device Reset ....................................................................................................................... 38 Chapter 4 Status ....................................................................................................................................... 39 4.1 Status Screen ..................................................................................................................... 39 Chapter 5 Setup Wizard ..................................
Table of Contents Chapter 8 WAN ......................................................................................................................................... 69 8.1 WAN IP Address Assignment .............................................................................................. 69 8.2 DNS Server Addresses ...................................................................................................... 69 8.3 WAN MAC Address ...........................................................
Table of Contents Part III: Security...................................................................................... 91 Chapter 13 Access Control........................................................................................................................ 93 13.1 Access Control Introduction ............................................................................................... 93 13.2 Quality of Service (QoS) ..........................................................................
Table of Contents Part V: Maintenance..............................................................................117 Chapter 17 System ................................................................................................................................... 119 17.1 System Overview ..............................................................................................................119 17.2 System General Screen ...........................................................................
Table of Contents Chapter 22 Manage Accessible LAN Resources ................................................................................... 141 22.1 Manage Servers Overview .............................................................................................. 141 22.2 Manage Servers Screen .................................................................................................. 141 22.2.1 Add/Edit Server Screen ..........................................................................
Table of Contents 26.1 Power, Hardware Connections, and LEDs ...................................................................... 165 26.2 ZyXEL Device Access and Login .................................................................................... 166 26.3 Internet Access ................................................................................................................ 167 26.4 Reset the ZyXEL Device to Its Factory Defaults ..............................................................
Table of Contents 18 NBG-510S User’s Guide
List of Figures List of Figures Figure 1 Secure Wired and Wireless Internet Access Through Broadband Modem or Router ............ 27 Figure 2 SSL-protected File Sharing for Remote Users ....................................................................... 28 Figure 3 Rear Panel .............................................................................................................................. 29 Figure 4 LEDs ......................................................................................
List of Figures Figure 39 ZyXEL Utility: Profile Encryption ............................................................................................. 56 Figure 40 Profile: Wireless Protocol Settings. ........................................................................................ 56 Figure 41 Profile: Confirm Save ............................................................................................................. 56 Figure 42 Profile: Activate ...........................................
List of Figures Figure 82 Firmware Upload: Reboot ................................................................................................... 126 Figure 83 Maintenance > Tools > Configuration ................................................................................... 127 Figure 84 Maintenance > Tools > Configuration: Upload .................................................................... 127 Figure 85 Maintenance > Tools > Configuration: Upload Restart ...................................
List of Figures Figure 125 Basic Service Set ............................................................................................................... 182 Figure 126 Infrastructure WLAN ........................................................................................................... 183 Figure 127 RTS/CTS ........................................................................................................................... 184 Figure 128 WPA(2) with RADIUS Application Example ...........
List of Tables List of Tables Table 1 Rear Panel ................................................................................................................................ 29 Table 2 LEDs ......................................................................................................................................... 30 Table 3 Title Bar: Web Configurator Icons ............................................................................................. 35 Table 4 Menu Summary ................
List of Tables Table 39 Maintenance > Tools > Diagnostic Tools ............................................................................... 130 Table 40 User Portal > Admin Info ....................................................................................................... 135 Table 41 User Portal > User Info ......................................................................................................... 137 Table 42 User Portal > User Info > Add .........................................
P ART I Introduction • • • • • Introducing the ZyWALL (19) Hardware Connection (29) The Web Configurator (31) Status (39) Setup Wizard (41) 25
CHAPTER 1 Introducing the ZyXEL Device This chapter introduces the main applications of the ZyXEL Device. 1.1 Overview The NBG-510S Wireless SSL Remote Access Gateway provides wireless connectivity, shared Internet access, and firewall protection. It also provides easy, secure remote user access for file sharing and management of home network computers. Figure 1 Secure Wired and Wireless Internet Access Through Broadband Modem or Router NBG-510S • The ZyXEL Device is easy to install and configure.
Chapter 1 Introducing the ZyXEL Device Figure 2 SSL-protected File Sharing for Remote Users NBG-510S https:// SSL Internet A The secure remote access portal also allows secure remote desktop connections for managing computers on your network. The secure remote access screens (user portal) includes the screens the remote users log into and use for secure file sharing and remote computer management. 1.
CHAPTER 2 Hardware Connection This chapter describes the port connections and LEDs. 2.1 Ports and Connectors This section describes the ports and connectors on the ZyXEL Device. Refer to the Quick Start Guide for information on connecting the ZyXEL Device for initial setup and basic configuration. Figure 3 Rear Panel The following table describes the port connections. Table 1 Rear Panel LABEL DESCRIPTION POWER Use the included power adaptor to connect the POWER socket to an appropriate power source.
Chapter 2 Hardware Connection 2.2 LEDs The following table describes the LEDs (lights) on the ZyXEL Device. Figure 4 LEDs Table 2 LEDs LED COLOR STATUS DESCRIPTION PWR Green On The ZyXEL Device is receiving power. Off The ZyXEL Device is not receiving power. On This port has a successful 100 Mbps connection. Blinking This port has a successful 100 Mbps connection and is sending/receiving data. On This port has a successful 10 Mbps connection.
CHAPTER 3 The Web Configurator This chapter introduces the web configurator and shows you how to log in as an administrator. 3.1 Web Configurator Overview The web configurator is an HTML-based management interface that allows easy ZyXEL Device setup and management via Internet browser. The recommended screen resolution is 1024 by 768 pixels. Use one of the following web browsers: • • • • Internet Explorer 5 (administrator login only), 6.0, or 7.0 Netscape Navigator 7.2 Mozilla 1.7.13, FireFox 1.5.0.
Chapter 3 The Web Configurator Figure 5 Login: Security Message 4 The Login screen appears. For administrator access, type the administrator user name (default: “admin”) and password (default: “1234”). For secure remote user access (using the user portal), type your remote user account’s user name and password (see Chapter 25 on page 155 for more on using the secure remote user screens). • If you are using a computer that is also used by others, select I am connecting via public computer.
Chapter 3 The Web Configurator Figure 7 Login: Initial Screen If another person is currently logged in using the administrator account, you are not able to log in and a message displays in the screen as shown next. Figure 8 Login: Admin Already Logged In 6 Another certificate screen displays. Click Yes to continue. • The ZyXEL Device automatically forwards administrator sessions to its HTTPS server on TCP port 8443.
Chapter 3 The Web Configurator Figure 9 Login Screen: Security Message for Administrator Login 7 The main screen displays. 3.3 Web Configurator Main Screen The Status screen is the main screen and it is the first screen that displays every time you access the web configurator as an administrator.
Chapter 3 The Web Configurator • B - navigation panel • C - main window • D - status bar 3.3.1 Title Bar The title bar provides some icons in the upper right corner. About Wizard Logout The icons provide the following functions. Table 3 Title Bar: Web Configurator Icons ICON DESCRIPTION Wizard Click this icon to open one of the web configurator wizard. About Click this icon to display basic information about the ZyXEL Device. Logout Click this icon to log out of the web configurator. 3.3.
Chapter 3 The Web Configurator Table 4 Menu Summary (continued) LINK TAB FUNCTION Management UPnP UPnP provides simple peer-to-peer network connectivity between devices. Static Route Use static routes to tell the ZyXEL Device about networks beyond the directly connected ones. Maintenance System General Configure the ZyXEL Device’s administrative settings. Time Setting Configure the ZyXEL Device’s time and date settings. Logs View log entries.
Chapter 3 The Web Configurator 3.4 Login Timeout By default, the web configurator automatically logs you out after 5 minutes (300 seconds) of inactivity. When this happens, a warning screen displays and you will be redirected to the login screen. Simply log into the web configurator again to continue your management tasks. Figure 11 Timeout Message 3.4.1 Changing Login Timeout To change the default login timeout period click Maintenance > General to display the following screen.
Chapter 3 The Web Configurator In the Old Password field, enter the current password. Enter the new password (up to 31 printable ASCII characters with no spaces allowed) in the New Password and the Re-type to Confirm fields. Click OK to save the changes. 3.6 Device Reset You can reset the ZyXEL Device using the RESET button. You need to reset your ZyXEL Device to the factory default settings if • you have changed the default administrator login password and have now forgotten it.
CHAPTER 4 Status This chapter explains the Status screen, which is the screen you see when you first log in to the ZyXEL Device. 4.1 Status Screen Use the Status screen to look at the ZyXEL Device’s general device information, system status, system resource usage, licensed service status, and interface status. To access this screen, click Status in the navigation panel. Figure 13 Status The following table describes the labels in this screen.
Chapter 4 Status Table 5 Status (continued) LABEL DESCRIPTION WAN MAC Address This field displays the MAC address assigned to the WAN interface. If you configured the WAN interface’s MAC address (see , the configured MAC address displays here instead of the factory default. Firmware Version This field displays the version number of the firmware the ZyXEL Device is currently using.
CHAPTER 5 Setup Wizard This chapter provides information on the Wizard setup screens in the web configurator. 5.1 Wizard Setup Overview Use the setup wizard screens to configure your Internet access settings. Follow the steps to configure the wizard screens. Click Next > in each wizard screen to continue. 1 To display the setup wizard, click Setup Wizard in the initial main screen. Figure 14 Wizard Welcome Screen 2 Create a new administrator password.
Chapter 5 Setup Wizard " You cannot use the admin account to access network resources. 3 Select the ZyXEL Device’s time zone and whether or not you use Daylight Saving Time. You can select a time server from the list or select Custom and enter another time server.
Chapter 5 Setup Wizard 5 Use DHCP client if your ISP did not give you any Internet access settings. Otherwise select the mode that your ISP uses and enter the Internet access settings exactly as the ISP provided them. Figure 18 Wizard: Internet Access 6 Wait while the ZyXEL Device applies your Internet access settings. Then click Next. Figure 19 Wizard: Applying Internet Settings 7 Click Close in the final wizard screen.
Chapter 5 Setup Wizard Figure 20 Wizard: Applying Internet Settings 44 NBG-510S User’s Guide
CHAPTER 6 Tutorials 6.1 Secure Remote Access Configuration Overview Here is a brief summary of how to configure secure remote access (user portal) screens to allow remote users to securely access and upload shared files on the computers on your network. See the Quick Start Guide for an example. 6.1.1 Configure Secure Remote Access This example is for a Windows computer. 1 Use Windows Explorer to share out the computer folders that the remote users can access.
Chapter 6 Tutorials 6.2.1 Configure the Computer to be Managed Here is how to configure Windows Remote Desktop Connection on the LAN computer that you want to manage (a Windows XP computer in this example). 1 From your computer desktop, right-click My Computer and select Properties. Figure 21 My Computer 2 Click the Remote tab, select Allow users to connect remotely to this computer, and click OK. This allows any of the computer’s administrator user accounts to remotely control the computer.
Chapter 6 Tutorials 6.2.2 Configure the ZyXEL Device You configure policies for the LAN computers to be managed in the ZyXEL Device’s User Portal > Desktop Links screens. 1 Log into the ZyXEL Device and click User Portal > Desktop Links. Click Manage View for the user you want to let control the LAN computer (bob in this example). Figure 23 User Portal > Desktop Links 2 Click the Add New Policy icon. Figure 24 User Portal > Desktop Links > Manage View 3 Configure the policy.
Chapter 6 Tutorials 6.2.3 Use the Secure Remote Desktop Connection 1 Open a browser window from a remote computer and log into the secure remote access screens using the bob account. Click OK, Yes, or Run in any security alert or certificate screens that display. See Section 25.2 on page 155 for more login details. Figure 26 Secure Remote Access Login 2 Click Desktop to open the following screen. Click RemoteDesktopAccess to open a screen with links for the LAN computers you can manage.
Chapter 6 Tutorials Figure 27 Desktop 3 Roll your mouse over the (example) link to display the loopback IP address and port number as shown next. The following steps show how to enter the loopback IP address and port number in the remote computer’s Windows Remote Desktop Connection software to use in communicating with the LAN computer you are managing. Figure 28 Desktop Links 4 Stay logged into the ZyXEL Device’s secure remote access portal.
Chapter 6 Tutorials Figure 29 Start > Programs > Accessories > Remote Desktop Connection 5 Enter the loopback IP address and port number from the desktop link (127.0.0.2 and 3389 in this example) separated by a colon, as shown here. Then click OK. Figure 30 Entering the IP Address and Port Number 6 A login screen opens for the LAN computer. After you log in using one of the LAN computer’s administrator accounts, you can manage the LAN computer.
Chapter 6 Tutorials 6.4 Example Parameters SSID SSID_Example3 Channel 6 Security WPA-PSK (Pre-Shared Key: ThisismyWPA-PSKpre-sharedkey) 802.11 mode IEEE 802.11b/g In this chapter, the ZyXEL Device is also referred to as an access point (AP). A computer with a wireless network card or USB/PCI adapter is referred to here as a “wireless client”. This chapter uses the M-302 utility screens as an example for the wireless client. The screens may vary for different models. 6.
Chapter 6 Tutorials Figure 32 Status: Wireless Settings Example 6 Now that you have configured the ZyXEL Device’s wireless settings, continue with the next section to configure wireless clients to connect to the ZyXEL Device. 6.6 Configuring the Wireless Client This section describes how to connect the wireless client to a network. 6.6.1 Connecting to a Wireless LAN The following sections show you how to join a ZyXEL wireless client (not included) to the wireless network.
Chapter 6 Tutorials This example illustrates how to manually connect your wireless client to an access point (AP) which is configured for WPA-PSK security and connected to the Internet. Before you connect to the access point, you must know its Service Set IDentity (SSID) and WPA-PSK pre-shared key. In this example, the SSID is “SSID_Example3” and the pre-shared key is “ThisismyWPA-PSKpre-sharedkey”.
Chapter 6 Tutorials Figure 34 ZyXEL Utility: Confirm Save 5 The ZyXEL utility returns to the Link Info screen while it connects to the wireless network using your settings. When the wireless link is established, the ZyXEL utility icon in the system tray turns green and the Link Info screen displays details of the active connection. Check the network information in the Link Info screen to verify that you have successfully connected to the selected network.
Chapter 6 Tutorials 1 Open the ZyXEL utility and click the Profile tab to open the screen shown next. Click Add to configure a new profile. Figure 36 ZyXEL Utility: Profile 2 The Add New Profile screen appears. The wireless client automatically searches for available wireless networks, which are displayed in the Scan Info box. Click on Scan if you want to search again. You can also configure your profile for a wireless network that is not in the list.
Chapter 6 Tutorials 5 This screen varies depending on the encryption method you selected in the previous screen. Enter the pre-shared key and leave the encryption type at the default setting. Figure 39 ZyXEL Utility: Profile Encryption 6 In the next screen, leave both boxes checked. Figure 40 Profile: Wireless Protocol Settings. 7 Verify the profile settings in the read-only screen. Click Save to save and go to the next screen.
Chapter 6 Tutorials " Only one profile can be activated and used at any given time. Figure 42 Profile: Activate 9 When you activate the new profile, the ZyXEL utility returns to the Link Info screen while it connects to the AP using your settings. When the wireless link is established, the ZyXEL utility icon in the system tray turns green and the Link Info screen displays details of the active connection. 10 Open your Internet browser, enter http://www.zyxel.
Chapter 6 Tutorials 58 NBG-510S User’s Guide
P ART II Network • • • • • • Wireless LAN (61) WAN (69) LAN (77) DHCP (79) NAT and Firewall (WAN to LAN) (81) DDNS (89) 59
CHAPTER 7 Wireless LAN This chapter discusses how to configure the wireless network settings in your ZyXEL Device. See Appendix C on page 181 for more detailed information about wireless networks. 7.1 Wireless Network Overview The following figure provides an example of a wireless network. Figure 43 Example of a Wireless Network The wireless network is the part in the blue circle. In this wireless network, devices A and B are called wireless clients.
Chapter 7 Wireless LAN • Every wireless client in the same wireless network must use security compatible with the AP. Security stops unauthorized devices from using the wireless network. It can also protect the information that is sent in the wireless network. 7.2 Wireless Security Overview The following table shows the relative strengths of common types of wireless security. Use the strongest security that every wireless client in the wireless network supports.
Chapter 7 Wireless LAN 7.2.2 User Authentication You can use WPA or WPA2 to have a RADIUS server authenticate users before they can use the wireless network. You store each user’s user name and password on the RADIUS server. However, every wireless client in the wireless network has to support IEEE 802.1x to do this. Unauthorized devices can still see the information that is sent in the wireless network, even if they cannot use the wireless network.
Chapter 7 Wireless LAN The following table describes the general wireless LAN labels in this screen. Table 7 Network > Wireless LAN LABEL DESCRIPTION Enable a Wireless LAN Click the check box to activate wireless LAN. Name(SSID) (Service Set IDentity) The SSID identifies the Service Set with which a wireless station is associated. Wireless stations associating to the access point (AP) must have the same SSID. Enter a descriptive name (up to 32 printable 7-bit ASCII characters) for the wireless LAN.
Chapter 7 Wireless LAN The following table describes the labels in this screen. Table 8 Network > Wireless LAN: No Security LABEL DESCRIPTION Server Type Choose No Security from the drop-down list box. Apply Click Apply to save your changes back to the ZyXEL Device. Cancel Click Cancel to begin configuring this screen afresh. 7.3.2 WEP Encryption WEP encryption scrambles the data transmitted between the wireless stations and the access points to keep network communications private.
Chapter 7 Wireless LAN The following table describes the wireless LAN security labels in this screen. Table 9 Network > Wireless LAN: Static WEP Encryption LABEL DESCRIPTION Passphrase Enter a passphrase (password phrase) of up to 32 printable characters and click Generate. The ZyXEL Device automatically generates four different WEP keys and displays them in the Key fields below. WEP Encryption Select 64-bit WEP, 128-bit WEP, or 152-bit WEP to enable data encryption.
Chapter 7 Wireless LAN The following table describes the labels in this screen. Table 10 Network > Wireless LAN: WPA-PSK/WPA2-PSK LABEL DESCRIPTION WPA Compatible This check box is available only when you select WPA2-PSK or WPA2 in the Server Type field. Select the check box to have both WPA2 and WPA wireless clients be able to communicate with the ZyXEL Device even when the ZyXEL Device is using WPA2-PSK or WPA2.
Chapter 7 Wireless LAN The following table describes the labels in this screen. Table 11 Network > Wireless LAN: WPA/WPA2 LABEL DESCRIPTION WPA Compatible This check box is available only when you select WPA2-PSK or WPA2 in the Server Type field. Select the check box to have both WPA2 and WPA wireless clients be able to communicate with the ZyXEL Device even when the ZyXEL Device is using WPA2-PSK or WPA2.
CHAPTER 8 WAN This chapter shows you how to configure the WAN screens on the ZyXEL Device for Internet access. 8.1 WAN IP Address Assignment Every computer on the Internet must have a unique IP address. The ZyXEL Device can get an IP address automatically if your ISP gives them out. If you have a static (fixed) IP address from the ISP, you can manually assign it to the ZyXEL Device’s WAN port. 8.2 DNS Server Addresses A DNS (Domain Name System) server maps domain names (like www.zyxel.
Chapter 8 WAN Figure 49 Network > WAN > Internet Connection: DHCP Client Encapsulation The following table describes the labels in this screen. Table 12 Network > WAN > Internet Connection: DHCP Client Encapsulation LABEL DESCRIPTION WAN MAC Address The MAC address section allows users to configure the WAN port's MAC address by either using the ZyXEL Device’s MAC address, cloning a computer’s IP address, or manually entering a MAC address.
Chapter 8 WAN Figure 50 Network > WAN > Internet Connection: Static IP Encapsulation The following table describes the labels in this screen. Table 13 Network > WAN > Internet Connection: Static IP Encapsulation LABEL DESCRIPTION IP Address Enter your WAN IP address in this field. Enter the IP address in dotted decimal notation, for example, 192.168.1.25. Subnet Mask Enter the IP subnet mask in this field. Gateway IP Address Enter a Gateway IP Address (if your ISP gave you one) in this field.
Chapter 8 WAN 8.6 WAN PPPoE Encapsulation The ZyXEL Device supports PPPoE (Point-to-Point Protocol over Ethernet) for a dial-up connection. If your Internet connection type is PPPoE, select the PPPoE option in the Network > WAN > Internet Connection screen. Figure 51 Network > WAN > Internet Connection: PPPoE Encapsulation The following table describes the labels in this screen.
Chapter 8 WAN Table 14 Network > WAN > Internet Connection: PPPoE Encapsulation (continued) LABEL DESCRIPTION OK Click OK to save your changes back to the ZyXEL Device. Cancel Click Cancel to begin configuring this screen afresh. 8.7 WAN PPTP Encapsulation Point-to-Point Tunneling Protocol (PPTP) is a network protocol that enables secure transfer of data from a remote client to a private server, creating a Virtual Private Network (VPN) using TCP/IP-based networks.
Chapter 8 WAN Table 15 Network > WAN > Internet Connection: PPTP Encapsulation (continued) LABEL DESCRIPTION Maximum idle Time Set how long the Internet connection can be idle before ZyXEL Device disconnects it. This only applies if you set the Internet connection to not be always on. Server IP Type the IP address of the PPTP server. IP Address Enter your WAN IP address in this field. You assign this IP address to the WAN interface temporarily to initiate the PPTP negotiation.
Chapter 8 WAN The following table describes the labels in this screen. Table 16 Network > WAN > Advanced LABEL DESCRIPTION Multicast Select None to turn off multicasting on the ZyXEL Device. If any of the LAN computers are using applications that use multicasting, select IGMP-v3 to have the ZyXEL Device proxy multicast traffic. This is especially useful for multimedia conferences over the Internet. Apply Click Apply to save the settings. Cancel Click Cancel to begin configuring this screen afresh.
Chapter 8 WAN 76 NBG-510S User’s Guide
CHAPTER 9 LAN This chapter describes the LAN screen you use to configure the LAN IP address on the ZyXEL Device. 9.1 LAN Overview Local Area Network (LAN) is a shared communication system to which many computers are attached. The LAN screens can help you configure a LAN DHCP server, manage IP addresses, and partition your physical network into logical networks. 9.1.1 Factory LAN Defaults The LAN parameters of the ZyXEL Device are preset in the factory with an IP address of 192.168.1.
Chapter 9 LAN 78 NBG-510S User’s Guide
CHAPTER 10 DHCP This chapter describes the DHCP screen you use to configure the DHCP server on the ZyXEL Device. 10.1 DHCP The ZyXEL Device has built-in DHCP server capability that assigns IP addresses and DNS servers to systems that support DHCP client capability. 10.1.1 Factory DHCP Defaults The LAN parameters of the ZyXEL Device are preset in the factory with the DHCP server enabled with 32 client IP addresses starting from 192.168.1.33. These parameters should work for the majority of installations.
Chapter 10 DHCP The following table describes the labels in this screen. Table 18 Network > DHCP > General LABEL DESCRIPTION Enable DHCP Server DHCP (Dynamic Host Configuration Protocol, RFC 2131 and RFC 2132) allows individual clients (computers) to obtain TCP/IP configuration at startup from a server. Select this option to enable this feature on the ZyXEL Device and configure the fields below. When configured as a server, the ZyXEL Device provides TCP/IP configuration for the clients.
CHAPTER 11 NAT and Firewall (WAN to LAN) This chapter discusses how to configure NAT on the ZyXEL Device. 11.1 NAT Overview NAT (Network Address Translation - NAT, RFC 1631) changes the IP address of a host in a packet. For example, the source address of an outgoing packet, used within one network is changed to a different IP address known within another network. 11.2 Port Forwarding and Firewall Incoming sessions (sessions initiated from the WAN and going to the LAN) are blocked by default.
Chapter 11 NAT and Firewall (WAN to LAN) " Some residential broadband ISP accounts do not allow you to run any server processes (such as a Web or FTP server) from your location. Your ISP may periodically check for servers and may suspend your account if it discovers any active services at your location. If you are unsure, refer to your ISP. 11.2.1 Configuring Servers Behind Port Forwarding Example The following example shows the IP addresses of computers on the LAN.
Chapter 11 NAT and Firewall (WAN to LAN) Figure 58 Network > NAT > Port Forwarding The following table describes the labels in this screen. Table 20 NAT Application LABEL DESCRIPTION Configuration Default Host Settings Default Host In addition to the servers for specified services, NAT supports a default server. A default server receives packets from ports that are not specified in the port forwarding list. Enable this option to be able to assign a default host.
Chapter 11 NAT and Firewall (WAN to LAN) Figure 59 Network > NAT > Port Forwarding > Add/Edit The following table describes the labels in this screen. Table 21 Network > NAT > Port Forwarding > Add/Edit 84 LABEL DESCRIPTION Connections to be made from Remote System Select Any to allow connections from any IP address or domain name. To only allow specific users to access the inside server, select Custom and specify an IP address or domain name.
Chapter 11 NAT and Firewall (WAN to LAN) 11.5 Trigger Port Forwarding Some services use a dedicated range of ports on the client side and a dedicated range of ports on the server side. With regular port forwarding you set a forwarding port in NAT to forward a service (coming in from the server on the WAN) to the IP address of a computer on the client side (LAN). The problem is that port forwarding only forwards a service to a single LAN IP address.
Chapter 11 NAT and Firewall (WAN to LAN) 2 If an application needs a continuous data stream, that port (range) will be tied up so that another computer on the LAN can’t trigger it. 11.6 Port Triggering Screen Click Network > NAT > Port Triggering to open the following screen. Use this screen to change your ZyXEL Device’s trigger port settings. " Only one LAN computer can use a trigger port (range) at a time.
Chapter 11 NAT and Firewall (WAN to LAN) Figure 62 Network > NAT > Port Triggering > Add/Edit The following table describes the labels in this screen. Table 23 Network > NAT > Port Triggering > Add/Edit LABEL DESCRIPTION Name Type a unique name (up to 16 alpha-numeric characters) for identification purposes. Underscores (_) and hyphens (-) are also allowed but other special characters and spaces are not.
Chapter 11 NAT and Firewall (WAN to LAN) 88 NBG-510S User’s Guide
CHAPTER 12 DDNS 12.1 Dynamic DNS DDNS (Dynamic DNS) lets you use a fixed domain name with a dynamic WAN IP address that changes. This way people can find a website, FTP server, or any other service that you host on a LAN computer behind the ZyXEL Device. You must first register a DDNS account with www.dyndns.org and create your domain names (like myhost.dhs.org). You will also be provided with a password that you need to enter in the ZyXEL Device. 12.
Chapter 12 DDNS Table 24 Network > DDNS LABEL DESCRIPTION Status This field displays the current usage status of the DDNS service record. Add icon This column provides icons to add, edit, and delete entries. Click the Add icon to go to the screen where you can configure a new entry. Click the Edit icon to go to the screen where you can edit the entry. Click the Delete icon to remove an entry. 12.3 DDNS Add/Edit Screen Click the Add or Edit icon in the Network > DDNS screen to open this screen.
P ART III Security • Access Control (93) • Content Filtering (101) 91
CHAPTER 13 Access Control This chapter gives some background information on firewalls and explains how to get started with the ZyXEL Device’s firewall. 13.1 Access Control Introduction Access control controls access going from computers on the LAN to the WAN (the Internet). It also allows you to use QoS to give higher priority to traffic from specific applications (like voice). " Configuring access control configures the firewall’s LAN to WAN settings.
Chapter 13 Access Control Figure 65 Priority Assignment Recommendations PRIORITY TYPE OF TRAFFIC TO USE FOR Medium Internet and chat since they are somewhat sensitive to delay. Low E-mail since it is important but can tolerate some delay. Lowest File transfers (like FTP) since they should not affect other applications and users. 13.3 Firewall Overview The ZyXEL Device acts as a secure gateway for all data passing between the Internet and the LAN.
Chapter 13 Access Control Access control applies to outgoing access (sessions initiated from the LAN and going to the WAN). All outgoing sessions are allowed by default.
Chapter 13 Access Control The following table describes the labels in this screen. Table 26 Security > Access Control LABEL DESCRIPTION Enable QoS Management Use QoS to give different priorities to the traffic for different applications. To do so, enable the QoS option here and use the Priority fields to assign different priorities to different applications. User Defined This section lists your custom firewall rules. Local Network This firewall rule applies to traffic sent from this LAN computer(s).
Chapter 13 Access Control Figure 68 Security > Access Control > Add/Edit The following table describes the labels in this screen. Table 27 Security > Access Control > Add/Edit LABEL DESCRIPTION Connections going to the Remote System This firewall rule applies to traffic sent to this Internet destination(s). You can select all destinations (Any), enter an IP address or domain name, enter an IP subnet, or enter a range of IP addresses.
Chapter 13 Access Control 13.6 Schedules Screen Click Security > Schedules to open the following screen. Use this screen to view the configured firewall schedules. Figure 69 Security > Schedules The following table describes the labels in this screen. Table 28 Security > Schedules LABEL DESCRIPTION Schedule Name This is the name you used to identify the schedule. Time 1~3 These sections list the days and times configured in the schedule.
Chapter 13 Access Control The following table describes the labels in this screen. Table 29 Security > Schedules > Add/Edit LABEL DESCRIPTION Time Window Name Specify a unique name to identify this schedule. Use up to 15 alphanumeric characters. Underscores (_) and hyphens (-) are also allowed but other special characters and spaces are not. Time Period 1~3 Use the drop-down list boxes to specify up to three time periods. Select upon which days of the week and during which times the schedule applies.
Chapter 13 Access Control 100 NBG-510S User’s Guide
CHAPTER 14 Content Filtering This chapter provides a brief overview of content filtering using the embedded web GUI. 14.1 Content Filter Screen Use content filtering to block certain web features such as ActiveX controls, Java applets, cookies and disable web proxies. You can also block access to URLs with certain keywords. Click Security > Content Filter to open the Content Filter screen. Figure 71 Content Filter: Filter The following table describes the labels in this screen.
Chapter 14 Content Filtering Table 30 Content Filter: Filter 102 LABEL DESCRIPTION Web Proxy A server that acts as an intermediary between a user and the Internet to provide security, administrative control, and caching service. When a proxy server is located on the WAN it is possible for LAN users to circumvent content filtering by pointing to this proxy server. Enable URL Keyword Blocking The ZyXEL Device can block Web sites with URLs that contain certain keywords in the domain name or IP address.
P ART IV Management • UPnP (105) • Static Route (113) 103
CHAPTER 15 UPnP This chapter introduces the Universal Plug and Play feature. This chapter is only applicable when the ZyXEL Device is in router mode. 15.1 Universal Plug and Play Overview Universal Plug and Play (UPnP) is a distributed, open networking standard that uses TCP/IP for simple peer-to-peer network connectivity between devices. A UPnP device can dynamically join a network, obtain an IP address, convey its capabilities and learn about other devices on the network.
Chapter 15 UPnP When a UPnP device joins a network, it announces its presence with a multicast message. For security reasons, the ZyXEL Device allows multicast messages on the LAN only. All UPnP-enabled devices may communicate freely with each other without additional configuration. Disable UPnP if this is not your intention. 15.1.4 UPnP and ZyXEL ZyXEL has achieved UPnP certification from the Universal Plug and Play Forum UPnP™ Implementers Corp. (UIC). ZyXEL's UPnP implementation supports IGD 1.
Chapter 15 UPnP 15.3.1 Installing UPnP in Windows Me Follow the steps below to install UPnP in Windows Me. 1 Click Start, Settings and Control Panel. Double-click Add/Remove Programs. 2 Click on the Windows Setup tab and select Communication in the Components selection box. Click Details. 3 In the Communications window, select the Universal Plug and Play check box in the Components selection box. 4 Click OK to go back to the Add/ Remove Programs Properties window and click Next.
Chapter 15 UPnP 15.3.2 Installing UPnP in Windows XP Follow the steps below to install UPnP in Windows XP. 1 Click Start, Settings and Control Panel. 2 Double-click Network Connections. 3 In the Network Connections window, click Advanced in the main menu and select Optional Networking Components …. The Windows Optional Networking Components Wizard window displays. 4 Select Networking Service in the Components selection box and click Details.
Chapter 15 UPnP 15.4.1 Auto-discover Your UPnP-enabled Network Device 1 Click Start and Control Panel. Double-click Network Connections. An icon displays under Internet Gateway. 2 Right-click the icon and select Properties. 3 In the Internet Connection Properties You may edit or delete the port mappings or window, click Settings to see the port click Add to manually add port mappings. mappings that were automatically created.
Chapter 15 UPnP " When the UPnP-enabled device is disconnected from your computer, all port mappings will be deleted automatically. 4 Select the Show icon in notification area when connected check box and click OK. An icon displays in the system tray. 5 Double-click the icon to display your current Internet connection status. 15.4.2 Web Configurator Easy Access With UPnP, you can access the web-based configurator on the ZyXEL device without finding out the IP address of the ZyXEL device first.
Chapter 15 UPnP Follow the steps below to access the web configurator. 1 Click Start and then Control Panel. 2 Double-click Network Connections. 3 Select My Network Places under Other Places. 4 An icon with the description for each UPnP-enabled device displays under Local Network. 5 Right-click the icon for your ZyXEL device and select Invoke. The web configurator login screen displays.
Chapter 15 UPnP 6 Right-click the icon for your ZyXEL device and select Properties. A properties window displays with basic information about the ZyXEL device.
CHAPTER 16 Static Route This chapter shows you how to configure static routes for your ZyXEL Device. 16.1 IP Static Route Each remote node specifies only the network to which the gateway is directly connected, and the ZyXEL Device has no knowledge of the networks beyond. For instance, the ZyXEL Device knows about network N2 in the following figure through remote node Router 1.
Chapter 16 Static Route Figure 74 Management > Static Route The following table describes the labels in this screen. Table 32 Management > Static Route LABEL DESCRIPTION # This is the number of an individual static route. Name This is the name that describes or identifies this route. Active This field shows whether this static route is active (Yes) or not (No). Destination This parameter specifies the IP network address of the final destination. Routing is always based on network number.
Chapter 16 Static Route The following table describes the labels in this screen. Table 33 Management > Static Route > Edit LABEL DESCRIPTION Route Name Enter the name of the IP static route. Leave this field blank to delete this static route. Active This field allows you to activate/deactivate this static route. Destination IP Address This parameter specifies the IP network address of the final destination. Routing is always based on network number.
Chapter 16 Static Route 116 NBG-510S User’s Guide
P ART V Maintenance • System (119) • Logs (123) • Tools (125) 117
CHAPTER 17 System This chapter provides information on the System screens. 17.1 System Overview See the chapter about wizard setup for more information on the next few screens. 17.2 System General Screen Click Maintenance > System to display the following screen.
Chapter 17 System The following table describes the labels in this screen. Table 34 Maintenance > System > General LABEL DESCRIPTION System Name System Name is a unique name to identify the ZyXEL Device in an Ethernet network. It is recommended you enter your computer’s “Computer name” in this field. This name can be up to 30 alphanumeric characters long. Spaces are not allowed, but dashes “-” and underscores "_" are accepted. Domain Name Enter the domain name (if you know it) here.
Chapter 17 System Figure 77 Maintenance > System > Time Setting The following table describes the labels in this screen. Table 35 Maintenance > System > Time Setting LABEL DESCRIPTION Current Time This field displays the date and time of your ZyXEL Device in month/day/year hour:minute:second format. Unless you configure the time manually, the ZyXEL Device synchronizes the time with the time server each time you reload this page. The text to the right explains how the time was obtained.
Chapter 17 System Table 35 Maintenance > System > Time Setting LABEL 122 DESCRIPTION Date (MM:DD:YYYY) Enter the new date in these fields. Configure Time Click Configure Time to have the ZyXEL Device start using the time you manually configured.
CHAPTER 18 Logs This chapter contains information about configuring general log settings and viewing the ZyXEL Device’s logs. Refer to the appendices for example log message explanations. 18.1 Logs Screen The web configurator allows you to look at all of the ZyXEL Device’s logs in one location. Click Maintenance > Logs to open the Logs screen. Log entries in red indicate system error logs. The log wraps around and deletes the old entries after it fills. Click a column heading to sort the entries.
Chapter 18 Logs Table 36 Maintenance > Logs 124 LABEL DESCRIPTION Message This field states the reason for the log. Source If the log was caused by an incoming packet, this field lists the packet’s source IP address and port number. Destination If the log was caused by an incoming packet, this field lists the packet’s destination IP address and port number.
CHAPTER 19 Tools This chapter shows you how to upload a new firmware, upload or save backup configuration files and restart the ZyXEL Device. 19.1 Firmware Upload Screen Find firmware at www.zyxel.com in a file that (usually) uses the system model name with a "*.bin" extension, e.g., "ZyXEL Device.bin". The upload process uses HTTPS (HyperText Transfer Protocol over Secure Socket Layer, or HTTP over SSL) and may take up to two minutes. After a successful upload, the system will reboot.
Chapter 19 Tools 1 Do not turn off the ZyXEL Device while firmware upload is in progress! 19.1.1 Upgrading Firmware The following steps describes the firmware upgrade process. 1 Specify the firmware file in the Firmware Upgrade screen and click Upload to start the file transfer process. 2 A warning screen displays as shown. Click OK to continue. Figure 80 Firmware Upload: Warning 3 A status bar displays to indicate that the file transfer process is in progress.
Chapter 19 Tools Figure 83 Maintenance > Tools > Configuration 19.2.1 Backup Configuration You can back up (save) the ZyXEL Device’s current configuration to a file on your computer. Once your ZyXEL Device is configured and functioning properly, it is highly recommended that you back up your configuration file before making configuration changes. The backup configuration file will be useful in case you need to return to your previous settings.
Chapter 19 Tools Figure 85 Maintenance > Tools > Configuration: Upload Restart " Do NOT turn off the ZyXEL Device while configuration file upload is in progress. 4 After the ZyXEL Device finishes rebooting, the login screen displays (you may need to refresh your browser to get it to appear). You may need to change the IP address of your computer to be in the same subnet as that of the ZyXEL Device LAN IP address (192.168.1.1). 19.2.
Chapter 19 Tools " Do NOT turn off the ZyXEL Device while it is restarting. 3 After the ZyXEL Device finishes rebooting, the login screen displays (you may need to refresh your browser to get it to appear). You may need to change the IP address of your computer to be in the same subnet as that of the default ZyXEL Device LAN IP address (192.168.1.1). You can also press the ZyXEL Device’s physical RESET button to reset the factory defaults of your ZyXEL Device. Refer to Section 3.
Chapter 19 Tools The following table describes the labels in this screen. Table 38 Maintenance > Tools > Box Access LABEL DESCRIPTION Application This column lists services and protocols that can be used to access the ZyXEL Device from the Internet. PING is used to test whether or not a host can be reached. Enable this to have the ZyXEL Device respond to pings from the WAN. SHP (HTTPS) Enable this to allow web configurator and secure remote access from the WAN.
Chapter 19 Tools Table 39 Maintenance > Tools > Diagnostic Tools LABEL DESCRIPTION Commit Click Commit to start the selected diagnostic test. Note: Previous results display along with the current results. You may need to wait a few seconds for the ZyXEL Device to perform the diagnostic test and display the current test’s results. Status The Status icon displays whether or not the service is allowed to access the ZyXEL Device from the Internet. Click it to activate or deactivate the service. 19.5.
Chapter 19 Tools 19.5.3 Diagnostic Tools DNS Resolve Results The DNS resolve results show which IP address the target domain name is using.
P ART VI Secure Remote Access (User Portal) • • • • • • Secure Remote Access Title (135) Secure Remote Access Title (135) Manage Accessible LAN Resources (141) Manage User Access Permissions (143) Secure Remote Desktop Control (151) Secure Remote Access Screens (155) 133
CHAPTER 20 Secure Remote Access Title This chapter describes how to configure the name the remote user sees in the secure remote access screens. See Section 6.1 on page 45 and Section 6.2 on page 45 for an overview of the secure remote access screens. 20.1 Configuring the Secure Remote Access Title The user portal is the secure remote access screens that the remote user uses to access shared files or secure remote desktop connections. Click User Portal > Admin Info to open the following screen.
Chapter 20 Secure Remote Access Title 136 NBG-510S User’s Guide
CHAPTER 21 Secure Remote Access User Info This chapter describes how to set up user accounts. 21.1 Overview A user account allows a remote user to use the secure remote access (user portal) screens to access resources on the LAN. See Chapter 23 on page 143 to configure the collection of resources that the user can access (called the remote user’s view). 21.2 User Info Screen Click Portal User > User Info to open the following screen. This screen lists the remote user accounts.
Chapter 21 Secure Remote Access User Info Figure 96 User Portal > User Info > Add The following table describes the labels in this screen. Table 42 User Portal > User Info > Add LABEL DESCRIPTION User Name Type the user name for this user account. Enter up to 16 alphanumeric characters, underscores (_), the at sign (@), or dashes (-), but the first character cannot be a number. This value is case-sensitive. User account and user group names must be unique. Spaces are not allowed.
Chapter 21 Secure Remote Access User Info The following table describes the labels in this screen. Table 43 User Portal > User Info LABEL DESCRIPTION From To Select the port user with the view that you want to copy and to which portal user you want to copy it. Sections to be copied Select which parts of the portal user’s view you want to copy to the other portal user. Submit Click Submit to modify the portal user’s view.
Chapter 21 Secure Remote Access User Info 140 NBG-510S User’s Guide
CHAPTER 22 Manage Accessible LAN Resources This chapter describes how to manage the list of servers that remote users can access. 22.1 Manage Servers Overview A user account allows a remote user to access resources on the LAN. Use the Manage Servers screens to list the servers that remote users can use after logging into the ZyXEL Device. A server can be a LAN computer or network access storage device.
Chapter 22 Manage Accessible LAN Resources Table 44 User Portal > Manage Servers (continued) LABEL DESCRIPTION User Name This field displays the user name used to access the computer. Anonymous displays if a user name and password are not required to access the server. Add icon This column provides icons to add, edit, and remove server entries. Click the Add icon to go to the screen where you can add an entry. Click the Edit icon to go to the screen where you can edit the server entry.
CHAPTER 23 Manage User Access Permissions This chapter describes how to manage the list of resources that each remote user can access. 23.1 Manage Views Overview A user account allows a remote user to access files on the LAN. Use the Manage Views screens to configure each user’s view (the collection of resources that the user can access). 23.2 Manage Views Screen Click Portal User > Manage Views to open the following screen. This screen lists the user accounts.
Chapter 23 Manage User Access Permissions 23.3 Manage a User’s View Click the Manage View icon in the Portal User > Manage Views screen to open this screen. Use this screen to manage the user’s view (what the user can access). Figure 101 User Portal > Manage Views > Manage View The following table describes the labels in this screen. Table 47 User Portal > Manage Views > Manage View LABEL DESCRIPTION User Views This screen is divided into photos, videos, music and folders sections.
Chapter 23 Manage User Access Permissions Figure 102 User Portal > Manage Views > Manage View > Add a .... Category The following table describes the labels in this screen. Table 48 User Portal > Manage Views > Manage View > Add a .... Category LABEL DESCRIPTION Category Name Enter a unique name to identify the category. Enter between 1 and 31 alphanumeric characters, underscores (_), the at sign (@), or dashes (-), but the first character cannot be a number.
Chapter 23 Manage User Access Permissions Table 49 User Portal > Manage Views > Manage View > Add Reference (continued) LABEL DESCRIPTION Workgroup This field displays the name of the workgroup to which the computer belongs. A workgroup is a group of computers on a network that can share files. Cancel Click Cancel to return to the top-level Manage Views screen without saving your changes. 23.5.1 Adding a Reference: Manually When adding a reference, click Click here to a add a reference manually.
Chapter 23 Manage User Access Permissions Figure 105 User Portal > Manage Views > Manage View > Add Reference > Configure Login The following table describes the labels in this screen. Table 51 User Portal > Manage Views > Manage View > Add Reference > Configure Login LABEL DESCRIPTION Server This is the server where the file is located. User Name Enter the user name that you need to use to access the shared folder on the server.
Chapter 23 Manage User Access Permissions The following table describes the labels in this screen. Table 52 Adding a Reference: Browsing the Shared Folders LABEL DESCRIPTION User This field displays the secure remote access account’s user name. Section This field displays the name of the section that you are working in. Category This field displays the name of the category to which you are adding a reference.
Chapter 23 Manage User Access Permissions Table 53 Adding a Reference: Browsing the Shared Folder Contents (continued) LABEL DESCRIPTION Size This lists the size of the file. Creation Date This lists the date and time that a folder was created or a file was last modified. Create Shortcut Select the check boxes next to the files that you want to add and click Create Shortcut to make them accessible to the portal user.
Chapter 23 Manage User Access Permissions 150 NBG-510S User’s Guide
CHAPTER 24 Secure Remote Desktop Control This chapter describes how to configure the ZyXEL Device to allow remote users to manage LAN computers. 24.1 Desktop Links Overview The ZyXEL Device’s desktop link policies allow remote users to use remote desktop connections to securely manage LAN computers. The remote user can control and work on the LAN computer as if he was actually there. He can install (or remove) software, run programs, change settings, open, copy, create, and delete files.
Chapter 24 Secure Remote Desktop Control Figure 109 User Portal > Desktop Links The following table describes the labels in this screen. Table 54 User Portal > Desktop Links LABEL DESCRIPTION User Name This field displays the user name of a (remote) user account. Action Click the Manage View icon to go to the screen where you can edit the list of LAN computers that the user can manage. 24.
Chapter 24 Secure Remote Desktop Control 24.4 Add Desktop Link Screen Click the Add or Edit icon in the User Portal > Desktop Links > Manage View screen to open this screen. Use this screen to create a new or edit an existing server entry. Figure 111 User Portal > Desktop Links > Manage View > Add The following table describes the labels in this screen.
Chapter 24 Secure Remote Desktop Control 154 NBG-510S User’s Guide
CHAPTER 25 Secure Remote Access Screens This chapter describes how to access and use the ZyXEL Device secure remote access screens (also called the secure remote access portal or user portal). 25.1 Secure Remote Access Screens Remote users use the secure remote access portal screens to access shared files, upload files, or manage LAN computers. 25.1.1 System Requirements The following lists the browser and computer system requirements for remote user access.
Chapter 25 Secure Remote Access Screens • If you are on the ZyXEL Device’s LAN, enter the ZyXEL Device’s LAN IP address (http://192.168.1.1 default). • If you are connecting through the Internet, enter the ZyXEL Device’s WAN IP address or domain name (DDNS lets the ZyXEL Device use a domain name even with a dynamic WAN IP address). 2 A security alert and/or certificate screen displays. Click OK and/or Yes to continue. Figure 112 Login: Security Message 3 The Login screen appears.
Chapter 25 Secure Remote Access Screens Figure 113 Login: Enter Account Information " The ZyXEL Device logs you out if your secure remote access session is idle for longer than the idle timeout set for your account (see Section 21.2.1 on page 137). Just log back in if this happens. 25.3 Secure Remote Access Screens Overview This is the first secure remote access portal screen you see after login.
Chapter 25 Secure Remote Access Screens The icons and language label at the top-right of the screen ( 1 ) are visible from most screens. Use the tabs at the top of the screen to navigate the secure remote access screens. The following table describes the ‘global’ icons and tabs in the secure remote access portal screens. Table 57 Secure Remote Access Global Labels and Icons LABEL/ICON DESCRIPTION Click the Logout icon at any time to exit the web configurator.
Chapter 25 Secure Remote Access Screens The following table describes the labels in this screen. Table 58 Secure Remote User File Browsing LABEL DESCRIPTION Up Level Click this to go up one level in the folder tree. Type The icon in this column identifies the entry as a folder or a file. Name / File Name This column identifies the names of folders or files in the category. Click a folder’s name to display the folder’s contents. Click a file’s file name to open the file.
Chapter 25 Secure Remote Access Screens 4 The file displays in the screen after the upload finishes. The file is now available to the other secure remote access users with user views configured to access this reference. Figure 120 File Uploaded 25.7 Desktop Screen Click the Desktop link at the top of the screen to open the main Desktop screen. The remote user uses this screen to find information on the LAN computers behind the ZyXEL Device that he can manage.
Chapter 25 Secure Remote Access Screens Figure 122 Desktop Links The following table describes the labels in this screen. Table 60 Desktop Links LABEL DESCRIPTION Up Level Click this to go up one level in the folder tree. Type The icon in this column identifies the entry as a computer that you can manage. File Name Roll your mouse over a link to open a tool tip with the loopback IP address and port number to use in your VNC or RDP client program to connect to the LAN computer.
Chapter 25 Secure Remote Access Screens 162 NBG-510S User’s Guide
P ART VII Troubleshooting and Appendices • • • • • • Troubleshooting (165) Product Specifications (171) Common Services (177) Legal Information (195) Customer Support (199) Index (205) 163
CHAPTER 26 Troubleshooting This chapter offers some suggestions to solve problems you might encounter. The potential problems are divided into the following categories. • Power, Hardware Connections, and LEDs • ZyXEL Device Access and Login • Internet Access 26.1 Power, Hardware Connections, and LEDs V The ZyXEL Device does not turn on. None of the LEDs turn on. 1 Make sure you are using the power adaptor or cord included with the ZyXEL Device.
Chapter 26 Troubleshooting 26.2 ZyXEL Device Access and Login V I forgot the IP address for the ZyXEL Device. 1 The default IP address is 192.168.1.1. 2 Use the console port to log in to the ZyXEL Device. 3 If you changed the IP address and have forgotten it, you might get the IP address of the ZyXEL Device by looking up the IP address of the default gateway for your computer. To do this in most Windows computers, click Start > Run, enter cmd, and then enter ipconfig.
Chapter 26 Troubleshooting 6 If the problem continues, contact the network administrator or vendor, or try one of the advanced suggestions. Advanced Suggestions • Try to access the ZyXEL Device using another service, such as Telnet. If you can access the ZyXEL Device, check the remote management settings, firewall rules, and filters to find out why the ZyXEL Device does not respond to HTTP.
Chapter 26 Troubleshooting 2 If you deploy the ZyXEL Device as a new gateway, make sure you entered your ISP account information correctly in the wizard. These fields are case-sensitive, so make sure [Caps Lock] is not on. 3 If you connect the ZyXEL Device behind another gateway, make sure the WAN connection is up. 4 Disconnect all the cables from your device, and follow the directions in the Quick Start Guide again. 5 If the problem continues, contact your ISP. V I cannot access the Internet anymore.
Chapter 26 Troubleshooting To reset the ZyXEL Device, 1 Make sure the PWR LED is on and not blinking. 2 Use a pointed object to press the RESET button in for five seconds and release it. If the ZyXEL Device restarts automatically, wait for the ZyXEL Device to finish restarting, and log in to the web configurator. The LAN IP address is 192.168.1.1. The user name is “admin”. The password is “1234”. If the ZyXEL Device does not restart automatically, disconnect and reconnect the ZyXEL Device’s power.
Chapter 26 Troubleshooting 170 NBG-510S User’s Guide
APPENDIX A Product Specifications The following tables summarize the ZyXEL Device’s hardware and firmware features. Table 61 Hardware Specifications Dimensions 190(W) x 150 (D) x 33 (H) mm Ethernet Ports 5 auto-negotiating: 10 Mbps or 100 Mbps in either half-duplex or full-duplex mode. Auto-crossover: Use either crossover or straight-through Ethernet cables.
Appendix A Product Specifications Table 62 Firmware Specifications FEATURE DESCRIPTION Configuration Backup & Restoration Make a copy of the ZyXEL Device’s configuration. You can put it back on the ZyXEL Device later if you decide to revert back to an earlier configuration. SSL Your ZyXEL Device provides an end-to-end Secure Socket Layer based connection that allows remote users to securely and easily access files on the intranet or manage intranet computers.
Appendix A Product Specifications Table 63 Standards Supported (continued) STANDARD DESCRIPTION IEEE 802.11d Standard for Local and Metropolitan Area Networks: Media Access Control (MAC) Bridges IEEE 802.11x Port Based Network Access Control. IEEE 802.11e QoS IEEE 802.11 e Wireless LAN for Quality of Service Microsoft PPTP MS PPTP (Microsoft's implementation of Point to Point Tunneling Protocol) Wall-mounting Instructions Complete the following steps to hang your ZyXEL Device on a wall.
Appendix A Product Specifications Figure 123 Wall-mounting Example Cable Pin Assignments Table 64 Ethernet Cable Pin Assignments WAN / LAN ETHERNET CABLE PIN LAYOUT Straight-through Crossover (Switch) (Adapter) (Switch) (Switch) 1 IRD + 1 OTD + 1 IRD + 1 IRD + 2 IRD - 2 OTD - 2 IRD - 2 IRD - 3 OTD + 3 IRD + 3 OTD + 3 OTD + 6 OTD - 6 IRD - 6 OTD - 6 OTD - Power Adaptor Specifications Table 65 US Power Adaptor Specifications AC Power Adaptor Model 30-112-122204B Input Power AC 120
Appendix A Product Specifications Table 66 EU Power Adaptor Specifications Power Consumption 12 W Safety Standards ITS, GS, and CE NBG-510S User’s Guide 175
Appendix A Product Specifications 176 NBG-510S User’s Guide
APPENDIX B Common Services The following table lists some commonly-used services and their associated protocols and port numbers. For a comprehensive list of port numbers, ICMP type/code numbers and services, visit the IANA (Internet Assigned Number Authority) web site. • Name: This is a short, descriptive name for the service. You can use this one or create a different one, if you like. • Protocol: This is the type of IP protocol used by the service.
Appendix B Common Services Table 67 Commonly Used Services (continued) 178 NAME PROTOCOL PORT(S) DESCRIPTION FTP TCP TCP 20 21 File Transfer Program, a program to enable fast transfer of files, including large files that may not be possible by e-mail. H.323 TCP 1720 NetMeeting uses this protocol. HTTP TCP 80 Hyper Text Transfer Protocol - a client/ server protocol for the world wide web. HTTPS TCP 443 HTTPS is a secured http session often used in e-commerce.
Appendix B Common Services Table 67 Commonly Used Services (continued) NAME PROTOCOL PORT(S) DESCRIPTION RTELNET TCP 107 Remote Telnet. RTSP TCP/UDP 554 The Real Time Streaming (media control) Protocol (RTSP) is a remote control for multimedia on the Internet. SFTP TCP 115 Simple File Transfer Protocol. SMTP TCP 25 Simple Mail Transfer Protocol is the message-exchange standard for the Internet. SMTP enables you to move messages from one e-mail server to another.
Appendix B Common Services 180 NBG-510S User’s Guide
APPENDIX C Wireless LANs Wireless LAN Topologies This section discusses ad-hoc and infrastructure wireless LAN topologies. Ad-hoc Wireless LAN Configuration The simplest WLAN configuration is an independent (Ad-hoc) WLAN that connects a set of computers with wireless adapters (A, B, C). Any time two or more wireless adapters are within range of each other, they can set up an independent network, which is commonly referred to as an ad-hoc network or Independent Basic Service Set (IBSS).
Appendix C Wireless LANs Figure 125 Basic Service Set ESS An Extended Service Set (ESS) consists of a series of overlapping BSSs, each containing an access point, with each access point connected together by a wired network. This wired connection between APs is called a Distribution System (DS). This type of wireless LAN topology is called an Infrastructure WLAN. The Access Points not only provide communication with the wired network but also mediate wireless network traffic in the immediate neighborhood.
Appendix C Wireless LANs Figure 126 Infrastructure WLAN Channel A channel is the radio frequency(ies) used by wireless devices to transmit and receive data. Channels available depend on your geographical area. You may have a choice of channels (for your region) so you should use a channel different from an adjacent AP (access point) to reduce interference. Interference occurs when radio signals from different access points overlap causing interference and degrading performance.
Appendix C Wireless LANs Figure 127 RTS/CTS When station A sends data to the AP, it might not know that the station B is already using the channel. If these two stations send data at the same time, collisions may occur when both sets of data arrive at the AP at the same time, resulting in a loss of messages for both stations. RTS/CTS is designed to prevent collisions due to hidden nodes.
Appendix C Wireless LANs If the Fragmentation Threshold value is smaller than the RTS/CTS value (see previously) you set then the RTS (Request To Send)/CTS (Clear to Send) handshake will never occur as data frames will be fragmented before they reach RTS/CTS size. Preamble Type Preamble is used to signal that data is coming to the receiver. Short and long refer to the length of the synchronization field in a packet.
Appendix C Wireless LANs Wireless security methods available on the ZyXEL Device are data encryption, wireless client authentication, restricting access by device MAC address and hiding the ZyXEL Device identity. The following figure shows the relative effectiveness of these wireless security methods available on your ZyXEL Device.
Appendix C Wireless LANs Determines the network services available to authenticated users once they are connected to the network. • Accounting Keeps track of the client’s network activity. RADIUS is a simple package exchange in which your AP acts as a message relay between the wireless client and the network RADIUS server.
Appendix C Wireless LANs For EAP-TLS authentication type, you must first have a wired connection to the network and obtain the certificate(s) from a certificate authority (CA). A certificate (also called digital IDs) can be used to authenticate users and a CA issues certificates and guarantees the identity of each certificate owner. EAP-MD5 (Message-Digest Algorithm 5) MD5 authentication is the simplest one-way authentication method. The authentication server sends a challenge to the wireless client.
Appendix C Wireless LANs Dynamic WEP Key Exchange The AP maps a unique key that is generated with the RADIUS server. This key expires when the wireless connection times out, disconnects or reauthentication times out. A new WEP key is generated each time reauthentication is performed. If this feature is enabled, it is not necessary to configure a default encryption key in the wireless security configuration screen.
Appendix C Wireless LANs Encryption Both WPA and WPA2 improve data encryption by using Temporal Key Integrity Protocol (TKIP), Message Integrity Check (MIC) and IEEE 802.1x. WPA and WPA2 use Advanced Encryption Standard (AES) in the Counter mode with Cipher block chaining Message authentication code Protocol (CCMP) to offer stronger encryption than TKIP. TKIP uses 128-bit keys that are dynamically generated and distributed by the authentication server.
Appendix C Wireless LANs Wireless Client WPA Supplicants A wireless client supplicant is the software that runs on an operating system instructing the wireless client how to use WPA. At the time of writing, the most widely available supplicant is the WPA patch for Windows XP, Funk Software's Odyssey client. The Windows XP patch is a free download that adds WPA capability to Windows XP's builtin "Zero Configuration" wireless client. However, you must run Windows XP to use it.
Appendix C Wireless LANs 3 The AP and wireless clients generate a common PMK (Pairwise Master Key). The key itself is not sent over the network, but is derived from the PSK and the SSID. 4 The AP and wireless clients use the TKIP or AES encryption process, the PMK and information exchanged in a handshake to create temporal encryption keys. They use these keys to encrypt data exchanged between them.
Appendix C Wireless LANs Antenna Overview An antenna couples RF signals onto air. A transmitter within a wireless device sends an RF signal to the antenna, which propagates the signal through the air. The antenna also operates in reverse by capturing RF signals from the air. Positioning the antennas properly increases the range and coverage area of a wireless LAN. Antenna Characteristics Frequency An antenna in the frequency of 2.4GHz (IEEE 802.11b and IEEE 802.11g) or 5GHz (IEEE 802.
Appendix C Wireless LANs Positioning Antennas In general, antennas should be mounted as high as practically possible and free of obstructions. In point-to–point application, position both antennas at the same height and in a direct line of sight to each other to attain the best performance. For omni-directional antennas mounted on a table, desk, and so on, point the antenna up. For omni-directional antennas mounted on a wall or ceiling, point the antenna down.
APPENDIX D Legal Information Copyright Copyright © 2007 by ZyXEL Communications Corporation. The contents of this publication may not be reproduced in any part or as a whole, transcribed, stored in a retrieval system, translated into any language, or transmitted in any form or by any means, electronic, mechanical, magnetic, optical, chemical, photocopying, manual, or otherwise, without the prior written permission of ZyXEL Communications Corporation. Published by ZyXEL Communications Corporation.
Appendix D Legal Information 3 Connect the equipment into an outlet on a circuit different from that to which the receiver is connected. 4 Consult the dealer or an experienced radio/TV technician for help. FCC Radiation Exposure Statement • This transmitter must not be co-located or operating in conjunction with any other antenna or transmitter. • IEEE 802.11b or 802.11g operation of this product in the U.S.A. is firmware-limited to channels 1 through 11.
Appendix D Legal Information ZyXEL Limited Warranty ZyXEL warrants to the original end user (purchaser) that this product is free from any defects in materials or workmanship for a period of up to two years from the date of purchase.
Appendix D Legal Information 198 NBG-510S User’s Guide
APPENDIX E Customer Support Please have the following information ready when you contact customer support. Required Information • • • • Product model and serial number. Warranty Information. Date that you received your device. Brief description of the problem and the steps you took to solve it. “+” is the (prefix) number you dial to make an international telephone call. Corporate Headquarters (Worldwide) • • • • • • • Support E-mail: support@zyxel.com.tw Sales E-mail: sales@zyxel.com.
Appendix E Customer Support • Regular Mail: ZyXEL Communications, Czech s.r.o., Modranská 621, 143 01 Praha 4 Modrany, Ceská Republika Denmark • • • • • • Support E-mail: support@zyxel.dk Sales E-mail: sales@zyxel.dk Telephone: +45-39-55-07-00 Fax: +45-39-55-07-07 Web: www.zyxel.dk Regular Mail: ZyXEL Communications A/S, Columbusvej, 2860 Soeborg, Denmark Finland • • • • • • Support E-mail: support@zyxel.fi Sales E-mail: sales@zyxel.fi Telephone: +358-9-4780-8411 Fax: +358-9-4780-8448 Web: www.zyxel.
Appendix E Customer Support India • • • • • • Support E-mail: support@zyxel.in Sales E-mail: sales@zyxel.in Telephone: +91-11-30888144 to +91-11-30888153 Fax: +91-11-30888149, +91-11-26810715 Web: http://www.zyxel.in Regular Mail: India - ZyXEL Technology India Pvt Ltd., II-Floor, F2/9 Okhla Phase -1, New Delhi 110020, India Japan • • • • • • Support E-mail: support@zyxel.co.jp Sales E-mail: zyp@zyxel.co.jp Telephone: +81-3-6847-3700 Fax: +81-3-6847-3705 Web: www.zyxel.co.
Appendix E Customer Support • Regular Mail: ZyXEL Communications Inc., 1130 N. Miller St., Anaheim, CA 928062001, U.S.A. Norway • • • • • • Support E-mail: support@zyxel.no Sales E-mail: sales@zyxel.no Telephone: +47-22-80-61-80 Fax: +47-22-80-61-81 Web: www.zyxel.no Regular Mail: ZyXEL Communications A/S, Nils Hansens vei 13, 0667 Oslo, Norway Poland • • • • • E-mail: info@pl.zyxel.com Telephone: +48-22-333 8250 Fax: +48-22-333 8251 Web: www.pl.zyxel.com Regular Mail: ZyXEL Communications, ul.
Appendix E Customer Support Sweden • • • • • • Support E-mail: support@zyxel.se Sales E-mail: sales@zyxel.se Telephone: +46-31-744-7700 Fax: +46-31-744-7701 Web: www.zyxel.se Regular Mail: ZyXEL Communications A/S, Sjöporten 4, 41764 Göteborg, Sweden Thailand • • • • • • Support E-mail: support@zyxel.co.th Sales E-mail: sales@zyxel.co.th Telephone: +662-831-5315 Fax: +662-831-5395 Web: http://www.zyxel.co.th Regular Mail: ZyXEL Thailand Co., Ltd.
Appendix E Customer Support 204 NBG-510S User’s Guide
Index Index A access control 93 access point, See AP 61 ActiveX 101 address assignment 69 administrator password, change 37 Advanced Encryption Standard See AES.
Index F factory DHCP defaults 79 factory LAN defaults 77 FCC interference statement 195 file browsing 158, 159 firewall 93, 94 and NAT port forwarding 95 custom rules 94 default settings 94, 95 stateful inspection 94 firmware current version 40 file extension 125 upload 125 force logout 33 fragmentation threshold 184 front panel ports 29 G global icons 158 global labels 158 H hidden node 183 hide SSID 62 HTTPS 31 firmware upload 125 humidity 171 I IBSS 181 icons 158 global 158 logout 158 IEEE 802.
Index traversal 105 Network Address Translation, See NAT 81 O operation environment 171 own computer 32, 156 P Pairwise Master Key (PMK) 190, 192 Point-to-Point Protocol over Ethernet, See PPPoE 72 Point-to-Point Tunneling Protocol, See PPTP 73 port connection 29 port forwarding 81, 82 default server 81 local server 82 port numbers services portal file browsing 158, 159 login 155 screens 155 sharing screen 158 system requirements 155 power adaptor specifications 174 PPPoE encapsulation 72 PPTP 73 encapsu
Index T temperature 171 Temporal Key Integrity Protocol (TKIP) 190 time setting 120 trigger port 85 trigger port forwarding 85 example 85 process 85 tutorial 50 U Universal Plug and Play. See UPnP. UPnP 105, 106 examples 106 forum 106 NAT traversal 105 UPnP Implementers Corp.
Index WPA-PSK 189, 190 application example 191 NBG-510S User’s Guide 209
Index 210 NBG-510S User’s Guide