NBG-460N Wireless N Gigabit Router Default Login Details IP Address http://192.168.1.1 Password 1234 Firmware Version 3.60 Edition 3, 9/2009 www.zyxel.com www.zyxel.
About This User's Guide About This User's Guide Intended Audience This manual is intended for people who want to configure the NBG-460N using the Web Configurator. You should have at least a basic knowledge of TCP/IP networking concepts and topology. Related Documentation • Quick Start Guide The Quick Start Guide is designed to help you get up and running right away. It contains information on setting up your network and configuring for Internet access.
About This User's Guide • Date that you received your device. Brief description of the problem and the steps you took to solve it.
Document Conventions Document Conventions Warnings and Notes These are how warnings and notes are shown in this User’s Guide. Warnings tell you about things that could harm you or your device. Note: Notes tell you other important information (for example, other things you may need to configure or helpful tips) or recommendations. Syntax Conventions • The NBG-460N may be referred to as the “NBG-460N”, the “device”, the “product” or the “system” in this User’s Guide.
Document Conventions Icons Used in Figures Figures in this User’s Guide may use the following generic icons. The NBG-460N icon is not an exact representation of your device.
Safety Warnings Safety Warnings • Do NOT use this product near water, for example, in a wet basement or near a swimming pool. • Do NOT expose your device to dampness, dust or corrosive liquids. • Do NOT store things on the device. • Do NOT install, use, or service this device during a thunderstorm. There is a remote risk of electric shock from lightning. • Connect ONLY suitable accessories to the device. • Do NOT open the device or unit.
Safety Warnings 8 NBG-460N User’s Guide
Contents Overview Contents Overview Introduction ............................................................................................................................ 21 Getting to Know Your NBG-460N .............................................................................................. 23 The WPS Button ........................................................................................................................ 33 Introducing the Web Configurator ..................................
Contents Overview 10 NBG-460N User’s Guide
Table of Contents Table of Contents About This User's Guide .......................................................................................................... 3 Document Conventions............................................................................................................ 5 Safety Warnings........................................................................................................................ 7 Contents Overview .......................................................
Table of Contents 3.5.1 Navigation Panel ........................................................................................................ 41 3.5.2 Summary: Any IP Table ............................................................................................. 43 3.5.3 Summary: Bandwidth Management Monitor 3.5.4 Summary: DHCP Table ........................................................... 43 ........................................................................................... 44 3.5.
Table of Contents 5.4 Bandwidth Management for your Network .......................................................................... 83 5.4.1 Configuring Bandwidth Management by Application .................................................. 83 5.4.2 Configuring Bandwidth Management by Custom Application .................................... 84 5.4.3 Configuring Bandwidth Allocation by IP or IP Range ................................................. 84 Chapter 6 AP Mode.....................................
Table of Contents 7.12.2 Quality of Service ................................................................................................... 123 7.13 WiFi Protected Setup ....................................................................................................... 124 7.13.1 iPod Touch Web Configurator ................................................................................ 124 7.13.2 Login Screen ..........................................................................................
Table of Contents 10.1 Overview .......................................................................................................................... 157 10.2 What You Can Do ............................................................................................................ 157 10.3 What You Need To Know ................................................................................................ 157 10.4 DHCP General Screen ..................................................................
Table of Contents Chapter 14 Content Filtering ................................................................................................................... 189 14.1 Overview .......................................................................................................................... 189 14.2 What You Can Do ............................................................................................................ 189 14.3 What You Need To Know ..........................................
Table of Contents 16.3 IP Static Route Screen .................................................................................................... 232 16.3.1 Static Route Setup Screen ................................................................................... 233 Chapter 17 Bandwidth Management....................................................................................................... 235 17.1 Overview ......................................................................................
Table of Contents Part V: Maintenance and Troubleshooting........................................ 261 Chapter 20 System ................................................................................................................................... 263 20.1 Overview .......................................................................................................................... 263 20.2 What You Can Do .............................................................................................
Table of Contents 24.4 General Screen ............................................................................................................... 301 Chapter 25 Language ............................................................................................................................... 303 25.1 Language Screen ............................................................................................................ 303 Chapter 26 Troubleshooting............................................
Table of Contents 20 NBG-460N User’s Guide
P ART I Introduction Getting to Know Your NBG-460N (23) The WPS Button (33) Introducing the Web Configurator (35) Connection Wizard (49) AP Mode (87) Tutorials (67) 21
CHAPTER 1 Getting to Know Your NBG-460N 1.1 Overview This chapter introduces the main features and applications of the NBG-460N. The NBG-460N extends the range of your existing wired network without additional wiring, providing easy network access to mobile users. You can set up a wireless network with other IEEE 802.11b/g/n compatible devices. A range of services such as a firewall, IPSec VPN and content filtering are also available for secure Internet computing.
Chapter 1 Getting to Know Your NBG-460N • IPTV. Connect a Set-Top Box (STB) to your NBG-460N to watch Live TV and/or Video On Demand (VOD) on your television screen. Figure 1 NBG-460N Network LAN 1 LAN 2 LAN 3 STB NBG460N WLAN TV 1.3 Wireless Applications The NBG-460N also uses MIMO (Multiple-Input, Multiple-Output) antenna technology and Gigabit Ethernet ports to deliver high-speed wireless networking.
Chapter 1 Getting to Know Your NBG-460N The following figure shows computers in a WLAN connecting to the NBG-460N (A), which has a DSL connection to the Internet. The NBG-460N is set to Router Mode and has router features such as a built-in firewall (B). Figure 2 Secure Wireless Internet Access in Router Mode A B 1.3.2 AP Mode Select AP Mode if you already have a router or gateway on your network which provides network services such as a firewall or bandwidth management.
Chapter 1 Getting to Know Your NBG-460N Using AP + Bridge mode, your NBG-460N can extend the range of the WLAN. In the figure below, A and B act as AP + Bridge devices that forward traffic between associated wireless workstations and the wired LAN. When the NBG-460N is in AP + Bridge mode, security between APs (the Wireless Distribution System or WDS) is independent of the security between the wireless stations and the AP. If you do not enable WDS security, traffic between APs is not encrypted.
Chapter 1 Getting to Know Your NBG-460N Once the security settings of peer sides match one another, the connection between devices is made. Figure 5 Bridge Application In the example below, when both NBG-460Ns are in Bridge mode, they form a WDS (Wireless Distribution System) allowing the computers in LAN 1 to connect to the computers in LAN 2. Figure 6 Bridging Example Be careful to avoid bridge loops when you enable bridging in the NBG-460N.
Chapter 1 Getting to Know Your NBG-460N • If two or more NBG-460Ns (in bridge mode) are connected to the same hub. Figure 7 Bridge Loop: Two Bridges Connected to Hub • If your NBG-460N (in bridge mode) is connected to a wired LAN while communicating with another wireless bridge that is also connected to the same wired LAN.
Chapter 1 Getting to Know Your NBG-460N 1.3.5 Router vs. AP vs. Bridge The following table shows which features are available in Router mode, AP mode or Bridge. Table 1 Features Available in Router Mode vs. AP Mode FEATURE ROUTER MODE AP MODE BRIDGE DHCP YES NO NO YES NO NO YES NO NO YES NO NO YES NO NO YES YES YES This allows individual clients to obtain IP addresses at start-up from a DHCP server.
Chapter 1 Getting to Know Your NBG-460N 1.5 Good Habits for Managing the NBG-460N Do the following things regularly to make the NBG-460N more secure and to manage the NBG-460N more effectively. • Change the password. Use a password that’s not easy to guess and that consists of different types of characters, such as numbers and letters. • Write down the password and put it in a safe place. • Back up the configuration (and make sure you know how to restore it).
Chapter 1 Getting to Know Your NBG-460N Table 2 Front Panel LEDs (continued) LED COLOR STATUS DESCRIPTION WAN Green On The NBG-460N has a successful 10/100MB WAN connection. Blinking The NBG-460N is sending/receiving data. On The NBG-460N has a successful 1000MB Ethernet connection. Blinking The NBG-460N is sending/receiving data. Off The WAN connection is not ready, or has failed. On The NBG-460N is ready, but is not sending/ receiving data through the wireless LAN.
Chapter 1 Getting to Know Your NBG-460N 32 NBG-460N User’s Guide
CHAPTER 2 The WPS Button 2.1 Overview Your NBG-460N supports WiFi Protected Setup (WPS), which is an easy way to set up a secure wireless network. WPS is an industry standard specification, defined by the WiFi Alliance. WPS allows you to quickly set up a wireless network with strong security, without having to configure security settings manually. Each WPS connection works between two devices. Both devices must support WPS (check each device’s documentation to make sure).
Chapter 2 The WPS Button 34 NBG-460N User’s Guide
CHAPTER 3 Introducing the Web Configurator 3.1 Web Configurator Overview This chapter describes how to access the NBG-460N Web Configurator and provides an overview of its screens. The Web Configurator is an HTML-based management interface that allows easy setup and management of the NBG-460N via Internet browser. Use Internet Explorer 6.0 and later or Netscape Navigator 7.0 and later versions or Safari 2.0 or later versions. The recommended screen resolution is 1024 by 768 pixels.
Chapter 3 Introducing the Web Configurator • In Router Mode enable the DHCP Server. The NBG-460N assigns your computer an IP address on the same subnet. • In AP Mode, AP + Bridge mode and Bridge mode the NBG-460N does not assign an IP address to your computer, so you should check it’s in the same subnet. See Section 6.5 on page 94 for more information. 4 Type "1234" (default) as the password and click Login. In some versions, the default password appears automatically - if this is the case, click Login.
Chapter 3 Introducing the Web Configurator • Select a language to go to the basic Web Configurator in that language. To change to the advanced configurator see Chapter 23 on page 297. Figure 11 Selecting the setup mode 3.3 Resetting the NBG-460N If you forget your password or IP address, or you cannot access the Web Configurator, you will need to use the RESET button at the back of the NBG-460N to reload the factory-default configuration file.
Chapter 3 Introducing the Web Configurator 3.5 The Status Screen in Router Mode Click on Status. The screen below shows the status screen in Router Mode. (For information on the status screen in AP Mode see Chapter 6 on page 88.) Figure 12 Web Configurator Status Screen The following table describes the icons shown in the Status screen. Table 3 Status Screen Icon Key ICON DESCRIPTION Click this icon to open the setup wizard. Click this icon to view copyright and a link for related product information.
Chapter 3 Introducing the Web Configurator Table 3 Status Screen Icon Key (continued) ICON DESCRIPTION Select a number of seconds or None from the drop-down list box to refresh all screen statistics automatically at the end of every time interval or to not refresh the screen statistics. Click this button to refresh the status screen statistics. The following table describes the labels shown in the Status screen.
Chapter 3 Introducing the Web Configurator Table 4 Web Configurator Status Screen (continued) LABEL DESCRIPTION System Resource - CPU Usage This displays what percentage of the NBG-460N’s processing ability is currently used. When this percentage is close to 100%, the NBG-460N is running at full load, and the throughput is not going to improve anymore. If you want some applications to have more throughput, you should turn off other applications (for example, using bandwidth management.
Chapter 3 Introducing the Web Configurator 3.5.1 Navigation Panel Use the sub-menus on the navigation panel to configure NBG-460N features. The following table describes the sub-menus. Table 5 Screens Summary LINK TAB Status FUNCTION This screen shows the NBG-460N’s general device, system and interface status information. Use this screen to access the wizard, and summary statistics tables.
Chapter 3 Introducing the Web Configurator Table 5 Screens Summary LINK TAB FUNCTION General Use this screen to enable NAT. Application Use this screen to configure servers behind the NBG460N. Advanced Use this screen to change your NBG-460N’s port triggering settings. General Use this screen to set up dynamic DNS. General Use this screen to activate/deactivate the firewall. Services This screen shows a summary of the firewall rules, and allows you to edit/add a firewall rule.
Chapter 3 Introducing the Web Configurator Table 5 Screens Summary LINK Logs Tools TAB FUNCTION View Log Use this screen to view the logs for the categories that you selected. Log Settings Use this screen to change your NBG-460N’s log settings. Firmware Use this screen to upload firmware to your NBG-460N. Configuratio Use this screen to backup and restore the configuration or n reset the factory defaults to your NBG-460N.
Chapter 3 Introducing the Web Configurator bar represents the percentage of unused bandwidth and the blue color represents the percentage of bandwidth in use. Figure 14 Summary: BW MGMT Monitor 3.5.4 Summary: DHCP Table DHCP (Dynamic Host Configuration Protocol, RFC 2131 and RFC 2132) allows individual clients to obtain TCP/IP configuration at start-up from a server. You can configure the NBG-460N’s LAN as a DHCP server or disable it.
Chapter 3 Introducing the Web Configurator Table 6 Summary: DHCP Table (continued) LABEL DESCRIPTION MAC Address This field shows the MAC address of the computer with the name in the Host Name field. Every Ethernet device has a unique MAC (Media Access Control) address which uniquely identifies a device. The MAC address is assigned at the factory and consists of six pairs of hexadecimal characters, for example, 00:A0:C5:00:00:02. Refresh Click Refresh to renew the screen. 3.5.
Chapter 3 Introducing the Web Configurator Table 7 Summary: Packet Statistics LABEL DESCRIPTION Collisions This is the number of collisions on this port. Tx B/s This displays the transmission speed in bytes per second on this port. Rx B/s This displays the reception speed in bytes per second on this port. Up Time This is the total amount of time the line has been up. System Up Time This is the total time the NBG-460N has been on.
Chapter 3 Introducing the Web Configurator 3.5.7 Summary: Wireless Station Status Click the WLAN Station Status (Details...) hyperlink in the Status screen. View the wireless stations that are currently associated to the NBG-460N in the Association List. Association means that a wireless client (for example, your network or computer with a wireless network card) has connected successfully to the AP (or wireless router) using the same SSID, channel and security settings.
Chapter 3 Introducing the Web Configurator 48 NBG-460N User’s Guide
CHAPTER 4 Connection Wizard 4.1 Wizard Setup This chapter provides information on the wizard setup screens in the Web Configurator. The Web Configurator’s wizard setup helps you configure your device to access the Internet. Refer to your ISP (Internet Service Provider) checklist in the Quick Start Guide to know what to enter in each field. Leave a field blank if you don’t have that information. 1 After you access the NBG-460N Web Configurator, click the Go to Wizard setup hyperlink.
Chapter 4 Connection Wizard 2 Choose a language by clicking on the language’s button. The screen will update. Click the Next button to proceed to the next screen. Figure 20 Select a Language 3 Read the on-screen information and click Next. Figure 21 Welcome to the Connection Wizard 4.2 Connection Wizard: STEP 1: System Information System Information contains administrative and system-related information. 4.2.1 System Name System Name is for identification purposes.
Chapter 4 Connection Wizard • In Windows XP, click Start, My Computer, View system information and then click the Computer Name tab. Note the entry in the Full computer name field and enter it as the NBG-460N System Name. 4.2.2 Domain Name The Domain Name entry is what is propagated to the DHCP clients on the LAN. If you leave this blank, the domain name obtained by DHCP from the ISP is used.
Chapter 4 Connection Wizard 4.3 Connection Wizard: STEP 2: Wireless LAN Set up your wireless LAN using the following screen. Figure 23 Wizard Step 2: Wireless LAN The following table describes the labels in this screen. Table 11 Wizard Step 2: Wireless LAN LABEL DESCRIPTION Name (SSID) Enter a descriptive name (up to 32 printable 7-bit ASCII characters) for the wireless LAN. If you change this field on the NBG-460N, make sure all wireless stations use the same SSID in order to access the network.
Chapter 4 Connection Wizard Table 11 Wizard Step 2: Wireless LAN LABEL DESCRIPTION Next Click Next to proceed to the next screen. Exit Click Exit to close the wizard screen without saving. Note: The wireless stations and NBG-460N must use the same SSID, channel ID and WEP encryption (if WEP is enabled), WPA-PSK (if WPA-PSK is enabled) or WPA2-PSK (if WPA2-PSK is enabled) keys for wireless communication. 4.3.1 Basic (WEP) Security Note: This option is only available if WPS is not enabled.
Chapter 4 Connection Wizard The following table describes the labels in this screen. Table 12 Wizard Step 2: Basic (WEP) Security LABEL DESCRIPTION Passphrase Type a Passphrase (up to 64 printable characters) and click Generate. The NBG-460N automatically generates a WEP key. WEP Encryption Select 64-bit WEP or 128-bit WEP to allow data encryption. ASCII Select this option in order to enter ASCII characters as the WEP keys. HEX Select this option to enter hexadecimal characters as the WEP keys.
Chapter 4 Connection Wizard The following table describes the labels in this screen. Table 13 Wizard Step 2: Extend (WPA-PSK or WPA2-PSK) Security LABEL DESCRIPTION Pre-Shared Key You can set up the most secure wireless connection by configuring WPA in the wireless LAN screens. You need to configure an authentication server to do this. • • Choose ASCII and type from 8 to 63 case-sensitive ASCII characters. Choose HEX and type a key of up to 64 HEX characters.
Chapter 4 Connection Wizard The following table describes the labels in this screen, Table 14 Wizard Step 3: ISP Parameters CONNECTION TYPE DESCRIPTION Ethernet Select the Ethernet option when the WAN port is used as a regular Ethernet. PPPoE Select the PPP over Ethernet option for a dial-up connection. If your ISP gave you an IP address and/or subnet mask, then select PPTP. PPTP Select the PPTP option for a dial-up connection. 4.4.
Chapter 4 Connection Wizard By implementing PPPoE directly on the NBG-460N (rather than individual computers), the computers on the LAN do not need PPPoE software installed, since the NBG-460N does that part of the task. Furthermore, with NAT, all of the LAN's computers will have Internet access. Refer to the appendix for more information on PPPoE. Figure 28 Wizard Step 3: PPPoE Connection The following table describes the labels in this screen.
Chapter 4 Connection Wizard Note: The NBG-460N supports one PPTP server connection at any given time. Figure 29 Wizard Step 3: PPTP Connection The following table describes the fields in this screen Table 16 Wizard Step 3: PPTP Connection LABEL DESCRIPTION ISP Parameters for Internet Access Connection Type Select PPTP from the drop-down list box. To configure a PPTP client, you must configure the User Name and Password fields for a PPP connection and the PPTP parameters for a PPTP connection.
Chapter 4 Connection Wizard Table 16 Wizard Step 3: PPTP Connection LABEL My IP Subnet Mask DESCRIPTION Type the subnet mask assigned to you by your ISP (if given). Back Click Back to return to the previous screen. Next Click Next to continue. Exit Click Exit to close the wizard screen without saving. 4.4.4 Your IP Address The following wizard screen allows you to assign a fixed IP address or give the NBG-460N an automatically assigned IP address depending on your ISP.
Chapter 4 Connection Wizard Internet Assigned Numbers Authority (IANA) has reserved the following three blocks of IP addresses specifically for private networks. Table 18 Private IP Address Ranges 10.0.0.0 - 10.255.255.255 172.16.0.0 - 172.31.255.255 192.168.0.0 - 192.168.255.255 You can obtain your IP address from the IANA, from an ISP or have it assigned by a private network.
Chapter 4 Connection Wizard 4.4.7 DNS Server Address Assignment Use DNS (Domain Name System) to map a domain name to its corresponding IP address and vice versa, for instance, the IP address of www.zyxel.com is 204.217.0.2. The DNS server is extremely important because without it, you must know the IP address of a computer before you can access it. The NBG-460N can get the DNS server addresses in the following ways.
Chapter 4 Connection Wizard The following table describes the labels in this screen Table 19 Wizard Step 3: WAN IP and DNS Server Addresses LABEL DESCRIPTION WAN IP Address Assignment My WAN IP Address Enter your WAN IP address in this field. The WAN IP address should be in the same subnet as your DSL/Cable modem or router. My WAN IP Subnet Mask Enter the IP subnet mask in this field. Gateway IP Address Enter the gateway IP address in this field.
Chapter 4 Connection Wizard advisable to clone the MAC address from a computer on your LAN even if your ISP does not presently require MAC address authentication. Figure 32 Wizard Step 3: WAN MAC Address The following table describes the fields in this screen. Table 21 Wizard Step 3: WAN MAC Address LABEL DESCRIPTION Factory Default Select Factory Default to use the factory assigned default MAC address.
Chapter 4 Connection Wizard the bandwidth according to the traffic type. This helps keep one service from using all of the available bandwidth and shutting out other users. Figure 33 Wizard Step 4: Bandwidth Management The following fields describe the label in this screen.
Chapter 4 Connection Wizard Follow the on-screen instructions and click Finish to complete the wizard setup. Figure 35 Connection Wizard Complete Well done! You have successfully set up your NBG-460N to operate on your network and access the Internet.
Chapter 4 Connection Wizard 66 NBG-460N User’s Guide
CHAPTER 5 Tutorials 5.1 Overview This chapter provides tutorials for your NBG-460N as follows: • How to Connect to the Internet from an AP • Site-To-Site VPN Tunnel Tutorial • Bandwidth Management for your Network 5.2 How to Connect to the Internet from an AP This section gives you an example of how to set up an access point (AP) and wireless client (a notebook (B), in this example) for wireless communication. B can access the Internet through the AP wirelessly.
Chapter 5 Tutorials • Push Button Configuration - create a secure wireless network simply by pressing a button. See Section 5.2.1.1 on page 68.This is the easier method. • PIN Configuration - create a secure wireless network simply by entering a wireless client's PIN (Personal Identification Number) in the NBG-460N’s interface. See Section 5.2.1.2 on page 69. This is the more secure method, since one device can authenticate the other. 5.2.1.
Chapter 5 Tutorials The following figure shows you an example to set up wireless network and security by pressing a button on both NBG-460N and wireless client (the NWD210N in this example). Figure 37 Example WPS Process: Push Button Configuration Method NBG460N Wireless Client WITHIN 2 MINUTES SECURITY INFO COMMUNICATION 5.2.1.2 PIN Configuration When you use the PIN configuration method, you need to use both NBG-460N’s configuration interface and the client’s utilities.
Chapter 5 Tutorials The following figure shows you the example to set up wireless network and security on NBG-460N and wireless client (ex. NWD210N in this example) by using PIN method.
Chapter 5 Tutorials 5.2.2 Enable and Configure Wireless Security without WPS on your NBG-460N This example shows you how to configure wireless security settings with the following parameters on your NBG-460N. SSID SSID_Example3 Channel 6 Security WPA-PSK (Pre-Shared Key: ThisismyWPA-PSKpre-sharedkey) Follow the steps below to configure the wireless settings on your NBG-460N.
Chapter 5 Tutorials 5 Open the Status screen. Verify your wireless and wireless security settings under Device Information and check if the WLAN connection is up under Interface Status. Figure 40 Tutorial: Status: AP Mode 5.2.3 Configure Your Notebook Note: We use the ZyXEL M-302 wireless adapter utility screens as an example for the wireless client. The screens may vary for different models. 72 1 The NBG-460N supports IEEE 802.11b, IEEE 802.11g and IEEE 802.11n wireless clients.
Chapter 5 Tutorials 4 Select SSID_Example3 and click Connect. Figure 41 Connecting a Wireless Client to a Wireless Network 5 Select WPA-PSK and type the security key in the following screen. Click Next. Figure 42 Security Settings 6 The Confirm Save window appears. Check your settings and click Save to continue.
Chapter 5 Tutorials 7 Check the status of your wireless connection in the screen below. If your wireless connection is weak or you have no connection, see the Troubleshooting section of this User’s Guide. Figure 44 Link Status 8 If your connection is successful, open your Internet browser and enter http:// www.zyxel.com or the URL of any other web site in the address bar. If you are able to access the web site, your wireless connection is successfully configured. 5.2.
Chapter 5 Tutorials However, you want the communication between Y and Z to be secure. WDS encrypts the data transfer between bridged devices. You can enable this in the Security fields of the WDS screen. Figure 45 AP + Bridge Scenario A Y Z File Server B 5.2.4.1 Configuring Your Bridge Mode Settings You should know the MAC address of the other NBG-460N to establish the bridge connection. Additionally, the wireless settings of both Y and Z must be the same for the connection to work.
Chapter 5 Tutorials 2 Set both Y and Z in AP + Bridge mode in the Basic Setting field. In the Remote MAC Address field, enter the correct MAC address of the other NBG-460N with which you want to establish a connection. Figure 47 Tutorial: Wireless LAN > WDS 3 4 To secure the bridge connection, choose your desired settings in the Security section.
Chapter 5 Tutorials 5.3 Site-To-Site VPN Tunnel Tutorial Bob and Jack want to setup a VPN connection between their offices. Bob and Jack each have a NBG-460N router and a static WAN IP address. This tutorial covers how to configure their NBG-460Ns to create a secure connection. Figure 48 Site-To-Site VPN Tunnel 192.168.1.35 10.0.0.7 JACK BOB 1.1.1.1 2.2.2.2 The following table describes the VPN settings that must be configured on Bob and Jack’s NBG-460N routers.
Chapter 5 Tutorials 5.3.1 Configuring Bob’s NBG-460N VPN Settings To configure these settings Bob uses the NBG-460N Web Configurator. 1 Log into the NBG-460N Web Configurator and click VPN > Modify icon. This displays the VPN Rule Setup (basic) screen. 2 Select the Active checkbox to enable the VPN rule after it has been created. Make sure IKE is selected as the IPSec Keying Mode. Figure 49 Tutorial: Property 3 Enter the IP address “192.168.1.35” in the Local Address text box.
Chapter 5 Tutorials 7 Enter the IP address “2.2.2.2” in the Secure Gateway Address text box. This is Jack’s WAN IP address. 8 Select IP as the Peer ID Type. This is Jack’s Local ID Type. Enter “2.2.2.2” in the Peer Content text box. This is Jack’s Local Content WAN IP address. Figure 52 Tutorial: Authentication Method 9 Select Tunnel as the Encapsulation Mode and ESP as the IPSec Protocol. 10 Enter “ThisIsMySecretKey” as the Pre-Shared Key.
Chapter 5 Tutorials 2 Select the Active checkbox to enable the VPN rule after it has been created. Make sure IKE is selected as the IPSec Keying Mode. Figure 55 Tutorial: Property 3 Enter the IP address “10.0.0.7” in the Local Address text box. This is the IP address of Jack’s computer. Enter the IP address “10.0.0.7” in the Local Address End/Mask text box. This value is the same as Jack only wants Bob to access this single IP address. Figure 56 Tutorial: Local Policy 4 Enter the IP address “192.168.
Chapter 5 Tutorials 8 Select IP as the Peer ID Type. This is Bob’s Local ID Type. Enter “1.1.1.1” in the Peer Content text box. This is Bob’s Local Content WAN IP address. Figure 58 Tutorial: Authentication Method 9 Select Tunnel as the Encapsulation Mode and ESP as the IPSec Protocol. 10 Enter “ThisIsMySecretKey” as the Pre-Shared Key. This is the password for the VPN tunnel that only Bob and Jack know. 11 Select 3DES as the encyption algorithm. Select the authentication algorithm as SHA1.
Chapter 5 Tutorials 5.3.3 Checking the VPN Connection Check if the VPN connection is working by pinging the computer on the other side of the VPN connection. In the example below Bob is pinging Jack’s computer. Figure 61 Pinging Jack’s Local IP Address Pinging is successful which means a VPN tunnel has been established between Bob and Jack’s NBG-460Ns. Congratulations! To check this VPN connection click VPN > SA Monitor in the Web Configurator.
Chapter 5 Tutorials 5.4 Bandwidth Management for your Network This section shows you how to configure the bandwidth management feature on the NBG-460N to limit the bandwidth for specific kinds of outgoing traffic. ZyXEL's bandwidth management feature allows you to specify bandwidth management rules based on an application or subnet. Use the Management > Bandwidth MGMT > Advanced screen to configure bandwidth management for your network. 5.4.
Chapter 5 Tutorials 5.4.2 Configuring Bandwidth Management by Custom Application Aside from the VOIP and e-mail services, you need to set the priority for MSN Messenger. To do this, add the service in the Priority Queue table of the Management > Bandwidth MGMT > Advanced screen. Figure 64 Tutorial: Adding TFTP to Priority Queue To add the MSN Messenger service in the Priority Queue: 1 Click Enable in one of the fields for additional services. 2 Add MSN as the service name.
Chapter 5 Tutorials • Multimedia room’s LAN IP range: 192.168.1.1 to 192.168.1.34 • IP Address of the computer uploading through FTP: 192.168.1.34 • Services you want to configure: REAL AUDIO TCP 7070 RTSP TCP or UDP 554 VDO LIVE TCP 7000 FTP TCP 20 ~ 21 Click the Edit icon in Management > Bandwidth MGMT > Advanced to open the following screen. The following screen appears. Figure 65 Tutorial: Bandwidth Allocation Example Enter the following values for each service you want to add.
Chapter 5 Tutorials After adding these services, go to Management > Bandwidth MGMT > Advanced and check if you have the correct values. Figure 66 Tutorial: Bandwidth Allocation Example Note: The Policy column displays either Max (maximum) or Min (minimum). This is directly directed to the value in the Rate column. For example, you selected Min and entered 30M as the rate for the VoIP service. The NBG-460N allocates at least 30 megabytes for the VoIP service.
CHAPTER 6 AP Mode 6.1 Overview This chapter discusses how to configure settings while your NBG-460N is set to AP Mode. Many screens that are available in Router Mode are not available in AP Mode. Note: See Chapter 5 on page 67 for an example of setting up a wireless network in AP mode. Use your NBG-460N as an AP if you already have a router or gateway on your network. In this mode your device bridges a wired network (LAN) and wireless LAN (WLAN) in the same subnet. See the figure below for an example.
Chapter 6 AP Mode 2 To set your NBG-460N to AP Mode, go to Maintenance > Sys OP Mode > General and select Access Point. Figure 68 Maintenance > Sys OP Mode > General 3 A pop-up appears providing information on this mode. Click OK in the pop-up message window. (See Section 24.4 on page 301 for more information on the pop-up.) Click Apply. Your NBG-460N is now in AP Mode. Note: You do not have to log in again or restart your device when you change modes. 6.3 The Status Screen Click on Status.
Chapter 6 AP Mode The following table describes the labels shown in the Status screen. Table 25 Web Configurator Status Screen LABEL DESCRIPTION Device Information System Name This is the System Name you enter in the Maintenance > System > General screen. It is for identification purposes. Firmware Version This is the firmware version and the date when it was created. LAN Information - MAC Address This shows the LAN Ethernet adapter MAC Address of your device.
Chapter 6 AP Mode Table 25 Web Configurator Status Screen (continued) LABEL DESCRIPTION Interface Status Interface This displays the NBG-460N port types. The port types are: LAN and WLAN. Status For the LAN port, this field displays Down (line is down) or Up (line is up or connected). For the WLAN, it displays Up when the WLAN is enabled or Down when the WLAN is disabled. Rate For the LAN ports, this displays the port speed and duplex setting or N/A when the line is disconnected.
Chapter 6 AP Mode The following table describes the sub-menus. Table 26 Screens Summary LINK TAB Status FUNCTION This screen shows the NBG-460N’s general device, system and interface status information. Use this screen to access the wizard, and summary statistics tables. Network Wireless LAN LAN General Use this screen to configure wireless LAN. MAC Filter Use the MAC filter screen to configure the NBG-460N to block access to devices or block the devices from accessing the NBG-460N.
Chapter 6 AP Mode Table 26 Screens Summary LINK TAB FUNCTION Sys OP Mode General This screen allows you to select whether your device acts as a Router or a Access Point. Language Language This screen allows you to select the language you prefer. 6.4 Configuring Your Settings Use this section to configure your NBG-460N settings while in AP Mode. 6.4.1 LAN Settings Use this section to configure your LAN settings while in AP Mode. Click Network > LAN to see the screen below.
Chapter 6 AP Mode The following table describes the labels in this screen. Table 27 Network > LAN > IP LABEL DESCRIPTION Get from DHCP Server Select this option to allow the NBG-460N to obtain an IP address from a DHCP server on the network. You must connect the WAN port to a device with a DHCP server enabled (such as a router or gateway). Without a DHCP server the NBG-460N will have no IP address.
Chapter 6 AP Mode • See Maintenance and Troubleshooting (261) for information on the configuring your Maintenance settings. 6.5 Logging in to the Web Configurator in AP Mode 1 Connect your computer to the LAN port of the NBG-460N. 2 The default IP address if the NBG-460N is “192.168.1.1”. In this case, your computer must have an IP address in the range between “192.168.1.2” and “192.168.1.255”. 3 Click Start > Run on your computer in Windows. 4 Type “cmd” in the dialog box.
P ART II Network Wireless LAN (97) WAN (133) LAN (149) DHCP (157) Network Address Translation (NAT) (163) Dynamic DNS (173) 95
CHAPTER 7 Wireless LAN 7.1 Overview This chapter discusses how to configure the wireless network settings in your NBG-460N. See the appendices for more detailed information about wireless networks. The following figure provides an example of a wireless network. Figure 72 Example of a Wireless Network AP The wireless network is the part in the blue circle. In this wireless network, devices A and B are called wireless clients.
Chapter 7 Wireless LAN 7.2 What You Can Do • Use the General screen (Section 7.4 on page 101) to enable the Wireless LAN, enter the SSID and select the wireless security mode. • Use the MAC Filter screen (Section 7.5 on page 109) to allow or deny wireless stations based on their MAC addresses from connecting to the NBG-460N. • Use the Advanced screen (Section 7.6 on page 111) to enable roaming, allow intra-BSS networking and set the RTS/CTS Threshold. • Use the QoS screen (Section 7.
Chapter 7 Wireless LAN 7.3.1.1 SSID Normally, the AP acts like a beacon and regularly broadcasts the SSID in the area. You can hide the SSID instead, in which case the AP does not broadcast the SSID. In addition, you should change the default SSID to something that is difficult to guess. This type of security is fairly weak, however, because there are ways for unauthorized devices to get the SSID. In addition, unauthorized devices can still see the information that is sent in the wireless network. 7.3.1.
Chapter 7 Wireless LAN Unauthorized devices can still see the information that is sent in the wireless network, even if they cannot use the wireless network. Furthermore, there are ways for unauthorized wireless users to get a valid user name and password. Then, they can use that user name and password to use the wireless network. Local user databases also have an additional limitation that is explained in the next section. 7.3.1.
Chapter 7 Wireless LAN clients support WPA and some support WPA2, you should set up WPA2-PSK or WPA2 (depending on the type of wireless network login) and select the WPA Compatible option in the NBG-460N. Many types of encryption use a key to protect the information in the wireless network. The longer the key, the stronger the encryption. Every wireless client in the wireless network must have the same key. 7.
Chapter 7 Wireless LAN Table 29 Network > Wireless LAN > General LABEL DESCRIPTION Hide SSID Select this check box to hide the SSID in the outgoing beacon frame so a station cannot obtain the SSID through scanning using a site survey tool. Channel Selection Set the operating frequency/channel depending on your particular region. Select a channel from the drop-down list box. The options vary depending on the frequency band and the country you are in.
Chapter 7 Wireless LAN Note: If you do not enable any wireless security on your NBG-460N, your network is accessible to any wireless networking device that is within range. Figure 74 Network > Wireless LAN > General: No Security The following table describes the labels in this screen. Table 30 Network > Wireless LAN > General: No Security LABEL DESCRIPTION Security Mode Choose No Security from the drop-down list box. Apply Click Apply to save your changes back to the NBG-460N.
Chapter 7 Wireless LAN In order to configure and enable WEP encryption, click Network > Wireless LAN to display the General screen. Select Static WEP from the Security Mode list. Figure 75 Network > Wireless LAN > General: Static WEP The following table describes the wireless LAN security labels in this screen. Table 31 Network > Wireless LAN > General: Static WEP 104 LABEL DESCRIPTION Passphrase Enter a passphrase (password phrase) of up to 64 printable characters and click Generate.
Chapter 7 Wireless LAN Table 31 Network > Wireless LAN > General: Static WEP LABEL DESCRIPTION Authenticatio n Method There are two types of WEP authentication namely, Open System and Shared Key. Open system is implemented for ease-of-use and when security is not an issue. The wireless station and the AP or peer computer do not share a secret key. Thus the wireless stations can associate with any AP or peer computer and listen to any transmitted data that is not encrypted.
Chapter 7 Wireless LAN 7.4.3 WPA-PSK/WPA2-PSK Click Network > Wireless LAN to display the General screen. Select WPA-PSK or WPA2-PSK from the Security Mode list. Figure 76 Network > Wireless LAN > General: WPA-PSK/WPA2-PSK The following table describes the labels in this screen. Table 32 Network > Wireless LAN > General: WPA-PSK/WPA2-PSK LABEL DESCRIPTION WPA Compatible This check box is available only when you select WPA2-PSK or WPA2 in the Security Mode field.
Chapter 7 Wireless LAN Table 32 Network > Wireless LAN > General: WPA-PSK/WPA2-PSK LABEL DESCRIPTION Idle Timeout The NBG-460N automatically disconnects a wireless station from the wired network after a period of inactivity. The wireless station needs to enter the username and password again before access to the wired network is allowed. The default time interval is 3600 seconds (or 1 hour).
Chapter 7 Wireless LAN The following table describes the labels in this screen. Table 33 Network > Wireless LAN > General: WPA/WPA2 LABEL DESCRIPTION WPA Compatible This check box is available only when you select WPA2-PSK or WPA2 in the Security Mode field. Select the check box to have both WPA2 and WPA wireless clients be able to communicate with the NBG-460N even when the NBG-460N is using WPA2-PSK or WPA2.
Chapter 7 Wireless LAN Table 33 Network > Wireless LAN > General: WPA/WPA2 LABEL DESCRIPTION Port Number Enter the port number of the external accounting server. The default port number is 1813. You need not change this value unless your network administrator instructs you to do so with additional information. Shared Secret Enter a password (up to 127 alphanumeric characters) as the key to be shared between the external accounting server and the NBG-460N.
Chapter 7 Wireless LAN To change your NBG-460N’s MAC filter settings, click Network > Wireless LAN > MAC Filter. The screen appears as shown. Figure 78 Network > Wireless LAN > MAC Filter The following table describes the labels in this menu. Table 34 Network > Wireless LAN > MAC Filter LABEL DESCRIPTION Active Select Yes from the drop down list box to enable MAC address filtering. Filter Action Define the filter action for the list of MAC addresses in the MAC Address table.
Chapter 7 Wireless LAN 7.6 Wireless LAN Advanced Screen Click Network > Wireless LAN > Advanced. The screen appears as shown. Figure 79 Network > Wireless LAN > Advanced The following table describes the labels in this screen. Table 35 Network > Wireless LAN > Advanced LABEL DESCRIPTION Roaming Configuration Enable Roaming Select this option if your network environment has multiple APs and you want your wireless device to be able to access the network as you move between wireless networks.
Chapter 7 Wireless LAN Click Network > Wireless LAN > QoS. The following screen appears. Figure 80 Network > Wireless LAN > QoS The following table describes the labels in this screen. Table 36 Network > Wireless LAN > QoS LABEL DESCRIPTION Enable WMM QoS Select this to enable WMM QoS on the ZyXEL device. WMM QoS prioritizes wireless traffic according to delivery requirements. WMM QoS is a part of the IEEE 802.11e QoS enhancement to certified Wi-Fi wireless networks. Refer to Section 7.12.
Chapter 7 Wireless LAN Table 36 Network > Wireless LAN > QoS (continued) LABEL DESCRIPTION Priority This field displays the priority of the application. • • • • Modify Highest - Typically used for voice or video that should be highquality. High - Typically used for voice or video that can be mediumquality. Mid - Typically used for applications that do not fit into another priority. For example, Internet surfing.
Chapter 7 Wireless LAN Table 37 Network > Wireless LAN > QoS: Application Priority Configuration LABEL DESCRIPTION Service The following is a description of the applications you can prioritize with WMM QoS. Select a service from the drop-down list box. • E-Mail Electronic mail consists of messages sent through a computer network to specific groups or individuals.
Chapter 7 Wireless LAN 7.8 WPS Screen Use this screen to enable/disable WPS, view or generate a new PIN number and check current WPS status. To open this screen, click Network > Wireless LAN > WPS tab. Figure 82 Network > Wireless LAN > WPS The following table describes the labels in this screen. Table 38 Network > Wireless LAN > WPS LABEL DESCRIPTION WPS Setup Enable WPS Select this to enable the WPS feature. PIN Number This displays a PIN number last time system generated.
Chapter 7 Wireless LAN 7.9 WPS Station Screen Use this screen when you want to add a wireless station using WPS. To open this screen, click Network > Wireless LAN > WPS Station tab. Note: Note: After you click Push Button on this screen, you have to press a similar button in the wireless station utility within 2 minutes. To add the second wireless station, you have to press these buttons on both device and the wireless station again after the first 2 minutes.
Chapter 7 Wireless LAN on or off on certain days and at certain times. To open this screen, click Network > Wireless LAN > Scheduling tab. Figure 84 Network > Wireless LAN > Scheduling The following table describes the labels in this screen. Table 40 Network > Wireless LAN > Scheduling LABEL DESCRIPTION Enable Wireless LAN Scheduling Select this to enable Wireless LAN scheduling. WLAN Status Select On or Off to specify whether the Wireless LAN is turned on or off.
Chapter 7 Wireless LAN 7.11 WDS Screen A Wireless Distribution System is a wireless connection between two or more APs. Use this screen to set the operating mode of your NBG-460N to AP + Bridge or Bridge and establish wireless links with other APs. You need to know the MAC address of the peer device, which also must be in bridge mode. Note: You must enable the same wireless security settings on the NBG-460N and on all wireless clients that you want to associate with it.
Chapter 7 Wireless LAN Table 41 Network > Wireless LAN > WDS (No Security) LABEL Security Mode DESCRIPTION Note: WDS security is independent of the security settings between the NBG-460N and any wireless clients. The WDS is set to No Security by default. • • Refer to Section 7.11.1 on page 119 to view the screen for Static WEP security. Refer to Section 7.11.2 on page 121 to view the screen for WPA2PSK security. Apply Click Apply to save your changes to NBG-460N.
Chapter 7 Wireless LAN The following table describes the labels in this screen. Refer to Table 41 on page 118 for descriptions of other fields in this screen. Table 42 Network > Wireless LAN > WDS (Static WEP) LABEL DESCRIPTION Passphrase Enter the passphrase or string of text used for automatic WEP key generation on wireless client adapters. Generate Click this to get the keys from the Passphrase you entered. WEP Encryption Select 64-bit WEP or 128-bit WEP to enable data encryption.
Chapter 7 Wireless LAN 7.11.2 Security Mode: WPA2-PSK Use this screen to configure the WPA2-PSK security for your NBG-460N when it is in AP+Bridge or Bridge Only mode. Figure 87 Network > Wireless LAN > WDS (WPA2-PSK) The following table describes the labels in this screen. Refer to Table 41 on page 118 for descriptions of other fields in this screen.
Chapter 7 Wireless LAN The roaming feature on the access points allows the access points to relay information about the wireless stations to each other. When a wireless station moves from a coverage area to another, it scans and uses the channel of a new access point, which then informs the other access points on the LAN about the change. An example is shown in Figure 88 on page 122.
Chapter 7 Wireless LAN 7.12.1.1 Requirements for Roaming The following requirements must be met in order for wireless stations to roam between the coverage areas. 1 All the access points must be on the same subnet and configured with the same ESSID. 2 If IEEE 802.1x user authentication is enabled and to be done locally on the access point, the new access point must have the user profile for the wireless station.
Chapter 7 Wireless LAN 7.12.2.2 WMM QoS Priorities The following table describes the WMM QoS priority levels that the NBG-460N uses. Table 44 WMM QoS Priorities PRIORITY LEVEL DESCRIPTION voice Typically used for traffic that is especially sensitive to jitter. Use this priority to reduce latency for improved voice quality. (WMM_VOICE) video (WMM_VIDEO) best effort (WMM_BEST_EFFORT ) Typically used for traffic which has some tolerance for jitter but needs to be prioritized over other data traffic.
Chapter 7 Wireless LAN 2 On the iPod Touch’s main screen press Settings > Wi-fi and from the list press the NBG-460N’s network name (SSID) to connect to it. If you are prompted for any security settings enter them and press connect. If you cannot connect check your security settings in the Web Configurator from your computer and try again. 3 After connecting to the NBG-460N’s wireless LAN network launch the iPod Touch Internet browser and enter the NBG-460N’s IP address (default: 192.168.1.
Chapter 7 Wireless LAN 7.13.3 System Status After successfully logging into the iPod Touch Web Configurator the System Status screen displays. Note: Your changes in the iPod Touch Web Configurator are saved automatically after pressing a button. If you are going to use the WPS (Wi-Fi Protected Setup) function in the iPod Touch Web Configurator it is recommended to configure your WPS settings first from your computer.
Chapter 7 Wireless LAN into the Web Configurator from your computer and going to the Wireless LAN screen. Figure 90 System Status screen The following table describes the labels in this screen. Table 46 System Status screen LABEL DESCRIPTION Logout Press this to logout of the iPod Touch Web Configurator. LAN IP Address This field displays the NBG-460N’s LAN (Local Area Network) IP address. WAN IP Address This field displays the NBG-460N’s WAN IP address.
Chapter 7 Wireless LAN Table 46 System Status screen LABEL DESCRIPTION WLAN Name (SSID) This field displays the SSID (Service set identifier) of the NBG-460N’s Wireless LAN. Security Mode This field displays the security authentication mode of the NBG-460N’s Wireless LAN. This can be No Security, WPA-PSK, WPA2-PSK or WEP. Channel This field displays the channel the NBG-460N’s Wireless LAN operates on. This will display as disabled if auto channel selection mode is on.
Chapter 7 Wireless LAN 7.13.4 WPS in Progress After pressing Push Button in the System Status screen the WPS in Progress screen will display. It can take around two minutes for a successful WPS connection to be made. The System Status screen will display after a connection has been made or if it has failed. For more information on WPS see Section 7.13 on page 124. Figure 91 WPS In Progress 7.13.
Chapter 7 Wireless LAN Note: To see any changes on the System Status screen you will need to refresh the page first. Use the browser’s refresh function. See the iPod Touch’s documentation if you cannot find it. Figure 92 Port Forwarding The following table describes the labels in this screen. Table 47 Port Forwarding 130 LABEL DESCRIPTION # This is the number of an individual port forwarding entry. Rule This column displays the configured port forwarding rules.
Chapter 7 Wireless LAN 7.14 Accessing the iPod Touch Web Configurator To access the iPod Touch Web Configurator through your iPod Touch you must first connect it to the NBG-460N’s wireless network. Follow the steps below to do this. Note: If you have not configured your wireless settings yet you can do so by using the Wizard in the Web Configurator you access from your computer. Click the Wizard icon or the Go To Wizard Setup web link you see after logging into the Web Configurator from your computer.
Chapter 7 Wireless LAN 3 The login screen should display. Figure 93 Login Screen If the login screen does not display properly, check that you are accessing the correct IP address. Also check your iPod Touch web browser’s security settings as they may affect how the page displays. 132 4 If you wish to login automatically in the future make sure the Auto Login checkbox is selected. 5 Enter your password and press login. The default password for the NBG-460N is “1234”.
CHAPTER 8 WAN 8.1 Overview This chapter discusses the NBG-460N’s WAN screens. Use these screens to configure your NBG-460N for Internet access. A WAN (Wide Area Network) connection is an outside connection to another network or the Internet. It connects your private networks such as a LAN (Local Area Network) and other networks, so that a computer in one location can communicate with computers in other locations.
Chapter 8 WAN 8.3 What You Need To Know The information in this section can help you configure the screens for your WAN connection, as well as enable/disable some advanced features of your NBG-460N. 8.3.1 Configuring Your Internet Connection Encapsulation Method Encapsulation is used to include data from an upper layer protocol into a lower layer protocol. To set up a WAN connection to the Internet, you need to use the same encapsulation method used by your ISP (Internet Service Provider).
Chapter 8 WAN WAN MAC Address The MAC address screen allows users to configure the WAN port's MAC address by either using the factory default or cloning the MAC address from a computer on your LAN. Choose Factory Default to select the factory assigned default MAC Address. Otherwise, click Clone the computer's MAC address - IP Address and enter the IP address of the computer on the LAN whose MAC you are cloning.
Chapter 8 WAN 8.3.3 IPTV STB Port Internet Protocol Television (IPTV) is a service with which you can subscribe in order to watch video content hosted on servers over the Internet in your television at home. An IPTV subscription gives you access to streaming media, such as Live TV or Video on Demand (VOD). The NBG-460N has four LAN ports. You can assign up to two of these LAN ports as the IPTV STB port/s where you connect your Set-Top Box (STB). See Chapter 8 on page 146.
Chapter 8 WAN You have one STB You have one STB and one television. You can assign one port for your IPTV connection and connect your STB to it.This effectively changes the IP address of the LAN port to the IP address of the WAN port. In the following figure, you assign port LAN 4 as the IPTV STB port. Video traffic (that you subscribed to) goes directly to the STB without being routed to the LAN. Figure 97 LAN 1 as IPTV STB Port LAN 1 LAN 2 LAN 3 STB TV 192.168.1.20 1.1.1.
Chapter 8 WAN Go to Section 8.5 on page 146 to view the screen where you can assign the IPTV STB port. Note: Follow the instructions in the User’s Guide of your STB for hardware connections and setup configurations. 8.3.4 NetBIOS over TCP/IP NetBIOS (Network Basic Input/Output System) are TCP or UDP broadcast packets that enable a computer to connect to and communicate with a LAN. For some dialup services such as PPPoE or PPTP, NetBIOS packets cause unwanted calls.
Chapter 8 WAN • The device must be in Router Mode (see Chapter 24 on page 299 for more information) for auto-bridging to become active. 8.4 Internet Connection Use this screen to change your NBG-460N’s Internet access settings. Click Network > WAN. The screen differs according to the encapsulation you choose. 8.4.1 Ethernet Encapsulation This screen displays when you select Ethernet encapsulation.
Chapter 8 WAN The following table describes the labels in this screen. Table 48 Network > WAN > Internet Connection: Ethernet Encapsulation LABEL DESCRIPTION Encapsulation Choose the Ethernet option when the WAN port is used as a regular Ethernet. Service Type Choose from Standard, RR-Telstra (RoadRunner Telstra authentication method), RR-Manager (Roadrunner Manager authentication method), RR-Toshiba (Roadrunner Toshiba authentication method) or Telia Login.
Chapter 8 WAN Table 48 Network > WAN > Internet Connection: Ethernet Encapsulation LABEL DESCRIPTION Factory default Select Factory default to use the factory assigned default MAC Address. Clone the computer’s MAC address Select Clone the computer's MAC address - IP Address and enter the IP address of the computer on the LAN whose MAC you are cloning. Once it is successfully configured, the address will be copied to the rom file (ZyNOS configuration file).
Chapter 8 WAN This screen displays when you select PPPoE encapsulation. Figure 101 Network > WAN > Internet Connection: PPPoE Encapsulation The following table describes the labels in this screen. Table 49 Network > WAN > Internet Connection: PPPoE Encapsulation LABEL DESCRIPTION ISP Parameters for Internet Access 142 Encapsulation The PPP over Ethernet choice is for a dial-up connection using PPPoE. The NBG-460N supports PPPoE (Point-to-Point Protocol over Ethernet).
Chapter 8 WAN Table 49 Network > WAN > Internet Connection: PPPoE Encapsulation LABEL DESCRIPTION Retype to Confirm Type your password again to make sure that you have entered is correctly. Nailed-Up Connection Select Nailed-Up Connection if you do not want the connection to time out. Idle Timeout This value specifies the time in seconds that elapses before the router automatically disconnects from the PPPoE server.
Chapter 8 WAN 8.4.3 PPTP Encapsulation Point-to-Point Tunneling Protocol (PPTP) is a network protocol that enables secure transfer of data from a remote client to a private server, creating a Virtual Private Network (VPN) using TCP/IP-based networks. PPTP supports on-demand, multi-protocol and virtual private networking over public networks, such as the Internet. This screen displays when you select PPTP encapsulation.
Chapter 8 WAN The following table describes the labels in this screen. Table 50 Network > WAN > Internet Connection: PPTP Encapsulation LABEL DESCRIPTION ISP Parameters for Internet Access Encapsulation Point-to-Point Tunneling Protocol (PPTP) is a network protocol that enables secure transfer of data from a remote client to a private server, creating a Virtual Private Network (VPN) using TCP/IP-based networks.
Chapter 8 WAN Table 50 Network > WAN > Internet Connection: PPTP Encapsulation LABEL DESCRIPTION First DNS Server Select From ISP if your ISP dynamically assigns DNS server information (and the NBG-460N's WAN IP address). The field to the right displays the (read-only) DNS server IP address that the ISP assigns. Second DNS Server Third DNS Server Select User-Defined if you have the IP address of a DNS server. Enter the DNS server's IP address in the field to the right.
Chapter 8 WAN To change your NBG-460N’s advanced WAN settings, click Network > WAN > Advanced. The screen appears as shown. Figure 103 Network > WAN > Advanced The following table describes the labels in this screen. Table 51 Network > WAN > Advanced LABEL DESCRIPTION Multicast Setup Multicast This applies to traffic routed from the WAN to the LAN. Select IGMP V-1, IGMP V-2 or None. For Internet Protocol Television (IPTV), select IGMP V-2.
Chapter 8 WAN Table 51 Network > WAN > Advanced LABEL DESCRIPTION Enable Auto-bridge mode Select this option to have the NBG-460N switch to bridge mode automatically when the NBG-460N gets a WAN IP address in the range of 192.168.x.y (where x and y are from zero to nine) no matter what the LAN IP address is. Note: The NBG-460N automatically turns back to Router Mode when the NBG-460N gets a WAN IP address that is not in the 192.168.x.y range.
CHAPTER 9 LAN 9.1 Overview This chapter describes how to configure LAN settings. A Local Area Network (LAN) is a shared communication system to which many computers are attached. A LAN is a computer network limited to the immediate area, usually the same building or floor of a building. Figure 104 LAN Setup LAN DSL The LAN screens can help you configure a LAN DHCP server, manage IP addresses, and partition your physical network into logical networks. 9.
Chapter 9 LAN 9.3 What You Need To Know The LAN parameters of the NBG-460N are preset in the factory with the following values: • IP address of 192.168.1.1 with subnet mask of 255.255.255.0 (24 bits) • DHCP server enabled with 32 client IP addresses starting from 192.168.1.33. These parameters should work for the majority of installations. If your ISP gives you explicit DNS server address(es), read the embedded Web Configurator help regarding what fields need to be configured. 9.3.
Chapter 9 LAN The following table describes the labels in this screen. Table 52 Network > LAN > IP LABEL DESCRIPTION LAN TCP/IP IP Address Type the IP address of your NBG-460N in dotted decimal notation 192.168.1.1 (factory default). IP Subnet Mask The subnet mask specifies the network number portion of an IP address. Your NBG-460N will automatically calculate the subnet mask based on the IP address that you assign. Unless you are implementing subnetting, use the subnet mask computed by the NBG-460N.
Chapter 9 LAN The following table describes the labels in this screen. Table 53 Network > LAN > IP Alias LABEL DESCRIPTION IP Alias 1,2 Select the check box to configure another LAN network for the NBG460N. IP Address Enter the IP address of your NBG-460N in dotted decimal notation. IP Subnet Mask Your NBG-460N will automatically calculate the subnet mask based on the IP address that you assign. Unless you are implementing subnetting, use the subnet mask computed by the NBG-460N.
Chapter 9 LAN Table 54 Network > LAN > Advanced LABEL DESCRIPTION Active Select this if you want to let computers on different subnets use the NBG-460N. Windows Networking (NetBIOS over TCP/IP): NetBIOS (Network Basic Input/Output System) are TCP or UDP broadcast packets that enable a computer to connect to and communicate with a LAN. For some dial-up services such as PPPoE or PPTP, NetBIOS packets cause unwanted calls.
Chapter 9 LAN 9.7.2 Any IP Traditionally, you must set the IP addresses and the subnet masks of a computer and the NBG-460N to be in the same subnet to allow the computer to access the Internet (through the NBG-460N). In cases where your computer is required to use a static IP address in another network, you may need to manually configure the network settings of the computer every time you want to access the Internet via the NBG-460N.
Chapter 9 LAN Address Resolution Protocol (ARP) is a protocol for mapping an Internet Protocol address (IP address) to a physical machine address, also known as a Media Access Control or MAC address, on the local area network. IP routing table is defined on IP Ethernet devices (the NBG-460N) to decide which hop to use, to help forward data along to its specified destination. The following lists out the steps taken, when a computer tries to access the Internet for the first time through the NBG-460N.
Chapter 9 LAN 156 NBG-460N User’s Guide
CHAPTER 10 DHCP 10.1 Overview DHCP (Dynamic Host Configuration Protocol, RFC 2131 and RFC 2132) allows individual clients to obtain TCP/IP configuration at start-up from a server. You can configure the NBG-460N’s LAN as a DHCP server or disable it. When configured as a server, the NBG-460N provides the TCP/IP configuration for the clients. If DHCP service is disabled, you must have another DHCP server on your LAN, or else the computer must be manually configured. 10.
Chapter 10 DHCP 10.4 DHCP General Screen Use this screen to enable the DHCP server. Click Network > DHCP. The following screen displays. Figure 110 Network > DHCP > General The following table describes the labels in this screen. Table 55 Network > DHCP > General LABEL DESCRIPTION Enable DHCP Server DHCP (Dynamic Host Configuration Protocol, RFC 2131 and RFC 2132) allows individual clients (computers) to obtain TCP/IP configuration at startup from a server.
Chapter 10 DHCP To change your NBG-460N’s static DHCP settings, click Network > DHCP > Advanced. The following screen displays. Figure 111 Network > DHCP > Advanced The following table describes the labels in this screen. Table 56 Network > DHCP > Advanced LABEL DESCRIPTION Static DHCP Table # This is the index number of the static IP table entry (row). MAC Address Type the MAC address (with colons) of a computer on your LAN. IP Address Type the LAN IP address of a computer on your LAN.
Chapter 10 DHCP Table 56 Network > DHCP > Advanced LABEL DESCRIPTION First DNS Server Select From ISP if your ISP dynamically assigns DNS server information (and the NBG-460N's WAN IP address). The field to the right displays the (read-only) DNS server IP address that the ISP assigns. Second DNS Server Third DNS Server Select User-Defined if you have the IP address of a DNS server. Enter the DNS server's IP address in the field to the right.
Chapter 10 DHCP The following screen displays. Figure 112 Network > DHCP > Client List The following table describes the labels in this screen. Table 57 Network > DHCP > Client List LABEL DESCRIPTION # This is the index number of the host computer. IP Address This field displays the IP address relative to the # field listed above. Host Name This field displays the computer host name.
Chapter 10 DHCP 162 NBG-460N User’s Guide
CHAPTER 11 Network Address Translation (NAT) 11.1 Overview This chapter discusses how to configure NAT on the NBG-460N. NAT (Network Address Translation - NAT, RFC 1631) is the translation of the IP address of a host in a packet. For example, the source address of an outgoing packet, used within one network is changed to a different IP address known within another network. Each packet has two addresses – a source address and a destination address.
Chapter 11 Network Address Translation (NAT) Note: You must create a firewall rule in addition to setting up NAT, to allow traffic from the WAN to be forwarded through the NBG-460N. 11.2 What You Can Do • Use the General screen (Section 11.3 on page 164) screen to enable NAT and set a default server. • Use the Application screen (Section 11.4 on page 165) to forward incoming service requests to the server(s) on your local network. • Use the Advanced screen (Section 11.
Chapter 11 Network Address Translation (NAT) Table 58 Network > NAT > General LABEL Server IP Address DESCRIPTION In addition to the servers for specified services, NAT supports a default server. A default server receives packets from ports that are not specified in the Application screen. If you do not assign a Default Server IP address, the NBG-460N discards all packets received for ports that are not specified in the Application screen or remote management.
Chapter 11 Network Address Translation (NAT) To change your NBG-460N’s port forwarding settings, click Network > NAT > Application. The screen appears as shown. Note: If you do not assign a Default Server IP address in the NAT > General screen, the NBG-460N discards all packets received for ports that are not specified in this screen or remote management. Refer to Appendix E on page 369 for port numbers commonly used for particular services.
Chapter 11 Network Address Translation (NAT) Table 59 Network > NAT > Application LABEL DESCRIPTION Service Name Type a name (of up to 31 printable characters) to identify this rule in the first field next to Service Name. Otherwise, select a predefined service in the second field next to Service Name. The predefined service name and port number(s) will display in the Service Name and Port fields. Port Type a port number(s) to be forwarded.
Chapter 11 Network Address Translation (NAT) 11.4.1 Game List Example Here is an example game list text file. The index number, service name and associated port(s) are specified by semi-colons (no spaces). Use the name=xxx (where xxx is the service name) to create a new service. Port range can be separated with a hyphen (-) (no spaces). Multiple (non-consecutive) ports can be separated by commas.
Chapter 11 Network Address Translation (NAT) addresses and the ISP assigns the WAN IP address. The NAT network appears as a single host on the Internet. Figure 117 Multiple Servers Behind NAT Example 11.5 NAT Advanced Screen Some services use a dedicated range of ports on the client side and a dedicated range of ports on the server side.
Chapter 11 Network Address Translation (NAT) Note: Only one LAN computer can use a trigger port (range) at a time. Figure 118 Network > NAT > Advanced The following table describes the labels in this screen. Table 60 Network > NAT > Advanced LABEL DESCRIPTION Max NAT/ Firewall Session Per User Type a number ranging from 1 to 16000 to limit the number of NAT/ firewall sessions that a host can create.
Chapter 11 Network Address Translation (NAT) Table 60 Network > NAT > Advanced LABEL DESCRIPTION Name Type a unique name (up to 15 characters) for identification purposes. All characters are permitted - including spaces. Incoming Incoming is a port (or a range of ports) that a server on the WAN uses when it sends out a particular service. The NBG-460N forwards the traffic with this port (or range of ports) to the client computer on the LAN that requested the service.
Chapter 11 Network Address Translation (NAT) 5 Only Jane can connect to the Real Audio server until the connection is closed or times out. The NBG-460N times out in three minutes with UDP (User Datagram Protocol), or two hours with TCP/IP (Transfer Control Protocol/Internet Protocol). 11.5.2 Two Points To Remember About Trigger Ports 172 1 Trigger events only happen on data that is going coming from inside the NBG460N and going to the outside.
CHAPTER 12 Dynamic DNS 12.1 Overview Dynamic DNS (DDNS) services let you use a domain name with a dynamic IP address. 12.2 What You Can Do Use the Dynamic DNS screen (Section 12.4 on page 174) to enable DDNS and configure the DDNS settings on the NBG-460N. 12.3 What You Need To Know Dynamic DNS allows you to update your current dynamic IP address with one or many dynamic DNS services so that anyone can contact you (in NetMeeting, CUSeeMe, etc.).
Chapter 12 Dynamic DNS Note: If you have a private WAN IP address, then you cannot use Dynamic DNS. You must have a public WAN IP address. 12.4 Dynamic DNS Screen Use this screen to enable DDNS and configure the DDNS settings on the NBG460N. To change your NBG-460N’s DDNS, click Network > DDNS. The screen appears as shown. Figure 120 Network > Dynamic DNS The following table describes the labels in this screen.
Chapter 12 Dynamic DNS Table 61 Network > Dynamic DNS LABEL DESCRIPTION Token Enter your client authorization key provided by the server to update DynDNS records. This field is configurable only when you select WWW.REGFISH.COM in the Service Provider field. Enable Wildcard Option Select the check box to enable DynDNS Wildcard. Enable off line option This option is available when CustomDNS is selected in the DDNS Type field.
Chapter 12 Dynamic DNS 176 NBG-460N User’s Guide
P ART III Security Firewall (179) Content Filtering (189) IPSec VPN (195) 177
CHAPTER 13 Firewall 13.1 Overview Use the screens in this chapter to enable and configure the firewall that protects your NBG-460N and your LAN from unwanted or malicious traffic. Enable the firewall to protect your LAN computers from attacks by hackers on the Internet and control access between the LAN and WAN. By default the firewall: • allows traffic that originates from your LAN computers to go to all of the networks. • blocks traffic that originates on the other networks from going to the LAN.
Chapter 13 Firewall • Use the Services screen (Section 13.5 on page 182) to enable service blocking, enter/delete/modify the services you want to block and the date/time you want to block them. 13.3 What You Need To Know The NBG-460N’s firewall feature physically separates the LAN and the WAN and acts as a secure gateway for all data passing between the networks. 13.3.
Chapter 13 Firewall You can have the NBG-460N permit the use of asymmetrical route topology on the network (not reset the connection). Allowing asymmetrical routes may let traffic from the WAN go directly to the LAN without passing through the NBG-460N. A better solution is to use IP alias to put the NBG-460N and the backup gateway on separate subnets. 13.3.3 Triangle Routes and IP Alias You can use IP alias instead of allowing triangle routes.
Chapter 13 Firewall 13.4 General Firewall Screen Use this screen to enable or disable the NBG-460N’s firewall, and set up firewall logs. Click Security > Firewall to open the General screen. Figure 123 Security > Firewall > General The following table describes the labels in this screen. Table 62 Security > Firewall > General LABEL DESCRIPTION Enable Firewall Select this check box to activate the firewall.
Chapter 13 Firewall You can also use this screen to enable service blocking, enter/delete/modify the services you want to block and the date/time you want to block them. Click Security > Firewall > Services. The screen appears as shown next. Figure 124 Security > Firewall > Services The following table describes the labels in this screen.
Chapter 13 Firewall Table 63 Security > Firewall > Services LABEL DESCRIPTION Do not respond to requests for unauthorized services Select this option to prevent hackers from finding the NBG-460N by probing for unused ports. If you select this option, the NBG-460N will not respond to port request(s) for unused ports, thus leaving the unused ports and the NBG-460N unseen.
Chapter 13 Firewall 13.5.1 The Add Firewall Rule Screen If you click Add or the Modify icon on an existing rule, the Add Firewall Rule screen is displayed. Use this screen to add a firewall rule or to modify an existing one. Figure 125 Security > Firewall > Services > Adding a Rule The following table describes the labels in this screen. Table 64 Security > Firewall > Services > Adding a Rule LABEL DESCRIPTION Active Select this check box to turn the rule on.
Chapter 13 Firewall Table 64 Security > Firewall > Services > Adding a Rule LABEL DESCRIPTION End IP Address Enter the ending IP address in a range here. This field is only available when IP Range is selected as the Address Type. IP Pool List Add an IP address from the IP Pool List to the Selected IP List by highlighting an IP address and clicking Add. To delete an IP address from the Selected IP List highlight an IP address and click the Remove button.
Chapter 13 Firewall Table 64 Security > Firewall > Services > Adding a Rule LABEL DESCRIPTION Max NAT/ Firewall Session Per User Type a number ranging from 1 to 16000 to limit the number of NAT/ firewall sessions that a host can create. Apply Click Apply to save the settings. Reset Click Reset to start configuring this screen again. Cancel Click Cancel to return to the Services screen without saving any changes.
Chapter 13 Firewall 188 NBG-460N User’s Guide
CHAPTER 14 Content Filtering 14.1 Overview This chapter provides a brief overview of content filtering using the embedded web GUI. Internet content filtering allows you to create and enforce Internet access policies tailored to your needs. Content filtering is the ability to block certain web features or specific URL keywords. 14.2 What You Can Do • Use the Filter screen (Section 14.4 on page 191) to restrict web features, add keywords for blocking and designate a trusted computer.
Chapter 14 Content Filtering Restrict Web Features The NBG-460N can disable web proxies and block web features such as ActiveX controls, Java applets and cookies. Keyword Blocking URL Checking The NBG-460N checks the URL’s domain name (or IP address) and file path separately when performing keyword blocking. The URL’s domain name or IP address is the characters that come before the first slash in the URL. For example, with the URL www.zyxel.com.tw/news/ pressroom.php, the domain name is www.zyxel.com.tw.
Chapter 14 Content Filtering 14.4 Filter Screen Use this screen to restrict web features, add keywords for blocking and designate a trusted computer. Click Security > Content Filter to open the Filter screen. Figure 126 Security > Content Filter > Filter The following table describes the labels in this screen.
Chapter 14 Content Filtering Table 65 Security > Content Filter > Filter LABEL DESCRIPTION Cookies Used by Web servers to track usage and provide service based on ID. Web Proxy A server that acts as an intermediary between a user and the Internet to provide security, administrative control, and caching service. When a proxy server is located on the WAN it is possible for LAN users to circumvent content filtering by pointing to this proxy server.
Chapter 14 Content Filtering 14.5 Schedule Screen Use this screen to set the day(s) and time you want the NBG-460N to use content filtering. Click Security > Content Filter > Schedule. The following screen displays. Figure 127 Security > Content Filter > Schedule The following table describes the labels in this screen. Table 66 Security > Content Filter > Schedule LABEL DESCRIPTION Day to Block Select check boxes for the days that you want the NBG-460N to perform content filtering.
Chapter 14 Content Filtering 14.6.1 Customizing Keyword Blocking URL Checking You can use commands to set how much of a website’s URL the content filter is to check for keyword blocking. See the appendices for information on how to access and use the command interpreter. Domain Name or IP Address URL Checking By default, the NBG-460N checks the URL’s domain name or IP address when performing keyword blocking. This means that the NBG-460N checks the characters that come before the first slash in the URL.
CHAPTER 15 IPSec VPN 15.1 Overview A virtual private network (VPN) provides secure communications between sites without the expense of leased site-to-site lines. A secure VPN is a combination of tunneling, encryption, authentication, access control and auditing. It is used to transport traffic over the Internet or any insecure network that uses TCP/IP for communication.
Chapter 15 IPSec VPN • Use the SA Monitor screen (Section 15.5 on page 218) to display and manage active VPN connections. 15.3 What You Need To Know A VPN tunnel is usually established in two phases. Each phase establishes a security association (SA), a contract indicating what security parameters the NBG460N and the remote IPSec router will use. The first phase establishes an Internet Key Exchange (IKE) SA between the NBG460N and remote IPSec router.
Chapter 15 IPSec VPN Note: Both routers must use the same negotiation mode. These modes are discussed in more detail in Section 15.6.5 on page 222. Main mode is used in various examples in the rest of this section. IP Addresses of the NBG-460N and Remote IPSec Router In the NBG-460N, you have to specify the IP addresses of the NBG-460N and the remote IPSec router to establish an IKE SA. You can usually provide a static IP address or a domain name for the NBG-460N.
Chapter 15 IPSec VPN 15.4 The General Screen Click Security > VPN to display the Summary screen. This is a read-only menu of your VPN rules (tunnels). Edit a VPN rule by clicking the Edit icon. Figure 130 Security > VPN > General The following table describes the fields in this screen. Table 67 Security > VPN > General LABEL DESCRIPTION # This is the VPN policy index number. Active This field displays whether the VPN policy is active or not. This icon is turned on when the rule is enabled.
Chapter 15 IPSec VPN Table 67 Security > VPN > General LABEL DESCRIPTION Windows Networking (NetBIOS over TCP/IP) NetBIOS (Network Basic Input/Output System) are TCP or UDP packets that enable a computer to find other computers. It may sometimes be necessary to allow NetBIOS packets to pass through VPN tunnels in order to allow local computers to find computers on the remote network and vice versa.
Chapter 15 IPSec VPN Use this screen to configure a VPN rule. Figure 132 Security > VPN > General > Rule Setup: IKE (Basic) The following table describes the labels in this screen. Table 68 Security > VPN > General > Rule Setup: IKE (Basic) LABEL DESCRIPTION Property 200 Active Select this check box to activate this VPN policy. Keep Alive Select this check box to have the NBG-460N automatically reinitiate the SA after the SA lifetime times out, even if there is no traffic.
Chapter 15 IPSec VPN Table 68 Security > VPN > General > Rule Setup: IKE (Basic) (continued) LABEL DESCRIPTION NAT Traversal Select this check box to enable NAT traversal. NAT traversal allows you to set up a VPN connection when there are NAT routers between the two IPSec routers. Note: The remote IPSec router must also have NAT traversal enabled. You can use NAT traversal with ESP protocol using Transport or Tunnel mode, but not with AH protocol nor with manual key management.
Chapter 15 IPSec VPN Table 68 Security > VPN > General > Rule Setup: IKE (Basic) (continued) LABEL DESCRIPTION Remote Policy Remote IP addresses must be static and correspond to the remote IPSec router's configured local IP addresses. The remote fields do not apply when the Secure Gateway IP Address field is configured to 0.0.0.0. In this case only the remote IPSec router can initiate the VPN. Two active SAs cannot have the local and remote IP address(es) both the same.
Chapter 15 IPSec VPN Table 68 Security > VPN > General > Rule Setup: IKE (Basic) (continued) LABEL DESCRIPTION Local Content When you select IP in the Local ID Type field, type the IP address of your computer in the Local Content field. The NBG-460N automatically uses the IP address in the My IP Address field (refer to the My IP Address field description) if you configure the Local Content field to 0.0.0.0 or leave it blank. It is recommended that you type an IP address other than 0.0.0.
Chapter 15 IPSec VPN Table 68 Security > VPN > General > Rule Setup: IKE (Basic) (continued) LABEL DESCRIPTION Peer Content The configuration of the peer content depends on the peer ID type. For IP, type the IP address of the computer with which you will make the VPN connection. If you configure this field to 0.0.0.0 or leave it blank, the NBG-460N will use the address in the Secure Gateway Address field (refer to the Secure Gateway Address field description).
Chapter 15 IPSec VPN Table 68 Security > VPN > General > Rule Setup: IKE (Basic) (continued) LABEL DESCRIPTION Encryption Algorithm Select which key size and encryption algorithm to use for data communications.
Chapter 15 IPSec VPN Use this screen to configure a VPN rule.
Chapter 15 IPSec VPN The following table describes the labels in this screen. Table 69 Security > VPN > General > Rule Setup: IKE (Advanced) LABEL DESCRIPTION Property Active Select this check box to activate this VPN policy. Keep Alive Select this check box to have the NBG-460N automatically reinitiate the SA after the SA lifetime times out, even if there is no traffic. The remote IPSec router must also have keep alive enabled in order for this feature to work.
Chapter 15 IPSec VPN Table 69 Security > VPN > General > Rule Setup: IKE (Advanced) (continued) LABEL DESCRIPTION Local Policy Local IP addresses must be static and correspond to the remote IPSec router's configured remote IP addresses. Two active SAs can have the same configured local or remote IP address, but not both. You can configure multiple SAs between the same local and remote IP addresses, as long as only one is active at any time.
Chapter 15 IPSec VPN Table 69 Security > VPN > General > Rule Setup: IKE (Advanced) (continued) LABEL DESCRIPTION Remote Address For a single IP address, enter a (static) IP address on the network behind the remote IPSec router. For a specific range of IP addresses, enter the beginning (static) IP address, in a range of computers on the network behind the remote IPSec router.
Chapter 15 IPSec VPN Table 69 Security > VPN > General > Rule Setup: IKE (Advanced) (continued) LABEL DESCRIPTION Local Content When you select IP in the Local ID Type field, type the IP address of your computer in the Local Content field. The NBG-460N automatically uses the IP address in the My IP Address field (refer to the My IP Address field description) if you configure the Local Content field to 0.0.0.0 or leave it blank. It is recommended that you type an IP address other than 0.0.0.
Chapter 15 IPSec VPN Table 69 Security > VPN > General > Rule Setup: IKE (Advanced) (continued) LABEL DESCRIPTION Peer Content The configuration of the peer content depends on the peer ID type. For IP, type the IP address of the computer with which you will make the VPN connection. If you configure this field to 0.0.0.0 or leave it blank, the NBG-460N will use the address in the Secure Gateway Address field (refer to the Secure Gateway Address field description).
Chapter 15 IPSec VPN Table 69 Security > VPN > General > Rule Setup: IKE (Advanced) (continued) LABEL DESCRIPTION Pre-Shared Key Type your pre-shared key in this field. A pre-shared key identifies a communicating party during a phase 1 IKE negotiation. It is called "pre-shared" because you have to share it with another party before you can communicate with them over a secure connection. Type from 8 to 31 case-sensitive ASCII characters or from 16 to 62 hexadecimal ("0-9", "A-F") characters.
Chapter 15 IPSec VPN Table 69 Security > VPN > General > Rule Setup: IKE (Advanced) (continued) LABEL DESCRIPTION Perfect Forward Secrecy (PFS) Select whether or not you want to enable Perfect Forward Secrecy (PFS) and, if you do, which Diffie-Hellman key group to use for encryption. Choices are: None - disable PFS DH1 - enable PFS and use a 768-bit random number DH2 - enable PFS and use a 1024-bit random number PFS changes the root key that is used to generate encryption keys for each IPSec SA.
Chapter 15 IPSec VPN 15.4.3.3 Authentication and the Security Parameter Index (SPI) For authentication, the NBG-460N and remote IPSec router use the SPI, instead of pre-shared keys, ID type and content. The SPI is an identification number. Note: The NBG-460N and remote IPSec router must use the same SPI. Figure 134 Security > VPN > General > Rule Setup: Manual The following table describes the labels in this screen.
Chapter 15 IPSec VPN Table 70 Security > VPN > General > Rule Setup: Manual (continued) LABEL DESCRIPTION IPSec Keying Mode Select IKE or Manual from the drop-down list box. IKE provides more protection so it is generally recommended. Manual is a useful option for troubleshooting if you have problems using IKE key management. Protocol Number Enter 1 for ICMP, 6 for TCP, 17 for UDP, etc. 0 is the default and signifies any protocol.
Chapter 15 IPSec VPN Table 70 Security > VPN > General > Rule Setup: Manual (continued) LABEL DESCRIPTION Remote Policy Remote IP addresses must be static and correspond to the remote IPSec router's configured local IP addresses. The remote fields do not apply when the Secure Gateway IP Address field is configured to 0.0.0.0. In this case only the remote IPSec router can initiate the VPN. Two active SAs cannot have the local and remote IP address(es) both the same.
Chapter 15 IPSec VPN Table 70 Security > VPN > General > Rule Setup: Manual (continued) LABEL DESCRIPTION Secure Gateway Address Type the WAN IP address or the domain name (up to 31 characters) of the IPSec router with which you're making the VPN connection. Set this field to 0.0.0.0 if the remote IPSec router has a dynamic WAN IP address (the IPSec Keying Mode field must be set to IKE). In order to have more than one active rule with the Secure Gateway Address field set to 0.0.0.
Chapter 15 IPSec VPN Table 70 Security > VPN > General > Rule Setup: Manual (continued) LABEL DESCRIPTION Authentication Algorithm Select which hash algorithm to use to authenticate packet data in the IPSec SA. Choices are SHA1 and MD5. SHA1 is generally considered stronger than MD5, but it is also slower. Authentication Key Type a unique authentication key to be used by IPSec if applicable. Enter 16 characters for MD5 authentication or 20 characters for SHA-1 authentication.
Chapter 15 IPSec VPN 15.6 Technical Reference The following section contains additional technical information about the NBG460N features described in this chapter. 15.6.1 VPN and Remote Management You can allow someone to use a service (like Telnet or HTTP) through a VPN tunnel to manage the NBG-460N. One of the NBG-460N’s ports must be part of the VPN rule’s local network. This can be the NBG-460N’s LAN port if you do not want to allow remote management on the WAN port.
Chapter 15 IPSec VPN IPSec router use in the IKE SA. In main mode, this is done in steps 1 and 2, as illustrated below. Figure 137 IKE SA: Main Negotiation Mode, Steps 1 - 2: IKE SA Proposal 1 2 The NBG-460N sends a proposal to the remote IPSec router. Each proposal consists of an encryption algorithm, authentication algorithm, and DH key group that the NBG-460N wants to use in the IKE SA. The remote IPSec router sends the accepted proposal back to the NBG-460N.
Chapter 15 IPSec VPN 15.6.4 Authentication Before the NBG-460N and remote IPSec router establish an IKE SA, they have to verify each other’s identity. This process is based on pre-shared keys and router identities. In main mode, the NBG-460N and remote IPSec router authenticate each other in steps 5 and 6, as illustrated below. Their identities are encrypted using the encryption algorithm and encryption key the NBG-460N and remote IPSec router selected in previous steps.
Chapter 15 IPSec VPN Table 72 VPN Example: Matching ID Type and Content NBG-460N REMOTE IPSEC ROUTER Peer ID type: IP Peer ID type: E-mail Peer ID content: 1.1.1.2 Peer ID content: tom@yourcompany.com In the following example, the ID type and content do not match so the authentication fails and the NBG-460N and the remote IPSec router cannot establish an IKE SA.
Chapter 15 IPSec VPN Step 3: The NBG-460N authenticates the remote IPSec router and confirms that the IKE SA is established. Aggressive mode does not provide as much security as main mode because the identity of the NBG-460N and the identity of the remote IPSec router are not encrypted. It is usually used when the address of the initiator is not known by the responder and both parties want to use pre-shared keys for authentication (for example, telecommuters). 15.6.
Chapter 15 IPSec VPN 15.6.7 IPSec Protocol The IPSec protocol controls the format of each packet. It also specifies how much of each packet is protected by the encryption and authentication algorithms. IPSec VPN includes two IPSec protocols, AH (Authentication Header, RFC 2402) and ESP (Encapsulating Security Payload, RFC 2406). Note: The NBG-460N and remote IPSec router must use the same IPSec protocol. Usually, you should select ESP. AH does not support encryption, and ESP is more suitable with NAT.
Chapter 15 IPSec VPN In transport mode, the encapsulation depends on the IPSec protocol. With AH, the NBG-460N includes part of the original IP header when it encapsulates the packet. With ESP, however, the NBG-460N does not include the IP header when it encapsulates the packet, so it is not possible to verify the integrity of the source IP address. 15.6.
Chapter 15 IPSec VPN An IPSec SA can be set to keep alive Normally, the NBG-460N drops the IPSec SA when the life time expires or after two minutes of outbound traffic with no inbound traffic. If you set the IPSec SA to keep alive , the NBG-460N automatically renegotiates the IPSec SA when the SA life time expires, and it does not drop the IPSec SA if there is no inbound traffic.
Chapter 15 IPSec VPN computers that use private domain names on the HQ network, the NBG-460N at B uses the Intranet DNS server in headquarters. Figure 142 Private DNS Server Example ISP DNS Servers LAN DNS: 212.51.61.170 212.54.64.171 B 212.54.64.170 212.54.64.171 HQ 10.1.1.1/200 Intranet DNS 10.1.1.10 Note: If you do not specify an Intranet DNS server on the remote network, then the VPN host must use IP addresses to access the computers on the remote private network.
Chapter 15 IPSec VPN 228 NBG-460N User’s Guide
P ART IV Management Static Route (231) Bandwidth Management (235) Remote Management (247) Universal Plug-and-Play (UPnP) (253) 229
CHAPTER 16 Static Route 16.1 Overview This chapter shows you how to configure static routes for your NBG-460N. The NBG-460N usually uses the default gateway to route outbound traffic from computers on the LAN to the Internet. To have the NBG-460N send data to devices not reachable through the default gateway, use static routes. For example, the next figure shows a computer (A) connected to the NBG-460N’s LAN interface.
Chapter 16 Static Route • Use the Static Route Setup screen (Section 16.3.1 on page 233) to add or edit a static route rule. 16.3 IP Static Route Screen Use this screen to view existing static route rules. Click Management > Static Route to open the IP Static Route screen. The following screen displays. Figure 144 Management > Static Route > IP Static Route The following table describes the labels in this screen.
Chapter 16 Static Route 16.3.1 Static Route Setup Screen To edit a static route, click the edit icon under Modify. The following screen displays. Fill in the required information for each static route. Figure 145 Management > Static Route > IP Static Route: Static Route Setup The following table describes the labels in this screen. Table 75 Management > Static Route > IP Static Route: Static Route Setup LABEL DESCRIPTION Route Name Enter the name of the IP static route.
Chapter 16 Static Route Table 75 Management > Static Route > IP Static Route: Static Route Setup 234 LABEL DESCRIPTION Apply Click Apply to save your changes back to the NBG-460N. Cancel Click Cancel to return to the previous screen and not save your changes.
CHAPTER 17 Bandwidth Management 17.1 Overview This chapter contains information about configuring bandwidth management and editing rules. ZyXEL’s Bandwidth Management allows you to specify bandwidth management rules based on an application. In the figure below, uplink traffic goes from the LAN device (A) to the WAN device (B). Bandwidth management is applied before sending the packets out to the WAN. Downlink traffic comes back from the WAN device (B) to the LAN device (A).
Chapter 17 Bandwidth Management 17.3 What You Need To Know The NBG-460N applies bandwidth management to traffic that it forwards out through an interface. The NBG-460N does not control the bandwidth of traffic that comes into an interface. Bandwidth management applies to all traffic flowing out of the router, regardless of the traffic's source. Traffic redirect or IP alias may cause LAN-to-LAN traffic to pass through the NBG460N and be managed by bandwidth management.
Chapter 17 Bandwidth Management Click Management > Bandwidth MGMT to open the bandwidth management General screen. Figure 147 Management > Bandwidth MGMT > General The following table describes the labels in this screen. Table 76 Management > Bandwidth MGMT > General LABEL DESCRIPTION Enable Bandwidth Management Select this to have the NBG-460N apply bandwidth management.
Chapter 17 Bandwidth Management Table 76 Management > Bandwidth MGMT > General LABEL DESCRIPTION WAN Bandwidth Enter the amount of bandwidth in Mbps (2 to 100) that you want to allocate for WAN traffic. The recommendation is to set this speed to be equal to or less than the speed of the broadband device connected to the WAN port. For example, set the speed to 10 Mbps (or less) if the broadband device connected to the WAN port has an upstream speed of 10 Mbps.
Chapter 17 Bandwidth Management Click Management > Bandwidth MGMT > Advanced to open the bandwidth management Advanced screen. Figure 148 Management > Bandwidth MGMT > Advanced The following table describes the labels in this screen. Table 77 Management > Bandwidth MGMT > Advanced LABEL DESCRIPTION Application List Use this table to allocate specific amounts of bandwidth based on the pre-defined service. # This is the number of an individual bandwidth management rule.
Chapter 17 Bandwidth Management Table 77 Management > Bandwidth MGMT > Advanced (continued) LABEL DESCRIPTION User-defined Service Use this table to allocate specific amounts of bandwidth to specific applications or services you specify. # This is the number of an individual bandwidth management rule. Enable Select this check box to have the NBG-460N apply this bandwidth management rule. Direction Select To LAN to apply bandwidth management to traffic from WAN to LAN.
Chapter 17 Bandwidth Management The following table describes the labels in this screen. Table 78 Bandwidth Management Rule Configuration: Pre-defined Service LABEL DESCRIPTION # This is the number of an individual bandwidth management rule. Enable Select an interface’s check box to enable bandwidth management on that interface. Direction These read-only labels represent the physical interfaces.
Chapter 17 Bandwidth Management The following table describes the labels in this screen Table 79 Bandwidth Management Rule Configuration: User-defined Service Rule Configuration LABEL DESCRIPTION Destination Address Enter the destination IP address in dotted decimal notation. Destination Subnet Netmask Enter the subnet netmask of the destination of the traffic for which the bandwidth management rule applies.
Chapter 17 Bandwidth Management Click Management > Bandwidth MGMT > Monitor to open the bandwidth management Monitor screen. Figure 151 Management > Bandwidth MGMT > Monitor 17.7 Technical References The following section contains additional technical information about the NBG460N features described in this chapter. 17.7.
Chapter 17 Bandwidth Management Table 80 Media Bandwidth Management Setup: Services (continued) SERVICE DESCRIPTION BitTorrent BitTorrent is a free P2P (peer-to-peer) sharing tool allowing you to distribute large software and media files. BitTorrent requires you to search for a file with a searching engine yourself. It distributes files by corporation and trading, that is, the client downloads the file in small pieces and share the pieces with other peers to get other half of the file.
Chapter 17 Bandwidth Management 17.7.3 Bandwidth Management Priorities The following table describes the priorities that you can apply to traffic that the NBG-460N forwards out through an interface. Table 82 Bandwidth Management Priorities PRIORITY LEVELS: TRAFFIC WITH A HIGHER PRIORITY GETS THROUGH FASTER WHILE TRAFFIC WITH A LOWER PRIORITY IS DROPPED IF THE NETWORK IS CONGESTED. High Typically used for voice traffic or video that is especially sensitive to jitter (jitter is the variations in delay).
Chapter 17 Bandwidth Management 246 NBG-460N User’s Guide
CHAPTER 18 Remote Management 18.1 Overview This chapter provides information on the Remote Management screens. Remote Management allows you to manage your NBG-460N from a remote location through the following interfaces: • LAN and WAN • LAN only • WAN only Note: When you configure remote management to allow management from the WAN, or choose WAN or LAN & WAN in the options above, you still need to configure a firewall rule to allow access.
Chapter 18 Remote Management 18.3 What You Need To Know You may only have one remote management session running at a time. The NBG460N automatically disconnects a remote management session of lower priority when another remote management session of higher priority starts. The priorities for the different types of remote management sessions are as follows. 1. Telnet 2. HTTP Note: To disable remote management of a service, select Disable in the corresponding Server Access field. 18.3.
Chapter 18 Remote Management 18.4 WWW Screen Use this screen to define the interface/s from which the NBG-460N can be managed remotely using the web and specify a secure client that can manage the NBG-460N. To change your NBG-460N’s World Wide Web settings, click Management > Remote MGMT to display the WWW screen. Figure 152 Management > Remote MGMT > WWW The following table describes the labels in this screen.
Chapter 18 Remote Management 18.5 Telnet Screen You can use Telnet to access the NBG-460N’s command line interface. Specify the interface/s from which the NBG-460N can be managed remotely using this service and specify a secure client that can manage the NBG-460N. To change your NBG-460N’s Telnet settings, click Management > Remote MGMT > Telnet. The following screen displays. Figure 153 Management > Remote MGMT > Telnet The following table describes the labels in this screen.
Chapter 18 Remote Management Use this screen to specify the interface/s from which you can upload the firmware or configuration file to the NBG-460N and specify a secure client that can manage the NBG-460N. To change your NBG-460N’s FTP settings, click Management > Remote MGMT > FTP. Figure 154 Management > Remote MGMT > FTP The following table describes the labels in this screen.
Chapter 18 Remote Management To change your NBG-460N’s DNS settings, click Management > Remote MGMT > DNS. The screen appears as shown. Figure 155 Management > Remote MGMT > DNS The following table describes the labels in this screen. Table 86 Management > Remote MGMT > DNS LABEL DESCRIPTION Server Port The DNS service port number is 53 and cannot be modified. Server Access Select the interface(s) through which a computer may send DNS queries to the NBG-460N.
CHAPTER 19 Universal Plug-and-Play (UPnP) 19.1 Overview This chapter introduces the UPnP feature in the Web Configurator. Universal Plug and Play (UPnP) is a distributed, open networking standard that uses TCP/IP for simple peer-to-peer network connectivity between devices. A UPnP device can dynamically join a network, obtain an IP address, convey its capabilities and learn about other devices on the network. In turn, a device can leave a network smoothly and automatically when it is no longer in use.
Chapter 19 Universal Plug-and-Play (UPnP) • Learning public IP addresses • Assigning lease times to mappings Windows Messenger is an example of an application that supports NAT traversal and UPnP. See the NAT chapter for more information on NAT. 19.3.2 Cautions with UPnP The automated nature of NAT traversal applications in establishing their own services and opening firewall ports may present network security issues.
Chapter 19 Universal Plug-and-Play (UPnP) The following table describes the labels in this screen. Table 87 Management > UPnP > General LABEL DESCRIPTION Enable the Universal Plug and Play (UPnP) Feature Select this check box to activate UPnP. Be aware that anyone could use a UPnP application to open the Web Configurator's login screen without entering the NBG-460N's IP address (although you must still enter the password to access the Web Configurator).
Chapter 19 Universal Plug-and-Play (UPnP) 2 Right-click the icon and select Properties. Figure 157 Network Connections 3 In the Internet Connection Properties window, click Settings to see the port mappings there were automatically created.
Chapter 19 Universal Plug-and-Play (UPnP) 4 You may edit or delete the port mappings or click Add to manually add port mappings. Figure 159 Internet Connection Properties: Advanced Settings Figure 160 Internet Connection Properties: Advanced Settings: Add Note: When the UPnP-enabled device is disconnected from your computer, all port mappings will be deleted automatically. 5 Select Show icon in notification area when connected option and click OK. An icon displays in the system tray.
Chapter 19 Universal Plug-and-Play (UPnP) 6 Double-click on the icon to display your current Internet connection status. Figure 162 Internet Connection Status 19.5.2 Web Configurator Easy Access With UPnP, you can access the web-based configurator on the NBG-460N without finding out the IP address of the NBG-460N first. This comes helpful if you do not know the IP address of the NBG-460N. Follow the steps below to access the Web Configurator. 258 1 Click Start and then Control Panel.
Chapter 19 Universal Plug-and-Play (UPnP) 3 Select My Network Places under Other Places. Figure 163 Network Connections 4 An icon with the description for each UPnP-enabled device displays under Local Network. 5 Right-click on the icon for your NBG-460N and select Invoke. The Web Configurator login screen displays.
Chapter 19 Universal Plug-and-Play (UPnP) 6 Right-click on the icon for your NBG-460N and select Properties. A properties window displays with basic information about the NBG-460N.
P ART V Maintenance and Troubleshooting System (263) Logs (269) Tools (289) Configuration Mode (297) Sys Op Mode (299) Language (303) Troubleshooting (305) Product Specifications and Wall-Mounting Instructions (313) 261
CHAPTER 20 System 20.1 Overview This chapter provides information on the System screens. Refer to the chapter on Connection Wizard chapter on page 49 for background information. 20.2 What You Can Do • Use the General screen (Section 20.3 on page 263) to enter a name to identify the NBG-460N in the network and set the password. • Use the Time Setting screen (Section 20.4 on page 265) to change your NBG460N’s time and date. 20.
Chapter 20 System The following table describes the labels in this screen. Table 88 Maintenance > System > General LABEL DESCRIPTION System Name System Name is a unique name to identify the NBG-460N in an Ethernet network. It is recommended you enter your computer’s “Computer name” in this field. This name can be up to 30 alphanumeric characters long. Spaces are not allowed, but dashes “-” and underscores “_” are accepted. Domain Name Enter the domain name (if you know it) here.
Chapter 20 System 20.4 Time Setting Screen To change your NBG-460N’s time and date, click Maintenance > System > Time Setting. The screen appears as shown. Use this screen to configure the NBG-460N’s time based on your local time zone. Figure 168 Maintenance > System > Time Setting he following table describes the labels in this screen. Table 89 Maintenance > System > Time Setting LABEL DESCRIPTION Current Time and Date Current Time This field displays the time of your NBG-460N.
Chapter 20 System Table 89 Maintenance > System > Time Setting LABEL DESCRIPTION New Date This field displays the last updated date from the time server or the last date configured manually. (yyyy/mm/dd) When you set Time and Date Setup to Manual, enter the new date in this field and then click Apply. Get from Time Server Select this radio button to have the NBG-460N get the time and date from the time server you specified below.
Chapter 20 System Table 89 Maintenance > System > Time Setting LABEL DESCRIPTION End Date Configure the day and time when Daylight Saving Time ends if you selected Daylight Savings. The o'clock field uses the 24 hour format. Here are a couple of examples: Daylight Saving Time ends in the United States on the last Sunday of October. Each time zone in the United States stops using Daylight Saving Time at 2 A.M. local time.
Chapter 20 System 268 NBG-460N User’s Guide
CHAPTER 21 Logs 21.1 Overview This chapter contains information about configuring general log settings and viewing the NBG-460N’s logs. Refer to Section 21.6.1 on page 274 for example log message explanations. The Web Configurator allows you to look at all of the NBG-460N’s logs in one location. 21.2 What You Can Do • Use the View Log screen (Section 21.
Chapter 21 Logs 21.4 View Log Screen Use the View Log screen to see the logs for the categories that you selected in the Log Settings screen (see Section 21.5 on page 271). Options include logs about system maintenance, system errors, access control, allowed or blocked web sites, blocked web features (such as ActiveX controls, Java and cookies), attacks (such as DoS) and IPSec. Log entries in red indicate system error logs. The log wraps around and deletes the old entries after it fills.
Chapter 21 Logs Table 90 Maintenance > Logs > View Log LABEL DESCRIPTION Refresh Click Refresh to renew the log screen. Clear Log Click Clear Log to delete all the logs. # This is the number of the log entry. Time This field displays the time the log was recorded. See the chapter on system maintenance and information to configure the NBG-460N’s time and date. Message This field states the reason for the log.
Chapter 21 Logs Click Maintenance > Logs > Log Settings to open the Log Settings screen. Figure 170 Maintenance > Logs > Log Settings The following table describes the labels in this screen. Table 91 Maintenance > Logs > Log Settings LABEL DESCRIPTION E-mail Log Settings Mail Server 272 Enter the server name or the IP address of the mail server for the email addresses specified below. If this field is left blank, logs and alert messages will not be sent via e-mail.
Chapter 21 Logs Table 91 Maintenance > Logs > Log Settings LABEL DESCRIPTION Mail Subject Type a title that you want to be in the subject line of the log e-mail message that the NBG-460N sends. Not all NBG-460N models have this field. Send Log To The NBG-460N sends logs to the e-mail address specified in this field. If this field is left blank, the NBG-460N does not send logs via e-mail.
Chapter 21 Logs Table 91 Maintenance > Logs > Log Settings LABEL DESCRIPTION Log Select the categories of logs that you want to record. Send Immediate Alert Select log categories for which you want the NBG-460N to send email alerts immediately. Apply Click Apply to save your changes. Reset Click Reset to begin configuring this screen afresh. 21.6 Technical Reference The following section contains additional technical information about the NBG460N features described in this chapter. 21.6.
Chapter 21 Logs Table 92 System Maintenance Logs (continued) LOG MESSAGE DESCRIPTION Time initialized by Time server The router got the time and date from the time server. Time initialized by NTP server The router got the time and date from the NTP server. Connect to Daytime server fail The router was not able to connect to the Daytime server. Connect to Time server fail The router was not able to connect to the Time server.
Chapter 21 Logs Table 94 Access Control Logs LOG MESSAGE DESCRIPTION Firewall default policy: [TCP | UDP | IGMP | ESP | GRE | OSPF] Attempted TCP/UDP/IGMP/ESP/GRE/OSPF access matched the default policy and was blocked or forwarded according to the default policy’s setting.
Chapter 21 Logs Table 95 TCP Reset Logs (continued) LOG MESSAGE DESCRIPTION Firewall session time out, sent TCP RST The router sent a TCP reset packet when a dynamic firewall session timed out. The default timeout values are as follows: ICMP idle timeout: 3 minutes UDP idle timeout: 3 minutes TCP connection (three way handshaking) timeout: 270 seconds TCP FIN-wait timeout: 2 MSL (Maximum Segment Lifetime set in the TCP header).
Chapter 21 Logs Table 97 ICMP Logs (continued) LOG MESSAGE DESCRIPTION Triangle route packet forwarded: ICMP The firewall allowed a triangle route session to pass through. Packet without a NAT table entry blocked: ICMP The router blocked a packet that didn’t have a corresponding NAT table entry. Unsupported/out-of-order ICMP: ICMP The firewall does not support this kind of ICMP packets or the ICMP packets are out of order.
Chapter 21 Logs Table 100 UPnP Logs LOG MESSAGE DESCRIPTION UPnP pass through Firewall UPnP packets can pass through the firewall. Table 101 Content Filtering Logs LOG MESSAGE DESCRIPTION %s: Keyword blocking The content of a requested web page matched a user defined keyword. %s: Not in trusted web list The web site is not in a trusted domain, and the router blocks all traffic except trusted domain sites. %s: Forbidden Web site The web site is in the forbidden web site list.
Chapter 21 Logs Table 102 Attack Logs LOG MESSAGE DESCRIPTION attack [TCP | UDP | IGMP | ESP | GRE | OSPF] The firewall detected a TCP/UDP/IGMP/ESP/GRE/OSPF attack. attack ICMP (type:%d, code:%d) The firewall detected an ICMP attack. For type and code details, see Table 108 on page 286. land [TCP | UDP | IGMP | ESP | GRE | OSPF] The firewall detected a TCP/UDP/IGMP/ESP/GRE/OSPF land attack. land ICMP (type:%d, code:%d) The firewall detected an ICMP land attack.
Chapter 21 Logs Table 103 IPSec Logs (continued) LOG MESSAGE DESCRIPTION Receive IPSec packet, but no corresponding tunnel exists The router dropped an inbound packet for which SPI could not find a corresponding phase 2 SA. Rule <%d> idle time out, disconnect The router dropped a connection that had outbound traffic and no inbound traffic for a certain time period. You can use the "ipsec timer chk_conn" CI command to set the time period. The default value is 2 minutes.
Chapter 21 Logs Table 104 IKE Logs (continued) 282 LOG MESSAGE DESCRIPTION Peer ID: - The displayed ID information did not match between the two ends of the connection. vs. My Remote The displayed ID information did not match between the two ends of the connection. vs. My Local - The displayed ID information did not match between the two ends of the connection. Send A packet was sent.
Chapter 21 Logs Table 104 IKE Logs (continued) LOG MESSAGE DESCRIPTION XAUTH fail! Username: The router was not able to use extended authentication to authenticate the listed username. Rule[%d] Phase 1 negotiation mode mismatch The listed rule’s IKE phase 1 negotiation mode did not match between the router and the peer. Rule [%d] Phase 1 encryption algorithm mismatch The listed rule’s IKE phase 1 encryption algorithm did not match between the router and the peer.
Chapter 21 Logs Table 104 IKE Logs (continued) LOG MESSAGE DESCRIPTION Rule [%d] phase 1 mismatch The listed rule’s IKE phase 1 did not match between the router and the peer. Rule [%d] phase 2 mismatch The listed rule’s IKE phase 2 did not match between the router and the peer. Rule [%d] Phase 2 key length mismatch The listed rule’s IKE phase 2 key lengths (with the AES encryption algorithm) did not match between the router and the peer.
Chapter 21 Logs Table 105 PKI Logs (continued) LOG MESSAGE DESCRIPTION Failed to decode the received CRL The router received a corrupted CRL (Certificate Revocation List) from the LDAP server whose address and port are recorded in the Source field. Failed to decode the received ARL The router received a corrupted ARL (Authority Revocation List) from the LDAP server whose address and port are recorded in the Source field.
Chapter 21 Logs Table 106 802.1X Logs (continued) LOG MESSAGE DESCRIPTION Local User Database does not support authentication method. A user tried to use an authentication method that the local user database does not support (it only supports EAP-MD5). No response from RADIUS. Pls check RADIUS Server. There is no response message from the RADIUS server, please check the RADIUS server. Use Local User Database to authenticate user. The local user database is operating as the authentication server.
Chapter 21 Logs Table 108 ICMP Notes (continued) TYPE CODE DESCRIPTION 0 A gateway may discard internet datagrams if it does not have the buffer space needed to queue the datagrams for output to the next network on the route to the destination network.
Chapter 21 Logs The following table shows RFC-2408 ISAKMP payload types that the log displays. Please refer to the RFC for detailed information on each type.
CHAPTER 22 Tools 22.1 Overview This chapter shows you how to upload a new firmware, upload or save backup configuration files and restart the NBG-460N. 22.2 What You Can Do • Use the Firmware screen (Section 22.3 on page 289) to upload firmware to your NBG-460N. • Use the Configuration screen (Section 22.4 on page 292) to view information related to factory defaults, backup configuration, and restoring configuration. • Use the Restart screen (Section 22.5 on page 294) to have the NBG-460N reboot.
Chapter 22 Tools Click Maintenance > Tools. Follow the instructions in this screen to upload firmware to your NBG-460N. Figure 171 Maintenance > Tools > Firmware The following table describes the labels in this screen. Table 111 Maintenance > Tools > Firmware LABEL DESCRIPTION File Path Type in the location of the file you want to upload in this field or click Browse... to find it. Browse... Click Browse... to find the .bin file you want to upload. Remember that you must decompress compressed (.
Chapter 22 Tools The NBG-460N automatically restarts in this time causing a temporary network disconnect. In some operating systems, you may see the following icon on your desktop. Figure 173 Network Temporarily Disconnected After two minutes, log in again and check your new firmware version in the Status screen. If the upload was not successful, the following screen will appear. Click Return to go back to the Firmware screen.
Chapter 22 Tools 22.4 Configuration Screen Click Maintenance > Tools > Configuration. Information related to factory defaults, backup configuration, and restoring configuration appears as shown next. Figure 175 Maintenance > Tools > Configuration 22.4.1 Backup Configuration Backup configuration allows you to back up (save) the NBG-460N’s current configuration to a file on your computer.
Chapter 22 Tools Table 112 Maintenance Restore Configuration LABEL DESCRIPTION Browse... Click Browse... to find the file you want to upload. Remember that you must decompress compressed (.ZIP) files before you can upload them. Upload Click Upload to begin the upload process. Note: Do not turn off the NBG-460N while configuration file upload is in progress After you see a “configuration upload successful” screen, you must then wait one minute before logging into the NBG-460N again.
Chapter 22 Tools If the upload was not successful, the following screen will appear. Click Return to go back to the Configuration screen. Figure 178 Configuration Restore Error 22.4.3 Back to Factory Defaults Pressing the Reset button in this section clears all user-entered configuration information and returns the NBG-460N to its factory defaults. You can also press the RESET button on the rear panel to reset the factory defaults of your NBG-460N.
Chapter 22 Tools 22.6 Wake On LAN Wake On LAN (WOL) allows you to remotely turn on a device on the network. To use this feature the remote hardware (for example the network adapter on your computer) must support Wake On LAN. You need to know the MAC address of the remote device. It may be on a label on the device or in it’s documentation. Click Maintenance > Tools > Wake On LAN to use this feature. Note: The NBG-460N can only wake up remote devices that exist in it’s ARP table.
Chapter 22 Tools Note: When the NBG-460N reboots from low power mode, some processes may not automatically resume. Click Maintenance > Tools > Green to open the following screen. Figure 181 TMaintenance > Tools > Green The following table describes the labels in this screen. Table 114 Maintenance > Tools > Green LABEL DESCRIPTION Green Enable Check this to enable the power saving mode on your NBG-460N. By default, this feature is disabled.
CHAPTER 23 Configuration Mode 23.1 Overview Your NBG-460N allows you to hide or display the advanced screens of some features or the advanced features, such as MAC filter or static route. Advanced is selected by default and you cannot see the advanced screens or features as soon as you log on to the Web Configurator. If you do not want to view and configure all screens including the advanced ones, select Basic and click Apply. 23.2 What You Can Do Use the General screen (Section 23.
Chapter 23 Configuration Mode The following table describes the labels in this screen. Table 115 Maintenance > Config Mode > General LABEL DESCRIPTION Basic Select Basic mode to have the Web Configurator hide the configuration screens of the more advanced features of your NBG-460N. Advanced Select Advanced mode to configure the more advanced settings of your NBG-460N. Apply Click on this to set the mode. Reset Click on this to reset your selection.
CHAPTER 24 Sys Op Mode 24.1 Overview The Sys Op Mode (System Operation Mode) function lets you configure whether your NBG-460N is a router or AP. You can choose between Router Mode and AP Mode depending on your network topology and the features you require from your device. See Section 1.1 on page 23 for more information on which mode to choose. 24.2 What You Can Do Use the General screen (Section 24.4 on page 301) to select how you want to use your NBG-460N depending on how you connect to the Internet.
Chapter 24 Sys Op Mode Router A router connects your local network with another network, such as the Internet. The router has two IP addresses, the LAN IP address and the WAN IP address. Figure 183 LAN and WAN IP Addresses in Router Mode LAN WAN Internet WAN IP LAN IP AP An AP extends one network and so has just one IP address. All Ethernet ports on the AP have the same IP address. To connect to the Internet, another device, such as a router, is required.
Chapter 24 Sys Op Mode 24.4 General Screen Use this screen to select how you want to use your NBG-460N depending on how you connect to the Internet. Figure 185 Maintenance > Sys OP Mode > General If you select Router Mode, the following pop-up message window appears. Figure 186 Maintenance > Sys Op Mode > General: Router • In this mode there are both LAN and WAN ports. The LAN Ethernet and WAN Ethernet ports have different IP addresses.
Chapter 24 Sys Op Mode • The DHCP server on your device is disabled. In AP mode there must be a device with a DHCP server on your network such as a router or gateway which can allocate IP addresses. The IP address of the device on the local network is set to 192.168.1.1. The following table describes the labels in the General screen.
CHAPTER 25 Language 25.1 Language Screen Use this screen to change the language for the Web Configurator. Click the language you prefer. The Web Configurator language changes after a while without restarting the NBG-460N.
Chapter 25 Language 304 NBG-460N User’s Guide
CHAPTER 26 Troubleshooting This chapter offers some suggestions to solve problems you might encounter. The potential problems are divided into the following categories. • Power, Hardware Connections, and LEDs • NBG-460N Access and Login • Internet Access • Resetting the NBG-460N to Its Factory Defaults • Wireless Router/AP Troubleshooting • Advanced Features 26.1 Power, Hardware Connections, and LEDs The NBG-460N does not turn on. None of the LEDs turn on.
Chapter 26 Troubleshooting 2 Check the hardware connections. See the Quick Start Guide. 3 Inspect your cables for damage. Contact the vendor to replace any damaged cables. 4 Disconnect and re-connect the power adaptor to the NBG-460N. 5 If the problem continues, contact the vendor. 26.2 NBG-460N Access and Login I don’t know the IP address of my NBG-460N. 1 The default IP address is 192.168.1.1.
Chapter 26 Troubleshooting 1 The default password is 1234. 2 If this does not work, you have to reset the device to its factory defaults. See Section 26.4 on page 310. I cannot see or access the Login screen in the Web Configurator. 1 Make sure you are using the correct IP address. • The default IP address is 192.168.1.1. • If you changed the IP address (Section 7.3 on page 102), use the new IP address.
Chapter 26 Troubleshooting I can see the Login screen, but I cannot log in to the NBG-460N. 1 Make sure you have entered the password correctly. The default password is 1234. This field is case-sensitive, so make sure [Caps Lock] is not on. 2 You cannot log in to the Web Configurator while someone is using Telnet to access the NBG-460N. Log out of the NBG-460N in the other session, or ask the person who is logged in to log out.
Chapter 26 Troubleshooting 2 Make sure you entered your ISP account information correctly in the wizard. These fields are case-sensitive, so make sure [Caps Lock] is not on. 3 If you are trying to access the Internet wirelessly, make sure the wireless settings in the wireless client are the same as the settings in the AP. • Go to Network > Wireless LAN > WDS and check if the NBG-460N is set to bridge mode. Select Disable and try to connect to the Internet again.
Chapter 26 Troubleshooting 3 Reboot the NBG-460N. 4 If the problem continues, contact the network administrator or vendor, or try one of the advanced suggestions. Advanced Suggestions • Check the settings for bandwidth management. If it is disabled, you might consider activating it. If it is enabled, you might consider changing the allocations. • Check the settings for QoS. If it is disabled, you might consider activating it.
Chapter 26 Troubleshooting 26.5 Wireless Router/AP Troubleshooting I cannot access the NBG-460N or ping any computer from the WLAN (wireless AP or router). 1 Make sure the wireless LAN is enabled on the NBG-460N 2 Make sure the wireless adapter on the wireless station is working properly. 3 Make sure the wireless adapter installed on your computer is IEEE 802.11 compatible and supports the same wireless standard as the NBG-460N.
Chapter 26 Troubleshooting 26.6 Advanced Features I can log in, but I cannot see some of the screens or fields in the Web Configurator. • You may be accessing the Web Configurator in Basic mode. Some screens and fields are available only in Advanced mode. Use the Maintenance > Config Mode screen to select Advanced mode. • You may be accessing the Web Configurator in AP Mode. Some screens and fields are available only in Router Mode. Use the Maintenance > Sys OP Mode screen to select Router Mode.
CHAPTER 27 Product Specifications and WallMounting Instructions The following tables summarize the NBG-460N’s hardware and firmware features. Table 118 Hardware Features Dimensions (W x D x H) 190 x 150 x 33 mm Weight 362g Power Specification Input: 120~240 AC, 50~60 Hz Output: 18 V DC 1A Ethernet ports Auto-negotiating: 10 Mbps, 100 Mbps or 1000Mbps in either halfduplex or full-duplex mode. Auto-crossover: Use either crossover or straight-through Ethernet cables.
Chapter 27 Product Specifications and Wall-Mounting Instructions Table 118 Hardware Features Distance between the centers of the holes on the device’s back. 137 mm Screw size for wallmounting M4 Tap Screw Table 119 Firmware Features FEATURE DESCRIPTION Default IP Address 192.168.1.1 Default Subnet Mask 255.255.255.0 (24 bits) Default Password 1234 DHCP Pool 192.168.1.33 to 192.168.1.
Chapter 27 Product Specifications and Wall-Mounting Instructions Table 119 Firmware Features FEATURE DESCRIPTION Firewall You can configure firewall on the NBG-460N for secure Internet access. When the firewall is on, by default, all incoming traffic from the Internet to your network is blocked unless it is initiated from your network. This means that probes from the outside to your network are not allowed, but you can safely browse the Internet and download files for example.
Chapter 27 Product Specifications and Wall-Mounting Instructions Table 119 Firmware Features FEATURE DESCRIPTION PPTP Encapsulation Point-to-Point Tunneling Protocol (PPTP) enables secure transfer of data through a Virtual Private Network (VPN). The NBG-460N supports one PPTP connection at a time. Universal Plug and Play (UPnP) The NBG-460N can communicate with other UPnP enabled devices in a network.
Chapter 27 Product Specifications and Wall-Mounting Instructions Table 121 Standards Supported (continued) STANDARD DESCRIPTION IEEE 802.11x Port Based Network Access Control. IEEE 802.11e QoS IEEE 802.11 e Wireless LAN for Quality of Service Microsoft PPTP MS PPTP (Microsoft's implementation of Point to Point Tunneling Protocol) MBM v2 Media Bandwidth Management v2 Wall-mounting Instructions Do the following to hang your NBG-460N on a wall.
Chapter 27 Product Specifications and Wall-Mounting Instructions The following are dimensions of an M4 tap screw and masonry plug used for wall mounting. All measurements are in millimeters (mm).
P ART VI Appendices and Index Pop-up Windows, JavaScripts and Java Permissions (321) IP Addresses and Subnetting (329) Setting up Your Computer’s IP Address (339) Wireless LANs (357) Services (369) Legal Information (373) Index (377) 319
APPENDIX A Pop-up Windows, JavaScripts and Java Permissions In order to use the Web Configurator you need to allow: • Web browser pop-up windows from your device. • JavaScripts (enabled by default). • Java permissions (enabled by default). Note: Internet Explorer 6 screens are used here. Screens for other Internet Explorer versions may vary. Internet Explorer Pop-up Blockers You may have to disable pop-up blocking to log into your device.
Appendix A Pop-up Windows, JavaScripts and Java Permissions 1 In Internet Explorer, select Tools, Internet Options, Privacy. 2 Clear the Block pop-ups check box in the Pop-up Blocker section of the screen. This disables any web pop-up blockers you may have enabled. Figure 192 Internet Options: Privacy 3 Click Apply to save this setting. Enable pop-up Blockers with Exceptions Alternatively, if you only want to allow pop-up windows from your device, see the following steps.
Appendix A Pop-up Windows, JavaScripts and Java Permissions 2 Select Settings…to open the Pop-up Blocker Settings screen. Figure 193 Internet Options: Privacy 3 Type the IP address of your device (the web page that you do not want to have blocked) with the prefix “http://”. For example, http://192.168.167.1.
Appendix A Pop-up Windows, JavaScripts and Java Permissions 4 Click Add to move the IP address to the list of Allowed sites. Figure 194 Pop-up Blocker Settings 5 Click Close to return to the Privacy screen. 6 Click Apply to save this setting. JavaScripts If pages of the Web Configurator do not display properly in Internet Explorer, check that JavaScripts are allowed.
Appendix A Pop-up Windows, JavaScripts and Java Permissions 1 In Internet Explorer, click Tools, Internet Options and then the Security tab. Figure 195 Internet Options: Security 2 Click the Custom Level... button. 3 Scroll down to Scripting. 4 Under Active scripting make sure that Enable is selected (the default). 5 Under Scripting of Java applets make sure that Enable is selected (the default).
Appendix A Pop-up Windows, JavaScripts and Java Permissions 6 Click OK to close the window. Figure 196 Security Settings - Java Scripting Java Permissions 326 1 From Internet Explorer, click Tools, Internet Options and then the Security tab. 2 Click the Custom Level... button. 3 Scroll down to Microsoft VM. 4 Under Java permissions make sure that a safety level is selected.
Appendix A Pop-up Windows, JavaScripts and Java Permissions 5 Click OK to close the window. Figure 197 Security Settings - Java JAVA (Sun) 1 From Internet Explorer, click Tools, Internet Options and then the Advanced tab. 2 Make sure that Use Java 2 for
Appendix A Pop-up Windows, JavaScripts and Java Permissions 3 Click OK to close the window.
APPENDIX B IP Addresses and Subnetting This appendix introduces IP addresses and subnet masks. IP addresses identify individual devices on a network. Every networking device (including computers, servers, routers, printers, etc.) needs an IP address to communicate across the network. These networking devices are also known as hosts. Subnet masks determine the maximum number of possible hosts on a network. You can also use subnet masks to divide one network into multiple sub-networks.
Appendix B IP Addresses and Subnetting The following figure shows an example IP address in which the first three octets (192.168.1) are the network number, and the fourth octet (16) is the host ID. Figure 199 Network Number and Host ID How much of the IP address is the network number and how much is the host ID varies according to the subnet mask.
Appendix B IP Addresses and Subnetting Table 122 Subnet Mask - Identifying Network Number Network Number 1ST OCTET: 2ND OCTET: 3RD OCTET: 4TH OCTET (192) (168) (1) (2) 11000000 10101000 00000001 Host ID 00000010 By convention, subnet masks always consist of a continuous sequence of ones beginning from the leftmost bit of the mask, followed by a continuous sequence of zeros, for a total number of 32 bits.
Appendix B IP Addresses and Subnetting As these two IP addresses cannot be used for individual hosts, calculate the maximum number of possible hosts in a network as follows: Table 124 Maximum Host Numbers SUBNET MASK HOST ID SIZE 8 bits 24 bits 255.0.0.0 16 bits 255.255.0.0 24 bits 255.255.255.0 29 bits 255.255.255.
Appendix B IP Addresses and Subnetting Subnetting You can use subnetting to divide one network into multiple sub-networks. In the following example a network administrator creates two sub-networks to isolate a group of servers from the rest of the company network for security reasons. In this example, the company network address is 192.168.1.0. The first three octets of the address (192.168.
Appendix B IP Addresses and Subnetting The following figure shows the company network after subnetting. There are now two sub-networks, A and B. Figure 201 Subnetting Example: After Subnetting In a 25-bit subnet the host ID has 7 bits, so each sub-network has a maximum of 27 – 2 or 126 possible hosts (a host ID of all zeroes is the subnet’s address itself, all ones is the subnet’s broadcast address). 192.168.1.0 with mask 255.255.255.128 is subnet A itself, and 192.168.1.127 with mask 255.255.255.
Appendix B IP Addresses and Subnetting Each subnet contains 6 host ID bits, giving 26 - 2 or 62 hosts for each subnet (a host ID of all zeroes is the subnet itself, all ones is the subnet’s broadcast address). Table 126 Subnet 1 IP/SUBNET MASK NETWORK NUMBER LAST OCTET BIT VALUE IP Address (Decimal) 192.168.1. 0 IP Address (Binary) 11000000.10101000.00000001. 00000000 Subnet Mask (Binary) 11111111.11111111.11111111. 11000000 Subnet Address: 192.168.1.0 Lowest Host ID: 192.168.1.
Appendix B IP Addresses and Subnetting Table 129 Subnet 4 (continued) LAST OCTET BIT VALUE IP/SUBNET MASK NETWORK NUMBER Subnet Address: 192.168.1.192 Lowest Host ID: 192.168.1.193 Broadcast Address: 192.168.1.255 Highest Host ID: 192.168.1.254 Example: Eight Subnets Similarly, use a 27-bit mask to create eight subnets (000, 001, 010, 011, 100, 101, 110 and 111). The following table shows IP address last octet values for each subnet.
Appendix B IP Addresses and Subnetting The following table is a summary for subnet planning on a network with a 16-bit network number. Table 132 16-bit Network Number Subnet Planning NO. “BORROWED” HOST BITS SUBNET MASK NO. SUBNETS NO. HOSTS PER SUBNET 1 255.255.128.0 (/17) 2 32766 2 255.255.192.0 (/18) 4 16382 3 255.255.224.0 (/19) 8 8190 4 255.255.240.0 (/20) 16 4094 5 255.255.248.0 (/21) 32 2046 6 255.255.252.0 (/22) 64 1022 7 255.255.254.0 (/23) 128 510 8 255.255.255.
Appendix B IP Addresses and Subnetting that you entered. You don't need to change the subnet mask computed by the NBG-460N unless you are instructed to do otherwise. Private IP Addresses Every machine on the Internet must have a unique address. If your networks are isolated from the Internet (running only between two branch offices, for example) you can assign any IP addresses to the hosts without problems.
APPENDIX C Setting up Your Computer’s IP Address All computers must have a 10M or 100M Ethernet adapter card and TCP/IP installed. Windows 95/98/Me/NT/2000/XP, Macintosh OS 7 and later operating systems and all versions of UNIX/LINUX include the software components you need to install and use TCP/IP on your computer. Windows 3.1 requires the purchase of a thirdparty TCP/IP application package.
Appendix C Setting up Your Computer’s IP Address Windows 95/98/Me Click Start, Settings, Control Panel and double-click the Network icon to open the Network window. Figure 202 WIndows 95/98/Me: Network: Configuration Installing Components The Network window Configuration tab displays a list of installed components. You need a network adapter, the TCP/IP protocol and Client for Microsoft Networks. If you need the adapter: 1 In the Network window, click Add. 2 Select Adapter and then click Add.
Appendix C Setting up Your Computer’s IP Address 3 Select Microsoft from the list of manufacturers. 4 Select TCP/IP from the list of network protocols and then click OK. If you need Client for Microsoft Networks: 1 Click Add. 2 Select Client and then click Add. 3 Select Microsoft from the list of manufacturers. 4 Select Client for Microsoft Networks from the list of network clients and then click OK. 5 Restart your computer so the changes you made take effect.
Appendix C Setting up Your Computer’s IP Address 3 Click the DNS Configuration tab. • If you do not know your DNS information, select Disable DNS. • If you know your DNS information, select Enable DNS and type the information in the fields below (you may not need to fill them all in). Figure 204 Windows 95/98/Me: TCP/IP Properties: DNS Configuration 4 Click the Gateway tab. • If you do not know your gateway’s IP address, remove previously installed gateways.
Appendix C Setting up Your Computer’s IP Address 3 Select your network adapter. You should see your computer's IP address, subnet mask and default gateway. Windows 2000/NT/XP The following example figures use the default Windows XP GUI theme. 1 Click start (Start in Windows 2000/NT), Settings, Control Panel.
Appendix C Setting up Your Computer’s IP Address 2 In the Control Panel, double-click Network Connections (Network and Dialup Connections in Windows 2000/NT). Figure 206 Windows XP: Control Panel 3 Right-click Local Area Connection and then click Properties.
Appendix C Setting up Your Computer’s IP Address 4 Select Internet Protocol (TCP/IP) (under the General tab in Win XP) and then click Properties. Figure 208 Windows XP: Local Area Connection Properties 5 The Internet Protocol TCP/IP Properties window opens (the General tab in Windows XP). • If you have a dynamic IP address click Obtain an IP address automatically. • If you have a static IP address click Use the following IP Address and fill in the IP address, Subnet mask, and Default gateway fields.
Appendix C Setting up Your Computer’s IP Address • Click Advanced. Figure 209 Windows XP: Internet Protocol (TCP/IP) Properties 6 If you do not know your gateway's IP address, remove any previously installed gateways in the IP Settings tab and click OK. Do one or more of the following if you want to configure additional IP addresses: • In the IP Settings tab, in IP addresses, click Add. • In TCP/IP Address, type an IP address in IP address and a subnet mask in Subnet mask, and then click Add.
Appendix C Setting up Your Computer’s IP Address • Click OK when finished. Figure 210 Windows XP: Advanced TCP/IP Properties 7 In the Internet Protocol TCP/IP Properties window (the General tab in Windows XP): • Click Obtain DNS server address automatically if you do not know your DNS server IP address(es). • If you know your DNS server IP address(es), click Use the following DNS server addresses, and type them in the Preferred DNS server and Alternate DNS server fields.
Appendix C Setting up Your Computer’s IP Address If you have previously configured DNS servers, click Advanced and then the DNS tab to order them. Figure 211 Windows XP: Internet Protocol (TCP/IP) Properties 8 Click OK to close the Internet Protocol (TCP/IP) Properties window. 9 Click Close (OK in Windows 2000/NT) to close the Local Area Connection Properties window. 10 Close the Network Connections window (Network and Dial-up Connections in Windows 2000/NT).
Appendix C Setting up Your Computer’s IP Address Macintosh OS 8/9 1 Click the Apple menu, Control Panel and double-click TCP/IP to open the TCP/ IP Control Panel.
Appendix C Setting up Your Computer’s IP Address 2 Select Ethernet built-in from the Connect via list. Figure 213 Macintosh OS 8/9: TCP/IP 3 For dynamically assigned settings, select Using DHCP Server from the Configure: list. 4 For statically assigned settings, do the following: • From the Configure box, select Manually. • Type your IP address in the IP Address box. • Type your subnet mask in the Subnet mask box. • Type the IP address of your Prestige in the Router address box.
Appendix C Setting up Your Computer’s IP Address Macintosh OS X 1 Click the Apple menu, and click System Preferences to open the System Preferences window. Figure 214 Macintosh OS X: Apple Menu 2 Click Network in the icon bar. • Select Automatic from the Location list. • Select Built-in Ethernet from the Show list. • Click the TCP/IP tab. 3 For dynamically assigned settings, select Using DHCP from the Configure list.
Appendix C Setting up Your Computer’s IP Address 4 For statically assigned settings, do the following: • From the Configure box, select Manually. • Type your IP address in the IP Address box. • Type your subnet mask in the Subnet mask box. • Type the IP address of your Prestige in the Router address box. 5 Click Apply Now and close the window. 6 Turn on your Prestige and restart your computer (if prompted). Verifying Settings Check your TCP/IP properties in the Network window.
Appendix C Setting up Your Computer’s IP Address 2 Double-click on the profile of the network card you wish to configure. The Ethernet Device General screen displays as shown. Figure 217 Red Hat 9.0: KDE: Ethernet Device: General • If you have a dynamic IP address click Automatically obtain IP address settings with and select dhcp from the drop down list. • If you have a static IP address click Statically set IP Addresses and fill in the Address, Subnet mask, and Default Gateway Address fields.
Appendix C Setting up Your Computer’s IP Address 5 Click the Devices tab. 6 Click the Activate button to apply the changes. The following screen displays. Click Yes to save the changes in all screens. Figure 219 Red Hat 9.0: KDE: Network Configuration: Activate 7 After the network card restart process is complete, make sure the Status is Active in the Network Configuration screen.
Appendix C Setting up Your Computer’s IP Address • If you have a static IP address, enter static in the BOOTPROTO= field. Type IPADDR= followed by the IP address (in dotted decimal notation) and type NETMASK= followed by the subnet mask. The following example shows an example where the static IP address is 192.168.1.10 and the subnet mask is 255.255.255.0. Figure 221 Red Hat 9.0: Static IP Address Setting in ifconfig-eth0 DEVICE=eth0 ONBOOT=yes BOOTPROTO=static IPADDR=192.168.1.10 NETMASK=255.255.255.
Appendix C Setting up Your Computer’s IP Address 27.0.1 Verifying Settings Enter ifconfig in a terminal screen to check your TCP/IP properties. Figure 224 Red Hat 9.0: Checking TCP/IP Properties [root@localhost]# ifconfig eth0 Link encap:Ethernet HWaddr 00:50:BA:72:5B:44 inet addr:172.23.19.129 Bcast:172.23.19.255 Mask:255.255.255.
APPENDIX D Wireless LANs Wireless LAN Topologies This section discusses ad-hoc and infrastructure wireless LAN topologies. Ad-hoc Wireless LAN Configuration The simplest WLAN configuration is an independent (Ad-hoc) WLAN that connects a set of computers with wireless stations (A, B, C). Any time two or more wireless adapters are within range of each other, they can set up an independent network, which is commonly referred to as an Ad-hoc network or Independent Basic Service Set (IBSS).
Appendix D Wireless LANs with each other. When Intra-BSS is disabled, wireless station A and B can still access the wired network but cannot communicate with each other. Figure 226 Basic Service Set ESS An Extended Service Set (ESS) consists of a series of overlapping BSSs, each containing an access point, with each access point connected together by a wired network. This wired connection between APs is called a Distribution System (DS). This type of wireless LAN topology is called an Infrastructure WLAN.
Appendix D Wireless LANs An ESSID (ESS IDentification) uniquely identifies each ESS. All access points and their associated wireless stations within the same ESS must have the same ESSID in order to communicate. Figure 227 Infrastructure WLAN Channel A channel is the radio frequency(ies) used by IEEE 802.11a/b/g wireless devices. Channels available depend on your geographical area.
Appendix D Wireless LANs wireless gateway, but out-of-range of each other, so they cannot "hear" each other, that is they do not know if the channel is currently being used. Therefore, they are considered hidden from each other. Figure 228 RTS/CTS When station A sends data to the AP, it might not know that the station B is already using the channel.
Appendix D Wireless LANs Fragmentation Threshold A Fragmentation Threshold is the maximum data fragment size (between 256 and 2432 bytes) that can be sent in the wireless network before the AP will fragment the packet into smaller data frames. A large Fragmentation Threshold is recommended for networks not prone to interference while you should set a smaller threshold for busy networks or networks that are prone to interference.
Appendix D Wireless LANs several intermediate rate steps between the maximum and minimum data rates. The IEEE 802.11g data rate and modulation are as follows: Table 133 IEEE 802.11g DATA RATE (MBPS) MODULATION 1 DBPSK (Differential Binary Phase Shift Keyed) 2 DQPSK (Differential Quadrature Phase Shift Keying) 5.5 / 11 CCK (Complementary Code Keying) 6/9/12/18/24/36/ 48/54 OFDM (Orthogonal Frequency Division Multiplexing) IEEE 802.1x In June 2001, the IEEE 802.
Appendix D Wireless LANs Types of RADIUS Messages The following types of RADIUS messages are exchanged between the access point and the RADIUS server for user authentication: • Access-Request Sent by an access point requesting authentication. • Access-Reject Sent by a RADIUS server rejecting access. • Access-Accept Sent by a RADIUS server allowing access. • Access-Challenge Sent by a RADIUS server requesting more information in order to allow access.
Appendix D Wireless LANs However, MD5 authentication has some weaknesses. Since the authentication server needs to get the plaintext passwords, the passwords must be stored. Thus someone other than the authentication server may access the password file. In addition, it is possible to impersonate an authentication server as MD5 authentication method does not perform mutual authentication. Finally, MD5 authentication method does not support data encryption with dynamic session key.
Appendix D Wireless LANs If this feature is enabled, it is not necessary to configure a default encryption key in the Wireless screen. You may still configure and store keys here, but they will not be used while Dynamic WEP is enabled. Note: EAP-MD5 cannot be used with dynamic WEP key exchange For added security, certificate-based authentications (EAP-TLS, EAP-TTLS and PEAP) use dynamic keys for data encryption.
Appendix D Wireless LANs TKIP regularly changes and rotates the encryption keys so that the same encryption key is never used twice. The RADIUS server distributes a Pairwise Master Key (PMK) key to the AP that then sets up a key hierarchy and management system, using the pair-wise key to dynamically generate unique data encryption keys to encrypt every data packet that is wirelessly communicated between the AP and the wireless clients. This all happens in the background automatically.
Appendix D Wireless LANs 27.0.2 WPA(2)-PSK Application Example A WPA(2)-PSK application looks as follows. 1 First enter identical passwords into the AP and all wireless clients. The Pre-Shared Key (PSK) must consist of between 8 and 63 ASCII characters (including spaces and symbols). 2 The AP checks each wireless client's password and (only) allows it to join the network if the password matches. 3 The AP derives and distributes keys to the wireless clients.
Appendix D Wireless LANs Security Parameters Summary Refer to this table to see what other security parameters you should configure for each Authentication Method/ key management protocol type. MAC address filters are not dependent on how you configure these security features. Table 135 Wireless Security Relational Matrix AUTHENTICATION METHOD/ KEY MANAGEMENT PROTOCOL ENCRYPTIO ENTER IEEE 802.
APPENDIX E Services The following table lists some commonly-used services and their associated protocols and port numbers. • Name: This is a short, descriptive name for the service. You can use this one or create a different one, if you like. • Protocol: This is the type of IP protocol used by the service. If this is TCP/ UDP, then the service uses the same port number with TCP and UDP. If this is User-Defined, the Port(s) is the IP protocol number, not the port number.
Appendix E Services Table 136 Examples of Services 370 NAME PROTOCOL PORT(S) DESCRIPTION AH (IPSEC_TUNNEL) User-Defined 51 The IPSEC AH (Authentication Header) tunneling protocol uses this service. AIM TCP 5190 AOL’s Internet Messenger service. AUTH TCP 113 Authentication protocol used by some servers. BGP TCP 179 Border Gateway Protocol. BOOTP_CLIENT UDP 68 DHCP Client. BOOTP_SERVER UDP 67 DHCP Server.
Appendix E Services Table 136 Examples of Services (continued) NAME PROTOCOL PORT(S) DESCRIPTION MSN Messenger TCP 1863 Microsoft Networks’ messenger service uses this protocol. NetBIOS TCP/UDP 137 TCP/UDP 138 The Network Basic Input/Output System is used for communication between computers in a LAN. TCP/UDP 139 TCP/UDP 445 NEW-ICQ TCP 5190 An Internet chat program. NEWS TCP 144 A protocol for news groups.
Appendix E Services Table 136 Examples of Services (continued) 372 NAME PROTOCOL PORT(S) DESCRIPTION SFTP TCP 115 The Simple File Transfer Protocol is an old way of transferring files between computers. SMTP TCP 25 Simple Mail Transfer Protocol is the message-exchange standard for the Internet. SMTP enables you to move messages from one e-mail server to another. SMTPS TCP 465 This is a more secure version of SMTP that runs over SSL. SNMP TCP/UDP 161 Simple Network Management Program.
APPENDIX F Legal Information Copyright Copyright © 2009 by ZyXEL Communications Corporation. The contents of this publication may not be reproduced in any part or as a whole, transcribed, stored in a retrieval system, translated into any language, or transmitted in any form or by any means, electronic, mechanical, magnetic, optical, chemical, photocopying, manual, or otherwise, without the prior written permission of ZyXEL Communications Corporation. Published by ZyXEL Communications Corporation.
Appendix F Legal Information • This device must accept any interference received, including interference that may cause undesired operations. This device has been tested and found to comply with the limits for a Class B digital device pursuant to Part 15 of the FCC Rules. These limits are designed to provide reasonable protection against harmful interference in a residential installation.
Appendix F Legal Information 有干擾現象時,應立即停用,並改善至無干擾時方得繼續使用。 前項合法通信,指依電信規定作業之無線電信。低功率射頻電機須忍 受合法通信或工業、科學及醫療用電波輻射性電機設備之干擾。 本機限在不干擾合法電臺與不受被干擾保障條件下於室內使用。 減少電磁波影響,請妥適使用。 Notices Changes or modifications not expressly approved by the party responsible for compliance could void the user's authority to operate the equipment. This device has been designed for the WLAN 2.4 GHz network throughout the EC region and Switzerland, with restrictions in France. This Class B digital apparatus complies with Canadian ICES-003.
Appendix F Legal Information Note Repair or replacement, as provided under this warranty, is the exclusive remedy of the purchaser. This warranty is in lieu of all other warranties, express or implied, including any implied warranty of merchantability or fitness for a particular use or purpose. ZyXEL shall in no event be held liable for indirect or consequential damages of any kind to the purchaser. To obtain the services of this warranty, contact your vendor.
Index Index A monitor 242 overview 235 priority 245 services 243 active protocol 224 AH 224 and encapsulation 224 ESP 224 Bandwidth management monitor 43 ActiveX 191 BitTorrent 244 Address Assignment 134 Bridge 26 address resolution protocol (ARP) 155 Bridge loops 27 AH 224 and transport mode 225 Bridge/Repeater 23 Alert 269 BSS 357 Basic wireless security 53 bridged APs, security 26 alternative subnet mask notation 332 any IP note 154 AP 23 C AP (Access Point) 359 CA 364 AP + Bridge 25
Index D Daylight saving 266 DDNS 173 see also Dynamic DNS service providers 174 DHCP 44, 157 DHCP server see also Dynamic Host Configuration Protocol DHCP client information 160 DHCP client list 160 DHCP server 150, 157 DHCP table 44, 160 DHCP client information DHCP status Diffie-Hellman key group 220 Perfect Forward Secrecy (PFS) 225 Dimensions 313 encapsulation and active protocol 224 transport mode 224 tunnel mode 224 VPN 224 Encryption 365 encryption 100 and local (user) database 100 key 101 WPA comp
Index H IP address 60 dynamic Hidden Node 359 IP alias 151 HTTP 243 IP Pool 158 Hyper Text Transfer Protocol 243 IPSec 195 I IANA 338 IBSS 357 IEEE 802.
Index local (user) database 99 and encryption 100 see also Network Basic Input/Output System 138 Local Area Network 149 Network Address Translation 163, 164 Log 270 Network Basic Input/Output System 153 M O MAC 109 Operating Channel 39, 89 MAC address 99, 135 cloning 62, 135 operating mode 23 MAC address filter 99 MAC address filtering 109 MAC filter 109 P managing the device good habits 30 using FTP. See FTP. using Telnet. See command interface. using the command interface.
Index Q S QoS 123 QoS priorities 124 SA life time 225 Quality of Service (QoS) 111 safety warnings 7 Scheduling 116 security associations. See VPN. R Security Parameters 368 RADIUS 362 Shared Secret Key 363 Service Set 101 RADIUS Message Types 363 Service Set IDentity. See SSID.
Index T security associations (SA) 196 VPN. See also IKE SA, IPSec SA.
Index type 98 wireless security 311 Wireless tutorial 67, 87 WPS 67 Wizard setup 49 Bandwidth management 63 complete 65 Internet connection 55 system information 50 wireless LAN 52 WLAN Interference 359 Security Parameters 368 WMM 123 WMM priorities 124 WoL. See Wake On LAN.
Index 384 NBG-460N User’s Guide
