NBG5715 Simultaneous Dual-Band Wireless N Media Router Default Login Details IP Address http://192.168.1.1 Password 1234 Firmware Version 1.0 Edition 1, 3/2011 www.zyxel.com www.zyxel.
About This User's Guide About This User's Guide Intended Audience This manual is intended for people who want to configure the NBG5715 using the Web Configurator. You should have at least a basic knowledge of TCP/IP networking concepts and topology. Tips for Reading User’s Guides On-Screen When reading a ZyXEL User’s Guide On-Screen, keep the following in mind: • If you don’t already have the latest version of Adobe Reader, you can download it from http:// www.adobe.com.
About This User's Guide Need More Help? More help is available at www.zyxel.com. • Download Library Search for the latest product updates and documentation from this link. Read the Tech Doc Overview to find out how to efficiently use the User Guide, Quick Start Guide and Command Line Interface Reference Guide in order to better understand how to use your product. • Knowledge Base If you have a specific question about your product, the answer may be here.
Document Conventions Document Conventions Warnings and Notes These are how warnings and notes are shown in this User’s Guide. Warnings tell you about things that could harm you or your device. Note: Notes tell you other important information (for example, other things you may need to configure or helpful tips) or recommendations. Syntax Conventions • The NBG5715 may be referred to as the “NBG5715”, the “device”, the “product” or the “system” in this User’s Guide.
Document Conventions Icons Used in Figures Figures in this User’s Guide may use the following generic icons. The NBG5715 icon is not an exact representation of your device.
Safety Warnings Safety Warnings • • • • • • • • • • • • • • • • • • • • Do NOT use this product near water, for example, in a wet basement or near a swimming pool. Do NOT expose your device to dampness, dust or corrosive liquids. Do NOT store things on the device. Do NOT install, use, or service this device during a thunderstorm. There is a remote risk of electric shock from lightning. Connect ONLY suitable accessories to the device. Do NOT open the device or unit.
Safety Warnings 8 NBG5715 User’s Guide
Contents Overview Contents Overview User’s Guide ........................................................................................................................... 19 Introduction ................................................................................................................................21 The WPS Button ........................................................................................................................25 ZyXEL NetUSB Share Center Utility ...................
Contents Overview 10 NBG5715 User’s Guide
Table of Contents Table of Contents About This User's Guide .......................................................................................................... 3 Document Conventions ........................................................................................................... 5 Safety Warnings........................................................................................................................ 7 Contents Overview .......................................................
Table of Contents 4.2 Accessing the Web Configurator ..........................................................................................33 4.2.1 Login Screen ..............................................................................................................33 4.2.2 Weather Edit ...............................................................................................................34 4.2.3 Time/Date Edit ...............................................................................
Table of Contents 8.2.1 Navigation Panel ........................................................................................................58 Chapter 9 Tutorials ................................................................................................................................... 61 9.1 Overview ..............................................................................................................................61 9.2 Set Up a Wireless Network with WPS ..........................
Table of Contents 11.9 The Scheduling Screen ......................................................................................................93 Chapter 12 LAN .......................................................................................................................................... 95 12.1 Overview ............................................................................................................................95 12.2 What You Can Do in this Chapter .........................
Table of Contents Chapter 16 Static Route ........................................................................................................................... 115 16.1 Overview ....................................................................................................................... 115 16.2 The Static Route Screen ................................................................................................. 115 16.2.1 Add/Edit Static Route .........................................
Table of Contents 19.4 General Screen ...............................................................................................................148 19.5 Advance Screen ..............................................................................................................148 19.5.1 Rule Configuration: User Defined Service Rule Configuration ............................151 Chapter 20 Remote Management...............................................................................................
Table of Contents 23.6 Wireless Router Troubleshooting .....................................................................................175 23.7 USB Device Problems ......................................................................................................176 23.8 ZyXEL NetUSB Share Center Utility Problems ................................................................177 Appendix A Product Specifications .....................................................................................
Table of Contents 18 NBG5715 User’s Guide
P ART I User’s Guide 19
CHAPTER 1 Introduction 1.1 Overview This chapter introduces the main features and applications of the NBG5715. The NBG5715 extends the range of your existing wired network without additional wiring, providing easy network access to mobile users. You can set up a wireless network with other IEEE 802.11a/b/ g/n compatible devices. The NBG5715 is able to function both 2.4G and 5G network at the same time.
Chapter 1 Introduction Note: For the USB function, it is strongly recommended to use version 2.0 or lower USB storage devices (such as memory sticks, USB hard drives) and/or USB devices (such as USB printers). Other USB products are not guaranteed to function properly with the NBG5715. Note: Be sure to install the ZyXEL NetUSBTM Share Center Utility (for NetUSB functionality) from the included disc, or download the latest version from the zyxel.com website. See Chapter 3 on page 26 for more information.
Chapter 1 Introduction • Back up the configuration (and make sure you know how to restore it). Restoring an earlier working configuration may be useful if the device becomes unstable or even crashes. If you forget your password, you will have to reset the NBG5715 to its factory default settings. If you backed up an earlier configuration file, you would not have to totally re-configure the NBG5715. You could simply restore your last configuration. 1.
Chapter 1 Introduction Figure 3 Front Panel Power Internet WAN WLAN 2.4G WLAN 5G WPS Button USB 1-2 LAN 1-4 WPS The following table describes the LEDs and the WPS button. Table 1 Front panel LEDs and WPS button LED STATUS WPS Button Press this button for 1 second to set up a wireless connection via WiFi Protected Setup with another WPS-enabled client. You must press the WPS button on the client side within 120 seconds for a successful connection.
CHAPTER 2 The WPS Button 2.1 Overview Your NBG5715 supports WiFi Protected Setup (WPS), which is an easy way to set up a secure wireless network. WPS is an industry standard specification, defined by the WiFi Alliance. WPS allows you to quickly set up a wireless network with strong security, without having to configure security settings manually. Each WPS connection works between two devices. Both devices must support WPS (check each device’s documentation to make sure).
CHAPTER 3 ZyXEL NetUSB Share Center Utility 3.1 Overview The ZyXEL NetUSB Share Center Utility allows you to work with the USB devices that are connected directly to the NBG5715 as if they are connected directly to your computer.
Chapter 3 ZyXEL NetUSB Share Center Utility Note: The following operating systems are supported: Windows XP/Vista/7 (32 and 64-bit versions). 3 To open the ZyXEL NetUSB Share Center Utility, double-click its system tray icon. 3.2 The ZyXEL NetUSB Share Center Utility This section describes the ZyXEL NetUSB Share Center Utility main window. Figure 5 ZyXEL NetUSB Share Center Utility Main Window The following table describes the icons in this window.
Chapter 3 ZyXEL NetUSB Share Center Utility Table 2 ZyXEL NetUSB Share Center Utility Main Window Icons (continued) ICON DESCRIPTION Request to Connect Some USB devices may not allow automatic connections over the network. If so, select the device in question and click this button to issue a request to connect to it. Network Scanner Click this to open the scanner options on your computer for working with a scanner connected to the network. 3.2.1 The Menus This section describes the utility’s menus.
Chapter 3 ZyXEL NetUSB Share Center Utility 3.2.2 The Share Center Configuration Window This section describes the utility’s configuration window, which allows you to set certain options for the utility. These options do not apply to the USB devices connected to the NBG5715. You can open it by clicking the Tools > Configuration menu command. Figure 7 ZyXEL NetUSB Share Center Utility Configuration Window The following table describes the labels in this window.
Chapter 3 ZyXEL NetUSB Share Center Utility The following table describes the labels in this screen. Table 5 ZyXEL NetUSB Share Center Utility Auto-Connect Printer List Window LABEL DESCRIPTION Server IP & Printer Name Displays a list of print server IPs and printer names connected to this NBG5715. Windows Printer Name Displays a corresponding list of Windows printer names connected to this devices listed in the other list. Delete Select an printer from the list and click this to remove it.
Chapter 3 ZyXEL NetUSB Share Center Utility 3 The device mounts on your system. 3.4 Automatically Connecting to a USB Printer This example shows you how to set your computer to automatically connect to a shared USB printer over your NBG5715 network each time you log into your computer. Makes sure that you have first installed the ZyXEL NetUSB Share Center Utility. 1 Connect a USB printer to the NBG5715.
Chapter 3 ZyXEL NetUSB Share Center Utility 32 NBG5715 User’s Guide
CHAPTER 4 Introducing the Web Configurator 4.1 Overview This chapter describes how to access the NBG5715 Web Configurator and provides an overview of its screens. The Web Configurator is an HTML-based management interface that allows easy setup and management of the NBG5715 via Internet browser. Use Internet Explorer 6.0 and later versions, Mozilla Firefox 3 and later versions, or Safari 2.0 and later versions. The recommended screen resolution is 1024 by 768 pixels.
Chapter 4 Introducing the Web Configurator The Web Configurator initially displays the following login screen. Figure 9 Login screen The following table describes the labels in this screen. Table 6 Login screen LABEL DESCRIPTION Language Select the language you want to use to configure the Web Configurator. Click Login. Password Type "1234" (default) as the password. This shows the current weather, either in celsius or fahrenheit, of the city you specify in Section 4.2.2 on page 34.
Chapter 4 Introducing the Web Configurator The following table describes the labels in this screen. Table 7 Change Weather LABEL DESCRIPTION o Choose which temperature unit you want the NBG5715 to display. o C or F Change Location Select the location for which you want to know the weather. If the city you want is not listed, choose one that is closest to it. Finish Click this to apply the settings and refresh the date and time display. 4.2.
Chapter 4 Introducing the Web Configurator 36 NBG5715 User’s Guide
CHAPTER 5 Monitor and Summary 5.1 Overview This chapter discusses read-only information related to the device state of the NBG5715. To access the Monitor screens, go to Expert Mode after login, then click . You can also click the Details links in the Summary table of the Status screen to view the bandwidth consumed, packets sent/received as well as the status of clients connected to the NBG5715. 5.
Chapter 5 Monitor and Summary 5.3 The Log Screen The Web Configurator allows you to look at all of the NBG5715’s logs in one location. 5.3.1 View Log Use the View Log screen to see the logged messages for the NBG5715. The log wraps around and deletes the old entries after it fills. Select what logs you want to see from the Display drop list. The log choices depend on your settings in the Log Settings screen. Click Refresh to renew the log screen. Click Clear to delete all the logs.
Chapter 5 Monitor and Summary information (including MAC Address, IP Address, and Expiration time) of all network clients using the NBG5715’s DHCP server. Figure 14 Summary: DHCP Table The following table describes the labels in this screen. Table 9 Summary: DHCP Table LABEL DESCRIPTION # This is the index number of the host computer. Status This field displays whether the connection to the host computer is up (a yellow bulb) or down (a gray bulb).
Chapter 5 Monitor and Summary 5.5 Packet Statistics Click Monitor > Packet Statistics or the Packet Statistics (Details...) hyperlink in the Status screen. Read-only information here includes port status, packet specific statistics and the "system up time". The Poll Interval(s) field is configurable and is used for refreshing the screen. Figure 15 Summary: Packet Statistics The following table describes the labels in this screen.
Chapter 5 Monitor and Summary 5.6 VPN Monitor Click Monitor > VPN Monitor or the VPN Monitor (Details...) hyperlink in the Status screen. This screen displays read-only information about the active VPN connections. Click the Refresh button to update the screen. A Security Association (SA) is the group of security settings related to a specific VPN tunnel. Figure 16 Summary: Security Associations The following table describes the labels in this screen.
Chapter 5 Monitor and Summary The following table describes the labels in this screen. Table 12 Summary: Wireless Association List 42 LABEL DESCRIPTION # This is the index number of an associated wireless station. MAC Address This field displays the MAC address of an associated wireless station. Association Time This field displays the time a wireless station first associated with the NBG5715’s WLAN network.
CHAPTER 6 NBG5715 Modes 6.1 Overview This chapter introduces the different modes available on your NBG5715. First, the term “mode” refers to two things in this User’s Guide. • Web Configurator mode. This refers to the Web Configurator interface you want to use for editing NBG5715 features. • Router mode: This is the device mode of the NBG5715. Use this mode to connect the local network to another network, like the Internet. Go to Section 8.2 on page 56 to view the Status screen in this mode. 6.1.
CHAPTER 7 Easy Mode 7.1 Overview The Web Configurator is set to Easy Mode by default. You can configure several key features of the NBG5715 in this mode. This mode is useful to users who are not fully familiar with some features that are usually intended for network administrators. When you log in to the Web Configurator, the following screen opens.
Chapter 7 Easy Mode Click Status to open the following screen. Figure 19 Easy Mode: Status Screen Navigation Panel Go to Network Map Screen Status Screen Control Panel 7.2 What You Can Do in this Chapter You can do the following in this mode: • Use this Navigation Panel to opt out of the Easy mode (Section 7.3 on page 45). • Use the Network Map screen to check if your NBG5715 can ping the gateway and whether it is connected to the Internet (Section 7.4 on page 46).
Chapter 7 Easy Mode The following table describes the labels in this screen. Table 13 Control Panel ITEM DESCRIPTION Home Click this to go to the Login page. Expert Mode Click this to change to Expert mode and customize features of the NBG5715. Logout Click this to end the Web Configurator session. 7.4 Network Map Note: The Network MAP is viewable by Windows XP (need to install patch), Windows Vista and Windows 7 users only.
Chapter 7 Easy Mode 7.5 Control Panel The features configurable in Easy Mode are shown in the Control Panel. Figure 22 Control Panel Switch ON to enable the feature. Otherwise, switch OFF. If the feature is turned on, the green light flashes. If it is turned off, the red light flashes. Additionally, click the feature to open a screen where you can edit its settings. The following table describes the labels in this screen.
Chapter 7 Easy Mode 7.5.1 Game Engine When this feature is enabled, the NBG5715 maximizes the bandwidth for gaming traffic that it forwards out through an interface. Figure 23 Game Engine Note: When this is switched on, the Game Console tab in the Bandwidth Mgmt screen is automatically positioned on top. Turn this off if your network is not using gaming. Click OK to close this screen. 7.5.
Chapter 7 Easy Mode The following table describes the labels in this screen. Table 15 Power Saving LABEL DESCRIPTION Wireless Radio Choose whether you want to apply the power saving schedule to 2.4G hz or 5G hz wireless radio. WLAN Status Select On or Off to specify whether the Wireless LAN is turned on or off (depending on what you selected in the WLAN Status field). This field works in conjunction with the Day and For the following times fields.
Chapter 7 Easy Mode The following table describes the labels in this screen. Table 16 Content Filter LABEL DESCRIPTION Add Click Add after you have typed a keyword. Repeat this procedure to add other keywords. Up to 64 keywords are allowed. Note: The NBG5715 does not recognize wildcard characters as keywords. When you try to access a web page containing a keyword, you will get a message telling you that the content filter is blocking this request.
Chapter 7 Easy Mode 7.5.5 Firewall Enable this feature to protect the network from Denial of Service (DoS) attacks. The NBG5715 blocks repetitive pings from the WAN that can otherwise cause systems to slow down or hang. Figure 27 Firewall Click OK to close this screen. 7.5.6 Wireless Security Use this screen to configure security for your the Wireless LAN. You can enter the SSID and select the wireless security mode in the following screen.
Chapter 7 Easy Mode Table 17 Wireless Security (continued) LABEL DESCRIPTION Security mode Select WPA-PSK or WPA2-PSK to add security on this wireless network. The wireless clients which want to associate to this network must have same wireless security settings as this device. After you select to use a security, additional options appears in this screen. Select No Security to allow any client to connect to this network without authentication.
Chapter 7 Easy Mode The following table describes the labels in this screen. Table 18 Wireless Security: WPS LABEL DESCRIPTION Wireless Security Click this to go back to the Wireless Security screen. WPS Create a secure wireless network simply by pressing a button. The NBG5715 scans for a WPS-enabled device within the range and performs wireless security information synchronization.
Chapter 7 Easy Mode Table 19 Status Screen in Easy Mode (continued) ITEM DESCRIPTION Firmware Version This shows the firmware version of the NBG5715. The firmware version format shows the trunk version, model code and release number. 54 Wireless_2.4G/5G Network Name (SSID) This shows the SSID of the wireless network. You can configure this in the Wireless Security screen (Section 7.5.6 on page 51; Section 11.2 on page 82). Security This shows the wireless security used by the NBG5715.
CHAPTER 8 Router Mode 8.1 Overview The NBG5715 operates as a router. Routers are used to connect the local network to another network (for example, the Internet). In the figure below, the NBG5715 connects the local network (LAN1 ~ LAN4) to the Internet. Figure 31 NBG5715 Network Modem Note: The Status screen is shown after changing to the Expert mode of the Web Configurator. It varies depending on the device mode of your NBG5715.
Chapter 8 Router Mode 8.2 Router Mode Status Screen Click to open the status screen. Figure 32 Status: Router Mode The following table describes the icons shown in the Status screen. Table 20 Status: Router Mode ICON DESCRIPTION Click this icon to logout of the web configurator. Click this icon to view copyright and a link for related product information. Click this icon to go to Easy Mode. See Chapter 7 on page 44.
Chapter 8 Router Mode Table 20 Status: Router Mode (continued) ICON DESCRIPTION Click this icon to see the Configuration navigation menu. Click this icon to see the Maintenance navigation menu. The following table describes the labels shown in the Status screen. Table 21 Status Screen: Router Mode LABEL DESCRIPTION Device Information Host Name This is the System Name you enter in the Maintenance > General screen. It is for identification purposes. Model Number This is the model name of your device.
Chapter 8 Router Mode Table 21 Status Screen: Router Mode (continued) LABEL DESCRIPTION - Memory Usage This shows what percentage of the heap memory the NBG5715 is using. Interface Status Interface This displays the NBG5715 port types. The port types are: WAN, LAN and WLAN. Status For the LAN and WAN ports, this field displays Down (line is down) or Up (line is up or connected). For the WLAN, it displays Up when the WLAN is enabled or Down when the WLAN is disabled.
Chapter 8 Router Mode The following table describes the sub-menus. Table 22 Navigation Panel: Router Mode LINK TAB Status FUNCTION This screen shows the NBG5715’s general device, system and interface status information. Use this screen to access the wizard, and summary statistics tables. MONITOR Log Use this screen to view the list of activities recorded by your NBG5715. DHCP Table Use this screen to view current DHCP client information.
Chapter 8 Router Mode Table 22 Navigation Panel: Router Mode (continued) LINK TAB FUNCTION General Use this screen to enable the NBG5715’s DHCP server. Advanced Use this screen to assign IP addresses to specific individual computers based on their MAC addresses and to have DNS servers assigned by the DHCP server. Client List Use this screen to view information related to your DHCP status. General Use this screen to enable NAT.
CHAPTER 9 Tutorials 9.1 Overview This chapter provides tutorials for setting up your NBG5715. • Set Up a Wireless Network with WPS • Configure Wireless Security without WPS 9.2 Set Up a Wireless Network with WPS This section gives you an example of how to set up wireless network using WPS. This example uses the NBG5715 as the AP and NWD210N as the wireless client which connects to a notebook. Wireless LAN 2.4G is used as the wireless mode in this example.
Chapter 9 Tutorials 4 Log into NBG5715’s Web Configurator and press the Push Button in the Configuration > Network > Wireless LAN 2.4G > WPS Station screen. Note: Your NBG5715 has a WPS button located on its front panel, as well as a WPS button in its configuration utility. Both buttons have exactly the same function; you can use one or the other. Note: It doesn’t matter which button is pressed first. You must press the second button within two minutes of pressing the first one.
Chapter 9 Tutorials 9.2.2 PIN Configuration When you use the PIN configuration method, you need to use both NBG5715’s configuration interface and the client’s utilities. 1 Launch your wireless client’s configuration utility. Go to the WPS settings and select the PIN method to get a PIN number. 2 Enter the PIN number to the PIN field in the Configuration > Network > Wireless LAN 2.4G > WPS Station screen on the NBG5715.
Chapter 9 Tutorials 9.3 Configure Wireless Security without WPS This example shows you how to configure wireless security settings with the following parameters on your NBG5715. Wireless LAN Mode 2.4G SSID SSID_Example3 Channel 6 Security WPA-PSK (Pre-Shared Key: ThisismyWPA-PSKpre-sharedkey) Follow the steps below to configure the wireless settings on your NBG5715.
Chapter 9 Tutorials 5 Open the Status screen. Verify your WLAN 2.4G wireless and wireless security settings under Device Information and check if the WLAN 2.4G connection is up under Interface Status. 9.3.1 Configure Your Notebook Note: We use the ZyXEL M-302 wireless adapter utility screens as an example for the wireless client. The screens may vary for different models. 1 The NBG5715 supports IEEE 802.11b, IEEE 802.11g and IEEE 802.11n wireless clients.
Chapter 9 Tutorials 66 4 Select SSID_Example3 and click Connect. 5 Select WPA-PSK and type the security key in the following screen. Click Next. 6 The Confirm Save window appears. Check your settings and click Save to continue.
Chapter 9 Tutorials 7 Check the status of your wireless connection in the screen below. If your wireless connection is weak or you have no connection, see the Troubleshooting section of this User’s Guide. If your connection is successful, open your Internet browser and enter http://www.zyxel.com or the URL of any other web site in the address bar. If you are able to access the web site, your wireless connection is successfully configured.
Chapter 9 Tutorials 68 NBG5715 User’s Guide
P ART II Technical Reference 69
CHAPTER 10 WAN 10.1 Overview This chapter discusses the NBG5715’s WAN screens. Use these screens to configure your NBG5715 for Internet access. A WAN (Wide Area Network) connection is an outside connection to another network or the Internet. It connects your private networks such as a LAN (Local Area Network) and other networks, so that a computer in one location can communicate with computers in other locations. Figure 36 LAN and WAN 10.
Chapter 10 WAN 10.3.1 Configuring Your Internet Connection Encapsulation Method Encapsulation is used to include data from an upper layer protocol into a lower layer protocol. To set up a WAN connection to the Internet, you need to use the same encapsulation method used by your ISP (Internet Service Provider).
Chapter 10 WAN 10.3.2 Multicast Traditionally, IP packets are transmitted in one of either two ways - Unicast (1 sender - 1 recipient) or Broadcast (1 sender - everybody on the network). Multicast delivers IP packets to a group of hosts on the network - not everybody and not just 1. Figure 37 Multicast Example In the multicast example above, systems A and D comprise one multicast group. In multicasting, the server only needs to send one data stream and this is delivered to systems A and D.
Chapter 10 WAN This screen displays when you select ENET ENCAP (Ethernet encapsulation). Figure 38 Network > WAN > Broadband: ENET ENCAP The following table describes the labels in this screen. Table 23 Network > WAN > Broadband: ENET ENCAP LABEL DESCRIPTION ISP Parameters for Internet Access Encapsulation Choose the ENET ENCAP (Ethernet encapsulation) option when the WAN port is used as a regular Ethernet.
Chapter 10 WAN Table 23 Network > WAN > Broadband: ENET ENCAP (continued) LABEL DESCRIPTION Apply Click Apply to save your changes back to the NBG5715. Cancel Click Cancel to begin configuring this screen afresh. 10.4.2 PPPoE Encapsulation The NBG5715 supports PPPoE (Point-to-Point Protocol over Ethernet). PPPoE is an IETF standard (RFC 2516) specifying how a personal computer (PC) interacts with a broadband modem (DSL, cable, wireless, etc.) connection.
Chapter 10 WAN The following table describes the labels in this screen. Table 24 Network > WAN > Broadband: PPPoE LABEL DESCRIPTION ISP Parameters for Internet Access Encapsulation Select PPPoE if you connect to your Internet via dial-up. PPP Information PPP Username Type the user name given to you by your ISP. PPP Password Type the password associated with the user name above. PPP Auto Connect Select this option if you do not want the connection to time out.
Chapter 10 WAN 10.5 The Advanced Screen To change your NBG5715’s advanced WAN settings, click Network > WAN > Advanced. The screen appears as shown. You can use this screen to enable multicast. Figure 40 Network > WAN > Advanced Table 25 Network > WAN > Advance LABEL DESCRIPTION Multicast Setup Select IGMPv1/v2 to enable multicasting. This applies to traffic routed from the WAN to the LAN. Select None to disable this feature.
Chapter 10 WAN 78 NBG5715 User’s Guide
CHAPTER 11 Wireless LAN 11.1 Overview This chapter discusses how to configure the wireless network settings in your NBG5715. The NBG5715 is able to function both 2.4G and 5G network at the same time. You can have different wireless settings for 2.4G and 5G. Click Configuration > Network > Wireless LAN 2.4G or Wireless LAN 5G to configure to do so. See the appendices for more detailed information about wireless networks. The following figure provides an example of a wireless network.
Chapter 11 Wireless LAN • Use the Advanced screen to allow intra-BSS networking and set the RTS/CTS Threshold (Section 11.5 on page 90). • Use the QoS screen to ensure Quality of Service (QoS) in your wireless network (Section 11.6 on page 90). • Use the WPS screen to quickly set up a wireless network with strong security, without having to configure security settings manually (Section 11.7 on page 91). • Use the WPS Station screen to add a wireless station using WPS (Section 11.8 on page 92).
Chapter 11 Wireless LAN You can use the MAC address filter to tell the AP which wireless clients are allowed or not allowed to use the wireless network. If a wireless client is allowed to use the wireless network, it still has to have the correct settings (SSID, channel, and security). If a wireless client is not allowed to use the wireless network, it does not matter if it has the correct settings. This type of security does not protect the information that is sent in the wireless network.
Chapter 11 Wireless LAN Usually, you should set up the strongest encryption that every wireless client in the wireless network supports. For example, suppose the AP does not have a local user database, and you do not have a RADIUS server. Therefore, there is no user authentication. Suppose the wireless network has two wireless clients. Device A only supports WEP, and device B supports WEP and WPA. Therefore, you should set up Static WEP in the wireless network.
Chapter 11 Wireless LAN Click Network > Wireless LAN 2.4G/5G to open the General screen. Figure 42 Network > Wireless LAN 2.4G/5G > General The following table describes the general wireless LAN labels in this screen. Table 27 Network > Wireless LAN 2.4G/5G > General LABEL DESCRIPTION Wireless LAN Select Enable to activate the 2.4G and/or 5G wireless LAN. Select Disable to turn it off. Name(SSID) The SSID (Service Set IDentity) identifies the Service Set with which a wireless client is associated.
Chapter 11 Wireless LAN Table 27 Network > Wireless LAN 2.4G/5G > General (continued) LABEL DESCRIPTION Wireless Mode If you are in the Wireless LAN 2.4G > General screen, you can select from the following: • • • • • • 802.11b: allows either IEEE 802.11b or IEEE 802.11g compliant WLAN devices to associate with the NBG5715. In this mode, all wireless devices can only transmit at the data rates supported by IEEE 802.11b. 802.11g: allows IEEE 802.11g compliant WLAN devices to associate with the Device.
Chapter 11 Wireless LAN Note: If you do not enable any wireless security on your NBG5715, your network is accessible to any wireless networking device that is within range. Figure 43 Network > Wireless LAN 2.4G/5G > Security: No Security The following table describes the labels in this screen. Table 28 Network > Wireless LAN > Security: No Security LABEL DESCRIPTION Security Mode Choose No Security from the drop-down list box. Apply Click Apply to save your changes back to the NBG5715.
Chapter 11 Wireless LAN The following table describes the wireless LAN security labels in this screen. Table 29 Network > Wireless LAN 2.4G/5G > Security: Static WEP LABEL DESCRIPTION Security Mode Select Static WEP to enable data encryption. PassPhrase Enter a Passphrase (up to 26 printable characters) and click Generate. A passphrase functions like a password. In WEP security mode, it is further converted by the NBG5715 into a complicated string that is referred to as the “key”.
Chapter 11 Wireless LAN The following table describes the labels in this screen. Table 30 Network > Wireless LAN > Security: WPA-PSK/WPA2-PSK LABEL DESCRIPTION Security Mode Select WPA-PSK or WPA2-PSK to enable data encryption. WPA Compatible This field appears when you choose WPA2-PSK as the Security Mode. Check this field to allow wireless devices using WPA-PSK security mode to connect to your NBG5715. Pre-Shared Key WPA-PSK/WPA2-PSK uses a simple common password for authentication.
Chapter 11 Wireless LAN Table 31 Network > Wireless LAN > General: WPA/WPA2 (continued) LABEL DESCRIPTION Group Key Update Timer The Group Key Update Timer is the rate at which the AP (if using WPAPSK/WPA2-PSK key management) or RADIUS server (if using WPA/WPA2 key management) sends a new group key out to all clients. The re-keying process is the WPA/WPA2 equivalent of automatically changing the WEP key for an AP and all stations in a WLAN on a periodic basis.
Chapter 11 Wireless LAN To change your NBG5715’s MAC filter settings, click Network > Wireless LAN 2.4G/5G > MAC Filter. The screen appears as shown. Figure 47 Network > Wireless LAN 2.4G/5G > MAC Filter The following table describes the labels in this menu. Table 32 Network > Wireless LAN 2.4G/5G > MAC Filter LABEL DESCRIPTION MAC Address Filter Select to turn on (Enable) or off (Disable) MAC address filtering.
Chapter 11 Wireless LAN 11.5 The Wireless LAN Advanced Screen Use this screen to allow wireless advanced features, such as the output power, RTS/CTS Threshold and high-throughput physical mode settings. Click Network > Wireless LAN 2.4G/5G > Advanced. The screen appears as shown. Figure 48 Network > Wireless LAN 2.4G/5G > Advanced The following table describes the labels in this screen. Table 33 Network > Wireless LAN 2.
Chapter 11 Wireless LAN Click Network > Wireless LAN 2.4G/5G > QoS. The following screen appears. Figure 49 Network > Wireless LAN 2.4G/5G > QoS The following table describes the labels in this screen. Table 34 Network > Wireless LAN 2.4G/5G > QoS LABEL DESCRIPTION Enable WMM QoS Check this to have the NBG5715 automatically give a service a priority level according to the ToS value in the IP header of packets it sends.
Chapter 11 Wireless LAN The following table describes the labels in this screen. Table 35 Network > Wireless LAN 2.4G/5G > WPS LABEL DESCRIPTION WPS Setup WPS Select Enable to activate the WPS feature. Select Disable to turn it off. PIN Number This displays a PIN number last time system generated. Click Generate to generate a new PIN number.
Chapter 11 Wireless LAN The following table describes the labels in this screen. Table 36 Network > Wireless LAN 2.4G/5G > WPS Station LABEL DESCRIPTION Push Button Use this button when you use the PBC (Push Button Configuration) method to configure wireless stations’s wireless settings. See Section 9.2.1 on page 61. Click this to start WPS-aware wireless station scanning and the wireless security information synchronization.
Chapter 11 Wireless LAN Table 37 Network > Wireless LAN 2.4G/5G > Scheduling (continued) 94 LABEL DESCRIPTION Day Select Everyday or the specific days to turn the Wireless LAN on or off. If you select Everyday you can not select any specific days. This field works in conjunction with the For the following times field.
CHAPTER 12 LAN 12.1 Overview This chapter describes how to configure LAN settings. A Local Area Network (LAN) is a shared communication system to which many computers are attached. A LAN is a computer network limited to the immediate area, usually the same building or floor of a building. The LAN screens can help you configure a LAN DHCP server, manage IP addresses, and partition your physical network into logical networks. Figure 53 LAN Example The LAN screens can help you manage IP addresses. 12.
Chapter 12 LAN 12.3 What You Need To Know The actual physical connection determines whether the NBG5715 ports are LAN or WAN ports. There are two separate IP networks, one inside the LAN network and the other outside the WAN network as shown next. Figure 54 LAN and WAN IP Addresses The LAN parameters of the NBG5715 are preset in the factory with the following values: • IP address of 192.168.1.1 with subnet mask of 255.255.255.0 (24 bits) • DHCP server enabled with 32 client IP addresses starting from 192.
Chapter 12 LAN 12.4 The LAN IP Screen Use this screen to change the IP address for your NBG5715. Click Network > LAN > IP. Figure 55 Network > LAN > IP The following table describes the labels in this screen. Table 38 Network > LAN > IP LABEL DESCRIPTION IP Address Type the IP address of your NBG5715 in dotted decimal notation. IP Subnet Mask The subnet mask specifies the network number portion of an IP address.
Chapter 12 LAN The following table describes the labels in this screen. Table 39 Network > LAN > IP Alias 98 LABEL DESCRIPTION IP Alias 1, 2 Select the check box to configure another LAN network for the NBG5715. IP Address Type the IP alias address of your NBG5715 in dotted decimal notation. IP Subnet Mask The subnet mask specifies the network number portion of an IP address. Your NBG5715 will automatically calculate the subnet mask based on the IP address that you assign.
CHAPTER 13 DHCP Server 13.1 Overview DHCP (Dynamic Host Configuration Protocol, RFC 2131 and RFC 2132) allows individual clients to obtain TCP/IP configuration at start-up from a server. You can configure the NBG5715’s LAN as a DHCP server or disable it. When configured as a server, the NBG5715 provides the TCP/IP configuration for the clients. If DHCP service is disabled, you must have another DHCP server on your LAN, or else the computer must be manually configured. 13.1.
Chapter 13 DHCP Server The following table describes the labels in this screen. Table 40 Network > DHCP Server > General LABEL DESCRIPTION DHCP Server Select Enable to activate DHCP for LAN. DHCP (Dynamic Host Configuration Protocol, RFC 2131 and RFC 2132) allows individual clients (computers) to obtain TCP/IP configuration at startup from a server. Enable the DHCP server unless your ISP instructs you to do otherwise. Select Disable to stop the NBG5715 acting as a DHCP server.
Chapter 13 DHCP Server The following table describes the labels in this screen. Table 41 Network > DHCP Server > Advanced LABEL DESCRIPTION Static DHCP Table # This is the index number of the static IP table entry (row). MAC Address Type the MAC address (with colons) of a computer on your LAN. IP Address Type the LAN IP address of a computer on your LAN.
Chapter 13 DHCP Server Note: You can also view a read-only client list by clicking the DHCP Table (Details...) hyperlink in the Status screen. Figure 59 Network > DHCP Server > Client List The following table describes the labels in this screen. Table 42 Network > DHCP Server > Client List LABEL DESCRIPTION # This is the index number of the host computer. Status This field displays whether the connection to the host computer is up (a yellow bulb) or down (a gray bulb).
CHAPTER 14 NAT 14.1 Overview NAT (Network Address Translation - NAT, RFC 1631) is the translation of the IP address of a host in a packet. For example, the source address of an outgoing packet, used within one network is changed to a different IP address known within another network. The figure below is a simple illustration of a NAT network.
Chapter 14 NAT • Use the NAT Advance screen to change your NBG5715’s trigger port settings (Section 14.4 on page 109). 14.1.2 What You Need To Know The following terms and concepts may help as you read through this chapter. Inside/Outside This denotes where a host is located relative to the NBG5715, for example, the computers of your subscribers are the inside hosts, while the web servers on the Internet are the outside hosts.
Chapter 14 NAT all incoming inquiries, thus preventing intruders from probing your network. For more information on IP address translation, refer to RFC 1631, The IP Network Address Translator (NAT). How NAT Works Each packet has two addresses – a source address and a destination address. For outgoing packets, the ILA (Inside Local Address) is the source address on the LAN, and the IGA (Inside Global Address) is the source address on the WAN.
Chapter 14 NAT The following table describes the labels in this screen. Table 44 Network > NAT > General LABEL DESCRIPTION Network Address Translation (NAT) Network Address Translation (NAT) allows the translation of an Internet protocol address used within one network (for example a private IP address used in a local network) to a different IP address known within another network (for example a public IP address used on the Internet). Select Enable to activate NAT. Select Disable to turn it off.
Chapter 14 NAT Refer to Appendix F on page 247 for port numbers commonly used for particular services. Figure 63 Network > NAT > Port Forwarding The following table describes the labels in this screen. Table 45 Network > NAT > Port Forwarding LABEL DESCRIPTION Default Server Setup Default Server In addition to the servers for specified services, NAT supports a default server. A default server receives packets from ports that are not specified in the Port Forwarding screen.
Chapter 14 NAT Table 45 Network > NAT > Port Forwarding (continued) LABEL DESCRIPTION Apply Click Apply to save your changes back to the NBG5715. Cancel Click Cancel to begin configuring this screen afresh. 14.3.1 Port Forwarding Edit Screen This screen lets you create or edit a port forwarding rule. Click the Add Port Forward button or a rule’s Edit icon in the Port Forwarding screen to open the following screen.
Chapter 14 NAT 14.4 The NAT Advance Screen To change your NBG5715’s trigger port settings, click Network > NAT > NAT Advance. The screen appears as shown. Note: Only one LAN computer can use a trigger port (range) at a time. Figure 65 Network > NAT > NAT Advance The following table describes the labels in this screen. Table 47 Network > NAT > NAT Advance LABEL DESCRIPTION Port Triggering Rules # This is the rule index number (read-only).
Chapter 14 NAT 14.5 Technical Reference The following section contains additional technical information about the NBG5715 features described in this chapter. 14.5.1 NATPort Forwarding: Services and Port Numbers A port forwarding set is a list of inside (behind NAT on the LAN) servers, for example, web or FTP, that you can make accessible to the outside world even though NAT makes your whole inside network appear as a single machine to the outside world.
Chapter 14 NAT The problem is that port forwarding only forwards a service to a single LAN IP address. In order to use the same service on a different LAN computer, you have to manually replace the LAN computer's IP address in the forwarding port with another LAN computer's IP address. Trigger port forwarding solves this problem by allowing computers on the LAN to dynamically take turns using the service.
Chapter 14 NAT 112 NBG5715 User’s Guide
CHAPTER 15 Dynamic DNS 15.1 Overview Dynamic DNS services let you use a domain name with a dynamic IP address. 15.1.1 What You Need To Know The following terms and concepts may help as you read through this chapter. What is DDNS? DDNS, or Dynamic DNS, allows you to update your current dynamic IP address with one or many dynamic DNS services so that anyone can contact you (in NetMeeting, CU-SeeMe, etc.).
Chapter 15 Dynamic DNS 15.2 The Dynamic DNS Screen To change your NBG5715’s DDNS, click Network > DDNS. The screen appears as shown. Figure 68 Dynamic DNS The following table describes the labels in this screen. Table 48 Dynamic DNS 114 LABEL DESCRIPTION Dynamic DNS Select Enable to use dynamic DNS. Select Disable to turn this feature off. Service Provider Select the name of your Dynamic DNS service provider. Host Name Enter a host names in the field provided.
CHAPTER 16 Static Route 16.1 Overview This chapter shows you how to configure static routes for your NBG5715. Each remote node specifies only the network to which the gateway is directly connected, and the NBG5715 has no knowledge of the networks beyond. For instance, the NBG5715 knows about network N2 in the following figure through remote node Router 1.
Chapter 16 Static Route The following table describes the labels in this screen. Table 49 Network > Static Route LABEL DESCRIPTION Add Static Route Click this to create a new rule. # This is the number of an individual static route. Status This field indicates whether the rule is active (yellow bulb) or not (gray bulb). Name This field displays a name to identify this rule. Destination This parameter specifies the IP network address of the final destination.
Chapter 16 Static Route Table 50 Static Route: Add/Edit LABEL DESCRIPTION Back Click Back to return to the previous screen without saving. Apply Click Apply to save your changes back to the NBG5715. Cancel Click Cancel to set every field in this screen to its last-saved value.
Chapter 16 Static Route 118 NBG5715 User’s Guide
CHAPTER 17 Firewall 17.1 Overview Use these screens to enable and configure the firewall that protects your NBG5715 and your LAN from unwanted or malicious traffic. Enable the firewall to protect your LAN computers from attacks by hackers on the Internet and control access between the LAN and WAN. By default the firewall: • allows traffic that originates from your LAN computers to go to all of the networks. • blocks traffic that originates on the other networks from going to the LAN.
Chapter 17 Firewall What is a Firewall? Originally, the term “firewall” referred to a construction technique designed to prevent the spread of fire from one room to another. The networking term "firewall" is a system or group of systems that enforces an access-control policy between two networks. It may also be defined as a mechanism used to protect a trusted network from a network that is not trusted. Of course, firewalls cannot solve every security problem.
Chapter 17 Firewall 4 Don't enable any local service (such as NTP) that you don't use. Any enabled service could present a potential security risk. A determined hacker might be able to find creative ways to misuse the enabled services to access the firewall or the network. 5 For local services that are enabled, protect against misuse. Protect by configuring the services to communicate only with specific peers, and protect by configuring rules to block packets for the services at specific interfaces.
Chapter 17 Firewall Click Security > Firewall > Services. The screen appears as shown next. Figure 74 Security > Firewall > Services l The following table describes the labels in this screen. Table 52 Security > Firewall > Services LABEL DESCRIPTION LABEL DESCRIPTION ICMP Internet Control Message Protocol is a message control and error-reporting protocol between a host server and a gateway to the Internet.
Chapter 17 Firewall Table 52 Security > Firewall > Services (continued) LABEL DESCRIPTION Source IP Address Enter the IP address of the computer that initializes traffic for the application or service. The NBG5715 applies the firewall rule to traffic initiating from this computer. Protocol Select the protocol (ALL,TCP, UDP or BOTH) used to transport the packets for which you want to apply the firewall rule.
CHAPTER 18 IPSec VPN 18.1 Overview A virtual private network (VPN) provides secure communications between sites without the expense of leased site-to-site lines. A secure VPN is a combination of tunneling, encryption, authentication, access control and auditing. It is used to transport traffic over the Internet or any insecure network that uses TCP/IP for communication.
Chapter 18 IPSec VPN 18.3 What You Need To Know A VPN tunnel is usually established in two phases. Each phase establishes a security association (SA), a contract indicating what security parameters the NBG5715 and the remote IPSec router will use. The first phase establishes an Internet Key Exchange (IKE) SA between the NBG5715 and remote IPSec router.
Chapter 18 IPSec VPN You can usually provide a static IP address or a domain name for the remote IPSec router as well. Sometimes, you might not know the IP address of the remote IPSec router (for example, telecommuters). In this case, you can still set up the IKE SA, but only the remote IPSec router can initiate an IKE SA. 18.3.
Chapter 18 IPSec VPN Click Security > IPSec VPN to display the Summary screen. This is a read-only menu of your VPN rules (tunnels). Edit a VPN rule by clicking the Edit icon. Figure 78 Security > IPSec VPN > General The following table describes the fields in this screen. Table 53 Security > IPSec VPN > General LABEL DESCRIPTION # This is the VPN policy index number. Status This field displays whether the VPN policy is active or not. This icon is turned on when the rule is enabled. Local Addr.
Chapter 18 IPSec VPN 18.5 Edit VPN Rule Click on a policy’s Edit icon in the IPSec VPN > General screen to edit the VPN policy. Note: The NBG5715 uses the system default gateway interface¡¦s WAN IP address as its WAN IP address to set up a VPN tunnel.
Chapter 18 IPSec VPN 18.5.1 IKEKey Setup IKEprovides more protection so it is generally recommended. You only configure VPN manual key when you select IKE in the IPSec Keying Mode field on the IPSec VPN > General > Edit screen.
Chapter 18 IPSec VPN The following table describes the labels in this screen. Table 54 Security > IPSec VPN > General > Edit: IKE LABEL DESCRIPTION Property Propert Select Enable to activate this VPN policy. Keep Alive Select this check box to have the NBG5715 automatically reinitiate the SA after the SA lifetime times out, even if there is no traffic. The remote IPSec router must also have keep alive enabled in order for this feature to work.
Chapter 18 IPSec VPN Table 54 Security > IPSec VPN > General > Edit: IKE (continued) LABEL DESCRIPTION Remote Policy Remote IP addresses must be static and correspond to the remote IPSec router's configured local IP addresses. The remote fields do not apply when the Secure Gateway IP Address field is configured to 0.0.0.0. In this case only the remote IPSec router can initiate the VPN. Two active SAs cannot have the local and remote IP address(es) both the same.
Chapter 18 IPSec VPN Table 54 Security > IPSec VPN > General > Edit: IKE (continued) LABEL DESCRIPTION Local Content When you select IP in the Local ID Type field, type the IP address of your computer in the Local Content field. The NBG5715 automatically uses the IP address in the My IP Address field (refer to the My IP Address field description) if you configure the Local Content field to 0.0.0.0 or leave it blank. It is recommended that you type an IP address other than 0.0.0.
Chapter 18 IPSec VPN Table 54 Security > IPSec VPN > General > Edit: IKE (continued) LABEL DESCRIPTION Peer Content The configuration of the peer content depends on the peer ID type. For IP, type the IP address of the computer with which you will make the VPN connection. If you configure this field to 0.0.0.0 or leave it blank, the NBG5715 will use the address in the Secure Gateway Address field (refer to the Secure Gateway Address field description).
Chapter 18 IPSec VPN Table 54 Security > IPSec VPN > General > Edit: IKE (continued) LABEL Key Group DESCRIPTION You must choose a key group for phase 1 IKE setup. DH1 refers to DiffieHellman Group 1 a 768 bit random number. DH2 refers to Diffie-Hellman Group 2 a 1024 bit (1Kb) random number. Phase 2 Encapsulation Mode Select Tunnel mode or Transport mode from the drop-down list box. IPSec Protocol Select the security protocols used for an SA.
Chapter 18 IPSec VPN Current ZyXEL implementation assumes identical outgoing and incoming SPIs. 18.5.2.2 IPSec SA Using Manual Keys You might set up an IPSec SA using manual keys when you want to establish a VPN tunnel quickly, for example, for troubleshooting. You should only do this as a temporary solution, however, because it is not as secure as a regular IPSec SA. In IPSec SAs using manual keys, the NBG5715 and remote IPSec router do not establish an IKE SA. They only establish an IPSec SA.
Chapter 18 IPSec VPN 18.5.3 Configuring Manual Key You only configure VPN manual key when you select Manual in the IPSec Keying Mode field on the IPSec VPN > General > Edit screen. Figure 80 Security > IPSec VPN > General > Edit: Manual The following table describes the labels in this screen. Table 55 Security > IPSec VPN > General > Edit: Manual LABEL DESCRIPTION Property Property Select Enable to activate this VPN policy. IPSec Keying Mode Select Manual from the drop-down list box.
Chapter 18 IPSec VPN Table 55 Security > IPSec VPN > General > Edit: Manual (continued) LABEL DESCRIPTION Local Policy Local IP addresses must be static and correspond to the remote IPSec router's configured remote IP addresses. Two active SAs can have the same configured local or remote IP address, but not both. You can configure multiple SAs between the same local and remote IP addresses, as long as only one is active at any time.
Chapter 18 IPSec VPN Table 55 Security > IPSec VPN > General > Edit: Manual (continued) LABEL DESCRIPTION My IP Address Enter the NBG5715's static WAN IP address (if it has one) or leave the field set to 0.0.0.0. The NBG5715 uses its current WAN IP address (static or dynamic) in setting up the VPN tunnel if you leave this field as 0.0.0.0.
Chapter 18 IPSec VPN Table 55 Security > IPSec VPN > General > Edit: Manual (continued) LABEL DESCRIPTION IPSec Protocol Select the security protocols used for an SA. Both AH and ESP increase processing requirements and communications latency (delay). If you select ESP here, you must select options from the Encryption Algorithm and Authentication Algorithm fields (described below). Back Click Back to return to the previous screen. Apply Click Apply to save your changes back to the NBG5715.
Chapter 18 IPSec VPN 18.7.1 IPSec Architecture The overall IPSec architecture is shown as follows. Figure 82 IPSec Architecture IPSec Algorithms The ESP (Encapsulating Security Payload) Protocol (RFC 2406) and AH (Authentication Header) protocol (RFC 2402) describe the packet formats and the default standards for packet structure (including implementation algorithms). The Encryption Algorithm describes the use of encryption techniques such as DES (Data Encryption Standard) and Triple DES algorithms.
Chapter 18 IPSec VPN 18.7.2 Encapsulation The two modes of operation for IPSec VPNs are Transport mode and Tunnel mode. At the time of writing, the NBG5715 supports Tunnel mode only. Figure 83 Transport and Tunnel Mode IPSec Encapsulation Transport Mode Transport mode is used to protect upper layer protocols and only affects the data in the IP packet.
Chapter 18 IPSec VPN 18.7.3 IKE Phases There are two phases to every IKE (Internet Key Exchange) negotiation – phase 1 (Authentication) and phase 2 (Key Exchange). A phase 1 exchange establishes an IKE SA and the second one uses that SA to negotiate SAs for IPSec. Figure 84 Two Phases to Set Up the IPSec SA In phase 1 you must: • Choose a negotiation mode. • Authenticate the connection by entering a pre-shared key. • Choose an encryption algorithm. • Choose an authentication algorithm.
Chapter 18 IPSec VPN • Main Mode ensures the highest level of security when the communicating parties are negotiating authentication (phase 1). It uses 6 messages in three round trips: SA negotiation, Diffie-Hellman exchange and an exchange of nonces (a nonce is a random number). This mode features identity protection (your identity is not revealed in the negotiation).
Chapter 18 IPSec VPN NAT is not normally compatible with ESP in transport mode either, but the NBG5715’s NAT Traversal feature provides a way to handle this. NAT traversal allows you to set up an IKE SA when there are NAT routers between the two IPSec routers. Figure 85 NAT Router Between IPSec Routers B A Normally you cannot set up an IKE SA with a NAT router between the two IPSec routers because the NAT router changes the header of the IPSec packet.
Chapter 18 IPSec VPN addresses. The NBG5715 can distinguish up to 48 incoming SAs because you can select between three encryption algorithms (DES, 3DES and AES), two authentication algorithms (MD5 and SHA1) and eight key groups when you configure a VPN rule (see Section 18.4 on page 126). The ID type and content act as an extra level of identification for incoming SAs. The type of ID can be a domain name, an IP address or an e-mail address. The content is the IP address, domain name, or e-mail address.
Chapter 18 IPSec VPN 18.7.9 Diffie-Hellman (DH) Key Groups Diffie-Hellman (DH) is a public-key cryptography protocol that allows two parties to establish a shared secret over an unsecured communications channel. Diffie-Hellman is used within IKE SA setup to establish session keys. 768-bit, 1024-bit 1536-bit, 2048-bit, and 3072-bit Diffie-Hellman groups are supported. Upon completion of the Diffie-Hellman exchange, the two peers have a shared secret, but the IKE SA is not authenticated.
CHAPTER 19 Bandwidth Management 19.1 Overview This chapter contains information about configuring bandwidth management and editing rules. ZyXEL’s Bandwidth Management allows you to specify bandwidth management rules based on an application. In the figure below, uplink traffic goes from the LAN device (A) to the WAN device (B). Bandwidth management is applied before sending the packets out to the WAN. Downlink traffic comes back from the WAN device (B) to the LAN device (A).
Chapter 19 Bandwidth Management The sum of the bandwidth allotments that apply to the LAN interface (WAN to LAN, WAN to WLAN) must be less than or equal to the Downstream Bandwidth that you configure in the Bandwidth Management Advanced screen Section 19.5 on page 148. 19.4 General Screen Use this screen to have the NBG5715 apply bandwidth management. Click Management > Bandwidth MGMT to open the bandwidth management General screen.
Chapter 19 Bandwidth Management Click Management > Bandwidth MGMT > Advance to open the bandwidth management Advanced screen. Figure 88 Management > Bandwidth MGMT > Advance The following table describes the labels in this screen. Table 63 Management > Bandwidth MGMT > Advance LABEL DESCRIPTION Management Bandwidth Upstream Bandwidth Select the total amount of bandwidth (from 64 Kilobits to 32 Megabits) that you want to dedicate to uplink traffic. This is traffic from LAN/WLAN to WAN.
Chapter 19 Bandwidth Management Table 63 Management > Bandwidth MGMT > Advance (continued) LABEL DESCRIPTION Priority Select a priority from the drop down list box. The lower the number, the higher the priority. • • • Select higher priority for voice traffic or video that is especially sensitive to jitter (jitter is the variations in delay). Select medium priority for "excellent effort" or better than best effort and would include important business traffic that can tolerate some delay.
Chapter 19 Bandwidth Management 19.5.1 Rule Configuration: User Defined Service Rule Configuration If you want to edit a bandwidth management rule for other applications or services, click the Edit icon in the User-defined Service table of the Advanced screen. The following screen displays. Figure 89 Bandwidth MGMT Rule Configuration: User-defined Service The following table describes the labels in this screen.
CHAPTER 20 Remote Management 20.1 Overview This chapter provides information on the Remote Management screens. Remote Management allows you to manage your NBG5715 from a remote location through the following interfaces: • LAN and WAN • LAN only • WAN only Note: The NBG5715 is managed using the Web Configurator. 20.
Chapter 20 Remote Management • Use the NBG5715’s WAN IP address when configuring from the WAN. • Use the NBG5715’s LAN IP address when configuring from the LAN. 20.3.2 System Timeout There is a default system management idle timeout of five minutes (three hundred seconds). The NBG5715 automatically logs you out if the management session remains idle for longer than this timeout period. The management session does not time out when a statistics screen is polling.
Chapter 20 Remote Management 20.5 Telnet Screen To change your NBG5715’s remote management settings, click Management > Remote MGMT > Telnet to open the Telnet screen. Figure 91 Management > Remote MGMT > Telnet The following table describes the labels in this screen. Table 66 Management > Remote MGMT > Telnet 154 LABEL DESCRIPTION Port You may change the server port number for a service if needed, however you must use the same port number in order to use that service for remote management.
CHAPTER 21 Universal Plug-and-Play (UPnP) 21.1 Overview This chapter introduces the UPnP feature in the web configurator. Universal Plug and Play (UPnP) is a distributed, open networking standard that uses TCP/IP for simple peer-to-peer network connectivity between devices. A UPnP device can dynamically join a network, obtain an IP address, convey its capabilities and learn about other devices on the network. In turn, a device can leave a network smoothly and automatically when it is no longer in use.
Chapter 21 Universal Plug-and-Play (UPnP) All UPnP-enabled devices may communicate freely with each other without additional configuration. Disable UPnP if this is not your intention. 21.3 UPnP Screen Use this screen to enable UPnP on your NBG5715. Click Management > UPnP to display the screen shown next. Figure 92 Management > UPnP The following table describes the fields in this screen. Table 67 Management > UPnP LABEL DESCRIPTION UPnP Select Enable to activate UPnP.
Chapter 21 Universal Plug-and-Play (UPnP) 2 Right-click the icon and select Properties. Figure 93 Network Connections 3 In the Internet Connection Properties window, click Settings to see the port mappings there were automatically created.
Chapter 21 Universal Plug-and-Play (UPnP) 4 You may edit or delete the port mappings or click Add to manually add port mappings. Figure 95 Internet Connection Properties: Advanced Settings Figure 96 Internet Connection Properties: Advanced Settings: Add Note: When the UPnP-enabled device is disconnected from your computer, all port mappings will be deleted automatically. 5 Select Show icon in notification area when connected option and click OK. An icon displays in the system tray.
Chapter 21 Universal Plug-and-Play (UPnP) 6 Double-click on the icon to display your current Internet connection status. Figure 98 Internet Connection Status 21.4.2 Web Configurator Easy Access With UPnP, you can access the web-based configurator on the NBG5715 without finding out the IP address of the NBG5715 first. This comes helpful if you do not know the IP address of the NBG5715. Follow the steps below to access the web configurator. 1 Click Start and then Control Panel.
Chapter 21 Universal Plug-and-Play (UPnP) 3 Select My Network Places under Other Places. Figure 99 Network Connections 4 An icon with the description for each UPnP-enabled device displays under Local Network. 5 Right-click on the icon for your NBG5715 and select Invoke. The web configurator login screen displays.
Chapter 21 Universal Plug-and-Play (UPnP) 6 Right-click on the icon for your NBG5715 and select Properties. A properties window displays with basic information about the NBG5715.
Chapter 21 Universal Plug-and-Play (UPnP) 162 NBG5715 User’s Guide
CHAPTER 22 Maintenance 22.1 Overview This chapter provides information on the Maintenance screens. 22.2 What You Can Do in this Chapter • Use the General screen to set the timeout period of the management session (Section 22.3 on page 163). • Use the Password screen to change your NBG5715’s system password (Section 22.4 on page 164). • Use the Time screen to change your NBG5715’s time and date (Section 22.5 on page 165). • Use the Firmware Upgrade screen to upload firmware to your NBG5715 (Section 22.
Chapter 22 Maintenance The following table describes the labels in this screen. Table 68 Maintenance > General LABEL DESCRIPTION System Name System Name is a unique name to identify the NBG5715 in an Ethernet network. Domain Name Enter the domain name you want to give to the NBG5715. Administrator Inactivity Timer Type how many minutes a management session can be left idle before the session times out. After it times out you have to log in with your password again.
Chapter 22 Maintenance 22.5 Time Setting Screen Use this screen to configure the NBG5715’s time based on your local time zone. To change your NBG5715’s time and date, click Maintenance > Time. The screen appears as shown. Figure 104 Maintenance > Time The following table describes the labels in this screen. Table 70 Maintenance > Time LABEL DESCRIPTION Current Time and Date Current Time This field displays the time of your NBG5715.
Chapter 22 Maintenance Table 70 Maintenance > Time (continued) LABEL DESCRIPTION Get from Time Server Select this radio button to have the NBG5715 get the time and date from the time server you specified below. User Defined Time Server Address Select User Defined Time Server Address and enter the IP address or URL (up to 20 extended ASCII characters in length) of your time server. Check with your ISP/network administrator if you are unsure of this information.
Chapter 22 Maintenance Click Maintenance > Firmware Upgrade. Follow the instructions in this screen to upload firmware to your NBG5715. Figure 105 Maintenance > Firmware Upgrade The following table describes the labels in this screen. Table 71 Maintenance > Firmware Upgrade LABEL DESCRIPTION File Path Type in the location of the file you want to upload in this field or click Browse... to find it. Browse... Click Browse... to find the .bin file you want to upload.
Chapter 22 Maintenance Restore configuration allows you to upload a new or previously saved configuration file from your computer to your NBG5715. Click Maintenance > Backup/Restore. Information related to factory defaults, backup configuration, and restoring configuration appears as shown next. Figure 107 Maintenance > Backup/Restore The following table describes the labels in this screen.
Chapter 22 Maintenance 22.8 The Language Screen Use this screen to change the language for the Web Configurator. Select the language you prefer and click Apply. The Web Configurator language changes after a while without restarting the NBG5715.
Chapter 22 Maintenance 170 NBG5715 User’s Guide
CHAPTER 23 Troubleshooting 23.1 Overview This chapter offers some suggestions to solve problems you might encounter. The potential problems are divided into the following categories. • Power, Hardware Connections, and LEDs • NBG5715 Access and Login • Internet Access • Resetting the NBG5715 to Its Factory Defaults • Wireless Router Troubleshooting • USB Device Problems • ZyXEL NetUSB Share Center Utility Problems 23.2 Power, Hardware Connections, and LEDs The NBG5715 does not turn on.
Chapter 23 Troubleshooting 2 Check the hardware connections. See the Quick Start Guide. 3 Inspect your cables for damage. Contact the vendor to replace any damaged cables. 4 Disconnect and re-connect the power adaptor to the NBG5715. 5 If the problem continues, contact the vendor. 23.3 NBG5715 Access and Login I don’t know the IP address of my NBG5715. 1 The default IP address is 192.168.1.1.
Chapter 23 Troubleshooting 1 Make sure you are using the correct IP address. • The default IP address is 192.168.1.1. • If you changed the IP address (Section 12.4 on page 97), use the new IP address. • If you changed the IP address and have forgotten it, see the troubleshooting suggestions for I don’t know the IP address of my NBG5715. 2 Check the hardware connections, and make sure the LEDs are behaving as expected. See the Quick Start Guide.
Chapter 23 Troubleshooting 23.4 Internet Access I cannot access the Internet. 1 Check the hardware connections, and make sure the LEDs are behaving as expected. See the Quick Start Guide. 2 Make sure you entered your ISP account information correctly in the wizard. These fields are casesensitive, so make sure [Caps Lock] is not on. 3 If you are trying to access the Internet wirelessly, make sure the wireless settings in the wireless client are the same as the settings in the AP.
Chapter 23 Troubleshooting • Check the settings for QoS. If it is disabled, you might consider activating it. 23.5 Resetting the NBG5715 to Its Factory Defaults If you reset the NBG5715, you lose all of the changes you have made. The NBG5715 re-loads its default settings, and the password resets to 1234. You have to make all of your changes again. You will lose all of your changes when you push the RESET button. To reset the NBG5715: 1 Make sure the power LED is on.
Chapter 23 Troubleshooting 6 Make sure traffic between the WLAN and the LAN is not blocked by the firewall on the NBG5715. 7 Make sure you allow the NBG5715 to be remotely accessed through the WLAN interface. Check your remote management settings. • See the chapter on Wireless LAN in the User’s Guide for more information. I can access the Internet, but I cannot open my network folders. If you cannot access a network folder, make sure your account has access rights to the folder you are trying to open.
Chapter 23 Troubleshooting 1 Be sure to install the ZyXEL NetUSB Share Center Utility (for NetUSB functionality) first from the included disc, or download the latest version from the zyxel.com website. 2 Disconnect the problematic USB device, then reconnect it to the NBG5715. 3 Ensure that the USB device in question has power. 4 Check your cable connections. 5 Restart the NBG5715 by disconnecting the power and then reconnecting it.
Chapter 23 Troubleshooting 178 NBG5715 User’s Guide
APPENDIX A Product Specifications The following tables summarize the NBG5715’s hardware and firmware features. Table 73 Hardware Features Dimensions 213.7 mm (W) x 164 mm (D) x 73.6 mm (H) Weight 251g SDRAM 128 MB Flash Memory 128 MB Power Specification Input: 100~240AC, 50/60Hz, 0.8A Output: 12V 2A Ethernet ports Auto-negotiating: 100 Mbps, 1000 Mbps in either half-duplex or fullduplex mode. Auto-crossover: Use either crossover or straight-through Ethernet cables.
Appendix A Product Specifications Table 74 Firmware Features FEATURE DESCRIPTION Default LAN IP Address 192.168.1.1 Default LAN Subnet Mask 255.255.255.0 (24 bits) Default Password 1234 DHCP Pool 192.168.1.33 to 192.168.1.64 Wireless Interface Wireless LAN 2.4GHz, 5GHz Default Wireless SSID ZyXEL Device Management Use the Web Configurator to easily configure the rich range of features on the NBG5715. Wireless Functionality Allows IEEE 802.11a, IEEE 802.11b, IEEE 802.11g and/or IEEE 802.
Appendix A Product Specifications Table 74 Firmware Features (continued) FEATURE DESCRIPTION DHCP (Dynamic Host Configuration Protocol) Use this feature to have the NBG5715 assign IP addresses, an IP default gateway and DNS servers to computers on your network. Dynamic DNS Support With Dynamic DNS (Domain Name System) support, you can use a fixed URL, www.zyxel.com for example, with a dynamic IP address. You must register for this service with a Dynamic DNS service provider.
Appendix A Product Specifications 5 Align the holes on the back of the NBG5715 with the screws on the wall. Hang the NBG5715 on the screws. Figure 109 Wall-mounting Example The following are dimensions of an M4 tap screw and masonry plug used for wall mounting. All measurements are in millimeters (mm).
APPENDIX B Pop-up Windows, JavaScript and Java Permissions In order to use the web configurator you need to allow: • Web browser pop-up windows from your device. • JavaScript (enabled by default). • Java permissions (enabled by default). Note: The screens used below belong to Internet Explorer version 6, 7 and 8. Screens for other Internet Explorer versions may vary. Internet Explorer Pop-up Blockers You may have to disable pop-up blocking to log into your device.
Appendix B Pop-up Windows, JavaScript and Java Permissions 2 Clear the Block pop-ups check box in the Pop-up Blocker section of the screen. This disables any web pop-up blockers you may have enabled. Figure 112 Internet Options: Privacy 3 Click Apply to save this setting. Enable Pop-up Blockers with Exceptions Alternatively, if you only want to allow pop-up windows from your device, see the following steps. 1 184 In Internet Explorer, select Tools, Internet Options and then the Privacy tab.
Appendix B Pop-up Windows, JavaScript and Java Permissions 2 Select Settings…to open the Pop-up Blocker Settings screen. Figure 113 Internet Options: Privacy 3 Type the IP address of your device (the web page that you do not want to have blocked) with the prefix “http://”. For example, http://192.168.167.1.
Appendix B Pop-up Windows, JavaScript and Java Permissions 4 Click Add to move the IP address to the list of Allowed sites. Figure 114 Pop-up Blocker Settings 5 Click Close to return to the Privacy screen. 6 Click Apply to save this setting. JavaScript If pages of the web configurator do not display properly in Internet Explorer, check that JavaScript are allowed.
Appendix B Pop-up Windows, JavaScript and Java Permissions 1 In Internet Explorer, click Tools, Internet Options and then the Security tab. Figure 115 Internet Options: Security 2 Click the Custom Level... button. 3 Scroll down to Scripting. 4 Under Active scripting make sure that Enable is selected (the default). 5 Under Scripting of Java applets make sure that Enable is selected (the default).
Appendix B Pop-up Windows, JavaScript and Java Permissions 6 Click OK to close the window. Figure 116 Security Settings - Java Scripting Java Permissions 188 1 From Internet Explorer, click Tools, Internet Options and then the Security tab. 2 Click the Custom Level... button. 3 Scroll down to Microsoft VM. 4 Under Java permissions make sure that a safety level is selected.
Appendix B Pop-up Windows, JavaScript and Java Permissions 5 Click OK to close the window. Figure 117 Security Settings - Java JAVA (Sun) 1 From Internet Explorer, click Tools, Internet Options and then the Advanced tab. 2 Make sure that Use Java 2 for
Appendix B Pop-up Windows, JavaScript and Java Permissions 3 Click OK to close the window. Figure 118 Java (Sun) Mozilla Firefox Mozilla Firefox 2.0 screens are used here. Screens for other versions may vary slightly. The steps below apply to Mozilla Firefox 3.0 as well. You can enable Java, Javascript and pop-ups in one screen. Click Tools, then click Options in the screen that appears.
Appendix B Pop-up Windows, JavaScript and Java Permissions Click Content to show the screen below. Select the check boxes as shown in the following screen. Figure 120 Mozilla Firefox Content Security Opera Opera 10 screens are used here. Screens for other versions may vary slightly.
Appendix B Pop-up Windows, JavaScript and Java Permissions Allowing Pop-Ups From Opera, click Tools, then Preferences. In the General tab, go to Choose how you prefer to handle pop-ups and select Open all pop-ups. Figure 121 Opera: Allowing Pop-Ups Enabling Java From Opera, click Tools, then Preferences. In the Advanced tab, select Content from the leftside menu. Select the check boxes as shown in the following screen.
Appendix B Pop-up Windows, JavaScript and Java Permissions To customize JavaScript behavior in the Opera browser, click JavaScript Options. Figure 123 Opera: JavaScript Options Select the items you want Opera’s JavaScript to apply.
Appendix B Pop-up Windows, JavaScript and Java Permissions 194 NBG5715 User’s Guide
APPENDIX C IP Addresses and Subnetting This appendix introduces IP addresses and subnet masks. IP addresses identify individual devices on a network. Every networking device (including computers, servers, routers, printers, etc.) needs an IP address to communicate across the network. These networking devices are also known as hosts. Subnet masks determine the maximum number of possible hosts on a network. You can also use subnet masks to divide one network into multiple sub-networks.
Appendix C IP Addresses and Subnetting The following figure shows an example IP address in which the first three octets (192.168.1) are the network number, and the fourth octet (16) is the host ID. Figure 124 Network Number and Host ID How much of the IP address is the network number and how much is the host ID varies according to the subnet mask.
Appendix C IP Addresses and Subnetting Subnet masks are expressed in dotted decimal notation just like IP addresses. The following examples show the binary and decimal notation for 8-bit, 16-bit, 24-bit and 29-bit subnet masks. Table 76 Subnet Masks BINARY DECIMAL 1ST OCTET 2ND OCTET 3RD OCTET 4TH OCTET 8-bit mask 11111111 00000000 00000000 00000000 255.0.0.0 16-bit mask 11111111 11111111 00000000 00000000 255.255.0.0 24-bit mask 11111111 11111111 11111111 00000000 255.255.255.
Appendix C IP Addresses and Subnetting Table 78 Alternative Subnet Mask Notation (continued) SUBNET MASK ALTERNATIVE NOTATION LAST OCTET (BINARY) LAST OCTET (DECIMAL) 255.255.255.224 /27 1110 0000 224 255.255.255.240 /28 1111 0000 240 255.255.255.248 /29 1111 1000 248 255.255.255.252 /30 1111 1100 252 Subnetting You can use subnetting to divide one network into multiple sub-networks.
Appendix C IP Addresses and Subnetting The following figure shows the company network after subnetting. There are now two subnetworks, A and B. Figure 126 Subnetting Example: After Subnetting In a 25-bit subnet the host ID has 7 bits, so each sub-network has a maximum of 27 – 2 or 126 possible hosts (a host ID of all zeroes is the subnet’s address itself, all ones is the subnet’s broadcast address). 192.168.1.0 with mask 255.255.255.128 is subnet A itself, and 192.168.1.127 with mask 255.255.255.
Appendix C IP Addresses and Subnetting Table 79 Subnet 1 (continued) IP/SUBNET MASK NETWORK NUMBER Subnet Address: 192.168.1.0 Lowest Host ID: 192.168.1.1 Broadcast Address: 192.168.1.63 Highest Host ID: 192.168.1.62 LAST OCTET BIT VALUE Table 80 Subnet 2 IP/SUBNET MASK NETWORK NUMBER LAST OCTET BIT VALUE IP Address 192.168.1. 64 IP Address (Binary) 11000000.10101000.00000001. 01000000 Subnet Mask (Binary) 11111111.11111111.11111111. 11000000 Subnet Address: 192.168.1.
Appendix C IP Addresses and Subnetting The following table shows IP address last octet values for each subnet. Table 83 Eight Subnets SUBNET SUBNET ADDRESS FIRST ADDRESS LAST ADDRESS BROADCAST ADDRESS 1 0 1 30 31 2 32 33 62 63 3 64 65 94 95 4 96 97 126 127 5 128 129 158 159 6 160 161 190 191 7 192 193 222 223 8 224 225 254 255 Subnet Planning The following table is a summary for subnet planning on a network with a 24-bit network number.
Appendix C IP Addresses and Subnetting Table 85 16-bit Network Number Subnet Planning (continued) NO. “BORROWED” HOST BITS SUBNET MASK NO. SUBNETS NO. HOSTS PER SUBNET 13 255.255.255.248 (/29) 8192 6 14 255.255.255.252 (/30) 16384 2 15 255.255.255.254 (/31) 32768 1 Configuring IP Addresses Where you obtain your network number depends on your particular situation.
Appendix C IP Addresses and Subnetting IP Address Conflicts Each device on a network must have a unique IP address. Devices with duplicate IP addresses on the same network will not be able to access the Internet or other resources. The devices may also be unreachable through the network. Conflicting Computer IP Addresses Example More than one device can not use the same IP address.
Appendix C IP Addresses and Subnetting Conflicting Computer and Router IP Addresses Example More than one device can not use the same IP address. In the following example, the computer and the router’s LAN port both use 192.168.1.1 as the IP address. The computer cannot access the Internet. This problem can be solved by assigning a different IP address to the computer or the router’s LAN port.
APPENDIX D Setting Up Your Computer’s IP Address Note: Your specific NBG5715 may not support all of the operating systems described in this appendix. See the product specifications for more information about which operating systems are supported. This appendix shows you how to configure the IP settings on your computer in order for it to be able to communicate with the other devices on your network.
Appendix D Setting Up Your Computer’s IP Address Windows XP/NT/2000 The following example uses the default Windows XP display theme but can also apply to Windows 2000 and Windows NT. 206 1 Click Start > Control Panel. 2 In the Control Panel, click the Network Connections icon.
Appendix D Setting Up Your Computer’s IP Address 3 Right-click Local Area Connection and then select Properties. 4 On the General tab, select Internet Protocol (TCP/IP) and then click Properties.
Appendix D Setting Up Your Computer’s IP Address 5 The Internet Protocol TCP/IP Properties window opens. 6 Select Obtain an IP address automatically if your network administrator or ISP assigns your IP address dynamically. Select Use the following IP Address and fill in the IP address, Subnet mask, and Default gateway fields if you have a static IP address that was assigned to you by your network administrator or ISP.
Appendix D Setting Up Your Computer’s IP Address Windows Vista This section shows screens from Windows Vista Professional. 1 Click Start > Control Panel. 2 In the Control Panel, click the Network and Internet icon. 3 Click the Network and Sharing Center icon.
Appendix D Setting Up Your Computer’s IP Address 4 Click Manage network connections. 5 Right-click Local Area Connection and then select Properties. Note: During this procedure, click Continue whenever Windows displays a screen saying that it needs your permission to continue.
Appendix D Setting Up Your Computer’s IP Address 6 Select Internet Protocol Version 4 (TCP/IPv4) and then select Properties.
Appendix D Setting Up Your Computer’s IP Address 7 The Internet Protocol Version 4 (TCP/IPv4) Properties window opens. 8 Select Obtain an IP address automatically if your network administrator or ISP assigns your IP address dynamically. Select Use the following IP Address and fill in the IP address, Subnet mask, and Default gateway fields if you have a static IP address that was assigned to you by your network administrator or ISP.
Appendix D Setting Up Your Computer’s IP Address Windows 7 This section shows screens from Windows 7 Enterprise. 1 Click Start > Control Panel. 2 In the Control Panel, click View network status and tasks under the Network and Internet category. 3 Click Change adapter settings.
Appendix D Setting Up Your Computer’s IP Address 4 Double click Local Area Connection and then select Properties. Note: During this procedure, click Continue whenever Windows displays a screen saying that it needs your permission to continue.
Appendix D Setting Up Your Computer’s IP Address 5 Select Internet Protocol Version 4 (TCP/IPv4) and then select Properties.
Appendix D Setting Up Your Computer’s IP Address 6 The Internet Protocol Version 4 (TCP/IPv4) Properties window opens. 7 Select Obtain an IP address automatically if your network administrator or ISP assigns your IP address dynamically. Select Use the following IP Address and fill in the IP address, Subnet mask, and Default gateway fields if you have a static IP address that was assigned to you by your network administrator or ISP.
Appendix D Setting Up Your Computer’s IP Address Verifying Settings 1 Click Start > All Programs > Accessories > Command Prompt. 2 In the Command Prompt window, type "ipconfig" and then press [ENTER]. 3 The IP settings are displayed as follows. Mac OS X: 10.3 and 10.4 The screens in this section are from Mac OS X 10.4 but can also apply to 10.3. 1 Click Apple > System Preferences.
Appendix D Setting Up Your Computer’s IP Address 218 2 In the System Preferences window, click the Network icon. 3 When the Network preferences pane opens, select Built-in Ethernet from the network connection type list, and then click Configure.
Appendix D Setting Up Your Computer’s IP Address 4 For dynamically assigned settings, select Using DHCP from the Configure IPv4 list in the TCP/IP tab. 5 For statically assigned settings, do the following: • From the Configure IPv4 list, select Manually. • In the IP Address field, type your IP address. • In the Subnet Mask field, type your subnet mask. • In the Router field, type the IP address of your device. 6 Click Apply Now and close the window.
Appendix D Setting Up Your Computer’s IP Address Verifying Settings Check your TCP/IP properties by clicking Applications > Utilities > Network Utilities, and then selecting the appropriate Network Interface from the Info tab. Figure 130 Mac OS X 10.4: Network Utility Mac OS X: 10.5 and 10.6 The screens in this section are from Mac OS X 10.5 but can also apply to 10.6. 1 220 Click Apple > System Preferences.
Appendix D Setting Up Your Computer’s IP Address 2 In System Preferences, click the Network icon. 3 When the Network preferences pane opens, select Ethernet from the list of available connection types. 4 From the Configure list, select Using DHCP for dynamically assigned settings.
Appendix D Setting Up Your Computer’s IP Address 5 For statically assigned settings, do the following: • From the Configure list, select Manually. • In the IP Address field, enter your IP address. • In the Subnet Mask field, enter your subnet mask. • In the Router field, enter the IP address of your NBG5715. 6 222 Click Apply and close the window.
Appendix D Setting Up Your Computer’s IP Address Verifying Settings Check your TCP/IP properties by clicking Applications > Utilities > Network Utilities, and then selecting the appropriate Network interface from the Info tab. Figure 131 Mac OS X 10.5: Network Utility Linux: Ubuntu 8 (GNOME) This section shows you how to configure your computer’s TCP/IP settings in the GNU Object Model Environment (GNOME) using the Ubuntu 8 Linux distribution.
Appendix D Setting Up Your Computer’s IP Address 224 2 When the Network Settings window opens, click Unlock to open the Authenticate window. (By default, the Unlock button is greyed out until clicked.) You cannot make changes to your configuration unless you first enter your admin password. 3 In the Authenticate window, enter your admin account name and password then click the Authenticate button.
Appendix D Setting Up Your Computer’s IP Address 4 In the Network Settings window, select the connection that you want to configure, then click Properties. 5 The Properties dialog box opens. • In the Configuration list, select Automatic Configuration (DHCP) if you have a dynamic IP address. • In the Configuration list, select Static IP address if you have a static IP address. Fill in the IP address, Subnet mask, and Gateway address fields.
Appendix D Setting Up Your Computer’s IP Address 226 7 If you know your DNS server IP address(es), click the DNS tab in the Network Settings window and then enter the DNS server information in the fields provided. 8 Click the Close button to apply the changes.
Appendix D Setting Up Your Computer’s IP Address Verifying Settings Check your TCP/IP properties by clicking System > Administration > Network Tools, and then selecting the appropriate Network device from the Devices tab. The Interface Statistics column shows data if your connection is working properly. Figure 132 Ubuntu 8: Network Tools Linux: openSUSE 10.3 (KDE) This section shows you how to configure your computer’s TCP/IP settings in the K Desktop Environment (KDE) using the openSUSE 10.
Appendix D Setting Up Your Computer’s IP Address 228 1 Click K Menu > Computer > Administrator Settings (YaST). 2 When the Run as Root - KDE su dialog opens, enter the admin password and click OK.
Appendix D Setting Up Your Computer’s IP Address 3 When the YaST Control Center window opens, select Network Devices and then click the Network Card icon. 4 When the Network Settings window opens, click the Overview tab, select the appropriate connection Name from the list, and then click the Configure button.
Appendix D Setting Up Your Computer’s IP Address 5 When the Network Card Setup window opens, click the Address tab Figure 133 openSUSE 10.3: Network Card Setup 6 Select Dynamic Address (DHCP) if you have a dynamic IP address. Select Statically assigned IP Address if you have a static IP address. Fill in the IP address, Subnet mask, and Hostname fields. 7 230 Click Next to save the changes and close the Network Card Setup window.
Appendix D Setting Up Your Computer’s IP Address 8 If you know your DNS server IP address(es), click the Hostname/DNS tab in Network Settings and then enter the DNS server information in the fields provided. 9 Click Finish to save your settings and close the window. Verifying Settings Click the KNetwork Manager icon on the Task bar to check your TCP/IP properties. From the Options sub-menu, select Show Connection Information. Figure 134 openSUSE 10.
Appendix D Setting Up Your Computer’s IP Address When the Connection Status - KNetwork Manager window opens, click the Statistics tab to see if your connection is working properly.
APPENDIX E Wireless LANs Wireless LAN Topologies This section discusses ad-hoc and infrastructure wireless LAN topologies. Ad-hoc Wireless LAN Configuration The simplest WLAN configuration is an independent (Ad-hoc) WLAN that connects a set of computers with wireless adapters (A, B, C). Any time two or more wireless adapters are within range of each other, they can set up an independent network, which is commonly referred to as an ad-hoc network or Independent Basic Service Set (IBSS).
Appendix E Wireless LANs disabled, wireless client A and B can still access the wired network but cannot communicate with each other. Figure 137 Basic Service Set ESS An Extended Service Set (ESS) consists of a series of overlapping BSSs, each containing an access point, with each access point connected together by a wired network. This wired connection between APs is called a Distribution System (DS). This type of wireless LAN topology is called an Infrastructure WLAN.
Appendix E Wireless LANs An ESSID (ESS IDentification) uniquely identifies each ESS. All access points and their associated wireless clients within the same ESS must have the same ESSID in order to communicate. Figure 138 Infrastructure WLAN Channel A channel is the radio frequency(ies) used by wireless devices to transmit and receive data. Channels available depend on your geographical area.
Appendix E Wireless LANs cannot "hear" each other, that is they do not know if the channel is currently being used. Therefore, they are considered hidden from each other. Figure 139 RTS/CTS When station A sends data to the AP, it might not know that the station B is already using the channel. If these two stations send data at the same time, collisions may occur when both sets of data arrive at the AP at the same time, resulting in a loss of messages for both stations.
Appendix E Wireless LANs If the Fragmentation Threshold value is smaller than the RTS/CTS value (see previously) you set then the RTS (Request To Send)/CTS (Clear to Send) handshake will never occur as data frames will be fragmented before they reach RTS/CTS size. Preamble Type Preamble is used to signal that data is coming to the receiver. Short and long refer to the length of the synchronization field in a packet.
Appendix E Wireless LANs The following figure shows the relative effectiveness of these wireless security methods available on your NBG5715. Table 87 Wireless Security Levels SECURITY LEVEL Least Secure SECURITY TYPE Unique SSID (Default) Unique SSID with Hide SSID Enabled MAC Address Filtering WEP Encryption IEEE802.
Appendix E Wireless LANs RADIUS is a simple package exchange in which your AP acts as a message relay between the wireless client and the network RADIUS server. Types of RADIUS Messages The following types of RADIUS messages are exchanged between the access point and the RADIUS server for user authentication: • Access-Request Sent by an access point requesting authentication. • Access-Reject Sent by a RADIUS server rejecting access. • Access-Accept Sent by a RADIUS server allowing access.
Appendix E Wireless LANs EAP-MD5 (Message-Digest Algorithm 5) MD5 authentication is the simplest one-way authentication method. The authentication server sends a challenge to the wireless client. The wireless client ‘proves’ that it knows the password by encrypting the password with the challenge and sends back the information. Password is not sent in plain text. However, MD5 authentication has some weaknesses.
Appendix E Wireless LANs If this feature is enabled, it is not necessary to configure a default encryption key in the wireless security configuration screen. You may still configure and store keys, but they will not be used while dynamic WEP is enabled. Note: EAP-MD5 cannot be used with Dynamic WEP Key Exchange For added security, certificate-based authentications (EAP-TLS, EAP-TTLS and PEAP) use dynamic keys for data encryption.
Appendix E Wireless LANs called Rijndael. They both include a per-packet key mixing function, a Message Integrity Check (MIC) named Michael, an extended initialization vector (IV) with sequencing rules, and a re-keying mechanism. WPA and WPA2 regularly change and rotate the encryption keys so that the same encryption key is never used twice.
Appendix E Wireless LANs WPA(2) with RADIUS Application Example To set up WPA(2), you need the IP address of the RADIUS server, its port number (default is 1812), and the RADIUS shared secret. A WPA(2) application example with an external RADIUS server looks as follows. "A" is the RADIUS server. "DS" is the distribution system. 1 The AP passes the wireless client's authentication request to the RADIUS server.
Appendix E Wireless LANs 4 The AP and wireless clients use the TKIP or AES encryption process, the PMK and information exchanged in a handshake to create temporal encryption keys. They use these keys to encrypt data exchanged between them. Figure 141 WPA(2)-PSK Authentication Security Parameters Summary Refer to this table to see what other security parameters you should configure for each authentication method or key management protocol type.
Appendix E Wireless LANs Positioning the antennas properly increases the range and coverage area of a wireless LAN. Antenna Characteristics Frequency An antenna in the frequency of 2.4GHz (IEEE 802.11b and IEEE 802.11g) or 5GHz (IEEE 802.11a) is needed to communicate efficiently in a wireless LAN Radiation Pattern A radiation pattern is a diagram that allows you to visualize the shape of the antenna’s coverage area.
Appendix E Wireless LANs For directional antennas, point the antenna in the direction of the desired coverage area.
APPENDIX F Common Services The following table lists some commonly-used services and their associated protocols and port numbers. For a comprehensive list of port numbers, ICMP type/code numbers and services, visit the IANA (Internet Assigned Number Authority) web site. • Name: This is a short, descriptive name for the service. You can use this one or create a different one, if you like. • Protocol: This is the type of IP protocol used by the service.
Appendix F Common Services Table 90 Commonly Used Services (continued) 248 NAME PROTOCOL PORT(S) DESCRIPTION HTTP TCP 80 Hyper Text Transfer Protocol - a client/ server protocol for the world wide web. HTTPS TCP 443 HTTPS is a secured http session often used in e-commerce. ICMP User-Defined 1 Internet Control Message Protocol is often used for diagnostic or routing purposes. ICQ UDP 4000 This is a popular Internet chat program.
Appendix F Common Services Table 90 Commonly Used Services (continued) NAME PROTOCOL PORT(S) DESCRIPTION SMTP TCP 25 Simple Mail Transfer Protocol is the message-exchange standard for the Internet. SMTP enables you to move messages from one e-mail server to another. SNMP TCP/UDP 161 Simple Network Management Program. SNMP-TRAPS TCP/UDP 162 Traps for use with the SNMP (RFC:1215).
Appendix F Common Services 250 NBG5715 User’s Guide
APPENDIX G Open Software Announcements End-User License Agreement for "NBG5715" WARNING: ZyXEL Communications Corp. IS WILLING TO LICENSE THE SOFTWARE TO YOU ONLY UPON THE CONDITION THAT YOU ACCEPT ALL OF THE TERMS CONTAINED IN THIS LICENSE AGREEMENT. PLEASE READ THE TERMS CAREFULLY BEFORE COMPLETING THE INSTALLATION PROCESS AS INSTALLING THE SOFTWARE WILL INDICATE YOUR ASSENT TO THEM.
Appendix G Open Software Announcements The Software and Documentation contain material that is protected by international copyright law, trade secret law, international treaty provisions, and the applicable national laws of each respective country. All rights not granted to you herein are expressly reserved by ZyXEL. You may not remove any proprietary notice of ZyXEL or any of its licensors from any copy of the Software or Documentation. 4.
Appendix G Open Software Announcements THIRTY (30) DAYS FROM THE DATE OF PURCHASE OF THE SOFTWARE, AND NO WARRANTIES SHALL APPLY AFTER THAT PERIOD. 7.
Appendix G Open Software Announcements Agreement shall only be effective if it is in writing and signed by both parties hereto. If any part of this License Agreement is found invalid or unenforceable by a court of competent jurisdiction, the remainder of this License Agreement shall be interpreted so as to reasonably effect the intention of the parties.
Appendix G Open Software Announcements applies to most of the Free Software Foundation's software and to any other program whose authors commit to using it. (Some other Free Software Foundation software is covered by the GNU Library General Public License instead.) You can apply it to your programs, too. When we speak of free software, we are referring to freedom, not price.
Appendix G Open Software Announcements 2. You may modify your copy or copies of the Program or any portion of it, thus forming a work based on the Program, and copy and distribute such modifications or work under the terms of Section 1 above, provided that you also meet all of these conditions: a) You must cause the modified files to carry prominent notices stating that you changed the files and the date of any change.
Appendix G Open Software Announcements operating system on which the executable runs, unless that component itself accompanies the executable. If distribution of executable or object code is made by offering access to copy from a designated place, then offering equivalent access to copy the source code from the same place counts as distribution of the source code, even though third parties are not compelled to copy the source along with the object code. 4.
Appendix G Open Software Announcements "any later version", you have the option of following the terms and conditions either of that version or of any later version published by the Free Software Foundation. If the Program does not specify a version number of this License, you may choose any version ever published by the Free Software Foundation. 10.
Appendix G Open Software Announcements The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS ORIMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
Appendix G Open Software Announcements Apache License Version 2.0, January 2004 http://www.apache.org/licenses/ TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION 1. Definitions. "License" shall mean the terms and conditions for use, reproduction, and distribution as defined by Sections 1 through 9 of this document. "Licensor" shall mean the copyright owner or entity authorized by the copyright owner that is granting the License.
Appendix G Open Software Announcements "Object" form shall mean any form resulting from mechanical transformation or translation of a Source form, including but not limited to compiled object code, generated documentation, and conversions to other media types. "Work" shall mean the work of authorship, whether in Source or Object form, made available under the License, as indicated by a copyright notice that is included in or attached to the work (an example is provided in the Appendix below).
Appendix G Open Software Announcements and issue tracking systems that are managed by, or on behalf of, the Licensor for the purpose of discussing and improving the Work, but excluding communication that is conspicuously marked or otherwise designated in writing by the copyright owner as "Not a Contribution." "Contributor" shall mean Licensor and any individual or Legal Entity on behalf of whom a Contribution has been received by Licensor and subsequently incorporated within the Work. 2.
Appendix G Open Software Announcements or contributory patent infringement, then any patent licenses granted to You under this License for that Work shall terminate as of the date such litigation is filed. 4. Redistribution.
Appendix G Open Software Announcements documentation, if provided along with the Derivative Works; or, within a display generated by the Derivative Works, if and wherever such third-party notices normally appear. The contents of the NOTICE file are for informational purposes only and do not modify the License.
Appendix G Open Software Announcements origin of the Work and reproducing the content of the NOTICE file. 7. Disclaimer of Warranty. Unless required by applicable law or agreed to in writing, Licensor provides the Work (and each Contributor provides its Contributions) on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied, including, without limitation, any warranties or conditions of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A PARTICULAR PURPOSE.
Appendix G Open Software Announcements License. However, in accepting such obligations, You may act only on Your own behalf and on Your sole responsibility, not on behalf of any other Contributor, and only if You agree to indemnify, defend, and hold each Contributor harmless for any liability incurred by, or claims asserted against, such Contributor by reason of your accepting any such warranty or additional liability. END OF TERMS AND CONDITIONS APPENDIX: How to apply the Apache License to your work.
Appendix G Open Software Announcements Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. This Product includes gmp, and libcli under the LGPL License. GNU LESSER GENERAL PUBLIC LICENSE Version 2.
Appendix G Open Software Announcements For example, if you distribute copies of the library, whether gratis or for a fee, you must give the recipients all the rights that we gave you.You must make sure that they, too, receive or can get the source code. If you link other code with the library, you must provide complete object files to the recipients, so that they can relink them with the library after making changes to the library and recompiling it.
Appendix G Open Software Announcements GNU LESSER GENERAL PUBLIC LICENSE TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION 0. This License Agreement applies to any software library or other program which contains a notice placed by the copyright holder or other authorized party saying it may be distributed under the terms of this Lesser General Public License (also called "this License"). Each licensee is addressed as "you".
Appendix G Open Software Announcements licensees extend to the entire whole, and thus to each and every part regardless of who wrote it. Thus, it is not the intent of this section to claim rights or contest your rights to work written entirely by you; rather, the intent is to exercise the right to control the distribution of derivative or collective works based on the Library.
Appendix G Open Software Announcements these things: a) Accompany the work with the complete corresponding machine-readable source code for the Library including whatever changes were used in the work (which must be distributed under Sections 1 and 2 above); and, if the work is an executable linked with the Library, with the complete machine-readable "work that uses the Library", as object code and/or source code, so that the user can modify the Library and then relink to produce a modified executable cont
Appendix G Open Software Announcements 11. If, as a consequence of a court judgment or allegation of patent infringement or for any other reason (not limited to patent issues), conditions are imposed on you (whether by court order, agreement or otherwise) that contradict the conditions of this License, they do not excuse you from the conditions of this License.
Appendix G Open Software Announcements LIBRARY AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OR INABILITY TO USE THE LIBRARY (INCLUDING BUT NOT LIMITED TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD PARTIES OR A FAILURE OF THE LIBRARY TO OPERATE WITH ANY OTHER SOFTWARE), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCHDAMAGES.
Appendix G Open Software Announcements Jean-loup Gailly jloup@gzip.org Mark Adler madler@alumni.caltech.
Appendix G Open Software Announcements NBG5715 User’s Guide 275
Appendix G Open Software Announcements 276 NBG5715 User’s Guide
Appendix G Open Software Announcements NBG5715 User’s Guide 277
Appendix G Open Software Announcements 278 NBG5715 User’s Guide
Appendix G Open Software Announcements NBG5715 User’s Guide 279
Appendix G Open Software Announcements 280 NBG5715 User’s Guide
APPENDIX H Legal Information Copyright Copyright © 2011 by ZyXEL Communications Corporation. The contents of this publication may not be reproduced in any part or as a whole, transcribed, stored in a retrieval system, translated into any language, or transmitted in any form or by any means, electronic, mechanical, magnetic, optical, chemical, photocopying, manual, or otherwise, without the prior written permission of ZyXEL Communications Corporation. Published by ZyXEL Communications Corporation.
Appendix H Legal Information This device is designed for the WLAN 2.4 GHz and/or 5 GHz networks throughout the EC region and Switzerland, with restrictions in France. Ce produit est conçu pour les bandes de fréquences 2,4 GHz et/ou 5 GHz conformément à la législation Européenne.
Appendix H Legal Information End-User License Agreement WARNING: ZyXEL Communications Corp. IS WILLING TO LICENSE THE ENCLOSED SOFTWARE TO YOU ONLY UPON THE CONDITION THAT YOU ACCEPT ALL OF THE TERMS CONTAINED IN THIS LICENSE AGREEMENT. PLEASE READ THE TERMS CAREFULLY BEFORE COMPLETING THE INSTALLATION PROCESS AS INSTALLING THE SOFTWARE WILL INDICATE YOUR ASSENT TO THEM. IF YOU DO NOT AGREE TO THESE TERMS, THEN ZyXEL, INC.
Appendix H Legal Information thereof, in the operation of a service bureau or for the benefit of any other person or entity. You may not cause, assist or permit any third party to do any of the foregoing. Portions of the Software utilize or include third party software and other copyright material. Acknowledgements, licensing terms and disclaimers for such material are contained in the online electronic documentation for the Software (ftp://opensource.zyxel.
Appendix H Legal Information THIS LICENSE AGREEMENT IS EXPRESSLY MADE SUBJECT TO ANY APPLICABLE LAWS, REGULATIONS, ORDERS, OR OTHER RESTRICTIONS ON THE EXPORT OF THE SOFTWARE OR INFORMATION ABOUT SUCH SOFTWARE WHICH MAY BE IMPOSED FROM TIME TO TIME. YOU SHALL NOT EXPORT THE SOFTWARE, DOCUMENTATION OR INFORMATION ABOUT THE SOFTWARE AND DOCUMENTATION WITHOUT COMPLYING WITH SUCH LAWS, REGULATIONS, ORDERS, OR OTHER RESTRICTIONS.
Appendix H Legal Information 286 NBG5715 User’s Guide
Index Index A CTS (Clear to Send) 236 Address Assignment 72 Advanced Encryption Standard See AES.
Index and local (user) database 82 key 82 WPA compatible 82 see also Internet Group Multicast Protocol version IGMP version 73 ESP 140 IKE phases 142 ESS 234 IKE SA aggressive mode 125 IP address, remote IPSec router 126 IP address, ZyXEL Device 125 main mode 125 negotiation mode 125 ESSID 175 Extended Service Set, See ESS 234 F Firewall 120 Firewall overview guidelines 120 ICMP packets 121 network security Stateful inspection 120 ZyXEL device firewall 120 firewall stateful inspection 119 Firmware u
Index local (user) database 81 and encryption 82 O Local Area Network 95 outside header 141 M P MAC 88 Pairwise Master Key (PMK) 242, 243 MAC address 72, 80 cloning 72 Point-to-Point Protocol over Ethernet 75 MAC address filter 80 MAC address filtering 88 MAC filter 88 Pool Size 100 Port forwarding 106, 110 default server 106, 110 example 110 local server 106 port numbers services managing the device good habits 22 using the web configurator. See web configurator. using the WPS. See WPS.
Index Reset button 35 Temporal Key Integrity Protocol (TKIP) 241 Reset the device 35 Time setting 165 Restore configuration 168 transport mode 141 RF (Radio Frequency) 180 trigger port 111 Roaming 90 Trigger port forwarding 111 example 111 process 111 Router Mode status screen 56 RTS (Request To Send) 236 threshold 235, 236 tunnel mode 141 RTS/CTS Threshold 80, 90 U safety warnings 7 Universal Plug and Play 155 Application 155 Security issues 155 Scheduling 93 UPnP 155 security associatio
Index Overview 33 web configurator 22 application example 243 WPS 22 WEP Encryption 86, 87 WEP encryption 85 WEP key 85 Wi-Fi Protected Access 241 Wildcard 113 Wireless association list 41 wireless channel 175 wireless client WPA supplicants 242 wireless LAN 175 wireless LAN scheduling 93 Wireless network basic guidelines 79 channel 80 encryption 81 example 79 MAC address filter 80 overview 79 security 80 SSID 80 Wireless security 80 overview 80 type 80 wireless security 175, 237 Wireless tutorial 61 WLA
Index 292 NBG5715 User’s Guide
