NBG334S 802.11g Wireless Firewall Router User’s Guide Version 3.60 8/2007 Edition 1 DEFAULT LOGIN IP Address http://192.168.1.1 User Name admin Password 1234 www.zyxel.
About This User's Guide About This User's Guide Intended Audience This manual is intended for people who want to configure the NBG334S using the web configurator. You should have at least a basic knowledge of TCP/IP networking concepts and topology. Related Documentation • Quick Start Guide The Quick Start Guide is designed to help you get up and running right away. It contains information on setting up your network and configuring for Internet access.
Document Conventions Document Conventions Warnings and Notes These are how warnings and notes are shown in this User’s Guide. 1 " Warnings tell you about things that could harm you or your device. Notes tell you other important information (for example, other things you may need to configure or helpful tips) or recommendations. Syntax Conventions • The NBG334S may be referred to as the “NBG334S”, the “device”, the “product” or the “system” in this User’s Guide.
Document Conventions Icons Used in Figures Figures in this User’s Guide may use the following generic icons. The NBG334S icon is not an exact representation of your device.
Safety Warnings Safety Warnings 1 For your safety, be sure to read and follow all warning notices and instructions. • Do NOT use this product near water, for example, in a wet basement or near a swimming pool. • Do NOT expose your device to dampness, dust or corrosive liquids. • Do NOT store things on the device. • Do NOT install, use, or service this device during a thunderstorm. There is a remote risk of electric shock from lightning. • Connect ONLY suitable accessories to the device.
Safety Warnings NBG334S User’s Guide 7
Safety Warnings 8 NBG334S User’s Guide
Contents Overview Contents Overview Introduction ............................................................................................................................ 27 Getting to Know Your NBG334S ................................................................................................ 29 Introducing the Web Configurator .............................................................................................. 33 Connection Wizard ........................................................
Contents Overview 10 NBG334S User’s Guide
Table of Contents Table of Contents About This User's Guide .......................................................................................................... 3 Document Conventions............................................................................................................ 4 Safety Warnings........................................................................................................................ 6 Contents Overview .......................................................
Table of Contents 2.5.6 Summary: Wireless Station Status ......................................................................... 42 Chapter 3 Connection Wizard ................................................................................................................. 45 3.1 Wizard Setup ....................................................................................................................... 45 3.2 Connection Wizard: STEP 1: System Information .........................................
Table of Contents 5.2.1 SSID ........................................................................................................................... 71 5.2.2 MAC Address Filter .................................................................................................... 71 5.2.3 User Authentication .................................................................................................... 72 5.2.4 Encryption ................................................................................
Table of Contents 8.2.2 IP Address and Subnet Mask ................................................................................... 104 8.2.3 Multicast ................................................................................................................... 104 8.2.4 Any IP ....................................................................................................................... 104 8.3 LAN IP Screen ..................................................................................
Table of Contents 12.1.3 About the NBG334S Firewall ................................................................................. 127 12.1.4 Guidelines For Enhancing Security With Your Firewall .......................................... 128 12.2 Triangle Routes ............................................................................................................... 128 12.2.1 Triangle Routes and IP Alias .................................................................................. 128 12.
Table of Contents Chapter 16 Remote Management............................................................................................................ 153 16.1 Remote Management Overview ...................................................................................... 153 16.1.1 Remote Management Limitations .......................................................................... 153 16.1.2 Remote Management and NAT ..............................................................................
Table of Contents 20.2.2 Restore Configuration ............................................................................................ 193 20.2.3 Back to Factory Defaults ........................................................................................ 194 20.3 Restart Screen ................................................................................................................. 194 Chapter 21 Configuration Mode ..........................................................................
Table of Contents 18 NBG334S User’s Guide
List of Figures List of Figures Figure 1 Wireless Internet Access in AP Mode ..................................................................................... 29 Figure 2 Secure Wireless Internet Access in Router Mode ................................................................... 30 Figure 3 Front Panel ............................................................................................................................... 31 Figure 4 Change Password Screen ..................................
List of Figures Figure 39 Network > Wireless LAN > General: WPA/WPA2 ................................................................... 80 Figure 40 Network > Wireless LAN > MAC Filter ................................................................................... 82 Figure 41 Network > Wireless LAN > Advanced .................................................................................... 83 Figure 42 Network > Wireless LAN > QoS ....................................................................
List of Figures Figure 82 Management > Remote MGMT > WWW ............................................................................ 154 Figure 83 Telnet Configuration on a TCP/IP Network ........................................................................... 155 Figure 84 Management > Remote MGMT > Telnet ............................................................................. 155 Figure 85 Management > Remote MGMT > FTP ............................................................................
List of Figures Figure 125 Internet Options: Privacy .................................................................................................... 219 Figure 126 Pop-up Blocker Settings ..................................................................................................... 219 Figure 127 Internet Options: Security ................................................................................................... 220 Figure 128 Security Settings - Java Scripting .........................
List of Tables List of Tables Table 1 Features Available in Router Mode vs. AP Mode ..................................................................... 30 Table 2 Front Panel LEDs ...................................................................................................................... 31 Table 3 Status Screen Icon Key ............................................................................................................. 36 Table 4 Web Configurator Status Screen .......................
List of Tables Table 39 WAN > Advanced .................................................................................................................. 102 Table 40 Network > LAN > IP .............................................................................................................. 106 Table 41 Network > LAN > IP Alias ..................................................................................................... 107 Table 42 Network > LAN > Advanced .....................................
List of Tables Table 82 Content Filtering Logs ........................................................................................................... 184 Table 83 Attack Logs ........................................................................................................................... 185 Table 84 PKI Logs ............................................................................................................................... 186 Table 85 802.1X Logs .................................
List of Tables 26 NBG334S User’s Guide
P ART I Introduction Getting to Know Your NBG334S (29) Introducing the Web Configurator (33) Connection Wizard (45) AP Mode (61) 27
CHAPTER 1 Getting to Know Your NBG334S This chapter introduces the main features and applications of the NBG334S. 1.1 Overview The NBG334S acts as either an access point (AP) or a secure broadband router for all data passing between the Internet and your local network. In both AP and Router Mode you can set up a wireless network with other IEEE 802.11b/g compatible devices. The Super G function allows compatible clients to connect to the NBG334S at high speed.
Chapter 1 Getting to Know Your NBG334S 1.3 Router Mode Select Router Mode if you need to route traffic between your network and another network such as the Internet, and require important network services such as a firewall or bandwidth management. The following figure shows computers in a WLAN connecting to the NBG334S (A), which has a DSL connection to the Internet. The NBG334S is set to Router Mode and has router features such as a built-in firewall (B).
Chapter 1 Getting to Know Your NBG334S 1.5 Ways to Manage the NBG334S Use any of the following methods to manage the NBG334S. • Web Configurator. This is recommended for everyday management of the NBG334S using a (supported) web browser. • Command Line Interface. Line commands are mostly used for troubleshooting by service engineers. • FTP. Use File Transfer Protocol for firmware upgrades and configuration backup/restore. 1.
Chapter 1 Getting to Know Your NBG334S Table 2 Front Panel LEDs (continued) LED COLOR STATUS DESCRIPTION LAN 1-4 Green On The NBG334S has a successful 10MB Ethernet connection. Blinking The NBG334S is sending/receiving data. On The NBG334S has a successful 100MB Ethernet connection. Blinking The NBG334S is sending/receiving data. Off The LAN is not connected. On The NBG334S has a successful 10MB WAN connection. Blinking The NBG334S is sending/receiving data.
CHAPTER 2 Introducing the Web Configurator This chapter describes how to access the NBG334S web configurator and provides an overview of its screens. 2.1 Web Configurator Overview The web configurator is an HTML-based management interface that allows easy setup and management of the NBG334S via Internet browser. Use Internet Explorer 6.0 and later or Netscape Navigator 7.0 and later versions or Safari 2.0 or later versions. The recommended screen resolution is 1024 by 768 pixels.
Chapter 2 Introducing the Web Configurator 4 Type "1234" (default) as the password and click Login. In some versions, the default password appears automatically - if this is the case, click Login. 5 You should see a screen asking you to change your password (highly recommended) as shown next. Type a new password (and retype it to confirm) and click Apply or click Ignore.
Chapter 2 Introducing the Web Configurator Click Go to Advanced Setup to view and configure all the NBG334S’s settings. • You can also configure your language settings in Maintenance > Language. 2.3 Resetting the NBG334S If you forget your password or IP address, or you cannot access the web configurator, you will need to use the RESET button at the back of the NBG334S to reload the factory-default configuration file.
Chapter 2 Introducing the Web Configurator Figure 5 Web Configurator Status Screen The following table describes the icons shown in the Status screen. Table 3 Status Screen Icon Key ICON DESCRIPTION Click this icon to open the setup wizard. Click this icon to view copyright and a link for related product information. Click this icon at any time to exit the web configurator.
Chapter 2 Introducing the Web Configurator Table 4 Web Configurator Status Screen (continued) LABEL DESCRIPTION - MAC Address This shows the WAN Ethernet adapter MAC Address of your device. - IP Address This shows the WAN port’s IP address. - IP Subnet Mask This shows the WAN port’s subnet mask. - DHCP This shows the WAN port’s DHCP role - Client or None. LAN Information - MAC Address This shows the LAN Ethernet adapter MAC Address of your device.
Chapter 2 Introducing the Web Configurator Table 4 Web Configurator Status Screen (continued) LABEL DESCRIPTION Rate For the LAN ports, this displays the port speed and duplex setting or N/A when the line is disconnected. For the WAN port, it displays the port speed and duplex setting if you’re using Ethernet encapsulation and Idle (line (ppp) idle), Dial (starting to trigger a call) and Drop (dropping a call) if you're using PPPoE or PPTP encapsulation.
Chapter 2 Introducing the Web Configurator Table 5 Screens Summary LINK DHCP Server NAT DDNS TAB FUNCTION General Use this screen to enable the NBG334S’s DHCP server. Advanced Use this screen to assign IP addresses to specific individual computers based on their MAC addresses and to have DNS servers assigned by the DHCP server. Client List Use this screen to view current DHCP client information and to always assign an IP address to a MAC address (and host name).
Chapter 2 Introducing the Web Configurator Table 5 Screens Summary LINK TAB FUNCTION Firmware Use this screen to upload firmware to your NBG334S. Configuration Use this screen to backup and restore the configuration or reset the factory defaults to your NBG334S. Restart This screen allows you to reboot the NBG334S without turning the power off. Config Mode General This screen allows you to display or hide the advanced screens or features.
Chapter 2 Introducing the Web Configurator 2.5.4 Summary: DHCP Table DHCP (Dynamic Host Configuration Protocol, RFC 2131 and RFC 2132) allows individual clients to obtain TCP/IP configuration at start-up from a server. You can configure the NBG334S as a DHCP server or disable it. When configured as a server, the NBG334S provides the TCP/IP configuration for the clients. If DHCP service is disabled, you must have another DHCP server on your LAN, or else the computer must be manually configured.
Chapter 2 Introducing the Web Configurator Figure 9 Summary: Packet Statistics The following table describes the labels in this screen. Table 7 Summary: Packet Statistics LABEL DESCRIPTION Port This is the NBG334S’s port type. Status For the LAN ports, this displays the port speed and duplex setting or Down when the line is disconnected.
Chapter 2 Introducing the Web Configurator Figure 10 Summary: Wireless Association List The following table describes the labels in this screen. Table 8 Summary: Wireless Association List LABEL DESCRIPTION # This is the index number of an associated wireless station. MAC Address This field displays the MAC address of an associated wireless station. Association Time This field displays the time a wireless station first associated with the NBG334S. Refresh Click Refresh to reload the list.
Chapter 2 Introducing the Web Configurator 44 NBG334S User’s Guide
CHAPTER 3 Connection Wizard This chapter provides information on the wizard setup screens in the web configurator. 3.1 Wizard Setup The web configurator’s wizard setup helps you configure your device to access the Internet. Refer to your ISP (Internet Service Provider) checklist in the Quick Start Guide to know what to enter in each field. Leave a field blank if you don’t have that information. 1 After you access the NBG334S web configurator, choose your language.
Chapter 3 Connection Wizard Figure 12 Select a Language 4 Read the on-screen information and click Next. Figure 13 Welcome to the Connection Wizard 3.2 Connection Wizard: STEP 1: System Information System Information contains administrative and system-related information. 3.2.1 System Name System Name is for identification purposes. However, because some ISPs check this name you should enter your computer's "Computer Name". • In Windows 95/98 click Start, Settings, Control Panel, Network.
Chapter 3 Connection Wizard 3.2.2 Domain Name The Domain Name entry is what is propagated to the DHCP clients on the LAN. If you leave this blank, the domain name obtained by DHCP from the ISP is used. While you must enter the host name (System Name) on each individual computer, the domain name can be assigned from the NBG334S via DHCP. Click Next to configure the NBG334S for Internet access. Figure 14 Wizard Step 1: System Information The following table describes the labels in this screen.
Chapter 3 Connection Wizard Figure 15 Wizard Step 2: Wireless LAN The following table describes the labels in this screen. Table 10 Wizard Step 2: Wireless LAN " 48 LABEL DESCRIPTION Name (SSID) Enter a descriptive name (up to 32 printable 7-bit ASCII characters) for the wireless LAN. If you change this field on the NBG334S, make sure all wireless stations use the same SSID in order to access the network. Security Select a Security level from the drop-down list box.
Chapter 3 Connection Wizard 3.3.1 Basic (WEP) Security Choose Basic (WEP) to setup WEP Encryption parameters. Figure 16 Wizard Step 2: Basic (WEP) Security The following table describes the labels in this screen. Table 11 Wizard Step 2: Basic (WEP) Security LABEL DESCRIPTION Passphrase Type a Passphrase (up to 32 printable characters) and click Generate. The NBG334S automatically generates a WEP key. WEP Encryption Select 64-bit WEP or 128-bit WEP to allow data encryption.
Chapter 3 Connection Wizard Table 11 Wizard Step 2: Basic (WEP) Security LABEL DESCRIPTION Next Click Next to proceed to the next screen. Exit Click Exit to close the wizard screen without saving. 3.3.2 Extend (WPA-PSK or WPA2-PSK) Security Choose Extend (WPA-PSK) or Extend (WPA2-PSK) security in the Wireless LAN setup screen to set up a Pre-Shared Key. Figure 17 Wizard Step 2: Extend (WPA-PSK or WPA2-PSK) Security The following table describes the labels in this screen.
Chapter 3 Connection Wizard Figure 18 Wizard Step 3: ISP Parameters. The following table describes the labels in this screen, Table 13 Wizard Step 3: ISP Parameters CONNECTION TYPE DESCRIPTION Ethernet Select the Ethernet option when the WAN port is used as a regular Ethernet. PPPoE Select the PPP over Ethernet option for a dial-up connection. If your ISP gave you a an IP address and/or subnet mask, then select PPTP. PPTP Select the PPTP option for a dial-up connection. 3.4.
Chapter 3 Connection Wizard One of the benefits of PPPoE is the ability to let end users access one of multiple network services, a function known as dynamic service selection. This enables the service provider to easily create and offer new IP services for specific users. Operationally, PPPoE saves significant effort for both the subscriber and the ISP/carrier, as it requires no specific configuration of the broadband modem at the subscriber’s site.
Chapter 3 Connection Wizard " The NBG334S supports one PPTP server connection at any given time. Figure 21 Wizard Step 3: PPTP Connection The following table describes the fields in this screen Table 15 Wizard Step 3: PPTP Connection LABEL DESCRIPTION ISP Parameters for Internet Access Connection Type Select PPTP from the drop-down list box. To configure a PPTP client, you must configure the User Name and Password fields for a PPP connection and the PPTP parameters for a PPTP connection.
Chapter 3 Connection Wizard Table 15 Wizard Step 3: PPTP Connection LABEL DESCRIPTION Next Click Next to continue. Exit Click Exit to close the wizard screen without saving. 3.4.4 Your IP Address The following wizard screen allows you to assign a fixed IP address or give the NBG334S an automatically assigned IP address depending on your ISP.
Chapter 3 Connection Wizard You can obtain your IP address from the IANA, from an ISP or have it assigned by a private network. If you belong to a small organization and your Internet access is through an ISP, the ISP can provide you with the Internet addresses for your local networks. On the other hand, if you are part of a much larger organization, you should consult your network administrator for the appropriate IP addresses.
Chapter 3 Connection Wizard 2 If the ISP did not give you DNS server information, leave the DNS Server fields set to 0.0.0.0 in the Wizard screen and/or set to From ISP in the WAN > Internet Connection screen for the ISP to dynamically assign the DNS server IP addresses. 3.4.8 WAN IP and DNS Server Address Assignment The following wizard screen allows you to assign a fixed WAN IP address and DNS server addresses.
Chapter 3 Connection Wizard 3.4.9 WAN MAC Address Every Ethernet device has a unique MAC (Media Access Control) address. The MAC address is assigned at the factory and consists of six pairs of hexadecimal characters, for example, 00:A0:C5:00:00:02. Table 19 Example of Network Properties for LAN Servers with Fixed IP Addresses Choose an IP address 192.168.1.2-192.168.1.32; 192.168.1.65-192.168.1.254. Subnet mask 255.255.255.0 Gateway (or default route) 192.168.1.
Chapter 3 Connection Wizard 3.5 Connection Wizard: STEP 4: Bandwidth management Bandwidth management allows you to control the amount of bandwidth going out through the NBG334S’s WAN, LAN or WLAN port and prioritize the distribution of the bandwidth according to the traffic type. This helps keep one service from using all of the available bandwidth and shutting out other users. Figure 25 Wizard Step 4: Bandwidth Management The following fields describe the label in this screen.
Chapter 3 Connection Wizard Figure 26 Connection Wizard Save Follow the on-screen instructions and click Finish to complete the wizard setup. Figure 27 Connection Wizard Complete Well done! You have successfully set up your NBG334S to operate on your network and access the Internet.
Chapter 3 Connection Wizard 60 NBG334S User’s Guide
CHAPTER 4 AP Mode This chapter discusses how to configure settings while your NBG334S is set to AP Mode. Many screens that are available in Router Mode are not available in AP Mode. " See Chapter 6 on page 89 for an example of setting up a wireless network in AP mode. 4.1 AP Mode Overview Use your NBG334S as an AP if you already have a router or gateway on your network. In this mode your device bridges a wired network (LAN) and wireless LAN (WLAN) in the same subnet.
Chapter 4 AP Mode Figure 29 Maintenance > Sys OP Mode > General 3 A pop-up appears providing information on this mode. Click OK in the pop-up message window. (See Section 22.2 on page 200 for more information on the pop-up.) Click Apply. Your NBG334S is now in AP Mode. " You do not have to log in again or restart your device when you change modes. 4.3 The Status Screen in AP Mode Click on Status. The screen below shows the status screen in AP Mode.
Chapter 4 AP Mode The following table describes the labels shown in the Status screen. Table 22 Web Configurator Status Screen LABEL DESCRIPTION Device Information System Name This is the System Name you enter in the Maintenance > System > General screen. It is for identification purposes. Firmware Version This is the firmware version and the date created. LAN Information - MAC Address This shows the LAN Ethernet adapter MAC Address of your device.
Chapter 4 AP Mode Table 22 Web Configurator Status Screen (continued) LABEL DESCRIPTION Rate For the LAN ports, this displays the port speed and duplex setting or N/A when the line is disconnected. For the WLAN, it displays the maximum transmission rate when the WLAN is enabled and N/A when the WLAN is disabled. Summary Any IP Table Use this screen to view details of IP addresses assigned to devices not in the same subnet as the NBG334S.
Chapter 4 AP Mode Table 23 Screens Summary LINK TAB FUNCTION IP Use this screen to configure LAN IP address and subnet mask or to get the LAN IP address from a DHCP server. General Use this screen to view and change administrative settings such as system and domain names, password and inactivity timer. Time Setting Use this screen to change your NBG334S’s time and date. View Log Use this screen to view the logs for the categories that you selected.
Chapter 4 AP Mode The table below describes the labels in the screen. Table 24 Network > LAN > IP LABEL DESCRIPTION Get form DHCP Server Select this option to allow the NBG334S to obtain an IP address from a DHCP server on the network. You must connect the WAN port to a device with a DHCP server enabled (such as a router or gateway). Without a DHCP server the NBG334S will have no IP address.
P ART II Network Wireless LAN (69) Wireless Tutorial (89) WAN (93) LAN (103) DHCP (109) Network Address Translation (NAT) (113) Dynamic DNS (123) 67
CHAPTER 5 Wireless LAN This chapter discusses how to configure the wireless network settings in your NBG334S. See the appendices for more detailed information about wireless networks. 5.1 Wireless Network Overview The following figure provides an example of a wireless network. Figure 33 Example of a Wireless Network The wireless network is the part in the blue circle. In this wireless network, devices A and B are called wireless clients.
Chapter 5 Wireless LAN • Every wireless client in the same wireless network must use security compatible with the AP. Security stops unauthorized devices from using the wireless network. It can also protect the information that is sent in the wireless network. Requirements To add a wireless LAN to your existing network, make sure you have the following: 1 an access point (AP) or a router with the wireless feature 2 at least one wireless network card/adapter which varies according to your computer.
Chapter 5 Wireless LAN • Preamble type (if available): auto, short or long To set up your wireless network without an AP or wireless router, make sure wireless network cards/adapters use the same following settings: • • • • • Network type: Ad-Hoc SSID:_____________________ Channel: _________________ wireless standard: IEEE 802.11b, g, b/g or a Security: ( ) None ( ) WEP (64bit, 128bit or 256bit key) (ASCII or Hex):________________ 5.
Chapter 5 Wireless LAN 5.2.3 User Authentication You can make every user log in to the wireless network before they can use it. This is called user authentication. However, every wireless client in the wireless network has to support IEEE 802.1x to do this. For wireless networks, there are two typical places to store the user names and passwords for each user. • In the AP: this feature is called a local user database or a local database.
Chapter 5 Wireless LAN " It is recommended that wireless networks use WPA-PSK, WPA, or stronger encryption. IEEE 802.1x and WEP encryption are better than none at all, but it is still possible for unauthorized devices to figure out the original information pretty quickly. It is not possible to use WPA-PSK, WPA or stronger encryption with a local user database. In this case, it is better to set up stronger encryption with no authentication than to set up weaker encryption with the local user database.
Chapter 5 Wireless LAN Figure 34 Roaming Example The steps below describe the roaming process. 1 Wireless station Y moves from the coverage area of access point AP 1 to that of access point AP 2. 2 Wireless station Y scans and detects the signal of access point AP 2. 3 Wireless station Y sends an association request to access point AP 2. 4 Access point AP 2 acknowledges the presence of wireless station Y and relays this information to access point AP 1 through the wired LAN.
Chapter 5 Wireless LAN 5.4.1 WMM QoS WMM (Wi-Fi MultiMedia) QoS (Quality of Service) ensures quality of service in wireless networks. It controls WLAN transmission priority on packets to be transmitted over the wireless network. WMM QoS prioritizes wireless traffic according to delivery requirements. WMM QoS is a part of the IEEE 802.11e QoS enhancement to certified Wi-Fi wireless networks. On APs without WMM QoS, all traffic streams are given the same access priority to the wireless network.
Chapter 5 Wireless LAN Figure 35 Network > Wireless LAN > General The following table describes the general wireless LAN labels in this screen. Table 27 Network > Wireless LAN > General LABEL DESCRIPTION Enable Wireless LAN Click the check box to activate wireless LAN. Name(SSID) (Service Set IDentity) The SSID identifies the Service Set with which a wireless station is associated. Wireless stations associating to the access point (AP) must have the same SSID.
Chapter 5 Wireless LAN Figure 36 Network > Wireless LAN > General: No Security The following table describes the labels in this screen. Table 28 Wireless No Security LABEL DESCRIPTION Security Mode Choose No Security from the drop-down list box. Apply Click Apply to save your changes back to the NBG334S. Reset Click Reset to reload the previous configuration for this screen. 5.5.
Chapter 5 Wireless LAN Figure 37 Network > Wireless LAN > General: Static WEP The following table describes the wireless LAN security labels in this screen. Table 29 Network > Wireless LAN > General: Static WEP 78 LABEL DESCRIPTION Passphrase Enter a passphrase (password phrase) of up to 32 printable characters and click Generate. The NBG334S automatically generates four different WEP keys and displays them in the Key fields below.
Chapter 5 Wireless LAN 5.5.3 WPA-PSK/WPA2-PSK Click Network > Wireless LAN to display the General screen. Select WPA-PSK or WPA2PSK from the Security Mode list. Figure 38 Network > Wireless LAN > General: WPA-PSK/WPA2-PSK The following table describes the labels in this screen. Table 30 Network > Wireless LAN > General: WPA-PSK/WPA2-PSK LABEL DESCRIPTION WPA Compatible This check box is available only when you select WPA2-PSK or WPA2 in the Security Mode field.
Chapter 5 Wireless LAN Table 30 Network > Wireless LAN > General: WPA-PSK/WPA2-PSK LABEL DESCRIPTION Group Key Update Timer The Group Key Update Timer is the rate at which the AP (if using WPA-PSK/ WPA2-PSK key management) or RADIUS server (if using WPA/WPA2 key management) sends a new group key out to all clients. The re-keying process is the WPA/WPA2 equivalent of automatically changing the WEP key for an AP and all stations in a WLAN on a periodic basis.
Chapter 5 Wireless LAN The following table describes the labels in this screen. Table 31 Network > Wireless LAN > General: WPA/WPA2 LABEL DESCRIPTION WPA Compatible This check box is available only when you select WPA2-PSK or WPA2 in the Security Mode field. Select the check box to have both WPA2 and WPA wireless clients be able to communicate with the NBG334S even when the NBG334S is using WPA2-PSK or WPA2.
Chapter 5 Wireless LAN 5.6 MAC Filter The MAC filter screen allows you to configure the NBG334S to give exclusive access to up to 32 devices (Allow) or exclude up to 32 devices from accessing the NBG334S (Deny). Every Ethernet device has a unique MAC (Media Access Control) address. The MAC address is assigned at the factory and consists of six pairs of hexadecimal characters, for example, 00:A0:C5:00:00:02. You need to know the MAC address of the devices to configure this screen.
Chapter 5 Wireless LAN Table 32 Network > Wireless LAN > MAC Filter LABEL DESCRIPTION Set This is the index number of the MAC address. MAC Address Enter the MAC addresses of the wireless station that are allowed or denied access to the NBG334S in these address fields. Enter the MAC addresses in a valid MAC address format, that is, six hexadecimal character pairs, for example, 12:34:56:78:9a:bc. Apply Click Apply to save your changes back to the NBG334S.
Chapter 5 Wireless LAN Table 33 Network > Wireless LAN > Advanced LABEL DESCRIPTION Enable IntraBSS Traffic A Basic Service Set (BSS) exists when all communications between wireless clients or between a wireless client and a wired network client go through one access point (AP). Intra-BSS traffic is traffic between wireless clients in the BSS. When Intra-BSS is enabled, wireless client A and B can access the wired network and communicate with each other.
Chapter 5 Wireless LAN Figure 42 Network > Wireless LAN > QoS The following table describes the labels in this screen. Table 34 Network > Wireless LAN > QoS LABEL DESCRIPTION Enable WMM QoS Select this to turn on WMM QoS (Wireless MultiMedia Quality of Service). The NBG334S assigns priority to packets based on the 802.1q or DSCP information in their headers. If a packet has no WMM information in its header, it is assigned the default priority.
Chapter 5 Wireless LAN Table 34 Network > Wireless LAN > QoS (continued) LABEL DESCRIPTION Priority This field displays the priority of the application. Highest - Typically used for voice or video that should be highquality. High - Typically used for voice or video that can be medium-quality. Mid - Typically used for applications that do not fit into another priority. For example, Internet surfing.
Chapter 5 Wireless LAN Table 35 Network > Wireless LAN > QoS: Application Priority Configuration (continued) LABEL DESCRIPTION Service The following is a description of the applications you can prioritize with WMM QoS. Select a service from the drop-down list box. • E-Mail Electronic mail consists of messages sent through a computer network to specific groups or individuals.
Chapter 5 Wireless LAN 88 NBG334S User’s Guide
CHAPTER 6 Wireless Tutorial 6.1 How to Connect to the Internet from a Notebook This section gives you an example of how to set up an access point and wireless client such as a notebook for wireless communication. The notebook (N) can access the Internet through an AP wirelessly. Figure 44 Wireless AP Connection to the Internet Internet AP N 6.1.
Chapter 6 Wireless Tutorial 4 Set security mode to WPA-PSK and enter ThisismyWPA-PSKpre-sharedkey in the Pre-Shared Key field. Click Apply. Figure 45 Network > Wireless LAN > General 5 Open the Status screen. Verify your wireless and wireless security settings under Device Information and check if the WLAN connection is up under Interface Status.
Chapter 6 Wireless Tutorial 6.3 Configure Your Notebook " We use the ZyXEL M-302 wireless adapter utility screens as an example for the wireless client. The screens may vary for different models. 1 The NBG334S supports IEEE 802.11b and IEEE 802.11g wireless clients. Make sure that your notebook or computer’s wireless adapter supports one of these standards. 2 Wireless adapters come with software sometimes called a “utility” that you install on your computer.
Chapter 6 Wireless Tutorial Figure 49 Confirm Save 7 Check the status of your wireless connection in the screen below. If your wireless connection is weak or you have no connection, see the Troubleshooting section of this User’s Guide. Figure 50 Link Status 8 If your connection is successful, open your Internet browser and enter http:// www.zyxel.com or the URL of any other web site in the address bar. If you are able to access the web site, your wireless connection is successfully configured.
CHAPTER 7 WAN This chapter describes how to configure WAN settings. 7.1 WAN Overview See the chapter about the connection wizard for more information on the fields in the WAN screens. 7.2 WAN MAC Address The MAC address screen allows users to configure the WAN port's MAC address by either using the factory default or cloning the MAC address from a computer on your LAN. Choose Factory Default to select the factory assigned default MAC Address.
Chapter 7 WAN The NBG334S supports both IGMP version 1 (IGMP-v1) and IGMP version 2 (IGMP-v2). At start up, the NBG334S queries all directly connected networks to gather group membership. After that, the NBG334S periodically updates this information. IP multicasting can be enabled/disabled on the NBG334S LAN and/or WAN interfaces in the web configurator (LAN; WAN). Select None to disable IP multicasting on these interfaces. 7.
Chapter 7 WAN The following table describes the labels in this screen. Table 36 Network > WAN > Internet Connection: Ethernet Encapsulation LABEL DESCRIPTION Encapsulation You must choose the Ethernet option when the WAN port is used as a regular Ethernet. Service Type Choose from Standard, RR-Telstra (RoadRunner Telstra authentication method), RR-Manager (Roadrunner Manager authentication method), RRToshiba (Roadrunner Toshiba authentication method) or Telia Login.
Chapter 7 WAN For the service provider, PPPoE offers an access and authentication method that works with existing access control systems (for example Radius). One of the benefits of PPPoE is the ability to let you access one of multiple network services, a function known as dynamic service selection. This enables the service provider to easily create and offer new IP services for individuals.
Chapter 7 WAN The following table describes the labels in this screen. Table 37 Network > WAN > Internet Connection: PPPoE Encapsulation LABEL DESCRIPTION ISP Parameters for Internet Access Encapsulation The PPP over Ethernet choice is for a dial-up connection using PPPoE. The NBG334S supports PPPoE (Point-to-Point Protocol over Ethernet). PPPoE is an IETF Draft standard (RFC 2516) specifying how a personal computer (PC) interacts with a broadband modem (i.e. xDSL, cable, wireless, etc.) connection.
Chapter 7 WAN Table 37 Network > WAN > Internet Connection: PPPoE Encapsulation LABEL DESCRIPTION Clone the computer’s MAC address Select Clone the computer's MAC address - IP Address and enter the IP address of the computer on the LAN whose MAC you are cloning. Once it is successfully configured, the address will be copied to the rom file (ZyNOS configuration file). It will not change unless you change the setting or upload a different ROM file.
Chapter 7 WAN Figure 53 Network > WAN > Internet Connection: PPTP Encapsulation NBG334S User’s Guide 99
Chapter 7 WAN The following table describes the labels in this screen. Table 38 Network > WAN > Internet Connection: PPTP Encapsulation LABEL DESCRIPTION ISP Parameters for Internet Access Encapsulation Point-to-Point Tunneling Protocol (PPTP) is a network protocol that enables secure transfer of data from a remote client to a private server, creating a Virtual Private Network (VPN) using TCP/IP-based networks.
Chapter 7 WAN Table 38 Network > WAN > Internet Connection: PPTP Encapsulation LABEL DESCRIPTION First DNS Server Second DNS Server Third DNS Server Select From ISP if your ISP dynamically assigns DNS server information (and the NBG334S's WAN IP address). The field to the right displays the (readonly) DNS server IP address that the ISP assigns. Select User-Defined if you have the IP address of a DNS server. Enter the DNS server's IP address in the field to the right.
Chapter 7 WAN The following table describes the labels in this screen. Table 39 WAN > Advanced LABEL DESCRIPTION Multicast Setup Multicast Select IGMP V-1, IGMP V-2 or None. IGMP (Internet Group Multicast Protocol) is a network-layer protocol used to establish membership in a Multicast group - it is not used to carry user data. IGMP version 2 (RFC 2236) is an improvement over version 1 (RFC 1112) but IGMP version 1 is still in wide use.
CHAPTER 8 LAN This chapter describes how to configure LAN settings. 8.1 LAN Overview A Local Area Network (LAN) is a shared communication system to which many computers are attached. A LAN is a computer network limited to the immediate area, usually the same building or floor of a building. The LAN screens can help you configure a LAN DHCP server, manage IP addresses, and partition your physical network into logical networks. 8.1.
Chapter 8 LAN 8.2.2 IP Address and Subnet Mask Refer to the IP address and subnet mask section in the Connection Wizard chapter for this information. 8.2.3 Multicast Traditionally, IP packets are transmitted in one of either two ways - Unicast (1 sender - 1 recipient) or Broadcast (1 sender - everybody on the network). Multicast delivers IP packets to a group of hosts on the network - not everybody and not just 1.
Chapter 8 LAN Figure 55 Any IP Example The Any IP feature does not apply to a computer using either a dynamic IP address or a static IP address that is in the same subnet as the NBG334S’s IP address. " You must enable NAT to use the Any IP feature on the NBG334S. Address Resolution Protocol (ARP) is a protocol for mapping an Internet Protocol address (IP address) to a physical machine address, also known as a Media Access Control or MAC address, on the local area network.
Chapter 8 LAN 8.3 LAN IP Screen Use this screen to change your basic LAN settings. Click Network > LAN. Figure 56 Network > LAN > IP The following table describes the labels in this screen. Table 40 Network > LAN > IP LABEL DESCRIPTION LAN TCP/IP IP Address Type the IP address of your NBG334S in dotted decimal notation 192.168.1.1 (factory default). IP Subnet Mask The subnet mask specifies the network number portion of an IP address.
Chapter 8 LAN Figure 57 Network > LAN > IP Alias The following table describes the labels in this screen. Table 41 Network > LAN > IP Alias LABEL DESCRIPTION IP Alias 1,2 Select the check box to configure another LAN network for the NBG334S. IP Address Enter the IP address of your NBG334S in dotted decimal notation. IP Subnet Mask Your NBG334S will automatically calculate the subnet mask based on the IP address that you assign.
Chapter 8 LAN The following table describes the labels in this screen. Table 42 Network > LAN > Advanced LABEL DESCRIPTION Multicast Select IGMP V-1 or IGMP V-2 or None. IGMP (Internet Group Multicast Protocol) is a network-layer protocol used to establish membership in a Multicast group - it is not used to carry user data. IGMP version 2 (RFC 2236) is an improvement over version 1 (RFC 1112) but IGMP version 1 is still in wide use.
CHAPTER 9 DHCP 9.1 DHCP DHCP (Dynamic Host Configuration Protocol, RFC 2131 and RFC 2132) allows individual clients to obtain TCP/IP configuration at start-up from a server. You can configure the NBG334S as a DHCP server or disable it. When configured as a server, the NBG334S provides the TCP/IP configuration for the clients. If DHCP service is disabled, you must have another DHCP server on your LAN, or else the computer must be manually configured. 9.
Chapter 9 DHCP 9.3 DHCP Server Advanced Screen This screen allows you to assign IP addresses on the LAN to specific individual computers based on their MAC addresses. You can also use this screen to configure the DNS server information that the NBG334S sends to the DHCP clients. Every Ethernet device has a unique MAC (Media Access Control) address. The MAC address is assigned at the factory and consists of six pairs of hexadecimal characters, for example, 00:A0:C5:00:00:02.
Chapter 9 DHCP Table 44 Network > DHCP Server > Advanced LABEL DESCRIPTION First DNS Server Second DNS Server Third DNS Server Select From ISP if your ISP dynamically assigns DNS server information (and the NBG334S's WAN IP address). The field to the right displays the (read-only) DNS server IP address that the ISP assigns. Select User-Defined if you have the IP address of a DNS server. Enter the DNS server's IP address in the field to the right.
Chapter 9 DHCP The following table describes the labels in this screen. Table 45 Network > DHCP Server > Client List 112 LABEL DESCRIPTION # This is the index number of the host computer. IP Address This field displays the IP address relative to the # field listed above. Host Name This field displays the computer host name. MAC Address The MAC (Media Access Control) or Ethernet address on a LAN (Local Area Network) is unique to your computer (six pairs of hexadecimal notation).
CHAPTER 10 Network Address Translation (NAT) This chapter discusses how to configure NAT on the NBG334S. 10.1 NAT Overview NAT (Network Address Translation - NAT, RFC 1631) is the translation of the IP address of a host in a packet. For example, the source address of an outgoing packet, used within one network is changed to a different IP address known within another network. 10.
Chapter 10 Network Address Translation (NAT) " Many residential broadband ISP accounts do not allow you to run any server processes (such as a Web or FTP server) from your location. Your ISP may periodically check for servers and may suspend your account if it discovers any active services at your location. If you are unsure, refer to your ISP. 10.2.
Chapter 10 Network Address Translation (NAT) The following table describes the labels in this screen. Table 46 Network > NAT > General LABEL DESCRIPTION Enable Network Address Translation Network Address Translation (NAT) allows the translation of an Internet protocol address used within one network (for example a private IP address used in a local network) to a different IP address known within another network (for example a public IP address used on the Internet). Select the check box to enable NAT.
Chapter 10 Network Address Translation (NAT) Figure 64 Network > NAT > Application The following table describes the labels in this screen. Table 47 NAT Application LABEL DESCRIPTION Game List Update A game list includes the pre-defined service name(s) and port number(s). You can edit and upload it to the NBG334S to replace the existing entries in the second field next to Service Name. File Path Type in the location of the file you want to upload in this field or click Browse... to find it. Browse...
Chapter 10 Network Address Translation (NAT) Table 47 NAT Application (continued) LABEL DESCRIPTION Port Type a port number(s) to be forwarded. To specify a range of ports, enter a hyphen (-) between the first port and the last port, such as 10-20. To specify two or more non-consecutive port numbers, separate them by a comma without spaces, such as 123,567. Server IP Address Type the inside IP address of the server that receives packets from the port(s) specified in the Port field.
Chapter 10 Network Address Translation (NAT) Figure 65 Game List Example version=1 1;name=Battlefield 1942;port=14567,22000,23000-23009,27900,28900 2;name=Call of Duty;port=28960 3;name=Civilization IV;port=2056 4;name=Diablo I and II;port=6112-6119,4000 5;name=Doom 3;port=27666 6;name=F.E.A.
Chapter 10 Network Address Translation (NAT) Figure 66 Trigger Port Forwarding Process: Example 1 Jane requests a file from the Real Audio server (port 7070). 2 Port 7070 is a “trigger” port and causes the NBG334S to record Jane’s computer IP address. The NBG334S associates Jane's computer IP address with the "incoming" port range of 6970-7170. 3 The Real Audio server responds using a port number ranging between 6970-7170. 4 The NBG334S forwards the traffic to Jane’s computer IP address.
Chapter 10 Network Address Translation (NAT) Figure 67 Network > NAT > Advanced The following table describes the labels in this screen. Table 48 Network > NAT > Advanced LABEL DESCRIPTION Max NAT/Firewall Session Per User Type a number ranging from 1 to 2048 to limit the number of NAT/firewall sessions that a host can create. When computers use peer to peer applications, such as file sharing applications, they may use a large number of NAT sessions.
Chapter 10 Network Address Translation (NAT) Table 48 Network > NAT > Advanced LABEL DESCRIPTION Incoming Incoming is a port (or a range of ports) that a server on the WAN uses when it sends out a particular service. The NBG334S forwards the traffic with this port (or range of ports) to the client computer on the LAN that requested the service. Start Port Type a port number or the starting port number in a range of port numbers.
Chapter 10 Network Address Translation (NAT) 122 NBG334S User’s Guide
CHAPTER 11 Dynamic DNS 11.1 Dynamic DNS Introduction Dynamic DNS allows you to update your current dynamic IP address with one or many dynamic DNS services so that anyone can contact you (in NetMeeting, CU-SeeMe, etc.). You can also access your FTP server or Web site on your own computer using a domain name (for instance myhost.dhs.org, where myhost is a name of your choice) that will never change instead of using an IP address that changes each time you reconnect.
Chapter 11 Dynamic DNS Figure 68 Dynamic DNS The following table describes the labels in this screen. Table 49 Dynamic DNS LABEL DESCRIPTION Enable Dynamic DNS Select this check box to use dynamic DNS. Service Provider Select the name of your Dynamic DNS service provider. Dynamic DNS Type Select the type of service that you are registered for from your Dynamic DNS service provider. Host Name Enter a host names in the field provided.
P ART III Security Firewall (127) Content Filtering (133) 125
CHAPTER 12 Firewall This chapter gives some background information on firewalls and explains how to get started with the NBG334S’s firewall. 12.1 Introduction to ZyXEL’s Firewall 12.1.1 What is a Firewall? Originally, the term “firewall” referred to a construction technique designed to prevent the spread of fire from one room to another. The networking term "firewall" is a system or group of systems that enforces an access-control policy between two networks.
Chapter 12 Firewall The NBG334S is installed between the LAN and a broadband modem connecting to the Internet. This allows it to act as a secure gateway for all data passing between the Internet and the LAN. The NBG334S has one Ethernet WAN port and four Ethernet LAN ports, which are used to physically separate the network into two areas.The WAN (Wide Area Network) port attaches to the broadband (cable or DSL) modem to the Internet.
Chapter 12 Firewall 1 A computer on the LAN initiates a connection by sending a SYN packet to a receiving server on the WAN. 2 The NBG334S reroutes the packet to Gateway A, which is in Subnet 2. 3 The reply from the WAN goes to the NBG334S. 4 The NBG334S then sends it to the computer on the LAN in Subnet 1. Figure 69 Using IP Alias to Solve the Triangle Route Problem 12.3 General Firewall Screen Click Security > Firewall to open the General screen.
Chapter 12 Firewall Table 50 Security > Firewall > General LABEL DESCRIPTION Log Select whether to create a log for packets that are traveling in the selected direction when the packets are blocked or forwarded. To log packets related to firewall rules, make sure that Access Control under Log is selected in the Logs > Log Settings screen. Apply Click Apply to save the settings. Reset Click Reset to start configuring this screen again. 12.4 Services Screen Click Security > Firewall > Services.
Chapter 12 Firewall Figure 71 Security > Firewall > Services The following table describes the labels in this screen. Table 51 Security > Firewall > Services LABEL DESCRIPTION ICMP Internet Control Message Protocol is a message control and error-reporting protocol between a host server and a gateway to the Internet. ICMP uses Internet Protocol (IP) datagrams, but the messages are processed by the TCP/IP software and directly apparent to the application user.
Chapter 12 Firewall Table 51 Security > Firewall > Services LABEL DESCRIPTION Do not respond to requests for unauthorized services Select this option to prevent hackers from finding the NBG334S by probing for unused ports. If you select this option, the NBG334S will not respond to port request(s) for unused ports, thus leaving the unused ports and the NBG334S unseen.
CHAPTER 13 Content Filtering This chapter provides a brief overview of content filtering using the embedded web GUI. 13.1 Introduction to Content Filtering Internet content filtering allows you to create and enforce Internet access policies tailored to your needs. Content filtering is the ability to block certain web features or specific URL keywords. 13.2 Restrict Web Features The NBG334S can block web features such as ActiveX controls, Java applets, cookies and disable web proxies. 13.
Chapter 13 Content Filtering Figure 72 Security > Content Filter > Filter The following table describes the labels in this screen. Table 52 Security > Content Filter > Filter LABEL DESCRIPTION Trusted Computer IP Address To enable this feature, type an IP address of any one of the computers in your network that you want to have as a trusted computer. This allows the trusted computer to have full access to all features that are configured to be blocked by content filtering.
Chapter 13 Content Filtering Table 52 Security > Content Filter > Filter LABEL DESCRIPTION Keyword Type a keyword in this field. You may use any character (up to 64 characters). Wildcards are not allowed. You can also enter a numerical IP address. Keyword List This list displays the keywords already added. Add Click Add after you have typed a keyword. Repeat this procedure to add other keywords. Up to 64 keywords are allowed.
Chapter 13 Content Filtering Table 53 Security > Content Filter > Schedule LABEL DESCRIPTION Apply Click Apply to save your customized settings and exit this screen. Reset Click Reset to begin configuring this screen afresh 13.6 Customizing Keyword Blocking URL Checking You can use commands to set how much of a website’s URL the content filter is to check for keyword blocking. See the appendices for information on how to access and use the command interpreter. 13.6.
P ART IV Management Static Route Screens (139) Bandwidth Management (143) Remote Management (153) Universal Plug-and-Play (UPnP) (159) 137
CHAPTER 14 Static Route Screens This chapter shows you how to configure static routes for your NBG334S. 14.1 Static Route Overview Each remote node specifies only the network to which the gateway is directly connected, and the NBG334S has no knowledge of the networks beyond. For instance, the NBG334S knows about network N2 in the following figure through remote node router R1.
Chapter 14 Static Route Screens Figure 75 Management > Static Route > IP Static Route The following table describes the labels in this screen. Table 54 Management > Static Route > IP Static Route LABEL DESCRIPTION # This is the index number of an individual static route. The first entry is for the default route and not editable. Name This is the name that describes or identifies this route. Active This icon is turned on when this static route is active.
Chapter 14 Static Route Screens Figure 76 Management > Static Route > IP Static Route: Static Route Setup The following table describes the labels in this screen. Table 55 Management > Static Route > IP Static Route: Static Route Setup LABEL DESCRIPTION Route Name Enter the name of the IP static route. Leave this field blank to delete this static route. Active This field allows you to activate/deactivate this static route.
Chapter 14 Static Route Screens 142 NBG334S User’s Guide
CHAPTER 15 Bandwidth Management This chapter contains information about configuring bandwidth management, editing rules and viewing the NBG334S’s bandwidth management logs. 15.1 Bandwidth Management Overview ZyXEL’s Bandwidth Management allows you to specify bandwidth management rules based on an application and/or subnet. You can allocate specific amounts of bandwidth capacity (bandwidth budgets) to different bandwidth rules.
Chapter 15 Bandwidth Management The following figure shows LAN subnets. You could configure one bandwidth class for subnet A and another for subnet B. Figure 77 Subnet-based Bandwidth Management Example 15.4 Application and Subnet-based Bandwidth Management You could also create bandwidth classes based on a combination of a subnet and an application. The following example table shows bandwidth allocations for application specific traffic from separate LAN subnets.
Chapter 15 Bandwidth Management Table 57 Bandwidth Management Priorities PRIORITY LEVELS: TRAFFIC WITH A HIGHER PRIORITY GETS THROUGH FASTER WHILE TRAFFIC WITH A LOWER PRIORITY IS DROPPED IF THE NETWORK IS CONGESTED. Mid Typically used for “excellent effort” or better than best effort and would include important business traffic that can tolerate some delay.
Chapter 15 Bandwidth Management 15.6.1 Services and Port Numbers The commonly used services and port numbers are shown in the following table. Please refer to RFC 1700 for further information about port numbers. Next to the name of the service, two fields appear in brackets. The first field indicates the IP protocol type (TCP, UDP, or ICMP). The second field indicates the IP port number that defines the service. (Note that there may be more than one IP protocol type. For example, look at the DNS service.
Chapter 15 Bandwidth Management Table 59 Commonly Used Services SERVICE DESCRIPTION AIM/New-ICQ(TCP:5190) AOL’s Internet Messenger service, used as a listening port by ICQ. AUTH(TCP:113) Authentication protocol used by some servers. BGP(TCP:179) Border Gateway Protocol. BOOTP_CLIENT(UDP:68) DHCP Client. BOOTP_SERVER(UDP:67) DHCP Server. CU-SEEME(TCP/UDP:7648, 24032) A popular videoconferencing solution from White Pines Software.
Chapter 15 Bandwidth Management Table 59 Commonly Used Services SERVICE DESCRIPTION REXEC(TCP:514) Remote Execution Daemon. RLOGIN(TCP:513) Remote Login. RTELNET(TCP:107) Remote Telnet. RTSP(TCP/UDP:554) The Real Time Streaming (media control) Protocol (RTSP) is a remote control for multimedia on the Internet. SFTP(TCP:115) Simple File Transfer Protocol. SMTP(TCP:25) Simple Mail Transfer Protocol is the message-exchange standard for the Internet.
Chapter 15 Bandwidth Management Table 60 Bandwidth Management Priority with Default Classes CLASS TYPE PRIORITY AutoClass_M 3 User-defined with low priority 2 Default Class 1 15.8 Bandwidth Management General Configuration Click Management > Bandwidth MGMT to open the bandwidth management General screen. Figure 78 Management > Bandwidth MGMT > General The following table describes the labels in this screen.
Chapter 15 Bandwidth Management Figure 79 Management > Bandwidth MGMT > Advanced The following table describes the labels in this screen. Table 62 Management > Bandwidth MGMT > Advanced 150 LABEL DESCRIPTION Check my upstream bandwidth Click the Detection button to check the size of your upstream bandwidth. Upstream Bandwidth (kbps) Enter the amount of bandwidth in kbps (2 to 100,000) that you want to allocate for traffic. 20 kbps to 20,000 kbps is recommended.
Chapter 15 Bandwidth Management Table 62 Management > Bandwidth MGMT > Advanced (continued) LABEL DESCRIPTION Enable Select this check box to have the NBG334S apply this bandwidth management rule. Direction Select To LAN to apply bandwidth management to traffic that the NBG334S forwards to the LAN. Select To WAN to apply bandwidth management to traffic that the NBG334S forwards to the WAN. Select To WLAN to apply bandwidth management to traffic that the NBG334S forwards to the WLAN.
Chapter 15 Bandwidth Management Configuration LABEL DESCRIPTION BW Budget Select Maximum Bandwidth or Minimum Bandwidth and specify the maximum or minimum bandwidth allowed for the rule in kilobits per second. Destination Address Enter the destination IP address in dotted decimal notation. Destination Subnet Netmask Enter the destination subnet mask. This field is N/A if you do not specify a Destination Address. Refer to the appendices for more information on IP subnetting.
CHAPTER 16 Remote Management This chapter provides information on the Remote Management screens. 16.1 Remote Management Overview Remote management allows you to determine which services/protocols can access which NBG334S interface (if any) from which computers. " When you configure remote management to allow management from the WAN, you still need to configure a firewall rule to allow access. See the firewall chapters for details on configuring firewall rules.
Chapter 16 Remote Management 1 You have disabled that service in one of the remote management screens. 2 The IP address in the Secured Client IP Address field does not match the client IP address. If it does not match, the NBG334S will disconnect the session immediately. 3 There is already another remote management session with an equal or higher priority running. You may only have one remote management session running at one time. 4 There is a firewall rule that blocks it. 16.1.
Chapter 16 Remote Management LABEL DESCRIPTION Secured Client IP Address A secured client is a “trusted” computer that is allowed to communicate with the NBG334S using this service. Select All to allow any computer to access the NBG334S using this service. Choose Selected to just allow the computer with the IP address that you specify to access the NBG334S using this service. Apply Click Apply to save your customized settings and exit this screen.
Chapter 16 Remote Management The following table describes the labels in this screen. Table 65 Management > Remote MGMT > Telnet LABEL DESCRIPTION Server Port You may change the server port number for a service if needed, however you must use the same port number in order to use that service for remote management. Server Access Select the interface(s) through which a computer may access the NBG334S using this service.
Chapter 16 Remote Management Table 66 Management > Remote MGMT > FTP LABEL DESCRIPTION Apply Click Apply to save your customized settings and exit this screen. Reset Click Reset to begin configuring this screen afresh. 16.6 DNS Screen Use DNS (Domain Name System) to map a domain name to its corresponding IP address and vice versa. Refer to the chapter on Wizard Setup for background information. To change your NBG334S’s DNS settings, click Management > Remote MGMT > DNS. The screen appears as shown.
Chapter 16 Remote Management 158 NBG334S User’s Guide
CHAPTER 17 Universal Plug-and-Play (UPnP) This chapter introduces the UPnP feature in the web configurator. 17.1 Introducing Universal Plug and Play Universal Plug and Play (UPnP) is a distributed, open networking standard that uses TCP/IP for simple peer-to-peer network connectivity between devices. A UPnP device can dynamically join a network, obtain an IP address, convey its capabilities and learn about other devices on the network.
Chapter 17 Universal Plug-and-Play (UPnP) When a UPnP device joins a network, it announces its presence with a multicast message. For security reasons, the NBG334S allows multicast messages on the LAN only. All UPnP-enabled devices may communicate freely with each other without additional configuration. Disable UPnP if this is not your intention. 17.2 UPnP and ZyXEL ZyXEL has achieved UPnP certification from the Universal Plug and Play Forum UPnP™ Implementers Corp. (UIC).
Chapter 17 Universal Plug-and-Play (UPnP) Table 68 Management > UPnP > General LABEL DESCRIPTION Apply Click Apply to save the setting to the NBG334S. Cancel Click Cancel to return to the previously saved settings. 17.4 Installing UPnP in Windows Example This section shows how to install UPnP in Windows Me and Windows XP. 17.4.0.1 Installing UPnP in Windows Me Follow the steps below to install the UPnP in Windows Me. 1 Click Start and Control Panel. Double-click Add/Remove Programs.
Chapter 17 Universal Plug-and-Play (UPnP) Figure 89 Add/Remove Programs: Windows Setup: Communication: Components 4 Click OK to go back to the Add/Remove Programs Properties window and click Next. 5 Restart the computer when prompted. Installing UPnP in Windows XP Follow the steps below to install the UPnP in Windows XP. 1 Click Start and Control Panel. 2 Double-click Network Connections. 3 In the Network Connections window, click Advanced in the main menu and select Optional Networking Components ….
Chapter 17 Universal Plug-and-Play (UPnP) Figure 91 Windows Optional Networking Components Wizard 5 In the Networking Services window, select the Universal Plug and Play check box. Figure 92 Networking Services 6 Click OK to go back to the Windows Optional Networking Component Wizard window and click Next.
Chapter 17 Universal Plug-and-Play (UPnP) 17.4.0.2 Using UPnP in Windows XP Example This section shows you how to use the UPnP feature in Windows XP. You must already have UPnP installed in Windows XP and UPnP activated on the NBG334S. Make sure the computer is connected to a LAN port of the NBG334S. Turn on your computer and the NBG334S. Auto-discover Your UPnP-enabled Network Device 1 Click Start and Control Panel. Double-click Network Connections. An icon displays under Internet Gateway.
Chapter 17 Universal Plug-and-Play (UPnP) Figure 94 Internet Connection Properties 4 You may edit or delete the port mappings or click Add to manually add port mappings.
Chapter 17 Universal Plug-and-Play (UPnP) Figure 95 Internet Connection Properties: Advanced Settings Figure 96 Internet Connection Properties: Advanced Settings: Add 5 When the UPnP-enabled device is disconnected from your computer, all port mappings will be deleted automatically. 6 Select Show icon in notification area when connected option and click OK. An icon displays in the system tray.
Chapter 17 Universal Plug-and-Play (UPnP) Figure 97 System Tray Icon 7 Double-click on the icon to display your current Internet connection status. Figure 98 Internet Connection Status Web Configurator Easy Access With UPnP, you can access the web-based configurator on the NBG334S without finding out the IP address of the NBG334S first. This comes helpful if you do not know the IP address of the NBG334S. Follow the steps below to access the web configurator. 1 Click Start and then Control Panel.
Chapter 17 Universal Plug-and-Play (UPnP) Figure 99 Network Connections 4 An icon with the description for each UPnP-enabled device displays under Local Network. 5 Right-click on the icon for your NBG334S and select Invoke. The web configurator login screen displays.
Chapter 17 Universal Plug-and-Play (UPnP) Figure 100 Network Connections: My Network Places 6 Right-click on the icon for your NBG334S and select Properties. A properties window displays with basic information about the NBG334S.
Chapter 17 Universal Plug-and-Play (UPnP) 170 NBG334S User’s Guide
P ART V Maintenance and Troubleshooting System (173) Logs (177) Tools (191) Configuration Mode (197) Sys Op Mode (199) Troubleshooting (203) 171
CHAPTER 18 System This chapter provides information on the System screens. 18.1 System Overview See the chapter about wizard setup for more information on the next few screens. 18.2 System General Screen Click Maintenance > System. The following screen displays. Figure 102 Maintenance > System > General The following table describes the labels in this screen.
Chapter 18 System Table 69 Maintenance > System > General LABEL DESCRIPTION Administrator Inactivity Timer Type how many minutes a management session can be left idle before the session times out. The default is 5 minutes. After it times out you have to log in with your password again. Very long idle timeouts may have security risks. A value of "0" means a management session never times out, no matter how long it has been left idle (not recommended).
Chapter 18 System The following table describes the labels in this screen. Table 70 Maintenance > System > Time Setting LABEL DESCRIPTION Current Time and Date Current Time This field displays the time of your NBG334S. Each time you reload this page, the NBG334S synchronizes the time with the time server. Current Date This field displays the date of your NBG334S. Each time you reload this page, the NBG334S synchronizes the date with the time server.
Chapter 18 System Table 70 Maintenance > System > Time Setting 176 LABEL DESCRIPTION End Date Configure the day and time when Daylight Saving Time ends if you selected Daylight Savings. The o'clock field uses the 24 hour format. Here are a couple of examples: Daylight Saving Time ends in the United States on the last Sunday of October. Each time zone in the United States stops using Daylight Saving Time at 2 A.M. local time.
CHAPTER 19 Logs This chapter contains information about configuring general log settings and viewing the NBG334S’s logs. Refer to the appendices for example log message explanations. 19.1 View Log The web configurator allows you to look at all of the NBG334S’s logs in one location. Click Maintenance > Logs to open the View Log screen. Use the View Log screen to see the logs for the categories that you selected in the Log Settings screen (see Section 19.2 on page 178).
Chapter 19 Logs The following table describes the labels in this screen. Table 71 Maintenance > Logs > View Log LABEL DESCRIPTION Display The categories that you select in the Log Settings page (see Section 19.2 on page 178) display in the drop-down list box. Select a category of logs to view; select All Logs to view logs from all of the log categories that you selected in the Log Settings page.
Chapter 19 Logs Figure 105 Maintenance > Logs > Log Settings The following table describes the labels in this screen. Table 72 Maintenance > Logs > Log Settings LABEL DESCRIPTION E-mail Log Settings Mail Server Enter the server name or the IP address of the mail server for the e-mail addresses specified below. If this field is left blank, logs and alert messages will not be sent via E-mail.
Chapter 19 Logs Table 72 Maintenance > Logs > Log Settings LABEL DESCRIPTION Send Alerts To Alerts are real-time notifications that are sent as soon as an event, such as a DoS attack, system error, or forbidden web access attempt occurs. Enter the Email address where the alert messages will be sent. Alerts include system errors, attacks and attempted access to blocked web sites. If this field is left blank, alert messages will not be sent via E-mail.
Chapter 19 Logs 19.3 Log Descriptions This section provides descriptions of example log messages. Table 73 System Maintenance Logs LOG MESSAGE DESCRIPTION Time calibration is successful The router has adjusted its time based on information from the time server. Time calibration failed The router failed to get information from the time server. WAN interface gets IP:%s A WAN interface got a new IP address from the DHCP, PPPoE, PPTP or dial-up server.
Chapter 19 Logs Table 74 System Error Logs LOG MESSAGE DESCRIPTION %s exceeds the max. number of session per host! This attempt to create a NAT session exceeds the maximum number of NAT session table entries allowed to be created per host. setNetBIOSFilter: calloc error The router failed to allocate memory for the NetBIOS filter settings. readNetBIOSFilter: calloc error The router failed to allocate memory for the NetBIOS filter settings. WAN connection is down. A WAN connection is down.
Chapter 19 Logs Table 76 TCP Reset Logs (continued) LOG MESSAGE DESCRIPTION Firewall session time out, sent TCP RST The router sent a TCP reset packet when a dynamic firewall session timed out. The default timeout values are as follows: ICMP idle timeout: 3 minutes UDP idle timeout: 3 minutes TCP connection (three way handshaking) timeout: 270 seconds TCP FIN-wait timeout: 2 MSL (Maximum Segment Lifetime set in the TCP header).
Chapter 19 Logs Table 79 CDR Logs LOG MESSAGE DESCRIPTION board%d line%d channel%d, call%d,%s C01 Outgoing Call dev=%x ch=%x%s The router received the setup requirements for a call. “call” is the reference (count) number of the call. “dev” is the device type (3 is for dial-up, 6 is for PPPoE, 10 is for PPTP). "channel" or “ch” is the call channel ID.For example,"board 0 line 0 channel 0, call 3, C01 Outgoing Call dev=6 ch=0 "Means the router has dialed to the PPPoE server 3 times.
Chapter 19 Logs Table 82 Content Filtering Logs (continued) LOG MESSAGE DESCRIPTION %s: Proxy mode detected The router detected proxy mode in the packet. %s The content filter server responded that the web site is in the blocked category list, but it did not return the category type. %s:%s The content filter server responded that the web site is in the blocked category list, and returned the category type.
Chapter 19 Logs Table 83 Attack Logs (continued) LOG MESSAGE DESCRIPTION teardrop UDP The firewall detected an UDP teardrop attack. teardrop ICMP (type:%d, code:%d) The firewall detected an ICMP teardrop attack. For type and code details, see Table 87 on page 188. illegal command TCP The firewall detected a TCP illegal command attack. NetBIOS TCP The firewall detected a TCP NetBIOS attack.
Chapter 19 Logs Table 84 PKI Logs (continued) LOG MESSAGE DESCRIPTION Failed to decode the received ca cert The router received a corrupted certification authority certificate from the LDAP server whose address and port are recorded in the Source field. Failed to decode the received user cert The router received a corrupted user certificate from the LDAP server whose address and port are recorded in the Source field.
Chapter 19 Logs Table 85 802.1X Logs (continued) LOG MESSAGE DESCRIPTION Local User Database does not support authentication method. A user tried to use an authentication method that the local user database does not support (it only supports EAP-MD5). No response from RADIUS. Pls check RADIUS Server. There is no response message from the RADIUS server, please check the RADIUS server. Use Local User Database to authenticate user. The local user database is operating as the authentication server.
Chapter 19 Logs Table 87 ICMP Notes (continued) TYPE CODE DESCRIPTION 2 Redirect datagrams for the Type of Service and Network 3 Redirect datagrams for the Type of Service and Host Echo 8 0 Echo message Time Exceeded 11 0 Time to live exceeded in transit 1 Fragment reassembly time exceeded Parameter Problem 12 0 Pointer indicates the error Timestamp 13 0 Timestamp request message Timestamp Reply 14 0 Timestamp reply message Information Request 15 0 Information request message Information
Chapter 19 Logs Table 89 RFC-2408 ISAKMP Payload Types (continued) 190 LOG DISPLAY PAYLOAD TYPE SIG Signature NONCE Nonce NOTFY Notification DEL Delete VID Vendor ID NBG334S User’s Guide
CHAPTER 20 Tools This chapter shows you how to upload a new firmware, upload or save backup configuration files and restart the NBG334S. 20.1 Firmware Upload Screen Find firmware at www.zyxel.com in a file that (usually) uses the system model name with a “*.bin" extension, e.g., “NBG334S.bin". The upload process uses HTTP (Hypertext Transfer Protocol) and may take up to two minutes. After a successful upload, the system will reboot.
Chapter 20 Tools After you see the Firmware Upload In Process screen, wait two minutes before logging into the NBG334S again. Figure 107 Upload Warning The NBG334S automatically restarts in this time causing a temporary network disconnect. In some operating systems, you may see the following icon on your desktop. Figure 108 Network Temporarily Disconnected After two minutes, log in again and check your new firmware version in the Status screen.
Chapter 20 Tools Figure 110 Maintenance > Tools > Configuration 20.2.1 Backup Configuration Backup configuration allows you to back up (save) the NBG334S’s current configuration to a file on your computer. Once your NBG334S is configured and functioning properly, it is highly recommended that you back up your configuration file before making configuration changes. The backup configuration file will be useful in case you need to return to your previous settings.
Chapter 20 Tools Figure 111 Configuration Restore Successful The NBG334S automatically restarts in this time causing a temporary network disconnect. In some operating systems, you may see the following icon on your desktop. Figure 112 Temporarily Disconnected If you uploaded the default configuration file you may need to change the IP address of your computer to be in the same subnet as that of the default NBG334S IP address (192.168.1.1).
Chapter 20 Tools Click Maintenance > Tools > Restart. Click Restart to have the NBG334S reboot. This does not affect the NBG334S's configuration.
Chapter 20 Tools 196 NBG334S User’s Guide
CHAPTER 21 Configuration Mode Click Maintenance > Config Mode to open the following screen. This screen allows you to hide or display the advanced screens of some features or the advanced features, such as MAC filter or static route. Basic is selected by default and you cannot see the advanced screens or features. If you want to view and configure all screens including the advanced ones, select Advanced and click Apply.
Chapter 21 Configuration Mode Table 93 Advanced Configuration Options CATEGORY LINK TAB Network Wireless LAN MAC Filter Advanced QoS WAN Advanced LAN IP Alias Advanced Security Management DHCP Server Advanced NAT Advanced Firewall Services Content Filter Schedule Static Route IP Static Route Bandwidth MGMT Advanced Monitor Remote MGMT Telnet FTP DNS Maintenance " 198 Logs Log Settings In AP Mode many screens will not be available. See Chapter 4 on page 61 for more information.
CHAPTER 22 Sys Op Mode 22.1 Overview The Sys Op Mode (System Operation Mode) function lets you configure whether your NBG334S is a router or AP. You can choose between Router Mode and AP Mode depending on your network topology and the features you require from your device. See Section 1.1 on page 29 for more information on which mode to choose. 22.1.1 Router A router connects your local network with another network, such as the Internet.
Chapter 22 Sys Op Mode Figure 117 IP Address in AP Mode LAN 1 IP Internet 22.2 Selecting System Operation Mode Use this screen to select how you connect to the Internet. Figure 118 Maintenance > Sys OP Mode > General If you select Router Mode, the following pop-up message window appears. Figure 119 Maintenance > Sys Op Mode > General: Router • In this mode there are both LAN and WAN ports. The LAN Ethernet and WAN Ethernet ports have different IP addresses.
Chapter 22 Sys Op Mode Figure 120 Maintenance > Sys Op Mode > General: AP • In AP Mode all Ethernet ports have the same IP address. • All ports on the rear panel of the device are LAN ports, including the port labeled WAN. There is no WAN port. • The DHCP server on your device is disabled. In AP mode there must be a device with a DHCP server on your network such as a router or gateway which can allocate IP addresses. The IP address of the device on the local network is set to 192.168.1.1.
Chapter 22 Sys Op Mode 202 NBG334S User’s Guide
CHAPTER 23 Troubleshooting This chapter offers some suggestions to solve problems you might encounter. The potential problems are divided into the following categories. • • • • • • Power, Hardware Connections, and LEDs NBG334S Access and Login Internet Access Resetting the NBG334S to Its Factory Defaults Wireless Router/AP Troubleshooting Advanced Features 23.1 Power, Hardware Connections, and LEDs V The NBG334S does not turn on. None of the LEDs turn on.
Chapter 23 Troubleshooting 23.2 NBG334S Access and Login V I don’t know the IP address of my NBG334S. 1 The default IP address is 192.168.1.1. 2 If you changed the IP address and have forgotten it, you might get the IP address of the NBG334S by looking up the IP address of the default gateway for your computer. To do this in most Windows computers, click Start > Run, enter cmd, and then enter ipconfig.
Chapter 23 Troubleshooting 2 Check the hardware connections, and make sure the LEDs are behaving as expected. See the Quick Start Guide. 3 Make sure your Internet browser does not block pop-up windows and has JavaScripts and Java enabled. See Appendix B on page 217. 4 Make sure your computer is in the same subnet as the NBG334S. (If you know that there are routers between your computer and the NBG334S, skip this step.
Chapter 23 Troubleshooting See the troubleshooting suggestions for I cannot see or access the Login screen in the web configurator. Ignore the suggestions about your browser. 23.3 Internet Access V I cannot access the Internet. 1 Check the hardware connections, and make sure the LEDs are behaving as expected. See the Quick Start Guide. 2 Make sure you entered your ISP account information correctly in the wizard. These fields are case-sensitive, so make sure [Caps Lock] is not on.
Chapter 23 Troubleshooting interfering with the wireless network (for example, microwaves, other wireless networks, and so on). 3 Reboot the NBG334S. 4 If the problem continues, contact the network administrator or vendor, or try one of the advanced suggestions. Advanced Suggestions • Check the settings for bandwidth management. If it is disabled, you might consider activating it. If it is enabled, you might consider changing the allocations. • Check the settings for QoS.
Chapter 23 Troubleshooting 4 Make sure your computer (with a wireless adapter installed) is within the transmission range of the NBG334S. 5 Check that both the NBG334S and your wireless station are using the same wireless and wireless security settings. 6 Make sure traffic between the WLAN and the LAN is not blocked by the firewall on the NBG334S. 7 Make sure you allow the NBG334S to be remotely accessed through the WLAN interface. Check your remote management settings.
P ART VI Appendices and Index Product Specifications and Wall-Mounting Instructions (211) Pop-up Windows, JavaScripts and Java Permissions (217) IP Addresses and Subnetting (223) Setting up Your Computer’s IP Address (231) Wireless LANs (247) Services (259) Legal Information (263) Customer Support (267) Index (273) 209
APPENDIX A Product Specifications and WallMounting Instructions The following tables summarize the NBG334S’s hardware and firmware features. Table 95 Hardware Features Dimensions (W x D x H) 162 x 115 x 33 mm Weight 237g Power Specification Input: 120~240 AC, 50~60 Hz Output: 12 V AC 1 A Ethernet ports Auto-negotiating: 10 Mbps or 100 Mbps in either half-duplex or full-duplex mode. Auto-crossover: Use either crossover or straight-through Ethernet cables.
Appendix A Product Specifications and Wall-Mounting Instructions Table 96 Firmware Features FEATURE DESCRIPTION Default Password 1234 DHCP Pool 192.168.1.33 to 192.168.1.64 Device Management Use the web configurator to easily configure the rich range of features on the NBG334S. Wireless Functionality Allows IEEE 802.11b and/or IEEE 802.11g wireless clients to connect to the NBG334S wirelessly. IEEE 802.11g clients can connect using the Super G function.
Appendix A Product Specifications and Wall-Mounting Instructions Table 96 Firmware Features FEATURE DESCRIPTION IP Multicast IP Multicast is used to send traffic to a specific group of computers. The NBG334S supports versions 1 and 2 of IGMP (Internet Group Management Protocol) used to join multicast groups (see RFC 2236). IP Alias IP Alias allows you to subdivide a physical network into logical networks over the same Ethernet interface with the NBG334S itself as the gateway for each subnet.
Appendix A Product Specifications and Wall-Mounting Instructions Table 98 Standards Supported (continued) STANDARD DESCRIPTION IEEE 802.11b Uses the 2.4 gigahertz (GHz) band IEEE 802.11g Uses the 2.4 gigahertz (GHz) band IEEE 802.11d Standard for Local and Metropolitan Area Networks: Media Access Control (MAC) Bridges IEEE 802.11x Port Based Network Access Control. IEEE 802.11e QoS IEEE 802.
Appendix A Product Specifications and Wall-Mounting Instructions Figure 121 Wall-mounting Example The following are dimensions of an M4 tap screw and masonry plug used for wall mounting. All measurements are in millimeters (mm).
Appendix A Product Specifications and Wall-Mounting Instructions 216 NBG334S User’s Guide
APPENDIX B Pop-up Windows, JavaScripts and Java Permissions In order to use the web configurator you need to allow: • Web browser pop-up windows from your device. • JavaScripts (enabled by default). • Java permissions (enabled by default). " Internet Explorer 6 screens are used here. Screens for other Internet Explorer versions may vary. Internet Explorer Pop-up Blockers You may have to disable pop-up blocking to log into your device.
Appendix B Pop-up Windows, JavaScripts and Java Permissions 2 Clear the Block pop-ups check box in the Pop-up Blocker section of the screen. This disables any web pop-up blockers you may have enabled. Figure 124 Internet Options: Privacy 3 Click Apply to save this setting. Enable pop-up Blockers with Exceptions Alternatively, if you only want to allow pop-up windows from your device, see the following steps. 1 In Internet Explorer, select Tools, Internet Options and then the Privacy tab.
Appendix B Pop-up Windows, JavaScripts and Java Permissions Figure 125 Internet Options: Privacy 3 Type the IP address of your device (the web page that you do not want to have blocked) with the prefix “http://”. For example, http://192.168.167.1. 4 Click Add to move the IP address to the list of Allowed sites.
Appendix B Pop-up Windows, JavaScripts and Java Permissions 5 Click Close to return to the Privacy screen. 6 Click Apply to save this setting. JavaScripts If pages of the web configurator do not display properly in Internet Explorer, check that JavaScripts are allowed. 1 In Internet Explorer, click Tools, Internet Options and then the Security tab. Figure 127 Internet Options: Security 2 3 4 5 6 220 Click the Custom Level... button. Scroll down to Scripting.
Appendix B Pop-up Windows, JavaScripts and Java Permissions Figure 128 Security Settings - Java Scripting Java Permissions 1 2 3 4 5 From Internet Explorer, click Tools, Internet Options and then the Security tab. Click the Custom Level... button. Scroll down to Microsoft VM. Under Java permissions make sure that a safety level is selected. Click OK to close the window.
Appendix B Pop-up Windows, JavaScripts and Java Permissions JAVA (Sun) 1 From Internet Explorer, click Tools, Internet Options and then the Advanced tab. 2 Make sure that Use Java 2 for
APPENDIX C IP Addresses and Subnetting This appendix introduces IP addresses and subnet masks. IP addresses identify individual devices on a network. Every networking device (including computers, servers, routers, printers, etc.) needs an IP address to communicate across the network. These networking devices are also known as hosts. Subnet masks determine the maximum number of possible hosts on a network. You can also use subnet masks to divide one network into multiple sub-networks.
Appendix C IP Addresses and Subnetting Figure 131 Network Number and Host ID How much of the IP address is the network number and how much is the host ID varies according to the subnet mask. Subnet Masks A subnet mask is used to determine which bits are part of the network number, and which bits are part of the host ID (using a logical AND operation). The term “subnet” is short for “subnetwork”. A subnet mask has 32 bits.
Appendix C IP Addresses and Subnetting Subnet masks are expressed in dotted decimal notation just like IP addresses. The following examples show the binary and decimal notation for 8-bit, 16-bit, 24-bit and 29-bit subnet masks. Table 100 Subnet Masks BINARY DECIMAL 1ST OCTET 2ND OCTET 3RD OCTET 4TH OCTET 8-bit mask 11111111 00000000 00000000 00000000 255.0.0.0 16-bit mask 11111111 11111111 00000000 00000000 255.255.0.0 24-bit mask 11111111 11111111 11111111 00000000 255.255.255.
Appendix C IP Addresses and Subnetting Table 102 Alternative Subnet Mask Notation (continued) SUBNET MASK ALTERNATIVE NOTATION LAST OCTET (BINARY) LAST OCTET (DECIMAL) 255.255.255.192 /26 1100 0000 192 255.255.255.224 /27 1110 0000 224 255.255.255.240 /28 1111 0000 240 255.255.255.248 /29 1111 1000 248 255.255.255.252 /30 1111 1100 252 Subnetting You can use subnetting to divide one network into multiple sub-networks.
Appendix C IP Addresses and Subnetting Figure 133 Subnetting Example: After Subnetting In a 25-bit subnet the host ID has 7 bits, so each sub-network has a maximum of 27 – 2 or 126 possible hosts (a host ID of all zeroes is the subnet’s address itself, all ones is the subnet’s broadcast address). 192.168.1.0 with mask 255.255.255.128 is subnet A itself, and 192.168.1.127 with mask 255.255.255.128 is its broadcast address.
Appendix C IP Addresses and Subnetting Table 104 Subnet 2 IP/SUBNET MASK NETWORK NUMBER LAST OCTET BIT VALUE IP Address 192.168.1. 64 IP Address (Binary) 11000000.10101000.00000001. 01000000 Subnet Mask (Binary) 11111111.11111111.11111111. 11000000 Subnet Address: 192.168.1.64 Lowest Host ID: 192.168.1.65 Broadcast Address: 192.168.1.127 Highest Host ID: 192.168.1.126 Table 105 Subnet 3 IP/SUBNET MASK NETWORK NUMBER LAST OCTET BIT VALUE IP Address 192.168.1.
Appendix C IP Addresses and Subnetting Table 107 Eight Subnets (continued) SUBNET SUBNET ADDRESS FIRST ADDRESS LAST ADDRESS BROADCAST ADDRESS 5 128 129 158 159 6 160 161 190 191 7 192 193 222 223 8 224 225 254 255 Subnet Planning The following table is a summary for subnet planning on a network with a 24-bit network number. Table 108 24-bit Network Number Subnet Planning NO. “BORROWED” HOST BITS SUBNET MASK NO. SUBNETS NO. HOSTS PER SUBNET 1 255.255.255.
Appendix C IP Addresses and Subnetting Table 109 16-bit Network Number Subnet Planning (continued) NO. “BORROWED” HOST BITS SUBNET MASK NO. SUBNETS NO. HOSTS PER SUBNET 14 255.255.255.252 (/30) 16384 2 15 255.255.255.254 (/31) 32768 1 Configuring IP Addresses Where you obtain your network number depends on your particular situation. If the ISP or your network administrator assigns you a block of registered IP addresses, follow their instructions in selecting the IP addresses and the subnet mask.
APPENDIX D Setting up Your Computer’s IP Address All computers must have a 10M or 100M Ethernet adapter card and TCP/IP installed. Windows 95/98/Me/NT/2000/XP, Macintosh OS 7 and later operating systems and all versions of UNIX/LINUX include the software components you need to install and use TCP/ IP on your computer. Windows 3.1 requires the purchase of a third-party TCP/IP application package.
Appendix D Setting up Your Computer’s IP Address Figure 134 WIndows 95/98/Me: Network: Configuration Installing Components The Network window Configuration tab displays a list of installed components. You need a network adapter, the TCP/IP protocol and Client for Microsoft Networks. If you need the adapter: 1 In the Network window, click Add. 2 Select Adapter and then click Add. 3 Select the manufacturer and model of your network adapter and then click OK.
Appendix D Setting up Your Computer’s IP Address Configuring 1 In the Network window Configuration tab, select your network adapter's TCP/IP entry and click Properties 2 Click the IP Address tab. • If your IP address is dynamic, select Obtain an IP address automatically. • If you have a static IP address, select Specify an IP address and type your information into the IP Address and Subnet Mask fields. Figure 135 Windows 95/98/Me: TCP/IP Properties: IP Address 3 Click the DNS Configuration tab.
Appendix D Setting up Your Computer’s IP Address Figure 136 Windows 95/98/Me: TCP/IP Properties: DNS Configuration 4 Click the Gateway tab. • If you do not know your gateway’s IP address, remove previously installed gateways. • If you have a gateway IP address, type it in the New gateway field and click Add. 5 Click OK to save and close the TCP/IP Properties window. 6 Click OK to close the Network window. Insert the Windows CD if prompted. 7 Turn on your Prestige and restart your computer when prompted.
Appendix D Setting up Your Computer’s IP Address Figure 137 Windows XP: Start Menu 2 In the Control Panel, double-click Network Connections (Network and Dial-up Connections in Windows 2000/NT). Figure 138 Windows XP: Control Panel 3 Right-click Local Area Connection and then click Properties.
Appendix D Setting up Your Computer’s IP Address Figure 139 Windows XP: Control Panel: Network Connections: Properties 4 Select Internet Protocol (TCP/IP) (under the General tab in Win XP) and then click Properties. Figure 140 Windows XP: Local Area Connection Properties 5 The Internet Protocol TCP/IP Properties window opens (the General tab in Windows XP). • If you have a dynamic IP address click Obtain an IP address automatically.
Appendix D Setting up Your Computer’s IP Address Figure 141 Windows XP: Internet Protocol (TCP/IP) Properties 6 If you do not know your gateway's IP address, remove any previously installed gateways in the IP Settings tab and click OK. Do one or more of the following if you want to configure additional IP addresses: • In the IP Settings tab, in IP addresses, click Add. • In TCP/IP Address, type an IP address in IP address and a subnet mask in Subnet mask, and then click Add.
Appendix D Setting up Your Computer’s IP Address Figure 142 Windows XP: Advanced TCP/IP Properties 7 In the Internet Protocol TCP/IP Properties window (the General tab in Windows XP): • Click Obtain DNS server address automatically if you do not know your DNS server IP address(es). • If you know your DNS server IP address(es), click Use the following DNS server addresses, and type them in the Preferred DNS server and Alternate DNS server fields.
Appendix D Setting up Your Computer’s IP Address Figure 143 Windows XP: Internet Protocol (TCP/IP) Properties 8 Click OK to close the Internet Protocol (TCP/IP) Properties window. 9 Click Close (OK in Windows 2000/NT) to close the Local Area Connection Properties window. 10 Close the Network Connections window (Network and Dial-up Connections in Windows 2000/NT). 11 Turn on your Prestige and restart your computer (if prompted).
Appendix D Setting up Your Computer’s IP Address Figure 144 Macintosh OS 8/9: Apple Menu 2 Select Ethernet built-in from the Connect via list. Figure 145 Macintosh OS 8/9: TCP/IP 3 For dynamically assigned settings, select Using DHCP Server from the Configure: list.
Appendix D Setting up Your Computer’s IP Address • From the Configure box, select Manually. • Type your IP address in the IP Address box. • Type your subnet mask in the Subnet mask box. • Type the IP address of your Prestige in the Router address box. 5 Close the TCP/IP Control Panel. 6 Click Save if prompted, to save changes to your configuration. 7 Turn on your Prestige and restart your computer (if prompted). Verifying Settings Check your TCP/IP properties in the TCP/IP Control Panel window.
Appendix D Setting up Your Computer’s IP Address Figure 147 Macintosh OS X: Network 4 For statically assigned settings, do the following: • From the Configure box, select Manually. • Type your IP address in the IP Address box. • Type your subnet mask in the Subnet mask box. • Type the IP address of your Prestige in the Router address box. 5 Click Apply Now and close the window. 6 Turn on your Prestige and restart your computer (if prompted).
Appendix D Setting up Your Computer’s IP Address " Make sure you are logged in as the root administrator. Using the K Desktop Environment (KDE) Follow the steps below to configure your computer IP address using the KDE. 1 Click the Red Hat button (located on the bottom left corner), select System Setting and click Network. Figure 148 Red Hat 9.0: KDE: Network Configuration: Devices 2 Double-click on the profile of the network card you wish to configure.
Appendix D Setting up Your Computer’s IP Address Figure 149 Red Hat 9.0: KDE: Ethernet Device: General • If you have a dynamic IP address click Automatically obtain IP address settings with and select dhcp from the drop down list. • If you have a static IP address click Statically set IP Addresses and fill in the Address, Subnet mask, and Default Gateway Address fields. 3 Click OK to save the changes and close the Ethernet Device General screen.
Appendix D Setting up Your Computer’s IP Address Figure 151 Red Hat 9.0: KDE: Network Configuration: Activate 7 After the network card restart process is complete, make sure the Status is Active in the Network Configuration screen. Using Configuration Files Follow the steps below to edit the network configuration files and set your computer IP address. 1 Assuming that you have only one network card on the computer, locate the ifconfigeth0 configuration file (where eth0 is the name of the Ethernet card).
Appendix D Setting up Your Computer’s IP Address 2 If you know your DNS server IP address(es), enter the DNS server information in the resolv.conf file in the /etc directory. The following figure shows an example where two DNS server IP addresses are specified. Figure 154 Red Hat 9.0: DNS Settings in resolv.conf nameserver 172.23.5.1 nameserver 172.23.5.2 3 After you edit and save the configuration files, you must restart the network card. Enter./network restart in the /etc/rc.d/init.d directory.
APPENDIX E Wireless LANs Wireless LAN Topologies This section discusses ad-hoc and infrastructure wireless LAN topologies. Ad-hoc Wireless LAN Configuration The simplest WLAN configuration is an independent (Ad-hoc) WLAN that connects a set of computers with wireless stations (A, B, C). Any time two or more wireless adapters are within range of each other, they can set up an independent network, which is commonly referred to as an Ad-hoc network or Independent Basic Service Set (IBSS).
Appendix E Wireless LANs Figure 158 Basic Service Set ESS An Extended Service Set (ESS) consists of a series of overlapping BSSs, each containing an access point, with each access point connected together by a wired network. This wired connection between APs is called a Distribution System (DS). This type of wireless LAN topology is called an Infrastructure WLAN. The Access Points not only provide communication with the wired network but also mediate wireless network traffic in the immediate neighborhood.
Appendix E Wireless LANs Figure 159 Infrastructure WLAN Channel A channel is the radio frequency(ies) used by IEEE 802.11a/b/g wireless devices. Channels available depend on your geographical area. You may have a choice of channels (for your region) so you should use a different channel than an adjacent AP (access point) to reduce interference. Interference occurs when radio signals from different access points overlap causing interference and degrading performance.
Appendix E Wireless LANs Figure 160 RTS/CTS When station A sends data to the AP, it might not know that the station B is already using the channel. If these two stations send data at the same time, collisions may occur when both sets of data arrive at the AP at the same time, resulting in a loss of messages for both stations. RTS/CTS is designed to prevent collisions due to hidden nodes.
Appendix E Wireless LANs If the Fragmentation Threshold value is smaller than the RTS/CTS value (see previously) you set then the RTS (Request To Send)/CTS (Clear to Send) handshake will never occur as data frames will be fragmented before they reach RTS/CTS size. Preamble Type A preamble is used to synchronize the transmission timing in your wireless network. There are two preamble modes: Long and Short.
Appendix E Wireless LANs • User based identification that allows for roaming. • Support for RADIUS (Remote Authentication Dial In User Service, RFC 2138, 2139) for centralized user profile and accounting management on a network RADIUS server. • Support for EAP (Extensible Authentication Protocol, RFC 2486) that allows additional authentication methods to be deployed with no changes to the access point or the wireless stations.
Appendix E Wireless LANs In order to ensure network security, the access point and the RADIUS server use a shared secret key, which is a password, they both know. The key is not sent over the network. In addition to the shared key, password information exchanged is also encrypted to protect the network from unauthorized access. Types of Authentication This appendix discusses some popular authentication types: EAP-MD5, EAP-TLS, EAPTTLS, PEAP and LEAP.
Appendix E Wireless LANs PEAP (Protected EAP) Like EAP-TTLS, server-side certificate authentication is used to establish a secure connection, then use simple username and password methods through the secured connection to authenticate the clients, thus hiding client identity. However, PEAP only supports EAP methods, such as EAP-MD5, EAP-MSCHAPv2 and EAP-GTC (EAP-Generic Token Card), for client authentication. EAP-GTC is implemented only by Cisco.
Appendix E Wireless LANs Key differences between WPA(2) and WEP are improved data encryption and user authentication. Encryption Both WPA and WPA2 improve data encryption by using Temporal Key Integrity Protocol (TKIP), Message Integrity Check (MIC) and IEEE 802.1x. In addition to TKIP, WPA2 also uses Advanced Encryption Standard (AES) in the Counter mode with Cipher block chaining Message authentication code Protocol (CCMP) to offer stronger encryption.
Appendix E Wireless LANs 23.6.2 WPA(2)-PSK Application Example A WPA(2)-PSK application looks as follows. 1 First enter identical passwords into the AP and all wireless clients. The Pre-Shared Key (PSK) must consist of between 8 and 63 ASCII characters (including spaces and symbols). 2 The AP checks each wireless client's password and (only) allows it to join the network if the password matches. 3 The AP derives and distributes keys to the wireless clients.
Appendix E Wireless LANs Security Parameters Summary Refer to this table to see what other security parameters you should configure for each Authentication Method/ key management protocol type. MAC address filters are not dependent on how you configure these security features. Table 112 Wireless Security Relational Matrix AUTHENTICATION ENCRYPTIO METHOD/ KEY MANAGEMENT PROTOCOL N METHOD ENTER MANUAL KEY IEEE 802.
Appendix E Wireless LANs 258 NBG334S User’s Guide
APPENDIX F Services The following table lists some commonly-used services and their associated protocols and port numbers. • Name: This is a short, descriptive name for the service. You can use this one or create a different one, if you like. • Protocol: This is the type of IP protocol used by the service. If this is TCP/UDP, then the service uses the same port number with TCP and UDP. If this is User-Defined, the Port(s) is the IP protocol number, not the port number.
Appendix F Services Table 113 Examples of Services (continued) 260 NAME PROTOCOL PORT(S) DESCRIPTION H.323 TCP 1720 NetMeeting uses this protocol. HTTP TCP 80 Hyper Text Transfer Protocol - a client/ server protocol for the world wide web. HTTPS TCP 443 HTTPS is a secured http session often used in e-commerce. ICMP User-Defined 1 Internet Control Message Protocol is often used for diagnostic purposes. ICQ UDP 4000 This is a popular Internet chat program.
Appendix F Services Table 113 Examples of Services (continued) NAME PROTOCOL PORT(S) DESCRIPTION PPTP_TUNNEL (GRE) User-Defined 47 PPTP (Point-to-Point Tunneling Protocol) enables secure transfer of data over public networks. This is the data channel. RCMD TCP 512 Remote Command Service. REAL_AUDIO TCP 7070 A streaming audio service that enables real time sound over the web. REXEC TCP 514 Remote Execution Daemon. RLOGIN TCP 513 Remote Login.
Appendix F Services Table 113 Examples of Services (continued) 262 NAME PROTOCOL PORT(S) DESCRIPTION TFTP UDP 69 Trivial File Transfer Protocol is an Internet file transfer protocol similar to FTP, but uses the UDP (User Datagram Protocol) rather than TCP (Transmission Control Protocol). VDOLIVE TCP UDP 7000 userdefined A videoconferencing solution. The UDP port number is specified in the application.
APPENDIX G Legal Information Copyright Copyright © 2006 by ZyXEL Communications Corporation. The contents of this publication may not be reproduced in any part or as a whole, transcribed, stored in a retrieval system, translated into any language, or transmitted in any form or by any means, electronic, mechanical, magnetic, optical, chemical, photocopying, manual, or otherwise, without the prior written permission of ZyXEL Communications Corporation. Published by ZyXEL Communications Corporation.
Appendix G Legal Information If this device does cause harmful interference to radio/television reception, which can be determined by turning the device off and on, the user is encouraged to try to correct the interference by one or more of the following measures: 1 Reorient or relocate the receiving antenna. 2 Increase the separation between the equipment and the receiver. 3 Connect the equipment into an outlet on a circuit different from that to which the receiver is connected.
Appendix G Legal Information 3 Select the certification you wish to view from this page. ZyXEL Limited Warranty ZyXEL warrants to the original end user (purchaser) that this product is free from any defects in materials or workmanship for a period of up to two years from the date of purchase.
Appendix G Legal Information 266 NBG334S User’s Guide
APPENDIX A Customer Support Please have the following information ready when you contact customer support. Required Information • • • • Product model and serial number. Warranty Information. Date that you received your device. Brief description of the problem and the steps you took to solve it. “+” is the (prefix) number you dial to make an international telephone call. Corporate Headquarters (Worldwide) • • • • • • • Support E-mail: support@zyxel.com.tw Sales E-mail: sales@zyxel.com.
Appendix A Customer Support • Regular Mail: ZyXEL Communications, Czech s.r.o., Modranská 621, 143 01 Praha 4 Modrany, Ceská Republika Denmark • • • • • • Support E-mail: support@zyxel.dk Sales E-mail: sales@zyxel.dk Telephone: +45-39-55-07-00 Fax: +45-39-55-07-07 Web: www.zyxel.dk Regular Mail: ZyXEL Communications A/S, Columbusvej, 2860 Soeborg, Denmark Finland • • • • • • Support E-mail: support@zyxel.fi Sales E-mail: sales@zyxel.fi Telephone: +358-9-4780-8411 Fax: +358-9-4780-8448 Web: www.zyxel.
Appendix A Customer Support India • • • • • • Support E-mail: support@zyxel.in Sales E-mail: sales@zyxel.in Telephone: +91-11-30888144 to +91-11-30888153 Fax: +91-11-30888149, +91-11-26810715 Web: http://www.zyxel.in Regular Mail: India - ZyXEL Technology India Pvt Ltd., II-Floor, F2/9 Okhla Phase -1, New Delhi 110020, India Japan • • • • • • Support E-mail: support@zyxel.co.jp Sales E-mail: zyp@zyxel.co.jp Telephone: +81-3-6847-3700 Fax: +81-3-6847-3705 Web: www.zyxel.co.
Appendix A Customer Support • Regular Mail: ZyXEL Communications Inc., 1130 N. Miller St., Anaheim, CA 928062001, U.S.A. Norway • • • • • • Support E-mail: support@zyxel.no Sales E-mail: sales@zyxel.no Telephone: +47-22-80-61-80 Fax: +47-22-80-61-81 Web: www.zyxel.no Regular Mail: ZyXEL Communications A/S, Nils Hansens vei 13, 0667 Oslo, Norway Poland • • • • • E-mail: info@pl.zyxel.com Telephone: +48-22-333 8250 Fax: +48-22-333 8251 Web: www.pl.zyxel.com Regular Mail: ZyXEL Communications, ul.
Appendix A Customer Support Sweden • • • • • • Support E-mail: support@zyxel.se Sales E-mail: sales@zyxel.se Telephone: +46-31-744-7700 Fax: +46-31-744-7701 Web: www.zyxel.se Regular Mail: ZyXEL Communications A/S, Sjöporten 4, 41764 Göteborg, Sweden Thailand • • • • • • Support E-mail: support@zyxel.co.th Sales E-mail: sales@zyxel.co.th Telephone: +662-831-5315 Fax: +662-831-5395 Web: http://www.zyxel.co.th Regular Mail: ZyXEL Thailand Co., Ltd.
Appendix A Customer Support 272 NBG334S User’s Guide
Index Index Numerics C 802.
Index DNS (Domain Name System) 157 DNS server 110 Domain name 47 vs host name.
Index L LAN 103 IP pool setup 103 LAN overview 103 LAN Setup 93 LAN setup 103 LAN TCP/IP 103 Link type 38, 63 local (user) database 72 and encryption 73 Local Area Network 103 Log 177 M MAC 82 MAC address 71, 93 cloning 57, 93 MAC address filter 71 MAC address filtering 82 MAC filter 82 managing the device good habits 31 using FTP. See FTP. using Telnet. See command interface. using the command interface. See command interface. using the web configurator. See web configurator.
Index Quality of Service (QoS) 84 R RADIUS 252 Shared Secret Key 253 RADIUS Message Types 252 RADIUS Messages 252 RADIUS server 72 registration product 265 related documentation 3 Remote management 153 and NAT 154 and the firewall 153 FTP 156 limitations 153 remote management session 153 system timeout 154 Reset button 35, 194 Reset the device 35 Restore configuration 193 Restrict Web Features 134 RF (Radio Frequency) 212 RoadRunner 95 Roaming 83 roaming 73 requirements 74 router 30, 199 Router Mode 30, 1
Index Application 159 UPnP 159 Forum 160 security issues 159 URL Keyword Blocking 134 Use Authentication 255 user authentication 72 local (user) database 72 RADIUS server 72 User Name 124 V VoIP 145 VPN 98 W WAN IP address assignment 54 WAN advanced 101 WAN IP address 54 WAN IP address assignment 56 WAN MAC address 93 warranty 265 note 265 Web Configurator how to access 33 Overview 33 Web configurator navigating 35 web configurator 31 Web Proxy 134 WEP Encryption 78 WEP encryption 77 WEP key 77 Wi-Fi Mul
Index 278 NBG334S User’s Guide
